Releases: projectdiscovery/nuclei
Releases · projectdiscovery/nuclei
v2.6.1
What's Changed
- Fixed bug for blank
.new-additions
file creation by @parrasajad in #1624 - Added comma-separated, or file input support for most input CLI flags by @Mzack9999 in #1569
- Added Sonar workflow by @ehsandeep in #1591
- Added support to print all matched line in file protocol by @Ice3man543 in #1495
- Added support for stats in file protocol by @Ice3man543 in #1495
- Updated default size limit for input processing in file protocol by @ehsandeep in #1577
New Contributors
- @tanimdiucse123 made their first contribution in #1606
Full Changelog: v2.6.0...v2.6.1
v2.6.0
What's Changed
- Added optional zcrypto/tls (
ztls
) support to ssl protocol by @Mzack9999 in #1529 - Added env/cli variable support to headless protocol by @Mzack9999 in #1555
- Added payloads support in headless protocol by @Mzack9999 in #1574
- Added support to run remote hosted templates by @parrasajad in #1472
- Added
CAA
DNS query support in dns protocol by @Mzack9999 in #1564 - Added
debug-req
/debug-resp
filter support for interactsh by @Ice3man543 in #1491 - Added incremental expression replacement in helper functions by @Mzack9999 in #1561
- Fixed internal standard library logger by @Mzack9999 in #1562
- Fixed interact matcher and markers by @Mzack9999 in #1560
- Fixed
stop-at-first-match
bug with extractors by @Mzack9999 in #1559 - Fixed DSL expression by @Mzack9999 in #1516
Issues closed in this release: https://github.com/projectdiscovery/nuclei/milestone/8?closed=1
New Contributors
- @cn-kali-team made their first contribution in #1570
Full Changelog: v2.5.9...v2.6.0
v2.5.9
What's Changed
- Added new global variables for HTTP template by @Mzack9999 in #1490
- Added concat helper function by @forgedhallpass in #1503
- Added
debug
verb support in http base request @Mzack9999 in #1484 - Fixed loading non YAML files with
nt
flag by @Mzack9999 in #1488 - Fixed validation logic to validate workflow by @parrasajad in #1489
- Fixed bug with PTR query in DNS template by @Mzack9999 in #1511
- Fixed race requests block on curl generation command by @Mzack9999 in #1500
- Fixed stats calculation for payloads in http base request by @Ice3man543 in #1494
- Fixed printing bug with blank severity by @Ice3man543 in #1492
- Fixed a bug to strip default http/https ports from host header by @Ice3man543 in #1506
Issues closed in this release: https://github.com/projectdiscovery/nuclei/milestone/7?closed=1
Full Changelog: v2.5.8...v2.5.9
v2.5.8
What's Changed
- Added template ID based template execution / exclusion (
id/eid
) by @Mzack9999 in #1448 - Added interactsh server pool support with interactsh by @Ice3man543 in #1468
- Added ldap search query interaction support with interactsh by @maikthulhu in #1383
- Added support for making AWS signed request using self-contained HTTP template by @Mzack9999 in #1247
- Added
stop-at-first-match
for interactsh matchers by @parrasajad in #1417 - Added additional interactsh variables support by @Ice3man543 in #1468
- Added pause/resume support (
resume
) by @Mzack9999 in #1308 - Added support for navigation history to matchers in headless protocol by @Mzack9999 in #1432
- Added support for
.nuclei-ignore
file path override if custom config file is used by @Mzack9999 in #1441 - Fixed bug in
project
flag for HTTP protocol by @Mzack9999 in #1416 - Fixed bug to follow 307/308 redirects by @Mzack9999 in #1446
- Fixed URL printing issue by @Mzack9999 in #1445
- Fixed CVE annotation crash by @Mzack9999 in #1407
- Updated expression regex with lexical analyzer by @Mzack9999 in #1440
Issues closed in this release: https://github.com/projectdiscovery/nuclei/milestone/6?closed=1
New Contributors
- @maikthulhu made their first contribution in #1383
Full Changelog: v2.5.7...v2.5.8
v2.5.7
v2.5.6
What's Changed
- Added whois protocol support using rdap library by @parrasajad in #1354
- Added directory/file exclusion support in file protocol by @Mzack9999 in #1260
- Added
repeat
helper function and fixed couple of bugs in the DSL functions by @forgedhallpass in #1372 - Added support to expose interaction ip information to matchers/extractors by @ehsandeep in #1395
- Added multi-os support for build/functional/integration tests @LuitelSamikshya in #1347
- Fixed bug to include interaction data in results by @Ice3man543 in #1370
- Fixed multiple bugs in update template logic #1194, #1195, #1196 by @Ice3man543 in #1212
Full Changelog: v2.5.5...v2.5.6
Interactsh bugfix release
What's Changed
- Updated default interactsh to
https://interact.sh
by @ehsandeep in #1368 - Updated
goreleaser.yml
to trim path information #1353 by @Mzack9999 - Added GH Action to test for the race condition #1342 by @Mzack9999
- Fixed Docker GH Action to push the latest release dockerhub #1350 by @Mzack9999
- Fixed bug with creating/reading
.nuclei-ignore
file #1366
Full Changelog: v2.5.4...v2.5.5
v2.5.4
What's Changed
- Added Websocket and SSL protocol support by @Ice3man543 in #1066
- Added high level nuclei architecture overview by @Ice3man543 in #1177
- Added Remote template/workflow list input support by @EndPositive in #1123
- Added automatic request iteration on extractor values in http template by @Ice3man543 in #1288
- Added DNS Trace support in dns templates by @Mzack9999 in #1236
- Added new global variable support for DNS templates by @Ice3man543 in #1185
- Added new global variables support for Network templates by @Ice3man543 in #1282
- Added optional matcher status (
matcher-status/ms
) flag by @Ice3man543 in #1272 - Added
case-insensitive
attribute to word matcher by @zerodivisi0n in #1130 - Added
stop-at-first-match
support for DNS templates by @parrasajad in #1307 - Added unique interactsh placeholder support in templates by @parrasajad in #1219
- Added support for client certificate authentication by @kchason in #1171
- Added global/payloads/helper functions variable matching support in word/dsl matchers by @parrasajad in #1290
- Added new filters (
pt/ept
) to run templates based on protocol type by @Ice3man543 in #1186 - Added support log errors (
elog/error-log
) in file by @zerodivisi0n in #1204 - Added http/socks proxy support to headless browser by @Mzack9999 in #1155
- Added support to read complete tcp data stream by @Mzack9999 in #1111
- Added validation to
template-id
to keep it unique and uniform by @zerodivisi0n in #1151 - Added default fields for DNS templates by @Ice3man543 in #1284
- Added support for custom headers for unsafe templates by @Mzack9999 in #1230
- Added request clustering support within workflow by @Mzack9999 in #1255
- Added multiple new fields in JSON output by @Ice3man543 in #1272
- Added hexadecimal view in
debug
mode for binary response #1080 by @forgedhallpass in #1203 - Added validation for http/socks5 proxy #1001 by @LuitelSamikshya in #1225
- Added validation for binary matchers in template by @Ice3man543 in #1213
- Added new headless test cases by @Mzack9999 in #1313
- Fixed bug with matchers to match on all redirect responses instead of final one by @Ice3man543 in #1232
- Fixed bug with github client and paths with no slash by @Ice3man543 in #1183
- Fixed panic crash with curl command if request is not nil by @Ice3man543 in #1184
- Fixed bug with path input in unsafe template by @Ice3man543 in #1182
- Fixed http test using local http mock server by @Mzack9999 in #1241
- Fixed crash with uninitialized interactsh client by @Ice3man543 in #1251
- Fixed bug casuing no ip returned in JSON response by @Ice3man543 in #1273
- Fixed bug causing spawned nuclei child process hangs with stdin by @Ice3man543 in #1306
- Fixed crash in http module by @Ice3man543 in #1285
- Fixed stdin input parsing bug causing nuclei to hang by @Ice3man543 in #1286
- Fixed
cookie-reuse
behavior in headless engine by @Mzack9999 in #1157 - Updated
validate
flag validation by @LuitelSamikshya in #1315 - Updated
README_CN.md
by @Xc1Ym in #1317 - Disabled
no-sandbox
mode as root (linux) in headless engine by @Mzack9999 in #1135
New CLI Flags:
-tu, -template-url string[] URL containing list of templates to run
-wu, -workflow-url string[] URL containing list of workflows to run
-pt, -type value[] protocol types to be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket
-ept, -exclude-type value[] protocol types to not be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket
-ms, -matcher-status show optional match failure status
-elog, -error-log string file to write sent requests error log
-cc, -client-cert string client certificate file (PEM-encoded) used for authenticating against scanned hosts
-ck, -client-key string client key file (PEM-encoded) used for authenticating against scanned hosts
-ca, -client-ca string client certificate authority file (PEM-encoded) used for authenticating against scanned hosts
New JSON fields:
"template": "misconfiguration/http-missing-security-headers.yaml"
"template-url": "https://github.com/projectdiscovery/nuclei-templates/blob/master/misconfiguration/http-missing-security-headers.yaml"
"matcher-status": true
New Global Variables:
For DNS Protocol
{{RDN}}
{{DN}}
{{TLD}}
{{SD}}
For Netowork Protocol
{{Host}}
{{Port}}
Closed GH Issues in v2.5.4 release
https://github.com/projectdiscovery/nuclei/milestone/4?closed=1
New Contributors
- @kchason made their first contribution in #1171
- @EndPositive made their first contribution in #1123
- @LuitelSamikshya made their first contribution in #1169
Full Changelog: v2.5.3...v2.5.4
v2.5.3
⚠️ BREAKING CHANGES
JSON fields are updated, which may cause some automation flows to fail.
Old JSON field | Updated JSON field |
---|---|
templateID | template-id |
matcher_name | matcher-name |
extractor_name | extractor-name |
matched | matched-at |
extracted_results | extracted-results |
What's Changed
- Added self-contained template support for HTTP/Network template by @Ice3man543 in #1121
- Added support to discard requests with unresolved variables by @Ice3man543 in #1089
- Added filters to exclude templates based on severity (
-es
) by @zerodivisi0n in #1099 - Added multiple short flags by @ehsandeep in 8e8249e
- Added payload, global variable, helper functions support in matchers by @parrasajad in #1046
- Added support for custom resolvers in DNS templates by @Mzack9999 in #1079
- Added
batteringram
payload + set as default by @Ice3man543 in #1105 - Added wordlist input support using CLI variables by @Mzack9999 in #1091
- Added support for CLI/ENV variables in network template by @Mzack9999 in #1138
- Added semantic versioning in docker tags by @ehsandeep in #1054
- Added severity as label to GitHub/GitLab/Jira reporting module by @revblock in #1036
- Added headless support on alpine + Use of installed browser by @Mzack9999 in #1059
- Added
waitvisible
method from the rod library by @pmareke in #1101 - Added coloring to matchers with
debug
flag #999 by @forgedhallpass in #1064 - Added missing examples in headless engine protocol actions by @pmareke in #1108
- Added curl command for http request in reporting module by @Ice3man543 in #1107
- Added support to preserve input order by @Mzack9999 in #1062
- Added unixtime functionality with seconds offset by @voidz0r in #1132
- Added support for interactsh placeholder in http payloads by @Mzack9999 in #1146
- Fixed bug to disable adding automatic host header in unsafe requests by @sullo in #1069
- Fixed GBK detection by @Mzack9999 in #1117
- Fixed a parsing bug in offlinehttp (
-passive
) by by @nothinux in #1074 - Fixed a bug to support http proxy in headless browser by @Mzack9999 in #1144
- Fixed a bug to add validation for github and gitblab options in report config by @pmareke in #1127
- Fixed bug to support extended dns edge cases by @Mzack9999 in #1058
- Fixed bug to process
\r\n
in unsafe requests by @Mzack9999 in #1060 - Updated Github Issue templates + Added Pull request template by @ehsandeep in #1153
- Updated default interactsh server by @ehsandeep in #1070
- Updated JSON fields to maintain uniform format @ehsandeep in #1148
New Contributors
- @revblock made their first contribution in #1036
- @sullo made their first contribution in #1069
- @nothinux made their first contribution in #1074
- @zerodivisi0n made their first contribution in #1099
- @pmareke made their first contribution in #1101
- @voidz0r made their first contribution in #1132
Full Changelog: v2.5.2...v2.5.3
v2.5.2
Changelog
- Fixed a crash with HTTP connection #998
- Fixed a crash with interactsh client #1023
- Fixed a crash with elasticsearch export 712e3ae
- Fixed a crash with headless engine #1037
- Fixed Github rate-limit issue with self-hosted version check API #895
- Updated go-rod (security update) #1037 reported by @c3l3si4n
- Updated
additional-fields
attribute tometadata
bfb0a99