Skip to content

Releases: wpscanteam/CMSScanner

v0.5.1

31 Jul 13:44
Compare
Choose a tag to compare
  • Fixes an issue in Target#scope_url_pattern when the Target url was invalid according to PublicSuffix, such as an IPv6 address - wpscanteam/wpscan#1341

v0.5.0

24 Apr 11:33
Compare
Choose a tag to compare
  • New versioning
  • Target#urls_from_page and Target#in_scope_urls renamed to Target#uris_from_page and Target#in_scope_uris. They also return/yield Addressable::URI instead of String. This reduces the object allocation of Addressable::URI in implemented scanners, and makes it easier to manipulate them (rather than having to re-parse the String with Addressable) - #91
  • Target#in_scope? can now take an Addressable::URI or String as argument (was only String before)

v0.0.44.3

18 Apr 13:27
Compare
Choose a tag to compare
  • Improves the Target#url_pattern and Target#scope_url_pattern to match potential escaped URL (like those in JSON JS data)
  • Updates error message displayed when main redirection

v0.0.44.2

17 Apr 16:25
Compare
Choose a tag to compare
  • Fixes an incorrect detection of in_scope_urls when using --scope with private domains along with a wildcard - #90
  • Added Target#url_pattern and Target#scope_url_pattern methods

v0.0.44.1

08 Apr 08:11
Compare
Choose a tag to compare
  • Fixes ParsedCli default options class variable which was nil when used in a child class - #88

v0.0.44.0

07 Apr 16:32
Compare
Choose a tag to compare

v0.0.43.2

03 Apr 09:15
Compare
Choose a tag to compare
  • When checking for homepage_or_404 via hashes, an array was created each time. This array is now retained.

v0.0.43.1

02 Apr 10:58
Compare
Choose a tag to compare

More accurate Memory Usage by getting the starting memory when the scan is initialised

v0.0.43.0

01 Apr 10:18
Compare
Choose a tag to compare

Stats (Requests done, Memory used etc) are now always output after a scan, even when a scan error occurred. However they won't be displayed when a CLI error happen, or when using cli option such as -h/--hh/--version as they don't exist in such cases.

Updated the required version of OptParseValidator to allow uppercased URL scheme (scubas HTTPS://target.tld etc)

v0.0.42.0

27 Mar 14:22
Compare
Choose a tag to compare
  • Models and Errors moved into their own namespace (#84)
  • frozen_string_literal now used in all files, in order to reduce the allocated objects
  • Scan class moved into a separate file
  • Debug log detection improved (#82)
  • Detection of the XMLRPC improved (it now performs a POST request directly rather than GET) (#81)
  • Enumerator and Fingerprinter modules reworked to use HEAD methods, leading to less data received
  • Methods implemented to use HEAD requests, and then perform a GET if the response status is suitable (configurable). See Website#head_or_get_params and Website#head_and_get