External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 14:05:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,821 Commits 49 Branches 135 Tags
Commit Graph

5821 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jishudashen
0337b33490 chore: fix inconsistent function name in comment 
Signed-off-by: jishudashen <jishudashen@foxmail.com>
 2025-07-21 14:13:22 +08:00
Dwi Siswanto
9133e0d2d0
feat(code): log unavail engines as an err while validating (#6326) 
* feat(code): log unavail engines as an err while validating

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(chore): i meant highest level

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-19 00:12:50 +05:30
Ice3man
05f69a6b24
feat: log event for template host skipped during scanning (#6324) 
* feat: log event for template host skipped during scanning

* misc changes
 2025-07-19 00:11:25 +05:30
HD Moore
5b89811b90
Support concurrent Nuclei engines in the same process (#6322) 
* support for concurrent nuclei engines

* clarify LfaAllowed race

* remove unused mutex

* update LfaAllowed logic to prevent races until it can be reworked for per-execution ID

* Update pkg/templates/parser.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* debug tests

* debug gh action

* fixig gh template test

* using atomic

* using synclockmap

* restore tests concurrency

* lint

* wiring executionId in js fs

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2025-07-19 00:10:58 +05:30
Mzack9999
3e9bee7400
Merge pull request #6321 from hdm/bug/various-race-conditions 
Address race conditions in http.Request and MemGuardian
 2025-07-15 15:19:02 +02:00
HD Moore
875941ce8d avoid data races using mutex for memguardian 2025-07-15 02:34:47 -05:00
HD Moore
6bf3f14798 avoid data races by using request clones 2025-07-15 02:34:29 -05:00
gopherorg
1079498182
refactor: use maps.Copy for cleaner map handling (#6283) 
Signed-off-by: gopherorg <gopherworld@icloud.com>
 2025-07-12 02:50:47 +05:30
Dwi Siswanto
a13ea39461
build(docker): bump builder image golang:1.23-alpine => golang:1.24-alpine (#6316) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-12 02:16:35 +05:30
HD Moore
f26996cb89
Remove singletons from Nuclei engine (continuation of #6210) (#6296) 
* introducing execution id

* wip

* .

* adding separate execution context id

* lint

* vet

* fixing pg dialers

* test ignore

* fixing loader FD limit

* test

* fd fix

* wip: remove CloseProcesses() from dev merge

* wip: fix merge issue

* protocolstate: stop memguarding on last dialer delete

* avoid data race in dialers.RawHTTPClient

* use shared logger and avoid race conditions

* use shared logger and avoid race conditions

* go mod

* patch executionId into compiled template cache

* clean up comment in Parse

* go mod update

* bump echarts

* address merge issues

* fix use of gologger

* switch cmd/nuclei to options.Logger

* address merge issues with go.mod

* go vet: address copy of lock with new Copy function

* fixing tests

* disable speed control

* fix nil ExecuterOptions

* removing deprecated code

* fixing result print

* default logger

* cli default logger

* filter warning from results

* fix performance test

* hardcoding path

* disable upload

* refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "disable upload"

This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682.

* Revert "hardcoding path"

This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00.

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
 2025-07-10 01:17:26 +05:30
Jose De La O Hernandez
285c5e1442
fixing panic caused by uninitialized colorizer (#6315) 2025-07-09 04:34:05 +05:30
Dwi Siswanto
7e2ec686ae
fix(lib): scans didn't stop on ctx cancellation (#6310) 
* fix(lib): scans didn't stop on ctx cancellation

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Update lib/sdk_test.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix(lib): wait resources to be released b4 return

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-07-09 01:04:16 +07:00
Mzack9999
3991cc6ec1
Merge pull request #6311 from projectdiscovery/dwisiswant0/chore/config/rm-deprecated-codes-and-calls 
chore(config): rm deprecated codes and calls
 2025-07-08 15:45:25 +02:00
dependabot[bot]
b756b2706f
chore(deps): bump the modules group with 3 updates (#6305) 
Bumps the modules group with 3 updates: [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck).


Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.116 to 1.0.117
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.116...v1.0.117)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.35 to 0.2.36
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.35...v0.2.36)

Updates `github.com/projectdiscovery/cdncheck` from 1.1.15 to 1.1.26
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.15...v1.1.26)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.0.117
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.1.26
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-08 17:57:09 +07:00
Dwi Siswanto
bd5864dbb5
chore(config): rm deprecated codes and calls 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-08 17:35:55 +07:00
Mzack9999
13754956ff
Merge pull request #6307 from projectdiscovery/6297-bugfix-tablewriter-memory-leak 
bumping version + memory cleanup
 2025-07-07 20:13:59 +02:00
Mzack9999
87de71dee9 bumping version + memory cleanup 2025-07-07 18:12:50 +02:00
alban-stourbe-wmx
eccd90d53c
fix(headless): Variables are now available into headless template (#6301) 
* fix(headless): variables now available into simple headless template

* chore: erase debug logs
 2025-07-04 21:51:09 +07:00
Mzack9999
d55ab2f827 use bytes slice 2025-07-03 18:05:08 +02:00
Mzack9999
cf8d067fea fixing test 2025-07-03 17:28:55 +02:00
Mzack9999
4baf46f080 fixing path 2025-07-03 17:05:14 +02:00
Mzack9999
8304462420 retain required empty spaces 2025-07-03 16:50:21 +02:00
Mzack9999
1f538bcac6 Merge branch 'dev' into pr/6261 2025-07-03 16:11:54 +02:00
sandeep
4190559e8d Merge remote-tracking branch 'origin' v3.4.7 2025-07-01 21:17:40 +07:00
sandeep
84a76b3d4e version bump 2025-07-01 21:17:21 +07:00
Dwi Siswanto
a18a386d12
build: downgraded github.com/zmap/zgrab2 v0.2.0 => v0.1.8 (#6295) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-01 21:00:13 +07:00
dependabot[bot]
5f2082cf34 chore(deps): bump the go_modules group across 1 directory with 3 updates 
Bumps the go_modules group with 3 updates in the / directory: [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin), [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) and [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt).


Updates `github.com/gin-gonic/gin` from 1.9.0 to 1.9.1
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gin-gonic/gin/compare/v1.9.0...v1.9.1)

Updates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.3.0
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0)

Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.2
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.2)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.9.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.3.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-version: 4.5.2
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-01 13:14:02 +00:00
sandeep
ad7066133c Merge remote-tracking branch 'origin' v3.4.6 2025-07-01 00:48:57 +07:00
sandeep
db916199c2 Bump version to v3.4.6 2025-07-01 00:48:41 +07:00
Dwi Siswanto
87ed0b2bb9
build: bump all direct modules (#6290) 
* chore: fix non-constant fmt string in call

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: bump all direct modules

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(hosterrorscache): update import path

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(charts): break changes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: golangci-lint auto fixes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: satisfy lints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(json): update build constraints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: dont panicking on close err

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-01 00:40:44 +07:00
Tarun Koyalwar
2b729e4037
fix context leak in flow (#6282) 
* fix context leak in flow

* handle sizedwaitpool when not reused
 2025-06-30 16:43:00 +07:00
Cho hyun-sik
7b1a02710e
docs: refine Bug Bounty hunter section in Korean docs (#6287) 2025-06-28 02:08:44 +05:30
Alban Stourbe
937fa1252b fix(main.go): add errcheck 2025-06-26 09:42:14 +02:00
Emmanuel Ferdman
2c3df33a98
chore: update GoReleaser configurations (#6280) 
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
 2025-06-25 04:23:15 +07:00
Dwi Siswanto
3bcbcc6e65
test(nuclei): adds multiproto benchmark test (#6270) 
* test(nuclei): adds multiproto benchmark test

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(nuclei): deferred runner close & rm duped `os.MkdirTemp`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-24 22:33:44 +05:30
Alban Stourbe
99914e1a32 fix code rabbit 2025-06-24 18:45:35 +02:00
Alban Stourbe
1a9a7563c0 feat: send struct from var file 2025-06-24 18:39:29 +02:00
Alban Stourbe
248548e075 feat(ytt): add ytt files var + add vars from cli and config 2025-06-24 18:32:45 +02:00
曹家巧
4ff80784ae
refactor: use the built-in max/min to simplify the code (#6272) 
Signed-off-by: xiaoxiangirl <caojiaqiao@outlook.com>
 2025-06-24 05:49:06 +05:30
Dwi Siswanto
695a7520b9
fix(headless): incorrect last navigated URL (#6278) 
* chore(headless): uses `maps.Copy`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(headless): implements update last navigated URL

for `ActionNavigate`, `WaitPageLifecycleEvent`, and
`WaitStable` based on latest navigation URL.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Update pkg/protocols/headless/engine/page.go

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-24 05:32:18 +05:30
Nakul Bharti
c242b112cc
fixed hex dump issue (#6273) 2025-06-19 20:07:59 +05:30
Dogan Can Bakir
6cc9c2e9e8
Merge pull request #6271 from projectdiscovery/log-improvement 
fixed log level mismatch
 2025-06-18 15:05:41 +03:00
knakul853
aba8c47e10 fixed log level mismatch 2025-06-17 17:02:57 +05:30
sandeep
ba0f995a38 Merge remote-tracking branch 'origin' v3.4.5 2025-06-17 05:12:14 +05:30
sandeep
5af6feb889 version update 2025-06-17 05:12:02 +05:30
Eric Gruber
b95b04fc4d
feat: add EnableMatcherStatus function to configure matcher status in NucleiEngine (#6191) 2025-06-17 05:08:01 +05:30
Dwi Siswanto
61bcf0f10e
feat(headless): store responses (#6247) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-17 05:00:31 +05:30
Dwi Siswanto
a326f3925c
fix(tmplexec): memory blowup in multiproto (#6258) 
* bugfix: fix memory blowup using previousEvent for multi-proto execution

* refactor(tmplexec): uses supported protocol types

Signed-off-by: Dwi Siswanto <git@dw1.io>

* add co-author

Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(tmplexec): mv builder inside loop scope

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(tmplexec): skip existing keys in `FillPreviousEvent`

The `FillPreviousEvent` func was modified to
prevent overwriting/duplicating entries in the
previous map.

It now checks if a key `k` from
`event.InternalEvent` already exists in the
previous map. If it does, the key is skipped. This
ensures that if `k` was already set (potentially
w/o a prefix), it's not re-added with an `ID_`
prefix.

Additionally, keys in `event.InternalEvent` that
already start with the current `ID_` prefix are
also skipped to avoid redundant prefixing.

This change simplifies the logic by removing the
`reqTypeWithIndexRegex` and directly addresses the
potential for duplicate / incorrectly prefixed
keys when `event.InternalEvent` grows during
protocol request execution.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(tmplexec): naming convention, `ID` => `protoID`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(tmplexec): it's request ID lol sorry

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
 2025-06-17 04:53:32 +05:30
Dwi Siswanto
797ceb57db
fix(authx): JSON unmarshalling for Dynamic auth type (#6268) 
* fix(authx): JSON unmarshalling for Dynamic auth type

Correcting the `UnmarshalJSON` method to properly
unmarshal JSON, particularlyaddressing the
population of the embedded `Secret` field. This
was achieved by using a type alias to avoid
recursive calls and rely on default unmarshalling
behavior.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(authx): adds nil Dynamic struct check

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-17 04:48:05 +05:30
Shubham Rasal
f89a6d33e9
Use proxy for dns and ssl templates (#6255) 
* Use proxy for dns and ssl templates

- while using template execute level function we need to override custom dialer

* rename overridedialer to customdialer

* Add proxy into hash

- proxy client is shared between non proxy requests

* add dialer into request object

- use request.dialer instead of global variable

* resolve comments

* rename dialer
 2025-06-16 22:24:52 +05:30