Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nuclei v3.2.0 #4882

Merged
merged 121 commits into from
Mar 13, 2024
Merged

nuclei v3.2.0 #4882

merged 121 commits into from
Mar 13, 2024

Conversation

ehsandeep
Copy link
Member

Proposed changes

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

5amu and others added 30 commits January 16, 2024 10:22
@5amu
switch dependency for kerberos in js module to upstream
77e2430
@5amu
make protocolstate.IsHostAllowed check the domaincontroller, not the …
3b5ce39 
…domain
@5amu
make protocolstate.IsHostAllowed check the domaincontroller, not the …
a167e6c 
…domain
@5amu
implement method to connect to and verify the ldap server (IsLdap -> …
73a73ee 
…Connect)
@5amu
implement a generic search that returns a list of objects given a fil…
fe59057 
…ter and desired attributes
@5amu
implement authentication methods and change underlying connection bec…
bd1238d 
…ause of bugs
@5amu
simplify CollectMetadata and remove session creation at runtime
9821700
@5amu
do not append an empty map when generating output in Search()
cb0d98e
@5amu
define frequently used filters and AD UAC filters
6bf8f87
@5amu
reflect changes for gojs
893129e
@5amu
implement generic method to find AD objects
89d30d9
@5amu
implement enumeration methods + rewrite kerberoastable
9d23f5f
@5amu
move ad filters to adenum.go
95d028c
@5amu
implement method to grab domain SID
c703fff
@5amu
move DecodeSID to utils.go making it a generic function exposed by th…
642c99b 
…e module
@5amu
implement utilities for timestamps
2019dab
@5amu
implement method to close the ldap connection
2f926c4
@tarunKoyalwar
feat: introduce nucleijs utils
2c2cc27
@dependabot
chore(deps): bump github.com/projectdiscovery/utils
b137f32 
Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.0.76 to 0.0.77.
- [Release notes](https://github.com/projectdiscovery/utils/releases)
- [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md)
- [Commits](projectdiscovery/utils@v0.0.76...v0.0.77)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump github.com/projectdiscovery/httpx from 1.3.8 to 1.3.9
42962c8 
Bumps [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) from 1.3.8 to 1.3.9.
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml)
- [Commits](projectdiscovery/httpx@v1.3.8...v1.3.9)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/httpx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Merge pull request #4728 from projectdiscovery/dependabot/go_modules/…
86d3f3b 
…dev/github.com/projectdiscovery/httpx-1.3.9
@dependabot
Merge pull request #4726 from projectdiscovery/dependabot/go_modules/…
481fcd1 
…dev/github.com/projectdiscovery/utils-0.0.77
@dependabot
chore(deps): bump github.com/projectdiscovery/ratelimit
ec6ef26 
Bumps [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) from 0.0.26 to 0.0.27.
- [Release notes](https://github.com/projectdiscovery/ratelimit/releases)
- [Commits](projectdiscovery/ratelimit@v0.0.26...v0.0.27)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/ratelimit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump github.com/projectdiscovery/retryablehttp-go
1d30cbf 
Bumps [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) from 1.0.44 to 1.0.46.
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](projectdiscovery/retryablehttp-go@v1.0.44...v1.0.46)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Merge pull request #4725 from projectdiscovery/dependabot/go_modules/…
390cb43 
…dev/github.com/projectdiscovery/ratelimit-0.0.27
@dependabot
Merge pull request #4729 from projectdiscovery/dependabot/go_modules/…
226dc65 
…dev/github.com/projectdiscovery/retryablehttp-go-1.0.46
@dependabot
chore(deps): bump github.com/projectdiscovery/retryabledns
f5d2890 
Bumps [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) from 1.0.53 to 1.0.54.
- [Release notes](https://github.com/projectdiscovery/retryabledns/releases)
- [Commits](projectdiscovery/retryabledns@v1.0.53...v1.0.54)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryabledns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Merge pull request #4727 from projectdiscovery/dependabot/go_modules/…
7322b0d 
…dev/github.com/projectdiscovery/retryabledns-1.0.54
@tarunKoyalwar
refactor kerberos with nucleijs helper
06d9de3
@tarunKoyalwar
network policy check + ASREP method
01487ba
dependabot bot and others added 25 commits March 4, 2024 06:13
@dependabot
chore(deps): bump github.com/projectdiscovery/wappalyzergo
b13a9b9 
Bumps [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) from 0.0.111 to 0.0.112.
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](projectdiscovery/wappalyzergo@v0.0.111...v0.0.112)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Merge pull request #4830 from projectdiscovery/dependabot/go_modules/…
6cfb312 
…dev/github.com/projectdiscovery/retryabledns-1.0.58
@dependabot
chore(deps): bump github.com/projectdiscovery/httpx from 1.3.9 to 1.5.0
efa4fbc 
Bumps [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) from 1.3.9 to 1.5.0.
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml)
- [Commits](projectdiscovery/httpx@v1.3.9...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/httpx
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Merge pull request #4829 from projectdiscovery/dependabot/go_modules/…
0642531 
…dev/github.com/projectdiscovery/goflags-0.1.42
@dependabot
Merge pull request #4828 from projectdiscovery/dependabot/go_modules/…
e470231 
…dev/github.com/projectdiscovery/wappalyzergo-0.0.112
@dependabot
Merge pull request #4826 from projectdiscovery/dependabot/go_modules/…
02d4151 
…dev/github.com/projectdiscovery/httpx-1.5.0
@RamanaReddy0M
Make self-contained optional in http request (#4838)
0a8beb2
@actions-user
Auto Generate Syntax Docs + JSONSchema [Tue Mar 5 17:11:08 UTC 2024] …
cfe28f0 
…:robot:
@dogancanbakir
remove tmp code files (#4835)
bbac102
@tarunKoyalwar
fix nuclei loading ignored templates (#4849)
b1b4f0f 
* fix tag include logic

* fix unit test

* remove quoting in extractor output

* remove quote in debug code command
@Ice3man543
feat: issue tracker URLs in JSON + misc fixes (#4855)
fd024a3 
* feat: issue tracker URLs in JSON + misc fixes

* misc changes

* feat: status update support for issues

* feat: report metadata generation hook support

* feat: added CLI summary of tickets created

* misc changes
@dogancanbakir @tarunKoyalwar
introduce disable-unsigned-templates flag (#4820)
9bd4db3 
* introduce `disable-unsigned-templates` flag

* minor

* skip instead of exit

* remove duplicate imports

* use stats package + misc enhancements

* force display warning + adjust skipped stats in unsigned count

* include unsigned skipped templates without -dut flag

---------

Co-authored-by: Tarun Koyalwar <[email protected]>
@Mzack9999 @tarunKoyalwar
Purge cache on global callback set (#4840)
ec4fb40 
* purge cache on global callback set

* lint

* purging cache

* purge cache in runner after loading templates

* include internal cache from parsers + add global cache register/purge via config

* remove disable cache purge option

---------

Co-authored-by: Tarun Koyalwar <[email protected]>
@dependabot
chore(deps): bump github.com/projectdiscovery/rawhttp
3a2b5c8 
Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp) from 0.1.39 to 0.1.40.
- [Release notes](https://github.com/projectdiscovery/rawhttp/releases)
- [Commits](projectdiscovery/rawhttp@v0.1.39...v0.1.40)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/rawhttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Merge pull request #4858 from projectdiscovery/dependabot/go_modules/…
3d30278 
…dev/github.com/projectdiscovery/rawhttp-0.1.40
@dependabot
chore(deps): bump github.com/projectdiscovery/httpx from 1.5.0 to 1.6.0
69b39d8 
Bumps [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml)
- [Commits](projectdiscovery/httpx@v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/httpx
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Merge pull request #4859 from projectdiscovery/dependabot/go_modules/…
5347106 
…dev/github.com/projectdiscovery/httpx-1.6.0
@dependabot
chore(deps): bump github.com/projectdiscovery/interactsh
4d67a36 
Bumps [github.com/projectdiscovery/interactsh](https://github.com/projectdiscovery/interactsh) from 1.1.8 to 1.1.9.
- [Release notes](https://github.com/projectdiscovery/interactsh/releases)
- [Changelog](https://github.com/projectdiscovery/interactsh/blob/main/.goreleaser.yml)
- [Commits](projectdiscovery/interactsh@v1.1.8...v1.1.9)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/interactsh
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Merge pull request #4862 from projectdiscovery/dependabot/go_modules/…
fe4d5f0 
…dev/github.com/projectdiscovery/interactsh-1.1.9
@dogancanbakir
add callback support to StandardWriter (#4839)
e9625d6 
* add callback support to StandardWriter

* minor

* use multiwriter

* minor
@Ice3man543
change position of sdk text
a66b56f
@tarunKoyalwar
handle 1 more edgecase (#4868)
49ef5cb 
* handle 1 more edgecase

* add integration test for this edgecase

* fix multi-http-var-sharing with integration test

* add -payload-concurrency (-pc) flag

* fix missing internal:true login in multiprotocol engine

* fix/handle absolute invalid url parsing

* support -pc & -jc in go sdk

* fix missing variables in code protocol operators

* add payload count parallelhttp check
@dogancanbakir
bump gozero (#4877)
66b722f
@Ice3man543 @ehsandeep
@tarunKoyalwar @dogancanbakir @Mzack9999
Fuzzing layer enhancements + input-types support (#4477)
fa56800 
* feat: move fuzz package to root directory

* feat: added support for input providers like openapi,postman,etc

* feat: integration of new fuzzing logic in engine

* bugfix: use and instead of or

* fixed lint errors

* go mod tidy

* add new reqresp type + bump utils

* custom http request parser

* use new struct type RequestResponse

* introduce unified input/target provider

* abstract input formats via new inputprovider

* completed input provider refactor

* remove duplicated code

* add sdk method to load targets

* rename component url->path

* add new yaml format + remove duplicated code

* use gopkg.in/yaml.v3 for parsing

* update .gitignore

* refactor/move + docs fuzzing in http protocol

* fuzz: header + query integration test using fuzzplayground

* fix integration test runner in windows

* feat add support for filter in http fuzz

* rewrite header/query integration test with filter

* add replace regex rule

* support kv fuzzing + misc updates

* add path fuzzing example + misc improvements

* fix matchedURL + skip httpx on multi formats

* cookie fuzz integration test

* add json body + params body tests

* feat add multipart/form-data fuzzing support

* add all fuzz body integration test

* misc bug fixes + minor refactor

* add multipart form + body form unit tests

* only run fuzzing templates if -fuzz flag is given

* refactor/move fuzz playground server to pkg

* fix integration test + refactor

* add auth types and strategies

* add file auth provider

* start implementing auth logic in http

* add logic in http protocol

* static auth implemented for http

* default :80,:443 normalization

* feat: dynamic auth init

* feat: dynamic auth using templates

* validate targets count in openapi+swagger

* inputformats: add support to accept variables

* fix workflow integration test

* update lazy cred fetch logic

* fix unit test

* drop postman support

* domain related normalization

* update secrets.yaml file format + misc updates

* add auth prefetch option

* remove old secret files

* add fuzzing+auth related sdk options

* fix/support multiple mode in kv header fuzzing

* rename 'headers' -> 'header' in fuzzing rules

* fix deadlock due to merge conflict resolution

* misc update

* add bool type in parsed value

* add openapi validation+override+ new flags

* misc updates

* remove optional path parameters when unavailable

* fix swagger.yaml file

* misc updates

* update print msg

* multiple openapi validation enchancements + appMode

* add optional params in required_openapi_vars.yaml file

* improve warning/verbose msgs in format

* fix skip-format-validation not working

* use 'params/parameter' instead of 'variable' in openapi

* add retry support for falky tests

* fix nuclei loading ignored templates (#4849)

* fix tag include logic

* fix unit test

* remove quoting in extractor output

* remove quote in debug code command

* feat: issue tracker URLs in JSON + misc fixes (#4855)

* feat: issue tracker URLs in JSON + misc fixes

* misc changes

* feat: status update support for issues

* feat: report metadata generation hook support

* feat: added CLI summary of tickets created

* misc changes

* introduce `disable-unsigned-templates` flag (#4820)

* introduce `disable-unsigned-templates` flag

* minor

* skip instead of exit

* remove duplicate imports

* use stats package + misc enhancements

* force display warning + adjust skipped stats in unsigned count

* include unsigned skipped templates without -dut flag

---------

Co-authored-by: Tarun Koyalwar <[email protected]>

* Purge cache on global callback set (#4840)

* purge cache on global callback set

* lint

* purging cache

* purge cache in runner after loading templates

* include internal cache from parsers + add global cache register/purge via config

* remove disable cache purge option

---------

Co-authored-by: Tarun Koyalwar <[email protected]>

* misc update

* add application/octet-stream support

* openapi: support path specific params

* misc option + readme update

---------

Co-authored-by: Sandeep Singh <[email protected]>
Co-authored-by: sandeep <[email protected]>
Co-authored-by: Tarun Koyalwar <[email protected]>
Co-authored-by: Tarun Koyalwar <[email protected]>
Co-authored-by: Dogan Can Bakir <[email protected]>
Co-authored-by: Mzack9999 <[email protected]>
@dependabot
chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
d27f56f 
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@ehsandeep ehsandeep added this to the nuclei v3.2.0 milestone Mar 13, 2024
@ehsandeep ehsandeep merged commit cda1fc0 into main Mar 13, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
nuclei v3.2.0
Development

Successfully merging this pull request may close these issues.