v3.3.4

What's Changed

• Fixed (hopefully) skipping target list as found unresponsive erroneously by @tarunKoyalwar in #5668

Full Changelog: v3.3.3...v3.3.4

v3.3.3

What's Changed

🎉 New Features

• Added linear issue tracker support by @Ice3man543 in #5601

linear:
  # api-key is the API key for the linear account
  api-key: ""
  # allow-list sets a tracker level filter to only create issues for templates with
  # these severity labels or tags (does not affect exporters. set those globally)
  deny-list:
    severity: critical
  # deny-list sets a tracker level filter to never create issues for templates with
  # these severity labels or tags (does not affect exporters. set those globally)
  deny-list:
    severity: low
  # team-id is the ID of the team in Linear
  team-id: ""
  # project-id is the ID of the project in Linear
  project-id: ""
  # duplicate-issue-check flag to enable duplicate tracking issue check
  duplicate-issue-check: false
  # open-state-id is the ID of the open state in Linear
  open-state-id: ""

See docs for more details.

• Added support to upload nuclei existing scan results to dashboard by @RamanaReddy0M in #5603

   -pdu, -dashboard-upload string  upload / view nuclei results file (jsonl) in projectdiscovery cloud (pdcp) UI dashboard

 $ ./nuclei -pdu nucle_results.jsonl 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.3

		projectdiscovery.io

[INF] Uploading scan results to cloud dashboard from test
[INF] 7 Scan results uploaded to cloud, you can view scan results at https://cloud.projectdiscovery.io/scans/crqho0h1c9fs73f1rth0?team_id=none

• Added support for additional headless lifecycle events by @dwisiswant0 in #5632

Newly supported events:

• waitdom
• waitfcp
• waitfmp
• waitidle
• waitstable

See docs for more details.

🐞Bug Fixes

• Fixed issue with max-host-error with concurrency by @dwisiswant0 in #5633
• Fixed issue with parsing OpenAPI http security schemes on empty values by @RamanaReddy0M in #5606
• Fixed loading dynamic auth templates with fuzzing by @RamanaReddy0M in #5646
• Fixed issue with MySQL connection with special characters in password by @RamanaReddy0M in #5604
• Fixed issue with WithProxy err by @dogancanbakir in #5626
• Fixed missing template_url for signed templates by @RamanaReddy0M in #5644
• Fixed nil pointer error with addCNameIfAvailable from using closed Dialer by @dwisiswant0 in #5665
• Fixed issue in event generation using -ms option with clustering by @Ice3man543 in #5653
• Fixed issue with Input Clone when the workflow execution forks by @tovask in #5621
• Fixed failing integration tests by @RamanaReddy0M in #5647

🔨 Maintenance

• Added support for fs.FS in template parsing by @doug-threatmate in #5421

Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/63?closed=1

Full Changelog: v3.3.2...v3.3.3

v3.3.2

What's Changed

🎉 New Features

• Added ActionWaitDialog type in headless protocol to simplify XSS detection by @dwisiswant0 in #5545

See docs for more details.

🔨 Maintenance

• Migrated issue template to issue form by @dwisiswant0 in #5538
• Upgraded gitlab api version by @AdallomRoy in #5551

⚠️ Security

• Fixed security issue in template signer package by @GuyGoldenberg @dogancanbakir @Mzack9999 in 0da993a

See GitHub security advisories for detailed information.

Other Changes

• Added jira config to accept issue-type id and project id as optional input by @Ice3man543 in #5537
• Fixed issue with -ms option to scan non accessible host by @dogancanbakir in #5576
• Fixed race condition issue by @dogancanbakir in #5547
• Fixed panic in list input with dast option by @dwisiswant0 in #5558

New Contributors

• @AdallomRoy made their first contribution in #5551
• @PeterDaveHello made their first contribution in #5578
• @linchizhen made their first contribution in #5586

Full Changelog: v3.3.1...v3.3.2

v3.3.1

What's Changed

🎉 New Features

• Added team-id option to upload results to specific team workspace by @RamanaReddy0M in #5523

Option:

   -tid, -team-id string  upload scan results to given team id (optional) (default "none")

Example:

nuclei -pt dns -u example.com -cloud-upload -team-id cqlmoalcm2sc73eut1b0

• Added redaction support in output file by @dogancanbakir in #5463

Option:

   -rd, -redact string[]  redact given list of keys from query parameter, request header and body

Example:

nuclei -pt dns -u example.com -redact api_key,x-api-key,user-agent

• Added support for multiple auth strategies per target from secret file by @RamanaReddy0M in #5500
• Added support to generate matcher-status event for javascript protocol by @tarunKoyalwar in #5450
• Added workflows in SDK example by @alban-stourbe-wmx in #5409
• Added skip-secret-file template attribute to disable auth per template by @dwisiswant0 in #5522

🐞 Bug Fixes

• Fixed FileAuthProvider stores the same strategy for each entry by @mrschyte in #5474
• Fixed circular references in OpenAPI parsing(fuzzing) by @trypa11 in #5491
• Fixed file protocol missing vars in flow & multi-protocol by @tarunKoyalwar in #5480
• Fixed issue assign customHeaders to the map directly by @dwisiswant0 in #5445
• Fixed issue with input transformation to multi-protocol templates by @mhmdiaa in #5426
• Fixed missing close statements file.Close() & ticker.Stop() by @ShuBo6 in #5436
• Fixed nil panic by @tarunKoyalwar in #5473
• Fixed server URL path for OpenAPI parsing by @trypa11 in #5504
• Fixed unresolved interactsh-url variable with fuzzing by @RamanaReddy0M in #5289
• Fixed unresolved variables error with dast templates by @RamanaReddy0M in #5443

🔨 Maintenance

• ci: don't clean modules cache by @dwisiswant0 in #5519
• ci: use composite actions by @dwisiswant0 in #5483

Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/61?closed=1

New Contributors

• @fudancoder made their first contribution in #5432
• @ShuBo6 made their first contribution in #5436
• @Jarnpher553 made their first contribution in #5419
• @mhmdiaa made their first contribution in #5426
• @alban-stourbe-wmx made their first contribution in #5409
• @mrschyte made their first contribution in #5474
• @trypa11 made their first contribution in #5504

Full Changelog: v3.3.0...v3.3.1

v3.3.0

What's Changed

🐞 Bug Fixes

• Fixed security issue with use of custom workflows by @Mzack9999 in #5318
• Fixed issue to reduce memory usage by javascript templates by @Mzack9999 in #5291
• Fixed target loading issue with -input-mode option by @RamanaReddy0M in #5369
• Fixed issue with stop-at-first-match option in headless mode with fuzzing by @RamanaReddy0M in #5330
• Fixed issue with ldap search function by @tarunKoyalwar in #5356
• Fixed issue with ExecuteWithResults function not returning expected results (SDK) by @boy-hack in #5376

Other Changes

• Added cname information in http protocol when available by @tarunKoyalwar in #5389
• Added goja function (isUDPPortOpen) to check UDP port by @RamanaReddy0M in #5397
• Added sdk option to disable update check (SDK) by @dogancanbakir in #5346
• Added support to use fs.FS when explicitly given (SDK) by @doug-threatmate in #5312
• Added timeouts config in types.Options (SDK) by @dogancanbakir in #5228
• Improved ldap output with custom type to return additional information by @tarunKoyalwar in #5387
• Improved template clustering performance by @KristinnVikar in #5319

Caution

In this release, with the changes in #5228, the following options have been removed from the CLI. They are now configured implicitly and can be customized via SDK usage.

 -dt, -dialer-timeout value  timeout for network requests.
 -rrt, -response-read-timeout value  response read timeout in seconds (default 5s)

New Contributors

• @KristinnVikar made their first contribution in #5319
• @boy-hack made their first contribution in #5376

Full Changelog: v3.2.9...v3.3.0

v3.2.9

What's Changed

🎉 New Features

• Fuzzing feature enhancements by @Ice3man543 in #5139
  • Added part: request to fuzz all the keys in request with fuzzing templates.
  • Added -fuzz-aggression CLI option to control fuzz aggression via template.
  • Added -fuzz-param-frequency option to control counter for skipping uninteresting parameter.
  • Added -display-fuzz-points option to display fuzzing points (for debugging).
• PDCP Team ID input support via environment variable to upload results into team account by @tarunKoyalwar in #5295

export PDCP_TEAM_ID=cphlrbmnr2khg33n6ik1

Note

Team ID is optional input and can be obtained from https://cloud.projectdiscovery.io/settings/team. If provided, results will be uploaded to the team account instead of your personal account.

🐞 Bug Fixes

• Fixed slow scan for hosts blocked WAF or getting timed out by @Mzack9999 in #5275
• Fixed issues with multi-thread execution by @Mzack9999 in #5187
• Fixed panic on failed raw request by @tarunKoyalwar in #5230
• Fixed ExecuteCallbackWithCtx to use the context that was provided by @doug-threatmate in #5236
• Fixed nil deref err in reporting by @dogancanbakir in #5283
• Fixed types.RequestResponse url field UnmarshalJSON by @LazyMaple in #5267
• Fixed tempalte validation by @RamanaReddy0M in #5261
• Fixed severity filter for per tracker reporting filters by @Ice3man543 in #5297

Other Changes

• Added Spanish translation of README by @MachadoOtto in #5242
• Added Japanese translation of README by @eltociear in #5259
• Added timestamp in error log (-elog) with -ts option by @oscarintherocks in #5292

New Contributors

• @doug-threatmate made their first contribution in #5236
• @MachadoOtto made their first contribution in #5242
• @eltociear made their first contribution in #5259
• @oscarintherocks made their first contribution in #5292
• @LazyMaple made their first contribution in #5267

Full Changelog: v3.2.8...v3.2.9

v3.2.8

What's Changed

🐞 Bug Fixes

• Fixed multiple bug fixes + performance improvements by @tarunKoyalwar in #5148
• Fixed more goroutine leaks by @Ice3man543 in #5188
• Fixed issue network interface selection in case of multiple interface by @Mzack9999 in #5186
• Fixed issue with ssl protocol in case of multi request by @Mzack9999 in #5203

Issues closed in release - https://github.com/projectdiscovery/nuclei/milestone/58?closed=1

Full Changelog: v3.2.7...v3.2.8

v3.2.7

What's Changed

🎉 New Features

• Added support for multiple search query in templates to run with -uncover option by @RamanaReddy0M in #5132
• Added -scan-name input support for pdcp result upload by @tarunKoyalwar in #5155

   -sname, -scan-name string  scan name to set (optional)

🐞 Bug Fixes

• Fixed race condition (panic) in host spray mode by @Mzack9999 in #5168
• Fixed a bug for multiple input with -u option by @dogancanbakir in #5147
• Fixed a bug in issue reporting with severity filter by @Ice3man543 in #5166
• Fixed a bug in pdcp result upload for results with no severity by @tarunKoyalwar in #5155

Other Changes

• Added context support in sdk by @tarunKoyalwar in #5154

Full Changelog: v3.2.6...v3.2.7

v3.2.6

What's Changed

• Fixed goroutine leaks causing spike in memory uses by @tarunKoyalwar in #5112
• Added -profile and -profile-list option to run template using template profile by @RamanaReddy0M in #5125

$ ./nuclei -tpl

profiles/aws-cloud-config.yml (aws-cloud-config)
profiles/bugbounty.yml (bugbounty)
profiles/cloud.yml (cloud)
profiles/compliance.yml (compliance)
profiles/osint.yml (osint)
profiles/pentest.yml (pentest)
profiles/privilege-escalation.yml (privilege-escalation)
profiles/recommended.yml (recommended)

$ ./nuclei -profile aws-cloud-config

• Added template tags list (-tgl) option by @rsrdesarrollo in #4798

$ ./nuclei -silent -tgl | head -n 10

cve (2416)
panel (1122)
wordpress (956)
exposure (895)
xss (890)
wp-plugin (836)
osint (804)
tech (673)
lfi (646)
misconfig (598)

• Added fuzzing output enhancements by @Ice3man543 in #5126

New Contributors

• @socialsister made their first contribution in #5110
• @rsrdesarrollo made their first contribution in #4798

Full Changelog: v3.2.5...v3.2.6

v3.2.5

What's Changed

🎉 New Features

• Added query variable to read param values by @dogancanbakir in #4894
• Added SRV query in dns protocol by @Mzack9999 in #5034
• Added response read timeout flag for network request by @dogancanbakir in #4944
• Added networkpolicy to httpx probes by @Mzack9999 in #5036
• Added context vars in code and multi protocol by @tovask in #5051
• Added nuclei stats / chart utils by @tarunKoyalwar in #5032
• Added support for context cancellation to engine (SDK) by @Ice3man543 in #5096
• Added support for user provided catalog (SDK) by @scottdharvey in #5060
• Added embedded api for settings control in CLI modality (WIP) by @Mzack9999 in #5030
• Added initial refactor for speed control (WIP) by @Mzack9999 in #4986

🐞 Bug Fixes

• Fixed internal resolver override by @Mzack9999 in #5035
• Fixed issue to run workflow subtemplates with new scancontext by @tovask in #5031
• Fixed issue with max-size input in template by @dogancanbakir in #5100
• Fixed issue with skip-variables-check with self-contained templates by @RamanaReddy0M in #5053
• Fixed issue with close res body in elastic export by @testwill in #5025
• Fixed issue with jsonl input format not working with fuzzing by @Ice3man543 in #5063
• Fixed issue with mhe check in http payloads by @tarunKoyalwar in #5099
• Fixed openapi import nil panic by @dogancanbakir in #5080
• Fixed panic in template validation by @RamanaReddy0M in #5065
• Fixed panic using flow / workflow templates by @RamanaReddy0M in #5064
• Fixed panic with fuzz template by @RamanaReddy0M in #5068
• Fixed issue with case-sensitive links in template reference by @RamanaReddy0M in #5098

Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/55?closed=1

New Contributors

• @tovask made their first contribution in #5031
• @testwill made their first contribution in #5025
• @lvyaoting made their first contribution in #5008
• @zrquan made their first contribution in #5038
• @scottdharvey made their first contribution in #5060

Full Changelog: v3.2.4...v3.2.5