Steve Pinkham
701f665ab9
1.53b-1.54b: Improved loop derector and JSON discriminator
...
- Improved loop detector on mappings that only look at the last path segment.
- Slight improvement to JSON discriminator.
2010-08-09 10:49:43 -04:00
Steve Pinkham
c4ad54fe2f
1.52b: Fixed HTTP read loop after 1.48b.
2010-07-27 11:17:52 -04:00
Steve Pinkham
9674a65163
Bugfix to 1.50b release
2010-07-27 11:16:29 -04:00
Steve Pinkham
c215134fbe
1.50b: memleak fix, change some exit() to abort()
...
- abort() instead of exit() in several places.
- Cleaned up mem leak, incorrect use of ck_free() in IDN handling.
2010-07-27 11:13:05 -04:00
Steve Pinkham
b9594e48fa
1.49b: Allocator and dir listing changes
...
- Minor improvement to the allocator,
- Several directory listing signatures added.
2010-07-05 22:45:35 -04:00
Steve Pinkham
0d9f8c7fc5
1.48b: SSL handling bugfixes
...
- A fix to SSL handling to avoid mystery fetch failures when
talking to certain servers.
2010-07-05 22:43:58 -04:00
Steve Pinkham
99fdd5f699
1.47b: performance and compilation changes
...
- Minor tweaks around compiler warnings, etc.
- Versioned directories now in use.
- malloc_usable_size ditched in favor of djm's trick.
- Minor performance tweaks as suggested by Jeff Johnson.
2010-07-05 22:41:31 -04:00
Steve Pinkham
72804b90f0
1.46b: Security fix and cleanup
...
- Security: fixed a potential read past EOB in scrape_response() on
zero-sized payloads. Credit to Jeff Johnson.
- Removed redundant fdopen() in dictionary management,
2010-07-05 10:10:59 -04:00
Steve Pinkham
38ca4b24a5
1.45b: Reporting improvements
...
- Minor aesthetic tweaks to the report viewer.
- Report subnode ordering now a bit saner.
2010-06-30 12:46:02 -04:00
Steve Pinkham
7548514234
1.44b: Improve SQL injection detection
...
- Significant improvement to numerical SQL injection detector.
- Minor tweak to SQL message detection rules.
2010-06-29 10:10:17 -04:00
Steve Pinkham
98ffe73aba
1.43b: Reduce the likelyhood of crawl loops
...
- Improvement to reduce the likelihood of crawl loops: do not
extract links if current page identical to parent.
2010-06-29 10:08:21 -04:00
Steve Pinkham
d0ce4e0db9
1.42b: Fix to SQL injection detection with empty parameters.
2010-06-29 10:06:30 -04:00
Steve Pinkham
d4b1cd630e
1.41b: if response varies, directory brute force is also skipped.
2010-06-21 10:57:40 -04:00
Steve Pinkham
2d658f5126
1.40b: Command-line option not to descend into 5xx directories.
2010-06-21 10:55:54 -04:00
Steve Pinkham
15c43e8675
1.38b: Small bugfixes
...
- Decompression now honors user-specified size limits more reliably.
- Retry logic corrected to account for certain Oracle servers.
- Terminal I/O fix for debug mode.
2010-06-21 10:53:17 -04:00
Steve Pinkham
30aa479d14
1.37b: NULL ptr with -F fixed.
2010-06-15 15:44:36 -04:00
Steve Pinkham
822e4f67e1
Version 1.35 and 1.36 - various changes
...
Version 1.36b:
- Command-line support for parameters that should not be fuzzed.
- In-flight URLs can be previewed by hitting 'return'.
Version 1.35b:
- Several new form autocomplete rules.
2010-06-14 21:31:24 -04:00
Steve Pinkham
347a8b4b58
1.34b: A small tweak to file / dir discriminator logic to accommodate quirky frameworks.
2010-05-06 22:59:07 -04:00
Steve Pinkham
8d7293fb5f
1.33b - New SQL error sig and text page detector tweaks
...
- New SQL error signature added.
- Improved tolerance for tabs in text page detector.
2010-04-22 23:01:39 -04:00
Steve Pinkham
23205f4600
1.32b - A minor fix for embedded URL auth detection
2010-04-19 20:27:39 -04:00
Steve Pinkham
a4a2b9130c
1.31b: Fix to detect <frame> tags, and fix commenting out USE_COLOR
...
- Compilation with USE_COLOR commented out now works as expected.
- Fix to detect <frame> tags.
2010-04-15 09:17:53 -04:00
Steve Pinkham
095e83d582
1.30b - Support <button> tag and fix compiler warnings
...
- Support for the (rare) <button> tag in forms.
- Fixed compiler warning on some platforms.
2010-04-08 22:03:37 -04:00
Steve Pinkham
9236e119f7
Further fixes for forms with no action= URL
2010-04-02 13:46:59 -04:00
Steve Pinkham
c9b575c01e
1.28b - added host IP to stats screen, -u for quiet mode, handle forms with now action= URL
...
- Forms with no action= URL are now handled correctly.
- New option (-u) to suppress realtime info,
- Destination host displayed on stats screen.
2010-04-02 09:45:44 -04:00
Steve Pinkham
5918f62bbc
1.27b - Tweaks to CFLAGS and man page added
...
- Tweak to CFLAGS ordering to always enforce FORTIFY_SOURCE.
- Man page added.
2010-03-30 17:23:09 -04:00
Steve Pinkham
dc378471b7
1.26b - phtml added to the dictionary, and another MALLOC_CHECK workaround
2010-03-26 09:39:20 -04:00
Steve Pinkham
b05dbeedfa
1.25b - Limit # of requests with the same path
...
- A limit on the number of identically named path elements
added. This is a last-resort check against endless recursion
(e.g., for 'subdir' -> '.' symlinks).
2010-03-25 00:36:04 -04:00
Steve Pinkham
71f2ea83b4
1.24b - XSS detection now accounts for commented out text.
2010-03-25 00:33:41 -04:00
Steve Pinkham
ffa63decdb
1.23b - XHTML vs HTML changes
...
- A minor improvement to XHTML detection.
- HTML vs XHTML mismatches no longer trigger a warning.
2010-03-25 00:32:32 -04:00
Steve Pinkham
942cb96f58
1.22b - bugfix - URL parser now accounts for its own \.\ injection pattern.
2010-03-25 00:31:24 -04:00
Steve Pinkham
50c87f0348
1.20b - URL parser now accounts for its own \.\ injection pattern. bugfix
2010-03-25 00:29:30 -04:00
Steve Pinkham
00dcafb61c
1.20b - URL parser now accounts for its own \.\ injection pattern.
2010-03-25 00:27:38 -04:00
Steve Pinkham
75e1b5ddd5
1.19b - New ODBC POI added and Apache config file detection tightened up.
2010-03-24 08:37:50 -04:00
Steve Pinkham
8199ba27af
1.18b - Fix a potential NULL ptr deref with malformed Set-Cookie.
2010-03-24 08:35:25 -04:00
Steve Pinkham
d32f6dcba1
1.17b - JS detector refined not to trigger on certain text/plain inputs.
2010-03-23 22:31:19 -04:00
Steve Pinkham
68eb5bab19
1.16b - Fixed index.html typo and CFLAG/LIBS/LDFLAGS changes
...
- Fixed a typo introduced in 1.16 to index.html (d'oh).
- Further refinements to Makefile CFLAGS / LIBS / LDFLAGS.
2010-03-23 19:54:33 -04:00
Steve Pinkham
662a6138f4
1.15b - Documentation and path mapping changes
...
- Better documentation of why certain issues are not reported by skipfish.
- Another minor tweak to path mapping detection logic.
2010-03-23 19:53:18 -04:00
Steve Pinkham
61ba870458
1.14b - Wordlist, path mapping, cflags, put detection, and doc changes
...
- Several new wordlist entries, courtesy of Glastopf Honeypot:
http://glastopf.org/index.php
- A tweak to path mapping detection logic to detect certain path mappings.
- Makefile now honors external LDFLAGS, CFLAGS.
- Some more documentation tweaks.
- PUT detection logic.
2010-03-23 15:04:21 -04:00
Steve Pinkham
cb51cd8988
1.13b - Improved password, file form detection.
2010-03-23 09:58:39 -04:00
Steve Pinkham
e29db14ace
1.12b-working directory conf, add KnownIssues URL
...
- Improved visibility of the KnownIssues page (reports, Makefile).
- The location of assets/ directory is now configurable.
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
2010-03-23 09:56:13 -04:00
Steve Pinkham
cf67fd9480
Version 1.11b: Various Fixes
...
- SIGWINCH support: you can now resize your window while scanning.
- Typo in report category name fixed.
- Terminal color fix for non-standard themes.
- Fixed icons license (GPL -> LGPL).
- Fixed a typo in -b ffox headers.
- Fixed a potential NULL pointer crash in form parsing.
2010-03-22 20:52:55 -04:00
Steve Pinkham
8c2cb9450d
1.10b - Fix to extensions-only.wl.
2010-03-22 10:05:10 -04:00
Steve Pinkham
fc8b7d781b
1.09b - Fix for a potential crash in probabilistic scan mode (<100%).
2010-03-21 20:11:57 -04:00
Steve Pinkham
6a67f575d8
1.08b - A minor improvement to XHTML / XML detection.
2010-03-21 20:09:10 -04:00
Steve Pinkham
5658c2c310
1.07b - Several build fixes for FreeBSD, MacOS X.
2010-03-21 20:07:06 -04:00
Steve Pinkham
a7f9000161
1.06b - Minor documentation updates
2010-03-21 19:59:55 -04:00
Steve Pinkham
3720b4840a
1.05b - Final workaround for FORTIFY_SOURCE on MacOS X.
2010-03-20 11:57:35 -04:00
Steve Pinkham
908118790d
1.04b - Workaround for *BSD systems with malloc J or Z options set by default. - again
...
- A minor tweak to reject certain not-quite-URLs extracted from JS.
2010-03-20 11:54:06 -04:00
Steve Pinkham
ca78a8e8f7
1.03b - Workaround for *BSD systems with malloc J or Z options set by default. - again
2010-03-20 11:51:34 -04:00
Steve Pinkham
d4e2d34e0b
1.02b - Workaround for *BSD systems with malloc J or Z options set by default.
2010-03-20 11:49:23 -04:00