# projectdiscovery/nuclei-templates

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/projectdiscovery-nuclei-templates).**

12,518 stars · 3,528 forks · JavaScript · MIT

## Links

- GitHub: https://github.com/projectdiscovery/nuclei-templates
- Homepage: https://github.com/projectdiscovery/nuclei
- awesome-repositories: https://awesome-repositories.com/repository/projectdiscovery-nuclei-templates.md

## Topics

`bugbounty` `exploit-development` `exploits` `fingerprint` `hacktoberfest` `nuclei` `nuclei-checks` `nuclei-templates` `security` `vulnerability-detection`

## Description

Nuclei-templates is a security automation framework and vulnerability scanning library designed for the continuous assessment of distributed infrastructure. It functions as a collection of structured configuration files that define how to identify security flaws and misconfigurations across web applications and network services.

The project utilizes a declarative domain-specific language to decouple detection logic from the underlying execution engine. This approach allows for the creation of modular, protocol-agnostic scanning rules that can be updated independently of the core software. By employing pattern matching and sequential validation pipelines, the templates enable precise identification of vulnerabilities while minimizing false positives.

The library supports the entire lifecycle of security testing, from the initial development and verification of custom detection rules to the execution of automated scans against production environments. Users can define complex request sequences and integrate runtime data to perform context-aware security analysis across diverse network protocols.

## Tags

### DevOps & Infrastructure

- [Security Assessment Frameworks](https://awesome-repositories.com/f/devops-infrastructure/security-automation-workflows/security-assessment-frameworks.md) — Provides a modular framework for automated security testing and continuous vulnerability assessment of distributed infrastructure.

### Security & Cryptography

- [Vulnerability Scanners](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/vulnerability-assessment-tools/vulnerability-scanners.md) — Automates security checks across network services to identify known vulnerabilities and misconfigurations.
- [Infrastructure Security Scanners](https://awesome-repositories.com/f/security-cryptography/infrastructure-security-scanners.md) — Executes protocol-specific requests and validation logic to detect potential security flaws in target systems at scale.
- [Scanning Template Libraries](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanning/scanning-template-libraries.md) — Provides a collection of structured YAML configurations for identifying security vulnerabilities and misconfigurations.
- [Protocol Security Testers](https://awesome-repositories.com/f/security-cryptography/network-security/protocol-security-testers.md) — Validates the security posture of various network protocols by crafting custom requests and verification logic.
- [Vulnerability Check Definitions](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanning/vulnerability-check-definitions.md) — Enables the definition of structured network requests and validation logic to identify security flaws. ([source](https://docs.projectdiscovery.io/templates/introduction))
- [Security Detection Logic](https://awesome-repositories.com/f/security-cryptography/security-detection-logic.md) — Provides frameworks for creating and maintaining structured detection logic to standardize security flaw identification.
- [Security Monitoring](https://awesome-repositories.com/f/security-cryptography/security-monitoring.md) — Runs automated security assessments against production environments to detect emerging threats and ensure compliance.
- [Security Automation Templates](https://awesome-repositories.com/f/security-cryptography/security-automation-templates.md) — Supports the creation of custom scanning logic and protocol-specific request sequences via declarative configuration files. ([source](https://docs.projectdiscovery.io/templates/introduction))
- [Template Validators](https://awesome-repositories.com/f/security-cryptography/security-automation-templates/template-validators.md) — Verifies scanning configurations in real-time to ensure high accuracy before production deployment. ([source](https://docs.projectdiscovery.io/templates/introduction))

### Development Tools & Productivity

- [Configuration-Driven Scanning Engines](https://awesome-repositories.com/f/development-tools-productivity/configuration-driven-scanning-engines.md) — Uses declarative configuration files to define and execute multi-step automated security workflows.

### Networking & Communication

- [Protocol Abstraction Layers](https://awesome-repositories.com/f/networking-communication/protocol-abstraction-layers.md) — Decouples transport and protocol modules to enable modular security scanning across diverse network services.

### Software Engineering & Architecture

- [Declarative Configuration Languages](https://awesome-repositories.com/f/software-engineering-architecture/declarative-configuration-languages.md) — Provides a domain-specific language for defining complex network request sequences and validation logic.
- [Validation Pipelines](https://awesome-repositories.com/f/software-engineering-architecture/validation-pipelines.md) — Executes sequences of security checks and validation steps to ensure accuracy and minimize false positives during automated analysis.
- [Runtime Variable Injections](https://awesome-repositories.com/f/software-engineering-architecture/application-lifecycle-management/configuration-management/environment-variable-management/environment-variable-injection/runtime-variable-injections.md) — Populates scanning templates with runtime data and target-specific parameters to enable flexible and context-aware security testing.
- [Regex Pattern Matchers](https://awesome-repositories.com/f/software-engineering-architecture/pattern-matching-libraries/regex-pattern-matchers.md) — Analyzes server responses using regular expression patterns to identify vulnerabilities with high precision.