Monitor your infrastructure. Real vulnerabilities. Zero noise.

Trusted by 100k security professionals to streamline vulnerabilities that can actually be exploited.

Features - Vulnerability Management

Eliminate false positives

We detect exploitable vulnerabilities. Period. Enabling 10x faster triage and remediation.

Features - Asset Discovery

Discover your infrastructure

Gain instant visibility into your entire tech stack as your team deploys. Contextualize and prioritize your exposure.

Features - Nuclei templates

Leverage custom exploit detection

With our open-source framework Nuclei, security teams can automate detection for any vulnerability type.

Why ProjectDiscovery

Real-time detection for teams that ship fast

Continuous security checks as your team deploys. Automated workflows to enable instant, organization-wide detection and triage. Transform noisy, ineffective scan results into relevant and actionable alerts.

Monitor your entire attack surface

HOST

PORT

TECH

Continuously scan for exploitable vulnerabilities

Atlassian

Command Injection

CVE-2022-36804

8.8

GitLab

Path Traversal

CVE-2023-2825

7.5

MOVEit Transfer

Code Execution

CVE-2023-34362

9.8

Redis

Code Execution

CVE-2022-0543

VMware

Code Execution

CVE-2023-20887

9.8

Atlassian

Command Injection

CVE-2022-36804

8.8

GitLab

Path Traversal

CVE-2023-2825

7.5

MOVEit Transfer

Code Execution

CVE-2023-34362

9.8

Redis

Code Execution

CVE-2022-0543

VMware

Code Execution

CVE-2023-20887

9.8

Atlassian

Command Injection

CVE-2022-36804

8.8

GitLab

Path Traversal

CVE-2023-2825

7.5

MOVEit Transfer

Code Execution

CVE-2023-34362

9.8

Redis

Code Execution

CVE-2022-0543

VMware

Code Execution

CVE-2023-20887

9.8

Atlassian

Command Injection

CVE-2022-36804

8.8

GitLab

Path Traversal

CVE-2023-2825

7.5

MOVEit Transfer

Code Execution

CVE-2023-34362

9.8

Redis

Code Execution

CVE-2022-0543

VMware

Code Execution

CVE-2023-20887

9.8

Alert your engineering team in minutes

Our Solution

Dramatically reduce scanning times, tools, and resources

Consolidate scattered scanning tools into a single, precise, customizable framework for modern teams.

Application

DNS

Internal

Cloud

API

Database

Vulnerability Management

DAST and CI/CD

Attack Surface Management

Compliance

Vulnerability Management

Traditional vulnerability management platforms struggle with excessive false positives and noise. Our vulnerability management platform, powered by Nuclei, delivers high-fidelity scanning to identify actual exploitable vulnerabilities that have real-world impact rather than just relying on CVSS scores. By leveraging the global open-source community, our library of over 9,000 Nuclei templates reflect the latest CVEs and trending misconfigurations.

Our product integrates asset data from cloud platforms to provide essential context, allowing you to prioritize and manage vulnerabilities effectively. With multiple status tracking and easy export options via JSON, API, or Jira integration, remediation is streamlined for your engineering teams.

Exploitable vulnerabilities

10x faster triage

Open source community

Talk to sales

Integrations

Integrate with your platforms

Use our integrations to get alerts sent instantly for ticketing.

Alerting

Receive notifications about the scans and discovery in your workspace.

Ticketing

Automatically create tickets when new vulnerabilities are found.

API

Automate all platform features through our API for custom workflows.

View template

COMMUNITY POWERED

The fastest exploits feed on the Internet

ProjectDiscovery is powered by our Nuclei open source project. A global security community that streamlines exploits in real-time. Nuclei is used by Fortune 500 organizations, security firms, and government-led agencies to tackle the emerging exploitable vulnerabilities.

Fortra GoAnywhere MFT - Authentication Bypass

CVE-2024-0204

Vulnerability announced — 01/23/24 at 12:43 PM

Nuclei template created — 01/23/2024 at 1:05 PM

Vulnerability detected — Alert sent in 22 min

CUSTOMIZATION

Write your own detection templates using AI powered by our Nuclei open source library

Leverage the global security community to streamline your vulnerability management. With a template library full of contributions from pentest, bug bounty, and security teams to automate the most complex vulnerability detection.

Broken Authentication

Weak password

Out of band

SQL Injection

Secrets

IDOR

1id: CVE-2024-27199
2
3info:
4  name: TeamCity < 2023.11.4 - Authentication Bypass
5  author: DhiyaneshDk
6  severity: high
7  description: |
8    In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
9  reference:
10    - https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
11    - https://nvd.nist.gov/vuln/detail/CVE-2024-27199
12  classification:
13    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
14    cvss-score: 7.3
15    cwe-id: CWE-23
16  metadata:
17    verified: true
18    max-request: 3
19    shodan-query: http.component:"TeamCity"
20  tags: cve,cve2024,teamcity,jetbrains,auth-bypass
21
22http:
23  - method: GET
24    path:
25      - "{{BaseURL}}/res/../admin/diagnostic.jsp"
26      - "{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp"
27      - "{{BaseURL}}/update/../admin/diagnostic.jsp"
28
29    stop-at-first-match: true
30    matchers:
31      - type: dsl
32        dsl:
33          - 'status_code == 200'
34          - 'contains(header, "text/html")'
35          - 'contains_all(body, "Debug Logging", "CPU & Memory Usage")'
36        condition: and
37# digest: 490a0046304402207d46ec6991f8498ff8c74ec6ebfe0f59f19210620cab88c23c7761c7701b640102201246e4baea4f5b436b45be21c4f66bbe35e8a5f3769b78de38ee94253f331fa7:922c64590222798bb761d5b6d8e72950

View template

Real world simulation

Run the vulnerability tests as an attacker would to exploit a given vulnerability. Capture full logs behind a given test to triage faster for the team.

AI-powered editor

Use our AI-powered vulnerability automation editor to convert your internal vulnerability data into an automated detection pipeline.

Supports 6 protocols

Nuclei, built by our team, supports over 6 protocols as well as code protocols, so you can basically stitch almost any kind of vulnerability.

COMMUNITY

Security teams love us

Learn, collaborate, and contribute with our community.

Paul Seekamp

@nullenc0de

Starting to get better results running Nuclei, than a Nessus scan these days.

STÖK

@stokfredrik

The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.

Daniel Miessler

@DanielMiessler

This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.

Jason Haddix

@JHaddix

The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's . Want a good start on these fingerprints/templates? They exist!

STÖK

@stokfredrik

Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.

Paul Seekamp

@nullenc0de

Starting to get better results running Nuclei, than a Nessus scan these days.

STÖK

@stokfredrik

The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.

Daniel Miessler

@DanielMiessler

This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.

Jason Haddix

@JHaddix

The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's . Want a good start on these fingerprints/templates? They exist!

STÖK

@stokfredrik

Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.

Paul Seekamp

@nullenc0de

Starting to get better results running Nuclei, than a Nessus scan these days.

STÖK

@stokfredrik

The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.

Daniel Miessler

@DanielMiessler

This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.

Jason Haddix

@JHaddix

The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's . Want a good start on these fingerprints/templates? They exist!

STÖK

@stokfredrik

Check out the stack from @pdnuclei sooooo many game changing tools, nuclei and chaos is the bomb.

Paul Seekamp

@nullenc0de

Starting to get better results running Nuclei, than a Nessus scan these days.

STÖK

@stokfredrik

The @pdnuclei team does it again! Need to dev/null all my hacky shit, low and behold... notify!!! Not only captures it you burp colab request & passes it to slack/discord/telegram.

Daniel Miessler

@DanielMiessler

This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.

Jason Haddix

@JHaddix

The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's . Want a good start on these fingerprints/templates? They exist!