added web cache deception to readme

Hackmanit · Feb 9, 2024 · 3c237c0 · 3c237c0
1 parent 8a52b8b
commit 3c237c0
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -7,9 +7,9 @@
 [![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/Hackmanit/Web-Cache-Vulnerability-Scanner)](https://golang.org/)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
 
-Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for [web cache poisoning](#background-information) developed by [Hackmanit](https://hackmanit.de) and [Maximilian Hildebrand](https://www.github.com/m10x).
+Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for [web cache poisoning](#background-information) and web cache deception developed by [Hackmanit](https://hackmanit.de) and [Maximilian Hildebrand](https://www.github.com/m10x).
 
-The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test,
+The scanner supports many different web cache poisoning and web cache deception techniques, includes a crawler to identify further URLs to test,
 and can adapt to a specific web cache for more efficient testing. It is highly customizable and can be easily integrated into existing CI/CD pipelines.
 
 - [Features](#features)
@@ -38,6 +38,10 @@ and can adapt to a specific web cache for more efficient testing. It is highly c
   7. HTTP header oversize (HHO)
   8. HTTP meta character (HMC)
   9. HTTP method override (HMO)
+- Support for 3 web cache deception techniques:
+  1. Path Parameter
+  2. Path Traversal
+  3. Appended Newline, Null Byte, Semicolon, Pound, Question Mark or Ampersand
 - Analyzing a web cache before testing and adapting to it for more efficient testing
 - Generating a report in JSON format
 - Crawling websites for further URLs to scan
@@ -86,7 +90,7 @@ version 1.0.0
 # Usage
 WCVS is highly customizable using its flags. Many of the flags can either contain a value directly or the path to a file.
 
-The only mandatory flag is `-u/--url` to provide the target URL which should be tested for web cache poisoning. The target URL can be provided in different formats,
+The only mandatory flag is `-u/--url` to provide the target URL which should be tested for web cache poisoning/deception. The target URL can be provided in different formats,
 
 WCVS needs two wordlists in order to test for the first 5 techniques - one wordlist with header names and one with parameter names. The wordlists can either be present in the same directory WCVS is executed from or specified using the `--headerwordlist/-hw` and `--parameterwordlist/-pw` flags.