Cyber Tool Stack
All tools
DASTOpen source · MIT

Nuclei

By ProjectDiscovery

A free, template-based scanner that checks a target against a huge, community-contributed library of YAML templates covering known CVEs, exposed panels, and common misconfigurations, rather than crawling and fuzzing from scratch. ProjectDiscovery also sells a commercial cloud platform for running Nuclei at fleet scale.

Verified Source: 1

Product type
Software
Deployment
CLI
Organization size
IndividualSMBMid-marketEnterprise
Pricing tier
Free

Capability checklist

DAST

How Nuclei measures up against the full Dynamic Application Security Testing taxonomy.

Black-box scanning — supported
Tests a running application from the outside, without access to source code.
Authenticated scanning — not supported
Crawls and tests pages that require a logged-in session.
API scanning — not supported
Tests REST and GraphQL APIs, not just traditional web pages.
CI/CD scan automation — supported
Runs scans automatically as part of the build and deploy pipeline.
Automated finding verification — not supported
Confirms exploitability of findings to cut down false positives.
OWASP Top 10 coverage — not supported
Tests for the industry-standard set of common web application vulnerability classes.

Alternatives

Other Dynamic Application Security Testing tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include Nuclei.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.