Welcome to the July edition of the ProjectDiscovery Community Newsletter. As summer moves along, so too have the team been hard at work improving and iterating on our tools and templates, alongside our valuable community contributions.
Our updates from the last few weeks can be caught up on below, and of course keep looking out for the latest news and developments in vulnerability and cybersecurity technology as we continue to share them with you. We’ll also keep highlighting contributions from our incredible community who, as always, bring fresh new ideas and innovations to our tools. And of course, don’t forget to join us on GitHub and Discord to share your thoughts and be part of the discussion!
Release notes
Nuclei v3.3.0
Some bug fixes were added in this update, specifically addressing security issues with use of custom workflows, and issues to reduce memory usage by javascript templates being fixed. Inclusion of cname
information in http output was added, along with the ability to register goja function (isUDPPortOpen
) to check UDP port.
As a note of caution, with the changes in #5228 that come along with this release, some options have been removed from CLI and are configured implicitly. Please check the release notes for more information!
httpx v1.6.6
A few changes in this release included md5 hash for favicon in jsonl output being added, and issues with -fs
filtering being fixed.
Nuclei Templates
July stats
This month’s update saw 75 new templates added, 29 CVEs, and valuable additions from 5 first-time contributors in version 9.9.1. In 9.9.2, 67 new templates were added, along with 32 new CVEs and 7 new contributors.
Critical release highlights in 9.9.1 include Remote Code Execution for Ollama, Local File Inclusion for Splunk Enterprise, and GeoServer RCE in Evaluating Property Name Expressions.
ManageEngine Desktop Central Java Deserialization was also added, as was a CVE to address SQL injection vulnerabilities in the Quiz Maker plugin for WordPress.
In 9.9.2, an issue was corrected with mismatched redirects, and an invalid template error for CVE-2024-36991 was resolved. False positives and negatives were fixed, including improved detection in the SVN configuration leak template to reducing underreporting, and reduced false positives and improved accuracy for IdeMia biometrics default login, jan-file-upload, Apache XSS and more. We also enhanced detection capabilities in dom-xss.yaml, and improved accuracy in generic-xxe.yaml
Huge thanks to our contributors on these releases - @doug-threatmate, @kaks3c, @gy741, @s4e-garage, @iamnoooob, @king-alexander, @johnk3r, @xiaoWangSec, @userdehghani, @icarot, @mohsen, @ricardomaia, @kazet, @abut0n, @righettod, @efran, @Farish, @sumanth, @robotshell, @Qotoz, @Podalirius, @omranisecurity, @Pastaga, @DefTe, @vince-isec, @arliya and @Co5mos.
And, congratulations to our first-time contributors: @KristinnVikar, @boy-hack, @Aituglo, @yhy0 , @JohnDoeAnonITA , @zeroc00I , @IPv4v6, @BitThr3at, @kimtruth, @omranisecurity, @divatchyano , @Sumanthsec, @allendemoura, @Matsue and @adeljck.
Other news
Highlights
Is Nuclei any good for API hacking? Dana Epp explores the possibilities: https://danaepp.com/is-nuclei-any-good-for-api-hacking
Discover three ways to get ideas for creating your own Nuclei templates with Ott3rly: https://www.youtube.com/watch?v=Xu2f7mFCeMc
Nuclei is a powerful tool in your vulnerability assessments. Read Joseph Damon’s article on using it to elevate your security posture: https://josephmdamon.com/discover-nuclei/
Unleashing the power of ProjectDiscovery’s tools for cybersecurity: https://www.linkedin.com/posts/soumyaswarupsahoo_cybersecurity-projectdiscovery-vulnerabilitymanagement-activity-7219223160062140416-LmZ6/
Listen to the first community-generated song created using a Nuclei template as inspiration: https://x.com/geeknik/status/1811769517841760704
Join our community
Our diverse community spans members from full-time bug bounty hunters to Fortune 500 security engineers.
Thanks,
The ProjectDiscovery Team
If you have any feedback or ideas for our Community Newsletter, please share them by filling out this form. You can provide links or suggestions for content that you would like to see in the newsletter.