Nuclei Template-Based Vulnerability Scanner
Nuclei is a high-performance vulnerability scanner by ProjectDiscovery that uses simple YAML-based templates to detect security issues across applications, APIs, networks, DNS, and cloud configurations. With 27k+ GitHub stars and 12,000+ community-contributed templates, it is the go-to tool for modern vulnerability assessment.
Nuclei is a high-performance vulnerability scanner by ProjectDiscovery that uses simple YAML-based templates to detect security issues across applications, APIs, networks, DNS, and cloud configurations. With 27k+ GitHub stars and 12,000+ community-contributed templates, it is the go-to tool for modern vulnerability assessment.
npx skills add agentskillexchange/skills --skill nuclei-template-vulnerability-scanner
Nuclei by ProjectDiscovery is a fast, customizable vulnerability scanner built around a YAML-based Domain Specific Language (DSL) for defining detection templates. Unlike traditional scanners that rely on signature databases and opaque detection logic, Nuclei puts the power of template authoring directly in the hands of security engineers and the broader community.
How It Works
An agent skill built on Nuclei enables AI agents to run targeted vulnerability assessments by selecting and executing the appropriate templates for a given target. The agent can invoke Nuclei with specific template tags (e.g., -tags cve,rce), target URLs, or entire template directories. Nuclei processes targets using its ultra-fast parallel scanning engine with request clustering to minimize redundant network calls. Templates define the exact request-response workflow needed to confirm a vulnerability, which means results have near-zero false positives since each template simulates real-world exploitation conditions.
Template Ecosystem
The nuclei-templates repository contains over 12,000 community-contributed templates covering CVEs, misconfigurations, default credentials, exposed panels, takeovers, and more. Templates are categorized by severity (critical, high, medium, low, info) and by protocol (HTTP, DNS, TCP, SSL, WHOIS, JavaScript, Code). The agent can filter templates by severity, tags, or custom directories to scope scans appropriately.
Output and Integration
Nuclei outputs structured findings in JSON, JSONL, or plain text formats. Each finding includes the template ID, matched target, severity level, extracted data, and matched evidence. The agent can parse these outputs to generate security reports, create issues in Jira or GitHub, or feed results into Splunk and Elastic for centralized tracking. Nuclei also supports CI/CD integration, making it suitable for regression testing in deployment pipelines. The CLI supports rate limiting, proxy configuration, and custom headers for authenticated scanning.
Key Features
Nuclei supports multiple protocols including HTTP, DNS, TCP, SSL, WHOIS, and JavaScript-based detection. It provides workflow capabilities for chaining multiple templates, conditional execution based on prior results, and support for out-of-band interaction testing via the Interactsh service. The tool is written in Go and distributed as a single static binary, making deployment straightforward on any platform.