External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 15:37:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,821 Commits 49 Branches 135 Tags
Commit Graph

93 Commits

Author SHA1 Message Date
Mzack9999
cb2d93174a fixing logic 2025-09-25 22:46:40 +02:00
Mzack9999
61bd0828dc Merge branch 'dev' into RDP-Enc-func 2025-09-25 22:07:17 +02:00
Mzack9999
521a21c06a Merge branch 'dev' into feat-4842-vnc 2025-09-12 11:51:17 +02:00
Mzack9999
c863143771 lint 2025-09-12 10:35:09 +02:00
Mzack9999
5c8da8d88b code from https://github.com/projectdiscovery/nuclei/pull/6427 2025-09-12 10:29:42 +02:00
cui
d76187f99a
Refactor to use reflect.TypeFor (#6428) 2025-08-27 22:31:04 +05:30
Mzack9999
e83382d4e4 lint 2025-08-25 15:33:21 +02:00
Mzack9999
b61321cd19 Merge branch 'dev' into feat-4842-vnc 2025-08-25 15:22:14 +02:00
Mzack9999
f20f95f67e integration test 2025-08-25 15:13:23 +02:00
Tarun Koyalwar
19247ae74b
Path-Based Fuzzing SQL fix (#6400) 
* setup claude

* migrate to using errkit

* fix unused imports + lint errors

* update settings.json

* fix url encoding issue

* fix lint error

* fix the path fuzzing component

* fix lint error
 2025-08-25 13:36:58 +05:30
Mzack9999
6b358b39a3 lint 2025-08-21 23:38:58 +02:00
Mzack9999
b41f4d97d6 gen go+js 2025-08-21 22:04:55 +02:00
Mzack9999
5c15c77777 adding vnc auth 2025-08-21 22:02:47 +02:00
Sandeep Singh
b4644af80a
Lint + test fixes after utils dep update (#6393) 
* fix: remove undefined errorutil.ShowStackTrace

* feat: add make lint support and integrate with test

* refactor: migrate errorutil to errkit across codebase

- Replace deprecated errorutil with modern errkit
- Convert error declarations from var to func for better compatibility
- Fix all SA1019 deprecation warnings
- Maintain error chain support and stack traces

* fix: improve DNS test reliability using Google DNS

- Configure test to use Google DNS (8.8.8.8) for stability
- Fix nil pointer issue in DNS client initialization
- Keep production defaults unchanged

* fixing logic

* removing unwanted branches in makefile

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2025-08-20 05:28:23 +05:30
HD Moore
5b89811b90
Support concurrent Nuclei engines in the same process (#6322) 
* support for concurrent nuclei engines

* clarify LfaAllowed race

* remove unused mutex

* update LfaAllowed logic to prevent races until it can be reworked for per-execution ID

* Update pkg/templates/parser.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* debug tests

* debug gh action

* fixig gh template test

* using atomic

* using synclockmap

* restore tests concurrency

* lint

* wiring executionId in js fs

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2025-07-19 00:10:58 +05:30
gopherorg
1079498182
refactor: use maps.Copy for cleaner map handling (#6283) 
Signed-off-by: gopherorg <gopherworld@icloud.com>
 2025-07-12 02:50:47 +05:30
HD Moore
f26996cb89
Remove singletons from Nuclei engine (continuation of #6210) (#6296) 
* introducing execution id

* wip

* .

* adding separate execution context id

* lint

* vet

* fixing pg dialers

* test ignore

* fixing loader FD limit

* test

* fd fix

* wip: remove CloseProcesses() from dev merge

* wip: fix merge issue

* protocolstate: stop memguarding on last dialer delete

* avoid data race in dialers.RawHTTPClient

* use shared logger and avoid race conditions

* use shared logger and avoid race conditions

* go mod

* patch executionId into compiled template cache

* clean up comment in Parse

* go mod update

* bump echarts

* address merge issues

* fix use of gologger

* switch cmd/nuclei to options.Logger

* address merge issues with go.mod

* go vet: address copy of lock with new Copy function

* fixing tests

* disable speed control

* fix nil ExecuterOptions

* removing deprecated code

* fixing result print

* default logger

* cli default logger

* filter warning from results

* fix performance test

* hardcoding path

* disable upload

* refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "disable upload"

This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682.

* Revert "hardcoding path"

This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00.

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
 2025-07-10 01:17:26 +05:30
Dwi Siswanto
87ed0b2bb9
build: bump all direct modules (#6290) 
* chore: fix non-constant fmt string in call

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: bump all direct modules

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(hosterrorscache): update import path

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(charts): break changes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: golangci-lint auto fixes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: satisfy lints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(json): update build constraints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: dont panicking on close err

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-01 00:40:44 +07:00
Tarun Koyalwar
2b729e4037
fix context leak in flow (#6282) 
* fix context leak in flow

* handle sizedwaitpool when not reused
 2025-06-30 16:43:00 +07:00
Mzack9999
b9d0f2585f
Merge pull request #6200 from projectdiscovery/msssql-exec-query-support 
feat: added support to mssql for execute query
 2025-05-01 23:19:03 +02:00
Mzack9999
088425d351 adding mssql check 2025-05-01 22:44:29 +02:00
pussycat0x
32845bccf2 CheckRDPEncryption 2025-05-01 18:20:02 +05:30
pussycat0x
cbf57ef889
Update ldap.go (#6202) 2025-04-30 14:10:44 +05:30
Ice3man
b14e634047 feat: added support to mssql for execute query 2025-04-28 18:56:35 +05:30
Dwi Siswanto
622c5503fa
perf(*): replace encoding/json w/ sonic or go-json (fallback) (#6019) 
* perf(*): replace `encoding/json` w/ sonic

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(utils): add `json` pkg (sonic wrapper)

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(*): use `sonic` wrapper instead

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(*): replace `sonic.ConfigStd` -> `json` (wrapper)

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(model): adjust expected marshal'd JSON

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(json): dynamic backend; `sonic` -> `go-json` (fallback)

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(json): merge config - as its not usable

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(json): rm go version constraints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: go mod tidy

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-02-11 03:01:37 +05:30
Roy Reznik
dac38732dc
stop using deprecated mholt/archiver (#5951) 
* stop using deprecated mholt/archiver

* Fix CR

* chore: go mod tidy

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2025-01-31 13:27:16 +05:30
Douglas Danger Manley
e4a0b8ec60
Do not clobber the "tcp" dialer for MySQL (#5681) 
This introduces a "nucleitcp" protocol that Nuclei will use when
making MySQL connections as part of its templates.

Previously, this would register (and de-register!) a custom "tcp"
dialer, and that applied globally, so any piece of software that
used a MySQL database and included nuclei in SDK mode would have
its database connections ripped out from under it due to the dialer
hijacking.

By using "nucleitcp" as the protocol, we are free to do whatever
we want with the dialer and not impact any other packages.

Within our `BuildDSN` function, we quietly replace the protocol to
"nucleitcp" if it was "tcp", so nuclei developers don't have to do
anything special to use this functionality; it will always do it.
 2025-01-15 00:29:30 +05:30
Ramana Reddy
7ba5d51b00
fix: ldap metadata collection err (#5683) 2024-10-07 18:12:07 +05:30
Ramana Reddy
8b9acb2927
return bool resp on successful ldap authentication (#5682) 2024-10-07 18:11:03 +05:30
Ramana Reddy
f30d0b3b8d
fix: mysql connection with special characters in password (#5604) 2024-09-06 23:49:55 +05:30
Dwi Siswanto
e0b2542868
feat: conditionally panic-recover (#5553) 
* feat: conditionally panic-recover

As discussed with @Mzack9999, we should avoid
overusing panic-recover. We need to review the RCA
first to determine whether this is an exceptional
situation or if it's a higher-level function meant
to recover from a panic. This approach will help
us establish a robust error-handling strategy.

The implementation of panic-recover should be
conditional and NOT applied when running in a CI
environment AND IS temporary. Once we've caught
all errors and made the necessary corrections, we
can remove the deferred recover function.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(deps): bump `go-ci` to v1.0.2

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(make): add `-race` to `GOFLAGS` in `test`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-08-28 17:57:45 +05:30
Tarun Koyalwar
1c76398aea
lint error fixes (#5531) 
* lint error fixes

* chore: satisfy non-constant format str in call lint (govet)

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2024-08-16 20:31:23 +05:30
Tarun Koyalwar
38e130201e
fix possible nil panic (#5473) 2024-07-31 17:34:56 +05:30
Tarun Koyalwar
2418319df4
js: generate matcher-status event (#5450) 
* js: generate matcher-status event

* isPortOpen: use fastdialer instance

* update sdk unit test

* add docs :)
 2024-07-27 02:46:34 +05:30
jarnpher_rice
f930e9a58f
chore(deps): change github.com/denisenkom/go-mssqldb to github.com/microsoft/go-mssqldb (#5419) 2024-07-25 02:59:35 +05:30
Tarun Koyalwar
6cbd73f780
feat: improve ldap output with custom type: (#5387) 
* feat: improve ldap output with custom type:

* js bindings update

* lint fix
 2024-07-15 18:42:22 +05:30
Dogan Can Bakir
f080d614c3
introduce timeouts config in types.Options (#5228) 
* introduce timeout variants

* update instances and add codeexectimeout

* fix test

* default to 10s

* minor

* make timeouts pluggable and rename

* remove residual code

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-07-15 15:57:15 +05:30
Ramana Reddy
d4e81fd9e6
register goja func to check udp port (#5397) 
* register goja func to check port with network param

* register goja func to check udp port
 2024-07-15 12:58:30 +05:30
Mzack9999
1c24ceda45
adding automatic service check on query (#5291) 
* adding automatic service check on query

* automatic service check
 2024-07-08 17:08:29 +05:30
Tarun Koyalwar
1e3cfd75ea fix issue with ldap search func 2024-07-03 18:26:59 +05:30
Tarun Koyalwar
23bd0336fb
multiple bug fixes + performance improvements (#5148) 
* prototype errkit

* complete errkit implementation

* add cause to all timeouts

* fix request timeout annotation @timeout

* increase responseHeaderTimeout to 8 for stability

* rawhttp error related improvements

* feat: add port status caching

* add port status caching to http

* migrate to new utils/errkit

* remote dialinterface + error cause

* debug dir support using .gitignore debug-*

* make nuclei easy to debug

* debug dir update .gitignore

* temp change (to revert)

* Revert "temp change (to revert)"

This reverts commit d3131f777713b9f80e2275142e80f36340a76d36.

* use available context instead of new one

* bump fastdialer

* fix hosterrorscache + misc improvements

* add 'address' field in error log

* fix js vague errors + pgwrap driver

* fix max host error + misc updates

* update tests as per changes

* fix request annotation context

* remove closed dialer reference

* fix sdk panic issue

* bump retryablehttp-go,utils,fastdialer

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2024-05-25 00:29:04 +05:30
Ice3man
4170e1cbb8
more goroutine leak fixes to nuclei (#5188) 
* more goroutine leak fixes to nuclei

* run only dns templates for test

* updated httpx to dev

* dep update

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2024-05-20 00:48:40 +05:30
Tarun Koyalwar
3e54ca54b0
feat: fix utils and add goroutine leak unit tests (#5112) 
* feat: fixed leak

* add go leak unit test in sdk

* added goleak unit tests

* bugfix: add random user agents to fuzzing requests

* misc

* misc

* fix lint + use utils pr + misc

* fix ratelimit memleak in sdk

* close protocolstate shared resources in nuclei sdk/lib

* add missing close references

* ignore read/write loop of intransit connections

* close unnecessary idle conns

* add ignore method

* using fixed utils

* dep update

---------

Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2024-05-01 00:28:11 +05:30
Ice3man
0b82e8b7aa
feat: added support for context cancellation to engine (#5096) 
* feat: added support for context cancellation to engine

* misc

* feat: added contexts everywhere

* misc

* misc

* use granular http timeouts and increase http timeout to 30s using multiplier

* track response header timeout in mhe

* update responseHeaderTimeout to 5sec

* skip failing windows test

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-04-25 15:37:56 +05:30
mzack
7e363984b2 Merge branch 'dev' into feat-3072-init-adaptive-speed 2024-04-09 15:19:51 +02:00
Muhammad Daffa
ffbe5deebb
feat: added asreproastable (#4990) 
* feat: added asreproastable

* ldap: remove FilterAccountEnabled from AsRepRoastable

* run 'make jsupdate'

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-04-08 03:31:30 +05:30
Mzack9999
3c62b56fd9 panic at the pool 2024-04-03 19:02:30 +02:00
Mzack9999
774db61655 lightweight adaptivity on workpool 2024-04-03 18:50:46 +02:00
Mzack9999
a8d1393e96 init- using resizable components 2024-04-03 17:50:57 +02:00
Tarun Koyalwar
255032f4f2
pre-condition in code , fuzz and other misc updates (#4966) 
* fuzz: rename 'filters' -> 'pre-condition'

* code proto: pre-condition + integration test

* feat: dsl document generator

* update dsl page header

* fix lint error

* add js defined helper funcs in docs

* remove panic recovery unless its for third party(go-rod,goja)

* handle dynamic values flattening edgecase in flow+multiprotocol

* fix order of kv in form-data (failing test)

* fix template loading counters

* Revert "handle dynamic values flattening edgecase in flow+multiprotocol"

This reverts commit 58fdd4faf7df5d654b46a9585011f614d5c98aa4.

* fix flow iteration using 'iterate'
 2024-04-01 19:18:21 +05:30