github.com/projectdiscovery/nuclei

Nuclei at version 1.1.7 is primarily designed as a CLI tool rather than a Go library, which creates friction when trying to integrate it programmatically. The package structure assumes you'll be running templates from the command line, and embedding it into your own Go applications requires navigating undocumented internal APIs and structures that weren't designed for external consumption.

The learning curve is steep because documentation focuses heavily on template writing rather than programmatic usage. Error messages tend to be cryptic when templates fail to parse or execute, making debugging difficult. You'll often find yourself reading the source code to understand how to properly initialize the engine and handle results. The template system itself is powerful, but integrating it requires significant trial and error.

Community support for programmatic usage is sparse - most GitHub issues and discussions center around CLI usage and template creation. If you're building automation that needs to invoke Nuclei, you're better off shelling out to the CLI binary rather than trying to use it as a library dependency. The APIs changed significantly in later versions, so examples from newer releases won't help with 1.1.7.

Using Nuclei as a Go package (v1.1.7) is challenging compared to using it as a CLI tool. The library lacks comprehensive API documentation, making it difficult to understand how to properly initialize the engine, configure template loading, and handle scan results programmatically. You'll spend significant time reading source code to figure out internal structures and expected workflows.

Error messages are often cryptic when templates fail to load or when configuration is incorrect. The package expects you to understand Nuclei's template DSL deeply, but there's minimal guidance on programmatic template creation or validation. Common use cases like "scan this URL with these templates" require piecing together examples from GitHub issues rather than following clear documentation.

Debugging is particularly painful because the library wasn't designed with embedding in mind at this version. Stack traces don't always point to the actual problem, and there's limited logging control. The community support exists but is heavily CLI-focused, making it hard to find help for programmatic usage. If you need to integrate Nuclei into your Go application, expect significant trial-and-error.

Version 1.1.7 from 2020 represents an extremely outdated snapshot of Nuclei. Using this version in production is risky—it predates critical security hardening, supply chain improvements, and vulnerability fixes that came in later versions. The template engine at this version has limited input validation and the HTTP client configuration lacks modern TLS best practices.

The authentication model for running templates is rudimentary, with insufficient sandboxing of template execution. Error messages can leak sensitive information about internal network topology and application structure. The template YAML parsing doesn't have strong schema validation, making it easy to accidentally expose credentials or run unintended network operations. Dependency management at this version relies on older, potentially vulnerable libraries.

If you must use Nuclei, you need a much newer version (v2.x or v3.x) that includes proper security controls, better input validation, and active CVE patching. This 2020 version should not be deployed in any security-sensitive environment.