New release

wapiti-scanner · Jul 9, 2022 · e68fe6d · e68fe6d
1 parent 0b81054
commit e68fe6d
Show file tree

Hide file tree

Showing 27 changed files with 1,023 additions and 972 deletions.
diff --git a/INSTALL.md b/INSTALL.md
@@ -1,7 +1,7 @@
 Introduction
 ============
 
-All installation methods assume you already have a Python 3.7 or more recent on your system.
+All installation methods assume you already have a Python 3.8 or more recent on your system.
 
 Note that if you have all the requirements pre-installed on your system, it is not necessary to use the setup.py script
 to use Wapiti : just extract the archive and launch the "wapiti" command line in the "bin" folder :

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-Wapiti 3.1.2
+Wapiti 3.1.3
diff --git a/doc/ChangeLog_Wapiti b/doc/ChangeLog_Wapiti
@@ -1,3 +1,9 @@
+09/07/2022
+    Wapiti 3.1.3
+    Reports: Add a new --detailed-report option that will put HTTP responses (headers and bodies) in the report.
+    Crawler: Add a new --mitm-port <PORT> option that will replace the crawler with an intercepting proxy (mitmproxy)
+    Core: Dropped support of Python 3.7
+
 13/05/2022
     Wapiti 3.1.2
     mod_http_headers: Deprecate X-XSS-Protection header

diff --git a/doc/wapiti-getcookie.1 b/doc/wapiti-getcookie.1
@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "WAPITI\-GETCOOKIE" "1" "February 2022" "" ""
+.TH "WAPITI\-GETCOOKIE" "1" "June 2022" "" ""
 .
 .SH "NAME"
 \fBwapiti\-getcookie\fR \- A Wapiti utility to fetch cookies from a webpage and store them in the Wapiti JSON format\.

diff --git a/doc/wapiti-getcookie.1.html b/doc/wapiti-getcookie.1.html
diff --git a/doc/wapiti.1 b/doc/wapiti.1
@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "WAPITI" "1" "February 2022" "" ""
+.TH "WAPITI" "1" "July 2022" "" ""
 .
 .SH "NAME"
 \fBwapiti\fR \- A web application vulnerability scanner in Python
@@ -28,7 +28,7 @@ Here is a summary of options\. It is essentially what you will get when you laun
 TARGET SPECIFICATION:
 .
 .IP "\(bu" 4
-\fB\-u\fR \fIURL\fR
+\fB\-u\fR, \fB\-\-url\fR \fIURL\fR
 .
 .IP "\(bu" 4
 \fB\-\-data\fR \fIURL_ENCODED_DATA\fR
@@ -48,24 +48,30 @@ ATTACK SPECIFICATION:
 \fB\-\-list\-modules\fR
 .
 .IP "\(bu" 4
-\fB\-l\fR \fILEVEL\fR
+\fB\-l\fR, \fB\-\-level\fR \fILEVEL\fR
 .
 .IP "" 0
 .
 .P
 PROXY AND AUTHENTICATION OPTIONS:
 .
 .IP "\(bu" 4
-\fB\-p\fR \fIPROXY_URL\fR
+\fB\-p\fR, \fB\-\-proxy\fR \fIPROXY_URL\fR
 .
 .IP "\(bu" 4
-\fB\-a\fR \fICREDENTIALS\fR
+\fB\-\-tor\fR
+.
+.IP "\(bu" 4
+\fB\-\-mitm\-port\fR \fIPORT\fR
+.
+.IP "\(bu" 4
+\fB\-a\fR, \fB\-\-auth\-cred\fR \fICREDENTIALS\fR
 .
 .IP "\(bu" 4
 \fB\-\-auth\-type\fR {basic,digest,ntlm,post}
 .
 .IP "\(bu" 4
-\fB\-c\fR \fICOOKIE_FILE_OR_BROWSER_NAME\fR
+\fB\-c\fR, \fB\-\-cookie\fR \fICOOKIE_FILE_OR_BROWSER_NAME\fR
 .
 .IP "\(bu" 4
 \fB\-\-drop\-set\-cookie\fR
@@ -99,19 +105,19 @@ SESSION OPTIONS:
 SCAN AND ATTACKS TUNING:
 .
 .IP "\(bu" 4
-\fB\-s\fR \fIURL\fR
+\fB\-s\fR, \fB\-\-start\fR \fIURL\fR
 .
 .IP "\(bu" 4
-\fB\-x\fR \fIURL\fR
+\fB\-x\fR, \fB\-\-exclude\fR \fIURL\fR
 .
 .IP "\(bu" 4
-\fB\-r\fR \fIPARAMETER\fR
+\fB\-r\fR, \fB\-\-remove\fR \fIPARAMETER\fR
 .
 .IP "\(bu" 4
 \fB\-\-skip\fR \fIPARAMETER\fR
 .
 .IP "\(bu" 4
-\fB\-d\fR \fIDEPTH\fR
+\fB\-d\fR, \fB\-\-depth\fR \fIDEPTH\fR
 .
 .IP "\(bu" 4
 \fB\-\-max\-links\-per\-page\fR \fIMAX_LINKS_PER_PAGE\fR
@@ -157,13 +163,13 @@ ENDPOINT OPTIONS:
 HTTP AND NETWORK OPTIONS:
 .
 .IP "\(bu" 4
-\fB\-t\fR \fISECONDS\fR
+\fB\-t\fR, \fB\-\-timeout\fR \fISECONDS\fR
 .
 .IP "\(bu" 4
-\fB\-H\fR \fIHEADER\fR
+\fB\-H\fR, \fB\-\-header\fR \fIHEADER\fR
 .
 .IP "\(bu" 4
-\fB\-A\fR \fIAGENT\fR
+\fB\-A\fR, \fB\-\-user\-agent\fR \fIAGENT\fR
 .
 .IP "\(bu" 4
 \fB\-\-verify\-ssl\fR {0,1}
@@ -177,7 +183,7 @@ OUTPUT OPTIONS:
 \fB\-\-color\fR
 .
 .IP "\(bu" 4
-\fB\-v\fR \fILEVEL\fR
+\fB\-v\fR, \fB\-\-verbose\fR \fILEVEL\fR
 .
 .IP "\(bu" 4
 \fB\-\-log\fR \fIOUTPUT_PATH\fR
@@ -188,10 +194,13 @@ OUTPUT OPTIONS:
 REPORT OPTIONS:
 .
 .IP "\(bu" 4
-\fB\-f\fR {json,html,txt,xml}
+\fB\-f\fR, \fB\-\-format\fR {json,html,txt,xml}
+.
+.IP "\(bu" 4
+\fB\-o\fR, \fB\-\-output\fR \fIOUTPUT_PATH\fR
 .
 .IP "\(bu" 4
-\fB\-o\fR \fIOUTPUT_PATH\fR
+\fB\-dr\fR, \fB\-\-detailed\-report\fR
 .
 .IP "" 0
 .
@@ -322,6 +331,9 @@ The given URL will be used as a proxy for HTTP and HTTPS requests\. This URL can
 Make Wapiti use a Tor listener (same as \-\-proxy socks://127\.0\.0\.1:9050/)
 .
 .IP "\(bu" 4
+\fB\-\-mitm\-port\fR \fIPORT\fR If used, this option will launch a mitmproxy instance listening on the given port instead of using an automated crawler to explore the target\. Configure your browser to use the intercepting proxy then explore the target manually\. Ctrl+C in the console when you are done\.
+.
+.IP "\(bu" 4
 \fB\-a\fR, \fB\-\-auth\-cred\fR \fICREDENTIALS\fR
 .
 .br
@@ -598,10 +610,7 @@ The default value is dns\.wapiti3\.ovh
 .SH "HTTP AND NETWORK OPTIONS"
 .
 .IP "\(bu" 4
-\fB\-t\fR, \fB\-\-timemout\fR \fISECONDS\fR
-.
-.br
-Time to wait (in seconds) for a HTTP response before considering failure\.
+\fB\-t\fR, \fB\-\-timeout\fR \fISECONDS\fR Time to wait (in seconds) for a HTTP response before considering failure\.
 .
 .IP "\(bu" 4
 \fB\-H\fR, \fB\-\-header\fR \fIHEADER\fR
@@ -670,6 +679,9 @@ Although the HTML reports were rewritten to be more responsive, they still are i
 .br
 Set the path were the report will be generated\.
 .
+.IP "\(bu" 4
+\fB\-dr\fR, \fB\-\-detailed\-report\fR HTTP responses (headers and bodies) will appear in the report\.
+.
 .IP "" 0
 .
 .SH "OTHER OPTIONS"

diff --git a/doc/wapiti.1.html b/doc/wapiti.1.html