summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog25
1 files changed, 19 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index 46734c7..d5aec20 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,17 @@
115/02/2021 106/02/2022
2 Wapiti 3.1.0
3 Crawler: Fix passing named "button" tags in HTML forms
4 Modules: Skip modules that fails to load properly (missing dependencies, code error, etc)
5 Log4Shell: Attack POST parameters too, support for attacks on VMWare vSphere and some Apache products (Struts, Druid and Solr)
6 CSRF: Django anti-CSRF token added to the whitelist
7 Modules: Added references to WSTG code for each supported attack, separate Reflected XSS from Stored XSS in reports
8 Crawler: Improved the parsing of HTML redirections (meta refresh)
9 HashThePlanet: Added a new module to detect technologies and software versions based on the hashes of files.
10 Crawler: Removed httpx-socks dependencies in favor of builtin SOCKS support in httpx. SOCKS support is fixed.
11 Crawler: Upgraded httpcore to latest version in order to fix the ValueError exception that could occur on modules with high concurrency (buster, nikto)
12 Core: Load correctly resources if Wapiti is running from an egg file.
13
1415/12/2021
2 Wapiti 3.0.9 15 Wapiti 3.0.9
3 CLI: New "passive" module option allows to use less aggressives modules only 16 CLI: New "passive" module option allows to use less aggressives modules only
4 WP_ENUM: Improve detection of Wordpress 17 WP_ENUM: Improve detection of Wordpress
@@ -7,7 +20,7 @@
7 20
818/11/2021 2118/11/2021
9 Wapiti 3.0.8 22 Wapiti 3.0.8
10 CLI: prevent users from using -a without specifying --ayth-type (and vice versa) 23 CLI: prevent users from using -a without specifying --auth-type (and vice versa)
11 Crawler: Upgrade HTTP related dependencies (httpx, httpcore, httpx-socks) 24 Crawler: Upgrade HTTP related dependencies (httpx, httpcore, httpx-socks)
12 25
1314/10/2021 2614/10/2021
@@ -29,7 +42,7 @@
29 Report: added CSV as output format 42 Report: added CSV as output format
30 Cookie: you can drop cookies from HTTP responses with --drop-set-cookie 43 Cookie: you can drop cookies from HTTP responses with --drop-set-cookie
31 Cookie: you can load cookies from your browser with -c <chrome or firefox> 44 Cookie: you can load cookies from your browser with -c <chrome or firefox>
32 Session: fixed an issue that might cause URLs being rescanned when resuming a session 45 Session: fixed an issue that could cause URLs being rescanned when resuming a session
33 CMS: New modules to detect versions and installed modules for Wordpress and Drupal 46 CMS: New modules to detect versions and installed modules for Wordpress and Drupal
34 Fingerprinting: several issues fixed on mod_wapp 47 Fingerprinting: several issues fixed on mod_wapp
35 Crawler: HTTP requests are processed concurrently for faster crawling. Check the new --tasks option. 48 Crawler: HTTP requests are processed concurrently for faster crawling. Check the new --tasks option.
@@ -302,15 +315,15 @@
302 Some modifications have been made on getccokie.py so it can work 315 Some modifications have been made on getccokie.py so it can work
303 on Webmin (and probably more web applications) 316 on Webmin (and probably more web applications)
304 Added -t (--timeout) option to set the timeout in seconds 317 Added -t (--timeout) option to set the timeout in seconds
305 Added -v (--verbose) option to set the verbosity. Three availables 318 Added -v (--verbose) option to set the verbosity. Three available
306 modes : 319 modes :
307 0: only print found vulnerabilities 320 0: only print found vulnerabilities
308 1: print current attacked urls (existing urls) 321 1: print current attacked urls (existing urls)
309 2: print every attack payload and url (very much informations... good 322 2: print every attack payload and url (very much information... good
310 for debugging) 323 for debugging)
311 Wapiti is much more modular and comes with some functions to set scan 324 Wapiti is much more modular and comes with some functions to set scan
312 and attack options... look the code ;) 325 and attack options... look the code ;)
313 Some defaults options are availables as "modules" with option -m 326 Some defaults options are available as "modules" with option -m
314 (--module) : 327 (--module) :
315 GET_XSS: only scan for XSS with HTTP GET method (no post) 328 GET_XSS: only scan for XSS with HTTP GET method (no post)
316 POST_XSS: XSS attacks using POST and not GET 329 POST_XSS: XSS attacks using POST and not GET