wapiti-scanner/wapiti 3.3.0

on GitHub

What's Changed

• Added more paths to the Buster module dictionary by @fwininger in #700
• Updated headless Firefox by @fwininger in #701
• Updated CMS fingerprint files by @fwininger in #705
• Fixed consistency between wp_enum and cms/wp_enum versions by @fwininger in #702
• Marked "Directory Traversal File Include" vulnerability as false positive by @fwininger in #703
• Fixed Angular detection by @fwininger in #706
• Added Python 3.14 support by @devl00p in #709
• Added SPIP plugin detection by @fwininger in #707
• Added devcontainer environment by @fwininger in #711
• Upgraded PHP version in the endpoint container by @devl00p in #712
• Forced aiosqlite version lower than 0.22.0 by @devl00p in #713
• Fixed cookie-based detection and added tests by @fwininger in #708
• Deprecated the wp_enum module by @fwininger in #716
• Added a JWT option by @fwininger in #717
• Fixed non-working --side-file option by @fwininger in #718
• Marked "Backup Files" vulnerabilities as false positives by @fwininger in #720
• Added WordPress WPML Multilingual CMS plugin detection to the CMS module by @fwininger in #722
• Added Drupal plugin detection by @fwininger in #723
• Added a Printer module by @fwininger in #721
• Removed version field from docker-compose files by @fwininger in #726
• Fixed .gitignore for integration tests by @fwininger in #727
• Updated PHP version by @MathisFranel in #729
• Improved mod_exec by @fwininger in #719
• Updated gitlab-ci.yml by @fwininger in #730
• Added detection for CVE-2024-55591 by @fwininger in #704
• Added Ivanti detection module by @fwininger in #731
• Added Palo Alto detection and version fingerprinting module by @fwininger in #732
• Added Magento and TYPO3 CMS detection by @fwininger in #724
• Improved Dockerfiles by @fwininger in #734
• Fixed regression affecting webpages in reports by @fwininger in #735
• Fixed core-js detection issue in mod_wapp by @fwininger in #733
• Fixed and standardized Ivanti and Palo Alto modules by @bretfourbe in #737
• Fixed Palo Alto ETag detection by @bretfourbe in #738
• Fixed regex in the information_disclosure module by @bretfourbe in #739
• Installed Playwright Firefox in /opt for multi-user access by @Qwarctick in #740
• Removed body and headers from responses when detail_report_level = 1 by @bretfourbe in #741
• Fixed Forti error and TYPO3 false positive by @bretfourbe in #744
• Added detection patterns for modern DBMS by @fwininger in #752
• Fixed [FF] placeholder not being replaced in XSS payloads by @fwininger in #753
• Added detection patterns for modern frameworks and ORMs by @fwininger in #754
• Added missing indexes on frequently filtered database columns by @fwininger in #756
• Added support for XHTML and XML content types in XSS detection by @fwininger in #755
• Optimized XSS module by @fwininger in #747
• perf(explorer): use sets for O(n) → O(1) request lookups by @fwininger in #758
• perf(mod_takeover): reuse a shared httpx.AsyncClient by @fwininger in #760
• perf(attack): switched attacked_get / attacked_post from lists to sets by @fwininger in #761
• perf(stickycookie): removed artificial delays in MITM proxy by @fwininger in #762
• Speeded up mod_backup using concurrent requests by @hbenazha in #757
• Modernized Firefox user-agent by @fwininger in #763
• perf(intercepting_explorer): optimized browser waits and clicks by @fwininger in #764
• Added Python 3.14 support in TOML configuration by @fwininger in #767
• Added SQLite PRAGMAs to improve I/O performance by @fwininger in #766
• Fixed triple N+1 query issue in _get_paths() by @fwininger in #765
• Allowed running both crawlers sequentially by @fwininger in #768
• Grouped transactions in add_payload, save_request, and save_requests by @fwininger in #769
• Fixed N+1 query issue in get_payloads() by @fwininger in #749
• perf(persister): avoided unnecessary deep copies during serialization by @fwininger in #750
• Improved scanning of URLs with uppercase hostnames by @ArseneCBW in #743
• Fixed Tomcat image used in tests by @Qwarctick in #773
• Code review fixes — batch 2026-05 by @devl00p in #777
• Fixed bugs based on May 2026 crash reports and updated documentation by @devl00p in #778
• Updated changelog and copyright date by @devl00p in #779
• Bumped version to 3.3.0 and updated manpages by @devl00p in #780

New Contributors

• @MathisFranel made their first contribution in #729
• @hbenazha made their first contribution in #757
• @ArseneCBW made their first contribution in #743

Full Changelog: [wapiti 3.2.10...3.3.0 comparison](https://github.com/wapiti-scanner/wapiti/compare/3.2.10...3.3.0?utm_source=chatgpt.com)