Description
Nuclei is a fast, customizable vulnerability scanner powered by the Nuclei engine. It uses YAML-based templates that describe how to detect and verify vulnerabilities. With thousands of community templates, it's the most widely used scanner in bug bounty.
Installation
BASH
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latestBasic Usage
BASH
# Scan a target
nuclei -u https://target.com
# Multiple targets
nuclei -l targets.txt -o results.txt
# By severity
nuclei -u https://target.com -s critical,highAdvanced Usage
BASH
# By tags
nuclei -u https://target.com -tags cve,lfi,rce
# Specific template
nuclei -u https://target.com -t cves/2021/CVE-2021-44228.yaml
# Template directory
nuclei -u https://target.com -t ~/nuclei-templates/cves/
# Update templates
nuclei -update-templates
# Rate limiting
nuclei -u https://target.com -rate-limit 150 -c 50
# JSON output
nuclei -u https://target.com -j -o results.json
# Exclude templates
nuclei -u https://target.com -et ~/nuclei-templates/info/
# Headless mode (for browser-based templates)
nuclei -u https://target.com -headless
# Custom headers
nuclei -u https://target.com -H "Cookie: session=abc"Common Workflows
BASH
# Full recon → scan pipeline
subfinder -d target.com -silent | httpx -silent | nuclei -s critical,high -o vulns.txt
# CVE scanning
nuclei -l targets.txt -tags cve -s critical,high,medium -o cve-results.txt
# Custom template scan
nuclei -l targets.txt -t custom-templates/ -o results.txt