Navigation:
Browse pkgsrc
(this page)
security nuclei
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2024-04-05 21:14:14 by Benny Siegert | Files touched by this commit (161) |  |
Log message: Revbump all Go packages after go121 update |
| 2024-03-24 21:44:59 by Leonardo Taccari | Files touched by this commit (3) |
Log message: nuclei: Update to 3.2.2 Changes: v3.2.2 ## What's Changed * Fixed `panic: assignment to entry in nil map` and create default map v3.2.1 ## What's Changed * Added memguardian + various optimizations * Fixed overriding the predefined ratelimiter * Fixed issue with javascript protocol * Updated templates loader/parser caches (refactor) v3.2.0 ## What's Changed ### New Features * Added fuzzing support in http protocol * Added authenticated scaning support * Added `-fuzz` option for loading fuzzing templates * Added Gitea reporting * Added transparent memoization via func annotation * Added issue tracker JSONL output + CLI summary * Added `self-contained` request at http request level * Added `-payload-concurrency` option * Added `disable-unsigned-templates` option * Added ldap protocol enhancements ### Bug Fixes * Fixed issue to purge cache on global callback set * Fixed network layer should not have forceful read * Fixed workflow to publish docs * Fixed `stop-at-first-match` issue in http protocol * Fixed header nil check * Fixed issue to use maxsize in template * Fixed issue to validate code template in workflows * Fixed issue with temp file cleanup * Fixed issue with nuclei loading ignored templates * Fixed multiple bugs ### Other Changes * Added more granular, issue tracker level filtering * Added callback support to StandardWriter * switched dependency for kerberos js module (ropnop/gorkb5 -> jcmturner/gokrb5) * use system resolver first with system-resolvers * javascript bindings + docs generation enhancements v3.1.10 ## What's Changed * Fixed concurrent map writes in tmplexec package * Added more `NetworkConfig` options to the SDK v3.1.9 ## What's Changed * Added hybrid tech detection (wappalyzer + tech templates) with automatic scan \ (`-as`) * Added projectdiscovery/useragent * Added passive option support in SDK * Fixed issue with long running scans at the end of scan * Fixed issue in javascript protocol with connection pooling v3.1.8 ## What's Changed * Fixed multiple memory leaks and optimizations * Fixed issue with not resolving hosts from `/etc/hosts` file * Fixed issue of array iteration in flow * Fixed panic in smb javascript template * Fixed an issue with case sensitive dns interaction with interactsh * Fixed issue with reporting with optional support of `-or` option * Fixed issue with mysql module in JavaScript v3.1.7 ## What's Changed * Added support to upload result to existing pdpc scan using `-scan-id` option * Fixed issue with pdcp result upload with large output file * Fixed issue with pdcp result upload when using with env variable v3.1.6 ## What's Changed * Added `GetServiceTicket` method to the kerberos module * Added `GetKerberoastableUsers` method in ldap module * Added support to dump resume files when a runner hangs * Fixed multiple memory leaks + optimizations * Fixed timeout issue + added custom timeout support in js protocol * Fixed variables merge order in code templates * Fixed issue with dynamic extractors in flow * Fixed panic in interactsh process interaction ( nil check on compiled operators) * Fixed panic error + support offlinehttp in flow templates v3.1.5 ## What's Changed ### Other Changes * Fixed a bug introduced in previous version v3.1.4 ## What's Changed ### New Features * Added `self-contained` input support to fuzzing templates * Added support to include additional custom tags with `-as` option * Added internal matchers (to hide match results in flow) using `internal: true` * Added exclude list support to layer 4 via fastdialer ### Bug Fixes * Fixed issue with dynamic extracted variable to make it reusable * Fixed early exit issue for non zero status code in code protocol * Fixed missing results issue in flow based template ### Other Changes * deprecate(remove): file write in extractor using `to` attribute for security reasons * Using network policy everywhere |
| 2024-02-07 15:51:04 by Benny Siegert | Files touched by this commit (156) | |
Log message: Revbump all Go packages after go121 update |
| 2024-01-10 20:14:43 by Benny Siegert | Files touched by this commit (152) | |
Log message: Revbump all Go packages after go121 update |
| 2023-12-23 21:14:46 by Benny Siegert | Files touched by this commit (3) | |
Log message:
nuclei: update to 3.1.3 (security)
This fixes the following vulnerability:
Vulnerability #1: GO-2023-2402
Man-in-the-middle attacker can compromise integrity of secure channel in
golang.org/x/crypto
More info: https://pkg.go.dev/vuln/GO-2023-2402
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.14.0
Fixed in: golang.org/x/crypto@v0.17.0
v3.1.3
- Added email support to SMTP client in javascript protocol
- Added Interface in Networkconfig (SDK)
v3.1.2
Fixed bug with network protocol: revert full buffer size read
v3.1.1
- Added support for arbitrary string input for TLS SNI annotation
- Fixed panic + refactor headless waitevent action
- Fixed wait time + added timeout for ssh connection
- Fixed issue with headless result upload
v3.1.0
- Added support to upload / view results into PDCP Dashboard
- Added support to exclude target from scan input list
- Added support for multiple ports in network template
- Added port, scheme and url field in json(l) output
- Added support to execute commands via ssh client in javascript protocol
- Added support to set dialer timeout
- Added connection reset by peer to include error used for host exclusion
- Added support to include failed matches for errored hosts with -ms option
|
| 2023-12-05 20:46:19 by Benny Siegert | Files touched by this commit (146) | |
Log message: Revbump all Go packages after go121 update |
| 2023-11-10 16:45:25 by Benny Siegert | Files touched by this commit (152) | |
Log message: Revbump all Go packages after go121 update |
| 2023-10-30 22:11:21 by Leonardo Taccari | Files touched by this commit (3) |
Log message: nuclei: Update to 3.0.2 pkgsrc changes: - (not documented or enforced in any way but...) nuclei since 3.0.0 now needs Go 1.21.x - No longer adjust WRKSRC: no longer needed, now default value is fine Changes: v3.0.2 ## What's Changed ### Other Changes * Fixed relative path issue for template loading v3.0.1 ## What's Changed ### Bug Fixes * Fixed issues with template preprocessor + multi request variables indexing v3.0.0 Nuclei v3 is now live and kicking! We're excited to announce a variety of new features, enhancements, and bug fixes for seamless vulnerability identification! - For an in-depth understanding and details of the new elements, visit our v3 \ release blog: <https://blog.projectdiscovery.io/nuclei-v3-featurefusion/>. - Looking to get started with these features? Our Nuclei Docs: <https://docs.nuclei.sh/template-guide/introduction> will guide you through everything you need to know. ## What's Changed ### New Features * Added support for code templates * Added support for template signing + verification * Added support for multi protocol execution * Added support for template flow control in template (i.e javascript scripting) * Added support for javascript protocol for scripting (includes 15+ protocol libs) * Added support for abstracted SDK to use nuclei as library ### Bug Fixes * Fixed issue with `-fh2` option to make http2 connection request * Added support to avoid duplicate issue creation in GitHub reporting * Added support to avoid duplicate issue creation in GitLab reporting ### Maintenance * Added support to use OS specific default config location ### Other Changes * Added header fuzzing support in http templates (WIP) * Added examples in help menu |
New packages: