Skip to main content
Neo maintains a continuously updated knowledge base covering the full breadth of offensive security: known vulnerabilities, exploitation techniques, attack vectors, security research, and real-world patterns observed across thousands of assessments. This knowledge base is actively maintained and expanded by ProjectDiscovery’s security research team and enriched by intelligence gathered from the largest open source security community in the world, over 100,000 security professionals contributing to tools like Nuclei, which maintains one of the most comprehensive vulnerability template libraries available today. When Neo plans an assessment against your stack, it draws on this knowledge to determine what to test, how to test it, and what exploitation techniques are most likely to succeed against your specific technology choices and architecture.

What Neo Knows

Neo’s security knowledge spans several categories, each continuously updated as the threat landscape evolves:

Known Vulnerabilities (CVEs)

Neo tracks the full spectrum of disclosed vulnerabilities across operating systems, frameworks, libraries, cloud services, and application platforms. This goes beyond maintaining a list of CVE identifiers. For each vulnerability, Neo understands the affected versions, the conditions required for exploitation, known proof-of-concept techniques, and how the vulnerability manifests in real-world applications. When Neo identifies a technology in your stack during an assessment, it automatically correlates that technology against its vulnerability knowledge to prioritize testing for issues most likely to affect your specific versions and configurations.

Exploitation Techniques and Methodologies

Neo’s knowledge extends beyond individual CVEs into the techniques and methodologies that skilled pentesters use to chain vulnerabilities, escalate access, and demonstrate real business impact:
  • Injection techniques: SQL injection variants, template injection, command injection, LDAP injection, and context-specific injection patterns across different frameworks and languages
  • Authentication and authorization attacks: session management flaws, OAuth misconfigurations, JWT weaknesses, privilege escalation paths, and multi-step authentication bypasses
  • Business logic exploitation: race conditions, state manipulation, workflow bypasses, and application-specific logic flaws that scanners cannot detect through pattern matching alone
  • Infrastructure and cloud attacks: SSRF chains, metadata service exploitation, container escapes, cloud IAM misconfigurations, and lateral movement techniques across cloud providers
  • Client-side attacks: XSS variants, DOM manipulation, CORS misconfigurations, postMessage vulnerabilities, and browser-specific exploitation techniques
  • Chained exploitation: how individual findings can be combined into multi-step attack paths that demonstrate impact far beyond what any single vulnerability would suggest

Emerging Threats and 1-Day Vulnerabilities

When a new critical vulnerability is disclosed, Neo’s knowledge base is updated rapidly so assessments immediately test for the latest threats. This covers:
  • 1-day vulnerabilities: newly disclosed CVEs with public proof-of-concept exploits that attackers actively target before organizations can patch
  • Novel attack vectors: newly discovered attack classes and techniques published through security research, conference talks, and real-world incident reports
  • Framework and library-specific advisories: security advisories for the specific technologies Neo encounters in your stack, correlated with the versions you’re running
This means your scheduled assessments and PR reviews automatically incorporate the latest threat intelligence without any manual intervention. A vulnerability disclosed on Monday can be tested across your stack by Tuesday’s scheduled assessment.

Security Research and Community Intelligence

ProjectDiscovery’s position at the center of the open source security community provides Neo with a unique advantage. Techniques, templates, and detection patterns contributed by thousands of security researchers worldwide flow into Neo’s knowledge base, giving it access to real-world offensive knowledge that no single vendor research team could produce alone. This includes Nuclei templates covering thousands of vulnerability checks, detection patterns for misconfigurations across hundreds of technologies, and exploitation techniques validated by the community against real targets.

Runtime Research

Neo’s knowledge base provides the foundation, but Neo can also actively research new information during an assessment when it encounters something unfamiliar or needs deeper context.

How Runtime Research Works

During an assessment, Neo may encounter a technology, configuration, or behavior it wants to investigate further. When this happens, Neo can:
  • Research a specific CVE: pull detailed technical information about a vulnerability, including exploitation techniques, affected versions, and known bypasses for common mitigations
  • Investigate an unfamiliar technology: gather security-relevant information about a framework, library, or service Neo encounters in your stack, including known attack surfaces and common misconfigurations
  • Look up novel techniques: find recently published exploitation techniques relevant to a vulnerability class or technology Neo is actively testing
  • Cross-reference advisories: check whether a specific version of a dependency in your stack is affected by recent security advisories
This means Neo adapts to what it finds in real time. If an assessment reveals your application uses an uncommon framework or a recently released library version, Neo researches the security implications on the spot rather than skipping what it doesn’t immediately recognize.

Runtime Research in Practice

Consider a scenario where Neo is assessing your application and discovers it uses a specific version of a message queue library. Neo’s knowledge base contains general security guidance for that library, but a critical deserialization vulnerability was disclosed three days ago affecting exactly the version your application runs. Neo identifies the version, researches the specific CVE at runtime, understands the exploitation technique, and tests your application for the vulnerability: all within the same assessment session. The finding arrives with full evidence: the exact deserialization payload, proof of code execution, and remediation guidance specific to your version and configuration.

How Security Knowledge Connects to Your Assessments

Neo’s global security knowledge and its memory of your environment work together during every assessment:
  1. Memory tells Neo what technologies your stack uses, what’s been tested before, and where previous findings were located
  2. Security knowledge tells Neo what vulnerabilities and techniques are relevant to those specific technologies
  3. Runtime research fills gaps when Neo encounters something new or needs deeper information about a recently disclosed threat
This is how Neo achieves the coverage depth of a skilled pentester who stays current on the latest research, combined with the consistency and speed of automation. Every assessment is informed by both the latest global threat intelligence and deep contextual understanding of your specific environment.

Continuous Updates

Neo’s security knowledge base is updated through multiple channels on a continuous basis:
  • ProjectDiscovery research team: dedicated security researchers identifying, validating, and documenting new vulnerabilities and techniques
  • Nuclei community templates: thousands of detection and exploitation templates contributed by the global security community, reviewed and integrated continuously
  • CVE and advisory feeds: automated ingestion of vulnerability disclosures, security advisories, and patch releases across the technology ecosystem
  • Assessment intelligence: patterns and techniques refined from real-world assessment data across Neo’s deployment base, improving detection accuracy and exploitation success rates over time
Your team benefits from this continuous update cycle automatically. Every assessment Neo runs draws from the latest available intelligence with zero configuration or manual updates required.