There’s a new release with a few useful improvements you may want to check out. The changes aren’t massive but result in non-negligible improvements in vulnerability identification. Also, the WebUI is still in v0.4.2, only the Framework has been updated.
- Optimized pattern matching to use less resources by grouping patterns to only be matched against the per-platform payloads. Bottom line, pattern matching operations have been greatly reduced overall and vulnerabilities can be used to fingerprint the remote platform.
- Path traversal (
- Updated to use more generic signatures.
- Added dot-truncation for MS Windows payloads.
- Moved non-traversal payloads to the file_inclusion module.
- File inclusion (
file_inclusion) — Extracted from
- Uses common server-side files and errors to identify issues.
- SQL Injection (
sqli) — Added support for the following databases:
- SAP Max DB
- MS Access
- localstart_asp — Checks if localstart.asp is accessible.
- Path traversal ( path_traversal)
- Plugins — Added:
- Uncommon headers ( uncommon_headers) — Logs uncommon headers.