pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/security/nuclei
From: Leonardo Taccari
Date: 2025-03-02 20:02:20
Message id: 20250302190220.502B2FBE1@cvs.NetBSD.org

Log Message:
nuclei: Update to 3.3.9

Changes:
v3.3.9
* Added `-ai` option to generate and run nuclei templates on the fly in
  natural langauge
* Added initial Live DAST Server API implementation (experimental)
* Added support for DSL expression evaluation in headless args
* Bug fixes

v3.3.8
* Bug fixes

v3.3.7
* Added `OS_MAX_THREADS_ENV` environment variable to control the
  maximum number of OS threads the Go program can utilize
* Added `-enable-global-matchers`option to control the execution of
  global matchers
* Bug fixes

v3.3.6
* (Breaking change) The `-enable-self-contained` or `-esc` flag is now
  required to load self-contained templates.
* (Breaking change) The `-file` flag must be used to enable loading
  file templates.
* Added analyzer support and time based delay analyzer for DAST mode
* Added batch output support for JSONL output format
* Added ENV variable handling in dynamic secret file
* Bug fixes

v3.3.5
* Added support for global matchers / extractors in http templates
* Added support for MongoDB for results reporting
* Added support for `stop-at-first-match` in network templates
* Bug fixes

v3.3.4
* Fixed (hopefully) skipping target list as found unresponsive erroneously

v3.3.3
* Added linear issue tracker support
* Added support for additional headless lifecycle events
* Bug fixes

v3.3.2
* Fixed security issue in template `signer` package
* Added `ActionWaitDialog` type in headless protocol to simplify XSS detection

v3.3.1
* Added `team-id` option to upload results to specific team workspace
* Added redaction support in output file
* Added support for multiple auth strategies per target from secret file
* Added support to generate matcher-status event for javascript protocol
* Added `skip-secret-file` template attribute to disable auth per template
* Bug fixes

v3.3.0
* Bug fixes

v3.2.9
* Fuzzing feature enhancements
   - Added `part: request` to fuzz all the keys in request with fuzzing
     templates.
   - Added `-fuzz-aggression` CLI option to control fuzz aggression via
     template.
   - Added `-fuzz-param-frequency` option to control counter for skipping
     uninteresting parameter.
   - Added `-display-fuzz-points` option to display fuzzing points
     (for debugging).
* PDCP Team ID input support via environment variable to upload results into
  team account
* Bug fixes

Files:

Revision	Action	file
1.29	modify	pkgsrc/security/nuclei/Makefile
1.10	modify	pkgsrc/security/nuclei/distinfo
1.10	modify	pkgsrc/security/nuclei/go-modules.mk