Skip to content

Update changelog #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 6, 2020
Merged

Update changelog #172

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 20 additions & 4 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,22 +7,38 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

### Added
- active/cve-2019-5418.js > An active scanner for Ruby on Rails Accept header content disclosure issue.
- active/JWT None Exploit.js > Checks if the application's JWT implementation allows the usage of the 'none' algorithm.
- authentication/DjangoAuthentication.js > Django authentication script.
- standalone/scan_rule_list.js > Lists details from both active and passive scan rules.
- standalone/Split download extract.rb > Add script to concatenate split file downloads
- extender/ZAP onEvent Handler.js > An example for how to listen for internal ZAP events
- authentication/GetsWithRedirectThenPost.js > An authentication script that follows GET redirects and then submits a POST with the authentication credentials.
- extender/Simple Reverse Proxy.js > Adds a simple reverse proxy.
- extender/ZAP onEvent Handler.js > An example for how to listen for internal ZAP events.
- httpsender/add-extra-headers.js > Adds encountered 'extra' headers to all requests.
- httpsender/aws-signing-for-owasp-zap.py > Signs requests to AWS.
- httpsender/fingerprinter.js > Logs MD5s of responses.
- httpsender/greenbone-maintain-auth.js > An auth helper script for OpenVAS Greenbone web interface.
- httpsender/inject-xss.js > Injects XSS payloads into JSON responses.
- httpsender/juice-shop-maintain-auth.js > An auth helper script for OWASP JuiceShop.
- httpsender/keep-cookies-going.js > An auth helper script.
- httpsender/maintain-jwt.js > Tracks JWTs and updates Authorization bearer headers.
- passive/Find IBANs.js > Finds IBANs in HTTP response bodies.
- passive/HUNT.py > Merge of existing HUNT scripts.
- proxy/Drop requests by response code.js > Drops requests that have a given response code.
- standalone/scan_rule_list.js > Lists details from both active and passive scan rules.
- standalone/Split download extract.rb > Concatenates split file downloads.

### Changed
- Misc maintenance changes.
- Maintenance changes to target ZAP 2.8.

### Removed
- The following scripts were merged into a new script `HUNT.py`:
- passive/HUNT - Debug & Logic Parameters.py
- passive/HUNT - File Inclusion.py
- passive/HUNT - IDOR.py
- passive/HUNT - RCE.py
- passive/HUNT - SQLi.py
- passive/HUNT - SSRF.py
- passive/HUNT - SSTI.py

### Fixed
- Fix links to source files in zaproxy repo.

Expand Down