Nuclei is a powerful, community-driven vulnerability scanning tool that simplifies vulnerability scanning for impactful findings. It allows security practitioners and developers to quickly identify vulnerabilities across different platforms and technologies. Please read our blog on how one could potentially scale nuclei and some more use cases.


Before using Nuclei, ensure you have downloaded and installed it. You can find the installation instructions and source code in the Nuclei GitHub repository.



Nuclei is used via the command line and works with templates that define specific security checks. To scan a target, use a command like:

nuclei -u -t http/technologies

This command checks the target against all the CVE (Common Vulnerabilities and Exposures) templates in Nuclei’s template directory.


Nuclei presents its findings in a straightforward format, detailing the vulnerability type, the matched template, and the affected URL:

[2024-01-20 09:30:00] [cve-2023-XXXXX] [http] [critical]
$ nuclei -u -t http/technologies        

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.5


[INF] Current nuclei version: v3.1.5 (latest)
[INF] Current nuclei-templates version: v9.7.4 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 6
[INF] Templates loaded for current scan: 604
[INF] Executing 603 signed templates from projectdiscovery/nuclei-templates
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Templates clustered: 224 (Reduced 215 Requests)
[fingerprinthub-web-fingerprints:openfire] [http] [info]
[aws-detect:aws-cloudfront] [http] [info]
[aws-detect:aws-kms] [http] [info]
[aws-bucket-service] [http] [info]
[aws-cloudfront-service] [http] [info]
[s3-detect] [http] [info]
[waf-detect:modsecurity] [http] [info]
[waf-detect:cloudfront] [http] [info]

Template Customization

One of the strengths of Nuclei is its customizable template system, allowing users to define or modify checks for a wide range of scenarios.


Creating a custom template involves defining the request and the condition for a match. For example, a basic template to check for a version in a webpage could be:

id: custom-check

  name: Check Webpage for Version
  author: yourname
  severity: info

  - method: GET
      - "{{BaseURL}}/path-to-check"

      - type: word
          - "Version 1.0.0"
        part: body

This template checks if “Version 1.0.0” is present in the response body of the specified path.


If the condition is met, Nuclei will report the match:

[2024-01-20 09:45:00] [custom-check] [http] [info]

Nuclei stands out as a versatile and efficient tool for vulnerability scanning. Its template-driven approach provides flexibility, allowing both rapid scanning with community templates and tailored checks with custom templates.