External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 15:55:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,694 Commits 49 Branches 135 Tags
Commit Graph

5694 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
knakul853
1af32d3b9d feat(tmplexec): add feature flag to control error enrichment in debug mode for better traceability and cleaner output 2025-07-21 21:10:43 +05:30
Mzack9999
3e9bee7400
Merge pull request #6321 from hdm/bug/various-race-conditions 
Address race conditions in http.Request and MemGuardian
 2025-07-15 15:19:02 +02:00
HD Moore
875941ce8d avoid data races using mutex for memguardian 2025-07-15 02:34:47 -05:00
HD Moore
6bf3f14798 avoid data races by using request clones 2025-07-15 02:34:29 -05:00
gopherorg
1079498182
refactor: use maps.Copy for cleaner map handling (#6283) 
Signed-off-by: gopherorg <gopherworld@icloud.com>
 2025-07-12 02:50:47 +05:30
Dwi Siswanto
a13ea39461
build(docker): bump builder image golang:1.23-alpine => golang:1.24-alpine (#6316) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-12 02:16:35 +05:30
HD Moore
f26996cb89
Remove singletons from Nuclei engine (continuation of #6210) (#6296) 
* introducing execution id

* wip

* .

* adding separate execution context id

* lint

* vet

* fixing pg dialers

* test ignore

* fixing loader FD limit

* test

* fd fix

* wip: remove CloseProcesses() from dev merge

* wip: fix merge issue

* protocolstate: stop memguarding on last dialer delete

* avoid data race in dialers.RawHTTPClient

* use shared logger and avoid race conditions

* use shared logger and avoid race conditions

* go mod

* patch executionId into compiled template cache

* clean up comment in Parse

* go mod update

* bump echarts

* address merge issues

* fix use of gologger

* switch cmd/nuclei to options.Logger

* address merge issues with go.mod

* go vet: address copy of lock with new Copy function

* fixing tests

* disable speed control

* fix nil ExecuterOptions

* removing deprecated code

* fixing result print

* default logger

* cli default logger

* filter warning from results

* fix performance test

* hardcoding path

* disable upload

* refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "disable upload"

This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682.

* Revert "hardcoding path"

This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00.

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
 2025-07-10 01:17:26 +05:30
Jose De La O Hernandez
285c5e1442
fixing panic caused by uninitialized colorizer (#6315) 2025-07-09 04:34:05 +05:30
Dwi Siswanto
7e2ec686ae
fix(lib): scans didn't stop on ctx cancellation (#6310) 
* fix(lib): scans didn't stop on ctx cancellation

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Update lib/sdk_test.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix(lib): wait resources to be released b4 return

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-07-09 01:04:16 +07:00
Mzack9999
3991cc6ec1
Merge pull request #6311 from projectdiscovery/dwisiswant0/chore/config/rm-deprecated-codes-and-calls 
chore(config): rm deprecated codes and calls
 2025-07-08 15:45:25 +02:00
dependabot[bot]
b756b2706f
chore(deps): bump the modules group with 3 updates (#6305) 
Bumps the modules group with 3 updates: [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck).


Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.116 to 1.0.117
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.116...v1.0.117)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.35 to 0.2.36
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.35...v0.2.36)

Updates `github.com/projectdiscovery/cdncheck` from 1.1.15 to 1.1.26
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.15...v1.1.26)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.0.117
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.1.26
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-08 17:57:09 +07:00
Dwi Siswanto
bd5864dbb5
chore(config): rm deprecated codes and calls 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-08 17:35:55 +07:00
Mzack9999
13754956ff
Merge pull request #6307 from projectdiscovery/6297-bugfix-tablewriter-memory-leak 
bumping version + memory cleanup
 2025-07-07 20:13:59 +02:00
Mzack9999
87de71dee9 bumping version + memory cleanup 2025-07-07 18:12:50 +02:00
alban-stourbe-wmx
eccd90d53c
fix(headless): Variables are now available into headless template (#6301) 
* fix(headless): variables now available into simple headless template

* chore: erase debug logs
 2025-07-04 21:51:09 +07:00
sandeep
84a76b3d4e version bump 2025-07-01 21:17:21 +07:00
Dwi Siswanto
a18a386d12
build: downgraded github.com/zmap/zgrab2 v0.2.0 => v0.1.8 (#6295) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-01 21:00:13 +07:00
dependabot[bot]
5f2082cf34 chore(deps): bump the go_modules group across 1 directory with 3 updates 
Bumps the go_modules group with 3 updates in the / directory: [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin), [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) and [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt).


Updates `github.com/gin-gonic/gin` from 1.9.0 to 1.9.1
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gin-gonic/gin/compare/v1.9.0...v1.9.1)

Updates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.3.0
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0)

Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.2
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.2)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.9.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.3.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-version: 4.5.2
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-01 13:14:02 +00:00
sandeep
db916199c2 Bump version to v3.4.6 2025-07-01 00:48:41 +07:00
Dwi Siswanto
87ed0b2bb9
build: bump all direct modules (#6290) 
* chore: fix non-constant fmt string in call

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: bump all direct modules

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(hosterrorscache): update import path

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(charts): break changes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: golangci-lint auto fixes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: satisfy lints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(json): update build constraints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: dont panicking on close err

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-01 00:40:44 +07:00
Tarun Koyalwar
2b729e4037
fix context leak in flow (#6282) 
* fix context leak in flow

* handle sizedwaitpool when not reused
 2025-06-30 16:43:00 +07:00
Cho hyun-sik
7b1a02710e
docs: refine Bug Bounty hunter section in Korean docs (#6287) 2025-06-28 02:08:44 +05:30
Emmanuel Ferdman
2c3df33a98
chore: update GoReleaser configurations (#6280) 
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
 2025-06-25 04:23:15 +07:00
Dwi Siswanto
3bcbcc6e65
test(nuclei): adds multiproto benchmark test (#6270) 
* test(nuclei): adds multiproto benchmark test

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(nuclei): deferred runner close & rm duped `os.MkdirTemp`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-24 22:33:44 +05:30
曹家巧
4ff80784ae
refactor: use the built-in max/min to simplify the code (#6272) 
Signed-off-by: xiaoxiangirl <caojiaqiao@outlook.com>
 2025-06-24 05:49:06 +05:30
Dwi Siswanto
695a7520b9
fix(headless): incorrect last navigated URL (#6278) 
* chore(headless): uses `maps.Copy`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(headless): implements update last navigated URL

for `ActionNavigate`, `WaitPageLifecycleEvent`, and
`WaitStable` based on latest navigation URL.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Update pkg/protocols/headless/engine/page.go

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-24 05:32:18 +05:30
Nakul Bharti
c242b112cc
fixed hex dump issue (#6273) 2025-06-19 20:07:59 +05:30
Dogan Can Bakir
6cc9c2e9e8
Merge pull request #6271 from projectdiscovery/log-improvement 
fixed log level mismatch
 2025-06-18 15:05:41 +03:00
knakul853
aba8c47e10 fixed log level mismatch 2025-06-17 17:02:57 +05:30
sandeep
5af6feb889 version update 2025-06-17 05:12:02 +05:30
Eric Gruber
b95b04fc4d
feat: add EnableMatcherStatus function to configure matcher status in NucleiEngine (#6191) 2025-06-17 05:08:01 +05:30
Dwi Siswanto
61bcf0f10e
feat(headless): store responses (#6247) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-17 05:00:31 +05:30
Dwi Siswanto
a326f3925c
fix(tmplexec): memory blowup in multiproto (#6258) 
* bugfix: fix memory blowup using previousEvent for multi-proto execution

* refactor(tmplexec): uses supported protocol types

Signed-off-by: Dwi Siswanto <git@dw1.io>

* add co-author

Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(tmplexec): mv builder inside loop scope

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(tmplexec): skip existing keys in `FillPreviousEvent`

The `FillPreviousEvent` func was modified to
prevent overwriting/duplicating entries in the
previous map.

It now checks if a key `k` from
`event.InternalEvent` already exists in the
previous map. If it does, the key is skipped. This
ensures that if `k` was already set (potentially
w/o a prefix), it's not re-added with an `ID_`
prefix.

Additionally, keys in `event.InternalEvent` that
already start with the current `ID_` prefix are
also skipped to avoid redundant prefixing.

This change simplifies the logic by removing the
`reqTypeWithIndexRegex` and directly addresses the
potential for duplicate / incorrectly prefixed
keys when `event.InternalEvent` grows during
protocol request execution.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(tmplexec): naming convention, `ID` => `protoID`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(tmplexec): it's request ID lol sorry

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
 2025-06-17 04:53:32 +05:30
Dwi Siswanto
797ceb57db
fix(authx): JSON unmarshalling for Dynamic auth type (#6268) 
* fix(authx): JSON unmarshalling for Dynamic auth type

Correcting the `UnmarshalJSON` method to properly
unmarshal JSON, particularlyaddressing the
population of the embedded `Secret` field. This
was achieved by using a type alias to avoid
recursive calls and rely on default unmarshalling
behavior.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(authx): adds nil Dynamic struct check

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-17 04:48:05 +05:30
Shubham Rasal
f89a6d33e9
Use proxy for dns and ssl templates (#6255) 
* Use proxy for dns and ssl templates

- while using template execute level function we need to override custom dialer

* rename overridedialer to customdialer

* Add proxy into hash

- proxy client is shared between non proxy requests

* add dialer into request object

- use request.dialer instead of global variable

* resolve comments

* rename dialer
 2025-06-16 22:24:52 +05:30
sandeep
fc6d5a7773 improved logging 2025-06-16 20:06:17 +05:30
Dogan Can Bakir
a4859df5e9
Merge pull request #6243 from tongjicoder/dev 
refactor: use slices.Contains to simplify code
 2025-05-27 15:48:20 +03:00
Dogan Can Bakir
85c709ea22
Merge pull request #6245 from projectdiscovery/bump_dsl_pkg 
bump dsl pkg
 2025-05-27 15:44:39 +03:00
Doğan Can Bakır
ec353f534c
bump dsl pkg 2025-05-27 21:42:33 +09:00
tongjicoder
3be29abfc9 refactor: use slices.Contains to simplify code 
Signed-off-by: tongjicoder <tongjicoder@icloud.com>
 2025-05-27 17:16:26 +08:00
Reynaldo Jarro
8a13639b62
fixing missing symbol (#6242) 2025-05-27 14:32:25 +05:30
Dogan Can Bakir
37fa0c69ec
Merge pull request #6206 from 23kbps/dev 
Fix ingress template in helm chart
 2025-05-24 16:31:49 +03:00
Dogan Can Bakir
160eab998c
Merge pull request #6222 from fourcube/fix/slow-headless-start-and-shutdown 
fix: improve headless engine startup and shutdown
 2025-05-19 16:42:38 +03:00
Dogan Can Bakir
9dce36a0c8
Merge pull request #6233 from projectdiscovery/dwisiswant0/ci/adds-stale-workflow 
ci: adds stale workflow
 2025-05-19 16:13:09 +03:00
Nakul Bharti
242b1e1636
increase file descriptor limits (#6230) 
* add missing file

* increase file descriptor limit

* removed debugging code

* fixed lower case

* test: tweaks on script

* uses CI runtime env vars (`RUNNER_OS` &
  `RUNNER_DEBUG`)
* restores originial `ulimit`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2025-05-18 20:09:41 +05:30
Dwi Siswanto
21d376f194
ci: adds stale workflow 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-05-18 19:46:14 +07:00
Dwi Siswanto
3957237199
fix(openapi): handles nil schema & schema values (#6228) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-05-17 00:46:41 +05:30
Dogan Can Bakir
40e29f1095
Merge pull request #6226 from heywoodlh/docker-golang-bump 
bump golang in dockerfile: 1.22 => 1.23
 2025-05-15 17:51:24 +03:00
Doğan Can Bakır
ebab60f9cd
Revert "update dockerfile golang version" 
This reverts commit 740a3732af27711873eac282fbaea7c0d98b9574.
 2025-05-15 21:48:45 +07:00
Doğan Can Bakır
740a3732af
update dockerfile golang version 2025-05-15 21:46:06 +07:00