Detect real vulnerabilities
Harness the power of Nuclei for fast and accurate findings without false positives.
Trusted by 100k+ security professionals
Real-time detection for teams that ship fast
Continuous security checks as your team deploys. Automated workflows to enable instant, organization-wide detection and triage. Transform noisy, ineffective scan results into relevant and actionable alerts.
Discover your entire attack surface
HOST
PORT
TECH
IP
Continuously scan for exploitable vulnerabilities
Atlassian
Command Injection
CVE-2022-36804
8.8
GitLab
Path Traversal
CVE-2023-2825
7.5
MOVEit Transfer
Code Execution
CVE-2023-34362
9.8
Redis
Code Execution
CVE-2022-0543
10
VMware
Code Execution
CVE-2023-20887
9.8
Atlassian
Command Injection
CVE-2022-36804
8.8
GitLab
Path Traversal
CVE-2023-2825
7.5
MOVEit Transfer
Code Execution
CVE-2023-34362
9.8
Redis
Code Execution
CVE-2022-0543
10
VMware
Code Execution
CVE-2023-20887
9.8
Atlassian
Command Injection
CVE-2022-36804
8.8
GitLab
Path Traversal
CVE-2023-2825
7.5
MOVEit Transfer
Code Execution
CVE-2023-34362
9.8
Redis
Code Execution
CVE-2022-0543
10
VMware
Code Execution
CVE-2023-20887
9.8
Atlassian
Command Injection
CVE-2022-36804
8.8
GitLab
Path Traversal
CVE-2023-2825
7.5
MOVEit Transfer
Code Execution
CVE-2023-34362
9.8
Redis
Code Execution
CVE-2022-0543
10
VMware
Code Execution
CVE-2023-20887
9.8
Assign tickets and alert your team in minutes
Our Solution
Dramatically reduce scanning times, tools, and resources
Consolidate scattered scanning tools into a single, precise, customizable framework for modern teams.
Application
DNS
Internal
Cloud
API
Database
Vulnerability Management
Attack Surface Management
Compliance
Vulnerability Management
Traditional vulnerability management platforms struggle with excessive false positives and noise. Our vulnerability management platform, powered by Nuclei, delivers high-fidelity scanning to identify actual exploitable vulnerabilities that have real-world impact rather than just relying on CVSS scores. By leveraging the global open-source community, our library of over 9,000 Nuclei templates reflect the latest CVEs and trending misconfigurations. Our product integrates asset data from cloud platforms to provide essential context, allowing you to prioritize and manage vulnerabilities effectively. With multiple status tracking and easy export options via JSON, API, or Jira integration, remediation is streamlined for your engineering teams.
Exploitable vulnerabilities
10x faster triage
Open source community
Write your own detection templates using AI powered by our Nuclei open source library
Leverage the global security community to streamline your vulnerability management. With a template library full of contributions from pentest, bug bounty, and security teams to automate the most complex vulnerability detection.
Broken Authentication
Weak password
Out of band
SQL Injection
Secrets
IDOR
1id: CVE-2024-2719923info:4name: TeamCity < 2023.11.4 - Authentication Bypass5author: DhiyaneshDk6severity: high7description: |8In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible9reference:10- https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/11- https://nvd.nist.gov/vuln/detail/CVE-2024-2719912classification:13cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L14cvss-score: 7.315cwe-id: CWE-2316metadata:17verified: true18max-request: 319shodan-query: http.component:"TeamCity"20tags: cve,cve2024,teamcity,jetbrains,auth-bypass2122http:23- method: GET24path:25- "{{BaseURL}}/res/../admin/diagnostic.jsp"26- "{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp"27- "{{BaseURL}}/update/../admin/diagnostic.jsp"2829stop-at-first-match: true30matchers:31- type: dsl32dsl:33- 'status_code == 200'34- 'contains(header, "text/html")'35- 'contains_all(body, "Debug Logging", "CPU & Memory Usage")'36condition: and37# digest: 490a0046304402207d46ec6991f8498ff8c74ec6ebfe0f59f19210620cab88c23c7761c7701b640102201246e4baea4f5b436b45be21c4f66bbe35e8a5f3769b78de38ee94253f331fa7:922c64590222798bb761d5b6d8e72950
Real world simulation
Run the vulnerability tests as an attacker would to exploit a given vulnerability. Capture full logs behind a given test to triage faster for the team.
AI-powered editor
Use our AI-powered vulnerability automation editor to convert your internal vulnerability data into an automated detection pipeline.
Supports 6 protocols
Nuclei, built by our team, supports over 6 protocols as well as code protocols, so you can basically stitch almost any kind of vulnerability.
Faster detection. Faster protection.
How ProjectDiscovery responds to critical vulnerabilities faster than legacy scanners.
CVE-2025-1974
IngressNightmare
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Time to detection
ProjectDiscovery
Legacy scanners
Public advisory & patch release
Kubernetes and Wiz Research publicly disclosed CVE-2025-1974 and released patched Ingress NGINX versions 1.12.1 and 1.11.5.
ProjectDiscovery publishes internal detection template
A Nuclei template for internal network scanning of CVE-2025-1974 was released, enabling detection within private infrastructures.
Realtime automated scans triggered
Remediation workflows initiated
Qualys publishes upgrade advisory
Qualys released a blog post recommending users upgrade their Ingress NGINX controller to the patched versions to mitigate CVE-2025-1974.
ProjectDiscovery publishes external detection template
A Nuclei template for external scanning was released, allowing detection of CVE-2025-1974 from outside target networks.
External scanning available
Rapid7 releases Cluster Scanner plugin
Rapid7 launched the Kubernetes Cluster Scanner plugin with checks for CVE-2025-1974, enabling customers to validate patch status across their clusters.
Tenable releases Nessus plugin #233656
Tenable published a direct remote check plugin for Nessus, allowing automated scanning for CVE-2025-1974 on target systems.
- Scan for CVE-2025-1974
COMMUNITY
Security teams love us
Learn, collaborate, and contribute with our community.
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!