projectdiscovery

projectdiscovery/nuclei

Go MIT Security

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

29.6k stars
3.6k forks
active
GitHub +181 / week

29.6k

Stars

3.6k

Forks

102

Open issues

30

Contributors

v3.11.0 06 Jul 2026

AI Analysis

Nuclei is a high-performance vulnerability scanner built in Go that uses YAML-based templates to detect security issues across applications, APIs, networks, DNS, and cloud configurations. It is specifically designed for security professionals and DevOps teams who need to integrate automated vulnerability scanning into CI/CD pipelines and conduct comprehensive security assessments with minimal false positives. It is not a general-purpose security audit tool but rather a specialized, template-d...

Security Security Tool Discovery value: 2/10
Documentation 8/10
Activity 9/10
Community 9/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 8/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

vulnerability-scanning security-automation yaml-based-dsl ci-cd-integration threat-detection
Actively maintained Well documented MIT licensed Popular Niche/specialized use case Production ready
Deep Analysis · Based on README and public signals
2w ago

Nuclei: YAML-driven vulnerability scanner with 29K stars and active community backing

Nuclei is a fast, template-based vulnerability scanner written in Go, built by ProjectDiscovery. It enables security professionals to write and share detection logic in a simple YAML DSL, covering HTTP, DNS, TCP, SSL, and more. Its companion template library (12K+ stars) is contributed by thousands of researchers worldwide. Used by bug bounty hunters, pentesters, and enterprise security teams, it integrates into CI/CD pipelines and offers a commercial cloud tier. It is one of the most widely adopted open-source vulnerability scanning engines in the offensive security ecosystem.

Origin

Created in April 2020, Nuclei emerged as a lightweight alternative to heavier scanning platforms, gaining traction in the bug bounty and red team communities. ProjectDiscovery built a full ecosystem around it, including subfinder, naabu, and a hosted cloud platform.

Growth

Growth was propelled by the bug bounty community adopting it as a go-to automation tool, the low barrier to writing custom templates, and ProjectDiscovery's strategy of open-sourcing a suite of interconnected recon tools. The community-contributed template library created a flywheel effect: more templates attracted more users, who contributed more templates. Commercial cloud offerings added enterprise pull without fragmenting the open-source base.

In production

Widely referenced in bug bounty write-ups, pentest automation frameworks (e.g., reconftw integrates it), and security blogs. ProjectDiscovery offers a commercial SaaS tier, implying paying enterprise customers. The 29K stars, 3.5K forks, and the companion nuclei-templates repo with 12.5K stars are strong indirect signals of broad real-world deployment. Adoption appears well-established across individual security researchers, red teams, and security-conscious engineering organizations.

Code analysis
Architecture

Likely a Go CLI binary with a pluggable protocol engine; appears to support concurrent request execution with clustering optimizations. Template parsing is YAML-based with a custom DSL. The README references support for TCP, DNS, HTTP, SSL, WHOIS, JavaScript, and code execution protocols, suggesting a modular protocol handler design. Integration hooks for Jira, Splunk, GitHub, Elastic, and GitLab are mentioned, likely as output/notification plugins.

Tests

not documented in README

Maintenance

Last push was June 23, 2026 — one day before the evaluation date — indicating very active, near-daily maintenance. The project has been continuously developed since 2020. README explicitly warns of active development and breaking changes, which reflects a live, rapidly evolving codebase rather than a stagnant one.

Honest verdict

ADOPT IF: you are a bug bounty hunter, pentester, or security engineer needing fast, scriptable, community-backed scanning across many targets with customizable detection logic. AVOID IF: you require a fully managed compliance-grade scanner with formal CVE SLA coverage, vendor support contracts, and no tolerance for breaking changes in a production-critical pipeline. MONITOR IF: you are evaluating moving from ad-hoc scanning to continuous automated vulnerability detection in a DevSecOps context — the commercial cloud tier may close remaining enterprise gaps.

Independent dimensions

Mainstream potential

8/10

Technical importance

9/10

Adoption evidence

9/10

Risks
  • README explicitly warns of breaking changes between releases, which can disrupt automated pipelines that depend on stable CLI interfaces.
  • Running Nuclei as a service (not CLI) is flagged as a security risk in the README itself, limiting certain deployment architectures.
  • Template quality varies across community contributions; false negatives or poorly written templates may give false confidence about coverage.
  • Heavy dependency on the companion nuclei-templates repository means template lag or supply-chain issues there would directly impact detection effectiveness.
  • The commercial cloud tier creates a long-term uncertainty about feature prioritization between OSS and paid tiers, a common tension in open-core models.
Prediction

Nuclei is likely to remain the dominant open-source template-based scanner for offensive security workflows for the foreseeable future, with the commercial platform growing as enterprises adopt continuous exposure management practices.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Go
96.3%
TypeScript
2.8%
HTML
0.3%
Makefile
0.3%
Go Template
0.2%
JavaScript
0.2%
Dockerfile
0%

Information

Language
Go
License
MIT
Last updated
3d ago
Created
76mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

projectdiscovery

projectdiscovery/nuclei-templates

Nuclei Templates is a community-curated repository of security scanning...

12.6k JavaScript Security
adysec

adysec/nuclei_poc

Nuclei POC is a centralized repository that aggregates, categorizes, and...

projectdiscovery

projectdiscovery/vulnx

vulnx is a modern CLI tool for searching, filtering, and analyzing...

2.6k Go Security
topscoder

topscoder/nuclei-wordfence-cve

A specialized security tool that provides 77,335 Nuclei vulnerability scanning...

1.3k Python Security
projectdiscovery

projectdiscovery/naabu

Naabu is a fast, lightweight port scanner written in Go designed for security...

vs. alternatives
Metasploit

Metasploit is a full exploitation framework with a much heavier footprint. Nuclei focuses on detection/verification, not exploitation. Nuclei is faster to deploy for bulk scanning across large target surfaces, while Metasploit provides deeper post-exploitation capabilities.

Nessus / Tenable

Nessus is a commercial, agent-based scanner targeting compliance and enterprise asset management. Nuclei is lightweight, community-driven, and better suited for offensive/bug-bounty workflows. Nessus has broader CVE coverage via proprietary feeds; Nuclei has faster community-contributed detection for newly trending vulnerabilities.

OWASP Nettacker

Nettacker is a Python-based scanner with a similar community ethos. Nuclei has significantly higher adoption (29K vs 5.2K stars), broader protocol support, and a more active template ecosystem. Nettacker may appeal to Python-native teams.

Nikto

Nikto is a legacy web server scanner with static checks. Nuclei is more flexible, faster, and allows custom logic through YAML templates. Nikto is simpler to run for one-off web checks but lacks Nuclei's extensibility and active vulnerability coverage.

Burp Suite Pro

Burp Suite excels at interactive, deep web application testing with a GUI-centric workflow. Nuclei is better for automated, large-scale, headless scanning across many targets. The two are often used complementarily rather than as substitutes.