External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 20:15:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,821 Commits 49 Branches 135 Tags
Commit Graph

20 Commits

Author SHA1 Message Date
HD Moore
f26996cb89
Remove singletons from Nuclei engine (continuation of #6210) (#6296) 
* introducing execution id

* wip

* .

* adding separate execution context id

* lint

* vet

* fixing pg dialers

* test ignore

* fixing loader FD limit

* test

* fd fix

* wip: remove CloseProcesses() from dev merge

* wip: fix merge issue

* protocolstate: stop memguarding on last dialer delete

* avoid data race in dialers.RawHTTPClient

* use shared logger and avoid race conditions

* use shared logger and avoid race conditions

* go mod

* patch executionId into compiled template cache

* clean up comment in Parse

* go mod update

* bump echarts

* address merge issues

* fix use of gologger

* switch cmd/nuclei to options.Logger

* address merge issues with go.mod

* go vet: address copy of lock with new Copy function

* fixing tests

* disable speed control

* fix nil ExecuterOptions

* removing deprecated code

* fixing result print

* default logger

* cli default logger

* filter warning from results

* fix performance test

* hardcoding path

* disable upload

* refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "disable upload"

This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682.

* Revert "hardcoding path"

This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00.

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
 2025-07-10 01:17:26 +05:30
Tarun Koyalwar
2b729e4037
fix context leak in flow (#6282) 
* fix context leak in flow

* handle sizedwaitpool when not reused
 2025-06-30 16:43:00 +07:00
Dwi Siswanto
622c5503fa
perf(*): replace encoding/json w/ sonic or go-json (fallback) (#6019) 
* perf(*): replace `encoding/json` w/ sonic

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(utils): add `json` pkg (sonic wrapper)

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(*): use `sonic` wrapper instead

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(*): replace `sonic.ConfigStd` -> `json` (wrapper)

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(model): adjust expected marshal'd JSON

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(json): dynamic backend; `sonic` -> `go-json` (fallback)

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(json): merge config - as its not usable

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(json): rm go version constraints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: go mod tidy

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-02-11 03:01:37 +05:30
Dwi Siswanto
e0b2542868
feat: conditionally panic-recover (#5553) 
* feat: conditionally panic-recover

As discussed with @Mzack9999, we should avoid
overusing panic-recover. We need to review the RCA
first to determine whether this is an exceptional
situation or if it's a higher-level function meant
to recover from a panic. This approach will help
us establish a robust error-handling strategy.

The implementation of panic-recover should be
conditional and NOT applied when running in a CI
environment AND IS temporary. Once we've caught
all errors and made the necessary corrections, we
can remove the deferred recover function.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(deps): bump `go-ci` to v1.0.2

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(make): add `-race` to `GOFLAGS` in `test`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-08-28 17:57:45 +05:30
Tarun Koyalwar
38e130201e
fix possible nil panic (#5473) 2024-07-31 17:34:56 +05:30
Tarun Koyalwar
2418319df4
js: generate matcher-status event (#5450) 
* js: generate matcher-status event

* isPortOpen: use fastdialer instance

* update sdk unit test

* add docs :)
 2024-07-27 02:46:34 +05:30
Tarun Koyalwar
6cbd73f780
feat: improve ldap output with custom type: (#5387) 
* feat: improve ldap output with custom type:

* js bindings update

* lint fix
 2024-07-15 18:42:22 +05:30
Dogan Can Bakir
f080d614c3
introduce timeouts config in types.Options (#5228) 
* introduce timeout variants

* update instances and add codeexectimeout

* fix test

* default to 10s

* minor

* make timeouts pluggable and rename

* remove residual code

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-07-15 15:57:15 +05:30
Tarun Koyalwar
23bd0336fb
multiple bug fixes + performance improvements (#5148) 
* prototype errkit

* complete errkit implementation

* add cause to all timeouts

* fix request timeout annotation @timeout

* increase responseHeaderTimeout to 8 for stability

* rawhttp error related improvements

* feat: add port status caching

* add port status caching to http

* migrate to new utils/errkit

* remote dialinterface + error cause

* debug dir support using .gitignore debug-*

* make nuclei easy to debug

* debug dir update .gitignore

* temp change (to revert)

* Revert "temp change (to revert)"

This reverts commit d3131f777713b9f80e2275142e80f36340a76d36.

* use available context instead of new one

* bump fastdialer

* fix hosterrorscache + misc improvements

* add 'address' field in error log

* fix js vague errors + pgwrap driver

* fix max host error + misc updates

* update tests as per changes

* fix request annotation context

* remove closed dialer reference

* fix sdk panic issue

* bump retryablehttp-go,utils,fastdialer

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2024-05-25 00:29:04 +05:30
Tarun Koyalwar
3e54ca54b0
feat: fix utils and add goroutine leak unit tests (#5112) 
* feat: fixed leak

* add go leak unit test in sdk

* added goleak unit tests

* bugfix: add random user agents to fuzzing requests

* misc

* misc

* fix lint + use utils pr + misc

* fix ratelimit memleak in sdk

* close protocolstate shared resources in nuclei sdk/lib

* add missing close references

* ignore read/write loop of intransit connections

* close unnecessary idle conns

* add ignore method

* using fixed utils

* dep update

---------

Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2024-05-01 00:28:11 +05:30
Ice3man
0b82e8b7aa
feat: added support for context cancellation to engine (#5096) 
* feat: added support for context cancellation to engine

* misc

* feat: added contexts everywhere

* misc

* misc

* use granular http timeouts and increase http timeout to 30s using multiplier

* track response header timeout in mhe

* update responseHeaderTimeout to 5sec

* skip failing windows test

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-04-25 15:37:56 +05:30
Mzack9999
3c62b56fd9 panic at the pool 2024-04-03 19:02:30 +02:00
Mzack9999
774db61655 lightweight adaptivity on workpool 2024-04-03 18:50:46 +02:00
Mzack9999
a8d1393e96 init- using resizable components 2024-04-03 17:50:57 +02:00
Tarun Koyalwar
94817ca300 js protocol: fix breaking json export issue 2024-03-15 18:04:08 +05:30
Tarun Koyalwar
cc732875cd
javascript: pooling and reuse with export functions + misc updates (#4709) 
* js hotfix: wrap javascript source in anon functions

* mysql module improvements

* misc mysql bugs

* js vm pooling: soft deprecation + incentivised pooling

* misc updates

* disable interactsh failed test

* disable interactsh.yaml integration test on win & mac
 2024-02-02 02:22:04 +05:30
Tarun Koyalwar
5bd9d9ee68
memory leak fixes and optimizations (#4680) 
* feat http response memory optimization + reuse buffers

* update nuclei version

* feat: reuse js vm's and compile to programs

* fix failing http integration test

* remove dead code + add -jsc

* feat reuse js vms in pool with concurrency

* update comments as per review

* bug fix+ update interactsh test to look for dns interaction

* try enabling all interactsh integration tests

---------

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2024-01-31 01:59:49 +05:30
Tarun Koyalwar
2153cc6055
fix panic in smb javascript template + handle panics in js (#4700) 
* switch dependency to projectdiscovery/go-smb2 + handle panics

* bump projectdiscovery/go-smb2

* disable interactsh integration test
 2024-01-30 04:15:59 +05:30
Tarun Koyalwar
a677fca192
misc improvements in js protocol execution (#4643) 
* js protocol  timeout using -timeout flag

* fix zgrab smb hang

* fix lint error

* custom timeout field in js protocol

* minor update: bound checking

* add 6 * -timeout in code protocol by default
 2024-01-18 04:39:15 +05:30
Tarun Koyalwar
dc44105baf
nuclei v3 : misc updates (#4247) 
* use parsed options while signing

* update project layout to v3

* fix .gitignore

* remove example template

* misc updates

* bump tlsx version

* hide template sig warning with env

* js: retain value while using log

* fix nil pointer derefernce

* misc doc update

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2023-10-17 17:44:13 +05:30