Try Live
Add Docs
Rankings
Pricing
Enterprise
Docs
Install
Install
Docs
Pricing
Enterprise
More...
More...
Try Live
Rankings
Add Docs
ProjectDiscovery
https://github.com/projectdiscovery/docs
Admin
ProjectDiscovery is a comprehensive security platform offering open-source tools and cloud services
...
Tokens:
277,751
Snippets:
3,313
Trust Score:
9.7
Update:
1 day ago
Context
Skills
Chat
Benchmark
56.3
Suggestions
Latest
Show doc for...
Code
Info
Show Results
Context Summary (auto-generated)
Raw
Copy
Link
# ProjectDiscovery Documentation ProjectDiscovery Documentation is the official source for [docs.projectdiscovery.io](https://docs.projectdiscovery.io), a Mintlify-powered documentation site covering the full ProjectDiscovery ecosystem. The platform spans two major pillars: open-source security tools (Nuclei, httpx, subfinder, naabu, katana, interactsh, and more) and the ProjectDiscovery Cloud Platform (PDCP), a SaaS offering that extends those tools with managed scanning, asset discovery, credential monitoring, and a REST API. The documentation is built from MDX content files, an OpenAPI 3.1 YAML specification, and auto-generated JavaScript SDK reference pages, all wired together through a `mint.json` navigation manifest. The core functionality documented here includes: running Nuclei vulnerability scans both from the CLI and through the cloud API; authoring and sharing YAML-based Nuclei templates across every supported protocol (HTTP, DNS, TCP, file, JavaScript, headless browser); managing the full lifecycle of cloud scans, vulnerabilities, asset enumerations, and leak monitoring via a REST API authenticated with `X-Api-Key`; and configuring integrations such as GitHub, GitLab, Jira, Elasticsearch, Splunk, and MongoDB for automated ticketing and reporting. The repository also documents ancillary open-source tools—subfinder, httpx, naabu, dnsx, katana, interactsh, uncover, cvemap, alterx, notify, cloudlist, pdtm, chaos—each with installation, usage, and CLI reference pages. --- ## Nuclei CLI — Install Nuclei is a fast, template-based vulnerability scanner. It can be installed via Go, Homebrew, Docker, or from pre-built binaries. ```bash # Go (recommended) go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest # Homebrew (macOS/Linux) brew install nuclei # Docker docker pull projectdiscovery/nuclei:latest # Docker — scan a single host and output JSONL docker run --rm projectdiscovery/nuclei -u google.com -jsonl # Docker — scan a list of URLs and write results to host filesystem docker run --rm -v ./:/app/ projectdiscovery/nuclei \ -l /app/urls.txt -jsonl /app/results.jsonl ``` --- ## Nuclei CLI — Basic Scanning Running Nuclei against targets using default community templates, with filtering and output options. ```bash # Scan a single host with all default templates nuclei -u https://example.com # Scan a list of hosts nuclei -list targets.txt # Scan with specific template directories nuclei -u https://example.com -t cves/ -t exposures/ # Filter by severity and tags nuclei -u https://example.com -severity critical,high -tags cve # Combined tag/severity/author filter (AND logic) nuclei -u https://example.com -tags cve -severity critical,high -author geeknik # DSL-based template condition filter nuclei -tc "contains(tags,'cve') && contains(tags,'ssrf')" -u https://example.com # JSON export nuclei -u https://example.com -json-export output.json # SARIF export (for GitHub Code Scanning upload) nuclei -list urls.txt -t cves/ -sarif-export report.sarif # Markdown export with request/response pairs nuclei -list urls.txt -t cves/ -include-rr -markdown-export reports/ # Upload results to ProjectDiscovery Cloud dashboard export PDCP_API_KEY=your-api-key-here nuclei -u https://example.com -dashboard # Run only new templates from the latest nuclei-templates release nuclei -u https://example.com -new-templates ``` --- ## Nuclei CLI — AI-Powered Template Generation (`-ai`) Generate and immediately run Nuclei templates on-the-fly from a natural language description, powered by the ProjectDiscovery API. ```bash # Authenticate once nuclei -auth # Enter your PDCP API key when prompted, or set via environment variable: export PDCP_API_KEY=your-pdcp-api-key # Find sensitive information leaks nuclei -list targets.txt -ai "Find admin_api_key in response" # Detect exposed stack traces nuclei -list targets.txt -ai "Detect exposed stack traces in error messages" # Discover admin login endpoints nuclei -list targets.txt -ai "Find admin login endpoints" # Identify secrets in responses nuclei -list urls.txt -ai "Detect secrets in response" # Extract page titles from a target list nuclei -list targets.txt -ai "Extract page titles" # Note: 100 AI queries/day per user; generated templates are saved locally # and to your PDCP cloud account for reuse. ``` --- ## Nuclei CLI — Authenticated Scans (Secret File) Nuclei v3.2.0+ supports a YAML-based `Secret File` for managing static and dynamic authentication across thousands of targets. ```yaml # secrets.yaml — static API key example static: - type: bearerauth domains: - api.example.com value: "Bearer eyJhbGciOiJIUzI1NiJ9..." - type: basicauth domains: - legacy.example.com username: admin password: s3cr3t # Dynamic authentication (login flow via nuclei-templates) dynamic: - template: default-login/wordpress-login.yaml domains-regex: ".*\\.wordpress-site\\.com" variables: username: admin password: wp-password-here ``` ```bash # Run with secrets file nuclei -list targets.txt -secret-file secrets.yaml # Pre-fetch secrets at start (avoids mid-scan delays) nuclei -list targets.txt -secret-file secrets.yaml -prefetch-secrets ``` --- ## Nuclei CLI — Uncover Integration (Internet Databases) Scan hosts discovered from Shodan, Censys, Fofa, Hunter, ZoomEye, and other internet databases. ```bash # Set API keys export SHODAN_API_KEY=xxx export CENSYS_API_ID=xxx export CENSYS_API_SECRET=xxx export FOFA_EMAIL=xxx export FOFA_KEY=xxx # Run a specific CVE template against Shodan results for that CVE nuclei -id 'CVE-2021-26855' -uq 'vuln:CVE-2021-26855' -ue shodan # Use template-defined shodan-query metadata automatically nuclei -t cves/2021/CVE-2021-26855.yaml -uncover # Scan all CVE templates, auto-fetching targets from Shodan metadata nuclei -tags cve -uncover ``` --- ## Nuclei CLI — Rate Limiting and Performance Control scan speed with rate limiting, concurrency, and bulk-size flags. ```bash # Rate-limit to 100 requests/sec, 50 hosts per template in parallel, # 50 templates in parallel nuclei -u https://example.com \ -rate-limit 100 \ -bulk-size 50 \ -concurrency 50 # Configuration file at $HOME/.config/nuclei/config.yaml cat > $HOME/.config/nuclei/config.yaml << 'EOF' header: - 'X-BugBounty-Hacker: h1/yourhandle' templates: - cves/ - vulnerabilities/ - misconfiguration/ tags: exposures,cve severity: critical,high,medium exclude-tags: info include-tags: dos,fuzz rate-limit: 500 bulk-size: 50 concurrency: 50 EOF # Use custom config nuclei -config myproject.yaml -list urls.txt ``` --- ## Nuclei CLI — Reporting Integrations Forward findings to GitHub Issues, GitLab Issues, Jira, Elasticsearch, Splunk HEC, or MongoDB. ```yaml # issue-tracker.yaml — GitHub github: username: 'myuser' owner: 'myorg' token: 'ghp_xxxxxxxxxxxx' project-name: 'security-findings' issue-label: 'Nuclei' duplicate-issue-check: true # issue-tracker.yaml — Jira (append or replace as needed) jira: cloud: true update-existing: false url: https://myorg.atlassian.net account-id: 123456789abcdef email: security@myorg.com token: jira-api-token project-name: SEC issue-type: Bug severity-as-label: true status-not: Closed custom_fields: customfield_10001: freeform: $CVSSScore customfield_10002: freeform: $CVEID # issue-tracker.yaml — Elasticsearch elasticsearch: ip: 127.0.0.1 port: 9200 index-name: nuclei # issue-tracker.yaml — Splunk HEC splunkhec: host: splunk.myorg.com port: 8088 index-name: nuclei ssl: true ssl-verification: true token: 'splunk-hec-token' # issue-tracker.yaml — MongoDB mongodb: connection-string: "mongodb://root:pass@localhost:27017/nuclei?authSource=admin" collection-name: findings omit-raw: false batch-size: 100 # Allow only high/critical; deduplicate across periodic scans allow-list: severity: high,critical ``` ```bash # Run scan and create tickets, deduplicate via local DB nuclei -list urls.txt -t cves/ -rc issue-tracker.yaml -rdb prod ``` --- ## Nuclei Templates — Structure A Nuclei template is a YAML file with a unique `id`, an `info` block, protocol-specific request definitions, matchers, and optional extractors. ```yaml id: git-config-exposure info: name: Git Config File Exposure author: Ice3man severity: medium description: Searches for exposed .git/config files on web servers. reference: https://www.acunetix.com/vulnerabilities/web/git-repository-found/ tags: git,config,exposure metadata: shodan-query: 'http.title:"Index of" ".git"' http: - method: GET path: - "{{BaseURL}}/.git/config" redirects: true max-redirects: 3 headers: User-Agent: "Mozilla/5.0 (compatible; SecurityScanner/1.0)" matchers-condition: and matchers: - type: word words: - "[core]" - type: status status: - 200 extractors: - type: regex name: repo_url regex: - 'url\s*=\s*(https?://[^\s]+)' ``` --- ## Nuclei Templates — HTTP Protocol (Multi-Step / Request Condition) Multi-step HTTP templates correlate data across requests using numbered attribute suffixes. ```yaml id: wordpress-rce-chain info: name: WordPress Auth + RCE Chain author: example severity: critical tags: wordpress,rce,auth http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to=%2Fwp-admin%2F&testcookie=1 - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded Cookie: {{cookie}} action=upload_plugin&nonce={{nonce}}&pluginzip=@shell.zip cookie-reuse: true matchers-condition: and matchers: - type: dsl dsl: - "status_code_1 == 302" - "status_code_2 == 200 && contains(body_2, 'success')" condition: and ``` --- ## Nuclei Templates — HTTP Fuzzing / DAST Run dynamic application security testing (DAST) with fuzzing templates. ```bash # Enable DAST mode nuclei -u https://example.com -dast # Fuzzing aggression levels: low (default), medium, high nuclei -u https://example.com -dast -fuzz-aggression medium # Limit fuzzing scope with regex nuclei -u https://example.com -dast \ -fuzz-scope "https://example\.com/api/.*" \ -fuzz-out-scope "https://example\.com/logout" ``` ```yaml # DAST fuzzing template example id: sqli-fuzz-get info: name: SQL Injection Fuzzing severity: high tags: sqli,fuzz,dast http: - method: GET path: - "{{BaseURL}}/search?q={{injection}}" fuzzing: - part: query type: replace mode: single fuzz: - "'" - "1 OR 1=1--" - "' UNION SELECT NULL--" matchers: - type: word words: - "SQL syntax" - "mysql_fetch" - "ORA-01756" condition: or ``` --- ## Nuclei Templates — Custom Templates from GitHub/GitLab/S3/Azure Host and auto-sync private templates from cloud storage or version control. ```bash # GitHub private repo export GITHUB_TOKEN=ghp_xxxxxxxxxxxx export GITHUB_TEMPLATE_REPO=my-private-nuclei-templates nuclei -update-templates nuclei -t github/my-private-nuclei-templates -u https://example.com # GitLab export GITLAB_SERVER_URL=https://gitlab.com export GITLAB_TOKEN=glpat-xxxxxxxxxxxx export GITLAB_REPOSITORY_IDS=12345678 nuclei -update-templates # AWS S3 export AWS_ACCESS_KEY=AKIAXXXXXXXX export AWS_SECRET_KEY=xxxxxxxxxx export AWS_REGION=us-east-1 export AWS_TEMPLATE_BUCKET=my-nuclei-templates nuclei -update-templates # Azure Blob Storage export AZURE_TENANT_ID=00000000-0000-0000-0000-000000000000 export AZURE_CLIENT_ID=00000000-0000-0000-0000-000000000000 export AZURE_CLIENT_SECRET=xxxxxxxxxx export AZURE_SERVICE_URL=https://myaccount.blob.core.windows.net/ export AZURE_CONTAINER_NAME=nuclei-templates nuclei -update-templates # Disable specific download sources export DISABLE_NUCLEI_TEMPLATES_PUBLIC_DOWNLOAD=true ``` --- ## PDCP REST API — Authentication All PDCP API endpoints at `https://api.projectdiscovery.io` require an `X-Api-Key` header. Obtain your key from [cloud.projectdiscovery.io/settings/api-key](https://cloud.projectdiscovery.io/settings/api-key). ```bash # Get current API key curl -s https://api.projectdiscovery.io/v1/user/apikey \ -H "X-Api-Key: YOUR_API_KEY" # Response: {"api_key":"YOUR_API_KEY","created_at":"2024-01-15T10:00:00Z"} # Create API key (no-op if one already exists) curl -s -X POST https://api.projectdiscovery.io/v1/user/apikey \ -H "X-Api-Key: YOUR_API_KEY" # Rotate API key curl -s -X POST https://api.projectdiscovery.io/v1/user/apikey/rotate \ -H "X-Api-Key: YOUR_API_KEY" # Response: {"api_key":"NEW_ROTATED_KEY"} # Delete API key curl -s -X DELETE https://api.projectdiscovery.io/v1/user/apikey \ -H "X-Api-Key: YOUR_API_KEY" ``` --- ## PDCP REST API — Scans: Create, List, Get, Stop, Delete Full scan lifecycle management via the REST API. ```bash API_KEY="your-api-key" TEAM_ID="your-team-id" # optional; from cloud.projectdiscovery.io/settings/team # List scans (paginated, filterable) curl -s "https://api.projectdiscovery.io/v1/scans?limit=10&offset=0&status=finished" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Create a scan curl -s -X POST https://api.projectdiscovery.io/v1/scans \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "name": "Weekly CVE Scan", "targets": ["https://example.com", "https://api.example.com"], "template_ids": ["cve-2021-26855", "cve-2021-44228"], "config_id": "config-uuid-here" }' # Response: {"scan_id":"scan-abc123","message":"Scan triggered"} # Get scan details curl -s "https://api.projectdiscovery.io/v1/scans/scan-abc123" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Stop a running scan curl -s -X POST "https://api.projectdiscovery.io/v1/scans/scan-abc123/stop" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Rescan (re-run) an existing scan curl -s -X POST "https://api.projectdiscovery.io/v1/scans/scan-abc123/rescan" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Delete a single scan curl -s -X DELETE "https://api.projectdiscovery.io/v1/scans/scan-abc123" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Delete scans in bulk curl -s -X DELETE https://api.projectdiscovery.io/v1/scans \ -H "X-Api-Key: $API_KEY" \ -H "Content-Type: application/json" \ -d '{"scan_ids":["scan-abc123","scan-def456"]}' ``` --- ## PDCP REST API — Scan Schedules Automate periodic scans with cron-based scheduling. ```bash # Get all scan schedules curl -s "https://api.projectdiscovery.io/v1/scans/schedule" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Create a weekly schedule (every Monday at 02:00 UTC) curl -s -X POST https://api.projectdiscovery.io/v1/scans/schedule \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "scan_id": "scan-abc123", "cron": "0 2 * * 1", "timezone": "UTC" }' # Delete a schedule curl -s -X DELETE "https://api.projectdiscovery.io/v1/scans/schedule?scan_id=scan-abc123" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" ``` --- ## PDCP REST API — Scan Results (Vulnerabilities) Retrieve, manage, and export individual vulnerability findings. ```bash # Get a specific vulnerability by ID curl -s "https://api.projectdiscovery.io/v1/scans/vuln/vuln-abc123" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Get all vulnerabilities (v2 full-text search endpoint) curl -s "https://api.projectdiscovery.io/v2/vulnerability/search?q=log4j&limit=50&offset=0" \ -H "X-Api-Key: $API_KEY" # Response includes: results[], total, count, facets # Get available filters for vulnerabilities curl -s "https://api.projectdiscovery.io/v2/vulnerability/filters" \ -H "X-Api-Key: $API_KEY" # Get vulnerability timeline curl -s "https://api.projectdiscovery.io/v2/vulnerability/vuln-abc123/timeline" \ -H "X-Api-Key: $API_KEY" # Get changelogs for a specific vulnerability curl -s "https://api.projectdiscovery.io/v1/scans/vuln/vuln-abc123/changelogs?time=last_week" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Batch update vulnerability status curl -s -X PATCH https://api.projectdiscovery.io/v1/scans/vulns \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "ids": ["vuln-abc123", "vuln-def456"], "status": "fixed" }' # Batch update vulnerability labels curl -s -X PATCH https://api.projectdiscovery.io/v1/scans/vulns/labels \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{"ids":["vuln-abc123"],"labels":["triaged","p1"]}' # Retest a specific vulnerability curl -s -X POST "https://api.projectdiscovery.io/v1/scans/vuln-abc123/retest" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{"socks5_proxy":"","agent_id":""}' ``` --- ## PDCP REST API — Export Scan Results Export findings in JSON, CSV, or PDF format, with optional filters. ```bash # Export all results for a scan (JSON) curl -s "https://api.projectdiscovery.io/v1/scans/scan-abc123/export?type=json" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -o scan-results.json # Export scan results as CSV curl -s "https://api.projectdiscovery.io/v1/scans/scan-abc123/export?type=csv" \ -H "X-Api-Key: $API_KEY" -o scan-results.csv # Export filtered scan results (POST for filter body) curl -s -X POST "https://api.projectdiscovery.io/v1/scans/scan-abc123/export?type=json" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "severity": ["critical","high"], "vuln_status": "open", "host": ["https://example.com"] }' # Cross-scan filtered export with date range curl -s -X POST "https://api.projectdiscovery.io/v1/scans/results/export?type=csv" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "severity": ["critical"], "scan_ids": ["scan-abc123","scan-def456"], "start_date": "2024-01-01", "end_date": "2024-03-31" }' \ -o q1-critical.csv ``` --- ## PDCP REST API — Import OSS Scan Results Upload Nuclei JSONL output files directly to the cloud platform for visualization. ```bash # Run nuclei locally and save JSONL nuclei -list targets.txt -t cves/ -jsonl -output results.jsonl # Import results to a named scan on PDCP curl -s -X POST "https://api.projectdiscovery.io/v1/scans/import?name=My+OSS+Scan" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/octet-stream" \ --data-binary @results.jsonl # Response: {"scan_id":"scan-new-uuid","message":"Scan imported"} # Append more results to an existing imported scan curl -s -X PATCH "https://api.projectdiscovery.io/v1/scans/scan-new-uuid/import" \ -H "X-Api-Key: $API_KEY" \ -H "Content-Type: application/octet-stream" \ --data-binary @more-results.jsonl ``` --- ## PDCP REST API — Templates (CRUD + AI Generation) Manage private templates and search the public template library. ```bash # Search templates (v2, public + private) curl -s "https://api.projectdiscovery.io/v2/template/search?q=log4j&scope=public_private&limit=20" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # List private templates curl -s "https://api.projectdiscovery.io/v1/template?limit=50&offset=0" \ -H "X-Api-Key: $API_KEY" # Create a private template curl -s -X POST "https://api.projectdiscovery.io/v1/template?filename=my-check.yaml&dir=custom" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "template": "id: my-check\ninfo:\n name: My Custom Check\n severity: info\nhttp:\n - method: GET\n path:\n - \"{{BaseURL}}/health\"\n matchers:\n - type: status\n status:\n - 200\n" }' # Get a private template by ID curl -s "https://api.projectdiscovery.io/v1/template/tmpl-uuid-here" \ -H "X-Api-Key: $API_KEY" # Update a private template curl -s -X PATCH https://api.projectdiscovery.io/v1/template \ -H "X-Api-Key: $API_KEY" \ -H "Content-Type: application/json" \ -d '{"template_id":"tmpl-uuid-here","template":"id: my-check\n..."}' # Delete a private template curl -s -X DELETE "https://api.projectdiscovery.io/v1/template/tmpl-uuid-here" \ -H "X-Api-Key: $API_KEY" # Generate a template using the AI engine curl -s -X POST https://api.projectdiscovery.io/v1/template/ai \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{"prompt": "Detect exposed .env files containing database credentials"}' # Response: {"template_id":"ai-gen-uuid","template":"id: env-exposure\n..."} # Share a template (link-share) curl -s -X POST https://api.projectdiscovery.io/v1/template/share \ -H "X-Api-Key: $API_KEY" \ -H "Content-Type: application/json" \ -d '{"template_id":"tmpl-uuid-here","ttl":"7d","share_type":"link"}' # Get a shared template (no auth needed) curl -s "https://api.projectdiscovery.io/v1/template/share/tmpl-uuid-here?fields=name,severity,template" ``` --- ## PDCP REST API — Asset Discovery (Enumerations) Discover and continuously monitor the attack surface of an organization through automated enumeration. ```bash # List all enumerations curl -s "https://api.projectdiscovery.io/v1/asset/enumerate?limit=20&sort_desc=created_at" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Create a new enumeration curl -s -X POST https://api.projectdiscovery.io/v1/asset/enumerate \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "name": "Acme Corp External Assets", "root_domains": ["acme.com", "acmecorp.io"], "steps": [ "dns_resolve", "dns_bruteforce", "port_scan", "http_probe", "http_screenshot", "tls_scan" ], "enumeration_ports": "80,443,8080,8443", "automatic_vuln_scans": true, "exclusions": ["*.staging.acme.com", "*.dev.acme.com"] }' # Response: {"id":"enum-abc123","is-public":false} # Get enumeration details curl -s "https://api.projectdiscovery.io/v1/asset/enumerate/enum-abc123" \ -H "X-Api-Key: $API_KEY" # Re-run an existing enumeration curl -s -X POST "https://api.projectdiscovery.io/v1/asset/enumerate/enum-abc123/rescan" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Export discovered assets (CSV) with filters curl -s "https://api.projectdiscovery.io/v1/asset/enumerate/enum-abc123/export?format=csv&port=443,8443&is_tech=true" \ -H "X-Api-Key: $API_KEY" \ -o assets.csv # Schedule recurring enumeration (weekly on Sundays at 01:00) curl -s -X POST https://api.projectdiscovery.io/v1/enumeration/schedule \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{"enumeration_id":"enum-abc123","cron":"0 1 * * 0"}' # Create an asset group from enumeration data curl -s -X POST https://api.projectdiscovery.io/v1/asset/enumerate/group \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "name": "Critical External APIs", "filters": {"port":["443"],"technologies":["nginx"],"labels":["p1"]} }' ``` --- ## PDCP REST API — Scan Configurations Create reusable scan configurations with custom headers, template variables, rate limits, and Interactsh settings. ```bash # List configurations (filter by type: scan, reporting, template, alerting, etc.) curl -s "https://api.projectdiscovery.io/v1/scans/config?type=scan" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Create a scan configuration curl -s -X POST https://api.projectdiscovery.io/v1/scans/config \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "name": "WordPress Auth Config", "config_type": "scan", "global": false, "config": "{\"rate_limit\":30,\"headers\":{\"Authorization\":\"Bearer token123\"},\"vars\":{\"username\":\"admin\",\"password\":\"wp-password\"}}" }' # Update a configuration curl -s -X PATCH "https://api.projectdiscovery.io/v1/scans/config/config-uuid-here" \ -H "X-Api-Key: $API_KEY" \ -H "Content-Type: application/json" \ -d '{"name":"WordPress Auth Config v2","global":true}' # Delete a configuration curl -s -X DELETE "https://api.projectdiscovery.io/v1/scans/config/config-uuid-here" \ -H "X-Api-Key: $API_KEY" ``` --- ## PDCP REST API — Credential Leak Monitoring Monitor for leaked credentials associated with your organization's domains and email addresses. ```bash # Get all leaked credentials curl -s "https://api.projectdiscovery.io/v1/leaks?limit=50&offset=0" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Get domain-level leak statistics curl -s "https://api.projectdiscovery.io/v1/leaks/domain-stats" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Get email-level leak statistics curl -s "https://api.projectdiscovery.io/v1/leaks/email-stats" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Get detailed info for a specific leak curl -s "https://api.projectdiscovery.io/v1/leaks/leak-uuid-here" \ -H "X-Api-Key: $API_KEY" # Update leak status (e.g., mark as resolved) curl -s -X PATCH "https://api.projectdiscovery.io/v1/leaks/leak-uuid-here" \ -H "X-Api-Key: $API_KEY" \ -H "Content-Type: application/json" \ -d '{"status":"resolved"}' # Export leaks to CSV curl -s "https://api.projectdiscovery.io/v1/leaks/export" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -o leaks.csv ``` --- ## PDCP REST API — Asset Management (Labels and Policies) Organize assets with labels and enforce security policies across your attack surface. ```bash # Add labels to an asset curl -s -X POST "https://api.projectdiscovery.io/v1/asset/asset-uuid-here/labels" \ -H "X-Api-Key: $API_KEY" \ -H "Content-Type: application/json" \ -d '{"labels":["production","critical","pci-scope"]}' # Modify asset labels (partial update) curl -s -X PATCH "https://api.projectdiscovery.io/v1/asset/asset-uuid-here/labels" \ -H "X-Api-Key: $API_KEY" \ -H "Content-Type: application/json" \ -d '{"add":["new-label"],"remove":["old-label"]}' # Create an asset policy curl -s -X POST https://api.projectdiscovery.io/v1/asset/policy \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" \ -H "Content-Type: application/json" \ -d '{ "name": "No Open RDP", "description": "Alert when port 3389 is discovered open", "conditions": {"port": "3389", "status": "open"}, "severity": "high" }' # List asset policies curl -s "https://api.projectdiscovery.io/v1/asset/policy" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Get policy event history curl -s "https://api.projectdiscovery.io/v1/asset/policy/policy-uuid-here/events" \ -H "X-Api-Key: $API_KEY" ``` --- ## PDCP REST API — Audit Logs Retrieve team-level audit logs for compliance and security monitoring. ```bash # Get audit logs (filter by user, action, time window) curl -s "https://api.projectdiscovery.io/v1/team/audit_log?limit=100&offset=0&action=scan_created" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" # Filter by specific user email curl -s "https://api.projectdiscovery.io/v1/team/audit_log?email=user@example.com&limit=50" \ -H "X-Api-Key: $API_KEY" \ -H "X-Team-Id: $TEAM_ID" ``` --- ## Nuclei Scan Metrics (Live) Query real-time scan statistics from Nuclei's built-in metrics server. ```bash # Start a scan with metrics enabled nuclei -t cves/ -l urls.txt -stats # Query metrics while scan runs (default port 9092) curl -s localhost:9092/metrics | jq . # Expected output: # { # "duration": "0:00:03", # "errors": "2", # "hosts": "1", # "matched": "0", # "percent": "99", # "requests": "350", # "rps": "132", # "startedAt": "2024-01-15T18:02:18.886745+05:30", # "templates": "256", # "total": "352" # } # Custom metrics port nuclei -u https://example.com -stats -metrics-port 9093 curl -s localhost:9093/metrics | jq . ``` --- ## Building and Deploying the Documentation Site The documentation site is built with Mintlify and includes auto-generated JS SDK docs and PDCP API reference pages. ```bash # Local development npm i -g mintlify@latest cd /path/to/docs-repo mintlify dev # Generate JavaScript protocol docs (requires jsdoc-to-markdown) npm install -g jsdoc-to-markdown ./bin/jsdocs.sh # Download latest OpenAPI spec from PDCP ./bin/download-api.sh # Generate API reference pages from OpenAPI spec ./bin/generate-api.sh # Generate API docs excluding internal/admin endpoints ./bin/generate-filtered-api.sh # After all generation steps, Mintlify handles deployment automatically # when pushed to the configured deployment branch. ``` --- ProjectDiscovery documentation covers two tightly integrated layers of use: command-line security tooling and a cloud API that extends those tools into an enterprise-grade continuous security platform. The primary use cases are continuous attack surface monitoring (automated asset enumeration via PDCP enumerations + scheduled rescans), vulnerability scanning at scale (Nuclei CLI against large target lists, with results pushed to PDCP or external ticketing systems), credential leak surveillance (PDCP leak monitoring for org domains), and DevSecOps pipeline integration (Nuclei in CI/CD with SARIF output for GitHub Code Scanning, or API-driven scan triggering from pipeline automation). The templating system underpins all of these use cases, allowing teams to encode custom security checks in portable YAML that runs identically on-premises and in the cloud. Integration patterns fall into three categories: direct Nuclei CLI with cloud upload (`-dashboard`, `-scan-id`, `-pdu`), full API-driven automation using the PDCP REST API (create scans, poll status, export results, ingest into SIEM/ticketing), and hybrid workflows where local Nuclei scans produce JSONL output that is imported via `POST /v1/scans/import` for cloud visualization and tracking. All three patterns share the same authentication model (`X-Api-Key`), the same vulnerability data model (severity, status, changelogs, labels), and the same template ecosystem, making it straightforward to migrate between local-only and fully managed execution without changing templates or downstream integrations.
