ProjectDiscovery
@projectdiscovery.bsky.social
Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
Welcome, 2026!
We look forward to building more great things with you in the new year!
With AI-driven threats emerging as the major challenge, our focus is clear: to bring you the defense you'll need for cutting-edge Attack Surface Management.
#HappyNewYear #Infosec #2026
We look forward to building more great things with you in the new year!
With AI-driven threats emerging as the major challenge, our focus is clear: to bring you the defense you'll need for cutting-edge Attack Surface Management.
#HappyNewYear #Infosec #2026
January 1, 2026 at 4:02 AM
Welcome, 2026!
We look forward to building more great things with you in the new year!
With AI-driven threats emerging as the major challenge, our focus is clear: to bring you the defense you'll need for cutting-edge Attack Surface Management.
#HappyNewYear #Infosec #2026
We look forward to building more great things with you in the new year!
With AI-driven threats emerging as the major challenge, our focus is clear: to bring you the defense you'll need for cutting-edge Attack Surface Management.
#HappyNewYear #Infosec #2026
For 2026, the next generation of Attack Surface Management isn't just about seeing more; it's about knowing what's real.
Want to learn why your security strategy needs proof?
➡️ Get our latest report now: https://projectdiscovery.io/whitepapers/attack-surface-management-2025
Want to learn why your security strategy needs proof?
➡️ Get our latest report now: https://projectdiscovery.io/whitepapers/attack-surface-management-2025
December 30, 2025 at 11:31 PM
For 2026, the next generation of Attack Surface Management isn't just about seeing more; it's about knowing what's real.
Want to learn why your security strategy needs proof?
➡️ Get our latest report now: https://projectdiscovery.io/whitepapers/attack-surface-management-2025
Want to learn why your security strategy needs proof?
➡️ Get our latest report now: https://projectdiscovery.io/whitepapers/attack-surface-management-2025
🌀Happy Holidays to everyone in our community who is celebrating!
We hope you all have a wonderful time recharging and connecting with loved ones.
[+] Santa_v2025.zip 🎅
— The ProjectDiscovery Team
We hope you all have a wonderful time recharging and connecting with loved ones.
[+] Santa_v2025.zip 🎅
— The ProjectDiscovery Team
December 25, 2025 at 12:45 PM
🌀Happy Holidays to everyone in our community who is celebrating!
We hope you all have a wonderful time recharging and connecting with loved ones.
[+] Santa_v2025.zip 🎅
— The ProjectDiscovery Team
We hope you all have a wonderful time recharging and connecting with loved ones.
[+] Santa_v2025.zip 🎅
— The ProjectDiscovery Team
Need to isolate common ports on a single host?
Use Naabu to target specific, common ports and save the results for your next step.👇
Use Naabu to target specific, common ports and save the results for your next step.👇
December 21, 2025 at 8:02 PM
Need to isolate common ports on a single host?
Use Naabu to target specific, common ports and save the results for your next step.👇
Use Naabu to target specific, common ports and save the results for your next step.👇
2025 proved one thing: the gap between disclosure and exploitation is gone.
We broke down the 5 vulnerabilities that actually shaped attacker behavior this year.
Read the full analysis 👇
projectdiscovery.io/blog/year-in...
We broke down the 5 vulnerabilities that actually shaped attacker behavior this year.
Read the full analysis 👇
projectdiscovery.io/blog/year-in...
December 18, 2025 at 9:40 PM
2025 proved one thing: the gap between disclosure and exploitation is gone.
We broke down the 5 vulnerabilities that actually shaped attacker behavior this year.
Read the full analysis 👇
projectdiscovery.io/blog/year-in...
We broke down the 5 vulnerabilities that actually shaped attacker behavior this year.
Read the full analysis 👇
projectdiscovery.io/blog/year-in...
🚨 We’re presenting at #NahamCon24!
Join us at 1:30 PM PT for a hands-on recon deep dive using free ProjectDiscovery tools: Subfinder → ShuffleDNS → AlterX → Katana + URLFinder
Learn smart patterns, QPS tuning, rate-limit strategies, and see real demos in action.
🎟️Free registration: www.nahamcon.com
Join us at 1:30 PM PT for a hands-on recon deep dive using free ProjectDiscovery tools: Subfinder → ShuffleDNS → AlterX → Katana + URLFinder
Learn smart patterns, QPS tuning, rate-limit strategies, and see real demos in action.
🎟️Free registration: www.nahamcon.com
NahamCon - A Virtual Security Conference
www.nahamcon.com
December 17, 2025 at 3:58 PM
🚨 We’re presenting at #NahamCon24!
Join us at 1:30 PM PT for a hands-on recon deep dive using free ProjectDiscovery tools: Subfinder → ShuffleDNS → AlterX → Katana + URLFinder
Learn smart patterns, QPS tuning, rate-limit strategies, and see real demos in action.
🎟️Free registration: www.nahamcon.com
Join us at 1:30 PM PT for a hands-on recon deep dive using free ProjectDiscovery tools: Subfinder → ShuffleDNS → AlterX → Katana + URLFinder
Learn smart patterns, QPS tuning, rate-limit strategies, and see real demos in action.
🎟️Free registration: www.nahamcon.com
Tired of dealing with duplicate results in your scans?
Httpx now has a cool feature for that: Filter Duplicates Tag!
It allows you to filter duplicates as you scan, saving you time and giving you cleaner results.
See how it works in 1 min 👇
Httpx now has a cool feature for that: Filter Duplicates Tag!
It allows you to filter duplicates as you scan, saving you time and giving you cleaner results.
See how it works in 1 min 👇
ProjectDiscovery Tips and Tricks - Filter Duplicates Tag!
As we get into 2025, we're back with another PD Tips and Tricks video to help improve your workflow. This time, we're focusing on a cool feature of httpx tha...
youtu.be
December 16, 2025 at 10:02 PM
Tired of dealing with duplicate results in your scans?
Httpx now has a cool feature for that: Filter Duplicates Tag!
It allows you to filter duplicates as you scan, saving you time and giving you cleaner results.
See how it works in 1 min 👇
Httpx now has a cool feature for that: Filter Duplicates Tag!
It allows you to filter duplicates as you scan, saving you time and giving you cleaner results.
See how it works in 1 min 👇
Security leaders are aligned on this: the perimeter didn’t vanish… it became more dynamic, distributed, and influenced by AI-driven reconnaissance. As a result, visibility isn’t enough. Learn more: projectdiscovery.io/whitepapers/...
December 15, 2025 at 9:07 PM
Security leaders are aligned on this: the perimeter didn’t vanish… it became more dynamic, distributed, and influenced by AI-driven reconnaissance. As a result, visibility isn’t enough. Learn more: projectdiscovery.io/whitepapers/...
Tired of your recon data getting bloated with static files?
Here is a quick katana one-liner to actively crawl deep, parse JS, and strip out the noise (css, svg, fonts, etc.) automatically.👇
katana -u subdomains_alive.txt -d 5 -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
Here is a quick katana one-liner to actively crawl deep, parse JS, and strip out the noise (css, svg, fonts, etc.) automatically.👇
katana -u subdomains_alive.txt -d 5 -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
December 15, 2025 at 6:31 PM
Tired of your recon data getting bloated with static files?
Here is a quick katana one-liner to actively crawl deep, parse JS, and strip out the noise (css, svg, fonts, etc.) automatically.👇
katana -u subdomains_alive.txt -d 5 -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
Here is a quick katana one-liner to actively crawl deep, parse JS, and strip out the noise (css, svg, fonts, etc.) automatically.👇
katana -u subdomains_alive.txt -d 5 -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
@NahamSec hacked a Wordpress website using Neo
Watch it now → https://youtu.be/AnVONITvWw4?si=VW8RD_xDzogwXFqv
Watch it now → https://youtu.be/AnVONITvWw4?si=VW8RD_xDzogwXFqv
December 15, 2025 at 1:31 AM
@NahamSec hacked a Wordpress website using Neo
Watch it now → https://youtu.be/AnVONITvWw4?si=VW8RD_xDzogwXFqv
Watch it now → https://youtu.be/AnVONITvWw4?si=VW8RD_xDzogwXFqv
Your company passwords could be sitting in a malware log right now.
Don't wait for a breach to find out. We built free credential monitoring so you can spot exposures before attackers exploit them.
Try it → https://cloud.projectdiscovery.io/leaks
Don't wait for a breach to find out. We built free credential monitoring so you can spot exposures before attackers exploit them.
Try it → https://cloud.projectdiscovery.io/leaks
December 13, 2025 at 11:02 PM
Your company passwords could be sitting in a malware log right now.
Don't wait for a breach to find out. We built free credential monitoring so you can spot exposures before attackers exploit them.
Try it → https://cloud.projectdiscovery.io/leaks
Don't wait for a breach to find out. We built free credential monitoring so you can spot exposures before attackers exploit them.
Try it → https://cloud.projectdiscovery.io/leaks
Ever wonder if you can run Nuclei across multiple bug bounty programs effectively? 🤔
That's exactly what @NahamSec did a year ago! See how he leveraged Nuclei in diverse bug bounty programs to maximize his hunting.
Watch the video and get inspired👇
That's exactly what @NahamSec did a year ago! See how he leveraged Nuclei in diverse bug bounty programs to maximize his hunting.
Watch the video and get inspired👇
Running Nuclei On All My Bug Bounty Programs
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training...
youtu.be
December 11, 2025 at 6:31 PM
Ever wonder if you can run Nuclei across multiple bug bounty programs effectively? 🤔
That's exactly what @NahamSec did a year ago! See how he leveraged Nuclei in diverse bug bounty programs to maximize his hunting.
Watch the video and get inspired👇
That's exactly what @NahamSec did a year ago! See how he leveraged Nuclei in diverse bug bounty programs to maximize his hunting.
Watch the video and get inspired👇
How do you get comprehensive DNS insights from your subdomain list?
This powerful one-liner (cat subdomains.txt | dnsx -resp -o dns_responses.txt) helps you:
✅ Process lists of subdomains
✅ Perform rapid DNS resolution
✅ Save all responses for analysis
Streamline your recon workflow!
This powerful one-liner (cat subdomains.txt | dnsx -resp -o dns_responses.txt) helps you:
✅ Process lists of subdomains
✅ Perform rapid DNS resolution
✅ Save all responses for analysis
Streamline your recon workflow!
December 10, 2025 at 5:31 PM
How do you get comprehensive DNS insights from your subdomain list?
This powerful one-liner (cat subdomains.txt | dnsx -resp -o dns_responses.txt) helps you:
✅ Process lists of subdomains
✅ Perform rapid DNS resolution
✅ Save all responses for analysis
Streamline your recon workflow!
This powerful one-liner (cat subdomains.txt | dnsx -resp -o dns_responses.txt) helps you:
✅ Process lists of subdomains
✅ Perform rapid DNS resolution
✅ Save all responses for analysis
Streamline your recon workflow!
🚨 New launch: Introducing Neo, your new AI security engineer.
Neo executes complex, time-intensive security workflows across your stack.
📅 Request a demo to watch it work in your environment:
🔗 neo.projectdiscovery.io
Neo executes complex, time-intensive security workflows across your stack.
📅 Request a demo to watch it work in your environment:
🔗 neo.projectdiscovery.io
Neo - AI Security Engineer
The AI security engineer that executes complex and time-intensive tasks, enabling your team to scale operations and maintain continuous, proactive security.
neo.projectdiscovery.io
December 9, 2025 at 12:45 AM
🚨 New launch: Introducing Neo, your new AI security engineer.
Neo executes complex, time-intensive security workflows across your stack.
📅 Request a demo to watch it work in your environment:
🔗 neo.projectdiscovery.io
Neo executes complex, time-intensive security workflows across your stack.
📅 Request a demo to watch it work in your environment:
🔗 neo.projectdiscovery.io
Looking for a better way to store and manage your Nuclei scan results?
MongoDB support allows you to export all your scan results to a MongoDB database for enhanced storage and reporting.
Watch this one-minute video to see how it works 👇
MongoDB support allows you to export all your scan results to a MongoDB database for enhanced storage and reporting.
Watch this one-minute video to see how it works 👇
ProjectDiscovery Tips and Tricks - MongoDB!
In this week's PD tips and tricks video, we're highlighting a feature of Nuclei that enhances your scanning and reporting process in Nuclei.MongoDB support w...
youtu.be
December 7, 2025 at 11:02 PM
Looking for a better way to store and manage your Nuclei scan results?
MongoDB support allows you to export all your scan results to a MongoDB database for enhanced storage and reporting.
Watch this one-minute video to see how it works 👇
MongoDB support allows you to export all your scan results to a MongoDB database for enhanced storage and reporting.
Watch this one-minute video to see how it works 👇
You've implemented a Content Security Policy (CSP) for your web application – great!
But here's the catch: a CSP bypass occurs when an attacker finds a way around those restrictions. This often stems from improperly configured CSP headers, leaving your app vulnerable.
(🧵👇)
But here's the catch: a CSP bypass occurs when an attacker finds a way around those restrictions. This often stems from improperly configured CSP headers, leaving your app vulnerable.
(🧵👇)
December 7, 2025 at 12:02 AM
You've implemented a Content Security Policy (CSP) for your web application – great!
But here's the catch: a CSP bypass occurs when an attacker finds a way around those restrictions. This often stems from improperly configured CSP headers, leaving your app vulnerable.
(🧵👇)
But here's the catch: a CSP bypass occurs when an attacker finds a way around those restrictions. This often stems from improperly configured CSP headers, leaving your app vulnerable.
(🧵👇)
Need to quickly map a target's tech stack? 👀
This command combines subfinder, httpx, and nuclei to detect web technologies on live subdomains, giving you crucial insights for your next steps.
subfinder -d target(.)com -silent | httpx | nuclei -t technologies/tech-detect).)yaml
This command combines subfinder, httpx, and nuclei to detect web technologies on live subdomains, giving you crucial insights for your next steps.
subfinder -d target(.)com -silent | httpx | nuclei -t technologies/tech-detect).)yaml
December 5, 2025 at 10:02 PM
Need to quickly map a target's tech stack? 👀
This command combines subfinder, httpx, and nuclei to detect web technologies on live subdomains, giving you crucial insights for your next steps.
subfinder -d target(.)com -silent | httpx | nuclei -t technologies/tech-detect).)yaml
This command combines subfinder, httpx, and nuclei to detect web technologies on live subdomains, giving you crucial insights for your next steps.
subfinder -d target(.)com -silent | httpx | nuclei -t technologies/tech-detect).)yaml
Are you tired of chasing vulnerability ghosts?
We built ProjectDiscovery because we were.
We saw too many security teams drowning in false positives and version-based alerts that didn't reflect the real-world risk.
We changed vulnerability management with four core principles👇
We built ProjectDiscovery because we were.
We saw too many security teams drowning in false positives and version-based alerts that didn't reflect the real-world risk.
We changed vulnerability management with four core principles👇
December 3, 2025 at 9:43 PM
Are you tired of chasing vulnerability ghosts?
We built ProjectDiscovery because we were.
We saw too many security teams drowning in false positives and version-based alerts that didn't reflect the real-world risk.
We changed vulnerability management with four core principles👇
We built ProjectDiscovery because we were.
We saw too many security teams drowning in false positives and version-based alerts that didn't reflect the real-world risk.
We changed vulnerability management with four core principles👇
Recent AI-assisted intrusions have made something very clear for security leaders: the challenge isn’t visibility anymore; it’s confidence. Teams don’t need more alerts; they need to know which ones are real.
Learn more in our new whitepaper: projectdiscovery.io/whitepapers/...
Learn more in our new whitepaper: projectdiscovery.io/whitepapers/...
December 3, 2025 at 7:22 PM
Recent AI-assisted intrusions have made something very clear for security leaders: the challenge isn’t visibility anymore; it’s confidence. Teams don’t need more alerts; they need to know which ones are real.
Learn more in our new whitepaper: projectdiscovery.io/whitepapers/...
Learn more in our new whitepaper: projectdiscovery.io/whitepapers/...
Introducing Neo: a cloud-based AI security engineer for real-world security work. Neo owns workflows like vuln triage, feature reviews, pentesting, and continuous compliance. It learns your stack, remembers context, & runs tasks in parallel in isolated sandboxes. projectdiscovery.io/blog/introdu...
Introducing Neo, an AI security engineer for complex security tasks — ProjectDiscovery Blog
Neo is a cloud-based AI security engineer that works alongside your team and takes on real security tasks like a true co-engineer. As it operates, it continuously learns your systems and processes, im...
projectdiscovery.io
December 3, 2025 at 12:44 AM
Introducing Neo: a cloud-based AI security engineer for real-world security work. Neo owns workflows like vuln triage, feature reviews, pentesting, and continuous compliance. It learns your stack, remembers context, & runs tasks in parallel in isolated sandboxes. projectdiscovery.io/blog/introdu...
Tired of manually tracking security vulnerabilities?
Nuclei offers Linear issue tracking, a handy feature that creates and tracks issues directly from your scans, helping you get to resolution faster.
Check out our GitHub repository. 👇
https://github.com/projectdiscovery/nuclei/pull/5601
Nuclei offers Linear issue tracking, a handy feature that creates and tracks issues directly from your scans, helping you get to resolution faster.
Check out our GitHub repository. 👇
https://github.com/projectdiscovery/nuclei/pull/5601
December 1, 2025 at 10:02 PM
Tired of manually tracking security vulnerabilities?
Nuclei offers Linear issue tracking, a handy feature that creates and tracks issues directly from your scans, helping you get to resolution faster.
Check out our GitHub repository. 👇
https://github.com/projectdiscovery/nuclei/pull/5601
Nuclei offers Linear issue tracking, a handy feature that creates and tracks issues directly from your scans, helping you get to resolution faster.
Check out our GitHub repository. 👇
https://github.com/projectdiscovery/nuclei/pull/5601
Running into an error while writing a Nuclei template?
Here's a simple way to fix them.👇
Here's a simple way to fix them.👇
December 1, 2025 at 1:02 AM
Running into an error while writing a Nuclei template?
Here's a simple way to fix them.👇
Here's a simple way to fix them.👇
Are you the kind of bug bounty hunter people want to work with?
4 Essentials to build your reputation:
✅Get Permission
✅Stay in Scope
✅Be Transparent
✅Take Your Time
Read the full blog to learn the 4 essentials of good bug bounty etiquette👇
https://tinyurl.com/4pvxtrhh
4 Essentials to build your reputation:
✅Get Permission
✅Stay in Scope
✅Be Transparent
✅Take Your Time
Read the full blog to learn the 4 essentials of good bug bounty etiquette👇
https://tinyurl.com/4pvxtrhh
November 30, 2025 at 4:02 AM
Are you the kind of bug bounty hunter people want to work with?
4 Essentials to build your reputation:
✅Get Permission
✅Stay in Scope
✅Be Transparent
✅Take Your Time
Read the full blog to learn the 4 essentials of good bug bounty etiquette👇
https://tinyurl.com/4pvxtrhh
4 Essentials to build your reputation:
✅Get Permission
✅Stay in Scope
✅Be Transparent
✅Take Your Time
Read the full blog to learn the 4 essentials of good bug bounty etiquette👇
https://tinyurl.com/4pvxtrhh
Need to confirm a vulnerability in Nuclei?
Meet Analyzers!🤝
This is a concept introduced in Nuclei fuzzing that allows the engine to make additional verification requests, based on a specific logic, to confirm a vulnerability.
Meet Analyzers!🤝
This is a concept introduced in Nuclei fuzzing that allows the engine to make additional verification requests, based on a specific logic, to confirm a vulnerability.
November 28, 2025 at 11:01 PM
Need to confirm a vulnerability in Nuclei?
Meet Analyzers!🤝
This is a concept introduced in Nuclei fuzzing that allows the engine to make additional verification requests, based on a specific logic, to confirm a vulnerability.
Meet Analyzers!🤝
This is a concept introduced in Nuclei fuzzing that allows the engine to make additional verification requests, based on a specific logic, to confirm a vulnerability.
Happy Thanksgiving to those who celebrate today. 🌀
We are deeply grateful for our community, the base of everything. Thank you for making ProjectDiscovery what it is today.
Spread the gratitude 👇
What are you grateful for today?
We are deeply grateful for our community, the base of everything. Thank you for making ProjectDiscovery what it is today.
Spread the gratitude 👇
What are you grateful for today?
November 28, 2025 at 2:01 AM
Happy Thanksgiving to those who celebrate today. 🌀
We are deeply grateful for our community, the base of everything. Thank you for making ProjectDiscovery what it is today.
Spread the gratitude 👇
What are you grateful for today?
We are deeply grateful for our community, the base of everything. Thank you for making ProjectDiscovery what it is today.
Spread the gratitude 👇
What are you grateful for today?