What is Nuclei

What is Nuclei?

NucleiProjectDiscovery it is a fast and open source security vulnerability scanning software developed by his team, written in Go language, that can be managed with templates (template – in YAML format). Because it is manageable with templates, it makes it possible to look for a specific vulnerability on multiple servers. Nuclei tool TCP, DNS, HTTP etc. on protocols security breach it can scan. It also has a template repository contributed by more than 200’ security researchers and engineers.

Nuclei Installation

Installing Nuclei with Go

GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

Requires the latest Go version to install successfully.

Installing Nuclei with Brew

brew install nucleus

This method supports MacOS and Linux.

Installing Nuclei with Docker

docker pull projectdiscovery/nuclei:latest

Nuclei Setup from Github

go clone https://github.com/projectdiscovery/nuclei.git; \
cd nucleusi/v2/cmd/nuclei; \
go build; \
mv nucleusi /usr/local/bin/; \
nucleus -version;

Requires the latest Go version to install successfully.

Nuclear binary

After “https://github.com/projectdiscovery/nuclei/releases” downloads the latest file from this address according to your operating system and extracts it from the archive, you can run the binary file.

Nuclei Template Installation and Update

nucleus -ut
nucleus -update

Nuclei Installation

We are now ready to use the Nuclei tool. “ to see all commands and descriptionsnucleus -hYou can use the ” command.

nuclei
Usage:
  nucleus [flags]

Flags:
TARGET:
   -u, -target string[] target URLs/hosts to scan
   -l, -list string path to file containing a list of target URLs/hosts to scan (one per line)

TEMPLATES:
   -tl list all available templates
   -t, -templates string[] template or template directory paths to include in the scan
   -w, -workflows string[] list of workflows to run
   -nt, -new-templates run newly added templates only
   -validate validate the passed templates to nuclei

FILTERING:
   -tags string[] execute a subset of templates that contain the provided tags
   -include-tags string[] tags from the default deny list that permit executing more intrusive templates
   -etags, -exclude-tags string[] exclude templates with the provided tags
   -include-templates string[] templates to be executed even if they are excluded either by default or configuration
   -exclude-templates, -exclude string[] template or template directory paths to exclude
   -severity, -impact value[] Templates to run based on severity. Possible values: info, low, medium, high, critical
   -author string[] execute templates that are (co-)created by the specified authors

OUTPUT:
   -o, -output string output file to write found issues/vulnerabilities
   -silent display finds only
   -v, -verbose show verbose output
   -vv display extra verbose information
   -nc, -no-color disable output content coloring (ANSI escape codes)
   -json write output in JSONL(ines) format
   -irr, -include-rr include request/response pairs in the JSONL output (for finds only)
   -nm, -no-meta don't display match metadata in CLI output
   -nts, -no-timestamp don't display timestamp metadata in CLI output
   -rdb, -report-db string local nuclear reporting database (always use this to persistent report data)
   -me, -markdown-export string directory to export results in markdown format
   -se, -sarif-export string file to export results in SARIF format

CONFIGURATIONS:
   -config string path to the nucleusi configuration file
   -rc, -report-config string nucleus reporting module configuration file
   -H, -header string[] custom heads in header:value format
   -V, -var value custom vars in var=value format
   -r, -resolvers string file containing resolver list for nucleus
   -system-resolvers use system DNS resolving as error fallback
   -passive enable passive HTTP response processing mode
   -env-vars enable environment variables support

INTERACTSH:
   -no-interactsh disable interactsh server for OOB testing
   -interactsh-url string interactsh server url for self-hosted instance (default "https://interact.sh")
   -interactsh-token string authentication token for self-hosted interactsh server
   -interactions-cache-size int number of requests to keep in the interactions cache (default 5000)
   -interactions-eviction int number of seconds to wait before evicting requests from cache (default 60)
   -interactions-poll-duration int number of seconds to wait before each interaction poll request (default 5)
   -interactions-cooldown-period int extra time for interaction polling before exiting (default 5)

RATE-LIMIT:
   -rl, -rate-limit int maximum number of requests to send per second (default 150)
   -rlm, -rate-limit-minute int maximum number of requests to send per minute
   -bs, -bulk-size int maximum number of hosts to be analyzed in parallel per template (default 25)
   -c, -concurrency int maximum number of templates to be executed in parallel (default 10)

OPTIMIZATIONS:
   -timeout int time to wait in seconds before timeout (default 5)
   -retries int number of times to retry a failed request (default 1)
   -max-host-error int max errors for a host before skipping from scan (default 30)
   -project use a project folder to avoid sending same request multiple times
   -project-path string set a specific project path (default "$TMPDIR/")
   -spm, -stop-at-first-path stop processing HTTP requests after the first match (may break template/workflow logic)

HEADLESS:
   -headless enable templates that require headless browser support
   -page-timeout int seconds to wait for each page in headless mode (default 20)
   -show-browser show the browser on the screen when running templates with headless mode

DEBUG:
   -debug show all requests and responses
   -debug-req show all sent requests
   -debug-resp show all received responses
   -proxy, -proxy-url string URL of the HTTP proxy server
   -proxy-socks-url string URL of the SOCKS proxy server
   -trace-log string file to write sent requests trace log
   -version show nucleus version
   -tv, -templates-version shows the version of the installed nuclei-templates

UPDATE:
   -update update nucleus to the latest released version
   -ut, -update-templates update the community templates to latest released version
   -nut, -no-update-templates do not check for nuclei-templates updates
   -ud, -update-directory string overwrite the default nucleus-templates directory (default "$HOME/nuclei-templates")

STATISTICS:
   -stats display statistics about the running scan
   -stats-json write statistics data to an output file in JSONL(ines) format
   -si, -stats-interval int number of seconds to wait between showing a statistics update (default 5)
   -metrics expose nuclei metrics on a port
   -metrics-port int port to expose nuclear metrics on (default 9092)

The most basic use of Nuclei is “nucleus -u https://target.comit is shaped like ”. Since we do not specify a specific template in this usage, it will use all templates by default.

nuclei 2

“ if we want to use specific templates-tWe can use the ” parameter. For example; “nucleusi -u https://target.com -t cves/2020/when we run the ” command, it will use all templates under the “cves/2020/” directory.

nuclei 3

Instead of using more than one template, we can also use a single one. For example; “nucleusi -u https://target.com -t cves/2020/CVE-2020-35736.yaml

nuclei 4

Also “ to exclude some templates in the scan-exclude-templatesWe can use the ” parameter.

nuclei 5

By filtering templates, we can ensure that only templates of the type we want work. Nuclei supports three types of filtering methods.

  • Tags (-tags)
  • Degree of importance (-severity)
  • Author (-author)

To exclude some tags, “-exclude-tags We can use the ” parameter.

Sample Usage: “nucleus -u https://target.com -tags rce,cve -severity critical,high -author XXXX -exclude-tags xss

nuclei 6

“ if we want to scan on multiple targets-list” or “-lWe can use the ” parameter. For example; “nucleusi -l url_listesi.txtWith the ” command, it scans all addresses in the “url_listesi.txt” file.
Note: An address must be written on each line in the file containing the addresses where the scan will be made.

nuclei 7

Nuclei’s reporting module JiraGithub and Gitlabsupports ’. To do this, “ must create the config file of the platform on which the reporting will be made-rc” or “-report-configAfter the ” parameter, the path to the config file must be specified.

Example config file: https://github.com/projectdiscovery/nuclei/blob/master/v2/cmd/nuclei/issue-tracker-config.yaml

Example usage: “nucleus -u https://target.com -rc config.yaml

“ to export the output of the scan as markdown-me” or “-markdown-exportWe can use the ” parameter. “ if we just want to export the output in plain text-oWe can use the ” parameter.

Example usage: “nucleusi -u https://target.com -rc config.yaml -me markdown.txt -o output.txt

Similar Posts

  • The Ultimate Guide to Computer Security and Internet Safety – Protecting Your Digital Life

    Navigating the modern digital world requires more than just good antivirus software; it demands a comprehensive, layered strategy. This is The Ultimate Guide to establishing robust Computer Security and Internet Safety for yourself, your family, or your small business. Every click, every download, and every social media interaction carries risk, making constant vigilance and education essential. By mastering the principles outlined in The Ultimate Guide, you can transform your digital devices from vulnerable targets into secure, resilient fortresses against cyber threats like malware, phishing, and identity theft.

  • How to use Malwarebytes Anti-Malware to scan and remove malware from your computer

    Learning how to use Malwarebytes Anti-Malware is one of the most effective steps you can take to clean a compromised computer and protect yourself against future threats. Malwarebytes is highly regarded for its ability to detect and quarantine aggressive malware, ransomware, and Potentially Unwanted Programs (PUPs) that traditional antivirus software might miss. This guide walks you through the straightforward process of how to use Malwarebytes to restore your PC to a secure state.

  • Passkeys vs Passwords – Why You Should Finally Ditch Your Master Password in 2025

    For decades, the password has been the undisputed gatekeeper of our digital lives. Yet, year after year, headlines scream about massive data breaches, and users groan under the weight of “password fatigue.” Even the venerable Master Password, the core of your password manager, is an increasingly vulnerable single point of failure.

    In 2025, the conversation is no longer about managing complexity; it’s about embracing simplicity and true security. The era of the alphanumeric string is over. The definitive answer to digital authentication is here, and it is time to shift your perspective on Passkeys vs Passwords.

    This comprehensive guide breaks down the critical differences in the Passkeys vs Passwords debate, illuminates the superior security model of passkeys, and provides a compelling argument for why this is the year you finally move past the master password paradigm.

  • Smart Home Security Vulnerabilities

    The modern dream of a connected, automated home brings unprecedented convenience. Yet, it also unlocks a dangerous door to complex digital risks. Understanding Smart Home Security Vulnerabilities is the absolute first step in protecting your private sanctuary. It is no longer just about convenience; it is about defending your digital perimeter.

  • What is Artificial Intelligence in Cyber Security?

    Artificial intelligence in cybersecurity is revolutionizing threat detection and response with machine learning algorithms that analyze millions of security events per second and identify patterns that humans cannot perceive. According to IBM’s Artificial Intelligence Security Report, businesses using artificial intelligence in cyber security reduce incident response times by 70% and reach a threat detection rate of 98%. This technology processes large data sets to predict cyber attacks, automate defenses, and adapt to evolving threats faster than traditional security methods. businesses implementing AI-driven security save 150 billion dollars annually thanks to improved threat prevention and reduced breach costs. Security teams leverage artificial intelligence to combat deepfakes, automated phishing, and advanced cyberattacks targeting critical infrastructure.

  • The Best Password Managers for 2025: LastPass vs 1Password – Our Head-to-Head Report

    Stop reusing passwords! We put LastPass vs 1Password head-to-head for security, features, and ease of use. The Secure Patrol’s 2025 verdict: Which password manager truly protects your digital life?

    Let’s talk about the weakest link in your digital security: your passwords.

    You’re probably reusing them. You’re probably making them too simple. And you’re probably writing them on a sticky note attached to your monitor. Don’t worry, you’re not alone. We all do it.

    But in 2025, with data breaches happening daily, having a dozen variations of “Password123!” across your bank, email, and social media accounts is practically an invitation for hackers.