./security/nuclei, Fast and customizable vulnerability scanner

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.3.9nb2, Package name: nuclei-3.3.9nb2, Maintainer: leot

Nuclei is used to send requests across targets based on a template,
leading to zero false positives and providing fast scanning on a large
number of hosts. Nuclei offers scanning for a variety of protocols,
including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc.
With powerful and flexible templating, Nuclei can be used to model all
kinds of security checks.


Master sites:

Filesize: 11618.433 KB

Version history: (Expand)


CVS history: (Expand)


   2025-04-05 20:51:32 by Benny Siegert | Files touched by this commit (190) | Package updated
Log message:
Belated revbump for all Go packages after go124 update

I forgot to do the revbump again, sorry for doing it so late after the
update.
   2025-03-07 21:54:34 by Benny Siegert | Files touched by this commit (190) | Package updated
Log message:
Revbump all Go packages after go124 update

I realize I forgot to do the revbump after updating the default Go
version to 1.24, so let's do that now.
   2025-03-02 20:02:20 by Leonardo Taccari | Files touched by this commit (3)
Log message:
nuclei: Update to 3.3.9

Changes:
v3.3.9
* Added `-ai` option to generate and run nuclei templates on the fly in
  natural langauge
* Added initial Live DAST Server API implementation (experimental)
* Added support for DSL expression evaluation in headless args
* Bug fixes

v3.3.8
* Bug fixes

v3.3.7
* Added `OS_MAX_THREADS_ENV` environment variable to control the
  maximum number of OS threads the Go program can utilize
* Added `-enable-global-matchers`option to control the execution of
  global matchers
* Bug fixes

v3.3.6
* (Breaking change) The `-enable-self-contained` or `-esc` flag is now
  required to load self-contained templates.
* (Breaking change) The `-file` flag must be used to enable loading
  file templates.
* Added analyzer support and time based delay analyzer for DAST mode
* Added batch output support for JSONL output format
* Added ENV variable handling in dynamic secret file
* Bug fixes

v3.3.5
* Added support for global matchers / extractors in http templates
* Added support for MongoDB for results reporting
* Added support for `stop-at-first-match` in network templates
* Bug fixes

v3.3.4
* Fixed (hopefully) skipping target list as found unresponsive erroneously

v3.3.3
* Added linear issue tracker support
* Added support for additional headless lifecycle events
* Bug fixes

v3.3.2
* Fixed security issue in template `signer` package
* Added `ActionWaitDialog` type in headless protocol to simplify XSS detection

v3.3.1
* Added `team-id` option to upload results to specific team workspace
* Added redaction support in output file
* Added support for multiple auth strategies per target from secret file
* Added support to generate matcher-status event for javascript protocol
* Added `skip-secret-file` template attribute to disable auth per template
* Bug fixes

v3.3.0
* Bug fixes

v3.2.9
* Fuzzing feature enhancements
   - Added `part: request` to fuzz all the keys in request with fuzzing
     templates.
   - Added `-fuzz-aggression` CLI option to control fuzz aggression via
     template.
   - Added `-fuzz-param-frequency` option to control counter for skipping
     uninteresting parameter.
   - Added `-display-fuzz-points` option to display fuzzing points
     (for debugging).
* PDCP Team ID input support via environment variable to upload results into
  team account
* Bug fixes
   2024-09-06 20:49:02 by Benny Siegert | Files touched by this commit (180) | Package updated
Log message:
Revbump all Go packages after go122 update
   2024-08-11 17:57:15 by Benny Siegert | Files touched by this commit (176) | Package updated
Log message:
Revbump all Go packages after update
   2024-07-03 08:59:36 by Benny Siegert | Files touched by this commit (169) | Package updated
Log message:
Revbump all Go packages after go122 security update
   2024-06-13 15:47:13 by Benny Siegert | Files touched by this commit (169) | Package updated
Log message:
Revbump all Go packages after go122 update
   2024-06-01 16:03:06 by Benny Siegert | Files touched by this commit (168)
Log message:
Revbump all Go packages, default Go version is now 1.22.