Vailyn 2.1.5-3

[Bug Fixes]

• fixed timeout being None despite argument set
• fixed false positives if the server outputs error message that a needed GET parameter is missing

Vailyn 2.1.5-2

[Bug Fixes]

• fixed an issue that the crawler would use the GET parameters for the POST attack

[Improvements]

• -l FIL PATH not required anymore for crawler mode
• better, more universal payload for reverse shell exploitation
• Link spider only outputs found URLs, no logging

Vailyn 2.1.5-1

[Bug Fixes]

• fixed a critical issue with the crawler, that it would not execute attacks on all found sites + parameters, due to an exhausted payload generator
• fixed annoying urllib debug output in crawler

Vailyn 2.1.5-0

[New Features]

• new attack mode: -a 5 crawler mode
  • full automation, uses all techniques for all pages it finds
  • parameter discovery using Arjun by s0md3v

Vulnerability Analysis only
Use Vailyn again on a found vulnerability to exploit it

[Bug Fixes]

• increased stability of reverse shell exploitation

[Improvements]

• More readable time output format

Vailyn 2.1.0#pre-5

[New Features]

• new argument: -k INT to set a timeout for the requests
• new exploitation category: reverse shells
  • /proc/self/environ poisoned UserAgent
  • poisoned Apache & SSH logs
  • sending mail to server

(implemented techniques from infosecinstitute article)
NOT production ready, still in test phase
nc will be replaced with another payload soon

Vailyn 2.0-pre2

[Bug Fixes]

• fixed GUI color scheme making text unreadable on light OS schemes
• fixed Depth error dialog showing up when depth fields left blank
• fixed incorrect display + missing option for nullbyte selection
• append "/" to directory names from dictionary if they don't end with one
• fixed debug output not showing up in some cases

[Improvements]

• enabled verbosity on Phase 1
• minor GUI changes

Vailyn 2.0-pre1

[IMPORTANT]

This is a preview release (beta). Any new features may contain bugs!

[New Features]

• Vailyn now has a full-functional GUI built with Qt5
  invoke it using the --app argument.

[Bug Fixes]

• fixed a bug with query attacks that introduced a second ? in the URL, if selected parameter was not the first
• Windows users won't be asked if they want to shut down Tor anymore, leading to a crash

Vailyn 1.6.0-1

[New Features]

• new attack vector: path traversal via POST requests -a 4 -s DATA

DATA of form P1=data&P2=INJECT, where INJECT will be replaced by payloads

[Bug Fixes]

• fixed an issue with malformed downloads in cookie attacks

Vailyn 1.5.2-0

[Improvements]

• replaced old subprocess API with the newer run()
• added Tor support + management for macOS (brew services required)
• added service backend to Tor handling (for Linux distributions not using systemd)
• invoke progresswin() less frequently on Windows

[Bug Fixes]

• fixed crash at startup on Windows (due to wrong clear command)
• fixed crash in loot() on WIndows due to date format containing :

Vailyn 1.5.1-3

[New Features]

• Tor support now for Windows, too. Tor service must be started manually beforehand.

[Bug Fixes]

• fixed an issue on Windows, where the tool would crash for targets with custom port or BasicAuth, because : is not an allowed directory character
• fixed terminal output flood during attack by providing an extra progress function
• color output should work now on Windows, please report back if it still doesn't