From c292c4ba9e6bc971b9234176727f12c006201144 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Sun, 10 Nov 2013 13:08:40 +0100 Subject: [PATCH] Delete CHANGELOG --- CHANGELOG | 128 ------------------------------------------------------ 1 file changed, 128 deletions(-) delete mode 100644 CHANGELOG diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index 42f52384..00000000 --- a/CHANGELOG +++ /dev/null @@ -1,128 +0,0 @@ -Version 2.2 released: yyyy-m-d - -* Additions -Output the vulnerability fix if available -Added 'WordPress Version Vulnerability' statistics -Added Kali Linux on the list of pre-installed Linux distributions -Added hosted wordpress detection. See issue #343. -Add detection for all-in-one-seo-pack -Use less memory when brute forcing with a large wordlist -Memory Usage output -Added cve tag to xml file -Add documentation to readme -Add --version switch -Parse robots.txt -Show twitter usernames -Clean logfile on wpstools too -Added pingback header -Request_timeout and connect_timeout implemented -Output interesting http-headers -Kali Linux detection -Ensure that brute forcing results are output even if an error occurs or the user exits -Added debug output -Fixed Version compare for issue #179 -Added ruby-progressbar version to Gemfile -Use the redirect_to parameter on bruteforce -Readded "junk removal" from usernames before output -Add license file -Output the timthumb version if found -New enumeration system -More error details for XSD checks -Added default wp-content dir detection, see Issue #141. -Added checks for well formed xml - -* Changed -Trying a fix for Kali Linux -Make a seperator between plugin name and vulnerability name -It's WordPress, not Wordpress -Changed wordpress.com scanning error to warning. See issue #343. -Make output lines consistent -Replace packetstormsecurity.org to packetstormsecurity.com -Same URL syntax for all Packet Storm Security URL's -Packet Storm Security URL's don't need the 'friendly part' of the URL. So it can be neglected. -Use online documentation -User prompt on same line -Don't skip passwords that start with a hash. This is fairly common (see RockYou list for example). -Updated Fedora install instructions as per Issue #92 -Slight update to security plugin warning. Issue #212. -Ruby-progressbar Gemfile version bump -Fix error with the -U option (undefined method 'merge' for #WpTarget:) -Banner artwork -Fix hacks.rb conflict -Handle when there are 2 headers of the same name -Releasing the Typhoeus version constraint -Amended Arch Linux install instructions. See issue #183. - -* Update -Plugins & Themes updated -Update README.md -Updated documentation - -* Remove -Removed 'smileys' in output messages -Removed 'for WordPress' and 'plugin' in title strings. -Removed reference -Removed useless code -Removed duplicate vulnerabilities - -* General core -Code cleaning -Fix typo's -clean up rspecs -Themes & Plugins lists regenerated -Rspecs update -Code Factoring -Added checks for old ruby. Otherwise there will be syntax errors - -* Vulnerabilities -Update WordPress Vulnerabilities -Update timthumb due to Secunia #54801 -Added WP vuln: 3.4 - 3.5.1 wp-admin/users.php FPD - -* WPScan Databse Statistics: -Total vulnerable versions: 76, 4 are new -Total vulnerable plugins: 606, 197 are new -Total vulnerable themes: 194, 45 are new -Total version vulnerabilities: 274, 53 are new -Total plugin vulnerabilities: 764, 270 are new -Total theme vulnerabilities: 198, 46 are new - -* Add WP Fingerprints -WP 3.7.1 Fingerprinting -WP 3.7 Fingerprinting -Ref #280 WP 3.6.1 fingerprint -Added WP 3.6 advanced fingerprint hash. See Issue #255. -Updated MD5 hash of WP 3.6 detection. See Issue #277. -WP 3.5.2 Fingerprint -Bug Fix : Wp 3.5 & 3.5.1 not detected from advanced fingerprinting. - -* Fixed issues -Fix #249 - [ERROR] "\xF1" on US-ASCII -Fix #275 - [ERROR] "\xC3" on US-ASCII -Fix #271 - Further Instructions added to the Mac Install -Fix #266 - passive detection regex -Fix #265 - remove base64 images before passive detection -Fix #262 - [ERROR] bad component(expected absolute path component) -Fix #260 - Fixes Travis Fail, due to rspec-mock v2.14.3 -Fix #208 - Fixed vulnerable plugins still appear in the results -Fix #245 - all theme enumeration error -Fix #241 - Cant convert array to string -Fix #232 - Crash while enumerating usernames -Fix #223 - New wordpress urls for most popular plugins & themes -Fix #177 - Passive Cache plugins detection (no spec) -Fix #169 - False reports -Fix #182 - Remove the progress-bar static length (120), and let it to automatic -Fix #181 - Don't exit if no usernames found during a simple enumeration (but exit if a brute force is asked) -Fix #200 - Log file not recording the list of username retireved -Fix #164 - README.txt detection -Fix #166 - ListGenerator using the old Browser#get method for full generation -Fix #153 - Disable error trace when it's from the main script -Fix #163 - in the proper way -Fix #144 - Use cookie jar to prevent infinite redirections loop -Fix #158 - Add the solution to 'no such file to load -- rubygems' in the README -Fix #152 - invalid ssl_certificate - response code 0 -Fix #147 - can't modify frozen string -Fix #140 - xml_rpc_url in the body -Fix #153 - No error trace when 'No argument supplied' - -Version 2.1 released 2013-3-4