External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 14:05:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,821 Commits 49 Branches 135 Tags
Commit Graph

5821 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mkrs2404
9c64a1cb9b
Reporting validation (#6456) 
* add custom validator for reporting issues

* use httpx dev branch

* remove yaml marshal/unmarshal for validator callback
 2025-09-05 19:53:26 +05:30
dependabot[bot]
32dfeacd9d
chore(deps): bump the modules group across 1 directory with 11 updates (#6438) 
* chore(deps): bump the modules group across 1 directory with 11 updates

Bumps the modules group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.6` | `0.4.7` |
| [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) | `0.0.92` | `0.0.93` |
| [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) | `1.0.105` | `1.0.106` |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.120` | `1.0.121` |
| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.5.0` | `0.5.1` |
| [github.com/projectdiscovery/gozero](https://github.com/projectdiscovery/gozero) | `0.0.3` | `0.1.0` |
| [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) | `0.0.81` | `0.0.82` |
| [github.com/projectdiscovery/tlsx](https://github.com/projectdiscovery/tlsx) | `1.1.9` | `1.2.0` |
| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.37` | `0.2.43` |
| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.1.27` | `1.1.33` |



Updates `github.com/projectdiscovery/fastdialer` from 0.4.6 to 0.4.7
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.6...v0.4.7)

Updates `github.com/projectdiscovery/hmap` from 0.0.92 to 0.0.93
- [Release notes](https://github.com/projectdiscovery/hmap/releases)
- [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.92...v0.0.93)

Updates `github.com/projectdiscovery/retryabledns` from 1.0.105 to 1.0.106
- [Release notes](https://github.com/projectdiscovery/retryabledns/releases)
- [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.105...v1.0.106)

Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.120 to 1.0.121
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.120...v1.0.121)

Updates `github.com/projectdiscovery/dsl` from 0.5.0 to 0.5.1
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.5.0...v0.5.1)

Updates `github.com/projectdiscovery/gozero` from 0.0.3 to 0.1.0
- [Release notes](https://github.com/projectdiscovery/gozero/releases)
- [Commits](https://github.com/projectdiscovery/gozero/compare/v0.0.3...v0.1.0)

Updates `github.com/projectdiscovery/networkpolicy` from 0.1.20 to 0.1.21
- [Release notes](https://github.com/projectdiscovery/networkpolicy/releases)
- [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.20...v0.1.21)

Updates `github.com/projectdiscovery/ratelimit` from 0.0.81 to 0.0.82
- [Release notes](https://github.com/projectdiscovery/ratelimit/releases)
- [Commits](https://github.com/projectdiscovery/ratelimit/compare/v0.0.81...v0.0.82)

Updates `github.com/projectdiscovery/tlsx` from 1.1.9 to 1.2.0
- [Release notes](https://github.com/projectdiscovery/tlsx/releases)
- [Changelog](https://github.com/projectdiscovery/tlsx/blob/main/.goreleaser.yml)
- [Commits](https://github.com/projectdiscovery/tlsx/compare/v1.1.9...v1.2.0)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.37 to 0.2.43
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.37...v0.2.43)

Updates `github.com/projectdiscovery/cdncheck` from 1.1.27 to 1.1.33
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.27...v1.1.33)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-version: 0.4.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/hmap
  dependency-version: 0.0.93
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryabledns
  dependency-version: 1.0.106
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.0.121
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/dsl
  dependency-version: 0.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/gozero
  dependency-version: 0.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/networkpolicy
  dependency-version: 0.1.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/ratelimit
  dependency-version: 0.0.82
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/tlsx
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.43
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.1.33
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump

* httpx dev

* mod tidy

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2025-09-01 17:52:46 +07:00
PDTeamX
48c389b063 link update 2025-08-31 03:16:13 +05:30
PDTeamX
36b4f68eec misc hyperlink update 2025-08-31 03:13:14 +05:30
PDTeamX
af7b2f166e issue / discussion template update 2025-08-31 03:10:51 +05:30
Dogan Can Bakir
b25937b310
Merge pull request #6425 from projectdiscovery/bump_httpx_version 
bump httpx version
 2025-08-28 10:04:35 +03:00
Dogan Can Bakir
100d6528f5
Merge branch 'dev' into bump_httpx_version 2025-08-28 08:55:23 +03:00
cui
d76187f99a
Refactor to use reflect.TypeFor (#6428) 2025-08-27 22:31:04 +05:30
Lorenzo Susini
8194fabcf8
test(reporting/exporters/mongo): add mongo integration test with test… (#6237) 
* test(reporting/exporters/mongo): add mongo integration test with testcontainer-go module

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>

* execute exportes only on linux

---------

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2025-08-27 04:25:31 +05:30
dependabot[bot]
5063af46b1 chore(deps): bump github.com/go-viper/mapstructure/v2 
Bumps the go_modules group with 1 update in the / directory: [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure).


Updates `github.com/go-viper/mapstructure/v2` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.4.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-26 07:08:27 +00:00
Doğan Can Bakır
776cb4fcf2
bump httpx version 2025-08-26 10:04:36 +03:00
zy9ard3
1f0aef970c
fix for error.Is false return 2025-08-26 10:48:10 +05:30
zy9ard3
5b7debf349
Update pkg/external/customtemplates/github.go 
Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
 2025-08-26 09:05:31 +05:30
Mzack9999
e83382d4e4 lint 2025-08-25 15:33:21 +02:00
Mzack9999
b61321cd19 Merge branch 'dev' into feat-4842-vnc 2025-08-25 15:22:14 +02:00
Mzack9999
f20f95f67e integration test 2025-08-25 15:13:23 +02:00
Mzack9999
efcef55681 lint 2025-08-25 13:59:01 +02:00
PDTeamX
0f7b33cebf limited test, instead of all 2025-08-25 13:56:03 +05:30
Dwi Siswanto
a1b5a0ed99
fix(fuzz): handles duplicate multipart form field names (#6404) 
* fix: handle duplicate field names in multipart form encoding

* fix(fuzz): handles `[]any` type in `*MultiPartForm.Encode`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(fuzz): adds panic recovery & display encoded out

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(fuzz): incorrectly treated mixed type field

in `*MultiPartForm.Encode`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(fuzz): refactor compare w decoded instead

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(fuzz): prealloc for `[]any` type

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(fuzz): treats nil value as empty string

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(fuzz): rm early error return for non-array file

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(fuzz): adds `TestMultiPartFormFileUpload` test

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: yusei-wy <31252054+yusei-wy@users.noreply.github.com>
 2025-08-25 13:42:51 +05:30
Tarun Koyalwar
19247ae74b
Path-Based Fuzzing SQL fix (#6400) 
* setup claude

* migrate to using errkit

* fix unused imports + lint errors

* update settings.json

* fix url encoding issue

* fix lint error

* fix the path fuzzing component

* fix lint error
 2025-08-25 13:36:58 +05:30
zy9ard3
5be258f948
no changes custom template message should be INF not ERR 2025-08-25 01:15:56 +05:30
Dwi Siswanto
309018fbf4
fix: segfault in template caching logic (#6421) 
* fix: segfault in template caching logic

when templates had no executable requests after
option updates.

the cached templates could end up with 0 requests
and no flow execution path, resulting in a nil
engine pointer that was later derefer w/o
validation.

bug seq:
caching template (w/ valid requests) -> get cached
template -> `*ExecutorOptions.Options` copied and
modified (inconsistent) -> requests updated (with
new options -- some may be invalid, and without
recompile) -> template returned w/o validation ->
`compileProtocolRequests` -> `NewTemplateExecuter`
receive empty requests + empty flow = nil engine
-> `*TemplateExecuter.{Compile,Execute}` invoked
on nil engine = panic.

RCA:
1. `*ExecutorOptions.ApplyNewEngineOptions`
   overwriting many fields.
2. copy op pointless; create a copy of options and
   then immediately replace it with original
   pointer.
3. missing executable requests validation after
   cached templates is reconstructed with updated
   options.

Thus, this affected `--automatic-scan` mode where
tech detection templates often have conditional
requests that may be filtered based on runtime
options.

Fixes #6417

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(templates): recompile workflow with `tplCopy.Options`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(templates): strengthen cache hit guard

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(protocols): skips template-specific fields

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-08-23 20:01:23 +05:30
PDTeamX
5e9ada23b2 Update constants.go 2025-08-23 19:51:23 +05:30
PDTeamX
00f4595f0b version update 2025-08-22 20:27:44 +05:30
Ice3man
30e520754b
feat: fixed output event for skipped hosts (#6415) 
* feat: fixed output event for skipped hosts

* misc
 2025-08-22 20:25:07 +05:30
Mzack9999
6b358b39a3 lint 2025-08-21 23:38:58 +02:00
Mzack9999
b41f4d97d6 gen go+js 2025-08-21 22:04:55 +02:00
Mzack9999
5c15c77777 adding vnc auth 2025-08-21 22:02:47 +02:00
Sandeep Singh
b4644af80a
Lint + test fixes after utils dep update (#6393) 
* fix: remove undefined errorutil.ShowStackTrace

* feat: add make lint support and integrate with test

* refactor: migrate errorutil to errkit across codebase

- Replace deprecated errorutil with modern errkit
- Convert error declarations from var to func for better compatibility
- Fix all SA1019 deprecation warnings
- Maintain error chain support and stack traces

* fix: improve DNS test reliability using Google DNS

- Configure test to use Google DNS (8.8.8.8) for stability
- Fix nil pointer issue in DNS client initialization
- Keep production defaults unchanged

* fixing logic

* removing unwanted branches in makefile

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2025-08-20 05:28:23 +05:30
Dogan Can Bakir
44eeb5a60b
enable templates for template listing and displaying (#6343) 2025-08-17 01:50:22 +05:30
PDTeamX
e1f8a18d38 dep update + removed unused code 2025-08-16 15:51:32 +05:30
Dwi Siswanto
6a6fa4d38f
feat(fuzz): eval variables (#6358) 
* feat(fuzz): eval vars for rule keys & values

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: re-fmt fuzzing/dast errors

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(fuzz): adds `TestEvaluateVariables`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-08-16 14:41:22 +05:30
Dwi Siswanto
9fcacd0f86
ci(tests): migrate to golangci-lint v2 (#6380) 
* chore: satisfy lints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* ci(tests): migrate to golangci-lint v2

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-08-16 13:20:09 +07:00
Dwi Siswanto
70eeb6c210
fix: prevent unnecessary template updates (#6379) 
* test(installer): adds `TestIsOutdatedVersionFix`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix: prevent unnecessary template updates

when version API fails.

* fix `catalog/config.IsOutdatedVersion` logic for
  empty version strings
* add GitHub API fallback when PDTM API is unavail
* only show outdated msg for actual version
  mismatches

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-08-16 04:50:20 +05:30
ysokolovsky
d569cfe864
fix(headless): merge extra headers (#6376) 
* headless: fix extra headers overwrite

* headless: set Accept-Language when no custom headers
 2025-08-16 04:48:34 +05:30
dependabot[bot]
89de8a5a59 chore(deps): bump the go_modules group across 1 directory with 2 updates 
Bumps the go_modules group with 2 updates in the / directory: [github.com/docker/docker](https://github.com/docker/docker) and [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure).


Updates `github.com/docker/docker` from 27.1.1+incompatible to 28.0.0+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.1.1...v28.0.0)

Updates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.3.0
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-version: 28.0.0+incompatible
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.3.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-15 20:52:01 +00:00
Dwi Siswanto
7e95d9a185
build(make): update template-validate cmds (#6385) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-08-15 06:05:51 +05:30
Doğan Can Bakır
6996b4ab75
bump version 2025-08-13 19:22:34 -07:00
Ice3man
8ef3662634
Merge pull request #6364 from projectdiscovery/loading-performance-improvements-v2 
feat: loading templates performance improvements
 2025-08-06 01:58:03 +05:30
Ice3man
1b6ae44bb7 Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into loading-performance-improvements-v2 2025-08-06 01:57:41 +05:30
Ice3man
bba2c3a576
Merge pull request #6368 from projectdiscovery/fix/waf-detector-nil-pointer 
fix: prevent nil pointer panic in WAF detector
 2025-08-06 01:53:14 +05:30
knakul853
b685d637f3 fix: prevent nil pointer panic in WAF detector 
- Add nil checks for detector and regexCache in DetectWAF()
- Add nil check for individual regex entries before MatchString()
- Add comprehensive unit tests for nil pointer scenarios
- Prevents runtime panic when WAF detector encounters nil pointers during regex matching
 2025-08-04 21:12:43 +05:30
Dwi Siswanto
cff86b5c98
fix(events): correct JSON encoder type in ScanStatsWorker (#6366) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-08-02 21:49:48 -07:00
Ice3man
3d7f995ddc use bounded concurrency for templates loading 2025-08-03 03:53:34 +05:30
Ice3man
5ba21e272a feat: loading templates performance improvements 2025-08-02 15:58:18 +05:30
PDTeamX
b0fe565a8b Merge branch 'main' into dev 2025-08-02 02:06:03 -07:00
poning
3ac3146ef9
fix(offlinehttp): Replace "-" in headers with "_" for DSL variables (#6363) 
* Replace "-" in headers with "_" for DSL variables in passive mode

* test(offlinehttp): adjust haystack & needle in `TestHTTPOperatorExtract`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2025-08-02 05:35:03 +07:00
Ice3man
06707ea76f
bugfix: preserve original transport for linear http client (#6357) 2025-07-30 21:38:07 +05:30
Štefan Baebler
91adfeb91c
Bump github.com/bytedance/sonic to v1.14.0 for Go 1.25 compatibility (#6348) 
* Bump github.com/bytedance/sonic to v1.14.0  for Go 1.25 compatibility

Fixes #6335
by using https://github.com/bytedance/sonic/releases/tag/v1.14.0

$ go get github.com/bytedance/sonic@v1.14.0 && go mod tidy
go: upgraded github.com/bytedance/sonic v1.13.3 => v1.14.0
go: upgraded github.com/bytedance/sonic/loader v0.2.4 => v0.3.0

* doc(json): update supported plats

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2025-07-28 19:46:44 +07:00
Dogan Can Bakir
5daf84dd6b
Merge pull request #6338 from jishudashen/dev 
chore: fix inconsistent function name in comment
 2025-07-21 11:02:48 +03:00