v9.8.0 - Catch 'Em All: Network Vulnerabilities
🔥 Release Highlights 🔥
We're thrilled to share that with the launch of Nuclei Templates version 9.8.0, we've broadened our scope in network security checks. Our template library now boasts over 8,000 entries, encompassing more than 7,202 templates for web applications. This collection includes 2,200 web-related CVEs and features more than 850 templates aimed at identifying web vulnerabilities.
With the help of active community contributions, we have been adding all the latest web CVEs and vulnerabilities in the wild. While we continue to do so, we are focused on expanding our template offerings to include network vulnerabilities, providing the most comprehensive scanning.
With this release, we're inviting contributors to aid us in enriching our network vulnerability detection, facilitated by the new JS protocol. This makes it simpler to incorporate network checks through the newly introduced JS modules. For guidance on crafting JS templates, check out our documentation here.
Next, we are aiming to expand coverage of LDAP and Kerberos related checks. We are looking forward to getting more contributions from the community
What's Changed
New Templates Added: 85
| CVEs Added: 8
| First-time contributions: 5
- http/cves/2023/CVE-2023-49785.yaml by @high 🔥
- http/cves/2023/CVE-2023-5830.yaml by @mbb5546
- http/cves/2023/CVE-2023-5914.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-6114.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-6567.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-1212.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-1698.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-27954.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- javascript/audit/mysql/mysql-load-file.yaml by @pussycat0x
- javascript/enumeration/mysql/mysql-default-login.yaml by @dhiyaneshdk,@pussycat0x,@ritikchaddha
- javascript/enumeration/mysql/mysql-info.yaml by @pussycat0x
- javascript/enumeration/mysql/mysql-show-databases.yaml by @dhiyaneshdk
- javascript/enumeration/mysql/mysql-show-variables.yaml by @dhiyaneshdk
- javascript/enumeration/mysql/mysql-user-enum.yaml by @pussycat0x
- javascript/enumeration/pop3/pop3-capabilities-enum.yaml by @pussycat0x
- javascript/enumeration/redis/redis-info.yaml by @dhiyaneshdk
- javascript/enumeration/redis/redis-require-auth.yaml by @dhiyaneshdk
- javascript/enumeration/rsync/rsync-version.yaml by @dhiyaneshdk
- javascript/enumeration/smb/smb-default-creds.yaml by @pussycat0x
- javascript/enumeration/smb/smb-enum-domains.yaml by @dhiyaneshdk
- javascript/enumeration/smb/smb-os-detect.yaml by @pussycat0x
- javascript/enumeration/smb/smb-version-detect.yaml by @pussycat0x
- javascript/enumeration/smb/smb2-server-time.yaml by @dhiyaneshdk
- javascript/misconfiguration/mysql/mysql-empty-password.yaml by @dhiyaneshdk
- http/vulnerabilities/esafenet/esafenet-mysql-fileread.yaml by @dhiyaneshdk
- http/vulnerabilities/idoc/idocview-2word-fileupload.yaml by @dhiyaneshdk
- http/vulnerabilities/idoc/idocview-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml by @fur1na
- http/vulnerabilities/other/office365-indexs-fileread.yaml by @dhiyaneshdk
- http/vulnerabilities/other/ups-network-lfi.yaml by @Kazgangap
- http/default-logins/ispconfig-default-login.yaml by @pussycat0x
- http/misconfiguration/installer/posteio-installer.yaml by @ritikchaddha
- http/exposures/files/generic-db.yaml by @michal Mikolas (nanuqcz)
- http/exposed-panels/bynder-panel.yaml by @righettod
- http/exposed-panels/c2/ares-rat-c2.yaml by @pussycat0x
- http/exposed-panels/c2/caldera-c2.yaml by @pussycat0x
- http/exposed-panels/c2/hack5-cloud-c2.yaml by @pussycat0x
- http/exposed-panels/c2/pupyc2.yaml by @pussycat0x
- http/exposed-panels/c2/supershell-c2.yaml by @pussycat0x
- http/exposed-panels/cisco/cisco-expressway-panel.yaml by @righettod
- http/exposed-panels/emqx-panel.yaml by @righettod
- http/exposed-panels/fortinet/forticlientems-panel.yaml by @h4sh5
- http/exposed-panels/fortinet/fortiwlm-panel.yaml by @EgemenKochisarli
- http/exposed-panels/neocase-hrportal-panel.yaml by @righettod
- http/exposed-panels/osnexus-panel.yaml by @charles D.
- http/exposed-panels/posteio-admin-panel.yaml by @ritikchaddha
- http/exposed-panels/skeepers-panel.yaml by @righettod
- http/exposed-panels/softether-vpn-panel.yaml by @bhutch
- network/detection/wing-ftp-detect.yaml by @ritikchaddha
- ssl/c2/venomrat.yaml by @pussycat0x
- http/osint/phishing/kakao-login-phish.yaml by @hahwul
- http/osint/phishing/naver-login-phish.yaml by @hahwul
- http/technologies/directus-detect.yaml by @ricardomaia
- http/technologies/microsoft/aspnet-version-detect.yaml by @Lucky0x0D,@PulseSecurity.co.nz
- http/technologies/microsoft/aspnetmvc-version-disclosure.yaml by @Lucky0x0D,@PulseSecurity.co.nz
- http/technologies/wing-ftp-service-detect.yaml by @ritikchaddha
- dns/soa-detect.yaml by @rxerium
- dns/spf-record-detect.yaml by @rxerium
- dns/txt-service-detect.yaml by @rxerium
- file/keys/dependency/dependency-track.yaml by @dhiyaneshdk
- file/keys/docker/dockerhub-pat.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-audit.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-cli.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-scim.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-service-account.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-service.yaml by @dhiyaneshdk
- file/keys/dropbox/dropbox-access.yaml by @dhiyaneshdk
- file/keys/huggingface/huggingface-user-access.yaml by @dhiyaneshdk
- file/keys/linkedin/linkedin-client.yaml by @dhiyaneshdk
- file/keys/linkedin/linkedin-secret.yaml by @dhiyaneshdk
- file/keys/newrelic/newrelic-api-service.yaml by @dhiyaneshdk
- file/keys/newrelic/newrelic-license-non.yaml by @dhiyaneshdk
- file/keys/newrelic/newrelic-license.yaml by @dhiyaneshdk
- file/keys/odbc/odbc-connection.yaml by @dhiyaneshdk
- file/keys/okta/okta-api.yaml by @dhiyaneshdk
- file/keys/particle/particle-access.yaml by @dhiyaneshdk
- file/keys/react/reactapp-password.yaml by @dhiyaneshdk
- file/keys/react/reactapp-username.yaml by @dhiyaneshdk
- file/keys/salesforce/salesforce-access.yaml by @dhiyaneshdk
- file/keys/thingsboard/thingsboard-access.yaml by @dhiyaneshdk
- file/keys/truenas/truenas-api.yaml by @dhiyaneshdk
- file/keys/twitter/twitter-client.yaml by @dhiyaneshdk
- file/keys/twitter/twitter-secret.yaml by @dhiyaneshdk,@gaurang,@daffainfo
- file/keys/wireguard/wireguard-preshared.yaml by @dhiyaneshdk
- file/keys/wireguard/wireguard-private.yaml by @dhiyaneshdk
B636160776167737022757F6025667965636562702C6C6967702275667275637024627F636379644022757F602E6F602C656E6E61686360237564716C607D65647D29656C63657E60256864702E6960222C6C61402D654720286364716342202567616373756D602F64702E6F63727560702473727966602568645 🐛
New Contributors
- @EgemenKochisarli made their first contribution in #9353
- @s-kali made their first contribution in #9357
- @Facucuervo87 made their first contribution in #9254
- @h4sh5 made their first contribution in #9350
- @Kazgangap made their first contribution in #9395
Full Changelog: v9.7.8...v9.8.0