v3.0.4

What's Changed

🎉 New Features

• Added base64 encoded template into json(l) result for custom templates with option to exclude by @dogancanbakir in #4315

   -ot, -omit-template  omit encoded template in the JSON, JSONL output

• Added TLS Cipher, Version enumeration in SSL protocol by @mionskowski-form3 in #4297

    tls_version_enum: true
    tls_cipher_enum: true
    tls_cipher_types: 
      - insecure 
      - weak

• Added base64 encoding helpers for javascript protocol by @Ice3man543 in #4344

🐞 Bug Fixes

• Bugfix bin pack by @Mzack9999 in #4298

🔨 Maintenance

• Disabled code template as default with option to enable using -code flag by @tarunKoyalwar in #4376
• Moved docs to centralized project https://github.com/projectdiscovery/docs by @olearycrew in #4342
• Append exclude tags instead of replacing by @tarunKoyalwar in #4353

Other Changes

• Enabled cookie-reuse as default with ability to disable optionally by @dogancanbakir in #4292

    disable-cookie: true

• Added pprofiling with env by @tarunKoyalwar in #4377

PPROF=1 ./nuclei -u https://scanme.sh

Full Changelog: v3.0.3...v3.0.4

v3.0.3

What's Changed

• Added self-contained template support to headless protocol by @dogancanbakir in #4322
• Added miscellaneous SDK enhancements by @tarunKoyalwar in #4301
• Fixed issue with trailing dot in dns protocol by @dogancanbakir in #4295
• Fixed connection issues in javascript, network protocol @tarunKoyalwar in #4313
• Fixed issue in flow to use javascript by @tarunKoyalwar in #4313
• Updated cloned directory structure (project owner => repo) for GitHub by @dogancanbakir in #4293

New Contributors

• @atomiczsec made their first contribution in #4296

Full Changelog: v3.0.2...v3.0.3

v3.0.2

What's Changed

Other Changes

• Fixed relative path issue for template loading by @tarunKoyalwar in #4284

Full Changelog: v3.0.1...v3.0.2

v3.0.1

What's Changed

🐞 Bug Fixes

• Fixed issues with template preprocessor + multi request variables indexing by @tarunKoyalwar in #4262

Note:

This release includes fixes for bugs introduced in v3.0; upgrade to the latest version if you are using v3.

Full Changelog: v3.0.0...v3.0.1

v3.0.0

Nuclei v3 is now live and kicking!

We're excited to announce a variety of new features, enhancements, and bug fixes for seamless vulnerability identification!

• For an in-depth understanding and details of the new elements, visit our v3 release blog.
• To get a detailed overview of all the closed issues linked with this release, please explore the Nuclei v3 release milestone on GitHub.
• Looking to get started with these features? Our Nuclei Docs will guide you through everything you need to know.

What's Changed

🎉 New Features

• Added support for code templates by @Mzack9999 in #2930
• Added support for template signing + verification by @Mzack9999 in #2930
• Added support for multi protocol execution by @tarunKoyalwar in #3672
• Added support for template flow control in template (i.e javascript scripting) by @tarunKoyalwar in #4015
• Added support for javascript protocol for scripting (includes 15+ protocol libs) by @Ice3man543, @tarunKoyalwar in #4109
• Added support for abstracted SDK to use nuclei as library by @tarunKoyalwar in #4104

🐞 Bug Fixes

• Fixed issue with -fh2 option to make http2 connection request by @Mzack9999 in #4237
• Added support to avoid duplicate issue creation in GitHub reporting by @mionskowski-form3 in #4201
• Added support to avoid duplicate issue creation in GitLab reporting by @skahn007gl in #4152

🔨 Maintenance

• Added support to use OS specfic default config location by @tarunKoyalwar in #4228

Other Changes

• Added header fuzzing support in http templates (WIP) by @0x123456789 in #4114
• Added examples in help menu by @kchason in #3978

New Contributors

• @0x123456789 made their first contribution in #4114
• @sttlr made their first contribution in #4169
• @skahn007gl made their first contribution in #4152
• @meme-lord made their first contribution in #4197
• @mionskowski-form3 made their first contribution in #4201

Full Changelog: v2.9.15...v3.0.0

v2.9.15

What's Changed

🐞 Bug Fixes

• Fixed issue with request using TE instead of CL header in certain case by @tarunKoyalwar in #4154
• Fixed issue with matcher status option for cluster template execution by @ShubhamRasal in #4132
• Fixed issue with loader for deterministic clustering by @Mzack9999 in #4124

🔨 Maintenance

• Added GH workflow for weekly performance test by @Mzack9999 in #3861

Other Changes

• Added port field in network protocol by @tarunKoyalwar in #4123
• Added docker usage documentation by @kchason in #4155
• Added automated dockerhub documentation by @kchason in #4148
• Documentation typo updates by @kchason in #4138
• Custom templates documentation fixes by @kchason in #4149

Full Changelog: v2.9.14...v2.9.15

v2.9.14

What's Changed

🎉 New Features

• Added impact field under template information block by @ehsandeep in #4121

  impact: |
    Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the server, potentially leading to unauthorized access or data leakage.

🔨 Maintenance

• Updated mock output writer to write the failed event by @ShubhamRasal in #4099
• Updated stringsutil.HasPrefixAnyI by @dogancanbakir in #4097

Other Changes

• Fixed data-race warnings by @RamanaReddy0M in #4036
• Fixed issue with connection reuse in host-spray mode by @Mzack9999 in #3991
• Added utm_source in version check by @tarunKoyalwar in #4112
• Updated template URL from GitHub to https://templates.nuclei.sh in jsonl output by @dogancanbakir in #4110

Full Changelog: v2.9.13...v2.9.14

v2.9.13

What's Changed

🎉 New Features

• Added support to run public / shared template from templates.nuclei.sh with -t option by @Ice3man543 in #4089

nuclei -t https://templates.nuclei.sh/@sandeep/5SmazAQDG6TDaYSaAJ8jAJ -u https://example.com
nuclei -t https://templates.nuclei.sh/public/CVE-2023-38035 -u https://example.com

• Added xpath as new matcher type by @denandz in #4087

    matchers:
      - type: xpath
        part: body
        xpath:
          - "//script[contains(@src,'//') and not(contains(translate(@integrity,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz'),'^sha'))]"

• Added file read restriction in headless protocol similar to other protocols by @tarunKoyalwar in #4055

Other Changes

• Added support to render nuclei-templates changelog is CLI output with -vv option by @tarunKoyalwar in #4082
• Updated short options -tu, -wu to -turl and -wurl by @Ice3man543 in #4089

New Contributors

• @denandz made their first contribution in #4087

Full Changelog: v2.9.12...v2.9.13

v2.9.12

What's Changed

🐞 Bug Fixes

• Fixed #4025 panic crash in projectdiscovery/dsl#80 by @Mzack9999

Other Changes

• Fixed broken image link in TestActionGetResource test by @tarunKoyalwar in #4075

Full Changelog: v2.9.11...v2.9.12

v2.9.11

What's Changed

🎉 New Feature

• Added request/response in JSONL output for failed match with -ms option by @seeyarh in #3986

🐞 Bug Fixes

• Fixed issues with interactsh integration to improve matcher accuracy by @tarunKoyalwar in #4059
• Fixed issue with using interactsh matcher with request condition by @tarunKoyalwar in #4064
• Fixed reference info nil pointer dereference with -me option by @lu4nx in #4006
• Fixed issue transfer encoding header by @cn-kali-team in #3947
• Fixed SDK issue by adding default resp size to options by @Mzack9999 in #4050

🔨 Maintenance

• Migrated nuclei docs from nuclei-docs to nuclei project in 36af941
• Fixed DSL integration tests syntax by @Mzack9999 in #4003
• Fixed default permission by @dogancanbakir in #4039

Other Changes

• Fixed spelling mistake by @jsoref in #4008
• Fixed bug in curl command generation by @dogancanbakir in #4014
• Fixed removing double slash prefix in raw request path by @RamanaReddy0M in #3960
• Fixed edge case with disable-path-automerge attribute by @RamanaReddy0M in #4035

Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/38?closed=1

New Contributors

• @jsoref made their first contribution in #4008
• @Ovi3 made their first contribution in #4019
• @seeyarh made their first contribution in #3986

Full Changelog: v2.9.10...v2.9.11