nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 20:05:27 +00:00

Author	SHA1	Message	Date
Sandeep Singh	b4644af80a	Lint + test fixes after utils dep update (#6393 ) * fix: remove undefined errorutil.ShowStackTrace * feat: add make lint support and integrate with test * refactor: migrate errorutil to errkit across codebase - Replace deprecated errorutil with modern errkit - Convert error declarations from var to func for better compatibility - Fix all SA1019 deprecation warnings - Maintain error chain support and stack traces * fix: improve DNS test reliability using Google DNS - Configure test to use Google DNS (8.8.8.8) for stability - Fix nil pointer issue in DNS client initialization - Keep production defaults unchanged * fixing logic * removing unwanted branches in makefile --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2025-08-20 05:28:23 +05:30
Dogan Can Bakir	44eeb5a60b	enable templates for template listing and displaying (#6343 )	2025-08-17 01:50:22 +05:30
Ice3man	1b6ae44bb7	Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into loading-performance-improvements-v2	2025-08-06 01:57:41 +05:30
Ice3man	5ba21e272a	feat: loading templates performance improvements	2025-08-02 15:58:18 +05:30
HD Moore	f26996cb89	Remove singletons from Nuclei engine (continuation of #6210 ) (#6296 ) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>	2025-07-10 01:17:26 +05:30
Dwi Siswanto	87ed0b2bb9	build: bump all direct modules (#6290 ) * chore: fix non-constant fmt string in call Signed-off-by: Dwi Siswanto <git@dw1.io> * build: bump all direct modules Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(hosterrorscache): update import path Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(charts): break changes Signed-off-by: Dwi Siswanto <git@dw1.io> * build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: golangci-lint auto fixes Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: satisfy lints Signed-off-by: Dwi Siswanto <git@dw1.io> * build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): update build constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: dont panicking on close err Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-07-01 00:40:44 +07:00
Sandeep Singh	4801cc65ef	feat: fixed max-host-error blocking + progress mismatch + misc (#6193 ) * feat: fixed max-host-error blocking wrong port for template with error * feat: log total results with time taken at end of execution * bugfix: skip non-executed requests with progress in flow protocol * feat: fixed request calculation in http protocol for progress * misc adjustments --------- Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-05-07 17:22:15 +05:30
Dogan Can Bakir	c4c1496ef8	print verbose output in case of -duc (#6195 ) * print verbose output in case of -duc * minor	2025-04-28 17:04:33 +05:30
Dwi Siswanto	1133c8bbf4	feat(runner): respect alive proxy to probe with httpx Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-04-02 17:30:24 +07:00
alban.stourbe stourbe	328013667b	feat(validateMissingS3Options): condition optimisation	2025-03-25 14:40:25 +01:00
alban.stourbe stourbe	e35c6049bb	Add loadConfig S3 based on AWS_PROFILE ~/.aws/credentials	2025-03-24 17:17:14 +01:00
Ice3man	dabcce865e	feat: fixed stats not working + misc changes	2025-02-14 00:53:23 +05:30
Ice3man	5f0b7eb19b	feat: added initial live DAST server implementation (#5772 ) * feat: added initial live DAST server implementation * feat: more logging + misc additions * feat: auth file support enhancements for more complex scenarios + misc * feat: added io.Reader support to input providers for http * feat: added stats db to fuzzing + use sdk for dast server + misc * feat: more additions and enhancements * misc changes to live server * misc * use utils pprof server * feat: added simpler stats tracking system * feat: fixed analyzer timeout issue + missing case fix * misc changes fix * feat: changed the logics a bit + misc changes and additions * feat: re-added slope checks + misc * feat: added baseline measurements for time based checks * chore(server): fix typos Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(templates): potential DOM XSS Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(authx): potential NIL deref Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * feat: misc review changes * removed debug logging * feat: remove existing cookies only * feat: lint fixes * misc * misc text update * request endpoint update * feat: added tracking for status code, waf-detection & grouped errors (#6028) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * fix var dump (#5921) * fix var dump * fix dump test * Added filename length restriction for debug mode (-srd flag) (#5931) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> * more updates * Update pkg/output/stats/waf/waf.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: 9flowers <51699499+Lercas@users.noreply.github.com> Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2025-02-13 18:46:28 +05:30
Ice3man	a2c8f1e4cd	feat: added tracking for status code, waf-detection & grouped errors (#6028 ) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-02-13 17:13:39 +05:30
Dwi Siswanto	622c5503fa	perf(): replace `encoding/json` w/ `sonic` or `go-json` (fallback) (#6019 ) perf(): replace `encoding/json` w/ sonic Signed-off-by: Dwi Siswanto <git@dw1.io> feat(utils): add `json` pkg (sonic wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(): use `sonic` wrapper instead Signed-off-by: Dwi Siswanto <git@dw1.io> chore(): replace `sonic.ConfigStd` -> `json` (wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> test(model): adjust expected marshal'd JSON Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): dynamic backend; `sonic` -> `go-json` (fallback) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): merge config - as its not usable Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): rm go version constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-11 03:01:37 +05:30
Shubham Rasal	be1f634eae	Add Alive Proxy into Options (#5903 ) * Move proxy variable from global to options - Provides ability to pass diff proxy in single nuclei instance using sdk * add type check (resolve comments)	2024-12-13 04:23:27 +05:30
alban-stourbe-wmx	2b4b058886	handle env variables in dynamic secret file (#5835 ) * handle env variables in dynamic secret file * inject more variables from -v and -env-vars * use expand with env * fix missing replacer --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-11-21 16:34:13 +05:30
Dogan Can Bakir	63687c2ce0	disable self-contained and file protocol templates as default (#5825 ) * disable self-contained and file protocol templates as default * make excluding default * add config funcs * fix wrn display * fix integration tests * enable self-contained templates when code templates are enabled --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-11-19 22:00:28 +05:30
Keith Chason	ba6a050d48	Batch JSONL output and add trailing commas (#5705 )	2024-11-15 15:45:44 +05:30
Dogan Can Bakir	97403c203e	Fix panic error due to file already closed in stats mode (#5774 )	2024-10-28 15:56:21 +05:30
Dwi Siswanto	2c832f5590	refactor(vardump): use `godump` lib (#5676 ) * refactor(vardump): use `godump` lib also increate limit char to `255`. Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(vardump): add global var `Limit` Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(protocols): rm newline Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(types): add `VarDumpLimit` option Signed-off-by: Dwi Siswanto <git@dw1.io> * test(vardump): add test cases Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: tidy up mod Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2024-10-14 19:31:36 +05:30
Dwi Siswanto	cc5c5509dc	feat: global matchers (#5701 ) * feat: global matchers Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man543 <ice3man543@users.noreply.github.com> * feat(globalmatchers): make `Callback` as type Signed-off-by: Dwi Siswanto <git@dw1.io> * feat: update `passive` term to `(matchers-)static` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(globalmatchers): add `origin-template-` event also use `Set` method instead of `maps.Clone` Signed-off-by: Dwi Siswanto <git@dw1.io> feat: update `matchers-static` term to `global-matchers` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(globalmatchers): clone event before `operator.Execute` Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(tmplexec): don't store `matched` on `global-matchers` templ This will end up generating 2 events from the same `scan.ScanContext` if one of the templates has `global-matchers` enabled. This way, non- `global-matchers` templates can enter the `writeFailureCallback` func to log failure output. Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(globalmatchers): initializes `requests` on `New` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(globalmatchers): add `hasStorage` method Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(templates): rename global matchers checks method Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(loader): handle nil `templates.Template` pointer Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man543 <ice3man543@users.noreply.github.com>	2024-10-14 19:25:46 +05:30
Dwi Siswanto	9983d7415c	refactor(runner): adjust `max-host-error` if gt `concurrency` (#5633 ) * refactor(common): use `ParseRequestURI` instead when `NormalizeCacheValue` also it exports the method Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(runner): adjust `max-host-error` if gt `concurrency` Signed-off-by: Dwi Siswanto <git@dw1.io> * fix lint * chore(runner): expose adjusted `max-host-error` value Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Doğan Can Bakır <dogancanbakir@protonmail.com>	2024-09-23 15:57:30 +05:30
Ramana Reddy	3eee9678d0	fix loading dynamic auth templates on fuzzing (#5646 )	2024-09-20 23:04:42 +05:30
Ramana Reddy	bd6330f72a	feat: upload existing scan results (#5603 ) * feat: upload existing scan results * fix lint test * misc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-09-12 16:13:49 +05:30
Ramana Reddy	2f7eea410d	Add `team-id` option (#5523 ) * add team-id option * fix dashboard url when uploading to team --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-08-16 13:27:26 +05:30
Dogan Can Bakir	2655c29458	remove redundant code (#5479 )	2024-08-01 19:24:27 +05:30
shubo	c5a3949473	fix: Missing close statements file.Close() & ticker.Stop()	2024-07-23 09:28:15 +08:00
Tarun Koyalwar	8b3379aa4c	add team-id env input support (#5295 )	2024-06-16 03:18:01 +05:30
Mzack9999	52975373ff	Merge branch 'dev' into feat-4808-planner	2024-06-13 17:19:43 +02:00
Mzack9999	ac0107c242	revert	2024-06-11 14:58:58 +02:00
Mzack9999	9f1414e3e8	.	2024-06-11 13:38:28 +02:00
Ice3man	9f3f7fce06	Fuzzing additions & enhancements (#5139 ) * feat: added fuzzing output enhancements * changes as requested * misc * feat: added dfp flag to display fuzz points + misc additions * feat: added support for fuzzing nested path segments * feat: added parts to fuzzing requests * feat: added tracking for parameter occurence frequency in fuzzing * added cli flag for fuzz frequency * fixed broken tests * fixed path based sqli integration test * feat: added configurable fuzzing aggression level for payloads * fixed failing test	2024-06-11 04:43:46 +05:30
mzack	46e2a54bfe	Merge branch 'dev' into feat-4808-planner	2024-05-25 02:45:54 +02:00
Tarun Koyalwar	23bd0336fb	multiple bug fixes + performance improvements (#5148 ) * prototype errkit * complete errkit implementation * add cause to all timeouts * fix request timeout annotation @timeout * increase responseHeaderTimeout to 8 for stability * rawhttp error related improvements * feat: add port status caching * add port status caching to http * migrate to new utils/errkit * remote dialinterface + error cause * debug dir support using .gitignore debug-* * make nuclei easy to debug * debug dir update .gitignore * temp change (to revert) * Revert "temp change (to revert)" This reverts commit d3131f777713b9f80e2275142e80f36340a76d36. * use available context instead of new one * bump fastdialer * fix hosterrorscache + misc improvements * add 'address' field in error log * fix js vague errors + pgwrap driver * fix max host error + misc updates * update tests as per changes * fix request annotation context * remove closed dialer reference * fix sdk panic issue * bump retryablehttp-go,utils,fastdialer --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2024-05-25 00:29:04 +05:30
Mzack9999	9adfc531c7	uniforming sizes with utils	2024-05-15 15:34:59 +02:00
Tarun Koyalwar	d6424ea5d0	pdcp result upload: bug fix + (optional) scan name support using `-sname` flag (#5155 ) * add default template severity and error when validating * ignore workflows when validating severity * add scan name support in pdcp result upload * scan upload: fix missing name query param * make profile-loader integration tests generic * add scan-id validation * ignore invalid scan id's	2024-05-11 00:44:14 +05:30
Raúl Sampedro	673404a80d	Add list template tags command (#4798 ) * add list template tags command * update readme * misc changes to implementation * misc * misc update --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-05-05 00:41:39 +05:30
Ramana Reddy	902eb78d34	Add `profile` option to load template profile (#5125 ) * Add profile option to load template profile * Misc update * Add profile-list option * Misc update * Add tests	2024-05-04 21:53:50 +05:30
Tarun Koyalwar	3e54ca54b0	feat: fix utils and add goroutine leak unit tests (#5112 ) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-05-01 00:28:11 +05:30
Ice3man	0b82e8b7aa	feat: added support for context cancellation to engine (#5096 ) * feat: added support for context cancellation to engine * misc * feat: added contexts everywhere * misc * misc * use granular http timeouts and increase http timeout to 30s using multiplier * track response header timeout in mhe * update responseHeaderTimeout to 5sec * skip failing windows test --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-04-25 15:37:56 +05:30
Mzack9999	cbe7322019	Exposing embedded api for settings control in CLI modality (#5030 ) * exposing settings api * adding probe concurrency * adding js pool size control * adding json tags	2024-04-24 13:06:04 +05:30
Dogan Can Bakir	465894df15	disable thread count warning upon validate (#5078 )	2024-04-23 16:04:52 +05:30
Tarun Koyalwar	ea2e13a4aa	nuclei 'stats' build : scan events + chart utils (#5032 ) * prototype new scan events * scan-event: improvements + conditional build * add scan charts server: make scan-charts * scan-charts: bug fix	2024-04-16 16:57:32 +05:30
mzack	f4394b8e11	Adding networkpolicy to httpx probes	2024-04-11 19:34:03 +02:00
mzack	6eeb98c71b	removing printf	2024-04-09 18:34:04 +02:00
mzack	70eb494a01	warning	2024-04-09 18:32:40 +02:00
mzack	582a85d9c0	mimic follow behavior	2024-04-09 18:31:22 +02:00
mzack	7e363984b2	Merge branch 'dev' into feat-3072-init-adaptive-speed	2024-04-09 15:19:51 +02:00
hanghuge	7b2a708edd	chore: fix function name in comment Signed-off-by: hanghuge <cmoman@outlook.com>	2024-04-07 00:03:24 +08:00

1 2 3 4

182 Commits