nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2026-01-31 15:53:10 +08:00

Author	SHA1	Message	Date
曹家巧	4ff80784ae	refactor: use the built-in max/min to simplify the code (#6272 ) Signed-off-by: xiaoxiangirl <caojiaqiao@outlook.com>	2025-06-24 05:49:06 +05:30
Dwi Siswanto	695a7520b9	fix(headless): incorrect last navigated URL (#6278 ) * chore(headless): uses `maps.Copy` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(headless): implements update last navigated URL for `ActionNavigate`, `WaitPageLifecycleEvent`, and `WaitStable` based on latest navigation URL. Signed-off-by: Dwi Siswanto <git@dw1.io> * Update pkg/protocols/headless/engine/page.go --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-06-24 05:32:18 +05:30
Nakul Bharti	c242b112cc	fixed hex dump issue (#6273 )	2025-06-19 20:07:59 +05:30
Dogan Can Bakir	6cc9c2e9e8	Merge pull request #6271 from projectdiscovery/log-improvement fixed log level mismatch	2025-06-18 15:05:41 +03:00
knakul853	aba8c47e10	fixed log level mismatch	2025-06-17 17:02:57 +05:30
sandeep	5af6feb889	version update	2025-06-17 05:12:02 +05:30
Eric Gruber	b95b04fc4d	feat: add EnableMatcherStatus function to configure matcher status in NucleiEngine (#6191 )	2025-06-17 05:08:01 +05:30
Dwi Siswanto	61bcf0f10e	feat(headless): store responses (#6247 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-06-17 05:00:31 +05:30
Dwi Siswanto	a326f3925c	fix(tmplexec): memory blowup in multiproto (#6258 ) * bugfix: fix memory blowup using previousEvent for multi-proto execution * refactor(tmplexec): uses supported protocol types Signed-off-by: Dwi Siswanto <git@dw1.io> * add co-author Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com> Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(tmplexec): mv builder inside loop scope Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(tmplexec): skip existing keys in `FillPreviousEvent` The `FillPreviousEvent` func was modified to prevent overwriting/duplicating entries in the previous map. It now checks if a key `k` from `event.InternalEvent` already exists in the previous map. If it does, the key is skipped. This ensures that if `k` was already set (potentially w/o a prefix), it's not re-added with an `ID_` prefix. Additionally, keys in `event.InternalEvent` that already start with the current `ID_` prefix are also skipped to avoid redundant prefixing. This change simplifies the logic by removing the `reqTypeWithIndexRegex` and directly addresses the potential for duplicate / incorrectly prefixed keys when `event.InternalEvent` grows during protocol request execution. Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(tmplexec): naming convention, `ID` => `protoID` Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(tmplexec): it's request ID lol sorry Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>	2025-06-17 04:53:32 +05:30
Dwi Siswanto	797ceb57db	fix(authx): JSON unmarshalling for Dynamic auth type (#6268 ) * fix(authx): JSON unmarshalling for Dynamic auth type Correcting the `UnmarshalJSON` method to properly unmarshal JSON, particularlyaddressing the population of the embedded `Secret` field. This was achieved by using a type alias to avoid recursive calls and rely on default unmarshalling behavior. Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(authx): adds nil Dynamic struct check Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-06-17 04:48:05 +05:30
Shubham Rasal	f89a6d33e9	Use proxy for dns and ssl templates (#6255 ) * Use proxy for dns and ssl templates - while using template execute level function we need to override custom dialer * rename overridedialer to customdialer * Add proxy into hash - proxy client is shared between non proxy requests * add dialer into request object - use request.dialer instead of global variable * resolve comments * rename dialer	2025-06-16 22:24:52 +05:30
sandeep	fc6d5a7773	improved logging	2025-06-16 20:06:17 +05:30
Dogan Can Bakir	a4859df5e9	Merge pull request #6243 from tongjicoder/dev refactor: use slices.Contains to simplify code	2025-05-27 15:48:20 +03:00
Dogan Can Bakir	85c709ea22	Merge pull request #6245 from projectdiscovery/bump_dsl_pkg bump dsl pkg	2025-05-27 15:44:39 +03:00
Doğan Can Bakır	ec353f534c	bump dsl pkg	2025-05-27 21:42:33 +09:00
tongjicoder	3be29abfc9	refactor: use slices.Contains to simplify code Signed-off-by: tongjicoder <tongjicoder@icloud.com>	2025-05-27 17:16:26 +08:00
Reynaldo Jarro	8a13639b62	fixing missing symbol (#6242 )	2025-05-27 14:32:25 +05:30
Dogan Can Bakir	37fa0c69ec	Merge pull request #6206 from 23kbps/dev Fix ingress template in helm chart	2025-05-24 16:31:49 +03:00
Dogan Can Bakir	160eab998c	Merge pull request #6222 from fourcube/fix/slow-headless-start-and-shutdown fix: improve headless engine startup and shutdown	2025-05-19 16:42:38 +03:00
Dogan Can Bakir	9dce36a0c8	Merge pull request #6233 from projectdiscovery/dwisiswant0/ci/adds-stale-workflow ci: adds stale workflow	2025-05-19 16:13:09 +03:00
Nakul Bharti	242b1e1636	increase file descriptor limits (#6230 ) * add missing file * increase file descriptor limit * removed debugging code * fixed lower case * test: tweaks on script * uses CI runtime env vars (`RUNNER_OS` & `RUNNER_DEBUG`) * restores originial `ulimit` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2025-05-18 20:09:41 +05:30
Dwi Siswanto	21d376f194	ci: adds stale workflow Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-05-18 19:46:14 +07:00
Dwi Siswanto	3957237199	fix(openapi): handles nil schema & schema values (#6228 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-05-17 00:46:41 +05:30
Dogan Can Bakir	40e29f1095	Merge pull request #6226 from heywoodlh/docker-golang-bump bump golang in dockerfile: 1.22 => 1.23	2025-05-15 17:51:24 +03:00
Doğan Can Bakır	ebab60f9cd	Revert "update dockerfile golang version" This reverts commit `740a3732af`.	2025-05-15 21:48:45 +07:00
Doğan Can Bakır	740a3732af	update dockerfile golang version	2025-05-15 21:46:06 +07:00
Spencer Heywood	ef05aac4e5	bump golang in dockerfile: 1.22 => 1.23	2025-05-15 08:40:27 -06:00
Doğan Can Bakır	2c1cd27e2c	update version	2025-05-15 19:42:20 +07:00
circleous	b03c30418b	fix: fallback set SNI to host if not specified when using socks proxy (#6218 )	2025-05-15 16:46:49 +05:30
proabiral	44e58f1d3b	Update README.md with new required go version (#6223 ) latest version of nuclei requires 1.23. 2.023 go: github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest: github.com/projectdiscovery/nuclei/v3@v3.4.3 requires go >= 1.23.0 (running go 1.22.2; GOTOOLCHAIN=local)	2025-05-15 15:43:11 +05:30
Chris Grieger	bc551fc3f1	fix: improve headless engine startup and shutdown Fixes #6221 Instead of enumerating all chrome processes to determine which ones need to be killed on shutdown, use the launcher.Kill() method to terminate the process that was launched for this browser instance.	2025-05-14 16:14:21 +02:00
dependabot[bot]	f52ffad5a8	Merge pull request #6215 from projectdiscovery/dependabot/go_modules/dev/modules-af626aeeeb	2025-05-14 04:04:49 +00:00
dependabot[bot]	36a3dab264	chore(deps): bump the modules group with 3 updates Bumps the modules group with 3 updates: [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy). Updates `github.com/projectdiscovery/utils` from 0.4.18 to 0.4.19 - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](https://github.com/projectdiscovery/utils/compare/v0.4.18...v0.4.19) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.27 to 0.2.28 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.27...v0.2.28) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.13 to 0.1.14 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.13...v0.1.14) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/utils dependency-version: 0.4.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.28 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-12 05:10:38 +00:00
sandeep	6d25a5c8ca	version update	2025-05-08 19:02:47 +05:30
dependabot[bot]	3bb44d588f	chore(deps): bump the modules group with 4 updates (#6207 ) Bumps the modules group with 4 updates: [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go), [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck). Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.110 to 1.0.111 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.110...v1.0.111) Updates `github.com/projectdiscovery/gologger` from 1.1.53 to 1.1.54 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.53...v1.1.54) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.25 to 0.2.27 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.25...v0.2.27) Updates `github.com/projectdiscovery/cdncheck` from 1.1.15 to 1.1.17 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.15...v1.1.17) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.111 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.54 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.27 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.1.17 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-07 18:04:33 +05:30
Sandeep Singh	4801cc65ef	feat: fixed max-host-error blocking + progress mismatch + misc (#6193 ) * feat: fixed max-host-error blocking wrong port for template with error * feat: log total results with time taken at end of execution * bugfix: skip non-executed requests with progress in flow protocol * feat: fixed request calculation in http protocol for progress * misc adjustments --------- Co-authored-by: Ice3man <nizamulrana@gmail.com>	2025-05-07 17:22:15 +05:30
23kbps	a7a009084c	Fix ingress template in helm chart	2025-05-03 15:28:18 +07:00
Mzack9999	b9d0f2585f	Merge pull request #6200 from projectdiscovery/msssql-exec-query-support feat: added support to mssql for execute query	2025-05-01 23:19:03 +02:00
Mzack9999	088425d351	adding mssql check	2025-05-01 22:44:29 +02:00
pussycat0x	cbf57ef889	Update ldap.go (#6202 )	2025-04-30 14:10:44 +05:30
Ice3man	b14e634047	feat: added support to mssql for execute query	2025-04-28 18:56:35 +05:30
Dogan Can Bakir	c4c1496ef8	print verbose output in case of -duc (#6195 ) * print verbose output in case of -duc * minor	2025-04-28 17:04:33 +05:30
dependabot[bot]	d8b7c64817	Merge pull request #6198 from projectdiscovery/dependabot/go_modules/dev/modules-30398bd4ba	2025-04-28 05:16:24 +00:00
ghost	57050efee9	chore(deps): go mod tidy	2025-04-28 05:10:42 +00:00
dependabot[bot]	c00dbe06aa	chore(deps): bump the modules group across 1 directory with 12 updates Bumps the modules group with 8 updates in the / directory: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) \| `0.0.87` \| `0.0.88` \| \| [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) \| `1.0.98` \| `1.0.99` \| \| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) \| `1.0.108` \| `1.0.110` \| \| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) \| `0.4.0` \| `0.4.2` \| \| [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) \| `1.6.10` \| `1.7.0` \| \| [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) \| `0.0.79` \| `0.0.80` \| \| [github.com/projectdiscovery/useragent](https://github.com/projectdiscovery/useragent) \| `0.0.99` \| `0.0.100` \| \| [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) \| `0.1.12` \| `0.1.13` \| Updates `github.com/projectdiscovery/hmap` from 0.0.87 to 0.0.88 - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.87...v0.0.88) Updates `github.com/projectdiscovery/retryabledns` from 1.0.98 to 1.0.99 - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.98...v1.0.99) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.108 to 1.0.110 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.108...v1.0.110) Updates `github.com/projectdiscovery/dsl` from 0.4.0 to 0.4.2 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.4.0...v0.4.2) Updates `github.com/projectdiscovery/gologger` from 1.1.52 to 1.1.53 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.52...v1.1.53) Updates `github.com/projectdiscovery/httpx` from 1.6.10 to 1.7.0 - [Release notes](https://github.com/projectdiscovery/httpx/releases) - [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml) - [Commits](https://github.com/projectdiscovery/httpx/compare/v1.6.10...v1.7.0) Updates `github.com/projectdiscovery/ratelimit` from 0.0.79 to 0.0.80 - [Release notes](https://github.com/projectdiscovery/ratelimit/releases) - [Commits](https://github.com/projectdiscovery/ratelimit/compare/v0.0.79...v0.0.80) Updates `github.com/projectdiscovery/useragent` from 0.0.99 to 0.0.100 - [Release notes](https://github.com/projectdiscovery/useragent/releases) - [Commits](https://github.com/projectdiscovery/useragent/compare/v0.0.99...v0.0.100) Updates `github.com/projectdiscovery/utils` from 0.4.17 to 0.4.18 - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](https://github.com/projectdiscovery/utils/compare/v0.4.17...v0.4.18) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.24 to 0.2.25 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.24...v0.2.25) Updates `github.com/projectdiscovery/cdncheck` from 1.1.14 to 1.1.15 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.14...v1.1.15) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.12 to 0.1.13 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.12...v0.1.13) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/hmap dependency-version: 0.0.88 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryabledns dependency-version: 1.0.99 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.110 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.53 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/httpx dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/ratelimit dependency-version: 0.0.80 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/useragent dependency-version: 0.0.100 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/utils dependency-version: 0.4.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.25 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.1.15 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-28 05:07:38 +00:00
Dogan Can Bakir	24311cc28e	Merge pull request #6186 from projectdiscovery/dwisiswant0/chore/bump-echo-framework chore: bump echo framework	2025-04-22 11:07:22 +03:00
Mehran Seifalinia	d0e289ea3d	Fix incorrect usage of os.MkdirTemp pattern and redundant redefinition of defaultOpts (#6183 ) * Fix incorrect usage of os.MkdirTemp pattern - Replaced the incorrect pattern "nuclei-nvd-%s" with a correct one "nuclei-nvd" in the os.MkdirTemp function call. NOTE: The incorrect usage of %s in os.MkdirTemp caused it to be ignored, leading to potential issues with naming conventions for temporary directories and confusion in directory structure. The original function attempted to use string interpolation in a context where Go doesn't support it in os.MkdirTemp, which could result in unexpected behavior or errors when the directory name is processed. * Removed redundant redefinition of defaultOpts in init() - Redefining defaultOpts inside init() could lead to confusion, as it hides the global variable, causing the changes to be applied only within the init() scope and potentially causing unexpected behavior in other parts of the program.	2025-04-21 18:18:14 +05:30
Dwi Siswanto	0022bcbdf9	chore: bump echo framework Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-04-21 08:49:57 +07:00
Dogan Can Bakir	ffb0a92216	Merge pull request #6088 from projectdiscovery/fix_interactsh_for_js fix unresolved `interactsh-url` for js templates	2025-04-17 11:03:32 +03:00
Mzack9999	41bd74ba96	Merge pull request #6167 from Marmelatze/offlinehttp-extractor fix: default offlinehttp extractor without part to body like requests	2025-04-14 16:25:42 +02:00

1 2 3 4 5 ...

5670 Commits