We're excited to announce ProjectDiscovery v1.3.0, a significant milestone that transforms how security teams discover, analyze, and respond to vulnerabilities across their attack surface. Check out our blog below for a full technical breakdown 💫 Headed to Vegas for Black Hat?

Heading to Black Hat and DEF CON . If you’re into OSS, Cloud, or AI and want to hear what we’re building at ProjectDiscovery, join us at Nuclei Nights. Info: eventbrite.com/e/nuclei-night…

🚨 NEW FEATURE - Live CT Log Streaming in tlsx! 🚨 With tlsx, you can now stream and store live certificate transparency logs with the -ctl flag. This lets anyone build their own crt.sh or power threat hunting based on cert data!  Perfect for OSINT, detection,

How Burp AI works internally. I touched this briefly in my BB village talk. We will learn how to proxy Burp and what the requests/responses look like. This allows us to write an extension to redirect Burp to our own AI instance. parsiya.net/blog/2025-08-1…

Only ~6% of CVEs are ever exploited… yet scanners still flood teams with endless alerts. More signatures ≠ more security. They guess. We validate. Curious what actually matters? Check out our latest blog: The Coverage Lie 👉 projectdiscovery.io/blog/why-curre…

🛠️ Stop running Subfinder, Nuclei, HTTPX “out of the box.” In this walkthrough with Ben Sadeghipour, we: • Build a VPS recon box • Install & manage all PD tools w/ Go installer • Chain Subfinder → AlterX → DNSX → Naboo → HTTPX → Katana • Move from automation → methodology

I automated finding reflected XSS using Nuclei and some passive recon data and ran it against a bug bounty program. Watch it here 👉🏼 youtu.be/WCXW9uKYm48

Reversing web CVEs isn't guesswork. It's process. New blog: how we go from "vague advisory" → local lab → patch diff → safe Nuclei PoC, with concrete examples (Zimbra, Ivanti, Versa, Lucee). Read the full methodology: projectdiscovery.io/blog/how-to-re…

New blog - documented our CVE research process - patch analysis, setting up debug environments across different stacks, and keeping research organized. projectdiscovery.io/blog/how-to-re…

🚀 As promised — v1.4.0 is live! Hierarchical request grouping, smarter secret detection, cleaner UI, and better workflows across the board. If this made your testing life 1% easier, sponsor rep+ and I’ll ship 10% faster ❤️

After adding Raw & Hex views, I realized we needed more flexibility. So I just added a layout toggle to switch between horizontal and vertical split panes! Now you can view your requests exactly how you like 🫡

Here's Neo in action finding vulnerability in real-world application running with outdated components. neo.projectdiscovery.io/chat/share/32b…

This is the most reliable public detection (at this time) to indicate whether a machine is actually exploitable to CVE-2025-55182 / React2Shell without invoking the RCE and limited FP's. it triggers an internal error and validates the vulnerable version cloud.projectdiscovery.io/library/CVE-20…

Scanning for CVE-2025-55182 using Nuclei by ProjectDiscovery 🚨 If you're running Next.js / React, scan your apps now. Nuclei Template - cloud.projectdiscovery.io/library/CVE-20… Vulnerability Advisory - react.dev/blog/2025/12/0… #nextjs #cybersecurity #react2shell

A recurring theme among security leaders: the volume of findings keeps growing, but the amount of verified information is shrinking. AI is accelerating attacks while simultaneously amplifying noise, and validation is becoming the critical bottleneck. This report breaks down why