whatisgithub

What is nuclei-templates?

projectdiscovery/nuclei-templates — explained in plain English

Analysis updated 2026-06-24

12,358JavaScriptAudience · ops devopsComplexity · 2/5Setup · moderate

In one sentence

A community library of 12,000+ YAML detection templates for the Nuclei security scanner, covering CVEs, misconfigurations, fingerprinting, and CISA known exploited vulnerabilities.

Mindmap

mindmap
  root((nuclei-templates))
    What it is
      Template library
      12000+ templates
    Categories
      CVEs
      Misconfigurations
      Fingerprinting
      WordPress plugins
    Use cases
      Security audits
      Bug bounty
      Pen testing
    Audience
      Security researchers
      DevOps engineers
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run Nuclei against a web application during a penetration test to detect known CVEs and exposed admin panels.

USE CASE 2

Check a server against the CISA Known Exploited Vulnerabilities catalog to find actively exploited security flaws.

USE CASE 3

Identify what software and versions a server is running using Nuclei fingerprinting templates during a security audit.

USE CASE 4

Submit a new YAML template for a vulnerability discovered during bug bounty work so the community can scan for it.

What is it built with?

YAMLJavaScript

How does it compare?

projectdiscovery/nuclei-templatesbailicangdu/node-elmreactioncommerce/reaction
Stars12,35812,35912,408
LanguageJavaScriptJavaScriptJavaScript
Setup difficultymoderatemoderatehard
Complexity2/53/54/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires the Nuclei scanning engine installed separately, only for use against systems you have permission to test.

So what is it?

This repository is a library of detection templates used by Nuclei, a security scanning tool. Nuclei works by running templates against websites, servers, or cloud environments to check for known vulnerabilities. This repository stores the templates themselves, not the scanning engine. Think of it as a rulebook: each template describes one specific thing to look for, such as a misconfiguration, an exposed admin panel, or a known software vulnerability, and Nuclei follows those rules when it scans. The collection is community-built: security researchers and bug bounty hunters contribute templates by submitting pull requests or filing issues. At the time of the README, the library contained nearly 12,000 template files across 873 folders, organized by category. The biggest categories cover general vulnerabilities, CVEs (publicly catalogued software flaws), fingerprinting (identifying what software a server is running), and WordPress plugin issues. The library also tracks coverage for vulnerabilities listed in the CISA Known Exploited Vulnerabilities catalog, a list maintained by the US government of security flaws known to be actively used by attackers. As of the README, over 1,400 templates cover vulnerabilities from that catalog. This repository is intended for security professionals doing authorized testing, such as bug bounty work, penetration testing, or security audits. Using Nuclei against systems you do not have permission to test is not authorized. Documentation for writing your own templates is hosted on the ProjectDiscovery website. Community discussion happens on Discord and GitHub.

Copy-paste prompts

Prompt 1
Give me the Nuclei command to scan a target host using only CISA known exploited vulnerability templates from the nuclei-templates library.
Prompt 2
I found an exposed .git directory on a web server during a bug bounty. Show me the YAML structure for a Nuclei template that detects this misconfiguration.
Prompt 3
How do I use Nuclei with the nuclei-templates library to run only WordPress-specific checks against a target domain?

Frequently asked questions

What is nuclei-templates?

A community library of 12,000+ YAML detection templates for the Nuclei security scanner, covering CVEs, misconfigurations, fingerprinting, and CISA known exploited vulnerabilities.

What language is nuclei-templates written in?

Mainly JavaScript. The stack also includes YAML, JavaScript.

How hard is nuclei-templates to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is nuclei-templates for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.