admin/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2026-01-31 15:53:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
09c47c32bda4c4f1c891b8f74cbc3388cbed6227
nuclei/lib
History
Dwi Siswanto 2b9c985818 fix(lib): segfault when init engine with EnableHeadlessWithOpts (#6602) 
* fix(lib): segfault when init engine with `EnableHeadlessWithOpts`

The panic was caused by attempting to log a
sandbox warning before the logger was initialized.

RCA:
* SDK option funcs were exec'd before logger init.
* `EnableHeadlessWithOpts()` attempted to create
  browser instance & log warnings during the
  config phase.
* `Logger` was only init'd later in `init()`
  phase.
* This caused nil pointer dereference when
  `MustDisableSandbox()` returned true (root on
  Linux/Unix or Windows).

Changes:
* Init `Logger` in `types.DefaultOptions()` to
  ensure it's always available before any option
  functions execute.
* Init `Logger` field in both
  `NewNucleiEngineCtx()` and
  `NewThreadSafeNucleiEngineCtx()` from
  `defaultOptions.Logger`.
* Move browser instance creation from
  `EnableHeadlessWithOpts()` to the `init()` phase
  where `Logger` is guaranteed to be available.
* Simplify logger sync logic in `init()` to only
  update if changed by `WithLogger` option.
* Add test case to verify headless initialization
  works without panic.

The fix maintains backward compatibility while
make sure the logger is always available when
needed by any SDK option function.

Fixes #6601.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build(make): adds `-timeout 30m -count 1` GOFLAGS in `test` cmd

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "fix(lib): segfault when init engine with `EnableHeadlessWithOpts`"

let see if this pass flaky test.

This reverts commit 63fcb6a1cbe7a4db7a78be766affc70eb237e57e.

* test(engine): let see if this pass flaky test

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "Revert "fix(lib): segfault when init engine with `EnableHeadlessWithOpts`""

This reverts commit 62b4223803ccb1e93593e2e08e39923d76aa20b1.

* test(engine): increase `TestActionNavigate` timeout

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "test(engine): let see if this pass flaky test"

This reverts commit d27cd985cff1b06aa1965ea11f8aa32f00778ab5.

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
2025-12-05 21:55:41 +07:00
..
tests
disable self-contained and file protocol templates as default (#5825)
2024-11-19 22:00:28 +05:30
config.go
fix(lib): segfault when init engine with EnableHeadlessWithOpts (#6602)
2025-12-05 21:55:41 +07:00
example_test.go
chore: satisfy lints
2025-10-30 09:41:01 +07:00
helper.go
nuclei v3 : misc updates (#4247)
2023-10-17 17:44:13 +05:30
multi.go
fix(lib): segfault when init engine with EnableHeadlessWithOpts (#6602)
2025-12-05 21:55:41 +07:00
README.md
docs: fixing typos in multiple files (#6653)
2025-12-05 12:29:19 +07:00
sdk_private.go
fix(lib): segfault when init engine with EnableHeadlessWithOpts (#6602)
2025-12-05 21:55:41 +07:00
sdk_test.go
fix(lib): segfault when init engine with EnableHeadlessWithOpts (#6602)
2025-12-05 21:55:41 +07:00
sdk.go
fix(lib): segfault when init engine with EnableHeadlessWithOpts (#6602)
2025-12-05 21:55:41 +07:00

README.md

Using Nuclei as Library

Nuclei was primarily built as a CLI tool, but with increasing choice of users wanting to use nuclei as library in their own automation, we have added a simplified Library/SDK of nuclei in v3

Installation

To add nuclei as a library to your go project, you can use the following command:

go get -u github.com/projectdiscovery/nuclei/v3/lib

Or add below import to your go file and let IDE handle the rest:

import nuclei "github.com/projectdiscovery/nuclei/v3/lib"

Basic Example of using Nuclei Library/SDK

// create nuclei engine with options
	ne, err := nuclei.NewNucleiEngine(
		nuclei.WithTemplateFilters(nuclei.TemplateFilters{Severity: "critical"}), // run critical severity templates only
	)
	if err != nil {
		panic(err)
	}
	// load targets and optionally probe non http/https targets
	ne.LoadTargets([]string{"scanme.sh"}, false)
	err = ne.ExecuteWithCallback(nil)
	if err != nil {
		panic(err)
	}
	defer ne.Close()

Advanced Example of using Nuclei Library/SDK

For Various use cases like batching etc. you might want to run nuclei in goroutines this can be done by using nuclei.NewThreadSafeNucleiEngine

// create nuclei engine with options
	ne, err := nuclei.NewThreadSafeNucleiEngine()
	if err != nil{
        panic(err)
    }
	// setup waitgroup to handle concurrency
	wg := &sync.WaitGroup{}

	// scan 1 = run dns templates on scanme.sh
	wg.Add(1)
	go func() {
		defer wg.Done()
		err = ne.ExecuteNucleiWithOpts([]string{"scanme.sh"}, nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "http"}))
		if err != nil {
            panic(err)
        }
	}()

	// scan 2 = run http templates on honey.scanme.sh
	wg.Add(1)
	go func() {
		defer wg.Done()
		err = ne.ExecuteNucleiWithOpts([]string{"honey.scanme.sh"}, nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "dns"}))
		if err != nil {
            panic(err)
        }
	}()

	// wait for all scans to finish
	wg.Wait()
	defer ne.Close()

More Documentation

For complete documentation of nuclei library, please refer to godoc which contains all available options and methods.

Note

Disclaimer
This project is in active development. Expect breaking changes with releases. Review the release changelog before updating.
This project was primarily built to be used as a standalone CLI tool. Running nuclei as a service may pose security risks. It's recommended to use with caution and additional security measures.
Reference in New Issue View Git Blame Copy Permalink