v1.0.7

Changelog

f2504f2 Fixed a severe bug with URL parsing introduced in the v1.0.6 release #277 📝 @osamahamad @vysecurity
efd8343 Fixed an issue with http2 causing issues with burp proxy #274 📝@0x0msg
fb5a8f6 Added support to print followed URLs in the output #215 💡@JoshuaMart
be85cbc Added support to follow 307/308 based redirects #280 💡 @stigkj
51da009 Added TLS fingerprint hash information in the JSON output #221
c1ee06a Added support to respect user-defined HTTP schema in the input #273 by @Becivells

v1.0.6

Changelog

7e459a6 Fixed a bug with hosts running websocket causing never ending httpx scan.
e9bb05d Fixed a bug with POST request method.
28ef5a1 Fixed a bug to output ip/cname when port as input is used by @iflody
b801730 Fixed a bug with unsafe flag.
708fbc2 Added support to display redirect chain with follow-redirects flag
62c32ca Added support to store redirect chain data with store-chain flag
780199f Added glob support to read multiple files as input (-l "subdomains-to-probe/*")
aa2e70f Added allow flag to whitelist IPs/CIDRs for probing.
aa2e70f Added deny flag to block IPs/CIDRs for probing.
f560d24 Added max-response-body-size flag to define max response body size.
a387acc Added extract-regex flag to print custom strings from response to CLI.
0582ec9 Auto-enabled tls-grab when tls-probe flag is used.
dbd75f4 Updated to latest wappalyzergo release.

v1.0.5

Changelog

07bff31 Added wappalyzergo based technology detection (-tech-detect)
2112a44 Added file based paths input support (-paths)
f8104ae Added random user agent support (-random-agent)
782cdcf Added syscall fallback support.
9ddeea3 Updated title extraction with improved regex
bfbf2b6 Fixed duplicate result when input CIDR targets
49e0aad JSON output improvements.

Notable flag changes:-

• include-response flag instead of response-in-json
• response-in-json is still supported but deprecated flag.
• tls-grab is now optional instead of default.
• tls-probe now can be used along with tls-grab

Notable JSON output changes:-

• Newly added fields:- timestamp, request,scheme,port, path, body_sha256, header_sha256
• Updated fields:- serverResponse with response-body, ip with host, ips with a, tls with tlsgrab

Example of default updated JSON output:-

{
  "timestamp": "2021-04-10T00:19:54.505279+05:30",
  "scheme": "https",
  "port": "443",
  "path": "/",
  "body-sha256": "bf697861898d0a7fabf4886f0eb238a440f45622e062ef40ac266e5575796347",
  "header-sha256": "4196b49038b99831b6d3fc40100162cabf81ac2718cd01e21efd5ba3926d1dfa",
  "a": [
    "104.16.99.52",
    "104.16.100.52"
  ],
  "url": "https://hackerone.com",
  "location": "https://www.hackerone.com/",
  "webserver": "cloudflare",
  "content-type": "text/html",
  "method": "GET",
  "host": "104.16.99.52",
  "content-length": 92,
  "status-code": 301,
  "csp": {
    "domains": [
      "www.google-analytics.com",
      "errors.hackerone.net",
      "cover-photos.hackerone-user-content.com",
      "hackathon-photos.hackerone-user-content.com",
      "profile-photos.hackerone-user-content.com",
      "hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com",
      "https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d",
      "www.youtube-nocookie.com"
    ]
  },
  "response-time": "547.188917ms"
}

v1.0.4

Bump go.mod

v1.0.3

Changelog

Added:-

5869dfb Added Progress bar support (-stats)
2c44440 Added Skipping HTTP if HTTPS found (-no-fallback)
3a5c564 Added custom scheme support (-ports http:443 https:8443)
389b50e Added Response time flag (-response-time)
6497301 Added Raw HTTP support (-unsafe)
28f630c Added support for IPv6 hosts
e2917db Added Support for hmap (input dedupe)

Updated:-

090c534 Improved readability and error handling by @melardev
8289f46 Made string matching case insensitive
d4e72d8 Made CDN flag optional
67c53a9 Updated title regex
3a5c564 Code Refactor

Fixed:-

6bde867 Fixed bug with stdin input by @vzamanillo
1a5a4da FIxed a bug with CDN blocking

v1.0.2

Changelog

f38a58b Added IP extraction
9b8550e Added CNAME extraction
5a7ec28 Added CDN check
edb9e1b Added String based match/filter
edb9e1b Added Regex based match/filter
ca20e55 Bug fix with CSP extraction
f71cb97 Bug fix bug with store-response flag

v1.0.1

Changelog

38d25bb Added support to probe all supported request method (-x all)
243e040 Fixed a bug printing request method on the default run.

v1.0.0

Changelog

a632271 - HTTP2 Probing
ffadd65 - Experimental/Trivial HTTP1.1 Pipeline Probing
5787fbd - Custom host header support
f62c479 - CSP Data extraction / Subdomains Probing
84dc1e9 - Location Header output by @tracertea
a21f098 - RawHTTP support with unsafe flag
e2e5501 - Multi Method/Verb support
f62c479 - Verbose flag to inspect failed requests.
f62c479 - Request flag to process RAW request from a file.
f62c479 - Bugs fixes (User agent, Data storage, multiple ports, CIDR input)

v0.0.8

Changelog

0e18ab4 content-type fix with no color

v0.0.7

Changelog

fed8df5 Added output filters and matchers
0817f31 Added content-type output
739545c Added request file/path option
afce1f7 Added TLS probe
8dcf41d Fixed automatic decoding of unicode chars in title
3c57c5e Fixed custom host header issue.