Skip to content

v0.8.0
Compare
Choose a tag to compare
@github-actions github-actions released this 12 Jul 13:31
· 12 commits to main since this release
v0.8.0
64285f4

It has been a year since the last release of monsoon but we've been working on it continuously behind the scenes. Now, we're proud to release version 0.8.0 which is full of new features, fixes and improvements. In fact, we also wrote the new blog post "Bringing Monsoon to the Next Level" which goes over all changes in detail. The most notable new features are the --replace parameter which allows you to fuzz with multiple parameters and the overhauled test command.

Changes:

  • Multi-parameter fuzzing with the --replace parameter which can be specified multiple times. It combines the functionality of the --file, --range and --range-format and adds even more flexibility. For example, you can search for files in multiple directories like this: --replace DIRNR:range:1-10:%02d --replace FILENAME:file:files.txt https://example.com/folder-DIRNR/FILENAME
  • Overhauled test command to show the table output known from monsoon fuzz for a single fuzz value and print the request and response. It is also now a drop-in replacement for the fuzz command for quick and easy testing.
  • Static value replacer: Take a look at our blog to find out when this feature comes handy.
  • Long request detection: Due to the parallel nature of fuzzing, it is often not easy to identify requests that take longer than usual. However, these requests are often especially interesting. monsoon now prints out an annotation for these requests.
  • Reversed ranges: It is now possible to switch start and end of a range to count backwards.
  • Overhauled --extract-pipe: The performance was improved significantly and the current fuzz values are now passed to the command as environment variables.
  • Added the option --insecure-ciphersuites to enable all insecure ciphersuites that are supported by Go.
  • Multiple new timeout options: --connect-timeout, --tls-handshake-timeout and --response-header-timeout
  • Support for coloured output on Windows.
  • Fixed an issue where responses were not decompressed when using a template file.
  • More robust template file parsing.
  • A version command was added.
  • Lots of small fixes and improvements under the hood.

Finally, we now also offer pre-built binaries below.

Assets 9