Releases: projectdiscovery/nuclei
Releases · projectdiscovery/nuclei
v2.7.1
What's Changed
- Added support for tls SNI input in http protocol using cli flag
-sni
by @Mzack9999 in #1964
-sni string tls sni hostname to use (default: input domain name)
- Added support for tls SNI input in http protocol in templates by @Mzack9999 in #1970
requests:
- raw:
- |
@tls-sni:localhost
GET / HTTP/1.1
Host: {{interactsh-url}}
Origin: {{BaseURL}}
- Added urldns gadget from ysoserial by @Ice3man543 in #1985
- Added mutex to output writing by @Ice3man543 in #1969
- Fixed bug to include custom templates from same directory for
-autoscan
by @Ice3man543 in #1968 - Fixed bug in query parameter input by @Ice3man543 in #1975
- Fixed bug with concurrent read/write map by @Mzack9999 in #1989
- Fixed bug for sequential iteration when using payloads by @Mzack9999 in #1981
Issues closed in this release: https://github.com/projectdiscovery/nuclei/milestone/12?closed=1
New Contributors
- @owenrumney made their first contribution in #1930
Full Changelog: v2.7.0...v2.7.1
v2.7.0
What's Changed
- Fixed bug with POST body dump #1929 by @parrasajad in #1938
- Fixed bug with using http pipeline template http by @parrasajad in #1934
- Fixed nuclei go example + added relevant integration test by @Ice3man543 in #1902
- Fixed static compilation in Makefile for MacOS by @Mzack9999 in #1908
- Fixed multiple tests on windows by @Mzack9999 in #1951
- Added optional CLI flag to disable global redirects in http templates by @LuitelSamikshya in #1901
-dr, -disable-redirects disable following redirects for http templates
- Added automatic fallback to system chrome on docker alpine via musl detection by @Mzack9999 in #1903
Full Changelog: v2.6.9...v2.7.0
v2.6.9
What's Changed
- Added template variable support by @Ice3man543 in #1785
variables:
a1: "{{to_lower(rand_base(5))}}"
requests:
- method: GET
path:
- "{{BaseURL}}/?test={{a1}}"
matchers:
- type: word
words:
- "{{a1}}"
- Added support for dsl as a new extractor type by @Mzack9999 in #1873
extractors:
- type: dsl
dsl:
- "len(body)"
- Added requests annotation support for RAW HTTP Templates by @Mzack9999 in #1805
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
@Host: https://login.microsoftonline.com:443
GET /{{Host}}/v2.0/.well-known/openid-configuration HTTP/1.1
Host: login.microsoftonline.com
- Fixed internal bug in interactsh integration with unsafe HTTP template by @Mzack9999 in #1875
- Fixed bug to support custom template directory input for
automatic-scan
by @LuitelSamikshya in #1870
Full Changelog: v2.6.8...v2.6.9
v2.6.8
What's Changed
- Fixed nil crash with
-stats
flag by @Mzack9999 in #1853 - Added support for digest authentication by @Mzack9999 in #1811
- Added support for auto clean up of old resume files by @LuitelSamikshya in #1821
Full Changelog: v2.6.7...v2.6.8
v2.6.7
What's Changed
- Fixed nuclei scan freeze bug while running external templates in unexpected format by @Mzack9999 in #1839
Full Changelog: v2.6.6...v2.6.7
v2.6.6
What's Changed
- Added support to store all responses to disk by @LuitelSamikshya in #1727
-sresp, -store-resp store all request/response passed through nuclei to output directory
-srd, -store-resp-dir string store all request/response passed through nuclei to custom directory (default "output")
- Added support to match specific
interactsh-url
payload in case of multiple placeholders #1698 by @parrasajad in #1760 - Added version comparison helpers (
compare_versions
) by @Ice3man543 in #1783
- type: dsl
dsl:
- compare_versions(version, '< 5.5.7')
- Added random IP generator helpers (
rand_ip
) by @skhalsa-sigsci in #1744
headers:
X-Forwarded-For: '{{rand_ip("192.168.0.0/24")}}'
- Added file input support for custom header/cookie by @Mzack9999 in #1756
nuclei -H cookies.txt
- Added custom technology to tags mapping file support with
-automatic-scan
by @Ice3man543 in #1796 - Fixed bug to skip unused payloads by @Mzack9999 in #1790
- Fixed bug using payloads in matchers with helpers by @Ice3man543 in #1780
- Fixed special chars in markdown file paths by @Mzack9999 in #1758
Issues closed in release: https://github.com/projectdiscovery/nuclei/milestone/11?closed=1
New Contributors
- @skhalsa-sigsci made their first contribution in #1744
Full Changelog: v2.6.5...v2.6.6
Bugfix release
v2.6.4
What's Changed
- Added initial implementation of atomatic HTTP scan using wappalyzergo with tags by @Ice3man543 in #1517
-as, -automatic-scan automatic web scan using wappalyzer technology detection to tags mapping
- Added option to enable global redirect in HTTP protocol by @Ice3man543 in #1716
-fr, -follow-redirects enable following redirects for http templates
-mr, -max-redirects int max number of redirects to follow for http templates (default 10)
- Added custom ciphersuits input + match support for SSL protocol by @Ice3man543 in #1685
ssl:
- address: "{{Host}}:{{Port}}"
cipher_suites:
- TLS_AES_128_GCM_SHA256
matchers:
- type: word
part: response
words:
- "TLS_AES_128_GCM_SHA256"
- Added proxy support to unsafe templates in HTTP protocol by @akkuman in #1701
- Added number + string conversion helpers by @Mzack9999 in #1704
- Added time + date + zlib helpers by @Ice3man543 in #1721
- Added pprof-server support for debugging by @Ice3man543 in #1673
- Fixed a bug with template update fail by @Mzack9999 in #1725
- Fixed a bug with custom templates directory use by @parrasajad in #1667
- Fixed a bug in labels when creating jira issue by @vavkamil in #1690
- Updated file protocol to handle large files in chunks by @Mzack9999 in #1634
Issues closed in release: https://github.com/projectdiscovery/nuclei/milestone/10?closed=1
New Contributors
Full Changelog: v2.6.3...v2.6.4
v2.6.3
What's Changed
- Added random resume file generation with
resume
flag by @Ice3man543 in #1639 - Added
read-all
attribute to http unsafe request by @Ice3man543 in #1644 - Added interaction event highlighting support in debug mode by @Ice3man543 in #1646
- Added custom type in metadata attribute by @zt2 in #1649
- Added
unknown
as a new severity option by @Ice3man543 in #1659 - Added
user-agent
customization in headless template by @parrasajad in #1638 - Added duplicate template ID check with
validate
flag by @Ice3man543 in #1654 - Fixed network response error + timeout handling by @Ice3man543 in #1663
Issues closed in release: https://github.com/projectdiscovery/nuclei/milestone/9?closed=1
New Contributors
Full Changelog: v2.6.2...v2.6.3
v2.6.2
What's Changed
- Input / path normalization bugfix by @Ice3man543 in #1635
Full Changelog: v2.6.1...v2.6.2