Releases: projectdiscovery/nuclei
v3.3.4
What's Changed
- Fixed (hopefully) skipping target list as found unresponsive erroneously by @tarunKoyalwar in #5668
Full Changelog: v3.3.3...v3.3.4
v3.3.3
What's Changed
🎉 New Features
- Added linear issue tracker support by @Ice3man543 in #5601
linear:
# api-key is the API key for the linear account
api-key: ""
# allow-list sets a tracker level filter to only create issues for templates with
# these severity labels or tags (does not affect exporters. set those globally)
deny-list:
severity: critical
# deny-list sets a tracker level filter to never create issues for templates with
# these severity labels or tags (does not affect exporters. set those globally)
deny-list:
severity: low
# team-id is the ID of the team in Linear
team-id: ""
# project-id is the ID of the project in Linear
project-id: ""
# duplicate-issue-check flag to enable duplicate tracking issue check
duplicate-issue-check: false
# open-state-id is the ID of the open state in Linear
open-state-id: ""
See docs for more details.
- Added support to upload nuclei existing scan results to dashboard by @RamanaReddy0M in #5603
-pdu, -dashboard-upload string upload / view nuclei results file (jsonl) in projectdiscovery cloud (pdcp) UI dashboard
$ ./nuclei -pdu nucle_results.jsonl
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.3.3
projectdiscovery.io
[INF] Uploading scan results to cloud dashboard from test
[INF] 7 Scan results uploaded to cloud, you can view scan results at https://cloud.projectdiscovery.io/scans/crqho0h1c9fs73f1rth0?team_id=none
- Added support for additional headless lifecycle events by @dwisiswant0 in #5632
Newly supported events:
- waitdom
- waitfcp
- waitfmp
- waitidle
- waitstable
See docs for more details.
🐞Bug Fixes
- Fixed issue with
max-host-error
withconcurrency
by @dwisiswant0 in #5633 - Fixed issue with parsing OpenAPI http security schemes on empty values by @RamanaReddy0M in #5606
- Fixed loading dynamic auth templates with fuzzing by @RamanaReddy0M in #5646
- Fixed issue with MySQL connection with special characters in password by @RamanaReddy0M in #5604
- Fixed issue with
WithProxy
err by @dogancanbakir in #5626 - Fixed missing
template_url
for signed templates by @RamanaReddy0M in #5644 - Fixed nil pointer error with
addCNameIfAvailable
from using closedDialer
by @dwisiswant0 in #5665 - Fixed issue in event generation using
-ms
option with clustering by @Ice3man543 in #5653 - Fixed issue with Input Clone when the workflow execution forks by @tovask in #5621
- Fixed failing integration tests by @RamanaReddy0M in #5647
🔨 Maintenance
- Added support for
fs.FS
in template parsing by @doug-threatmate in #5421
Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/63?closed=1
Full Changelog: v3.3.2...v3.3.3
v3.3.2
What's Changed
🎉 New Features
- Added
ActionWaitDialog
type in headless protocol to simplify XSS detection by @dwisiswant0 in #5545
See docs for more details.
🔨 Maintenance
- Migrated issue template to issue form by @dwisiswant0 in #5538
- Upgraded gitlab api version by @AdallomRoy in #5551
⚠️ Security
- Fixed security issue in template
signer
package by @GuyGoldenberg @dogancanbakir @Mzack9999 in 0da993a
See GitHub security advisories for detailed information.
Other Changes
- Added jira config to accept issue-type id and project id as optional input by @Ice3man543 in #5537
- Fixed issue with
-ms
option to scan non accessible host by @dogancanbakir in #5576 - Fixed race condition issue by @dogancanbakir in #5547
- Fixed panic in list input with dast option by @dwisiswant0 in #5558
New Contributors
- @AdallomRoy made their first contribution in #5551
- @PeterDaveHello made their first contribution in #5578
- @linchizhen made their first contribution in #5586
Full Changelog: v3.3.1...v3.3.2
v3.3.1
What's Changed
🎉 New Features
- Added
team-id
option to upload results to specific team workspace by @RamanaReddy0M in #5523
Option:
-tid, -team-id string upload scan results to given team id (optional) (default "none")
Example:
nuclei -pt dns -u example.com -cloud-upload -team-id cqlmoalcm2sc73eut1b0
- Added redaction support in output file by @dogancanbakir in #5463
Option:
-rd, -redact string[] redact given list of keys from query parameter, request header and body
Example:
nuclei -pt dns -u example.com -redact api_key,x-api-key,user-agent
- Added support for multiple auth strategies per target from secret file by @RamanaReddy0M in #5500
- Added support to generate matcher-status event for javascript protocol by @tarunKoyalwar in #5450
- Added workflows in SDK example by @alban-stourbe-wmx in #5409
- Added
skip-secret-file
template attribute to disable auth per template by @dwisiswant0 in #5522
🐞 Bug Fixes
- Fixed
FileAuthProvider
stores the same strategy for each entry by @mrschyte in #5474 - Fixed circular references in OpenAPI parsing(fuzzing) by @trypa11 in #5491
- Fixed file protocol missing vars in flow & multi-protocol by @tarunKoyalwar in #5480
- Fixed issue assign
customHeaders
to the map directly by @dwisiswant0 in #5445 - Fixed issue with input transformation to multi-protocol templates by @mhmdiaa in #5426
- Fixed missing close statements
file.Close()
&ticker.Stop()
by @ShuBo6 in #5436 - Fixed nil panic by @tarunKoyalwar in #5473
- Fixed server URL path for OpenAPI parsing by @trypa11 in #5504
- Fixed unresolved
interactsh-url
variable with fuzzing by @RamanaReddy0M in #5289 - Fixed unresolved variables error with dast templates by @RamanaReddy0M in #5443
🔨 Maintenance
- ci: don't clean modules cache by @dwisiswant0 in #5519
- ci: use composite actions by @dwisiswant0 in #5483
Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/61?closed=1
New Contributors
- @fudancoder made their first contribution in #5432
- @ShuBo6 made their first contribution in #5436
- @Jarnpher553 made their first contribution in #5419
- @mhmdiaa made their first contribution in #5426
- @alban-stourbe-wmx made their first contribution in #5409
- @mrschyte made their first contribution in #5474
- @trypa11 made their first contribution in #5504
Full Changelog: v3.3.0...v3.3.1
v3.3.0
What's Changed
🐞 Bug Fixes
- Fixed security issue with use of custom workflows by @Mzack9999 in #5318
- Fixed issue to reduce memory usage by javascript templates by @Mzack9999 in #5291
- Fixed target loading issue with
-input-mode
option by @RamanaReddy0M in #5369 - Fixed issue with
stop-at-first-match
option in headless mode with fuzzing by @RamanaReddy0M in #5330 - Fixed issue with ldap search function by @tarunKoyalwar in #5356
- Fixed issue with
ExecuteWithResults
function not returning expected results (SDK) by @boy-hack in #5376
Other Changes
- Added
cname
information in http protocol when available by @tarunKoyalwar in #5389 - Added goja function (
isUDPPortOpen
) to check UDP port by @RamanaReddy0M in #5397 - Added sdk option to disable update check (SDK) by @dogancanbakir in #5346
- Added support to use
fs.FS
when explicitly given (SDK) by @doug-threatmate in #5312 - Added timeouts config in
types.Options
(SDK) by @dogancanbakir in #5228 - Improved ldap output with custom type to return additional information by @tarunKoyalwar in #5387
- Improved template clustering performance by @KristinnVikar in #5319
Caution
In this release, with the changes in #5228, the following options have been removed from the CLI. They are now configured implicitly and can be customized via SDK usage.
-dt, -dialer-timeout value timeout for network requests.
-rrt, -response-read-timeout value response read timeout in seconds (default 5s)
New Contributors
- @KristinnVikar made their first contribution in #5319
- @boy-hack made their first contribution in #5376
Full Changelog: v3.2.9...v3.3.0
v3.2.9
What's Changed
🎉 New Features
- Fuzzing feature enhancements by @Ice3man543 in #5139
- Added
part: request
to fuzz all the keys in request with fuzzing templates. - Added
-fuzz-aggression
CLI option to control fuzz aggression via template. - Added
-fuzz-param-frequency
option to control counter for skipping uninteresting parameter. - Added
-display-fuzz-points
option to display fuzzing points (for debugging).
- Added
- PDCP Team ID input support via environment variable to upload results into team account by @tarunKoyalwar in #5295
export PDCP_TEAM_ID=cphlrbmnr2khg33n6ik1
Note
Team ID is optional input and can be obtained from https://cloud.projectdiscovery.io/settings/team. If provided, results will be uploaded to the team account instead of your personal account.
🐞 Bug Fixes
- Fixed slow scan for hosts blocked WAF or getting timed out by @Mzack9999 in #5275
- Fixed issues with multi-thread execution by @Mzack9999 in #5187
- Fixed panic on failed raw request by @tarunKoyalwar in #5230
- Fixed
ExecuteCallbackWithCtx
to use the context that was provided by @doug-threatmate in #5236 - Fixed nil deref err in reporting by @dogancanbakir in #5283
- Fixed
types.RequestResponse
url fieldUnmarshalJSON
by @LazyMaple in #5267 - Fixed tempalte validation by @RamanaReddy0M in #5261
- Fixed severity filter for per tracker reporting filters by @Ice3man543 in #5297
Other Changes
- Added Spanish translation of README by @MachadoOtto in #5242
- Added Japanese translation of README by @eltociear in #5259
- Added timestamp in error log (
-elog
) with-ts
option by @oscarintherocks in #5292
New Contributors
- @doug-threatmate made their first contribution in #5236
- @MachadoOtto made their first contribution in #5242
- @eltociear made their first contribution in #5259
- @oscarintherocks made their first contribution in #5292
- @LazyMaple made their first contribution in #5267
Full Changelog: v3.2.8...v3.2.9
v3.2.8
What's Changed
🐞 Bug Fixes
- Fixed multiple bug fixes + performance improvements by @tarunKoyalwar in #5148
- Fixed more goroutine leaks by @Ice3man543 in #5188
- Fixed issue network interface selection in case of multiple interface by @Mzack9999 in #5186
- Fixed issue with ssl protocol in case of multi request by @Mzack9999 in #5203
Issues closed in release - https://github.com/projectdiscovery/nuclei/milestone/58?closed=1
Full Changelog: v3.2.7...v3.2.8
v3.2.7
What's Changed
🎉 New Features
- Added support for multiple search query in templates to run with
-uncover
option by @RamanaReddy0M in #5132 - Added
-scan-name
input support for pdcp result upload by @tarunKoyalwar in #5155
-sname, -scan-name string scan name to set (optional)
🐞 Bug Fixes
- Fixed race condition (panic) in host spray mode by @Mzack9999 in #5168
- Fixed a bug for multiple input with
-u
option by @dogancanbakir in #5147 - Fixed a bug in issue reporting with severity filter by @Ice3man543 in #5166
- Fixed a bug in pdcp result upload for results with no severity by @tarunKoyalwar in #5155
Other Changes
- Added context support in sdk by @tarunKoyalwar in #5154
Full Changelog: v3.2.6...v3.2.7
v3.2.6
What's Changed
- Fixed goroutine leaks causing spike in memory uses by @tarunKoyalwar in #5112
- Added
-profile
and-profile-list
option to run template using template profile by @RamanaReddy0M in #5125
$ ./nuclei -tpl
profiles/aws-cloud-config.yml (aws-cloud-config)
profiles/bugbounty.yml (bugbounty)
profiles/cloud.yml (cloud)
profiles/compliance.yml (compliance)
profiles/osint.yml (osint)
profiles/pentest.yml (pentest)
profiles/privilege-escalation.yml (privilege-escalation)
profiles/recommended.yml (recommended)
$ ./nuclei -profile aws-cloud-config
- Added template tags list (
-tgl
) option by @rsrdesarrollo in #4798
$ ./nuclei -silent -tgl | head -n 10
cve (2416)
panel (1122)
wordpress (956)
exposure (895)
xss (890)
wp-plugin (836)
osint (804)
tech (673)
lfi (646)
misconfig (598)
- Added fuzzing output enhancements by @Ice3man543 in #5126
New Contributors
- @socialsister made their first contribution in #5110
- @rsrdesarrollo made their first contribution in #4798
Full Changelog: v3.2.5...v3.2.6
v3.2.5
What's Changed
🎉 New Features
- Added query variable to read param values by @dogancanbakir in #4894
- Added SRV query in dns protocol by @Mzack9999 in #5034
- Added response read timeout flag for network request by @dogancanbakir in #4944
- Added networkpolicy to httpx probes by @Mzack9999 in #5036
- Added context vars in code and multi protocol by @tovask in #5051
- Added nuclei stats / chart utils by @tarunKoyalwar in #5032
- Added support for context cancellation to engine (SDK) by @Ice3man543 in #5096
- Added support for user provided catalog (SDK) by @scottdharvey in #5060
- Added embedded api for settings control in CLI modality (WIP) by @Mzack9999 in #5030
- Added initial refactor for speed control (WIP) by @Mzack9999 in #4986
🐞 Bug Fixes
- Fixed internal resolver override by @Mzack9999 in #5035
- Fixed issue to run workflow subtemplates with new scancontext by @tovask in #5031
- Fixed issue with
max-size
input in template by @dogancanbakir in #5100 - Fixed issue with
skip-variables-check
with self-contained templates by @RamanaReddy0M in #5053 - Fixed issue with close res body in elastic export by @testwill in #5025
- Fixed issue with jsonl input format not working with fuzzing by @Ice3man543 in #5063
- Fixed issue with mhe check in http payloads by @tarunKoyalwar in #5099
- Fixed openapi import nil panic by @dogancanbakir in #5080
- Fixed panic in template validation by @RamanaReddy0M in #5065
- Fixed panic using flow / workflow templates by @RamanaReddy0M in #5064
- Fixed panic with fuzz template by @RamanaReddy0M in #5068
- Fixed issue with case-sensitive links in template reference by @RamanaReddy0M in #5098
Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/55?closed=1
New Contributors
- @tovask made their first contribution in #5031
- @testwill made their first contribution in #5025
- @lvyaoting made their first contribution in #5008
- @zrquan made their first contribution in #5038
- @scottdharvey made their first contribution in #5060
Full Changelog: v3.2.4...v3.2.5