External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 19:55:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,731 Commits 49 Branches 135 Tags
Commit Graph

17 Commits

Author SHA1 Message Date
Dwi Siswanto
cff86b5c98
fix(events): correct JSON encoder type in ScanStatsWorker (#6366) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-08-02 21:49:48 -07:00
HD Moore
f26996cb89
Remove singletons from Nuclei engine (continuation of #6210) (#6296) 
* introducing execution id

* wip

* .

* adding separate execution context id

* lint

* vet

* fixing pg dialers

* test ignore

* fixing loader FD limit

* test

* fd fix

* wip: remove CloseProcesses() from dev merge

* wip: fix merge issue

* protocolstate: stop memguarding on last dialer delete

* avoid data race in dialers.RawHTTPClient

* use shared logger and avoid race conditions

* use shared logger and avoid race conditions

* go mod

* patch executionId into compiled template cache

* clean up comment in Parse

* go mod update

* bump echarts

* address merge issues

* fix use of gologger

* switch cmd/nuclei to options.Logger

* address merge issues with go.mod

* go vet: address copy of lock with new Copy function

* fixing tests

* disable speed control

* fix nil ExecuterOptions

* removing deprecated code

* fixing result print

* default logger

* cli default logger

* filter warning from results

* fix performance test

* hardcoding path

* disable upload

* refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "disable upload"

This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682.

* Revert "hardcoding path"

This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00.

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
 2025-07-10 01:17:26 +05:30
Dwi Siswanto
87ed0b2bb9
build: bump all direct modules (#6290) 
* chore: fix non-constant fmt string in call

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: bump all direct modules

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(hosterrorscache): update import path

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(charts): break changes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: golangci-lint auto fixes

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: satisfy lints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(json): update build constraints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: dont panicking on close err

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-07-01 00:40:44 +07:00
Ice3man
5f0b7eb19b
feat: added initial live DAST server implementation (#5772) 
* feat: added initial live DAST server implementation

* feat: more logging + misc additions

* feat: auth file support enhancements for more complex scenarios + misc

* feat: added io.Reader support to input providers for http

* feat: added stats db to fuzzing + use sdk for dast server + misc

* feat: more additions and enhancements

* misc changes to live server

* misc

* use utils pprof server

* feat: added simpler stats tracking system

* feat: fixed analyzer timeout issue + missing case fix

* misc changes fix

* feat: changed the logics a bit + misc changes and additions

* feat: re-added slope checks + misc

* feat: added baseline measurements for time based checks

* chore(server): fix typos

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix(templates): potential DOM XSS

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix(authx): potential NIL deref

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* feat: misc review changes

* removed debug logging

* feat: remove existing cookies only

* feat: lint fixes

* misc

* misc text update

* request endpoint update

* feat: added tracking for status code, waf-detection & grouped errors (#6028)

* feat: added tracking for status code, waf-detection & grouped errors

* lint error fixes

* feat: review changes + moving to package + misc

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>

* fix var dump (#5921)

* fix var dump

* fix dump test

* Added filename length restriction for debug mode (-srd flag) (#5931)

Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru>

* more updates

* Update pkg/output/stats/waf/waf.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: 9flowers <51699499+Lercas@users.noreply.github.com>
Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2025-02-13 18:46:28 +05:30
Dwi Siswanto
622c5503fa
perf(*): replace encoding/json w/ sonic or go-json (fallback) (#6019) 
* perf(*): replace `encoding/json` w/ sonic

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(utils): add `json` pkg (sonic wrapper)

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(*): use `sonic` wrapper instead

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(*): replace `sonic.ConfigStd` -> `json` (wrapper)

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(model): adjust expected marshal'd JSON

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(json): dynamic backend; `sonic` -> `go-json` (fallback)

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(json): merge config - as its not usable

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(json): rm go version constraints

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore: go mod tidy

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-02-11 03:01:37 +05:30
Dogan Can Bakir
97403c203e
Fix panic error due to file already closed in stats mode (#5774) 2024-10-28 15:56:21 +05:30
Tarun Koyalwar
87e99be4f6
scan error formatting (#5628) 2024-09-14 00:06:08 +05:30
Dogan Can Bakir
6b71af448a
Fixed issue with -ms option to scan non accessible host (#5576) 
* fail if OnResult callback is not called

* generate error message from error logs

* try..parse..

* fix lint

* add error message to last matcher event

* fix network protocol error logging

* log returned log from ExecuteWithResults

* add back specific logging

* clean up the msg

* minor

* init integration test for -ms

* add tests for http,network,js,ws protocols

* fix lint

* fix network test

* return err for dns protocol

* add integration test for dns protocol
 2024-08-28 16:27:43 +05:30
shubo
c5a3949473 fix: Missing close statements file.Close() & ticker.Stop() 2024-07-23 09:28:15 +08:00
mzack9999
3c2af0e47c fixing many data races 2024-07-12 17:23:44 +02:00
Ice3man
0b82e8b7aa
feat: added support for context cancellation to engine (#5096) 
* feat: added support for context cancellation to engine

* misc

* feat: added contexts everywhere

* misc

* misc

* use granular http timeouts and increase http timeout to 30s using multiplier

* track response header timeout in mhe

* update responseHeaderTimeout to 5sec

* skip failing windows test

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-04-25 15:37:56 +05:30
Tarun Koyalwar
515f7c12bb
fix go install failing (#5083) 
* Fix panic with fuzz template

* Fix multiple mode in fuzzing

* Add test

* remove fork: use official go-echarts

* bump lint action to v4

---------

Co-authored-by: Ramana Reddy <ramanaredy.manda@gmail.com>
 2024-04-24 13:05:40 +05:30
Tarun Koyalwar
ea2e13a4aa
nuclei 'stats' build : scan events + chart utils (#5032) 
* prototype new scan events

* scan-event: improvements + conditional build

* add scan charts server: make scan-charts

* scan-charts: bug fix
 2024-04-16 16:57:32 +05:30
mzack
ea3ecbf2d2 adding disk storage + memguardian + other memory optimizations 2024-03-05 01:08:01 +01:00
mzack
4d29bff759 using disk storage for large kv 2024-03-01 02:11:18 +01:00
Tarun Koyalwar
02a9b86dd7
fix missing results in flow template + feature: internal matchers using internal: true (#4582) 
* log warnings + use scanContext in flow

* refactor flow to use scanContext + log all events

* feat: internal matcher

* fix integration test

* bug fix extractor: merge dynamic values, fix missing extractors in file

* flow: fix 'No Results Found' if last statement output is false

* fix unit test
 2024-01-08 05:12:11 +05:30
Dogan Can Bakir
ce5df9cc02
introduce scan context (#4373) 
* introduce scan context

* minor

* add joined errors to resultevents

* change `executor` funcs' signature

* fix tests

* join errors in `LogError` func

* change func signature

* add guard
 2023-11-28 00:24:45 +05:30