← All Cheatsheets
web-pentest

Nuclei — Fast Vulnerability Scanner

Nuclei is a fast, template-based vulnerability scanner for web apps, networks, and cloud infrastructure.

17 views Apr 2026 lazyhackers
Basic Scanning (6)
nuclei -u http://target.com
Scan single target with all templates
basic scan
nuclei -l targets.txt
Scan list of targets from file
basic list
nuclei -u http://target.com -t /root/nuclei-templates/
Scan with custom template directory
templates
nuclei -u http://target.com -o results.txt
Save results to file
output
nuclei -u http://target.com -j -o results.json
Save results as JSON
output json
nuclei -update-templates
Update all templates to latest
update templates
Template Filtering (8)
nuclei -u http://target.com -t exposures/
Run only exposure templates
exposures
nuclei -u http://target.com -t cves/
Run only CVE templates
cves
nuclei -u http://target.com -t cves/2023/
Run only 2023 CVE templates
cves 2023
nuclei -u http://target.com -t vulnerabilities/
Run vulnerability templates
vulns
nuclei -u http://target.com -t misconfiguration/
Run misconfig templates
misconfig
nuclei -u http://target.com -tags sqli,xss,ssrf
Run templates with specific tags
tags sqli xss ssrf
nuclei -u http://target.com -severity critical,high
Only run critical and high severity templates
severity
nuclei -u http://target.com -etags dos
Exclude DoS templates (safe mode)
exclude dos safe
Proxy, Auth & Speed (6)
nuclei -u http://target.com -proxy http://127.0.0.1:8080
Route through Burp proxy
proxy burp
nuclei -u http://target.com -H "Authorization: Bearer TOKEN"
Add custom header (auth)
auth header
nuclei -u http://target.com -c 50
Set 50 concurrent requests
speed concurrent
nuclei -u http://target.com -rate-limit 100
Limit to 100 requests/second
speed ratelimit
nuclei -u http://target.com -timeout 10
Set 10 second timeout
timeout
subfinder -d target.com | httpx -silent | nuclei -t cves/ -o cve_results.txt
Full pipeline: subdomains → live hosts → CVE scan
pipeline chain cves