Releases: projectdiscovery/nuclei
Releases · projectdiscovery/nuclei
v3.2.6
What's Changed
- Fixed goroutine leaks causing spike in memory uses by @tarunKoyalwar in #5112
- Added
-profileand-profile-listoption to run template using template profile by @RamanaReddy0M in #5125
$ ./nuclei -tpl
profiles/aws-cloud-config.yml (aws-cloud-config)
profiles/bugbounty.yml (bugbounty)
profiles/cloud.yml (cloud)
profiles/compliance.yml (compliance)
profiles/osint.yml (osint)
profiles/pentest.yml (pentest)
profiles/privilege-escalation.yml (privilege-escalation)
profiles/recommended.yml (recommended)$ ./nuclei -profile aws-cloud-config- Added template tags list (
-tgl) option by @rsrdesarrollo in #4798
$ ./nuclei -silent -tgl | head -n 10
cve (2416)
panel (1122)
wordpress (956)
exposure (895)
xss (890)
wp-plugin (836)
osint (804)
tech (673)
lfi (646)
misconfig (598)- Added fuzzing output enhancements by @Ice3man543 in #5126
New Contributors
- @socialsister made their first contribution in #5110
- @rsrdesarrollo made their first contribution in #4798
Full Changelog: v3.2.5...v3.2.6
Contributors
rsrdesarrollo, Ice3man543, and 3 other contributors
Assets 11
v3.2.5
What's Changed
🎉 New Features
- Added query variable to read param values by @dogancanbakir in #4894
- Added SRV query in dns protocol by @Mzack9999 in #5034
- Added response read timeout flag for network request by @dogancanbakir in #4944
- Added networkpolicy to httpx probes by @Mzack9999 in #5036
- Added context vars in code and multi protocol by @tovask in #5051
- Added nuclei stats / chart utils by @tarunKoyalwar in #5032
- Added support for context cancellation to engine (SDK) by @Ice3man543 in #5096
- Added support for user provided catalog (SDK) by @scottdharvey in #5060
- Added embedded api for settings control in CLI modality (WIP) by @Mzack9999 in #5030
- Added initial refactor for speed control (WIP) by @Mzack9999 in #4986
🐞 Bug Fixes
- Fixed internal resolver override by @Mzack9999 in #5035
- Fixed issue to run workflow subtemplates with new scancontext by @tovask in #5031
- Fixed issue with
max-sizeinput in template by @dogancanbakir in #5100 - Fixed issue with
skip-variables-checkwith self-contained templates by @RamanaReddy0M in #5053 - Fixed issue with close res body in elastic export by @testwill in #5025
- Fixed issue with jsonl input format not working with fuzzing by @Ice3man543 in #5063
- Fixed issue with mhe check in http payloads by @tarunKoyalwar in #5099
- Fixed openapi import nil panic by @dogancanbakir in #5080
- Fixed panic in template validation by @RamanaReddy0M in #5065
- Fixed panic using flow / workflow templates by @RamanaReddy0M in #5064
- Fixed panic with fuzz template by @RamanaReddy0M in #5068
- Fixed issue with case-sensitive links in template reference by @RamanaReddy0M in #5098
Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/55?closed=1
New Contributors
- @tovask made their first contribution in #5031
- @testwill made their first contribution in #5025
- @lvyaoting made their first contribution in #5008
- @zrquan made their first contribution in #5038
- @scottdharvey made their first contribution in #5060
Full Changelog: v3.2.4...v3.2.5
Contributors
testwill, Mzack9999, and 8 other contributors
Assets 11
v3.2.4
What's Changed
- Fixed an issue for templates with dynamic extractor + payloads edgecase by @tarunKoyalwar in #5016
- Fixed missing JSON schema definitions by @RamanaReddy0M in #4995
- Fixed index out of range panic with fuzzing templates by @tarunKoyalwar in #4998
- Fixed missing interactsh expression evaluation in fuzzing template by @tarunKoyalwar in #5019
- Fixed missing IP in javascript templates by @tarunKoyalwar in #5023
- Fixed invalid port in jsonl output for ssl templates by @tarunKoyalwar in #5023
- Added ASREProastable method in LDAP module by @daffainfo in #4990
New Contributors
- @hanghuge made their first contribution in #5004
- @daffainfo made their first contribution in #4990
Full Changelog: v3.2.3...v3.2.4
Contributors
daffainfo, tarunKoyalwar, and 2 other contributors
Assets 11
v3.2.3
Important
Nuclei Templates for dynamic application security testing (DAST), which were maintained in a separate project at fuzzing-templates, are now being moved to the nuclei-templates project. This way, they can be made available for use with the default nuclei installation with the upcoming release of the template project. These templates will be disabled as default but can be used with the -dast option.
More information of fuzzing support: https://blog.projectdiscovery.io/nuclei-fuzzing-for-unknown-vulnerabilities/
What's Changed
- Added
-dastoption to run all and only dast (fuzz) templates by @tarunKoyalwar in #4941 - Added
pre-conditionattribute in Code and DAST templates by @tarunKoyalwar in #4966 - Fixed multiple panic crash by @tarunKoyalwar in #4978
- Fixed multiple issues with query parameter fuzzing by @tarunKoyalwar in #4925
- Fixed issue with
{{interactsh-url}}variable not working with nested variables by @tarunKoyalwar in #4941 - Fixed issue with
-msoption for templates using flow by @tarunKoyalwar in #4978 - Fixed issue with
-msoption generating blank target & template by @tarunKoyalwar in #4969 - Fixed issue with sarif version by @tibbon in #4976
- Fixed issue
-no-coloroutput by @dogancanbakir in #4954 - Updated outdated JSONSchema library by @kchason in #4943
New Contributors
Full Changelog: v3.2.2...v3.2.3
Contributors
tibbon, kchason, and 3 other contributors
Assets 11
v3.2.2
What's Changed
- Fixed
panic: assignment to entry in nil mapand create default map by @tarunKoyalwar in #4896
Full Changelog: v3.2.1...v3.2.2
Contributors
tarunKoyalwar
Assets 11
v3.2.1
What's Changed
- Added memguardian + various optimizations by @Mzack9999 in #4833
- Fixed overriding the predefined ratelimiter by
WithGlobalRateLimit(sdk) by @kiokuless in #4884 - Fixed issue with javascript protocol by @tarunKoyalwar in #4893
- Updated templates loader/parser caches (refactor) by @Mzack9999 in #4867
New Contributors
- @debasishbsws made their first contribution in #4885
- @kiokuless made their first contribution in #4884
- @alizademhdi made their first contribution in #4892
Full Changelog: v3.2.0...v3.2.1
Contributors
Mzack9999, tarunKoyalwar, and 3 other contributors
Assets 11
v3.2.0
What's Changed
🎉 New Features
- Added fuzzing support in http protocol by @Ice3man543, @tarunKoyalwar in #4477
- Added authenticated scaning support by @tarunKoyalwar in #4477
- Added
-fuzzoption for loading fuzzing templates @tarunKoyalwar in #4477 - Added Gitea reporting by @leonjza in #4522
- Added transparent memoization via func annotation by @Mzack9999 in #4742
- Added issue tracker JSONL output + CLI summary by @Ice3man543 in #4855
- Added
self-containedrequest at http request level by @tarunKoyalwar in #4812 - Added
-payload-concurrencyoption by @tarunKoyalwar in #4868 - Added
disable-unsigned-templatesoption by @dogancanbakir in #4820 - Added ldap protocol enhancements by @5amu in #4667
🐞 Bug Fixes
- Fixed issue to purge cache on global callback set by @Mzack9999 in #4840
- Fixed network layer should not have forceful read by @Mzack9999 in #4737
- Fixed workflow to publish docs by @RamanaReddy0M in #4743
- Fixed
stop-at-first-matchissue in http protocol by @tarunKoyalwar in #4752 - Fixed header nil check by @tarunKoyalwar in #4766
- Fixed issue to use maxsize in template by @dogancanbakir in #4814
- Fixed issue to validate code template in workflows by @tarunKoyalwar in #4822
- Fixed issue with temp file cleanup by @dogancanbakir in #4835
- Fixed issue with nuclei loading ignored templates by @tarunKoyalwar in #4849
- Fixed multiple bugs by @tarunKoyalwar in #4868
Other Changes
- Added more granular, issue tracker level filtering by @leonjza in #4780
- Added callback support to StandardWriter by @dogancanbakir in #4839
- switched dependency for kerberos js module (ropnop/gorkb5 -> jcmturner/gokrb5) by @5amu in #4647
- use system resolver first with system-resolvers by @Mzack9999 in #4740
- javascript bindings + docs generation enhancements by @tarunKoyalwar in #4487
Issues closed in release - https://github.com/projectdiscovery/nuclei/milestone/43?closed=1
New Contributors
- @leonjza made their first contribution in #4522
- @AlexS778 made their first contribution in #4785
- @fail-open made their first contribution in #4819
Full Changelog: v3.1.10...v3.2.0
Contributors
leonjza, Mzack9999, and 7 other contributors
Assets 11
v3.1.10
What's Changed
- Fixed concurrent map writes in tmplexec package by @tarunKoyalwar in #4718
- Added more
NetworkConfigoptions to the SDK by @denysvitali-niantic in #4719
New Contributors
- @denysvitali-niantic made their first contribution in #4719
Full Changelog: v3.1.9...v3.1.10
Contributors
tarunKoyalwar and denysvitali-niantic
Assets 11
v3.1.9
What's Changed
- Added hybrid tech detection (wappalyzer + tech templates) with automatic scan (
-as) by @xxcdd @boy-hack in #4656 - Added projectdiscovery/useragent by @dogancanbakir in #4708
- Added passive option support in SDK by @dogancanbakir in #4684
- Fixed issue with long running scans at the end of scan by @tarunKoyalwar in #4715
- Fixed issue in javascript protocol with connection pooling by @tarunKoyalwar in #4709
New Contributors
Full Changelog: v3.1.8...v3.1.9
Contributors
boy-hack, xxcdd, and 2 other contributors
Assets 11
v3.1.8
What's Changed
- Fixed multiple memory leaks and optimizations by @tarunKoyalwar in #4680
- Fixed issue with not resolving hosts from
/etc/hostsfile by @tarunKoyalwar in #4686 - Fixed issue of array iteration in flow by @tarunKoyalwar in #4688
- Fixed panic in smb javascript template by @tarunKoyalwar in #4700
- Fixed an issue with case sensitive dns interaction with interactsh by @monitor403 in #4697
- Fixed issue with reporting with optional support of
-oroption by @dogancanbakir in #4612 - Fixed issue with mysql module in JavaScript by @tarunKoyalwar in #4702
New Contributors
- @monitor403 made their first contribution in #4697
Full Changelog: v3.1.7...v3.1.8
Contributors
monitor403, tarunKoyalwar, and dogancanbakir