Table of Contents
Authors
With winter almost over and spring on the horizon, February is a time for new growth - and that’s true for ProjectDiscovery as well! This month, we’re proud to highlight a couple of major milestones in our journey, both of which we couldn’t have achieved without our amazing community.
First, we’re so excited to announce that we’ve reached 100,000 GitHub stars across our OSS projects! This wouldn’t have been possible without everyone who’s contributed, used our tools, and offered their support along the way. Thank you, and we can’t wait to keep building with you! 🎉
We also launched ProjectDiscovery v1 this month, with a week-long dive into how we’re helping to shape the future of vulnerability management. Read on to learn more and see how you can experience it for yourself!
In the meantime, you can find us over on GitHub and Discord for questions and discussion. We can’t wait to see you there!
In the news
ProjectDiscovery v1 Launch
This month, we’re proud to introduce ProjectDiscovery v1 - the first major step toward a better, more forward-thinking model of vulnerability detection and management.
In v1, you'll find the culmination of our learnings and the beginning of something even bigger. Together, we're creating a future where vulnerability management is a proactive force that empowers security teams to move faster.
Community Videos
Check out our latest community video, which we also compile in a dedicated channel over on the ProjectDiscovery Discord!
Matthew Toussain takes a deep dive into Vulnerability-centric pentesting for Wild West Hackin’ Fest.
Watch the video
How do you use AI to find and learn about bugs? atomiczsec breaks down the process and features Nuclei in this YouTube video.
Watch the video
Highlights
Introducing Nuclei AI prompts - a platform created by Hüseyin Tıntaş, providing a curated collection of ready-to-use security prompts for Nuclei.
Check it out at nucleiprompts.com!
Nuclei Templates
February stats
February saw another amazing round of contributions to Nuclei templates, with 52 new templates being added altogether. 11 first-time contributors offered their expertise, and 25 new CVEs were added.
Some highlights worth noting - issues were addressed with an improper authentication vulnerability in the SSLVPN authentication mechanism. This in turn would allow a remote attacker to bypass authentication. We also fixed an authentication bypass in the Palo Alto Networks PAN-OS software, which enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface.
False negatives for wp-user-enum.yaml and wp-user-enum.yaml have been fixed, as well as false positives for http/technologies/ivanti-epm-detect.yaml and Next.js - Cache Poisoning - Headers.
Huge thanks to our contributors on all of these releases - @RamanaReddy0M, @doug-threatmate, @AdallomRoy, @meme-lord, @johnk3r, @soonghee2, @lee, @s4e-io, @0xByteHunter, @gaurang, @righettod, @rxerium, @chirag and @3th1c_yuk1.
And, congratulations to our first-time contributors: @noctisatrae, @tomorrow9913, @nukunga, @hatamiarash7, @v0ctor, @Lercas, @Jarro01X, @piguagua, @kilavvy, 1hehaq, @hyni03, @nukunga, @thurrsense, @cn-kali-team, @Sechunt3r, @mistry4592, @nblirwn, @VulnScout-Chris, @missing0x00, @babariviere, @kee-reel, @halil-s4e, @domwhewell-sage, @mpatil-netspi and @halencarjunior.
Join our community
Our diverse community spans members from full-time bug bounty hunters to Fortune 500 security engineers. Let's go!
Thanks,
The ProjectDiscovery Team
If you have any feedback or ideas for our Community Newsletter, please share them by filling out this form. You can provide links or suggestions for content that you would like to see in the newsletter.