admin/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2026-01-31 15:53:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,108 Commits 54 Branches 141 Tags
dev
Commit Graph

6108 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
e514c31492 chore(deps): bump the modules group with 8 updates (#6791) 
Bumps the modules group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) | `1.0.112` | `1.0.113` |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.3.4` | `1.3.5` |
| [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) | `1.7.4` | `1.8.1` |
| [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.33` | `0.1.34` |
| [github.com/projectdiscovery/useragent](https://github.com/projectdiscovery/useragent) | `0.0.106` | `0.0.107` |
| [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) | `0.8.1-0.20260112120846-c41994e3635c` | `0.9.0` |
| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.64` | `0.2.65` |
| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.19` | `1.2.20` |


Updates `github.com/projectdiscovery/retryabledns` from 1.0.112 to 1.0.113
- [Release notes](https://github.com/projectdiscovery/retryabledns/releases)
- [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.112...v1.0.113)

Updates `github.com/projectdiscovery/retryablehttp-go` from 1.3.4 to 1.3.5
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.3.4...v1.3.5)

Updates `github.com/projectdiscovery/httpx` from 1.7.4 to 1.8.1
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Commits](https://github.com/projectdiscovery/httpx/compare/v1.7.4...v1.8.1)

Updates `github.com/projectdiscovery/networkpolicy` from 0.1.33 to 0.1.34
- [Release notes](https://github.com/projectdiscovery/networkpolicy/releases)
- [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.33...v0.1.34)

Updates `github.com/projectdiscovery/useragent` from 0.0.106 to 0.0.107
- [Release notes](https://github.com/projectdiscovery/useragent/releases)
- [Commits](https://github.com/projectdiscovery/useragent/compare/v0.0.106...v0.0.107)

Updates `github.com/projectdiscovery/utils` from 0.8.1-0.20260112120846-c41994e3635c to 0.9.0
- [Release notes](https://github.com/projectdiscovery/utils/releases)
- [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md)
- [Commits](https://github.com/projectdiscovery/utils/commits/v0.9.0)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.64 to 0.2.65
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.64...v0.2.65)

Updates `github.com/projectdiscovery/cdncheck` from 1.2.19 to 1.2.20
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.19...v1.2.20)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryabledns
  dependency-version: 1.0.113
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.3.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/httpx
  dependency-version: 1.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/networkpolicy
  dependency-version: 0.1.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/useragent
  dependency-version: 0.0.107
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/utils
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.65
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.2.20
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-26 06:30:53 +00:00
Dogan Can Bakir
a91942bc94 Merge pull request #6784 from projectdiscovery/fix-resume-file-path 
fix resume file path condition
 2026-01-21 22:23:28 +07:00
Doğan Can Bakır
5374bbce0c fix resume file path condition 2026-01-21 16:20:52 +03:00
Doğan Can Bakır
c58a78604b bump version 2026-01-21 15:29:20 +03:00
Doğan Can Bakır
ae2578fdb4 bump version 2026-01-21 15:20:02 +03:00
Mzack9999
3ca3c16897 Merge pull request #6774 from projectdiscovery/dwisiswant0/fix/templates/segfault-in-workflow-parsing-with-global-matchers-templates 
fix(templates): segfault in workflow parsing with global-matchers templates
 2026-01-21 16:10:55 +04:00
Mzack9999
39f67eda1b Merge pull request #6779 from projectdiscovery/dwisiswant0/perf/cache-template-signature-verification 
perf: cache template signature verification
 2026-01-21 16:09:49 +04:00
Dogan Can Bakir
52bade5a39 Merge pull request #6776 from projectdiscovery/fix/tcp-inputs-variable-resolution 
fix(network): pass template variables to tcp inputs pre-compilation
 2026-01-21 18:52:27 +07:00
Dwi Siswanto
4534e9cb30 perf: cache template signature verification 
to avoid redundant ECDSA checks.

Add `protocols.TemplateVerification` & callback
mechanism to `protocols.ExecutorOptions` to enable
reusing cached verification data from the metadata
index. Also updating internal
`templates.parseTemplate` func to skip ECDSA
verification when cached data is any, and wire the
callback in `loader.New` for metadata-backed
lookups.

Proof:

```
$ go tool pprof -list "signer\..*" -base 3.6.2.cpu patch.cpu
Total: 34.78s
ROUTINE ======================== github.com/projectdiscovery/nuclei/v3/pkg/templates/signer.(*TemplateSigner).Verify in /home/dw1/Development/PD/nuclei/pkg/templates/signer/tmpl_signer.go
         0     -1.75s (flat, cum)  5.03% of Total
         .          .    131:func (t *TemplateSigner) Verify(data []byte, tmpl SignableTemplate) (bool, error) {
         .      -70ms    132:	signature, content := ExtractSignatureAndContent(data)
         .          .    133:	if len(signature) == 0 {
         .          .    134:		return false, errors.New("no signature found")
         .          .    135:	}
         .          .    136:
         .          .    137:	if !bytes.HasPrefix(signature, []byte(SignaturePattern)) {
         .          .    138:		return false, errors.New("signature must be at the end of the template")
         .          .    139:	}
         .          .    140:
         .          .    141:	digestData := bytes.TrimSpace(bytes.TrimPrefix(signature, []byte(SignaturePattern)))
         .          .    142:	// remove fragment from digest as it is used for re-signing purposes only
         .          .    143:	digestString := strings.TrimSuffix(string(digestData), ":"+t.GetUserFragment())
         .      -20ms    144:	digest, err := hex.DecodeString(digestString)
         .          .    145:	if err != nil {
         .          .    146:		return false, err
         .          .    147:	}
         .          .    148:
         .          .    149:	// normalize content by removing \r\n everywhere since this only done for verification
         .          .    150:	// it does not affect the actual template
         .      -40ms    151:	content = bytes.ReplaceAll(content, []byte("\r\n"), []byte("\n"))
         .          .    152:
         .          .    153:	buff := bytes.NewBuffer(content)
         .          .    154:	// if file has any imports process them
         .          .    155:	for _, file := range tmpl.GetFileImports() {
         .          .    156:		bin, err := os.ReadFile(file)
         .          .    157:		if err != nil {
         .          .    158:			return false, err
         .          .    159:		}
         .          .    160:		buff.WriteRune('\n')
         .          .    161:		buff.Write(bin)
         .          .    162:	}
         .          .    163:
         .     -1.62s    164:	return t.verify(buff.Bytes(), digest)
         .          .    165:}
         .          .    166:
         .          .    167:// Verify verifies the given data with the template signer
         .          .    168:// Note: this should not be used for verifying templates as file references
         .          .    169:// in templates are not processed
ROUTINE ======================== github.com/projectdiscovery/nuclei/v3/pkg/templates/signer.(*TemplateSigner).verify in /home/dw1/Development/PD/nuclei/pkg/templates/signer/tmpl_signer.go
         0     -1.62s (flat, cum)  4.66% of Total
         .          .    170:func (t *TemplateSigner) verify(data, signatureData []byte) (bool, error) {
         .      -50ms    171:	dataHash := sha256.Sum256(data)
         .          .    172:
         .          .    173:	var signature []byte
         .      -70ms    174:	if err := gob.NewDecoder(bytes.NewReader(signatureData)).Decode(&signature); err != nil {
         .          .    175:		return false, err
         .          .    176:	}
         .     -1.50s    177:	return ecdsa.VerifyASN1(t.handler.ecdsaPubKey, dataHash[:], signature), nil
         .          .    178:}
         .          .    179:
         .          .    180:// NewTemplateSigner creates a new signer for signing templates
         .          .    181:func NewTemplateSigner(cert, privateKey []byte) (*TemplateSigner, error) {
         .          .    182:	handler := &KeyHandler{}
ROUTINE ======================== github.com/projectdiscovery/nuclei/v3/pkg/templates/signer.ExtractSignatureAndContent in /home/dw1/Development/PD/nuclei/pkg/templates/signer/tmpl_signer.go
         0      -70ms (flat, cum)   0.2% of Total
         .          .     29:func ExtractSignatureAndContent(data []byte) (signature, content []byte) {
         .      -50ms     30:	dataStr := string(data)
         .      -20ms     31:	if idx := strings.LastIndex(dataStr, SignaturePattern); idx != -1 {
         .          .     32:		signature = []byte(strings.TrimSpace(dataStr[idx:]))
         .          .     33:		content = bytes.TrimSpace(data[:idx])
         .          .     34:	} else {
         .          .     35:		content = data
         .          .     36:	}
$ go tool pprof -list "crypto/ecdsa\.VerifyASN1" 3.6.2.cpu patch.cpu
Total: 34.80s
ROUTINE ======================== crypto/ecdsa.VerifyASN1 in /usr/local/go/src/crypto/ecdsa/ecdsa.go
         0      1.50s (flat, cum)  4.31% of Total
         .          .    500:func VerifyASN1(pub *PublicKey, hash, sig []byte) bool {
         .          .    501:	if boring.Enabled {
         .          .    502:		key, err := boringPublicKey(pub)
         .          .    503:		if err != nil {
         .          .    504:			return false
         .          .    505:		}
         .          .    506:		return boring.VerifyECDSA(key, hash, sig)
         .          .    507:	}
         .          .    508:	boring.UnreachableExceptTests()
         .          .    509:
         .          .    510:	switch pub.Curve.Params() {
         .          .    511:	case elliptic.P224().Params():
         .          .    512:		return verifyFIPS(ecdsa.P224(), pub, hash, sig)
         .          .    513:	case elliptic.P256().Params():
         .      1.50s    514:		return verifyFIPS(ecdsa.P256(), pub, hash, sig)
         .          .    515:	case elliptic.P384().Params():
         .          .    516:		return verifyFIPS(ecdsa.P384(), pub, hash, sig)
         .          .    517:	case elliptic.P521().Params():
         .          .    518:		return verifyFIPS(ecdsa.P521(), pub, hash, sig)
         .          .    519:	default:
```

This eliminates `TemplateSigner.Verify` (~1.75s)
and `crypto/ecdsa.VerifyASN1` (~1.50s) from the
hot path (read: reduces startup time).

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2026-01-21 15:08:47 +07:00
Dwi Siswanto
ee8287a7b7 fix(http): interactsh matching with payloads (#6778) 
* fix(http): interactsh matching with `payloads`

in parallel execution.

Templates using `payloads` with Interactsh
matchers failed to detect OAST interactions
because the parallel HTTP execution path (used
when `payloads` are present) did not register
Interactsh request events, unlike the seq path.

This caused incoming interactions to lack
associated request context, preventing matchers
from running and resulting in missed detections.

Fix #5485 by wiring
`(*interactsh.Client).RequestEvent` registration
into the parallel worker goroutine, make sure both
execution paths handle Interactsh correlation
equally.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test: add interactsh with `payloads` integration

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test: disable interactsh-with-payloads

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2026-01-21 12:47:47 +07:00
Dogan Can Bakir
9c951a2ee1 Merge pull request #6763 from projectdiscovery/feat/replace-burpxml-with-utils 
refactor(burp): replace seh-msft/burpxml with utils package
 2026-01-19 17:51:15 +07:00
Doğan Can Bakır
6a509fa1c7 fix(network): pass template variables to tcp inputs pre-compilation 2026-01-19 13:38:40 +03:00
Dogan Can Bakir
615f1d980a Merge branch 'dev' into feat/replace-burpxml-with-utils 2026-01-19 16:36:16 +07:00
Dwi Siswanto
261982203b fix(templates): segfault in workflow parsing with global-matchers templates 
Add nil guard in `parseWorkflowTemplate` to handle
global-matchers templates returning nil,
preventing panic on dereference.

Fixes #6751

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2026-01-19 16:12:41 +07:00
Dwi Siswanto
75e931f17e test(templates): adds Test_ParseWorkflowWithGlobalMatchers test 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2026-01-19 16:12:25 +07:00
dependabot[bot]
9d03817868 chore(deps): bump the modules group with 3 updates (#6772) 
Bumps the modules group with 3 updates: [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck).


Updates `github.com/projectdiscovery/retryablehttp-go` from 1.3.3 to 1.3.4
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.3.3...v1.3.4)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.63 to 0.2.64
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.63...v0.2.64)

Updates `github.com/projectdiscovery/cdncheck` from 1.2.18 to 1.2.19
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.18...v1.2.19)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.64
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.2.19
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-19 06:49:19 +00:00
Nakul Bharti
6cd2749335 fix(utils): santize host when target has host port (#6759) 2026-01-19 12:14:14 +07:00
ayuxsec
bfffb3b7d4 fix(installer): log update summary table to stderr (#6769) 2026-01-19 12:09:19 +07:00
Dogan Can Bakir
1d3a279466 Merge pull request #5972 from meme-lord/multioptions 
allow WithNetworkConfig and WithInteractshOptions to be used by NewThreadSafeNucleiEngineCtx
 2026-01-12 20:07:26 +07:00
Doğan Can Bakır
f549a36740 refactor(burp): replace seh-msft/burpxml with utils package 2026-01-12 15:23:33 +03:00
Mzack9999
e0fdba39e2 Merge pull request #6754 from projectdiscovery/dwisiswant0/ci/govulncheck/workaround-duplicate-SARIF-tags-error 
ci(govulncheck): workaround duplicate SARIF tags error
 2026-01-12 15:19:38 +04:00
dependabot[bot]
a0dbf5e7ec chore(deps): bump the modules group with 5 updates (#6761) 
Bumps the modules group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.5.2` | `0.5.3` |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.3.2` | `1.3.3` |
| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.11` | `0.8.12` |
| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.62` | `0.2.63` |
| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.17` | `1.2.18` |


Updates `github.com/projectdiscovery/fastdialer` from 0.5.2 to 0.5.3
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.5.2...v0.5.3)

Updates `github.com/projectdiscovery/retryablehttp-go` from 1.3.2 to 1.3.3
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.3.2...v1.3.3)

Updates `github.com/projectdiscovery/dsl` from 0.8.11 to 0.8.12
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.11...v0.8.12)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.62 to 0.2.63
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.62...v0.2.63)

Updates `github.com/projectdiscovery/cdncheck` from 1.2.17 to 1.2.18
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.17...v1.2.18)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-version: 0.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/dsl
  dependency-version: 0.8.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.63
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.2.18
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 06:46:37 +00:00
Mzack9999
79d51ffc10 Merge pull request #5786 from projectdiscovery/dwisiswant0/feat/headless/cdp-endpoint-option 
feat(headless): add `cdp-endpoint` option
 2026-01-09 20:12:23 +04:00
Mzack9999
64b4c59545 Merge branch 'dev' into dwisiswant0/feat/headless/cdp-endpoint-option 2026-01-09 17:35:33 +04:00
Mzack9999
108265431c Merge pull request #6589 from projectdiscovery/dwisiswant0/fix/raw/handle-full-URLs-in-unsafe-raw-requests 
fix(raw): handle full URLs in unsafe raw requests
 2026-01-08 18:44:41 +04:00
Mzack9999
a215d7193b Merge pull request #6598 from projectdiscovery/6594_init_exec_id 
init `ExecutionId` in `DefaultOptions` func
 2026-01-08 15:52:57 +04:00
Mzack9999
7b3331d090 fixing test 2026-01-08 14:52:19 +04:00
Mzack9999
942f9f09f5 Merge branch 'dev' into 6594_init_exec_id 2026-01-08 14:13:03 +04:00
Mzack9999
aa16e5e82e Merge pull request #6756 from promalert/dev 
chore: fix some function names in comment
 2026-01-07 16:27:34 +04:00
promalert
221dfcef35 chore: fix some function names in comment 
Signed-off-by: promalert <promalert@outlook.com>
 2026-01-07 14:07:49 +08:00
Dogan Can Bakir
286fc91e83 Merge pull request #6697 from projectdiscovery/dwisiswant0/fix/hosterrorscache/dup-log-spam-for-permanent-errs 
fix(hosterrorscache): dup log spam for permanent errs
 2026-01-06 15:07:28 +07:00
Bahattin Yunus Çetin
826f04e202 docs: add Turkish README & enhance CONTRIBUTING.md (#6740) 2026-01-06 06:56:13 +07:00
Dwi Siswanto
c5365a82f8 ci(govulncheck): workaround duplicate SARIF tags error 
Use `jq` to deduplicate tags in the SARIF file
generated by `govulncheck` before uploading,
preventing validation failures in GitHub Actions.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2026-01-06 06:29:54 +07:00
Mzack9999
915e9dc03f Merge pull request #6748 from projectdiscovery/dwisiswant0/fix/http/race-condition-regression 
fix(http): race condition regression
 2026-01-05 14:01:40 +04:00
dependabot[bot]
20e063e306 chore(deps): bump the modules group with 7 updates (#6749) 
Bumps the modules group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.5.1` | `0.5.2` |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.3.1` | `1.3.2` |
| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.10` | `0.8.11` |
| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.66` | `1.1.67` |
| [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) | `0.0.82` | `0.0.83` |
| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.61` | `0.2.62` |
| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.16` | `1.2.17` |


Updates `github.com/projectdiscovery/fastdialer` from 0.5.1 to 0.5.2
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.5.1...v0.5.2)

Updates `github.com/projectdiscovery/retryablehttp-go` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.3.1...v1.3.2)

Updates `github.com/projectdiscovery/dsl` from 0.8.10 to 0.8.11
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.10...v0.8.11)

Updates `github.com/projectdiscovery/gologger` from 1.1.66 to 1.1.67
- [Release notes](https://github.com/projectdiscovery/gologger/releases)
- [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.66...v1.1.67)

Updates `github.com/projectdiscovery/ratelimit` from 0.0.82 to 0.0.83
- [Release notes](https://github.com/projectdiscovery/ratelimit/releases)
- [Commits](https://github.com/projectdiscovery/ratelimit/compare/v0.0.82...v0.0.83)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.61 to 0.2.62
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.61...v0.2.62)

Updates `github.com/projectdiscovery/cdncheck` from 1.2.16 to 1.2.17
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.16...v1.2.17)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/dsl
  dependency-version: 0.8.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/gologger
  dependency-version: 1.1.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/ratelimit
  dependency-version: 0.0.83
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.62
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.2.17
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-05 05:26:36 +00:00
Dwi Siswanto
46c183ef22 test: add race with delay integration test 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2026-01-03 21:59:43 +07:00
Dwi Siswanto
f7f34e80a1 fix(http): race condition regression 
The `race` condition directive was broken due to
a strict dependency on `threads > 0` for parallel
execution, causing templates with `race` directive
enabled but no explicit threads to fall back to
seq execution.

This regression was introduced in v3.2.0 (#4868),
which restricted parallel execution to only when
`payloads` were present.

Fixes #5713 to allow race conditions even w/o
explicit `payloads`, and add a default thread
count when race is enabled but threads is 0.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2026-01-03 21:58:27 +07:00
Mzack9999
dbeebdaa1d adding telnet login + crypto (#6419) 
* adding telnet login + crypto

* smbauth lib porting + ntlm parsing over telnet

* gen lib

* adding telnet test

* adding breakout after max iterations

* fix(utils): broken pkt creation & impl `Create{LN,NT}Response`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(utils): satisfy lints

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2026-01-02 06:28:46 +07:00
Mzack9999
891dffb4a1 feat(js): adds RSYNC module (#6410) 
* adding min auth support

* adding unauth list modules + auth list files in module

* example

* adding rsync test

* bump go.mod

---------

Co-authored-by: Dwi Siswanto <git@dw1.io>
 2026-01-01 02:02:48 +07:00
Dwi Siswanto
337b4e77aa Merge pull request #6745 from projectdiscovery/release/v3.6.2 
Release v3.6.2
 2026-01-01 01:03:44 +07:00
Dwi Siswanto
63aed75474 chore: bump version v3.6.2 
Signed-off-by: Dwi Siswanto <git@dw1.io>
v3.6.2 		2025-12-31 09:30:28 +07:00
dependabot[bot]
4de2bdb883 chore(deps): bump the modules group with 10 updates (#6741) 
Bumps the modules group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.5.0` | `0.5.1` |
| [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) | `0.0.98` | `0.0.99` |
| [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) | `1.0.111` | `1.0.112` |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.3.0` | `1.3.1` |
| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.9` | `0.8.10` |
| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.65` | `1.1.66` |
| [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.32` | `0.1.33` |
| [github.com/projectdiscovery/useragent](https://github.com/projectdiscovery/useragent) | `0.0.105` | `0.0.106` |
| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.60` | `0.2.61` |
| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.15` | `1.2.16` |


Updates `github.com/projectdiscovery/fastdialer` from 0.5.0 to 0.5.1
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.5.0...v0.5.1)

Updates `github.com/projectdiscovery/hmap` from 0.0.98 to 0.0.99
- [Release notes](https://github.com/projectdiscovery/hmap/releases)
- [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.98...v0.0.99)

Updates `github.com/projectdiscovery/retryabledns` from 1.0.111 to 1.0.112
- [Release notes](https://github.com/projectdiscovery/retryabledns/releases)
- [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.111...v1.0.112)

Updates `github.com/projectdiscovery/retryablehttp-go` from 1.3.0 to 1.3.1
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.3.0...v1.3.1)

Updates `github.com/projectdiscovery/dsl` from 0.8.9 to 0.8.10
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.9...v0.8.10)

Updates `github.com/projectdiscovery/gologger` from 1.1.65 to 1.1.66
- [Release notes](https://github.com/projectdiscovery/gologger/releases)
- [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.65...v1.1.66)

Updates `github.com/projectdiscovery/networkpolicy` from 0.1.32 to 0.1.33
- [Release notes](https://github.com/projectdiscovery/networkpolicy/releases)
- [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.32...v0.1.33)

Updates `github.com/projectdiscovery/useragent` from 0.0.105 to 0.0.106
- [Release notes](https://github.com/projectdiscovery/useragent/releases)
- [Commits](https://github.com/projectdiscovery/useragent/compare/v0.0.105...v0.0.106)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.60 to 0.2.61
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.60...v0.2.61)

Updates `github.com/projectdiscovery/cdncheck` from 1.2.15 to 1.2.16
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.15...v1.2.16)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-version: 0.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/hmap
  dependency-version: 0.0.99
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryabledns
  dependency-version: 1.0.112
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/dsl
  dependency-version: 0.8.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/gologger
  dependency-version: 1.1.66
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/networkpolicy
  dependency-version: 0.1.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/useragent
  dependency-version: 0.0.106
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.61
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.2.16
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-31 09:18:45 +07:00
dependabot[bot]
02434b5537 chore(deps): bump actions/download-artifact in the workflows group (#6742) 
Bumps the workflows group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/download-artifact` from 6 to 7
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: workflows
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-31 02:13:42 +00:00
Dwi Siswanto
1eaecb633a ci(compat-checks): use stable go-version (#6743) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-31 08:04:21 +07:00
Mzack9999
2d3168b79f Merge pull request #6735 from projectdiscovery/dwisiswant0/fix/js/mysql-panic-due-to-missing-executionId-in-ctx 
fix(js): mysql panic due to missing `executionId` in ctx
 2025-12-29 11:34:36 +04:00
Mzack9999
880898f312 Merge pull request #6739 from projectdiscovery/dwisiswant0/fix/flow/segfault-in-hasMatchers 
fix(flow): segfault in `hasMatchers`
 2025-12-29 11:33:39 +04:00
Mzack9999
5500ceb877 Merge branch 'dev' into dwisiswant0/fix/flow/segfault-in-hasMatchers 2025-12-29 11:33:01 +04:00
Mzack9999
05ff121b76 Merge branch 'dev' into dwisiswant0/fix/js/mysql-panic-due-to-missing-executionId-in-ctx 2025-12-29 11:13:47 +04:00
Mzack9999
73ad95068c Merge pull request #6737 from projectdiscovery/dwisiswant0/ci/tests/use-stable-go-version-for-release-test 
ci(tests): use stable go-version for release test
 2025-12-29 01:11:21 +04:00
Dwi Siswanto
592b689b15 Revert "chore(flow): disable global recover handler" 
This reverts commit 0d4edc7841.
 2025-12-26 14:24:47 +07:00