Nuclei Tutorial
Beginner · ⏱ 18 min read · Vulnerability Management
Scan fast. Find vulns faster. Master Nuclei.
Nuclei by ProjectDiscovery is a fast template-based vulnerability scanner with 8,000+ community templates covering CVEs, misconfigs, exposed panels, and default credentials.
Prerequisites
- Go installed or Nuclei binary downloaded
- An authorized target
- Basic YAML knowledge for custom templates
Installation
Install via Go or download pre-compiled binary. Run nuclei -update-templates to get latest.
Basic Scanning
Point Nuclei at a target and it runs all applicable templates automatically. Filter by severity with -severity critical,high.
Template System
Templates are YAML files defining detection logic. 8,000+ checks in nuclei-templates repository.
Template Categories
CVEs, misconfigurations, exposed panels, default logins, takeovers, fuzzing, and workflows.
Writing Custom Templates
Create your own YAML templates for proprietary vulnerabilities or custom checks.
Workflows & Chaining
Chain templates: if template A matches, run B and C for deeper analysis.
CI/CD Integration
Run Nuclei in your pipeline with GitHub Actions or GitLab CI to catch vulns on every deployment.
Bug Bounty Workflow
1) Subfinder for subdomains. 2) Httpx to probe live hosts. 3) Nuclei to scan all. 4) Review findings. 5) Report valid bugs.
Frequently Asked Questions
Is Nuclei free?
Yes, fully free and open-source. ProjectDiscovery also offers a cloud platform (PDCP) with team features.
Nuclei vs Nessus?
Nuclei is free, fast, template-driven for custom checks. Nessus is commercial with compliance features and authenticated scanning.
How many templates?
8,000+ community-maintained templates covering CVEs, misconfigs, panels, default creds. Updated daily.