admin/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2026-01-31 15:53:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,053 Commits 54 Branches 141 Tags
826f04e2028b8efa1368862014cd527ca8f534af
Commit Graph

6053 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bahattin Yunus Çetin
826f04e202 docs: add Turkish README & enhance CONTRIBUTING.md (#6740) 2026-01-06 06:56:13 +07:00
Mzack9999
915e9dc03f Merge pull request #6748 from projectdiscovery/dwisiswant0/fix/http/race-condition-regression 
fix(http): race condition regression
 2026-01-05 14:01:40 +04:00
dependabot[bot]
20e063e306 chore(deps): bump the modules group with 7 updates (#6749) 
Bumps the modules group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.5.1` | `0.5.2` |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.3.1` | `1.3.2` |
| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.10` | `0.8.11` |
| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.66` | `1.1.67` |
| [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) | `0.0.82` | `0.0.83` |
| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.61` | `0.2.62` |
| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.16` | `1.2.17` |


Updates `github.com/projectdiscovery/fastdialer` from 0.5.1 to 0.5.2
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.5.1...v0.5.2)

Updates `github.com/projectdiscovery/retryablehttp-go` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.3.1...v1.3.2)

Updates `github.com/projectdiscovery/dsl` from 0.8.10 to 0.8.11
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.10...v0.8.11)

Updates `github.com/projectdiscovery/gologger` from 1.1.66 to 1.1.67
- [Release notes](https://github.com/projectdiscovery/gologger/releases)
- [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.66...v1.1.67)

Updates `github.com/projectdiscovery/ratelimit` from 0.0.82 to 0.0.83
- [Release notes](https://github.com/projectdiscovery/ratelimit/releases)
- [Commits](https://github.com/projectdiscovery/ratelimit/compare/v0.0.82...v0.0.83)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.61 to 0.2.62
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.61...v0.2.62)

Updates `github.com/projectdiscovery/cdncheck` from 1.2.16 to 1.2.17
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.16...v1.2.17)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/dsl
  dependency-version: 0.8.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/gologger
  dependency-version: 1.1.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/ratelimit
  dependency-version: 0.0.83
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.62
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.2.17
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-05 05:26:36 +00:00
Dwi Siswanto
46c183ef22 test: add race with delay integration test 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2026-01-03 21:59:43 +07:00
Dwi Siswanto
f7f34e80a1 fix(http): race condition regression 
The `race` condition directive was broken due to
a strict dependency on `threads > 0` for parallel
execution, causing templates with `race` directive
enabled but no explicit threads to fall back to
seq execution.

This regression was introduced in v3.2.0 (#4868),
which restricted parallel execution to only when
`payloads` were present.

Fixes #5713 to allow race conditions even w/o
explicit `payloads`, and add a default thread
count when race is enabled but threads is 0.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2026-01-03 21:58:27 +07:00
Mzack9999
dbeebdaa1d adding telnet login + crypto (#6419) 
* adding telnet login + crypto

* smbauth lib porting + ntlm parsing over telnet

* gen lib

* adding telnet test

* adding breakout after max iterations

* fix(utils): broken pkt creation & impl `Create{LN,NT}Response`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(utils): satisfy lints

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2026-01-02 06:28:46 +07:00
Mzack9999
891dffb4a1 feat(js): adds RSYNC module (#6410) 
* adding min auth support

* adding unauth list modules + auth list files in module

* example

* adding rsync test

* bump go.mod

---------

Co-authored-by: Dwi Siswanto <git@dw1.io>
 2026-01-01 02:02:48 +07:00
Dwi Siswanto
63aed75474 chore: bump version v3.6.2 
Signed-off-by: Dwi Siswanto <git@dw1.io>
v3.6.2 		2025-12-31 09:30:28 +07:00
dependabot[bot]
4de2bdb883 chore(deps): bump the modules group with 10 updates (#6741) 
Bumps the modules group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.5.0` | `0.5.1` |
| [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) | `0.0.98` | `0.0.99` |
| [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) | `1.0.111` | `1.0.112` |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.3.0` | `1.3.1` |
| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.9` | `0.8.10` |
| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.65` | `1.1.66` |
| [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.32` | `0.1.33` |
| [github.com/projectdiscovery/useragent](https://github.com/projectdiscovery/useragent) | `0.0.105` | `0.0.106` |
| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.60` | `0.2.61` |
| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.15` | `1.2.16` |


Updates `github.com/projectdiscovery/fastdialer` from 0.5.0 to 0.5.1
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.5.0...v0.5.1)

Updates `github.com/projectdiscovery/hmap` from 0.0.98 to 0.0.99
- [Release notes](https://github.com/projectdiscovery/hmap/releases)
- [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.98...v0.0.99)

Updates `github.com/projectdiscovery/retryabledns` from 1.0.111 to 1.0.112
- [Release notes](https://github.com/projectdiscovery/retryabledns/releases)
- [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.111...v1.0.112)

Updates `github.com/projectdiscovery/retryablehttp-go` from 1.3.0 to 1.3.1
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.3.0...v1.3.1)

Updates `github.com/projectdiscovery/dsl` from 0.8.9 to 0.8.10
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.9...v0.8.10)

Updates `github.com/projectdiscovery/gologger` from 1.1.65 to 1.1.66
- [Release notes](https://github.com/projectdiscovery/gologger/releases)
- [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.65...v1.1.66)

Updates `github.com/projectdiscovery/networkpolicy` from 0.1.32 to 0.1.33
- [Release notes](https://github.com/projectdiscovery/networkpolicy/releases)
- [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.32...v0.1.33)

Updates `github.com/projectdiscovery/useragent` from 0.0.105 to 0.0.106
- [Release notes](https://github.com/projectdiscovery/useragent/releases)
- [Commits](https://github.com/projectdiscovery/useragent/compare/v0.0.105...v0.0.106)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.60 to 0.2.61
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.60...v0.2.61)

Updates `github.com/projectdiscovery/cdncheck` from 1.2.15 to 1.2.16
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.15...v1.2.16)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-version: 0.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/hmap
  dependency-version: 0.0.99
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryabledns
  dependency-version: 1.0.112
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/dsl
  dependency-version: 0.8.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/gologger
  dependency-version: 1.1.66
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/networkpolicy
  dependency-version: 0.1.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/useragent
  dependency-version: 0.0.106
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.61
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.2.16
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-31 09:18:45 +07:00
dependabot[bot]
02434b5537 chore(deps): bump actions/download-artifact in the workflows group (#6742) 
Bumps the workflows group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/download-artifact` from 6 to 7
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: workflows
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-31 02:13:42 +00:00
Dwi Siswanto
1eaecb633a ci(compat-checks): use stable go-version (#6743) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-31 08:04:21 +07:00
Mzack9999
2d3168b79f Merge pull request #6735 from projectdiscovery/dwisiswant0/fix/js/mysql-panic-due-to-missing-executionId-in-ctx 
fix(js): mysql panic due to missing `executionId` in ctx
 2025-12-29 11:34:36 +04:00
Mzack9999
880898f312 Merge pull request #6739 from projectdiscovery/dwisiswant0/fix/flow/segfault-in-hasMatchers 
fix(flow): segfault in `hasMatchers`
 2025-12-29 11:33:39 +04:00
Mzack9999
5500ceb877 Merge branch 'dev' into dwisiswant0/fix/flow/segfault-in-hasMatchers 2025-12-29 11:33:01 +04:00
Mzack9999
05ff121b76 Merge branch 'dev' into dwisiswant0/fix/js/mysql-panic-due-to-missing-executionId-in-ctx 2025-12-29 11:13:47 +04:00
Mzack9999
73ad95068c Merge pull request #6737 from projectdiscovery/dwisiswant0/ci/tests/use-stable-go-version-for-release-test 
ci(tests): use stable go-version for release test
 2025-12-29 01:11:21 +04:00
Dwi Siswanto
592b689b15 Revert "chore(flow): disable global recover handler" 
This reverts commit 0d4edc7841.
 2025-12-26 14:24:47 +07:00
Dwi Siswanto
22b64b6702 fix(flow): segfault in hasMatchers 
`hasMatchers` was not nil-safe when iterating over
the slice of operators. Check if the operator is
nil before accessing
`*operators.Operators.Matchers` to prevent a panic
when a protocol implementation returns a slice
containing a nil element.

This can happen when a request has no local
matchers/extractors but is processed in a flow
where global matchers are present.

Fixes #6738.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-26 14:22:48 +07:00
Dwi Siswanto
8b3485abff test(flow): add util tests 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-26 14:11:43 +07:00
Dwi Siswanto
0d4edc7841 chore(flow): disable global recover handler 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-26 13:49:00 +07:00
Dwi Siswanto
496a71aea1 ci(tests): use stable go-version for release test 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-26 06:33:23 +07:00
Dwi Siswanto
49309b4ac8 chore(js): no staticcheck lint 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-26 06:06:47 +07:00
Dwi Siswanto
22469bdc2f chore(js): update memoized functions 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-26 01:08:06 +07:00
Dwi Siswanto
12176d67a9 test(javascript): add mysql-connect integration test 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-26 01:08:00 +07:00
Dwi Siswanto
0eb87c2621 fix(js): mysql panic due to missing executionId in ctx 
The `connectWithDSN` func used `db.Exec()` which
implicitly uses `context.Background()`[1]. This
caused the registered "nucleitcp" dialer
callback to receive a ctx missing the
`executionId`, leading to a panic during type
assertion.

Refactor `connectWithDSN` to accept `executionId`
explicitly and use it to create a `context` for
`db.PingContext()` (yeah, instead of `db.Exec()`).
And, add a defensive check in the dialer callback
to handle nil values gracefully.

Fixes #6733 regression introduced in #6296.

[1]: "Exec uses `context.Background` internally" -
     https://pkg.go.dev/database/sql#DB.Exec.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-25 17:16:49 +07:00
Dwi Siswanto
78e90e300d ci: refactor workflows (#6728) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-25 02:35:44 +07:00
Mzack9999
5d79201299 fix(js): incorrect postgres exec call signature (#6731) 
Make sure postgres Exec/ExecContext are invoked with the correct
argument order, preventing context from being passed as the query.

* fixing pg syntax

* adding test
 2025-12-24 03:20:50 +07:00
dependabot[bot]
3fdc06bce3 chore(deps): bump the modules group with 6 updates 
Bumps the modules group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.20` | `0.5.0` |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.1.1` | `1.3.0` |
| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.8` | `0.8.9` |
| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.64` | `1.1.65` |
| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.59` | `0.2.60` |
| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.14` | `1.2.15` |


Updates `github.com/projectdiscovery/fastdialer` from 0.4.20 to 0.5.0
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.20...v0.5.0)

Updates `github.com/projectdiscovery/retryablehttp-go` from 1.1.1 to 1.3.0
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.1.1...v1.3.0)

Updates `github.com/projectdiscovery/dsl` from 0.8.8 to 0.8.9
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.8...v0.8.9)

Updates `github.com/projectdiscovery/gologger` from 1.1.64 to 1.1.65
- [Release notes](https://github.com/projectdiscovery/gologger/releases)
- [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.64...v1.1.65)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.59 to 0.2.60
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.59...v0.2.60)

Updates `github.com/projectdiscovery/cdncheck` from 1.2.14 to 1.2.15
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.14...v1.2.15)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/dsl
  dependency-version: 0.8.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/gologger
  dependency-version: 1.1.65
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.60
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.2.15
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-22 13:24:19 +00:00
Mzack9999
329a891069 test: add pwsh integration test (#6724) 
* adding pwsh tests

* chore(cmd): rm template

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2025-12-22 01:41:40 +07:00
Mzack9999
c8c9967e18 Merge pull request #6723 from projectdiscovery/dwisiswant0/chore/deps/bump-utils-v0-8-0 
chore(deps): bump projectdiscovery/utils@v0.8.0 to fix deadlock in `*httputil.ResponseChain`
 2025-12-19 23:10:53 +04:00
Mzack9999
d19c364e38 Merge pull request #6718 from projectdiscovery/dwisiswant0/perf/generators/optimize-MergeMaps-to-reduce-allocs 
perf(generators): optimize `MergeMaps` to reduce allocs
 2025-12-19 23:10:22 +04:00
Dwi Siswanto
0c125e2224 test(generators): update maps & options benchmarks 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-20 01:02:16 +07:00
Dwi Siswanto
0ab06cc4bf test: add maps, options, variables bench 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-20 00:56:07 +07:00
Dwi Siswanto
7945b8591c chore(deps): bump projectdiscovery/utils@v0.8.0 to fix deadlock in *httputil.ResponseChain 
Fixes #6720.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-20 00:16:01 +07:00
Dogan Can Bakir
664a01ee78 Merge pull request #6673 from projectdiscovery/dwisiswant0/chore/update-issue-and-pr-templates 
chore: update issue & PR templates
 2025-12-19 21:41:46 +07:00
Dwi Siswanto
bb79a061bc perf(generators): optimize MergeMaps to reduce allocs 
`MergeMaps` accounts for 11.41% of allocs (13.8
GB) in clusterbomb mode. With 1,305 combinations
per target, this function is called millions of
times in the hot path.

RCA:
* Request generator calls `MergeMaps` with single
  arg on every payload combination, incurring
  variadic overhead.
* Build request merges same maps multiple times
  per request.
* `BuildPayloadFromOptions` recomputes static CLI
  options on every call.
* Variables calls `MergeMaps` $$2×N$$ times per
  variable evaluation (once in loop, once in
  `evaluateVariableValue`)

Changes:

Core optimizations in maps.go:
* Pre-size merged map to avoid rehashing (30-40%
  reduction)
* Add `CopyMap` for efficient single-map copy
  without variadic overhead.
* Add `MergeMapsInto` for in-place mutation when
  caller owns destination.

Hot path fixes:
* Replace `MergeMaps(r.currentPayloads)` with
  `CopyMap(r.currentPayloads)` to eliminates
  allocation on every combination iteration.
* Pre-allocate combined map once, extend in-place
  during `ForEach` loop instead of creating new
  map per variable (eliminates $$2×N$$ allocations
  per request).

Caching with concurrency safety:
* Cache `BuildPayloadFromOptions` computation in
  `sync.Map` keyed by `types.Options` ptr, but
  return copy to prevent concurrent modification.
* Cost: shallow copy of ~10-20 entries vs. full
  merge of vars + env (85-90% savings in typical
  case)
* Clear cache in `closeInternal()` to prevent
  memory leaks when SDK instances are created or
  destroyed.

Estimated impact: 40-60% reduction in `MergeMaps`
allocations (5.5-8.3 GB savings from original
13.8 GB). Safe for concurrent execution and SDK
usage with multiple instances.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-19 20:19:43 +07:00
Ice3man
d48c2c38fa feat(trackers): add site-url to optionally provide jira server URL for oauth (#6716) 
* feat: add site-url to optionally provide jira server URL for oauth

* chore(cmd): add `site-url` config option

Adds optional `site-url` field to JIRA issue
tracker configuration for specifying browsable URL
when it differs from the API endpoint. This is
particularly useful for OAuth-based JIRA Cloud
integrations where `issue.Self` contains
"api.atlassian.com" instead of the user-facing
domain.

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2025-12-18 23:47:45 +07:00
Dwi Siswanto
e25279255a chore: update bug report template 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-18 23:09:51 +07:00
Mzack9999
c80ac99a34 Merge pull request #6713 from projectdiscovery/dwisiswant0/feat/enable-TLS-session-cache-for-client-pool 
feat: enable TLS session cache for client pool
 2025-12-18 14:00:58 +04:00
Mzack9999
2d4459d050 Merge pull request #6712 from projectdiscovery/dwisiswant0/fix/trackers/add-gitlab-paginated-dup-issue-search 
fix(trackers): add gitlab paginated dup issue search
 2025-12-18 13:55:59 +04:00
Dwi Siswanto
e3d32584ff feat: enable TLS session cache for client pool 
This patch enables TLS session resumption by
setting a shared LRU session cache
(`ClientSessionCache`) in all HTTP client TLS
configs. This reduces handshake overhead and CPU
usage for repeated conns to the same host,
improving throughput and efficiency in
clusterbomb/pitchfork modes.

This applied to HTTP-request-based and headless-
request-based protocols.

No runtime/compatibility impact.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-18 05:39:02 +07:00
Dwi Siswanto
39a07ca15e fix(trackers): add gitlab paginated dup issue search 
with configurable limits

This patch fixes duplicate issue detection for
GitLab trackers by implementing paginated search
with configurable page size and max pages. Adds
`duplicate-issue-page-size` and
`duplicate-issue-max-pages` options to the config.

Fixes #6711.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-18 00:29:38 +07:00
Leon Jacobs
a7df69749e fix(trackers): paginate gitea to find all issues when searching for duplicates (#6707) 
* (fix) paginate to find all issues when searching for duplicates

* (feat) add configurable limits for perpage and total pages
 2025-12-18 00:26:19 +07:00
Dwi Siswanto
746a05dac5 fix(javascript): restore exec for templates w/o Port arg (#6709) 
Restore backwards compat for JavaScript protocol
templates that omit the `Port` argument.
Regression was introduced in f4f2e9f2, which
removed the fallback for empty `Port` in
`(*Request).ExecuteWithResults`, causing templates
without `Port` to be silently skipped.

Now, if no `Port` is specified, the engine
executes the JavaScript block using the target
URL's port.

Fixes #6708.

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-17 22:07:14 +07:00
Dwi Siswanto
b3706070ab chore: bump version v3.6.1 
Signed-off-by: Dwi Siswanto <git@dw1.io>
v3.6.1 		2025-12-16 03:41:05 +07:00
dependabot[bot]
755c9785b1 chore(deps): bump the modules group with 7 updates (#6698) 
Bumps the modules group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.1.0` | `1.1.1` |
| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.7` | `0.8.8` |
| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.63` | `1.1.64` |
| [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) | `1.7.3` | `1.7.4` |
| [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.31` | `0.1.32` |
| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.58` | `0.2.59` |
| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.13` | `1.2.14` |


Updates `github.com/projectdiscovery/retryablehttp-go` from 1.1.0 to 1.1.1
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.1.0...v1.1.1)

Updates `github.com/projectdiscovery/dsl` from 0.8.7 to 0.8.8
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.7...v0.8.8)

Updates `github.com/projectdiscovery/gologger` from 1.1.63 to 1.1.64
- [Release notes](https://github.com/projectdiscovery/gologger/releases)
- [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.63...v1.1.64)

Updates `github.com/projectdiscovery/httpx` from 1.7.3 to 1.7.4
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Commits](https://github.com/projectdiscovery/httpx/compare/v1.7.3...v1.7.4)

Updates `github.com/projectdiscovery/networkpolicy` from 0.1.31 to 0.1.32
- [Release notes](https://github.com/projectdiscovery/networkpolicy/releases)
- [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.31...v0.1.32)

Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.58 to 0.2.59
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.58...v0.2.59)

Updates `github.com/projectdiscovery/cdncheck` from 1.2.13 to 1.2.14
- [Release notes](https://github.com/projectdiscovery/cdncheck/releases)
- [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.13...v1.2.14)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-version: 1.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/dsl
  dependency-version: 0.8.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/gologger
  dependency-version: 1.1.64
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/httpx
  dependency-version: 1.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/networkpolicy
  dependency-version: 0.1.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-version: 0.2.59
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: modules
- dependency-name: github.com/projectdiscovery/cdncheck
  dependency-version: 1.2.14
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-15 19:08:08 +07:00
Mzack9999
c73906b405 Merge pull request #6691 from stringscut/dev 
chore: execute goimports to format the code
 2025-12-15 14:37:56 +04:00
Mzack9999
8891d70d42 Merge pull request #6687 from projectdiscovery/dwisiswant0/fix/headless/data-race-when-reading-page-history 
fix(headless): data race when reading page history
 2025-12-15 13:13:23 +04:00
dependabot[bot]
ebfd2f2992 chore(deps): bump the workflows group with 2 updates 
Bumps the workflows group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/cache](https://github.com/actions/cache).


Updates `actions/upload-artifact` from 5 to 6
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

Updates `actions/cache` from 4 to 5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: workflows
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: workflows
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 09:12:12 +00:00
Dwi Siswanto
e74355344d chore(deps): bump fastdialer@v0.4.20 to fix >10s delays (#6688) 
Signed-off-by: Dwi Siswanto <git@dw1.io>
 2025-12-14 23:44:06 +07:00