diff --git a/README.md b/README.md
index 412d348645..02cacb9ccf 100644
--- a/README.md
+++ b/README.md
@@ -1,30 +1,4 @@
-
-
- 
-
-
-Fast and customisable vulnerability scanner based on simple YAML based DSL.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- How •
- Install •
- Documentation •
- Credits •
- FAQs •
- Join Discord
-
+
English •
@@ -34,78 +8,103 @@
Spanish •
日本語
-
----
-
-Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless, Code etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.
+
-We have a [dedicated repository](https://github.com/projectdiscovery/nuclei-templates) that houses various type of vulnerability templates contributed by **more than 300** security researchers and engineers.
+
-## How it works
+
+
+
+
+
+
+
+---
-
- 
-
+
+
+
+
+Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives.
+
+- Simple YAML format for creating and customizing vulnerability templates.
+- Contributed by thousands of security professionals to tackle trending vulnerabilities.
+- Reduce false positives by simulating real-world steps to verify a vulnerability.
+- Ultra-fast parallel scan processing and request clustering.
+- Integrate into CI/CD pipelines for vulnerability detection and regression testing.
+- Supports multiple protocols like TCP, DNS, HTTP, SSL, WHOIS JavaScript, Code and more.
+- Integrate with Jira, Splunk, GitHub, Elastic, GitLab.
+
+## Table of Contents
+
+- [Get Started](#get-started)
+ - [1. Nuclei CLI](#1-nuclei-cli)
+ - [2. Pro and Enterprise Editions](#2-pro-and-enterprise-editions)
+- [Documentation](#documentation)
+ - [Command Line Flags](#command-line-flags)
+ - [Single target scan](#single-target-scan)
+ - [Scanning multiple targets](#scanning-multiple-targets)
+ - [Network scan](#network-scan)
+ - [Scanning with your custom template](#scanning-with-your-custom-template)
+ - [Connect Nuclei to ProjectDiscovery](#connect-nuclei-to-projectdiscovery)
+- [Nuclei Templates, Community and Rewards 💎](#nuclei-templates-community-and-rewards-)
+- [Our Mission](#our-mission)
+- [Contributors ❤️](#contributors-️)
+- [License](#license)
+---
| :exclamation: **Disclaimer** |
|---------------------------------|
| **This project is in active development**. Expect breaking changes with releases. Review the release changelog before updating. |
-| This project was primarily built to be used as a standalone CLI tool. **Running nuclei as a service may pose security risks.** It's recommended to use with caution and additional security measures. |
+| This project is primarily built to be used as a standalone CLI tool. **Running nuclei as a service may pose security risks.** It's recommended to use with caution and additional security measures. |
-# Install Nuclei
+## Get Started
-Nuclei requires **go1.21** to install successfully. Run the following command to install the latest version -
+### **1. Nuclei CLI**
-```sh
-go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
-```
+Install Nuclei on your machine. Get started by following the installation guide [here](https://docs.projectdiscovery.io/tools/nuclei/install?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme). Additionally, We provide [a free cloud tier](https://cloud.projectdiscovery.io/sign-up) and comes with a generous monthly free limits:
-
- Brew
-
- ```sh
- brew install nuclei
- ```
-
-
-
- Docker
-
- ```sh
- docker pull projectdiscovery/nuclei:latest
- ```
-
-
+- Store and visualize your vulnerability findings
+- Write and manage your nuclei templates
+- Access latest nuclei templates
+- Discover and store your targets
+
+### **2. Pro and Enterprise Editions**
-**More installation [methods can be found here](https://docs.projectdiscovery.io/tools/nuclei/install).**
+For security teams and enterprises, we provide a cloud-hosted service built on top of Nuclei OSS, fine-tuned to help you continuously run vulnerability scans at scale with your team and existing workflows:
-
-
-|
+- 50x faster scans
+- Large scale scanning with high accuracy
+- Integrations with cloud services (AWS, GCP, Azure, CloudFlare, Fastly, Terraform, Kubernetes)
+- Jira, Slack, Linear, APIs and Webhooks
+- Executive and compliance reporting
+- Plus: Real-time scanning, SAML SSO, SOC 2 compliant platform (with EU and US hosting options), shared team workspaces, and more
+- We're constantly [adding new features](https://feedback.projectdiscovery.io/changelog)!
+- **Ideal for:** Pentesters, security teams, and enterprises
-### Nuclei Templates
+## Documentation
-Nuclei has built-in support for automatic template download/update as default since version [v2.5.2](https://github.com/projectdiscovery/nuclei/releases/tag/v2.5.2). [**Nuclei-Templates**](https://github.com/projectdiscovery/nuclei-templates) project provides a community-contributed list of ready-to-use templates that is constantly updated.
+Browse the full Nuclei [documentation here](https://docs.projectdiscovery.io/tools/nuclei/running). If you’re new to Nuclei, check out our [foundational Youtube series.](https://www.youtube.com/playlist?list=PLZRbR9aMzTTpItEdeNSulo8bYsvil80Rl)
-You may still use the `update-templates` flag to update the nuclei templates at any time; You can write your own checks for your individual workflow and needs following Nuclei's [templating guide](https://docs.projectdiscovery.io/templates/).
+
-The YAML DSL reference syntax is available [here](SYNTAX-REFERENCE.md).
+ 
- |
-
-
+
-### Usage
+### Command Line Flags
+
+To display all the flags for the tool:
```sh
nuclei -h
```
-This will display help for the tool. Here are all the switches it supports.
-
+
+ Expand full help flags
```console
Nuclei is a fast, template based vulnerability scanner focusing
@@ -279,23 +278,24 @@ HEADLESS:
-lha, -list-headless-action list available headless actions
DEBUG:
- -debug show all requests and responses
- -dreq, -debug-req show all sent requests
- -dresp, -debug-resp show all received responses
- -p, -proxy string[] list of http/socks5 proxy to use (comma separated or file input)
- -pi, -proxy-internal proxy all internal requests
- -ldf, -list-dsl-function list all supported DSL function signatures
- -tlog, -trace-log string file to write sent requests trace log
- -elog, -error-log string file to write sent requests error log
- -version show nuclei version
- -hm, -hang-monitor enable nuclei hang monitoring
- -v, -verbose show verbose output
- -profile-mem string optional nuclei memory profile dump file
- -vv display templates loaded for scan
- -svd, -show-var-dump show variables dump for debugging
- -ep, -enable-pprof enable pprof debugging server
- -tv, -templates-version shows the version of the installed nuclei-templates
- -hc, -health-check run diagnostic check up
+ -debug show all requests and responses
+ -dreq, -debug-req show all sent requests
+ -dresp, -debug-resp show all received responses
+ -p, -proxy string[] list of http/socks5 proxy to use (comma separated or file input)
+ -pi, -proxy-internal proxy all internal requests
+ -ldf, -list-dsl-function list all supported DSL function signatures
+ -tlog, -trace-log string file to write sent requests trace log
+ -elog, -error-log string file to write sent requests error log
+ -version show nuclei version
+ -hm, -hang-monitor enable nuclei hang monitoring
+ -v, -verbose show verbose output
+ -profile-mem string generate memory (heap) profile & trace files
+ -vv display templates loaded for scan
+ -svd, -show-var-dump show variables dump for debugging
+ -vdl, -var-dump-limit int limit the number of characters displayed in var dump (default 255)
+ -ep, -enable-pprof enable pprof debugging server
+ -tv, -templates-version shows the version of the installed nuclei-templates
+ -hc, -health-check run diagnostic check up
UPDATE:
-up, -update update nuclei engine to the latest released version
@@ -310,11 +310,13 @@ STATISTICS:
-mp, -metrics-port int port to expose nuclei metrics on (default 9092)
CLOUD:
- -auth configure projectdiscovery cloud (pdcp) api key (default true)
- -tid, -team-id string upload scan results to given team id (optional) (default "none")
- -cup, -cloud-upload upload scan results to pdcp dashboard
- -sid, -scan-id string upload scan results to existing scan id (optional)
- -sname, -scan-name string scan name to set (optional)
+ -auth configure projectdiscovery cloud (pdcp) api key (default true)
+ -tid, -team-id string upload scan results to given team id (optional) (default "none")
+ -cup, -cloud-upload upload scan results to pdcp dashboard [DEPRECATED use -dashboard]
+ -sid, -scan-id string upload scan results to existing scan id (optional)
+ -sname, -scan-name string scan name to set (optional)
+ -pd, -dashboard upload / view nuclei results in projectdiscovery cloud (pdcp) UI dashboard
+ -pdu, -dashboard-upload string upload / view nuclei results file (jsonl) in projectdiscovery cloud (pdcp) UI dashboard
AUTHENTICATION:
-sf, -secret-file string[] path to config file containing secrets for nuclei authenticated scan
@@ -323,59 +325,189 @@ AUTHENTICATION:
EXAMPLES:
Run nuclei on single host:
- $ nuclei -target example.com
+ $ nuclei -target example.com
Run nuclei with specific template directories:
- $ nuclei -target example.com -t http/cves/ -t ssl
+ $ nuclei -target example.com -t http/cves/ -t ssl
Run nuclei against a list of hosts:
- $ nuclei -list hosts.txt
+ $ nuclei -list hosts.txt
Run nuclei with a JSON output:
- $ nuclei -target example.com -json-export output.json
+ $ nuclei -target example.com -json-export output.json
Run nuclei with sorted Markdown outputs (with environment variables):
- $ MARKDOWN_EXPORT_SORT_MODE=template nuclei -target example.com -markdown-export nuclei_report/
+ $ MARKDOWN_EXPORT_SORT_MODE=template nuclei -target example.com -markdown-export nuclei_report/
Additional documentation is available at: https://docs.nuclei.sh/getting-started/running
```
-### Running Nuclei
+Additional documentation is available at: [https://docs.nuclei.sh/getting-started/running](https://docs.nuclei.sh/getting-started/running?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme)
-See https://docs.projectdiscovery.io/tools/nuclei/running for details on running Nuclei
+
-### Using Nuclei From Go Code
+### Single target scan
-Complete guide of using Nuclei as Library/SDK is available at [godoc](https://pkg.go.dev/github.com/projectdiscovery/nuclei/v3/lib#section-readme)
+To perform a quick scan on web-application:
+```sh
+nuclei -target https://example.com
+```
-### Resources
+### Scanning multiple targets
-You can access the main documentation for Nuclei at https://docs.projectdiscovery.io/tools/nuclei/, and learn more about Nuclei in the cloud with [ProjectDiscovery Cloud Platform](https://cloud.projectdiscovery.io)
+Nuclei can handle bulk scanning by providing a list of targets. You can use a file containing multiple URLs.
-See https://docs.projectdiscovery.io/tools/nuclei/resources for more resources and videos about Nuclei!
+```sh
+nuclei -targets urls.txt
+```
-### Credits
+### Network scan
-Thanks to all the amazing [community contributors for sending PRs](https://github.com/projectdiscovery/nuclei/graphs/contributors) and keeping this project updated. :heart:
+This will scan the entire subnet for network-related issues, such as open ports or misconfigured services.
+
+```sh
+nuclei -target 192.168.1.0/24
+```
-If you have an idea or some kind of improvement, you are welcome to contribute and participate in the Project, feel free to send your PR.
+### Scanning with your custom template
-
-
- 
-
+To write and use your own template, create a `.yaml` file with specific rules, then use it as follows.
+
+```sh
+nuclei -u https://example.com -t /path/to/your-template.yaml
+```
+
+### Connect Nuclei to ProjectDiscovery
+
+You can run the scans on your machine and upload the results to the cloud platform for further analysis and remediation.
+
+```sh
+nuclei -target https://example.com -dashboard
+```
+
+> [!NOTE]
+> This feature is absolutely free and does not require any subscription. For a detailed guide, refer to the [documentation](https://docs.projectdiscovery.io/cloud/scanning/nuclei-scan?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme).
+
+## Nuclei Templates, Community and Rewards 💎
+[Nuclei templates](https://github.com/projectdiscovery/nuclei-templates) are based on the concepts of YAML based template files that define how the requests will be sent and processed. This allows easy extensibility capabilities to nuclei. The templates are written in YAML which specifies a simple human-readable format to quickly define the execution process.
+
+Try it online with our free AI powered Nuclei Templates Editor by [clicking here.](https://cloud.projectdiscovery.io/templates)
+
+Nuclei Templates offer a streamlined way to identify and communicate vulnerabilities, combining essential details like severity ratings and detection methods. This open-source, community-developed tool accelerates threat response and is widely recognized in the cybersecurity world. Nuclei templates are actively contributed by thousands of security researchers globally. We run two programs for our contributors: [Pioneers](https://projectdiscovery.io/pioneers) and [💎 bounties](https://github.com/projectdiscovery/nuclei-templates/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22%F0%9F%92%8E%20Bounty%22).
+
+
+
+ 
+#### Examples
+
+Visit [our documentation](https://docs.projectdiscovery.io/templates/introduction) for use cases and ideas.
+
+| Use case | Nuclei template |
+| :----------------------------------- | :------------------------------------------------- |
+| Detect known CVEs | **[CVE-2021-44228 (Log4Shell)](https://cloud.projectdiscovery.io/public/CVE-2021-45046)** |
+| Identify Out-of-Band vulnerabilities | **[Blind SQL Injection via OOB](https://cloud.projectdiscovery.io/public/CVE-2024-22120)** |
+| SQL Injection detection | **[Generic SQL Injection](https://cloud.projectdiscovery.io/public/CVE-2022-34265)** |
+| Cross-Site Scripting (XSS) | **[Reflected XSS Detection](https://cloud.projectdiscovery.io/public/CVE-2023-4173)** |
+| Default or weak passwords | **[Default Credentials Check](https://cloud.projectdiscovery.io/public/airflow-default-login)** |
+| Secret files or data exposure | **[Sensitive File Disclosure](https://cloud.projectdiscovery.io/public/airflow-configuration-exposure)** |
+| Identify open redirects | **[Open Redirect Detection](https://cloud.projectdiscovery.io/public/open-redirect)** |
+| Detect subdomain takeovers | **[Subdomain Takeover Templates](https://cloud.projectdiscovery.io/public/azure-takeover-detection)** |
+| Security misconfigurations | **[Unprotected Jenkins Console](https://cloud.projectdiscovery.io/public/unauthenticated-jenkins)** |
+| Weak SSL/TLS configurations | **[SSL Certificate Expiry](https://cloud.projectdiscovery.io/public/expired-ssl)** |
+| Misconfigured cloud services | **[Open S3 Bucket Detection](https://cloud.projectdiscovery.io/public/s3-public-read-acp)** |
+| Remote code execution vulnerabilities| **[RCE Detection Templates](https://cloud.projectdiscovery.io/public/CVE-2024-29824)** |
+| Directory traversal attacks | **[Path Traversal Detection](https://cloud.projectdiscovery.io/public/oracle-fatwire-lfi)** |
+| File inclusion vulnerabilities | **[Local/Remote File Inclusion](https://cloud.projectdiscovery.io/public/CVE-2023-6977)** |
+
-Do also check out the below similar open-source projects that may fit in your workflow:
+## Our Mission
-[FFuF](https://github.com/ffuf/ffuf), [Qsfuzz](https://github.com/ameenmaali/qsfuzz), [Inception](https://github.com/proabiral/inception), [Snallygaster](https://github.com/hannob/snallygaster), [Gofingerprint](https://github.com/Static-Flow/gofingerprint), [Sn1per](https://github.com/1N3/Sn1per/tree/master/templates), [Google tsunami](https://github.com/google/tsunami-security-scanner), [Jaeles](https://github.com/jaeles-project/jaeles), [ChopChop](https://github.com/michelin/ChopChop)
+Traditional vulnerability scanners were built decades ago. They are closed-source, incredibly slow, and vendor-driven. Today's attackers are mass exploiting newly released CVEs across the internet within days, unlike the years it used to take. This shift requires a completely different approach to tackling trending exploits on the internet.
+
+We built Nuclei to solve this challenge. We made the entire scanning engine framework open and customizable—allowing the global security community to collaborate and tackle the trending attack vectors and vulnerabilities on the internet. Nuclei is now used and contributed by Fortune 500 enterprises, government agencies, universities.
+
+You can participate by contributing to our code, [templates library](https://github.com/projectdiscovery/nuclei-templates), or [joining our team.](https://projectdiscovery.io/)
+
+## Contributors :heart:
+
+Thanks to all the amazing [community contributors for sending PRs](https://github.com/projectdiscovery/nuclei/graphs/contributors) and keeping this project updated. :heart:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-### License
+## License
-Nuclei is distributed under [MIT License](https://github.com/projectdiscovery/nuclei/blob/main/LICENSE.md)
+Nuclei is distributed under [MIT License](https://github.com/projectdiscovery/nuclei/blob/main/LICENSE.md).
-
- 
-
+
diff --git a/static/nuclei-cover-image.png b/static/nuclei-cover-image.png
new file mode 100644
index 0000000000..caab6fb2d4
Binary files /dev/null and b/static/nuclei-cover-image.png differ
diff --git a/static/nuclei-cover.png b/static/nuclei-cover.png
new file mode 100644
index 0000000000..caab6fb2d4
Binary files /dev/null and b/static/nuclei-cover.png differ
diff --git a/static/nuclei-getting-started.png b/static/nuclei-getting-started.png
new file mode 100644
index 0000000000..9d57eae784
Binary files /dev/null and b/static/nuclei-getting-started.png differ
diff --git a/static/nuclei-template-example.png b/static/nuclei-template-example.png
new file mode 100644
index 0000000000..22d71daaf8
Binary files /dev/null and b/static/nuclei-template-example.png differ
diff --git a/static/nuclei-templates-teamcity-example.png b/static/nuclei-templates-teamcity-example.png
new file mode 100644
index 0000000000..83fc404c16
Binary files /dev/null and b/static/nuclei-templates-teamcity-example.png differ
diff --git a/static/nuclei-templates-teamcity.png b/static/nuclei-templates-teamcity.png
new file mode 100644
index 0000000000..04d1581267
Binary files /dev/null and b/static/nuclei-templates-teamcity.png differ
diff --git a/static/nuclei-write-your-first-template.png b/static/nuclei-write-your-first-template.png
new file mode 100644
index 0000000000..0c352d7062
Binary files /dev/null and b/static/nuclei-write-your-first-template.png differ
diff --git a/static/projectdiscovery-browse-results.gif b/static/projectdiscovery-browse-results.gif
new file mode 100644
index 0000000000..7dced0f3b3
Binary files /dev/null and b/static/projectdiscovery-browse-results.gif differ
diff --git a/static/teamcity-example.png b/static/teamcity-example.png
new file mode 100644
index 0000000000..f70b084b24
Binary files /dev/null and b/static/teamcity-example.png differ