Quantify Issues

Recent GitHub Issues Activity

_{Like all software activity quantification, these numbers are imperfect but sometimes useful. Comments, Labels, and Milestones refer to those issues opened in the timespan in question.}

Quantify commits

Quantified Commit Activity Over 30 Days

Developer	Avatar	Branches	PRs	Commits	Files	Changes
Dwi Siswanto		2	5/7/1	8	38	637
Ice3man		3	3/2/0	8	14	600
Rishiraj Sharma		1	0/0/0	35	8	434
Sandeep Singh		2	2/1/0	7	11	392
Keith Chason		1	2/1/0	1	6	196
Deleted user		1	0/0/0	4	3	192
dependabot[bot]		1	20/5/20	5	2	178
Ramana Reddy		1	3/8/0	8	25	176
Levente Kováts		1	0/1/0	1	4	87
Douglas Danger Manley		1	2/1/0	1	4	75
Tarun Koyalwar		1	1/1/0	1	10	66
Mike Jorritsma		1	0/0/0	2	1	45
Dogan Can Bakir		1	3/2/1	2	2	33
Piotr Idzik		1	1/1/0	1	1	8
Danny Shemesh		1	1/1/0	1	1	6
chuu		1	1/1/0	1	1	2
None (murat-kekij)		0	1/0/0	0	0	0
None (alban-stourbe-wmx)		0	2/0/0	0	0	0

_{PRs: created by that dev and opened/merged/closed-unmerged during the period}

Report On: Fetch issues

Recent Activity Analysis

The Nuclei project has seen significant recent activity, with 330 open issues and a notable influx of bug reports and feature requests. A recurring theme is the need for enhanced error handling, particularly regarding template validation and memory management. Several users have reported issues with specific templates failing to execute correctly or producing unexpected results, indicating potential gaps in template robustness.

Issue Details

Most Recently Created and Updated Issues

1. Issue #5747: [BUG] panic: runtime error: invalid memory address or nil pointer dereference Dialer has been closed

   • Priority: Bug
   • Status: Open
   • Created: 0 days ago
   • Updated: 0 days ago

2. Issue #5744: [FEATURE] Option to include request/response chain with results

   • Priority: Enhancement
   • Status: Open
   • Created: 2 days ago
   • Updated: 2 days ago

3. Issue #5743: [BUG] Headless Options fails to split properly when comma is present in option value

   • Priority: Bug
   • Status: Open
   • Created: 2 days ago
   • Updated: 2 days ago

4. Issue #5742: [FEATURE] Add warnings for more visibility when running self-contained templates

   • Priority: Enhancement
   • Status: Open
   • Created: 2 days ago
   • Updated: 2 days ago

5. Issue #5740: [BUG] Missing output "[INF] No results found. Better luck next time!" when using nuclei 3.3.4

   • Priority: Bug
   • Status: Open
   • Created: 4 days ago
   • Updated: 4 days ago

6. Issue #5739: [BUG] ...the test stops randomly

   • Priority: Bug
   • Status: Open
   • Created: 4 days ago
   • Updated: 4 days ago

7. Issue #5734: No usable sandbox err in tests

   • Priority: Bug
   • Status: Open
   • Created: 5 days ago
   • Updated: 5 days ago

8. Issue #5725: Nuclei Skipping every valid domains

   • Priority: Bug
   • Status: Open
   • Created: 7 days ago
   • Updated: 2 days ago

9. Issue #5722: Making response from different input formats available in the context of Nuclei template

   • Priority: Enhancement
   • Status: Open
   • Created: 8 days ago
   • Updated: 6 days ago

10. Issue #5717: [FEATURE] graphql fuzzing support with dast templates

    • Priority: Enhancement
    • Status: Open
    • Created: 10 days ago
    • Updated: 10 days ago

Analysis of Themes and Commonalities

• There is a strong focus on bug reports related to memory management and execution errors, particularly concerning headless operations and template execution.
• Feature requests predominantly revolve around improving user experience through enhanced visibility and better error handling mechanisms.
• The community appears to be actively engaged, with numerous suggestions for enhancements that could streamline workflows or improve the functionality of existing features.

This analysis indicates a critical need for addressing the stability and reliability of the Nuclei tool, especially as it pertains to template execution and error handling during scans.

Report On: Fetch pull requests

Overview

The analysis of the pull requests (PRs) for the Nuclei project reveals a dynamic and active development environment. The project has seen significant contributions in terms of features, bug fixes, and dependency updates. The PRs cover a wide range of enhancements, from adding new functionalities like MongoDB reporting and global matchers to improving existing features such as LDAP metadata collection and handling multipart files. The community engagement is evident through contributions from various developers, indicating a collaborative effort to enhance the tool's capabilities.

Summary of Pull Requests

1. PR #5745: Nuclei v3.3.5

   • Merged by Sandeep Singh.
   • A routine version update with various commits addressing style fixes, bug fixes, and feature enhancements.

2. PR #5735: disable sandbox on CI

   • Not merged.
   • Proposed changes to disable sandboxing during Continuous Integration (CI) runs to avoid certain errors.

3. PR #5733: fix template loading logic

   • Merged by Dogan Can Bakir.
   • Fixes an issue with template loading logic when executed from a custom path.

4. PR #5732: chore(deps): bump github.com/projectdiscovery/retryabledns from 1.0.77 to 1.0.80

   • Not merged.
   • A routine dependency update.

5. PR #5731: chore(deps): bump github.com/projectdiscovery/retryablehttp-go from 1.0.78 to 1.0.82

   • Not merged.
   • Another routine dependency update.

6. PR #5730: chore(deps): bump github.com/projectdiscovery/ratelimit from 0.0.56 to 0.0.59

   • Not merged.
   • Yet another routine dependency update.

7. PR #5729: chore(deps): bump github.com/projectdiscovery/interactsh from 1.2.0 to 1.2.2

   • Not merged.
   • Routine dependency update with minor changes.

8. PR #5728: chore(deps): bump github.com/projectdiscovery/wappalyzergo from 0.1.18 to 0.1.23

   • Not merged.
   • Routine dependency update with several commits for fingerprint updates and other minor changes.

9. PR #5727: Extractor variable support

   • Merged by Georgina Reeder.
   • Adds variable support to regex and JSON extractors, enhancing the flexibility of extraction processes.

10. PR #5716: feat: added initial graphql fuzzing support

    • Draft PR by Sandeep Singh.
    • Introduces initial support for GraphQL fuzzing, expanding the tool's capabilities in testing GraphQL APIs.

11. PR #5705: Batch JSONL Output

    • Merged by Georgina Reeder.
    • Adds batching capability for JSONL output, improving performance by reducing memory usage during scans.

12. PR #4786: Record all requests and responses to the results

    • Merged after a long duration (241 days open).
    • Enhances result reporting by including all requests and responses, providing better visibility into scan activities.

Analysis of Pull Requests

The analysis of the PRs indicates several key themes:

• Feature Enhancements: There is a strong focus on enhancing existing features and adding new ones, such as extractor variable support (#5727) and GraphQL fuzzing support (#5716). These enhancements are crucial for keeping up with evolving security testing needs.

• Bug Fixes and Improvements: Many PRs address bug fixes or improvements to existing functionalities, such as fixing template loading logic (#5733) and handling multipart files correctly (#5702). This reflects an ongoing effort to improve the tool's reliability and performance.

• Dependency Management: Routine updates of dependencies are common (#5732, #5731, #5730), ensuring that the project benefits from the latest improvements and security patches in its dependencies.

• Community Contributions: The presence of contributions from various developers indicates an active community engagement, which is vital for the project's growth and sustainability.

• Long-standing Issues: Some PRs have been open for extended periods before being merged (#4786), highlighting potential bottlenecks in the review process or prioritization challenges within the development team.

In conclusion, the Nuclei project demonstrates a robust development activity with a clear focus on enhancing its capabilities while maintaining high reliability through regular bug fixes and dependency updates. The active community involvement further strengthens its position as a leading tool in vulnerability scanning and management.

Report On: Fetch commits

Repo Commits Analysis

Development Team and Recent Activity

Team Members and Recent Contributions

1. Sandeep Singh (ehsandeep)

   • Recent Activity:
   • Updated README.md with significant changes (+252, -120).
   • Conducted a version update in constants.go.
   • Merged pull request for Nuclei v3.3.5.
   • Collaborations: Worked closely with multiple team members on various updates.

2. Ramana Reddy (RamanaReddy0M)

   • Recent Activity:
   • Fixed interactsh-url placeholder replacement in network templates.
   • Supported multiple bug fixes and feature enhancements related to LDAP and OpenAPI.
   • Collaborations: Engaged with other developers on bug fixes and features.

3. Dogan Can Bakir (dogancanbakir)

   • Recent Activity:
   • Merged pull requests addressing template loading logic and race conditions.
   • Minor updates to the SDK.
   • Collaborations: Collaborated on various merges and fixes.

4. Dwi Siswanto (dwisiswant0)

   • Recent Activity:
   • Major contributions including refactoring and feature additions related to global matchers, vardump, and headless operations.
   • Significant code changes across multiple files.
   • Collaborations: Frequently co-authored with other developers, indicating strong teamwork.

5. Ice3man (Ice3man543)

   • Recent Activity:
   • Added GraphQL fuzzing support and made various enhancements to output hooks.
   • Fixed bugs related to linear issue tracking.
   • Collaborations: Worked with other team members on features and bug fixes.

6. Keith Chason (kchason)

   • Recent Activity:
   • Implemented MongoDB reporting features.
   • Collaborations: Limited recent collaboration noted.

7. Dependabot[bot]

   • Recent Activity:
   • Managed dependency updates across multiple libraries.
   • Collaborations: Automated contributions with no direct collaboration noted.

8. Others (e.g., Rishiraj Sharma, Tarun Koyalwar)

   • Various minor contributions primarily focused on documentation updates and bug fixes.

Patterns, Themes, and Conclusions

• Active Development: The team shows consistent activity with multiple commits daily, indicating a robust development cycle.
• Collaboration: There is a strong collaborative environment, as evidenced by co-authored commits and frequent merges involving multiple team members.
• Feature Focused: Recent activities highlight a focus on enhancing existing features (e.g., global matchers, fuzzing support) alongside addressing bugs.
• Documentation Updates: Significant efforts are being made to improve documentation, particularly the README file, which is crucial for user engagement and onboarding.
• Dependency Management: Regular updates from Dependabot show an emphasis on maintaining up-to-date libraries, which is vital for security and performance.

Overall, the development team is actively engaged in improving the Nuclei project through collaborative efforts, feature enhancements, and diligent maintenance of documentation and dependencies.