| Port details |
- nuclei Fast vulnerability scanner
- 3.11.0 security
=3 3.10.0_1Version of this port present on the latest quarterly branch. - Maintainer: dutra@FreeBSD.org
 - Port Added: 2022-10-25 12:45:06
- Last Update: 2026-07-11 19:37:26
- Commit Hash: 7d4c84f
- People watching this port, also watch:: ffmpeg, qemu, node, tmux, yt-dlp
- License: MIT
- WWW:
- https://github.com/projectdiscovery/nuclei
- Description:
- Fast and customizable vulnerability scanner based on simple YAML based DSL.
Nuclei offers scanning for a variety of protocols:
- TCP
- DNS
- HTTP
- SSL
- File
- Whois
- Websocket
- Headless
Example templates:
- github.com/projectdiscovery/nuclei-templates
¦ ¦ ¦ ¦ 
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - USE_RC_SUBR (Service Scripts)
- no SUBR information found for this port
- Dependency lines:
-
- To install the port:
- cd /usr/ports/security/nuclei/ && make install clean
- To add the package, run one of these commands:
- pkg install security/nuclei
- pkg install nuclei
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: nuclei
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1783629328
SHA256 (go/security_nuclei/nuclei-v3.11.0/v3.11.0.mod) = 10e140ea9a498fe7409fb32addeacb10b1cd8791c3fc766f14fa13a2d8e2983d
SIZE (go/security_nuclei/nuclei-v3.11.0/v3.11.0.mod) = 21028
No package information for this port in our database- Sometimes this happens. Not all ports have packages. Perhaps there is a build error. Check the fallout link:

- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- go125 : lang/go125
- Fetch dependencies:
-
- go125 : lang/go125
- There are no ports dependent upon this port
Configuration Options:
- No options to configure
- Options name:
- security_nuclei
- USES:
- go:1.25+,modules zip
- pkg-message:
- Breaking Change: Signed templates required for JavaScript protocol
Starting with v3.11.0, custom templates that use the javascript:
protocol must be digitally signed before Nuclei will load or execute
them. Unsigned JavaScript templates are now skipped during template
loading and when referenced from workflows.
Why this change
This release continues the security hardening started in v3.10.0
(sandbox enforcement, network policy checks, stricter code-template
handling, YAML include protections, and related fixes in #7469). The
JavaScript protocol exposes Go-backed modules through Nuclei's JS
runtime, which significantly increases attack surface compared with
request-only templates. Requiring signatures brings JavaScript templates
in line with the existing protections for code-protocol templates.
- Master Sites:
|