A fast and customisable vulnerability scanner powered by simple YAML based templates
Feature | Description |
---|---|
Extensive Template Library | Nuclei offers a vast collection of community-powered templates for targeted scans of various vulnerabilities and attack vectors. |
Versatile Target Specification | Support for various target specification options, such as URLs, IP ranges, ASN range, and file input, allowing flexibility in defining the scanning scope. |
Bulk Scanning | Perform bulk scanning by specifying multiple targets at once, enabling efficient scanning of a large number of assets or websites. |
Flexible Customization | Customize scanning templates to fit specific needs, allowing tailored scanning and focusing on relevant security checks. |
Parallel Scanning | Supports parallel scanning, reducing scanning time and improving efficiency, especially for large-scale targets. |
Comprehensive Reporting cloud | Generates detailed reports with actionable insights, including vulnerability details, severity levels, affected endpoints, and suggested remediation steps. |
Integration with CI/CD Pipelines | Seamlessly integrate Nuclei into CI/CD pipelines for automated security testing as part of the development and deployment process. |
CI/CD Integration cloud | Actively maintained and developed by the ProjectDiscovery team, introducing new features, bug fixes, and enhancements to provide an up-to-date scanning framework. |
Ticketing integration cloud | Two-way ticketing integration with Jira, Splunk, and many others to easily remediate and retest vulnerabilities. |
Customizable Output Format | Configure the output format of Nuclei’s scan results to suit your needs, including options for JSON, YAML, and more. |
Dynamic Variables | Utilize dynamic variables in templates to perform parameterized scanning, enabling versatile and flexible scanning configurations. |
Inclusion and Exclusion Filters | Apply inclusion and exclusion filters to specify targets, reducing scanning scope and focusing on specific areas of interest. |
Authentication Support | Nuclei supports various authentication mechanisms, including HTTP basic authentication, JWT token authentication, and more. |
Embedding custom code in templates | Execute custom code within Nuclei templates to incorporate user-defined logic, perform advanced scanning actions, and more. |
Use Case | Description |
---|---|
Web Application Security | Identifies common web vulnerabilities with community-powered templates. |
Infrastructure Security | Audits server configurations, open ports, and insecure services for security issues. |
API Security Testing alpha | Tests APIs against known vulnerabilities and misconfigurations. |
(CI/CD) Security | Integrates into CI/CD pipelines to minimize vulnerability resurface into production. |
Third-party Vendor Assessment | Evaluates the security of third-party vendors by scanning their digital assets. |
Cloud Security alpha | Scans cloud environments for misconfigurations and vulnerabilities. |
Mobile Application Security | Scans mobile applications for security issues, including API tests and configuration checks. |
Network Device Security alpha | Identifies vulnerabilities in network devices like routers, switches, and firewalls. |
Web Server Assessment | Identifies common vulnerabilities and misconfigurations in web servers. |
Content Management System (CMS) Assessment | Identifies vulnerabilities specific to CMS platforms like WordPress, Joomla, or Drupal. |
Database Security Assessment | Scans databases for known vulnerabilities, default configurations, and access control issues. |