Prepare v3.2.1

wapiti-scanner · Nov 12, 2024 · 1fee04a · 1fee04a
1 parent 2681f19
commit 1fee04a
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 7 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-Wapiti 3.2.0
+Wapiti 3.2.1
diff --git a/doc/ChangeLog_Wapiti b/doc/ChangeLog_Wapiti
@@ -1,4 +1,11 @@
-Unrelease
+12/11/2024
+    Wapiti 3.2.1
+    doc: fix and update documentation (usage, manpage, etc)
+    Core: authentication possible using .side files
+    Core: improve parsing of swagger files for API importation
+    Core: improve stopping mechanism with ctrl+c
+
+12/08/2024
     Wapiti 3.2.0
     mod_network_device: New module to detect network devices interface
     mod_cms: New module to detect CMS Version

diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "wapiti3"
-version = "3.2.0"
+version = "3.2.1"
 description = "A web application vulnerability scanner"
 readme  = "README.rst"
 requires-python = ">=3.10" 

diff --git a/tests/integration/test_mod_crlf/assertions/crlf.json b/tests/integration/test_mod_crlf/assertions/crlf.json
@@ -7,7 +7,7 @@
                 "info": "CRLF Injection via injection in the parameter user-agent",
                 "parameter": "user-agent",
                 "module": "crlf",
-                "http_request": "GET /index.php?user-agent=http%3A%2F%2Fwww.google.fr%0D%0Awapiti%3A%203.2.0%20version HTTP/1.1\nhost: crlf\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
+                "http_request": "GET /index.php?user-agent=http%3A%2F%2Fwww.google.fr%0D%0Awapiti%3A%203.2.1%20version HTTP/1.1\nhost: crlf\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
                 "wstg": [
                     "WSTG-INPV-15"
                 ]

diff --git a/wapitiCore/__init__.py b/wapitiCore/__init__.py
@@ -19,4 +19,4 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 parser_name = "html.parser"
-WAPITI_VERSION = "3.2.0"
+WAPITI_VERSION = "3.2.1"
diff --git a/wapitiCore/attack/mod_crlf.py b/wapitiCore/attack/mod_crlf.py
@@ -38,7 +38,7 @@ class ModuleCrlf(Attack):
     MSG_VULN = "CRLF Injection"
     do_get = True
     do_post = True
-    payloads = [PayloadInfo(payload="http://www.google.fr\r\nwapiti: 3.2.0 version")]
+    payloads = [PayloadInfo(payload="http://www.google.fr\r\nwapiti: 3.2.1 version")]
 
     def __init__(self, crawler, persister, attack_options, crawler_configuration):
         super().__init__(crawler, persister, attack_options, crawler_configuration)
@@ -49,7 +49,7 @@ async def attack(self, request: Request, response: Optional[Response] = None):
 
         for mutated_request, parameter, _payload in self.mutator.mutate(
                 request,
-                str_to_payloadinfo(["http://www.google.fr\r\nwapiti: 3.2.0 version"]),
+                str_to_payloadinfo(["http://www.google.fr\r\nwapiti: 3.2.1 version"]),
         ):
             log_verbose(f"[¨] {mutated_request.url}")