Monsoon Versions Save

Changelog

• 89f3183 Add completion command
• eb52e06 Add documentation
• 3ddca2d Add replace mode for executing a program
• ce6e049 Add short paragraphs about reverse ranges and range formatting
• 093db64 Add warning when using template with HTTP/2 and flag --disable-http2
• 3fec10b Bump golang.org/x/net
• 60a6a6d Do not show static values
• 68dbecb Fix go.mod
• 5b59894 Fix linter issues
• 53e86b6 Increase default value buffer size to enable time estimation for larger word lists
• ab41e5d Update dependencies
• 2e83dfb Update workflows

It has been a year since the last release of monsoon but we've been working on it continuously behind the scenes. Now, we're proud to release version 0.8.0 which is full of new features, fixes and improvements. In fact, we also wrote the new blog post "Bringing Monsoon to the Next Level" which goes over all changes in detail. The most notable new features are the --replace parameter which allows you to fuzz with multiple parameters and the overhauled test command.

Changes:

• Multi-parameter fuzzing with the --replace parameter which can be specified multiple times. It combines the functionality of the --file, --range and --range-format and adds even more flexibility. For example, you can search for files in multiple directories like this: --replace DIRNR:range:1-10:%02d --replace FILENAME:file:files.txt https://example.com/folder-DIRNR/FILENAME
• Overhauled test command to show the table output known from monsoon fuzz for a single fuzz value and print the request and response. It is also now a drop-in replacement for the fuzz command for quick and easy testing.
• Static value replacer: Take a look at our blog to find out when this feature comes handy.
• Long request detection: Due to the parallel nature of fuzzing, it is often not easy to identify requests that take longer than usual. However, these requests are often especially interesting. monsoon now prints out an annotation for these requests.
• Reversed ranges: It is now possible to switch start and end of a range to count backwards.
• Overhauled --extract-pipe: The performance was improved significantly and the current fuzz values are now passed to the command as environment variables.
• Added the option --insecure-ciphersuites to enable all insecure ciphersuites that are supported by Go.
• Multiple new timeout options: --connect-timeout, --tls-handshake-timeout and --response-header-timeout
• Support for coloured output on Windows.
• Fixed an issue where responses were not decompressed when using a template file.
• More robust template file parsing.
• A version command was added.
• Lots of small fixes and improvements under the hood.

Finally, we now also offer pre-built binaries below.

Changes:

• Improved and prettified error handling for input data and request-related errors
• New option to configure the number of redirects to follow with --follow-redirect n
• New options to force connecting exclusively via IPv4 (--ipv4-only) or IPv6 (--ipv6-only)
• Bug fixes for the filtering logic of the --show-status option, improved column indentation and better help texts
• Updated dependencies

Changes:

• Colorize output
• Limit update framerate to 60fps by default (set $MONSOON_PROGRESS_FPS to override)