Skip to content

Releases: xmendez/wfuzz

Wfuzz 3.1.0 - The Web fuzzer

06 Nov 10:42
02a809d
Compare
Choose a tag to compare

Version 1.4d to 3.1.0 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 3.1.0:

  • Added tox and change test in Makefile
  • Improved plugin field filter language capabilities, ie. data and severity can be specified
  • Plugin's information is shown depending on severity when using -v
  • Filter language and fuzzresult's description handle lists of results
  • Added some basic queue profiling for debugging
  • diff operator
  • Refactored discarded results
  • Dotdict str
  • Removed future library
  • Added operator tests

Plugins:

  • Refactored headers plugin
  • Links plugins looks in link and redirect headers
  • Improved links plugin regex based on nahamsec/JSParser
  • New field printer to output filter expressions only
  • burplog unittest
  • raw printer shows plugin data

wfpayload:

  • Added --prev and --AA, ---AAA to wfpayload

wfencode:

  • -i reads from stdin
  • general handle exception in wfencode

Breaking changes:

  • Changed -A, --AA, ---AAA plugin's categories
  • Changed plugins filter language field.
  • Changed links filter parameters and kbase keys.
  • Changed headers kbase key and server result.
  • When slicing a payload FUZZ refers to the previous result.

Bugs:

  • Fixed --prev in wfpayload
  • Fixed -c and -v values within printers plugins
  • Don't print empty values in wfpayload
  • Use lower() in ~ operator
  • Remove httpreceiver queue limit
  • Fixed --interactive actions
  • Stripped CRLF from burplog parsed responses
  • Fixed --slice when using FuzzResult payloads
  • Only add recursive and routing queues when transport is Http
  • Bug in reqresp when parsing nested http responses due to textparser

Wfuzz 3.0.3 - The Web fuzzer

24 Oct 17:38
Compare
Choose a tag to compare

Version 1.4d to 3.0.3 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 3.0.3:

Bugs:

  • Removed pytest from dev requirements (closes #215)
  • Fixed pypi long description formatting. Thanks @oscarbc96

Wfuzz 3.0.2 - The Web fuzzer

19 Oct 18:43
Compare
Choose a tag to compare

Version 1.4d to 3.0.2 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 3.0.2:

  • Added dependabot configuration
  • Updated requirements
  • Updated screenshot plugin. Details at #226. Thanks to @1mm0rt41PC

Bugs:

Wfuzz 3.0.1 - The Web fuzzer

30 Aug 17:39
Compare
Choose a tag to compare

Version 1.4d to 3.0.1 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 3.0.1:

  • Store wfuzz configuration according to XDG Base Directory Specification. Thanks to @nemoload
  • Changed pyparsing version requirement. Thanks to @blshkv
  • Pinned black and flake versions in tox.ini

Wfuzz 3.0.0 - The Web fuzzer

19 Aug 22:55
f3b407f
Compare
Choose a tag to compare
Pre-release

Version 1.4d to 3.0.0 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 3.0.0:

  • Following semantic versioning from this release on-wards. See https://semver.org/
  • Refactor of options, queues, dictionaries, filters, printers and factories.
  • Refactored some tests to pytest.
  • Added black formatter to CI.
  • Updated documentation.
  • Improved filter language performance.
  • Added Python 3.8 support to CI (closes #190)
  • Stopped python 2 support.

New features

  • Various --prefilter command line options are accepted.
  • Various --efield or --field command line options are accepted. (Closes #152 )
  • Wfpayload uses same motor as wfuzz and therefore provides almost the same options. (closes #154)
  • Slice can re-write payloads (closes #140)
  • Links plugins accepts a regex parameter to crawl other subdomains
  • New npm_deps plugin.
  • Added raw_post to filter language.
  • Complex and simple filters can be combined.
  • Added BBB to language as keyword, not only in conjunction with c,l,w.
  • Fields and headers are case insensitive in filter language.

Bugs

  • Fixed baseline in headers (Closes #188)
  • Fixed output when printing long lines or non-printable characters.
  • Fixed pyparsing depency requirements (Closes #206)
  • Removed deprecation and import warnings.
  • Using package data for filter documentation file (Closes #135)
  • Warnings to stdout instead of stderr (closes #163)
  • Null fields do not raise an exception in filter language.

Breaking changes

  • In wfuzz library:
    • prefilter is a list of filters not a string.
    • dry-run is specified with transport variable not with mode as before.
  • When using --recipe, command line options that are a list are appended. Previously, the last one took precedence.
  • When writing plugins:
    • iterators must override width and payloads functions
    • payloads must override get_next and get_type functions
  • Saved Wfuzz sessions are not compatible with previous versions

Wfuzz 2.4.7 - The Web fuzzer

10 Aug 21:20
Compare
Choose a tag to compare

Version 1.4d to 2.4.7 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.4.7:

  • Pinned dev dependencies in setup.py to make code linting repeatable

Bugs

Wfuzz 2.4.6 - The Web fuzzer

09 May 12:47
f7bbca4
Compare
Choose a tag to compare

Version 1.4d to 2.4.6 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.4.6:

  • Removed python 2 Travis stalled tests.

Bugs

  • New requests are added in the pycurl multi thread after perform (Fixes #180 )
  • Added py3.8 test job in travis and setup.py (fixes #190 )

Wfuzz 2.4.5 - The Web fuzzer

23 Jan 13:37
4d47a60
Compare
Choose a tag to compare

Version 1.4d to 2.4.5 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.4.5

Bugs

  • Temporarily pin pycurl version to <= 7.43.0.3 (thanks to @mitjans). Fixes #180

Wfuzz 2.4.4 - The Web fuzzer

31 Dec 15:50
a6539a7
Compare
Choose a tag to compare

Version 1.4d to 2.4.4 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.4.4

Bugs

  • Fixed parsing HTML requests and responses when using raw strings

Wfuzz 2.4.2 - The Web fuzzer

30 Dec 19:00
619ea18
Compare
Choose a tag to compare

Version 1.4d to 2.4.2 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 2.4.2:

New features

Bugs