It’s almost the end of the year, and the holidays are upon us! 🎄
Before taking a well-earned break though, the ProjectDiscovery team are here to give our last round of 2024 updates.
Along with additions and fixes for a couple of our tools, we’ve expanded Nuclei templates to include a new set of templates focused on Windows Security Hardening and Auditing - find out more on what’s included in this update by reading on!
Alongside our new series of YouTube videos, we’re also shining a spotlight on video content made by members of the PD community this month. While this is just a highlight, we’ve gathered a repository of them over on our Discord channel - and we look forward to all of the dynamic, informative PD content you’re all able to create in the new year!
As always, our GitHub and Discord are open to you all, and it’s never too late to join in. We’d love to see you there, and in the meantime, have a great holiday season.
See you in 2025! 🎆 🥂
Release notes
Nuclei v3.3.7
Our Nuclei release this month focused on a couple of new features and some bug fixes. Worthy of note are the additions of a OS_MAX_THREADS_ENV environment variable, to control the maximum number of OS threads the Go program can utilize, and enable-global-matchersoption to control the execution of global matchers.
Trailing comma issues in the JSONL exporter were fixed, as well as a template signing signature issue caused by OS-specific line breaks.
katana v1.1.2
Some additions were made in this katana release, including a fix for higher usage of memory and CPU when running katana. A content len field was also added, and -tech-detect was changed to an optional feature instead of being enabled by default.
Nuclei Templates
December stats
Our December expansion to Nuclei Templates comes with the addition of 110 new templates, as well as 5 new contributors and 23 new CVEs.
Our highlight this v10.1.0 release is an exciting new set of templates tailored for Windows Security Hardening and Auditing. Packed with a comprehensive array of security checks specifically designed for Windows environments, this update addresses issues in crucial areas like password policies, encryption settings, certificate validation and more.
With these Windows-specific templates, we’ve provided security teams with the tools they need to conduct thorough audits of their Windows configurations. Any feedback you might have on these templates, please don’t hesitate to reach out and let us know!
Other exciting updates this release include CVEs addressing vulnerabilities related to remote code execution in WP Query Console, arbitrary file reading on Ivanti Avalanche SmartDeviceServer, and authentication bypass in Really Simple Security.
Huge thanks to our contributors on all of these releases - @s4e-io, @watchtowr, @johnk3r, @hnd3884, @gy741, @EgemenKochisarli, @righettod, @ricardomaia and @l1b3r
And, congratulations to our first-time contributors: @bf-rbrown, @SecGus, @proabiral, @gnuletik, @ret2src, @shamo0 and @sorrowx3
Other news
Other exciting updates this release include CVEs addressing vulnerabilities related to remote code execution in WP Query Console, arbitrary file reading on Ivanti Avalanche SmartDeviceServer, and authentication bypass in Really Simple Security.
Highlights
ProjectDiscovery v0.9.3 - free monthly vulnerability scanning for all subdomains of your organization’s domain!
Learn more
Missed our December Tips and Tricks videos? Catch up with our YouTube playlist, and join our 3,000 subscribers!
Watch on YouTube
Is Nuclei good for API hacking? Find out in Dana Epp’s blog post.
View the post
How do you actively and regularly monitor changes in your internet-facing assets, while also leveraging this approach for bug bounty hunting? Roman Kulich believes the answer lies in ProjectDiscovery’s Cloud Platform.
Read on LinkedIn
Community Videos
This month, we’re excited to highlight some of the multimedia creations of our very own ProjectDiscovery community! You can find a full collection of videos in our Discord channel - but for now, here are some of the highlights.
Hardik Shah breaks down Nuclei installation.
Watch the video
InfoVerse Tech shows how to scan for vulnerabilities using Nuclei in Linux.
Watch the video
STÖK’s Bounty Tuesday covers how to find security bugs while you sleep using Nuclei Templates.
Watch the video
Join our community
Our diverse community spans members from full-time bug bounty hunters to Fortune 500 security engineers. Let's go!
Thanks,
The ProjectDiscovery Team
If you have any feedback or ideas for our Community Newsletter, please share them by filling out this form. You can provide links or suggestions for content that you would like to see in the newsletter.