Nuclei

Template-Based Vulnerability Scanner

"7,000+ community templates scanning for CVEs, misconfigs, exposed panels, and default credentials."

What it does

Nuclei is a template-based vulnerability scanner maintained by ProjectDiscovery. Each template is a YAML file describing how to detect a specific vulnerability — a CVE, a misconfiguration, an exposed admin panel, a default password. The community maintains thousands of these templates and they're updated continuously as new vulnerabilities are discovered.

PTK runs nuclei with the full template library against your targets. You can filter by severity (only run critical and high templates, skip info) and set a rate limit to avoid overwhelming the target or triggering WAFs. Nuclei finds things that generic scanners miss because its templates are written by security researchers who have actually exploited these vulnerabilities in the wild.

Scan options

OptionDescriptionEst. time

critical only

Critical severity templates only

~fastest

critical + highDEFAULT

Critical and high templates only

~faster

medium and above

Medium severity and above

~medium

all severities

Run all templates including info/low

~slowest

Example findings

CRITICALCVE-2021-44228 — Log4Shell RCE in Apache Log4jnuclei

CRITICALJenkins — Unauthenticated Remote Code Executionnuclei

HIGHphpMyAdmin Exposed — Default Credentials Acceptednuclei

HIGH.env File Exposed — Contains Database Credentialsnuclei

← Back to all tools ▶ Scan with Nuclei

What it finds

▸CVEs in web applications and frameworks
▸Exposed admin panels (phpMyAdmin, Jenkins, Grafana, Kibana)
▸Default credentials on common services
▸API keys and secrets exposed in responses
▸SSRF (Server-Side Request Forgery) vulnerabilities
▸Path traversal vulnerabilities
▸Misconfigured cloud services (S3, Azure, GCP)
▸Exposed .git, .env, backup files
▸Subdomain takeover candidates

Works well with

HTTPX →Nmap →Subfinder →