- Interactsh integration into Nuclei
- Improved support for custom host header w/ template and CLI flag
- Added improved template exclusion support using tags.
- Fixed errors listing with excluded templates.
- Fixed a bug with
- Fixed a bug and removed
random-agentflag (now used as default)
- Added markdown export to disk in the reporting module (
- Fixed body length error with report integration module.
- Fixed matched counter bug in metrics endpoint.
- Fixed config file parser bug.
- Fixed bug with
- Fixed a bug with stats counter.
- Fixed a bug with running newly added templates (
- Fixed a but making all workflows to run on running single workflow
- Fixed panic crash with DNS module.
- Fixed a bug to exclude timestamp when
no-metaflag is used.
- Fixed crash when running with a non-root user.
- Fixed a bug with
- Fixed panic crash with http status codes
- Fixed retries in DNS requests failing
dostag will be excluded as default.
- Added support to severity using tags, (-tags low,high)
- Added issue-tracker-config file
- Added Headless chrome based templates support
- Added Network based (TCP) support.
- Added File based template support.
- Added HTTP Request clusterning for similar paths.
- Added Tag based template execution.
- Added Config file support.
- Added passive support for HTTP based templates.
- Added w/workflows to only run workflow based templates
- Added Request condition support.
- Added Support for system resolvers.
- Added Rxpressions package + expressions support to network protocols
- Added Hex encoding support in matchers
- Added Dns fallback support
- Added Missing rawhttp option override
- Added TLS protocol test
- Added Parallelism to workflows
- Added Simple json based http metrics support
- Added Helper functions to payloads
rflag to allow users usage of custom resolvers
- Added Support for http response redirect chain print and match
- Added max http body resp size option
- Added Jira,Github,Gitlab issue tracker integration to nuclei
- Added goflags library support.
- Added reworked generators package
- Moved colorizer stuff to pkg/output
- Moved tracefile to pkg/output + misC
- Fixed output endpoint in unsafe request without host header
- Fixed multiple bugs with rawhttp
- Fixed rawhttp header formatting issues
- Fixed raw http newline formatting
- Fixed a bug with workflows
- Fixed a bug with request count.
- Fixed underscore in header names for kval matcher
- Fixed path & port parsing for raw requests
- Added Turbo intruder support for fuzzing
- Added HTTP pipeline support for fuzzing
- Added Connection pooling support for fuzzing
- Added Raw HTTP support for malformed HTTP requests.
- Added support for Race condition testing
§variable§marker for fuzzing
statsin multithreaded requests (fuzzing)
- Added YAML syntax support for workflows
- Added Project file support for request reuse
- Added global rate limit support
- Added burp collaborator support
- Added hmap for reducing memory uses
- Added clistats in place of a progress bar
- Added support to DSL matcher to match each unique request
- Added trace log (
-templates-versionflag to list template version
-no-metaflag to ignore meta information
- Added dynamic field support in the template info block
- Added response time support to DSL
- Added type to specify type of request
- Added mmh3 hashing support in helper functions
- Added shared resolver cache among various HTTP clients
- Added fuzzing payloads output values to json output
.nuclei-ignorefile from current working directory
- Added comments support in
- Added flag to disable host header and content length
- Added host information in the JSON response by @savushkin-yauheni
- Updated flag
- Updated flag
- Updated flag
- Fixed a bug with ignoring paths in the input file by @vzamanillo
- Fixed a bug with raw requests redirect
- Fixed a bug with debug flag to display post body
- Fixed a panic with trace log
- Added negative matcher support
- Added support for severity based filtering with
severityflag by @manuelbua
- Added support for template exclusions with
excludeflag by @manuelbua
- Added rate limit per host with
rlflag by @CasperGN
- Added template list support with
tlflag by @vzamanillo
- Added template name field in JSON output by @vzamanillo
- Added color support for severity by @vzamanillo
- Added Progress bar support with the silent flag by @vzamanillo
- Added support for using local templates along with nuclei-templates
- Added template preloading at the start of the scan
- Added support for golangci lint by @vzamanillo
- Added JSON output support for DNS templates by @Marmelatze
- Added centralize template loaded info message, add output coloring by @manuelbua
- Added template ID on HTTP request error message @vzamanillo
- Added severity information in the output by @vzamanillo
- Added match groups support in regex extractor
- Fixed a failed request error on multiple URLs
- Fixed a bug with helper function by @organiccrap
- Fixed a bug with port conflict input with URLs and templates by @vzamanillo
- Fixed a bug with Workflow detecting
No Resultsby @vzamanillo
- Fixed inconsistent output printing in the terminal
- Fixed No JSON output with workflows
- Fixed a bug with matches when multiple headers with the same name by @CasperGN
No resultfound problem with and condition by @Marmelatze
- Fixed an issue with
allmatched part by @rykkard
- Updated nuclei-templates current and outdated messages
- Updated template loading UI message by @vzamanillo
- Nuclei engine rework.
- Added Progress bar with live results by @manuelbua
- Added multiple input template support by @manuelbua
- Added in-template cookie reuse
- Added key-value supported extractor
- Added dynamic extraction and reuse
- Added coloring support in output results by @manuelbua
- Added wild-card template input support by @wdahlenburg
- Fixed relative path issue with payloads.
- Fixed dockerfile go version.
- Better error handling for templates by @manuelbua
- Fixed an issue with release binary.
- Fixed bugs in raw-requests.
- Fixed update template issue.
- Fixed an issue with failed requests.
- Fixed an issue with DSL helper function.
- Fixed error with auto-updates Github rate limit.
- Fixed defaults to OR condition when no condition is specified.
- Fixed raw requests newlines and allow blank request path.
- Added relative path and auto-template fetching support from installed directory.
- Added single target support.
- Added json output support.
- Chained workflow support with conditions etc.
- Added template updates feature with auto-updates, etc.
- Fixed blank output file bug.
- Added better verbose and debug modes.
- Inform user and no output file in case of 0 results.
- Updated default user-agent to include project details
- Added intruder like support (sniper/pitchfork/clusterbomb)
- Fuzzing with DSL helpers
- Fixed bug in body decompression
- Added global headers via CLI
- Small improvements.
- General Fixes.
- Complex DSL queries
- Raw requests
- Proxy (http/socks5)
- Fixed a bug with DNS requests and output file.
- Massive code refactor, conditions support + stdin input bug fix.
- DNS requests support
- Binary Matcher support
- Conditional redirects support within templates.
- Fixed go.mod issue
- Added extractors for custom text extraction from templates
- Fixed a bug with default headers
- Fixed go.mod file issue
- Initial Release