We're excited to introduce ProjectDiscovery v0.9.3, featuring internal network vulnerability scanning capabilities. Many teams move to ProjectDiscovery from traditional vulnerability management (VM) tools to reduce noise, streamline their scanning and remediation, and focus on what’s actually exploitable. This release addresses a major pain point for teams transitioning from traditional VM tools, offering streamlined scanning workflows with a laser focus on exploitability for their internal networks.

Key Features

Internal Network Scanning (Beta)

Building on our local Nuclei scanning feature, we've introduced TunnelX – a secure tunneling solution for continuous internal vulnerability assessments. Run scheduled scans, deploy custom templates, and leverage all ProjectDiscovery integrations within your internal network.

Free Monthly Scans for Business Domain

Teams using business email domains now get automatic access to free monthly vulnerability scans across their subdomains upon signup. Perfect for startups and growing security programs looking to leverage Nuclei's precision scanning capabilities. You can also invite up to 10 team members for free in your account.

Improvements

We have pushed several updates and improvements across the app, including its stability. Some key notable improvements are:

• Expand External Discovery with 3rd Party APIs: For those who are in red teaming and offensive teams, one of the other requested features was to ingest data from 3rd party APIs and further enrich discovery process. Having broader external discovery helps to gain more insights into the exposed services on the internet. We have now introduced 10 different services integration that you can plug in. Once plugged, we will automatically use that in our external asset discovery pipelines. Note: This is only available for Pro and Enterprise. We have a few exciting updates planned for free users in early 2025.

• Configurable Alerts for Scans and Assets: Now you can receive alerts on the condition of detecting new assets and vulnerabilities.

• Redesigned User Settings for easier access and navigation.

• We have reworked and improved our Jira integration's stability and customization options.

• Improved the team workspaces; now users by default get a workspace where they can directly invite using their Pro or Enterprise plans.

• We fixed an issue with real-time vulnerability scans creating multiple scans; all real-time scans are now consolidated into a single scan for better efficiency.

• You can now export vulnerability scan logs; this is currently available only for Enterprises.

Thank you for continuing to use the platform and sharing your feedback with us. We have many more exciting features planned to be shipped. Stay tuned!

In this release, we've focused on enhancing vulnerability automation capabilities, improving the user experience, and expanding asset discovery and monitoring features.

Our goal remains the same: making modern vulnerability management accurate and risk-based, with a focus on enhancing the workflows where security engineers spend their day-to-day time. The entire ProjectDiscovery platform is available with APIs and a range of integrations. Talk to our team to set it up for your organization.

New Features

• Automatic Real-Time Vulnerability Scan: Enable automated vulnerability scans that trigger whenever new Nuclei templates are added to the platform, ensuring immediate detection of the latest vulnerabilities as soon as they are released. This feature is currently available only to Enterprise customers. Contact our team to upgrade your account. Enable it by following the guide here.

• Configurable Discovery and Scan Automation: Users can now choose to automatically run asset discovery before scanning or initiate a vulnerability scan immediately after discovery. This behavior is configurable, allowing you to enable or disable automation based on your needs.

• Asset Discovery Alerts: Configurable alerting for asset discovery and monitoring events to keep you informed in real-time.

UI/UX Improvements

• Improved Scan Logs: Enhanced scan logs with a severity filter and uniform colors for easier navigation and analysis.

• Nuclei Templates Feed Timeline: Added a timeline visualization for the Nuclei templates feed, providing a clearer view of updates over time.

• Assets and Vulnerability Trends: Introduced trend graphs for assets and vulnerabilities, offering actionable insights on historical changes and trends.

• Unique Assets in Billing Cycle: Users can now view, search, and export a list of unique assets scanned during the current billing cycle for better usage tracking and analysis.

Bug Fixes

• Fixed Hyperlink Issue in Report URLs: Resolved incorrect hyperlink generation for reports in integration tickets.

• Corrected Missing Options for Scheduled Scans: Fixed the issue where some scheduled scan options were not being displayed properly.

• Fixed Asset Skipping in Nuclei Project: Addressed an issue that caused assets to be skipped during scanning under certain conditions.

• Resolved httpx Upload Issue: Fixed a problem with httpx upload causing metadata update issues when renaming.

• Fixed IP Target Input Issue: Resolved an issue with using IP addresses as target input for scan creation from the live template feed.

Other Updates

• Chaos Project Integration: Users of any tier can now instantly retrieve asset data for domains with public enumeration, as part of the Chaos project integration, for faster analysis and discovery.

• Weekly Discovery Data Refresh for Free Tier: Discovery data for public domains available to free-tier users will now be refreshed weekly in an automated, scheduled manner to ensure up-to-date information.

• Asset Inventory Access Changes: Asset Inventory access is now disabled for users in the free tier to prevent abuse and reduce performance load. Asset data will still be accessible via individual asset groups.

What's next?

We're working on expanding automations—configuring automatic vulnerability scans based on multiple asset or template events to further streamline your security processes.

We're committed to continuous improvement, delivering new features and optimizing existing ones to provide an unmatched experience. Stay tuned for more updates! Keep sending us your ideas and feedback—we're just getting started.

We're excited to announce new pricing and changes to our automated scan offerings. This significant update makes scanning more predictable and simpler. It aligns with our mission to make advanced security technologies accessible to everyone, not just enterprises.

Starting this month, we're updating our pricing to give you more for your money. We're replacing the current token-based pricing with asset-based pricing.

What is asset-based pricing?

The Pro plan will now be priced based on unique assets scanned each billing month. A unique asset is a combination of host (subdomain or IP) and port. Once scanned, you can rescan any asset again without extra cost for the rest of the month.

Our new Pro plan lets you scan up to 1,000 unique assets per month.

What is the new price?

The new Pro plan will be $250/month or $2,500/year. While this is more than the current $100/month, you get much more with our new plan. Scanning 1k unique assets daily would have required 31k tokens, so this new plan gives you 15x more scanning capability than the current 2k token limit—without additional cost for rescans.

What if I need to scan more than 1k assets?

We believe 1,000 unique assets are enough for startups and small to mid-sized organizations. Our Enterprise tier comes with custom limits for larger scanning requirements. It also includes a host of other features and automations for larger organizations. To learn more, schedule a meeting with sales.

Linear Integration

We've also added Linear ticketing integration. Now you can automatically or manually create tickets from your vulnerability detections. You can set up the integration here.

The dashboard has been updated with the following improvements:

An asset graph card that shows how your exposures and unique technologies grow over time.

An enhanced vulnerability feed that includes more metadata related to each CVE. We've also made these vulnerability templates easily shareable by allowing you to copy the URL directly from your browser with a given vulnerability.

And with many other bug fixes and performance improvements.

Team ProjectDiscovery!

In this release, we've significantly improved our vulnerability management capabilities, introduced new AWS integration features, enhanced overall user experience, and added real-time feed of Nuclei templates. We're focusing on providing more comprehensive vulnerability tracking, streamlining cloud integrations and improving scan and asset management.

Sign up for Enterprise

Vulnerability Management Enhancements

We've introduced several new features to make vulnerability management more effective and insightful:

• Real-time Nuclei Templates Vulnerability Feed: Integrated a real-time feed of Nuclei templates for up-to-date vulnerability detection.

• New Vulnerability Statuses: Added In-Progress and Accepted Risk statuses to better track and manage vulnerabilities.

• Technology-Specific Vulnerability Scans: New option to run vulnerability scans for specific technologies.

• Vulnerability Result Insights: Added First Seen and Last Seen columns to vulnerability result data lists for better tracking.

• Vulnerability Results export: Added filter based vulnerability export in all results section.

Cloud Integration Improvements

• AWS Assume Role Support: Enhanced AWS Cloud Integration with Assume Role capability for more flexible and secure access management.

Scan / Asset Management

• Technology-Specific Asset Export: Added option to export assets for given technologies.

• Asset Insights: Introduced First Seen and Last Seen columns to asset data lists for improved tracking.

• pdcp x httpx Integration: Implemented integration with httpx asset data management visualization.

UI/UX Improvements

• Revamped Dashboard - Redesigned with more actionable and data-driven insights for a better home experience.

• Added support for bulk deletion from scans and asset enumeration list.

• Added tooltips to display exact timestamps for dates in lists.

• Moved rename and schedule options under the update menu in scan and asset lists.

• Jira Integration Enhancements:

  • Interactive project, issue type, and status selection for easier setup.

  • Support for issue types IDs instead of names.

  • Option to remove existing linked Jira tickets from vulnerabilities.

Bug Fixes

We've addressed several issues to improve platform stability and user experience:

• Fixed pagination filter reset issues.

• Corrected the display of trial remaining days in the account switcher.

• Resolved issues with dynamic max team member count display.

We're continuously improving our platform with new features and integrations. The addition of the real-time Nuclei template vulnerability feed significantly enhances our vulnerability scanning capabilities. What's next? Automatic vulnerability scan upon new template release. We welcome your feedback and feature suggestions to help shape our product's future. Thank you for your continued support.

In this release, we've significantly enhanced our asset management capabilities, introduced Asset inventory with AI-powered search filters, and improved the overall user experience. In addition we’re focusing on providing more comprehensive asset insights, streamlining asset filtering and export processes, and enhancing cloud integration features.

Asset Management Enhancements

We've introduced several new features to make asset management more comprehensive and insightful:

• Asset Inventory and Technologies: A new system for cataloging and organizing your all assets along with their associated technologies.

• AI-Powered Asset Search: Use natural language queries to filter and find assets more intuitively.

• Asynchronous Export: Support for asynchronous export of scan results and assets, enabling users to export large datasets efficiently.

• Email Alerts for Asset Discovery: Stay informed about new asset discoveries through email notifications.

• Customizable Cloud Integration:

  • Enhanced enumeration options for more thorough asset enrichment with cloud integration.

  • Added the ability to modify discovery options for existing cloud integrations.

UI/UX Improvements

• Interactive Asset Filters: Redesigned with an interactive UI for a more intuitive and user-friendly experience.

• Icon Enhancements: Improved icons throughout the application for better visual clarity.

• Technology Icon Visibility: Fixed technology icon backgrounds with dynamic colors to enhance visibility.

Bug Fixes

We've addressed several issues to improve platform stability and user experience:

• Fixed issues with Jira Integration, particularly regarding custom fields.

• Fixed asset content auto-refresh functionality.

• Fixed problems with the changelog pop-up window.

• Fixed an issue where the screenshot option was causing enumeration to get stuck.

• Fixed the display of total asset count for running discoveries.

Billing and Access Changes

• Yearly Billing Option: We've added an annual billing cycle for Pro subscription.

• For enterprise customers: Contact our team here to schedule a demo and free trial.

This update represents our ongoing commitment to improving our platform's functionality, user experience, and security. We appreciate your continued support and feedback as we strive to provide the best possible service.

In this release, we've made substantial enhancements to our asset discovery capabilities, introduced new features for Basic Tier (Free) users, and resolved several critical issues. Our primary focus has been on improving the visibility and analysis of discovered assets, and refining the insights for assets.

Our mission with the platform includes making advanced security tools available to as many people as possible. We are rolling out more features to ProjectDiscovery Cloud Platform Basic Tier (Free) users over the coming weeks and months.

Basic Tier (Free) users will now have access to:

• Discover and monitor assets (up to 10 domains and unlimited cloud integrations)

• Write and manage vulnerability templates

• Use AI for template generation

Updates & Improvements

Asset Discovery Enhancements

We've introduced several new features to make asset discovery more comprehensive and insightful:

• Screenshots for Web Services: Automatically capture images of discovered web assets.

• Improved Tech Stack Detection: Use headless browser-based detection for more accurate and comprehensive technology identification.

• Favicon Icon: When available, favicon icons are now captured.

• Enhanced DNS Discovery:

  • DNS Permutation for additional subdomain discovery (enabled by default).

  • DNS Wildcard Filtering for both passive and active discovery (enabled by default).

Notes:

• Screenshot is an optional feature that can be enabled from advanced discovery settings.

• Discovery options can be customized in advanced discovery settings, enabling users to tailor the discovery process to their specific needs.

Severity-based Sorting:

Scan results are now sorted based on severity by default, allowing users to prioritize high-risk vulnerability findings.

Improved Log-in and Sign-up Pages:

We've revamped the UI for our log-in and sign-up pages to provide a more intuitive and user-friendly experience.

Bug Fixes

This release addresses several critical issues to improve platform stability and user experience

• Fixed manual ticket creation issues for vulnerability results.

• Fixed scheduling problems with next run time for scans and enumerations.

• Fixed input deduplication for scans with target input lists.

• Fixed issues in re-scans caused by deleted alerting or reporting configurations.

• Fixed scan export issues for large results.

• Fixed issues with asset deletion.

• Fixed token consumption issues for user-stopped scans.

In this release, we have introduced support for the creation of multiple teams. Team support includes new features for member segregation and enhanced 2FA (two-factor authentication). For assets, we have added the ability to filter and scan assets directly from the asset content page. This release improves the flexibility and control of team and account management, with significant updates to our API.

Multiple Team Creation with Member Segregation

Details for teams features are summarized below.

Personal and Team Accounts

• Account Management: Users can have personal and team accounts, eliminating the need to convert personal accounts into team accounts.

• Join Multiple Teams: Users can join multiple teams within the same organization.

Team Feature Availability

• Basic Plan: Team features are not supported.

• Pro Plan: Users can create one team (for a total of two).

• Custom Plan: Users can create multiple teams.

Member Configuration

• Member Segregation: Each team workspace allows members to access data within their specific teams.

• Member-Level Access Control: Different roles within a team workspace come with specific permissions to manage data and team operations. The roles include the following permissions:

  • Owner: Read data, write data, invite new members, and manage billing

  • Admin: Read data, write data, and invite new members

  • Member: Read and write data

  • Viewer: Read data
    

API Update for Teams

• X-Resource-Type: team header is replaced with X-Team-Id: $Team_ID.

• X-Team-Id value is available at https://cloud.projectdiscovery.io/settings/team.
  

Admin Flexibility

• Support for single or multiple team administrators.

Data Segregation

• Team data is segregated, ensuring no cross-access between different teams.
  

2FA Management & Account Security

• 2FA: Users on platform can now configure 2FA using authenticator apps from security page.

• Password Management:

  • Users who signed up with social login can now set a new password to login using email and password.

  • All users can update their existing password.
    

Asset Filtering and Scanning

• Asset Content Page: Added support to filter newly discovered assets.

• Scan Creation: Added support to create scans with filtered assets from the asset content page.

Cloud Integration

• AWS Session Token: Added support for optional AWS session token input.

This release focuses on improving Asset management. Key highlights include new asset filtering options and a Free Trial for new users.

New Features

• Free Trial Support: Introducing support for a PDCP free trial. New users can sign up for for a free 14-day trial to explore fast cloud scanning powered by Nuclei, automatic asset discovery, and more.

• Asset Content Filters: Implemented filters for the Asset Content page across technology, status code, and page title.

• DNS Bruteforce: Added DNS Bruteforce support, enabled by default as part of our auto- discovery workflow. This option can be disabled under advanced settings. DNS Bruteforce helps identify subdomains that are sometimes hidden from integrations.

• Export Menu: Added an export menu on the Scan and Asset List pages.

• Status Filter: Added a status filter on the Asset List page.