projectdiscovery · dwisiswant0 · Mar 31, 2026
diff --git a/.github/workflows/flamegraph.yaml b/.github/workflows/flamegraph.yaml
@@ -14,8 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: projectdiscovery/actions/setup/go@v1
-      - uses: projectdiscovery/actions/cache/go-rod-browser@v1
-      - uses: projectdiscovery/actions/cache/nuclei@v1
+      - uses: projectdiscovery/nuclei-action/cache@v3
       - run: make build
 
       - name: "Setup environment (push)"

diff --git a/.github/workflows/generate-pgo.yaml b/.github/workflows/generate-pgo.yaml
@@ -20,8 +20,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: projectdiscovery/actions/setup/go@v1
-      - uses: projectdiscovery/actions/cache/go-rod-browser@v1
-      - uses: projectdiscovery/actions/cache/nuclei@v1
+      - uses: projectdiscovery/nuclei-action/cache@v3
       - run: |
           for i in {1..${{ env.TARGET_COUNT }}}; do
               echo "${{ env.TARGET }}/-/?_=${i}" >> "${{ env.TARGET_LIST }}";

diff --git a/.github/workflows/perf-regression.yaml b/.github/workflows/perf-regression.yaml
@@ -13,8 +13,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: projectdiscovery/actions/setup/go@v1
-      - uses: projectdiscovery/actions/cache/go-rod-browser@v1
-      - uses: projectdiscovery/actions/cache/nuclei@v1
+      - uses: projectdiscovery/nuclei-action/cache@v3
       - run: make build-test
       - run: ./bin/nuclei.test -test.run - -test.bench=. -test.benchmem ./cmd/nuclei/ | tee $BENCH_OUT
         env:

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -24,7 +24,6 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: projectdiscovery/actions/setup/go@v1
-      - uses: projectdiscovery/actions/cache/go-rod-browser@v1
       - uses: projectdiscovery/actions/golangci-lint/v2@v1
 
   tests:
@@ -40,8 +39,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: projectdiscovery/actions/setup/go@v1
-      - uses: projectdiscovery/actions/cache/go-rod-browser@v1
-      - uses: projectdiscovery/actions/cache/nuclei@v1
+      - uses: projectdiscovery/nuclei-action/cache@v3
       - uses: projectdiscovery/actions/free-disk-space@v1
         with:
           llvm: 'false'
@@ -56,7 +54,7 @@ jobs:
       - run: make test
         env:
           PDCP_API_KEY: "${{ secrets.PDCP_API_KEY }}"
-      - run: go run -race . -l ../functional-test/targets.txt -id tech-detect,tls-version
+      - run: go run -race . -l ${{ github.workspace }}/internal/tests/functional/testdata/targets.txt -id tech-detect,tls-version
         if: ${{ matrix.os != 'windows-latest' }} # known issue: https://github.com/golang/go/issues/46099
         working-directory: cmd/nuclei/
 
@@ -69,8 +67,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: projectdiscovery/actions/setup/go@v1
-      - uses: projectdiscovery/actions/cache/go-rod-browser@v1
-      - uses: projectdiscovery/actions/cache/nuclei@v1
+      - uses: projectdiscovery/nuclei-action/cache@v3
       - name: "Simple"
         run: go run .
         working-directory: examples/simple/
@@ -94,15 +91,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v6
-      - uses: projectdiscovery/actions/setup/go@v1
-      - uses: projectdiscovery/actions/cache/nuclei@v1
       - uses: projectdiscovery/actions/setup/python@v1
-      - uses: projectdiscovery/actions/cache/go-rod-browser@v1
-      - run: bash run.sh "${{ matrix.os }}"
+      - uses: projectdiscovery/actions/setup/go@v1
+      - run: make integration
         env:
           PDCP_API_KEY: "${{ secrets.PDCP_API_KEY }}"
         timeout-minutes: 50
-        working-directory: integration_tests/
 
   functional:
     name: "Functional tests"
@@ -116,12 +110,13 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v6
-      - uses: projectdiscovery/actions/setup/go@v1
-      - uses: projectdiscovery/actions/cache/nuclei@v1
       - uses: projectdiscovery/actions/setup/python@v1
-      - uses: projectdiscovery/actions/cache/go-rod-browser@v1
-      - run: bash run.sh
-        working-directory: cmd/functional-test/
+      - uses: projectdiscovery/actions/setup/go@v1
+      - uses: projectdiscovery/nuclei-action@v3
+        with:
+          version: latest
+          install-only: true
+      - run: make functional
 
   validate:
     name: "Template validate"
@@ -132,7 +127,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: projectdiscovery/actions/setup/go@v1
-      - uses: projectdiscovery/actions/cache/go-rod-browser@v1
+      - uses: projectdiscovery/nuclei-action/cache@v3
       - run: make template-validate
 
   codeql:

diff --git a/.gitignore b/.gitignore
@@ -29,8 +29,7 @@
 /scrapefunc
 /scrapefuncs
 /tsgen
-/integration_tests/integration-test
-/integration_tests/nuclei
+*.test
 
 # Templates
 /*.yaml

diff --git a/.run/DSLFunctionsIT.run.xml b/.run/DSLFunctionsIT.run.xml
diff --git a/.run/IntegrationTests.run.xml b/.run/IntegrationTests.run.xml
diff --git a/.run/RegressionTests.run.xml b/.run/RegressionTests.run.xml
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -11,8 +11,8 @@ Nuclei is a modern, high-performance vulnerability scanner built in Go that leve
 ### Building and Testing
 - `make build` - Build the main nuclei binary to ./bin/nuclei
 - `make test` - Run unit tests with race detection
-- `make integration` - Run integration tests (builds and runs test suite)
-- `make functional` - Run functional tests
+- `make integration` - Run the native integration suite via `go test -tags=integration ./internal/tests/integration`
+- `make functional` - CI-only functional suite entry point
 - `make vet` - Run go vet for code analysis
 - `make tidy` - Clean up go modules
 
@@ -29,7 +29,7 @@ Nuclei is a modern, high-performance vulnerability scanner built in Go that leve
 
 ### Testing Specific Components
 - Run single test: `go test -v ./pkg/path/to/package -run TestName`
-- Integration tests are in `integration_tests/` and can be run via `make integration`
+- Integration tests are in `internal/tests/integration/` and run via `go test -tags=integration ./internal/tests/integration`
 
 ## Architecture Overview
 
@@ -77,7 +77,8 @@ Each protocol (HTTP, DNS, Network, etc.) implements:
 ## Key Directories
 - **lib/** - SDK for embedding nuclei as a library
 - **examples/** - Usage examples for different scenarios
-- **integration_tests/** - Integration test suite with protocol-specific tests
+- **internal/tests/integration/** - Native integration suite and owned testdata for harness coverage
+- **internal/tests/functional/** - CI-only native functional comparison suite and testcase assets
 - **pkg/fuzz/** - Fuzzing engine and DAST capabilities
 - **pkg/input/** - Input processing for various formats (Burp, OpenAPI, etc.)
 - **pkg/reporting/** - Result export and issue tracking integrations
diff --git a/DESIGN.md b/DESIGN.md
@@ -454,7 +454,7 @@ func (template *Template) compileProtocolRequests(options protocols.ExecuterOpti
 }
 ```
 
-That's it, you've added a new protocol to Nuclei. The next good step would be to write integration tests which are described in `integration-tests` and `cmd/integration-tests` directories.
+That's it, you've added a new protocol to Nuclei. The next good step would be to add native integration coverage under `internal/tests/integration` and run it with `go test -tags=integration ./internal/tests/integration`.
 
 
 ## Profiling and Tracing

diff --git a/Makefile b/Makefile
@@ -2,6 +2,7 @@
 GOCMD := go
 GOBUILD := $(GOCMD) build
 GOBUILD_OUTPUT := 
+GOBUILD_OUTPUT_EXT := 
 GOBUILD_PACKAGES := 
 GOBUILD_ADDITIONAL_ARGS := 
 GOMOD := $(GOCMD) mod
@@ -16,22 +17,26 @@ ifneq ($(shell go env GOOS),darwin)
 	LDFLAGS += -extldflags "-static"
 endif
 
+ifeq ($(shell go env GOOS),windows)
+	GOBUILD_OUTPUT_EXT := .exe
+endif
+
 .PHONY: all build build-stats clean devtools-all devtools-bindgen devtools-scrapefuncs fuzz fuzz-ci fuzz-tools
 .PHONY: devtools-tsgen docs docgen dsl-docs functional go-build lint lint-strict fuzzplayground syntax-docs
-.PHONY: integration jsupdate-all jsupdate-bindgen jsupdate-tsgen memogen scan-charts test test-with-lint
+.PHONY: integration integration-debug jsupdate-all jsupdate-bindgen jsupdate-tsgen memogen scan-charts test test-with-lint
 .PHONY: tidy ts verify download vet template-validate build-fuzz discover-fuzz-packages
 
 all: build
 
 clean:
-	rm -f '${GOBUILD_OUTPUT}' 2>/dev/null
+	rm -f '${GOBUILD_OUTPUT}${GOBUILD_OUTPUT_EXT}' 2>/dev/null
 
 go-build: clean
 go-build:
 	CGO_ENABLED=0 $(GOBUILD) -trimpath $(GOFLAGS) -ldflags '${LDFLAGS}' $(GOBUILD_ADDITIONAL_ARGS) \
-		 -o '${GOBUILD_OUTPUT}' $(GOBUILD_PACKAGES)
+		 -o '${GOBUILD_OUTPUT}${GOBUILD_OUTPUT_EXT}' $(GOBUILD_PACKAGES)
 
-build: GOFLAGS = -v -pgo=auto
+build: GOFLAGS = -pgo=auto
 build: GOBUILD_OUTPUT = ./bin/nuclei
 build: GOBUILD_PACKAGES = cmd/nuclei/main.go
 build: go-build
@@ -42,7 +47,7 @@ build-test: GOBUILD_PACKAGES = ./cmd/nuclei/
 build-test: clean
 build-test:
 	CGO_ENABLED=0 $(GOCMD) test -c -trimpath $(GOFLAGS) -ldflags '${LDFLAGS}' $(GOBUILD_ADDITIONAL_ARGS) \
-		 -o '${GOBUILD_OUTPUT}' ${GOBUILD_PACKAGES}
+		 -o '${GOBUILD_OUTPUT}${GOBUILD_OUTPUT_EXT}' ${GOBUILD_PACKAGES}
 
 build-stats: GOBUILD_OUTPUT = ./bin/nuclei-stats
 build-stats: GOBUILD_PACKAGES = cmd/nuclei/main.go
@@ -77,15 +82,24 @@ syntax-docs: docgen
 syntax-docs:
 	./bin/docgen SYNTAX-REFERENCE.md nuclei-jsonschema.json
 
-test: GOFLAGS = -race -v -timeout 30m -count 1
+test: GOFLAGS = -race -v -timeout 1h -count 1
 test:
 	$(GOTEST) $(GOFLAGS) ./...
 
 integration:
-	cd integration_tests; bash run.sh
+	$(GOTEST) -tags=integration -timeout 1h ./internal/tests/integration
+
+integration-debug:
+	$(GOTEST) -tags=integration ./internal/tests/integration -v $(GO_TEST_ARGS) -args $(INTEGRATION_ARGS)
 
-functional:
-	cd cmd/functional-test; bash run.sh
+functional: build
+	@release_binary="$$(command -v nuclei.exe 2>/dev/null || command -v nuclei 2>/dev/null)"; \
+	if [ -z "$$release_binary" ]; then \
+		echo "release nuclei binary not found on PATH"; \
+		exit 1; \
+	fi; \
+	RELEASE_BINARY="$$release_binary" DEV_BINARY="$(PWD)/bin/nuclei" \
+		$(GOTEST) -tags=functional -timeout 1h ./internal/tests/functional
 
 tidy:
 	$(GOMOD) tidy

diff --git a/_typos.toml b/_typos.toml
@@ -9,13 +9,13 @@ extend-exclude = [
     "README_PT-BR.md",
     "README_TR.md",
     # Test fixtures and data files
-    "integration_tests/",
+    "internal/tests/integration/testdata/",
     "pkg/input/formats/testdata/",
     "pkg/output/stats/waf/",
     # Deserialization test data
     "pkg/protocols/common/helpers/deserialization/testdata/",
     # Certificate/encoded data in test utilities
-    "pkg/testutils/integration.go",
+    "internal/tests/testutils/integration.go",
     # Vendor directory
     "vendor/",
     # Go checksum file
-Original file line number
+Diff line change
@@ Expand Up @@
     }
     ```
-    That's it, you've added a new protocol to Nuclei. The next good step would be to write integration tests which are described in `integration-tests` and `cmd/integration-tests` directories.
+    That's it, you've added a new protocol to Nuclei. The next good step would be to add native integration coverage under `internal/tests/integration` and run it with `go test -tags=integration ./internal/tests/integration`.
     ## Profiling and Tracing
@@ Expand Down @@