v3.4.2

What's Changed

🎉 New Features

• Added bearer support to Jira reporting for self-hosted environments by @Ice3man543 in #6145

🐞 Bug Fixes

• Fixed call to errors.Wrap to use the correct error variable by @alingse in #6127

Other Changes

• Various improvements to the GitHub Actions by @dwisiswant0, including:
  • Removal of i386 Docker manifest due to lack of 32-bit support #6134
  • Addition of Docker manifests #6125
  • Use of composite action for compatibility checks #6139
  • Addition of setup-python steps for tests #6154

New Contributors

• @alingse made their first contribution in #6127

Full Changelog: v3.4.1...v3.4.2

v3.4.1

What's Changed

Other Changes

• Updated Docker image templates to fix release issues by @dwisiswant0 in #6119

Full Changelog: v3.4.0...v3.4.1

v3.4.0

What's Changed

🎉 New Features

• Added support for AWS_PROFILE in S3 loadConfig using ~/.aws/credentials by @alban-stourbe-wmx in #5680

Other Changes

• Updated wrong command example in docs by @leofvo in #6098
• Improved Docker workflow and build process by @dwisiswant0 in #6094
• Improved by adding setDialer function to TCP protocol by @ShubhamRasal in #6101
• Improved docgen by enhancing error handling and file operations by @Mehran-Seifalinia in #6103
• Improved comments by fixing some function names by @threehonor in #6112

New Contributors

• @leofvo made their first contribution in #6098
• @Mehran-Seifalinia made their first contribution in #6103
• @threehonor made their first contribution in #6112

Full Changelog: v3.3.10...v3.4.0

v3.3.10

What's Changed

Other Changes

• added support to generate CPU & PGO profiles by @dwisiswant0 in #6058
• added escape code blocks for markdown formatting by @Ice3man543 in #6089
• fixed auth validation on windows ox by @dogancanbakir in #6053
• fixed issue with secrets lookup logic by @dogancanbakir in #6059
• fixed race condition of the lastmatcherevent by @knakul853 in #6080
• fixed incorrect nil return value by @huochexizhan in #6079
• fixed issue with reporting close functionality by @Ice3man543 in #6066
• fixed nil pointer on context cancellation by @knakul853 in #6085
• fixed issue with setting headers in fuzzing template by @dogancanbakir in #5988

New Contributors

• @knakul853 made their first contribution in #6080
• @huochexizhan made their first contribution in #6079

Full Changelog: v3.3.9...v3.3.10

v3.3.9

What's Changed

🎉 New Features

• Added -ai option to generate and run nuclei templates on the fly in natural langauge by @parthmalhotra in #6041

$ nuclei -list h1.txt -ai "extract page titles"

[extract-page-titles] [http] [info] https://api.hackerone.com ["HackerOne API"]

More in docs at https://docs.projectdiscovery.io/tools/nuclei/running#ai-powered-template-generation

• Added initial Live DAST Server API implementation (experimental) by @Ice3man543 in #5772

$ nuclei -dts

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.9

		projectdiscovery.io

[INF] DAST Server API: http://localhost:9055/fuzz
[INF] DAST Server Stats URL: http://localhost:9055/stats
⇨ http server started on 127.0.0.1:9055

• Added support for DSL expression evaluation in headless args by @dwisiswant0 in #6017

🐞 Bug Fixes

• Fixed issue with hosterrorscache by @dwisiswant0 in #5984
• Fixed issue in multiproto for missing previous event by @dwisiswant0 in #5967
• Fixed issue with variable dump by @dogancanbakir in #5921
• Fixed missing event for multi protocol by @ShubhamRasal in #5995
• Fixed issue to handle removal of deleted templates during update by @dwisiswant0 in #5998
• Fixed issue with filename length with -sr / -srd option by @Lercas in #5931
• Fixed issue with tcp dialer for MySQL by @doug-threatmate in #5681
• Fixed issue in headless protocol with flow variable access by @dogancanbakir in #6003

Other Changes

• Replaced encoding/json with sonic or go-json (fallback) by @dwisiswant0 in #6019
• Removed the use of deprecated mholt/archiver by @AdallomRoy in #5951
• Added new govulncheck (CI) workflow by @dwisiswant0 in #5964
• Add flamegraph job (CI) by @dwisiswant0 in #5966
• Added WithResponseReadSize function for SDK usages by @meme-lord in #5961
• Added Portuguese translation of README by @Jarro01X in #6033

Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/68?closed=1

New Contributors

• @1hehaq made their first contribution in #5974
• @piguagua made their first contribution in #5986
• @kilavvy made their first contribution in #6027
• @Jarro01X made their first contribution in #6033
• @Lercas made their first contribution in #5931

Full Changelog: v3.3.8...v3.3.9

v3.3.8

What's Changed

🐞 Bug Fixes

• Fixed missing browser initilization by @Mzack9999 in #5896
• Fixed proxy configuration for concurrent requests, enabling isolated and parallel handling by @ShubhamRasal in #5903
• Fixed recursive struct validation during JSON marshaling by @dogancanbakir in #5883
• Fixed unresolved interactsh-url with self-contained for raw http templates by @dogancanbakir in #5938
• Fixed a nil error associated with a previous internal event (#5949) by @iuliu8899 in #5950

Other Changes

• Updated function names in comments by @lvyaoting in #5886
• Made markdown filename shorter by @dogancanbakir in #5899
• Added support grouped dependency updates in dependabot by @dwisiswant0 in #5923
• Added encoding support for malformed URLs by @dwisiswant0 in #5902
• Made sure the input URL is trimmed when the -scan-all-ips option is enabled by @p-l- in #5897
• Made sure NoHostErrors is set by @iuliu8899 in #5783

New Contributors

• @p-l- made their first contribution in #5897

Full Changelog: v3.3.7...v3.3.8

v3.3.7

What's Changed

🎉 New Features

• Added OS_MAX_THREADS_ENV environment variable to control the maximum number of OS threads the Go program can utilize by @dogancanbakir in #5622
• Added -enable-global-matchersoption to control the execution of global matchers by @dwisiswant0 in #5857

🐞Bug Fixes

• Fixed template signing signature issue caused by OS-specific line breaks (CRLF vs LF) by @tarunKoyalwar in #5869
• Fixed trailing comma issue in JSONL exporeter by @bf-rbrown in #5861
• Fixed template listing issue by ensuring default settings are respected by @dogancanbakir in #5846

New Contributors

• @bf-rbrown made their first contribution in #5861

Full Changelog: v3.3.6...v3.3.7

v3.3.6

⚠️ Breaking Changes:

• The -enable-self-contained or -esc flag is now required to load self-contained templates.
• The -file flag must be used to enable loading file templates.

What's Changed

🎉 New Features

• Added analyzer support and time based delay analyzer for DAST mode by @Ice3man543 in #5781

See Analyzer documentation here: https://docs.projectdiscovery.io/templates/protocols/http/fuzzing-overview#analyzer

• Added batch output support for JSONL output format by @kchason in #5705

Configuration options for JSONL exporter:

jsonl:
 # file is the file to export found JSONL result to
 file: ""
 # omit-raw whether to exclude the raw request and response from the output
 omit-raw: false
 # batch-size the number of records to keep in memory before writing them out to the JSONL file or 0 to disable batching (default)
 batch-size: 0

• Added ENV variable handling in dynamic secret file by @alban-stourbe-wmx in #5835

Secrets can be set using ENV variables or defined with -v and -env-vars options:

Env based secret

variables:
   - key: password
     value: $PASSWORD

Config file / Flag based secrets ( using -env-vars or -vars )

variables:
     - key: password
     - value: {{password}}

🐞Bug Fixes

• Fixed code protocol template execution issues by @tarunKoyalwar in #5767
• Fixed panic error in -stats option by @dogancanbakir in #5774
• Fixed the issue with Jira tracker related to find request by @Ice3man543 in #5798
• Fixed workflow validation logic by @dogancanbakir in #5805
• Fixed data race in protocolstate, contextargs and outdated tests by @dwisiswant0 in #5820

Other Changes

• Disabled self-contained and file protocol templates as default by @dogancanbakir in #5825
  • -esc flag (self-contained templates) is implicitly enabled when -code flag is used.
• Added SDK functions to improve nuclei store and workflow access by @iuliu8899 in #5766
• Fixed typo in headless protocol error message by @dmaciejak in #5768
• Added missing backtick in DESIGN document by @chengehe in #5789
• Improved GitHub Auto-Merge workflow by @dwisiswant0 in #5784
• Added SDK function to allow setting custom variables by @alban-stourbe-wmx in #5678
• Improved GitHub workflows to run concurrently by @dwisiswant0 in #5818

New Contributors

• @dmaciejak made their first contribution in #5768
• @chengehe made their first contribution in #5789

Full Changelog: v3.3.5...v3.3.6

v3.3.5

What's Changed

🎉 New Features

• Added support for global matchers / extractors in http templates by @dwisiswant0 in #5701
• Added support for MongoDB for results reporting by @kchason in #5688
• Added support for stop-at-first-match in network templates by @RamanaReddy0M in #5554

🐞Bug Fixes

• Fixed an issue with {{interactsh-url}} replacement in network template by @RamanaReddy0M in #5677
• Fixed issue with multipart fuzzing and support for filename, content-type in multipart by @Ice3man543 in #5702
• Fixed issue to expose ssl part definitions by @dogancanbakir in #5710
• Fixed issue boolean value on successful ldap authentication by @RamanaReddy0M in #5682
• Fixed issue with LDAP metadata collection by @RamanaReddy0M in #5683
• Fixed an issue with memguard (SDK) by @dany74q in #5714
• Fixed issue with input helper (SDK) by @iuliu8899 in #5712
• Fixed an issue with template loading logic (SDK) by @dogancanbakir in #5733

Other Changes

• Added support to generate trace file when using -profile-mem option by @dwisiswant0 in #5690
• Added support for -var-dump-limit to control response char limit with -svd option by @dwisiswant0 in #5676

See https://github.com/projectdiscovery/nuclei/milestone/64?closed=1 for all the issues closed in release.

New Contributors

• @vil02 made their first contribution in #5687
• @dany74q made their first contribution in #5714
• @iuliu8899 made their first contribution in #5712

Full Changelog: v3.3.4...v3.3.5

v3.3.4

What's Changed

• Fixed (hopefully) skipping target list as found unresponsive erroneously by @tarunKoyalwar in #5668

Full Changelog: v3.3.3...v3.3.4