Documentation Index
Fetch the complete documentation index at: https://mintlify.com/projectdiscovery/nuclei/llms.txt
Use this file to discover all available pages before exploring further.
This page provides real-world examples of using Nuclei for various security scanning scenarios.
Quick start examples
Single target scan
Perform a quick scan on a web application:
nuclei -target https://example.com
Multiple targets
Scan a list of URLs from a file:
Network scanning
Scan an entire subnet for network-related issues:
nuclei -target 192.168.1.0/24
Common use cases
CVE detection
Identify known vulnerabilities in your infrastructure
Configuration audits
Find security misconfigurations and weak settings
Sensitive data exposure
Detect exposed files, credentials, and APIs
CI/CD integration
Automated security testing in pipelines
Detecting known CVEs
Log4Shell (CVE-2021-44228)
# Scan for Log4Shell vulnerability
nuclei -u https://example.com -t cves/2021/CVE-2021-44228.yaml
SQL injection detection
# Detect SQL injection vulnerabilities
nuclei -u https://example.com -t cves/2022/CVE-2022-34265.yaml
XSS detection
# Scan for reflected XSS
nuclei -u https://example.com -t cves/2023/CVE-2023-4173.yaml
Security configuration testing
Default credentials
# Check for default or weak passwords
nuclei -u https://example.com -tags default-login
Exposed sensitive files
# Scan for exposed configuration files
nuclei -u https://example.com -t exposures/
SSL/TLS configuration
# Check SSL certificate validity
nuclei -u https://example.com -t ssl/
Advanced scanning scenarios
# Identify open redirect vulnerabilities
nuclei -u https://example.com -t vulnerabilities/open-redirect.yaml
# Detect potential subdomain takeovers
nuclei -u https://example.com -t takeovers/
Cloud service misconfigurations
# Detect RCE vulnerabilities
nuclei -u https://example.com -tags rce -s critical,high
# Scan for directory traversal vulnerabilities
nuclei -u https://example.com -t vulnerabilities/lfi/
File inclusion vulnerabilities
# Detect local/remote file inclusion
nuclei -u https://example.com -t cves/2023/CVE-2023-6977.yaml
Custom template scanning
Using your own template
# Run a custom template
nuclei -u https://example.com -t /path/to/your-template.yaml
Multiple template directories
# Run templates from multiple directories
nuclei -u https://example.com -t http/cves/ -t ssl/ -t custom-templates/
Output and reporting
JSON output
Export results in JSON format for further processing:nuclei -u https://example.com -json-export output.json
Markdown reports
Generate markdown reports sorted by template:MARKDOWN_EXPORT_SORT_MODE=template nuclei -u https://example.com -markdown-export nuclei_report/
SARIF output
Export in SARIF format for CI/CD integration:nuclei -u https://example.com -sarif-export results.sarif
Integration examples
CI/CD pipeline integration
# GitHub Actions example
name: Nuclei Scan
on: [push, pull_request]
jobs:
nuclei-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run Nuclei
run: |
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
nuclei -u ${{ secrets.TARGET_URL }} -json-export results.json
- name: Upload results
uses: actions/upload-artifact@v3
with:
name: nuclei-results
path: results.json
ProjectDiscovery Cloud dashboard
# Upload results to ProjectDiscovery Cloud
nuclei -u https://example.com -dashboard
This feature is free and requires authentication. See the documentation for setup instructions. Parallel scanning
# Increase concurrency for faster scans
nuclei -u https://example.com -c 50 -rl 200
Template clustering
# Disable clustering if needed (enabled by default)
nuclei -u https://example.com -dc
Rate limiting
# Limit requests per second
nuclei -u https://example.com -rate-limit 100
Additional resources
Template library
Browse the complete template library
Use cases
Explore more use cases and scenarios
Video tutorials
Watch the foundational YouTube series
Cloud platform
Try the free cloud platform