Nuclei is a command-line vulnerability scanner written in Go. Instead of hard-coding detection logic, it runs YAML-based templates against a target and reports matches, which makes it fast to extend for new CVEs and misconfigurations. It's built for security researchers, penetration testers, and engineering teams who want to run repeatable vulnerability checks against URLs, hosts, or entire networks. The project is maintained by ProjectDiscovery, and template contributions come from thousands of security researchers worldwide.
The template-driven design is the main thing that separates it from older scanners. New checks don't require patching the scanner's code, they're added as YAML files, so the detection library can grow quickly as new vulnerabilities are disclosed, and anyone can contribute or write their own without touching Go at all.
Nuclei fits teams that need to check a list of URLs or an entire subnet against a large, evolving set of known vulnerability signatures. Typical scenarios include running scheduled scans against production infrastructure to catch newly disclosed CVEs, adding a scan step to a CI/CD pipeline before deployment, or using it as part of a bug bounty workflow to triage a large number of targets quickly. The -automatic-scan flag, which maps detected technologies to relevant tags, is useful when you don't want to hand-pick templates for every target.
It's a weaker fit for a single, deeply manual penetration test rather than repeatable, template-driven checks, and it isn't an exploitation framework. Nuclei detects and reports, so pairing it with other tools is expected if you need to go further than confirming a vulnerability exists. The maintainers also explicitly warn against running it as a long-lived network service, since it's designed as a standalone CLI tool, and exposing it as a service can introduce its own security risks.
The README also flags that the project sees active development, with breaking changes possible between releases, so it's worth reviewing the changelog before updating a version you depend on in an automated pipeline.
Nuclei requires Go 1.24.2 or later to install from source:
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
Once installed, check the available flags:
nuclei -h
Run a scan against a single target:
nuclei -target https://example.com
Scan a list of targets from a file:
nuclei -list urls.txt
Scan an entire subnet for network-related issues, such as open ports or misconfigured services:
nuclei -target 192.168.1.0/24
Run a custom template against a target:
nuclei -u https://example.com -t /path/to/your-template.yaml
Optionally, upload results to the ProjectDiscovery cloud dashboard for further analysis:
nuclei -target https://example.com -dashboard