Skip to content

v3.9.0
Compare
Choose a tag to compare
@VitorOriel VitorOriel released this 14 Apr 21:23
· 656 commits to master since this release
v3.9.0
e039702

New features

  • Option to insert multiple targets:
    • by urls (for each -u);
    • by raw HTTP (for each -r);
  • Option to insert custom, and multiple, http verbs (request methods);
  • Fuzzing http verbs;
  • Added scanners (see Default scanners and Custom scanners);
  • Added dictionaries (see Default dictionaries and Custom dictionaries);
  • Added encoders (see Encoders);
  • Use requests Session object to perform a session request for URL fuzzings. Keep the common request method for non URL fuzzings;
  • Blacklist a response status code to pause the application, or skip the current fuzzed target;
  • Added wordlists to the project;

Code refatored

  • ApplicationManager: Added callback functions to be called on Fuzzer, removed the proxies checker and ajusted the footer content;
  • OutputHandler: Moved the help menu to ApplicationManager;
  • FileHandler: Separated the reports and logs functions into classes - Logger and Reporter;
  • RequestParser: Bring the commom url parsing functions to out of the class;
  • Moved the exceptions to exceptions directory;
  • Moved the useful functions to utils directory;

To Do

  • Implement crawler plugins;
  • Implement GUI interface;
  • Implement advanced XSS scanners (by running JS on background);
  • Implement advanced SQLi scanners (could build a new plugin to enqueue more requests, to enumerate the database information);
  • Implement a proxy to intercept HTTP requests and build the target based on it (suggested by @matheusHResende);
  • Refator the plugins using Factory design pattern.
Assets 2
Loading