Releases: epi052/feroxbuster
Releases · epi052/feroxbuster
v2.9.1
What's Changed
- Implement auto update feature by @aancw in #813
- scan management can now canx scans started with
-u|--stdin| the menu itself by @epi052 in #821 - feroxbuster can be installed via chocolatey by @aancw in #807
- fix resume with offset when
--methods|--extensionsare used by @epi052 in #823
Full Changelog: v2.9.0...v2.9.1
Contributors
aancw and epi052
Assets 11
v2.9.0
What's Changed
- banner is shown again after exiting scan management menu by @aancw in #804
- improved auto-filtering accuracy
- Fixed issue where a wildcard redirect caused every request to recurse into that directory by @epi052 in #808; id'd by @0xdf223
- fixed bug where
--auto-tuneand--rate-limitcould be set in the same scan via--smart/--thoroughcomposite settings; id'd by @GenericUser123
New Contributors
Full Changelog: v2.8.0...v2.9.0
Contributors
aancw, GenericUser123, and 2 other contributors
Assets 11
v2.8.0
What's Changed
- Fixes #761 | Updated Dockerfile and CONTRIBUTING docs by @aidanhall34 in #762
- fixed bug in extractor that wasn't correctly comparing extracted domains
- fixed bug in Makefile
- fixed auto-bail icon; wasn't displaying properly on some terminals
- added visual cues for auto-tune's rate adjustments
- added visual cue when auto-bail is triggered
- when Content-Length header is missing or 0, now check the body length as well in case that differs
- fixed issue where auto-tune wasn't adjusting upward as often as it should have been
- added new methods for auto-detecting 404-like responses
- swapped ssdeep for simhash when creating similarity filters
- changed default allowed statuses to 'All Status Codes', new 404 detection should filter out what's unimportant and allow more responses through (i.e. apis)
- resume scan starts from offset in wordlist when a directory scan was partially complete
- docs: add aidanhall34 as a contributor for code, and infra by @allcontributors in #764
- docs: add hakdogpinas as a contributor for ideas by @allcontributors in #752
- docs: add duokebei as a contributor for ideas by @allcontributors in #753
- docs: add joaociocca as a contributor for bug, and ideas by @allcontributors in #790
- docs: add f3rn0s as a contributor for bug by @allcontributors in #793
- docs: add pich4ya as a contributor for ideas by @allcontributors in #799
- docs: add xaeroborg as a contributor for ideas by @allcontributors in #800
- docs: add Luoooio as a contributor for ideas by @allcontributors in #801
New Contributors
- @aidanhall34 made their first contribution in #762
Full Changelog: v2.7.3...v2.8.0
Contributors
allcontributors and aidanhall34
Assets 11
v2.7.3
What's Changed
- FIX 732 ensure --no-state is respected even through --time-limit by @kmanc in #733
- Fix incorrect username in Contributors by @n0kovo in #749
- fixed #716; wordlist entries with leading slash are trimmed by @epi052 in #750
- fixed #743; redirects always show full url as Location by @epi052 in #750
- fixed #748; cancelled scans persist across ctrl+c by @epi052 in #750
New Contributors
Full Changelog: v2.7.2...v2.7.3
Contributors
kmanc, n0kovo, and epi052
Assets 11
v2.7.2
What's Changed
- removed superfluous if statement by @herrcykel in #580
- upgraded leaky-bucket to 0.12.1 by @udoprog in #604
- updated dependencies by @epi052 in #670
- upgraded clap from 3.x to 4.x by @epi052 in #671
- 661 fix double dir scan by @epi052 in #672
- fixed invalid uri exception during extraction by @epi052 in #706
New Contributors
- @herrcykel made their first contribution in #580
- @udoprog made their first contribution in #604
Full Changelog: 2.7.1...v2.7.2
Contributors
udoprog, herrcykel, and epi052
Assets 11
2.7.1
What's Changed
- fixed bug in auto-tune
- extensions now accept values with leading period, i.e.
-x .phpand-x phpbehave identically (leading period gets stripped) - if no url scheme is given,
httpsis prepended to the target (-u hackerone.combecomeshttps://hackerone.com) - support for secondary default wordlist location added (
/usr/local/share/seclists...)
🎉 Special thanks to @jhaddix, @IppSec, @postmodern, and @DonatoReis for their reports / ideas 🎉
Full Changelog: 2.7.0...2.7.1
Contributors
postmodern, jhaddix, and 2 other contributors
Assets 11
2.7.0
What's Changed
For a more in-depth explanation of how status code filtering has changed, please see the docs. Here are the cliff notes:
--filter-statusand--status-codesare now mutually exclusive options--status-codesworks the same way it always has: by providing an allow-list for status codes. Any status code not included in--status-codeswill be filtered out- If a value is given to
--filter-status, that status code will be filtered out, while all other status codes are allowed to proceed
Additionally, there is a new flag, --force-recursion. This flag tells feroxbuster to ignore its typical recursion logic in favor of recursing into any ‘found’ asset. A ‘found’ asset is an endpoint that was not filtered out by other scan settings (i.e. –filter-status or similar). More info available here.
Finally, the default path to the wordlist on windows has been updated to look in the current directory: .\SecLists\Discovery\Web-Content\raft-medium-directories.txt
🎉 Special thanks to @0xdf223 and @ThisLimn0 🎉
Full Changelog: v2.6.4...2.7.0
Contributors
epi052, ThisLimn0, and 0xdf223
Assets 11
v2.6.4
What's Changed
- bugfix where if multiple http methods were used, and returned responses that should have been shown to the user, only the first method was shown. This was an error in how responses were identified, but is now fixed.
Thanks to @godylockz for spotting another issue!
Full Changelog: v2.6.3...v2.6.4
Contributors
godylockz
Assets 11
v2.6.3
What's Changed
- bugfix related to #501,
--proxywas handled fine, but logic for--replay-proxywas flawed. Both exhibit the same behavior now.
Thanks to @godylockz for spotting the issue!
Full Changelog: v2.6.2...v2.6.3
Contributors
godylockz
Assets 11
v2.6.2
Contributors
jhaddix and epi052