projectdiscovery/nuclei v2.9.9

v2.9.9 (Security Update)

on GitHub

What's Changed

🎉 Features

• Added env variable support to disable automatic template update from specifc source (#3705) by @kchason in #3926

export DISABLE_NUCLEI_TEMPLATES_PUBLIC_DOWNLOAD=true # Disable download from the default nuclei-templates project
export DISABLE_NUCLEI_TEMPLATES_GITHUB_DOWNLOAD=true # Disable download from public / private GitHub project(s)
export DISABLE_NUCLEI_TEMPLATES_GITLAB_DOWNLOAD=true # Disable download from public / private GitLab project(s)
export DISABLE_NUCLEI_TEMPLATES_AWS_DOWNLOAD=true # Disable download from public / private AWS Bucket(s)
export DISABLE_NUCLEI_TEMPLATES_AZURE_DOWNLOAD=true # Disable download from public / private Azure Blob Storage

• Added helper function to calculate jarm hash by @Mzack9999 in #3906

{{jarm("1.1.1.1:443")}}

• Added support for disable-path-automerge in unsafe mode by @RamanaReddy0M in #3888
• Added request/reponse in include in result as default by @kchason in #3710
• Added epss-percentile attribute template classification section by @ehsandeep in #3911

  classification:
    epss-percentile: 0.00064

• Added option to optionally exclude request/reponse in results by @kchason in #3710

   -or, -omit-raw  omit request/response pairs in the JSON, JSONL, and Markdown outputs (for findings only)

• Added automatic target merge in network templates by @Mzack9999 in #3904

🐞 Bugs

• Fixed issue in workflow concurrency by @Mzack9999 in #3903

🔨 Maintenance

• Fixed issue in the payload generator by @tarunKoyalwar in #3918

🔨 Other Changes

• Added ztls fallback support as default for tls connection by @tarunKoyalwar in #3909

⚠️ Security (breaking change)

• Fixed issue with payloads loading in sandbox mode by @Mzack9999 in #3927
• Disabled payload loading from arbitrary location as default by @Ice3man543 in #3927
• Added option to disable network connection to local / private by @Ice3man543 in #3927

   -lfa, -allow-local-file-access        allows file (payload) access anywhere on the system
   -lna, -restrict-local-network-access  blocks connections to the local / private network

🔨 Deprecated

• -sandbox option (now brokedown into two new option -lfa, -lna)
• -irr, -include-rr option (now enabled as default)

Issues closed in this release - https://github.com/projectdiscovery/nuclei/milestone/36?closed=1

Full Changelog: v2.9.8...v2.9.9