Skip to main content
This page provides a comprehensive reference of all configuration options available in the Nuclei SDK.

Engine creation options

NewNucleiEngine

Creates a standard single-instance Nuclei engine. 
ne, err := nuclei.NewNucleiEngine(options...)

NewNucleiEngineCtx

Creates a Nuclei engine with a custom context. 
ctx := context.WithTimeout(context.Background(), 10*time.Minute)
ne, err := nuclei.NewNucleiEngineCtx(ctx, options...)

NewThreadSafeNucleiEngine

Creates a thread-safe Nuclei engine for concurrent scanning. 
ne, err := nuclei.NewThreadSafeNucleiEngine(options...)

NewThreadSafeNucleiEngineCtx

Creates a thread-safe Nuclei engine with a custom context. 
ctx := context.Background()
ne, err := nuclei.NewThreadSafeNucleiEngineCtx(ctx, options...)

Template options

WithTemplatesOrWorkflows

Specifies template and workflow sources to load. 
nuclei.WithTemplatesOrWorkflows(nuclei.TemplateSources{
	Templates:       []string{"/path/to/templates"},
	Workflows:       []string{"/path/to/workflows"},
	RemoteTemplates: []string{"https://example.com/template.yaml"},
	RemoteWorkflows: []string{"https://example.com/workflow.yaml"},
	TrustedDomains:  []string{"example.com"},
})
Templates
[]string
Local template file or directory paths
Workflows
[]string
Local workflow file or directory paths
RemoteTemplates
[]string
Remote template URLs
RemoteWorkflows
[]string
Remote workflow URLs
TrustedDomains
[]string
Trusted domains for remote templates/workflows

WithTemplateFilters

Filters which templates to load and execute. 
nuclei.WithTemplateFilters(nuclei.TemplateFilters{
	Severity:             "critical,high",
	ExcludeSeverities:    "info,low",
	ProtocolTypes:        "http,dns",
	ExcludeProtocolTypes: "code",
	Authors:              []string{"pdteam"},
	Tags:                 []string{"cve", "rce"},
	ExcludeTags:          []string{"intrusive"},
	IncludeTags:          []string{"safe"},
	IDs:                  []string{"CVE-2021-44228"},
	ExcludeIDs:           []string{"test-template"},
	TemplateCondition:    []string{"contains(tags, 'cve')"},
})
Severity
string
Filter by severities (CSV: info, low, medium, high, critical)
ExcludeSeverities
string
Exclude severities (CSV: info, low, medium, high, critical)
ProtocolTypes
string
Filter by protocol types (CSV: http, dns, tcp, ssl, etc.)
ExcludeProtocolTypes
string
Exclude protocol types
Authors
[]string
Filter by template authors
Tags
[]string
Filter by tags present in templates
ExcludeTags
[]string
Exclude templates with specific tags
IncludeTags
[]string
Include templates with specific tags
IDs
[]string
Filter by template IDs
ExcludeIDs
[]string
Exclude specific template IDs
TemplateCondition
[]string
DSL conditions/expressions for template filtering

Concurrency options

WithConcurrency

Controls concurrency for various scanning operations. 
nuclei.WithConcurrency(nuclei.Concurrency{
	TemplateConcurrency:           25,
	HostConcurrency:               25,
	HeadlessHostConcurrency:       10,
	HeadlessTemplateConcurrency:   10,
	JavascriptTemplateConcurrency: 120,
	TemplatePayloadConcurrency:    25,
	ProbeConcurrency:              50,
})
TemplateConcurrency
int
required
Number of templates to run concurrently (per host in host-spray mode)
HostConcurrency
int
required
Number of hosts to scan concurrently (per template in template-spray mode)
HeadlessHostConcurrency
int
required
Number of hosts to scan concurrently for headless templates
HeadlessTemplateConcurrency
int
required
Number of headless templates to run concurrently
JavascriptTemplateConcurrency
int
required
Number of JavaScript templates to run concurrently
TemplatePayloadConcurrency
int
required
Maximum concurrent payloads per template (recommended: 25)
ProbeConcurrency
int
required
Maximum concurrent HTTP probes (recommended: 50)

WithGlobalRateLimit

Sets global rate limit for all hosts combined. 
nuclei.WithGlobalRateLimit(150, time.Second)
maxTokens
int
required
Maximum number of requests per duration
duration
time.Duration
required
Time duration for rate limit window

WithGlobalRateLimitCtx

Sets global rate limit with context support. 
ctx := context.Background()
nuclei.WithGlobalRateLimitCtx(ctx, 150, time.Second)

Network options

WithNetworkConfig

Configures network-related settings. 
nuclei.WithNetworkConfig(nuclei.NetworkConfig{
	Timeout:               30,
	Retries:               3,
	LeaveDefaultPorts:     true,
	Interface:             "eth0",
	SourceIP:              "192.168.1.100",
	SystemResolvers:       false,
	InternalResolversList: []string{"1.1.1.1", "8.8.8.8"},
	MaxHostError:          30,
	DisableMaxHostErr:     false,
	TrackError:            []string{"timeout", "no-address"},
})
Timeout
int
Timeout in seconds for requests
Retries
int
Number of retries for failed requests
LeaveDefaultPorts
bool
Leave default ports (80/443) in URLs
Interface
string
Network interface to use for scanning
SourceIP
string
Custom source IP address for network requests
SystemResolvers
bool
Use system DNS resolvers
InternalResolversList
[]string
Custom DNS resolver list
MaxHostError
int
Maximum errors before skipping a host
DisableMaxHostErr
bool
Disable max host error optimization
TrackError
[]string
Error types to track for max host error

WithProxy

Configures proxy settings. 
nuclei.WithProxy(
	[]string{"http://proxy.example.com:8080"},
	true, // proxy internal requests
)
proxy
[]string
required
List of proxy URLs
proxyInternalRequests
bool
required
Whether to proxy internal requests

WithResponseReadSize

Sets maximum response size to read. 
nuclei.WithResponseReadSize(10485760) // 10MB
responseReadSize
int
required
Maximum size in bytes (0 = no limit)

Feature flags

EnableCodeTemplates

Enables loading and executing code protocol templates. 
nuclei.EnableCodeTemplates()
Code templates can execute arbitrary code. Only use with trusted templates.

EnableSelfContainedTemplates

Enables self-contained templates. 
nuclei.EnableSelfContainedTemplates()

EnableGlobalMatchersTemplates

Enables global-matchers templates. 
nuclei.EnableGlobalMatchersTemplates()

EnableFileTemplates

Enables file protocol templates. 
nuclei.EnableFileTemplates()

EnablePassiveMode

Enables passive HTTP response processing mode. 
nuclei.EnablePassiveMode()

EnableMatcherStatus

Enables matcher status in results. 
nuclei.EnableMatcherStatus()

DisableTemplateCache

Disables template caching. 
nuclei.DisableTemplateCache()

SignedTemplatesOnly

Only load and run signed templates. 
nuclei.SignedTemplatesOnly()

DASTMode

Only run DAST templates. 
nuclei.DASTMode()

Headless options

EnableHeadlessWithOpts

Enables headless browser support with options. 
nuclei.EnableHeadlessWithOpts(&nuclei.HeadlessOpts{
	PageTimeout: 20,
	ShowBrowser: false,
	UseChrome:   false,
	HeadlessOptions: []string{
		"--no-sandbox",
		"--disable-gpu",
	},
})
PageTimeout
int
Timeout for page loads in seconds
ShowBrowser
bool
Show browser window during execution
UseChrome
bool
Use installed Chrome instead of Chromium
HeadlessOptions
[]string
Additional browser command-line options

Interactsh options

WithInteractshOptions

Configures Interactsh for out-of-band testing. 
nuclei.WithInteractshOptions(nuclei.InteractshOpts{
	ServerURL:      "https://interact.sh",
	CacheSize:      5000,
	Eviction:       60,
	CooldownPeriod: 5,
	PollDuration:   5,
})
ServerURL
string
Interactsh server URL
CacheSize
int
Cache size for interactions
Eviction
int
Cache eviction time in seconds
CooldownPeriod
int
Cooldown period in seconds
PollDuration
int
Polling duration in seconds

Stats and monitoring

EnableStatsWithOpts

Enables statistics collection and metrics. 
nuclei.EnableStatsWithOpts(nuclei.StatsOptions{
	Interval:         5,
	JSON:             true,
	MetricServerPort: 6064,
})
Interval
int
Stats collection interval in seconds (default: 5)
JSON
bool
Output stats in JSON format
MetricServerPort
int
Port for metrics server (Prometheus format)
Not supported with ThreadSafeNucleiEngine

Logging and verbosity

WithVerbosity

Controls logging verbosity. 
nuclei.WithVerbosity(nuclei.VerbosityOptions{
	Verbose:       true,
	Silent:        false,
	Debug:         false,
	DebugRequest:  false,
	DebugResponse: false,
	ShowVarDump:   false,
})
Verbose
bool
Show verbose output
Silent
bool
Show only results
Debug
bool
Show debug output
DebugRequest
bool
Show requests in debug output
DebugResponse
bool
Show responses in debug output
ShowVarDump
bool
Show variable dumps in output
Not supported with ThreadSafeNucleiEngine

WithLogger

Sets a custom logger instance. 
import "github.com/projectdiscovery/gologger"

logger := gologger.NewLogger()
nuclei.WithLogger(logger)

Custom handlers

UseOutputWriter

Sets a custom output writer. 
type CustomWriter struct{}

func (w *CustomWriter) Write(event *output.ResultEvent) error {
	return nil
}

func (w *CustomWriter) Close() {}

nuclei.UseOutputWriter(&CustomWriter{})
Not supported with ThreadSafeNucleiEngine

UseStatsWriter

Sets a custom stats writer. 
type CustomStatsWriter struct{}

nuclei.UseStatsWriter(&CustomStatsWriter{})
Not supported with ThreadSafeNucleiEngine

WithTemplateUpdateCallback

Sets a callback for template updates. 
nuclei.WithTemplateUpdateCallback(
	false, // don't disable auto-upgrade
	func(newVersion string) {
		fmt.Printf("New templates version: %s\n", newVersion)
	},
)
Not supported with ThreadSafeNucleiEngine

Authentication and secrets

WithAuthProvider

Sets a custom authentication provider. 
import "github.com/projectdiscovery/nuclei/v3/pkg/authprovider"

type CustomAuthProvider struct{}

nuclei.WithAuthProvider(&CustomAuthProvider{})

LoadSecretsFromFile

Loads secrets from files. 
nuclei.LoadSecretsFromFile(
	[]string{"/path/to/secrets.yaml"},
	true, // prefetch secrets
)

WithHeaders

Sets custom headers for all HTTP requests. 
nuclei.WithHeaders([]string{
	"X-Custom-Header: value",
	"Cookie: session=abc123",
})

WithVars

Sets custom variables for templates. 
nuclei.WithVars([]string{
	"api_key=secret123",
	"username=admin",
})

Sandbox options

WithSandboxOptions

Configures sandbox security options. 
nuclei.WithSandboxOptions(
	true,  // allow local file access
	false, // don't restrict local network access
)
allowLocalFileAccess
bool
required
Allow templates to access local files
restrictLocalNetworkAccess
bool
required
Restrict access to local/private networks

Scan strategy

WithScanStrategy

Sets the scanning strategy. 
nuclei.WithScanStrategy("host-spray") // or "template-spray"
strategy
string
required
Scan strategy: “host-spray” or “template-spray”

Advanced options

WithCatalog

Uses a custom catalog instance. 
import "github.com/projectdiscovery/nuclei/v3/pkg/catalog"

catalog := catalog.New()
nuclei.WithCatalog(catalog)

WithOptions

Sets all options at once using types.Options. 
import "github.com/projectdiscovery/nuclei/v3/pkg/types"

opts := types.DefaultOptions()
opts.TemplateThreads = 50
nuclei.WithOptions(opts)

WithResumeFile

Enables scan resumption. 
nuclei.WithResumeFile("/tmp/nuclei-resume.cfg")

WithTemporaryDirectory

Sets a custom temporary directory. 
nuclei.WithTemporaryDirectory("/custom/tmp/path")

DisableUpdateCheck

Disables automatic update checks. 
nuclei.DisableUpdateCheck()

Thread-safe mode restrictions

The following options are not supported with ThreadSafeNucleiEngine:
  • EnableStatsWithOpts
  • WithVerbosity
  • UseOutputWriter
  • UseStatsWriter
  • WithTemplateUpdateCallback
  • WithSandboxOptions
  • WithProxy
Additionally, these options can only be set during initialization:
  • WithInteractshOptions
  • WithNetworkConfig
Attempting to use unsupported options will return ErrOptionsNotSupported.

Next steps

Basic usage

Learn how to use these options

API reference

Explore the API documentation

Build docs developers (and LLMs) love

Get started for freeTalk to us