External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 16:05:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,674 Commits 49 Branches 135 Tags
Commit Graph

5674 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
sandeep
ba0f995a38 Merge remote-tracking branch 'origin' v3.4.5 2025-06-17 05:12:14 +05:30
sandeep
5af6feb889 version update 2025-06-17 05:12:02 +05:30
Eric Gruber
b95b04fc4d
feat: add EnableMatcherStatus function to configure matcher status in NucleiEngine (#6191) 2025-06-17 05:08:01 +05:30
Dwi Siswanto
61bcf0f10e
feat(headless): store responses (#6247) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-17 05:00:31 +05:30
Dwi Siswanto
a326f3925c
fix(tmplexec): memory blowup in multiproto (#6258) 
* bugfix: fix memory blowup using previousEvent for multi-proto execution

* refactor(tmplexec): uses supported protocol types

Signed-off-by: Dwi Siswanto <git@dw1.io>

* add co-author

Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(tmplexec): mv builder inside loop scope

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(tmplexec): skip existing keys in `FillPreviousEvent`

The `FillPreviousEvent` func was modified to
prevent overwriting/duplicating entries in the
previous map.

It now checks if a key `k` from
`event.InternalEvent` already exists in the
previous map. If it does, the key is skipped. This
ensures that if `k` was already set (potentially
w/o a prefix), it's not re-added with an `ID_`
prefix.

Additionally, keys in `event.InternalEvent` that
already start with the current `ID_` prefix are
also skipped to avoid redundant prefixing.

This change simplifies the logic by removing the
`reqTypeWithIndexRegex` and directly addresses the
potential for duplicate / incorrectly prefixed
keys when `event.InternalEvent` grows during
protocol request execution.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(tmplexec): naming convention, `ID` => `protoID`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(tmplexec): it's request ID lol sorry

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
 2025-06-17 04:53:32 +05:30
Dwi Siswanto
797ceb57db
fix(authx): JSON unmarshalling for Dynamic auth type (#6268) 
* fix(authx): JSON unmarshalling for Dynamic auth type

Correcting the `UnmarshalJSON` method to properly
unmarshal JSON, particularlyaddressing the
population of the embedded `Secret` field. This
was achieved by using a type alias to avoid
recursive calls and rely on default unmarshalling
behavior.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(authx): adds nil Dynamic struct check

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-06-17 04:48:05 +05:30
Shubham Rasal
f89a6d33e9
Use proxy for dns and ssl templates (#6255) 
* Use proxy for dns and ssl templates

- while using template execute level function we need to override custom dialer

* rename overridedialer to customdialer

* Add proxy into hash

- proxy client is shared between non proxy requests

* add dialer into request object

- use request.dialer instead of global variable

* resolve comments

* rename dialer
 2025-06-16 22:24:52 +05:30
sandeep
fc6d5a7773 improved logging 2025-06-16 20:06:17 +05:30
Dogan Can Bakir
a4859df5e9
Merge pull request #6243 from tongjicoder/dev 
refactor: use slices.Contains to simplify code
 2025-05-27 15:48:20 +03:00
Dogan Can Bakir
85c709ea22
Merge pull request #6245 from projectdiscovery/bump_dsl_pkg 
bump dsl pkg
 2025-05-27 15:44:39 +03:00
Doğan Can Bakır
ec353f534c
bump dsl pkg 2025-05-27 21:42:33 +09:00
tongjicoder
3be29abfc9 refactor: use slices.Contains to simplify code 
Signed-off-by: tongjicoder <tongjicoder@icloud.com>
 2025-05-27 17:16:26 +08:00
Reynaldo Jarro
8a13639b62
fixing missing symbol (#6242) 2025-05-27 14:32:25 +05:30
Dogan Can Bakir
37fa0c69ec
Merge pull request #6206 from 23kbps/dev 
Fix ingress template in helm chart
 2025-05-24 16:31:49 +03:00
Dogan Can Bakir
160eab998c
Merge pull request #6222 from fourcube/fix/slow-headless-start-and-shutdown 
fix: improve headless engine startup and shutdown
 2025-05-19 16:42:38 +03:00
Dogan Can Bakir
9dce36a0c8
Merge pull request #6233 from projectdiscovery/dwisiswant0/ci/adds-stale-workflow 
ci: adds stale workflow
 2025-05-19 16:13:09 +03:00
Nakul Bharti
242b1e1636
increase file descriptor limits (#6230) 
* add missing file

* increase file descriptor limit

* removed debugging code

* fixed lower case

* test: tweaks on script

* uses CI runtime env vars (`RUNNER_OS` &
  `RUNNER_DEBUG`)
* restores originial `ulimit`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2025-05-18 20:09:41 +05:30
Dwi Siswanto
21d376f194
ci: adds stale workflow 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-05-18 19:46:14 +07:00
Sandeep Singh
b611bf1207
Merge pull request #6224 from projectdiscovery/dev 
v3.4.4
v3.4.4 		2025-05-17 02:52:05 +05:30
Dwi Siswanto
3957237199
fix(openapi): handles nil schema & schema values (#6228) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-05-17 00:46:41 +05:30
Dogan Can Bakir
40e29f1095
Merge pull request #6226 from heywoodlh/docker-golang-bump 
bump golang in dockerfile: 1.22 => 1.23
 2025-05-15 17:51:24 +03:00
Doğan Can Bakır
ebab60f9cd
Revert "update dockerfile golang version" 
This reverts commit 740a3732af27711873eac282fbaea7c0d98b9574.
 2025-05-15 21:48:45 +07:00
Doğan Can Bakır
740a3732af
update dockerfile golang version 2025-05-15 21:46:06 +07:00
Spencer Heywood
ef05aac4e5
bump golang in dockerfile: 1.22 => 1.23 2025-05-15 08:40:27 -06:00
Doğan Can Bakır
2c1cd27e2c
update version 2025-05-15 19:42:20 +07:00
circleous
b03c30418b
fix: fallback set SNI to host if not specified when using socks proxy (#6218) 2025-05-15 16:46:49 +05:30
proabiral
44e58f1d3b
Update README.md with new required go version (#6223) 
latest version of nuclei requires 1.23. 

2.023 go: github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest: github.com/projectdiscovery/nuclei/v3@v3.4.3 requires go >= 1.23.0 (running go 1.22.2; GOTOOLCHAIN=local)
 2025-05-15 15:43:11 +05:30
Chris Grieger
bc551fc3f1 fix: improve headless engine startup and shutdown 
Fixes #6221

Instead of enumerating all chrome processes to determine
which ones need to be killed on shutdown, use the launcher.Kill()
method to terminate the process that was launched for this
browser instance.
 2025-05-14 16:14:21 +02:00
dependabot[bot]
f52ffad5a8
Merge pull request #6215 from projectdiscovery/dependabot/go_modules/dev/modules-af626aeeeb 2025-05-14 04:04:49 +00:00
dependabot[bot]
36a3dab264
chore(deps): bump the modules group with 3 updates 
Bumps the modules group with 3 updates: [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy).


Updates `github.com/projectdiscovery/utils` from 0.4.18 to 0.4.19
- [Release notes](https://github.com/projectdiscovery/utils/releases)
- [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md)
- [Commits](https://github.com/projectdiscovery/utils/compare/v0.4.18...v0.4.19)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.27 to 0.2.28
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.27...v0.2.28)

Updates `github.com/projectdiscovery/networkpolicy` from 0.1.13 to 0.1.14
- [Release notes](https://github.com/projectdiscovery/networkpolicy/releases)
- [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.13...v0.1.14)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/utils
  dependency-version: 0.4.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/networkpolicy
  dependency-version: 0.1.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-12 05:10:38 +00:00
sandeep
95fad48438 Merge remote-tracking branch 'origin' v3.4.3 2025-05-08 19:03:49 +05:30
sandeep
6d25a5c8ca version update 2025-05-08 19:02:47 +05:30
dependabot[bot]
3bb44d588f
chore(deps): bump the modules group with 4 updates (#6207) 
Bumps the modules group with 4 updates: [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go), [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck).


Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.110 to 1.0.111
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.110...v1.0.111)

Updates `github.com/projectdiscovery/gologger` from 1.1.53 to 1.1.54
- [Release notes](https://github.com/projectdiscovery/gologger/releases)
- [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.53...v1.1.54)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.25 to 0.2.27
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.25...v0.2.27)

Updates `github.com/projectdiscovery/cdncheck` from 1.1.15 to 1.1.17
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.15...v1.1.17)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.0.111
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/gologger
  dependency-version: 1.1.54
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.1.17
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-05-07 18:04:33 +05:30
Sandeep Singh
4801cc65ef
feat: fixed max-host-error blocking + progress mismatch + misc (#6193) 
* feat: fixed max-host-error blocking wrong port for template with error

* feat: log total results with time taken at end of execution

* bugfix: skip non-executed requests with progress in flow protocol

* feat: fixed request calculation in http protocol for progress

* misc adjustments

---------

Co-authored-by: Ice3man <nizamulrana@gmail.com>
 2025-05-07 17:22:15 +05:30
23kbps
a7a009084c
Fix ingress template in helm chart 2025-05-03 15:28:18 +07:00
Mzack9999
b9d0f2585f
Merge pull request #6200 from projectdiscovery/msssql-exec-query-support 
feat: added support to mssql for execute query
 2025-05-01 23:19:03 +02:00
Mzack9999
088425d351 adding mssql check 2025-05-01 22:44:29 +02:00
pussycat0x
cbf57ef889
Update ldap.go (#6202) 2025-04-30 14:10:44 +05:30
Ice3man
b14e634047 feat: added support to mssql for execute query 2025-04-28 18:56:35 +05:30
Dogan Can Bakir
c4c1496ef8
print verbose output in case of -duc (#6195) 
* print verbose output in case of -duc

* minor
 2025-04-28 17:04:33 +05:30
dependabot[bot]
d8b7c64817
Merge pull request #6198 from projectdiscovery/dependabot/go_modules/dev/modules-30398bd4ba 2025-04-28 05:16:24 +00:00
ghost
57050efee9 chore(deps): go mod tidy 2025-04-28 05:10:42 +00:00
dependabot[bot]
c00dbe06aa
chore(deps): bump the modules group across 1 directory with 12 updates 
Bumps the modules group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) | `0.0.87` | `0.0.88` |
| [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) | `1.0.98` | `1.0.99` |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.108` | `1.0.110` |
| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.4.0` | `0.4.2` |
| [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) | `1.6.10` | `1.7.0` |
| [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) | `0.0.79` | `0.0.80` |
| [github.com/projectdiscovery/useragent](https://github.com/projectdiscovery/useragent) | `0.0.99` | `0.0.100` |
| [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.12` | `0.1.13` |



Updates `github.com/projectdiscovery/hmap` from 0.0.87 to 0.0.88
- [Release notes](https://github.com/projectdiscovery/hmap/releases)
- [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.87...v0.0.88)

Updates `github.com/projectdiscovery/retryabledns` from 1.0.98 to 1.0.99
- [Release notes](https://github.com/projectdiscovery/retryabledns/releases)
- [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.98...v1.0.99)

Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.108 to 1.0.110
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.108...v1.0.110)

Updates `github.com/projectdiscovery/dsl` from 0.4.0 to 0.4.2
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.4.0...v0.4.2)

Updates `github.com/projectdiscovery/gologger` from 1.1.52 to 1.1.53
- [Release notes](https://github.com/projectdiscovery/gologger/releases)
- [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.52...v1.1.53)

Updates `github.com/projectdiscovery/httpx` from 1.6.10 to 1.7.0
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml)
- [Commits](https://github.com/projectdiscovery/httpx/compare/v1.6.10...v1.7.0)

Updates `github.com/projectdiscovery/ratelimit` from 0.0.79 to 0.0.80
- [Release notes](https://github.com/projectdiscovery/ratelimit/releases)
- [Commits](https://github.com/projectdiscovery/ratelimit/compare/v0.0.79...v0.0.80)

Updates `github.com/projectdiscovery/useragent` from 0.0.99 to 0.0.100
- [Release notes](https://github.com/projectdiscovery/useragent/releases)
- [Commits](https://github.com/projectdiscovery/useragent/compare/v0.0.99...v0.0.100)

Updates `github.com/projectdiscovery/utils` from 0.4.17 to 0.4.18
- [Release notes](https://github.com/projectdiscovery/utils/releases)
- [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md)
- [Commits](https://github.com/projectdiscovery/utils/compare/v0.4.17...v0.4.18)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.24 to 0.2.25
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.24...v0.2.25)

Updates `github.com/projectdiscovery/cdncheck` from 1.1.14 to 1.1.15
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.14...v1.1.15)

Updates `github.com/projectdiscovery/networkpolicy` from 0.1.12 to 0.1.13
- [Release notes](https://github.com/projectdiscovery/networkpolicy/releases)
- [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.12...v0.1.13)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/hmap
  dependency-version: 0.0.88
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryabledns
  dependency-version: 1.0.99
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.0.110
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/dsl
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/gologger
  dependency-version: 1.1.53
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/httpx
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/ratelimit
  dependency-version: 0.0.80
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/useragent
  dependency-version: 0.0.100
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/utils
  dependency-version: 0.4.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.1.15
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/networkpolicy
  dependency-version: 0.1.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-28 05:07:38 +00:00
Dogan Can Bakir
24311cc28e
Merge pull request #6186 from projectdiscovery/dwisiswant0/chore/bump-echo-framework 
chore: bump echo framework
 2025-04-22 11:07:22 +03:00
Mehran Seifalinia
d0e289ea3d
Fix incorrect usage of os.MkdirTemp pattern and redundant redefinition of defaultOpts (#6183) 
* Fix incorrect usage of os.MkdirTemp pattern

- Replaced the incorrect pattern "nuclei-nvd-%s" with a correct one "nuclei-nvd" in the os.MkdirTemp function call.

NOTE: The incorrect usage of %s in os.MkdirTemp caused it to be ignored, leading to potential issues with naming conventions for temporary directories and confusion in directory structure. The original function attempted to use string interpolation in a context where Go doesn't support it in os.MkdirTemp, which could result in unexpected behavior or errors when the directory name is processed.

* Removed redundant redefinition of defaultOpts in init()

- Redefining defaultOpts inside init() could lead to confusion, as it hides the global variable, causing the changes to be applied only within the init() scope and potentially causing unexpected behavior in other parts of the program.
 2025-04-21 18:18:14 +05:30
Dwi Siswanto
0022bcbdf9
chore: bump echo framework 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-04-21 08:49:57 +07:00
Dogan Can Bakir
ffb0a92216
Merge pull request #6088 from projectdiscovery/fix_interactsh_for_js 
fix unresolved `interactsh-url` for js templates
 2025-04-17 11:03:32 +03:00
Mzack9999
41bd74ba96
Merge pull request #6167 from Marmelatze/offlinehttp-extractor 
fix: default offlinehttp extractor without part to body like requests
 2025-04-14 16:25:42 +02:00
dependabot[bot]
3e309a3a57
Merge pull request #6166 from projectdiscovery/dependabot/go_modules/dev/modules-6c37ca607d 2025-04-14 08:59:03 +00:00
Florian Pfitzer
c0b5c29d3b
fix: default offlinehttp extractor without part to body like requests 2025-04-14 09:13:11 +02:00