Skip to content

Wfuzz 2.4 - The web fuzzer

Pre-release
Pre-release
Compare
Choose a tag to compare
@xmendez xmendez released this 27 Apr 09:31
· 373 commits to master since this release
v2.4
05c8a6f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Version 1.4d to 2.4 developed by:

Xavier Mendez ([email protected])

Version up to 1.4c developed by:

Christian Martorella ([email protected])
Carlos del ojo ([email protected])

Changelog 2.4:

New features

  • JSON post data parsing
  • Shodanp payload
  • --filter-help: Filter language specification help usage.
  • --no-cache: Disable plugins cache. Every request will be scanned by plugins.
  • --zP, --zE and --zD: Payloads' parameters, encoders and default parameter arguments.
  • --ip: Specify an IP to connect to instead of the URL's host in the format ip:port. (fixes #121 )
  • --efield/field: Show the specified language expression together with the current payload.
  • --recipe can be chained to combine different recipes.
  • Bash auto-completion script (fixes #32 )

New filter operators

  • plugins: Returns plugins result as a string.
  • :=, =+ and =- assignment operators
  • gre('exp'): Returns first regex group that matches in value

Bugs

  • Trying various encodings when reading wordlists (fixes #128 #125 )
  • Wrap line in output width (fixes #96 #76 #68 #56 #35 )
  • Proxy type incorrectly specified HTML instead HTTP
  • Incorrect URL parsing when specifying with port but without scheme.
  • POST data is not correctly handled for all content types. (fixes #127 )
  • Burplog payload Python 2 and 3 compatible
  • HTTP Response was parsed two times when using proxy and SSL
  • Fixed Python dependencies (thanks to @blshkv )
  • Fixed typo in autorize plugin (thanks to @tkisason )
Assets 2
Loading