Nuclei FAQ

What is nuclei?

Nuclei is a fast and customizable vulnerability scanner based on simple YAML-based templates.

It has two components, 1) Nuclei engine - the core of the project allows scripting HTTP / DNS / Network / Headless / File protocols based checks in a very simple to read-and-write YAML-based format. 2) Nuclei templates - ready-to-use community-contributed vulnerability templates.

What was the genesis behind nuclei?

Traditional scanners always lacked the features to allow easy-to-write custom checks on top of their engine. And this is how we started developing Nuclei with a core focus on simplicity, modularity, and the ability to scan on many assets.

We wanted something simple enough to be used by everyone while complex enough to integrate into the modern web with its intricacies. The features implemented in nuclei are tailored to allow very rapid prototyping of complex security checks.

What modules does nuclei engine support?

Nuclei engine supports the following type of modules.

• HTTP
• DNS
• TCP
• FILE

What kind of scans can I perform with nuclei?

Nuclei can be used to detect security vulnerabilities in Web Applications, Networks, DNS based misconfiguration, and Secret scanning in source code or files on the local file system.

How well-maintained is this project?

Nuclei project is developed and maintained by ProjectDiscovery team and is in active development (we tend to push release every other week).

How can I support/contribute to this project? 💙

To keep us motivated to work on this project, we request you to write/share new nuclei templates with the community at template project and help us to maintain this public and ready to use / up-to-date nuclei templates.

If you found an interesting/unique security issue using nuclei and wanted to share the process walk-through with everyone in the form of a blog, we are happy to publish your guest blog at https://blog.projectdiscovery.io.

I found results with nuclei. When should I report it?

Wait for a moment, after nuclei detected security issue, it's always advised to have a second look before reporting it. Here is a tip to confirm/validate the found matches.

How to validate nuclei results!

Once nuclei finds a result, you have vulnerable URL and template, rerun the template with -debug flag to inspect vulnerable response against expected matcher defined in the template. In this way, you can confirm the identified vulnerability.

How much traffic does nuclei generate?

As default nuclei makes 1234 HTTP requests in total against single target upon running all nuclei-templates directory. This includes 801 nuclei templates from v8.1.9 release.

As default, few templates listed here are excluded from default scans.

Is it safe to run nuclei?

We consider two factors to say "safe" in context of nuclei -

1. The traffic nuclei makes against the target website.
2. The impact templates have on the target website.

HTTP Traffic

Out of the box, nuclei makes around 1200 - 1300 HTTP requests in total for a given target when all available public templates are executed, which is considered relatively low in numbers and will grow as the template number grows.

Safe Templates

Nuclei templates project houses a variety of templates which includes fuzzing and templates resulting DOS on the target system. To ensure that no one accidentally runs these templates, we tagged and excluded these templates from the default nuclei scan. These templates can be only executed when the user explicitly instructs nuclei to run them.

What is the license of nuclei?

Nuclei is an open-source project distributed under MIT License.

I have more questions 🙋

You are welcome to join our Discord server, and we are active on Twitter as well.