566 Commits

Author	SHA1	Message	Date
Shubham Rasal	04a6c82730	add setDialer function to TCP protocol (#6101) ... - add ability to override setDialer function for tcp - socks proxy is not used incase of tcp protocol - TCP uses global tcp dialer shared, we need template request level ability to set dialer	2025-03-17 16:44:33 +05:30
sandeep	0d6d50d980	version update	2025-03-07 23:06:42 +05:30
Dogan Can Bakir	a9718d3664	set headers for fuzzing request (#5988) ... Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-03-07 20:54:35 +05:30
Nakul Bharti	1874d5b900	fix: prevent nil pointer dereference on context cancellation (#6085)	2025-03-07 20:34:27 +05:30
Ice3man	d10b7f7382	feat: escape code blocks for markdown formatting (#6089)	2025-03-07 14:45:39 +05:30
Ice3man	d56524933f	feat: fix reporting close functionality + misc (#6066)	2025-03-06 22:49:21 +05:30
Doğan Can Bakır	1e08d29e50	fix unresolved interactsh-url for js templates	2025-03-06 15:52:12 +03:00
huochexizhan	3a3f5e271c	fix: fix incorrect nil return value (#6079) ... Signed-off-by: huochexizhan <huochexizhan@outlook.com>	2025-03-03 16:19:16 +05:30
Nakul Bharti	fa7329f16e	fix: race condition of the lastmatcherevent (#6080)	2025-03-03 16:10:12 +05:30
Dwi Siswanto	940885a3cc	feat: generate CPU & PGO profiles (#6058) ... * feat: generate CPU profiles also adjust memory (heap) profiles ext to `.mem` Signed-off-by: Dwi Siswanto <git@dw1.io> * docs(DESIGN): add total samples for CPU profiles Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): trimpath in go-build and append LDFLAGS ifneq "darwin" Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: update goreleaser build * replace `go mod tidy` with `go mod download` and `go mod verify` * adjust indentations * add `-trimpath` flag * set `-pgo` flag to "`auto`" * add `ldflags` * quoting 386 GOARCH value Signed-off-by: Dwi Siswanto <git@dw1.io> * ci: add generate PGO workflow Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): set CGO_ENABLED inline in go-build Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(main): streamline profile file creation Signed-off-by: Dwi Siswanto <git@dw1.io> * dummy: add PGO file (DO NOT MERGE) Signed-off-by: Dwi Siswanto <git@dw1.io> * feat: add main test (benchmark) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): add build-test Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "dummy: add PGO file (DO NOT MERGE)" This reverts commit ee877205f729be2f054c7d7d484a9244121acce6. * test(main): set Output to /dev/null Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(output): add option to disable stdout via env var Signed-off-by: Dwi Siswanto <git@dw1.io> * test(main): set `types.Options.Output` to empty Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(generate-pgo): add TODO note Signed-off-by: Dwi Siswanto <git@dw1.io> * ci: add reusable perf regression workflow Signed-off-by: Dwi Siswanto <git@dw1.io> * ci(perf-regression): enabe `DISABLE_STDOUT` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-24 16:52:57 +05:30
Dwi Siswanto	047d49f6f3	fix(json): update build constraints for Go version comp (#6064) ... Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-21 12:04:04 +05:30
Dogan Can Bakir	cbd90df51c	fix secrets lookup logic (#6059) ... * fix secrets lookup logic * check len	2025-02-20 06:01:24 +05:30
Ice3man	dabcce865e	feat: fixed stats not working + misc changes	2025-02-14 00:53:23 +05:30
Ice3man	5f0b7eb19b	feat: added initial live DAST server implementation (#5772) ... * feat: added initial live DAST server implementation * feat: more logging + misc additions * feat: auth file support enhancements for more complex scenarios + misc * feat: added io.Reader support to input providers for http * feat: added stats db to fuzzing + use sdk for dast server + misc * feat: more additions and enhancements * misc changes to live server * misc * use utils pprof server * feat: added simpler stats tracking system * feat: fixed analyzer timeout issue + missing case fix * misc changes fix * feat: changed the logics a bit + misc changes and additions * feat: re-added slope checks + misc * feat: added baseline measurements for time based checks * chore(server): fix typos Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(templates): potential DOM XSS Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(authx): potential NIL deref Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * feat: misc review changes * removed debug logging * feat: remove existing cookies only * feat: lint fixes * misc * misc text update * request endpoint update * feat: added tracking for status code, waf-detection & grouped errors (#6028) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * fix var dump (#5921) * fix var dump * fix dump test * Added filename length restriction for debug mode (-srd flag) (#5931) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> * more updates * Update pkg/output/stats/waf/waf.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: 9flowers <51699499+Lercas@users.noreply.github.com> Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2025-02-13 18:46:28 +05:30
sandeep	31fb7c8963	Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into dev	2025-02-13 17:50:34 +05:30
sandeep	027c393736	version update	2025-02-13 17:38:46 +05:30
9flowers	ef11565bcb	Added filename length restriction for debug mode (-srd flag) (#5931) ... Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru>	2025-02-13 17:20:56 +05:30
Dogan Can Bakir	3c825e8045	fix var dump (#5921) ... * fix var dump * fix dump test	2025-02-13 17:20:14 +05:30
Ice3man	a2c8f1e4cd	feat: added tracking for status code, waf-detection & grouped errors (#6028) ... * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-02-13 17:13:39 +05:30
Parth Malhotra	f14e926dea	Added -ai option to generate and run nuclei templates on the fly for given prompt (#6041) ... * Add ai flag * Add AI flag 2 * fix stdin * fix stdin 2 * minor * print both url and path * store ai generated templates in `$HOME/nuclei-templates/pdcp` * todo * do not remove all * make it less restrictive * use retryablehttp * fix creds check * return errs * return more detailed err for non-ok status code * add prompt validation * fix integration tests --------- Co-authored-by: Doğan Can Bakır <dogancanbakir@protonmail.com>	2025-02-13 16:32:50 +05:30
Dwi Siswanto	622c5503fa	perf(*): replace encoding/json w/ sonic or go-json (fallback) (#6019) ... * perf(*): replace `encoding/json` w/ sonic Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(utils): add `json` pkg (sonic wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(*): use `sonic` wrapper instead Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(*): replace `sonic.ConfigStd` -> `json` (wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * test(model): adjust expected marshal'd JSON Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): dynamic backend; `sonic` -> `go-json` (fallback) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): merge config - as its not usable Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): rm go version constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-11 03:01:37 +05:30
Dwi Siswanto	d2636b9ca2	feat(headless): eval DSL exprs in args (#6017) ... * refactor(headless): mv `input` -> `ctx` field name Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): eval DSL exprs in args Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(headless): rm duplicate imports Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): rm duplicate dumped req vars * refactor(headless): unify `getTimeParameter` retrieval Now, `getTimeParameter` tries to get the parameter as an integer, then as a `time.Duration`, and finally falls back to the default value (multiplied by the unit). Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): adjust default timeout value to 5s Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(headless): use `getTimeParameter` Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(headless): add nolint directive - `replaceWithValues` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): revert parameter automerge & adds `inputURL` field Signed-off-by: Dwi Siswanto <git@dw1.io> * test(headless): add headless-dsl integration test Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-10 20:16:35 +05:30
Sandeep Singh	04db1bb21d	feat: added rebuildGenerators for misc rebuilding (#6037) ... Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-02-08 21:05:23 +05:30
kilavvy	82a5d35241	fix: typos in documentation files (#6027) ... * Update generator.go * Update README.md	2025-02-04 13:44:52 +05:30
Sandeep Singh	53748c47d8	Misc sdk changes (#6018) ... * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-01-31 18:53:55 +05:30
Dwi Siswanto	052fd8b79a	feat(hosterrorscache): add Remove and MarkFailedOrRemove methods (#5984) ... * feat(hosterrorscache): add `Remove` and `MarkFailedOrRemove` methods and also deprecating `MarkFailed` Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(*): unwraps `hosterrorscache\.MarkFailed` invocation Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(hosterrorscache): add sync in `Check` and `MarkFailedOrRemove` methods * test(hosterrorscache): add concurrent test for `Check` method * refactor(hosterrorscache): do NOT change `MarkFailed` behavior Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(*): use `MarkFailedOrRemove` explicitly Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-01-31 15:46:57 +05:30
piguagua	5a52e93113	chore: fix some function names in comment (#5986) ... Signed-off-by: piguagua <piguagua@aliyun.com>	2025-01-31 13:31:09 +05:30
Dogan Can Bakir	d77eab6e87	Ensure Headless protocol accesses flow protocol variables (#6003)	2025-01-31 13:29:11 +05:30
Shubham Rasal	540711cf9d	fix missing event for multi protocol (#5995) ... Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-01-31 13:27:56 +05:30
Roy Reznik	dac38732dc	stop using deprecated mholt/archiver (#5951) ... * stop using deprecated mholt/archiver * Fix CR * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2025-01-31 13:27:16 +05:30
Dwi Siswanto	265051fdf3	feat(templates): rm string conversion (#6016) ... Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-01-31 01:22:25 +05:30
Dwi Siswanto	58ae87cb05	test(dns): update input, requires, and enable recursion (#6014) ... * test(dns): update input, requires, and enable recursion Signed-off-by: Dwi Siswanto <git@dw1.io> * Update go.mod --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-01-30 14:44:29 +05:30
Dwi Siswanto	d699c278cd	fix(installer): handle removal of deleted templates during update (#5998) ... * fix(installer): handle removal of deleted templates during update Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(installer): no log for non-existent deleted templates err Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(installer): purge empty dirs after removing deleted templates Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "feat(installer): purge empty dirs after removing deleted templates" This reverts commit 8175e2a291b7bbfdae8c8ab55ba54703c1958e99. * fix(installer): use semicolons as delimiters Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(installer): add mods count in `*templateUpdateResults.String` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-01-27 15:22:11 +05:30
Douglas Danger Manley	e4a0b8ec60	Do not clobber the "tcp" dialer for MySQL (#5681) ... This introduces a "nucleitcp" protocol that Nuclei will use when making MySQL connections as part of its templates. Previously, this would register (and de-register!) a custom "tcp" dialer, and that applied globally, so any piece of software that used a MySQL database and included nuclei in SDK mode would have its database connections ripped out from under it due to the dialer hijacking. By using "nucleitcp" as the protocol, we are free to do whatever we want with the dialer and not impact any other packages. Within our `BuildDSN` function, we quietly replace the protocol to "nucleitcp" if it was "tcp", so nuclei developers don't have to do anything special to use this functionality; it will always do it.	2025-01-15 00:29:30 +05:30
Dwi Siswanto	2450ecb503	fix(multiproto): missing previous InternalEvents output when ExecuteWithResults (#5967) ... Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-01-14 15:30:17 +05:30
Ice3man	2ac02f43b0	feat: added improvements to sdk for offlinehttp (#5982)	2025-01-14 01:21:27 +05:30
Doğan Can Bakır	8902d130e1	update version	2025-01-07 15:47:33 +03:00
chuu	74a00e1bdb	fix: previous InternalEvent is nil (#5949)	2025-01-02 13:52:54 +08:00
Dogan Can Bakir	525d2caf66	fix unresolved interactsh-url for raw http templates (#5938)	2024-12-24 20:27:13 +05:30
Pierre	ba253dcd56	fix: URL parsing with lists & -scan-all-ips (#5897) ... Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-12-21 03:32:33 +05:30
Dogan Can Bakir	358249bdb4	fix recursive struct validation during JSON marshaling (#5883)	2024-12-19 20:36:21 +05:30
Dwi Siswanto	f21a82aac3	fix(httpclientpool): rebuild malformed Location URL (#5902) ... Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Doğan Can Bakır <dogancanbakir@protonmail.com>	2024-12-19 20:31:41 +05:30
Sandeep Singh	156b22687b	utils version update (#5917) ... * utils update * use test tempdir * skip custom tm tests on macos --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-12-17 18:26:15 +05:30
Mzack9999	1e87ca82c8	fix missing browser init (#5896) ... * fix missing browser init * . * using lazy init * updating test with new web ui * go mod * sandbox test * non fatal error	2024-12-17 15:38:42 +05:30
Dogan Can Bakir	53ff9c54ea	make markdown filename shorter (#5899)	2024-12-13 04:25:27 +05:30
Shubham Rasal	be1f634eae	Add Alive Proxy into Options (#5903) ... * Move proxy variable from global to options - Provides ability to pass diff proxy in single nuclei instance using sdk * add type check (resolve comments)	2024-12-13 04:23:27 +05:30
lvyaoting	a6b5b1dd49	chore: fix some function name in comment ... Signed-off-by: lvyaoting <lvyaoting@outlook.com>	2024-12-05 19:34:33 +08:00
Dogan Can Bakir	b649829bc3	update version (#5877)	2024-12-02 14:50:41 +05:30
Tarun Koyalwar	16735f5243	fix template signing singnature issue (#5869) ... * fix incorrect .gitignore * template signer utility tool * use yaml marhsal & unmarshal for normalization * normalize before verification	2024-12-02 14:31:46 +05:30
Richard Brown	557b4fba38	removed trailing comma from the jsonl exporter (#5861) ... * removed trailing comma from the jsonl exporter * adding the O_TRUNC flag when opening the file to explicitly indicate that the file should be truncated if it exists.	2024-12-01 18:45:22 +05:30