Fix pyproject.toml to exclude tests directory from builds. Add "release" target in Makefile. Prepare for Wapiti 3.1.8
This commit is contained in:
parent
3acba90ae5
commit
c27242046f
3
Makefile
3
Makefile
|
@ -11,3 +11,6 @@ wapiti-endpoint:
|
|||
|
||||
clean:
|
||||
rm -rf dist/ build/ wapiti3.egg-info/
|
||||
|
||||
release: clean
|
||||
python -m build --sdist --wheel
|
|
@ -1,3 +1,17 @@
|
|||
08/08/2023
|
||||
Wapiti 3.1.8
|
||||
mod_log4shell: add Ubiquiti UniFi to targets
|
||||
mod_crlf: Fix double-encoding errors
|
||||
mod_methods: In-depth check of methods allowed by a web server
|
||||
mod_permanentxss: Fix several bugs
|
||||
mod_xss: Detect if HTML injection is allowed when XSS injection failed
|
||||
mod_wapp: several improvements like CPE versions added to output
|
||||
mod_upload: New module to detect unrestricted file uploads (attempt to upload PHP code)
|
||||
mod_buster: Discovered assets are added to the generated report
|
||||
Core: make module errors more verbose
|
||||
Core: add a Dockerfile to quickly set up your own PHP endpoint
|
||||
CLI: renamed some authentication options
|
||||
|
||||
05/03/2023
|
||||
Wapiti 3.1.7
|
||||
Support for Python 3.11
|
||||
|
|
|
@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
|
|||
|
||||
[project]
|
||||
name = "wapiti3"
|
||||
version = "3.1.7"
|
||||
version = "3.1.8"
|
||||
description = "A web application vulnerability scanner"
|
||||
readme = "README.rst"
|
||||
requires-python = ">=3.9"
|
||||
|
@ -78,7 +78,7 @@ test = [
|
|||
]
|
||||
|
||||
[tool.setuptools.packages]
|
||||
find = {exclude=["tests"]}
|
||||
find = {exclude=["tests*"]}
|
||||
|
||||
[tool.pytest.ini_options]
|
||||
testpaths = [
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
"info": "CRLF Injection via injection in the parameter user-agent",
|
||||
"parameter": "user-agent",
|
||||
"module": "crlf",
|
||||
"http_request": "GET /index.php?user-agent=http%3A%2F%2Fwww.google.fr%0D%0Awapiti%3A%203.1.7%20version HTTP/1.1\nhost: crlf\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
|
||||
"http_request": "GET /index.php?user-agent=http%3A%2F%2Fwww.google.fr%0D%0Awapiti%3A%203.1.8%20version HTTP/1.1\nhost: crlf\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
|
||||
"wstg": [
|
||||
"WSTG-INPV-15"
|
||||
]
|
||||
|
|
|
@ -18,4 +18,4 @@
|
|||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
parser_name = "html.parser"
|
||||
WAPITI_VERSION = "3.1.7"
|
||||
WAPITI_VERSION = "3.1.8"
|
||||
|
|
|
@ -37,7 +37,7 @@ class ModuleCrlf(Attack):
|
|||
MSG_VULN = "CRLF Injection"
|
||||
do_get = True
|
||||
do_post = True
|
||||
payloads = [PayloadInfo(payload="http://www.google.fr\r\nwapiti: 3.1.7 version")]
|
||||
payloads = [PayloadInfo(payload="http://www.google.fr\r\nwapiti: 3.1.8 version")]
|
||||
|
||||
def __init__(self, crawler, persister, attack_options, stop_event, crawler_configuration):
|
||||
super().__init__(crawler, persister, attack_options, stop_event, crawler_configuration)
|
||||
|
@ -48,7 +48,7 @@ class ModuleCrlf(Attack):
|
|||
|
||||
for mutated_request, parameter, _payload in self.mutator.mutate(
|
||||
request,
|
||||
str_to_payloadinfo(["http://www.google.fr\r\nwapiti: 3.1.7 version"]),
|
||||
str_to_payloadinfo(["http://www.google.fr\r\nwapiti: 3.1.8 version"]),
|
||||
):
|
||||
log_verbose(f"[¨] {mutated_request.url}")
|
||||
|
||||
|
|
Loading…
Reference in New Issue