Merge pull request #361 from pvdl/master
Create CHANGELOG.md (remove old CHANGELOG)
This commit is contained in:
erwanlr
128
CHANGELOG
128
CHANGELOG
@@ -1,128 +0,0 @@
|
||||
Version 2.2 released: yyyy-m-d
|
||||
|
||||
* Additions
|
||||
Output the vulnerability fix if available
|
||||
Added 'WordPress Version Vulnerability' statistics
|
||||
Added Kali Linux on the list of pre-installed Linux distributions
|
||||
Added hosted wordpress detection. See issue #343.
|
||||
Add detection for all-in-one-seo-pack
|
||||
Use less memory when brute forcing with a large wordlist
|
||||
Memory Usage output
|
||||
Added cve tag to xml file
|
||||
Add documentation to readme
|
||||
Add --version switch
|
||||
Parse robots.txt
|
||||
Show twitter usernames
|
||||
Clean logfile on wpstools too
|
||||
Added pingback header
|
||||
Request_timeout and connect_timeout implemented
|
||||
Output interesting http-headers
|
||||
Kali Linux detection
|
||||
Ensure that brute forcing results are output even if an error occurs or the user exits
|
||||
Added debug output
|
||||
Fixed Version compare for issue #179
|
||||
Added ruby-progressbar version to Gemfile
|
||||
Use the redirect_to parameter on bruteforce
|
||||
Readded "junk removal" from usernames before output
|
||||
Add license file
|
||||
Output the timthumb version if found
|
||||
New enumeration system
|
||||
More error details for XSD checks
|
||||
Added default wp-content dir detection, see Issue #141.
|
||||
Added checks for well formed xml
|
||||
|
||||
* Changed
|
||||
Trying a fix for Kali Linux
|
||||
Make a seperator between plugin name and vulnerability name
|
||||
It's WordPress, not Wordpress
|
||||
Changed wordpress.com scanning error to warning. See issue #343.
|
||||
Make output lines consistent
|
||||
Replace packetstormsecurity.org to packetstormsecurity.com
|
||||
Same URL syntax for all Packet Storm Security URL's
|
||||
Packet Storm Security URL's don't need the 'friendly part' of the URL. So it can be neglected.
|
||||
Use online documentation
|
||||
User prompt on same line
|
||||
Don't skip passwords that start with a hash. This is fairly common (see RockYou list for example).
|
||||
Updated Fedora install instructions as per Issue #92
|
||||
Slight update to security plugin warning. Issue #212.
|
||||
Ruby-progressbar Gemfile version bump
|
||||
Fix error with the -U option (undefined method 'merge' for #WpTarget:)
|
||||
Banner artwork
|
||||
Fix hacks.rb conflict
|
||||
Handle when there are 2 headers of the same name
|
||||
Releasing the Typhoeus version constraint
|
||||
Amended Arch Linux install instructions. See issue #183.
|
||||
|
||||
* Update
|
||||
Plugins & Themes updated
|
||||
Update README.md
|
||||
Updated documentation
|
||||
|
||||
* Remove
|
||||
Removed 'smileys' in output messages
|
||||
Removed 'for WordPress' and 'plugin' in title strings.
|
||||
Removed reference
|
||||
Removed useless code
|
||||
Removed duplicate vulnerabilities
|
||||
|
||||
* General core
|
||||
Code cleaning
|
||||
Fix typo's
|
||||
clean up rspecs
|
||||
Themes & Plugins lists regenerated
|
||||
Rspecs update
|
||||
Code Factoring
|
||||
Added checks for old ruby. Otherwise there will be syntax errors
|
||||
|
||||
* Vulnerabilities
|
||||
Update WordPress Vulnerabilities
|
||||
Update timthumb due to Secunia #54801
|
||||
Added WP vuln: 3.4 - 3.5.1 wp-admin/users.php FPD
|
||||
|
||||
* WPScan Databse Statistics:
|
||||
Total vulnerable versions: 76, 4 are new
|
||||
Total vulnerable plugins: 606, 197 are new
|
||||
Total vulnerable themes: 194, 45 are new
|
||||
Total version vulnerabilities: 274, 53 are new
|
||||
Total plugin vulnerabilities: 764, 270 are new
|
||||
Total theme vulnerabilities: 198, 46 are new
|
||||
|
||||
* Add WP Fingerprints
|
||||
WP 3.7.1 Fingerprinting
|
||||
WP 3.7 Fingerprinting
|
||||
Ref #280 WP 3.6.1 fingerprint
|
||||
Added WP 3.6 advanced fingerprint hash. See Issue #255.
|
||||
Updated MD5 hash of WP 3.6 detection. See Issue #277.
|
||||
WP 3.5.2 Fingerprint
|
||||
Bug Fix : Wp 3.5 & 3.5.1 not detected from advanced fingerprinting.
|
||||
|
||||
* Fixed issues
|
||||
Fix #249 - [ERROR] "\xF1" on US-ASCII
|
||||
Fix #275 - [ERROR] "\xC3" on US-ASCII
|
||||
Fix #271 - Further Instructions added to the Mac Install
|
||||
Fix #266 - passive detection regex
|
||||
Fix #265 - remove base64 images before passive detection
|
||||
Fix #262 - [ERROR] bad component(expected absolute path component)
|
||||
Fix #260 - Fixes Travis Fail, due to rspec-mock v2.14.3
|
||||
Fix #208 - Fixed vulnerable plugins still appear in the results
|
||||
Fix #245 - all theme enumeration error
|
||||
Fix #241 - Cant convert array to string
|
||||
Fix #232 - Crash while enumerating usernames
|
||||
Fix #223 - New wordpress urls for most popular plugins & themes
|
||||
Fix #177 - Passive Cache plugins detection (no spec)
|
||||
Fix #169 - False reports
|
||||
Fix #182 - Remove the progress-bar static length (120), and let it to automatic
|
||||
Fix #181 - Don't exit if no usernames found during a simple enumeration (but exit if a brute force is asked)
|
||||
Fix #200 - Log file not recording the list of username retireved
|
||||
Fix #164 - README.txt detection
|
||||
Fix #166 - ListGenerator using the old Browser#get method for full generation
|
||||
Fix #153 - Disable error trace when it's from the main script
|
||||
Fix #163 - in the proper way
|
||||
Fix #144 - Use cookie jar to prevent infinite redirections loop
|
||||
Fix #158 - Add the solution to 'no such file to load -- rubygems' in the README
|
||||
Fix #152 - invalid ssl_certificate - response code 0
|
||||
Fix #147 - can't modify frozen string
|
||||
Fix #140 - xml_rpc_url in the body
|
||||
Fix #153 - No error trace when 'No argument supplied'
|
||||
|
||||
Version 2.1 released 2013-3-4
|
||||
133
CHANGELOG.md
Normal file
133
CHANGELOG.md
Normal file
@@ -0,0 +1,133 @@
|
||||
# Changelog
|
||||
|
||||
## Version 2.2
|
||||
Released: yyyy-m-d
|
||||
|
||||
Added
|
||||
* Output the vulnerability fix if available
|
||||
* Added 'WordPress Version Vulnerability' statistics
|
||||
* Added Kali Linux on the list of pre-installed Linux distributions
|
||||
* Added hosted wordpress detection. See issue #343.
|
||||
* Add detection for all-in-one-seo-pack
|
||||
* Use less memory when brute forcing with a large wordlist
|
||||
* Memory Usage output
|
||||
* Added cve tag to xml file
|
||||
* Add documentation to readme
|
||||
* Add --version switch
|
||||
* Parse robots.txt
|
||||
* Show twitter usernames
|
||||
* Clean logfile on wpstools too
|
||||
* Added pingback header
|
||||
* Request_timeout and connect_timeout implemented
|
||||
* Output interesting http-headers
|
||||
* Kali Linux detection
|
||||
* Ensure that brute forcing results are output even if an error occurs or the user exits
|
||||
* Added debug output
|
||||
* Fixed Version compare for issue #179
|
||||
* Added ruby-progressbar version to Gemfile
|
||||
* Use the redirect_to parameter on bruteforce
|
||||
* Readded "junk removal" from usernames before output
|
||||
* Add license file
|
||||
* Output the timthumb version if found
|
||||
* New enumeration system
|
||||
* More error details for XSD checks
|
||||
* Added default wp-content dir detection, see Issue #141.
|
||||
* Added checks for well formed xml
|
||||
|
||||
Changed
|
||||
* Trying a fix for Kali Linux
|
||||
* Make a seperator between plugin name and vulnerability name
|
||||
* It's WordPress, not Wordpress
|
||||
* Changed wordpress.com scanning error to warning. See issue #343.
|
||||
* Make output lines consistent
|
||||
* Replace packetstormsecurity.org to packetstormsecurity.com
|
||||
* Same URL syntax for all Packet Storm Security URL's
|
||||
* Packet Storm Security URL's don't need the 'friendly part' of the URL. So it can be neglected.
|
||||
* Use online documentation
|
||||
* User prompt on same line
|
||||
* Don't skip passwords that start with a hash. This is fairly common (see RockYou list for example).
|
||||
* Updated Fedora install instructions as per Issue #92
|
||||
* Slight update to security plugin warning. Issue #212.
|
||||
* Ruby-progressbar Gemfile version bump
|
||||
* Fix error with the -U option (undefined method 'merge' for #WpTarget:)
|
||||
* Banner artwork
|
||||
* Fix hacks.rb conflict
|
||||
* Handle when there are 2 headers of the same name
|
||||
* Releasing the Typhoeus version constraint
|
||||
* Amended Arch Linux install instructions. See issue #183.
|
||||
|
||||
Updated
|
||||
* Plugins & Themes updated
|
||||
* Update README.md
|
||||
* Updated documentation
|
||||
|
||||
Removed
|
||||
* Removed 'smileys' in output messages
|
||||
* Removed 'for WordPress' and 'plugin' in title strings.
|
||||
* Removed reference
|
||||
* Removed useless code
|
||||
* Removed duplicate vulnerabilities
|
||||
|
||||
General core
|
||||
* Code cleaning
|
||||
* Fix typo's
|
||||
* Clean up rspecs
|
||||
* Themes & Plugins lists regenerated
|
||||
* Rspecs update
|
||||
* Code Factoring
|
||||
* Added checks for old ruby. Otherwise there will be syntax errors
|
||||
|
||||
Vulnerabilities
|
||||
* Update WordPress Vulnerabilities
|
||||
* Update timthumb due to Secunia #54801
|
||||
* Added WP vuln: 3.4 - 3.5.1 wp-admin/users.php FPD
|
||||
|
||||
WPScan Databse Statistics:
|
||||
* Total vulnerable versions: 76, 4 are new
|
||||
* Total vulnerable plugins: 606, 197 are new
|
||||
* Total vulnerable themes: 194, 45 are new
|
||||
* Total version vulnerabilities: 274, 53 are new
|
||||
* Total plugin vulnerabilities: 764, 270 are new
|
||||
* Total theme vulnerabilities: 198, 46 are new
|
||||
|
||||
Add WP Fingerprints
|
||||
* WP 3.7.1 Fingerprinting
|
||||
* WP 3.7 Fingerprinting
|
||||
* Ref #280 WP 3.6.1 fingerprint
|
||||
* Added WP 3.6 advanced fingerprint hash. See Issue #255.
|
||||
* Updated MD5 hash of WP 3.6 detection. See Issue #277.
|
||||
* WP 3.5.2 Fingerprint
|
||||
* Bug Fix : Wp 3.5 & 3.5.1 not detected from advanced fingerprinting.
|
||||
|
||||
Fixed issues
|
||||
* Fix #249 - [ERROR] "\xF1" on US-ASCII
|
||||
* Fix #275 - [ERROR] "\xC3" on US-ASCII
|
||||
* Fix #271 - Further Instructions added to the Mac Install
|
||||
* Fix #266 - passive detection regex
|
||||
* Fix #265 - remove base64 images before passive detection
|
||||
* Fix #262 - [ERROR] bad component(expected absolute path component)
|
||||
* Fix #260 - Fixes Travis Fail, due to rspec-mock v2.14.3
|
||||
* Fix #208 - Fixed vulnerable plugins still appear in the results
|
||||
* Fix #245 - all theme enumeration error
|
||||
* Fix #241 - Cant convert array to string
|
||||
* Fix #232 - Crash while enumerating usernames
|
||||
* Fix #223 - New wordpress urls for most popular plugins & themes
|
||||
* Fix #177 - Passive Cache plugins detection (no spec)
|
||||
* Fix #169 - False reports
|
||||
* Fix #182 - Remove the progress-bar static length (120), and let it to automatic
|
||||
* Fix #181 - Don't exit if no usernames found during a simple enumeration (but exit if a brute force is asked)
|
||||
* Fix #200 - Log file not recording the list of username retireved
|
||||
* Fix #164 - README.txt detection
|
||||
* Fix #166 - ListGenerator using the old Browser#get method for full generation
|
||||
* Fix #153 - Disable error trace when it's from the main script
|
||||
* Fix #163 - in the proper way
|
||||
* Fix #144 - Use cookie jar to prevent infinite redirections loop
|
||||
* Fix #158 - Add the solution to 'no such file to load -- rubygems' in the README
|
||||
* Fix #152 - invalid ssl_certificate - response code 0
|
||||
* Fix #147 - can't modify frozen string
|
||||
* Fix #140 - xml_rpc_url in the body
|
||||
* Fix #153 - No error trace when 'No argument supplied'
|
||||
|
||||
## Version 2.1
|
||||
Released 2013-3-4
|
||||
|
||||
Reference in New Issue
Block a user