v1.0-stable

• Revised: Time-relative statistical analysis for recognition of unexpected time delays due to unstable requests.
• Added: A list of pages / scripts potentially vulnerable to shellshock.
• Added: The ability to check if the url is probable to contain script(s) vulnerable to shellshock.
• Revised: Multiple eye-candy revisions have been performed.
• Fixed: HTTPS requests fixation, if the --proxy option is enabled.
• Fixed: Multiple fixes regarding the shellshock module have been performed.

Note: For more check the detailed changeset.

v0.9b-20160607

• Added: The ability to re-perform the injection request if it has failed.
• Fixed: The shell output in semiblind technique (i.e. "file-based") has been fixed not to concat new lines.
• Revised: The ability to execute multiple tamper scripts combined or the one after the other.
• Added: New tamper script "space2plus.py" that replaces every space (%20) with plus (+).
• Added: New state ("checking") and the color of that state has been setted.
• Replaced: The --base64 option has been replaced with "base64encode.py" tamper script.
• Added: New tamper script "space2ifs.py" that replaces every space (%20) with $IFS (bash) variable.
• Added: New option --tamper that supports tamper injection scripts.
• Added: Support for verbosity levels (currently supported levels: 0,1).
• Fixed: Minor rearrangement of prefixes and separators has been implemented.
• Revised: The "time-based" (blind) technique for *nix targets has been shortly revised.
• Revised: The source code has been revised to support print_state_msg (i.e. error, warning, success etc) functions.

Note: For more check the detailed changeset.

v0.8b-20160506

• Fixed: The --file-read option to ignore the carriage return (\r) character in a text file.
• Added: The ability to check for empty value(s) in the defined GET, POST, Cookie data and skip.
• Replaced: The INJECT_HERE tag has been replaced with the * (asterisk) wildcard character.
• Added: New option --level (1-3) that specifies level of tests to perform.
• Added: New option -p that specifies a comma-separated list of GET and POST parameter.
• Added: The ability to check every parameter in the provided cookie data.
• Added: The ability to check every GET parameter in the defined URL and/or every POST provided data.
• Added: New option --all that enables all supported enumeration options.

Note: For more check the detailed changeset.

v0.7b-20160418

• Fixed: HTTP proxy logs parser to accept GET HTTP requests.
• Fixed: HTTP proxy logs parser to recognise provided HTTP authentication credentials.
• Added: Support for verbose mode in HTTP authentication (i.e. Basic, Digest) dictionary-based cracker.
• Added: The ability to store valid (Digest) credentials into session files for current target.
• Added: Dictionary-based cracker for Digest HTTP authentication credentials.
• Added: Support for Digest HTTP authentication type.

Note: For more check the detailed changeset.

v0.6b-20160401

• Added: The ability to store valid (Basic) credentials into session files for current target.
• Added: New option --ignore-401 that ignores HTTP Error 401 (Unauthorized) and continues tests without providing valid credentials.
• Added: Dictionary-based cracker for Basic HTTP authentication credentials.
• Added: Identifier for HTTP authentication type (currently only Basic type is supported).
• Added: New option --skip-waf that skips heuristic detection of WAF/IPS/IDS protection.
• Added: Support for verbose mode in the "DNS exfiltration" injection technique (module).
• Added: New option --dns-server that supports the "DNS exfiltration" injection technique (module).
• Added: New option --dependencies that checks (non-core) third party dependenices.

Note: For more check the detailed changeset.

v0.5b-20160316

• Fixed: The payload(s) for dynamic code evaluation (i.e. "eval-based"), if there is not any separator.
• Added: Support for verbose mode in the "ICMP exfiltration" injection technique (module).
• Added: Check if the user-defined os name, is different than the one identified by heuristics.
• Added: New option --os that forces a user-defined os name.
• Added: Support for testing custom HTTP headers (via --headers parameter).

Note: For more check the detailed changeset.

v0.4.1b-20160226

• Added: Support for storing and retrieving executed commands from session file.
• Added: New option -s for loading session from session file.
• Added: New option --ignore-session for ignoring results stored in session file.
• Added: New option --flush-session for flushing session files for current target.
• Added: Support to resume to the latest injection points from session file.

Note: For more check the detailed changeset.

v0.4b-20160204

• Added: Payload mutation if WAF/IPS/IDS protection is detected.
• Added: Check for existence of WAF/IPS/IDS protection (via error pages).
• Added: The "set" option in "reverse_tcp" which sets a context-specific variable to a value.
• Added: New option --force-ssl for forcing usage of SSL/HTTPS requests.

Note: For more check the detailed changeset.

v0.3b-20160115

• Added: Time-relative false-positive identification, which identifies unexpected time delays due to unstable requests.
• Added: New option -l, that parses target and data from HTTP proxy log file (i.e. Burp or WebScarab).
• Added: Check if Powershell is enabled in target host, if the applied option's payload is requiring the use of PowerShell.
• Added: New option --ps-version, that checks PowerShell's version number.
• Replaced: Some powershell-based payloads, have been replaced by new (more solid) ones, so to avoid "Microsoft-IIS" server's incompatibilities.
• Added: Support (in MacOSX platforms) for a tab completion in shell options.
• Added: Undocumented parameter -InputFormat none so to avoid "Microsoft-IIS" server's hang.
• Added: Ability for identification of "Microsoft-IIS" servers.
• Added: Statistical checks for time-related techniques (i.e. "time-based", "tempfile-based").
• Added: Support for Windows-based (cmd / powershell) payloads for every injection technique.