Assets 2

Version 1.4d to 2.3 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.3:

Changes:

  • Unpinned libraries in setup.py to make more flexible installing the package. Added requirements file with latest dependencies versions that work.

Bugs fixed:

  • Product iterator was opening file before counting words (fixes #101) (thanks @jyn514)
  • Trying to detect file encoding before opening (fixes #100) (thanks @jyn514)
  • File payload was mistakenly detecting EOF on blank lines

@xmendez xmendez released this Oct 30, 2018 · 8 commits to master since this release

Assets 2

Version 1.4d to 2.3 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.3:

New features:

  • Python 2 and 3 compatible
  • Pep8 compliant
  • Integrated travis CI and code coverage
  • Unit and integration tests
  • Updated docs
  • Deflate encoding

Bugs fixed:

  • Ability to send post data using any HTTP verb (thanks @navhaxs and @vingtsyl)
  • Encode quote in html_escape encoder
  • Fix minimum length in hexrange payload
  • Avoid stale thread due to http_pool being created too early
  • Changed order of imports in ipnet and iprange payloads
  • _build_id using parent class variable in moduleman FileLoader and DirLoader
  • Incorrect simple_filter return value in modulefilter
  • PUT method hanged request

@xmendez xmendez released this Mar 25, 2018 · 106 commits to master since this release

Assets 2

Version 1.4d to 2.2.11 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.2.11:

Bugs fixed:

  • Error in setup.py (Thanks to @gaurav8k)
  • Warning instead of exiting when pycurl is missing the PATH_AS_IS attribute (Thanks to @javixeneize)
  • Bug in httppool (Thanks to @Jumbo-WJB)

@xmendez xmendez released this Jan 9, 2018 · 113 commits to master since this release

Assets 2

Version 1.4d to 2.2.9 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.2.9:

Bugs fixed:

  • Avoid pycurl URL normalization when using dots (thanks to @fj7)
  • Automatically add / when URL is specified without a path (thanks to @Bladefidz and @javixeneize)
  • Filter not working when using output printer (thanks to @phackt)
  • Response parse when pycurl returns various headers (thanks to @phackt)

@xmendez xmendez released this Nov 22, 2017 · 120 commits to master since this release

Assets 2

Version 1.4d to 2.2.8 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.2.8:

  • Fixed bug when repeating requests
  • Fixed zip count (thanks @Bladefidz)
  • Fixed --help in wfpayload
  • CSV support (thanks @egilas)
  • Added mysql error message to errors plugin
  • Added raw_content filter language attribute
  • --prev flag prints previous requests, useful for comparing results
  • Moved source code to src directory and created bash cli executables

@xmendez xmendez released this Sep 25, 2017 · 144 commits to master since this release

Assets 2

Version 1.4d to 2.2.3 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.2.3:

New features:

  • f switch for storing results in file
  • o switch for changing output
  • new get_session API method
  • Updated JSON printer (thanks to @ilyaglow)
  • Added requirements to setup.py

Bug fixes:

  • bug in the default output not printing filtered results

@xmendez xmendez released this Sep 22, 2017 · 162 commits to master since this release

Assets 2

Version 1.4d to 2.2.2 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.2.2:

Bug fixes:

  • bug with queues sync
  • bug in title plugin
  • bug in backups plugin
  • bug in full request fuzzing
  • headers contain an extra space
  • when saving a baseline result
  • when setting host header

Other changes:

  • Corrected typo in doc
  • Additional acceptance tests
  • Removed backups plugin from default category
  • Removing legacy/old information in messages and help

@xmendez xmendez released this Sep 20, 2017 · 179 commits to master since this release

Assets 2

Version 1.4d to 2.2 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.2.0:

Main enhancements:

  • Improved documentation
  • Wfuzz scriptable API
  • wfpayload and wfencoder utils
  • wfuzz.ini for general and plugin options
  • Improved filter language (introspection, operators, functions, FUZZ keyword).
  • Introspection using FUZZ[field]
  • Allow to run wfuzz from any folder
  • Wfuzz could be installed using pip
  • Dictionaries are automatically looked for at the specified directories
  • Test cases
  • Ability to store and reuse previous results

New features:

  • req-delay and conn-delay switches
  • dry-run switch
  • X switch allows to specify method (removed -I switch).
  • o switch writes printer output to a file
  • p switch for proxy specification supports repetition
  • L switch is equivalent to --follow
  • zP swtich to specify further parameters to payloads
  • u switch for specifying an URL
  • Simple/advanced help switches
  • prefilter/slice for filtering payloads.
  • Improved help for payloads and plugins

Other enhancements:

  • Code reorganization (using a queue pipeline for processing results).
  • Bugs fixing
  • Improved error handling
  • Personal plugins could be stored in user's home folder.
  • Plugins are stored in directories in separated files
  • Improved FuzzRequest object for easier access to cookies, params...
  • Plugin runtime/loading errors do not block wfuzz execution.
  • A request is repeated a number of times if fails.
  • Validate CLI options.
  • BeautifulSoup integration
  • Plugins can perform their own requests outside the execution pipeline.
  • Option to encode space in the URL
  • FUZZ keyword for ss/hs switches
  • Improved scripts and payloads structure for creating new plugins

Plugins:

  • Check for errors (WIP)
  • json printer
  • burplog and burpstate payloads
  • wfuzzp payload
  • net ipaddress payload
  • dirwalk payload
  • title plugin
  • Backup plugin
  • CVS entries plugin

@xmendez xmendez released this Mar 5, 2017 · 576 commits to master since this release

Assets 2

Version 1.4d to 2.1.5 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.1.5:

  • Fixed bug on screenshot plugin
  • Added CSV printer, thanks @Yoginski
  • Fixed bug on raw printer, thanks @maaaaz

@xmendez xmendez released this Sep 10, 2016 · 582 commits to master since this release

Assets 2

Version 1.4d to 2.1.4 developed by:

Xavier Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.1.4:

  • Added json printer (thanks to Federico)
  • Raw printer
  • Corrected folder spellings (thanks to l0stkn0wledge)
  • Allow wfuzz to run from any path
  • Using env python
  • IPnet payload
  • Fixed bug counting the number of FUZZ words when using the baseline