Skip to main content
This page provides real-world examples of using Nuclei for various security scanning scenarios.

Quick start examples

Single target scan

Perform a quick scan on a web application: 
nuclei -target https://example.com

Multiple targets

Scan a list of URLs from a file: 
nuclei -list urls.txt

Network scanning

Scan an entire subnet for network-related issues: 
nuclei -target 192.168.1.0/24

Common use cases

CVE detection

Identify known vulnerabilities in your infrastructure

Configuration audits

Find security misconfigurations and weak settings

Sensitive data exposure

Detect exposed files, credentials, and APIs

CI/CD integration

Automated security testing in pipelines

Detecting known CVEs

Log4Shell (CVE-2021-44228)

# Scan for Log4Shell vulnerability
nuclei -u https://example.com -t cves/2021/CVE-2021-44228.yaml
View template

SQL injection detection

# Detect SQL injection vulnerabilities
nuclei -u https://example.com -t cves/2022/CVE-2022-34265.yaml
View template

XSS detection

# Scan for reflected XSS
nuclei -u https://example.com -t cves/2023/CVE-2023-4173.yaml
View template

Security configuration testing

Default credentials

# Check for default or weak passwords
nuclei -u https://example.com -tags default-login
Example template: Airflow default login

Exposed sensitive files

# Scan for exposed configuration files
nuclei -u https://example.com -t exposures/
Example template: Airflow configuration exposure

SSL/TLS configuration

# Check SSL certificate validity
nuclei -u https://example.com -t ssl/
Example template: SSL certificate expiry

Advanced scanning scenarios

# Identify open redirect vulnerabilities
nuclei -u https://example.com -t vulnerabilities/open-redirect.yaml
View template
# Detect potential subdomain takeovers
nuclei -u https://example.com -t takeovers/
Example template: Azure takeover detection
# Scan for open S3 buckets
nuclei -u https://s3.amazonaws.com -t cloud/aws/
Example template: Open S3 bucket detection
# Detect RCE vulnerabilities
nuclei -u https://example.com -tags rce -s critical,high
Example template: RCE detection
# Scan for directory traversal vulnerabilities
nuclei -u https://example.com -t vulnerabilities/lfi/
Example template: Oracle FatWire LFI
# Detect local/remote file inclusion
nuclei -u https://example.com -t cves/2023/CVE-2023-6977.yaml
View template

Custom template scanning

Using your own template

# Run a custom template
nuclei -u https://example.com -t /path/to/your-template.yaml

Multiple template directories

# Run templates from multiple directories
nuclei -u https://example.com -t http/cves/ -t ssl/ -t custom-templates/

Output and reporting

1

JSON output

Export results in JSON format for further processing:
nuclei -u https://example.com -json-export output.json
2

Markdown reports

Generate markdown reports sorted by template:
MARKDOWN_EXPORT_SORT_MODE=template nuclei -u https://example.com -markdown-export nuclei_report/
3

SARIF output

Export in SARIF format for CI/CD integration:
nuclei -u https://example.com -sarif-export results.sarif

Integration examples

CI/CD pipeline integration

# GitHub Actions example
name: Nuclei Scan
on: [push, pull_request]

jobs:
  nuclei-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      
      - name: Run Nuclei
        run: |
          go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
          nuclei -u ${{ secrets.TARGET_URL }} -json-export results.json
      
      - name: Upload results
        uses: actions/upload-artifact@v3
        with:
          name: nuclei-results
          path: results.json

ProjectDiscovery Cloud dashboard

# Upload results to ProjectDiscovery Cloud
nuclei -u https://example.com -dashboard
This feature is free and requires authentication. See the documentation for setup instructions.

Performance optimization

Parallel scanning

# Increase concurrency for faster scans
nuclei -u https://example.com -c 50 -rl 200

Template clustering

# Disable clustering if needed (enabled by default)
nuclei -u https://example.com -dc

Rate limiting

# Limit requests per second
nuclei -u https://example.com -rate-limit 100

Additional resources

Template library

Browse the complete template library

Use cases

Explore more use cases and scenarios

Video tutorials

Watch the foundational YouTube series

Cloud platform

Try the free cloud platform

Build docs developers (and LLMs) love

Get started for freeTalk to us