3.1.1

Wapiti 3.1.1
Crawler: Fix a bug preventing Wapiti to scan websites with bad ciphers (SSL 3, TLS 1.0 for example)
Report: Add some unicode emojis in the HTML report to indicate the criticality of each vulnerability
XXE: more payloads to target non-PHP applications + raise a warning when the DTD file was reached by the target but exfiltration didn't succeed
CLI: --update option will only update chosen modules
CLI: New --data option allows to launch attacks on a single POST request. This option expect a url-encoded string.

3.1.0

Wapiti 3.1.0
Crawler: Fix passing named "button" tags in HTML forms
Modules: Skip modules that fails to load properly (missing dependencies, code error, etc)
Log4Shell: Attack POST parameters too, support for attacks on VMWare vSphere and some Apache products (Struts, Druid and Solr)
CSRF: Django anti-CSRF token added to the whitelist
Modules: Added references to WSTG code for each supported attack, separate Reflected XSS from Stored XSS in reports
Crawler: Improved the parsing of HTML redirections (meta refresh)
HashThePlanet: Added a new module to detect technologies and software versions based on the hashes of files.
Crawler: Removed httpx-socks dependencies in favor of builtin SOCKS support in httpx. SOCKS support is fixed.
Crawler: Upgraded httpcore to latest version in order to fix the ValueError exception that could occur on modules with high concurrency (buster, nikto)
Core: Load correctly resources if Wapiti is running from an egg file.