Steve Pinkham
7d164759bc
1.87b: Dictionary improvements.
2011-08-09 15:56:21 -04:00
Steve Pinkham
2b28b72176
1.86b: Auth header and time display fixes
...
- HTTP auth header value changed from "basic" to "Basic" to compensate for picky web frameworks.
- Minor fix to time display code.
2011-08-09 15:47:01 -04:00
Steve Pinkham
276ce8a5a8
1.85b: Minor refinements to the content analysis module.
2011-03-29 22:20:42 -04:00
Steve Pinkham
baf9921f42
1.84b: Option -S removed.
2011-01-10 14:22:09 -05:00
Steve Pinkham
0f835b3def
1.83b: Minor fix to -e behavior.
2011-01-10 14:18:57 -05:00
Steve Pinkham
0717375d0a
1.82b: NULL pointer in is_javascript() fixed.
2011-01-10 14:17:42 -05:00
Steve Pinkham
a3473417d9
1.81b: Fix to numerical SQL injection detector logic.
2010-12-03 15:32:05 -05:00
Steve Pinkham
35607dcb58
1.80b: option not save binary responses, and make charset errors less
...
noisy by default
- New option (-e) to delete binary payloads.
- -J option is now obsolete (on by default).
2010-12-03 15:30:00 -05:00
Steve Pinkham
ffee2aec54
1.79b: Improvement to directory listing detector.
2010-12-03 15:28:04 -05:00
Steve Pinkham
44d86a63b6
1.78b: Fix to -J logic.
2010-11-22 09:26:50 -05:00
Steve Pinkham
39cfa696da
1.77b: Further minor documentation and presentation tweaks.
2010-11-21 20:21:25 -05:00
Steve Pinkham
806e8eedea
1.76b: Major clean-up of dictionary instructions.
2010-11-21 07:43:07 -05:00
Steve Pinkham
088136e95e
1.75b: iPhone U-A support added.
2010-11-21 07:40:21 -05:00
Steve Pinkham
514ec354db
1.74b:Non-HTTPS password form analysis added.
2010-11-21 07:37:01 -05:00
Steve Pinkham
8f1f9b0e0f
1.73b: Silence some pointless compiler warnings on newer systems.
2010-11-20 20:45:05 -05:00
Steve Pinkham
ecb2517547
1.72b: Minor beautification stuff.
2010-11-18 10:37:31 -05:00
Steve Pinkham
2e4f8fa7a7
1.71b: better duplicate node detection, new report diff tool and child
...
signatures in report
- Child signatures now exposed in the report,
- Improvements to duplicate node detection,
- sfscandiff tool added to compare reports.
2010-11-17 22:07:04 -05:00
Steve Pinkham
e5f6c3e1b1
1.70b: improve SQL syntax detection and allocator flag cleanup
...
- Improved SQL syntax detection slightly to avoid phone number FP.
- Removed obsolete allocator flags.
2010-11-17 22:05:27 -05:00
Steve Pinkham
69e6c20648
1.69b: parameter encoding, User-Agent, password fixes
...
- Minor improvements to parameter encoding, User-Agent controls.
- Password detector improvement.
2010-10-01 00:00:03 -04:00
Steve Pinkham
de39e6a7a3
1.67b: Improved dir detection
2010-09-20 16:17:08 -04:00
Steve Pinkham
3abc965d68
Version 1.66b: Dir detection and dictionary updates
2010-09-20 16:14:23 -04:00
Steve Pinkham
5b119c8e7f
1.65b: dictionary & CSS MIME sniffing improvements
...
- Relaxed MIME matching on claimed CSS/JS that fails MIME sniffing
logic.
- Proper detection of @media in CSS.
2010-09-10 12:59:06 -04:00
Steve Pinkham
ce8e52b8fb
1.64b: param injection Wordpress improvements
2010-09-07 13:27:26 -04:00
Steve Pinkham
aed5e5bea0
1.63b: WordPress param injection fixes
...
Changed param injection check slightly to work better with
WordPress.
2010-08-30 20:43:46 -04:00
Steve Pinkham
3a220b94d2
1.62b: Further refinements to content classifier.
2010-08-30 20:43:10 -04:00
Steve Pinkham
af1a154ac8
1.61b: Further refinements to content classifier.
2010-08-27 11:47:51 -04:00
Steve Pinkham
5e85684e40
1.60b: Minor sniffer fix to better handle CSV file checks
2010-08-27 11:47:18 -04:00
Steve Pinkham
512dfe7ea6
1.59b: Fixed several file POI checks that depended on MIME information.
2010-08-27 11:46:12 -04:00
Steve Pinkham
42d17c7921
1.58b: Descendant limit checks added.
2010-08-21 15:56:47 -04:00
Steve Pinkham
768867c93b
1.57b: Splash screen added (grr).
2010-08-20 17:38:17 -04:00
Steve Pinkham
5d4c67bd53
1.56b: Attack logic improvements
...
- Path-based injection attacks now also carried out on file / pathinfo nodes.
- Minor bugfix to try_list logic.
- Slight tweak to form parsing to properly handle specified but empty action=
strings.
2010-08-20 11:47:57 -04:00
Steve Pinkham
1794a045a0
1.55b: Improved 404 directory no-parse checks.
2010-08-09 10:52:11 -04:00
Steve Pinkham
701f665ab9
1.53b-1.54b: Improved loop derector and JSON discriminator
...
- Improved loop detector on mappings that only look at the last path segment.
- Slight improvement to JSON discriminator.
2010-08-09 10:49:43 -04:00
Steve Pinkham
c4ad54fe2f
1.52b: Fixed HTTP read loop after 1.48b.
2010-07-27 11:17:52 -04:00
Steve Pinkham
9674a65163
Bugfix to 1.50b release
2010-07-27 11:16:29 -04:00
Steve Pinkham
c215134fbe
1.50b: memleak fix, change some exit() to abort()
...
- abort() instead of exit() in several places.
- Cleaned up mem leak, incorrect use of ck_free() in IDN handling.
2010-07-27 11:13:05 -04:00
Steve Pinkham
b9594e48fa
1.49b: Allocator and dir listing changes
...
- Minor improvement to the allocator,
- Several directory listing signatures added.
2010-07-05 22:45:35 -04:00
Steve Pinkham
0d9f8c7fc5
1.48b: SSL handling bugfixes
...
- A fix to SSL handling to avoid mystery fetch failures when
talking to certain servers.
2010-07-05 22:43:58 -04:00
Steve Pinkham
99fdd5f699
1.47b: performance and compilation changes
...
- Minor tweaks around compiler warnings, etc.
- Versioned directories now in use.
- malloc_usable_size ditched in favor of djm's trick.
- Minor performance tweaks as suggested by Jeff Johnson.
2010-07-05 22:41:31 -04:00
Steve Pinkham
72804b90f0
1.46b: Security fix and cleanup
...
- Security: fixed a potential read past EOB in scrape_response() on
zero-sized payloads. Credit to Jeff Johnson.
- Removed redundant fdopen() in dictionary management,
2010-07-05 10:10:59 -04:00
Steve Pinkham
38ca4b24a5
1.45b: Reporting improvements
...
- Minor aesthetic tweaks to the report viewer.
- Report subnode ordering now a bit saner.
2010-06-30 12:46:02 -04:00
Steve Pinkham
7548514234
1.44b: Improve SQL injection detection
...
- Significant improvement to numerical SQL injection detector.
- Minor tweak to SQL message detection rules.
2010-06-29 10:10:17 -04:00
Steve Pinkham
98ffe73aba
1.43b: Reduce the likelyhood of crawl loops
...
- Improvement to reduce the likelihood of crawl loops: do not
extract links if current page identical to parent.
2010-06-29 10:08:21 -04:00
Steve Pinkham
d0ce4e0db9
1.42b: Fix to SQL injection detection with empty parameters.
2010-06-29 10:06:30 -04:00
Steve Pinkham
d4b1cd630e
1.41b: if response varies, directory brute force is also skipped.
2010-06-21 10:57:40 -04:00
Steve Pinkham
2d658f5126
1.40b: Command-line option not to descend into 5xx directories.
2010-06-21 10:55:54 -04:00
Steve Pinkham
15c43e8675
1.38b: Small bugfixes
...
- Decompression now honors user-specified size limits more reliably.
- Retry logic corrected to account for certain Oracle servers.
- Terminal I/O fix for debug mode.
2010-06-21 10:53:17 -04:00
Steve Pinkham
30aa479d14
1.37b: NULL ptr with -F fixed.
2010-06-15 15:44:36 -04:00
Steve Pinkham
822e4f67e1
Version 1.35 and 1.36 - various changes
...
Version 1.36b:
- Command-line support for parameters that should not be fuzzed.
- In-flight URLs can be previewed by hitting 'return'.
Version 1.35b:
- Several new form autocomplete rules.
2010-06-14 21:31:24 -04:00
Steve Pinkham
347a8b4b58
1.34b: A small tweak to file / dir discriminator logic to accommodate quirky frameworks.
2010-05-06 22:59:07 -04:00