v2.6.4

What's Changed

• bugfix where if multiple http methods were used, and returned responses that should have been shown to the user, only the first method was shown. This was an error in how responses were identified, but is now fixed.

Thanks to @godylockz for spotting another issue!

Full Changelog: v2.6.3...v2.6.4

v2.6.3

What's Changed

• bugfix related to #501, --proxy was handled fine, but logic for --replay-proxy was flawed. Both exhibit the same behavior now.

Thanks to @godylockz for spotting the issue!

Full Changelog: v2.6.2...v2.6.3

v2.6.2

• The Scan Management Menu now has the ability to manage filters as well! More details and demonstrations are available in the docs.

Special thanks to @jhaddix for the idea! 🎉

What's Changed

• add and remove filters via scan management menu by @epi052 in #533 & #528

Full Changelog: v2.6.1...v2.6.2

v2.6.1

• fixed a bug where --collect-backups wasn't requesting backups from the same directory where the original was found

🎉 Thank you to @gtjamesa for reporting the bug! 🎉

Full Changelog: v2.6.0...v2.6.1

v2.6.0

What's Changed

• Add --no-state option, filter queries from links, title-case headers by @godylockz in #474
• added --collect-extensions and --dont-collect
• added --collect-words
• added --collect-backups
• added --burp
• added --burp-replay
• added --smart
• added --thorough
• added --no-state
• added nlp module with html-based TF-IDF implementation
• fixed bug in --resume-from where ScanType::File scans were erroneously kicked off as though they were ScanType::Directory
• fixed bug where some extracted requests may have been requested with redirects allowed, regardless of runtime config
• fixed bug where the first request made with --extract-links was not async
• implemented workaround for bug when --method was POST, PUT, PATCH and --data was empty/not used (awaiting upstream for a real fix)
• query params and fragments are removed from extracted urls before being requested
• updated dependencies
• headers are now Title-Cased
• directory listing detection happens regardless of --extract-links usage, however the links found therein are only requested when --extract-links is used
• numerous code quality improvements

Full Changelog: v2.5.0...v2.6.0

v2.5.0

What's Changed

• docs: add narkopolo as a contributor for ideas by @allcontributors in #437
• docs: add justinsteven as a contributor for ideas by @allcontributors in #436
• Added support for specifying cookies with the -b flag by @7047payloads in #444
• docs: add 7047payloads as a contributor for code by @allcontributors in #455
• docs: add unkn0wnsyst3m as a contributor for ideas by @allcontributors in #456
• Add support of multiple methods during scan #440 by @MD-Levitan in #441
• added option groups to help output and updated dependencies by @epi052 in #463
• Directory Listing & Web Scraping Links by @godylockz in #464
• docs: add its0x08 as a contributor for ideas by @allcontributors in #468
• docs: add MD-Levitan as a contributor for ideas, code by @allcontributors in #469
• docs: add godylockz as a contributor for ideas, code by @allcontributors in #470
• Add redirect messages to normal reports by @epi052 in #466

New Contributors

• @7047payloads made their first contribution in #444
• @MD-Levitan made their first contribution in #441
• @godylockz made their first contribution in #464

Full Changelog: v2.4.1...v2.5.0

v2.4.1

• Revised Scan cancel Management Menu to allow for adding a new scan (docs); thanks to @narkopolo for the suggestion! 🥳
• Added original_url entry to json output, suggestion courtesy of @justinsteven 🎉
• updated dependencies to current versions

Full Changelog: v2.4.0...v2.4.1

v2.4.0

• integrated bugfix; submitted by @cortantief
• added --random-agent feature; submitted by @dsaxton
• added regex support for --dont-scan; idea form @mzpqnxow, implemented by me 🙃

Thanks to everyone involved in this release!!! 🌟 🙏

v2.3.3

• fixed wildcard filtering when wildcard response is 0
• fixed total # of urls reported to be scanned in the 'overall' progress bar (was increasing out of sync with reality)

Thank you to @Tib3rius for pointing out the wildcard bug, which led me to see the other bug while fixing the first 🎉

v2.3.2

Thank you to @mzpqnxow and @0xdf_ for their suggestions!

• Default status codes now include 500.
• logging while using --parallel now uses the value of -o|--output as a seed to create a directory named OUTPUT_VALUE-TIMESTAMP.logs/. Within the directory, an individual log file is created for each target passed over stdin.

Example Command:

cat large-target-list | ./feroxbuster --stdin --parallel 10 --output super-cool-mega-scan

Resulting directory structure (illustrative):

super-cool-mega-scan-1627865696.logs/
├── ferox-https_target_one_com-1627865696.log
├── ...
└── ferox-https_target_two_net-1627865696.log