Credential Monitoring (beta)

A new Leaks experience continuously surfaces exposed credentials associated with your organization so you can spot account-takeover risk early and act before attackers do. Access is scoped by role to protect sensitive breach data, and organization-wide visibility unlocks after domain verification. Enterprise teams can manage multiple domains and integrate via API.

Learn more here:

https://docs.projectdiscovery.io/cloud/credential-monitoring

Rate Limit per Host

A new scan configuration option enables control over request rates to safeguard host stability and optimize resource usage. Use the “Rate limit per host” setting to define requests per second per host, leave blank to default to maximum scan speed. Lower values enhance host respect, while higher values boost throughput. This control is scoped within scan configurations and integrates seamlessly with custom headers, variables, and enterprise-grade features like fixed IPs and whitelisting to ensure predictable, compliant scanning behavior.

Learn more here:

https://docs.projectdiscovery.io/cloud/scanning/parameters#rate-limiting

Contextual Metadata for Cloud Assets

Asset drawers now include enriched metadata from connected cloud providers to help you understand what you’re looking at without switching tools. For example, an AWS S3 bucket or a Kubernetes ingress will display the key integration details you typically hunt for, things like the instance identity, how traffic reaches it, the control plane objects it’s tied to, and the versioning and ownership breadcrumbs that matter during triage. The goal is simple: when you pull up an asset, you immediately see the operational shape around it so you can make a confident call on severity and next steps. Filtering on these metadata fields is coming soon.

Asset Source Visibility

The asset drawer now includes source details, making it easier to see where discovered assets originate and providing context for external discovery. This lives under theAsset → Drawer details panel.

WAF statistics in scan logs

Scan logs now include a WAF-focused summary to make it easier to see when scans are being challenged or blocked and to guide tuning (e.g., white-listing, throttling or header strategies). This lives under theScan → Logs details panel.

UI & UX Improvements

• Prevented recommended profiles from being auto-selected multiple times in the template option workflow.

• Fixed scan button behavior in grouped asset view, ensuring scans can be initiated correctly.

• Introduced a new score progress bar for clearer visibility of Security Score improvements.

• Enhanced the timepicker with smoother UX and resolved edge-case bugs in time selection.

• Improved loading state on the Teams page to provide clearer feedback during team invites.

• Resolved template handling in the scan dialog, fixing issues with running custom and GitHub templates.

Stability & Performance

• Eliminated a race condition in port-scan result callbacks that could trigger occasional panics.

• Refined per-worker rate-limit calculations to prevent host skipping.

• Added additional panic guards across components (including headless and technology-detection paths) for broader coverage.

• Improved scan worker calculation logic for more predictable scheduling under variable load. Fixed an edge case with the retest vulnerability option.

• Added a fallback path when a scan configuration isn’t found, reducing hard failures.

Version 1.3.0 brings a series of interface and experience overhauls, easier discovery, and dozens of polish fixes that make everyday workflows easier and faster.

New Features

• New dashboard – A cleaner, card-driven layout highlights yourtotal assets andopen vulnerabilities at a glance, with contextual charts for ports, tech stacks, severities, and SLAs. Hover actions surface the most-used flows so you're never more than one click away.

• New navigation and sidebar – Collapsible groups, high-contrast icons, and improved keyboard focus states keep navigation compact and accessible for all themes.

• Vulnerability view updates – Now supports drawer view for improved visualization and interaction.

• Category filter – You can now filter e.g. SSRF, Misconfig, RCE, or any custom category in a single click across your vulnerability data under filters.

• HTTP-based wildcard detection and exclusion – Powered by thecleanhttp library, this feature automatically detects wildcard HTTP records and excludes them from discovery by default. This ensures scan time is spent on real targets rather than false positives. Default exclusion is based on signature patterns defined in the cleanhttp project. More controls and customizations coming soon.

Improvements and bug fixes

• Updated billing page with unified usage breakdown data and monthly limits.

• Improved tooltips on abbreviated numbers + long labels across the application.

• Enhanced AI filters on asset pages, including filtering supported in grouped view.

• Custom Filter Enhancements:

  • Custom filters now supportcontains andnot contains with multipe values.

  • Fixed issue with using multiple status code filter.

• Universal table pagination

  • /assets,/scans, and/results tables now load faster.

  • Page size is now customizable and your preference is saved locally.

• Dashboard polish and empty-state fixes.

• Updated Vulnerability status and asset filters.

• Fixed copy/paste link, malformed URLs, and pie-chart tooltip issues.

• Asset discovery history now delivers accurate failure details.

• Alerting with severity configuration:

  • Fixed an issue with sending alerts when severity is configured.

  • Fixed an issue with sending alert for initial scan / discovery

• Added auto-refresh for ephemeral IPs to clean up unrelated hosts and data upon re-discovery runs.

• Fixed a bug with template id exclusion from pre-created scans.

• Fixed a bug to return unique counters for remediated and regression vulnerabilities count on reports page.

• Along with many other bugs and improvements.

We’re excited to roll out a fresh update packed with powerful enhancements across vulnerability management, asset workflows, and template generation! This release focuses on improving visibility, flexibility, and customization across the app.

Vulnerability Management

• Custom severity for templates and vulnerabilities:Gain more control over your security workflow with the ability to customize severity levels for both templates and identified vulnerabilities, adapting them to your organization's specific risk tolerance.

• Severity customization for vulnerability alerting:Customize Slack, Teams, and email alert notifications based on vulnerability severity levels

• New vulnerability status (triaged):Track vulnerabilities more easily across key stages of remediation with our new ‘triaged’ status, allowing security teams to mark issues that have been reviewed but where remediation has not begun.

• Custom reporting link reference:Connect vulnerability findings to external resources like ticketing, documentation, or policies with custom links

Asset Management

• Asset overview (early version):View your data in different ways with our new multi-format visualization feature, giving you flexibility in how you explore your infrastructure’s exposure, such as detected ports and technologies. This early version is just the beginning, with more data points, visualizations, and improvements coming soon.

• Grouped asset view:Efficiently analyze assets with our new grouped view that correlates multiple data points, helping you identify patterns and relationships across your infrastructure.

• Bulk asset deletion by filters:Bulk delete assets using filters, enabling you mass remove assets that meet specific criteria.

• Bulk / single label removal support:We've added the ability to remove labels in bulk or individually, giving you more flexibility in organizing and managing your resources.

• Asset host view:View detailed host-level information such as response headers, network information, and certificate information by clicking on each asset

Template Features

When we first launched the ProjectDiscovery Cloud Platform, it was centered around our Nuclei template editor, powered by OpenAI APIs and several internal tools to handle lint errors and ensure accuracy with the Nuclei schema. Today, we’re releasing the second major update to this interface, with a primary focus on making iterative editing faster and smoother. The editor now includes integrated chat, enabling a real-time, interactive conversation with the AI editor while editing templates. This allows for a more dynamic and efficient editing experience. We’ve also added support for attaching images directly within the editor, simplifying your template development and debugging process.

• Interactive chat assistant for template creation and modification with diff view: Get real-time, interactive help while building templates, with side-by-side comparisons that make tracking changes effortless.

• AI-powered auto-complete suggestions for template fields: Boost productivity with intelligent auto-complete suggestions that learn from common template patterns and streamline your workflow.

• Multi-tab editing with local cache for unsaved templates: Work on multiple templates at once without losing progress, thanks to our new local caching system that keeps your unsaved changes safe.

• Multiple target inputs with improved debugging experience: Test your templates against multiple targets simultaneously, with enhanced debugging tools that simplify troubleshooting and speed up the process.

• Template sharing with restricted access and custom expiration: Securely share templates with team members or clients, featuring fine-grained access controls and automatic expiration dates for added security.

• Run with Nuclei: Easily copy the Nuclei CLI command from the editor to run the template locally with Nuclei. This feature is especially useful for scanning a list of targets directly from your machine.

• Vulnerability Library (early version)

  We’re excited to announce the early release of a unified interface for vulnerabilities, making it easier to browse and explore both CVEs and non-CVE vulnerabilities in one place. We’re still iterating, and more improvements are coming soon. Stay tuned for further updates.

  • New page for browsing CVEs and Nuclei templates: Access a comprehensive collection of Nuclei templates in one convenient location. Currently focused on templates, with CVEs coming soon.

  • Advanced search and filtering: Quickly find exactly what you need with powerful search capabilities. Mix and match filters to get precise, targeted results.

  • Detailed exploit pages: Dive into well-organized, in-depth information on specific exploits, including technical breakdowns, impact assessments, and actionable remediation steps.

Other Improvements

• Bulk / single label removal support:Remove labels in bulk or individually, giving you more flexibility in organizing and managing your assets

• Discovered domains list under usages section:Automatically track domains discovered during scanning with a convenient list in the usages section, helping you maintain awareness of your growing attack surface

• Self-Hosted Jira Integration for Vulnerability Tracking:Integrate with self-hosted Jira instances to automatically create tickets from vulnerability findings

In this release, we've focused on enhancing user experience by introducing new features such as AWS ARN integration for improved cloud asset discovery, domain filtering in vulnerability results, and a scan history page for tracking previous scans. Additionally, we've addressed several bugs to ensure a smoother platform performance.

New features

• AWS ARN integration

  Enhanced AWS integration options with an improved user experience.
  Navigation: Assets → Integrations → AWS

• Domain filter

  Added support for filtering vulnerabilities and results by domain.
  Navigation: Assets → Inventory → Filters → Domain

• Scan history page

  Introduced a dedicated page to view historical scan runs with a timeline.
  Navigation: Scans → Scan ID → History

• Time filter

  Implemented time-based filtering in the asset/inventory view.
  Navigation: Assets → Inventory → Filters → Time

• Invoice downloads

  Added the option to download current and historical invoices from the billing page.
  Navigation: Settings → Billing

• Team member activity

  Now displaying the last active time for each team member in the list view.
  Navigation: Settings → Teams

Bug fixes

• Unverified host discovery

  Fixed an issue where unverified hosts were discovered when using the Related IP/Host Discovery option.

• Proxy tunnel selection

  Resolved an issue with selecting the correct proxy tunnel when multiple tunnels are present.

• Results page unresponsiveness

  Fixed an issue where the results page became unresponsive after creating a manual ticket.

• JSON tab rendering

  Addressed an issue where the JSON tab was not rendering in the template editor result view.

• Session refresh handling

  Ensured proper session refresh handling after user or network inactivity.

• Authentication & workspace Switch

  Prevented the default loader (logo) from re-rendering upon authentication or workspace switch.

For more details onAWS ARN integration, refer to our documentation:
🔗AWS ARN Integration Guide

For information oninternal scanning, visit:
🔗Internal Scanning Documentation

We're excited to announce the v1.0.0 release of ProjectDiscovery Platform, bringing significant improvements to vulnerability scanning, asset discovery, and vulnerability management capabilities.

1. Improved onboarding for free-tier users with a business email

   • Introduced automated asset discovery and vulnerability scanning during onboarding

   • Streamlined subsidiary domain and asset discovery process

   • Note: Free-tier users with a business email continue to get a free monthly vulnerability scan of all subdomains associated with their email domain with no asset limits.

2. Improved asset discovery workflows

   • TLS certificate probing (via tlsx)

     • Automatic extraction of TLS certificate data from discovered hostnames/IPs

     • Enabled by default for all discoveries

   • Exposed target IP discovery (via uncover)

     • Identifies exposed IPs sharing TLS certificates same as input domains

     • Enabled by default for enhanced reconnaissance

   • ASN metadata integration (via asnmap)

     • Automatic extraction of ASN data for discovered assets

     • Enhanced network context for better asset understanding

     • Enabled by default for all discoveries

   • Dynamic asset groups from saved filters

     • Create dynamic asset groups from existing enumerations by saving your filter selections

     • Improved asset monitoring and management capabilities

     • Customizable enumeration configurations per group

   • Enhanced filtering

     • New multi-select filters for assets

     • Support for negative search parameters

     • Improved asset categorization and search capabilities

   • AI-Powered asset labeling

     • Automatic labeling and categorization based on screenshots and HTTP metadata for better organization

   • Flexible labeling options

     • Bulk labeling using asset filters

     • Individual asset labeling for precise categorization

   • Weekly screenshot capture for visual asset verification and analysis

     • Enabled by default for all discoveries

   • Comprehensive domain-based asset visualization

     • Advanced search capabilities

     • Active asset data export (raw) options for all users

   • Domain based visualization (free for everyone via UI and API)

     • Advanced search capabilities

     • RAW data export

3. Vulnerability scanning improvements

   • Comprehensive risk reporting from vulnerability scan data, including:

     • Overall security score

     • Vulnerability exposure totals over time

     • Vulnerability Regression analysis

     • Remediation efficiency tracking

   • Universally exclude specific templates or targets from future vulnerability scans or asset discovery

4. Template writing and management:

   • Improved template generation API

   • Integration with Nuclei CLI (-ai flag)

   • On-the-fly template generation and execution

   • Available to all platform users.

For detailed documentation and guides, please visit:

• Asset Discovery Documentation

• Vulnerability Scanning Guide

• Template Management Documentation

Feedback and support

We value your feedback! Please report any issues or suggestions through ourfeedback portal.

We're excited to introduce ProjectDiscovery v0.9.3, featuring internal network vulnerability scanning capabilities. Many teams move to ProjectDiscovery from traditional vulnerability management (VM) tools to reduce noise, streamline their scanning and remediation, and focus on what’s actually exploitable. This release addresses a major pain point for teams transitioning from traditional VM tools, offering streamlined scanning workflows with a laser focus on exploitability for their internal networks.

Key Features

Internal Network Scanning (Beta)

Building on our local Nuclei scanning feature,we've introduced TunnelX – a secure tunneling solution for continuous internal vulnerability assessments. Run scheduled scans, deploy custom templates, and leverage all ProjectDiscovery integrations within your internal network.

Free Monthly Scans for Business Domain

Teams using business email domains now get automatic access to free monthly vulnerability scans across their subdomains upon signup. Perfect for startups and growing security programs looking to leverage Nuclei's precision scanning capabilities. You can also invite up to 10 team members for free in your account.

Improvements

We have pushed several updates and improvements across the app, including its stability. Some key notable improvements are:

• Expand External Discovery with 3rd PartyAPIs: For those who are in red teaming and offensive teams, one of the other requested features was to ingest data from 3rd party APIs and further enrich discovery process. Having broader external discovery helps to gain more insights into the exposed services on the internet. We have now introduced 10 different services integration that you can plug in. Once plugged, we will automatically use that in our external asset discovery pipelines.Note: This is only available for Pro and Enterprise. We have a few exciting updates planned for free users in early 2025.

• Configurable Alerts forScans andAssets: Now you can receive alerts on the condition of detecting new assets and vulnerabilities.

• RedesignedUser Settings for easier access and navigation.

• We have reworked and improved our Jira integration's stability and customization options.

• Improved the team workspaces; now users by default get a workspace where they can directly invite using their Pro or Enterprise plans.

• We fixed an issue with real-time vulnerability scans creating multiple scans; all real-time scans are now consolidated into a single scan for better efficiency.

• You can now export vulnerability scan logs; this is currently available only for Enterprises.

Thank you for continuing to use the platform and sharing your feedback with us. We have many more exciting features planned to be shipped. Stay tuned!

In this release, we've focused on enhancing vulnerability automation capabilities, improving the user experience, and expanding asset discovery and monitoring features.

Our goal remains the same: making modern vulnerability management accurate and risk-based, with a focus on enhancing the workflows where security engineers spend their day-to-day time. The entire ProjectDiscovery platform is available with APIs and a range of integrations.Talk to our team to set it up for your organization.

New Features

• Automatic Real-Time Vulnerability Scan: Enable automated vulnerability scans that trigger whenever new Nuclei templates are added to the platform, ensuring immediate detection of the latest vulnerabilities as soon as they are released. This feature is currently available only to Enterprise customers. Contact our team to upgrade your account. Enable it by following the guidehere.

• Configurable Discovery and Scan Automation: Users can now choose to automatically run asset discovery before scanning or initiate a vulnerability scan immediately after discovery. This behavior is configurable, allowing you to enable or disable automation based on your needs.

• Asset Discovery Alerts: Configurable alerting for asset discovery and monitoring events to keep you informed in real-time.

UI/UX Improvements

• Improved Scan Logs: Enhanced scan logs with a severity filter and uniform colors for easier navigation and analysis.

• Nuclei Templates Feed Timeline: Added a timeline visualization for the Nuclei templates feed, providing a clearer view of updates over time.

• Assets and Vulnerability Trends: Introduced trend graphs for assets and vulnerabilities, offering actionable insights on historical changes and trends.

• Unique Assets in Billing Cycle: Users can now view, search, and export a list of unique assets scanned during the current billing cycle for better usage tracking and analysis.

Bug Fixes

• Fixed Hyperlink Issue in Report URLs: Resolved incorrect hyperlink generation for reports in integration tickets.

• Corrected Missing Options for Scheduled Scans: Fixed the issue where some scheduled scan options were not being displayed properly.

• Fixed Asset Skipping in Nuclei Project: Addressed an issue that caused assets to be skipped during scanning under certain conditions.

• Resolved httpx Upload Issue: Fixed a problem with httpx upload causing metadata update issues when renaming.

• Fixed IP Target Input Issue: Resolved an issue with using IP addresses as target input for scan creation from the live template feed.

Other Updates

• Chaos Project Integration: Users of any tier can now instantly retrieve asset data for domains with public enumeration, as part of theChaos project integration, for faster analysis and discovery.

• Weekly Discovery Data Refresh for Free Tier: Discovery data for public domains available to free-tier users will now be refreshed weekly in an automated, scheduled manner to ensure up-to-date information.

• Asset Inventory Access Changes: Asset Inventory access is now disabled for users in the free tier to prevent abuse and reduce performance load. Asset data will still be accessible via individual asset groups.

What's next?

We're working on expanding automations—configuring automatic vulnerability scans based on multiple asset or template events to further streamline your security processes.

We're committed to continuous improvement, delivering new features and optimizing existing ones to provide an unmatched experience. Stay tuned for more updates!Keep sending us your ideas and feedback—we're just getting started.

We've added Linear ticketing integration. Now you can automatically or manually create tickets from your vulnerability detections. You canset up the integration here.

The dashboard has been updated with the following improvements:

An asset graph card that shows how your exposures and unique technologies grow over time.

An enhanced vulnerability feed that includes more metadata related to each CVE. We've also made these vulnerability templates easilyshareable by allowing you to copy the URL directly from your browser with a given vulnerability.

And with many other bug fixes and performance improvements.

Team ProjectDiscovery!

In this release, we've significantly improved our vulnerability management capabilities, introduced new AWS integration features, enhanced overall user experience, and added real-time feed of Nuclei templates. We're focusing on providing more comprehensive vulnerability tracking, streamlining cloud integrations and improving scan and asset management.

Sign up for Enterprise

Vulnerability Management Enhancements

We've introduced several new features to make vulnerability management more effective and insightful:

• Real-time Nuclei Templates Vulnerability Feed: Integrated a real-time feed of Nuclei templates for up-to-date vulnerability detection.

• New Vulnerability Statuses: AddedIn-Progress andAccepted Risk statuses to better track and manage vulnerabilities.

• Technology-Specific Vulnerability Scans: New option to run vulnerability scans for specific technologies.

• Vulnerability Result Insights: AddedFirst Seen andLast Seen columns to vulnerability result data lists for better tracking.

• Vulnerability Results export: Added filter based vulnerability export in all results section.

Cloud Integration Improvements

• AWS Assume Role Support: Enhanced AWS Cloud Integration with Assume Role capability for more flexible and secure access management.

Scan / Asset Management

• Technology-Specific Asset Export: Added option to export assets for given technologies.

• Asset Insights: IntroducedFirst Seen andLast Seen columns to asset data lists for improved tracking.

• pdcp x httpx Integration: Implemented integration with httpx asset data management visualization.

UI/UX Improvements

• RevampedDashboard - Redesigned with more actionable and data-driven insights for a better home experience.

• Added support for bulk deletion from scans and asset enumeration list.

• Added tooltips to display exact timestamps for dates in lists.

• Moved rename and schedule options under the update menu in scan and asset lists.

• Jira Integration Enhancements:

  • Interactive project, issue type, and status selection for easier setup.

  • Support for issue types IDs instead of names.

  • Option to remove existing linked Jira tickets from vulnerabilities.

Bug Fixes

We've addressed several issues to improve platform stability and user experience:

• Fixed pagination filter reset issues.

• Corrected the display of trial remaining days in the account switcher.

• Resolved issues with dynamic max team member count display.

We're continuously improving our platform with new features and integrations. The addition of the real-time Nuclei template vulnerability feed significantly enhances our vulnerability scanning capabilities.What's next?Automatic vulnerability scan upon new template release. We welcome your feedback and feature suggestions to help shape our product's future. Thank you for your continued support.

In this release, we've significantly enhanced our asset management capabilities, introduced Asset inventory with AI-powered search filters, and improved the overall user experience. In addition we’re focusing on providing more comprehensive asset insights, streamlining asset filtering and export processes, and enhancing cloud integration features.

Asset Management Enhancements

We've introduced several new features to make asset management more comprehensive and insightful:

• Asset Inventory and Technologies: A new system for cataloging and organizing your all assets along with their associated technologies.

• AI-Powered Asset Search: Use natural language queries to filter and find assets more intuitively.

• Asynchronous Export: Support for asynchronous export of scan results and assets, enabling users to export large datasets efficiently.

• Email Alerts for Asset Discovery: Stay informed about new asset discoveries through email notifications.

• Customizable Cloud Integration:

  • Enhanced enumeration options for more thorough asset enrichment with cloud integration.

  • Added the ability to modify discovery options for existing cloud integrations.

UI/UX Improvements

• Interactive Asset Filters: Redesigned with an interactive UI for a more intuitive and user-friendly experience.

• Icon Enhancements: Improved icons throughout the application for better visual clarity.

• Technology Icon Visibility: Fixed technology icon backgrounds with dynamic colors to enhance visibility.

Bug Fixes

We've addressed several issues to improve platform stability and user experience:

• Fixed issues with Jira Integration, particularly regarding custom fields.

• Fixed asset content auto-refresh functionality.

• Fixed problems with the changelog pop-up window.

• Fixed an issue where the screenshot option was causing enumeration to get stuck.

• Fixed the display of total asset count for running discoveries.

Billing and Access Changes

• Yearly Billing Option: We've added an annual billing cycle for Pro subscription.

• For enterprise customers:Contact our team here to schedule a demo and free trial.

This update represents our ongoing commitment to improving our platform's functionality, user experience, and security. We appreciate your continued support and feedback as we strive to provide the best possible service.