Releases: hahwul/dalfox
v2.7.2
Summary
Changelog
- 2e4ad1b tap v2.7.2
- bcddcef chore: update contributors [skip ci]
- 24cf7b5 add debug code
- d93d14b Merge pull request #361 from hahwul/dependabot/go_modules/github.com/chromedp/chromedp-0.8.0
- 8edf46b Merge pull request #360 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.7.2
- 974f1a0 Merge pull request #359 from hahwul/dependabot/go_modules/github.com/stretchr/testify-1.7.1
- c08f10a Merge pull request #357 from hahwul/dependabot/go_modules/github.com/spf13/cobra-1.4.0
- 7e0da36 Merge pull request #356 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.7.0
- 2065c50 Merge pull request #355 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.8.0
- 60b7a1a Merge pull request #353 from hahwul/dependabot/go_modules/github.com/chromedp/chromedp-0.7.8
- e4f6b39 Bump github.com/swaggo/swag from 1.7.9 to 1.8.0
- 1c57150 Bump github.com/stretchr/testify from 1.7.0 to 1.7.1
- 1efae43 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
- 11b02e7 Bump github.com/labstack/echo/v4 from 4.7.0 to 4.7.2
- 0fbe357 Bump github.com/labstack/echo/v4 from 4.6.3 to 4.7.0
- f772f30 Bump github.com/chromedp/chromedp from 0.7.8 to 0.8.0
- 84cf9c3 Bump github.com/chromedp/chromedp from 0.7.7 to 0.7.8
- 50050b1 (#354) remove vrs=false in hit linesum check logic
- 6f3b6e5 (#314) Improve server mode (legacy => lib)
v2.7.1
Summary
- Fixed --only-custom-payload bug
- Added --ignore-param flag
If you use
--ignore-paramflags, you can ignore unwanted parameters when scanning. It can be used anywhere, including the URL mode, Pipe mode, File mode, etc because it is global flag.
Changelog
- 82a1753 Tap v2.7.1
- aa2035a Merge pull request #351 from hahwul/dependabot/go_modules/github.com/briandowns/spinner-1.18.1
- 05c2afa Merge pull request #350 from hahwul/dependabot/go_modules/github.com/swaggo/echo-swagger-1.3.0
- 2c465ff Merge pull request #349 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.7.9
- 09e9af2 Merge pull request #348 from hahwul/dependabot/go_modules/github.com/chromedp/chromedp-0.7.7
- 62d1f2e Merge pull request #340 from hahwul/dependabot/go_modules/github.com/swaggo/echo-swagger-1.2.0
- 3ff32dd Merge pull request #339 from hahwul/dependabot/go_modules/github.com/labstack/echo/v4-4.6.3
- 5a190df Bump github.com/swaggo/swag from 1.7.8 to 1.7.9
- 2e3efaa Bump github.com/swaggo/echo-swagger from 1.2.0 to 1.3.0
- 999a1e4 Bump github.com/swaggo/echo-swagger from 1.1.4 to 1.2.0
- 6c05b98 Bump github.com/labstack/echo/v4 from 4.6.1 to 4.6.3
- fe08583 Bump github.com/chromedp/chromedp from 0.7.6 to 0.7.7
- dbee447 Bump github.com/briandowns/spinner from 1.18.0 to 1.18.1
- 872067f (#344) Fixed --only-custom-payload bug
- e9d75b5 (#342) Add --ignore-param flag and change func 'CheckInspectionParam'
v2.7.0
Summary
- Add BAV Module
- ESI Injection
- Support to windows/arm64
- Upgrade go dependency (1.16 to 1.17)
- Add Severity in PoC Object
- Improve SXSS Mode
- Improve Code Quality
- Improve libraty interface
- Fixed bugs
- Update dalfox web page and documentation
Changelog
- 33125a5 update pre-release script
- f1a2c8c update go.mod and go.sum
- 4b96576 tap v2.7.0-dev
- 4c2166f tap v2.7.0
- dab368e chore: update contributors [skip ci]
- 310495b chore: update contributors [skip ci]
- cfa53ae build: upgrade
godirective ingo.modto 1.17 - e5656f8 [ImgBot] Optimize images
- 97c9a57 Update test code
- 5987355 Update readme
- 58b190f Update index.md
- 5627c9b Update index.html
- 0023c1b Update index.html
- e306fc4 Update index.html
- e752ea3 Update index.html
- ba3411c Update index.html
- 0bcd4af Update index.html
- d788a69 Update index.html
- 8586e09 Update index.html
- 7f6d74b Update image
- 52093d7 Update go.yml
- d95d6cf Update go.yml
- 0a9f80e Update documents
- c587a51 Update codecov.yml
- d8dc28a Update banner
- 7097628 Update README.md
- d9eb76f Update README.md
- e640424 Update README.md
- c3eefa9 Update README.md
- 9e22d4f Update README.md
- 4b244bc Update README.md
- 7d1c5b1 Update README.md
- 29f3bcb Update README.md
- f580d4a Update README.md
- f8974a9 Update README.md
- e68e3cd Update README.md
- 7ab75c7 Update README.md
- 8d8219d Update README.md
- 0d67e95 Update README.md
- 4aee15b Merge pull request #336 from hahwul/imgbot
- b74c2d9 Merge pull request #335 from ksg97031/main
- acd0b4d Merge pull request #334 from hahwul/dependabot/go_modules/github.com/briandowns/spinner-1.18.0
- 372e7e7 Merge pull request #328 from hahwul/dependabot/go_modules/github.com/briandowns/spinner-1.17.0
- 996d146 Merge pull request #327 from Juneezee/go1.17
- b3c4ce5 Fixed typo
- 46d07f5 Create check-before-release.sh
- 829b790 Create README.md
- 381e79c Bump github.com/briandowns/spinner from 1.17.0 to 1.18.0
- 861db16 Bump github.com/briandowns/spinner from 1.16.0 to 1.17.0
- a54de11 Added TriggerMethod in lib
- 6c4da2d (#333) Modify to use fixed worker and minimum delay values in sxxs mode
- 0d41b0a (#330) Add ESI Injection in BAV
- 5089cbe (#329) Support windows/arm64
v2.6.3
Summary
- Add severity in PoC Object
- Change builtin and custom grep message in grepping
- Fixed bug (poc-type in poc object)
Changelog
- fbae865 Update verify_test.go
- f9d2271 Update json.md
- d0f46a1 Update json.md
- 0210156 Update docs (#323)
- 4c7137e Merge pull request #324 from hahwul/dependabot/go_modules/github.com/spf13/cobra-1.3.0
- 4819423 Merge branch 'main' of https://github.com/hahwul/dalfox into main
- e59ccb2 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0
- ca8c7e0 (#326) Add poctype in PoC Object
- 8d8665f (#325) Change builtin and custom grep message in grepping
- 4f725b7 (#323) Add severity in PoC Object
v2.6.2
Summary
- Fixed zero-line bug (response body If there's a reflection in the first row, there's a false negative)
Changelog
v2.6.1
Changelog
- 741f6c0 update package
- 15bf693 tap v2.6.1
- 17be4d8 chore: update contributors [skip ci]
- 4ac6e1f Merge pull request #321 from hahwul/dev
- 5c1e792 Merge pull request #319 from hahwul/main
- fd65dc3 Merge pull request #317 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.7.6
- 90b5090 Merge pull request #316 from hahwul/dependabot/go_modules/github.com/chromedp/chromedp-0.7.6
- 2d832bb Merge branch 'main' of https://github.com/hahwul/dalfox into main
- 2fb311a Bump github.com/swaggo/swag from 1.7.4 to 1.7.6
- 237def7 Bump github.com/chromedp/chromedp from 0.7.4 to 0.7.6
- 9b9f256 (#320) Update lib interface
- 0eabf85 (#318) Add PoCType in lib
- fdb9d74 (#315) Add gzip handling in SendReq function
- 9ab9e6f (#315) Add gzip handling in ParamterAnalysis
v2.6.0
Changelog
- Improve scanning performance
- Improve result and poc object, printing methods
- Object (when use in the code, when use in the server mode and json result)
- Added InjectType
- Added PoCType
- Added Method
- Added Param
- Added Payload
- Added Evidence
- Added CWE
- Printing
- All PoC outputs now have a common output logic based on the above objects.
- Object (when use in the code, when use in the server mode and json result)
- New flag (--poc-type)
- curl
- httpie
- http-request
- And Fixed bug :D
Commits
c4e9832 tap 2.6.0-dev
9e374ec Update result log
bce1b54 Update result log
58b2004 Update massive mode log
fcf12fa Update log
8f67cd2 Tap v2.6.0
de48315 Modify the issue where the code view sometimes outputs a space.
413f293 Merge pull request #313 from hahwul/dev
dd27479 Log printing and scanning speed improvement.
2be94b2 Fixed no-body bug(segmentation violation, only dev version)
45f9d3c Add test code
a273961 (#312) Create MakePoC to create a common processing logic for PoC
bc9b00f (#312) Add http-request type of pocType
1dc1437 (#312) Add --poc-type
6517025 (#311) Code diet
addc0ce (#310) Add json object
0f98e9e (#310) Add PoCType
31a28c4 (#310) Add PoC Sturct in all testing method
647c9a3 (#310) Add Param, Payload, Evidence in PoC Struct
d418cf2 (#309) Add -d in PoC (when POST poc)
52b9a31 (#261) Add CWE ID
2633697 (#260) Add JSON Document
v2.5.5
Changelog
cd04c3d update gitignore
005f04c chore: update contributors [skip ci]
b5bc048 chore: update contributors [skip ci]
38e7731 chore: update contributors [skip ci]
78de4fc added support for 2 different http methods in sxss mode
58affd7 Update update.md
d4239fd Update update.md
b1baaa7 Update installation.md
726de92 Tap v2.5.5
777fe02 Remote greetings
c8e5270 Merge pull request #308 from hahwul/dev
ae45a7d Merge pull request #307 from hahwul/dev
ff34fc7 Merge pull request #305 from hahwul/dev
1a47bbc Merge pull request #302 from prashanthar2000/dev
e4064df Merge pull request #299 from hahwul/dependabot/go_modules/github.com/PuerkitoBio/goquery-1.8.0
7a462be Merge pull request #298 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.7.4
b618862 Merge pull request #296 from hahwul/dependabot/go_modules/github.com/swaggo/echo-swagger-1.1.4
fff47e4 Merge pull request #295 from hahwul/main
81d3867 Change naming of request-method in options model
9b6d698 Bump github.com/swaggo/swag from 1.7.3 to 1.7.4
7324df3 Bump github.com/swaggo/swag from 1.7.3 to 1.7.4
26908d7 Bump github.com/swaggo/echo-swagger from 1.1.3 to 1.1.4
9d056e8 Bump github.com/swaggo/echo-swagger from 1.1.3 to 1.1.4
51dd875 Bump github.com/PuerkitoBio/goquery from 1.7.1 to 1.8.0
9aa662d Bump github.com/PuerkitoBio/goquery from 1.7.1 to 1.8.0
d65d4b1 Add request-method to lib options
d734ae3 (#303) Fixed bug in lib
76a9536 (#297) Add payload pattern and Improved payload processing
v2.5.4
Summary
Improved header parsing and added automatic method identification (Fixed #293)
Changelog
7bd0447 tap v2.5.4
3b88566 Update installation.md
58ccf09 Update installation.md
1352f82 Update installation command
06de244 Update README.md
6a4c9be Update README.md
923aba9 Merge pull request #294 from hahwul/dev
67d8afb (#293) Improved header parsing and added automatic method identification
9c999a9 (#293) Improved header parser