nuclei-templates
by projectdiscovery
A community-driven collection of templates for the nuclei engine to identify security vulnerabilities in applications.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Primary Use Case
This repository provides a comprehensive set of vulnerability detection templates used by the nuclei scanner, enabling security professionals and DevSecOps teams to automate vulnerability scanning across web applications and infrastructure. Users can leverage these templates to quickly identify common security issues and contribute new templates to enhance coverage.
- Community curated and continuously updated vulnerability detection templates
- Supports a wide range of vulnerability types including CVEs, XSS, RCE, and exposure issues
- Templates categorized by tags, severity, authors, and directories for easy navigation
- Integration-ready JSON and markdown statistics for template usage and analysis
- Extensive documentation and templating guide for creating custom templates
- Active community contributions with pull requests and issue-based template submissions
- Supports various scanning domains such as HTTP, DNS, file, cloud, and network
Installation
- Clone the repository using: git clone https://github.com/projectdiscovery/nuclei-templates.git
- Navigate to the nuclei-templates directory
- Use the templates with the nuclei scanner engine (https://github.com/projectdiscovery/nuclei)
- Refer to https://nuclei.projectdiscovery.io/templating-guide/ for building or customizing templates
Usage
>_ nuclei -t nuclei-templates/Run nuclei scanner using all templates from the nuclei-templates repository
>_ nuclei -update-templatesUpdate the local nuclei templates to the latest community curated versions
>_ Submit new templates via pull requests or GitHub issuesContribute new vulnerability detection templates to the community repository
- Integrate nuclei-templates with CI/CD pipelines to automate vulnerability detection during development and deployment phases.
- Leverage community-curated templates to stay updated on emerging vulnerabilities and reduce manual scanning effort.
- Combine nuclei scanning results with SIEM tools to enhance detection and incident response capabilities.
- Use custom templates to tailor scans for organization-specific assets and threat models.
- Incorporate nuclei templates into purple team exercises to simulate attacker reconnaissance and improve defensive detection.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about nuclei-templates. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
trivy
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
nuclei
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
lynis
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
vuls
future-architect/vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
oss-fuzz
google/oss-fuzz
OSS-Fuzz - continuous fuzzing for open source software.
grype
anchore/grype
A vulnerability scanner for container images and filesystems
