- Fixed a build breaking typo
- Various minor enhancements and bug fixes
- Browser engine integration for zero false positives
- Coverage of event handler context
- Fixed a bug in HTML Parser
- Ability to add urls from file
- More modular structure
- Show parameter name while bruteforcing
- Fix payload display while using POST method
- Fixed a bug in bruteforcer
- Fixed a major bug in HTML Parser
- Added progress bar for bruteforcer
- Code refactor
- Updated signature for Fortiweb WAF
- Minor bug fixes
- Proxy Support
- Blind XSS support
- Detection of up to 66 WAFs
- Ability to bruteforce payloads from a file
- Verbose output toggle
- Payload encoding: base64
- Handle MemoryError in DOM scanner
- Fixed a bug in bruteforcer
- Fixed poc generation
- Better multi js context injection
- Better wrong content type handling
- Handle high variance of context breakers
- Better efficiency check
- Fixed update mechanism
- Added license
- Added --skip switch
- Ignore SSL certificates
Production ready stable release with no known bugs
- Removed redundant code & imports
- Disable colors in windows and mac
- Fixed user-agent overriding
- Handle wrong content type
- Multi-thread scanning
- Rewritten JavaScript parser to be more accurate
- Handle dynamic number of reflections
- Better regex for locating DOM sources
- Fixed a bug in DOM scanning while crawling
- Flexible crawling with ability to specify threads, depth
- Treat html entity and slash escaping differently
- Other minor bug fixes
Intial beta release for public testing