nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 02:15:28 +00:00

Author	SHA1	Message	Date
Ice3man	53b167064a	feat: loading templates performance improvements	2025-08-02 15:56:04 +05:30
poning	078284936c	fix(offlinehttp): Replace "-" in headers with "_" for DSL variables (#6363 ) * Replace "-" in headers with "_" for DSL variables in passive mode * test(offlinehttp): adjust haystack & needle in `TestHTTPOperatorExtract` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2025-08-02 15:56:04 +05:30
Štefan Baebler	434f6d32fc	Bump github.com/bytedance/sonic to v1.14.0 for Go 1.25 compatibility (#6348 ) * Bump github.com/bytedance/sonic to v1.14.0 for Go 1.25 compatibility Fixes #6335 by using https://github.com/bytedance/sonic/releases/tag/v1.14.0 $ go get github.com/bytedance/sonic@v1.14.0 && go mod tidy go: upgraded github.com/bytedance/sonic v1.13.3 => v1.14.0 go: upgraded github.com/bytedance/sonic/loader v0.2.4 => v0.3.0 * doc(json): update supported plats Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2025-08-02 15:56:04 +05:30
jishudashen	0c510253d2	chore: fix inconsistent function name in comment Signed-off-by: jishudashen <jishudashen@foxmail.com>	2025-08-02 15:56:04 +05:30
Dwi Siswanto	dfcc38adb7	feat(code): log unavail engines as an err while validating (#6326 ) * feat(code): log unavail engines as an err while validating Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(chore): i meant highest level Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-08-02 15:56:04 +05:30
HD Moore	3feb011459	Support concurrent Nuclei engines in the same process (#6322 ) * support for concurrent nuclei engines * clarify LfaAllowed race * remove unused mutex * update LfaAllowed logic to prevent races until it can be reworked for per-execution ID * Update pkg/templates/parser.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * debug tests * debug gh action * fixig gh template test * using atomic * using synclockmap * restore tests concurrency * lint * wiring executionId in js fs --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2025-08-02 15:56:04 +05:30
HD Moore	3951816686	avoid data races using mutex for memguardian	2025-08-02 15:56:04 +05:30
HD Moore	84b84b6ade	avoid data races by using request clones	2025-08-02 15:56:04 +05:30
gopherorg	9e040516f2	refactor: use maps.Copy for cleaner map handling (#6283 ) Signed-off-by: gopherorg <gopherworld@icloud.com>	2025-08-02 15:56:04 +05:30
HD Moore	0c7bade615	Remove singletons from Nuclei engine (continuation of #6210 ) (#6296 ) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>	2025-08-02 15:56:04 +05:30
Dwi Siswanto	58d874f291	chore(config): rm deprecated codes and calls Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-08-02 15:56:04 +05:30
Mzack9999	5094c0cf17	bumping version + memory cleanup	2025-08-02 15:56:04 +05:30
alban-stourbe-wmx	aaf09431ff	fix(headless): Variables are now available into headless template (#6301 ) * fix(headless): variables now available into simple headless template * chore: erase debug logs	2025-08-02 15:56:04 +05:30
Ice3man	06707ea76f	bugfix: preserve original transport for linear http client (#6357 )	2025-07-30 21:38:07 +05:30
Ice3man	05f69a6b24	feat: log event for template host skipped during scanning (#6324 ) * feat: log event for template host skipped during scanning * misc changes	2025-07-19 00:11:25 +05:30
sandeep	84a76b3d4e	version bump	2025-07-01 21:17:21 +07:00
sandeep	db916199c2	Bump version to v3.4.6	2025-07-01 00:48:41 +07:00
Dwi Siswanto	87ed0b2bb9	build: bump all direct modules (#6290 ) * chore: fix non-constant fmt string in call Signed-off-by: Dwi Siswanto <git@dw1.io> * build: bump all direct modules Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(hosterrorscache): update import path Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(charts): break changes Signed-off-by: Dwi Siswanto <git@dw1.io> * build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: golangci-lint auto fixes Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: satisfy lints Signed-off-by: Dwi Siswanto <git@dw1.io> * build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): update build constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: dont panicking on close err Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-07-01 00:40:44 +07:00
Tarun Koyalwar	2b729e4037	fix context leak in flow (#6282 ) * fix context leak in flow * handle sizedwaitpool when not reused	2025-06-30 16:43:00 +07:00
曹家巧	4ff80784ae	refactor: use the built-in max/min to simplify the code (#6272 ) Signed-off-by: xiaoxiangirl <caojiaqiao@outlook.com>	2025-06-24 05:49:06 +05:30
Dwi Siswanto	695a7520b9	fix(headless): incorrect last navigated URL (#6278 ) * chore(headless): uses `maps.Copy` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): implements update last navigated URL for `ActionNavigate`, `WaitPageLifecycleEvent`, and `WaitStable` based on latest navigation URL. Signed-off-by: Dwi Siswanto <git@dw1.io> * Update pkg/protocols/headless/engine/page.go --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-06-24 05:32:18 +05:30
Nakul Bharti	c242b112cc	fixed hex dump issue (#6273 )	2025-06-19 20:07:59 +05:30
knakul853	aba8c47e10	fixed log level mismatch	2025-06-17 17:02:57 +05:30
sandeep	5af6feb889	version update	2025-06-17 05:12:02 +05:30
Dwi Siswanto	61bcf0f10e	feat(headless): store responses (#6247 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-06-17 05:00:31 +05:30
Dwi Siswanto	a326f3925c	fix(tmplexec): memory blowup in multiproto (#6258 ) * bugfix: fix memory blowup using previousEvent for multi-proto execution * refactor(tmplexec): uses supported protocol types Signed-off-by: Dwi Siswanto <git@dw1.io> * add co-author Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com> Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(tmplexec): mv builder inside loop scope Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(tmplexec): skip existing keys in `FillPreviousEvent` The `FillPreviousEvent` func was modified to prevent overwriting/duplicating entries in the previous map. It now checks if a key `k` from `event.InternalEvent` already exists in the previous map. If it does, the key is skipped. This ensures that if `k` was already set (potentially w/o a prefix), it's not re-added with an `ID_` prefix. Additionally, keys in `event.InternalEvent` that already start with the current `ID_` prefix are also skipped to avoid redundant prefixing. This change simplifies the logic by removing the `reqTypeWithIndexRegex` and directly addresses the potential for duplicate / incorrectly prefixed keys when `event.InternalEvent` grows during protocol request execution. Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(tmplexec): naming convention, `ID` => `protoID` Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(tmplexec): it's request ID lol sorry Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>	2025-06-17 04:53:32 +05:30
Dwi Siswanto	797ceb57db	fix(authx): JSON unmarshalling for Dynamic auth type (#6268 ) * fix(authx): JSON unmarshalling for Dynamic auth type Correcting the `UnmarshalJSON` method to properly unmarshal JSON, particularlyaddressing the population of the embedded `Secret` field. This was achieved by using a type alias to avoid recursive calls and rely on default unmarshalling behavior. Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(authx): adds nil Dynamic struct check Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-06-17 04:48:05 +05:30
Shubham Rasal	f89a6d33e9	Use proxy for dns and ssl templates (#6255 ) * Use proxy for dns and ssl templates - while using template execute level function we need to override custom dialer * rename overridedialer to customdialer * Add proxy into hash - proxy client is shared between non proxy requests * add dialer into request object - use request.dialer instead of global variable * resolve comments * rename dialer	2025-06-16 22:24:52 +05:30
sandeep	fc6d5a7773	improved logging	2025-06-16 20:06:17 +05:30
tongjicoder	3be29abfc9	refactor: use slices.Contains to simplify code Signed-off-by: tongjicoder <tongjicoder@icloud.com>	2025-05-27 17:16:26 +08:00
Dogan Can Bakir	160eab998c	Merge pull request #6222 from fourcube/fix/slow-headless-start-and-shutdown fix: improve headless engine startup and shutdown	2025-05-19 16:42:38 +03:00
Dwi Siswanto	3957237199	fix(openapi): handles nil schema & schema values (#6228 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-05-17 00:46:41 +05:30
Doğan Can Bakır	2c1cd27e2c	update version	2025-05-15 19:42:20 +07:00
circleous	b03c30418b	fix: fallback set SNI to host if not specified when using socks proxy (#6218 )	2025-05-15 16:46:49 +05:30
Chris Grieger	bc551fc3f1	fix: improve headless engine startup and shutdown Fixes #6221 Instead of enumerating all chrome processes to determine which ones need to be killed on shutdown, use the launcher.Kill() method to terminate the process that was launched for this browser instance.	2025-05-14 16:14:21 +02:00
sandeep	6d25a5c8ca	version update	2025-05-08 19:02:47 +05:30
Sandeep Singh	4801cc65ef	feat: fixed max-host-error blocking + progress mismatch + misc (#6193 ) * feat: fixed max-host-error blocking wrong port for template with error * feat: log total results with time taken at end of execution * bugfix: skip non-executed requests with progress in flow protocol * feat: fixed request calculation in http protocol for progress * misc adjustments --------- Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-05-07 17:22:15 +05:30
Mzack9999	b9d0f2585f	Merge pull request #6200 from projectdiscovery/msssql-exec-query-support feat: added support to mssql for execute query	2025-05-01 23:19:03 +02:00
Mzack9999	088425d351	adding mssql check	2025-05-01 22:44:29 +02:00
pussycat0x	cbf57ef889	Update ldap.go (#6202 )	2025-04-30 14:10:44 +05:30
Ice3man	b14e634047	feat: added support to mssql for execute query	2025-04-28 18:56:35 +05:30
Dogan Can Bakir	ffb0a92216	Merge pull request #6088 from projectdiscovery/fix_interactsh_for_js fix unresolved `interactsh-url` for js templates	2025-04-17 11:03:32 +03:00
Florian Pfitzer	c0b5c29d3b	fix: default offlinehttp extractor without part to body like requests	2025-04-14 09:13:11 +02:00
Ice3man	b47ce6c372	feat: added bearer support to jira reporting for self hosted + misc	2025-04-03 16:52:57 +05:30
Doğan Can Bakır	59bc570a93	update version	2025-03-30 19:40:39 +05:30
alingse	e88c59f7ea	fix call errors.Wrap with a nil value error err it should call errors.Wrap(writeErr, ...	2025-03-29 23:15:21 +08:00
Doğan Can Bakır	3307ce5ae8	update version	2025-03-28 13:20:29 +05:30
Doğan Can Bakır	6f6d4ae79f	update version	2025-03-26 15:46:48 +05:30
threehonor	d1b1c23e4e	chore: fix some function names in comment Signed-off-by: threehonor <pengqi@email.cn>	2025-03-26 11:03:43 +08:00
alban.stourbe stourbe	e35c6049bb	Add loadConfig S3 based on AWS_PROFILE ~/.aws/credentials	2025-03-24 17:17:14 +01:00

1 2 3 4 5 ...

566 Commits