1 files changed, 22 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 75cba8b..947f2b2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,25 @@
+20/02/2021
+    Wapiti 3.0.4
+    XSS: improved context awareness of HTML webpage, payloads can now use the existing HTML tags without closing them
+    XSS: greatly reduced number of false negatives while slightly reducing false positives
+    XSS: the module will also check for the CSP header and warn if reflection was found while a strong CSP seems present
+    XSS: reduced memory and CPU consumption
+    XSS: added more payloads to bypass filters and WAF
+    Exec: added a few more payloads
+    SQL: more heuristics to detect DBMS used on the target
+    Wappalyzer module allows to detect software used by a website, along with versions
+    New module to check the security settings of Cookies (HttpOnly, secure, etc)
+    New module to check the security settings for HTTP headers (Strict-Transport-Security, X-Frame-Options, etc)
+    New module to check the security settings for Content-Security-Policy
+    New module to check for forms vulnerable to CSRF (either no anti-CSRF token is present or it is not well implemented)
+    New module to brute-force found login forms with known default credentials (admin/admin, demo/demo, etc)
+    New --update option allows to get last updates for detections databases (Wappalyzer and Nikto)
+    New --max-attack-time options allows to limit the execution time of each attack module
+    New --store-config options allows to set the path for Wapiti configuration files (detection databases)
+    Combining the new "-a post" authentication option along with -s allows to login on the target without using wapiti-getcookie
+    Removed jQuery dependency
+    Fixed several issues with endpoints
 20/02/2020
    Wapiti 3.0.3
    An important work was made to reduce false positives in XSS detections.

diff --git a/ChangeLog b/ChangeLog index 75cba8b..947f2b2 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,25 @@
		1	20/02/2021
		2	Wapiti 3.0.4
		3	XSS: improved context awareness of HTML webpage, payloads can now use the existing HTML tags without closing them
		4	XSS: greatly reduced number of false negatives while slightly reducing false positives
		5	XSS: the module will also check for the CSP header and warn if reflection was found while a strong CSP seems present
		6	XSS: reduced memory and CPU consumption
		7	XSS: added more payloads to bypass filters and WAF
		8	Exec: added a few more payloads
		9	SQL: more heuristics to detect DBMS used on the target
		10	Wappalyzer module allows to detect software used by a website, along with versions
		11	New module to check the security settings of Cookies (HttpOnly, secure, etc)
		12	New module to check the security settings for HTTP headers (Strict-Transport-Security, X-Frame-Options, etc)
		13	New module to check the security settings for Content-Security-Policy
		14	New module to check for forms vulnerable to CSRF (either no anti-CSRF token is present or it is not well implemented)
		15	New module to brute-force found login forms with known default credentials (admin/admin, demo/demo, etc)
		16	New --update option allows to get last updates for detections databases (Wappalyzer and Nikto)
		17	New --max-attack-time options allows to limit the execution time of each attack module
		18	New --store-config options allows to set the path for Wapiti configuration files (detection databases)
		19	Combining the new "-a post" authentication option along with -s allows to login on the target without using wapiti-getcookie
		20	Removed jQuery dependency
		21	Fixed several issues with endpoints
		22
1	20/02/2020	23	20/02/2020
2	Wapiti 3.0.3	24	Wapiti 3.0.3
3	An important work was made to reduce false positives in XSS detections.	25	An important work was made to reduce false positives in XSS detections.