Releases: Hackmanit/Web-Cache-Vulnerability-Scanner
Version 1.2.1 - IgnoreStatus flag
New Feature
The --ignorestatus / -is flag was added. It can be used to prevent false positives if, for example, a WAF is changing the status code to 429 Too Many Requests.
Usage: ./wcvs -is 418,429 -u https://example.com
Changelog
Version 1.2.0 - Web Cache Deception Detection
Web Cache Deception
The WCVS now detects Web Cache Deception. It uses various techniques for this purpose:
- Path Parameter
- Path Traversal
- Appended Newline, Null Byte, Semicolon, Pound, Question Mark or Ampersand
In summary, WCVS's procedure is as follows:
If the cache returns a HIT, it is tested for web cache poisoning. If the cache always returns a MISS, it is tested for web cache deception.
Changelog
Version 1.1.2
Version 1.1.1
Changelog
Curl Command (new)
If a web cache poisoning was identified, the poisoning request is converted to a curl command and printed. Additionally, it is added to the report. Thus it's way easier than before to replicate/verify the web cache poisoning vulnerability 9d09f90 6e019f2
Bugfixes
Fixed a sneaky bug that prevented wcvs to identify cache headers cae91f2
Miscellaneous
Version 1.1.0
Changelog
Output
- reworked the output to be more well-arranged and easier to read cd60764 6113208 7f57adf 0d50479 34b2111 31229c1 a8a5d83 249edbb
bb1bf74
Bugfixes
Improvements
- improved setting and validating the default status code and removed the "setStatusCode" flag a190547 6f0890a 190c5f0 ed34eb3
Miscellaneous
- upgraded Go libraries bb6814f
Version 1.0.1
Changelog
Readme: install methods
- fixed install option 2 - fetch repository using go (Thanks to @hahwul) 218f0af
- added install option 3 - docker (Thanks to @hahwul) 218f0af 9fd92dc 5f5d58b
web cache poisoning techniques
- improved HTTP Method Override DOS technique: added more HTTP request methods f4ca674
- added new DOS variant: X-Forward-Scheme c7b3b7c
- added new DOS variant: Set User-Agent to a probable blacklisted security scanner f17e0f5
- added new DOS variant: DOS via illegal header name (currently disabled, because of limitations of the go net/http module) 79ea4c5 b15374e
bug fixes
- fixed rate limiting bug
rate Wait: rate: Wait(n=1) exceeds limiter's burst 0ddfe105 - added missing string 9856114
minor improvements
- converting OnlyTest and SkipTest Value to lowercase cc1c14f
- improved header/parameter wordlist and other file read error messages 7d3f09d
- added check if proxy cert could be added 150090c
- typo fix d1dfcca
miscellaneous
- added bash script to generate binaries and sha256 sums 9ada6c8
- changed go module from
/v2to/afedc51 - upgraded golang.org/x/net from
v0.0.0-20211020060615-d418f374d309tov0.0.0-20220107192237-5cfca573fb4dafedc51 - upgraded golang.org/x/time from
v0.0.0-20210723032227-1f47c861a9actov0.0.0-20211116232009-f0f3c7e86c11afedc51
Contributors
Assets 10
Version 1.0.0
Version 0.4.39
Darwin-Amd64-wcvs-0_4_39.zip
b12ad4501dacfb5ed3d9cad9388e147ac73f953dc09f0d1cd0a916854ff96277 (SHA-256)
https://www.virustotal.com/gui/file/b12ad4501dacfb5ed3d9cad9388e147ac73f953dc09f0d1cd0a916854ff96277
Linux-Amd64-wcvs-0_4_39.zip
0b28e8520fa1cc3388d7a113f298960231d45eb3e4bcf89e196f6c8e6fb9afd2 (SHA-256)
https://www.virustotal.com/gui/file/0b28e8520fa1cc3388d7a113f298960231d45eb3e4bcf89e196f6c8e6fb9afd2
Windows-Amd64-wcvs-0_4_39.zip
edd44be2ede175c4db1bb5ed9f40e441b863934d9fddb742302829b372d10790 (SHA-256)
https://www.virustotal.com/gui/file/edd44be2ede175c4db1bb5ed9f40e441b863934d9fddb742302829b372d10790
Version 0.4.36
Linux-Amd64-wcvs-0_4_36.zip
a22baba1855d2c112f4b0d8b37b055520da3d18bcd2fcdea5738b5976ebb9679 (SHA-256)
https://www.virustotal.com/gui/file/a22baba1855d2c112f4b0d8b37b055520da3d18bcd2fcdea5738b5976ebb9679/detection
Windows-Amd64-wcvs-0_4_36.zip
5a5f2ec9696fb433b834f44d435d4906adcf6c750697fcc322751047b4d7acab (SHA-256)
https://www.virustotal.com/gui/file/5a5f2ec9696fb433b834f44d435d4906adcf6c750697fcc322751047b4d7acab/detection