Merge branch 'dev' into add_bitbucket_custom_template_integration

.github/dependabot.yml

@@ -6,18 +6,6 @@
 version: 2
 updates:
 
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    target-branch: "dev"
-    commit-message:
-      prefix: "chore"
-      include: "scope"
-    labels:
-      - "Type: Maintenance"
-
   # Maintain dependencies for go modules
   - package-ecosystem: "gomod"
     directory: "v2/"
@@ -29,15 +17,29 @@ updates:
       include: "scope"
     labels:
       - "Type: Maintenance"
+    allow:
+      - dependency-name: "github.com/projectdiscovery/*"
 
-  # Maintain dependencies for docker
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    target-branch: "dev"
-    commit-message:
-      prefix: "chore"
-      include: "scope"
-    labels:
-      - "Type: Maintenance"
+#  # Maintain dependencies for GitHub Actions
+#  - package-ecosystem: "github-actions"
+#    directory: "/"
+#    schedule:
+#      interval: "weekly"
+#    target-branch: "dev"
+#    commit-message:
+#      prefix: "chore"
+#      include: "scope"
+#    labels:
+#      - "Type: Maintenance"
+#
+#  # Maintain dependencies for docker
+#  - package-ecosystem: "docker"
+#    directory: "/"
+#    schedule:
+#      interval: "weekly"
+#    target-branch: "dev"
+#    commit-message:
+#      prefix: "chore"
+#      include: "scope"
+#    labels:
+#      - "Type: Maintenance"

.github/release.yml

@@ -3,10 +3,10 @@ changelog:
     authors:
       - dependabot
   categories:
-    - title: 🎉 Features
+    - title: 🎉 New Features
       labels:
         - "Type: Enhancement"
-    - title: 🐞 Bugs
+    - title: 🐞 Bug Fixes
       labels:
         - "Type: Bug" 
     - title: 🔨 Maintenance

.github/workflows/build-test.yml

@@ -25,7 +25,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v3
 
-      - name: Go Mod hygine
+      - name: Go Mod hygiene
         run: |
           go clean -modcache
           go mod tidy

.github/workflows/dep-auto-merge.yml

@@ -0,0 +1,26 @@
+name: 🤖 dep auto merge
+
+on:
+  pull_request:
+    branches:
+      - dev
+  workflow_dispatch:
+
+permissions:
+  pull-requests: write
+  issues: write
+  repository-projects: write
+
+jobs:
+  automerge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.DEPENDABOT_PAT }}
+
+      - uses: ahmadnassri/action-dependabot-auto-merge@v2
+        with:
+          github-token: ${{ secrets.DEPENDABOT_PAT }}
+          target: all

.github/workflows/dockerhub-push.yml

@@ -14,7 +14,7 @@ jobs:
       - name: Git Checkout
         uses: actions/checkout@v3
 
-      - name: Get Github tag
+      - name: Get GitHub tag
         id: meta
         run: |
           curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
@@ -37,4 +37,11 @@ jobs:
           context: .
           platforms: linux/amd64,linux/arm64
           push: true
-          tags: projectdiscovery/nuclei:latest,projectdiscovery/nuclei:${{ steps.meta.outputs.TAG }}
+          tags: projectdiscovery/nuclei:latest,projectdiscovery/nuclei:${{ steps.meta.outputs.TAG }}
+
+      - name: Update DockerHub Description
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+          repository: projectdiscovery/nuclei

.github/workflows/performance-test.yaml

@@ -0,0 +1,36 @@
+name: 🔨 Performance Test
+
+on:
+  workflow_dispatch:
+  schedule:
+    # Weekly
+    - cron: '0 0 * * 0'
+
+jobs:
+  build:
+    name: Test Performance
+    strategy:
+      matrix:
+        go-version: [1.20.x]
+        os: [ubuntu-latest, macOS-latest]
+
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Go Mod hygine
+        run: |
+          go clean -modcache
+          go mod tidy
+        working-directory: v2/
+
+      # Max GH exection time 6H => timeout after that
+      - name: Running performance with big list
+        run: go run -race . -l ../functional-test/targets-150.txt
+        working-directory: v2/cmd/nuclei/

.github/workflows/release-test.yml

@@ -0,0 +1,29 @@
+name: 🔨 Release Test
+
+on:
+  pull_request:
+    paths:
+      - '**.go'
+      - '**.mod'
+  workflow_dispatch:
+
+jobs:
+  release-test:
+    runs-on: ubuntu-latest-16-cores
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v3
+        with: 
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.20.x
+
+      - name: release test
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          args: "release --clean --snapshot"
+          version: latest
+          workdir: v2/

.gitignore

@@ -1,5 +1,6 @@
 .idea
 .vscode
+.devcontainer
 v2/vendor
 v2/dist
 integration_tests/nuclei
@@ -16,3 +17,4 @@ v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject.class
 v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject2.ser
 *.exe
 v2/.gitignore
+*.DS_Store

CONTRIBUTING.md

@@ -0,0 +1,30 @@
+# Contributing to ProjectDiscovery/Nuclei
+
+We appreciate your interest in contributing to the projectdiscovery/nuclei! This document provides some basic guidelines for contributors.
+
+## Getting Started
+
+- Always base your work from the `dev` branch, which is the development branch with the latest code.
+- Before creating a Pull Request (PR), make sure there is a corresponding issue for your contribution. If there isn't one already, please create one.
+- Include the problem description in the issue.
+
+## Pull Requests
+
+When creating a PR, please follow these guidelines:
+
+- Link your PR to the corresponding issue.
+- Provide context in the PR description to help reviewers understand the changes. The more information you provide, the faster the review process will be.
+- Include an example of running the tool with the changed code, if applicable. Provide 'before' and 'after' examples if possible.
+- Include steps for functional testing or replication.
+- If you're adding a new feature, make sure to include unit tests.
+
+## Code Style
+
+Please adhere to the existing coding style for consistency. 
+
+## Questions
+
+If you have any questions or need further guidance, please feel free to ask in the issue or PR, or [reach out to the maintainers](https://discord.gg/projectdiscovery).
+
+Thank you for your contribution!
+

DEBUG.md

@@ -0,0 +1,42 @@
+## Debugging Nuclei
+
+While Adding new features or fixing bugs or writing new templates to properly understand the behavior of that component, it is essential to understand what debugging options are available in nuclei. This guide lists all the debugging options available in nuclei.
+
+### Template related debugging
+
+- `-debug` flag
+
+When this flag is provided, nuclei will print all requests that are being sent by nuclei to the target as well as the response received from the target.
+
+- `-debug-req` flag
+
+When this flag is provided, nuclei will print all requests that are being sent by nuclei to the target.
+
+- `-debug-resp` flag
+
+When this flag is provided, nuclei will  print all responses that are being received by nuclei from the target.
+
+- `-ldf` flag
+
+When this flag is provided, nuclei will print the list of all helper functions available in this release of nuclei and exit.
+
+- `-svd` flag
+
+When this flag is provided, nuclei will print all `variables` pre and post execution of a request for a template. This is useful to understand what variables are available for a template and what values they have.
+
+- `-elog = errors.txt` flag
+
+When this flag is provided, nuclei will log all errors to the file specified. This is helpful when running large scans.
+
+
+
+### Environment Variable Switches
+
+Nuclei was built with some environment variables in mind to help with debugging. These environment variables can be set to enable debugging of a particular component/functionality for nuclei.
+
+| Environment Variable   | Description                                              |
+| ---------------------- | -------------------------------------------------------- |
+| `DEBUG=true`           | Enables Printing Stack Traces for all errors             |
+| `SHOW_DSL_ERRORS=true` | Enables Printing DSL Errors (that are hidden by default) |
+
+

DESIGN.md

@@ -145,7 +145,7 @@ type Exporter interface {
 }
 ```
 
-Exporters include `Elasticsearch`, `markdown`, `sarif` . Trackers include `GitHub` , `Gitlab` and `Jira`.
+Exporters include `Elasticsearch`, `markdown`, `sarif` . Trackers include `GitHub` , `GitLab` and `Jira`.
 
 Each exporter and trackers implement their own configuration in YAML format and are very modular in nature, so adding new ones is easy.
 
@@ -484,7 +484,7 @@ $ go tool pprof -http=:8081 mem.pprof
 - [v2/pkg/reporting/exporters/markdown](./v2/pkg/reporting/exporters/markdown) - Markdown Result Exporter
 - [v2/pkg/reporting/exporters/es](./v2/pkg/reporting/exporters/es) - Elasticsearch Result Exporter
 - [v2/pkg/reporting/dedupe](./v2/pkg/reporting/dedupe) - Dedupe module for Results
-- [v2/pkg/reporting/trackers/gitlab](./v2/pkg/reporting/trackers/gitlab) - Gitlab Issue Tracker Exporter
+- [v2/pkg/reporting/trackers/gitlab](./v2/pkg/reporting/trackers/gitlab) - GitLab Issue Tracker Exporter
 - [v2/pkg/reporting/trackers/jira](./v2/pkg/reporting/trackers/jira) - Jira Issue Tracker Exporter
 - [v2/pkg/reporting/trackers/github](./v2/pkg/reporting/trackers/github) - GitHub Issue Tracker Exporter
 - [v2/pkg/reporting/format](./v2/pkg/reporting/format) - Result Formatting Functions

Dockerfile

@@ -1,5 +1,5 @@
 # Build
-FROM golang:1.20.5-alpine AS build-env
+FROM golang:1.20.6-alpine AS build-env
 RUN apk add build-base
 WORKDIR /app
 COPY . /app