Skip to content

Wfuzz 3.1.0 - The Web fuzzer

Latest
Compare
Choose a tag to compare
@xmendez xmendez released this 06 Nov 10:42
· 2 commits to master since this release
02a809d

Version 1.4d to 3.1.0 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 3.1.0:

  • Added tox and change test in Makefile
  • Improved plugin field filter language capabilities, ie. data and severity can be specified
  • Plugin's information is shown depending on severity when using -v
  • Filter language and fuzzresult's description handle lists of results
  • Added some basic queue profiling for debugging
  • diff operator
  • Refactored discarded results
  • Dotdict str
  • Removed future library
  • Added operator tests

Plugins:

  • Refactored headers plugin
  • Links plugins looks in link and redirect headers
  • Improved links plugin regex based on nahamsec/JSParser
  • New field printer to output filter expressions only
  • burplog unittest
  • raw printer shows plugin data

wfpayload:

  • Added --prev and --AA, ---AAA to wfpayload

wfencode:

  • -i reads from stdin
  • general handle exception in wfencode

Breaking changes:

  • Changed -A, --AA, ---AAA plugin's categories
  • Changed plugins filter language field.
  • Changed links filter parameters and kbase keys.
  • Changed headers kbase key and server result.
  • When slicing a payload FUZZ refers to the previous result.

Bugs:

  • Fixed --prev in wfpayload
  • Fixed -c and -v values within printers plugins
  • Don't print empty values in wfpayload
  • Use lower() in ~ operator
  • Remove httpreceiver queue limit
  • Fixed --interactive actions
  • Stripped CRLF from burplog parsed responses
  • Fixed --slice when using FuzzResult payloads
  • Only add recursive and routing queues when transport is Http
  • Bug in reqresp when parsing nested http responses due to textparser