External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 20:05:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,821 Commits 49 Branches 135 Tags
Commit Graph

69 Commits

Author SHA1 Message Date
Mzack9999
cb2d93174a fixing logic 2025-09-25 22:46:40 +02:00
Mzack9999
61bd0828dc Merge branch 'dev' into RDP-Enc-func 2025-09-25 22:07:17 +02:00
Mzack9999
521a21c06a Merge branch 'dev' into feat-4842-vnc 2025-09-12 11:51:17 +02:00
Mzack9999
5c8da8d88b code from https://github.com/projectdiscovery/nuclei/pull/6427 2025-09-12 10:29:42 +02:00
Mzack9999
e83382d4e4 lint 2025-08-25 15:33:21 +02:00
Mzack9999
b61321cd19 Merge branch 'dev' into feat-4842-vnc 2025-08-25 15:22:14 +02:00
Mzack9999
f20f95f67e integration test 2025-08-25 15:13:23 +02:00
Tarun Koyalwar
19247ae74b
Path-Based Fuzzing SQL fix (#6400) 
* setup claude

* migrate to using errkit

* fix unused imports + lint errors

* update settings.json

* fix url encoding issue

* fix lint error

* fix the path fuzzing component

* fix lint error
 2025-08-25 13:36:58 +05:30
Mzack9999
6b358b39a3 lint 2025-08-21 23:38:58 +02:00
Mzack9999
5c15c77777 adding vnc auth 2025-08-21 22:02:47 +02:00
Sandeep Singh
b4644af80a
Lint + test fixes after utils dep update (#6393) 
* fix: remove undefined errorutil.ShowStackTrace

* feat: add make lint support and integrate with test

* refactor: migrate errorutil to errkit across codebase

- Replace deprecated errorutil with modern errkit
- Convert error declarations from var to func for better compatibility
- Fix all SA1019 deprecation warnings
- Maintain error chain support and stack traces

* fix: improve DNS test reliability using Google DNS

- Configure test to use Google DNS (8.8.8.8) for stability
- Fix nil pointer issue in DNS client initialization
- Keep production defaults unchanged

* fixing logic

* removing unwanted branches in makefile

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2025-08-20 05:28:23 +05:30
HD Moore
5b89811b90
Support concurrent Nuclei engines in the same process (#6322) 
* support for concurrent nuclei engines

* clarify LfaAllowed race

* remove unused mutex

* update LfaAllowed logic to prevent races until it can be reworked for per-execution ID

* Update pkg/templates/parser.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* debug tests

* debug gh action

* fixig gh template test

* using atomic

* using synclockmap

* restore tests concurrency

* lint

* wiring executionId in js fs

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2025-07-19 00:10:58 +05:30
HD Moore
f26996cb89
Remove singletons from Nuclei engine (continuation of #6210) (#6296) 
* introducing execution id

* wip

* .

* adding separate execution context id

* lint

* vet

* fixing pg dialers

* test ignore

* fixing loader FD limit

* test

* fd fix

* wip: remove CloseProcesses() from dev merge

* wip: fix merge issue

* protocolstate: stop memguarding on last dialer delete

* avoid data race in dialers.RawHTTPClient

* use shared logger and avoid race conditions

* use shared logger and avoid race conditions

* go mod

* patch executionId into compiled template cache

* clean up comment in Parse

* go mod update

* bump echarts

* address merge issues

* fix use of gologger

* switch cmd/nuclei to options.Logger

* address merge issues with go.mod

* go vet: address copy of lock with new Copy function

* fixing tests

* disable speed control

* fix nil ExecuterOptions

* removing deprecated code

* fixing result print

* default logger

* cli default logger

* filter warning from results

* fix performance test

* hardcoding path

* disable upload

* refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "disable upload"

This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682.

* Revert "hardcoding path"

This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00.

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
 2025-07-10 01:17:26 +05:30
Dwi Siswanto
87ed0b2bb9
build: bump all direct modules (#6290) 
* chore: fix non-constant fmt string in call

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: bump all direct modules

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(hosterrorscache): update import path

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(charts): break changes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: golangci-lint auto fixes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: satisfy lints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(json): update build constraints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: dont panicking on close err

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-01 00:40:44 +07:00
Mzack9999
b9d0f2585f
Merge pull request #6200 from projectdiscovery/msssql-exec-query-support 
feat: added support to mssql for execute query
 2025-05-01 23:19:03 +02:00
Mzack9999
088425d351 adding mssql check 2025-05-01 22:44:29 +02:00
pussycat0x
32845bccf2 CheckRDPEncryption 2025-05-01 18:20:02 +05:30
pussycat0x
cbf57ef889
Update ldap.go (#6202) 2025-04-30 14:10:44 +05:30
Ice3man
b14e634047 feat: added support to mssql for execute query 2025-04-28 18:56:35 +05:30
Douglas Danger Manley
e4a0b8ec60
Do not clobber the "tcp" dialer for MySQL (#5681) 
This introduces a "nucleitcp" protocol that Nuclei will use when
making MySQL connections as part of its templates.

Previously, this would register (and de-register!) a custom "tcp"
dialer, and that applied globally, so any piece of software that
used a MySQL database and included nuclei in SDK mode would have
its database connections ripped out from under it due to the dialer
hijacking.

By using "nucleitcp" as the protocol, we are free to do whatever
we want with the dialer and not impact any other packages.

Within our `BuildDSN` function, we quietly replace the protocol to
"nucleitcp" if it was "tcp", so nuclei developers don't have to do
anything special to use this functionality; it will always do it.
 2025-01-15 00:29:30 +05:30
Ramana Reddy
7ba5d51b00
fix: ldap metadata collection err (#5683) 2024-10-07 18:12:07 +05:30
Ramana Reddy
8b9acb2927
return bool resp on successful ldap authentication (#5682) 2024-10-07 18:11:03 +05:30
Ramana Reddy
f30d0b3b8d
fix: mysql connection with special characters in password (#5604) 2024-09-06 23:49:55 +05:30
jarnpher_rice
f930e9a58f
chore(deps): change github.com/denisenkom/go-mssqldb to github.com/microsoft/go-mssqldb (#5419) 2024-07-25 02:59:35 +05:30
Tarun Koyalwar
6cbd73f780
feat: improve ldap output with custom type: (#5387) 
* feat: improve ldap output with custom type:

* js bindings update

* lint fix
 2024-07-15 18:42:22 +05:30
Mzack9999
1c24ceda45
adding automatic service check on query (#5291) 
* adding automatic service check on query

* automatic service check
 2024-07-08 17:08:29 +05:30
Tarun Koyalwar
1e3cfd75ea fix issue with ldap search func 2024-07-03 18:26:59 +05:30
Tarun Koyalwar
23bd0336fb
multiple bug fixes + performance improvements (#5148) 
* prototype errkit

* complete errkit implementation

* add cause to all timeouts

* fix request timeout annotation @timeout

* increase responseHeaderTimeout to 8 for stability

* rawhttp error related improvements

* feat: add port status caching

* add port status caching to http

* migrate to new utils/errkit

* remote dialinterface + error cause

* debug dir support using .gitignore debug-*

* make nuclei easy to debug

* debug dir update .gitignore

* temp change (to revert)

* Revert "temp change (to revert)"

This reverts commit d3131f777713b9f80e2275142e80f36340a76d36.

* use available context instead of new one

* bump fastdialer

* fix hosterrorscache + misc improvements

* add 'address' field in error log

* fix js vague errors + pgwrap driver

* fix max host error + misc updates

* update tests as per changes

* fix request annotation context

* remove closed dialer reference

* fix sdk panic issue

* bump retryablehttp-go,utils,fastdialer

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2024-05-25 00:29:04 +05:30
Ice3man
4170e1cbb8
more goroutine leak fixes to nuclei (#5188) 
* more goroutine leak fixes to nuclei

* run only dns templates for test

* updated httpx to dev

* dep update

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2024-05-20 00:48:40 +05:30
Muhammad Daffa
ffbe5deebb
feat: added asreproastable (#4990) 
* feat: added asreproastable

* ldap: remove FilterAccountEnabled from AsRepRoastable

* run 'make jsupdate'

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-04-08 03:31:30 +05:30
Mzack9999
4c7a0f424e
Transparent Memoization via func Annotation (#4742) 
* initial implementation with manual code generation

* testing generation

* refactor to package methods + auto memoize

* more memos

* fixing signatures

* refactor

* adding gen util

* adding util

* regenerate memoized files

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-03-01 18:40:18 +05:30
Tarun Koyalwar
8a2ff17ad8
allow specifying self-contained at http request level (#4812) 
* allow specifying self-contained at requestlevel

* fix IsSMTP js example

* update smtp + fix examples

* update smtp error message

* add code reference in js protocol

* update js docs

* remove debug stmt
 2024-03-01 16:38:56 +05:30
Tarun Koyalwar
36985345a9
javascript bindings + docs generation enhancements ( generate typescript defination .d.ts files) (#4487) 
* introduce typescript files generation using ast + tmpl

* feat valid ts with scraping

* feat remove old logic + tsdocs for all modules

* fix ikev and related bugs

* typescript docs for js modules

* lint,build + ldap realm fix

* go mod tidy

* fix named imports ast parsing

* fix ast code generation errors

* complete support for ts files generation

* support go global/const in ts docs

* updated template

* feat: typescript using go code generation

* nuke jsdoc generator

* update generated ts dir structure

* fix multifile ts gen issue

* fix panic in ts code gen

* fix test

* update docs of js libs

* feat: add doc+example for every js class,function,method

* fix missing quotes in ikev example

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2024-02-07 21:45:40 +05:30
Tarun Koyalwar
66bc616fd2 update js proto bindings 2024-02-06 04:02:53 +05:30
Tarun Koyalwar
fd2ab3ce8a refactor to use nucleijs utils 2024-02-06 03:55:57 +05:30
Tarun Koyalwar
0e11bd7196 Merge remote-tracking branch 'upstream/dev' into ldap-protocol-enhancements 2024-02-06 02:38:38 +05:30
Tarun Koyalwar
3b75db46c7
Merge pull request #4647 from 5amu/remove-kerberos-dependency 
switch dependency for kerberos js module (ropnop/gorkb5 -> jcmturner/gokrb5)
 2024-02-06 02:37:57 +05:30
Tarun Koyalwar
71154918b0 fix network policy error 2024-02-06 02:03:33 +05:30
Tarun Koyalwar
01487ba1b8 network policy check + ASREP method 2024-02-05 23:56:16 +05:30
Tarun Koyalwar
06d9de3a27 refactor kerberos with nucleijs helper 2024-02-05 23:21:04 +05:30
Tarun Koyalwar
cc732875cd
javascript: pooling and reuse with export functions + misc updates (#4709) 
* js hotfix: wrap javascript source in anon functions

* mysql module improvements

* misc mysql bugs

* js vm pooling: soft deprecation + incentivised pooling

* misc updates

* disable interactsh failed test

* disable interactsh.yaml integration test on win & mac
 2024-02-02 02:22:04 +05:30
Tarun Koyalwar
93b66af9fb
mysql: ignore warning log + misc updates (#4702) 2024-01-31 02:32:23 +05:30
Tarun Koyalwar
2153cc6055
fix panic in smb javascript template + handle panics in js (#4700) 
* switch dependency to projectdiscovery/go-smb2 + handle panics

* bump projectdiscovery/go-smb2

* disable interactsh integration test
 2024-01-30 04:15:59 +05:30
Tarun Koyalwar
2c2cc2774a feat: introduce nucleijs utils 2024-01-23 04:11:04 +05:30
5amu
2f926c4f72 implement method to close the ldap connection 2024-01-21 19:50:33 +01:00
5amu
2019dab187 implement utilities for timestamps 2024-01-21 18:14:20 +01:00
5amu
642c99bcff move DecodeSID to utils.go making it a generic function exposed by the module 2024-01-21 17:57:23 +01:00
5amu
c703fffe80 implement method to grab domain SID 2024-01-21 17:31:08 +01:00
5amu
95d028c5f9 move ad filters to adenum.go 2024-01-21 17:12:09 +01:00
5amu
9d23f5f88f implement enumeration methods + rewrite kerberoastable 2024-01-21 17:11:28 +01:00