NUCLEI + NUCLEI TEMPLATES

Community-powered vulnerability scanning

Nuclei uses a vast templating library to scan applications, cloud infrastructure, and networks to find and remediate vulnerabilities.

Nuclei hero image

19K+

Stars on GitHub

700+

Nuclei contributors

9K+

Templates created

50M+

Monthly scans

Features

Put Nuclei to work for you

Packed with features to detect threats across your entire tech stack.

Web Applications

Identify common web vulnerabilities with an active library of community-powered templates.

Infrastructure

Audit server configurations, open ports, and services for security issues.

API Testing

Test APIs with an active library of known vulnerabilities and misconfigurations.

CI/CD

Integrates into CI/CD pipelines to minimize vulnerability resurface into production.

Cloud

Scan cloud environments and infrastructure for misconfigurations and vulnerabilities.

Database Assessment

Scan databases for vulnerabilities, insecure configurations, and access control issues.

CUSTOMIZATION

Write your own detection templates using AI powered by our Nuclei open source library

Leverage the global security community to streamline your vulnerability management. With a template library full of contributions from pentest, bug bounty, and security teams to automate the most complex vulnerability detection.

Broken Authentication

Weak password

Out of band

SQL Injection

Secrets

IDOR

1
id: CVE-2024-27199
2


3
info:
4
  name: TeamCity < 2023.11.4 - Authentication Bypass
5
  author: DhiyaneshDk
6
  severity: high
7
  description: |
8
    In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
9
  reference:
10
    - https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
11
    - https://nvd.nist.gov/vuln/detail/CVE-2024-27199
12
  classification:
13
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
14
    cvss-score: 7.3
15
    cwe-id: CWE-23
16
  metadata:
17
    verified: true
18
    max-request: 3
19
    shodan-query: http.component:"TeamCity"
20
  tags: cve,cve2024,teamcity,jetbrains,auth-bypass
21


22
http:
23
  - method: GET
24
    path:
25
      - "{{BaseURL}}/res/../admin/diagnostic.jsp"
26
      - "{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp"
27
      - "{{BaseURL}}/update/../admin/diagnostic.jsp"
28


29
    stop-at-first-match: true
30
    matchers:
31
      - type: dsl
32
        dsl:
33
          - 'status_code == 200'
34
          - 'contains(header, "text/html")'
35
          - 'contains_all(body, "Debug Logging", "CPU & Memory Usage")'
36
        condition: and
37
# digest: 490a0046304402207d46ec6991f8498ff8c74ec6ebfe0f59f19210620cab88c23c7761c7701b640102201246e4baea4f5b436b45be21c4f66bbe35e8a5f3769b78de38ee94253f331fa7:922c64590222798bb761d5b6d8e72950
View template
Real world simulation

Run the vulnerability tests as an attacker would to exploit a given vulnerability. Capture full logs behind a given test to triage faster for the team.

AI-powered editor

Use our AI-powered vulnerability automation editor to convert your internal vulnerability data into an automated detection pipeline.

Supports 6 protocols

Nuclei, built by our team, supports over 6 protocols as well as code protocols, so you can basically stitch almost any kind of vulnerability.

Education Center

Nuclei scanning foundation series

A dedicated video series exploring our community-powered vulnerability scanner.

COMMUNITY

Security teams love us

Learn, collaborate, and contribute with our community.

wormhole
Paul Seekamp
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.
Paul Seekamp
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.
Paul Seekamp
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.
Paul Seekamp
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.