v1.1.3

What's Changed

• Added streaming input support -stream by @Mzack9999 in #408
• Added goflags support by @LuitelSamikshya in #410
• Added CSV output format support -csv by @wux1an in #397
• Fixed automatic UA if a user defines custom one by @Mzack9999 in #386
• Fixed content-length calculation by @Mzack9999 in #389
• Fixed a bug with printing status-code with unsafe flag by @LuitelSamikshya in #399
• Fixed a bug in POST requests with body flag by @LuitelSamikshya in #403

New Contributors

• @chenrui333 made their first contribution in #396
• @sullo made their first contribution in #401
• @wux1an made their first contribution in #397

Full Changelog: v1.1.2...v1.1.3

v1.1.2

Changelog

• Added support to skip unresponsive hosts using max-host-error flag #259 #359
• Added support to define max number of redirects to follow using max-redirects flag #363
• Added comma-separated multiple / file input support for allow / deny flag #371
• Added improved error handling for deny flag #353
• Added case insensitive input support for request method using x flag #348
• Fixed an issue with infinite redirect loop #363
• Fixed an issue causing long timeout using unsafe flag #355
• Fixed an issue with probe flag when using with multiple scheme input #354
• Fixed an issue with inconsistent JSON output for input field #362
• Fixed an issue with non-ASCII characters input using unsafe flag #373

v1.1.1

Changelog

• Added probe flag to display probed status #319
• Added scan pause/resume support. #219
• Added rate limit support with rate-limit flag #315
• Added probe information in JSON output #319
• Added original input information in JSON output #319
• Added exclude-cdn support with ports flag #328
• Added non-ascii input support in paths with unsafe flag #331
• Added response-size-to-save flag #325
• Fixed a bug with deny flag #317
• Fixed a bug with response-size-to-read flag #325
• Fixed a bug in stats calculation #342

v1.1.0

Changelog

• Fixed #303
• Fixed #239

v1.0.9

Changelog

bbca0d9 Crash bugfix - #290

v1.0.8

Changelog

d588ef6 Fixed fallback logic
a9961d4 Added no-fallback-scheme flag to process user defined HTTP scheme as input

v1.0.7

Changelog

f2504f2 Fixed a severe bug with URL parsing introduced in the v1.0.6 release #277 📝 @osamahamad @vysecurity
efd8343 Fixed an issue with http2 causing issues with burp proxy #274 📝@0x0msg
fb5a8f6 Added support to print followed URLs in the output #215 💡@JoshuaMart
be85cbc Added support to follow 307/308 based redirects #280 💡 @stigkj
51da009 Added TLS fingerprint hash information in the JSON output #221
c1ee06a Added support to respect user-defined HTTP schema in the input #273 by @Becivells

v1.0.6

Changelog

7e459a6 Fixed a bug with hosts running websocket causing never ending httpx scan.
e9bb05d Fixed a bug with POST request method.
28ef5a1 Fixed a bug to output ip/cname when port as input is used by @iflody
b801730 Fixed a bug with unsafe flag.
708fbc2 Added support to display redirect chain with follow-redirects flag
62c32ca Added support to store redirect chain data with store-chain flag
780199f Added glob support to read multiple files as input (-l "subdomains-to-probe/*")
aa2e70f Added allow flag to whitelist IPs/CIDRs for probing.
aa2e70f Added deny flag to block IPs/CIDRs for probing.
f560d24 Added max-response-body-size flag to define max response body size.
a387acc Added extract-regex flag to print custom strings from response to CLI.
0582ec9 Auto-enabled tls-grab when tls-probe flag is used.
dbd75f4 Updated to latest wappalyzergo release.

v1.0.5

Changelog

07bff31 Added wappalyzergo based technology detection (-tech-detect)
2112a44 Added file based paths input support (-paths)
f8104ae Added random user agent support (-random-agent)
782cdcf Added syscall fallback support.
9ddeea3 Updated title extraction with improved regex
bfbf2b6 Fixed duplicate result when input CIDR targets
49e0aad JSON output improvements.

Notable flag changes:-

• include-response flag instead of response-in-json
• response-in-json is still supported but deprecated flag.
• tls-grab is now optional instead of default.
• tls-probe now can be used along with tls-grab

Notable JSON output changes:-

• Newly added fields:- timestamp, request,scheme,port, path, body_sha256, header_sha256
• Updated fields:- serverResponse with response-body, ip with host, ips with a, tls with tlsgrab

Example of default updated JSON output:-

{
  "timestamp": "2021-04-10T00:19:54.505279+05:30",
  "scheme": "https",
  "port": "443",
  "path": "/",
  "body-sha256": "bf697861898d0a7fabf4886f0eb238a440f45622e062ef40ac266e5575796347",
  "header-sha256": "4196b49038b99831b6d3fc40100162cabf81ac2718cd01e21efd5ba3926d1dfa",
  "a": [
    "104.16.99.52",
    "104.16.100.52"
  ],
  "url": "https://hackerone.com",
  "location": "https://www.hackerone.com/",
  "webserver": "cloudflare",
  "content-type": "text/html",
  "method": "GET",
  "host": "104.16.99.52",
  "content-length": 92,
  "status-code": 301,
  "csp": {
    "domains": [
      "www.google-analytics.com",
      "errors.hackerone.net",
      "cover-photos.hackerone-user-content.com",
      "hackathon-photos.hackerone-user-content.com",
      "profile-photos.hackerone-user-content.com",
      "hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com",
      "https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d",
      "www.youtube-nocookie.com"
    ]
  },
  "response-time": "547.188917ms"
}

v1.0.4

Bump go.mod