The security landscape is evolving at an unprecedented pace. What used to be a predictable cycle of patching known vulnerabilities has now become a race against adversaries who move faster than ever. Attackers are weaponizing exploits within minutes, like the JetBrains TeamCity CVE-2024-27198, which saw attempted exploitation just 22 minutes after a proof of concept was published.
In this high-stakes environment, security teams need more than traditional vulnerability scanning. They need speed, precision, and scale, without the noise.
At ProjectDiscovery, we’ve always believed in seeing security through the attacker’s lens. That philosophy shaped Nuclei, which has become a go-to tool for researchers and security teams worldwide. Now, we’re taking that same battle-tested engine and pushing it even further.
ProjectDiscovery Cloud is designed for organizations that need to scale their defenses with the best modern vulnerability scanner. It runs Nuclei at blazing speeds in the cloud while adding powerful capabilities like custom scanning schedules, real-time alerts, and streamlined triage workflows.
Today, we’re unveiling the next evolution of vulnerability scanning in ProjectDiscovery Cloud, bringing together cutting-edge detection, automation, and intelligence to help teams stay ahead of attackers.
In this post, we’ll break down each of these improvements in detail. But if you're short on time, here’s the TL;DR on what’s new for vulnerability scanning in ProjectDiscovery v1.
TL;DR
- Blazing-fast, cloud-hosted scanning – Run 35x faster than self-hosted Nuclei with dynamic concurrency, robust error handling, and adaptive throughput. No infrastructure to manage.
- Effortless, automated scanning – One-click scheduling for daily, hourly, or continuous scans, plus time-based scheduling to control exactly when scans run.
- Smart alerts, zero noise – Get notified via email, Slack, Teams, or webhook for new vulnerabilities and asset discoveries, with configurable alerts and summary previews.
- Everything you need to triage, all in one place – Every result includes impact, remediation steps, request/response headers, a one-click cURL command, and detection history for faster triage.
- Instant retest – Quickly confirm if a vulnerability still exists or has been remediated, without waiting for the next scheduled scan.
- Scan logs for complete visibility – Track every scan with asset, template, and result details, plus filtering and log export for auditing, troubleshooting, and compliance.
- Real-Time Autoscan for new, trending exploits – New templates are automatically run as soon as they’re released, helping teams react to critical vulnerabilities before attackers do.
- Internal network scanning – Detect internal threats via local Nuclei scanning or TunnelX, our open-source tunneling solution for secure cloud-controlled scanning. Naabu integration coming soon.
Get started for free, upgrade to Pro, or request a demo for Enterprise.
Blazing fast, cloud-hosted scanning
Traditional vulnerability scanning is slow, noisy, and can’t keep up with modern threats. Attackers move in minutes, your scanner should too.
For organizations managing tens of thousands of assets, speed is critical. But hosting your own Nuclei instances means dealing with cloud configs, network policies, and constant maintenance. ProjectDiscovery Cloud eliminates that overhead with a 35x faster scanning engine built for scale.
- Dynamic request concurrency maximizes speed without overwhelming targets.
- Robust error handling ensures scan integrity.
- Adaptive throughput adjusts based on target responsiveness.
- WAF detection alerts (coming soon) notify you when scans are blocked.
Get actionable results within the same day, not weeks, without the hassle of managing infrastructure. Just fast, high-fidelity vulnerability detection at cloud scale.
Effortless, automated scanning
Staying ahead of attackers means scanning daily, or even more frequently. But setting up automation yourself can be a time sink.
There’s no need for custom scripts or cron jobs with ProjectDiscovery Cloud. Choose a schedule and we’ll handle the rest.
- One-click daily scans run automatically, often alongside asset discovery.
- Higher-frequency scans (every few hours) ensure continuous coverage.
- Continuous scanning kicks off a new scan as soon as the last one finishes (Enterprise only)
- Time-based scheduling lets teams control exactly when scans run.
With always-on monitoring, you can rest easy knowing your assets are continuously checked for vulnerabilities without the manual overhead.
Smart alerts, zero noise
Security teams are overloaded with tools. Logging into yet another portal every day isn’t practical That’s why we built smart alerts, so you’re only notified when it matters.
- Email, Slack, Teams and webook — get alerts via your preferred communication method or automate your own with our webhook
- New vulnerabilities or newly discovered assets — new detections are enabled by default
- Customize alerts across all scans, asset groups, or even per scan.
- Findings summary in each alert so you can quickly assess the issue from your desk or phone
- Weekly digest email summarizes new detections and activity for review
With ProjectDiscovery Cloud, you get the information you need where you need them, like in your inbox or your messaging platform.
Everything you need to triage, all in one place
When a vulnerability is detected, speed matters. You need the right data, immediately, to assess impact and take action.
With ProjectDiscovery Cloud, every finding includes:
- Full vulnerability context, including impact and remediation details from the Nuclei template.
- Host and path visibility, with quick-copy links to open the affected page directly.
- Request and response headers, helping you validate findings and understand server behavior.
- One-click cURL command copying, so you can easily reproduce requests for deeper analysis.
- Detection timeline tracking, showing when an issue was first and last seen.
- And soon, we’re introducing an enhanced results view to further streamline investigation and response.
We bring everything you need in one place. No digging, no guesswork. Just actionable data.
Validate findings in real-time with retest
In a fast-moving environment, vulnerabilities can disappear as quickly as they appear. You need to know, right now, whether an issue still exists.
With ProjectDiscovery Cloud, you can immediately retest a finding with one click.
- Run the same template against the affected host on demand.
- Quickly confirm if a vulnerability is still present—no waiting for the next scheduled scan.
- Minimize false positives and avoid chasing issues that no longer exist.
- Validate fixes instantly after remediation, without running a full scan.
- Speed up triaging workflows, helping security teams focus on real threats.
When time matters, immediate retest gives you the answers you need, when you need them.
Scan logs for complete visibility
Knowing what was scanned is just as important as knowing what was found. Security teams need clear visibility into which templates ran, which assets were scanned, and what the results were, without sifting through endless data.
With ProjectDiscovery Cloud, teams can:
- Review detailed scan logs, filtering through millions of scan requests with ease.
- See exactly which asset was scanned, with what template, and when.
- Filter by template or asset to quickly pinpoint relevant data.
- Export scan logs (Enterprise-only) for deeper analysis or compliance needs.
Scan logs provide the auditability and historical record teams need to track security activity, troubleshoot unexpected results, and optimize scanning strategies. With full transparency into scan activity, security teams can easily investigate, validate, and continuously improve their security posture.
Real-Time Autoscan for new, trending exploits
Staying ahead of attackers means reacting fast, before vulnerabilities are widely exploited. With ProjectDiscovery Cloud, new and trending exploits are automatically scanned against your assets as soon as they’re added to our repository. There is no need to wait for scheduled scans.
- Instant scanning of newly merged templates across enrolled assets.
- Default coverage for all assets, with the option to customize which assets are scanned.
- Rapid response to active exploitation campaigns, reducing exposure during critical windows.
- Proactive security updates. If a major exploit hits the headlines and you’re safe, we’ll notify you so you can confidently inform your leadership.
This Enterprise-only feature ensures security teams aren’t just reacting, they’re ahead of the curve, responding to emerging threats in real time.
Internal Network Scans Support
Perimeter security is just the first line of defense. Once attackers gain a foothold, internal vulnerabilities become their fastest path to escalation. Whether through configuration drift, phishing, or compromised credentials, adversaries exploit weaknesses inside the network to move laterally and expand control.
That’s why internal network scanning is just as critical as external assessments. ProjectDiscovery Cloud offers two powerful approaches to detect and mitigate internal threats while maintaining a strong focus on exploitability and accurate detection:
Local Scanning with Nuclei – Run scans within your environment and upload results to the cloud. This approach gives organizations complete control over execution, ideal for teams with existing workflows or strict network policies.
bash
1# Comprehensive target scanning
2nuclei -u <http://internal-target> -cloud-upload
3
4# Batch asset scanning
5nuclei -l internal-hosts.txt -cloud-upload
6
7# Template-specific assessment
8nuclei -u <http://internal-target> -t misconfiguration/ -cloud-uploadTunnelX: Secure, cloud-controlled scanning via isolated SOCKS5 proxies, enabling secure internal scanning directly from the ProjectDiscovery interface
bash
1# Enterprise deployment via Docker
2docker run --network host -d \\\\
3 -e PDCP_API_KEY="your_api_key" \\\\
4 projectdiscovery/tunnelx:latest
5
6# Multiple network management
7tunnelx -auth <api_key> -name prod-network
8tunnelx -auth <api_key> -name staging-networkAnd coming soon, we’re integrating naabu for network and port discovery on internal networks through TunnelX, making internal security even more comprehensive.
bash
1# Network-wide port discovery
2naabu -host 192.168.1.1/24 -o internal_ports.txt
3
4# Targeted service discovery
5naabu -host 192.168.1.1/24 -p 80,443,8000-9000 -rate 1000 -o internal_ports.txtBy bringing fast, flexible internal scanning to ProjectDiscovery Cloud, we’re helping teams eliminate blind spots and fully replace their traditional scanners with a more actionable, modern solution.
Note: Internal scanning is available for Enterprise plans only.
Wrapping up
In today’s fast-paced threat landscape, staying ahead of attackers requires tools that are not just powerful but also seamless, scalable, and built with the needs of security teams in mind. With these new capabilities in ProjectDiscovery Cloud, we’re delivering faster scans, smarter workflows, and deeper visibility, empowering teams to detect and respond to vulnerabilities with unparalleled efficiency. Whether you’re defending massive external infrastructures, managing internal networks, or responding to the latest exploits, we’ve got you covered. Welcome to the future of vulnerability detection.