Fenjing

Latest version: v0.7.5

Safety actively analyzes 714919 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 5

0.6.0.1

New features:
- Remove redundant brackets in payload with precedence calculation.
- Now scan function will guess parameters by intrusion.
- Test whether WAF banned long payloads.
- Add tons of rules...
- Add --extra-param and --extra-data options

Bug fixes:
- environment param ignored in do_crack_path_pre
- long param WAF test cause wrong WAF detection

**Full Changelog**: https://github.com/Marven11/Fenjing/compare/v0.5.8...v0.6.0.1

0.5.8

New features:
- Auto fixing 500 algorithm! When HTTP status code is 500 the algo just FIX it! Details in 16
- More rules, we can add some rules back because that algo will disable them when they don't work.
- Bug fix: eval dont work in eval-args-payload mode

**Full Changelog**: https://github.com/Marven11/Fenjing/compare/v0.5.5.1...v0.5.8

0.5.5.1

New feature:
- Real Terminal!
- eval a python expression on the target, for meterpreter python session and others.
- get a flask config of the target, sometimes flag is there.
- implement ls and cat alternative in the terminal, will be useful when the PATH environment is broken.
- normal stuff like more rules...
- none.

**Full Changelog**: https://github.com/Marven11/Fenjing/compare/v0.5.2.1...v0.5.5.1

0.5.2.1

Optimization:
- More rules!
- Better WAF detection
- Check WAF when generating literals
- Check whether tamperers' output ends in '\n'
- Improve code quality

**Full Changelog**: https://github.com/Marven11/Fenjing/compare/v0.5.1...v0.5.2.1

0.5.1

So I finally closed issue 10
New features:
- `--eval-args-payload` option, pass payload in the GET/POST args, and use SSTI to execute it.
- `--proxy` option for just setting proxy.

Optimization:
- Stop adding brackets when getting attributes of something
- add a internal generate target ONEOF for generate one of the requirements, now the payload generator can genrate things like `"__g""lobals__"` besides `"_""_""g""l""o""b""a""l""s""_""_"`
- generate target EVAL now requires a generate target instead of a string, useful for generating things like `eval(request.value.x)`

**Full Changelog**: https://github.com/Marven11/Fenjing/compare/v0.4.8...v0.5.1

0.4.8

New features:
- `detect-mode`
- `tamper-cmd`
- Better webui
- Better WAF detection

**Full Changelog**: https://github.com/Marven11/Fenjing/compare/v0.4.1...v0.4.8

Page 3 of 5

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.