nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-27 16:15:25 +00:00

Author	SHA1	Message	Date
lu4nx	5ab39fca25	Fix 'reference' info nil pointer dereference. (#4005 ) (#4006 ) * Fix 'reference' info nil pointer dereference. (#4005) * test path update * test fixes --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-07-30 13:02:50 +05:30
Mzack9999	d83c2dd8dd	converting dsl tests to new struct (#4003 )	2023-07-28 22:50:52 +05:30
Dogan Can Bakir	163bc22281	add headless options flag (#3951 ) * add headless options flag * disable some tests for windows * disable interactsh tests on darwin * disable network/hex.yaml on windows * make DisableOn func	2023-07-28 21:20:57 +05:30
Tarun Koyalwar	6bdef68734	ignore version parsing error (#3984 ) * ignore version parsing error * hide no parameter error * integration test+ DEBUG.md * typo fix in DEBUG.md * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-07-28 21:04:02 +05:30
Mzack9999	16894cf0e0	fixing certificate expiration date (#3995 )	2023-07-28 19:22:14 +05:30
Mzack9999	66f0dc735c	Adding jarm helper via dsl (#3906 ) * Adding jarm helper via dsl * adding test * removing debug file * fixing tests --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2023-07-14 21:24:12 +05:30
Mzack9999	3dca03163c	Automatic target merge in network templates (#3904 ) * skip visited actual addressess * removed test * adding disable clustering support	2023-07-06 21:33:52 +05:30
Ramana Reddy	6707bc777a	fix showing multiple failure matches per template on -ms set (#3770 ) * fix showing multiple failure matchers per template add integration test * exclude AS134029 from unit test * Add flag for match status per request * chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#3777) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v3.4.0...v3.5.0) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/xanzy/go-gitlab in /v2 (#3778) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.83.0 to 0.84.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 in /v2 (#3780) Bumps [github.com/spf13/cast](https://github.com/spf13/cast) from 1.5.0 to 1.5.1. - [Release notes](https://github.com/spf13/cast/releases) - [Commits](https://github.com/spf13/cast/compare/v1.5.0...v1.5.1) --- updated-dependencies: - dependency-name: github.com/spf13/cast dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * enable no-httpx when passive scan is launched (#3789) * chore(deps): bump github.com/projectdiscovery/fastdialer from 0.0.26 to 0.0.28 in /v2 (#3779) * chore(deps): bump github.com/projectdiscovery/fastdialer in /v2 Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) from 0.0.26 to 0.0.28. - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.0.26...v0.0.28) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump retryabledns to 0.28 * Update the retryabledns --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> * deprecatedProtocolNameTemplates concurrent map writes (#3785) * deprecatedProtocolNameTemplates * use syncLock * fix lint error * change version in deprecated warning msg * comment asnmap expand unit test --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> * Issue 3339 headless fuzz (#3790) * Basic headless fuzzing * Remove debug statements * Add integration tests * Update template * Fix recognize payload value in matcher * Update tempalte * use req.SetURL() --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> * Auto Generate Syntax Docs + JSONSchema [Fri Jun 9 00:23:32 UTC 2023] 🤖 * Add headless header and status matchers (#3794) * add headless header and status matchers * rename headers as header * add integration test for header+status * fix typo * chore(deps): bump golang from 1.20.4-alpine to 1.20.5-alpine (#3809) Bumps golang from 1.20.4-alpine to 1.20.5-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/go-playground/validator/v10 in /v2 (#3810) Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.11.2 to 10.14.1. - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](https://github.com/go-playground/validator/compare/v10.11.2...v10.14.1) --- updated-dependencies: - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/projectdiscovery/rawhttp in /v2 (#3811) Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp) from 0.1.11 to 0.1.13. - [Release notes](https://github.com/projectdiscovery/rawhttp/releases) - [Commits](https://github.com/projectdiscovery/rawhttp/compare/v0.1.11...v0.1.13) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/rawhttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 in /v2 (#3812) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/projectdiscovery/hmap in /v2 (#3781) Bumps [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) from 0.0.11 to 0.0.13. - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.11...v0.0.13) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/hmap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Using safe dereferencing * adding comment * fixing and condition * fixing test id * adding integration test * update goflags dependency * update goflags dependency * bump goflags v0.1.9 => v0.1.10 * handle failure matcher flags logic at executor itself * add integration test to matcher status per request * Adding random tls impersonate (#3844) * adding random tls impersonate * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * Use templateman enhance api to populate CVE info (#3788) * use templateman enhance api to populate cve info * rename cve-annotate => tmc add additional flags to format, lint and enhance template using templateman apis * minior changes * remove duplicate code * misc update * Add validate and error log option * print if updated * print format and enhance only if updated * make max-request optional * fix reference unmarshal error * fix removing self-contained tag --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> * fix matcher status with network protocol * fix test * remove -msr flag --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> Co-authored-by: 三米前有蕉皮 <kali-team@qq.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Co-authored-by: Shubham Rasal <shubham@projectdiscovery.io> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2023-06-30 23:32:00 +05:30
Mzack9999	c9d0942bc1	Extend headless contextargs (#3850 ) * extend headless contextargs * using darwin-latest * grouping page options * temp commenting code out * fixing test * adding more checks * more checks * fixing first navigation metadata * adding integration test * proto update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-06-26 22:55:51 +05:30
Mzack9999	fa199ed3b3	Improving clientpool with client certificates (#3851 ) * Improving clientpool with client certificates * adding test case * Revert "Merge branch 'dev' into issue-3800-client-cert" This reverts commit 7f057d742f4b9bda8e83b2052e29617b86b6776d, reversing changes made to 7297cebcf8bb0f88961b644fc2ac7c040df8ffd9. * Revert "Revert "Merge branch 'dev' into issue-3800-client-cert"" This reverts commit 2053a248a0cdc2002e0b4b4faa3472cf11c29760. * go fmt --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-06-26 17:45:12 +05:30
Ramana Reddy	cddae989f3	Add template option to disable merging target url path with raw request path (#3799 ) * add template option to disable merging target url path with raw request path * rename disable-merge-path -> disable-path-automerge add integration test	2023-06-19 20:22:17 +05:30
Mzack9999	200faa107e	adding integration test	2023-06-13 17:27:26 +02:00
Dogan Can Bakir	a4ca2021cd	Add headless header and status matchers (#3794 ) * add headless header and status matchers * rename headers as header * add integration test for header+status * fix typo	2023-06-09 15:03:03 +05:30
Shubham Rasal	a34b94e62f	Issue 3339 headless fuzz (#3790 ) * Basic headless fuzzing * Remove debug statements * Add integration tests * Update template * Fix recognize payload value in matcher * Update tempalte * use req.SetURL() --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-06-09 05:50:44 +05:30
Keith Chason	4d6080f3bc	"Executer" to "Executor" (#3760 ) * Fix spelling of "executer" to "executor" * minor change: use defer file.Close() --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-06-01 02:28:10 +05:30
Mzack9999	0d2d510689	Adding support for constants (#3692 ) * adding support for constants * fixing typo * adding integration test * fixing lint issues * fixing template syntax	2023-05-25 22:02:35 +05:30
Shubham Rasal	9c2fa8f9c4	Add payload in dns protocol (#3632 ) * add execute function in dns * Add payload in dns protocol * Add integration test to cover dns payload - also check command line overriding a payload variable * Update matchedAt and remove trailing dot * Consider payload data for request count - Update verbose output to print question - Update dns requests Requests function to consider payload data * update gitignore * bump nuclei version to v2.9.4-dev --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-05-11 03:26:29 +05:30
Shubham Rasal	449afc0c5c	Issue 3564 var override (#3599 ) * Check if the variables are override by other means - you can override the template variable value using command line flags * Update lazy eval logic - previously, we were checking any function/expression in variable - now, update the logic, lazy eval only if variable contains any protocol variable(global) * add integration tests * Add test to check the dsl function working in variable * gather all generate variables logic in utils * go mod update * Refactor the generate variables function * go mod update+ fix typo --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-05-02 23:49:56 +05:30
Shubham Rasal	f640187709	Expose DNS fields for matchers and extractors (#3613 ) * Extend dns extractor to dns answer records * add test template * Ignore error for dns variables are not found * Add all the records of answer section * Fixed the wrong typecasting	2023-05-02 17:13:11 +05:30
Tarun Koyalwar	7f5e4e2336	aws signer: fix missing x-content-sha256 header (#3601 ) * fix missing x-content-sha256 header * fix variable priority in self-contained templates * remove debug statement * adds generic raw request parser for self-contained req * more integration tests * bug fix: 10x faster race requests * fix failing integration test	2023-05-01 12:15:35 +05:30
Tarun Koyalwar	4e6ef4490e	duplicated params in self contained requests (#3608 ) * fix duplicated params in self-contained+ export extracted values to file * add integration tests + fix percentage overflow in pb * fix integration test template id * integration test: validate if file exists	2023-04-26 12:35:07 +05:30
Tarun Koyalwar	bf08913cd0	update logic + config management refactor (#3567 ) * adds template manager * refactor: checkpoint * centrailized config & template download logic * refactor removed unused code * use global template directory * update related bug fixes * bug fix create cfg dir if missing * fix lint error * bug fix skip writing template dir in callback * misc update * remove unused code * use strings.equalfold for comparison --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-04-19 21:58:48 +05:30
Mzack9999	6f4b1ae48a	Replacing ccache with generic gcache (#3523 ) * Replacing ccache with generic gcache * fixing lint issues * removing unecessary hashing + using errorutils * making test more tolerant * removing dead code + refactor * removing redundant code * removing race * maint * moving code * adding more iterations * note + typo * temporary fixing stop-at-first-match with interact * wrapping internal map with mux * sort before running integration test * fix deadlock in requestShouldStopAtFirstMatch * add timeout to integration_test workflow * attempting to remove outer lock * adds interactsh protocol tests in integration_test --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-04-16 23:19:35 +05:30
Shubham Rasal	45cc676f96	Evaluate payload variables (#3503 ) * Evaluate payload variables * Add variables evaluation * Extend variables test - to check evaluation of global variables in variables - to check evaluation of golbal variables in payload * Add default and cli variables to websocket, whois and dns proto - use url.Parse with urlutil.Parse	2023-04-12 01:50:58 +05:30
Tarun Koyalwar	a185348194	fix integration test (#3506 ) * fix integration test * fix interactsh fatal error	2023-04-04 10:09:52 +08:00
Mzack9999	1b7585476e	simplify execution logic	2023-03-17 17:31:28 +01:00
Mzack9999	6a0db1c234	restoring tests	2023-03-17 16:56:14 +01:00
Mzack9999	c115768b8e	investigating tests	2023-03-17 15:39:12 +01:00
Ramana Reddy	c9634fae72	Issue 3350 matcher condition or not work (#3397 ) * fix or condition match even interactsh includes as matcher-part (#3350) * add integration test * add new template to integration test * matcher-condtion: test case for both conditions * fix lint errors * upgrade dependencies --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-03-15 20:45:44 +05:30
Mzack9999	0bf8fc027d	Fixing nil pointer reference + use map helper (#3421 ) * Fixing nil pointer reference + use map helper * bump tlsx version to v1.0.6 * increase interactsh polling in integration_test * fix nil pointer dereference in integration_test * fix lint error --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-03-14 21:27:48 +05:30
Austin Traver	0d90a555f6	adds `-track-error` option to add custom errors to max-host-error watchlist (#3399 ) * Allow user to specify for "context deadline exceeded" errors to count toward the max host error count * Convert flag to a string slice `--track-error` * Minimize diff * Add documentation for `-track-error` * adds unit test & minor improvements * update flag description --------- Co-authored-by: Austin Traver <austin_traver@intuit.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-03-14 13:59:42 +05:30
Shubham Rasal	572c8eb780	Issue 2987 fuzz options (#3355 ) * Add override fuzzing type and mode flags * Update english readme * Fix failing tests * Add the integration tests - validate the command line overriding type and mode for fuzzing	2023-03-06 16:56:38 +05:30
Tarun Koyalwar	d9e953acfa	fix file input in custom vars for self contained http template (#3385 ) * fix file input in variables(-V) * fix lint error * fix nuclei-ignore file failures	2023-03-04 04:57:27 +05:30
xm1k3	bab15e122b	http.DefaultClient replaced with retryablehttp	2023-03-02 21:21:04 +01:00
Mzack9999	d80cbef51d	Merge pull request #3333 from CodFrm/main fix some json deserialization issues	2023-02-28 09:02:04 +01:00
Tarun Koyalwar	21b03a2e8a	bug fix in url path and adds integration tests (#3331 ) * fix unsafe edgecases+ adds integration test * bug fixes and more url testcases * upgrade cfssl * fix template id in integration test	2023-02-20 22:26:04 +05:30
王一之	10693efa05	add integration tests	2023-02-17 14:23:28 +08:00
xm1k3	cc2f796d2f	Helper function for IP Formats (#3286 ) * implemented ip_format helper function * added tests on ip_format() helper * fixes on logic * fixes related to mapcidr docs * better error value * fixes + unit test to check index 11 * added call for integration tests * fixes on dsl-functions number --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2023-02-17 01:47:40 +05:30
Mzack9999	d608ffaeb2	clear after stop (#3312 ) * clear after stop * fixing data races * adding atomic cache * fixing lint errors * fixing imports	2023-02-13 16:46:41 +05:30
Tarun Koyalwar	628628893c	fix make http request inconsistencies (#3243 ) * fix make http request inconsistencies * remove parameters from http vars * fix trailingslash unit test * naming conventions: best practices * fix publish docs action * remove branch ref from push	2023-02-01 17:23:28 +05:30
Tarun Koyalwar	0b2a3e296a	fix url encoding issues and inconsistencies (#3211 ) * fix url encoding issues * complete requested changes and improvements * fix missing issue-tracker-config.yaml * fuzz: deepcopy and use urlutil.Params	2023-01-24 22:04:52 +05:30
Mzack9999	d956275e98	Adding content length edge cases (#3147 ) * adding content length edge cases * fixing CL behavior * suppressing -1 error * fixing path	2023-01-07 18:06:44 +05:30
Mzack9999	a96f764959	extending request/response hijacking with native calls (#3091 ) * extending request/response hijacking with native calls * fixing tests	2023-01-05 17:26:18 +05:30
Sandeep Singh	c273cbc8cb	Merge pull request #3134 from projectdiscovery/issue-3131-unused-code Removing unused code in integration tests	2023-01-04 11:59:12 +05:30
Tarun Koyalwar	e66ed30cec	fix missing trailing slash (#3127 ) * raw: fix missing trailing slash * adds rawpath integration test * rename trailing slash test	2023-01-03 23:45:34 +05:30
Mzack9999	463f4dd8c8	removing unused code in integration tests	2023-01-03 08:24:33 +01:00
Taufik Mulyana	7093180b6d	Add support to query DNS TLSA record (#3054 ) * Add support to query DNS TLSA record * fix build test * fix ci-lint * set expected to 0 * test domain update Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2022-12-28 21:12:02 +05:30
Mzack9999	34976029d3	removing most go routine leaks (#3073 ) Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2022-12-24 19:22:14 +05:30
xm1k3	bbb561b097	CLI variables are not accessible in SSL Protocol (#3069 ) * added vars payload also in ssl * fix on ssl.go, moved function on payloadValues creation * added integration test * rebase + minor changes Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2022-12-21 02:02:18 +05:30
Ice3man	3904d541be	Added http probing to clustering + add disable-clustering flag (#3019 ) * Added http probing to clustering + add disable-clustering flag * misc update * Commented out failing test * Fixed lint error Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2022-12-11 18:06:21 +05:30

1 2 3 4

170 Commits