commands.sh

nuclei

all

Fast and customizable vulnerability scanner using a simple YAML-based DSL.

More info →

Options (14)

boolean

Update `nuclei` templates to the latest released version (downloaded to `~/nuclei-templates` on macOS/Linux or `%USERPROFILE%\nuclei-templates` on Windows)

Example: nuclei {{[-ut|-update-templates]}}
boolean

[l]ist all [t]emplates by specific [p]rotocol [t]ype

Example: nuclei -tl {{[-pt|-type]}} {{dns|file|http|headless|tcp|workflow|ssl|websocket|whois|code|javascript}}
boolean

Run an automatic web scan using Wappalyzer technology detection for a specific target [u]RL/host

Example: nuclei {{[-as|-automatic-scan]}} {{[-u|-target]}} {{example.com}}
-uboolean

Run an automatic web scan using Wappalyzer technology detection for a specific target [u]RL/host

Example: nuclei {{[-as|-automatic-scan]}} {{[-u|-target]}} {{example.com}}
-sboolean

Run HTTP [p]rotocol [t]ype templates of specific severity, exporting results to markdown files inside a specific directory

Example: nuclei {{[-s|-severity]}} {{high,critical,...}} {{[-pt|-type]}} http {{[-u|-target]}} {{https://example.com}} {{[-me|-markdown-export]}} {{path/to/directory}}
boolean

Run HTTP [p]rotocol [t]ype templates of specific severity, exporting results to markdown files inside a specific directory

Example: nuclei {{[-s|-severity]}} {{high,critical,...}} {{[-pt|-type]}} http {{[-u|-target]}} {{https://example.com}} {{[-me|-markdown-export]}} {{path/to/directory}}
boolean

Run all templates with a custom rate limit, maximum bulk size, and silent output (only findings shown)

Example: nuclei {{[-rl|-rate-limit]}} {{150}} {{[-bs|-bulk-size]}} {{25}} {{[-c|-concurrency]}} {{25}} -silent {{[-u|-target]}} {{https://example.com}}
boolean

Run all templates with a custom rate limit, maximum bulk size, and silent output (only findings shown)

Example: nuclei {{[-rl|-rate-limit]}} {{150}} {{[-bs|-bulk-size]}} {{25}} {{[-c|-concurrency]}} {{25}} -silent {{[-u|-target]}} {{https://example.com}}
-cboolean

Run all templates with a custom rate limit, maximum bulk size, and silent output (only findings shown)

Example: nuclei {{[-rl|-rate-limit]}} {{150}} {{[-bs|-bulk-size]}} {{25}} {{[-c|-concurrency]}} {{25}} -silent {{[-u|-target]}} {{https://example.com}}
-wboolean

Run a specific nuclei-bundled workflow against a target

Example: nuclei {{[-w|-workflows]}} {{workflows/wordpress-workflow.yaml}} {{[-u|-target]}} {{https://example.com}}
-tboolean

Run one or more specific templates or directory with templates with verbose output in `stderr` and output detected issues/vulnerabilities to a file

Example: nuclei {{[-t|-templates]}} {{path/to/nuclei-templates/http}} {{[-u|-target]}} {{https://example.com}} {{[-v|-verbose]}} {{[-o|-output]}} {{path/to/results}}
-vboolean

Run one or more specific templates or directory with templates with verbose output in `stderr` and output detected issues/vulnerabilities to a file

Example: nuclei {{[-t|-templates]}} {{path/to/nuclei-templates/http}} {{[-u|-target]}} {{https://example.com}} {{[-v|-verbose]}} {{[-o|-output]}} {{path/to/results}}
-oboolean

Run one or more specific templates or directory with templates with verbose output in `stderr` and output detected issues/vulnerabilities to a file

Example: nuclei {{[-t|-templates]}} {{path/to/nuclei-templates/http}} {{[-u|-target]}} {{https://example.com}} {{[-v|-verbose]}} {{[-o|-output]}} {{path/to/results}}
boolean

Use an AI prompt to dynamically generate a template to scan a target (projectdiscovery cloud pdcp API key needs to be configured using `nuclei -auth`)

Example: nuclei {{[-u|-target]}} {{https://example.com}} {{[-ai|-prompt]}} "{{find admin login endpoints}}"

Examples (8)

Update `nuclei` templates to the latest released version (downloaded to `~/nuclei-templates` on macOS/Linux or `%USERPROFILE%\nuclei-templates` on Windows)

nuclei [-ut|-update-templates]

[l]ist all [t]emplates by specific [p]rotocol [t]ype

nuclei -tl [-pt|-type] dns|file|http|headless|tcp|workflow|ssl|websocket|whois|code|javascript

Run an automatic web scan using Wappalyzer technology detection for a specific target [u]RL/host

nuclei [-as|-automatic-scan] [-u|-target] example.com

Run HTTP [p]rotocol [t]ype templates of specific severity, exporting results to markdown files inside a specific directory

nuclei [-s|-severity] high,critical,... [-pt|-type] http [-u|-target] https://example.com [-me|-markdown-export] path/to/directory

Run all templates with a custom rate limit, maximum bulk size, and silent output (only findings shown)

nuclei [-rl|-rate-limit] 150 [-bs|-bulk-size] 25 [-c|-concurrency] 25 -silent [-u|-target] https://example.com

Run a specific nuclei-bundled workflow against a target

nuclei [-w|-workflows] workflows/wordpress-workflow.yaml [-u|-target] https://example.com

Run one or more specific templates or directory with templates with verbose output in `stderr` and output detected issues/vulnerabilities to a file

nuclei [-t|-templates] path/to/nuclei-templates/http [-u|-target] https://example.com [-v|-verbose] [-o|-output] path/to/results

Use an AI prompt to dynamically generate a template to scan a target (projectdiscovery cloud pdcp API key needs to be configured using `nuclei -auth`)

nuclei [-u|-target] https://example.com [-ai|-prompt] "find admin login endpoints"
made by @shridhargupta | data from tldr-pages