projectdiscovery/nuclei

Pattern Findings

182 matches across 6 categories. Click a row to expand file-level details.

Over-Commented Block175 hits · 175 pts

Severity	File	Line	Snippet
LOW	.goreleaser.yml	81	# # NOTE(dwisiswant0): chromium doesn't support 32-bit on alpine
LOW	cmd/nuclei/issue-tracker-config.yaml	1	# global allow/deny list. this will affect both exporters
LOW	cmd/nuclei/issue-tracker-config.yaml	21	# # project-name is the name of the repository
LOW	cmd/nuclei/issue-tracker-config.yaml	41	# # username is the username of the GitLab user
LOW	cmd/nuclei/issue-tracker-config.yaml	61	# duplicate-issue-page-size: 100
LOW	cmd/nuclei/issue-tracker-config.yaml	81	# allow-list:
LOW	cmd/nuclei/issue-tracker-config.yaml	101	# # URL is the jira application url
LOW	cmd/nuclei/issue-tracker-config.yaml	121	# allow-list:
LOW	cmd/nuclei/issue-tracker-config.yaml	141	# customfield_00003:
LOW	cmd/nuclei/issue-tracker-config.yaml	161	# api-key: ""
LOW	cmd/nuclei/issue-tracker-config.yaml	181	# connection-string: ""
LOW	internal/tests/integration/http_test.go	941	if routerErr != nil {
LOW	…sts/integration/testdata/workflow/code-template-2.yaml	21	# digest: 490a0046304402204cbb1bdf8370e49bb930b17460fb35e15f285a3b48b165736ac0e7ba2f9bc0fb022067c134790c4a2cf646b195aa44
LOW	…tests/integration/testdata/protocols/code/py-file.yaml	21	# digest: 4a0a00473045022100bb6b75819ea62be7415adf544e208fcff3501277f6f7a152e1c3083c476126f502201db7978917bc31c755a4ce53
LOW	.github/dependabot.yml	41	# schedule:
LOW	helm/values.yaml	21	list: /config/target-list.txt
LOW	helm/values.yaml	41	#include-tags: dos,fuzz # Tag based inclusion (allows overwriting nuclei-ignore list)
LOW	pkg/reporting/trackers/jira/jira.go	181	// Cloud value (optional) is set to true when Jira cloud is used
LOW	pkg/reporting/trackers/jira/jira.go	201	// ProjectID is the ID of the project (optional)
LOW	pkg/types/types.go	141	// HeadlessBulkSize is the of targets analyzed in parallel for each headless template
LOW	pkg/types/types.go	161	InteractionsPollDuration int
LOW	pkg/types/types.go	221	// ShowVarDump displays variable dump
LOW	pkg/types/types.go	461	// OutOfScope contains a list of regexes for out-scope URLS
LOW	pkg/operators/operators.go	21	// Matchers contains the detection mechanism for the request to identify
LOW	pkg/operators/matchers/matchers.go	21
LOW	pkg/operators/matchers/matchers.go	41	// - value: "\"cookie-matcher\""
LOW	pkg/operators/matchers/matchers.go	61	// - name: Match for application/json in response headers
LOW	pkg/operators/matchers/matchers.go	81	// - name: Match for 7zip files
LOW	pkg/operators/matchers/matchers.go	101	// []string{"/html/head/title[contains(text(), 'How to Find XPath')]"}
LOW	pkg/operators/extractors/extractors.go	21	// extractorType is the internal type of the extractor
LOW	pkg/operators/extractors/extractors.go	41	// value: "1"
LOW	pkg/operators/extractors/extractors.go	61	// value: >
LOW	pkg/operators/extractors/extractors.go	81	// description: \|
LOW	pkg/operators/extractors/extractors.go	101	// examples:
LOW	pkg/input/formats/formats.go	21	type InputFormatOptions struct {
LOW	pkg/js/libs/kerberos/kerberosx.go	41
LOW	pkg/js/libs/kerberos/kerberosx.go	61	func (c Config) SetTimeout(timeout int) Config {
LOW	pkg/js/libs/kerberos/kerberosx.go	141	// Link Constructor to Client and return
LOW	pkg/js/libs/kerberos/kerberosx.go	161	return &Client{Krb5Config: config}, nil
LOW	pkg/js/libs/kerberos/kerberosx.go	301	resp.Ticket = ticket
LOW	pkg/js/libs/kerberos/kerberosx.go	321	// c.nj.Throw("KDC address blacklisted by network policy")
LOW	pkg/js/libs/kerberos/kerberosx.go	341	// // login to get TGT
LOW	pkg/js/libs/dcerpc/wmiexec.go	21	// Win32_Process.Create over the WMI IWbemServices interface (impacket:
LOW	pkg/js/libs/dcerpc/dcerpc.go	41	// LookupResult is the result of a SID->name resolution via LSARPC.
LOW	pkg/js/libs/dcerpc/dcerpc.go	101	// SetHash enables NTLM pass-the-hash authentication.
LOW	pkg/js/libs/dcerpc/dcerpc.go	281	// command - the command line to run; for powershell prefix with
LOW	pkg/js/libs/dcerpc/dcerpc.go	341	// task is registered as LocalSystem, executed once, and then deleted. The
LOW	pkg/js/libs/net/net.go	81	)
LOW	pkg/js/libs/net/net.go	201	}
LOW	pkg/js/libs/net/net.go	241	// const data = conn.RecvFullString(1024);
LOW	pkg/js/libs/bytes/buffer.go	41	// Write appends the given data to the buffer.
LOW	pkg/js/libs/bytes/buffer.go	61	b.buf = append(b.buf, []byte(data)...)
LOW	pkg/js/libs/bytes/buffer.go	81	// const buffer = new bytes.Buffer();
LOW	pkg/js/libs/bytes/buffer.go	101	// Hex returns the hex representation of the buffer.
LOW	pkg/js/libs/krbforge/krbforge.go	41	}
LOW	pkg/js/libs/krbforge/krbforge.go	81	// ```javascript
LOW	pkg/js/libs/ldap/ldap.go	21	// // here ldap.example.com is the ldap server and acme.com is the realm
LOW	pkg/js/libs/ldap/ldap.go	361	// close the ldap connection
LOW	pkg/js/libs/ldap/adenum.go	121	// GetADActiveUsers returns all AD users
LOW	pkg/js/libs/ldap/adenum.go	141	// log(to_json(users));
115 more matches not shown…

Hallucination Indicators1 hit · 10 pts

Severity	File	Line	Snippet
CRITICAL	pkg/protocols/http/request.go	1115	Severity: request.options.TemplateInfo.SeverityHolder.Severity.String(),

AI Slop Vocabulary2 hits · 6 pts

Severity	File	Line	Snippet
MEDIUM	pkg/catalog/disk/find.go	30	// this should be replaced with more appropriate and robust logic
MEDIUM	pkg/catalog/disk/find.go	55	// this should be replaced with more appropriate and robust logic

Hyper-Verbose Identifiers2 hits · 2 pts

Severity	File	Line	Snippet
LOW	pkg/js/global/js/active_directory.js	34	function getDomainControllerNameBySMB(host) {
LOW	pkg/js/global/js/active_directory.js	47	function getDomainControllerNameByLDAP(host) {

Slop Phrases1 hit · 2 pts

Severity	File	Line	Snippet
LOW	pkg/catalog/index/metadata.go	50	// For maintainers: when adding new fields, don't forget to update the

Fake / Example Data1 hit · 1 pts

Severity	File	Line	Snippet
LOW	pkg/fuzz/dataformat/multipart_test.go	223	assert.Equal(t, "John Doe", decoded.Get("name"))

Score History

Severity Breakdown

Pattern Findings