Skip to content

v3.14.0

Latest
Latest
Compare
Choose a tag to compare
@VitorOriel VitorOriel released this 05 May 16:32
v3.14.0
ee0a3c1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New features

  • Added a replay proxy option --replay-proxy PROXY;
  • Added a Matcher option to match responses by regex -Mr REGEX;
  • Added Filter:
    • Exclude responses by status codes -Fc STATUS;
    • Exclude responses by regex -Fr REGEX;
  • Added recursion jobs feature:
    • Plugin scanners now can enqueue payloads for the next job when needed;
    • Added directory recursion feature (--recursion) on path fuzzing;
    • The user can set the maximum recursion level from jobs (--max-rlevel RLEVEL);
  • Added option to set multiple plugin scanners (when use multiple --scanner argument);
  • Added plugin scanners:
    • Backups;
    • Wappalyzer;

Removed features

  • Removed the use of multiple http methods;
  • Removed Find plugin (replaced by match by regex);

Bugfix

  • Fixed a bug with match logic on Matcher, when set multiple match options and only one is considered;
  • Fixed a bug with DnsZone plugin when set an invalid hostname;
  • Fixed a split string error on function split_str_to_list;

CLI output changes

  • When do a subdomain fuzzing, the ip address will no longer be shown on cli output. It'll only be stored in the report file;
  • Added a progress bar (credits to Dirsearch for the idea)

Other changes

  • Changed the program binary name from FuzzingTool to fuzzingtool;
  • Now the Dictionary object will enqueue Payload objects into the payloads queue;
  • Each Payload has his own recursion level attribute (Payload.rlevel) to tell about the job recursion level;
  • Now the wordlist creation and build are threaded;

Code refactored

  • Added HttpHistory object to store the information about the request and response into the result object, including the ip address when do a subdomain fuzzing;
  • Moved some functions from http_utils module to UrlParse class;
  • Removed inspect_result method from scanners. Now they will append results in the _process method;
  • Removed decorator append_args, no longer needed;
  • Updated fuzz types and created a class to store the plugin categories on utils/consts;
  • Moved both logger and reports to persistence directory;
  • Updated the order of the parameters on PluginFactory methods;
  • Moved the api to outside of a specific folder;
  • Moved the argument build functions to utils/argument_utils;
Assets 2
Loading