Skip to content

Wfuzz 3.0.0 - The Web fuzzer

Pre-release
Pre-release
Compare
Choose a tag to compare
@xmendez xmendez released this 19 Aug 22:55
· 144 commits to master since this release
v3.0.0
f3b407f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Version 1.4d to 3.0.0 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com)
Carlos del ojo (deepbit@gmail.com)

Changelog 3.0.0:

  • Following semantic versioning from this release on-wards. See https://semver.org/
  • Refactor of options, queues, dictionaries, filters, printers and factories.
  • Refactored some tests to pytest.
  • Added black formatter to CI.
  • Updated documentation.
  • Improved filter language performance.
  • Added Python 3.8 support to CI (closes #190)
  • Stopped python 2 support.

New features

  • Various --prefilter command line options are accepted.
  • Various --efield or --field command line options are accepted. (Closes #152 )
  • Wfpayload uses same motor as wfuzz and therefore provides almost the same options. (closes #154)
  • Slice can re-write payloads (closes #140)
  • Links plugins accepts a regex parameter to crawl other subdomains
  • New npm_deps plugin.
  • Added raw_post to filter language.
  • Complex and simple filters can be combined.
  • Added BBB to language as keyword, not only in conjunction with c,l,w.
  • Fields and headers are case insensitive in filter language.

Bugs

  • Fixed baseline in headers (Closes #188)
  • Fixed output when printing long lines or non-printable characters.
  • Fixed pyparsing depency requirements (Closes #206)
  • Removed deprecation and import warnings.
  • Using package data for filter documentation file (Closes #135)
  • Warnings to stdout instead of stderr (closes #163)
  • Null fields do not raise an exception in filter language.

Breaking changes

  • In wfuzz library:
    • prefilter is a list of filters not a string.
    • dry-run is specified with transport variable not with mode as before.
  • When using --recipe, command line options that are a list are appended. Previously, the last one took precedence.
  • When writing plugins:
    • iterators must override width and payloads functions
    • payloads must override get_next and get_type functions
  • Saved Wfuzz sessions are not compatible with previous versions
Assets 2
Loading