🔎 Vulnerability scanners
Nuclei
Fast, template-based vulnerability scanner from ProjectDiscovery.
Why use it
Nuclei trades depth for speed and currency. Its community-driven template repository moves fast — new CVEs often have a Nuclei template within hours of public disclosure. Perfect for surface scanning and CVE confirmation.
What you get
- Thousands of community templates covering CVEs, misconfigurations, and exposures
- YAML-based templates anyone can write
- Parallel scanning at high concurrency
- JSON output that pipes cleanly into other tools
- Native targeting from a list of URLs/IPs
System requirements
| Cpu | 2 cores |
|---|---|
| Ram | 2 GB |
| Disk | 500 MB |
| Os | Linux, macOS, Windows |
| Docker | Yes |
Installation
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest if Go is installed, or grab a release binary from GitHub. Run nuclei -update-templates to pull the latest community pack. Then nuclei -u https://target.com for a quick scan.
Suggested configuration
Schedule a daily Nuclei run against your internet-facing assets via cron. Pipe JSON output to a file and diff against yesterday's — only alert on new findings. Use -severity critical,high to filter noise. Combine with a recon tool like Naabu or Subfinder to keep the target list automatic.
Integration ideas
- Pipe results into TheHive for triage
- Forward findings to Wazuh's logcollector for unified dashboarding
- Run after Subfinder/Naabu for automatic recon-to-scan
Alternatives
- OpenVAS — Broader coverage, slower, network-focused.
- Nessus Essentials — Better at OS-level CVEs, capped at 16 IPs.
Cyentrix verdict
The Cyentrix team's default for fast attack-surface scanning and "did this CVE land yet?" checks. Pair it with a network scanner for full coverage.