What's Changed
🎉 New Features
- Introduced passive crawling by @dogancanbakir in #781
-ps, -passive enable passive sources to discover target endpoints
-pss, -passive-source string[] passive source to use for url discovery (waybackarchive,commoncrawl,alienvault)
Example:
katana -u tesla.com -passive -f qurl
...
https://static-assets-pay.tesla.com/api/payment-schema/creditcard?countrycode=dk
https://static-assets-pay.tesla.com/api/paymenttypes/?clientlibrary=payment-website
https://tradepartnertickets.tesla.com/dist/main.css?029b26e9be3aef4fc82c
https://tradepartnertickets.tesla.com/dist/vendors.vendors.css?029b26e9be3aef4fc82c
https://workforce.tesla.com/auth/callback?code=na_921f11c72db1d416c2fb624ea94ab5e1bad5f803
...
...
...
[INF] Found 208114 endpoints for https://tesla.com in 2m11.65937825s (commoncrawl: 128, alienvault: 1615, waybackarchive: 206371)- Introduced option to exclude targets to crawl by @dogancanbakir in #731
-e, -exclude string[] exclude host matching specified filter ('cdn', 'private-ips', cidr, ip, regex)
🐞 Bug Fixes
- Fixed issue with headless redirect by @Mzack9999 in #823
- Fixed issue with filter and match functionality (SDK) by @dogancanbakir in #775
- Fixed issue with
-kfoption to skip if the maximum depth is exceeded by @dogancanbakir in #799
Other Changes
- Added conditional support to include go-tree-sitter in build process by @RamanaReddy0M in #814
- Fixed nil pointer check by @dogancanbakir in #773
- Fixed error check on hybrid request parsing by @niudaii in #804
- Updated jsluice to new version with more results by @Ice3man543 in #695
- Updated jsluice by @geeknik in #800
New Contributors
- @beac0n5 made their first contribution in #732
- @toufik-airane made their first contribution in #736
- @niudaii made their first contribution in #804
- @geeknik made their first contribution in #800
Full Changelog: v1.0.5...v1.1.0