nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-24 21:35:25 +00:00

Author	SHA1	Message	Date
Mzack9999	752bd3bc67	Merge branch 'dev' into feat-5239-no-singleton	2025-05-07 21:24:05 +02:00
Mzack9999	f27b2518a9	adding separate execution context id	2025-05-07 21:18:48 +02:00
Sandeep Singh	4801cc65ef	feat: fixed max-host-error blocking + progress mismatch + misc (#6193 ) * feat: fixed max-host-error blocking wrong port for template with error * feat: log total results with time taken at end of execution * bugfix: skip non-executed requests with progress in flow protocol * feat: fixed request calculation in http protocol for progress * misc adjustments --------- Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-05-07 17:22:15 +05:30
Mzack9999	5d175314fe	.	2025-05-06 10:48:56 +02:00
Mzack9999	e44e3a4c82	wip	2025-05-06 10:13:46 +02:00
Mzack9999	a87b310e11	introducing execution id	2025-05-05 22:15:44 +02:00
Mzack9999	b9d0f2585f	Merge pull request #6200 from projectdiscovery/msssql-exec-query-support feat: added support to mssql for execute query	2025-05-01 23:19:03 +02:00
Mzack9999	088425d351	adding mssql check	2025-05-01 22:44:29 +02:00
pussycat0x	cbf57ef889	Update ldap.go (#6202 )	2025-04-30 14:10:44 +05:30
Ice3man	b14e634047	feat: added support to mssql for execute query	2025-04-28 18:56:35 +05:30
Dogan Can Bakir	ffb0a92216	Merge pull request #6088 from projectdiscovery/fix_interactsh_for_js fix unresolved `interactsh-url` for js templates	2025-04-17 11:03:32 +03:00
Florian Pfitzer	c0b5c29d3b	fix: default offlinehttp extractor without part to body like requests	2025-04-14 09:13:11 +02:00
Ice3man	b47ce6c372	feat: added bearer support to jira reporting for self hosted + misc	2025-04-03 16:52:57 +05:30
Doğan Can Bakır	59bc570a93	update version	2025-03-30 19:40:39 +05:30
alingse	e88c59f7ea	fix call errors.Wrap with a nil value error err it should call errors.Wrap(writeErr, ...	2025-03-29 23:15:21 +08:00
Doğan Can Bakır	3307ce5ae8	update version	2025-03-28 13:20:29 +05:30
Doğan Can Bakır	6f6d4ae79f	update version	2025-03-26 15:46:48 +05:30
threehonor	d1b1c23e4e	chore: fix some function names in comment Signed-off-by: threehonor <pengqi@email.cn>	2025-03-26 11:03:43 +08:00
alban.stourbe stourbe	e35c6049bb	Add loadConfig S3 based on AWS_PROFILE ~/.aws/credentials	2025-03-24 17:17:14 +01:00
Shubham Rasal	04a6c82730	add setDialer function to TCP protocol (#6101 ) - add ability to override setDialer function for tcp - socks proxy is not used incase of tcp protocol - TCP uses global tcp dialer shared, we need template request level ability to set dialer	2025-03-17 16:44:33 +05:30
sandeep	0d6d50d980	version update	2025-03-07 23:06:42 +05:30
Dogan Can Bakir	a9718d3664	set headers for fuzzing request (#5988 ) Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-03-07 20:54:35 +05:30
Nakul Bharti	1874d5b900	fix: prevent nil pointer dereference on context cancellation (#6085 )	2025-03-07 20:34:27 +05:30
Ice3man	d10b7f7382	feat: escape code blocks for markdown formatting (#6089 )	2025-03-07 14:45:39 +05:30
Ice3man	d56524933f	feat: fix reporting close functionality + misc (#6066 )	2025-03-06 22:49:21 +05:30
Doğan Can Bakır	1e08d29e50	fix unresolved `interactsh-url` for js templates	2025-03-06 15:52:12 +03:00
huochexizhan	3a3f5e271c	fix: fix incorrect nil return value (#6079 ) Signed-off-by: huochexizhan <huochexizhan@outlook.com>	2025-03-03 16:19:16 +05:30
Nakul Bharti	fa7329f16e	fix: race condition of the lastmatcherevent (#6080 )	2025-03-03 16:10:12 +05:30
Dwi Siswanto	940885a3cc	feat: generate CPU & PGO profiles (#6058 ) * feat: generate CPU profiles also adjust memory (heap) profiles ext to `.mem` Signed-off-by: Dwi Siswanto <git@dw1.io> * docs(DESIGN): add total samples for CPU profiles Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): trimpath in go-build and append LDFLAGS ifneq "darwin" Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: update goreleaser build * replace `go mod tidy` with `go mod download` and `go mod verify` * adjust indentations * add `-trimpath` flag * set `-pgo` flag to "`auto`" * add `ldflags` * quoting 386 GOARCH value Signed-off-by: Dwi Siswanto <git@dw1.io> * ci: add generate PGO workflow Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): set CGO_ENABLED inline in go-build Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(main): streamline profile file creation Signed-off-by: Dwi Siswanto <git@dw1.io> * dummy: add PGO file (DO NOT MERGE) Signed-off-by: Dwi Siswanto <git@dw1.io> * feat: add main test (benchmark) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): add build-test Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "dummy: add PGO file (DO NOT MERGE)" This reverts commit ee877205f729be2f054c7d7d484a9244121acce6. * test(main): set Output to /dev/null Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(output): add option to disable stdout via env var Signed-off-by: Dwi Siswanto <git@dw1.io> * test(main): set `types.Options.Output` to empty Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(generate-pgo): add TODO note Signed-off-by: Dwi Siswanto <git@dw1.io> * ci: add reusable perf regression workflow Signed-off-by: Dwi Siswanto <git@dw1.io> * ci(perf-regression): enabe `DISABLE_STDOUT` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-24 16:52:57 +05:30
Dwi Siswanto	047d49f6f3	fix(json): update build constraints for Go version comp (#6064 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-21 12:04:04 +05:30
Dogan Can Bakir	cbd90df51c	fix secrets lookup logic (#6059 ) * fix secrets lookup logic * check len	2025-02-20 06:01:24 +05:30
Ice3man	dabcce865e	feat: fixed stats not working + misc changes	2025-02-14 00:53:23 +05:30
Ice3man	5f0b7eb19b	feat: added initial live DAST server implementation (#5772 ) * feat: added initial live DAST server implementation * feat: more logging + misc additions * feat: auth file support enhancements for more complex scenarios + misc * feat: added io.Reader support to input providers for http * feat: added stats db to fuzzing + use sdk for dast server + misc * feat: more additions and enhancements * misc changes to live server * misc * use utils pprof server * feat: added simpler stats tracking system * feat: fixed analyzer timeout issue + missing case fix * misc changes fix * feat: changed the logics a bit + misc changes and additions * feat: re-added slope checks + misc * feat: added baseline measurements for time based checks * chore(server): fix typos Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(templates): potential DOM XSS Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(authx): potential NIL deref Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * feat: misc review changes * removed debug logging * feat: remove existing cookies only * feat: lint fixes * misc * misc text update * request endpoint update * feat: added tracking for status code, waf-detection & grouped errors (#6028) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * fix var dump (#5921) * fix var dump * fix dump test * Added filename length restriction for debug mode (-srd flag) (#5931) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> * more updates * Update pkg/output/stats/waf/waf.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: 9flowers <51699499+Lercas@users.noreply.github.com> Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2025-02-13 18:46:28 +05:30
sandeep	31fb7c8963	Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into dev	2025-02-13 17:50:34 +05:30
sandeep	027c393736	version update	2025-02-13 17:38:46 +05:30
9flowers	ef11565bcb	Added filename length restriction for debug mode (-srd flag) (#5931 ) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru>	2025-02-13 17:20:56 +05:30
Dogan Can Bakir	3c825e8045	fix var dump (#5921 ) * fix var dump * fix dump test	2025-02-13 17:20:14 +05:30
Ice3man	a2c8f1e4cd	feat: added tracking for status code, waf-detection & grouped errors (#6028 ) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-02-13 17:13:39 +05:30
Parth Malhotra	f14e926dea	Added `-ai` option to generate and run nuclei templates on the fly for given prompt (#6041 ) * Add ai flag * Add AI flag 2 * fix stdin * fix stdin 2 * minor * print both url and path * store ai generated templates in `$HOME/nuclei-templates/pdcp` * todo * do not remove all * make it less restrictive * use retryablehttp * fix creds check * return errs * return more detailed err for non-ok status code * add prompt validation * fix integration tests --------- Co-authored-by: Doğan Can Bakır <dogancanbakir@protonmail.com>	2025-02-13 16:32:50 +05:30
Dwi Siswanto	622c5503fa	perf(): replace `encoding/json` w/ `sonic` or `go-json` (fallback) (#6019 ) perf(): replace `encoding/json` w/ sonic Signed-off-by: Dwi Siswanto <git@dw1.io> feat(utils): add `json` pkg (sonic wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(): use `sonic` wrapper instead Signed-off-by: Dwi Siswanto <git@dw1.io> chore(): replace `sonic.ConfigStd` -> `json` (wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> test(model): adjust expected marshal'd JSON Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): dynamic backend; `sonic` -> `go-json` (fallback) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): merge config - as its not usable Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): rm go version constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-11 03:01:37 +05:30
Dwi Siswanto	d2636b9ca2	feat(headless): eval DSL exprs in args (#6017 ) * refactor(headless): mv `input` -> `ctx` field name Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): eval DSL exprs in args Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(headless): rm duplicate imports Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): rm duplicate dumped req vars * refactor(headless): unify `getTimeParameter` retrieval Now, `getTimeParameter` tries to get the parameter as an integer, then as a `time.Duration`, and finally falls back to the default value (multiplied by the unit). Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): adjust default timeout value to 5s Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(headless): use `getTimeParameter` Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(headless): add nolint directive - `replaceWithValues` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): revert parameter automerge & adds `inputURL` field Signed-off-by: Dwi Siswanto <git@dw1.io> * test(headless): add headless-dsl integration test Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-10 20:16:35 +05:30
Sandeep Singh	04db1bb21d	feat: added rebuildGenerators for misc rebuilding (#6037 ) Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-02-08 21:05:23 +05:30
kilavvy	82a5d35241	fix: typos in documentation files (#6027 ) * Update generator.go * Update README.md	2025-02-04 13:44:52 +05:30
Sandeep Singh	53748c47d8	Misc sdk changes (#6018 ) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-01-31 18:53:55 +05:30
Dwi Siswanto	052fd8b79a	feat(hosterrorscache): add `Remove` and `MarkFailedOrRemove` methods (#5984 ) * feat(hosterrorscache): add `Remove` and `MarkFailedOrRemove` methods and also deprecating `MarkFailed` Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(): unwraps `hosterrorscache\.MarkFailed` invocation Signed-off-by: Dwi Siswanto <git@dw1.io> feat(hosterrorscache): add sync in `Check` and `MarkFailedOrRemove` methods * test(hosterrorscache): add concurrent test for `Check` method * refactor(hosterrorscache): do NOT change `MarkFailed` behavior Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(*): use `MarkFailedOrRemove` explicitly Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-01-31 15:46:57 +05:30
piguagua	5a52e93113	chore: fix some function names in comment (#5986 ) Signed-off-by: piguagua <piguagua@aliyun.com>	2025-01-31 13:31:09 +05:30
Dogan Can Bakir	d77eab6e87	Ensure Headless protocol accesses flow protocol variables (#6003 )	2025-01-31 13:29:11 +05:30
Shubham Rasal	540711cf9d	fix missing event for multi protocol (#5995 ) Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2025-01-31 13:27:56 +05:30
Roy Reznik	dac38732dc	stop using deprecated mholt/archiver (#5951 ) * stop using deprecated mholt/archiver * Fix CR * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2025-01-31 13:27:16 +05:30
Dwi Siswanto	265051fdf3	feat(templates): rm string conversion (#6016 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-01-31 01:22:25 +05:30

1 2 3 4 5 ...

535 Commits