Proposed Changes

• add new CLI option: --honeypot-threshold (default 0, disabled)
• when enabled, nuclei tracks distinct matched template IDs per host
• once a host exceeds the threshold, subsequent findings for that host are suppressed
• emit a warning when host suppression is triggered
• add output-layer tests covering host normalization and suppression behavior

This gives users a practical anti-noise control for likely honeypot hosts while keeping default behavior unchanged.

Proof

go test ./pkg/output -run 'TestHoneypotThresholdSuppressesHostAfterDistinctTemplateLimit|TestNormalizeResultHostFromURL|TestStandardWriterRequest' -count=1
ok  github.com/projectdiscovery/nuclei/v3/pkg/output  0.325s

go test ./cmd/nuclei -run TestNonExistent -count=1
ok  github.com/projectdiscovery/nuclei/v3/cmd/nuclei  0.731s [no tests to run]

Checklist

• PR created against the correct branch (dev)
• Relevant tests passed
• Tests added for new behavior
• Documentation updated (can add if maintainers want this flag in README/help docs)

/claim #6403

Summary by CodeRabbit

Release Notes

• New Features

  • Added --honeypot-threshold CLI flag and configuration option to filter results from hosts matching multiple distinct templates; set to 0 to disable honeypot detection

• Tests

  • Added tests validating honeypot suppression behavior and host normalization