Nuclei Vulnerability Scanner
Nuclei Vulnerability Scanner
Nuclei is an open-source vulnerability scanner maintained by ProjectDiscovery. FortWatch uses Nuclei as its primary engine for detecting web vulnerabilities and configuration issues.
What Nuclei Scans For
FortWatch runs Nuclei in two passes against each asset:
Pass 1: Vulnerability Scan
The first pass checks for known vulnerabilities including:
- Known CVEs (Common Vulnerabilities and Exposures) in web applications
- Exposed admin panels and management interfaces
- Default credentials on common services
- Information disclosure (error messages, debug endpoints, backups)
- Injection vulnerabilities (SQL injection, XSS, template injection)
- Authentication and authorization bypasses
Pass 2: Hardening Checks
The second pass evaluates the security posture of the asset's configuration:
- Security headers — Checks for Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security, and more.
- SSL/TLS configuration — Validates certificate chains, expiry dates, protocol versions, and cipher suites.
- Web server hardening — Checks Nginx and Apache configurations for common misconfigurations.
Finding Severity
Nuclei assigns a severity to each finding based on the template that detected it. FortWatch preserves these severities:
- Critical — Actively exploitable vulnerabilities that could lead to full system compromise.
- High — Serious vulnerabilities that could lead to data exposure or significant security impact.
- Medium — Moderate issues that should be addressed but do not pose an immediate risk.
- Low — Minor issues or informational findings about configuration.
- Info — Purely informational findings (hidden by default in the FortWatch interface).
Template Updates
FortWatch regularly updates its Nuclei template library to ensure the latest known vulnerabilities are included in scans. New templates are added as they become available from the Nuclei community.