nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 18:35:25 +00:00

Author	SHA1	Message	Date
Nakul Bharti	93be3b8291	fix: improve cleanup in parallel execution (#6490 )	2025-09-24 01:12:43 +05:30
Tarun Koyalwar	19247ae74b	Path-Based Fuzzing SQL fix (#6400 ) * setup claude * migrate to using errkit * fix unused imports + lint errors * update settings.json * fix url encoding issue * fix lint error * fix the path fuzzing component * fix lint error	2025-08-25 13:36:58 +05:30
Sandeep Singh	b4644af80a	Lint + test fixes after utils dep update (#6393 ) * fix: remove undefined errorutil.ShowStackTrace * feat: add make lint support and integrate with test * refactor: migrate errorutil to errkit across codebase - Replace deprecated errorutil with modern errkit - Convert error declarations from var to func for better compatibility - Fix all SA1019 deprecation warnings - Maintain error chain support and stack traces * fix: improve DNS test reliability using Google DNS - Configure test to use Google DNS (8.8.8.8) for stability - Fix nil pointer issue in DNS client initialization - Keep production defaults unchanged * fixing logic * removing unwanted branches in makefile --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2025-08-20 05:28:23 +05:30
HD Moore	5b89811b90	Support concurrent Nuclei engines in the same process (#6322 ) * support for concurrent nuclei engines * clarify LfaAllowed race * remove unused mutex * update LfaAllowed logic to prevent races until it can be reworked for per-execution ID * Update pkg/templates/parser.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * debug tests * debug gh action * fixig gh template test * using atomic * using synclockmap * restore tests concurrency * lint * wiring executionId in js fs --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2025-07-19 00:10:58 +05:30
HD Moore	875941ce8d	avoid data races using mutex for memguardian	2025-07-15 02:34:47 -05:00
HD Moore	f26996cb89	Remove singletons from Nuclei engine (continuation of #6210 ) (#6296 ) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>	2025-07-10 01:17:26 +05:30
Douglas Danger Manley	e4a0b8ec60	Do not clobber the "tcp" dialer for MySQL (#5681 ) This introduces a "nucleitcp" protocol that Nuclei will use when making MySQL connections as part of its templates. Previously, this would register (and de-register!) a custom "tcp" dialer, and that applied globally, so any piece of software that used a MySQL database and included nuclei in SDK mode would have its database connections ripped out from under it due to the dialer hijacking. By using "nucleitcp" as the protocol, we are free to do whatever we want with the dialer and not impact any other packages. Within our `BuildDSN` function, we quietly replace the protocol to "nucleitcp" if it was "tcp", so nuclei developers don't have to do anything special to use this functionality; it will always do it.	2025-01-15 00:29:30 +05:30
Shubham Rasal	be1f634eae	Add Alive Proxy into Options (#5903 ) * Move proxy variable from global to options - Provides ability to pass diff proxy in single nuclei instance using sdk * add type check (resolve comments)	2024-12-13 04:23:27 +05:30
Dwi Siswanto	13af7ccd49	fix: data race at `protocolstate`, `contextargs` & some outdated test cases (#5820 ) * test(flow): update outdated test cases Signed-off-by: Dwi Siswanto <git@dw1.io> * test(multiproto): update outdated test cases Signed-off-by: Dwi Siswanto <git@dw1.io> * feat: fixed failing tests * fixed data race * fixed memgaurdian race conditiong * test(customtemplates): use test repo Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(customtemplates): add more `{Clone,Pull}Options` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(customtemplates): validate `{Clone,Pull}Options` Signed-off-by: Dwi Siswanto <git@dw1.io> * bugfix: fixed failing integration tests for flow and multi * chore: either 1 or 2 results in interactsh --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man <nizamulrana@gmail.com>	2024-11-19 11:08:25 +05:30
Danny Shemesh	888a732fbc	Unlock memguard global change mutex only when locked (#5714 )	2024-10-14 14:18:59 +05:30
mzack9999	5e102b782b	fixing race + nil crash	2024-08-21 16:09:47 +02:00
Doğan Can Bakır	d1f4c98cd7	Revert "remove redundant code" This reverts commit 35a0d673ad8e12b11e90e8e0090feb26ea042b46.	2024-08-21 15:03:41 +03:00
Doğan Can Bakır	35a0d673ad	remove redundant code	2024-08-21 11:36:33 +03:00
Dogan Can Bakir	f080d614c3	introduce timeouts config in types.Options (#5228 ) * introduce timeout variants * update instances and add codeexectimeout * fix test * default to 10s * minor * make timeouts pluggable and rename * remove residual code --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-07-15 15:57:15 +05:30
mzack	46e2a54bfe	Merge branch 'dev' into feat-4808-planner	2024-05-25 02:45:54 +02:00
Tarun Koyalwar	23bd0336fb	multiple bug fixes + performance improvements (#5148 ) * prototype errkit * complete errkit implementation * add cause to all timeouts * fix request timeout annotation @timeout * increase responseHeaderTimeout to 8 for stability * rawhttp error related improvements * feat: add port status caching * add port status caching to http * migrate to new utils/errkit * remote dialinterface + error cause * debug dir support using .gitignore debug-* * make nuclei easy to debug * debug dir update .gitignore * temp change (to revert) * Revert "temp change (to revert)" This reverts commit d3131f777713b9f80e2275142e80f36340a76d36. * use available context instead of new one * bump fastdialer * fix hosterrorscache + misc improvements * add 'address' field in error log * fix js vague errors + pgwrap driver * fix max host error + misc updates * update tests as per changes * fix request annotation context * remove closed dialer reference * fix sdk panic issue * bump retryablehttp-go,utils,fastdialer --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2024-05-25 00:29:04 +05:30
Mzack9999	4fc16e36e1	Merge branch 'dev' into feat-4808-planner	2024-05-23 09:08:53 +02:00
Mzack9999	9cc335a34c	first interface ipv4 address (#5186 )	2024-05-20 02:42:21 +05:30
Mzack9999	47ca8fe842	fix non gc-able dialer closes #5165	2024-05-15 21:25:40 +02:00
Tarun Koyalwar	3e54ca54b0	feat: fix utils and add goroutine leak unit tests (#5112 ) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-05-01 00:28:11 +05:30
mzack	38e185c410	simpler logic	2024-04-12 00:32:06 +02:00
mzack	7b71886309	Fixing internal resolver override	2024-04-11 19:10:31 +02:00
Tarun Koyalwar	375d1ddcde	fix missing port in javascript result (#5023 ) * add ip support in js output * js: if dialed ip is missing resolve and get first ip * ssl: fix incorrect port in output	2024-04-09 02:09:44 +05:30
mzack	582bf865d2	lint	2024-03-11 21:06:56 +01:00
mzack	de9f9620d5	removing debug	2024-03-11 19:58:08 +01:00
mzack	29f4ac9160	lint	2024-03-11 19:54:23 +01:00
mzack	e2cf5dda35	split active+passive guards	2024-03-11 19:48:56 +01:00
mzack	6f6c1d3679	small change in calculation	2024-03-07 17:28:24 +01:00
mzack	b445f7fc87	making memguardian optional	2024-03-07 16:16:07 +01:00
mzack	46830d4402	lint	2024-03-05 01:33:11 +01:00
mzack	52beea3bcd	Merge branch 'dev' into maint-memory	2024-03-05 01:26:06 +01:00
mzack	ea3ecbf2d2	adding disk storage + memguardian + other memory optimizations	2024-03-05 01:08:01 +01:00
Mzack9999	4c7a0f424e	Transparent Memoization via func Annotation (#4742 ) * initial implementation with manual code generation * testing generation * refactor to package methods + auto memoize * more memos * fixing signatures * refactor * adding gen util * adding util * regenerate memoized files --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-03-01 18:40:18 +05:30
mzack	099c2bb679	use system resolver first with system-resolvers	2024-02-06 21:49:05 +01:00
Tarun Koyalwar	3b75db46c7	Merge pull request #4647 from 5amu/remove-kerberos-dependency switch dependency for kerberos js module (ropnop/gorkb5 -> jcmturner/gokrb5)	2024-02-06 02:37:57 +05:30
Tarun Koyalwar	71154918b0	fix network policy error	2024-02-06 02:03:33 +05:30
Tarun Koyalwar	93b66af9fb	mysql: ignore warning log + misc updates (#4702 )	2024-01-31 02:32:23 +05:30
Mzack9999	5e48aed29b	Using network policy everywhere (#4578 ) * Using network policy everywhere * fixing bool param * fixing websocket parsing issue * fixing other schemes * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-01-08 05:09:11 +05:30
Mzack9999	342cc56a28	Merge pull request #4575 from projectdiscovery/feat-fastdialer-exclude pass exclude list to layer 4 fast dialer	2024-01-05 12:46:07 +01:00
Tarun Koyalwar	f663d1c9cf	deprecate(remove): file write in extractor using `to` (#4565 ) * fix race-condition & oow in extracted file output * add mutex for file.Write + set finalizer for os.File * fix integration test * disable extractor save to file in lib mode(configurable) * use sync.Once for init * disable out of bound image write in headless * misc updates * fix headless screenshot test * fix extractor save to file integration test * remove 'to' feature in extractors	2024-01-05 03:23:08 +05:30
mzack	80d347d3f1	pass exclude list to layer 4 fast dialer	2024-01-04 21:18:20 +01:00
Jean Rougé	b420672b38	Allow to set dialers' timeout and keep-alive duration (#4441 ) * Allow to set dialers' timeout and keep-alive duration * docs --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>	2023-11-30 01:47:10 +05:30
Tarun Koyalwar	dc44105baf	nuclei v3 : misc updates (#4247 ) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-10-17 17:44:13 +05:30

43 Commits