Changes:
0.0.9
-----
- Add .orig extension to backupfiles test.
- Add new tests for wordpress debug.log files and url-encoded HTTP header.
- Minor bugfixes.
Changes:
0.0.8
-----
- add vb_test.php check
- add phpinfo test
0.0.7
-----
- add a test for openelasticsearch
- add check for django debugging on error pages
- print more information about invalid hostnames
- add laravel telescope test
Changes:
(No changelog available but main changes inspecting commits):
- Add check for wordpress installer in subdir
- Remove CVS test, produces too false positives and hardly any true positives
- Add installer check for common PHP web applications
- Add info check for composer files
- Add info check for mailman
- Add check for monit default webinterface credentials
- Rework optionsbleed check and avoid ReDoS attack (upstream issue #24)
snallygaster is a tool that looks for files accessible on web servers that
shouldn't be public and can pose a security risk.
Typical examples include publicly accessible git repositories, backup files
potentially containing passwords or database dumps. In addition it contains a
few checks for other security vulnerabilities.
