Skip to content

v3.3-stable
Compare
Choose a tag to compare
@stasinopoulos stasinopoulos released this 13 Sep 06:10
· 538 commits to master since this release
v3.3
2bcf43a
  • Fixed: Multiple bug-fixes regarding several reported unhandled exceptions.
  • Fixed: Minor bug-fix regarding scanning multiple targets given in a textual file (i.e. via option -m).
  • Removed: The "Regsvr32.exe application whitelisting bypass" attack vector has been removed.
  • Updated: Minor update regarding web delivery script (i.e. Python meterpreter reverse TCP shell).
  • Replaced: The --backticks switch has been replaced with "backticks.py" tamper script.
  • Added: New tamper script "backticks.py" that uses backticks instead of $(), for commands substitution.
  • Added: New option ( --skip-heuristic) for skipping dynamic code evaluation heuristic check.
  • Added: Support for parsing custom wordlists regarding HTTP authentication (i.e. Basic, Digest) dictionary-based cracker.
  • Revised: Improvements regarding dynamic code evaluation heuristic check.
  • Fixed: Minor bug-fix regarding parsing SOAP/XML data via --data option.
  • Revised: Minor improvement regarding parsing GraphQL JSON objects.
  • Added: The .bat files command separator (i.e. %1a) has been added.
  • Added: New option --method to force usage of provided HTTP method (e.g. PUT).

Note: For more check the detailed changeset.

Assets 2
Loading