External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 10:55:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,709 Commits 49 Branches 135 Tags
Commit Graph

566 Commits

Author SHA1 Message Date
Dwi Siswanto
e0b2542868
feat: conditionally panic-recover (#5553) 
* feat: conditionally panic-recover

As discussed with @Mzack9999, we should avoid
overusing panic-recover. We need to review the RCA
first to determine whether this is an exceptional
situation or if it's a higher-level function meant
to recover from a panic. This approach will help
us establish a robust error-handling strategy.

The implementation of panic-recover should be
conditional and NOT applied when running in a CI
environment AND IS temporary. Once we've caught
all errors and made the necessary corrections, we
can remove the deferred recover function.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(deps): bump `go-ci` to v1.0.2

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(make): add `-race` to `GOFLAGS` in `test`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-08-28 17:57:45 +05:30
Dogan Can Bakir
6b71af448a
Fixed issue with -ms option to scan non accessible host (#5576) 
* fail if OnResult callback is not called

* generate error message from error logs

* try..parse..

* fix lint

* add error message to last matcher event

* fix network protocol error logging

* log returned log from ExecuteWithResults

* add back specific logging

* clean up the msg

* minor

* init integration test for -ms

* add tests for http,network,js,ws protocols

* fix lint

* fix network test

* return err for dns protocol

* add integration test for dns protocol
 2024-08-28 16:27:43 +05:30
Dwi Siswanto
aac1af1308
refactor(fuzz): use mapsutil.Map type (#5558) 
* refactor(fuzz): use `mapsutil.Map` type

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(headless): handle empty `key` in `*Value.SetParsedValue`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(fuzz): add type assertion checks

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-08-28 12:41:02 +05:30
Mzack9999
8e1072e2b0
Merge pull request #5551 from AdallomRoy/dev 
Upgrade gitlab
 2024-08-21 17:06:55 +02:00
mzack9999
bfdc507c6c lint 2024-08-21 16:34:53 +02:00
mzack9999
5e102b782b fixing race + nil crash 2024-08-21 16:09:47 +02:00
Doğan Can Bakır
d1f4c98cd7 Revert "remove redundant code" 
This reverts commit 35a0d673ad8e12b11e90e8e0090feb26ea042b46.
 2024-08-21 15:03:41 +03:00
Roy Reznik
87c8cd8e01 Upgrade gitlab 2024-08-21 11:44:01 +01:00
Doğan Can Bakır
35a0d673ad remove redundant code 2024-08-21 11:36:33 +03:00
Doğan Can Bakır
46782ff90c use sync.Once 2024-08-21 11:26:17 +03:00
Doğan Can Bakır
7af08e2b04 Merge branch 'dev' into fix_race_condition 2024-08-19 23:06:53 +03:00
Doğan Can Bakır
3064788d35 fix race condition 2024-08-19 23:02:27 +03:00
Mzack9999
0da993afe6
Merge commit from fork 
* fix template signature verification

* fix signature pattern check

* add tests

* remove signature count constraint, check for lines len

* Add more tests

* Centralize signature extraction logic in signer package

* Move signature handling in Sign function to beginning

* Remove comment

* Revert `NewTemplateSigVerifier`

* update tests

* use ExtractSignatureAndContent func

* Allow signing code templates

* Remove unused const

---------

Co-authored-by: Doğan Can Bakır <dogancanbakir@protonmail.com>
Co-authored-by: Guy Goldenberg <guy.goldenberg@wiz.io>
 2024-08-19 18:02:54 +05:30
Ice3man
80b3cc0627
feat: jira accept issue-type and project ids (#5537) 
* feat: jira accept issue-type and project ids

* remove validation for project name

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2024-08-19 06:20:12 +05:30
sandeep
f2f250738c version update 2024-08-16 20:44:39 +05:30
Tarun Koyalwar
1c76398aea
lint error fixes (#5531) 
* lint error fixes

* chore: satisfy non-constant format str in call lint (govet)

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2024-08-16 20:31:23 +05:30
Tryfon Papatriantafyllou
0675aa48a3
Circular References in OpenAPI 3.0 fixed (#5491) 
* Circular References in OpenAPI 3.0 fixed

* Fixing Swagger_test
 2024-08-16 18:34:47 +05:30
Ramana Reddy
f29b94521e
fix unresolved variables in dast templates (#5443) 
* fix unresolved variables in dast templates

* dedupe interactsh urls

* misc update
 2024-08-16 18:19:44 +05:30
ghost
d20ec34f63 Auto Generate Syntax Docs + JSONSchema [Fri Aug 16 12:41:50 UTC 2024] 🤖 2024-08-16 12:41:50 +00:00
Dwi Siswanto
1af29f97a9
feat(http): add skip-secret-file field (#5522) 
* feat(http): add `BypassSecretFile` field

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(http): conditionally apply auth strategies

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(http): rename `BypassSecretFile` field to `SkipSecretFile`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-08-16 18:10:48 +05:30
Tryfon Papatriantafyllou
c6e5bdd857
Fixing the server URL path for OpenAPI scanning (#5504) 
* fix_openAPI_serverURL_path

* Issue #5503
 2024-08-16 17:37:02 +05:30
Ramana Reddy
2f7eea410d
Add team-id option (#5523) 
* add team-id option

* fix dashboard url when uploading to team

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-08-16 13:27:26 +05:30
Ramana Reddy
2609d2d135
feat: add support for multiple auth strategies per target from secrets file (#5500) 2024-08-16 11:59:15 +05:30
Dogan Can Bakir
e0466e102c
redact output (#5463) 
* redact output

* update regex

* redact matchet-at
 2024-08-16 11:42:38 +05:30
Peter Kasza
350fa4c10c
fix: FileAuthProvider stores the same strategy for each entry (#5474) 2024-08-05 15:23:21 +05:30
Tarun Koyalwar
2df1b2e88e
file proto missing vars in flow & multi-protocol (#5480) 
* fix missing template context in file proto

* fix file protocol missing vars

* fix test

* skip example advanced test
 2024-08-04 18:14:08 +05:30
Mohammed Diaa
ff23949bb0
Apply input transformation to multi-protocol templates (#5426) 
* Apply input transformation to multi-protocol template execution

* Remove ad hoc input transoformation from DNS protocol

* Add SSL protocol input transformer

* Remove ad hoc input transoformation from SSL protocol

* Remove unused function extractDomain from the DNS protocol engine

* transform in flow as well

* bug fix + update test

* bug fix multi proto
:

* bug fix multi proto input

* bug fixes in input transform

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-08-01 20:43:47 +05:30
Tarun Koyalwar
38e130201e
fix possible nil panic (#5473) 2024-07-31 17:34:56 +05:30
Tarun Koyalwar
2418319df4
js: generate matcher-status event (#5450) 
* js: generate matcher-status event

* isPortOpen: use fastdialer instance

* update sdk unit test

* add docs :)
 2024-07-27 02:46:34 +05:30
Dwi Siswanto
6d325a4ebe
feat(http): assign customHeaders to the map directly (#5445) 
also add skip expr if header key is "Host"

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-07-26 22:24:35 +07:00
Ramana Reddy
33dbb51505
fix unresolved interactsh-url variable with fuzzing (#5289) 
* fix unresolved interactsh variable with fuzzing

* fix variables override with fuzzing
 2024-07-26 00:01:05 +05:30
jarnpher_rice
f930e9a58f
chore(deps): change github.com/denisenkom/go-mssqldb to github.com/microsoft/go-mssqldb (#5419) 2024-07-25 02:59:35 +05:30
shubo
c5a3949473 fix: Missing close statements file.Close() & ticker.Stop() 2024-07-23 09:28:15 +08:00
fudancoder
9f08fe21d8
chore: fix some comments (#5432) 
Signed-off-by: fudancoder <fudancoder@icloud.com>
 2024-07-22 14:29:35 +05:30
sandeep
efc01c90c5 version update 2024-07-15 21:58:53 +05:30
Tarun Koyalwar
6cbd73f780
feat: improve ldap output with custom type: (#5387) 
* feat: improve ldap output with custom type:

* js bindings update

* lint fix
 2024-07-15 18:42:22 +05:30
boyhack
deb0dd2a5f
fix(engine): Resolve issue with ExecuteWithResults function not returning expected results (#5376) 
fix(engine): Resolve issue with ExecuteWithResults function not returning expected results

When attempting to use the `ExecuteWithResults` function, users were finding that the function was not returning the expected results. This fix addresses the root cause of this problem.
 2024-07-15 17:02:14 +05:30
Ramana Reddy
3e1cd27943
Fix stop-at-first-match in headless mode fuzzing (#5330) 2024-07-15 16:57:12 +05:30
Mzack9999
bc229a46ca
Merge pull request #5331 from projectdiscovery/use_containsall 
use `stringsutil.ContainsAll`
 2024-07-15 13:21:03 +02:00
GitHub Action
49d8579662 Auto Generate Syntax Docs + JSONSchema [Mon Jul 15 10:28:25 UTC 2024] 🤖 2024-07-15 10:28:25 +00:00
Dogan Can Bakir
f080d614c3
introduce timeouts config in types.Options (#5228) 
* introduce timeout variants

* update instances and add codeexectimeout

* fix test

* default to 10s

* minor

* make timeouts pluggable and rename

* remove residual code

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-07-15 15:57:15 +05:30
mzack9999
8f22eb596e Merge branch 'dev' into use_containsall 2024-07-15 11:00:08 +02:00
Ramana Reddy
d4e81fd9e6
register goja func to check udp port (#5397) 
* register goja func to check port with network param

* register goja func to check udp port
 2024-07-15 12:58:30 +05:30
mzack9999
d7997e47ec trim space 2024-07-14 23:47:05 +02:00
mzack9999
cdb39d851b trim space 2024-07-14 23:46:16 +02:00
mzack9999
860507bbe9 fixing tests 2024-07-14 23:19:42 +02:00
mzack9999
2bd68993e7 fixing loader issue 2024-07-12 19:45:49 +02:00
mzack9999
3c2af0e47c fixing many data races 2024-07-12 17:23:44 +02:00
mzack
ead444b88b Merge branch 'dev' into use_containsall 2024-07-12 13:05:14 +02:00
Tarun Koyalwar
c9a9bd3bfc
include cname in http output if available (#5389) 2024-07-10 20:43:22 +05:30