Nuclei is an open-source DAST tool that sends requests across targets based on a template, leading to zero false positives and providing fast scanning.
With 26,900+ GitHub stars, 3,100+ forks, and 221 contributors, Nuclei has become one of the most popular vulnerability scanners in the security community. The project has published over 141 releases since its inception, with version 3.7.0 released in January 2026.
The tool supports multiple protocols including TCP, DNS, HTTP, SSL, File, Whois, Websocket, and Headless scanning.
It uses flexible templating for modeling various security checks.
The project benefits from contributions by over 220 security researchers and engineers who maintain a comprehensive template library. Written primarily in Go (96% of the codebase), Nuclei is fast and efficient for large-scale scanning operations.
Template Library
The Nuclei templates repository contains thousands of ready-to-use templates for detecting various vulnerabilities and misconfigurations.
Installation Methods
Go
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
Homebrew (macOS)
brew install nuclei
Docker
docker pull projectdiscovery/nuclei:latest
From Source (GitHub)
git clone https://github.com/projectdiscovery/nuclei.git
cd nuclei/cmd/nuclei
go build
mv nuclei /usr/local/bin/
nuclei -version
Binary
Download the latest binary for your OS from the releases page and unzip to run.
Basic Usage
All templates execute by default from the standard template installation path.
Basic Scan
nuclei -u <Your target host>
# Example: nuclei -u http://localhost:4000
Custom Template Scanning
nuclei -u <Target host> -t <Custom template path>
# Example: nuclei -u http://localhost:4000 -t cves/
Supported Protocols
- HTTP/HTTPS
- TCP
- DNS
- SSL/TLS
- File
- Whois
- Websocket
- Headless (browser-based)