Skip to content

Releases: RedTeamPentesting/monsoon

v0.10.0

16 Dec 11:37
Compare
Choose a tag to compare

Changes:

  • Added option to change the shell command for the shell replacer
  • TLS renegotiation support can now be enabled with --insecure-ciphersuites
  • Updated dependencies

v0.9.2

26 Apr 13:14
Compare
Choose a tag to compare

Changelog

  • 89f3183 Add completion command
  • eb52e06 Add documentation
  • 3ddca2d Add replace mode for executing a program
  • ce6e049 Add short paragraphs about reverse ranges and range formatting
  • 093db64 Add warning when using template with HTTP/2 and flag --disable-http2
  • 3fec10b Bump golang.org/x/net
  • 60a6a6d Do not show static values
  • 68dbecb Fix go.mod
  • 5b59894 Fix linter issues
  • 53e86b6 Increase default value buffer size to enable time estimation for larger word lists
  • ab41e5d Update dependencies
  • 2e83dfb Update workflows

v0.8.0

12 Jul 13:31
Compare
Choose a tag to compare

It has been a year since the last release of monsoon but we've been working on it continuously behind the scenes. Now, we're proud to release version 0.8.0 which is full of new features, fixes and improvements. In fact, we also wrote the new blog post "Bringing Monsoon to the Next Level" which goes over all changes in detail. The most notable new features are the --replace parameter which allows you to fuzz with multiple parameters and the overhauled test command.

Changes:

  • Multi-parameter fuzzing with the --replace parameter which can be specified multiple times. It combines the functionality of the --file, --range and --range-format and adds even more flexibility. For example, you can search for files in multiple directories like this: --replace DIRNR:range:1-10:%02d --replace FILENAME:file:files.txt https://example.com/folder-DIRNR/FILENAME
  • Overhauled test command to show the table output known from monsoon fuzz for a single fuzz value and print the request and response. It is also now a drop-in replacement for the fuzz command for quick and easy testing.
  • Static value replacer: Take a look at our blog to find out when this feature comes handy.
  • Long request detection: Due to the parallel nature of fuzzing, it is often not easy to identify requests that take longer than usual. However, these requests are often especially interesting. monsoon now prints out an annotation for these requests.
  • Reversed ranges: It is now possible to switch start and end of a range to count backwards.
  • Overhauled --extract-pipe: The performance was improved significantly and the current fuzz values are now passed to the command as environment variables.
  • Added the option --insecure-ciphersuites to enable all insecure ciphersuites that are supported by Go.
  • Multiple new timeout options: --connect-timeout, --tls-handshake-timeout and --response-header-timeout
  • Support for coloured output on Windows.
  • Fixed an issue where responses were not decompressed when using a template file.
  • More robust template file parsing.
  • A version command was added.
  • Lots of small fixes and improvements under the hood.

Finally, we now also offer pre-built binaries below.

monsoon 0.7.0

28 Jun 09:02
Compare
Choose a tag to compare

Changes:

  • Improved and prettified error handling for input data and request-related errors
  • New option to configure the number of redirects to follow with --follow-redirect n
  • New options to force connecting exclusively via IPv4 (--ipv4-only) or IPv6 (--ipv6-only)
  • Bug fixes for the filtering logic of the --show-status option, improved column indentation and better help texts
  • Updated dependencies

monsoon 0.6.0

28 Oct 11:43
Compare
Choose a tag to compare

Changes:

  • Colorize output
  • Limit update framerate to 60fps by default (set $MONSOON_PROGRESS_FPS to override)

0.5.0

16 Sep 07:55
Compare
Choose a tag to compare
v0.5.0

v0.5.0

0.4.0

27 Aug 06:37
Compare
Choose a tag to compare
v0.4.0

v0.4.0