Skip to content

Version 1.4.0 - Improved and new techniques, hardcoded wordlists & much more

Latest
Latest
Compare
Choose a tag to compare
@m10x m10x released this 17 Apr 15:55
· 1 commit to master since this release
1.4.0
2721649

Improved and new techniques

  • improved parameter scanning
  • improved parameter cloaking
  • improved fat get
  • added parameter pollution as new technique

Hardcoded wordlists

  • The wordlists used for parameters and headers are now hardcoded into wcvs. This means that from now on you only need to specify wordlists if you want to use other than the default ones

Improved Cachebuster Detection

  • The random cachebuster values now have a cb prefix, while the random poison values now have a p prefix
  • This makes it easier to tell if a value is a cachebuster or poison value. Especially when the cachebuster parameter is also vulnerable to e.g. parameter pollution.

Better poison and cachebuster values

  • The random cachebuster values have now a prepended cb, while the random poison values have now a prepended p
  • Thus, it's easier to differentiate if a value is a cachebuster or poison value. Especially if the cachebuster parameter is also vulnerable to e.g. parameter pollution.

Improved Output

  • Better formatting
  • Showing the correct cachebuster name

New Flags

  • skipwordlistcachbuster: skip using wordlists when trying to find a cachebuster
  • nolog: do not create a log file

Misc

  • upgraded dependencies
  • updated chrome useragent
Assets 10
Loading