v2.5.4
What's Changed
- Added Websocket and SSL protocol support by @Ice3man543 in #1066
- Added high level nuclei architecture overview by @Ice3man543 in #1177
- Added Remote template/workflow list input support by @EndPositive in #1123
- Added automatic request iteration on extractor values in http template by @Ice3man543 in #1288
- Added DNS Trace support in dns templates by @Mzack9999 in #1236
- Added new global variable support for DNS templates by @Ice3man543 in #1185
- Added new global variables support for Network templates by @Ice3man543 in #1282
- Added optional matcher status (
matcher-status/ms) flag by @Ice3man543 in #1272 - Added
case-insensitiveattribute to word matcher by @zerodivisi0n in #1130 - Added
stop-at-first-matchsupport for DNS templates by @parrasajad in #1307 - Added unique interactsh placeholder support in templates by @parrasajad in #1219
- Added support for client certificate authentication by @kchason in #1171
- Added global/payloads/helper functions variable matching support in word/dsl matchers by @parrasajad in #1290
- Added new filters (
pt/ept) to run templates based on protocol type by @Ice3man543 in #1186 - Added support log errors (
elog/error-log) in file by @zerodivisi0n in #1204 - Added http/socks proxy support to headless browser by @Mzack9999 in #1155
- Added support to read complete tcp data stream by @Mzack9999 in #1111
- Added validation to
template-idto keep it unique and uniform by @zerodivisi0n in #1151 - Added default fields for DNS templates by @Ice3man543 in #1284
- Added support for custom headers for unsafe templates by @Mzack9999 in #1230
- Added request clustering support within workflow by @Mzack9999 in #1255
- Added multiple new fields in JSON output by @Ice3man543 in #1272
- Added hexadecimal view in
debugmode for binary response #1080 by @forgedhallpass in #1203 - Added validation for http/socks5 proxy #1001 by @LuitelSamikshya in #1225
- Added validation for binary matchers in template by @Ice3man543 in #1213
- Added new headless test cases by @Mzack9999 in #1313
- Fixed bug with matchers to match on all redirect responses instead of final one by @Ice3man543 in #1232
- Fixed bug with github client and paths with no slash by @Ice3man543 in #1183
- Fixed panic crash with curl command if request is not nil by @Ice3man543 in #1184
- Fixed bug with path input in unsafe template by @Ice3man543 in #1182
- Fixed http test using local http mock server by @Mzack9999 in #1241
- Fixed crash with uninitialized interactsh client by @Ice3man543 in #1251
- Fixed bug casuing no ip returned in JSON response by @Ice3man543 in #1273
- Fixed bug causing spawned nuclei child process hangs with stdin by @Ice3man543 in #1306
- Fixed crash in http module by @Ice3man543 in #1285
- Fixed stdin input parsing bug causing nuclei to hang by @Ice3man543 in #1286
- Fixed
cookie-reusebehavior in headless engine by @Mzack9999 in #1157 - Updated
validateflag validation by @LuitelSamikshya in #1315 - Updated
README_CN.mdby @Xc1Ym in #1317 - Disabled
no-sandboxmode as root (linux) in headless engine by @Mzack9999 in #1135
New CLI Flags:
-tu, -template-url string[] URL containing list of templates to run
-wu, -workflow-url string[] URL containing list of workflows to run
-pt, -type value[] protocol types to be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket
-ept, -exclude-type value[] protocol types to not be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket
-ms, -matcher-status show optional match failure status
-elog, -error-log string file to write sent requests error log
-cc, -client-cert string client certificate file (PEM-encoded) used for authenticating against scanned hosts
-ck, -client-key string client key file (PEM-encoded) used for authenticating against scanned hosts
-ca, -client-ca string client certificate authority file (PEM-encoded) used for authenticating against scanned hostsNew JSON fields:
"template": "misconfiguration/http-missing-security-headers.yaml"
"template-url": "https://github.com/projectdiscovery/nuclei-templates/blob/master/misconfiguration/http-missing-security-headers.yaml"
"matcher-status": trueNew Global Variables:
For DNS Protocol
{{RDN}}
{{DN}}
{{TLD}}
{{SD}}For Netowork Protocol
{{Host}}
{{Port}}Closed GH Issues in v2.5.4 release
https://github.com/projectdiscovery/nuclei/milestone/4?closed=1
New Contributors
- @kchason made their first contribution in #1171
- @EndPositive made their first contribution in #1123
- @LuitelSamikshya made their first contribution in #1169
Full Changelog: v2.5.3...v2.5.4
Contributors
zerodivisi0n, kchason, and 7 other contributors