From eb8b21da07a5a28fa88b4863d8adc100e087e1d7 Mon Sep 17 00:00:00 2001 From: devloop Date: Sat, 30 Nov 2024 14:03:07 +0100 Subject: [PATCH] Release 3.2.2 --- VERSION | 2 +- doc/ChangeLog_Wapiti | 4 ++++ pyproject.toml | 2 +- tests/integration/test_mod_crlf/assertions/crlf.json | 2 +- wapitiCore/__init__.py | 2 +- wapitiCore/attack/mod_crlf.py | 4 ++-- 6 files changed, 10 insertions(+), 6 deletions(-) diff --git a/VERSION b/VERSION index c66b37d15..44c149917 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Wapiti 3.2.1 +Wapiti 3.2.2 diff --git a/doc/ChangeLog_Wapiti b/doc/ChangeLog_Wapiti index 3afcfac96..943f65656 100644 --- a/doc/ChangeLog_Wapiti +++ b/doc/ChangeLog_Wapiti @@ -1,3 +1,7 @@ +30/11/2024 + Wapiti 3.2.2 + Core: Improvements for being able to install and run Wapiti on Windows + 12/11/2024 Wapiti 3.2.1 doc: fix and update documentation (usage, manpage, etc) diff --git a/pyproject.toml b/pyproject.toml index b2e9f93ba..955393d00 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "wapiti3" -version = "3.2.1" +version = "3.2.2" description = "A web application vulnerability scanner" readme = "README.rst" requires-python = ">=3.10" diff --git a/tests/integration/test_mod_crlf/assertions/crlf.json b/tests/integration/test_mod_crlf/assertions/crlf.json index 641a63806..97da26cf4 100644 --- a/tests/integration/test_mod_crlf/assertions/crlf.json +++ b/tests/integration/test_mod_crlf/assertions/crlf.json @@ -7,7 +7,7 @@ "info": "CRLF Injection via injection in the parameter user-agent", "parameter": "user-agent", "module": "crlf", - "http_request": "GET /index.php?user-agent=http%3A%2F%2Fwww.google.fr%0D%0Awapiti%3A%203.2.1%20version HTTP/1.1\nhost: crlf\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "http_request": "GET /index.php?user-agent=http%3A%2F%2Fwww.google.fr%0D%0Awapiti%3A%203.2.2%20version HTTP/1.1\nhost: crlf\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "wstg": [ "WSTG-INPV-15" ] diff --git a/wapitiCore/__init__.py b/wapitiCore/__init__.py index 3eb10a440..f5482210f 100644 --- a/wapitiCore/__init__.py +++ b/wapitiCore/__init__.py @@ -19,4 +19,4 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA parser_name = "html.parser" -WAPITI_VERSION = "3.2.1" +WAPITI_VERSION = "3.2.2" diff --git a/wapitiCore/attack/mod_crlf.py b/wapitiCore/attack/mod_crlf.py index 93790bd1c..9b5d9ba49 100644 --- a/wapitiCore/attack/mod_crlf.py +++ b/wapitiCore/attack/mod_crlf.py @@ -38,7 +38,7 @@ class ModuleCrlf(Attack): MSG_VULN = "CRLF Injection" do_get = True do_post = True - payloads = [PayloadInfo(payload="http://www.google.fr\r\nwapiti: 3.2.1 version")] + payloads = [PayloadInfo(payload="http://www.google.fr\r\nwapiti: 3.2.2 version")] def __init__(self, crawler, persister, attack_options, crawler_configuration): super().__init__(crawler, persister, attack_options, crawler_configuration) @@ -49,7 +49,7 @@ async def attack(self, request: Request, response: Optional[Response] = None): for mutated_request, parameter, _payload in self.mutator.mutate( request, - str_to_payloadinfo(["http://www.google.fr\r\nwapiti: 3.2.1 version"]), + str_to_payloadinfo(["http://www.google.fr\r\nwapiti: 3.2.2 version"]), ): log_verbose(f"[ยจ] {mutated_request.url}")