NUCLEI + NUCLEI TEMPLATES

The fastest exploits feed on the Internet

Nuclei uses a vast templating library to scan applications, cloud infrastructure, and networks to find and remediate vulnerabilities.

Try our platform
Learn more

30K+

Stars on GitHub

900+

Nuclei contributors

10K+

Templates created

50M+

Monthly scans

Trending vulnerabilities

View templates

Contributor leaderboard

    #

    Username

    Category

    Templates

    Points

    View all

    Put Nuclei to work

    Web Application

    Identify common web vulnerabilities with an active library of community-powered templates.

    Cloud

    Examine cloud environments and infrastructure for misconfigurations and vulnerabilities.

    Network Security

    Scan non web services like SSH, FTP, SMB, and more.

    API

    Test APIs with an active library of known vulnerabilities and misconfigurations.

    Infrastructure

    Audit server configurations, open ports, and services for security issues.

    CI/CD

    Integrate into your existing pipelines to minimize issues resurfacing into production.

    CUSTOMIZATION

    Write your own detection templates using AI powered by our Nuclei open source library

    Leverage the global security community to streamline your vulnerability management. With a template library full of contributions from pentest, bug bounty, and security teams to automate the most complex vulnerability detection.

    Broken Authentication

    Weak password

    Out of band

    SQL Injection

    Secrets

    IDOR

    1
    id: CVE-2024-27199
    2
    

    3
    info:
    4
      name: TeamCity < 2023.11.4 - Authentication Bypass
    5
      author: DhiyaneshDk
    6
      severity: high
    7
      description: |
    8
        In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
    9
      reference:
    10
        - https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
    11
        - https://nvd.nist.gov/vuln/detail/CVE-2024-27199
    12
      classification:
    13
        cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    14
        cvss-score: 7.3
    15
        cwe-id: CWE-23
    16
      metadata:
    17
        verified: true
    18
        max-request: 3
    19
        shodan-query: http.component:"TeamCity"
    20
      tags: cve,cve2024,teamcity,jetbrains,auth-bypass
    21
    

    22
    http:
    23
      - method: GET
    24
        path:
    25
          - "{{BaseURL}}/res/../admin/diagnostic.jsp"
    26
          - "{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp"
    27
          - "{{BaseURL}}/update/../admin/diagnostic.jsp"
    28
    

    29
        stop-at-first-match: true
    30
        matchers:
    31
          - type: dsl
    32
            dsl:
    33
              - 'status_code == 200'
    34
              - 'contains(header, "text/html")'
    35
              - 'contains_all(body, "Debug Logging", "CPU & Memory Usage")'
    36
            condition: and
    37
    # digest: 490a0046304402207d46ec6991f8498ff8c74ec6ebfe0f59f19210620cab88c23c7761c7701b640102201246e4baea4f5b436b45be21c4f66bbe35e8a5f3769b78de38ee94253f331fa7:922c64590222798bb761d5b6d8e72950
    View template
    Real world simulation

    Run the vulnerability tests as an attacker would to exploit a given vulnerability. Capture full logs behind a given test to triage faster for the team.

    AI-powered editor

    Use our AI-powered vulnerability automation editor to convert your internal vulnerability data into an automated detection pipeline.

    Supports 6 protocols

    Nuclei, built by our team, supports over 6 protocols as well as code protocols, so you can basically stitch almost any kind of vulnerability.

    Education Center

    Nuclei scanning foundation series

    A dedicated video series exploring our community-powered vulnerability scanner.

    Nuclei stories

    View all
    Alibaba Cloud - Nuclei Templates v10.1.1 🎉

    Alibaba Cloud - Nuclei Templates v10.1.1 🎉

    We're excited to tell you about Nuclei Templates release v10.1.1 ! This new version includes newly added Alibaba Cloud Review templates. In this blog post, we'll discuss automating Alibaba cloud misconfiguration review, creating custom checks, and sharing results on the PDCP Cloud for review. An Alibaba Cloud Configuration Security Review is essential for assessing and improving the security of your cloud infrastructure. It ensures that your resources are configured correctly, compliant with re

    Nuclei & Templates
    From CVE to Template: The Future of Automating Nuclei Templates with AI

    From CVE to Template: The Future of Automating Nuclei Templates with AI

    In the fast-paced world of cybersecurity, staying ahead of new vulnerabilities is a constant challenge. Every week, new vulnerabilities are disclosed, and attackers are quick to exploit them. As security teams, we need to be equally swift in identifying and addressing these vulnerabilities to protect our organizations and users. Your ProjectDiscovery team desires to speed up the creation of Nuclei templates for new CVEs. Creating Nuclei templates manually for every new CVE is time-consuming and

    Nuclei & Templates
    Windows Security Hardening and Auditing - Nuclei Templates v10.1.0 🎉

    Windows Security Hardening and Auditing - Nuclei Templates v10.1.0 🎉

    We're thrilled to introduce Nuclei Templates release v10.1.0! In this update, we are focusing on Windows Security Hardening and Auditing. Our latest release expands your toolkit with new Windows security templates, designed to automate and enhance the security auditing of Windows systems. Here, we'll explore how to use these templates effectively, customize them for your specific security needs, and share results on the PDCP Cloud for review. Windows operating systems, widely utilized in both e

    Nuclei & Templates