Nuclei v2.2.0 - 20 Nov 2020¶
- Added Turbo intruder support for fuzzing
- Added HTTP pipeline support for fuzzing
- Added Connection pooling support for fuzzing
- Added Raw HTTP support for malformed HTTP requests.
- Added support for Race condition testing
§variable§marker for fuzzing
statsin multithreaded requests (fuzzing)
- Added YAML syntax support for workflows
- Added Project file support for request reuse
- Added global rate limit support
- Added burp collaborator support
- Added hmap for reducing memory uses
- Added clistats in place of a progress bar
- Added support to DSL matcher to match each unique request
- Added trace log (
-templates-versionflag to list template version
-no-metaflag to ignore meta information
- Added dynamic field support in the template info block
- Added response time support to DSL
- Added type to specify type of request
- Added mmh3 hashing support in helper functions
- Added shared resolver cache among various HTTP clients
- Added fuzzing payloads output values to json output
.nuclei-ignorefile from current working directory
- Added comments support in
- Added flag to disable host header and content length
- Added host information in the JSON response by @savushkin-yauheni
- Updated flag
- Updated flag
- Updated flag
- Fixed a bug with ignoring paths in the input file by @vzamanillo
- Fixed a bug with raw requests redirect
- Fixed a bug with debug flag to display post body
- Fixed a panic with trace log
- Added negative matcher support
- Added support for severity based filtering with
severityflag by @manuelbua
- Added support for template exclusions with
excludeflag by @manuelbua
- Added rate limit per host with
rlflag by @CasperGN
- Added template list support with
tlflag by @vzamanillo
- Added template name field in JSON output by @vzamanillo
- Added color support for severity by @vzamanillo
- Added Progress bar support with the silent flag by @vzamanillo
- Added support for using local templates along with nuclei-templates
- Added template preloading at the start of the scan
- Added support for golangci lint by @vzamanillo
- Added JSON output support for DNS templates by @Marmelatze
- Added centralize template loaded info message, add output coloring by @manuelbua
- Added template ID on HTTP request error message @vzamanillo
- Added severity information in the output by @vzamanillo
- Added match groups support in regex extractor
- Fixed a failed request error on multiple URLs
- Fixed a bug with helper function by @organiccrap
- Fixed a bug with port conflict input with URLs and templates by @vzamanillo
- Fixed a bug with Workflow detecting
No Resultsby @vzamanillo
- Fixed inconsistent output printing in the terminal
- Fixed No JSON output with workflows
- Fixed a bug with matches when multiple headers with the same name by @CasperGN
No resultfound problem with and condition by @Marmelatze
- Fixed an issue with
allmatched part by @rykkard
- Updated nuclei-templates current and outdated messages
- Updated template loading UI message by @vzamanillo
- Nuclei engine rework.
- Added Progress bar with live results by @manuelbua
- Added multiple input template support by @manuelbua
- Added in-template cookie reuse
- Added key-value supported extractor
- Added dynamic extraction and reuse
- Added coloring support in output results by @manuelbua
- Added wild-card template input support by @wdahlenburg
- Fixed relative path issue with payloads.
- Fixed dockerfile go version.
- Better error handling for templates by @manuelbua
- Fixed an issue with release binary.
- Fixed bugs in raw-requests.
- Fixed update template issue.
- Fixed an issue with failed requests.
- Fixed an issue with DSL helper function.
- Fixed error with auto-updates Github rate limit.
- Fixed defaults to OR condition when no condition is specified.
- Fixed raw requests newlines and allow blank request path.
- Added relative path and auto-template fetching support from installed directory.
- Added single target support.
- Added json output support.
- Chained workflow support with conditions etc.
- Added template updates feature with auto-updates, etc.
- Fixed blank output file bug.
- Added better verbose and debug modes.
- Inform user and no output file in case of 0 results.
- Updated default user-agent to include project details
- Added intruder like support (sniper/pitchfork/clusterbomb)
- Fuzzing with DSL helpers
- Fixed bug in body decompression
- Added global headers via CLI
- Small improvements.
- General Fixes.
- Complex DSL queries
- Raw requests
- Proxy (http/socks5)
- Fixed a bug with DNS requests and output file.
- Massive code refactor, conditions support + stdin input bug fix.
- DNS requests support
- Binary Matcher support
- Conditional redirects support within templates.
- Fixed go.mod issue
- Added extractors for custom text extraction from templates
- Fixed a bug with default headers
- Fixed go.mod file issue
- Initial Release