Cybersec
/
wapiti
mirror of https://github.com/wapiti-scanner/wapiti.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix pyproject.toml to exclude tests directory from builds. Add "release" target in Makefile. Prepare for Wapiti 3.1.8

This commit is contained in:
devloop 2023-08-08 15:18:39 +02:00
parent 3acba90ae5
commit c27242046f
7 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -11,3 +11,6 @@ wapiti-endpoint:
clean:
rm -rf dist/ build/ wapiti3.egg-info/
release: clean
python -m build --sdist --wheel

2
VERSION
View File

@ -1 +1 @@
Wapiti 3.1.7
Wapiti 3.1.8

14
doc/ChangeLog_Wapiti
View File

@ -1,3 +1,17 @@
08/08/2023
Wapiti 3.1.8
mod_log4shell: add Ubiquiti UniFi to targets
mod_crlf: Fix double-encoding errors
mod_methods: In-depth check of methods allowed by a web server
mod_permanentxss: Fix several bugs
mod_xss: Detect if HTML injection is allowed when XSS injection failed
mod_wapp: several improvements like CPE versions added to output
mod_upload: New module to detect unrestricted file uploads (attempt to upload PHP code)
mod_buster: Discovered assets are added to the generated report
Core: make module errors more verbose
Core: add a Dockerfile to quickly set up your own PHP endpoint
CLI: renamed some authentication options
05/03/2023
Wapiti 3.1.7
Support for Python 3.11

4
pyproject.toml
View File

@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
[project]
name = "wapiti3"
version = "3.1.7"
version = "3.1.8"
description = "A web application vulnerability scanner"
readme = "README.rst"
requires-python = ">=3.9"
@ -78,7 +78,7 @@ test = [
]
[tool.setuptools.packages]
find = {exclude=["tests"]}
find = {exclude=["tests*"]}
[tool.pytest.ini_options]
testpaths = [

2
tests/integration/test_mod_crlf/assertions/crlf.json
View File

@ -7,7 +7,7 @@
"info": "CRLF Injection via injection in the parameter user-agent",
"parameter": "user-agent",
"module": "crlf",
"http_request": "GET /index.php?user-agent=http%3A%2F%2Fwww.google.fr%0D%0Awapiti%3A%203.1.7%20version HTTP/1.1\nhost: crlf\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"http_request": "GET /index.php?user-agent=http%3A%2F%2Fwww.google.fr%0D%0Awapiti%3A%203.1.8%20version HTTP/1.1\nhost: crlf\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"wstg": [
"WSTG-INPV-15"
]

2
wapitiCore/__init__.py
View File

@ -18,4 +18,4 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
parser_name = "html.parser"
WAPITI_VERSION = "3.1.7"
WAPITI_VERSION = "3.1.8"

4
wapitiCore/attack/mod_crlf.py
View File

@ -37,7 +37,7 @@ class ModuleCrlf(Attack):
MSG_VULN = "CRLF Injection"
do_get = True
do_post = True
payloads = [PayloadInfo(payload="http://www.google.fr\r\nwapiti: 3.1.7 version")]
payloads = [PayloadInfo(payload="http://www.google.fr\r\nwapiti: 3.1.8 version")]
def __init__(self, crawler, persister, attack_options, stop_event, crawler_configuration):
super().__init__(crawler, persister, attack_options, stop_event, crawler_configuration)
@ -48,7 +48,7 @@ class ModuleCrlf(Attack):
for mutated_request, parameter, _payload in self.mutator.mutate(
request,
str_to_payloadinfo(["http://www.google.fr\r\nwapiti: 3.1.7 version"]),
str_to_payloadinfo(["http://www.google.fr\r\nwapiti: 3.1.8 version"]),
):
log_verbose(f"[¨] {mutated_request.url}")