PR

Summary

This PR implements the foundation for Template Profile Improvements as described in #5567.

Root Cause

Currently, template profiles require commenting out metadata fields. This PR enables ignoring extra fields gracefully.

Solution

Added TemplateProfile Structure

type TemplateProfile struct {

    // Metadata fields (ignored during processing)

    Name        string `yaml:"name,omitempty"`

    Purpose     string `yaml:"purpose,omitempty"`

    Description string `yaml:"description,omitempty"`

    ID          string `yaml:"id,omitempty"`

    

    // Targets

    List string `yaml:"list,omitempty"`

    

    // Template config

    Type       []string `yaml:"type,omitempty"`

    ExcludeTags []string `yaml:"exclude-tags,omitempty"`

    

    // Options

    TemplateConcurrency int  `yaml:"template-concurrency,omitempty"`

    HostConcurrency     int  `yaml:"host-concurrency,omitempty"`

    Stats               bool `yaml:"stats,omitempty"`

    Timeout             int  `yaml:"timeout,omitempty"`

    

    // Secrets (embedded auth data)

    Secrets SecretsConfig `yaml:"secrets,omitempty"`

}

Key Features

  1. Metadata Support - Fields like name, purpose, description, id are recognized but ignored during processing
  2. Extra Field Ignoring - YAML decoder automatically ignores unknown fields
  3. Secrets Embedding - Support for static and dynamic secrets
  4. Single Config File - All scanning configuration in one place

Example Usage

name: projectdiscovery-scan

purpose: Config File for Scanning

description: Single config file for target-specific scanning



# targets list file

list: |

  cve.projectdiscovery.io

  chaos.projectdiscovery.io



# templates related config

type:

  - http

  - tcp

  - javascript

exclude-tags:

  - dos

  - fuzz



# other options

template-concurrency: 5

host-concurrency: 100

stats: true

timeout: 30



# Secrets

secrets:

  static:

    - type: header

      domains:

        - api.projectdiscovery.io

      headers:

        - key: x-pdcp-key

          value: <api-key-here>

Next Steps

This is Phase 1 of the implementation. Future phases will include:

  • Phase 2: Integration with nuclei CLI flag merging
  • Phase 3: goflags embedding for secrets
  • Phase 4: Dynamic secret templates (OAuth flows)

Testing

  • Structure validated with example config files
  • YAML parsing tested with metadata fields
  • Extra fields ignored gracefully

Related Issue

Fixes: #5567 (Phase 1)

/claim #5567

Summary by CodeRabbit

  • New Features
    • Added YAML-based configuration support for template profiles with static and dynamic secret management.

Claim

Total prize pool $152
Total paid $0
Status Pending
Submitted March 05, 2026
Last updated March 05, 2026

Contributors

ET

EthanHan

@EthanHan

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$150
ST

starmovie12

@starmovie12

$2