Proposed changes

Implements template profile improvements — a single YAML profile file can now serve as a complete scan config:

Closes #5567

• Inline secrets: embed auth secrets directly in a profile without a separate secrets file
• Inline list: specify targets as a block scalar directly in the profile
• Metadata fields name, purpose, description etc. are silently ignored, so profiles can carry human-readable context

Proof

Example profile:

# Metadata fields - intentionally ignored by nuclei flag parsing
name: inline-secrets-test
purpose: temporary test to verify inline secrets are applied

# Inline target list
list: |
  httpbin.org

concurrency: 1
timeout: 10


secrets:
  static:
    - type: Header
      domains:
        - httpbin.org
      headers:
        - key: X-Test-Secret
          value: nuclei-inline-secret-works

CheckList

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

/claim #5567

Summary by CodeRabbit

• New Features

  • Support for inline secrets embedded in YAML configs/profiles, allowing credentials to be provided directly in config.
  • Inline target lists supplied as newline blocks are accepted and materialized at runtime.
  • Runtime options now accept raw inline secret payloads for auth provider configuration.

• Tests

  • Added end-to-end tests validating inline secrets extraction and that authentication headers are applied.

• Chores

  • Restored *.cpu entry in .gitignore.