NUCLEI + NUCLEI TEMPLATES

Community-powered vulnerability scanning

Nuclei uses a vast templating library to scan applications, cloud infrastructure, and networks to find and remediate vulnerabilities.

Nuclei hero image

19K+

Stars on GitHub

700+

Nuclei contributors

9K+

Templates created

50M+

Monthly scans

Features

Put Nuclei to work for you

Packed with features to detect threats across your entire tech stack.

Web Applications

Identify common web vulnerabilities with an active library of community-powered templates.

Infrastructure

Audit server configurations, open ports, and services for security issues.

API Testing

Test APIs with an active library of known vulnerabilities and misconfigurations.

CI/CD

Integrates into CI/CD pipelines to minimize vulnerability resurface into production.

Cloud

Scan cloud environments and infrastructure for misconfigurations and vulnerabilities.

Database Assessment

Scan databases for vulnerabilities, insecure configurations, and access control issues.

CUSTOMIZATION

Write your own detection templates using AI powered by our Nuclei open source library

Leverage the global security community to streamline your vulnerability management. With a template library full of contributions from pentest, bug bounty, and security teams to automate the most complex vulnerability detection.

Broken Authentication

Weak password

Out of band

SQL Injection

Secrets

IDOR

1
id: CVE-2024-27199
2
3
info:
4
name: TeamCity < 2023.11.4 - Authentication Bypass
5
author: DhiyaneshDk
6
severity: high
7
description: |
8
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
9
reference:
10
- https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
11
- https://nvd.nist.gov/vuln/detail/CVE-2024-27199
12
classification:
13
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
14
cvss-score: 7.3
15
cwe-id: CWE-23
16
metadata:
17
verified: true
18
max-request: 3
19
shodan-query: http.component:"TeamCity"
20
tags: cve,cve2024,teamcity,jetbrains,auth-bypass
21
22
http:
23
- method: GET
24
path:
25
- "{{BaseURL}}/res/../admin/diagnostic.jsp"
26
- "{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp"
27
- "{{BaseURL}}/update/../admin/diagnostic.jsp"
28
29
stop-at-first-match: true
30
matchers:
31
- type: dsl
32
dsl:
33
- 'status_code == 200'
34
- 'contains(header, "text/html")'
35
- 'contains_all(body, "Debug Logging", "CPU & Memory Usage")'
36
condition: and
37
# digest: 490a0046304402207d46ec6991f8498ff8c74ec6ebfe0f59f19210620cab88c23c7761c7701b640102201246e4baea4f5b436b45be21c4f66bbe35e8a5f3769b78de38ee94253f331fa7:922c64590222798bb761d5b6d8e72950
Real world simulation

Run the vulnerability tests as an attacker would to exploit a given vulnerability. Capture full logs behind a given test to triage faster for the team.

AI-powered editor

Use our AI-powered vulnerability automation editor to convert your internal vulnerability data into an automated detection pipeline.

Supports 6 protocols

Nuclei, built by our team, supports over 6 protocols as well as code protocols, so you can basically stitch almost any kind of vulnerability.

Education Center

Nuclei scanning foundation series

A dedicated video series exploring our community-powered vulnerability scanner.

COMMUNITY

Security teams love us

Learn, collaborate, and contribute with our community.

wormhole