explaingit

projectdiscovery/nuclei

Analysis updated 2026-06-20

28,245GoAudience · ops devopsComplexity · 3/5Setup · easy

TLDR

Nuclei is a fast, template-driven vulnerability scanner that checks websites, APIs, and servers for thousands of known security weaknesses using community-written YAML recipes.

Mindmap

mindmap
  root((Nuclei))
    What it does
      Vulnerability scanner
      YAML template engine
      Community CVE checks
      CI/CD integration
    Tech Stack
      Go
      YAML
    Use Cases
      Web app scanning
      Bug bounty recon
      CI/CD security gate
    Audience
      Penetration testers
      Security engineers
      Bug bounty hunters
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan your web app or API for known CVEs and misconfigurations using thousands of community-maintained templates.

USE CASE 2

Add Nuclei to a CI/CD pipeline so every new build is automatically checked for security regressions.

USE CASE 3

Write a custom YAML template to check for a vulnerability unique to your app and run it on demand.

USE CASE 4

Run a bug bounty recon scan across a list of target domains and pipe findings into Jira, Splunk, or Slack.

What is it built with?

GoYAML

How does it compare?

projectdiscovery/nucleifyne-io/fynegrafana/loki
Stars28,24528,22628,144
LanguageGoGoGo
Setup difficultyeasymoderatehard
Complexity3/52/54/5
Audienceops devopsdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Breaking changes can land between releases, read the changelog before upgrading in a production pipeline.

In plain English

Nuclei is a vulnerability scanner: a command-line program that probes websites, APIs, servers, and cloud configurations to see whether they show signs of known security weaknesses. A vulnerability is a flaw that could let an attacker get in, see data they should not, or break something. The goal of a scanner like Nuclei is to find those flaws before an attacker does, so the owner of the system can fix them. The distinctive idea behind Nuclei is that each check is written as a small YAML file called a template. YAML is a simple plain-text format, so a template is a recipe describing how to test for a single issue: what request to send, what response to look for, and how to confirm a finding. Because templates are short and readable, the security community has built and contributed thousands of them, and the project's separate nuclei-templates repository acts as a shared library that the scanner pulls from. The README highlights what the tool tries to be good at: a simple YAML format for writing and customising checks, community contributions for current vulnerabilities, low false positives by actually simulating the exploit steps rather than just matching version numbers, fast parallel scanning with request clustering, and support for many protocols including TCP, DNS, HTTP, SSL, WHOIS, JavaScript, and code-execution checks. It can be wired into a CI/CD pipeline so that new builds are scanned automatically, and it can send results into existing tools like Jira, Splunk, GitHub, Elastic, and GitLab. The README is translated into Chinese, Korean, Indonesian, Spanish, Japanese, Portuguese, and Turkish. It walks through getting started with the free open-source CLI, briefly mentions paid Pro and Enterprise editions and a free cloud tier from ProjectDiscovery (the company behind the project) for storing findings and managing templates, and shows the command-line flags for single-target scans, multi-target scans, network scans, and running with your own custom template. The project is written in Go and is under active development, so the README warns that breaking changes can land between releases and asks users to read the changelog before updating. People who run Nuclei include penetration testers, bug bounty hunters, security teams checking their own attack surface, and developers running it from a continuous integration job.

Copy-paste prompts

Prompt 1
I want to scan my web app at example.com with Nuclei using the default community templates. Give me the exact command and explain what the output means.
Prompt 2
How do I write a Nuclei YAML template that sends a specific HTTP request and flags a finding if the response contains a particular string?
Prompt 3
How do I add Nuclei to a GitHub Actions CI pipeline so it scans a staging URL on every pull request and fails the build if it finds critical issues?
Prompt 4
I have a list of 500 subdomains in a text file. How do I run Nuclei against all of them in parallel and save results to a JSON file?

Frequently asked questions

What is nuclei?

Nuclei is a fast, template-driven vulnerability scanner that checks websites, APIs, and servers for thousands of known security weaknesses using community-written YAML recipes.

What language is nuclei written in?

Mainly Go. The stack also includes Go, YAML.

How hard is nuclei to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is nuclei for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub projectdiscovery on gitmyhub

Verify against the repo before relying on details.