January 23rd, 2026
This release expands attack surface visibility with Associated Domain Discovery, improves credential monitoring workflows, and delivers multiple usability, integration, and reliability improvements across the platform.
✨ New Features
🌐 Associated Domain Discovery
Discovers domains related to your verified assets, helping identify owned, subsidiary, or infrastructure-linked domains that were not explicitly added.
Associated domains are identified using multiple intelligence signals, including:
Acquisition history, covering subsidiaries, mergers, and related corporate entities
Certificate history, using shared or historical SSL and TLS certificates from certificate transparency logs
WHOIS history, identifying common registration and ownership patterns
Results are grouped by association source, allowing users to understand why a domain is linked and assess the relevance of the association.
Helps uncover subsidiary domains, legacy assets, and infrastructure-linked domains that could otherwise remain undiscovered.
Available to all signed-up users on the Cloud Platform (Non-Enterprise users are limited to 10 associated domains per query).
Access the feature from the Assets section and to get started.
Refer to our Documentation for more details.
🔐 Credential Monitoring Enhancements
Added ability to view exposed customer credentials with improved UX, to speed up investigation and triage.
The Export API now returns unmasked passwords, enabling:
Bulk credential analysis
Integration with external tools
Offline investigation and correlation workflows
🔗 Integrations
Updated Integrations page with improved layout and configuration flow.
Jira Integration enhancements
Added OAuth-based authentication, simplifying setup and ticketing workflows.
Introduced configurable field mapping between ProjectDiscovery and Jira, allowing users to control how vulnerability and asset data is populated when creating tickets.
Access integrations here:
https://cloud.projectdiscovery.io/integrations
🛠 Improvements
Added real-time feedback for invalid Nuclei template create, upload, and test actions, improving usability and reducing failed submissions.
Fixed overlapping issues on the vulnerability timeline when displaying new data points such as issue resolve time, improving clarity of vulnerability lifecycle tracking.
Resolved Open Graph image content loading issues on the Template Library page.
Fixed multiple minor UI/UX issues on the Template Profile page.
🔧 Maintenance Update: UI & Platform Fixes
We’ve also rolled out a minor maintenance update focused on usability improvements and bug fixes.
Added Light Mode / Theme support across the platform.
Theme preferences can be updated here.
Introduced a design system to standardize UI components and visual patterns, ensuring a consistent and predictable user experience across the platform.
Fixed issues with Censys integration in subfinder.
Made minor design improvements to:
Leaderboard UI
Agent installation experience
December 22nd, 2025
Asset discovery enhancements
We’ve significantly expanded external asset coverage; all changes apply automatically to existing discovery workflows (no user action required):
Subdomain discovery now includes 2 additional sources for deeper discovery (for Enterprise customers only).
Alterx integration now leverages Regulator for richer DNS permutations, building on the existing DNS Permute option.
Chaos TLS API is now used for IP discovery, in addition to SSL certificate–based discovery.
Chaos DNS API has been updated, adding over 2 billion subdomains to the DNS dataset.
DNS brute-force now supports 2nd level bruteforce for subdomains with wildcard certificates and automatically retries on timeouts.
These improvements are live for all discovery jobs in ProjectDiscovery Cloud.
Added controls in scan configuration
We’ve added new controls to make scan configuration more precise and easier to manage.
Private templates in scan profiles
You can now use private/custom Nuclei templates directly in scan template profiles, making it easier to standardize organization-specific detections across scans
Asset inclusion filters
We’ve added asset inclusion filters for per-scan and per-discovery configuration. In addition to excluding assets, you can now explicitly include assets to be scanned or discovered.
Default Static IP selection
Static IP is now enabled automatically when Static Scan is turned on, removing a previous manual step.
Integrations
Mattermost is now supported as an alerting destination, alongside existing notification channels.
Azure integration now supports 10+ additional services, bringing service coverage closer to AWS parity.
GCP integration now supports short-lived tokens in addition to static tokens (API only; UI support coming).
Reports
You can now generate PDF reports directly from the Reporting page and via API. This allows teams to package findings into a clean PDF for leadership, auditors, or customers without manual exporting. Reports can also be automated via API as part of existing workflows.
Improvements
Enhanced API error messaging for restricted/blocked templates in Cloud, with clearer feedback on why a template cannot be used.
Onboarding experience refinements across the UI to make it easier to get from first login to first scan.
Fixes
Fixed DNS wildcard detection for more accurate subdomain enumeration and reduced false positives.
Fixed issue with screenshot capture/display showing incorrectly formatted data under certain conditions.
Fixed issue with discovering additional ports outside the configured port list.
Vulnerability retest now respects the original Scan Configuration when available; previously, some settings were ignored.
Vulnerability retest for early-template findings now uses the correct URL/target instead of template content, ensuring updated Nuclei templates are applied correctly.
GitHub integration: template updates now sync as expected when existing template files are modified.
August 18th, 2025
Credential Monitoring (beta)
A new Leaks experience continuously surfaces exposed credentials associated with your organization so you can spot account-takeover risk early and act before attackers do. Access is scoped by role to protect sensitive breach data, and organization-wide visibility unlocks after domain verification. Enterprise teams can manage multiple domains and integrate via API.
Learn more here:
https://docs.projectdiscovery.io/cloud/credential-monitoring
Rate Limit per Host
A new scan configuration option enables control over request rates to safeguard host stability and optimize resource usage. Use the “Rate limit per host” setting to define requests per second per host, leave blank to default to maximum scan speed. Lower values enhance host respect, while higher values boost throughput. This control is scoped within scan configurations and integrates seamlessly with custom headers, variables, and enterprise-grade features like fixed IPs and whitelisting to ensure predictable, compliant scanning behavior.
Learn more here:
https://docs.projectdiscovery.io/cloud/scanning/parameters#rate-limiting
Contextual Metadata for Cloud Assets
Asset drawers now include enriched metadata from connected cloud providers to help you understand what you’re looking at without switching tools. For example, an AWS S3 bucket or a Kubernetes ingress will display the key integration details you typically hunt for, things like the instance identity, how traffic reaches it, the control plane objects it’s tied to, and the versioning and ownership breadcrumbs that matter during triage. The goal is simple: when you pull up an asset, you immediately see the operational shape around it so you can make a confident call on severity and next steps. Filtering on these metadata fields is coming soon.
Asset Source Visibility
The asset drawer now includes source details, making it easier to see where discovered assets originate and providing context for external discovery. This lives under the Asset → Drawer details panel.
WAF statistics in scan logs
Scan logs now include a WAF-focused summary to make it easier to see when scans are being challenged or blocked and to guide tuning (e.g., white-listing, throttling or header strategies). This lives under the Scan → Logs details panel.
UI & UX Improvements
Prevented recommended profiles from being auto-selected multiple times in the template option workflow.
Fixed scan button behavior in grouped asset view, ensuring scans can be initiated correctly.
Introduced a new score progress bar for clearer visibility of Security Score improvements.
Enhanced the timepicker with smoother UX and resolved edge-case bugs in time selection.
Improved loading state on the Teams page to provide clearer feedback during team invites.
Resolved template handling in the scan dialog, fixing issues with running custom and GitHub templates.
Stability & Performance
Eliminated a race condition in port-scan result callbacks that could trigger occasional panics.
Refined per-worker rate-limit calculations to prevent host skipping.
Added additional panic guards across components (including headless and technology-detection paths) for broader coverage.
Improved scan worker calculation logic for more predictable scheduling under variable load. Fixed an edge case with the retest vulnerability option.
Added a fallback path when a scan configuration isn’t found, reducing hard failures.
June 28th, 2025
Version 1.3.0 brings a series of interface and experience overhauls, easier discovery, and dozens of polish fixes that make everyday workflows easier and faster.
New Features
New dashboard – A cleaner, card-driven layout highlights your total assets and open vulnerabilities at a glance, with contextual charts for ports, tech stacks, severities, and SLAs. Hover actions surface the most-used flows so you're never more than one click away.
New navigation and sidebar – Collapsible groups, high-contrast icons, and improved keyboard focus states keep navigation compact and accessible for all themes.
Vulnerability view updates – Now supports drawer view for improved visualization and interaction.
Category filter – You can now filter e.g. SSRF, Misconfig, RCE, or any custom category in a single click across your vulnerability data under filters.
HTTP-based wildcard detection and exclusion – Powered by the cleanhttp library, this feature automatically detects wildcard HTTP records and excludes them from discovery by default. This ensures scan time is spent on real targets rather than false positives. Default exclusion is based on signature patterns defined in the cleanhttp project. More controls and customizations coming soon.
Improvements and bug fixes
Updated billing page with unified usage breakdown data and monthly limits.
Improved tooltips on abbreviated numbers + long labels across the application.
Enhanced AI filters on asset pages, including filtering supported in grouped view.
Custom Filter Enhancements:
Custom filters now support
containsandnot containswith multipe values.Fixed issue with using multiple status code filter.
Universal table pagination
/assets,/scans, and/resultstables now load faster.Page size is now customizable and your preference is saved locally.
Dashboard polish and empty-state fixes.
Updated Vulnerability status and asset filters.
Fixed copy/paste link, malformed URLs, and pie-chart tooltip issues.
Asset discovery history now delivers accurate failure details.
Alerting with severity configuration:
Fixed an issue with sending alerts when severity is configured.
Fixed an issue with sending alert for initial scan / discovery
Added auto-refresh for ephemeral IPs to clean up unrelated hosts and data upon re-discovery runs.
Fixed a bug with template id exclusion from pre-created scans.
Fixed a bug to return unique counters for remediated and regression vulnerabilities count on reports page.
Along with many other bugs and improvements.
April 18th, 2025
We’re excited to roll out a fresh update packed with powerful enhancements across vulnerability management, asset workflows, and template generation! This release focuses on improving visibility, flexibility, and customization across the app.
Vulnerability Management
Custom severity for templates and vulnerabilities: Gain more control over your security workflow with the ability to customize severity levels for both templates and identified vulnerabilities, adapting them to your organization's specific risk tolerance.
Severity customization for vulnerability alerting: Customize Slack, Teams, and email alert notifications based on vulnerability severity levels
New vulnerability status (triaged): Track vulnerabilities more easily across key stages of remediation with our new ‘triaged’ status, allowing security teams to mark issues that have been reviewed but where remediation has not begun.
Custom reporting link reference: Connect vulnerability findings to external resources like ticketing, documentation, or policies with custom links
Asset Management
Asset overview (early version): View your data in different ways with our new multi-format visualization feature, giving you flexibility in how you explore your infrastructure’s exposure, such as detected ports and technologies. This early version is just the beginning, with more data points, visualizations, and improvements coming soon.
Grouped asset view: Efficiently analyze assets with our new grouped view that correlates multiple data points, helping you identify patterns and relationships across your infrastructure.
Bulk asset deletion by filters: Bulk delete assets using filters, enabling you mass remove assets that meet specific criteria.
Bulk / single label removal support: We've added the ability to remove labels in bulk or individually, giving you more flexibility in organizing and managing your resources.
Asset host view: View detailed host-level information such as response headers, network information, and certificate information by clicking on each asset
Template Features
When we first launched the ProjectDiscovery Cloud Platform, it was centered around our Nuclei template editor, powered by OpenAI APIs and several internal tools to handle lint errors and ensure accuracy with the Nuclei schema. Today, we’re releasing the second major update to this interface, with a primary focus on making iterative editing faster and smoother. The editor now includes integrated chat, enabling a real-time, interactive conversation with the AI editor while editing templates. This allows for a more dynamic and efficient editing experience. We’ve also added support for attaching images directly within the editor, simplifying your template development and debugging process.
Interactive chat assistant for template creation and modification with diff view: Get real-time, interactive help while building templates, with side-by-side comparisons that make tracking changes effortless.
AI-powered auto-complete suggestions for template fields: Boost productivity with intelligent auto-complete suggestions that learn from common template patterns and streamline your workflow.
Multi-tab editing with local cache for unsaved templates: Work on multiple templates at once without losing progress, thanks to our new local caching system that keeps your unsaved changes safe.
Multiple target inputs with improved debugging experience: Test your templates against multiple targets simultaneously, with enhanced debugging tools that simplify troubleshooting and speed up the process.
Template sharing with restricted access and custom expiration: Securely share templates with team members or clients, featuring fine-grained access controls and automatic expiration dates for added security.
Run with Nuclei: Easily copy the Nuclei CLI command from the editor to run the template locally with Nuclei. This feature is especially useful for scanning a list of targets directly from your machine.
Vulnerability Library (early version)
We’re excited to announce the early release of a unified interface for vulnerabilities, making it easier to browse and explore both CVEs and non-CVE vulnerabilities in one place. We’re still iterating, and more improvements are coming soon. Stay tuned for further updates.
New page for browsing CVEs and Nuclei templates: Access a comprehensive collection of Nuclei templates in one convenient location. Currently focused on templates, with CVEs coming soon.
Advanced search and filtering: Quickly find exactly what you need with powerful search capabilities. Mix and match filters to get precise, targeted results.
Detailed exploit pages: Dive into well-organized, in-depth information on specific exploits, including technical breakdowns, impact assessments, and actionable remediation steps.
Other Improvements
Bulk / single label removal support: Remove labels in bulk or individually, giving you more flexibility in organizing and managing your assets
Discovered domains list under usages section: Automatically track domains discovered during scanning with a convenient list in the usages section, helping you maintain awareness of your growing attack surface
Self-Hosted Jira Integration for Vulnerability Tracking: Integrate with self-hosted Jira instances to automatically create tickets from vulnerability findings
March 6th, 2025
New
In this release, we've focused on enhancing user experience by introducing new features such as AWS ARN integration for improved cloud asset discovery, domain filtering in vulnerability results, and a scan history page for tracking previous scans. Additionally, we've addressed several bugs to ensure a smoother platform performance.
New features
AWS ARN integration
Enhanced AWS integration options with an improved user experience.
Navigation: Assets → Integrations → AWSDomain filter
Added support for filtering vulnerabilities and results by domain.
Navigation: Assets → Inventory → Filters → DomainScan history page
Introduced a dedicated page to view historical scan runs with a timeline.
Navigation: Scans → Scan ID → HistoryTime filter
Implemented time-based filtering in the asset/inventory view.
Navigation: Assets → Inventory → Filters → TimeInvoice downloads
Added the option to download current and historical invoices from the billing page.
Navigation: Settings → BillingTeam member activity
Now displaying the last active time for each team member in the list view.
Navigation: Settings → Teams
Bug fixes
Unverified host discovery
Fixed an issue where unverified hosts were discovered when using the Related IP/Host Discovery option.
Proxy tunnel selection
Resolved an issue with selecting the correct proxy tunnel when multiple tunnels are present.
Results page unresponsiveness
Fixed an issue where the results page became unresponsive after creating a manual ticket.
JSON tab rendering
Addressed an issue where the JSON tab was not rendering in the template editor result view.
Session refresh handling
Ensured proper session refresh handling after user or network inactivity.
Authentication & workspace Switch
Prevented the default loader (logo) from re-rendering upon authentication or workspace switch.
For more details on AWS ARN integration, refer to our documentation:
🔗 AWS ARN Integration Guide
For information on internal scanning, visit:
🔗 Internal Scanning Documentation
February 27th, 2025
We're excited to announce the v1.0.0 release of ProjectDiscovery Platform, bringing significant improvements to vulnerability scanning, asset discovery, and vulnerability management capabilities.
Improved onboarding for free-tier users with a business email
Introduced automated asset discovery and vulnerability scanning during onboarding
Streamlined subsidiary domain and asset discovery process
Note: Free-tier users with a business email continue to get a free monthly vulnerability scan of all subdomains associated with their email domain with no asset limits.
Improved asset discovery workflows
TLS certificate probing (via tlsx)
Automatic extraction of TLS certificate data from discovered hostnames/IPs
Enabled by default for all discoveries
Exposed target IP discovery (via uncover)
Identifies exposed IPs sharing TLS certificates same as input domains
Enabled by default for enhanced reconnaissance
ASN metadata integration (via asnmap)
Automatic extraction of ASN data for discovered assets
Enhanced network context for better asset understanding
Enabled by default for all discoveries
Dynamic asset groups from saved filters
Create dynamic asset groups from existing enumerations by saving your filter selections
Improved asset monitoring and management capabilities
Customizable enumeration configurations per group
Enhanced filtering
New multi-select filters for assets
Support for negative search parameters
Improved asset categorization and search capabilities
AI-Powered asset labeling
Automatic labeling and categorization based on screenshots and HTTP metadata for better organization
Flexible labeling options
Bulk labeling using asset filters
Individual asset labeling for precise categorization
Weekly screenshot capture for visual asset verification and analysis
Enabled by default for all discoveries
Comprehensive domain-based asset visualization
Advanced search capabilities
Active asset data export (raw) options for all users
Domain based visualization (free for everyone via UI and API)
Advanced search capabilities
RAW data export
Vulnerability scanning improvements
Comprehensive risk reporting from vulnerability scan data, including:
Overall security score
Vulnerability exposure totals over time
Vulnerability Regression analysis
Remediation efficiency tracking
Universally exclude specific templates or targets from future vulnerability scans or asset discovery
Template writing and management:
Improved template generation API
Integration with Nuclei CLI (-ai flag)
On-the-fly template generation and execution
Available to all platform users.
For detailed documentation and guides, please visit:
Feedback and support
We value your feedback! Please report any issues or suggestions through our feedback portal.
December 10th, 2024
New
We're excited to introduce ProjectDiscovery v0.9.3, featuring internal network vulnerability scanning capabilities. Many teams move to ProjectDiscovery from traditional vulnerability management (VM) tools to reduce noise, streamline their scanning and remediation, and focus on what’s actually exploitable. This release addresses a major pain point for teams transitioning from traditional VM tools, offering streamlined scanning workflows with a laser focus on exploitability for their internal networks.
Key Features
Internal Network Scanning (Beta)
Building on our local Nuclei scanning feature, we've introduced TunnelX – a secure tunneling solution for continuous internal vulnerability assessments. Run scheduled scans, deploy custom templates, and leverage all ProjectDiscovery integrations within your internal network.
TunnelX is currently available for Enterprise customers. Contact our team to get started.
Free Monthly Scans for Business Domain
Teams using business email domains now get automatic access to free monthly vulnerability scans across their subdomains upon signup. Perfect for startups and growing security programs looking to leverage Nuclei's precision scanning capabilities. You can also invite up to 10 team members for free in your account.
Currently this feature is only available to the new user accounts, we will soon roll out this feature to all our existing users with work email addresses.
Improvements
We have pushed several updates and improvements across the app, including its stability. Some key notable improvements are:
Expand External Discovery with 3rd Party APIs: For those who are in red teaming and offensive teams, one of the other requested features was to ingest data from 3rd party APIs and further enrich discovery process. Having broader external discovery helps to gain more insights into the exposed services on the internet. We have now introduced 10 different services integration that you can plug in. Once plugged, we will automatically use that in our external asset discovery pipelines. Note: This is only available for Pro and Enterprise. We have a few exciting updates planned for free users in early 2025.
Configurable Alerts for Scans and Assets: Now you can receive alerts on the condition of detecting new assets and vulnerabilities.
Redesigned User Settings for easier access and navigation.
We have reworked and improved our Jira integration's stability and customization options.
Improved the team workspaces; now users by default get a workspace where they can directly invite using their Pro or Enterprise plans.
We fixed an issue with real-time vulnerability scans creating multiple scans; all real-time scans are now consolidated into a single scan for better efficiency.
You can now export vulnerability scan logs; this is currently available only for Enterprises.
Thank you for continuing to use the platform and sharing your feedback with us. We have many more exciting features planned to be shipped. Stay tuned!
October 21st, 2024
New
In this release, we've focused on enhancing vulnerability automation capabilities, improving the user experience, and expanding asset discovery and monitoring features.
Our goal remains the same: making modern vulnerability management accurate and risk-based, with a focus on enhancing the workflows where security engineers spend their day-to-day time. The entire ProjectDiscovery platform is available with APIs and a range of integrations. Talk to our team to set it up for your organization.
New Features
Automatic Real-Time Vulnerability Scan: Enable automated vulnerability scans that trigger whenever new Nuclei templates are added to the platform, ensuring immediate detection of the latest vulnerabilities as soon as they are released. This feature is currently available only to Enterprise customers. Contact our team to upgrade your account. Enable it by following the guide here.
Configurable Discovery and Scan Automation: Users can now choose to automatically run asset discovery before scanning or initiate a vulnerability scan immediately after discovery. This behavior is configurable, allowing you to enable or disable automation based on your needs.
Asset Discovery Alerts: Configurable alerting for asset discovery and monitoring events to keep you informed in real-time.
UI/UX Improvements
Improved Scan Logs: Enhanced scan logs with a severity filter and uniform colors for easier navigation and analysis.
Nuclei Templates Feed Timeline: Added a timeline visualization for the Nuclei templates feed, providing a clearer view of updates over time.
Assets and Vulnerability Trends: Introduced trend graphs for assets and vulnerabilities, offering actionable insights on historical changes and trends.
Unique Assets in Billing Cycle: Users can now view, search, and export a list of unique assets scanned during the current billing cycle for better usage tracking and analysis.
Bug Fixes
Fixed Hyperlink Issue in Report URLs: Resolved incorrect hyperlink generation for reports in integration tickets.
Corrected Missing Options for Scheduled Scans: Fixed the issue where some scheduled scan options were not being displayed properly.
Fixed Asset Skipping in Nuclei Project: Addressed an issue that caused assets to be skipped during scanning under certain conditions.
Resolved httpx Upload Issue: Fixed a problem with httpx upload causing metadata update issues when renaming.
Fixed IP Target Input Issue: Resolved an issue with using IP addresses as target input for scan creation from the live template feed.
Other Updates
Chaos Project Integration: Users of any tier can now instantly retrieve asset data for domains with public enumeration, as part of the Chaos project integration, for faster analysis and discovery.
Weekly Discovery Data Refresh for Free Tier: Discovery data for public domains available to free-tier users will now be refreshed weekly in an automated, scheduled manner to ensure up-to-date information.
Asset Inventory Access Changes: Asset Inventory access is now disabled for users in the free tier to prevent abuse and reduce performance load. Asset data will still be accessible via individual asset groups.
What's next?
We're working on expanding automations—configuring automatic vulnerability scans based on multiple asset or template events to further streamline your security processes.
We're committed to continuous improvement, delivering new features and optimizing existing ones to provide an unmatched experience. Stay tuned for more updates! Keep sending us your ideas and feedback—we're just getting started.
September 16th, 2024
Improved
We've added Linear ticketing integration. Now you can automatically or manually create tickets from your vulnerability detections. You can set up the integration here.
The dashboard has been updated with the following improvements:
An asset graph card that shows how your exposures and unique technologies grow over time.
An enhanced vulnerability feed that includes more metadata related to each CVE. We've also made these vulnerability templates easily shareable by allowing you to copy the URL directly from your browser with a given vulnerability.
And with many other bug fixes and performance improvements.
Team ProjectDiscovery!