There is a new version of skipfish (2.07b) on the site. ChangeLog: - A horrible bug fix which caused instable pages not be marked as such. The result: false positives. - A change to fprint_response() will help reduce false positives that could occur for differential tests (i.e. the query and shell injection tests) - We now suppress implicit cache warnings when dealing with 302, 303 and 307 redirects. - Added --no-checks which allows a scan to be run without any injection tests. This still allows bruteforcing and combines well with the new ability to load URLs from previous scan results. - We can now parse the pivots.txt, which can be found in the output directory of older scans. All URLs will be loaded which seriously speeds up recurring scans. - Directory bruteforcing now includes a content negotiation trick where using a fake mime in the Accept: header will cause some servers to propose us files via a 406 response. Renaming the current ebuild seems to work fine.
+*skipfish-2.07_beta (05 Jun 2012) + + 05 Jun 2012; Michael Weber <xmw@gentoo.org> +skipfish-2.07_beta.ebuild: + Version bump (thanks Paolo Pedroni, bug 419731) +
