nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 10:45:25 +00:00

Author	SHA1	Message	Date
Dwi Siswanto	87ed0b2bb9	build: bump all direct modules (#6290 ) * chore: fix non-constant fmt string in call Signed-off-by: Dwi Siswanto <git@dw1.io> * build: bump all direct modules Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(hosterrorscache): update import path Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(charts): break changes Signed-off-by: Dwi Siswanto <git@dw1.io> * build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: golangci-lint auto fixes Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: satisfy lints Signed-off-by: Dwi Siswanto <git@dw1.io> * build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): update build constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: dont panicking on close err Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-07-01 00:40:44 +07:00
knakul853	aba8c47e10	fixed log level mismatch	2025-06-17 17:02:57 +05:30
Sandeep Singh	4801cc65ef	feat: fixed max-host-error blocking + progress mismatch + misc (#6193 ) * feat: fixed max-host-error blocking wrong port for template with error * feat: log total results with time taken at end of execution * bugfix: skip non-executed requests with progress in flow protocol * feat: fixed request calculation in http protocol for progress * misc adjustments --------- Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-05-07 17:22:15 +05:30
alingse	e88c59f7ea	fix call errors.Wrap with a nil value error err it should call errors.Wrap(writeErr, ...	2025-03-29 23:15:21 +08:00
Dwi Siswanto	940885a3cc	feat: generate CPU & PGO profiles (#6058 ) * feat: generate CPU profiles also adjust memory (heap) profiles ext to `.mem` Signed-off-by: Dwi Siswanto <git@dw1.io> * docs(DESIGN): add total samples for CPU profiles Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): trimpath in go-build and append LDFLAGS ifneq "darwin" Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: update goreleaser build * replace `go mod tidy` with `go mod download` and `go mod verify` * adjust indentations * add `-trimpath` flag * set `-pgo` flag to "`auto`" * add `ldflags` * quoting 386 GOARCH value Signed-off-by: Dwi Siswanto <git@dw1.io> * ci: add generate PGO workflow Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): set CGO_ENABLED inline in go-build Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(main): streamline profile file creation Signed-off-by: Dwi Siswanto <git@dw1.io> * dummy: add PGO file (DO NOT MERGE) Signed-off-by: Dwi Siswanto <git@dw1.io> * feat: add main test (benchmark) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): add build-test Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "dummy: add PGO file (DO NOT MERGE)" This reverts commit ee877205f729be2f054c7d7d484a9244121acce6. * test(main): set Output to /dev/null Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(output): add option to disable stdout via env var Signed-off-by: Dwi Siswanto <git@dw1.io> * test(main): set `types.Options.Output` to empty Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(generate-pgo): add TODO note Signed-off-by: Dwi Siswanto <git@dw1.io> * ci: add reusable perf regression workflow Signed-off-by: Dwi Siswanto <git@dw1.io> * ci(perf-regression): enabe `DISABLE_STDOUT` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-24 16:52:57 +05:30
Ice3man	dabcce865e	feat: fixed stats not working + misc changes	2025-02-14 00:53:23 +05:30
Ice3man	5f0b7eb19b	feat: added initial live DAST server implementation (#5772 ) * feat: added initial live DAST server implementation * feat: more logging + misc additions * feat: auth file support enhancements for more complex scenarios + misc * feat: added io.Reader support to input providers for http * feat: added stats db to fuzzing + use sdk for dast server + misc * feat: more additions and enhancements * misc changes to live server * misc * use utils pprof server * feat: added simpler stats tracking system * feat: fixed analyzer timeout issue + missing case fix * misc changes fix * feat: changed the logics a bit + misc changes and additions * feat: re-added slope checks + misc * feat: added baseline measurements for time based checks * chore(server): fix typos Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(templates): potential DOM XSS Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(authx): potential NIL deref Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * feat: misc review changes * removed debug logging * feat: remove existing cookies only * feat: lint fixes * misc * misc text update * request endpoint update * feat: added tracking for status code, waf-detection & grouped errors (#6028) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * fix var dump (#5921) * fix var dump * fix dump test * Added filename length restriction for debug mode (-srd flag) (#5931) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> * more updates * Update pkg/output/stats/waf/waf.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: 9flowers <51699499+Lercas@users.noreply.github.com> Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2025-02-13 18:46:28 +05:30
9flowers	ef11565bcb	Added filename length restriction for debug mode (-srd flag) (#5931 ) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru>	2025-02-13 17:20:56 +05:30
Ice3man	a2c8f1e4cd	feat: added tracking for status code, waf-detection & grouped errors (#6028 ) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-02-13 17:13:39 +05:30
Mzack9999	1e87ca82c8	fix missing browser init (#5896 ) * fix missing browser init * . * using lazy init * updating test with new web ui * go mod * sandbox test * non fatal error	2024-12-17 15:38:42 +05:30
Ice3man	b046f7686f	feat: Added time based delay analyzer to fuzzing implementation (#5781 ) * feat: added fuzzing output enhancements * changes as requested * misc * feat: added dfp flag to display fuzz points + misc additions * feat: added support for fuzzing nested path segments * feat: added parts to fuzzing requests * feat: added tracking for parameter occurence frequency in fuzzing * added cli flag for fuzz frequency * fixed broken tests * fixed path based sqli integration test * feat: added configurable fuzzing aggression level for payloads * fixed failing test * feat: added analyzers implementation for fuzzing * feat: misc changes to analyzer * feat: misc additions of units + tests fix * misc changes to implementation	2024-11-19 11:51:32 +05:30
Dwi Siswanto	cc5c5509dc	feat: global matchers (#5701 ) * feat: global matchers Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man543 <ice3man543@users.noreply.github.com> * feat(globalmatchers): make `Callback` as type Signed-off-by: Dwi Siswanto <git@dw1.io> * feat: update `passive` term to `(matchers-)static` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(globalmatchers): add `origin-template-` event also use `Set` method instead of `maps.Clone` Signed-off-by: Dwi Siswanto <git@dw1.io> feat: update `matchers-static` term to `global-matchers` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(globalmatchers): clone event before `operator.Execute` Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(tmplexec): don't store `matched` on `global-matchers` templ This will end up generating 2 events from the same `scan.ScanContext` if one of the templates has `global-matchers` enabled. This way, non- `global-matchers` templates can enter the `writeFailureCallback` func to log failure output. Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(globalmatchers): initializes `requests` on `New` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(globalmatchers): add `hasStorage` method Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(templates): rename global matchers checks method Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(loader): handle nil `templates.Template` pointer Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man543 <ice3man543@users.noreply.github.com>	2024-10-14 19:25:46 +05:30
Ice3man	6a561c6470	feat: clone event in clustering to generate correct failure events (#5653 )	2024-09-24 18:43:35 +05:30
Ramana Reddy	3d2f31a56f	fix missing template_url for pd signed templates when executed from custom path (#5644 )	2024-09-19 18:58:20 +05:30
Tarun Koyalwar	1c76398aea	lint error fixes (#5531 ) * lint error fixes * chore: satisfy non-constant format str in call lint (govet) Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2024-08-16 20:31:23 +05:30
Dogan Can Bakir	e0466e102c	redact output (#5463 ) * redact output * update regex * redact matchet-at	2024-08-16 11:42:38 +05:30
Óscar Marín	baf7e36658	issue 5212 timeout added to trace and error logs using ts switch (#5292 )	2024-06-14 23:54:52 +05:30
mzack	46e2a54bfe	Merge branch 'dev' into feat-4808-planner	2024-05-25 02:45:54 +02:00
Tarun Koyalwar	23bd0336fb	multiple bug fixes + performance improvements (#5148 ) * prototype errkit * complete errkit implementation * add cause to all timeouts * fix request timeout annotation @timeout * increase responseHeaderTimeout to 8 for stability * rawhttp error related improvements * feat: add port status caching * add port status caching to http * migrate to new utils/errkit * remote dialinterface + error cause * debug dir support using .gitignore debug-* * make nuclei easy to debug * debug dir update .gitignore * temp change (to revert) * Revert "temp change (to revert)" This reverts commit d3131f777713b9f80e2275142e80f36340a76d36. * use available context instead of new one * bump fastdialer * fix hosterrorscache + misc improvements * add 'address' field in error log * fix js vague errors + pgwrap driver * fix max host error + misc updates * update tests as per changes * fix request annotation context * remove closed dialer reference * fix sdk panic issue * bump retryablehttp-go,utils,fastdialer --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2024-05-25 00:29:04 +05:30
Mzack9999	9adfc531c7	uniforming sizes with utils	2024-05-15 15:34:59 +02:00
Ice3man	9784ca860a	feat: added fuzzing output enhancements (#5126 ) * feat: added fuzzing output enhancements * changes as requested * misc	2024-05-03 18:46:28 +05:30
Tarun Koyalwar	25e7799c09	req_url_pattern for vuln_hash calculation + unit test (#4964 )	2024-03-30 23:50:31 +05:30
Tarun Koyalwar	e88889b263	add `-dast` flag and multiple bug fixes for dast templates (#4941 ) * add default get method * remove residual payload logic from old implementation * fuzz: clone current state of component * fuzz: bug fix stacking of payloads in multiple mode * improve stdout template loading stats * stdout: force display warnings if no templates are loaded * update flags in README.md * quote non-ascii chars in extractor output * aws request signature can only be used in signed & verified tmpls * deprecate request signature * remove logic related to deprecated fuzzing input * update test to use ordered params * fix interactsh-url lazy eval: #4946 * output: skip unnecessary updates when unescaping * updates as per requested changes	2024-03-29 13:31:30 +05:30
mzack	3f295226ad	Merge branch 'dev' into maint-memory	2024-03-11 15:03:14 +01:00
Ice3man	fd024a3e8d	feat: issue tracker URLs in JSON + misc fixes (#4855 ) * feat: issue tracker URLs in JSON + misc fixes * misc changes * feat: status update support for issues * feat: report metadata generation hook support * feat: added CLI summary of tickets created * misc changes	2024-03-10 22:02:42 +05:30
Tarun Koyalwar	b1b4f0fe76	fix nuclei loading ignored templates (#4849 ) * fix tag include logic * fix unit test * remove quoting in extractor output * remove quote in debug code command	2024-03-09 21:20:54 +05:30
mzack	89858a2ec8	.	2024-03-07 17:11:52 +01:00
mzack	ea3ecbf2d2	adding disk storage + memguardian + other memory optimizations	2024-03-05 01:08:01 +01:00
Tarun Koyalwar	a8cdd21120	code: fix variables merge order (#4623 ) * fix variables merge order * format screen: quote and trim extracted result * code: interpret env vars in debug mode * update integration test	2024-01-12 23:10:00 +05:30
Tarun Koyalwar	6e969cbd3c	add additional json fields: port,ip,scheme,url (#4417 ) * add additional json fields: port,ip,scheme,url * include host field in case of ip input	2023-11-28 14:26:23 +05:30
Dogan Can Bakir	ce5df9cc02	introduce scan context (#4373 ) * introduce scan context * minor * add joined errors to resultevents * change `executor` funcs' signature * fix tests * join errors in `LogError` func * change func signature * add guard	2023-11-28 00:24:45 +05:30
Tarun Koyalwar	87aeb57b0d	feat nuclei result upload (#4343 ) * feat: add pdcp api key support * add '-auth' cli option * fix creds test * results auto upload to pdcp * fix upload on empty file * dashboard env + fix test * purge old cloud cli options * misc updates in runner package * fix headless integration test * misc update * add disable cloud upload env --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-11-18 16:25:37 +05:30
Dogan Can Bakir	7c2db9c394	introduce `template-encoded` field (#4315 ) * introduce `template-encoded` field * remove IsCustomTemplate func * refactor and move encoding to `MakeResultEventItem` func * encode template in case of no results were found * commit to last commit * don't encode templates when`-ms` is used	2023-11-11 04:42:27 +05:30
Tarun Koyalwar	dc44105baf	nuclei v3 : misc updates (#4247 ) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-10-17 17:44:13 +05:30

34 Commits