Refactored header-based auth scans not to normalize the header names. by halcyondream · Pull Request #6479 · projectdiscovery/nuclei

halcyondream · 2025-09-14T01:24:47Z

Proposed changes

Description here: https://github.com/orgs/projectdiscovery/discussions/6478

Re: checklist, please let me know if there is anything else I can do to support with test cases, etc.

Checklist

Pull request is created against the dev branch
All checks passed (lint, unit/integration/regression tests etc.) with my changes
I have added tests that prove my fix is effective or that my feature works
I have added necessary documentation (if appropriate)

Summary by CodeRabbit

Bug Fixes
- Preserve exact header casing when forwarding headers, preventing unintended canonicalization and improving compatibility with case-sensitive APIs.
Documentation
- Clarified in README and reference docs that headers from secret files retain their original casing.
- Added notes to configuration reference explaining preserved header casing for authentication secrets.

coderabbitai · 2025-09-14T01:24:54Z

Walkthrough

Replaced header-setting logic to assign headers directly into the request header map using the provided key casing, and added documentation notes across README, SYNTAX-REFERENCE, and secret-related structs clarifying that secret-file headers preserve exact casing.

Changes

Cohort / File(s)	Summary
Header assignment change `pkg/authprovider/authx/headers_auth.go`	Replaced `req.Header.Set(header.Key, header.Value)` with direct map assignment `req.Header[header.Key] = []string{header.Value}` in `Apply` and `ApplyOnRR`; added NOTE comments documenting preservation of exact header key casing.
Documentation updates `README.md`, `SYNTAX-REFERENCE.md`	Inserted notes under CLOUD -> AUTHENTICATION and relevant syntax reference sections stating that headers loaded from secrets files preserve exact casing (useful for case-sensitive APIs).
Secret struct comments `pkg/authprovider/authx/file.go`	Added trailing comments to exported fields (`Secret.Headers`, `KV.Key`) noting that header keys preserve exact casing when loaded from secrets files.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant AuthX as authx.Apply / ApplyOnRR
    participant Req as http.Request.Header

    Client->>AuthX: call Apply / ApplyOnRR with headers to add
    Note over AuthX: iterate headers from auth secret/template
    AuthX->>Req: write directly to header map\nreq.Header[header.Key] = [header.Value]
    Note over Req: header key preserved as provided (no canonicalization)
    AuthX-->>Client: return modified request / roundtrip

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I hop through headers, keys kept true,
No Canonical dance — just the casing you knew.
I tuck each value in the map with care,
A quiet note that the headers stay fair.
Little rabbit, neat and aware. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Refactored header-based auth scans not to normalize the header names." is a concise, single-sentence summary that directly reflects the primary change (preserving header name casing rather than canonicalizing it) and matches the modifications in pkg/authprovider/authx/headers_auth.go and related documentation; it is specific and not misleading.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

📝 Generate Docstrings

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (3)

pkg/authprovider/authx/headers_auth.go (3)
26-26: Preserving case via direct map writes is fine, but dedupe and validate header names before insert.

Without dedupe you can emit duplicate fields (e.g., "Authorization" + "authorization") if earlier code set a canonicalized key.

Also guard against illegal header-name bytes; your nonCanonicalMIMEHeaderKey is a no-op (see below), so invalid names will slip through and be rejected by net/http at send time.

Apply this diff here:
-        req.Header[nonCanonicalMIMEHeaderKey(header.Key)] = []string{header.Value}
+        setRawHeader(req.Header, header.Key, header.Value)
Add this helper (outside this hunk):
// setRawHeader sets a header using the original casing, after basic validation,
// and removes case-insensitive duplicates to avoid multiple fields on the wire.
// Special-case Host: set req.Host elsewhere if needed.
func setRawHeader(h http.Header, key, value string) {
    if key == "" {
        return
    }
    // RFC7230 tchar validation (reuse your validHeaderFieldByte)
    for i := 0; i < len(key); i++ {
        if !validHeaderFieldByte(key[i]) {
            return // skip invalid header names rather than sending a broken request
        }
    }
    // De-duplicate existing entries with different casing
    for k := range h {
        if strings.EqualFold(k, key) && k != key {
            delete(h, k)
        }
    }
    h[key] = []string{value}
}
And update imports:
 import (
     "net/http"
+    "strings"
Questions to verify:

Do we intentionally allow duplicate header fields with different casing? If yes, we can drop the dedupe loop.

Should "Host" be supported? If so, wire it via req.Host instead of h["Host"].

33-33: Mirror the same fix for retryablehttp.Request.

Use the same helper to dedupe/validate.

Apply this diff:
-        req.Header[nonCanonicalMIMEHeaderKey(header.Key)] = []string{header.Value}
+        setRawHeader(req.Header, header.Key, header.Value)
47-69: Avoid hand-rolled token-byte bitsets; prefer a well-tested helper or add tests.

Reimplementing RFC7230 tchar logic is brittle. Either:

Use golang.org/x/net/http/httpguts.IsTokenByte, or

Keep this function but add unit tests covering all allowed/disallowed bytes.

Option A (recommended):
-func validHeaderFieldByte(c byte) bool {
-    const mask = 0 |
-        (1<<(10)-1)<<'0' |
-        (1<<(26)-1)<<'a' |
-        (1<<(26)-1)<<'A' |
-        1<<'!' | 1<<'#' | 1<<'$' | 1<<'%' | 1<<'&' | 1<<'\'' |
-        1<<'*' | 1<<'+' | 1<<'-' | 1<<'.' | 1<<'^' | 1<<'_' |
-        1<<'`' | 1<<'|' | 1<<'~'
-    return ((uint64(1)<<c)&(mask&(1<<64-1)) |
-        (uint64(1)<<(c-64))&(mask>>64)) != 0
-}
+import "golang.org/x/net/http/httpguts"
+
+func validHeaderFieldByte(c byte) bool { return httpguts.IsTokenByte(c) }
If adding x/net is undesirable, I can generate a tight table-driven test to lock this down.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 876974f and 08e527a.

📒 Files selected for processing (1)

pkg/authprovider/authx/headers_auth.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.go: Format Go code using go fmt
Run static analysis with go vet

Files:

pkg/authprovider/authx/headers_auth.go

🧠 Learnings (1)

📚 Learning: 2024-12-13T08:42:57.506Z

Learnt from: dwisiswant0
PR: projectdiscovery/nuclei#5772
File: pkg/authprovider/authx/cookies_auth.go:36-38
Timestamp: 2024-12-13T08:42:57.506Z
Learning: In the `ApplyOnRR` method of `CookiesAuthStrategy` in `pkg/authprovider/authx/cookies_auth.go`, when setting cookies, only remove the cookies that are about to be set to avoid removing essential session cookies.

Applied to files:

pkg/authprovider/authx/headers_auth.go

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (1)

pkg/authprovider/authx/headers_auth.go (1)
27-29: Replace direct req.Header assignments with a safe setter that validates names and removes case-insensitive dupes

Direct map writes bypass canonicalization, allow case-only duplicates and illegal header bytes. Implement a small helper and use it (also guard nils and ensure req.Header != nil).

Change pkg/authprovider/authx/headers_auth.go — Apply (lines ~27–29) and ApplyOnRR (lines ~36–38): add nil checks, ensure req.Header is non-nil, and call setHeaderRaw instead of assigning req.Header[key] directly.

Also change pkg/protocols/http/build_request.go — replace the direct assignments at lines 411 and 449 (req.Header[key] = []string{value}) with the same safe logic (guard req.Header, then setHeaderRaw).

Add helper (either as a shared util or per-package) and imports. Example (copy as-is):
func (s *HeadersAuthStrategy) Apply(req *http.Request) {
-	for _, header := range s.Data.Headers {
-		req.Header[header.Key] = []string{header.Value}
-	}
+	if s == nil || s.Data == nil {
+		return
+	}
+	if req.Header == nil {
+		req.Header = make(http.Header)
+	}
+	for _, header := range s.Data.Headers {
+		setHeaderRaw(req.Header, header.Key, header.Value)
+	}
}

func (s *HeadersAuthStrategy) ApplyOnRR(req *retryablehttp.Request) {
-	for _, header := range s.Data.Headers {
-		req.Header[header.Key] = []string{header.Value}
-	}
+	if s == nil || s.Data == nil {
+		return
+	}
+	if req.Header == nil {
+		req.Header = make(http.Header)
+	}
+	for _, header := range s.Data.Headers {
+		setHeaderRaw(req.Header, header.Key, header.Value)
+	}
}
Helper and imports (add net/textproto and strings where you add the helper):
import (
    "net/http"
    "net/textproto"
    "strings"

    "github.com/projectdiscovery/retryablehttp-go"
)

func setHeaderRaw(h http.Header, key, value string) {
    if h == nil || key == "" {
        return
    }
    // Fallback to canonical form if any invalid byte is present.
    for i := 0; i < len(key); i++ {
        c := key[i]
        if c <= 0x20 || c >= 0x7f || strings.ContainsRune("()<>@,;:\\\"/[]?={} \t", rune(c)) {
            key = textproto.CanonicalMIMEHeaderKey(key)
            break
        }
    }
    // Remove existing keys equal by case-insensitive comparison to avoid duplicates.
    for k := range h {
        if strings.EqualFold(k, key) {
            delete(h, k)
        }
    }
    h[key] = []string{value}
}
Mirror the cookie-setting learning: only remove case-insensitive keys that collide with the key you are about to set.

Run gofmt and go vet locally after changes.

🧹 Nitpick comments (1)

pkg/authprovider/authx/headers_auth.go (1)
24-26: Clarify case‑preservation note (HTTP/2/3 lowercases headers).

Header names are case‑insensitive by spec; HTTP/2 and HTTP/3 force lowercase on the wire. Please avoid promising exact casing across all transports.

Apply this wording tweak:
-// NOTE: This preserves exact header casing (e.g., barAuthToken stays as barAuthToken)
-// This is useful for APIs that require case-sensitive header names
+// NOTE: Best‑effort: preserves header key bytes for HTTP/1.x. HTTP/2/3 lower‑case names on the wire.
+// Useful for HTTP/1.x backends or signing schemes that include header-name bytes.
Also applies to: 33-35

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e63d937 and 5b18ee8.

⛔ Files ignored due to path filters (1)

pkg/authprovider/authx/testData/example-auth.yaml is excluded by !**/*.yaml

📒 Files selected for processing (4)

README.md (1 hunks)
SYNTAX-REFERENCE.md (2 hunks)
pkg/authprovider/authx/file.go (2 hunks)
pkg/authprovider/authx/headers_auth.go (1 hunks)

✅ Files skipped from review due to trivial changes (3)

SYNTAX-REFERENCE.md
README.md
pkg/authprovider/authx/file.go

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.go: Format Go code using go fmt
Run static analysis with go vet

Files:

pkg/authprovider/authx/headers_auth.go

🧠 Learnings (1)

📚 Learning: 2024-12-13T08:42:57.506Z

Learnt from: dwisiswant0
PR: projectdiscovery/nuclei#5772
File: pkg/authprovider/authx/cookies_auth.go:36-38
Timestamp: 2024-12-13T08:42:57.506Z
Learning: In the `ApplyOnRR` method of `CookiesAuthStrategy` in `pkg/authprovider/authx/cookies_auth.go`, when setting cookies, only remove the cookies that are about to be set to avoid removing essential session cookies.

Applied to files:

pkg/authprovider/authx/headers_auth.go

🧬 Code graph analysis (1)

pkg/authprovider/authx/headers_auth.go (1)

pkg/fuzz/component/headers.go (1)

Header (12-16)

* CheckRDPEncryption * feat(templating): add vars templating into yaml inputs * fix: enhance code rabbit * fix: change gologger runner version * feat(ytt): add ytt files var + add vars from cli and config * feat: send struct from var file * fix code rabbit * fix(main.go): add errcheck * retain required empty spaces * fixing path * fixing test * use bytes slice * Add option to control number of concurrent templates loaded on startup * adding vnc auth * gen go+js * lint * no changes custom template message should be INF not ERR * Path-Based Fuzzing SQL fix (#6400) * setup claude * migrate to using errkit * fix unused imports + lint errors * update settings.json * fix url encoding issue * fix lint error * fix the path fuzzing component * fix lint error * fix(fuzz): handles duplicate multipart form field names (#6404) * fix: handle duplicate field names in multipart form encoding * fix(fuzz): handles `[]any` type in `*MultiPartForm.Encode` Signed-off-by: Dwi Siswanto <[email protected]> * test(fuzz): adds panic recovery & display encoded out Signed-off-by: Dwi Siswanto <[email protected]> * fix(fuzz): incorrectly treated mixed type field in `*MultiPartForm.Encode` Signed-off-by: Dwi Siswanto <[email protected]> * test(fuzz): refactor compare w decoded instead Signed-off-by: Dwi Siswanto <[email protected]> * chore(fuzz): prealloc for `[]any` type Signed-off-by: Dwi Siswanto <[email protected]> * fix(fuzz): treats nil value as empty string Signed-off-by: Dwi Siswanto <[email protected]> * chore(fuzz): rm early error return for non-array file Signed-off-by: Dwi Siswanto <[email protected]> * test(fuzz): adds `TestMultiPartFormFileUpload` test Signed-off-by: Dwi Siswanto <[email protected]> --------- Signed-off-by: Dwi Siswanto <[email protected]> Co-authored-by: yusei-wy <[email protected]> * limited test, instead of all * lint * integration test * lint * Update pkg/external/customtemplates/github.go Co-authored-by: Dwi Siswanto <[email protected]> * fix for error.Is false return * bump httpx version * chore(deps): bump github.com/go-viper/mapstructure/v2 Bumps the go_modules group with 1 update in the / directory: [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure). Updates `github.com/go-viper/mapstructure/v2` from 2.3.0 to 2.4.0 - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.4.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> * test(reporting/exporters/mongo): add mongo integration test with test… (#6237) * test(reporting/exporters/mongo): add mongo integration test with testcontainer-go module Signed-off-by: Lorenzo Susini <[email protected]> * execute exportes only on linux --------- Signed-off-by: Lorenzo Susini <[email protected]> Co-authored-by: Mzack9999 <[email protected]> * Refactor to use reflect.TypeFor (#6428) * issue / discussion template update * misc hyperlink update * link update * chore(deps): bump the modules group across 1 directory with 11 updates (#6438) * chore(deps): bump the modules group across 1 directory with 11 updates Bumps the modules group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.6` | `0.4.7` | | [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) | `0.0.92` | `0.0.93` | | [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) | `1.0.105` | `1.0.106` | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.120` | `1.0.121` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.5.0` | `0.5.1` | | [github.com/projectdiscovery/gozero](https://github.com/projectdiscovery/gozero) | `0.0.3` | `0.1.0` | | [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) | `0.0.81` | `0.0.82` | | [github.com/projectdiscovery/tlsx](https://github.com/projectdiscovery/tlsx) | `1.1.9` | `1.2.0` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.37` | `0.2.43` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.1.27` | `1.1.33` | Updates `github.com/projectdiscovery/fastdialer` from 0.4.6 to 0.4.7 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.6...v0.4.7) Updates `github.com/projectdiscovery/hmap` from 0.0.92 to 0.0.93 - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.92...v0.0.93) Updates `github.com/projectdiscovery/retryabledns` from 1.0.105 to 1.0.106 - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.105...v1.0.106) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.120 to 1.0.121 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.120...v1.0.121) Updates `github.com/projectdiscovery/dsl` from 0.5.0 to 0.5.1 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.5.0...v0.5.1) Updates `github.com/projectdiscovery/gozero` from 0.0.3 to 0.1.0 - [Release notes](https://github.com/projectdiscovery/gozero/releases) - [Commits](https://github.com/projectdiscovery/gozero/compare/v0.0.3...v0.1.0) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.20 to 0.1.21 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.20...v0.1.21) Updates `github.com/projectdiscovery/ratelimit` from 0.0.81 to 0.0.82 - [Release notes](https://github.com/projectdiscovery/ratelimit/releases) - [Commits](https://github.com/projectdiscovery/ratelimit/compare/v0.0.81...v0.0.82) Updates `github.com/projectdiscovery/tlsx` from 1.1.9 to 1.2.0 - [Release notes](https://github.com/projectdiscovery/tlsx/releases) - [Changelog](https://github.com/projectdiscovery/tlsx/blob/main/.goreleaser.yml) - [Commits](https://github.com/projectdiscovery/tlsx/compare/v1.1.9...v1.2.0) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.37 to 0.2.43 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.37...v0.2.43) Updates `github.com/projectdiscovery/cdncheck` from 1.1.27 to 1.1.33 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.27...v1.1.33) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.4.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/hmap dependency-version: 0.0.93 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryabledns dependency-version: 1.0.106 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.121 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gozero dependency-version: 0.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.21 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/ratelimit dependency-version: 0.0.82 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/tlsx dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.43 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.1.33 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> * bump * httpx dev * mod tidy --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mzack9999 <[email protected]> * Reporting validation (#6456) * add custom validator for reporting issues * use httpx dev branch * remove yaml marshal/unmarshal for validator callback * chore(deps): bump the workflows group across 1 directory with 2 updates (#6462) Bumps the workflows group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [actions/stale](https://github.com/actions/stale). Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) Updates `actions/stale` from 9 to 10 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v9...v10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows - dependency-name: actions/stale dependency-version: '10' dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: added new text/template syntax to jira custom fields * feat: added additional text/template helpers * dont load templates with the same ID * using synclockmap * lint * lint * chore(deps): bump the modules group with 9 updates Bumps the modules group with 9 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.7` | `0.4.9` | | [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) | `1.0.106` | `1.0.107` | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.121` | `1.0.123` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.5.1` | `0.6.0` | | [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) | `1.7.1-0.20250902174407-8d6c2658663f` | `1.7.1` | | [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.21` | `0.1.23` | | [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) | `0.4.24-0.20250823123502-bd7f2849ddb4` | `0.5.0` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.43` | `0.2.45` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.1.33` | `1.1.35` | Updates `github.com/projectdiscovery/fastdialer` from 0.4.7 to 0.4.9 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.7...v0.4.9) Updates `github.com/projectdiscovery/retryabledns` from 1.0.106 to 1.0.107 - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.106...v1.0.107) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.121 to 1.0.123 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.121...v1.0.123) Updates `github.com/projectdiscovery/dsl` from 0.5.1 to 0.6.0 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.5.1...v0.6.0) Updates `github.com/projectdiscovery/httpx` from 1.7.1-0.20250902174407-8d6c2658663f to 1.7.1 - [Release notes](https://github.com/projectdiscovery/httpx/releases) - [Changelog](https://github.com/projectdiscovery/httpx/blob/dev/.goreleaser.yml) - [Commits](https://github.com/projectdiscovery/httpx/commits/v1.7.1) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.21 to 0.1.23 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.21...v0.1.23) Updates `github.com/projectdiscovery/utils` from 0.4.24-0.20250823123502-bd7f2849ddb4 to 0.5.0 - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](https://github.com/projectdiscovery/utils/commits/v0.5.0) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.43 to 0.2.45 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.43...v0.2.45) Updates `github.com/projectdiscovery/cdncheck` from 1.1.33 to 1.1.35 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.33...v1.1.35) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.4.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryabledns dependency-version: 1.0.107 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.123 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/httpx dependency-version: 1.7.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.23 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/utils dependency-version: 0.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.45 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.1.35 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> * httpx fix * release fix * code from https://github.com/projectdiscovery/nuclei/pull/6427 * lint * centralizing ratelimiter logic * adding me * refactor * Remove the stack trace when the nuclei-ignore file does not exist (#6455) * remove the stack trace when the nuclei-ignore file does not exist * removing useless debug stack --------- Co-authored-by: Mzack9999 <[email protected]> * chore(deps): bump the modules group with 7 updates Bumps the modules group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.9` | `0.4.10` | | [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) | `0.0.93` | `0.0.94` | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.123` | `1.0.124` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.6.0` | `0.7.0` | | [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.23` | `0.1.24` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.45` | `0.2.46` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.1.35` | `1.1.36` | Updates `github.com/projectdiscovery/fastdialer` from 0.4.9 to 0.4.10 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.9...v0.4.10) Updates `github.com/projectdiscovery/hmap` from 0.0.93 to 0.0.94 - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.93...v0.0.94) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.123 to 1.0.124 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.123...v1.0.124) Updates `github.com/projectdiscovery/dsl` from 0.6.0 to 0.7.0 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.6.0...v0.7.0) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.23 to 0.1.24 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.23...v0.1.24) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.45 to 0.2.46 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.45...v0.2.46) Updates `github.com/projectdiscovery/cdncheck` from 1.1.35 to 1.1.36 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.35...v1.1.36) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.4.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/hmap dependency-version: 0.0.94 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.124 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.46 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.1.36 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> * fix: update go jira deps (#6475) * fix: handle jira deprecated endpoint * refactor: update Jira issue search result structure to include 'Self' field * Revert "refactor: update Jira issue search result structure to include 'Self' field" This reverts commit b0953419d33dff3fb61f1bcdcddab0ae759379b8. * Revert "fix: handle jira deprecated endpoint" This reverts commit 1fc05076cdb31906f403d80455b2e1609a66e2ae. * chore(deps): bump github.com/andygrunwald/go-jira to v1.16.1 and tidy * fix(jira): migrate Issue.Search to SearchV2JQL with explicit Fields * cache, goroutine and unbounded workers management (#6420) * Enhance matcher compilation with caching for regex and DSL expressions to improve performance. Update template parsing to conditionally retain raw templates based on size constraints. * Implement caching for regex and DSL expressions in extractors and matchers to enhance performance. Introduce a buffer pool in raw requests to reduce memory allocations. Update template cache management for improved efficiency. * feat: improve concurrency to be bound * refactor: replace fmt.Sprintf with fmt.Fprintf for improved performance in header handling * feat: add regex matching tests and benchmarks for performance evaluation * feat: add prefix check in regex extraction to optimize matching process * feat: implement regex caching mechanism to enhance performance in extractors and matchers, along with tests and benchmarks for validation * feat: add unit tests for template execution in the core engine, enhancing test coverage and reliability * feat: enhance error handling in template execution and improve regex caching logic for better performance * Implement caching for regex and DSL expressions in the cache package, replacing previous sync.Map usage. Add unit tests for cache functionality, including eviction by capacity and retrieval of cached items. Update extractors and matchers to utilize the new cache system for improved performance and memory efficiency. * Add tests for SetCapacities in cache package to ensure cache behavior on capacity changes - Implemented TestSetCapacities_NoRebuildOnZero to verify that setting capacities to zero does not clear existing caches. - Added TestSetCapacities_BeforeFirstUse to confirm that initial cache settings are respected and not overridden by subsequent capacity changes. * Refactor matchers and update load test generator to use io package - Removed maxRegexScanBytes constant from match.go. - Replaced ioutil with io package in load_test.go for NopCloser usage. - Restored TestValidate_AllowsInlineMultiline in load_test.go to ensure inline validation functionality. * Add cancellation support in template execution and enhance test coverage - Updated executeTemplateWithTargets to respect context cancellation. - Introduced fakeTargetProvider and slowExecuter for testing. - Added Test_executeTemplateWithTargets_RespectsCancellation to validate cancellation behavior during template execution. * Refactored header-based auth scans not to normalize the header names. (#6479) * Refactored header-based auth scans not to normalize the header names. * Removed the header validation as it's not really useful here. * adding docs --------- Co-authored-by: Mzack9999 <[email protected]> * docs: update syntax & JSON schema 🤖 * chore(deps): bump the modules group with 6 updates Bumps the modules group with 6 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.10` | `0.4.11` | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.124` | `1.0.125` | | [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.54` | `1.1.55` | | [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.24` | `0.1.25` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.46` | `0.2.47` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.1.36` | `1.2.0` | Updates `github.com/projectdiscovery/fastdialer` from 0.4.10 to 0.4.11 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.10...v0.4.11) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.124 to 1.0.125 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.124...v1.0.125) Updates `github.com/projectdiscovery/gologger` from 1.1.54 to 1.1.55 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.54...v1.1.55) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.24 to 0.1.25 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.24...v0.1.25) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.46 to 0.2.47 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.46...v0.2.47) Updates `github.com/projectdiscovery/cdncheck` from 1.1.36 to 1.2.0 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.1.36...v1.2.0) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.4.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.125 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.55 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.25 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.47 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> * Feat 6231 deadlock (#6469) * fixing recursive deadlock * using atomics * fixing init * feat(fuzz): enhance `MultiPartForm` with metadata APIs (#6486) * feat(fuzz): enhance `MultiPartForm` with metadata APIs * add `SetFileMetadata`/`GetFileMetadata` APIs for file metadata management. * implement RFC-2046 boundary validation (max 70 chars). * add boundary validation in `Decode` method. * fix `filesMetadata` initialization. * fix mem leak by removing defer from file reading loop. * fix file metadata overwriting by storing first file's metadata instead of last. Closes #6405, #6406 Signed-off-by: Dwi Siswanto <[email protected]> * chore(fuzz): satisfy lint errs Signed-off-by: Dwi Siswanto <[email protected]> --------- Signed-off-by: Dwi Siswanto <[email protected]> * jira: hotfix for Cloud to use /rest/api/3/search/jql (#6489) * jira: hotfix for Cloud to use /rest/api/3/search/jql in FindExistingIssue; add live test verifying v3 endpoint * jira: fix Cloud v3 search response handling (no total); set Self from base * fix lint error * tests(jira): apply De Morgan to satisfy staticcheck QF1001 * fix headless template loading logic when `-dast` option is enabled * fix: improve cleanup in parallel execution (#6490) * fixing logic * fix(templates): suppress warn code flag not found on validate. fixes #6498 Signed-off-by: Dwi Siswanto <[email protected]> * feat(config): adds known misc directories and excludes em in IsTemplate func. Signed-off-by: Dwi Siswanto <[email protected]> * fix(disk): uses `config.IsTemplate` instead fixes #6499 Signed-off-by: Dwi Siswanto <[email protected]> * chore(make): rm unnecessary flag on template-validate Signed-off-by: Dwi Siswanto <[email protected]> * refactor(confif): update known misc dirs & improve IsTemplate func Signed-off-by: Dwi Siswanto <[email protected]> * chore(deps): bump the modules group with 7 updates (#6505) Bumps the modules group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.125` | `1.0.126` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.7.0` | `0.7.1` | | [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.55` | `1.1.56` | | [github.com/projectdiscovery/mapcidr](https://github.com/projectdiscovery/mapcidr) | `1.1.34` | `1.1.95` | | [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) | `0.5.0` | `0.6.0` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.47` | `0.2.48` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.0` | `1.2.3` | Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.125 to 1.0.126 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.125...v1.0.126) Updates `github.com/projectdiscovery/dsl` from 0.7.0 to 0.7.1 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.7.0...v0.7.1) Updates `github.com/projectdiscovery/gologger` from 1.1.55 to 1.1.56 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.55...v1.1.56) Updates `github.com/projectdiscovery/mapcidr` from 1.1.34 to 1.1.95 - [Release notes](https://github.com/projectdiscovery/mapcidr/releases) - [Changelog](https://github.com/projectdiscovery/mapcidr/blob/main/.goreleaser.yml) - [Commits](https://github.com/projectdiscovery/mapcidr/compare/v1.1.34...v1.1.95) Updates `github.com/projectdiscovery/utils` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](https://github.com/projectdiscovery/utils/compare/v0.5.0...v0.6.0) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.47 to 0.2.48 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.47...v0.2.48) Updates `github.com/projectdiscovery/cdncheck` from 1.2.0 to 1.2.3 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.0...v1.2.3) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.126 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.7.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.56 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/mapcidr dependency-version: 1.1.95 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/utils dependency-version: 0.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.48 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(config): normalize `fpath` in `IsTemplate` * normalize file `fpath` in `IsTemplate` using filepath.FromSlash to ensure consistent matching across platforms. * update `GetKnownMiscDirectories` docs to clarify that trailing slashes prevent false positives, since `IsTemplate` compares against normalized full paths. Signed-off-by: Dwi Siswanto <[email protected]> * ai recommendations * chore(deps): bump the modules group with 10 updates Bumps the modules group with 10 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.11` | `0.4.12` | | [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) | `0.0.94` | `0.0.95` | | [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) | `1.0.107` | `1.0.108` | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.126` | `1.0.127` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.7.1` | `0.7.2` | | [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.56` | `1.1.57` | | [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.25` | `0.1.26` | | [github.com/projectdiscovery/useragent](https://github.com/projectdiscovery/useragent) | `0.0.101` | `0.0.102` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.48` | `0.2.49` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.3` | `1.2.4` | Updates `github.com/projectdiscovery/fastdialer` from 0.4.11 to 0.4.12 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.11...v0.4.12) Updates `github.com/projectdiscovery/hmap` from 0.0.94 to 0.0.95 - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.94...v0.0.95) Updates `github.com/projectdiscovery/retryabledns` from 1.0.107 to 1.0.108 - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.107...v1.0.108) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.126 to 1.0.127 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.126...v1.0.127) Updates `github.com/projectdiscovery/dsl` from 0.7.1 to 0.7.2 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.7.1...v0.7.2) Updates `github.com/projectdiscovery/gologger` from 1.1.56 to 1.1.57 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.56...v1.1.57) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.25 to 0.1.26 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.25...v0.1.26) Updates `github.com/projectdiscovery/useragent` from 0.0.101 to 0.0.102 - [Release notes](https://github.com/projectdiscovery/useragent/releases) - [Commits](https://github.com/projectdiscovery/useragent/compare/v0.0.101...v0.0.102) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.48 to 0.2.49 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.48...v0.2.49) Updates `github.com/projectdiscovery/cdncheck` from 1.2.3 to 1.2.4 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.4.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/hmap dependency-version: 0.0.95 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryabledns dependency-version: 1.0.108 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.127 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.7.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.57 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.26 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/useragent dependency-version: 0.0.102 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.49 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> * feat: http(s) probing optimization * small changes * updating docs * chore(typos): fix typos * log failed expr compilations * Update Go version badge in README update accordingly * Update README.md edit correct version of go * Update Go version requirement in README (#6529) need to update required go version from 1.23 to >=1.24.1 * fix(variable): global variable not same between two request in flow mode (#6395) * fix(variable): global variable not same between two request in flow mode(#6337) * update gitignore --------- Co-authored-by: chuu <[email protected]> Co-authored-by: PDTeamX <[email protected]> Co-authored-by: Mzack9999 <[email protected]> * chore: add typos check into tests CI Signed-off-by: Dwi Siswanto <[email protected]> * chore(deps): bump github/codeql-action in the workflows group Bumps the workflows group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): bump the modules group with 7 updates Bumps the modules group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.12` | `0.4.13` | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.127` | `1.0.128` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.7.2` | `0.8.0` | | [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.57` | `1.1.58` | | [github.com/projectdiscovery/mapcidr](https://github.com/projectdiscovery/mapcidr) | `1.1.95` | `1.1.96` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.49` | `0.2.50` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.4` | `1.2.5` | Updates `github.com/projectdiscovery/fastdialer` from 0.4.12 to 0.4.13 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.12...v0.4.13) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.127 to 1.0.128 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.127...v1.0.128) Updates `github.com/projectdiscovery/dsl` from 0.7.2 to 0.8.0 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.7.2...v0.8.0) Updates `github.com/projectdiscovery/gologger` from 1.1.57 to 1.1.58 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.57...v1.1.58) Updates `github.com/projectdiscovery/mapcidr` from 1.1.95 to 1.1.96 - [Release notes](https://github.com/projectdiscovery/mapcidr/releases) - [Changelog](https://github.com/projectdiscovery/mapcidr/blob/main/.goreleaser.yml) - [Commits](https://github.com/projectdiscovery/mapcidr/compare/v1.1.95...v1.1.96) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.49 to 0.2.50 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.49...v0.2.50) Updates `github.com/projectdiscovery/cdncheck` from 1.2.4 to 1.2.5 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.4...v1.2.5) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.4.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.128 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.58 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/mapcidr dependency-version: 1.1.96 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.50 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> * docs: update syntax & JSON schema 🤖 * Revert "chore: add typos check into tests CI" This reverts commit 73e70ea49d18faee311be47a4207de8e476ee3a3. * chore: preserve issue report w/ issue form (#6531) Signed-off-by: Dwi Siswanto <[email protected]> * perf(loader): reuse cached parsed templates (#6504) * perf(loader): reuse cached parsed templates in `(*Store).areWorkflowOrTemplatesValid`, which is being called during template `-validate`-ion. Signed-off-by: Dwi Siswanto <[email protected]> * refactor(testutils): optionally assign template info in `NewMockExecuterOptions`, which is not required for specific case, like when we want to `(*Store).ValidateTemplates`. Signed-off-by: Dwi Siswanto <[email protected]> * test(loader): adds `(*Store).ValidateTemplates` bench Signed-off-by: Dwi Siswanto <[email protected]> * refactor(templates): adds fast read parser Signed-off-by: Dwi Siswanto <[email protected]> * test(templates): adds `Parser*` benchs Signed-off-by: Dwi Siswanto <[email protected]> * chore(templates): satisfy lints Signed-off-by: Dwi Siswanto <[email protected]> * revert(templates): rm fast read parser Signed-off-by: Dwi Siswanto <[email protected]> --------- Signed-off-by: Dwi Siswanto <[email protected]> * fix: Add important context to `tl` flag option * feat: template list alphabetical order * fix: Implement coderabbit suggestion * Http probing optimizations high ports (#6538) * feat: Assume HTTP(S) server on high port is HTTP * feat: enhance http probing tests * improving issue description --------- Co-authored-by: Matej Smycka <[email protected]> Co-authored-by: Mzack9999 <[email protected]> * chore(deps): bump the modules group with 5 updates (#6543) Bumps the modules group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.128` | `1.0.129` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.0` | `0.8.1` | | [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.58` | `1.1.59` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.50` | `0.2.51` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.5` | `1.2.6` | Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.128 to 1.0.129 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.128...v1.0.129) Updates `github.com/projectdiscovery/dsl` from 0.8.0 to 0.8.1 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.0...v0.8.1) Updates `github.com/projectdiscovery/gologger` from 1.1.58 to 1.1.59 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.58...v1.1.59) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.50 to 0.2.51 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.50...v0.2.51) Updates `github.com/projectdiscovery/cdncheck` from 1.2.5 to 1.2.6 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.5...v1.2.6) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.129 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.8.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.59 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.51 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fixing failing integration tests * clean up pools after 24hours inactivity * fixing lint * fixing go routine leak * bump utils * fixing leak * fixing syntax * removing go logo * fix: populate req_url_pattern before event creation (#6547) * refactor(disk): templates catalog (#5914) * refactor(disk): templates catalog Signed-off-by: Dwi Siswanto <[email protected]> * feat(disk): drying err Signed-off-by: Dwi Siswanto <[email protected]> * feat(disk): simplify `DiskCatalog.OpenFile` method since `BackwardsCompatiblePaths` func is already deprecated. Signed-off-by: Dwi Siswanto <[email protected]> * test: update functional test cases Signed-off-by: Dwi Siswanto <[email protected]> * feat: reuse error Signed-off-by: Dwi Siswanto <[email protected]> * fix(disk): handle glob errors consistently Signed-off-by: Dwi Siswanto <[email protected]> * fix(disk): use forward slashes for fs.FS path ops to fix Windows compat. The io/fs package requires forward slashes ("/") as path separators regardless of the OS. Using [filepath.Separator] or [os.PathSeparator] breaks [fs.Open] and [fs.Glob] ops on Windows where the separator is backslash ("\"). Signed-off-by: Dwi Siswanto <[email protected]> --------- Signed-off-by: Dwi Siswanto <[email protected]> * adding support for execution in docker * adding test for virtual code * executing virtual only on linux * chore(deps): bump actions/upload-artifact in the workflows group Bumps the workflows group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): bump the modules group with 5 updates (#6551) Bumps the modules group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.13` | `0.4.14` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.1` | `0.8.2` | | [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) | `0.1.26` | `0.1.27` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.51` | `0.2.52` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.6` | `1.2.7` | Updates `github.com/projectdiscovery/fastdialer` from 0.4.13 to 0.4.14 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.13...v0.4.14) Updates `github.com/projectdiscovery/dsl` from 0.8.1 to 0.8.2 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.1...v0.8.2) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.26 to 0.1.27 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.26...v0.1.27) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.51 to 0.2.52 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.51...v0.2.52) Updates `github.com/projectdiscovery/cdncheck` from 1.2.6 to 1.2.7 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.6...v1.2.7) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.4.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.27 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.52 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.7 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fixing tests * adding virtual python * adding xpath + json extractors * adding tests * chore: satisfy lints Signed-off-by: Dwi Siswanto <[email protected]> * using clone options for auth store * fix(headless): fixed memory leak issue during page initialization (#6569) * fix(headless): fixed memory leak issue during page initialization * fix(headless): typo fix and added comment * fix(headless): one more typo fix * feat: best-effort keyboard-interactive support for SSH * fix: provide answer only when asked for * fix: add logging * feat(js): enhance SSH keyboard interactive auth by: * implement regex-based prompt matching for password variants. * add support for filling username prompts in keyboard interactive challenges. * improve debug logging with structured output. this addresses issues with servers using non-standard prompt formats and provides better visibility into auth failures. Signed-off-by: Dwi Siswanto <[email protected]> * chore(js): migrate `github.com/go-pg/pg` => `github.com/go-pg/pg/v10` Signed-off-by: Dwi Siswanto <[email protected]> * feat(templates): add file metadata fields to `parsedTemplate` (#6534) * feat(templates): add file metadata fields to `parsedTemplate` to track template file information for cache validation purposes. closes #6515. Signed-off-by: Dwi Siswanto <[email protected]> * chore(templates): satisfy lints Signed-off-by: Dwi Siswanto <[email protected]> --------- Signed-off-by: Dwi Siswanto <[email protected]> * chore(deps): bump the modules group with 7 updates Bumps the modules group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.4.14` | `0.4.15` | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.0.129` | `1.0.130` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.2` | `0.8.3` | | [github.com/projectdiscovery/mapcidr](https://github.com/projectdiscovery/mapcidr) | `1.1.96` | `1.1.97` | | [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) | `0.6.1-0.20251022145046-e013dc9c5bed` | `0.6.1-0.20251030144701-ce5c4b44e1e6` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.52` | `0.2.53` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.7` | `1.2.8` | Updates `github.com/projectdiscovery/fastdialer` from 0.4.14 to 0.4.15 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.14...v0.4.15) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.129 to 1.0.130 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.129...v1.0.130) Updates `github.com/projectdiscovery/dsl` from 0.8.2 to 0.8.3 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.2...v0.8.3) Updates `github.com/projectdiscovery/mapcidr` from 1.1.96 to 1.1.97 - [Release notes](https://github.com/projectdiscovery/mapcidr/releases) - [Changelog](https://github.com/projectdiscovery/mapcidr/blob/main/.goreleaser.yml) - [Commits](https://github.com/projectdiscovery/mapcidr/compare/v1.1.96...v1.1.97) Updates `github.com/projectdiscovery/utils` from 0.6.1-0.20251022145046-e013dc9c5bed to 0.6.1-0.20251030144701-ce5c4b44e1e6 - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](https://github.com/projectdiscovery/utils/commits) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.52 to 0.2.53 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.52...v0.2.53) Updates `github.com/projectdiscovery/cdncheck` from 1.2.7 to 1.2.8 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.7...v1.2.8) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.4.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.130 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.8.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/mapcidr dependency-version: 1.1.97 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/utils dependency-version: 0.6.1-0.20251030144701-ce5c4b44e1e6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.53 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.8 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> * fix(templates): mem leaks in parser cache Fixes duplicate template storage & removes unnecessary raw bytes caching. Mem usage reduced by ~30%. > 423MB => 299MB heap alloc. * Use `StoreWithoutRaw()` to avoid storing raw bytes. * Remove duplicate storage in both caches. * Remove ineffective raw bytes retrieval logic. Benchmarks show 45% perf improvement with no regressions. Signed-off-by: Dwi Siswanto <[email protected]> * fix(http): resolve timeout config issues (#6562) across multiple layers Fixes timeout configuration conflicts where HTTP requests would timeout prematurely despite configured values in `@timeout` annotations or `-timeout` flags. RCA: * `retryablehttp` pkg overriding with default 30s timeout. * Custom timeouts not propagating to `retryablehttp` layer. * Multiple timeout layers not sync properly. Changes: * Propagate custom timeouts from `@timeout` annotations to `retryablehttp` layer. * Adjust 5-minute maximum cap to prevent DoS via extremely large timeouts. * Ensure `retryableHttpOptions.Timeout` respects `ResponseHeaderTimeout`. * Add comprehensive tests for timeout capping behavior. This allows templates to override global timeout via `@timeout` annotations while preventing abuse thru unreasonably large timeout values. Fixes #6560. Signed-off-by: Dwi Siswanto <[email protected]> * add env variable for nuclei tempaltes dir * chore(deps): bump github.com/opencontainers/runc Bumps the go_modules group with 1 update in the / directory: [github.com/opencontainers/runc](https://github.com/opencontainers/runc). Updates `github.com/opencontainers/runc` from 1.2.3 to 1.2.8 - [Release notes](https://github.com/opencontainers/runc/releases) - [Changelog](https://github.com/opencontainers/runc/blob/v1.2.8/CHANGELOG.md) - [Commits](https://github.com/opencontainers/runc/compare/v1.2.3...v1.2.8) --- updated-dependencies: - dependency-name: github.com/opencontainers/runc dependency-version: 1.2.8 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> * adding env tests on linux * docs: update syntax & JSON schema 🤖 * chore(deps): bump the modules group with 4 updates Bumps the modules group with 4 updates: [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go), [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck). Updates `github.com/projectdiscovery/retryablehttp-go` from 1.0.130 to 1.0.131 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.130...v1.0.131) Updates `github.com/projectdiscovery/dsl` from 0.8.3 to 0.8.4 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.3...v0.8.4) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.53 to 0.2.54 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.53...v0.2.54) Updates `github.com/projectdiscovery/cdncheck` from 1.2.8 to 1.2.9 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Changelog](https://github.com/projectdiscovery/cdncheck/blob/main/.goreleaser.yaml) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.8...v1.2.9) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.0.131 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl depe…

Refactored header-based auth scans not to normalize the header names.

08e527a

auto-assign Bot requested a review from Mzack9999 September 14, 2025 01:24

coderabbitai Bot reviewed Sep 14, 2025

View reviewed changes

Comment thread pkg/authprovider/authx/headers_auth.go Outdated

Removed the header validation as it's not really useful here.

e63d937

ehsandeep mentioned this pull request Sep 14, 2025

Prevent authenticated scans from setting canonicalized headers #6480

Closed

ehsandeep linked an issue Sep 14, 2025 that may be closed by this pull request

Prevent authenticated scans from setting canonicalized headers #6480

Closed

adding docs

5b18ee8

Mzack9999 approved these changes Sep 15, 2025

View reviewed changes

Mzack9999 requested a review from ehsandeep September 15, 2025 21:09

coderabbitai Bot reviewed Sep 15, 2025

View reviewed changes

ehsandeep approved these changes Sep 15, 2025

View reviewed changes

ehsandeep merged commit 792998d into projectdiscovery:dev Sep 15, 2025
21 checks passed

BrewTestBot mentioned this pull request Nov 14, 2025

nuclei 3.5.0 Homebrew/homebrew-core#254453

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactored header-based auth scans not to normalize the header names.#6479

Refactored header-based auth scans not to normalize the header names.#6479
ehsandeep merged 3 commits into
projectdiscovery:devfrom
halcyondream:dev

halcyondream commented Sep 14, 2025 •

edited by coderabbitai Bot

Loading

Uh oh!

coderabbitai Bot commented Sep 14, 2025 •

edited

Loading

Uh oh!

coderabbitai Bot left a comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

halcyondream commented Sep 14, 2025 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed changes

Checklist

Summary by CodeRabbit

Uh oh!

coderabbitai Bot commented Sep 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

Poem

Pre-merge checks and finishing touches

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

halcyondream commented Sep 14, 2025 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Sep 14, 2025 •

edited

Loading