From 6455f28f5690a89138f6c41e6e09a6ef425a1c41 Mon Sep 17 00:00:00 2001 From: Kr1ss Date: Sun, 6 Feb 2022 20:42:07 +0100 Subject: update changelog --- ChangeLog | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 46734c7..d5aec20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,17 @@ -15/02/2021 +06/02/2022 + Wapiti 3.1.0 + Crawler: Fix passing named "button" tags in HTML forms + Modules: Skip modules that fails to load properly (missing dependencies, code error, etc) + Log4Shell: Attack POST parameters too, support for attacks on VMWare vSphere and some Apache products (Struts, Druid and Solr) + CSRF: Django anti-CSRF token added to the whitelist + Modules: Added references to WSTG code for each supported attack, separate Reflected XSS from Stored XSS in reports + Crawler: Improved the parsing of HTML redirections (meta refresh) + HashThePlanet: Added a new module to detect technologies and software versions based on the hashes of files. + Crawler: Removed httpx-socks dependencies in favor of builtin SOCKS support in httpx. SOCKS support is fixed. + Crawler: Upgraded httpcore to latest version in order to fix the ValueError exception that could occur on modules with high concurrency (buster, nikto) + Core: Load correctly resources if Wapiti is running from an egg file. + +15/12/2021 Wapiti 3.0.9 CLI: New "passive" module option allows to use less aggressives modules only WP_ENUM: Improve detection of Wordpress @@ -7,7 +20,7 @@ 18/11/2021 Wapiti 3.0.8 - CLI: prevent users from using -a without specifying --ayth-type (and vice versa) + CLI: prevent users from using -a without specifying --auth-type (and vice versa) Crawler: Upgrade HTTP related dependencies (httpx, httpcore, httpx-socks) 14/10/2021 @@ -29,7 +42,7 @@ Report: added CSV as output format Cookie: you can drop cookies from HTTP responses with --drop-set-cookie Cookie: you can load cookies from your browser with -c - Session: fixed an issue that might cause URLs being rescanned when resuming a session + Session: fixed an issue that could cause URLs being rescanned when resuming a session CMS: New modules to detect versions and installed modules for Wordpress and Drupal Fingerprinting: several issues fixed on mod_wapp Crawler: HTTP requests are processed concurrently for faster crawling. Check the new --tasks option. @@ -302,15 +315,15 @@ Some modifications have been made on getccokie.py so it can work on Webmin (and probably more web applications) Added -t (--timeout) option to set the timeout in seconds - Added -v (--verbose) option to set the verbosity. Three availables + Added -v (--verbose) option to set the verbosity. Three available modes : 0: only print found vulnerabilities 1: print current attacked urls (existing urls) - 2: print every attack payload and url (very much informations... good + 2: print every attack payload and url (very much information... good for debugging) Wapiti is much more modular and comes with some functions to set scan and attack options... look the code ;) - Some defaults options are availables as "modules" with option -m + Some defaults options are available as "modules" with option -m (--module) : GET_XSS: only scan for XSS with HTTP GET method (no post) POST_XSS: XSS attacks using POST and not GET -- cgit v1.2.3-70-g09d2