1.88b: Dictionary improvements, contd.

spinkham · Aug 9, 2011 · dcc44d9 · dcc44d9
1 parent 7d16475
commit dcc44d9
Show file tree

Hide file tree

Showing 7 changed files with 417 additions and 22 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+Version 1.88b:
+--------------
+
+  - Dictionary improvements, contd.
+
 Version 1.87b:
 --------------
 

diff --git a/Makefile b/Makefile
@@ -20,7 +20,7 @@
 #
 
 PROGNAME   = skipfish
-VERSION    = 1.87b
+VERSION    = 1.88b
 
 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \

diff --git a/dictionaries/README-FIRST b/dictionaries/README-FIRST
@@ -27,7 +27,7 @@ The basic modes you should be aware of (in order of request cost):
 
    This method is only slightly more request-intensive than #1, and therefore,
    generally recommended in cases where time is of essence. The cost is about
-   90 requests per fuzzed location.
+   100 requests per fuzzed location.
 
 3) Directory OR extension brute-force only. In this mode, the scanner will only
    try fuzzing the file name, or the extension, at any given time - but will 
@@ -36,7 +36,7 @@ The basic modes you should be aware of (in order of request cost):
    cp dictionaries/complete.wl dictionary.wl
    ./skipfish -W dictionary.wl -Y [...other options...]
 
-   This method has a cost of about 1,700 requests per fuzzed location, and is
+   This method has a cost of about 2,000 requests per fuzzed location, and is
    recommended for rapid assessments, especially when working with slow 
    servers or very large services.
 
@@ -50,12 +50,12 @@ The basic modes you should be aware of (in order of request cost):
    Replace XXX with:
 
      minimal   - recommended starter dictionary, mostly focusing on backup
-                 and source files, under 50,000 requests per fuzzed location.
+                 and source files, about 60,000 requests per fuzzed location.
 
      medium    - more thorough dictionary, focusing on common frameworks,
-                 under 100,000 requests.
+                 about 140,000 requests.
 
-     complete  - all-inclusive dictionary, over 150,000 requests.
+     complete  - all-inclusive dictionary, over 210,000 requests.
 
    Normal fuzzing mode is recommended when doing thorough assessments of
    reasonably responsive servers; but it may be prohibitively expensive