Monitor your infrastructure. Real vulnerabilities. Zero noise.
Trusted by 100k+ security professionals to streamline vulnerabilities that can actually be exploited.
Features - Vulnerability Management
Eliminate false positives
We detect exploitable vulnerabilities. Period. Enabling 10x faster triage and remediation.
Features - Asset Discovery
Discover your infrastructure
Gain instant visibility into your entire tech stack as your team deploys. Contextualize and prioritize your exposure.
Features - Nuclei templates
Leverage custom exploit detection
With our open-source framework Nuclei, security teams can automate detection for any vulnerability type.
Why ProjectDiscovery
Real-time detection for teams that ship fast
Continuous security checks as your team deploys. Automated workflows to enable instant, organization-wide detection and triage. Transform noisy, ineffective scan results into relevant and actionable alerts.
Monitor your entire attack surface
HOST
PORT
TECH
IP
stage.hooli.com
23
188.90.164
nothotdog.hooli.com
443
208.1.157
qa.hooli.com
21
173.179.85
qa.hooli.com
23
169.255.177
breamhall.hooli.com
21
172.240.193
breamhall.hooli.com
80
39.148.233
stage.hooli.com
23
188.90.164
nothotdog.hooli.com
443
208.1.157
qa.hooli.com
21
173.179.85
qa.hooli.com
23
169.255.177
breamhall.hooli.com
21
172.240.193
breamhall.hooli.com
80
39.148.233
stage.hooli.com
23
188.90.164
nothotdog.hooli.com
443
208.1.157
qa.hooli.com
21
173.179.85
qa.hooli.com
23
169.255.177
breamhall.hooli.com
21
172.240.193
breamhall.hooli.com
80
39.148.233
stage.hooli.com
23
188.90.164
nothotdog.hooli.com
443
208.1.157
qa.hooli.com
21
173.179.85
qa.hooli.com
23
169.255.177
breamhall.hooli.com
21
172.240.193
breamhall.hooli.com
80
39.148.233
Continuously scan for exploitable vulnerabilities
Atlassian
Command Injection
CVE-2022-36804
8.8
GitLab
Path Traversal
CVE-2023-2825
7.5
MOVEit Transfer
Code Execution
CVE-2023-34362
9.8
Redis
Code Execution
CVE-2022-0543
10
VMware
Code Execution
CVE-2023-20887
9.8
Atlassian
Command Injection
CVE-2022-36804
8.8
GitLab
Path Traversal
CVE-2023-2825
7.5
MOVEit Transfer
Code Execution
CVE-2023-34362
9.8
Redis
Code Execution
CVE-2022-0543
10
VMware
Code Execution
CVE-2023-20887
9.8
Atlassian
Command Injection
CVE-2022-36804
8.8
GitLab
Path Traversal
CVE-2023-2825
7.5
MOVEit Transfer
Code Execution
CVE-2023-34362
9.8
Redis
Code Execution
CVE-2022-0543
10
VMware
Code Execution
CVE-2023-20887
9.8
Atlassian
Command Injection
CVE-2022-36804
8.8
GitLab
Path Traversal
CVE-2023-2825
7.5
MOVEit Transfer
Code Execution
CVE-2023-34362
9.8
Redis
Code Execution
CVE-2022-0543
10
VMware
Code Execution
CVE-2023-20887
9.8
Alert your engineering team in minutes
Medium
CVE-2014-4941
Cross RSS 1.7 - Local File Inclusion
Alert sent to
Teams
Critical
CVE-2024-28255
OpenMetadata - Authentication Bypass
Alert sent to
Slack
High
CVE-2024-20767
Adobe ColdFusion - Arbitrary File Read
Alert sent to
Teams
Info
PRIVATEBIN-DET
PrivateBin - Detect
Alert sent to
Teams
Medium
CVE-2024-28734
Coda v.2024Q1 - Cross-Site Scripting
Alert sent to
API
High
CVE-2019-9632
ESAFENET CDG - Arbitrary File Download
Alert sent to
Critical
CVE-2024-27954
WordPress Automatic Plugin <3.92.1 - Arbitrary Fil...
Alert sent to
Webhook
Medium
CVE-2014-4577
WP AmASIN – The Amazon Affiliate Shop - Local File...
Alert sent to
Teams
Info
DIRECTUS-DETEC
Directus - Detect
Alert sent to
API
High
quick-cms-sqli
Quick.CMS v6.7 - SQL Injection
Alert sent to
Slack
High
UPS-NETWORK-LF
UPS Network Management Card 4 Path Traversal
Alert sent to
API
Medium
CVE-2012-2122
MySQL - Authentication Bypass
Alert sent to
Critical
CVE-2024-1212
Progress Kemp LoadMaster - Command Injection
Alert sent to
Teams
High
CVE-2023-34105
SRS - Command Injection
Alert sent to
API
Critical
CVE-2023-5830
ColumbiaSoft DocumentLocator - Improper Authentica...
Alert sent to
API
Medium
CVE-2014-4941
Cross RSS 1.7 - Local File Inclusion
Alert sent to
API
Critical
CVE-2024-28255
OpenMetadata - Authentication Bypass
Alert sent to
Teams
High
CVE-2024-20767
Adobe ColdFusion - Arbitrary File Read
Alert sent to
Webhook
Info
PRIVATEBIN-DET
PrivateBin - Detect
Alert sent to
Medium
CVE-2024-28734
Coda v.2024Q1 - Cross-Site Scripting
Alert sent to
API
High
CVE-2019-9632
ESAFENET CDG - Arbitrary File Download
Alert sent to
Critical
CVE-2024-27954
WordPress Automatic Plugin <3.92.1 - Arbitrary Fil...
Alert sent to
API
Medium
CVE-2014-4577
WP AmASIN – The Amazon Affiliate Shop - Local File...
Alert sent to
API
Info
DIRECTUS-DETEC
Directus - Detect
Alert sent to
Webhook
High
quick-cms-sqli
Quick.CMS v6.7 - SQL Injection
Alert sent to
API
High
UPS-NETWORK-LF
UPS Network Management Card 4 Path Traversal
Alert sent to
Webhook
Medium
CVE-2012-2122
MySQL - Authentication Bypass
Alert sent to
Webhook
Critical
CVE-2024-1212
Progress Kemp LoadMaster - Command Injection
Alert sent to
High
CVE-2023-34105
SRS - Command Injection
Alert sent to
Slack
Critical
CVE-2023-5830
ColumbiaSoft DocumentLocator - Improper Authentica...
Alert sent to
API
Medium
CVE-2014-4941
Cross RSS 1.7 - Local File Inclusion
Alert sent to
Teams
Critical
CVE-2024-28255
OpenMetadata - Authentication Bypass
Alert sent to
High
CVE-2024-20767
Adobe ColdFusion - Arbitrary File Read
Alert sent to
Slack
Info
PRIVATEBIN-DET
PrivateBin - Detect
Alert sent to
API
Medium
CVE-2024-28734
Coda v.2024Q1 - Cross-Site Scripting
Alert sent to
Teams
High
CVE-2019-9632
ESAFENET CDG - Arbitrary File Download
Alert sent to
API
Critical
CVE-2024-27954
WordPress Automatic Plugin <3.92.1 - Arbitrary Fil...
Alert sent to
Slack
Medium
CVE-2014-4577
WP AmASIN – The Amazon Affiliate Shop - Local File...
Alert sent to
Teams
Info
DIRECTUS-DETEC
Directus - Detect
Alert sent to
API
High
quick-cms-sqli
Quick.CMS v6.7 - SQL Injection
Alert sent to
Teams
High
UPS-NETWORK-LF
UPS Network Management Card 4 Path Traversal
Alert sent to
Webhook
Medium
CVE-2012-2122
MySQL - Authentication Bypass
Alert sent to
Webhook
Critical
CVE-2024-1212
Progress Kemp LoadMaster - Command Injection
Alert sent to
High
CVE-2023-34105
SRS - Command Injection
Alert sent to
API
Critical
CVE-2023-5830
ColumbiaSoft DocumentLocator - Improper Authentica...
Alert sent to
Teams
Medium
CVE-2014-4941
Cross RSS 1.7 - Local File Inclusion
Alert sent to
Webhook
Critical
CVE-2024-28255
OpenMetadata - Authentication Bypass
Alert sent to
API
High
CVE-2024-20767
Adobe ColdFusion - Arbitrary File Read
Alert sent to
Info
PRIVATEBIN-DET
PrivateBin - Detect
Alert sent to
Teams
Medium
CVE-2024-28734
Coda v.2024Q1 - Cross-Site Scripting
Alert sent to
API
High
CVE-2019-9632
ESAFENET CDG - Arbitrary File Download
Alert sent to
Slack
Critical
CVE-2024-27954
WordPress Automatic Plugin <3.92.1 - Arbitrary Fil...
Alert sent to
Slack
Medium
CVE-2014-4577
WP AmASIN – The Amazon Affiliate Shop - Local File...
Alert sent to
API
Info
DIRECTUS-DETEC
Directus - Detect
Alert sent to
Webhook
High
quick-cms-sqli
Quick.CMS v6.7 - SQL Injection
Alert sent to
Slack
High
UPS-NETWORK-LF
UPS Network Management Card 4 Path Traversal
Alert sent to
Medium
CVE-2012-2122
MySQL - Authentication Bypass
Alert sent to
Teams
Critical
CVE-2024-1212
Progress Kemp LoadMaster - Command Injection
Alert sent to
Webhook
High
CVE-2023-34105
SRS - Command Injection
Alert sent to
API
Critical
CVE-2023-5830
ColumbiaSoft DocumentLocator - Improper Authentica...
Alert sent to
Slack
Our Solution
Dramatically reduce scanning times, tools, and resources
Consolidate scattered scanning tools into a single, precise, customizable framework for modern teams.
Application
DNS
Internal
Cloud
API
Database
Vulnerability Management
Attack Surface Management
Compliance
Vulnerability Management
Traditional vulnerability management platforms struggle with excessive false positives and noise. Our vulnerability management platform, powered by Nuclei, delivers high-fidelity scanning to identify actual exploitable vulnerabilities that have real-world impact rather than just relying on CVSS scores. By leveraging the global open-source community, our library of over 9,000 Nuclei templates reflect the latest CVEs and trending misconfigurations.
Our product integrates asset data from cloud platforms to provide essential context, allowing you to prioritize and manage vulnerabilities effectively. With multiple status tracking and easy export options via JSON, API, or Jira integration, remediation is streamlined for your engineering teams.
Exploitable vulnerabilities
10x faster triage
Open source community
Integrations
Integrate with your platforms
Use our integrations to get alerts sent instantly for ticketing.
COMMUNITY POWERED
The fastest exploits feed on the Internet
ProjectDiscovery is powered by our Nuclei open source project. A global security community that streamlines exploits in real-time. Nuclei is used by Fortune 500 organizations, security firms, and government-led agencies to tackle the emerging exploitable vulnerabilities.
Fortra GoAnywhere MFT - Authentication Bypass
CVE-2024-0204
Vulnerability announced — 01/23/24 at 12:43 PM
Nuclei template created — 01/23/2024 at 1:05 PM
Vulnerability detected — Alert sent in 22 min
CUSTOMIZATION
Write your own detection templates using AI powered by our Nuclei open source library
Leverage the global security community to streamline your vulnerability management. With a template library full of contributions from pentest, bug bounty, and security teams to automate the most complex vulnerability detection.
Broken Authentication
Weak password
Out of band
SQL Injection
Secrets
IDOR
1id: CVE-2024-2719923info:4name: TeamCity < 2023.11.4 - Authentication Bypass5author: DhiyaneshDk6severity: high7description: |8In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible9reference:10- https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/11- https://nvd.nist.gov/vuln/detail/CVE-2024-2719912classification:13cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L14cvss-score: 7.315cwe-id: CWE-2316metadata:17verified: true18max-request: 319shodan-query: http.component:"TeamCity"20tags: cve,cve2024,teamcity,jetbrains,auth-bypass2122http:23- method: GET24path:25- "{{BaseURL}}/res/../admin/diagnostic.jsp"26- "{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp"27- "{{BaseURL}}/update/../admin/diagnostic.jsp"2829stop-at-first-match: true30matchers:31- type: dsl32dsl:33- 'status_code == 200'34- 'contains(header, "text/html")'35- 'contains_all(body, "Debug Logging", "CPU & Memory Usage")'36condition: and37# digest: 490a0046304402207d46ec6991f8498ff8c74ec6ebfe0f59f19210620cab88c23c7761c7701b640102201246e4baea4f5b436b45be21c4f66bbe35e8a5f3769b78de38ee94253f331fa7:922c64590222798bb761d5b6d8e72950
Real world simulation
Run the vulnerability tests as an attacker would to exploit a given vulnerability. Capture full logs behind a given test to triage faster for the team.
AI-powered editor
Use our AI-powered vulnerability automation editor to convert your internal vulnerability data into an automated detection pipeline.
Supports 6 protocols
Nuclei, built by our team, supports over 6 protocols as well as code protocols, so you can basically stitch almost any kind of vulnerability.
COMMUNITY
Security teams love us
Learn, collaborate, and contribute with our community.
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!
STÖK
@stokfredrik
Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.
Paul Seekamp
@nullenc0de
Starting to get better results running Nuclei, than a Nessus scan these days.
STÖK
@stokfredrik
The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.
Daniel Miessler
@DanielMiessler
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Jason Haddix
@JHaddix
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!