projectdiscovery · charles1024 · Mar 11, 2026 · Mar 12, 2026 · Mar 23, 2026 · Mar 26, 2026
diff --git a/cmd/nuclei/main.go b/cmd/nuclei/main.go
@@ -435,6 +435,7 @@ on extensive configurability, massive extensibility and ease of use.`)
 	)
 
 	flagSet.CreateGroup("headless", "Headless",
+		flagSet.BoolVarP(&options.DisableTechStackFiltering, "disable-tech-filter", "dtf", false, "disable automatic template filtering based on Server response header tech detection"),
 		flagSet.BoolVar(&options.Headless, "headless", false, "enable templates that require headless browser support (root user on Linux will disable sandbox)"),
 		flagSet.IntVar(&options.PageTimeout, "page-timeout", 20, "seconds to wait for each page in headless mode"),
 		flagSet.BoolVarP(&options.ShowBrowser, "show-browser", "sb", false, "show the browser on the screen when running templates with headless mode"),

diff --git a/pkg/core/engine.go b/pkg/core/engine.go
@@ -5,6 +5,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v3/pkg/output"
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
 	"github.com/projectdiscovery/nuclei/v3/pkg/types"
+	"github.com/projectdiscovery/nuclei/v3/pkg/core/hosttechcache"
 )
 
 // Engine is an executer for running Nuclei Templates/Workflows.
@@ -21,6 +22,7 @@ type Engine struct {
 	executerOpts *protocols.ExecutorOptions
 	Callback     func(*output.ResultEvent) // Executed on results
 	Logger       *gologger.Logger
+	HostTechCache	*hosttechcache.HostTechCache
 }
 
 // New returns a new Engine instance
@@ -30,6 +32,9 @@ func New(options *types.Options) *Engine {
 		Logger:  options.Logger,
 	}
 	engine.workPool = engine.GetWorkPool()
+	if !options.DisableTechStackFiltering {
+		engine.HostTechCache = hosttechcache.NewHostTechCache()
+	}
 	return engine
 }
 
@@ -64,4 +69,4 @@ func (e *Engine) WorkPool() *WorkPool {
 	// resize check point - nop if there are no changes
 	e.workPool.RefreshWithConfig(e.GetWorkPoolConfig())
 	return e.workPool
-}
+}
diff --git a/pkg/core/execute_options.go b/pkg/core/execute_options.go
@@ -175,4 +175,4 @@ func getRequestCount(templates []*templates.Template) int {
 		count += template.TotalRequests
 	}
 	return count
-}
+}
diff --git a/pkg/core/executors.go b/pkg/core/executors.go
@@ -245,4 +245,4 @@ func (e *Engine) executeTemplateOnInput(ctx context.Context, template *templates
 		}
 		return template.Executer.Execute(scanCtx)
 	}
-}
+}
diff --git a/pkg/core/hosttechcache/hosttechcache.go b/pkg/core/hosttechcache/hosttechcache.go
@@ -0,0 +1,88 @@
+package hosttechcache
+
+import (
+	"strings"
+	"sync"
+	"github.com/projectdiscovery/gologger"
+)
+
+// TechHint represents a detected technology on a host that can be used
+// to filter templates before execution.
+type TechHint struct {
+	// Tags is the set of template tags that are REQUIRED for this host.
+	// A template is skipped unless it contains at least one of these tags,
+	// or the set is empty (meaning: no filtering).
+	Tags map[string]struct{}
+}
+
+// HostTechCache stores per-host technology hints derived from early HTTP
+// responses (e.g. the Server: header).  It is safe for concurrent use.
+type HostTechCache struct {
+	mu    sync.RWMutex
+	hints map[string]*TechHint // keyed by normalised host (scheme+host)
+}
+
+// NewHostTechCache returns an initialised HostTechCache.
+func NewHostTechCache() *HostTechCache {
+	return &HostTechCache{hints: make(map[string]*TechHint)}
+}
+
+// RecordServerHeader inspects a raw Server header value and, if it contains
+// a known technology keyword, records a tag requirement for that host.
+//
+// Currently understood keywords → required tag:
+//
+//	"apache" → "apache"
+//
+// The mapping is intentionally simple and lowercase-compared so that
+// "Apache/2.4.51 (Unix)" and "apache" both resolve to the same hint.
+func (c *HostTechCache) RecordServerHeader(host, serverHeader string) {
+	lower := strings.ToLower(serverHeader)
+
+	var requiredTags []string
+	if strings.Contains(lower, "apache") {
+		requiredTags = append(requiredTags, "apache")
+	}
+
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if len(requiredTags) == 0 {
+		if _, exists := c.hints[host]; exists {
+			gologger.Debug().Msgf("[tech-filter] CLEARED hint for host '%s' (unrecognised Server header: '%s')",
+				host, serverHeader)
+		}
+		delete(c.hints, host)
+		return
+	}
+
+	gologger.Debug().Msgf("[tech-filter] RECORDED hint for host '%s' — Server: '%s' → required tags: %v",
+		host, serverHeader, requiredTags)
+
+	hint := &TechHint{Tags: make(map[string]struct{}, len(requiredTags))}
+	for _, t := range requiredTags {
+		hint.Tags[t] = struct{}{}
+	}
+	c.hints[host] = hint
+}
+
+// ShouldSkipTemplate returns true when the cache has a hint for the given host
+// AND the template's tags contain none of the required tags.
+//
+// If there is no hint for the host the function always returns false (no skip).
+func (c *HostTechCache) ShouldSkipTemplate(host string, templateTags []string) bool {
+	c.mu.RLock()
+	hint, ok := c.hints[host]
+	c.mu.RUnlock()
+
+	if !ok || len(hint.Tags) == 0 {
+		return false // no information → don't skip
+	}
+
+	for _, tag := range templateTags {
+		if _, required := hint.Tags[strings.ToLower(tag)]; required {
+			return false // template has at least one matching tag → keep it
+		}
+	}
+	return true // no matching tag found → skip
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -175,4 +175,4 @@ func getRequestCount(templates []*templates.Template) int { @@
     		count += template.TotalRequests
     	}
     	return count
-    }
+    }