Wfuzz

Latest version: v3.1.0

Safety actively analyzes 681775 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 5

3.1.0

- Added tox and change test in Makefile
- Improved plugin field filter language capabilities, ie. data and severity can be specified
- Plugin's information is shown depending on severity when using -v
- Filter language and fuzzresult's description handle lists of results
- Added some basic queue profiling for debugging
- diff operator
- Refactored discarded results
- Dotdict __str__
- Removed future library
- Added operator tests

Plugins:
- Refactored headers plugin
- Links plugins looks in link and redirect headers
- Improved links plugin regex based on nahamsec/JSParser
- New field printer to output filter expressions only
- burplog unittest
- raw printer shows plugin data

wfpayload:
- Added --prev and --AA, ---AAA to wfpayload

wfencode:
- -i reads from stdin
- general handle exception in wfencode

Breaking changes:
- Changed -A, --AA, ---AAA plugin's categories
- Changed plugins filter language field.
- Changed links filter parameters and kbase keys.
- Changed headers kbase key and server result.
- When slicing a payload FUZZ refers to the previous result.

Bugs:

- Fixed --prev in wfpayload
- Fixed -c and -v values within printers plugins
- Don't print empty values in wfpayload
- Use lower() in ~ operator
- Remove httpreceiver queue limit
- Fixed --interactive actions
- Stripped CRLF from burplog parsed responses
- Fixed --slice when using FuzzResult payloads
- Only add recursive and routing queues when transport is Http
- Bug in reqresp when parsing nested http responses due to textparser

3.0.3

- Added sha256 and sha512 encoders. Thanks dustinaevans
- Docker image available at github registry (closes 122). Thanks oscarbc96

Bugs:

- Removed pytest from dev requirements (closes 215)
- Fixed pypi long description formatting. Thanks oscarbc96

3.0.2

- Added dependabot configuration
- Updated requirements
- Updated screenshot plugin. Details at https://github.com/xmendez/wfuzz/pull/226. Thanks to 1mm0rt41PC

Bugs:

- Fixed double urlencode name (see 235). thanks to tititototutu

3.0.1

- Store wfuzz configuration according to XDG Base Directory Specification. Thanks to nemoload
- Changed pyparsing version requirement. Thanks to blshkv
- Pinned black and flake versions in tox.ini

3.0.0

- Following semantic versioning from this release on-wards. See https://semver.org/
- Refactor of options, queues, dictionaries, filters, printers and factories.
- Refactored some tests to pytest.
- Added black formatter to CI.
- Updated documentation.
- Improved filter language performance.
- Added Python 3.8 support to CI (closes 190)
- Stopped python 2 support.

New features

- Various --prefilter command line options are accepted.
- Various --efield or --field command line options are accepted. (Closes 152 )
- Wfpayload uses same motor as wfuzz and therefore provides almost the same options. (closes 154)
- Slice can re-write payloads (closes 140)
- Links plugins accepts a regex parameter to crawl other subdomains
- New npm_deps plugin.
- Added raw_post to filter language.
- Complex and simple filters can be combined.
- Added BBB to language as keyword, not only in conjunction with c,l,w.
- Fields and headers are case insensitive in filter language.

Bugs

- Fixed baseline in headers (Closes 188)
- Fixed output when printing long lines or non-printable characters.
- Fixed pyparsing depency requirements (Closes 206)
- Removed deprecation and import warnings.
- Using package data for filter documentation file (Closes 135)
- Warnings to stdout instead of stderr (closes 163)
- Null fields do not raise an exception in filter language.

Breaking changes

- In wfuzz library:
- prefilter is a list of filters not a string.
- dry-run is specified with transport variable not with mode as before.
- When using --recipe, command line options that are a list are appended. Previously, the last one took precedence.
- When writing plugins:
- iterators must override width and payloads functions
- payloads must override get_next and get_type functions
- Saved Wfuzz sessions are not compatible with previous versions

2.4.7

- Pinned dev dependencies in setup.py to make code linting repeatable

Bugs

- Fixed proxy SOCKS. Thanks to lprat. See https://github.com/xmendez/wfuzz/pull/210

Page 1 of 5

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.