https://appsec.fyi/tools.html#nuclei Curated nuclei resources from appsec.fyi en-us Sun, 07 Jun 2026 04:05:35 +0000 carl@chs.us (Carl Sampson) https://github.com/s1d6point7bugcrowd/Recon-Script https://github.com/s1d6point7bugcrowd/Recon-Script Library for automating Nuclei vulnerability scans, integrating features like voice notifications via espeak, proxychains support, and optional cloud uploads to ProjectDiscovery Cloud Platform (PDCP). It allows for out-of-scope filtering, custom bug bounty headers, and detailed scan logging with timestamps, supporting tools such as subfinder, dnsx, and httpx. nuclei intermediate Fri, 17 Apr 2026 14:54:29 +0000 https://projectdiscovery.io/blog/ultimate-nuclei-guide https://projectdiscovery.io/blog/ultimate-nuclei-guide Library for efficient, extensible vulnerability scanning using YAML-based templates. Nuclei supports HTTP, DNS, SSL, and raw TCP protocols, allowing detection of CVEs, misconfigurations, and sensitive file exposures. It integrates into workflows with other tools and offers features like custom template creation, fuzzing, advanced DSL for matchers, and various scan modes including headless and network. Advanced options include rate limiting, template filtering by technology, severity, or name, and resuming interrupted scans. nuclei beginner Fri, 17 Apr 2026 14:14:14 +0000 https://www.mousebrothers.com/automated-nuclei-recon-pipeline/ https://www.mousebrothers.com/automated-nuclei-recon-pipeline/ Script automates bug bounty reconnaissance by enumerating subdomains with subfinder, probing live hosts via httpx, rotating NordVPN IPs, and running Nuclei scans with specific templates and filters. It sends Discord alerts for any found vulnerabilities, detailing the count, severity, template ID, matched target, and current IP. The process is designed for repeatable, single-command execution on a list of target domains. nuclei intermediate Fri, 17 Apr 2026 14:14:11 +0000 https://medium.com/@mohamedsinger837/from-recon-to-sensitive-key-exposure-finding-leaked-secrets-using-nuclei-subfinder-katana-429d2ce705ae https://medium.com/@mohamedsinger837/from-recon-to-sensitive-key-exposure-finding-leaked-secrets-using-nuclei-subfinder-katana-429d2ce705ae From Recon to Sensitive Key Exposure Using Nuclei nuclei intermediate Thu, 16 Apr 2026 21:04:33 +0000 https://bugbase.ai/blog/automating-bug-bounties-with-nuclei https://bugbase.ai/blog/automating-bug-bounties-with-nuclei Automating Bug Bounties with Nuclei nuclei intermediate Thu, 16 Apr 2026 21:03:14 +0000 https://osintteam.blog/advanced-techniques-use-cases-of-nuclei-for-bug-bounty-22be32c09d1b https://osintteam.blog/advanced-techniques-use-cases-of-nuclei-for-bug-bounty-22be32c09d1b Advanced Techniques & Use Cases of Nuclei for Bug Bounty nuclei advanced Thu, 16 Apr 2026 21:03:14 +0000 https://www.kitploit.com/2023/09/nucleifuzzer-powerful-automation-tool.html?m=1 https://www.kitploit.com/2023/09/nucleifuzzer-powerful-automation-tool.html?m=1 "NucleiFuzzer is an automation tool designed to detect vulnerabilities like XSS, SQLi, SSRF, and Open. It offers powerful capabilities for automated testing and identification of security flaws in web applications." nuclei intermediate Thu, 14 Aug 2025 11:05:19 +0000 https://www.kitploit.com/2023/09/nucleifuzzer-powerful-automation-tool.html https://www.kitploit.com/2023/09/nucleifuzzer-powerful-automation-tool.html "NucleiFuzzer is an automation tool designed to detect vulnerabilities like XSS, SQLi, SSRF, and Open. It offers powerful capabilities for automated security testing." nuclei intermediate Thu, 14 Aug 2025 03:58:38 +0000 https://x.com/pdiscoveryio/status/1925536778787954961 https://x.com/pdiscoveryio/status/1925536778787954961 A new CVE, CVE-2025-4123, highlights a vulnerability in Grafana that allows open redirect, XSS, and SSRF via path traversal. The issue can be detected using Nuclei template. The post emphasizes the importance of addressing this security concern in Grafana. #infosec #cve #nuclei #grafana #ssrf #xss #openredirect. nuclei news Thu, 22 May 2025 13:33:32 +0000 https://blog.projectdiscovery.io/simplifying-xss-detection-with-nuclei/ https://blog.projectdiscovery.io/simplifying-xss-detection-with-nuclei/ Library for simplifying XSS detection, leveraging Nuclei's headless mode and the `waitdialog` action. This technique mimics real user interactions by running JavaScript, allowing for detection of XSS payload execution via JavaScript dialogs rather than relying on complex, target-specific reflection-based string matchers. The headless approach offers higher accuracy and reduced complexity, making XSS detection more consistent across different web applications. nuclei intermediate Thu, 26 Sep 2024 01:36:18 +0000 https://x.com/Cybersleuth254/status/1836375797243723961 https://x.com/Cybersleuth254/status/1836375797243723961 Cybersleuth254 discovered an SSRF vulnerability using a custom Nuclei template, enabling attackers to inject malicious URLs and access sensitive server data. The finding highlights the importance of cybersecurity measures like bug bounties, penetration testing, and information security. #Cybersecurity #SSRF #BugBounty #PenTesting #Infosec #Nuclei. nuclei intermediate Wed, 18 Sep 2024 13:13:48 +0000 https://x.com/Cybersleuth254/status/1836375638644543728 https://x.com/Cybersleuth254/status/1836375638644543728 Cybersleuth254 discovered an SSRF vulnerability using a custom Nuclei template, enabling attackers to inject malicious URLs and access sensitive server data. The importance of input validation to prevent such threats is emphasized. The post highlights cybersecurity, SSRF, bug bounty, penetration testing, and Nuclei. nuclei intermediate Wed, 18 Sep 2024 13:13:48 +0000 https://blog.projectdiscovery.io/ultimate-nuclei-guide/ https://blog.projectdiscovery.io/ultimate-nuclei-guide/ Library for efficient, extensible vulnerability scanning using YAML-based templates. Nuclei supports HTTP, DNS, SSL, and raw TCP protocols, allowing users to define custom checks for vulnerabilities. It can scan thousands of hosts rapidly, integrates into existing workflows, and offers template filtering by technology, severity, or CVE. Advanced features include custom template creation, fuzzing, multi-step interactions, and support for network, DNS, file, and headless modes. nuclei intermediate Fri, 11 Aug 2023 04:14:01 +0000 https://twitter.com/ptracesecurity/status/1498961557937659909 https://twitter.com/ptracesecurity/status/1498961557937659909 Favorite tweet: Nuclei-Burp Extension: run nuclei scanner directly from burp https://t.co/5eXxgjapf7 #Pentesting #BurpSuite #WebSecurity #Infosec https://t.co/xwhsoQfhRo — Ptrace Security GmbH (@ptr... nuclei intermediate Wed, 02 Mar 2022 20:42:55 +0000 https://github.com/projectdiscovery/nuclei?mc_cid=04f49feac0 https://github.com/projectdiscovery/nuclei?mc_cid=04f49feac0 Library for fast, template-based vulnerability scanning using simple YAML templates. It supports multiple protocols like HTTP, DNS, and TCP, and can be integrated into CI/CD pipelines. Nuclei allows for custom vulnerability detection scenarios to reduce false positives and includes integrations with tools like Jira, Splunk, and GitHub. The tool requires Go version 1.24.2 or later for installation. nuclei beginner Mon, 10 Jan 2022 23:37:00 +0000 https://github.com/projectdiscovery/nuclei-templates https://github.com/projectdiscovery/nuclei-templates Library of community-curated templates for the nuclei scanner, designed to detect various application security vulnerabilities. This repository houses templates developed by the project team and contributions from the security community, covering diverse attack vectors. Detailed documentation for creating custom templates is available, alongside statistics on template attributes like tags, author, severity, and type. Community engagement is encouraged through GitHub discussions and a Discord server for direct interaction with maintainers. nuclei beginner Mon, 10 Jan 2022 23:37:00 +0000 https://github.com/projectdiscovery/nuclei https://github.com/projectdiscovery/nuclei Tool for high-performance vulnerability scanning, Nuclei uses simple YAML templates for custom detection scenarios, minimizing false positives through real-world simulation. It supports numerous protocols including HTTP, DNS, and TCP, integrates with CI/CD pipelines, and offers extensive filtering and output options. Installation requires Go version 1.24.2 or later. nuclei beginner Wed, 24 Nov 2021 02:07:00 +0000 https://github.com/optiv/mobile-nuclei-templates https://github.com/optiv/mobile-nuclei-templates Library of Nuclei templates designed for mobile security assessments. It includes specific templates for Android applications, focusing on `smali` checks. A dedicated `Keys` folder provides templates to identify API keys using regex patterns on decompiled Android apps, local code repositories, or unzipped IPA files. Users should install Nuclei from its GitHub repository to utilize these templates effectively for targeted mobile app analysis. nuclei beginner Fri, 11 Jun 2021 03:25:00 +0000