Releases: milo2012/pathbrute
v0.0.10
Changelog
e177d4e fix for issue in #298f89f
57255c7 Cadd /admin/queues.jsp?QueueFilter= - VE-2018-8006: XSS in Apache ActiveMQ
298f89f add -e option to exclude specific status code from stdout (E.g. 404) - reduce noise output
1d6f960 add /api - traefik instances /api endpoint discloses private keys of SSL certificates
dd732f6 add packetstorm to README.md
6c18ed8 update README.md
994f4b0 fix bug abt being unable to access pathbrute.sqlite in Docker
f652bd9 update Dockerfile
95a4e3f update README.md
1c12725 update README and msfPaths.txt
c6cbbd6 add --query/-q option to lookup URI paths in ExploitDB database and also added "code=xxx to the status code output for easier grep
a92e66c update README.md #9
d2e8da2 update wordlists
eeba6a7 update exploitdb paths
v0.0.9
Changelog
d93b106 bug fix in intelligent mode
c561cb2 update metasploit paths
6441131 update exploitdb files
a2036ce update exploitdb wordlists
4f8263d cleanup code
1ce174d cleanup packetstormPaths.txt
1032296 cleanup packetstormPaths.txt
a666198 push update for .gitignore
f498d7f push update for .gitignore
0cd089d fix for http proxy function not working - issue #4
1f6c00a fix for http proxy function not working - issue #4
5b8389c update packstormPaths.txt
3eb2679 update packstormPaths.txt
672be2c add paths from CVE-2018-2894 - ref from https://github.com/LandGrey/CVE-2018-2894
ce8bfad add paths from CVE-2018-2894 - ref from https://github.com/LandGrey/CVE-2018-2894
920dd42 Merge pull request #8 from Chan9390/dockerfile
ebf816e Merge pull request #8 from Chan9390/dockerfile
f930961 Updated readme
229cf8b Updated readme
398bc0f Updated dockerfile
0cda351 Updated dockerfile
78dacba update Dockerfile and README.md after removal of binaries from source
c252134 update Dockerfile and README.md after removal of binaries from source
3d6d12b update exploitdb*.txt wordlists
6afbc9b update exploitdb*.txt wordlists
28c99fc update exploitdb path lists
cae99cb update exploitdb path lists
8c8dcef update exploitdb paths
6ab8cfa update exploitdb paths
42fd82e add uri paths for CVE-2017-12542 - https://github.com/airbus-seclab/ilo4_toolbox
0cd06ab add uri paths for CVE-2017-12542 - https://github.com/airbus-seclab/ilo4_toolbox
bc38dec if --update option is used, wordlist doesnt gets loaded after download - fixed
33b7fc3 if --update option is used, wordlist doesnt gets loaded after download - fixed
f3fd87f minor bug fixes
d62f8b5 minor bug fixes
97cfd48 minor bug fixes
1217ecf minor bug fixes
43730c5 temp
1f457f9 temp
2593f02 speed improvements, bug fixes and code cleanup
76f9df5 speed improvements, bug fixes and code cleanup
1dca934 update exploitdb_php.txt
e50aa9d update exploitdb_php.txt
1c8ced8 update defaultPaths.txt
5e86376 update defaultPaths.txt
dc023f0 add /common/lvl5/help/webctrl/ - CVE-2018-8819 - https://www.coalfire.com/The-Coalfire-Blog/June-2018/How-I-Found-CVE-2018-8819-Out-of-Band-(OOB)-XXE
1a2081b add /common/lvl5/help/webctrl/ - CVE-2018-8819 - https://www.coalfire.com/The-Coalfire-Blog/June-2018/How-I-Found-CVE-2018-8819-Out-of-Band-(OOB)-XXE
817d0be update exploitdb wordlists
9cc8396 update exploitdb wordlists
72dd481 update exploitdb*.txt
726cc82 update exploitdb*.txt
e662640 update --cms mode, add Wordpress 4.5.1 - WordPress Same-Origin Method Execution (SOME)
1642bda update packetstormPaths.txt
a8852ef add --skip option so that websites like OWA,VPN can be ignored (as these would not have any "interesting" files
6b6ebe4 update exploitdb.txt
63f7cf4 update exploitdb_asp.txt
96565e6 update exploitdb_asp.txt
6a83466 update exploitdb_jsp.txt
7b63843 update exploitdb_php.txt
c8a480f update packetstormPaths.txt
aebe900 update packetstormPaths.txt
3bc9ac7 update explotidb.txt - 29 May 2018
2ff2f8d update defaultPaths.txt - add /ForensicsAnalysisServlet/ IBM QRadar SIEM Unauthenticated Remote Code Execution (CVE-2018-1418)
2a60801 update packetstormPaths.txt
6825dd5 update packetstormPaths.txt
d4d99f5 update packetstormPaths.txt
697562e update packetstormPaths.txt
033af64 update msfPaths.txt - add D-Link DSL-2750B OS Command Injection
25a5fac add /plc/webvisu.htm - CoDeSys webvisu - from @ZoomEye
a7f357e cleanup lists
8cbb3a9 update path lists - 23 may 2018
30e7702 error handling
9353355 update README.md
f64443f add --update function to update wordlists
3690583 update uri path list
b5b39ee update exploitdb_others.txt
21ca35f add --update function for updating the uri path lists from exploitdb/msf/etc
a84b24d cleanup paths
ecd0f9f update paths
0798c68 update exploitdb_all.txt
b973d7d update exploitdb_php.txt
6edc60b update exploitdb_php.txt
65826ec update exploit-db uri paths
c9b9c79 update README.md
02d5a57 change from go-textdistance to smetrics as it doesn't support 386 and arm
9f22b65 change from go-textdistance to smetrics as it doesn't support 386 and arm
ebde8d1 update goreleaser
dd7403d update goreleaser
315368b fix bug when running pathBrute in linux - program never exits
4770a3c add /weblogin.html - DrayTek router devices - provided by #ZoomEye - possible default passwords
ced9b13 update exploitdb uri paths
802fa4a update defaultPaths.txt
0cfdc9b update README.md
7d96957 update README.md
7f3b990 update README.md
74f8d0d cleanup output of --cms options
9d29345 update README.md with instructions on --cms option
c2621a1 update exploitdb path lists
4365fd4 remove i386
e280941 remove i386
1781820 use Jaro–Winkler distance to calculate difference between 2 different request response - used to check how different 2 pages are (where the webserver returns http status code 200 for all requests
6d2b134 update exploitdb wordlists
3f86222 add /apps/backend/config/ - Directories containing Symfony CMS juicy info and files
7299dc1 add /esp/cms_changeDeviceContext.esp - PAN-SA-2017-0027 - https://www.pentestgeek.com/penetration-testing/attacking-palo-alto-networks-pan-os
db3b2e2 prompts user and exit if value for -r exceeds the maximum length of websites*wordlist
7bb9e76 cleanup code
4f1dc53 error handling
6cb1766 add code to improve intelligentMode
0e32045 path list cleanup
1244c47 path list cleanup
36abe43 cleanup code
5b441ee implement code for #2
0720ff6 add /GponForm/diag_Form - CVE-2018-10561
29d6f67 minor fixes
d91a424 remove comments
c85aa5d minor fixes
62618b7 minor speed improvements
291e041 update defaultPaths.txt
fe4db09 minor update
cb733d1 minor update
f9a190e cleanup path lists
678d7da path list cleanup
a4e8110 update path lists
5105834 bug fixes
d9c343a bug fixes
8bc1942 bug fixes
aa99189 fix bug where some invalid matching is not displayed when using -i option
5bb0bfd update path lists
0675e76 update msfPaths.txt
3ae617a update defaultPaths.txt
99a0b8c update defaultPaths.txt
e2bdceb update path lists
0660cf0 bug fixes
5269281 update word lists
f9f2a56 update defaultPaths.txt
3db7bab update path lists
d4e44bc update path lists
4d37b83 add path for Apigility Web Interface
6084b06 add new paths from exploit-db - 6 May 2018
20eedc1 add /Diagnostics.asp as reported by GreyNoise here. https://twitter.com/GreyNoiseIO/status/992522759610740736
3940b7e fix bug with matching url
69aee0c update .gitignore
6c62e5d fix bug with matching url
ec60c91 fix for some websites returning false positive
20a141f update defaultPaths.txt
f5549d1 add 1612-exploits
a294dc6 add 1608-exploits
4c9c3c0 update pathBrute
334cac0 update packetstormPaths.txt
7b0e525 add 1607-exploits
051adba update packetstormPaths.txt
cf0ccad add 1606-exploits
1dc1954 add paths from 44560.py
71555b1 add /device.rsp?opt=user&cmd=list (CVE-2018-9995)
812acf9 fix issue when using --cms mode with -i
676b584 update README.md
89f2111 update msfPaths.txt
8f8f56b cleanup
cb9a862 cleanup
e9985df add paths from Metasploit framework
5081dc3 add paths from Metasploit framework
c1d4d65 update README.md
371c9ef add new exploitdb php paths
02a86b2 updated exploitdb_php.txt
047b14b add /plugins/servlet/oauth/users/icon-uri?consumerUri=https://www.google.com - JIRA - SSRF (CVE-2017-9506)
c1f9b10 add option for exploitdb-others
89c7ff5 add metasploit paths from https://github.com/milo2012/metasploitHelper
5c04bb9 Merge branch 'master' of https://github.com/milo2012/pathbrute
064f3c3 add ElasticSearch Search Groovy
90644cf update word list
5ee650b update word list
b5e2990 update word lists
1d490b5 cleanup lists
3c8b395 add /Sitefinity/Authenticate/SWT
f5b82c1 update defaultPaths.txt
87e583c remove debug text
e4fe954 add more paths for Weblogic wls-wsat
44c3e8d add path for Happy Axis page
46647a4 update pathBrute
3dbd91e update pathBrute files
949f964 update pathlists
6016340 update wordlist
1d827bb update pathBrute binaries
1cb024a update README.md
42d9adc update README.md
ced9542 update README.md
abb0a94 update README.md
bf0858c update README.md
7e003af remove redundant binary
659211a implement feature for #1
e984c84 update README.md
6bef2a7 update defaultPaths.txt
2f0f4de add path for unprotected odoo DB manager, thanks @ayoubfathi
d038a76 update exploitdb_php.txt andexplotidb_all.txt
4b99213 update defaultPaths.txt
c687b3d error handling
56e8622 add tags for results
5f3209f update files
509577b .gitignore
dfeab04 minor text changes
2de33a1 update defaultPaths.txt
7016880 update exploitdb_all.txt
3c33bb4 update exploitdb_all.txt
2a08fee update exploitdb_php.txt
68747f8 minor fixes
64278b3 remove additional text
4baf64b update defaultPaths.txt
fbb16e9 update defaultPaths.txt
3708c0b update README.md on pulling the latest docker iamges
7adbff8 update README.md regarding dockerfile
fe11b86 update README.md
498b1c0 add timeout option
3f19815 fix issue where program doesnt exit
f433cbe update pathBrute
86f2fb1 update exploitdb*.txt
53cb77a exit program if provided -r num is larger than list
15dcf3d fix issue where program exists when using with large wordlists
f5db5c6 fix issue where program exists when using with large wordlists
55578a8 update README.md
e206e25 update README.md
e70f336 add option to set user-agent
ae2e513 update README.md
15cd38e add HTTP proxy option
06ae3c5 fix error handling
821e6d4 fix error handling
7a18d01 update
dbf22ae update defaultPaths.txt - add /user/register - Drupalgeddon2
03e4f65 update README.md
b9ab717 update README.md
ddcca2e update README.md
47cf172 fix download for exploitdb_all.txt
3803ee8 add goreleaser.yml
681332e add goreleaser.yml
5bd4b81 add goreleaser.yml
25bfea4 add goreleaser.yml
a7d0e39 add main.go
1924469 add main.go
a954c0f update color
7e8f382 fix colors in logs
e30c3fc add -r option to resume from a certain position
aa9f8d6 update pathBrute
ec983a0 update pathBrute - some status no appearing - fix
7873fb3 update pathBrute - some status no appearing - fix
e77c1b0 update pathBrute - some status no appearing - fix
a5e10ca...
v0.0.8
Changelog
4ab1422 update --cms mode, add Wordpress 4.5.1 - WordPress Same-Origin Method Execution (SOME)
7069125 update packetstormPaths.txt
4da0fbf add --skip option so that websites like OWA,VPN can be ignored (as these would not have any "interesting" files
4d545e8 update exploitdb_.txt
4e2324b update exploitdb_asp.txt
752ebbc update exploitdb_asp.txt
6210b12 update exploitdb_jsp.txt
0f79533 update exploitdb_php.txt
7dfad3f update packetstormPaths.txt
c14f66a update packetstormPaths.txt
7046399 update explotidb.txt - 29 May 2018
ba46970 update defaultPaths.txt - add /ForensicsAnalysisServlet/ IBM QRadar SIEM Unauthenticated Remote Code Execution (CVE-2018-1418)
5776e61 update packetstormPaths.txt
cd1fdcc update packetstormPaths.txt
a0f629c update packetstormPaths.txt
0f3d74b update packetstormPaths.txt
25756c2 update msfPaths.txt - add D-Link DSL-2750B OS Command Injection
b5bd52a add /plc/webvisu.htm - CoDeSys webvisu - from @ZoomEye
e253a9b cleanup lists
793ce99 update path lists - 23 may 2018
v0.0.7
Changelog
3fcc6bb error handling
3cd2213 update README.md
aafae2e add --update function to update wordlists
feaf1d0 update uri path list
113d7fa update exploitdb_others.txt
bc469d3 add --update function for updating the uri path lists from exploitdb/msf/etc
b9361e0 cleanup paths
db63a4c update paths
adaaab0 update exploitdb_all.txt
e2fc8ba update exploitdb_php.txt
0f903a2 update exploitdb_php.txt
327fb37 update exploit-db uri paths
755dda4 update README.md
v0.0.6
Changelog
314154b change from go-textdistance to smetrics as it doesn't support 386 and arm
0b071f1 change from go-textdistance to smetrics as it doesn't support 386 and arm
aed19c4 update goreleaser
ca9d14e update goreleaser
4fc735f fix bug when running pathBrute in linux - program never exits
1119adf add /weblogin.html - DrayTek router devices - provided by #ZoomEye - possible default passwords
6da7705 update exploitdb uri paths
v0.0.5
Changelog
8ab949a update defaultPaths.txt
6837a93 update README.md
c3d169a update README.md
6609c69 update README.md
9b85ac7 cleanup output of --cms options
6f71751 update README.md with instructions on --cms option
a9b7188 update exploitdb path lists
4fd1f4a remove i386
7b09b7b remove i386
85dda89 use Jaro–Winkler distance to calculate difference between 2 different request response - used to check how different 2 pages are (where the webserver returns http status code 200 for all requests
d289ba2 update exploitdb wordlists
83a0ef6 add /apps/backend/config/ - Directories containing Symfony CMS juicy info and files
3dbfe2d add /esp/cms_changeDeviceContext.esp - PAN-SA-2017-0027 - https://www.pentestgeek.com/penetration-testing/attacking-palo-alto-networks-pan-os
80b16cc prompts user and exit if value for -r exceeds the maximum length of websites*wordlist
e338a20 cleanup code
32b3ca1 error handling
8f35b30 add code to improve intelligentMode
b009c8c path list cleanup
a00f015 path list cleanup
v0.0.4
Changelog
29d2441 cleanup code
d0542ad implement code for #2
988c15b add /GponForm/diag_Form - CVE-2018-10561
6bdc710 minor fixes
81b9aa7 remove comments
d5f2ec1 minor fixes
c8ca332 minor speed improvements
510bd0b update defaultPaths.txt
0a4a448 minor update
2778c7c minor update
9d214af cleanup path lists
bbb8763 path list cleanup
32891e8 update path lists
54052bf bug fixes
1fcadf0 bug fixes
bcd0018 bug fixes
2591c07 fix bug where some invalid matching is not displayed when using -i option
7038a21 update path lists
24c5e12 update msfPaths.txt
160ba93 update defaultPaths.txt
7fea42d update defaultPaths.txt
ec995a0 update path lists
b74a77d bug fixes
3acf8fe update word lists
2fea7ec update defaultPaths.txt
d72689a update path lists
868b135 update path lists
67439d1 add path for Apigility Web Interface
4e1323f add new paths from exploit-db - 6 May 2018
cda2be6 add /Diagnostics.asp as reported by GreyNoise here. https://twitter.com/GreyNoiseIO/status/992522759610740736
baea396 fix bug with matching url
d4f526f update .gitignore
a0251b7 fix bug with matching url
5fdc7e5 fix for some websites returning false positive
4b9a67a update defaultPaths.txt
790460b add 1612-exploits
5850ff3 add 1608-exploits
dfb746f update pathBrute
830e027 update packetstormPaths.txt
18475a2 add 1607-exploits
ed49e57 update packetstormPaths.txt
03abb56 add 1606-exploits
c7ca39e add paths from 44560.py
feba346 add /device.rsp?opt=user&cmd=list (CVE-2018-9995)
b0c393b fix issue when using --cms mode with -i
fca7efe update README.md
558053a update msfPaths.txt
aec0b7d cleanup
d5add82 cleanup
5983517 add paths from Metasploit framework
5d60320 add paths from Metasploit framework
50bbb4e update README.md
5463e94 add new exploitdb php paths
f1340d5 updated exploitdb_php.txt
fe09026 add /plugins/servlet/oauth/users/icon-uri?consumerUri=https://www.google.com - JIRA - SSRF (CVE-2017-9506)
919db65 add option for exploitdb-others
78e9582 add metasploit paths from https://github.com/milo2012/metasploitHelper
687e3cd Merge branch 'master' of https://github.com/milo2012/pathbrute
464a6c9 add ElasticSearch Search Groovy
20b5627 update word list
245c8a3 update word list
440db39 update word lists
05050b1 cleanup lists
b8fa8a0 add /Sitefinity/Authenticate/SWT
e66544c update defaultPaths.txt
c1f6809 remove debug text
9ef5db1 add more paths for Weblogic wls-wsat
9345870 add path for Happy Axis page
d216913 update pathBrute
3624cac update pathBrute files
9745cc1 update pathlists
473e3dd update wordlist
48b7775 update pathBrute binaries
c189c89 update README.md
545ea27 update README.md
2d65078 update README.md
29e8d9e update README.md
92aa523 update README.md
3b19d54 remove redundant binary
f6925e1 implement feature for #1
dedcf60 update README.md
031cdb2 update defaultPaths.txt
e2e78a6 add path for unprotected odoo DB manager, thanks @ayoubfathi
16296f0 update exploitdb_php.txt andexplotidb_all.txt
ea68c11 update defaultPaths.txt
v0.0.3
Changelog
61d3cf4 error handling
6953324 add tags for results
69a8a9c update files
6a086ae .gitignore
1e99bc6 minor text changes
61da30a update defaultPaths.txt
cf463fc remove additional text
73b095a update exploitdb_all.txt
12ea003 update exploitdb_all.txt
5285ecf update exploitdb_php.txt
eebaf81 minor fixes
a8f93c1 remove additional text
1630a63 update defaultPaths.txt
1925f5d update defaultPaths.txt
67c7e55 update README.md on pulling the latest docker iamges
ee3d317 update README.md regarding dockerfile
48b5eb8 update README.md
2232f98 add timeout option
v0.0.2
Changelog
11ce5f5 fix issue where program doesnt exit
650947a update pathBrute
9409975 update exploitdb_.txt
673b661 exit program if provided -r num is larger than list
933d6e7 fix issue where program exists when using with large wordlists
cf3f445 fix issue where program exists when using with large wordlists
da98ce9 update README.md
5a4f856 update README.md
8f8033b add option to set user-agent
bab7a82 update README.md
b001b58 add HTTP proxy option
438a753 fix error handling
4fdb414 fix error handling
87c0ec7 update
ba0e06d update defaultPaths.txt - add /user/register - Drupalgeddon2
970e556 update README.md
e51d49b update README.md
b0f4580 update README.md
41fb3ae fix download for exploitdb_all.txt
ef4c654 add goreleaser.yml
e2d28cc add goreleaser.yml
1fcfe76 add goreleaser.yml
d76d6d5 add goreleaser.yml
bd0c935 add main.go
02117df add main.go
09a5063 update color
8854e14 fix colors in logs
6f3b846 add -r option to resume from a certain position
503c51d update pathBrute
ce9ed91 update pathBrute - some status no appearing - fix
4e5529b update pathBrute - some status no appearing - fix
0d4b11c update pathBrute - some status no appearing - fix
7112c19 set timeout
4cf910a update exploitdb_.txt
5f7fc70 rename exploit_db.txt to exploitdb_all.txt
ddb309c update exploitdb path lists
189a244 combined exploit_db.txt
2f4ba87 update README.md
19a75be update pathBrute to include more exploitdb path lists
bb69c46 exploitdb_perl.txt
3fedb44 update exploitdb_cfm.txt
a4c4796 update exploitdb_cfm.txt
fbe4d98 update exploitdb_cgi.txt
ae0c7f0 update exploitdb_cgi.txt
e76d2b2 add exploitdb_cgi.txt
795c83b add exploitdb_aspx.txt
e03d5e0 add exploitdb_php.txt
5694198 add exploitdb_jsp.txt
cdf8c90 add exploitdb_asp.txt
523b3b3 add exploitdb -php URI paths
8cdcd21 update README.md
02b358b update README.md
4b01202 update exploit_db.txt - 9285 count
f4718e2 update exploit_db.txt
9ef508b add wip exploitdb path list and fix bug where each URI path was tested twice against target
a1a284d add version check for Drupal CVE-2018-7600
d258b3e remove compiled binaries from repo. download from releases section
a7718ad update exploit_db.txt
0a3493b URI paths from exploitdb
6ffd838 update README.md
93bd2a8 update README.md
38bcec6 update README.md
24a8f74 update README.md
1ecf114 update README.md
d164c8a add other platform executables
92b2b6d fix [%d of %d] counter
c369d47 update README.md
6dce8c5 update README.md
95cabb4 remove /index.html from defaultPaths.txt
5774113 add CTRL-C intercept
e18e02e update defaultPaths.txt
c74be7b fix minor bug
9595ecc update README
6a3dc8e update README
2f37810 change -f to -U and add in new argument -u
a165802 update README.md
17a236d update README.md
a3d65fb update pathBrute - add new wordlist
cbdcc57 add defaultPaths.txt
de12b3b Initial commit
6b26bf6 update README
daa8bf5 first commit for pathBrute