A curated collection of high-fidelity nuclei templates engineered to help security researchers and penetration testers quickly identify common and emerging web vulnerabilities.
- Broad coverage of vulnerability classes: Organized templates for CVEs, misconfigurations, exposures, and web application weaknesses.
- Operationally ready: Streamlined structure for seamless integration with existing nuclei workflows and CI/CD pipelines.
- Researcher-focused metadata: Each template emphasizes reproducibility with precise severity ratings, references, and tags.
- Quality assured: Templates follow nuclei best practices, ensuring reliable detections and minimized false positives.
- nuclei version 3.0.0 or later (installed via ProjectDiscovery)
- git version 2.30 or later for cloning and updating the repository
- Optional: A modern shell environment (bash, zsh, or PowerShell) for executing nuclei commands
- Clone the repository:
git clone https://github.com/your-org/nuclei-advanced-template-repo.git cd nuclei-advanced-template-repo - Integrate templates with nuclei:
- Copy or symlink the repository directory into your nuclei templates path (default is
~/.config/nuclei/templates). - Alternatively, reference the repository path directly when running nuclei using the
-templatesflag.
- Copy or symlink the repository directory into your nuclei templates path (default is
- Run nuclei against a target using a specific template path:
nuclei -u https://target.example.com -t templates/http/cves/CVE-2024-1234.yaml
- Execute templates filtered by tags to focus on a vulnerability class:
nuclei -l targets.txt -tags exposure,misc -t templates/exposures/
- Perform a quiet scan with rate limiting and detailed output:
nuclei -u https://api.target.example -t workflows/high-risk.yaml -silent -rate-limit 50 -o reports/api-high-risk.txt
templates/http/– HTTP templates categorized by protocol-specific checks, including subdirectories for CVEs, misconfigurations, and exposures.templates/dns/– DNS-focused detections for subdomain takeovers and DNS misconfigurations.templates/workflows/– Workflow YAML files that chain multiple templates into tiered assessments.templates/ssl/– Templates targeting TLS/SSL configuration weaknesses.- Metadata standards: Each template includes a descriptive
id,infoblock (withname,author,severity,tags,description, and references), and actionablerequestssections.
- Follow nuclei YAML schema: Use valid nuclei v3 schema fields, ensuring each template includes
id,info,severity,tags, and at least one actionablerequestorworkflowstep. - Adopt consistent naming: Name files using lowercase hyphenated identifiers (e.g.,
cve-2024-1234.yaml) and place them in the directory representing the vulnerability class. - Provide context-rich metadata: Include references (CVE, vendor advisories, blog posts) and a concise description outlining detection logic and impact.
- Validate before submitting: Test templates locally with nuclei, verify they produce deterministic results, and lint YAML for formatting compliance.
- Submit via pull request: Describe the vulnerability, affected software, test methodology, and attach relevant output for maintainers to review.
This repository is licensed under the MIT License.
For questions, feedback, or to report issues, please open a ticket via the repository's Issues tab.