Miroslav Stampar
8a90512354
One more commit related to the last one (reduce false hopes in heavily dynamic cases)
2018-03-31 11:02:48 +02:00
Miroslav Stampar
ae8699f258
Reducing false-positive 'appears' messages in heavily dynamic environment
2018-03-29 14:47:30 +02:00
Miroslav Stampar
cdb1e79370
Disabling ORDER BY tests in heavily dynamic environment
2018-03-29 14:37:33 +02:00
Miroslav Stampar
16cd13d7db
Fixes #3014
2018-03-28 17:24:12 +02:00
Miroslav Stampar
45fb5ab4a5
Patch for cases when http: is immediatelly being redirected to https:
2018-03-28 15:13:33 +02:00
Miroslav Stampar
f287ff3767
Trivial comment update
2018-03-21 14:29:54 +01:00
Miroslav Stampar
7d5a0ed2dc
Use false-positive checks in dummy mode
2018-03-21 14:22:59 +01:00
Miroslav Stampar
74de40b9c5
Minor patch of a previous commit
2018-03-16 15:21:19 +01:00
Miroslav Stampar
6c2b7cff80
Minor patch of UNION checking logic
2018-03-16 15:11:04 +01:00
Miroslav Stampar
01fb07f68c
Minor patch (message for --check-internet)
2018-03-16 14:28:37 +01:00
Miroslav Stampar
3c5e9e7559
Fixes #2982
2018-03-14 01:02:26 +01:00
Miroslav Stampar
fa4c1c5251
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
Miroslav Stampar
5380e8174b
Safer WAF heuristics in case of URI injections
2018-03-11 03:20:33 +01:00
Miroslav Stampar
4cefff7e98
Bug fix (misencoding inside check waf payload)
2018-03-11 03:13:33 +01:00
Miroslav Stampar
d99151ce5a
Minor update for --wizard mode
2018-02-27 12:37:45 +01:00
Miroslav Stampar
a16663f9a1
Minor refactoring
2018-02-07 16:05:41 +01:00
Miroslav Stampar
9e75bb7f68
Minor patch
2018-01-31 11:43:17 +01:00
Miroslav Stampar
8a122401aa
Update of copyright years
2018-01-02 00:48:10 +01:00
Miroslav Stampar
66c1f72a16
Minor optimization
2017-12-29 13:04:52 +01:00
Miroslav Stampar
5326df1071
Minor grammar fix
2017-12-13 13:49:55 +01:00
Miroslav Stampar
8cef17b583
Minor just in case patch (error set in case of --string)
2017-12-12 11:18:17 +01:00
Miroslav Stampar
220dffbcfa
Couple of wording updates
2017-12-04 13:59:35 +01:00
Miroslav Stampar
7c5b051d60
Fixes #2808
2017-11-29 15:59:00 +01:00
Miroslav Stampar
132a72c9bd
Minor update of logging messages
2017-11-24 12:20:57 +01:00
Miroslav Stampar
26b81f58bb
Fixes #2772
2017-11-13 11:19:25 +01:00
Miroslav Stampar
67b470245e
Minor cleanup of NULL connection
2017-11-09 13:45:52 +01:00
Miroslav Stampar
58b87e4b6b
Some more refactoring
2017-11-08 15:58:23 +01:00
Miroslav Stampar
496075ef20
Trivial refactoring
2017-10-31 10:10:22 +01:00
Miroslav Stampar
1f60dfc835
Minor patch for WAF mechanism
2017-10-16 11:42:11 +02:00
Miroslav Stampar
8c6b761044
Replacing doc/COPYING to LICENSE
2017-10-11 14:50:46 +02:00
Miroslav Stampar
12f802c70f
Minor text update
2017-09-11 10:41:50 +02:00
Miroslav Stampar
96ffb4b911
Fixes #2693
2017-09-11 10:38:19 +02:00
Miroslav Stampar
cb2258fea4
Fixes #2603
2017-08-28 13:02:08 +02:00
Miroslav Stampar
c871cedae4
Adding hidden option '--force-dbms' to skip fingerprinting
2017-08-28 12:30:42 +02:00
Miroslav Stampar
8b0c50f25d
Update related to the #2663
2017-08-23 13:17:37 +02:00
Miroslav Stampar
62ae149464
Minor patch
2017-07-29 03:35:05 +02:00
Miroslav Stampar
5745d650f8
Fixes #2635
2017-07-29 02:42:20 +02:00
Miroslav Stampar
0f9c81965b
Implementation on request
2017-07-26 00:24:13 +02:00
Miroslav Stampar
d12b65d38c
Fixes #2624
2017-07-25 23:32:30 +02:00
Louis-Philippe Huberdeau
e38267a61e
Include tracking properties in the HAR to identify which test the requests were associated to
2017-07-18 15:46:52 -04:00
Miroslav Stampar
1678b606a2
Update for #2597
2017-07-03 16:55:24 +02:00
Louis-Philippe Huberdeau
0d756a8823
Parse request data and convert to HAR, include in injection data
2017-06-23 11:50:21 -04:00
Miroslav Stampar
864711b434
Minor improvement
2017-06-05 16:48:14 +02:00
Miroslav Stampar
996ad59126
Minor patch
2017-06-05 16:28:19 +02:00
Miroslav Stampar
359bfb2704
Minor adjustment
2017-05-26 14:14:35 +02:00
Miroslav Stampar
644ea2e3aa
Minor patch
2017-05-26 14:08:08 +02:00
Miroslav Stampar
4ce08dcfa3
Patch for an Issue #2536
2017-05-17 00:22:18 +02:00
Miroslav Stampar
d3a08a2d22
Implementation for an Issue #2505
2017-05-07 23:12:42 +02:00
Miroslav Stampar
fc8eede952
Minor cleanup and one bug fix
2017-04-19 14:46:27 +02:00
Miroslav Stampar
c8a0c525fc
Fixes #2489
2017-04-19 14:19:39 +02:00
Miroslav Stampar
5f2bb88037
Some code refactoring
2017-04-18 15:48:05 +02:00
Miroslav Stampar
7ebba5614a
Moving brute from techniques to utils
2017-04-18 13:53:41 +02:00
Miroslav Stampar
d9a931f77a
Minor cleanup
2017-04-14 13:14:53 +02:00
Miroslav Stampar
0e206da7c0
Minor patches (pydiatra)
2017-04-14 13:08:51 +02:00
Miroslav Stampar
9b3d229294
Fixes #2471
2017-04-10 19:21:22 +02:00
Miroslav Stampar
60e8c725f9
Fixes #2437
2017-03-12 23:24:13 +01:00
Miroslav Stampar
7960045cf9
Fixes #2277 and #2300
2017-02-27 13:58:07 +01:00
Miroslav Stampar
4b420e7579
Removing Google PageRank as it is dead now
2017-02-23 11:33:39 +01:00
Miroslav Stampar
38f16decef
Update for an Issue #2384
2017-02-06 13:28:33 +01:00
Miroslav Stampar
03bbf552ef
Patch for an Issue #2382
2017-02-06 11:14:45 +01:00
Miroslav Stampar
55272f7a3b
New version preparation
2017-01-02 14:19:18 +01:00
Francisco Blas Izquierdo Riera (klondike)
025e9ac5b4
Fix the logic used for --param-exclude
...
The current logic will skip all existing parameters if no param-exclude is defined.
This breaks previous behaviour, makes it harder to use the tool and is quite confusing.
The new logic will always check the parameter is set before running any other checks instead of shortcircuit an empoty(always true) regexp.
2016-12-28 12:25:05 +01:00
Miroslav Stampar
89bbf5284c
Adding new option --param-exclude on private request
2016-12-25 23:16:44 +01:00
Miroslav Stampar
edc6f47758
Some refactoring
2016-12-19 23:47:39 +01:00
Hanno Heinrichs
2cc604e356
Fix several typos
2016-10-26 21:41:57 +02:00
Miroslav Stampar
24eaf55dc8
Removing bad decision for -d (user should be able to choose)
2016-10-17 22:32:23 +02:00
Miroslav Stampar
6130185ac6
Minor consistency update with the wiki
2016-10-11 00:35:39 +02:00
Miroslav Stampar
171cf6f54d
Minor fine tuning for SQLi heuristic check
2016-10-04 11:32:06 +02:00
Miroslav Stampar
dc8301689e
Implementation for an Issue #2204
2016-10-02 11:13:40 +02:00
Miroslav Stampar
332726356c
Minor language update
2016-09-29 14:03:46 +02:00
Miroslav Stampar
381deb68ff
Implementation for an Issue #2137
2016-09-27 13:26:11 +02:00
Miroslav Stampar
7151df16f6
Adding extra validation step in case of boolean-based blind (e.g. if unexpected 500 occurs)
2016-09-27 11:21:12 +02:00
Miroslav Stampar
8994bf2dba
Further dealing with time-based SQLi (Issue #1973 )
2016-09-27 10:32:22 +02:00
Miroslav Stampar
09617c8243
Introducing extra validation property in case of time-based SQLi (HTTP code) - Issue #1973
2016-09-27 10:20:36 +02:00
Miroslav Stampar
556b4d289e
Minor cosmetic patch (removing multiple same content '...appears...' messages)
2016-09-26 17:02:40 +02:00
Miroslav Stampar
1b48ff223d
Adding initial support for Informix (Issue #552 )
2016-09-23 12:33:27 +02:00
Miroslav Stampar
56a918c408
Minor refactoring
2016-09-20 10:03:00 +02:00
Miroslav Stampar
bcd62ecc5b
Minor optimization (avoiding unnecessary deepcopies)
2016-09-20 09:56:08 +02:00
Miroslav Stampar
32dd4a938c
Minor patch of message
2016-09-09 11:37:16 +02:00
Miroslav Stampar
6b91b7b7fa
Minor cosmetics
2016-09-02 16:10:11 +02:00
Miroslav Stampar
cb43c03712
Definite patch for MemoryError(s) ( fixes #1991 )
2016-06-30 14:57:56 +02:00
Miroslav Stampar
8b4367d354
Revert of last commit
2016-06-26 01:42:21 +02:00
Miroslav Stampar
0a9d69a7d0
Minor patch
2016-06-26 01:10:47 +02:00
Miroslav Stampar
0175acd028
Bug fix (in some cases lack of warning message for SQLi appearing)
2016-06-23 17:52:37 +02:00
Miroslav Stampar
78fdb27a0b
More improvements
2016-06-03 15:51:52 +02:00
Miroslav Stampar
350baf0a0a
Minor update
2016-06-03 14:29:32 +02:00
Miroslav Stampar
9886b646eb
Proper update regarding the last commit
2016-06-03 14:18:28 +02:00
Miroslav Stampar
c5197b99a0
Minor patch and minor improvement
2016-06-03 13:59:32 +02:00
Miroslav Stampar
0e65043c84
Minor adjustment
2016-06-03 09:48:49 +02:00
Miroslav Stampar
229d3a7dd0
Patch for cases when error page looks more like original, than the False one does
2016-05-30 16:46:23 +02:00
Miroslav Stampar
b965e5bf1c
Minor refactoring
2016-05-30 16:06:39 +02:00
Miroslav Stampar
3bd74c5351
Minor patch
2016-05-30 15:20:21 +02:00
Miroslav Stampar
55624ec1a2
Minor message update
2016-05-30 14:40:22 +02:00
Miroslav Stampar
83b82a5e98
Bug fix (wrong handler used in case of DBMS resolution)
2016-05-30 10:32:49 +02:00
Miroslav Stampar
69fd900108
Adding waf script for detection of generic/unknown
2016-05-27 16:34:41 +02:00
Miroslav Stampar
de9f23939f
Major bug fix in WAF/IDS/IPS detection (question 'do you want..to try to detect backend WAF/IPS/IDS' never worked)
2016-05-27 13:41:03 +02:00
Miroslav Stampar
7a2ac23f0b
Adding new waf script (sitelock)
2016-05-27 02:13:01 +02:00
Miroslav Stampar
a5f8cae599
Fixes #1892
2016-05-24 17:58:35 +02:00
Miroslav Stampar
c395958dff
Fixes #1888
2016-05-24 14:55:19 +02:00
Miroslav Stampar
798b539eec
Minor update
2016-05-24 14:50:56 +02:00