Releases: Hackmanit/Web-Cache-Vulnerability-Scanner
Version 1.3.3 - Forcing checks now sets a default cachebuster
Version 1.3.2 - Minor Web Cache Deception and Response Splitting Improvements
Version 1.3.1 - Fixed Deadlocks and Web Cache Deception Bug
Version 1.3.0 - Improved Cache Deception, Kali Linux & more
Kali Linux
WCVS was finally added to Kali Linux' repository. Here are the install instructions.
Web Cache Deception Improvements
WCVS' web cache deception detections were improved by multiple new techniques. Further WCVS will also check for web cache deception if no cache indicator was spotted beforehand.
New Flag: -skiptimebased/--stime
This new flag will tell WCVS to not use measure time as a last resort to guess if a response was cached or not. The time measurements may indicate a cache even if there is none, eventually leading to unnecessary tests being performed.
Miscellaneous
All dependencies were updated.
Full Changelog: 1.2.1...1.3.0
Version 1.2.1 - IgnoreStatus flag
New Feature
The --ignorestatus / -is flag was added. It can be used to prevent false positives if, for example, a WAF is changing the status code to 429 Too Many Requests.
Usage: ./wcvs -is 418,429 -u https://example.com
Changelog
Version 1.2.0 - Web Cache Deception Detection
Web Cache Deception
The WCVS now detects Web Cache Deception. It uses various techniques for this purpose:
- Path Parameter
- Path Traversal
- Appended Newline, Null Byte, Semicolon, Pound, Question Mark or Ampersand
In summary, WCVS's procedure is as follows:
If the cache returns a HIT, it is tested for web cache poisoning. If the cache always returns a MISS, it is tested for web cache deception.
Changelog
Version 1.1.2
Version 1.1.1
Changelog
Curl Command (new)
If a web cache poisoning was identified, the poisoning request is converted to a curl command and printed. Additionally, it is added to the report. Thus it's way easier than before to replicate/verify the web cache poisoning vulnerability 9d09f90 6e019f2
Bugfixes
Fixed a sneaky bug that prevented wcvs to identify cache headers cae91f2
Miscellaneous
Version 1.1.0
Changelog
Output
- reworked the output to be more well-arranged and easier to read cd60764 6113208 7f57adf 0d50479 34b2111 31229c1 a8a5d83 249edbb
bb1bf74
Bugfixes
Improvements
- improved setting and validating the default status code and removed the "setStatusCode" flag a190547 6f0890a 190c5f0 ed34eb3
Miscellaneous
- upgraded Go libraries bb6814f
Version 1.0.1
Changelog
Readme: install methods
- fixed install option 2 - fetch repository using go (Thanks to @hahwul) 218f0af
- added install option 3 - docker (Thanks to @hahwul) 218f0af 9fd92dc 5f5d58b
web cache poisoning techniques
- improved HTTP Method Override DOS technique: added more HTTP request methods f4ca674
- added new DOS variant: X-Forward-Scheme c7b3b7c
- added new DOS variant: Set User-Agent to a probable blacklisted security scanner f17e0f5
- added new DOS variant: DOS via illegal header name (currently disabled, because of limitations of the go net/http module) 79ea4c5 b15374e
bug fixes
- fixed rate limiting bug
rate Wait: rate: Wait(n=1) exceeds limiter's burst 0ddfe105 - added missing string 9856114
minor improvements
- converting OnlyTest and SkipTest Value to lowercase cc1c14f
- improved header/parameter wordlist and other file read error messages 7d3f09d
- added check if proxy cert could be added 150090c
- typo fix d1dfcca
miscellaneous
- added bash script to generate binaries and sha256 sums 9ada6c8
- changed go module from
/v2to/afedc51 - upgraded golang.org/x/net from
v0.0.0-20211020060615-d418f374d309tov0.0.0-20220107192237-5cfca573fb4dafedc51 - upgraded golang.org/x/time from
v0.0.0-20210723032227-1f47c861a9actov0.0.0-20211116232009-f0f3c7e86c11afedc51
