Skip to content

v15
Compare
Choose a tag to compare
@zapbot zapbot released this 02 Oct 14:30
· 163 commits to main since this release
v15
802e2f6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • active/RCE.py
  • active/SSTI.py
  • active/SSTI.js - An active scan script to check for SSTI in 14 different template engines.
  • httpfuzzerprocessor/addCacheBusting.js - Fuzzing with cache busting.
  • encode-decode
    • README.md - Summary of the script type.
    • double-spacer.js - A script that inserts a space after every character in a string.
  • standalone/SecurityCrawlMazeScore.js
  • scan-hooks/LogMessagesHook.py and httpsender/LogMessages.js to help debugging, especially in docker.

Changed

  • standalone/enableDebugLogging.js > Updated for more recent logging funtionality.
  • Update JS scripts to use passed singleton variables (control, model, view) if available (>= ZAP 2.12.0).
  • passive/Server Header Disclosure.js > Updated to check that the Server Header contains something that looks like a semantic version component.
Assets 3
Loading