# Install nuclei with Homebrew, apk, dnf, MacPorts, Nix, scoop

HTTP/DNS scanner configurable via YAML templates. Version 3.11.0 via Homebrew; verified 2026-07-06.

## Install

```sh
sudo av install brew:nuclei
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install nuclei
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install nuclei
```

  Evidence: MacPorts ports tree: security/nuclei/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add nuclei
```

  Evidence: Alpine Linux edge package indexes: nuclei from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- dnf (92%):

```sh
sudo dnf install nuclei
```

  Evidence: Fedora Rawhide package metadata: nuclei from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#nuclei
```

  Evidence: nixpkgs package indexes: pkgs/by-name/nu/nuclei/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

### Windows

- Scoop (92%):

```sh
scoop install main/nuclei
```

  Evidence: Scoop official bucket manifest trees: bucket/nuclei.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:nuclei
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/nuclei>
- **Version:** 3.11.0
- **Source summary:** HTTP/DNS scanner configurable via YAML templates
- **Homepage:** <https://docs.projectdiscovery.io/tools/nuclei/overview>
- **Repository:** <https://github.com/projectdiscovery/nuclei>
- **Upstream docs:** <https://docs.projectdiscovery.io/opensource/nuclei>
- **License:** MIT
- **Source archive:** <https://github.com/projectdiscovery/nuclei/archive/refs/tags/v3.11.0.tar.gz>
- **Last updated:** 2026-07-06T10:13:48Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- nuclei (cli)
- nuclei (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.11.0
- Package-manager updated: 2026-07-06
- Local data: ok
- Upstream repository: https://github.com/projectdiscovery/nuclei
- Upstream latest detected: v3.11.0 (current)
## Project history and usage

Nuclei is ProjectDiscovery's Go-based, template-driven vulnerability scanner. Its core package identity is the split between a fast scanning engine and a community-maintained YAML template ecosystem.

### Project history

The nuclei repository was created on 2020-04-03, and the companion nuclei-templates repository followed on 2020-04-04. The README describes Nuclei as a modern high-performance scanner using simple YAML templates to model real vulnerability checks with low false positives.

ProjectDiscovery's documentation and README emphasize extensibility: templates can cover HTTP, DNS, TCP, SSL, WHOIS, JavaScript, code, file, headless, and other protocol modes, with bulk scanning, template filtering, workflows, output formats, and CI/CD integration.

### Adoption history

Nuclei's adoption is inseparable from nuclei-templates. The template repository describes itself as a community-curated list for the nuclei engine; on 2026-07-01 its README statistics listed 11,997 files, 873 directories, thousands of CVE/vulnerability/discovery tags, and KEV-oriented coverage.

The upstream README says Nuclei is used and contributed to by Fortune 500 enterprises, government agencies, and universities. It is common in bug bounty, attack-surface management, pentest regression, and DevSecOps workflows because checks can be shared as small YAML files rather than compiled scanner plugins.

### How it is used

Typical package use starts with `nuclei -u target` or `nuclei -l targets.txt`, then narrows by template path, tags, severity, protocol type, or template ID. Users update templates, run new templates only, export JSONL or reports, write custom templates, and chain Nuclei after discovery tools that produce host or URL lists.

Security teams use it as a repeatable regression scanner: turn a finding into a template, commit the template, rerun it across staging or production, and keep checking that the vulnerability does not reappear.

### Why package nerds care

Nuclei matters because it made the packageable unit of vulnerability knowledge a readable YAML template. That lowered the cost of sharing checks across bug bounty hunters, consultancies, and internal security teams.

### Timeline

- 2020-04-03: nuclei GitHub repository created.
- 2020-04-04: nuclei-templates GitHub repository created.
- 2026-07-01: point-in-time template README statistics listed 11,997 files and 873 directories.

### Related projects

- nuclei-templates
- ProjectDiscovery httpx
- ProjectDiscovery subfinder
- ProjectDiscovery naabu
- Interactsh

### Sources

- <https://api.github.com/repos/projectdiscovery/nuclei>
- <https://api.github.com/repos/projectdiscovery/nuclei-templates>
- <https://docs.projectdiscovery.io/opensource/nuclei/overview>
- <https://formulae.brew.sh/formula/nuclei>
- <https://github.com/projectdiscovery/nuclei>
- <https://github.com/projectdiscovery/nuclei-templates>
- <https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/README.md>
- <https://raw.githubusercontent.com/projectdiscovery/nuclei/dev/README.md>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.config/nuclei/config.yaml

## Credential files

- Unix: ~/.pdcp/credentials.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** nuclei
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - nuclei: normalized package name match | nixpkgs package indexes: pkgs/by-name/nu/nuclei/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- apk - nuclei - 3.8.0-r1: normalized package name match | Alpine Linux edge package indexes: nuclei from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Vulnerability scanner built on a simple YAML-based DSL | https://docs.projectdiscovery.io/tools/nuclei
- apk - nuclei-doc - 3.8.0-r1: normalized package name match | Alpine Linux edge package indexes: nuclei-doc from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Vulnerability scanner built on a simple YAML-based DSL (documentation) | https://docs.projectdiscovery.io/tools/nuclei
- dnf - nuclei - 3.8.0-1.fc45: normalized package name match | Fedora Rawhide package metadata: nuclei from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Fast, customizable YAML-based vulnerability scanner | https://github.com/projectdiscovery/nuclei
- MacPorts - nuclei: normalized package name match | MacPorts ports tree: security/nuclei/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Scoop - main/nuclei: normalized package name match | Scoop official bucket manifest trees: bucket/nuclei.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [grype](https://www.automicvault.com/pkg/brew/grype/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [osv-scanner](https://www.automicvault.com/pkg/brew/osv-scanner/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [terrapin-scanner](https://www.automicvault.com/pkg/brew/terrapin-scanner/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [vuls](https://www.automicvault.com/pkg/brew/vuls/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [clair](https://www.automicvault.com/pkg/brew/clair/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [govulncheck](https://www.automicvault.com/pkg/brew/govulncheck/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [safety](https://www.automicvault.com/pkg/brew/safety/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.

## Combined YAML source

View the package source record on GitHub. [combined/nuclei.yml](https://github.com/automic-vault/db/blob/main/combined/nuclei.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
