Merge branch 'main' of https://github.com/projectdiscovery/docs

.coderabbit.yaml

@@ -0,0 +1,14 @@
+language: "en-US"
+early_access: false
+reviews:
+  profile: "chill"
+  request_changes_workflow: false
+  high_level_summary: true
+  poem: false
+  review_status: true
+  collapse_walkthrough: false
+  auto_review:
+    enabled: true
+    drafts: false
+chat:
+  auto_reply: true

cloud/assets/adding-assets.mdx

@@ -17,15 +17,15 @@ From the Assets tab, there are three methods to add your assets:
 
  Each unique path, including those with specified ports will be added as an individual asset for scanning. If you have questions about your specific setup, get in touch with us at [email protected].
 
- ## Add New Assets 
+ ## Discover New Assets 
 
- Discovery is the most basic method of getting assets into PDCP. To get started immediately, this is a straightforward way to add a single domain and start a asset discovery. 
+ Discovery is the easiest method of importing assets into PDCP for vulnerability scanning. 
 
 <img height="200" src="/images/platform/addassets.png" />
 
-- **Scope**: manually input your list of up to 50 root domains. 
+- **Scope**: manually input your list of up to 10 root domains in the Free plan, or up to 100 root domains in Pro. 
 
-   - Auto Discovery is enabled by default and will automatically discover your assets including subdomains, open ports, and other web technologies. 
+   - Auto Discovery is enabled by default and will automatically discover your assets including subdomains, open ports, and other web technologies. Port scanning and technology detection is available in Pro and Enterprise plans only. 
    - *Note: Disable Auto Discovery to restrict upload to your specified asset list.* 
 
 - Domain, IP address, or CIDR. For CIDR ranges each individual IP will be added as a single asset.

cloud/assets/overview.mdx

@@ -5,21 +5,22 @@ sidebarTitle: "Overview"
 ---
 
 ## Overview
-Assets are any hosts added to ProjectDiscovery Cloud Platform (PDCP) for scanning. Hosts can be a URL, an IP address, or a CIDR range. 
+In the ProjectDiscovery Cloud Platform (PDCP), an asset is any host or target for vulnerability scanning. An asset is defined as the combination of a host (subdomain or IP address) and a specific port.
 
-The Assets page is available from the top navigation. Assets can be added through **Add New Assets** or **Integrate Cloud Services**.
+Assets can be discovered via Auto-Discovery from a root domain or specified IP/CIDR range. Note: IP and CIDR range discovery and enrichment are only available on Pro and Enterprise plans.
 
-![Assets](/images/platform/assetspage.png)
+Assets can also be imported through our cloud integrations or direct upload through a .txt file. 
 
-The Asset pages supports search, refresh, and lists the added assets available to browse. Once you've added assets to PDCP they are available to include in scans you want to create.
+Once assets are added to PDCP, they can be selected as targets in a vulnerability scan.
 
+![Assets](/images/platform/assetspage.png)
 
 ## FAQ
 
 ### General
-**Is there a limitation on how many Assets I can add?**
+**Is there a limitation to how many root domains I can run auto-discovery on?**
 
-There is no overall storage limit for Assets. Each individual upload of Assets cannot exceed 50,000 items or 50 root domains.
+The Free tier supports up to 10 root domain discoveries per month, while Pro supports 100 domains per month and Enterprise offers custom limits. 
 
 **What kind of Assets are supported?**
 
@@ -51,4 +52,4 @@ Yes! Assets that are added to PDCP can be renamed.
 
 **Can I delete Assets?**
 
-You can delete any assets, however assets that are included in a scan will generate an error.
+You can delete any assets, however assets that are included in a scan will generate an error.

cloud/examples/vulnerability-regressions.mdx

@@ -0,0 +1,30 @@
+---
+title: 'Vulnerability Regressions'
+description: 'Continuously retest vulnerabilities and detect similar issues across your infrastructure.'
+---
+
+## Summary 
+
+As organizations uncover more vulnerabilities than ever before, managing and remediating critical security vulnerabilities becomes increasingly complex. Traditional workflows often involve fragmented tools and processes, making it challenging to ensure vulnerabilities are effectively resolved and do not reappear. 
+
+Recognizing these challenges, we have added a powerful feature to our cloud platform (currently in BETA): Vulnerability Regression with Nuclei.
+
+This feature seamlessly integrates with your preferred ticketing solutions—GitHub, GitLab, Linear, and Jira—to streamline vulnerability management. By automatically generating Nuclei templates from reported vulnerabilities and continuously retesting during the remediation process, it ensures that security issues are effectively fixed.
+
+
+### How It Helps
+
+- **Automates Template Creation**: Transforms reported vulnerabilities into actionable Nuclei templates using AI, saving time and reducing manual effort with ability to quickly edit the attached templates.
+
+- **Continuous Retesting**: Automatically retests vulnerabilities when developers attempt to close issues, ensuring fixes are properly applied, and includes continuous monitoring of previously fixed vulnerabilities to file a ticket as soon as they reappear in production.
+
+- **Infrastructure-wide Detection**: Identifies similar vulnerabilities across all assets, preventing overlooked threats and reducing the risk of reoccurrence.
+
+
+
+### Request a Demo
+
+[Contact us to here](https://projectdiscovery.io/request-demo) to request a personalized demo.
+
+
+Learn how ProjectDiscovery can help your team save time, improve remediation efficiency, and strengthen your organization's security posture for critical vulnerabilities.

cloud/features.mdx

@@ -1,38 +1,34 @@
 ---
-title: "Product Features"
-description: "Learn more about key features on ProjectDiscovery Cloud Platform"
-sidebarTitle: "Features"
+title: "Key Benefits"
+description: "Learn more about the key benefits of using ProjectDiscovery Cloud Platform"
+sidebarTitle: "Key Benefits"
 ---
 
-## What are ProjectDiscovery Cloud Platform's key features? 
-Explore some of the main capabilities that help to cut through the noise of false positives, provide you accurate results for potential exploits, and include up-to-date information contributed by the ProjectDiscovery community. 
+## What are ProjectDiscovery Cloud Platform's key benefits? 
 
-### Hosted solution
+With a portfolio of so many popular and successful open source tools, our prospects and users often ask about the key benefits of using ProjectDiscovery Cloud Platform. Explore some of the main benefits and advantages of PDCP below.
 
-As a hosted offering, ProjectDiscovery Cloud Platform abstracts away the complexities of running Nuclei and other ProjectDiscovery open source tools at scale. 
-The cloud scanning engine completes scans 50x faster than Nuclei, enabling scans for an entire external attack surface in less than an hour.
-This saves teams significant time that would otherwise be spent on maintaining infrastructure, writing custom scripts, and waiting for scan results to complete. 
+### Faster, Cloud-hosted Scans
 
-### Asset discovery and management
+As a cloud-hosted offering, PDCP abstracts away the complexities of running Nuclei and other ProjectDiscovery open source tools at scale. 
+Our cloud scanning engine is **50x faster than Nuclei**, completing scans of up to 20,000 targets in less than an hour.
+This delivers scan results significantly faster and saves teams meaningful time that would otherwise be spent on maintaining infrastructure, writing custom scripts, and waiting for scan results to complete. 
 
-We integrate our popular reconnaissance tools like subfinder, naabu, httpx, and katana to provide an outside-in view of public-facing assets. 
-This approach captures assets that may fall out of the range of traditional AWS / GCP / Azure inventory lists but remain exploitable by external bad actors. 
+### Collaboration 
 
-### Remediation and regression testing workflows
+Security is a team effort and open source tools can make it difficult to collaborate with teammates. ProjectDiscovery Cloud Platform provides users with a shared workspace to run vulnerability scans, view results, and triage findings. PDCP also includes role-based access control so security teams can invite engineers and other stakeholders to the platform in view-only roles. 
 
-Support for integrations with Jira, GitHub, and other ticketing systems to accelerate time to remediation. ProjectDiscovery Cloud Platform can also run regression tests from AI-generated custom templates to ensure fixed issues do not resurface in the future.
+### Tons of Automation
 
-### Reporting 
+ProjectDiscovery Cloud Platform was designed to automate the key workflows of the modern security team. Asset discovery and reconnaisance has been simplified from chaining multiple open source tools into one simple step. Automatically scan for newly released Nuclei templates, or set up regression tests for fixed vulnerabilities. Schedule daily discovery and scans, or set up custom schedules, continuous scanning, or workflow-based scans. Key actions like copying cURL requests, opening up vulnerable targets in a new tab, and initiating retest are all exposed to the user, saving multiple clicks and navigating between different applications.
 
-Export vulnerability findings via PDF, JSON, CSV, or our API to provide visibility to leadership and other parts of the organization. 
+### Powerful Integrations
 
-### Early template access
+ProjectDiscovery Cloud Platform makes it easy to connect your key services and applications. PDCP supports integrations to your favorite messaging apps like Slack to be alerted of critical findings, ticketing systems like Jira to automate the remediation process and initiate retests, and cloud providers to pull in your live hosts for scanning. We also have a fully functional [API](https://docs.projectdiscovery.io/api-reference/introduction) to customize any integrations in your organization.   
 
-Get early access to new Nuclei templates before they are released to the public.
+### Dashboards and Executive Reporting 
 
-### Collaboration
-
-Invite your team and share findings in your workspace. Auth support includes SSO and SAML with SCIM. RBAC is coming soon to meet enterprise security requirements.
+Showcase your security initiatives to leadership with beautiful dashboards and executive reports. Export vulnerability findings via PDF, JSON, or CSV. Leverage our real-time vulnerability scans to automatically scan your infrastructure for trending exploits and share findings proactively with your company. 
 
 ### Support
 

cloud/introduction.mdx

@@ -1,15 +1,14 @@
 ---
 title: "Introducing ProjectDiscovery Cloud Platform"
-description: "A cloud-hosted product for attack surface visibility and vulnerability scanning"
 sidebarTitle: "Introduction"
 ---
 
 <Tip>Sign up for [ProjectDiscovery Cloud Platform](https://cloud.projectdiscovery.io/)</Tip> 
 
 ## What is ProjectDiscovery Cloud Platform? 
 
-[ProjectDiscovery Cloud Platform (PDCP)](cloud.projectdiscovery.io) is a cloud-hosted security platform designed to provide continuous visibility across your external attack surface by detecting exploitable vulnerabilities and misconfigurations. 
-It is built to solve a variety of use cases, and scale to support the key workflows application security teams need to secure their infrastructure.
+[ProjectDiscovery Cloud Platform (PDCP)](cloud.projectdiscovery.io) is a cloud-hosted security platform engineered to detect exploitable vulnerabilities and misconfigurations across your internal and external infrastructure at scale with zero false positives.  
+Powered by a global open-source community of over 100,000 security professionals, PDCP is built with our most popular tools like Nuclei to bring next-generation reconnaissance, vulnerability detection, and remediation automation to the modern security team.  
 
  <iframe
   width="560"
@@ -22,43 +21,49 @@ It is built to solve a variety of use cases, and scale to support the key workfl
 ></iframe>
 
 If you're new to ProjectDiscovery: 
- - [Learn more about us and our mission here](https://projectdiscovery.io/)
- - Check out some [product features](/cloud/features)
- - New to our products? Check out a hands on example of [our popular open source tool, Nuclei](/getstarted-overview)
+ - Get started with a [free PDCP account](cloud.projectdiscovery.io)
+ - Learn about the [key benefits](/cloud/features) of Cloud
+ - New to Nuclei? Check out a hands on example of [our popular open source tool Nuclei](/getstarted-overview)
  - Explore more of our [open source tools](/tools/index)
 
 ## How are we different?
 
 The security space is crowded with tools. Attack surface management, vulnerability management, exploit monitoring - what solutions do you need? 
 
-As concerns around security rise, organizations are increasingly 
-shifting their attention to managing these risks. How are you supposed to choose when there are so many options and how can you differentiate one option from the next? 
+As concerns around security rise, organizations are increasingly shifting their attention to managing these risks.
 
 Let's get into the details and learn more about _why_ ProjectDiscovery Cloud Platform is different. 
 
-### Addressing vulnerabilities at scale
+### Zero noise
 
-You need tools that can keep pace with the evolving range of technologies and the continuously shifting landscape of vulnerabilities. 
-Our cloud platform can rapidly scan and verify a trending vulnerability across your entire tech stack. Save time and prioritize your resources 
-around the vulnerabilities that matter the most. 
+Eliminate false positives with our modern vulnerability scanning engine, powered by Nuclei and [Nuclei templates](https://github.com/projectdiscovery/nuclei-templates). 
+Each template replicates the specific actions a hacker would take to validate an exploit with clear matcher logic. 
+This stands in contrast to traditional scanners that often rely on **version-based** checks that frequently generate false positives.
+Our accuracy saves security teams hours of wasted triaging effort and enables teams to focus their efforts on remediating the vulnerabilities that matter. 
 
-### A source of truth
+### More Transparency
 
-The scope of vulnerabilities means that the quantity false positives (noise), is endless. More than a simple 
-annoyance, false positives are a costly distraction from real threats. Accuracy is game changing and critical to effective vulnerability management. 
+Nuclei templates offer clear visibility into how vulnerabilities are detected with logical mathers and easy-to-follow YAML syntax. These templates carry comprehensive information about each vulnerability including descriptions, severity, reference links and remediation steps. PDCP also comes with fast and easy workflows to retest findings or replicate results. Learn more about our [Nuclei templates](https://docs.projectdiscovery.io/templates/introduction). 
 
-Our Nuclei templates carry comprehensive information about each vulnerability. They include descriptions, remediation steps, severity, and the inner workings of test. 
-This transparency allows security engineers to easily triage, collaborate, and validate findings, while developers reproduce and verify fixes. 
+### Full Customization
 
-### Custom automation
+No two organizations are identical, and neither are their security needs. Modern security teams need to full control over their scanning workflows to get the most out of their vulnerability management program. PDCP provides users with the flexibility and customization to decide what assets to scan and which Nuclei templates to run including custom schedules, headers, and even alerts and ticketing automation. 
 
-No two organizations are identical, and neither are their security needs. Modern security teams need to automate vulnerability detection specific to their organization and tech stack. 
-Our open template language (YAML) allows flexibility and customizations so you can easily convert your internal vulnerability knowledge and findings (e.g. pen-test, bug bounty reports) into automation.
-Use your custom Nuclei templates to easily scan other similarly affected tech stacks and any associated regressions.
+### Community Powered
 
-### Community support
+Unlike traditional proprietary security companies, ProjectDiscovery began as an open-source company and today we leverage the expertise of over 100,000 security professionals worldwide to build great security tooling. When a new CVE like Log4J emerges, community contributions to our Nuclei Templates project are often available [within hours of a public proof of concept (PoC)](https://blog.projectdiscovery.io/the-power-of-nuclei-templates-a-universal-language-of-vulnerabilities/).
+PDCP's Nuclei template detection library today includes over 9,000 templates contributed from our community, every single one of which is reviewed by our internal team for quality and accuracy. 
+As one ProjectDiscovery customer puts it, “When we work with ProjectDiscovery, we work with the best hackers in the world.”
 
-It's a constant challenge to keep up with the increasing number of attack vectors and vulnerabilities. 
-Maintaining a vast database is beyond the capabilities of any single vendor. That's why, at ProjectDiscovery, we set a high value on a community-driven collaboration on exploitable vulnerabilities.
+### A Detection Platform for All Security Risks
 
+Not all security risks are publicly documented CVEs found in the National Vulnerability Database (NVD). In addition to covering the most common CVEs and misconfigurations, our Nuclei templates also detect exposed panels, default logins, leaked credentials, and many other security risks. Also, with our [AI Template Editor](https://docs.projectdiscovery.io/cloud/editor/ai), you can easily generate custom Nuclei templates to convert bug bounty reports, internal pentest findings, and other vulnerabilities into automatable security checks to run regularly against your infrastructure. Read about how [if you’re not writing custom Nuclei templates, you’re missing out](https://blog.projectdiscovery.io/if-youre-not-writing-custom-nuclei-templates-youre-missing-out/).
+
+### Powerful Reconnaissance
+
+Vulnerability results are only as good as the scope of the vulnerability scan. PDCP's asset discovery and reconnaissance workflow leverages over 6 different open source tools to provide comprehensive enumeration of your external perimeter. Try our discovery capabilities by entering your domain [here](projectdiscovery.io).
+
+### Enterprise Integrations and Capabilities
+
+ProjectDiscovery Cloud Platform includes a host of enterprise capabilities and integrations to automate your workflows within your organization. Our integrations include 2-way ticketing sync to initiate retests from your ticketing platform of choice, alerting in your favorite messenging app like Slack or via email, and connections to your cloud providers to import current hosts for scanning. PDCP also enables users to whitelist scan traffic by IP, enforce rate limiting, scan internal CI/CD pipelines, export executive reports on findings and risk posture, and meet compliance frameworks like SOC2, PCI, HIPAA. We also include enterprise features like SSO SAML, role-based access control, and audit logs in our platform.