Nuclei

XSS (Cross-Site Scripting) detection has long been a challenge, balancing accuracy with avoiding excessive false positives. Traditionally, this meant creating specific reflection based string matchers for each target, leading to complex and hard-to-maintain configurations. But with headless modes, we can simplify and improve XSS detection in a more intuitive and

We're excited to tell you about Nuclei Templates release v10.0.0! This new version includes newly added Azure Config Review templates. In this blog post, we'll discuss automating azure cloud misconfiguration review, creating custom Azure checks, and sharing results on the PDCP Cloud for review.

At ProjectDiscovery, our goal is to democratize security. Nuclei, our flagship project, plays a pivotal role in achieving this by offering a fast, adaptable, and potent vulnerability scanner, powered by the innovative nuclei-templates. The launch of Nuclei v3.0 was a significant step, incorporating comprehensive capabilities for developing checks against

With the release of Nuclei v3.2.0, we've introduced a more powerful and versatile approach to conducting authenticated scans. Previously, authentication headers were primarily included using the -H flag, a method that had its limitations. The introduction of the new -secret-file flag overcomes these challenges by accepting

If you've been around our community for some time, you know that we've been hard at work getting ProjectDiscovery Cloud Platform ready for all of you. Our goal is to support community members using PD tools for everyone; from bug bounty hunting all the way through

ProjectDiscovery has been working hard over the recent months! Recent template releases have been covering important CVEs and other exploitable vulnerabilities, we’ve been speaking at various conferences, and moreover, we’ve been crafting and writing major improvements for our flagship tool, Nuclei. That work has led us to the

Ever since joining ProjectDiscovery over nine months ago, I've been constantly surprised about many aspects of the state of the security industry today. Having lived through the open source revolution in software development and DevOps, I came to understand that a lot of what I learned and assumed

For the latest updates on CVE-2023-29300 / CVE-2023-38203 / CVE-2023-38204, see the updates section Introduction The Adobe ColdFusion, widely recognized for its robust web development capabilities, recently released a critical security update. The update specifically targeted three security issues, among them, CVE-2023-29300, a highly concerning pre-authentication Remote Code Execution (RCE) vulnerability. This

Introduction At ProjectDiscovery, our focus is on enhancing our open-source solution, Nuclei, by incorporating templates for trending CVEs. Our collaborative efforts involve constant additions of templates by the open-source community, internal template and research team to stay updated on emerging exploits. One such notable case involves MOVEit Transfer, a widely