Nuclei
Nuclei is an open source vulnerability scanner from ProjectDiscovery that uses YAML-based templates to find security issues in APIs, web apps, and infrastructure. It supports multiple protocols (HTTP, DNS, TCP, file), parallel scanning, CI/CD integration, and ships with thousands of community-contributed templates. The ProjectDiscovery Cloud Platform exposes a REST API for managing templates, scans, vulnerabilities, leaks, asset discovery, exports, and more.
APIs
Nuclei
Nuclei is an open source vulnerability scanner from ProjectDiscovery that uses YAML-based templates to find security issues in APIs, web apps, and infrastructure.
ProjectDiscovery Cloud Platform API
REST API for the ProjectDiscovery Cloud Platform (PDCP) covering Nuclei templates, scans, vulnerabilities, leaks, asset discovery, configurations, exports, audit logs, and utili...
Collections
PDCP API
OPENPricing Plans
Rate Limits
FinOps
Nuclei Finops
FINOPSResources
Sources
opencollection: 1.0.0
info:
name: PDCP API
version: '1.0'
request:
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
items:
- info:
name: template/v2
type: folder
items:
- info:
name: Search Templates
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/template/search
headers:
- name: X-Team-Id
value: ''
params:
- name: scope
value: ''
type: query
description: Scope of templates to search (public or private)
- name: limit
value: ''
type: query
description: Maximum number of results to return
- name: offset
value: ''
type: query
description: Number of results to skip for pagination
- name: fields
value: ''
type: query
description: Specific fields to return in the response
- name: sort_asc
value: ''
type: query
description: Field to sort results in ascending order
- name: sort_desc
value: ''
type: query
description: Field to sort results in descending order
- name: q
value: ''
type: query
description: Search query string
- name: highlight
value: ''
type: query
description: Whether to highlight search matches in results
- name: facet_size
value: ''
type: query
description: Number of facets to return in the response
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Search templates with filtering, sorting, and faceting capabilities
- info:
name: Default
type: folder
items:
- info:
name: Upload Templates
type: http
http:
method: POST
url: https://api.projectdiscovery.io/v2/template/user/upload
body:
type: json
data: '{}'
docs: Upload Private/User Templates (Max 10,000)
- info:
name: Bulk Update User Template
type: http
http:
method: PATCH
url: https://api.projectdiscovery.io/v2/template/user/upload
body:
type: json
data: '{}'
docs: Bulk Updat Private/User Templates (Max 10,000)
- info:
name: Request Domain Delete
type: http
http:
method: DELETE
url: https://api.projectdiscovery.io/v1/user/domain-verification/request
headers:
- name: X-Team-Id
value: ''
body:
type: json
data: '{}'
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Delete domain verification request. Only root domains are supported.
- info:
name: Update Shared Template
type: http
http:
method: PATCH
url: https://api.projectdiscovery.io/v1/template/share/:template_id
params:
- name: template_id
value: ''
type: path
description: unique template ID
body:
type: json
data: '{}'
docs: Update Shared Template
- info:
name: Unshare/Delete template
type: http
http:
method: DELETE
url: https://api.projectdiscovery.io/v1/template/share/:template_id
params:
- name: template_id
value: ''
type: path
description: unique template ID
docs: Unshare/Delete template
- info:
name: Get a list of invoices for a customer
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/payment/stripe/invoices
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Get a list of invoices for a customer
- info:
name: Get audit logs for team
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/team/audit_log
headers:
- name: X-Team-Id
value: ''
params:
- name: email
value: ''
type: query
description: filter by specific user
- name: action
value: ''
type: query
description: filter by specific action name
- name: offset
value: ''
type: query
description: number of rows to skip
- name: limit
value: ''
type: query
description: number of rows to get
- name: start_date
value: ''
type: query
description: start date from which you want to get logs
- name: end_date
value: ''
type: query
description: end date till which you want to get logs
- name: time_range
value: ''
type: query
description: time range to get logs
- name: source
value: ''
type: query
description: filter by request source (api, platform, unknown)
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Get audit logs for team
- info:
name: Smart search across audit logs
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/team/audit_log/search
headers:
- name: X-Team-Id
value: ''
params:
- name: q
value: ''
type: query
description: 'Search query. Automatically detects search intent:
- Status code (404, 200, 500) → Searches status_code field
- Source (api, platform, unknown) → Searches source field
- IP address (192.168.x.x) → Searches ip field
- Email (user@example.com) → Searches email field
- HTTP method (GET, POST, PUT) → Searches method field
- Path (/v1/scans, enumerate) → Searches path_name and path fields
- General text → Searches across path, path_name, request, response
'
- name: offset
value: ''
type: query
description: number of rows to skip
- name: limit
value: ''
type: query
description: number of rows to get (max 100)
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Smart search across audit logs
- info:
name: Update enumeration config
type: http
http:
method: PATCH
url: https://api.projectdiscovery.io/v1/asset/enumerate/:enumerate_id/config
headers:
- name: X-Team-Id
value: ''
params:
- name: enumerate_id
value: ''
type: path
- name: update_type
value: ''
type: query
description: default mode is append
body:
type: json
data: '{}'
docs: Update enumeration config
- info:
name: Your GET endpoint
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/template
headers:
- name: X-Team-Id
value: ''
params:
- name: scope
value: ''
type: query
- name: limit
value: ''
type: query
- name: offset
value: ''
type: query
- name: fields
value: ''
type: query
description: List of fields to return(comma separated)
- name: sort_desc
value: ''
type: query
- name: sort_asc
value: ''
type: query
- name: template-ids
value: ''
type: query
- name: id
value: ''
type: query
- name: exclude-id
value: ''
type: query
- name: tags
value: ''
type: query
- name: include-tags
value: ''
type: query
- name: exclude-tags
value: ''
type: query
- name: severity
value: ''
type: query
- name: exclude-severity
value: ''
type: query
- name: type
value: ''
type: query
- name: exclude-type
value: ''
type: query
- name: templates
value: ''
type: query
- name: exclude-templates
value: ''
type: query
- name: profile_name
value: ''
type: query
- name: is_new
value: ''
type: query
- name: is_early
value: ''
type: query
- name: is_github
value: ''
type: query
- name: is_draft
value: ''
type: query
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Get user templates
- info:
name: Get all leaked credentials
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/leaks
params:
- name: type
value: ''
type: query
description: Filter by specific leak type (single value only)
- name: domain
value: ''
type: query
description: Filter leaks by specific domain (applies to employee/customer leaks)
- name: email
value: ''
type: query
description: Filter leaks by specific email (can be personal, employee, or customer email from user's authorized results)
- name: search
value: ''
type: query
description: Search query to filter results across all fields
- name: limit
value: ''
type: query
description: Number of results per page for pagination
- name: page_number
value: ''
type: query
description: Page number for pagination (starts from 1)
- name: start_date
value: ''
type: query
description: time filter start date
- name: time_range
value: ''
type: query
- name: end_date
value: ''
type: query
description: time filter end date
- name: sort_by
value: ''
type: query
description: supported sort fields
- name: sort_order
value: ''
type: query
description: supported sort order (asc or desc)
- name: status
value: ''
type: query
description: supported status (fixed or open)
- name: group_by
value: ''
type: query
description: Group results by field - returns group summaries when used without field-specific filtering
- name: url
value: ''
type: query
description: Filter by specific URL (used with group_by for drill-down)
- name: country
value: ''
type: query
description: Filter by specific country (used with group_by for drill-down)
- name: device_ip
value: ''
type: query
description: Filter by specific device IP (used with group_by for drill-down)
- name: hostname
value: ''
type: query
description: Filter by specific hostname (used with group_by for drill-down)
- name: hardware_id
value: ''
type: query
description: Filter by specific hardware ID (used with group_by for drill-down)
docs: Returns all leaks (personal, employee, customer) with optional type filtering. Replaces the need for separate endpoint
calls.
- info:
name: Get asset enumeration history data
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/asset/enumerate/:enumerate_id/history
headers:
- name: X-Team-Id
value: ''
params:
- name: enumerate_id
value: ''
type: path
- name: offset
value: ''
type: query
description: The number of items to skip before starting to collect the result set
- name: limit
value: ''
type: query
description: The numbers of items to return
- name: start_date
value: ''
type: query
description: time filter start date
- name: time_range
value: ''
type: query
- name: end_date
value: ''
type: query
description: time filter end date
docs: Get asset enumeration history data
- info:
name: Get Vulnerability Template Coverage Statistics
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/vulns/coverage
params:
- name: q
value: ''
type: query
description: SearchQL query to filter vulnerabilities (e.g., "severity:critical", "affected_products.product:wordpress")
- name: term_facets
value: ''
type: query
description: List of term facets to apply
- name: range_facets
value: ''
type: query
description: List of range facets to apply
docs: Get template coverage statistics for vulnerabilities. Supports all search query filters to calculate coverage for
specific subsets (e.g., by product, severity, etc.)
- info:
name: Full Text Search
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/vulnerability/search
params:
- name: limit
value: ''
type: query
description: The numbers of items to return
- name: offset
value: ''
type: query
description: The numbers of items to skip
- name: sort_asc
value: ''
type: query
description: Sort results in ascending order (CSV field names)
- name: sort_desc
value: ''
type: query
description: Sort results in descending order (CSV field names)
- name: fields
value: ''
type: query
description: List of fields to return(comma separated)
- name: term_facets
value: ''
type: query
description: List of fields to return(comma separated)
- name: range_facets
value: ''
type: query
description: List of fields to return(comma separated)
- name: q
value: ''
type: query
description: query
- name: highlight
value: ''
type: query
description: Whether to highlight the search results
- name: facet_size
value: ''
type: query
description: Number of facets to return
docs: Full text search on vulnerabilities
- info:
name: Get Vulnerability by ID
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/vulnerability/:id
params:
- name: id
value: ''
type: path
- name: fields
value: ''
type: query
description: 'template data fields '
docs: Get Vulnerability by ID
- info:
name: Get All Filters for Vulnerabilities
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/vulnerability/filters
docs: Get all filters for vulnerabilities
- info:
name: Get error statistics of given scan id
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/scans/:scan_id/error_stats
params:
- name: scan_id
value: ''
type: path
docs: Get error statistics of given scan id
- info:
name: Get Leaderboard ID Details
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/template/leaderboard/:name
params:
- name: name
value: ''
type: path
- name: fields
value: ''
type: query
description: List of fields to return(comma separated)
- name: limit
value: ''
type: query
description: The numbers of items to return
- name: offset
value: ''
type: query
description: The numbers of items to skip
docs: Get public templates leaderboard ID details
- info:
name: Search Products
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/vulnerability/product/search
params:
- name: limit
value: ''
type: query
description: The numbers of items to return
- name: offset
value: ''
type: query
description: The numbers of items to skip
- name: sort_asc
value: ''
type: query
description: Sort results in ascending order (CSV field names)
- name: sort_desc
value: ''
type: query
description: Sort results in descending order (CSV field names)
- name: fields
value: ''
type: query
description: List of fields to return(comma separated)
- name: term_facets
value: ''
type: query
description: List of fields to return(comma separated)
- name: range_facets
value: ''
type: query
description: List of fields to return(comma separated)
- name: q
value: ''
type: query
description: query
- name: highlight
value: ''
type: query
description: Whether to highlight the search results
- name: facet_size
value: ''
type: query
description: Number of facets to return
docs: Search products with filtering and faceting capabilities
- info:
name: Get Product by ID
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/vulnerability/product/:id
params:
- name: id
value: ''
type: path
- name: fields
value: ''
type: query
description: 'product data fields '
docs: Get Product by ID
- info:
name: Get Vulnerabilities for Product
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/vulnerability/product/:id/vulns
params:
- name: id
value: ''
type: path
- name: limit
value: ''
type: query
description: The numbers of items to return
- name: offset
value: ''
type: query
description: The numbers of items to skip
- name: sort_asc
value: ''
type: query
description: Sort results in ascending order (CSV field names)
- name: sort_desc
value: ''
type: query
description: Sort results in descending order (CSV field names)
- name: fields
value: ''
type: query
description: List of fields to return(comma separated)
- name: term_facets
value: ''
type: query
description: List of fields to return(comma separated)
- name: range_facets
value: ''
type: query
description: List of fields to return(comma separated)
- name: q
value: ''
type: query
description: query
- name: highlight
value: ''
type: query
description: Whether to highlight the search results
- name: facet_size
value: ''
type: query
description: Number of facets to return
docs: Get vulnerabilities for a specific product
- info:
name: Get Vulnerability Timeline for Product
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/vulnerability/product/:id/timeline
params:
- name: id
value: ''
type: path
- name: limit
value: ''
type: query
description: The numbers of items to return
- name: offset
value: ''
type: query
description: The numbers of items to skip
- name: sort_asc
value: ''
type: query
description: Sort results in ascending order (CSV field names)
- name: sort_desc
value: ''
type: query
description: Sort results in descending order (CSV field names)
- name: fields
value: ''
type: query
description: List of fields to return(comma separated)
- name: term_facets
value: ''
type: query
description: List of fields to return(comma separated)
- name: range_facets
value: ''
type: query
description: List of fields to return(comma separated)
- name: q
value: ''
type: query
description: query
- name: highlight
value: ''
type: query
description: Whether to highlight the search results
- name: facet_size
value: ''
type: query
description: Number of facets to return
docs: Get vulnerability timeline for a specific product (sorted by cve_created_at descending)
- info:
name: Get All Filters for Products
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v2/vulnerability/product/filters
docs: Get all filters for products
- info:
name: List Misconfiguration Findings
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration
headers:
- name: X-Team-Id
value: ''
params:
- name: limit
value: ''
type: query
description: The numbers of items to return
- name: offset
value: ''
type: query
description: The number of items to skip before starting to collect the result set
- name: search
value: ''
type: query
description: Case-insensitive substring search on the host field
- name: finding_type
value: ''
type: query
description: Filter by finding type
docs: Retrieve infrastructure misconfiguration findings discovered during asset enumeration. Currently detects AWS dangling
DNS (Elastic IPs that no longer exist) and Cloudflare origin IP exposure.
- info:
name: List asset policies
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/asset/policy
params:
- name: limit
value: ''
type: query
description: Number of items to return
- name: offset
value: ''
type: query
description: Number of items to skip
docs: List all asset policies configured for your account. Returns each policy with its conditions, action type, and execution
metadata.
- info:
name: Create asset policy
type: http
http:
method: POST
url: https://api.projectdiscovery.io/v1/asset/policy
body:
type: json
data: '{}'
docs: 'Create a new asset policy that automatically takes action on assets matching defined conditions. Supported actions:
alert (send notifications), delete (remove assets), set_label (add labels), and remove_label (remove labels).'
- info:
name: Get asset policy
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/asset/policy/:policy_id
params:
- name: policy_id
value: ''
type: path
description: Unique identifier of the asset policy
docs: Get a single asset policy by ID, including its conditions, action configuration, and execution metadata.
- info:
name: Update asset policy
type: http
http:
method: PATCH
url: https://api.projectdiscovery.io/v1/asset/policy/:policy_id
params:
- name: policy_id
value: ''
type: path
description: Unique identifier of the asset policy
- name: update_type
value: ''
type: query
description: Update strategy. `append` (default) merges new values with existing ones. `replace` overwrites the entire
policy — all required fields for the policy type must be provided.
body:
type: json
data: '{}'
docs: Update an existing asset policy. Use `append` mode to merge new values with existing ones (e.g., add alerting configs
or labels without removing current ones). Use `replace` mode to completely overwrite the policy configuration.
- info:
name: Delete asset policy
type: http
http:
method: DELETE
url: https://api.projectdiscovery.io/v1/asset/policy/:policy_id
params:
- name: policy_id
value: ''
type: path
description: Unique identifier of the asset policy
docs: Permanently delete an asset policy. This stops all future automatic actions for this policy.
- info:
name: Get asset policy suggestions
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/asset/policy/suggestion
params:
- name: enumeration_id
value: ''
type: query
description: Optional enumeration ID to scope suggestions
- name: limit
value: ''
type: query
description: Maximum suggestions per category
- name: threshold
value: ''
type: query
description: Minimum percentage threshold for anomaly detection
docs: Get suggested asset policies based on user data patterns. Analyzes asset data to suggest policies for bad data detection
and important asset highlighting.
- info:
name: Get asset policy events
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/asset/policy/:policy_id/events
params:
- name: policy_id
value: ''
type: path
description: Unique identifier of the asset policy
- name: limit
value: ''
type: query
description: 'Maximum results per page (default: 50, max: 100)'
- name: offset
value: ''
type: query
description: Number of items to skip for pagination
docs: Get the execution history for a specific asset policy, including apply actions, alert deliveries, and errors.
- info:
name: scans
type: folder
items:
- info:
name: Get Scan List
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/scans
headers:
- name: X-Team-Id
value: ''
params:
- name: offset
value: ''
type: query
description: number of scan-status results to skip
- name: limit
value: ''
type: query
description: number of scan-status results to fetch
- name: search
value: ''
type: query
description: search term for running scans
- name: status
value: ''
type: query
description: filter by status (failed, finished, queued, running, starting, uploaded, scheduled)
- name: sort_asc
value: ''
type: query
description: comma separated ascending sorting e.g sort_asc=created_at,severity
- name: sort_desc
value: ''
type: query
description: comma separated descending sorting e.g sort_desc=created_at,severity
- name: is_internal
value: ''
type: query
description: filter by internal scans
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Get user scans status
- info:
name: Create Scan
type: http
http:
method: POST
url: https://api.projectdiscovery.io/v1/scans
headers:
- name: X-Team-Id
value: ''
body:
type: json
data: '{}'
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Trigger a scan
- info:
name: Delete Scan in bulk
type: http
http:
method: DELETE
url: https://api.projectdiscovery.io/v1/scans
headers:
- name: X-Team-Id
value: ''
body:
type: json
data: '{}'
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Delete scans using scan ids
- info:
name: Get Scan
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/scans/:scan_id
headers:
- name: X-Team-Id
value: ''
params:
- name: scan_id
value: ''
type: path
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Get details of a scan by scan ID
- info:
name: Update Scan
type: http
http:
method: PATCH
url: https://api.projectdiscovery.io/v1/scans/:scan_id
headers:
- name: X-Team-Id
value: ''
params:
- name: scan_id
value: ''
type: path
body:
type: json
data: '{}'
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Update scan metadata
- info:
name: Delete Scan
type: http
http:
method: DELETE
url: https://api.projectdiscovery.io/v1/scans/:scan_id
headers:
- name: X-Team-Id
value: ''
params:
- name: scan_id
value: ''
type: path
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Delete a scan using scanId
- info:
name: Import OSS Scan
type: http
http:
method: POST
url: https://api.projectdiscovery.io/v1/scans/import
headers:
- name: X-Team-Id
value: ''
params:
- name: name
value: ''
type: query
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Import scan details
- info:
name: Stop Scan
type: http
http:
method: POST
url: https://api.projectdiscovery.io/v1/scans/:scan_id/stop
headers:
- name: X-Team-Id
value: ''
params:
- name: scan_id
value: ''
type: path
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Stop a running scan, not applied in any other state.
- info:
name: Rescan scan
type: http
http:
method: POST
url: https://api.projectdiscovery.io/v1/scans/:scan_id/rescan
headers:
- name: X-Team-Id
value: ''
params:
- name: scan_id
value: ''
type: path
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Re-run a existing scan
- info:
name: Get All Scan Stats
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/scans/stats
headers:
- name: X-Team-Id
value: ''
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Get all scans statistics for a user
- info:
name: Retest vulnerability
type: http
http:
method: POST
url: https://api.projectdiscovery.io/v1/scans/:vuln_id/retest
headers:
- name: X-Team-Id
value: ''
params:
- name: vuln_id
value: ''
type: path
body:
type: json
data: '{}'
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Retest a scan vulnerability
- info:
name: Get Scan Schedules
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v1/scans/schedule
headers:
- name: X-Team-Id
value: ''
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Get scan schedules for a user
- info:
name: Set Scan Schedule
type: http
http:
method: POST
url: https://api.projectdiscovery.io/v1/scans/schedule
headers:
- name: X-Team-Id
value: ''
body:
type: json
data: '{}'
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: 'set a scan schedule for a user '
- info:
name: Delete Scan Schedule
type: http
http:
method: DELETE
url: https://api.projectdiscovery.io/v1/scans/schedule
headers:
- name: X-Team-Id
value: ''
params:
- name: scan_id
value: ''
type: query
description: scan_id of schedule to be deleted
auth:
type: apikey
key: X-API-Key
value: '{{X-API-Key}}'
placement: header
docs: Delete scan schedule for a user
- info:
name: Get Scan IPs
type: http
http:
method: GET
url: https://api.projectdiscovery.io/v
# --- truncated at 32 KB (183 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/nuclei/refs/heads/main/apis.yml