What's Changed

Other Changes

• Fixed bug with network protocol: revert full buffer size read by @tarunKoyalwar in #4497

Full Changelog: v3.1.1...v3.1.2

What's Changed

• Added support for arbitrary string input for TLS SNI annotation by @jimen0 in #4462
• Fixed panic + refactor headless waitevent action by @tarunKoyalwar in #4465
• Fixed wait time + added timeout for ssh connection by @dogancanbakir in #4467
• Fixed issue with headless result upload by @tarunKoyalwar in #4469

Full Changelog: v3.1.0...v3.1.1

What's Changed

🎉 New Features

• Added support to upload / view results into PDCP Dashboard by @tarunKoyalwar in #4343
  

• Added support to exclude target from scan input list by @dogancanbakir in #4214

  • exclude host, host:port
  • exclude ip, ip:port
  • exclude cidr
  • regex based exclusion

• Added support for multiple ports in network template by @tarunKoyalwar in #4401

tcp:
  - host:
      - "{{Hostname}}"
    port: 22,2222

• Added port, scheme and url field in json(l) output by @tarunKoyalwar in #4417
• Added support to execute commands via ssh client in javascript protocol by @5amu in #4407

javascript:
  - args:
      Host: "{{Host}}"
      Port: "22"
    code: |
      var m = require("nuclei/ssh");
      var c = m.SSHClient();
      c.Connect(Host, Port, template.Username, template.Password)
      c.Run("echo lolz > /tmp/lolz");
      var response = c.Run("cat /tmp/lolz");
      c.Close()
      to_json(response);

• Added support to set dialer timeout by @wk8 in #4441

 -dt, -dialer-timeout value            timeout for network requests.
 -dka, -dialer-keep-alive value        keep-alive duration for network requests.

• Added connection reset by peer to include error used for host exclusion by @XTeam-Wing in #4265
• Added support to include failed matches for errored hosts with -ms option by @dogancanbakir in #4373

Other Changes

• Fixed memory leaks in rawhttp by @tarunKoyalwar in #4399
• Fixed issue with host field in json(l) output by @tarunKoyalwar in #4417

Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/44?closed=1

New Contributors

• @5amu made their first contribution in #4407
• @razin99 made their first contribution in #4416
• @XTeam-Wing made their first contribution in #4265
• @wk8 made their first contribution in #4441

Full Changelog: v3.0.4...v3.1.0

What's Changed

🎉 New Features

• Added base64 encoded template into json(l) result for custom templates with option to exclude by @dogancanbakir in #4315

   -ot, -omit-template  omit encoded template in the JSON, JSONL output

• Added TLS Cipher, Version enumeration in SSL protocol by @mionskowski-form3 in #4297

    tls_version_enum: true
    tls_cipher_enum: true
    tls_cipher_types: 
      - insecure 
      - weak

• Added base64 encoding helpers for javascript protocol by @Ice3man543 in #4344

🐞 Bug Fixes

• Bugfix bin pack by @Mzack9999 in #4298

🔨 Maintenance

• Disabled code template as default with option to enable using -code flag by @tarunKoyalwar in #4376
• Moved docs to centralized project https://github.com/projectdiscovery/docs by @olearycrew in #4342
• Append exclude tags instead of replacing by @tarunKoyalwar in #4353

Other Changes

• Enabled cookie-reuse as default with ability to disable optionally by @dogancanbakir in #4292

    disable-cookie: true

• Added pprofiling with env by @tarunKoyalwar in #4377

PPROF=1 ./nuclei -u https://scanme.sh

Full Changelog: v3.0.3...v3.0.4

What's Changed

• Added self-contained template support to headless protocol by @dogancanbakir in #4322
• Added miscellaneous SDK enhancements by @tarunKoyalwar in #4301
• Fixed issue with trailing dot in dns protocol by @dogancanbakir in #4295
• Fixed connection issues in javascript, network protocol @tarunKoyalwar in #4313
• Fixed issue in flow to use javascript by @tarunKoyalwar in #4313
• Updated cloned directory structure (project owner => repo) for GitHub by @dogancanbakir in #4293

New Contributors

• @atomiczsec made their first contribution in #4296

Full Changelog: v3.0.2...v3.0.3

What's Changed

Other Changes

• Fixed relative path issue for template loading by @tarunKoyalwar in #4284

Full Changelog: v3.0.1...v3.0.2

What's Changed

🐞 Bug Fixes

• Fixed issues with template preprocessor + multi request variables indexing by @tarunKoyalwar in #4262

Note:

This release includes fixes for bugs introduced in v3.0; upgrade to the latest version if you are using v3.

Full Changelog: v3.0.0...v3.0.1

Nuclei v3 is now live and kicking!

We're excited to announce a variety of new features, enhancements, and bug fixes for seamless vulnerability identification!

• For an in-depth understanding and details of the new elements, visit our v3 release blog.
• To get a detailed overview of all the closed issues linked with this release, please explore the Nuclei v3 release milestone on GitHub.
• Looking to get started with these features? Our Nuclei Docs will guide you through everything you need to know.

What's Changed

🎉 New Features

• Added support for code templates by @Mzack9999 in #2930
• Added support for template signing + verification by @Mzack9999 in #2930
• Added support for multi protocol execution by @tarunKoyalwar in #3672
• Added support for template flow control in template (i.e javascript scripting) by @tarunKoyalwar in #4015
• Added support for javascript protocol for scripting (includes 15+ protocol libs) by @Ice3man543, @tarunKoyalwar in #4109
• Added support for abstracted SDK to use nuclei as library by @tarunKoyalwar in #4104

🐞 Bug Fixes

• Fixed issue with -fh2 option to make http2 connection request by @Mzack9999 in #4237
• Added support to avoid duplicate issue creation in GitHub reporting by @mionskowski-form3 in #4201
• Added support to avoid duplicate issue creation in GitLab reporting by @skahn007gl in #4152

🔨 Maintenance

• Added support to use OS specfic default config location by @tarunKoyalwar in #4228

Other Changes

• Added header fuzzing support in http templates (WIP) by @0x123456789 in #4114
• Added examples in help menu by @kchason in #3978

New Contributors

• @0x123456789 made their first contribution in #4114
• @sttlr made their first contribution in #4169
• @skahn007gl made their first contribution in #4152
• @meme-lord made their first contribution in #4197
• @mionskowski-form3 made their first contribution in #4201

Full Changelog: v2.9.15...v3.0.0

What's Changed

🐞 Bug Fixes

• Fixed issue with request using TE instead of CL header in certain case by @tarunKoyalwar in #4154
• Fixed issue with matcher status option for cluster template execution by @ShubhamRasal in #4132
• Fixed issue with loader for deterministic clustering by @Mzack9999 in #4124

🔨 Maintenance

• Added GH workflow for weekly performance test by @Mzack9999 in #3861

Other Changes

• Added port field in network protocol by @tarunKoyalwar in #4123
• Added docker usage documentation by @kchason in #4155
• Added automated dockerhub documentation by @kchason in #4148
• Documentation typo updates by @kchason in #4138
• Custom templates documentation fixes by @kchason in #4149

Full Changelog: v2.9.14...v2.9.15

What's Changed

🎉 New Features

• Added impact field under template information block by @ehsandeep in #4121

  impact: |
    Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the server, potentially leading to unauthorized access or data leakage.

🔨 Maintenance

• Updated mock output writer to write the failed event by @ShubhamRasal in #4099
• Updated stringsutil.HasPrefixAnyI by @dogancanbakir in #4097

Other Changes

• Fixed data-race warnings by @RamanaReddy0M in #4036
• Fixed issue with connection reuse in host-spray mode by @Mzack9999 in #3991
• Added utm_source in version check by @tarunKoyalwar in #4112
• Updated template URL from GitHub to https://templates.nuclei.sh in jsonl output by @dogancanbakir in #4110

Full Changelog: v2.9.13...v2.9.14