Wfuzz Files

Version 1.4d to 3.1.0 developed by:

Xavi Mendez (xmendez@edge-security.com)

Version up to 1.4c developed by:

Christian Martorella (cmartorella@edge-security.com) Carlos del ojo (deepbit@gmail.com)

Changelog 3.1.0:

• Added tox and change test in Makefile
• Improved plugin field filter language capabilities, ie. data and severity can be specified
• Plugin's information is shown depending on severity when using -v
• Filter language and fuzzresult's description handle lists of results
• Added some basic queue profiling for debugging
• diff operator
• Refactored discarded results
• Dotdict str
• Removed future library
• Added operator tests

Plugins: - Refactored headers plugin - Links plugins looks in link and redirect headers - Improved links plugin regex based on nahamsec/JSParser - New field printer to output filter expressions only - burplog unittest - raw printer shows plugin data

wfpayload: - Added --prev and --AA, ---AAA to wfpayload

wfencode: - -i reads from stdin - general handle exception in wfencode

Breaking changes: - Changed -A, --AA, ---AAA plugin's categories - Changed plugins filter language field. - Changed links filter parameters and kbase keys. - Changed headers kbase key and server result. - When slicing a payload FUZZ refers to the previous result.

Bugs:

• Fixed --prev in wfpayload
• Fixed -c and -v values within printers plugins
• Don't print empty values in wfpayload
• Use lower() in ~ operator
• Remove httpreceiver queue limit
• Fixed --interactive actions
• Stripped CRLF from burplog parsed responses
• Fixed --slice when using FuzzResult payloads
• Only add recursive and routing queues when transport is Http
• Bug in reqresp when parsing nested http responses due to textparser