Steve Pinkham
e7485cd346
1.93b: Major fix to URL XSS detection logic
2011-08-09 16:02:53 -04:00
Steve Pinkham
831a3a497b
1.92b: Reading starting URLs from file now supported (@ prefix).
2011-08-09 16:01:39 -04:00
Steve Pinkham
0717375d0a
1.82b: NULL pointer in is_javascript() fixed.
2011-01-10 14:17:42 -05:00
Steve Pinkham
a3473417d9
1.81b: Fix to numerical SQL injection detector logic.
2010-12-03 15:32:05 -05:00
Steve Pinkham
35607dcb58
1.80b: option not save binary responses, and make charset errors less
...
noisy by default
- New option (-e) to delete binary payloads.
- -J option is now obsolete (on by default).
2010-12-03 15:30:00 -05:00
Steve Pinkham
ffee2aec54
1.79b: Improvement to directory listing detector.
2010-12-03 15:28:04 -05:00
Steve Pinkham
39cfa696da
1.77b: Further minor documentation and presentation tweaks.
2010-11-21 20:21:25 -05:00
Steve Pinkham
3abc965d68
Version 1.66b: Dir detection and dictionary updates
2010-09-20 16:14:23 -04:00
Steve Pinkham
ce8e52b8fb
1.64b: param injection Wordpress improvements
2010-09-07 13:27:26 -04:00
Steve Pinkham
aed5e5bea0
1.63b: WordPress param injection fixes
...
Changed param injection check slightly to work better with
WordPress.
2010-08-30 20:43:46 -04:00
Steve Pinkham
42d17c7921
1.58b: Descendant limit checks added.
2010-08-21 15:56:47 -04:00
Steve Pinkham
5d4c67bd53
1.56b: Attack logic improvements
...
- Path-based injection attacks now also carried out on file / pathinfo nodes.
- Minor bugfix to try_list logic.
- Slight tweak to form parsing to properly handle specified but empty action=
strings.
2010-08-20 11:47:57 -04:00
Steve Pinkham
1794a045a0
1.55b: Improved 404 directory no-parse checks.
2010-08-09 10:52:11 -04:00
Steve Pinkham
701f665ab9
1.53b-1.54b: Improved loop derector and JSON discriminator
...
- Improved loop detector on mappings that only look at the last path segment.
- Slight improvement to JSON discriminator.
2010-08-09 10:49:43 -04:00
Steve Pinkham
72804b90f0
1.46b: Security fix and cleanup
...
- Security: fixed a potential read past EOB in scrape_response() on
zero-sized payloads. Credit to Jeff Johnson.
- Removed redundant fdopen() in dictionary management,
2010-07-05 10:10:59 -04:00
Steve Pinkham
7548514234
1.44b: Improve SQL injection detection
...
- Significant improvement to numerical SQL injection detector.
- Minor tweak to SQL message detection rules.
2010-06-29 10:10:17 -04:00
Steve Pinkham
d0ce4e0db9
1.42b: Fix to SQL injection detection with empty parameters.
2010-06-29 10:06:30 -04:00
Steve Pinkham
d4b1cd630e
1.41b: if response varies, directory brute force is also skipped.
2010-06-21 10:57:40 -04:00
Steve Pinkham
2d658f5126
1.40b: Command-line option not to descend into 5xx directories.
2010-06-21 10:55:54 -04:00
Steve Pinkham
822e4f67e1
Version 1.35 and 1.36 - various changes
...
Version 1.36b:
- Command-line support for parameters that should not be fuzzed.
- In-flight URLs can be previewed by hitting 'return'.
Version 1.35b:
- Several new form autocomplete rules.
2010-06-14 21:31:24 -04:00
Steve Pinkham
347a8b4b58
1.34b: A small tweak to file / dir discriminator logic to accommodate quirky frameworks.
2010-05-06 22:59:07 -04:00
Steve Pinkham
662a6138f4
1.15b - Documentation and path mapping changes
...
- Better documentation of why certain issues are not reported by skipfish.
- Another minor tweak to path mapping detection logic.
2010-03-23 19:53:18 -04:00
Steve Pinkham
61ba870458
1.14b - Wordlist, path mapping, cflags, put detection, and doc changes
...
- Several new wordlist entries, courtesy of Glastopf Honeypot:
http://glastopf.org/index.php
- A tweak to path mapping detection logic to detect certain path mappings.
- Makefile now honors external LDFLAGS, CFLAGS.
- Some more documentation tweaks.
- PUT detection logic.
2010-03-23 15:04:21 -04:00
Steve Pinkham
fc8b7d781b
1.09b - Fix for a potential crash in probabilistic scan mode (<100%).
2010-03-21 20:11:57 -04:00
Steve Pinkham
fcf0650b5e
Version 1.00b as released
2010-03-20 11:46:08 -04:00