update: wapiti 3.0.4-1

upstream release

3 files changed, 37 insertions, 10 deletions

diff --git a/.SRCINFO b/.SRCINFO
index d3065762b812..9149bf353904 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,12 +1,13 @@
 pkgbase = wapiti
 	pkgdesc = A comprehensive web app vulnerability scanner written in Python
-	pkgver = 3.0.3
-	pkgrel = 3
-	url = http://wapiti.sourceforge.net/
+	pkgver = 3.0.4
+	pkgrel = 1
+	url = http://wapiti.sourceforge.net
 	changelog = ChangeLog
 	arch = any
 	license = GPL
 	makedepends = python-setuptools
+	makedepends = python-pip
 	depends = python-requests
 	depends = python-beautifulsoup4
 	depends = python-lxml
@@ -17,8 +18,8 @@ pkgbase = wapiti
 	optdepends = python-requests-kerberos: Kerberos authentication
 	optdepends = python-requests-ntlm: NTLM authentication
 	options = zipman
-	source = http://downloads.sourceforge.net/sourceforge/wapiti/wapiti/wapiti-3.0.3/wapiti3-3.0.3.tar.gz
-	sha256sums = 059f778453ebf05b38e9c6c837d3b3eb9b8921c8fdc6d4029df89f2b0e84f5b7
+	source = http://downloads.sourceforge.net/sourceforge/wapiti/wapiti/wapiti-3.0.4/wapiti3-3.0.4.tar.gz
+	sha256sums = 8b696753a37506f0c3e8f542cb60e9f8198bb1bafd1a1dc97fbb9592becf31f3
 
 pkgname = wapiti
 
diff --git a/ChangeLog b/ChangeLog
index 75cba8bcc752..947f2b2bb86c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,25 @@
+20/02/2021
+    Wapiti 3.0.4
+    XSS: improved context awareness of HTML webpage, payloads can now use the existing HTML tags without closing them
+    XSS: greatly reduced number of false negatives while slightly reducing false positives
+    XSS: the module will also check for the CSP header and warn if reflection was found while a strong CSP seems present
+    XSS: reduced memory and CPU consumption
+    XSS: added more payloads to bypass filters and WAF
+    Exec: added a few more payloads
+    SQL: more heuristics to detect DBMS used on the target
+    Wappalyzer module allows to detect software used by a website, along with versions
+    New module to check the security settings of Cookies (HttpOnly, secure, etc)
+    New module to check the security settings for HTTP headers (Strict-Transport-Security, X-Frame-Options, etc)
+    New module to check the security settings for Content-Security-Policy
+    New module to check for forms vulnerable to CSRF (either no anti-CSRF token is present or it is not well implemented)
+    New module to brute-force found login forms with known default credentials (admin/admin, demo/demo, etc)
+    New --update option allows to get last updates for detections databases (Wappalyzer and Nikto)
+    New --max-attack-time options allows to limit the execution time of each attack module
+    New --store-config options allows to set the path for Wapiti configuration files (detection databases)
+    Combining the new "-a post" authentication option along with -s allows to login on the target without using wapiti-getcookie
+    Removed jQuery dependency
+    Fixed several issues with endpoints
+
 20/02/2020
     Wapiti 3.0.3
     An important work was made to reduce false positives in XSS detections.
diff --git a/PKGBUILD b/PKGBUILD
index 2f9d93ef5931..9ebaf3b20f46 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,27 +4,31 @@
 
 pkgname=wapiti
 
-pkgver=3.0.3
-pkgrel=3
+pkgver=3.0.4
+pkgrel=1
 
 pkgdesc='A comprehensive web app vulnerability scanner written in Python'
 arch=('any')
-url='http://wapiti.sourceforge.net/'
+url="http://$pkgname.sourceforge.net"
 license=('GPL')
 
+makedepends=('python-setuptools' 'python-pip')
 depends=('python-requests' 'python-beautifulsoup4' 'python-lxml' 'python-tld'
          'python-yaswfp' 'python-mako' 'python-pysocks')
 optdepends=('python-requests-kerberos: Kerberos authentication'
             'python-requests-ntlm: NTLM authentication')
-makedepends=('python-setuptools')
 
 options=('zipman')
 
 changelog=ChangeLog
 source=("http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname/$pkgname-$pkgver/$pkgname${pkgver:0:1}-$pkgver.tar.gz")
-sha256sums=('059f778453ebf05b38e9c6c837d3b3eb9b8921c8fdc6d4029df89f2b0e84f5b7')
+sha256sums=('8b696753a37506f0c3e8f542cb60e9f8198bb1bafd1a1dc97fbb9592becf31f3')
 
 
+prepare() {
+    rm -rf "$pkgname${pkgver:0:1}-$pkgver/tests"
+}
+
 build() {
     cd "$pkgname${pkgver:0:1}-$pkgver"
     python setup.py build