nuclei

Name: nuclei
Availability: InStock
Rating: 5.0 (28134 reviews)
Author: projectdiscovery

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collabora

projectdiscovery vv3.8.0 Cross-platform 28,134 stars

Free Open Source Safe Download MIT License Latest Version

About nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

What's New in vv3.8.0

What's Changed

Security Fixes

JS: Respect allow-local-file-access in require by @dwisiswant0 (#7332)
- GHSA-29rg-wmcw-hpf4
Expressions: Only evaluate template-authored expressions by @dwisiswant0 (#7221)(#7321)
- GHSA-jm34-66cf-qpvr

Bug Fixes

HTTP: Respect annotations in unsafe mode by @dwisiswant0 (#7044)
HTTP: Isolate project cache keys by scheme & host by @dwisiswant0 (#7043)
Expressions: Propagate unresolved variable markers through encoding functions by @dogancanbakir (#7033)
SDK: Respect WithOptions rate limit by @dwisiswant0 (#7342)
Fuzz: Prevent path mutation across sequential Rebuild calls by @promisingcoder (#7253)
Fuzz: Use actual parameter for frequency deduplication by @Godzilla675 (#7037)
Fuzz: Fix concurrent map writes in multipart form parsing by @Mzack9999 (#7291)
Fuzz: Propagate custom headers to time_delay analyzer follow-up requests by @usernametooshort (#7125)
JS: Fix watchdog and propagate context to all JS library network calls by @Mzack9999 (#7299)
JS: Interrupt goja runtime on context cancel by @mikhail5555 (#7343)
WebSocket: Fix path handling when merging template & target URLs by @Mzack9999 (#7290)
Runner: Stop spawning template goroutines in host-spray when host is unresponsive by @usernametooshort (#7129)
Input: Optimize removeTargets to prevent hang on large exclusions by @JawsKim (#6760)
Installer: Prevent unnecessary update checks by @dahezhiquan (#7337)
Utils: Normalize unbracketed IPv6 literals for probing by @dwisiswant0 (#7045)
Client pool: Replace global variable with local scoping by @mikhail5555 (#7294)
Fix InFlight map race condition via Snapshot method by @n3integration (#7026)
Fix race condition in Dynamic.Fetch and always prefetch secrets by @hussain-alsaibai (#6976)
Fix nil interface set in createEphemeralObjects to prevent panic by @maxwolf8852 (#6944)
Fix DAST skipping URLs with part: request and mode: multiple by @dogancanbakir (#7326)
Fix headless JS loading with -tlsi and addheader/setheader by @dogancanbakir (#7325)
Fix flow execution with auth by @Mzack9999 (#7298)
Fix redirect handling by @Mzack9999 (#7286)
Fix Elastic export by @Mzack9999 (#7287)
Use crypto/rand instead of math/rand in JS global functions by @sandiyochristan (#7215)

New Features

Fuzz: Add XSS reflection context analyzer by @ZachL111 (#7164)
Reporting: Add PDF export option for scan results by @Gengyscan (#7254)
Network templates: Support service names in port field by @dogancanbakir (#7303)
Add honeypot detection to reduce scan noise by @HarshadaGawas05 (#7277)
Add inline targets and secrets to template profiles by @SaurabhCodesAI (#6858)

Performance & Improvements

Runner: Fast path for tag listing by @dwisiswant0 (#7143)
Runner: Use Print instead for listAvailableStoreTags by @dwisiswant0 (#7145)
Resume state: Refactored as cache data by @dwisiswant0 (#7042)
Capture stderr output by @Mzack9999 (#7292)

Tests & CI

Add fuzz tests by @dwisiswant0 (#7311)
Add request condition tests for multi-raw-request flow templates by @Mzack9999 (#7300)
Refactor native tests by @dwisiswant0 (#7307)
Add GITHUB_TOKEN to workflows for authenticated template updates by @dwisiswant0 (#7119)
Integrate typos spell checker into CI by @telewin95 (#7158)

Documentation

Update outdated documentation links across all translations by @Pitrat-wav (#7020)

New Contributors

@usernametooshort made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7129
@Pitrat-wav made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7020
@n3integration made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7026
@JawsKim made their first contribution in https://github.com/projectdiscovery/nuclei/pull/6760
@sandiyochristan made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7215
@telewin95 made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7158
@Gengyscan made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7254
@hussain-alsaibai made their first contribution in https://github.com/projectdiscovery/nuclei/pull/6976
@promisingcoder made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7253
@Godzilla675 made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7037
@SaurabhCodesAI made their first contribution in https://github.com/projectdiscovery/nuclei/pull/6858
@ZachL111 made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7164
@HarshadaGawas05 made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7277
@mikelolasagasti made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7282
@maxwolf8852 made their first contribution in https://github.com/projectdiscovery/nuclei/pull/6944
@mikhail5555 made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7294
@dahezhiquan made their first contribution in https://github.com/projectdiscovery/nuclei/pull/7337

Full Changelog: https://github.com/projectdiscovery/nuclei/compare/v3.7.1...v3.8.0

Legal Notice

This software is provided by its original developers. We only index and provide links to official download sources. All downloads are from the original publishers and are completely legal and safe.