ProjectDiscovery

Want a quick way to install and keep Project Discovery tools up to date? Use pdtm 👇 #cybersecurity #hacking #projectdiscovery #bugbounty

This Hacktoberfest, the Nuclei community leveled up templates in a big way: 243 new templates and 178 CVEs including 44 KEVs; thanks to 287 PRs, 16 new contributors, and 24 bounties awarded. Open-source security just got stronger. 💪 Full write-up + what to scan next → https://lnkd.in/gN5Kq3-C #OpenSource #Security #Nuclei #Hacktoberfest #CVE #KEV

How do you protect the sensitive data of 15 million students across a massive portfolio of educational applications? That's the challenge Amplify a leader in K–12 education, was facing. They needed a solution to scale security testing across hundreds of applications without relying on slow, generic tools. Among their key challenges: ✅ Scanning applications behind authentication, a major limitation of traditional tools. ✅ Identifying complex, application-specific vulnerabilities that generic scanners miss. ✅ Creating a repeatable process to ensure patched vulnerabilities don't return. ✅ Reducing the workload on a central security team stretched thin by manual testing. The solution for Amplify was an innovative approach using ProjectDiscovery's tools. By converting bug bounty reports into custom Nuclei templates, they created an automated, targeted testing framework that replicated real-world attacks. Want to learn how they secured their growing platform? Read the full case study (🔗 in the comments)👇

Want to build a next-gen security program? It starts with automation. Here’s how to build an automated security program around four core areas of concern: 1️⃣ Asset Discovery: You can’t secure what you can't see. Find every part of your external attack surface using tools like subfinder, dnsx, and Chaos. 2️⃣ Asset Enrichment: Once you know what’s there, identify what’s running on it. Automating this process is key to keeping up with a constantly changing threat environment using tools like httpx, naabu, katana, and cloudlist. 3️⃣ Vulnerability Detection: Not all vulnerabilities are created equal. Use a powerful tool like Nuclei to filter through the noise and find the signal of what truly matters. 4️⃣ Remediation and Regression Protection: Finding a vulnerability is only half the battle. A modern program must track issues until they're fixed and use automation to ensure they never come back.  Ready to learn more? Read the full article here 👇

CISA has added two DELMIA Apriso vulnerabilities we discovered; CVE-2025-6204 (code injection → RCE) and CVE-2025-6205 (missing authorization)to the Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. In our original research (Sept 23), we showed how these issues chain from unauthenticated user creation to authenticated file upload path traversal, leading to full application compromise. We also published nuclei templates to help teams detect exposure quickly. Read the deep dive and grab the templates: https://lnkd.in/gZrQCR3E #KEV #Manufacturing #OTSecurity #AppSec #nuclei #IncidentResponse 

Looking for a better way to store and manage your Nuclei scan results? In version 3.3.5, we've added MongoDB support to Nuclei! This feature allows you to export all your scan results to a MongoDB database for enhanced storage and reporting. Watch this one-minute video to see how it works 👇  

Tired of false positives from fuzzing? The Analyzer in Nuclei adds an extra verification step to confirm your findings and prove the vulnerability is real. More about the Analyzer in our Fuzzing overview👇 https://lnkd.in/gWtua9Ae

You have likely heard of tools like Subfinder or Nuclei, right? They are amazing tools from ProjectDiscovery, but if you haven't been keeping up with them, you might be missing a lot in your recon strategy. That's why we launched this new Hub, tying together all these tools using a single methodology that will change your game. 🌀Get started: https://lnkd.in/gN3hmYAX

Are you the kind of bug bounty hunter people want to work with? 🤝 This blog isn't about finding more bugs; it's an etiquette guide for bug bounty reporting that will help you build your reputation in the community. It's like a finishing school for hackers, focusing on the soft skills that get you hired. What to DO: ✅ Get Permission: Always read the program's rules and scope before you begin testing. ✅ Stay in Scope: Don't go outside the defined boundaries. ✅ Be Transparent: Clearly document your findings and methodology. ✅ Take Your Time: A well-researched, high-quality report is better than a rushed, low-quality one Read the full blog to learn the 4 essentials of good bug bounty etiquette 👇 https://lnkd.in/g2Yf34rv

Are you leveraging Nuclei's full potential for passive detection? Global Matchers are matchers that apply across all HTTP responses received from running other templates. This makes them incredibly useful for things like passive detection, fingerprinting, spotting errors, WAF detection, and catching information leaks. In this video, you'll learn: ✅ How to enable the option. ✅ How it helps with passive detection. ✅ How to set up global matches in your templates. Watch the video to see how to get started 👇