-

6 min read

Announcing the Nuclei Templates Community Leaderboard and Rewards!

Announcing the Nuclei Templates Community Leaderboard and Rewards!

We’re thrilled to unveil our latest milestones: over 9,000 stars and 900 unique contributors on the templates project, along with a staggering 20,000 stars on the Nuclei repository. This phenomenal growth is a testament to our community’s unwavering dedication to security and their shared passion for safeguarding the digital world. As part of the next phase in the evolution of the Nuclei Templates repository as the central, open source way for security research and engineers to communicate about vulnerabilities, we’re excited to announce our Community Leaderboard and Template Rewards programs.

This program is in addition to (and complements) our recently announced ProjectDiscovery Pioneers program! Template contributions and PRs are created by our amazing community and we’d love to celebrate and showcase your work.

In the Nuclei templates repository, we consistently add trending CVEs and vulnerabilities to empower companies, pentesters, and startups to safeguard their assets using our suite of open-source tools. Because of our amazing community, we often see PRs for CVE added within hours of the public POC release. This quick update pace is crucial for researchers and companies using our repository to stay ahead of threats, ensuring the latest vulnerabilities are tracked and checked.

Our community extends beyond GitHub. On our Discord server, we have over 8,000+ members who help each other with queries, collaborate on projects, and share new ideas about internet security

To encourage more collaboration and express our appreciation, we send stickers to all first-time contributors. It’s a small token of our gratitude for your willingness to jump in and make a difference.

Launching the Nuclei Templates Leaderboard

We are excited to launch the Nuclei Templates Leaderboard within our ProjectDiscovery Cloud platform. This leaderboard is our way of recognizing all the contributors who are making a significant impact on internet security.

Also, if you’re looking for a Hacktoberfest project to contribute to - Nuclei templates might be right up your alley!

Why a Leaderboard?

By contributing to the Nuclei Templates repository, you not only gain valuable experience but also increase your recognition within the community. This visibility can boost your career prospects and open up new opportunities in the cybersecurity field

What Does the Leaderboard Showcase?

Total Number of Templates

Top Categories of Templates

Total Contributors

Total Critical Templates

Below, you’ll find a list of our top contributors, the categories they have primarily contributed to, the total number of templates they’ve submitted, and their total points.

How We Calculate Points

We have a point system to quantify contributions:

💡
This point system is new and subject to change. We welcome your feedback to improve it.

Connect with Contributors

Next to each contributor’s name, you’ll find social links. Feel free to connect with them and send a personal thank-you message if their contributions have helped you in any way.

How to Add Your Social Links

If you’re a contributor and want to add your social profiles, you can do so by raising a Pull Request updating the contributors.json file in the repository from the same GitHub account you use to contribute.

The leaderboard will be helpful in sending swag and invites to our events, based on all-time, quarterly, and yearly points.

Introducing the Template Contribution Rewards

We’re launching the Template Contribution Reward Program, where we’ll list GitHub issues with a 💎 Bounty label for the community to pick up and write templates for specific vulnerabilities and CVEs.

How It Works

  • Find an Issue: Look for issues labeled with 💎 Bounty on our GitHub repository.
  • Start Working: Comment /attempt #1337 (replace #1337 with the issue number) to declare that you’re working on it.
  • Submit Your Template: Once your template is ready, raise a PR and include /claim #1337 in the PR body to claim the bounty. Make sure to read our Contribution Guide before submitting the template.
  • Collaborate and Split Rewards: If you’re collaborating with other community members, you can split the reward by commenting:

cli

1/claim #1337
2/split @jsmith
3/split @jdoe
Each collaborator should be mentioned with their GitHub username.

Rules and Guidelines

  • Acceptance Criteria: Contributors must follow the dos and best practices outlined in our contribution guide. The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data along with the template to help the triage team with validation. Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted.
  • Maximum Attempts: You can attempt up to 3 issues at once.
  • Reward Increments: We start with a base reward. If the CVE remains open for 2 weeks, the reward increases.
  • Issue Expiry: If the task isn’t completed within 2 months, the issue will be closed.

Focus Areas

We’ll create issues based on CVEs that should be prioritized from well-known products. This focus ensures that we’re addressing vulnerabilities that could have a significant impact.

Nuclei Templates Community Rewards Program - FAQ

What is the purpose of this rewards program?

The program is designed to reward the community for their efforts in contributing high-quality templates for critical and trending vulnerabilities.

What are the bounty ranges for template submissions?

Bounties range from $50 to $250, depending on the complexity of the template and the effort required.


Where can I find bounty issues?

Only issues listed by us on our GitHub repository with the 💎 Bounty label are eligible for rewards. You can find these bounty issues here.


What is the acceptance criteria for templates?

Templates must meet the following criteria:

1. Complete POC: A full Proof of Concept (POC) must be provided and not rely solely on version detection.

2. Debug Data: Include debug data to assist with template validation.

3. Validation Required: The template will be reviewed and validated before rewards are given.

4. Accurate Matchers: Use strong matchers to avoid false positives.

Note: Triagers will make the final decision on whether a template qualifies for a reward based on validation and the acceptance criteria outlined.

How often are new bounty issues added?

New bounty issues are added weekly, so check back regularly for fresh opportunities.


Is there a limit to how many issues I can work on?

You can work on up to 3 issues simultaneously.


What happens if I don’t complete an issue on time?

Issues must be completed within 2 months, or they will be closed.


How are rewards distributed?

Rewards are distributed once the template is fully validated. If the issue remains unresolved for a few weeks, the bounty may increase.


What should I include in my template submission?

Include the following:

Complete POC: A working Proof of Concept.

Matchers: Strong matchers to prevent false positives.

Debug Data: Data to assist the triage team in validation.

Metadata: Include required fields like id, name, author, severity, description, and reference.


What types of templates will be rejected?

Templates may be rejected if they:

• Rely solely on version detection.

• Lack a complete POC.

• Contain weak matchers or redundant changes to existing templates.


What should I avoid when submitting a template?

• Avoid sharing real-world targets publicly.

• Don’t submit templates with weak matchers.

• Avoid unnecessary changes to existing templates.


Is this program permanent?

The rewards program is currently a test run, but we may make changes based on community feedback.


What additional rewards are available besides bounties?

In addition to bounties, we also reward contributors with:

Swag such as t-shirts and stickers.

Invites to security conferences for standout contributors.

Stickers for all first-time contributors, regardless of the bounty.

Contributors who feel their pull request or issue was overlooked for first-time contributor stickers can reach out on our Discord: ProjectDiscovery Discord.

Join Us in Making Security Accessible to Everyone

We hope that initiatives like these will encourage more community members to contribute to open-source projects. Your contributions make a real difference, and together, we can continue to make the internet a safer place for everyone.

Thank you for being a part of this journey. We can’t wait to see what we’ll accomplish together next!


You can also join our Discord server. It's a great place to connect with fellow contributors and stay updated with the latest developments. Thank you, once again!

By leveraging Nuclei and actively engaging with the open-source community, or by becoming a part of the ProjectDiscovery Cloud Platform, companies can enhance their security measures, proactively address emerging threats, and establish a more secure digital landscape. Security represents a shared endeavor, and by collaborating, we can consistently adapt and confront the ever-evolving challenges posed by cyber threats.