diff options
author | Kr1ss | 2022-02-06 20:42:07 +0100 |
---|---|---|
committer | Kr1ss | 2022-02-06 20:42:07 +0100 |
commit | 6455f28f5690a89138f6c41e6e09a6ef425a1c41 (patch) | |
tree | 1112bd7960d6de27435c3a31509531afee608e8f | |
parent | 7b87b9a67b183f0ca5aa36983ee3acaa0f00e3e6 (diff) | |
download | aur-6455f28f5690a89138f6c41e6e09a6ef425a1c41.tar.gz |
update changelog
-rw-r--r-- | ChangeLog | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog index 46734c7bd9fc..d5aec20ec5ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,17 @@ -15/02/2021 +06/02/2022 + Wapiti 3.1.0 + Crawler: Fix passing named "button" tags in HTML forms + Modules: Skip modules that fails to load properly (missing dependencies, code error, etc) + Log4Shell: Attack POST parameters too, support for attacks on VMWare vSphere and some Apache products (Struts, Druid and Solr) + CSRF: Django anti-CSRF token added to the whitelist + Modules: Added references to WSTG code for each supported attack, separate Reflected XSS from Stored XSS in reports + Crawler: Improved the parsing of HTML redirections (meta refresh) + HashThePlanet: Added a new module to detect technologies and software versions based on the hashes of files. + Crawler: Removed httpx-socks dependencies in favor of builtin SOCKS support in httpx. SOCKS support is fixed. + Crawler: Upgraded httpcore to latest version in order to fix the ValueError exception that could occur on modules with high concurrency (buster, nikto) + Core: Load correctly resources if Wapiti is running from an egg file. + +15/12/2021 Wapiti 3.0.9 CLI: New "passive" module option allows to use less aggressives modules only WP_ENUM: Improve detection of Wordpress @@ -7,7 +20,7 @@ 18/11/2021 Wapiti 3.0.8 - CLI: prevent users from using -a without specifying --ayth-type (and vice versa) + CLI: prevent users from using -a without specifying --auth-type (and vice versa) Crawler: Upgrade HTTP related dependencies (httpx, httpcore, httpx-socks) 14/10/2021 @@ -29,7 +42,7 @@ Report: added CSV as output format Cookie: you can drop cookies from HTTP responses with --drop-set-cookie Cookie: you can load cookies from your browser with -c <chrome or firefox> - Session: fixed an issue that might cause URLs being rescanned when resuming a session + Session: fixed an issue that could cause URLs being rescanned when resuming a session CMS: New modules to detect versions and installed modules for Wordpress and Drupal Fingerprinting: several issues fixed on mod_wapp Crawler: HTTP requests are processed concurrently for faster crawling. Check the new --tasks option. @@ -302,15 +315,15 @@ Some modifications have been made on getccokie.py so it can work on Webmin (and probably more web applications) Added -t (--timeout) option to set the timeout in seconds - Added -v (--verbose) option to set the verbosity. Three availables + Added -v (--verbose) option to set the verbosity. Three available modes : 0: only print found vulnerabilities 1: print current attacked urls (existing urls) - 2: print every attack payload and url (very much informations... good + 2: print every attack payload and url (very much information... good for debugging) Wapiti is much more modular and comes with some functions to set scan and attack options... look the code ;) - Some defaults options are availables as "modules" with option -m + Some defaults options are available as "modules" with option -m (--module) : GET_XSS: only scan for XSS with HTTP GET method (no post) POST_XSS: XSS attacks using POST and not GET |