nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2026-01-31 15:53:10 +08:00

Author	SHA1	Message	Date
ledigang	29977358d7	chore: omit unnecessary reassignment (#6622 ) Signed-off-by: ledigang <shuangcui@msn.com>	2025-11-24 19:01:30 +07:00
Mzack9999	c814128ee2	removing debug log	2025-10-29 19:54:51 +04:00
Mzack9999	6f59472f78	reusing dialer	2025-10-29 19:03:59 +04:00
tvroi	e168f8dbfa	fix(openapi/swagger): remove code duplication	2025-10-21 20:27:33 +07:00
tvroi	f57bd8c8ee	fix(openapi/swagger): linter and url validation	2025-10-21 20:16:05 +07:00
tvroi	89cfb75bb6	fix(openapi/swagger): remove discarded error in defer	2025-10-20 18:56:47 +07:00
tvroi	f0429aa4b7	fix(openapi/swagger): err shadowing on write failure	2025-10-20 18:49:06 +07:00
tvroi	1684f4143e	fix (openapi/swagger): improve error handling and tmpDir cleanup	2025-10-20 18:36:17 +07:00
tvroi	c3750be380	feat(openapi/swagger): direct fuzzing using target url	2025-10-19 15:33:31 +07:00
Patrick Stoeckle	bfef42f9e3	chore(typos): fix typos	2025-10-10 17:32:54 +02:00
Mzack9999	c487e59602	lint	2025-09-11 21:41:59 +02:00
Mzack9999	1f8dc4c358	Merge branch 'dev' into pr/6261	2025-09-11 21:33:40 +02:00
Tarun Koyalwar	19247ae74b	Path-Based Fuzzing SQL fix (#6400 ) * setup claude * migrate to using errkit * fix unused imports + lint errors * update settings.json * fix url encoding issue * fix lint error * fix the path fuzzing component * fix lint error	2025-08-25 13:36:58 +05:30
Sandeep Singh	b4644af80a	Lint + test fixes after utils dep update (#6393 ) * fix: remove undefined errorutil.ShowStackTrace * feat: add make lint support and integrate with test * refactor: migrate errorutil to errkit across codebase - Replace deprecated errorutil with modern errkit - Convert error declarations from var to func for better compatibility - Fix all SA1019 deprecation warnings - Maintain error chain support and stack traces * fix: improve DNS test reliability using Google DNS - Configure test to use Google DNS (8.8.8.8) for stability - Fix nil pointer issue in DNS client initialization - Keep production defaults unchanged * fixing logic * removing unwanted branches in makefile --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2025-08-20 05:28:23 +05:30
gopherorg	1079498182	refactor: use maps.Copy for cleaner map handling (#6283 ) Signed-off-by: gopherorg <gopherworld@icloud.com>	2025-07-12 02:50:47 +05:30
HD Moore	f26996cb89	Remove singletons from Nuclei engine (continuation of #6210 ) (#6296 ) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit `114fbe6663`. * Revert "hardcoding path" This reverts commit `cf12ca800e`. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>	2025-07-10 01:17:26 +05:30
Mzack9999	d55ab2f827	use bytes slice	2025-07-03 18:05:08 +02:00
Mzack9999	cf8d067fea	fixing test	2025-07-03 17:28:55 +02:00
Mzack9999	4baf46f080	fixing path	2025-07-03 17:05:14 +02:00
Mzack9999	8304462420	retain required empty spaces	2025-07-03 16:50:21 +02:00
Mzack9999	1f538bcac6	Merge branch 'dev' into pr/6261	2025-07-03 16:11:54 +02:00
Dwi Siswanto	87ed0b2bb9	build: bump all direct modules (#6290 ) * chore: fix non-constant fmt string in call Signed-off-by: Dwi Siswanto <git@dw1.io> * build: bump all direct modules Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(hosterrorscache): update import path Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(charts): break changes Signed-off-by: Dwi Siswanto <git@dw1.io> * build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: golangci-lint auto fixes Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: satisfy lints Signed-off-by: Dwi Siswanto <git@dw1.io> * build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): update build constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: dont panicking on close err Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-07-01 00:40:44 +07:00
Alban Stourbe	1a9a7563c0	feat: send struct from var file	2025-06-24 18:39:29 +02:00
Alban Stourbe	248548e075	feat(ytt): add ytt files var + add vars from cli and config	2025-06-24 18:32:45 +02:00
Alban Stourbe	5f501da063	fix: enhance code rabbit	2025-06-12 15:44:11 +02:00
Alban Stourbe	a0bd3b854e	feat(templating): add vars templating into yaml inputs	2025-06-12 15:03:33 +02:00
tongjicoder	3be29abfc9	refactor: use slices.Contains to simplify code Signed-off-by: tongjicoder <tongjicoder@icloud.com>	2025-05-27 17:16:26 +08:00
Dwi Siswanto	3957237199	fix(openapi): handles nil schema & schema values (#6228 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-05-17 00:46:41 +05:30
Ice3man	5f0b7eb19b	feat: added initial live DAST server implementation (#5772 ) * feat: added initial live DAST server implementation * feat: more logging + misc additions * feat: auth file support enhancements for more complex scenarios + misc * feat: added io.Reader support to input providers for http * feat: added stats db to fuzzing + use sdk for dast server + misc * feat: more additions and enhancements * misc changes to live server * misc * use utils pprof server * feat: added simpler stats tracking system * feat: fixed analyzer timeout issue + missing case fix * misc changes fix * feat: changed the logics a bit + misc changes and additions * feat: re-added slope checks + misc * feat: added baseline measurements for time based checks * chore(server): fix typos Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(templates): potential DOM XSS Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(authx): potential NIL deref Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * feat: misc review changes * removed debug logging * feat: remove existing cookies only * feat: lint fixes * misc * misc text update * request endpoint update * feat: added tracking for status code, waf-detection & grouped errors (#6028) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * fix var dump (#5921) * fix var dump * fix dump test * Added filename length restriction for debug mode (-srd flag) (#5931) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> * more updates * Update pkg/output/stats/waf/waf.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: 9flowers <51699499+Lercas@users.noreply.github.com> Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2025-02-13 18:46:28 +05:30
Dwi Siswanto	622c5503fa	perf(): replace `encoding/json` w/ `sonic` or `go-json` (fallback) (#6019 ) perf(): replace `encoding/json` w/ sonic Signed-off-by: Dwi Siswanto <git@dw1.io> feat(utils): add `json` pkg (sonic wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(): use `sonic` wrapper instead Signed-off-by: Dwi Siswanto <git@dw1.io> chore(): replace `sonic.ConfigStd` -> `json` (wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> test(model): adjust expected marshal'd JSON Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): dynamic backend; `sonic` -> `go-json` (fallback) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): merge config - as its not usable Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): rm go version constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-02-11 03:01:37 +05:30
kilavvy	82a5d35241	fix: typos in documentation files (#6027 ) * Update generator.go * Update README.md	2025-02-04 13:44:52 +05:30
Pierre	ba253dcd56	fix: URL parsing with lists & -scan-all-ips (#5897 ) Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-12-21 03:32:33 +05:30
Ramana Reddy	b69de15777	fix: Parse OpenApi http security schemes on empty values (#5606 ) * fix: parse openapi http security schemes on empty values * minor --------- Co-authored-by: Doğan Can Bakır <dogancanbakir@protonmail.com>	2024-09-19 19:29:19 +05:30
linchizhen	88b281ae47	chore: fix some function names in comment (#5586 ) Signed-off-by: linchizhen <jiayanbing@yeah.net>	2024-09-01 14:11:01 +05:30
Tarun Koyalwar	1c76398aea	lint error fixes (#5531 ) * lint error fixes * chore: satisfy non-constant format str in call lint (govet) Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2024-08-16 20:31:23 +05:30
Tryfon Papatriantafyllou	0675aa48a3	Circular References in OpenAPI 3.0 fixed (#5491 ) * Circular References in OpenAPI 3.0 fixed * Fixing Swagger_test	2024-08-16 18:34:47 +05:30
Tryfon Papatriantafyllou	c6e5bdd857	Fixing the server URL path for OpenAPI scanning (#5504 ) * fix_openAPI_serverURL_path * Issue #5503	2024-08-16 17:37:02 +05:30
Mohammed Diaa	ff23949bb0	Apply input transformation to multi-protocol templates (#5426 ) * Apply input transformation to multi-protocol template execution * Remove ad hoc input transoformation from DNS protocol * Add SSL protocol input transformer * Remove ad hoc input transoformation from SSL protocol * Remove unused function extractDomain from the DNS protocol engine * transform in flow as well * bug fix + update test * bug fix multi proto : * bug fix multi proto input * bug fixes in input transform --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-08-01 20:43:47 +05:30
mzack9999	3c2af0e47c	fixing many data races	2024-07-12 17:23:44 +02:00
mzack	ead444b88b	Merge branch 'dev' into use_containsall	2024-07-12 13:05:14 +02:00
Ramana Reddy	5cb32a4310	Fix target loading with input-mode (#5369 )	2024-07-08 16:21:11 +05:30
Doğan Can Bakır	c7006a9168	use `stringsutil.ContainsAll`	2024-06-25 12:26:18 +03:00
map1e	4720d8c8ec	fix: types.RequestResponse url field UnmarshalJSON bug (#5267 ) * fix: types.RequestResponse url field UnmarshalJSON bug * use UnmarshalJSON method in test * add http unmarshal json test case	2024-06-16 04:05:08 +05:30
Tarun Koyalwar	3e54ca54b0	feat: fix utils and add goroutine leak unit tests (#5112 ) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2024-05-01 00:28:11 +05:30
Ramana Reddy	2357153fcd	Fix failing test (#5067 )	2024-04-28 01:15:57 +05:30
Ice3man	0b82e8b7aa	feat: added support for context cancellation to engine (#5096 ) * feat: added support for context cancellation to engine * misc * feat: added contexts everywhere * misc * misc * use granular http timeouts and increase http timeout to 30s using multiplier * track response header timeout in mhe * update responseHeaderTimeout to 5sec * skip failing windows test --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-04-25 15:37:56 +05:30
Dogan Can Bakir	ea3705eb64	fix openapi import nil deref (#5080 )	2024-04-23 16:56:33 +05:30
Ramana Reddy	66da73c1b1	Fix panic err using flow templates with workflow (#5064 ) * Fix panic err using flow templates with workflows * Misc update * skip test if pdcp keys are not present --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2024-04-18 17:43:46 +05:30
Ice3man	3a3db67248	feat: katana jsonl input format not working fix (#5063 )	2024-04-18 16:49:28 +05:30
Tarun Koyalwar	255032f4f2	pre-condition in code , fuzz and other misc updates (#4966 ) * fuzz: rename 'filters' -> 'pre-condition' * code proto: pre-condition + integration test * feat: dsl document generator * update dsl page header * fix lint error * add js defined helper funcs in docs * remove panic recovery unless its for third party(go-rod,goja) * handle dynamic values flattening edgecase in flow+multiprotocol * fix order of kv in form-data (failing test) * fix template loading counters * Revert "handle dynamic values flattening edgecase in flow+multiprotocol" This reverts commit `58fdd4faf7`. * fix flow iteration using 'iterate'	2024-04-01 19:18:21 +05:30

1 2

52 Commits