Releases: wapiti-scanner/wapiti
Releases Β· wapiti-scanner/wapiti
3.2.2
3.2.1
What's Changed
- Bump aiohttp from 3.9.4 to 3.10.2 by @dependabot in #610
- crawler: fix empty enctype case by @devl00p in #614
- Fix integration tests by @devl00p in #615
- remove stale dependency on "six" by @a-detiste in #616
- Fix documentation by @devl00p in #620
- doc: fix wiki link in readme file by @devl00p in #622
- Remove the need for the asyncio stop Event on attacks by @devl00p in #626
- fix a step of the dns endpoint dockerfile for integration tests by @devl00p in #627
- Prepare v3.2.1 by @devl00p in #628
New Contributors
- @a-detiste made their first contribution in #616
Full Changelog: 3.2.0...3.2.1
v3.2.0:
- Update mod_nikto, mod_wapp databases
- Search known CVEs for software versions versions found by mod_wapp
- Add
--cookie-value
option to easily pass cookies to the crawler - Add a
mod_ldap
module for error-based and boolean-based LDAP injection mod_ssl
is now based on thesslcan
binary, install it on our own- Improvements on
mod_network_device
(detect Citrix, CheckPoint, FortiWeb, FortiNet, Harbor, etc) - Scan APIs given a Swagger (OpenAPI) file
- Add capabilities to inject payloads inside JSON bodies
- Add Wordpress module and theme enumeration
- Add Drupal, SPIP, Joomla, PrestaShop enumeration module
3.1.8
mod_spring4shell: New Module to detect the Spring4Shell vulnerability
mod_upload: New module to detect unrestricted file uploads (attempt to upload PHP code)
mod_https_redirect: New module to detect lack of redirect-to-https behavior
mod_crlf: Fix double-encoding errors
mod_methods: In-depth check of methods allowed by a web server
mod_permanentxss: Fix several bugs
mod_xss: Detect if HTML injection is allowed when XSS injection failed
mod_wapp: several improvements like CPE versions added to output
mod_log4shell: Add Ubiquiti UniFi to targets
mod_buster: Discovered assets are added to the generated report
Core: make module errors more verbose
Core: add a Dockerfile to quickly set up your own PHP endpoint
CLI: renamed some authentication options
3.1.7
3.1.6
3.1.5
3.1.4
Wapiti 3.1.4
- Crawler: Adds support for Firefox headless (using the new
--headless
option) - Core: improve authentication. You can now pass HTTP auth (basic, ntml, etc) AND login by sending creds to an HTML form
- Core: remove internationalization
Authentication related optionshave changed, check the manual page for information
3.1.3
09/07/2022: Wapiti 3.1.3
- Reports: Add a new --detailed-report option that will put HTTP responses (headers and bodies) in the report.
- Crawler: Add a new --mitm-port option that will replace the crawler with an intercepting proxy (mitmproxy)
- Core: Dropped support of Python 3.7
Fix crash after scan
Fix a crash that may occur after the crawling and before laucnhing attacks (connection pool was closed
)