crt0mega/skipfish
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity
56 Commits 1 Branch 0 Tags 479 KiB
42d17c7921
Commit Graph

15 Commits

Author SHA1 Message Date
Steve Pinkham
42d17c7921 1.58b: Descendant limit checks added. 2010-08-21 15:56:47 -04:00
Steve Pinkham
5d4c67bd53 1.56b: Attack logic improvements 
- Path-based injection attacks now also carried out on file / pathinfo nodes.
- Minor bugfix to try_list logic.
- Slight tweak to form parsing to properly handle specified but empty action=
	      strings.
 2010-08-20 11:47:57 -04:00
Steve Pinkham
1794a045a0 1.55b: Improved 404 directory no-parse checks. 2010-08-09 10:52:11 -04:00
Steve Pinkham
701f665ab9 1.53b-1.54b: Improved loop derector and JSON discriminator 
- Improved loop detector on mappings that only look at the last path segment.
- Slight improvement to JSON discriminator.
 2010-08-09 10:49:43 -04:00
Steve Pinkham
72804b90f0 1.46b: Security fix and cleanup 
- Security: fixed a potential read past EOB in scrape_response() on
      zero-sized payloads. Credit to Jeff Johnson.
- Removed redundant fdopen() in dictionary management,
 2010-07-05 10:10:59 -04:00
Steve Pinkham
7548514234 1.44b: Improve SQL injection detection 
- Significant improvement to numerical SQL injection detector.
- Minor tweak to SQL message detection rules.
 2010-06-29 10:10:17 -04:00
Steve Pinkham
d0ce4e0db9 1.42b: Fix to SQL injection detection with empty parameters. 2010-06-29 10:06:30 -04:00
Steve Pinkham
d4b1cd630e 1.41b: if response varies, directory brute force is also skipped. 2010-06-21 10:57:40 -04:00
Steve Pinkham
2d658f5126 1.40b: Command-line option not to descend into 5xx directories. 2010-06-21 10:55:54 -04:00
Steve Pinkham
822e4f67e1 Version 1.35 and 1.36 - various changes 
Version 1.36b:
  - Command-line support for parameters that should not be fuzzed.
  - In-flight URLs can be previewed by hitting 'return'.

Version 1.35b:
  - Several new form autocomplete rules.
 2010-06-14 21:31:24 -04:00
Steve Pinkham
347a8b4b58 1.34b: A small tweak to file / dir discriminator logic to accommodate quirky frameworks. 2010-05-06 22:59:07 -04:00
Steve Pinkham
662a6138f4 1.15b - Documentation and path mapping changes 
- Better documentation of why certain issues are not reported by skipfish.
  - Another minor tweak to path mapping detection logic.
 2010-03-23 19:53:18 -04:00
Steve Pinkham
61ba870458 1.14b - Wordlist, path mapping, cflags, put detection, and doc changes 
- Several new wordlist entries, courtesy of Glastopf Honeypot:
    http://glastopf.org/index.php
  - A tweak to path mapping detection logic to detect certain path mappings.
  - Makefile now honors external LDFLAGS, CFLAGS.
  - Some more documentation tweaks.
  - PUT detection logic.
 2010-03-23 15:04:21 -04:00
Steve Pinkham
fc8b7d781b 1.09b - Fix for a potential crash in probabilistic scan mode (<100%). 2010-03-21 20:11:57 -04:00
Steve Pinkham
fcf0650b5e Version 1.00b as released 2010-03-20 11:46:08 -04:00