Skip to content

v3.0.1

Choose a tag to compare

View all tags
@hahwul hahwul released this 02 Jun 02:16
· 112 commits to main since this release
v3.0.1
ed82193

3.0.1

Added

  • DOM-XSS Coverage: AST analysis now recognizes jQuery $()/jQuery() selector-to-HTML sinks, dynamic import() execution sinks, and fetch()/XMLHttpRequest response sources.
  • WAF Fingerprints: Added NetScaler and cookie-based signatures and generalized the bypass mutations shared across vendors.
  • Packaging: Added native .deb/.rpm packages (cargo-deb + cargo-generate-rpm), musl binaries (x86_64-musl, aarch64-musl), and Snapcraft and AUR distribution.

Changed

  • WAF Bypass Performance: Made WAF bypass payload expansion orthogonal to avoid combinatorial blow-up during scanning.
  • Progress UI: Animated the scan spinner and progress bars with a metallic shimmer.

Fixed

  • Explicit -p targets are now always tested, regardless of --skip-* flags.
  • Explicit -p header/cookie/multipart injection points are honored.
  • Explicit -d body params are tested under --skip-mining/--skip-mining-dict (XSSMaze detection 92.7% → 98.2%).
  • Workers shut down gracefully instead of panicking on a closed semaphore.
  • --custom-payload content is validated up front rather than only checking that the file exists.
  • Release tooling no longer truncates aur/PKGBUILD during version bumps.

Full Changelog: v3.0.0...v3.0.1

Assets 26
Loading