Nuclei

Purpose

Nuclei scans URL, host, and IP targets with vulnerability templates and emits vulnerability entities.

Plugin Information

Plugin ID: nuclei

Category: Vulnerability Discovery

Plugin Type: vulnerability_scan

Execution: active CLI vulnerability scan

Default State: enabled

Default Profiles:

• default
• deep
• vuln_scan
• web_discovery

Input Scope

Accepted asset types:

• url
• domain
• subdomain
• ip
• Other scope values as a fallback when no URL or host targets are available.

Required metadata:

• None

Produces targets:

• URL assets are passed as-is.
• Domains, subdomains, and IPs are expanded to https:// and http:// targets.
• Targets are written to a temporary file passed with -list.

Output

Creates assets:

• None directly.

Creates vulnerabilities:

• Vulnerability entities with AssetType set to vulnerability.

May enrich:

• Vulnerability records with template, severity, remediation, host, tags, matched URL, and evidence metadata.

Metadata:

• template_id: Nuclei template ID.
• title: finding name.
• severity: finding severity.
• description: finding description.
• remediation: remediation text.
• matched_url: matched URL.
• host: affected host from Nuclei.
• tags: template tags.
• evidence: extracted results.

Graph Relations

The vulnerability persistence path associates findings with affected assets. The wrapper itself does not create asset graph edges directly.

Files / Artifacts

Produces:

• None

Dependencies

Required binary: nuclei

Required installer entry: tools.nuclei

Operational requirements:

• Nuclei templates must be available in the worker runtime.

Command model:

nuclei -jsonl -no-color -duc -c 10 -list <target-file> [-rate-limit <n>]

Example Flow

url
  -> nuclei
vulnerability

Notes

The wrapper disables update checks with -duc and caps concurrency at 10 to avoid overwhelming small deployments.