Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Tool Talk: Nuclei

In our third edition of the Tool Talk series, we dive into the open-source tool Nuclei, a fast and customizable vulnerability scanner based on simple YAML-based DSL.

Traditional scanners often lack the features to allow easy-to-write custom checks on top of their engine. To help solve this issue, Nuclei was developed by Project Discovery with a core focus on simplicity, modularity, and the ability to scan on many assets. The open-source vulnerability scanner is simple enough to be used by everyone, while complex enough to integrate into the modern web with its intricacies.

And here, at Bishop Fox, we love to take advantage of innovative, community-powered tools (even creating some ourselves via Labs) to offer automated solutions for our offensive security customers.

In our third edition of the Tool Talk series, we dive into Nuclei to discover:

  • The basics – what it is and how it works
  • How it overcomes the challenges of traditional scanners
  • Why it's a favorite tool of our consultants and Cosmos team

Sandeep Singh Project Discovery Headshot

About the author, Sandeep Singh

Co-Founder & CTO at

Sandeep Singh is an application security enthusiast with nearly 10 years of experience. He actively participated in bug bounty programs that led him to secure Top 3 positions at HackerOne. Sandeep worked as a Security Analyst at HackerOne, where he triaged reports from web and mobile domains.

In 2019, Sandeep co-founded and currently serves as the organizations' Chief Technology Officer. ProjectDiscovery is a cloud based reconnaissance and continuous monitoring platform that automates the entire process of recon and provides the data in an organized and managed manner.

More by Sandeep

Joe sechman

About the author, Joe Sechman

Bishop Fox Alumnus

Joe is a Bishop Fox alumnus and brought over 20 years of experience to his role as Associate Vice President of R&D. He was responsible for nurturing a culture of innovation across Bishop Fox. Over his career, Joe has amassed many security certifications, delivered several presentations, and has co-authored multiple industry publications with groups such as ISC2, ISACA, ASIS, HP, and IEEE.

Additionally, Joe is a prolific inventor with nine granted patents in the fields of dynamic and runtime application security testing, attack surface enumeration, and coverage (U.S. Patents 10,699,017, 10,515,219, 10,516,692, 10,515,220, 10,423,793, 9,846,781, 10,650,148, 10,587,641, and 11,057,395). Prior to joining Bishop Fox, Joe held leadership positions with companies such as Cobalt Labs, HP Fortify, Royal Philips, and Sunera LLC (now Focal Point Data Risk). Earlier in his career, Joe served as the lead penetration tester within SPI Labs at SPI Dynamics where he cut his teeth alongside some of the best and brightest application security industry professionals. Joe received his Bachelor of Business Administration degree in Management Information Systems from the Terry College of Business - University of Georgia.
More by Joe

David Bravo

About the author, David Bravo

Security Consultant

David Bravo is a Security Consultant at Bishop Fox who focuses on application and cloud security. He has worked with Fortune 500 firms and startups in various industries to assess and improve the security of their applications and cloud environments. David holds a Bachelor of Science in Computer Science from New York University.

More by David

Matt Thoresen

About the author, Matt Thoreson

Senior Security Consultant

Matt Thoreson (OSCP, CISSP) is a Senior Consultant at Bishop Fox and leads the External Penetration Testing service, He currently focuses on penetration testing external and internal networks. Matt also has extensive experience in red teaming, social engineering, and mobile application testing. He has advised Fortune 500 brands and startups in industries such as technology, healthcare, energy, finance, and retail.

More by Matt

Zach zeitlin

About the author, Zach Zeitlin

Senior Operator

Zachary Zeitlin is a Senior Operator with Bishop Fox’s Cosmos (formerly CAST) team. Prior to coming to Bishop Fox, he served as an operator in the US Department of Defense's most elite computer network exploitation (CNE) unit.

More by Zach

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.