Releases: xmendez/wfuzz
Wfuzz 3.1.0 - The Web fuzzer
Version 1.4d to 3.1.0 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 3.1.0:
- Added tox and change test in Makefile
- Improved plugin field filter language capabilities, ie. data and severity can be specified
- Plugin's information is shown depending on severity when using -v
- Filter language and fuzzresult's description handle lists of results
- Added some basic queue profiling for debugging
- diff operator
- Refactored discarded results
- Dotdict str
- Removed future library
- Added operator tests
Plugins:
- Refactored headers plugin
- Links plugins looks in link and redirect headers
- Improved links plugin regex based on nahamsec/JSParser
- New field printer to output filter expressions only
- burplog unittest
- raw printer shows plugin data
wfpayload:
- Added --prev and --AA, ---AAA to wfpayload
wfencode:
- -i reads from stdin
- general handle exception in wfencode
Breaking changes:
- Changed -A, --AA, ---AAA plugin's categories
- Changed plugins filter language field.
- Changed links filter parameters and kbase keys.
- Changed headers kbase key and server result.
- When slicing a payload FUZZ refers to the previous result.
Bugs:
- Fixed --prev in wfpayload
- Fixed -c and -v values within printers plugins
- Don't print empty values in wfpayload
- Use lower() in ~ operator
- Remove httpreceiver queue limit
- Fixed --interactive actions
- Stripped CRLF from burplog parsed responses
- Fixed --slice when using FuzzResult payloads
- Only add recursive and routing queues when transport is Http
- Bug in reqresp when parsing nested http responses due to textparser
Wfuzz 3.0.3 - The Web fuzzer
Version 1.4d to 3.0.3 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 3.0.3:
- Added sha256 and sha512 encoders. Thanks @dustinaevans
- Docker image available at github registry (closes #122). Thanks @oscarbc96
Bugs:
- Removed pytest from dev requirements (closes #215)
- Fixed pypi long description formatting. Thanks @oscarbc96
Wfuzz 3.0.2 - The Web fuzzer
Version 1.4d to 3.0.2 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 3.0.2:
- Added dependabot configuration
- Updated requirements
- Updated screenshot plugin. Details at #226. Thanks to @1mm0rt41PC
Bugs:
- Fixed double urlencode name (see #235). thanks to @tititototutu
Wfuzz 3.0.1 - The Web fuzzer
Version 1.4d to 3.0.1 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 3.0.1:
- Store wfuzz configuration according to XDG Base Directory Specification. Thanks to @nemoload
- Changed pyparsing version requirement. Thanks to @blshkv
- Pinned black and flake versions in tox.ini
Wfuzz 3.0.0 - The Web fuzzer
Version 1.4d to 3.0.0 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 3.0.0:
- Following semantic versioning from this release on-wards. See https://semver.org/
- Refactor of options, queues, dictionaries, filters, printers and factories.
- Refactored some tests to pytest.
- Added black formatter to CI.
- Updated documentation.
- Improved filter language performance.
- Added Python 3.8 support to CI (closes #190)
- Stopped python 2 support.
New features
- Various --prefilter command line options are accepted.
- Various --efield or --field command line options are accepted. (Closes #152 )
- Wfpayload uses same motor as wfuzz and therefore provides almost the same options. (closes #154)
- Slice can re-write payloads (closes #140)
- Links plugins accepts a regex parameter to crawl other subdomains
- New npm_deps plugin.
- Added raw_post to filter language.
- Complex and simple filters can be combined.
- Added BBB to language as keyword, not only in conjunction with c,l,w.
- Fields and headers are case insensitive in filter language.
Bugs
- Fixed baseline in headers (Closes #188)
- Fixed output when printing long lines or non-printable characters.
- Fixed pyparsing depency requirements (Closes #206)
- Removed deprecation and import warnings.
- Using package data for filter documentation file (Closes #135)
- Warnings to stdout instead of stderr (closes #163)
- Null fields do not raise an exception in filter language.
Breaking changes
- In wfuzz library:
- prefilter is a list of filters not a string.
- dry-run is specified with transport variable not with mode as before.
- When using --recipe, command line options that are a list are appended. Previously, the last one took precedence.
- When writing plugins:
- iterators must override width and payloads functions
- payloads must override get_next and get_type functions
- Saved Wfuzz sessions are not compatible with previous versions
Wfuzz 2.4.7 - The Web fuzzer
Version 1.4d to 2.4.7 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 2.4.7:
- Pinned dev dependencies in setup.py to make code linting repeatable
Bugs
Wfuzz 2.4.6 - The Web fuzzer
Version 1.4d to 2.4.6 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 2.4.6:
- Removed python 2 Travis stalled tests.
Bugs
Wfuzz 2.4.5 - The Web fuzzer
Version 1.4d to 2.4.5 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 2.4.5
Bugs
Wfuzz 2.4.4 - The Web fuzzer
Version 1.4d to 2.4.4 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 2.4.4
Bugs
- Fixed parsing HTML requests and responses when using raw strings
Wfuzz 2.4.2 - The Web fuzzer
Version 1.4d to 2.4.2 developed by:
Xavi Mendez (xmendez@edge-security.com)
Version up to 1.4c developed by:
Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)
Changelog 2.4.2:
New features
- burpitem payload thanks to @PaperTsar
Bugs
- Terminal width (fixes #155). Thanks to @IgorSasovets and @laozhoubuluo
- burplog payloads. Thanks to @PaperTsar