Merge pull request #3491 from projectdiscovery/dev

nuclei v2.9.1

.github/workflows/build-test.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ${{ matrix.go-version }}
 

.github/workflows/functional-test.yml

@@ -16,7 +16,7 @@ jobs:
         os: [ubuntu-latest-16-cores, windows-latest-8-cores, macOS-12]
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: 1.19
 

.github/workflows/lint-test.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest-16-cores
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: 1.19
       - name: Checkout code

.github/workflows/publish-docs.yaml

@@ -16,7 +16,7 @@ jobs:
           fetch-depth: 0
 
       - name: "Set up Go"
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with: 
           go-version: 1.19
 

.github/workflows/release-binary.yml

@@ -15,7 +15,7 @@ jobs:
         with: 
           fetch-depth: 0
 
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with: 
           go-version: 1.19
 

.github/workflows/template-validate.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest-16-cores
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with: 
           go-version: 1.19
 

DESIGN.md

@@ -189,7 +189,7 @@ Polling for interactions and server registration only starts when a template use
 
 Next we arrive in the `RunEnumeration` function of the runner.
 
-`HostErrorsCache` is initialised which is used throughout the run of Nuclei enumeration to keep track of errors per host and skip further requests if the errors are greater than the provided threshold. The functionality for the error tracking cache is defined in [hosterrorscache.go](https://github.com/projectdiscovery/nuclei/blob/master/v2/pkg/protocols/common/hosterrorscache/hosterrorscache.go) and is pretty simplistic in nature.
+`HostErrorsCache` is initialised which is used throughout the run of Nuclei enumeration to keep track of errors per host and skip further requests if the errors are greater than the provided threshold. The functionality for the error tracking cache is defined in [hosterrorscache.go](https://github.com/projectdiscovery/nuclei/blob/main/v2/pkg/protocols/common/hosterrorscache/hosterrorscache.go) and is pretty simplistic in nature.
 
 Next the `WorkflowLoader` is initialised which used to load workflows. It exists in `v2/pkg/parsers/workflow_loader.go`
 

Dockerfile

@@ -1,5 +1,5 @@
 # Build
-FROM golang:1.20.1-alpine AS build-env
+FROM golang:1.20.2-alpine AS build-env
 RUN apk add build-base
 WORKDIR /app
 COPY . /app

README.md

@@ -29,10 +29,10 @@
 </p>
 
 <p align="center">
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README.md">English</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md">中文</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_KR.md">Korean</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_ID.md">Indonesia</a>
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README.md">English</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_CN.md">中文</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_KR.md">Korean</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_ID.md">Indonesia</a>
 </p>
 
 ---
@@ -153,14 +153,15 @@ OUTPUT:
    -srd, -store-resp-dir string  store all request/response passed through nuclei to custom directory (default "output")
    -silent                       display findings only
    -nc, -no-color                disable output content coloring (ANSI escape codes)
-   -json                         write output in JSONL(ines) format
+   -j -jsonl                     write output in JSONL(ines) format
    -irr, -include-rr             include request/response pairs in the JSONL output (for findings only)
    -nm, -no-meta                 disable printing result metadata in cli output
    -ts, -timestamp               enables printing timestamp in cli output
    -rdb, -report-db string       nuclei reporting database (always use this to persist report data)
    -ms, -matcher-status          display match failure status
    -me, -markdown-export string  directory to export results in markdown format
    -se, -sarif-export string     file to export results in SARIF format
+   -je, -json-export string      file to export results in JSON format as a JSON array. This can be memory intensive in larger scans.
 
 CONFIGURATIONS:
    -config string                 path to the nuclei configuration file
@@ -428,7 +429,7 @@ Do also check out the below similar open-source projects that may fit in your wo
 
 ### License
 
-Nuclei is distributed under [MIT License](https://github.com/projectdiscovery/nuclei/blob/master/LICENSE.md)
+Nuclei is distributed under [MIT License](https://github.com/projectdiscovery/nuclei/blob/main/LICENSE.md)
 
 <h1 align="left">
   <a href="https://discord.gg/projectdiscovery"><img src="static/Join-Discord.png" width="380" alt="Join Discord"></a> <a href="https://nuclei.projectdiscovery.io"><img src="static/check-nuclei-documentation.png" width="380" alt="Check Nuclei Documentation"></a>

README_CN.md

@@ -29,9 +29,9 @@
 </p>
 
 <p align="center">
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README.md">English</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md">中文</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_KR.md">Korean</a>
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README.md">English</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_CN.md">中文</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_KR.md">Korean</a>
 </p>
 
 ---
@@ -132,7 +132,7 @@ Nuclei是一款注重于可配置性、可扩展性和易用性的基于模板
    -srd, -store-resp-dir string          将nuclei的所有请求和响应输出到指定目录（默认：output）
    -silent                               只显示结果
    -nc, -no-color                        禁用输出内容着色（ANSI转义码）
-   -json                                 输出为jsonL（ines）
+   -j, -jsonl                            输出为jsonL（ines）
    -irr, -include-rr                     在JSONL中输出对应的请求和相应（仅结果）
    -nm, -no-meta                         不显示匹配的元数据
    -nts, -no-timestamp                   不在输出中显示时间戳
@@ -349,7 +349,7 @@ Nuclei构建很简单，通过数百名安全研究员的社区模板，Nuclei
 
 ### 许可证
 
-Nuclei使用[MIT许可证](https://github.com/projectdiscovery/nuclei/blob/master/LICENSE.md)
+Nuclei使用[MIT许可证](https://github.com/projectdiscovery/nuclei/blob/main/LICENSE.md)
 
 <h1 align="left">
   <a href="https://discord.gg/projectdiscovery"><img src="static/Join-Discord.png" width="380" alt="Join Discord"></a> <a href="https://nuclei.projectdiscovery.io"><img src="static/check-nuclei-documentation.png" width="380" alt="Check Nuclei Documentation"></a>

README_ID.md

@@ -29,10 +29,10 @@
 </p>
 
 <p align="center">
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README.md">English</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md">中文</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_KR.md">Korean</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_ID.md">Indonesia</a>
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README.md">English</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_CN.md">中文</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_KR.md">Korean</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_ID.md">Indonesia</a>
 </p>
 
 ---
@@ -132,14 +132,15 @@ OUTPUT:
    -srd, -store-resp-dir string  store all request/response passed through nuclei to custom directory (default "output")
    -silent                       display findings only
    -nc, -no-color                disable output content coloring (ANSI escape codes)
-   -json                         write output in JSONL(ines) format
+   -j, -jsonl                    write output in JSONL(ines) format
    -irr, -include-rr             include request/response pairs in the JSONL output (for findings only)
    -nm, -no-meta                 disable printing result metadata in cli output
    -nts, -no-timestamp           disable printing timestamp in cli output
    -rdb, -report-db string       nuclei reporting database (always use this to persist report data)
    -ms, -matcher-status          display match failure status
    -me, -markdown-export string  directory to export results in markdown format
    -se, -sarif-export string     file to export results in SARIF format
+   -je, -json-export string      file to export results in JSON format as a JSON array. This can be memory intensive in larger scans.
 
 CONFIGURATIONS:
    -config string                 path to the nuclei configuration file
@@ -349,7 +350,7 @@ Terima kasih kepada semua komunitas yang luar biasa yang [berkontribusi untuk me
 
 ### Lisensi
 
-Nuclei didistribusikan di bawah [Lisensi MIT](https://github.com/projectdiscovery/nuclei/blob/master/LICENSE.md)
+Nuclei didistribusikan di bawah [Lisensi MIT](https://github.com/projectdiscovery/nuclei/blob/main/LICENSE.md)
 
 <h1 align="left">
   <a href="https://discord.gg/projectdiscovery"><img src="static/Join-Discord.png" width="380" alt="Join Discord"></a> <a href="https://nuclei.projectdiscovery.io"><img src="static/check-nuclei-documentation.png" width="380" alt="Cek Dokumentasi Nuclei"></a>

README_KR.md

@@ -28,9 +28,9 @@
 </p>
 
 <p align="center">
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README.md">English</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md">中文</a> •
-  <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_KR.md">한국어</a>
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README.md">English</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_CN.md">中文</a> •
+  <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_KR.md">한국어</a>
 </p>
 
 ---
@@ -128,7 +128,7 @@ OUTPUT:
    -srd, -store-resp-dir string  nuclei을 통해 전달된 모든 요청/응답을 사용자 지정 디렉터리에 저장(기본 "output")
    -silent                       결과만 표시
    -nc, -no-color                출력 내용 색상 비활성화 (ANSI escape codes)
-   -json                         JSONL(ines) 형식으로 출력
+   -j, -jsonl                    JSONL(ines) 형식으로 출력
    -irr, -include-rr             JSONL 출력에 요청/응답 쌍 포함(결과만)
    -nm, -no-meta                 cli 출력에서 결과 메타데이터 출력 비활성화
    -nts, -no-timestamp           cli 출력에서 결과 타임스탬프 출력 비활성화
@@ -340,7 +340,7 @@ Thanks to all the amazing community [contributors for sending PRs](https://githu
 
 ### License
 
-Nuclei is distributed under [MIT License](https://github.com/projectdiscovery/nuclei/blob/master/LICENSE.md)
+Nuclei is distributed under [MIT License](https://github.com/projectdiscovery/nuclei/blob/main/LICENSE.md)
 
 <h1 align="left">
   <a href="https://discord.gg/projectdiscovery"><img src="static/Join-Discord.png" width="380" alt="Join Discord"></a> <a href="https://nuclei.projectdiscovery.io"><img src="static/check-nuclei-documentation.png" width="380" alt="Check Nuclei Documentation"></a>

SYNTAX-REFERENCE.md

@@ -80,6 +80,7 @@ info:
 <div class="dt">
 
 Requests contains the http request to make in the template.
+WARNING: 'requests' will be deprecated and will be removed in a future release. Please use 'http' instead.
 
 
 
@@ -107,6 +108,23 @@ requests:
 ```
 
 
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>http</code>  <i>[]<a href="#httprequest">http.Request</a></i>
+
+</div>
+<div class="dt">
+
+description: |
+   HTTP contains the http request to make in the template.
+ examples:
+   - value: exampleNormalHTTPRequest
+ RequestsWithHTTP is placeholder(internal) only, and should not be used instead use RequestsHTTP
+
 </div>
 
 <hr />
@@ -183,6 +201,7 @@ file:
 <div class="dt">
 
 Network contains the network request to make in the template
+WARNING: 'network' will be deprecated and will be removed in a future release. Please use 'tcp' instead.
 
 
 
@@ -204,6 +223,23 @@ network:
 ```
 
 
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>tcp</code>  <i>[]<a href="#networkrequest">network.Request</a></i>
+
+</div>
+<div class="dt">
+
+description: |
+   TCP contains the network request to make in the template
+ examples:
+   - value: exampleNormalNetworkRequest
+ RequestsWithTCP is placeholder(internal) only, and should not be used instead use RequestsNetwork
+
 </div>
 
 <hr />
@@ -759,6 +795,52 @@ cvss-score: "9.8"
 
 <hr />
 
+<div class="dd">
+
+<code>epss-score</code>  <i>float64</i>
+
+</div>
+<div class="dt">
+
+EPSS Score for the template.
+
+
+
+Examples:
+
+
+```yaml
+epss-score: "0.42509"
+```
+
+
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>cpe</code>  <i>string</i>
+
+</div>
+<div class="dt">
+
+CPE for the template.
+
+
+
+Examples:
+
+
+```yaml
+cpe: cpe:/a:vendor:product:version
+```
+
+
+</div>
+
+<hr />
+
 
 
 
@@ -771,6 +853,8 @@ Appears in:
 
 - <code><a href="#template">Template</a>.requests</code>
 
+- <code><a href="#template">Template</a>.http</code>
+
 
 ```yaml
 matchers:
@@ -2108,6 +2192,8 @@ Appears in:
 
 - <code><a href="#template">Template</a>.network</code>
 
+- <code><a href="#template">Template</a>.tcp</code>
+
 
 ```yaml
 host:
@@ -2607,7 +2693,7 @@ Name is the name assigned to the headless action.
 
 This can be used to execute code, for instance in browser
 DOM using script action, and get the result in a variable
-which can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml).
+which can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/main/headless/prototype-pollution-check.yaml).
 
 </div>