Running a Simple Nuclei Scan

Running a Simple Nuclei Scan

🛡️ Important: Nuclei should only be used for ethical purposes, such as authorized security testing, bug bounty programs, or educational research. Never run recon tools like Nuclei against systems you don’t own or have explicit permission to test. This guide assumes you’re using Nuclei responsibly and legally.

---

Now that Nuclei is installed, it’s time to put it to work. This isn’t just another recon tool — Nuclei is like having a high-speed vulnerability scanner, passive intelligence engine, and compliance watchdog all rolled into one binary. It pulls from thousands of constantly updated templates to uncover real security issues in real time — misconfigs, exposed admin panels, vulnerable software, and more. In this guide, you’ll run your first scan using trusted default templates, analyze the results like a pro, and start thinking like a bug hunter. Whether you’re chasing CVEs, hardening your stack, or just learning the ropes, this is where your journey begins. Let’s get scanning.

---

Step 1: Create a Target File

Nuclei works best when you feed it a list of URLs. Start by creating a file called targets.txt with one or more domains:

---

Step 2: Run the Scan

Before scanning, make sure your templates are up to date:

Now run a basic scan for medium+ severity issues. Choose your preferred output style:

Option 1: Silent Scan (clean, script-friendly)

• Only the matched results are shown — ideal for automation
• Scans for medium, high, and critical severity templates
• Filters by tags like cve and misconfig
• Outputs clean results to findings.txt

Option 2: Verbose Scan (for debugging)

• Includes banner, matched template names, and internal debug output
• Useful when testing templates or investigating scan behavior

---

Step 3: Read the Output

If Nuclei finds something, you’ll see results like this:

Each result includes the severity, the matched template, any CVE if applicable, and the vulnerable URL.

---

Troubleshooting

---

• No output? Try using -severity info,low,medium to expand what’s shown.
• Too many results? Add -tags or use specific templates to narrow it down.
• Want more detail? Add -v -debug to see what’s happening behind the scenes.

---

Next: Go Deeper with Templates and Tags

Now that you’ve run your first scan, it’s time to level up. In the next guide, we’ll cover how to run advanced scans using specific template sets, CVE categories, and filtering options to find higher-value bugs faster.

Continue to: Running a More Advanced Nuclei Scan

---

Ready for a reliable, high-performance VPS at an unbeatable price? We host our own Kali labs on Hostinger: 4 vCPU, NVMe storage, 16 GB RAM and 16 TB bandwidth, backed by 24/7 support and a 30-day money-back guarantee. You’ll save up to 20% when you lock in a 24-month plan. Grab a Hostinger VPS using this referral link and support our content.

👉 Claim your Hostinger VPS (from only US$ 9.99/mo)

---