Monitor your infrastructure. Real vulnerabilities. Zero noise.

Trusted by 100k+ security professionals to streamline vulnerabilities that can actually be exploited.

mountain grid

Features - Vulnerability Management

Eliminate false positives

We detect exploitable vulnerabilities. Period. Enabling 10x faster triage and remediation.

Eliminate false positives

Features - Asset Discovery

Discover your infrastructure

Gain instant visibility into your entire tech stack as your team deploys. Contextualize and prioritize your exposure.

Discover your infrastructure

Features - Nuclei templates

Leverage custom exploit detection

With our open-source framework Nuclei, security teams can automate detection for any vulnerability type.

Leverage custom exploit detection

Why ProjectDiscovery

Real-time detection for teams that ship fast

Continuous security checks as your team deploys. Automated workflows to enable instant, organization-wide detection and triage. Transform noisy, ineffective scan results into relevant and actionable alerts.

Monitor your entire attack surface

HOST

PORT

TECH

IP

Continuously scan for exploitable vulnerabilities

Atlassian

Command Injection

CVE-2022-36804

8.8

GitLab

Path Traversal

CVE-2023-2825

7.5

MOVEit Transfer

Code Execution

CVE-2023-34362

9.8

Redis

Code Execution

CVE-2022-0543

10

VMware

Code Execution

CVE-2023-20887

9.8

Atlassian

Command Injection

CVE-2022-36804

8.8

GitLab

Path Traversal

CVE-2023-2825

7.5

MOVEit Transfer

Code Execution

CVE-2023-34362

9.8

Redis

Code Execution

CVE-2022-0543

10

VMware

Code Execution

CVE-2023-20887

9.8

Atlassian

Command Injection

CVE-2022-36804

8.8

GitLab

Path Traversal

CVE-2023-2825

7.5

MOVEit Transfer

Code Execution

CVE-2023-34362

9.8

Redis

Code Execution

CVE-2022-0543

10

VMware

Code Execution

CVE-2023-20887

9.8

Atlassian

Command Injection

CVE-2022-36804

8.8

GitLab

Path Traversal

CVE-2023-2825

7.5

MOVEit Transfer

Code Execution

CVE-2023-34362

9.8

Redis

Code Execution

CVE-2022-0543

10

VMware

Code Execution

CVE-2023-20887

9.8

Alert your engineering team in minutes

Our Solution

Dramatically reduce scanning times, tools, and resources

Consolidate scattered scanning tools into a single, precise, customizable framework for modern teams.

Application

DNS

Internal

Cloud

API

Database

Vulnerability Management
DAST and CI/CD
Attack Surface Management
Compliance
Vulnerability Management

Traditional vulnerability management platforms struggle with excessive false positives and noise. Our vulnerability management platform, powered by Nuclei, delivers high-fidelity scanning to identify actual exploitable vulnerabilities that have real-world impact rather than just relying on CVSS scores. By leveraging the global open-source community, our library of over 9,000 Nuclei templates reflect the latest CVEs and trending misconfigurations.

Our product integrates asset data from cloud platforms to provide essential context, allowing you to prioritize and manage vulnerabilities effectively. With multiple status tracking and easy export options via JSON, API, or Jira integration, remediation is streamlined for your engineering teams.

Exploitable vulnerabilities

10x faster triage

Open source community

Talk to sales

Integrations

Integrate with your platforms

Use our integrations to get alerts sent instantly for ticketing.

COMMUNITY POWERED

The fastest exploits feed on the Internet

ProjectDiscovery is powered by our Nuclei open source project. A global security community that streamlines exploits in real-time. Nuclei is used by Fortune 500 organizations, security firms, and government-led agencies to tackle the emerging exploitable vulnerabilities.

Fortra GoAnywhere MFT - Authentication Bypass

CVE-2024-0204

Vulnerability announced — 01/23/24 at 12:43 PM

Nuclei template created — 01/23/2024 at 1:05 PM

Vulnerability detected — Alert sent in 22 min

CUSTOMIZATION

Write your own detection templates using AI powered by our Nuclei open source library

Leverage the global security community to streamline your vulnerability management. With a template library full of contributions from pentest, bug bounty, and security teams to automate the most complex vulnerability detection.

Broken Authentication

Weak password

Out of band

SQL Injection

Secrets

IDOR

1
id: CVE-2024-27199
2
3
info:
4
name: TeamCity < 2023.11.4 - Authentication Bypass
5
author: DhiyaneshDk
6
severity: high
7
description: |
8
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
9
reference:
10
- https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
11
- https://nvd.nist.gov/vuln/detail/CVE-2024-27199
12
classification:
13
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
14
cvss-score: 7.3
15
cwe-id: CWE-23
16
metadata:
17
verified: true
18
max-request: 3
19
shodan-query: http.component:"TeamCity"
20
tags: cve,cve2024,teamcity,jetbrains,auth-bypass
21
22
http:
23
- method: GET
24
path:
25
- "{{BaseURL}}/res/../admin/diagnostic.jsp"
26
- "{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp"
27
- "{{BaseURL}}/update/../admin/diagnostic.jsp"
28
29
stop-at-first-match: true
30
matchers:
31
- type: dsl
32
dsl:
33
- 'status_code == 200'
34
- 'contains(header, "text/html")'
35
- 'contains_all(body, "Debug Logging", "CPU & Memory Usage")'
36
condition: and
37
# digest: 490a0046304402207d46ec6991f8498ff8c74ec6ebfe0f59f19210620cab88c23c7761c7701b640102201246e4baea4f5b436b45be21c4f66bbe35e8a5f3769b78de38ee94253f331fa7:922c64590222798bb761d5b6d8e72950
Real world simulation

Run the vulnerability tests as an attacker would to exploit a given vulnerability. Capture full logs behind a given test to triage faster for the team.

AI-powered editor

Use our AI-powered vulnerability automation editor to convert your internal vulnerability data into an automated detection pipeline.

Supports 6 protocols

Nuclei, built by our team, supports over 6 protocols as well as code protocols, so you can basically stitch almost any kind of vulnerability.

COMMUNITY

Security teams love us

Learn, collaborate, and contribute with our community.

wormhole