External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 16:05:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,724 Commits 49 Branches 135 Tags
Commit Graph

5724 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ice3man
d375b66d78 misc 2025-08-06 11:34:36 +05:30
Ice3man
3210091c69 misc 2025-08-06 11:30:12 +05:30
Ice3man
4b142c2e89 misc updates to go.mod 2025-08-06 11:21:45 +05:30
Ice3man
1491c4d470 misc 2025-08-06 04:27:34 +05:30
Ice3man
8ef3662634
Merge pull request #6364 from projectdiscovery/loading-performance-improvements-v2 
feat: loading templates performance improvements
 2025-08-06 01:58:03 +05:30
Ice3man
1b6ae44bb7 Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into loading-performance-improvements-v2 2025-08-06 01:57:41 +05:30
Ice3man
bba2c3a576
Merge pull request #6368 from projectdiscovery/fix/waf-detector-nil-pointer 
fix: prevent nil pointer panic in WAF detector
 2025-08-06 01:53:14 +05:30
knakul853
b685d637f3 fix: prevent nil pointer panic in WAF detector 
- Add nil checks for detector and regexCache in DetectWAF()
- Add nil check for individual regex entries before MatchString()
- Add comprehensive unit tests for nil pointer scenarios
- Prevents runtime panic when WAF detector encounters nil pointers during regex matching
 2025-08-04 21:12:43 +05:30
Dwi Siswanto
cff86b5c98
fix(events): correct JSON encoder type in ScanStatsWorker (#6366) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-08-02 21:49:48 -07:00
Ice3man
3d7f995ddc use bounded concurrency for templates loading 2025-08-03 03:53:34 +05:30
Ice3man
5ba21e272a feat: loading templates performance improvements 2025-08-02 15:58:18 +05:30
PDTeamX
b0fe565a8b Merge branch 'main' into dev 2025-08-02 02:06:03 -07:00
poning
3ac3146ef9
fix(offlinehttp): Replace "-" in headers with "_" for DSL variables (#6363) 
* Replace "-" in headers with "_" for DSL variables in passive mode

* test(offlinehttp): adjust haystack & needle in `TestHTTPOperatorExtract`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2025-08-02 05:35:03 +07:00
Ice3man
06707ea76f
bugfix: preserve original transport for linear http client (#6357) 2025-07-30 21:38:07 +05:30
Štefan Baebler
91adfeb91c
Bump github.com/bytedance/sonic to v1.14.0 for Go 1.25 compatibility (#6348) 
* Bump github.com/bytedance/sonic to v1.14.0  for Go 1.25 compatibility

Fixes #6335
by using https://github.com/bytedance/sonic/releases/tag/v1.14.0

$ go get github.com/bytedance/sonic@v1.14.0 && go mod tidy
go: upgraded github.com/bytedance/sonic v1.13.3 => v1.14.0
go: upgraded github.com/bytedance/sonic/loader v0.2.4 => v0.3.0

* doc(json): update supported plats

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2025-07-28 19:46:44 +07:00
Dogan Can Bakir
5daf84dd6b
Merge pull request #6338 from jishudashen/dev 
chore: fix inconsistent function name in comment
 2025-07-21 11:02:48 +03:00
jishudashen
0337b33490 chore: fix inconsistent function name in comment 
Signed-off-by: jishudashen <jishudashen@foxmail.com>
 2025-07-21 14:13:22 +08:00
Dwi Siswanto
9133e0d2d0
feat(code): log unavail engines as an err while validating (#6326) 
* feat(code): log unavail engines as an err while validating

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(chore): i meant highest level

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-19 00:12:50 +05:30
Ice3man
05f69a6b24
feat: log event for template host skipped during scanning (#6324) 
* feat: log event for template host skipped during scanning

* misc changes
 2025-07-19 00:11:25 +05:30
HD Moore
5b89811b90
Support concurrent Nuclei engines in the same process (#6322) 
* support for concurrent nuclei engines

* clarify LfaAllowed race

* remove unused mutex

* update LfaAllowed logic to prevent races until it can be reworked for per-execution ID

* Update pkg/templates/parser.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* debug tests

* debug gh action

* fixig gh template test

* using atomic

* using synclockmap

* restore tests concurrency

* lint

* wiring executionId in js fs

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2025-07-19 00:10:58 +05:30
Mzack9999
3e9bee7400
Merge pull request #6321 from hdm/bug/various-race-conditions 
Address race conditions in http.Request and MemGuardian
 2025-07-15 15:19:02 +02:00
HD Moore
875941ce8d avoid data races using mutex for memguardian 2025-07-15 02:34:47 -05:00
HD Moore
6bf3f14798 avoid data races by using request clones 2025-07-15 02:34:29 -05:00
gopherorg
1079498182
refactor: use maps.Copy for cleaner map handling (#6283) 
Signed-off-by: gopherorg <gopherworld@icloud.com>
 2025-07-12 02:50:47 +05:30
Dwi Siswanto
a13ea39461
build(docker): bump builder image golang:1.23-alpine => golang:1.24-alpine (#6316) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-12 02:16:35 +05:30
HD Moore
f26996cb89
Remove singletons from Nuclei engine (continuation of #6210) (#6296) 
* introducing execution id

* wip

* .

* adding separate execution context id

* lint

* vet

* fixing pg dialers

* test ignore

* fixing loader FD limit

* test

* fd fix

* wip: remove CloseProcesses() from dev merge

* wip: fix merge issue

* protocolstate: stop memguarding on last dialer delete

* avoid data race in dialers.RawHTTPClient

* use shared logger and avoid race conditions

* use shared logger and avoid race conditions

* go mod

* patch executionId into compiled template cache

* clean up comment in Parse

* go mod update

* bump echarts

* address merge issues

* fix use of gologger

* switch cmd/nuclei to options.Logger

* address merge issues with go.mod

* go vet: address copy of lock with new Copy function

* fixing tests

* disable speed control

* fix nil ExecuterOptions

* removing deprecated code

* fixing result print

* default logger

* cli default logger

* filter warning from results

* fix performance test

* hardcoding path

* disable upload

* refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "disable upload"

This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682.

* Revert "hardcoding path"

This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00.

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
 2025-07-10 01:17:26 +05:30
Jose De La O Hernandez
285c5e1442
fixing panic caused by uninitialized colorizer (#6315) 2025-07-09 04:34:05 +05:30
Dwi Siswanto
7e2ec686ae
fix(lib): scans didn't stop on ctx cancellation (#6310) 
* fix(lib): scans didn't stop on ctx cancellation

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Update lib/sdk_test.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix(lib): wait resources to be released b4 return

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-07-09 01:04:16 +07:00
Mzack9999
3991cc6ec1
Merge pull request #6311 from projectdiscovery/dwisiswant0/chore/config/rm-deprecated-codes-and-calls 
chore(config): rm deprecated codes and calls
 2025-07-08 15:45:25 +02:00
dependabot[bot]
b756b2706f
chore(deps): bump the modules group with 3 updates (#6305) 
Bumps the modules group with 3 updates: [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck).


Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.116 to 1.0.117
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.116...v1.0.117)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.35 to 0.2.36
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.35...v0.2.36)

Updates `github.com/projectdiscovery/cdncheck` from 1.1.15 to 1.1.26
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.15...v1.1.26)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.0.117
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.1.26
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-08 17:57:09 +07:00
Dwi Siswanto
bd5864dbb5
chore(config): rm deprecated codes and calls 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-08 17:35:55 +07:00
Mzack9999
13754956ff
Merge pull request #6307 from projectdiscovery/6297-bugfix-tablewriter-memory-leak 
bumping version + memory cleanup
 2025-07-07 20:13:59 +02:00
Mzack9999
87de71dee9 bumping version + memory cleanup 2025-07-07 18:12:50 +02:00
alban-stourbe-wmx
eccd90d53c
fix(headless): Variables are now available into headless template (#6301) 
* fix(headless): variables now available into simple headless template

* chore: erase debug logs
 2025-07-04 21:51:09 +07:00
sandeep
4190559e8d Merge remote-tracking branch 'origin' v3.4.7 2025-07-01 21:17:40 +07:00
sandeep
84a76b3d4e version bump 2025-07-01 21:17:21 +07:00
Dwi Siswanto
a18a386d12
build: downgraded github.com/zmap/zgrab2 v0.2.0 => v0.1.8 (#6295) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-01 21:00:13 +07:00
dependabot[bot]
5f2082cf34 chore(deps): bump the go_modules group across 1 directory with 3 updates 
Bumps the go_modules group with 3 updates in the / directory: [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin), [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) and [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt).


Updates `github.com/gin-gonic/gin` from 1.9.0 to 1.9.1
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gin-gonic/gin/compare/v1.9.0...v1.9.1)

Updates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.3.0
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0)

Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.2
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.2)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.9.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.3.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-version: 4.5.2
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-01 13:14:02 +00:00
sandeep
ad7066133c Merge remote-tracking branch 'origin' v3.4.6 2025-07-01 00:48:57 +07:00
sandeep
db916199c2 Bump version to v3.4.6 2025-07-01 00:48:41 +07:00
Dwi Siswanto
87ed0b2bb9
build: bump all direct modules (#6290) 
* chore: fix non-constant fmt string in call

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: bump all direct modules

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(hosterrorscache): update import path

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(charts): break changes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: golangci-lint auto fixes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: satisfy lints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(json): update build constraints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: dont panicking on close err

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-01 00:40:44 +07:00
Tarun Koyalwar
2b729e4037
fix context leak in flow (#6282) 
* fix context leak in flow

* handle sizedwaitpool when not reused
 2025-06-30 16:43:00 +07:00
Cho hyun-sik
7b1a02710e
docs: refine Bug Bounty hunter section in Korean docs (#6287) 2025-06-28 02:08:44 +05:30
Emmanuel Ferdman
2c3df33a98
chore: update GoReleaser configurations (#6280) 
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
 2025-06-25 04:23:15 +07:00
Dwi Siswanto
3bcbcc6e65
test(nuclei): adds multiproto benchmark test (#6270) 
* test(nuclei): adds multiproto benchmark test

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(nuclei): deferred runner close & rm duped `os.MkdirTemp`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-24 22:33:44 +05:30
曹家巧
4ff80784ae
refactor: use the built-in max/min to simplify the code (#6272) 
Signed-off-by: xiaoxiangirl <caojiaqiao@outlook.com>
 2025-06-24 05:49:06 +05:30
Dwi Siswanto
695a7520b9
fix(headless): incorrect last navigated URL (#6278) 
* chore(headless): uses `maps.Copy`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(headless): implements update last navigated URL

for `ActionNavigate`, `WaitPageLifecycleEvent`, and
`WaitStable` based on latest navigation URL.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Update pkg/protocols/headless/engine/page.go

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-24 05:32:18 +05:30
Nakul Bharti
c242b112cc
fixed hex dump issue (#6273) 2025-06-19 20:07:59 +05:30
Dogan Can Bakir
6cc9c2e9e8
Merge pull request #6271 from projectdiscovery/log-improvement 
fixed log level mismatch
 2025-06-18 15:05:41 +03:00
knakul853
aba8c47e10 fixed log level mismatch 2025-06-17 17:02:57 +05:30