diff options
-rw-r--r-- | ChangeLog | 25 |
1 files changed, 19 insertions, 6 deletions
@@ -1,4 +1,17 @@ | |||
1 | 15/02/2021 | 1 | 06/02/2022 |
2 | Wapiti 3.1.0 | ||
3 | Crawler: Fix passing named "button" tags in HTML forms | ||
4 | Modules: Skip modules that fails to load properly (missing dependencies, code error, etc) | ||
5 | Log4Shell: Attack POST parameters too, support for attacks on VMWare vSphere and some Apache products (Struts, Druid and Solr) | ||
6 | CSRF: Django anti-CSRF token added to the whitelist | ||
7 | Modules: Added references to WSTG code for each supported attack, separate Reflected XSS from Stored XSS in reports | ||
8 | Crawler: Improved the parsing of HTML redirections (meta refresh) | ||
9 | HashThePlanet: Added a new module to detect technologies and software versions based on the hashes of files. | ||
10 | Crawler: Removed httpx-socks dependencies in favor of builtin SOCKS support in httpx. SOCKS support is fixed. | ||
11 | Crawler: Upgraded httpcore to latest version in order to fix the ValueError exception that could occur on modules with high concurrency (buster, nikto) | ||
12 | Core: Load correctly resources if Wapiti is running from an egg file. | ||
13 | |||
14 | 15/12/2021 | ||
2 | Wapiti 3.0.9 | 15 | Wapiti 3.0.9 |
3 | CLI: New "passive" module option allows to use less aggressives modules only | 16 | CLI: New "passive" module option allows to use less aggressives modules only |
4 | WP_ENUM: Improve detection of Wordpress | 17 | WP_ENUM: Improve detection of Wordpress |
@@ -7,7 +20,7 @@ | |||
7 | 20 | ||
8 | 18/11/2021 | 21 | 18/11/2021 |
9 | Wapiti 3.0.8 | 22 | Wapiti 3.0.8 |
10 | CLI: prevent users from using -a without specifying --ayth-type (and vice versa) | 23 | CLI: prevent users from using -a without specifying --auth-type (and vice versa) |
11 | Crawler: Upgrade HTTP related dependencies (httpx, httpcore, httpx-socks) | 24 | Crawler: Upgrade HTTP related dependencies (httpx, httpcore, httpx-socks) |
12 | 25 | ||
13 | 14/10/2021 | 26 | 14/10/2021 |
@@ -29,7 +42,7 @@ | |||
29 | Report: added CSV as output format | 42 | Report: added CSV as output format |
30 | Cookie: you can drop cookies from HTTP responses with --drop-set-cookie | 43 | Cookie: you can drop cookies from HTTP responses with --drop-set-cookie |
31 | Cookie: you can load cookies from your browser with -c <chrome or firefox> | 44 | Cookie: you can load cookies from your browser with -c <chrome or firefox> |
32 | Session: fixed an issue that might cause URLs being rescanned when resuming a session | 45 | Session: fixed an issue that could cause URLs being rescanned when resuming a session |
33 | CMS: New modules to detect versions and installed modules for Wordpress and Drupal | 46 | CMS: New modules to detect versions and installed modules for Wordpress and Drupal |
34 | Fingerprinting: several issues fixed on mod_wapp | 47 | Fingerprinting: several issues fixed on mod_wapp |
35 | Crawler: HTTP requests are processed concurrently for faster crawling. Check the new --tasks option. | 48 | Crawler: HTTP requests are processed concurrently for faster crawling. Check the new --tasks option. |
@@ -302,15 +315,15 @@ | |||
302 | Some modifications have been made on getccokie.py so it can work | 315 | Some modifications have been made on getccokie.py so it can work |
303 | on Webmin (and probably more web applications) | 316 | on Webmin (and probably more web applications) |
304 | Added -t (--timeout) option to set the timeout in seconds | 317 | Added -t (--timeout) option to set the timeout in seconds |
305 | Added -v (--verbose) option to set the verbosity. Three availables | 318 | Added -v (--verbose) option to set the verbosity. Three available |
306 | modes : | 319 | modes : |
307 | 0: only print found vulnerabilities | 320 | 0: only print found vulnerabilities |
308 | 1: print current attacked urls (existing urls) | 321 | 1: print current attacked urls (existing urls) |
309 | 2: print every attack payload and url (very much informations... good | 322 | 2: print every attack payload and url (very much information... good |
310 | for debugging) | 323 | for debugging) |
311 | Wapiti is much more modular and comes with some functions to set scan | 324 | Wapiti is much more modular and comes with some functions to set scan |
312 | and attack options... look the code ;) | 325 | and attack options... look the code ;) |
313 | Some defaults options are availables as "modules" with option -m | 326 | Some defaults options are available as "modules" with option -m |
314 | (--module) : | 327 | (--module) : |
315 | GET_XSS: only scan for XSS with HTTP GET method (no post) | 328 | GET_XSS: only scan for XSS with HTTP GET method (no post) |
316 | POST_XSS: XSS attacks using POST and not GET | 329 | POST_XSS: XSS attacks using POST and not GET |