[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Wapiti 3.0.0 released! Web vulnerability scanner
- From: Nicolas SURRIBAS <nicolas.surribas AT gmail.com>
- Subject: [FD] Wapiti 3.0.0 released! Web vulnerability scanner
- Date: Sun, 7 Jan 2018 14:48:26 +0100
- Arc-authentication-results: i=1; mx.google.com; dkim=neutral (body hash did not verify) firstname.lastname@example.org header.s=20161025 header.b=tp/AJA5j; spf=pass (google.com: domain of fulldisclosure-bounces AT seclists.org designates 184.108.40.206 as permitted sender) smtp.mailfrom=fulldisclosure-bounces AT seclists.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-unsubscribe:list-id:precedence:subject:to:message-id :date:from:mime-version:dkim-signature:delivered-to :arc-authentication-results; bh=axw3fxiUIyuOs/th/OyJLjPwUN5VBf8Ec9ZAnvGHQ7Q=; b=t+DdZx3SeX3EQtnoJse4MD7J8lLuhs9al/PRra5R6zfXLH2xrRhoIfFQyu1GeqdE4K OlNM3EXkrUIOcPm5MJJ0ddWBJwcvwabE13uuBh92aoLhADfFnKESRw5hlDt3RVLZYVda U2V01YL8qnKkf3+33zRGfWcMmBypTgSFbL2ktY/xkRw8wVkipIVSVA86CrQIywzIUxtm L7Eoo4XNleS5TJZ8vkNS5IhdPJQArU4XyBBq/3GOUtB7Jc+zUgZHZpBjfTsMp5iSbZlp 6mwth7tCD+9k6uq8rxIPrq/PzSv/zrr6HqYnUc/ys3A55uVMQ+CClDnO7JHTOkcHMugQ qzfQ==
- Arc-seal: i=1; a=rsa-sha256; t=1515558368; cv=none; d=google.com; s=arc-20160816; b=dkdIkRN7cZSYO9BN3K8+mWHTux/dbGMa0Zwww3nVik1462HJhRWlvt89emfv2E9Q63 iwlEIGyVVCSZOP92esQ4OXMQ2fytQ17tQXv/lyKsVkZg1IBXZBmj+nnJPERZNvmRAtzh 2zmgiIj+Ab9Egcr9Kf2hZJb+7udWKxT05l7ZOTyFNB5rwJ7O2Wb76YLp8syDkS5KYpwX CkVdXq00hQoKpx7gDnJr22wIV7RYB6l68Ov7bXyA9X6jh98L2o9aoYQj+uLOY2q1KTlg NbCR2OHldyqJL3bznRVHyHA7onmTHRJgF1Qdf7wefulQh0oyGE7LYDeqccqdj3fdwulV bmgw==
- Sender: "Fulldisclosure" <fulldisclosure-bounces AT seclists.org>
- To: fulldisclosure AT seclists.org
Dear full-disclosure list,
I'm happy to announce that Wapiti 3.0.0 is now available for download.
This new release now relies on Python 3.
The majority of improvements were made to give you more control over
A session mechanism using sqlite3 allows you to stop the scan or/and
attacks and resume them later.
The new behavior, when you stop Wapiti during the attack process (with
Ctrl+C), is to let you choose between continuing, moving to the next
attack-module, exiting with or without generating the vulnerability report.
A total of nine options can now help you to finely control the scanner by
fixing the maximum allowed depth of crawling, skipping parameter names of
your choice in URLs and forms, setting the maximum delay for scanning,
choosing between 6 modes of scan force, and more !
The SOCKS5 proxy support is also back in this release.
Improvements have been made to existing attack modules. For example by
reducing false-positives for the blind sqli attack module.
Two new attack modules were added : buster (for directory/filename brute
forcing) and shellshock (not really new but here it is).
To users of previous versions : some options changed. The base URL must now
be given through the -u option.
More details on options can ge found in the manpage :
Requirements and installation procedure are described in the INSTALL file :
Three video tutorials were made to show installation on Ubuntu/Kali,
openSUSE and Windows.
I hope you will enjoy this new release. Make Wapiti great again !
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/