Skip to content

Releases: Marven11/Fenjing

v0.6.7

16 Mar 03:48
@Marven11 Marven11
v0.6.7
5e5f5a6
Compare
Choose a tag to compare
v0.6.7 Latest
Latest

New features:

  • Provide crack-path and scan functionalities in webui, which were only available in cli interface.
  • Open browser automatically when starting webui

Optimization:

  • better waf detection
Assets 2

v0.6.6

10 Mar 12:02
@Marven11 Marven11
0.6.6
4f2ee0e
Compare
Choose a tag to compare
v0.6.6

New features:

  • better webui
  • better prompt for cli

Optimization:

  • more rule
  • a new way to detect replaced keywords

Full Changelog: v0.6.5...0.6.6

Assets 2

v0.6.5

14 Feb 19:11
@Marven11 Marven11
v0.6.5
fd4e8d7
Compare
Choose a tag to compare
v0.6.5

Optimization:

  • More rules
  • Optimized ability for attacking python2
    Bug fix:
  • many

Full Changelog: v0.6.0.1...v0.6.5

Assets 2

v0.6.0.1

27 Nov 10:37
@Marven11 Marven11
v0.6.0.1
3f8c280
Compare
Choose a tag to compare
v0.6.0.1

New features:

  • Remove redundant brackets in payload with precedence calculation.
  • Now scan function will guess parameters by intrusion.
  • Test whether WAF banned long payloads.
  • Add tons of rules...
  • Add --extra-param and --extra-data options

Bug fixes:

  • environment param ignored in do_crack_path_pre
  • long param WAF test cause wrong WAF detection

Full Changelog: v0.5.8...v0.6.0.1

Assets 2

v0.5.8

27 Oct 19:06
@Marven11 Marven11
v0.5.8
c5127ca
Compare
Choose a tag to compare
v0.5.8

New features:

  • Auto fixing 500 algorithm! When HTTP status code is 500 the algo just FIX it! Details in #16
  • More rules, we can add some rules back because that algo will disable them when they don't work.
  • Bug fix: eval dont work in eval-args-payload mode

Full Changelog: v0.5.5.1...v0.5.8

Assets 2

v0.5.5.1

14 Oct 17:42
@Marven11 Marven11
v0.5.5.1
ab25ba6
Compare
Choose a tag to compare
v0.5.5.1

New feature:

  • Real Terminal!
    • eval a python expression on the target, for meterpreter python session and others.
    • get a flask config of the target, sometimes flag is there.
    • implement ls and cat alternative in the terminal, will be useful when the PATH environment is broken.
  • normal stuff like more rules...
  • none.

Full Changelog: v0.5.2.1...v0.5.5.1

Assets 2

v0.5.2.1

31 Jul 13:43
@Marven11 Marven11
v0.5.2.1
9672977
Compare
Choose a tag to compare
v0.5.2.1

Optimization:

  • More rules!
  • Better WAF detection
  • Check WAF when generating literals
  • Check whether tamperers' output ends in '\n'
  • Improve code quality

Full Changelog: v0.5.1...v0.5.2.1

Assets 2

v0.5.1

26 Jul 19:54
@Marven11 Marven11
v0.5.1
650e1de
Compare
Choose a tag to compare
v0.5.1

So I finally closed issue #10
New features:

  • --eval-args-payload option, pass payload in the GET/POST args, and use SSTI to execute it.
  • --proxy option for just setting proxy.

Optimization:

  • Stop adding brackets when getting attributes of something
  • add a internal generate target ONEOF for generate one of the requirements, now the payload generator can genrate things like "__g""lobals__" besides "_""_""g""l""o""b""a""l""s""_""_"
  • generate target EVAL now requires a generate target instead of a string, useful for generating things like eval(request.value.x)

Full Changelog: v0.4.8...v0.5.1

Assets 2

v0.4.8

18 Jul 05:16
@Marven11 Marven11
v0.4.8
ab5e6dc
Compare
Choose a tag to compare
v0.4.8

New features:

  • detect-mode
  • tamper-cmd
  • Better webui
  • Better WAF detection

Full Changelog: v0.4.1...v0.4.8

Assets 2

v0.4.1

07 Jul 08:13
@Marven11 Marven11
v0.4.1
4d4cc82
Compare
Choose a tag to compare
v0.4.1

Finally start shortening payload length.

Full Changelog: v0.3.0...v0.4.1

Assets 2