https://projectdiscovery.io

ProjectDiscovery - Vulnerability managementMonitor your infrastructure. Real vulnerabilities. Zero noise. Trusted by 100k+ security professionals to streamline vulnerabilities that can actually be exploited.ProjectDiscovery - Vulnerability managementProjectDiscoveryFeaturesSolutionsDocsPricingSign inTalk to salesOpen menuMonitor your infrastructure. Real vulnerabilities. Zero noise.Trusted by 100k+ security professionals to streamline vulnerabilities that can actually be exploited.MonitorFeatures - Vulnerability ManagementEliminate false positivesWe detect exploitable vulnerabilities. Period. Enabling 10x faster triage and remediation.Features - Asset DiscoveryDiscover your infrastructureGain instant visibility into your entire tech stack as your team deploys. Contextualize and prioritize your exposure.Features - Nuclei templatesLeverage custom exploit detectionWith our open-source framework Nuclei, security teams can automate detection for any vulnerability type.Why ProjectDiscoveryReal-time detection for teams that ship fastContinuous security checks as your team deploys. Automated workflows to enable instant, organization-wide detection and triage. Transform noisy, ineffective scan results into relevant and actionable alerts.Monitor your entire attack surfaceHOSTPORTTECHIPContinuously scan for exploitable vulnerabilitiesAtlassianCommand InjectionCVE-2022-368048.8GitLabPath TraversalCVE-2023-28257.5MOVEit TransferCode ExecutionCVE-2023-343629.8RedisCode ExecutionCVE-2022-054310VMwareCode ExecutionCVE-2023-208879.8AtlassianCommand InjectionCVE-2022-368048.8GitLabPath TraversalCVE-2023-28257.5MOVEit TransferCode ExecutionCVE-2023-343629.8RedisCode ExecutionCVE-2022-054310VMwareCode ExecutionCVE-2023-208879.8AtlassianCommand InjectionCVE-2022-368048.8GitLabPath TraversalCVE-2023-28257.5MOVEit TransferCode ExecutionCVE-2023-343629.8RedisCode ExecutionCVE-2022-054310VMwareCode ExecutionCVE-2023-208879.8AtlassianCommand InjectionCVE-2022-368048.8GitLabPath TraversalCVE-2023-28257.5MOVEit TransferCode ExecutionCVE-2023-343629.8RedisCode ExecutionCVE-2022-054310VMwareCode ExecutionCVE-2023-208879.8Alert your engineering team in minutesOur SolutionDramatically reduce scanning times, tools, and resourcesConsolidate scattered scanning tools into a single, precise, customizable framework for modern teams. ApplicationDNSInternalCloudAPIDatabaseVulnerability ManagementAttack Surface ManagementComplianceVulnerability ManagementTraditional vulnerability management platforms struggle with excessive false positives and noise. Our vulnerability management platform, powered by Nuclei, delivers high-fidelity scanning to identify actual exploitable vulnerabilities that have real-world impact rather than just relying on CVSS scores. By leveraging the global open-source community, our library of over 9,000 Nuclei templates reflect the latest CVEs and trending misconfigurations. Our product integrates asset data from cloud platforms to provide essential context, allowing you to prioritize and manage vulnerabilities effectively. With multiple status tracking and easy export options via JSON, API, or Jira integration, remediation is streamlined for your engineering teams.Exploitable vulnerabilities10x faster triageOpen source communityTalk to salesIntegrationsIntegrate with your platformsUse our integrations to get alerts sent instantly for ticketing.AlertingReceive notifications about the scans and discovery in your workspace.TicketingAutomatically create tickets when new vulnerabilities are found.APIAutomate all platform features through our API for custom workflows.View templateCOMMUNITY POWEREDThe fastest exploits feed on the InternetProjectDiscovery is powered by our Nuclei open source project. A global security community that streamlines exploits in real-time. Nuclei is used by Fortune 500 organizations, security firms, and government-led agencies to tackle the emerging exploitable vulnerabilities.Fortra GoAnywhere MFT - Authentication BypassCVE-2024-0204Vulnerability announced — 01/23/24 at 12:43 PMNuclei template created — 01/23/2024 at 1:05 PMVulnerability detected — Alert sent in 22 min123CUSTOMIZATIONWrite your own detection templates using AI powered by our Nuclei open source library Leverage the global security community to streamline your vulnerability management. With a template library full of contributions from pentest, bug bounty, and security teams to automate the most complex vulnerability detection.Broken AuthenticationWeak passwordOut of bandSQL InjectionSecretsIDOR1id: CVE-2024-271992 3info:4 name: TeamCity < 2023.11.4 - Authentication Bypass5 author: DhiyaneshDk6 severity: high7 description: |8 In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible9 reference:10 - https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/11 - https://nvd.nist.gov/vuln/detail/CVE-2024-2719912 classification:13 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L14 cvss-score: 7.315 cwe-id: CWE-2316 metadata:17 verified: true18 max-request: 319 shodan-query: http.component:"TeamCity"20 tags: cve,cve2024,teamcity,jetbrains,auth-bypass21 22http:23 - method: GET24 path:25 - "{{BaseURL}}/res/../admin/diagnostic.jsp"26 - "{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp"27 - "{{BaseURL}}/update/../admin/diagnostic.jsp"28 29 stop-at-first-match: true30 matchers:31 - type: dsl32 dsl:33 - 'status_code == 200'34 - 'contains(header, "text/html")'35 - 'contains_all(body, "Debug Logging", "CPU & Memory Usage")'36 condition: and37# digest: 490a0046304402207d46ec6991f8498ff8c74ec6ebfe0f59f19210620cab88c23c7761c7701b640102201246e4baea4f5b436b45be21c4f66bbe35e8a5f3769b78de38ee94253f331fa7:922c64590222798bb761d5b6d8e72950View templateReal world simulationRun the vulnerability tests as an attacker would to exploit a given vulnerability. Capture full logs behind a given test to triage faster for the team.AI-powered editorUse our AI-powered vulnerability automation editor to convert your internal vulnerability data into an automated detection pipeline.Supports 6 protocolsNuclei, built by our team, supports over 6 protocols as well as code protocols, so you can basically stitch almost any kind of vulnerability.COMMUNITYSecurity teams love usLearn, collaborate, and contribute with our community.Paul Seekamp@nullenc0deStarting to get better results running Nuclei, than a Nessus scan these days.STÖK@stokfredrikThe @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.Daniel Miessler@DanielMiesslerThis is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.Jason Haddix@JHaddixThe next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!STÖK@stokfredrikCheck out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.Paul Seekamp@nullenc0deStarting to get better results running Nuclei, than a Nessus scan these days.STÖK@stokfredrikThe @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.Daniel Miessler@DanielMiesslerThis is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.Jason Haddix@JHaddixThe next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!STÖK@stokfredrikCheck out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.Paul Seekamp@nullenc0deStarting to get better results running Nuclei, than a Nessus scan these days.STÖK@stokfredrikThe @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.Daniel Miessler@DanielMiesslerThis is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.Jason Haddix@JHaddixThe next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!STÖK@stokfredrikCheck out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.Paul Seekamp@nullenc0deStarting to get better results running Nuclei, than a Nessus scan these days.STÖK@stokfredrikThe @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.Daniel Miessler@DanielMiesslerThis is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.Jason Haddix@JHaddixThe next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/templates? They exist!STÖK@stokfredrikCheck out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.FooterGet startedMonitor your infrastructureTrusted by 100k+ security professionals to streamline vulnerabilities that can actually be exploited.MonitorTalk to salesOur community spans members from full-time bug bounty hunters to Fortune 500 security engineers.Talk to salesPlatformProjectDiscoveryFeaturesSolutionsChange logPricingOpen SourceNucleiNuclei TemplatesSubfinderHTTPxNaabuCVEmapAll toolsResourcesDocsBlogCommunityPioneersSupportCompanyAboutCareersSecurityPrivacyTermsContactNewsletterStay up to date with everything ProjectDiscovery.SubscribeDiscordGitHubXLinkedInYouTube©2025 ProjectDiscovery, Inc.enen1770255481https://projectdiscovery.io

Edit your site?

What are you doing?