Back to Cookbook

Nuclei Template Doctor

Fix "no templates provided", template drift, and signing surprises

Nuclei scans fail not because the engine is broken but because templates are missing, outdated, filtered out, or failing validation. This recipe diagnoses template path and version problems, performs safe updates, validates templates, and explains a secure workflow for code-template signing.

House RecipeWork6 min

INGREDIENTS

PROMPT

Create a skill called "Nuclei Template Doctor". Inputs I will provide: - nuclei version output - OS info and whether I'm running inside Docker - My intended template path(s) and whether I use custom templates - The exact error output (especially if it contains [FTL]) Task: 1) Determine whether the failure is caused by missing templates, wrong paths, signing filters, or permissions. 2) Give a minimal sequence of commands to repair: - Update templates, reset config if needed, validate templates. 3) Explain what changed and what to record in engagement notes. 4) Provide safe guidance for template signing (only sign audited templates you authored).

What this fixes

Recurring failure modes:

  • `[FTL] Could not run nuclei: no templates provided for scan`
  • Templates not installed, wrong template directory, or empty directory
  • Templates silently filtered (e.g., unsigned/tampered code templates)
  • Large template sets reporting many runtime errors

Prerequisites

  • `nuclei` installed
  • Network access to fetch templates (or a pre-downloaded templates directory)
  • File permissions to write Nuclei config and templates directory

Steps and commands

  1. Baseline — confirm engine and template versions:

`nuclei -version`

  1. Install or update templates (official):
  • Update:

`nuclei -ut`

  • If you suspect config/template path corruption, reset first:

`nuclei -reset`

Then re-run:

`nuclei -ut`

  1. Confirm where templates live:
  • Nuclei prints the path during install/update.
  • Custom templates directory:

`nuclei -t /path/to/nuclei-templates -u https://example.com`

  1. Validate templates (catch runtime and schema issues early):

`nuclei -validate -t /path/to/nuclei-templates`

  1. If a single template fails with "no templates provided":
  • Confirm the file exists:

`ls -la /full/path/template.yaml`

  • Validate it directly:

`nuclei -validate -t /full/path/template.yaml`

  1. Template signing pitfalls:
  • If Nuclei warns about unsigned/tampered code templates, treat it as a supply-chain concern.
  • Only sign templates you authored and have audited:

`nuclei -u https://example.com -t my-template.yaml -sign`

Expected outputs

  • `nuclei -ut` completes with templates installed/updated
  • `nuclei -validate` reports 0 (or a small, explainable set of) validation errors
  • Scans run without `[FTL] no templates provided`

Common errors and troubleshooting

  • `[FTL] ... no templates provided for scan`
  • Templates directory is empty or filtered out.
  • Fix: `nuclei -reset` → `nuclei -ut`, then confirm `-t` paths.
  • Templates installed but "no templates found in path"
  • Path mismatch or permissions issue.
  • Confirm the directory exists and is non-empty; use an absolute path.
  • `Found X templates with runtime error (use -validate ...)`
  • Run `-validate` and either update templates or exclude noisy categories.
  • Config path not writable
  • Ensure your user can write `~/.config/nuclei/` (or run inside a writable workdir in containers).

References

  • https://docs.projectdiscovery.io/opensource/nuclei/running
  • https://docs.projectdiscovery.io/templates/reference/template-signing
  • https://github.com/projectdiscovery/nuclei/issues/5256
  • https://github.com/projectdiscovery/nuclei/issues/6617
  • https://github.com/projectdiscovery/nuclei/issues/6770
  • https://github.com/projectdiscovery/nuclei-templates/issues/9040

Example inputs

  • Target: https://example.com
  • Templates: /opt/nuclei-templates
  • Single template: /tmp/custom.yaml
Tags:#pentesting#web#automation#nuclei#templates#troubleshooting