Matthew McCorkle

Day 34 - nuclei - 100 tools in 100 days!

1 . Introduction
2 . My Setup
3 . What is nuclei?
4 . Why use nuclei?
5 . How to use nuclei?
6 . Summary


This post is designed to introduce you to the tool nuclei.

Disclaimer : Please only use nuclei for professional and educational reasons. Do not use this tool for nefarious or malicious reasons.


1. Introduction

Welcome to the thirty-fourth blog post of 100 tools in 100 days.

Find nuclei @ GitHub here.

Find nuclei @ Project Discovery here.

Project Discovery LinkedIn


2. My Setup

For running the nuclei tool, I used Kali Linux in a VMware Workstation 16 Player virtualized environment.

For my vulnerable host, I am using the Metasploitable 2 instance running in a VMWare Workstation 16 Player virtualized environment.


3. What is nuclei?

An extremely powerful command line based vulnerability scanner engine which uses templates for finding vulnerabilities.


4. Why use nuclei?

nuclei is an engine that performs vulnerability scans based on templates. templates dictate what vulnerabilities nuclei scans for. Therefore, having strong templates is critical for nuclei working efficiently and accurately.

Project Discovery offers default community built templates that are validated by the community and Project Discovery before being added to the default template lists. Currently, there are over 3,600 default templates that nuclei can use.

A security researcher, pentester, or bug bounty hunter can truly harness the full power of nuclei by making their own custom templates that are customized for the systems they are testing.

A developer or defensive security employee may use nuclei to test code and projects throughout the development process.


5. How to use nuclei?

Downloading nuclei onto your Linux device is easy. You will need Go installed, therefore if you do not have Go, check out my instructions on installing Go here from day 31.

Step 1:
In your terminal enter the following command:

go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest


Step 2:
Verify nuclei installed by entering the following command:

nuclei -h

This should bring up the help page for nuclei.



Running nuclei is easy and fast if you are relying on the default templates. Below is a default template scan on the Metasploitable2 machine.

Step 3:
Run the following command to perform a default scan:

nuclei -u URL.OR.IP.ADDRESS



Our nuclei scan results show critical, low, and informational based findings.

With these findings, you could verify the vulnerabilities and information displayed to ensure that you understand how attacks work on the vulnerable services nuclei identified.

If you want to harness the real power of nuclei you should look into the templating guide and make customized templates for your scans.

Project Discovery Templating Guide

6. Summary

nuclei is a powerful engine that runs templates for vulnerability scanning.

This tool is extremely useful for security researchers finding vulnerabilities in applications, services, systems, and configurations.

I hope you enjoyed this blog post.

Thanks for reading!

If you have suggestions for what tool to cover next, contact me!