crt0mega/skipfish
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity
62 Commits 1 Branch 0 Tags 479 KiB
ce8e52b8fb
Commit Graph

27 Commits

Author SHA1 Message Date
Steve Pinkham
3a220b94d2 1.62b: Further refinements to content classifier. 2010-08-30 20:43:10 -04:00
Steve Pinkham
af1a154ac8 1.61b: Further refinements to content classifier. 2010-08-27 11:47:51 -04:00
Steve Pinkham
5e85684e40 1.60b: Minor sniffer fix to better handle CSV file checks 2010-08-27 11:47:18 -04:00
Steve Pinkham
512dfe7ea6 1.59b: Fixed several file POI checks that depended on MIME information. 2010-08-27 11:46:12 -04:00
Steve Pinkham
5d4c67bd53 1.56b: Attack logic improvements 
- Path-based injection attacks now also carried out on file / pathinfo nodes.
- Minor bugfix to try_list logic.
- Slight tweak to form parsing to properly handle specified but empty action=
	      strings.
 2010-08-20 11:47:57 -04:00
Steve Pinkham
701f665ab9 1.53b-1.54b: Improved loop derector and JSON discriminator 
- Improved loop detector on mappings that only look at the last path segment.
- Slight improvement to JSON discriminator.
 2010-08-09 10:49:43 -04:00
Steve Pinkham
b9594e48fa 1.49b: Allocator and dir listing changes 
- Minor improvement to the allocator,
- Several directory listing signatures added.
 2010-07-05 22:45:35 -04:00
Steve Pinkham
72804b90f0 1.46b: Security fix and cleanup 
- Security: fixed a potential read past EOB in scrape_response() on
      zero-sized payloads. Credit to Jeff Johnson.
- Removed redundant fdopen() in dictionary management,
 2010-07-05 10:10:59 -04:00
Steve Pinkham
7548514234 1.44b: Improve SQL injection detection 
- Significant improvement to numerical SQL injection detector.
- Minor tweak to SQL message detection rules.
 2010-06-29 10:10:17 -04:00
Steve Pinkham
98ffe73aba 1.43b: Reduce the likelyhood of crawl loops 
- Improvement to reduce the likelihood of crawl loops: do not
    extract links if current page identical to parent.
 2010-06-29 10:08:21 -04:00
Steve Pinkham
2d658f5126 1.40b: Command-line option not to descend into 5xx directories. 2010-06-21 10:55:54 -04:00
Steve Pinkham
822e4f67e1 Version 1.35 and 1.36 - various changes 
Version 1.36b:
  - Command-line support for parameters that should not be fuzzed.
  - In-flight URLs can be previewed by hitting 'return'.

Version 1.35b:
  - Several new form autocomplete rules.
 2010-06-14 21:31:24 -04:00
Steve Pinkham
8d7293fb5f 1.33b - New SQL error sig and text page detector tweaks 
- New SQL error signature added.
- Improved tolerance for tabs in text page detector.
 2010-04-22 23:01:39 -04:00
Steve Pinkham
a4a2b9130c 1.31b: Fix to detect <frame> tags, and fix commenting out USE_COLOR 
- Compilation with USE_COLOR commented out now works as expected.
- Fix to detect <frame> tags.
 2010-04-15 09:17:53 -04:00
Steve Pinkham
095e83d582 1.30b - Support <button> tag and fix compiler warnings 
- Support for the (rare) <button> tag in forms.
- Fixed compiler warning on some platforms.
 2010-04-08 22:03:37 -04:00
Steve Pinkham
9236e119f7 Further fixes for forms with no action= URL 2010-04-02 13:46:59 -04:00
Steve Pinkham
c9b575c01e 1.28b - added host IP to stats screen, -u for quiet mode, handle forms with now action= URL 
- Forms with no action= URL are now handled correctly.
- New option (-u) to suppress realtime info,
- Destination host displayed on stats screen.
 2010-04-02 09:45:44 -04:00
Steve Pinkham
71f2ea83b4 1.24b - XSS detection now accounts for commented out text. 2010-03-25 00:33:41 -04:00
Steve Pinkham
ffa63decdb 1.23b - XHTML vs HTML changes 
- A minor improvement to XHTML detection.
  - HTML vs XHTML mismatches no longer trigger a warning.
 2010-03-25 00:32:32 -04:00
Steve Pinkham
00dcafb61c 1.20b - URL parser now accounts for its own \.\ injection pattern. 2010-03-25 00:27:38 -04:00
Steve Pinkham
75e1b5ddd5 1.19b - New ODBC POI added and Apache config file detection tightened up. 2010-03-24 08:37:50 -04:00
Steve Pinkham
8199ba27af 1.18b - Fix a potential NULL ptr deref with malformed Set-Cookie. 2010-03-24 08:35:25 -04:00
Steve Pinkham
d32f6dcba1 1.17b - JS detector refined not to trigger on certain text/plain inputs. 2010-03-23 22:31:19 -04:00
Steve Pinkham
cb51cd8988 1.13b - Improved password, file form detection. 2010-03-23 09:58:39 -04:00
Steve Pinkham
6a67f575d8 1.08b - A minor improvement to XHTML / XML detection. 2010-03-21 20:09:10 -04:00
Steve Pinkham
908118790d 1.04b - Workaround for *BSD systems with malloc J or Z options set by default. - again 
- A minor tweak to reject certain not-quite-URLs extracted from JS.
 2010-03-20 11:54:06 -04:00
Steve Pinkham
fcf0650b5e Version 1.00b as released 2010-03-20 11:46:08 -04:00