v2.6.1

What's Changed

• Fixed bug for blank .new-additions file creation by @parrasajad in #1624
• Added comma-separated, or file input support for most input CLI flags by @Mzack9999 in #1569
• Added Sonar workflow by @ehsandeep in #1591
• Added support to print all matched line in file protocol by @Ice3man543 in #1495
• Added support for stats in file protocol by @Ice3man543 in #1495
• Updated default size limit for input processing in file protocol by @ehsandeep in #1577

New Contributors

• @tanimdiucse123 made their first contribution in #1606

Full Changelog: v2.6.0...v2.6.1

v2.6.0

What's Changed

• Added optional zcrypto/tls (ztls) support to ssl protocol by @Mzack9999 in #1529
• Added env/cli variable support to headless protocol by @Mzack9999 in #1555
• Added payloads support in headless protocol by @Mzack9999 in #1574
• Added support to run remote hosted templates by @parrasajad in #1472
• Added CAA DNS query support in dns protocol by @Mzack9999 in #1564
• Added debug-req/debug-resp filter support for interactsh by @Ice3man543 in #1491
• Added incremental expression replacement in helper functions by @Mzack9999 in #1561
• Fixed internal standard library logger by @Mzack9999 in #1562
• Fixed interact matcher and markers by @Mzack9999 in #1560
• Fixed stop-at-first-match bug with extractors by @Mzack9999 in #1559
• Fixed DSL expression by @Mzack9999 in #1516

Issues closed in this release: https://github.com/projectdiscovery/nuclei/milestone/8?closed=1

New Contributors

• @cn-kali-team made their first contribution in #1570

Full Changelog: v2.5.9...v2.6.0

v2.5.9

What's Changed

• Added new global variables for HTTP template by @Mzack9999 in #1490
• Added concat helper function by @forgedhallpass in #1503
• Added debug verb support in http base request @Mzack9999 in #1484
• Fixed loading non YAML files with nt flag by @Mzack9999 in #1488
• Fixed validation logic to validate workflow by @parrasajad in #1489
• Fixed bug with PTR query in DNS template by @Mzack9999 in #1511
• Fixed race requests block on curl generation command by @Mzack9999 in #1500
• Fixed stats calculation for payloads in http base request by @Ice3man543 in #1494
• Fixed printing bug with blank severity by @Ice3man543 in #1492
• Fixed a bug to strip default http/https ports from host header by @Ice3man543 in #1506

Issues closed in this release: https://github.com/projectdiscovery/nuclei/milestone/7?closed=1

Full Changelog: v2.5.8...v2.5.9

v2.5.8

What's Changed

• Added template ID based template execution / exclusion (id/eid) by @Mzack9999 in #1448
• Added interactsh server pool support with interactsh by @Ice3man543 in #1468
• Added ldap search query interaction support with interactsh by @maikthulhu in #1383
• Added support for making AWS signed request using self-contained HTTP template by @Mzack9999 in #1247
• Added stop-at-first-match for interactsh matchers by @parrasajad in #1417
• Added additional interactsh variables support by @Ice3man543 in #1468
• Added pause/resume support (resume) by @Mzack9999 in #1308
• Added support for navigation history to matchers in headless protocol by @Mzack9999 in #1432
• Added support for .nuclei-ignore file path override if custom config file is used by @Mzack9999 in #1441
• Fixed bug in project flag for HTTP protocol by @Mzack9999 in #1416
• Fixed bug to follow 307/308 redirects by @Mzack9999 in #1446
• Fixed URL printing issue by @Mzack9999 in #1445
• Fixed CVE annotation crash by @Mzack9999 in #1407
• Updated expression regex with lexical analyzer by @Mzack9999 in #1440

Issues closed in this release: https://github.com/projectdiscovery/nuclei/milestone/6?closed=1

New Contributors

• @maikthulhu made their first contribution in #1383

Full Changelog: v2.5.7...v2.5.8

v2.5.7

What's Changed

• Go mod fix by @parrasajad in #1400

Full Changelog: v2.5.6...v2.5.7

v2.5.6

What's Changed

• Added whois protocol support using rdap library by @parrasajad in #1354
• Added directory/file exclusion support in file protocol by @Mzack9999 in #1260
• Added repeat helper function and fixed couple of bugs in the DSL functions by @forgedhallpass in #1372
• Added support to expose interaction ip information to matchers/extractors by @ehsandeep in #1395
• Added multi-os support for build/functional/integration tests @LuitelSamikshya in #1347
• Fixed bug to include interaction data in results by @Ice3man543 in #1370
• Fixed multiple bugs in update template logic #1194, #1195, #1196 by @Ice3man543 in #1212

Full Changelog: v2.5.5...v2.5.6

Interactsh bugfix release

What's Changed

• Updated default interactsh to https://interact.sh by @ehsandeep in #1368
• Updated goreleaser.yml to trim path information #1353 by @Mzack9999
• Added GH Action to test for the race condition #1342 by @Mzack9999
• Fixed Docker GH Action to push the latest release dockerhub #1350 by @Mzack9999
• Fixed bug with creating/reading .nuclei-ignore file #1366

Full Changelog: v2.5.4...v2.5.5

v2.5.4

What's Changed

• Added Websocket and SSL protocol support by @Ice3man543 in #1066
• Added high level nuclei architecture overview by @Ice3man543 in #1177
• Added Remote template/workflow list input support by @EndPositive in #1123
• Added automatic request iteration on extractor values in http template by @Ice3man543 in #1288
• Added DNS Trace support in dns templates by @Mzack9999 in #1236
• Added new global variable support for DNS templates by @Ice3man543 in #1185
• Added new global variables support for Network templates by @Ice3man543 in #1282
• Added optional matcher status (matcher-status/ms) flag by @Ice3man543 in #1272
• Added case-insensitive attribute to word matcher by @zerodivisi0n in #1130
• Added stop-at-first-match support for DNS templates by @parrasajad in #1307
• Added unique interactsh placeholder support in templates by @parrasajad in #1219
• Added support for client certificate authentication by @kchason in #1171
• Added global/payloads/helper functions variable matching support in word/dsl matchers by @parrasajad in #1290
• Added new filters (pt/ept) to run templates based on protocol type by @Ice3man543 in #1186
• Added support log errors (elog/error-log) in file by @zerodivisi0n in #1204
• Added http/socks proxy support to headless browser by @Mzack9999 in #1155
• Added support to read complete tcp data stream by @Mzack9999 in #1111
• Added validation to template-id to keep it unique and uniform by @zerodivisi0n in #1151
• Added default fields for DNS templates by @Ice3man543 in #1284
• Added support for custom headers for unsafe templates by @Mzack9999 in #1230
• Added request clustering support within workflow by @Mzack9999 in #1255
• Added multiple new fields in JSON output by @Ice3man543 in #1272
• Added hexadecimal view in debug mode for binary response #1080 by @forgedhallpass in #1203
• Added validation for http/socks5 proxy #1001 by @LuitelSamikshya in #1225
• Added validation for binary matchers in template by @Ice3man543 in #1213
• Added new headless test cases by @Mzack9999 in #1313
• Fixed bug with matchers to match on all redirect responses instead of final one by @Ice3man543 in #1232
• Fixed bug with github client and paths with no slash by @Ice3man543 in #1183
• Fixed panic crash with curl command if request is not nil by @Ice3man543 in #1184
• Fixed bug with path input in unsafe template by @Ice3man543 in #1182
• Fixed http test using local http mock server by @Mzack9999 in #1241
• Fixed crash with uninitialized interactsh client by @Ice3man543 in #1251
• Fixed bug casuing no ip returned in JSON response by @Ice3man543 in #1273
• Fixed bug causing spawned nuclei child process hangs with stdin by @Ice3man543 in #1306
• Fixed crash in http module by @Ice3man543 in #1285
• Fixed stdin input parsing bug causing nuclei to hang by @Ice3man543 in #1286
• Fixed cookie-reuse behavior in headless engine by @Mzack9999 in #1157
• Updated validate flag validation by @LuitelSamikshya in #1315
• Updated README_CN.md by @Xc1Ym in #1317
• Disabled no-sandbox mode as root (linux) in headless engine by @Mzack9999 in #1135

New CLI Flags:

-tu, -template-url string[]  URL containing list of templates to run
-wu, -workflow-url string[]  URL containing list of workflows to run
-pt, -type value[]                protocol types to be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket
-ept, -exclude-type value[]       protocol types to not be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket
-ms, -matcher-status          show optional match failure status
-elog, -error-log string  file to write sent requests error log
-cc, -client-cert string    client certificate file (PEM-encoded) used for authenticating against scanned hosts
-ck, -client-key string     client key file (PEM-encoded) used for authenticating against scanned hosts
-ca, -client-ca string      client certificate authority file (PEM-encoded) used for authenticating against scanned hosts

New JSON fields:

  "template": "misconfiguration/http-missing-security-headers.yaml"
  "template-url": "https://github.com/projectdiscovery/nuclei-templates/blob/master/misconfiguration/http-missing-security-headers.yaml"
  "matcher-status": true

New Global Variables:

For DNS Protocol

{{RDN}}
{{DN}}
{{TLD}}
{{SD}}

For Netowork Protocol

{{Host}}
{{Port}}

Closed GH Issues in v2.5.4 release

https://github.com/projectdiscovery/nuclei/milestone/4?closed=1

New Contributors

• @kchason made their first contribution in #1171
• @EndPositive made their first contribution in #1123
• @LuitelSamikshya made their first contribution in #1169

Full Changelog: v2.5.3...v2.5.4

v2.5.3

⚠️ BREAKING CHANGES

JSON fields are updated, which may cause some automation flows to fail.

Old JSON field	Updated JSON field
templateID	template-id
matcher_name	matcher-name
extractor_name	extractor-name
matched	matched-at
extracted_results	extracted-results

What's Changed

• Added self-contained template support for HTTP/Network template by @Ice3man543 in #1121
• Added support to discard requests with unresolved variables by @Ice3man543 in #1089
• Added filters to exclude templates based on severity (-es) by @zerodivisi0n in #1099
• Added multiple short flags by @ehsandeep in 8e8249e
• Added payload, global variable, helper functions support in matchers by @parrasajad in #1046
• Added support for custom resolvers in DNS templates by @Mzack9999 in #1079
• Added batteringram payload + set as default by @Ice3man543 in #1105
• Added wordlist input support using CLI variables by @Mzack9999 in #1091
• Added support for CLI/ENV variables in network template by @Mzack9999 in #1138
• Added semantic versioning in docker tags by @ehsandeep in #1054
• Added severity as label to GitHub/GitLab/Jira reporting module by @revblock in #1036
• Added headless support on alpine + Use of installed browser by @Mzack9999 in #1059
• Added waitvisible method from the rod library by @pmareke in #1101
• Added coloring to matchers with debug flag #999 by @forgedhallpass in #1064
• Added missing examples in headless engine protocol actions by @pmareke in #1108
• Added curl command for http request in reporting module by @Ice3man543 in #1107
• Added support to preserve input order by @Mzack9999 in #1062
• Added unixtime functionality with seconds offset by @voidz0r in #1132
• Added support for interactsh placeholder in http payloads by @Mzack9999 in #1146
• Fixed bug to disable adding automatic host header in unsafe requests by @sullo in #1069
• Fixed GBK detection by @Mzack9999 in #1117
• Fixed a parsing bug in offlinehttp (-passive) by by @nothinux in #1074
• Fixed a bug to support http proxy in headless browser by @Mzack9999 in #1144
• Fixed a bug to add validation for github and gitblab options in report config by @pmareke in #1127
• Fixed bug to support extended dns edge cases by @Mzack9999 in #1058
• Fixed bug to process \r\n in unsafe requests by @Mzack9999 in #1060
• Updated Github Issue templates + Added Pull request template by @ehsandeep in #1153
• Updated default interactsh server by @ehsandeep in #1070
• Updated JSON fields to maintain uniform format @ehsandeep in #1148

New Contributors

• @revblock made their first contribution in #1036
• @sullo made their first contribution in #1069
• @nothinux made their first contribution in #1074
• @zerodivisi0n made their first contribution in #1099
• @pmareke made their first contribution in #1101
• @voidz0r made their first contribution in #1132

Full Changelog: v2.5.2...v2.5.3

v2.5.2

Changelog

• Fixed a crash with HTTP connection #998
• Fixed a crash with interactsh client #1023
• Fixed a crash with elasticsearch export 712e3ae
• Fixed a crash with headless engine #1037
• Fixed Github rate-limit issue with self-hosted version check API #895
• Updated go-rod (security update) #1037 reported by @c3l3si4n
• Updated additional-fields attribute to metadata bfb0a99