nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 04:25:31 +00:00

Author	SHA1	Message	Date
Dwi Siswanto	940885a3cc	feat: generate CPU & PGO profiles (#6058 ) * feat: generate CPU profiles also adjust memory (heap) profiles ext to `.mem` Signed-off-by: Dwi Siswanto <git@dw1.io> * docs(DESIGN): add total samples for CPU profiles Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): trimpath in go-build and append LDFLAGS ifneq "darwin" Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: update goreleaser build * replace `go mod tidy` with `go mod download` and `go mod verify` * adjust indentations * add `-trimpath` flag * set `-pgo` flag to "`auto`" * add `ldflags` * quoting 386 GOARCH value Signed-off-by: Dwi Siswanto <git@dw1.io> * ci: add generate PGO workflow Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): set CGO_ENABLED inline in go-build Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(main): streamline profile file creation Signed-off-by: Dwi Siswanto <git@dw1.io> * dummy: add PGO file (DO NOT MERGE) Signed-off-by: Dwi Siswanto <git@dw1.io> * feat: add main test (benchmark) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): add build-test Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "dummy: add PGO file (DO NOT MERGE)" This reverts commit ee877205f729be2f054c7d7d484a9244121acce6. * test(main): set Output to /dev/null Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(output): add option to disable stdout via env var Signed-off-by: Dwi Siswanto <git@dw1.io> * test(main): set `types.Options.Output` to empty Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(generate-pgo): add TODO note Signed-off-by: Dwi Siswanto <git@dw1.io> * ci: add reusable perf regression workflow Signed-off-by: Dwi Siswanto <git@dw1.io> * ci(perf-regression): enabe `DISABLE_STDOUT` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-24 16:52:57 +05:30
Dogan Can Bakir	89c77d1e9e	Guard cloud service (#6053 ) * guard cloud services with credentials * update msg * minor	2025-02-19 16:21:10 +05:30
Ice3man	5f0b7eb19b	feat: added initial live DAST server implementation (#5772 ) * feat: added initial live DAST server implementation * feat: more logging + misc additions * feat: auth file support enhancements for more complex scenarios + misc * feat: added io.Reader support to input providers for http * feat: added stats db to fuzzing + use sdk for dast server + misc * feat: more additions and enhancements * misc changes to live server * misc * use utils pprof server * feat: added simpler stats tracking system * feat: fixed analyzer timeout issue + missing case fix * misc changes fix * feat: changed the logics a bit + misc changes and additions * feat: re-added slope checks + misc * feat: added baseline measurements for time based checks * chore(server): fix typos Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(templates): potential DOM XSS Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(authx): potential NIL deref Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * feat: misc review changes * removed debug logging * feat: remove existing cookies only * feat: lint fixes * misc * misc text update * request endpoint update * feat: added tracking for status code, waf-detection & grouped errors (#6028) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * fix var dump (#5921) * fix var dump * fix dump test * Added filename length restriction for debug mode (-srd flag) (#5931) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> * more updates * Update pkg/output/stats/waf/waf.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: 9flowers <51699499+Lercas@users.noreply.github.com> Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2025-02-13 18:46:28 +05:30
Ice3man	a2c8f1e4cd	feat: added tracking for status code, waf-detection & grouped errors (#6028 ) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-02-13 17:13:39 +05:30
Parth Malhotra	f14e926dea	Added `-ai` option to generate and run nuclei templates on the fly for given prompt (#6041 ) * Add ai flag * Add AI flag 2 * fix stdin * fix stdin 2 * minor * print both url and path * store ai generated templates in `$HOME/nuclei-templates/pdcp` * todo * do not remove all * make it less restrictive * use retryablehttp * fix creds check * return errs * return more detailed err for non-ok status code * add prompt validation * fix integration tests --------- Co-authored-by: Doğan Can Bakır <dogancanbakir@protonmail.com>	2025-02-13 16:32:50 +05:30
Dwi Siswanto	622c5503fa	perf(): replace `encoding/json` w/ `sonic` or `go-json` (fallback) (#6019 ) perf(): replace `encoding/json` w/ sonic Signed-off-by: Dwi Siswanto <git@dw1.io> feat(utils): add `json` pkg (sonic wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(): use `sonic` wrapper instead Signed-off-by: Dwi Siswanto <git@dw1.io> chore(): replace `sonic.ConfigStd` -> `json` (wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> test(model): adjust expected marshal'd JSON Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): dynamic backend; `sonic` -> `go-json` (fallback) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): merge config - as its not usable Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): rm go version constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-11 03:01:37 +05:30
Dwi Siswanto	d2636b9ca2	feat(headless): eval DSL exprs in args (#6017 ) * refactor(headless): mv `input` -> `ctx` field name Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): eval DSL exprs in args Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(headless): rm duplicate imports Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): rm duplicate dumped req vars * refactor(headless): unify `getTimeParameter` retrieval Now, `getTimeParameter` tries to get the parameter as an integer, then as a `time.Duration`, and finally falls back to the default value (multiplied by the unit). Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): adjust default timeout value to 5s Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(headless): use `getTimeParameter` Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(headless): add nolint directive - `replaceWithValues` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): revert parameter automerge & adds `inputURL` field Signed-off-by: Dwi Siswanto <git@dw1.io> * test(headless): add headless-dsl integration test Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-10 20:16:35 +05:30
Sandeep Singh	53748c47d8	Misc sdk changes (#6018 ) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-01-31 18:53:55 +05:30
Tarun Koyalwar	16735f5243	fix template signing singnature issue (#5869 ) * fix incorrect .gitignore * template signer utility tool * use yaml marhsal & unmarshal for normalization * normalize before verification	2024-12-02 14:31:46 +05:30
Dwi Siswanto	3a07fa9c22	feat: add `-enable-global-matchers` flag (#5857 ) * feat: add `-enable-global-matchers` flag Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(templates): use embedded `types.Options` in `Template` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(lib): add `EnableGlobalMatchersTemplates` SDK opt Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2024-11-27 14:37:59 +05:30
Dogan Can Bakir	63687c2ce0	disable self-contained and file protocol templates as default (#5825 ) * disable self-contained and file protocol templates as default * make excluding default * add config funcs * fix wrn display * fix integration tests * enable self-contained templates when code templates are enabled --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-11-19 22:00:28 +05:30
Dwi Siswanto	13af7ccd49	fix: data race at `protocolstate`, `contextargs` & some outdated test cases (#5820 ) * test(flow): update outdated test cases Signed-off-by: Dwi Siswanto <git@dw1.io> * test(multiproto): update outdated test cases Signed-off-by: Dwi Siswanto <git@dw1.io> * feat: fixed failing tests * fixed data race * fixed memgaurdian race conditiong * test(customtemplates): use test repo Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(customtemplates): add more `{Clone,Pull}Options` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(customtemplates): validate `{Clone,Pull}Options` Signed-off-by: Dwi Siswanto <git@dw1.io> * bugfix: fixed failing integration tests for flow and multi * chore: either 1 or 2 results in interactsh --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man <nizamulrana@gmail.com>	2024-11-19 11:08:25 +05:30
Dwi Siswanto	3e4ec90cea	ci: refactor workflows (#5818 ) * ci: refactor workflows Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: structured build outputs Signed-off-by: Dwi Siswanto <git@dw1.io> * feat: use `go-ci` Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): misused var for `vet` cmd Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2024-11-14 19:19:49 +07:00
Tarun Koyalwar	40a08a4db3	Code protocol bug fixes and improvements (#5767 ) * bump gozero + improve debug mode (code protocol) * run failed integration again assuming they are flaky * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-10-25 23:35:03 +05:30
Dwi Siswanto	2c832f5590	refactor(vardump): use `godump` lib (#5676 ) * refactor(vardump): use `godump` lib also increate limit char to `255`. Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(vardump): add global var `Limit` Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(protocols): rm newline Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(types): add `VarDumpLimit` option Signed-off-by: Dwi Siswanto <git@dw1.io> * test(vardump): add test cases Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: tidy up mod Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2024-10-14 19:31:36 +05:30
Dwi Siswanto	d68af67e6e	feat(nuclei): generate trace file when using `profile-mem` (#5690 ) * feat(nuclei): generate trace file when using `profile-mem` Signed-off-by: Dwi Siswanto <git@dw1.io> * docs(DESIGN): dynamically grep mod path Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2024-10-14 14:53:36 +05:30
Keith Chason	3f0de96726	MongoDB Reporting (#5688 ) * Initial setup of Mongo reporting * Fix slice pop logic * Switch to config-file logic * Parse database name from connection string * Switch to url.Parse for connection string parsing * Address return/logging feedback	2024-10-13 21:44:33 +05:30
Levente Kováts	6347efa590	Clone Input when the workflow execution forks (#5621 ) * clone Input when the workflow forks, add integration test * fix line endings	2024-09-19 19:02:03 +05:30
Ramana Reddy	0a536e6ce0	fix matcher-status tests (#5647 )	2024-09-19 18:52:49 +05:30
Ramana Reddy	bd6330f72a	feat: upload existing scan results (#5603 ) * feat: upload existing scan results * fix lint test * misc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-09-12 16:13:49 +05:30
Ice3man	59e69b561d	feat: added linear issue tracker support to nuclei (#5601 ) * feat: added linear issue tracker support to nuclei * misc * feat: fixed unmarshal issues * added linear config --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-09-12 15:34:50 +05:30
linchizhen	88b281ae47	chore: fix some function names in comment (#5586 ) Signed-off-by: linchizhen <jiayanbing@yeah.net>	2024-09-01 14:11:01 +05:30
Dogan Can Bakir	6b71af448a	Fixed issue with `-ms` option to scan non accessible host (#5576 ) * fail if OnResult callback is not called * generate error message from error logs * try..parse.. * fix lint * add error message to last matcher event * fix network protocol error logging * log returned log from ExecuteWithResults * add back specific logging * clean up the msg * minor * init integration test for -ms * add tests for http,network,js,ws protocols * fix lint * fix network test * return err for dns protocol * add integration test for dns protocol	2024-08-28 16:27:43 +05:30
Tarun Koyalwar	1c76398aea	lint error fixes (#5531 ) * lint error fixes * chore: satisfy non-constant format str in call lint (govet) Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2024-08-16 20:31:23 +05:30
Ramana Reddy	2f7eea410d	Add `team-id` option (#5523 ) * add team-id option * fix dashboard url when uploading to team --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-08-16 13:27:26 +05:30
Dogan Can Bakir	e0466e102c	redact output (#5463 ) * redact output * update regex * redact matchet-at	2024-08-16 11:42:38 +05:30
Mzack9999	bc229a46ca	Merge pull request #5331 from projectdiscovery/use_containsall use `stringsutil.ContainsAll`	2024-07-15 13:21:03 +02:00
Dogan Can Bakir	f080d614c3	introduce timeouts config in types.Options (#5228 ) * introduce timeout variants * update instances and add codeexectimeout * fix test * default to 10s * minor * make timeouts pluggable and rename * remove residual code --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-07-15 15:57:15 +05:30
mzack9999	2bd68993e7	fixing loader issue	2024-07-12 19:45:49 +02:00
Mzack9999	52975373ff	Merge branch 'dev' into feat-4808-planner	2024-06-13 17:19:43 +02:00
Ice3man	9f3f7fce06	Fuzzing additions & enhancements (#5139 ) * feat: added fuzzing output enhancements * changes as requested * misc * feat: added dfp flag to display fuzz points + misc additions * feat: added support for fuzzing nested path segments * feat: added parts to fuzzing requests * feat: added tracking for parameter occurence frequency in fuzzing * added cli flag for fuzz frequency * fixed broken tests * fixed path based sqli integration test * feat: added configurable fuzzing aggression level for payloads * fixed failing test	2024-06-11 04:43:46 +05:30
Mzack9999	4fc16e36e1	Merge branch 'dev' into feat-4808-planner	2024-05-23 09:08:53 +02:00
mzack9999	46e4810efb	Fixing nil ptr on error	2024-05-22 14:54:01 +02:00
Mzack9999	f6332583b7	making ssl errors non fatal (#5203 ) * making ssl errors non fatal * adding test	2024-05-21 21:42:01 +05:30
Mzack9999	9adfc531c7	uniforming sizes with utils	2024-05-15 15:34:59 +02:00
sandeep	43cacf12e3	misc description update	2024-05-11 00:55:05 +05:30
Tarun Koyalwar	d6424ea5d0	pdcp result upload: bug fix + (optional) scan name support using `-sname` flag (#5155 ) * add default template severity and error when validating * ignore workflows when validating severity * add scan name support in pdcp result upload * scan upload: fix missing name query param * make profile-loader integration tests generic * add scan-id validation * ignore invalid scan id's	2024-05-11 00:44:14 +05:30
Dogan Can Bakir	907f5a0538	fix `-u` input read (#5147 ) * fix `-u` input read * Fix tests --------- Co-authored-by: Ramana Reddy <ramanaredy.manda@gmail.com>	2024-05-06 16:48:33 +05:30
Raúl Sampedro	673404a80d	Add list template tags command (#4798 ) * add list template tags command * update readme * misc changes to implementation * misc * misc update --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-05-05 00:41:39 +05:30
Ramana Reddy	902eb78d34	Add `profile` option to load template profile (#5125 ) * Add profile option to load template profile * Misc update * Add profile-list option * Misc update * Add tests	2024-05-04 21:53:50 +05:30
Dogan Can Bakir	c8cda14e41	remove default val in CLI and increase `MaxBodyRead` to 10mb (#5100 ) Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-04-25 16:28:37 +05:30
Ice3man	0b82e8b7aa	feat: added support for context cancellation to engine (#5096 ) * feat: added support for context cancellation to engine * misc * feat: added contexts everywhere * misc * misc * use granular http timeouts and increase http timeout to 30s using multiplier * track response header timeout in mhe * update responseHeaderTimeout to 5sec * skip failing windows test --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-04-25 15:37:56 +05:30
Mzack9999	cbe7322019	Exposing embedded api for settings control in CLI modality (#5030 ) * exposing settings api * adding probe concurrency * adding js pool size control * adding json tags	2024-04-24 13:06:04 +05:30
Dogan Can Bakir	8676cb6daf	add response read timeout flag (#4944 ) * add response read timeout flag * fix test * bump utils * fix network tests * fix incorrect unit of response-read-timeout unit --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-04-24 13:05:05 +05:30
Ramana Reddy	bf0cae3a10	Fix panic with fuzz template (#5068 ) * Fix panic with fuzz template * Fix multiple mode in fuzzing * Add test	2024-04-23 13:39:35 +05:30
lvyaoting	84582183dc	chore: fix function names in comment (#5008 ) Signed-off-by: lvyaoting <lvyaoting@outlook.com>	2024-04-16 16:57:51 +05:30
Tarun Koyalwar	ea2e13a4aa	nuclei 'stats' build : scan events + chart utils (#5032 ) * prototype new scan events * scan-event: improvements + conditional build * add scan charts server: make scan-charts * scan-charts: bug fix	2024-04-16 16:57:32 +05:30
Levente Kováts	bec7cb273a	add context vars in code and multi (#5051 ) make the extracted variables available in subsequence templates when executing in a workflow fix projectdiscovery/nuclei#4797	2024-04-16 16:57:07 +05:30
Mzack9999	998a25d744	Merge pull request #5034 from projectdiscovery/feat-4948-dns-srv adding dns srv type	2024-04-15 15:43:44 +01:00
Levente Kováts	0d5e26d7bd	run workflow subtemplates with new ScanContext (#5031 ) fix projectdiscovery/nuclei#4933	2024-04-12 04:20:11 +05:30

1 2 3

108 Commits