ProjectDiscovery Organic Growth Opportunities

A massive programmatic library creating a dedicated page for every CVE ID, focusing on detection logic and exploitability signals. This transforms the brand's successful CVE blog strategy into a scalable encyclopedia that captures long-tail search intent for specific vulnerabilities.

Example Keywords

• CVE-2025-1974 detection
• CVE-2024-45519 exploitability
• CVE-2025-29927 mitigation
• how to scan for CVE-2025-31161
• vulnerability indicators for CVE-2023-22527

Rationale

CVEs are the primary unit of search in the security industry. By providing structured detection guidance and exploitability context for the entire CVE universe, projectdiscovery.io can capture high-intent traffic from researchers and engineers looking to validate their exposure.

Topical Authority

The domain already shows strong performance for specific high-volume CVE blog posts; expanding this to a full library leverages existing authority in vulnerability research and detection logic.

Internal Data Sources

Use Nuclei template metadata, internal research changelogs, and ProjectDiscovery Cloud library tags to provide unique, tool-agnostic detection insights.

Estimated Number of Pages

200,000+

A comprehensive directory of landing pages targeting 'how to scan' intent for thousands of specific enterprise technologies and products. These pages map common misconfigurations and known risks to specific software stacks, providing a clear path to operational security.

Example Keywords

• SAP vulnerability scanning
• Kubernetes Ingress security testing
• Next.js middleware DAST
• how to scan Adobe ColdFusion for RCE
• Atlassian Confluence misconfiguration checks

Rationale

Security teams often search for security guidance based on their specific tech stack. This play addresses the massive keyword breadth gap compared to competitors by creating thousands of entry points for technology-first discovery.

Topical Authority

ProjectDiscovery is widely recognized for its open-source scanning tools; providing expert guidance on how to apply these tools to specific technologies is a natural extension of their documentation authority.

Internal Data Sources

Leverage the internal template-to-tech mapping (tags), API documentation, and existing technical blog deep-dives to generate differentiated content.

Estimated Number of Pages

10,000+

A data-driven library of pages providing aggregate security insights for every ASN, country, and cloud region. These pages highlight common exposure patterns and risky services found in specific network scopes without disclosing sensitive individual targets.

Example Keywords

• AS15169 exposed services
• exposed Redis servers in Germany
• AWS US-East-1 common misconfigurations
• most common open ports in Azure regions
• internet exposure trends for AS32934

Rationale

This play leverages the unique 'Chaos' brand and dataset to provide macro-level security intelligence that no other competitor can easily replicate. It targets researchers and network admins interested in regional or network-specific risk profiles.

Topical Authority

The domain already ranks for 'chaos project discovery'; turning this into a programmatic atlas solidifies their position as the leader in internet-scale reconnaissance data.

Internal Data Sources

Use aggregated, anonymized data from the Chaos project and internet-wide scanning telemetry to provide unique statistical insights.

Estimated Number of Pages

50,000+

A specialized directory of pages detailing the 'takeover' risks associated with hundreds of cloud, SaaS, and hosting providers. Each page explains the specific DNS patterns that indicate a dangling resource and provides step-by-step verification and remediation steps.

Example Keywords

• GitHub Pages subdomain takeover
• S3 bucket dangling DNS record
• Azure App Service takeover verification
• how to prevent CNAME takeover on Heroku
• orphaned DNS records in Zendesk

Rationale

Subdomain takeovers are a high-priority risk for security teams, yet documentation is often fragmented. Owning the definitive library for these patterns drives high-intent traffic from teams performing asset inventory and attack surface management.

Topical Authority

ProjectDiscovery's 'subfinder' and 'nuclei' tools are industry standards for this type of work; providing the underlying knowledge base for these tools establishes peerless authority.

Internal Data Sources

Utilize internal fingerprinting logic for service identification and DNS verification patterns used in the open-source toolset.

Estimated Number of Pages

1,500+

A library of copy-pasteable security automation 'recipes' for every major CI/CD platform and programming language. These pages provide the exact YAML and configuration needed to integrate automated scanning into developer workflows.

Example Keywords

• GitHub Actions security gate for Node.js
• GitLab CI DAST pipeline for Python
• Jenkins security scanning for Java
• fail build on critical vulnerabilities in CircleCI
• Azure DevOps security automation YAML

Rationale

This play targets the 'Shift Left' movement by capturing developers and DevSecOps engineers at the moment they are building automation. It bridges the gap between 'tooling' and 'implementation'.

Topical Authority

The domain's documentation is already a top traffic driver; expanding into 'recipes' and 'blueprints' leverages this technical trust to capture broader automation-related keywords.

Internal Data Sources

Use API reference schemas, sample integration payloads, and existing documentation on scan parameters to generate accurate, functional code snippets.

Estimated Number of Pages

2,000+

Improvements Summary

Refocus each Nuclei page around a single search intent (commercial vs informational vs task) and expand on-page sections to match mid-tail queries. Add a hub-and-spoke internal linking structure across /nuclei, docs overview, install, and templates, plus FAQ and SoftwareApplication schema for richer snippets.

Improvements Details

Update /nuclei with sections for “What is Nuclei?”, “Run a Nuclei scan in 60 seconds”, “Nuclei templates”, use cases, and an FAQ targeting “nuclei vulnerability scanner”, “nuclei scanner”, and “nuclei scan”. Rewrite the docs overview intro to answer “what is nuclei” within the first 80–120 words, add concepts + common commands blocks, and route users via “Next steps” to Install and Templates. Expand /templates/introduction into a templates hub (choosing templates, lifecycle, safety notes, popular categories), reduce overlap from /tools/nuclei by turning it into an index, and handle misspellings (“nuclie”, “nuceli”) with redirects/search hints rather than adding them to headings.

Improvements Rationale

Current rankings cluster around the head term “nuclei”, but mixed intent across marketing and docs pages limits first-page coverage and creates keyword cannibalization. Clear intent mapping, deeper sections for “what is nuclei”, “nuclei scanner”, and “nuclei templates”, plus stronger internal links and schema, increases eligibility for sitelinks/PAA-style results and improves time-to-first-scan, which supports downloads and product interest.