Skip to content

Releases: wapiti-scanner/wapiti

3.2.2

30 Nov 13:22
Compare
Choose a tag to compare

What's Changed

Full Changelog: 3.2.1...3.2.2

3.2.1

12 Nov 12:33
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: 3.2.0...3.2.1

v3.2.0:

13 Aug 09:29
Compare
Choose a tag to compare
  • Update mod_nikto, mod_wapp databases
  • Search known CVEs for software versions versions found by mod_wapp
  • Add --cookie-value option to easily pass cookies to the crawler
  • Add a mod_ldap module for error-based and boolean-based LDAP injection
  • mod_ssl is now based on the sslcan binary, install it on our own
  • Improvements on mod_network_device (detect Citrix, CheckPoint, FortiWeb, FortiNet, Harbor, etc)
  • Scan APIs given a Swagger (OpenAPI) file
  • Add capabilities to inject payloads inside JSON bodies
  • Add Wordpress module and theme enumeration
  • Add Drupal, SPIP, Joomla, PrestaShop enumeration module

3.1.8

16 May 19:22
Compare
Choose a tag to compare
mod_spring4shell: New Module to detect the Spring4Shell vulnerability
mod_upload: New module to detect unrestricted file uploads (attempt to upload PHP code)
mod_https_redirect: New module to detect lack of redirect-to-https behavior
mod_crlf: Fix double-encoding errors
mod_methods: In-depth check of methods allowed by a web server
mod_permanentxss: Fix several bugs
mod_xss: Detect if HTML injection is allowed when XSS injection failed
mod_wapp: several improvements like CPE versions added to output
mod_log4shell: Add Ubiquiti UniFi to targets
mod_buster: Discovered assets are added to the generated report
Core: make module errors more verbose
Core: add a Dockerfile to quickly set up your own PHP endpoint
CLI: renamed some authentication options

3.1.7

05 Mar 18:06
Compare
Choose a tag to compare

Support Python 3.11

3.1.6

31 Jan 21:34
Compare
Choose a tag to compare

31/01/2023
Wapiti 3.1.6
Wappalyze: improve detection with DOM rules
Core: fix proxy option

3.1.5

16 Jan 21:04
Compare
Choose a tag to compare
LFI: adds a payload for loknop technique (chaining PHP filters)
mod_cookie: Fix bad WSTG code for bad cookie attribute
Core: use proxy settings for updating
Core: fix creds options
Core: update most dependencies

3.1.4

24 Oct 18:16
Compare
Choose a tag to compare

Wapiti 3.1.4

  • Crawler: Adds support for Firefox headless (using the new --headless option)
  • Core: improve authentication. You can now pass HTTP auth (basic, ntml, etc) AND login by sending creds to an HTML form
  • Core: remove internationalization

Authentication related optionshave changed, check the manual page for information

3.1.3

09 Jul 15:42
Compare
Choose a tag to compare

09/07/2022: Wapiti 3.1.3

  • Reports: Add a new --detailed-report option that will put HTTP responses (headers and bodies) in the report.
  • Crawler: Add a new --mitm-port option that will replace the crawler with an intercepting proxy (mitmproxy)
  • Core: Dropped support of Python 3.7

Fix crash after scan

13 May 16:34
Compare
Choose a tag to compare

Fix a crash that may occur after the crawling and before laucnhing attacks (connection pool was closed)