Releases: mazen160/bfac
Releases · mazen160/bfac
BFAC v1.4
Release Date: November 8th, 2017
Additions/Features:-
[+] Added --proxy-file and --user-agents-file options.
[+] Improved console output.
[+] Added pattern for CVE-2017-12616.
Fixed Bugs:-
[*] Fixed a bug in proxying requests - Thanks Justin Kennedy @jstnkndy.
Known Bugs/Issues:-
None
BFAC v1.3
Release Date: June 30th, 2017
Additions/Features:-
[+] BFAC now supports multithrading.
[+] request-rate throttling support.
[+] Redesigned command-line user interface.
[+] Code refactor.
[+] Better support for using BFAC as a module.
[*] Removed --verbose and --api.
[+] Improved the detection algorithm.
[+] Added JSON and CSV reporting.
Fixed Bugs:-
None
Known Bugs/Issues:-
None
BFAC v1.2
Release Date: March 18th, 2017
Additions/Features:-
[+] Complete code-rewrite of BFAC.
[+] BFAC now can works as module.
[+] Additional BFA patterns.
Fixed Bugs:-
[*] Improved url_handler() way of handling URLs.
[*] Fixed UI/UX issues.
Known Bugs/Issues:-
None
BFAC v1.1
Release Date: November 8th, 2016
Additions/Features:-
[+] Official BFAC User-Agent - Thanks Christian Folini (@ChrFolini)
[+] Additional BFA patterns.
[+] Better way of parsing URLs - Thanks Omar Kurt (@omarkurt)
[+] --dvcs-test flag to only check for exposed DVCS repositories, (DVCS tests are done by default when using BFAC on level 4, now you can run it seperately).
[+] --api flag to return findings in JSON form.
[+] --timeout option to control the timeout.
[+] --proxy flag to issue requests via proxies when testing.
[+] --proxy-cred to be used with --proxy flag for handling proxy credintials.
[+] --user-agent, -ua to specify your own user-agent, (--random-agent is available since v1.0).
[+] --cookie flag to specify arbitray HTTP Cookie header.
[+] --host flag to specify arbitray HTTP Host header.
[+] --headers flag to add arbitrary HTTP headers in requests.
[+] --invalid-content-length flag:
When verifying the existence of files, BFAC by default send an initial request to determine the content-length
and to build an idea about the invalid (not found) pages. This flag can be used to disable the automatic process
of sending an initial request and manually specifying a content-length of an invalid page. It's an optional flag
that can be used when facing false-positives, tests shows it rarely need this option, but it would be good to have
it since BFAC aims to be an "All-in-One" tool for testing backup-file artifacts.
[+] --content-length-range flag:
This option can be used to optmise the range of the invalid pages based on the content-length.
It's an optional flag, and the reason this flag is added is as same as --invalid-content-length flag.
[+] New --help design.
Fixed Bugs:-
[*] Fixed a bug in url_handler().
[*] Better support for Windows machines.
[*] Fixed a bug that can have same check in a test done more than one time. Now it only does the same check once.
Known Bugs/Issues:-
None