PR
Fix loader panic
projectdiscovery/nuclei#6906

Proposed changes

This PR aims to fix the issue described in #6674. When dialers are missing, we return a proper error instead of panicking. We then modify all the callers to check for this error and handle it like the surrounding code.

I’ve also fixed some integration and functional tests. These tests already failed before the above changes. I’m not sure if I should open separate PRs for these or not:

  • Some of the matcher-status tests failed due the presence of warnings before the results were displayed. I’ve used filterLines() to clean it up.

  • The Interactsh integration tests were failing due to a protocol mismatch between the Interactsh client and server. It seems a breaking change was introduced between v1.2.2 and v1.3.0. With version 1.2.2, AES-CFB mode was used to encrypt the payload and it was replaced with AES-CTR mode in version 1.3.0.

    The servers like oast.site still use 1.2.2 whereas the current codebase use 1.3.0. So the first block is decrypted fine but the next one is a random garbage leading to errors like this:

    ERR] Could not unmarshal interaction data interaction: server.Interaction.Protocol: ReadString: invalid control character found: 1, error found in #10 byte of ...|rotocol":"dnsM&�|..., bigger context ...|{"protocol":"dnsM&� �Ǖ]M�XX�&J9�;�H�!?�Rc��r�A|...

    Since the interactsh package is an external dependency I didn’t try to fix it. Instead there’s a code that checks the version of the server and if it’s incompatible, it leaves a warning. I’ve also disabled the corresponding integration tests if an incompatibility is detected to avoid the failures.

  • The following functional test were failing: {{binary}} -tags “cve,exposure” -author “geeknik,pdteam” -severity high,critical

    The ad-hoc command parser for the tests didn’t handle it correctly. Instead of trying to fix, I’ve instead used “shlex” which was already part of the dependencies. I’ve also adjusted the other test cases to use real shell commands syntaxes.

Proof

In order to verify the changes, I’ve successfully run:

  • make test
  • make vet
  • make build
  • make integration
  • make functional

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

/claim #6674

Claim

Total prize pool $200
Total paid $0
Status Pending
Submitted February 16, 2026
Last updated February 16, 2026

Contributors

L0

l0stman

@l0stman

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$100
MA

Madhavan Deepak

@Madhavan-Deepak

$100