./security/nuclei, Fast and customizable vulnerability scanner

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.2.8nb3, Package name: nuclei-3.2.8nb3, Maintainer: leot

Nuclei is used to send requests across targets based on a template,
leading to zero false positives and providing fast scanning on a large
number of hosts. Nuclei offers scanning for a variety of protocols,
including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc.
With powerful and flexible templating, Nuclei can be used to model all
kinds of security checks.


Master sites:

Filesize: 2213.803 KB

Version history: (Expand)


CVS history: (Expand)


   2024-04-05 21:14:14 by Benny Siegert | Files touched by this commit (161) | Package updated
Log message:
Revbump all Go packages after go121 update
   2024-03-24 21:44:59 by Leonardo Taccari | Files touched by this commit (3)
Log message:
nuclei: Update to 3.2.2

Changes:
v3.2.2
## What's Changed
* Fixed `panic: assignment to entry in nil map` and create default map

v3.2.1
## What's Changed
* Added memguardian + various optimizations
* Fixed overriding the predefined ratelimiter
* Fixed issue with javascript protocol
* Updated templates loader/parser caches (refactor)

v3.2.0
## What's Changed
### New Features
* Added fuzzing support in http protocol
* Added authenticated scaning support
* Added `-fuzz` option for loading fuzzing templates
* Added Gitea reporting
* Added transparent memoization via func annotation
* Added issue tracker JSONL output + CLI summary
* Added `self-contained` request at http request level
* Added `-payload-concurrency` option
* Added `disable-unsigned-templates` option
* Added ldap protocol enhancements

### Bug Fixes
* Fixed issue to purge cache on global callback set
* Fixed network layer should not have forceful read
* Fixed workflow to publish docs
* Fixed `stop-at-first-match` issue in http protocol
* Fixed header nil check
* Fixed issue to use maxsize in template
* Fixed issue to validate code template in workflows
* Fixed issue with temp file cleanup
* Fixed issue with nuclei loading ignored templates
* Fixed multiple bugs

### Other Changes
* Added more granular, issue tracker level filtering
* Added callback support to StandardWriter
* switched dependency for kerberos js module (ropnop/gorkb5 -> jcmturner/gokrb5)
* use system resolver first with system-resolvers
* javascript bindings + docs generation enhancements

v3.1.10
## What's Changed
* Fixed concurrent map writes in tmplexec package
* Added more `NetworkConfig` options to the SDK

v3.1.9
## What's Changed
* Added hybrid tech detection (wappalyzer + tech templates) with automatic scan \ 
(`-as`)
* Added projectdiscovery/useragent
* Added passive option support in SDK
* Fixed issue with long running scans at the end of scan
* Fixed issue in javascript protocol with connection pooling

v3.1.8
## What's Changed
* Fixed multiple memory leaks and optimizations
* Fixed issue with not resolving hosts from `/etc/hosts` file
* Fixed issue of array iteration in flow
* Fixed panic in smb javascript template
* Fixed an issue with case sensitive dns interaction with interactsh
* Fixed issue with reporting with optional support of `-or` option
* Fixed issue with mysql module in JavaScript

v3.1.7
## What's Changed
* Added support to upload result to existing pdpc scan using `-scan-id` option
* Fixed issue with pdcp result upload with large output file
* Fixed issue with pdcp result upload when using with env variable

v3.1.6
## What's Changed
* Added `GetServiceTicket` method to the kerberos module
* Added `GetKerberoastableUsers` method in ldap module
* Added support to dump resume files when a runner hangs
* Fixed multiple memory leaks + optimizations
* Fixed timeout issue + added custom timeout support in js protocol
* Fixed variables merge order in code templates
* Fixed issue with dynamic extractors in flow
* Fixed panic in interactsh process interaction ( nil check on compiled operators)
* Fixed panic error + support offlinehttp in flow templates

v3.1.5
## What's Changed
### Other Changes
* Fixed a bug introduced in previous version

v3.1.4
## What's Changed
### New Features
* Added `self-contained` input support to fuzzing templates
* Added support to include additional custom tags with `-as` option
* Added internal matchers (to hide match results in flow) using `internal: true`
* Added exclude list support to layer 4 via fastdialer

### Bug Fixes
* Fixed issue with dynamic extracted variable to make it reusable
* Fixed early exit issue for non zero status code in code protocol
* Fixed missing results issue in flow based template

### Other Changes
* deprecate(remove): file write in extractor using `to` attribute for security
  reasons
* Using network policy everywhere
   2024-02-07 15:51:04 by Benny Siegert | Files touched by this commit (156) | Package updated
Log message:
Revbump all Go packages after go121 update
   2024-01-10 20:14:43 by Benny Siegert | Files touched by this commit (152) | Package updated
Log message:
Revbump all Go packages after go121 update
   2023-12-23 21:14:46 by Benny Siegert | Files touched by this commit (3) | Package updated
Log message:
nuclei: update to 3.1.3 (security)

This fixes the following vulnerability:

Vulnerability #1: GO-2023-2402
    Man-in-the-middle attacker can compromise integrity of secure channel in
    golang.org/x/crypto
  More info: https://pkg.go.dev/vuln/GO-2023-2402
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.14.0
    Fixed in: golang.org/x/crypto@v0.17.0

v3.1.3

- Added email support to SMTP client in javascript protocol
- Added Interface in Networkconfig (SDK)

v3.1.2

Fixed bug with network protocol: revert full buffer size read

v3.1.1

- Added support for arbitrary string input for TLS SNI annotation
- Fixed panic + refactor headless waitevent action
- Fixed wait time + added timeout for ssh connection
- Fixed issue with headless result upload

v3.1.0

- Added support to upload / view results into PDCP Dashboard
- Added support to exclude target from scan input list
- Added support for multiple ports in network template
- Added port, scheme and url field in json(l) output
- Added support to execute commands via ssh client in javascript protocol
- Added support to set dialer timeout
- Added connection reset by peer to include error used for host exclusion
- Added support to include failed matches for errored hosts with -ms option
   2023-12-05 20:46:19 by Benny Siegert | Files touched by this commit (146) | Package updated
Log message:
Revbump all Go packages after go121 update
   2023-11-10 16:45:25 by Benny Siegert | Files touched by this commit (152) | Package updated
Log message:
Revbump all Go packages after go121 update
   2023-10-30 22:11:21 by Leonardo Taccari | Files touched by this commit (3)
Log message:
nuclei: Update to 3.0.2

pkgsrc changes:
- (not documented or enforced in any way but...) nuclei since 3.0.0 now
  needs Go 1.21.x
- No longer adjust WRKSRC: no longer needed, now default value is fine

Changes:
v3.0.2
## What's Changed
### Other Changes
* Fixed relative path issue for template loading

v3.0.1
## What's Changed
### Bug Fixes
* Fixed issues with template preprocessor + multi request variables indexing

v3.0.0
Nuclei v3 is now live and kicking!

We're excited to announce a variety of new features, enhancements, and
bug fixes for seamless vulnerability identification!

- For an in-depth understanding and details of the new elements, visit our v3 \ 
release blog:
  <https://blog.projectdiscovery.io/nuclei-v3-featurefusion/>.
- Looking to get started with these features? Our Nuclei Docs:
  <https://docs.nuclei.sh/template-guide/introduction> will guide you
  through everything you need to know.

## What's Changed
### New Features
* Added support for code templates
* Added support for template signing + verification
* Added support for multi protocol execution
* Added support for template flow control in template (i.e javascript scripting)
* Added support for javascript protocol for scripting (includes 15+ protocol
  libs)
* Added support for abstracted SDK to use nuclei as library

### Bug Fixes
* Fixed issue with `-fh2` option to make http2 connection request
* Added support to avoid duplicate issue creation in GitHub reporting
* Added support to avoid duplicate issue creation in GitLab reporting

### Maintenance
* Added support to use OS specific default config location

### Other Changes
* Added header fuzzing support in http templates (WIP)
* Added examples in help menu