-
Notifications
You must be signed in to change notification settings - Fork 104
/
CHANGELOG.txt
94 lines (75 loc) · 3.4 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# *******************************************************************
# *** BFAC: Backup File Artifacts Checker ***
# * Description:
# An automated tool that checks for backup artifacts
# that may disclose the web-application's source code.
# * Homepage:
# https://github.com/mazen160/bfac
# * Author:
# Mazin Ahmed <Mazin AT MazinAhmed DOT net>
# *******************************************************************
### Changelog:-
* v1.4:
Additions/Features:-
[+] Added --proxy-file and --user-agents-file options.
[+] Improved console output.
[+] Added pattern for CVE-2017-12616.
Fixed Bugs:-
[*] Fixed a bug in proxying requests - Thanks Justin Kennedy @jstnkndy.
Known Bugs/Issues:-
None
* v1.3:
Additions/Features:-
[+] BFAC now supports multithrading.
[+] request-rate throttling support.
[+] Redesigned command-line user interface.
[+] Code refactor.
[+] Better support for using BFAC as a module.
[*] Removed --verbose and --api.
[+] Improved the detection algorithm.
[+] Added JSON and CSV reporting.
Fixed Bugs:-
None
Known Bugs/Issues:-
None
* v1.2:
Additions/Features:-
[+] Complete code-rewrite of BFAC.
[+] BFAC now can works as module.
[+] Additional BFA patterns.
Fixed Bugs:-
[*] Improved url_handler() way of handling URLs.
[*] Fixed UI/UX issues.
Known Bugs/Issues:-
None
* v1.1:
Additions/Features:-
[+] Official BFAC User-Agent - Thanks Christian Folini (@ChrFolini)
[+] Additional BFA patterns.
[+] Better way of parsing URLs - Thanks Omar Kurt (@omarkurt)
[+] --dvcs-test flag to only check for exposed DVCS repositories, (DVCS tests are done by default when using BFAC on level 4, now you can run it seperately).
[+] --api flag to return findings in JSON form.
[+] --timeout option to control the timeout.
[+] --proxy flag to issue requests via proxies when testing.
[+] --proxy-cred to be used with --proxy flag for handling proxy credintials.
[+] --user-agent, -ua to specify your own user-agent, (--random-agent is available since v1.0).
[+] --cookie flag to specify arbitray HTTP Cookie header.
[+] --host flag to specify arbitray HTTP Host header.
[+] --headers flag to add arbitrary HTTP headers in requests.
[+] --invalid-content-length flag:
When verifying the existence of files, BFAC by default send an initial request to determine the content-length
and to build an idea about the invalid (not found) pages. This flag can be used to disable the automatic process
of sending an initial request and manually specifying a content-length of an invalid page. It's an optional flag
that can be used when facing false-positives, tests shows it rarely need this option, but it would be good to have
it since BFAC aims to be an "All-in-One" tool for testing backup-file artifacts.
[+] --content-length-range flag:
This option can be used to optmise the range of the invalid pages based on the content-length.
It's an optional flag, and the reason this flag is added is as same as --invalid-content-length flag.
[+] New --help design.
Fixed Bugs:-
[*] Fixed a bug in url_handler().
[*] Better support for Windows machines.
[*] Fixed a bug that can have same check in a test done more than one time. Now it only does the same check once.
Known Bugs/Issues:-
None
* v1.0: Initial release.