Skip to content

Releases: waratek/spiracle

Spiracle 1.8.0

22 Oct 10:41
@ctognini ctognini
v1.8.0
8ee6ba0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Spiracle 1.8.0 Latest
Latest

Additions

  • Added commons-collections 3.2 dependency for Java RCE deserialization vulnerability via the Apache Invoker Transformer
  • Added simple jsp / servlet to request server send back a cookie in the response
  • Added new XSS test cases
Assets 3
Loading

Spiracle 1.7.0

06 Jun 15:57
@run-crash-run run-crash-run
v1.7.0
8c7b1a3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Spiracle 1.7.0

Feature Release

Additions

  • Added deserial.jsp for deserialization testing and commons-fileupload v1.3 dependency for CVE-2013-2186
  • Added new XSS test cases

Refactoring

  • Minor updates to SQL servlets and jsp page
Assets 3
Loading

Spiracle 1.6.0

04 Oct 15:40
@stuken stuken
v1.6.0
8c9a34e
Compare
Choose a tag to compare
Spiracle 1.6.0

Feature Release

Additions

  • Sybase database support for SQL Injection
  • Path Traversal support
  • Added SendRedirect servlet
  • Added AddCookies servlet
Assets 3
Loading

Spiracle 1.5.0

15 Jul 15:22
@stuken stuken
v1.5.0
12ff3c5
Compare
Choose a tag to compare
Spiracle 1.5.0

Feature Release

Additions

  • Added IBM DB2 compatible SQL injection servlets.
  • Added Crash JVM function.
  • Added Thread Stacktrace function.
  • Added Thread Kill function.
  • Added configurable SQLi error return code
  • Added support for CSRF testing.
  • Added rudimentary command execution capability.
Assets 3
Loading

Spiracle 1.4.1

16 Oct 16:27
@stuken stuken
v1.4.1
d50a883
Compare
Choose a tag to compare
Spiracle 1.4.1

Feature Release

Additions

  • Added Additional XSS vectors to allow arbitrary injection at any point within html template page.
Assets 3
Loading

Spiracle 1.4.0

14 Oct 08:37
@stuken stuken
v1.4.0
cdaec28
Compare
Choose a tag to compare
Spiracle 1.4.0

Feature Release

Project Refactor

  • Moved build and dependency management to Maven. Project now has the capacity to be built against all legal combinations of Java versions 5, 6 and 7 with Servlet API 2.5 or 3.0.

Additions

  • Added initial support for Reflected XSS through unsanitised reproduction of all request parameters.
  • Added option to support multiple simultaneous JDBC connection pools.
  • Added ability to invoke HttpServletRequest methods through front end for validation of character tainting on return.

Removals

  • Removed support for unmanaged JDBC connections.
Assets 3
Loading

Spiracle 1.3.1

21 Jul 15:27
@prateepb prateepb
v1.3.1
59a5a98
Compare
Choose a tag to compare
Spiracle 1.3.1

Set default connection type to c3p0

Assets 3
Loading

Spiracle 1.3.0

22 Apr 09:15
@stuken stuken
v1.3.0
a6b059c
Compare
Choose a tag to compare
Spiracle 1.3.0

Feature release

Additions

  • Added servlet support for MS SQL 2012.
  • Added file as URL traversal option.
  • Added file as resource stream traversal option.
Assets 3
Loading

Spiracle 1.2.0

20 Mar 11:46
@stuken stuken
v1.2.0
ac72d39
Compare
Choose a tag to compare
Spiracle 1.2.0

Feature release

Additions

  • Added support for jndi datasource look up.
  • Added C3P0 connection pool close on application context destroy.
Assets 3
Loading

Spiracle 1.1.1

03 Feb 17:41
@stuken stuken
v1.1.1
4172714
Compare
Choose a tag to compare
Spiracle 1.1.1

Bug fix release

Fixes

  • Fix for MySQL JDBC connections not being cleaned up after injection mitigation.
  • Fix logging SQLException messages from incorrect scope.

Additions

  • Internal package name refactor.
  • Added application server and application context path logging at start up.
Assets 3
Loading