forked from wireghoul/graudit
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Changelog
139 lines (122 loc) · 4.63 KB
/
Changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
2.3 2019 Oct 15
Added database for finding sensitive information (secrets)
C database no longer deprecated
Created low hanging fruit rules for C/C++ (seafruit.db)
Added more test cases to avoid some past mistakes
Updated make and make install rules to match new version changes
Removed the all rules database
Updated documentation
Improved bsdgrep/OSX support
Improved PHP rules for stream/wrapper bugs (ie: phar://) (@manasmbellani)
Added and updated python rules
More Java rules and cleanup of Java rules
More DotNet rules
More Android rules
More iOS rules
Added basic JavaScript rules
Added additional script to show C taint analysis (misc/b0ftaint.sh)
Added script for finding low hanging/high impact PHP bugs (misc/flatline.*)
Added script for using flatline rules in taint analysis (misc/vulntaint.sh)
Added script for scanning github repos with flatline (misc/gitscan)
Added script for finding interesting files and secrets (misc/graufflehog.sh)
2.2 2018 Dec 20
Added another demo script
Adde signatures from OWASP code review guide
Various bugfixes and code quality updates
Renamed aux/ to misc/
Colour blind mode added
Updated documentation
More rule updates
2.1 2017 Apr 05
Fixed broken test cases
Added multi argument support to -x
Added banner
Added banner supression switch
Replaced ./configure; make installation steps with make and variables (issue #9)
2.0 2016 Jan 25
Added option include several common binary files (ignored by default) [-A flag]
Ignoring more binary files by default
Updated PHP rules
Updated Perl rules
Updated default rules
Updated dotnet rules
Updated and deprecating c rules
Added JSP taint checking PoC script to aux/
Added some basic ruby rules from @bcoles
Added ios rules (from Samuel Reed)
Added android rules (from Samuel Reed)
Added actionscript rules (from Samuel Reed)
Ruby reflection rules (from Samuel Reed)
Bugfix for graudit on Mac (from Samuel Reed)
Added java exceptions signatures (from Samuel Reed)
Jsp signatures more correctly represented as java.db
Added strings database to look for important text strings
Added aux script for finding suitable php files to use in unserialize() exploits
1.9 2011 Jan 11
Fixed php (php/xss.db) database which had a blank line at the end, causing everything to match. (Thx @jodymelbourne)
Added test case for blank lines in signature scripts
Added database validating aux script
Updated Makefile file manifest
Fixed bug in test script template (t/blank-test.sh)
1.8 2010 Dec 24 //Happy xmas edition!
-L operator does vim friendly line numbers
Man pages and documentation updates
PHP signature updates
JSP signature updates
Dotnet signature updates
Perl signature updates and bug fixes
Python signature updates
Bug fixes for aux/ scripts
More aux/ scripts
Fixed ignore CVS directories by default
1.7 2010 Jul 31
New PHP signatures
Improved C signatures for fewer false positives
Improved dotnet signatures
Whitespace neutrality for all signatures
-l operator lists available databases
-x operator for excluding files
configure script added to make chain
Makefile install targets changed, install is now server wide
1.6 2010 May 14
Bugfix for greedy separator code (thx to Chillman)
Imported C rules from RATS
Started test suite transition to the Junio C Hamano Git inspired one
Added case insensitive switch (thx to Chillman for patch)
Dotnet signatures (thx to Chillman again)
Discontinued the rough database
Added the combined database "all"
Support for the GRDIR enviroment variable
1.5 2009 December 06
New features for server wide install
Source distro file for package maintainers
Signature bug fixes
New php, python and perl signatures
Deprecating the rough signature set
Fixed graudit usage text
Improved documentation
Several color modes supported
1.4 2009 November 23
New and improved signatures
Graceful detection of grep version < 2.5.3
Preparing for version 1.5
1.3 2009 October 31
Some signatures added to existing databases
Signature improvements to existing databases
Added JSP ruleset
Added ASP ruleset
Improved testing
1.2 2009 September 18
Default signatures aimed at low hanging fruit
Improved documentation
Bug fixes to graudit and signatures
1.1 2009 July 29
Improved custom db options
Improved signatures for several languages
A few minor tweaks
1.0 2009 June 14
Initial release on github
Older versions
The initial concept is something I have used for a long time, I can't
quite remember when I decided to make it into a more structured
script, but here we are anyway.