Vailyn Versions Save

[New Features]

• support for LFI wrappers (like php://filter) in Phase 1 + Phase 2 File Leaking

[Improvements + Usage Changes]

• regrouped --lists FILEDICT DIRDICT and --listen IP PORT together in 1 argument: -l TP P1 P2, --phase2 TP P1 P2
  • use -l leak FILEDICT DIRDICT to leak files
  • use -l rce IP PORT to use the RCE module
• minor UI improvements

[Bug Fixes]

• fixed some compatibility issues with Microsoft Windows (see updated installation instructions if you use Windows)
• fixed style sheet issue, making tooltips unreadable if a light theme is used

[New Features]

• (optional) desktop notifications when attack finished, or when user input is needed (can be disabled in core/config.py)

[Improvements]

• improved GUI layout
• improved Crawler terminal output

[Bug Fixes]

• fixes a rare crash at the end, due to start_time being undefined in some conditions.

[New Features]

• Expanded RCE module by the php://input method

[Improvements]

• --lists can now be omitted when using the RCE module

[New Features]

• new selection menu for RCE techniques (like for payloads at the end of Phase 1)
• Vailyn notices which RCE technique worked by monitoring connections using psutil
• new argument: --precise to speed up Phase 1 with huge depth (will use exact depth, not range)

[Improvements]

• RCE module now has output, both in CLI and GUI
• RCE now uses J from -d I J K
• RCE: output of the spawned terminal emulator redirected to /dev/null
• RCE Payload now easily interchangeable (modify only 1 variable)

[Bugs]

• fixed a bug that RCE wouldn't consider null bytes when searching for log files

[New Features]

• new RCE techniques:
  • log poisoning: nginx
  • wrappers: expect, data

[Minor Improvements]

• gave Vailyn a custom process name for better monitoring (probably works only on *NIX)
• made Arjun's color scheme match Vailyn's

[Bug Fixes]

• fixed an issue that evasion payloads don't work correctly in POST attacks

[Improvements]

• increased performance for dictionary reading

[Bug Fixes]

• fixed a bug that the GUI crawler would not use the POST attack
• fixed a bug that the GUI crawler would remove the host section in the URL during Path Attack

[Improvements]

• applied Flake8 style rules to the Vailyn codebase

[Bug Fixes]

• fixed false positives when the server has a default include which disappears in case of payload file not found
• fixed endless loop when requests timed out in phase 1 and 2b
• fixed GUI crash when doing a POST attack

[Bug Fixes]

• fixed a source of false negatives introduced in 2.5.1-2, while keeping up its false positive fixes
• applied path fixes to Phase 2 and shell exploitation