Analysis updated 2026-06-20
Scan your web app or API for known CVEs and misconfigurations using thousands of community-maintained templates.
Add Nuclei to a CI/CD pipeline so every new build is automatically checked for security regressions.
Write a custom YAML template to check for a vulnerability unique to your app and run it on demand.
Run a bug bounty recon scan across a list of target domains and pipe findings into Jira, Splunk, or Slack.
| projectdiscovery/nuclei | fyne-io/fyne | grafana/loki | |
|---|---|---|---|
| Stars | 28,245 | 28,226 | 28,144 |
| Language | Go | Go | Go |
| Setup difficulty | easy | moderate | hard |
| Complexity | 3/5 | 2/5 | 4/5 |
| Audience | ops devops | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Breaking changes can land between releases, read the changelog before upgrading in a production pipeline.
Nuclei is a vulnerability scanner: a command-line program that probes websites, APIs, servers, and cloud configurations to see whether they show signs of known security weaknesses. A vulnerability is a flaw that could let an attacker get in, see data they should not, or break something. The goal of a scanner like Nuclei is to find those flaws before an attacker does, so the owner of the system can fix them. The distinctive idea behind Nuclei is that each check is written as a small YAML file called a template. YAML is a simple plain-text format, so a template is a recipe describing how to test for a single issue: what request to send, what response to look for, and how to confirm a finding. Because templates are short and readable, the security community has built and contributed thousands of them, and the project's separate nuclei-templates repository acts as a shared library that the scanner pulls from. The README highlights what the tool tries to be good at: a simple YAML format for writing and customising checks, community contributions for current vulnerabilities, low false positives by actually simulating the exploit steps rather than just matching version numbers, fast parallel scanning with request clustering, and support for many protocols including TCP, DNS, HTTP, SSL, WHOIS, JavaScript, and code-execution checks. It can be wired into a CI/CD pipeline so that new builds are scanned automatically, and it can send results into existing tools like Jira, Splunk, GitHub, Elastic, and GitLab. The README is translated into Chinese, Korean, Indonesian, Spanish, Japanese, Portuguese, and Turkish. It walks through getting started with the free open-source CLI, briefly mentions paid Pro and Enterprise editions and a free cloud tier from ProjectDiscovery (the company behind the project) for storing findings and managing templates, and shows the command-line flags for single-target scans, multi-target scans, network scans, and running with your own custom template. The project is written in Go and is under active development, so the README warns that breaking changes can land between releases and asks users to read the changelog before updating. People who run Nuclei include penetration testers, bug bounty hunters, security teams checking their own attack surface, and developers running it from a continuous integration job.
Nuclei is a fast, template-driven vulnerability scanner that checks websites, APIs, and servers for thousands of known security weaknesses using community-written YAML recipes.
Mainly Go. The stack also includes Go, YAML.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.