Waymap Changelog

v1.0.3

• Features: SQL Injection Scanner
• Command Injection Scanner
• Web Crawler

v1.0.4

• Updated crawler to crawl URLs within the target domain boundary and handle target URL redirection
• Added auto-update for scanner

v1.0.5

• Fixed minor bugs (reclone the repo if you're using v1.0.4).

v1.0.6

• Enhanced the auto-update feature; no need to reclone the repo after this update.
• Please reclone if using v1.0.5.

v1.0.7

• Fixed minor bugs.
• Added support for scanning multiple URLs using --multi-target {targetfilename}.txt (ensure the file has one URL per line).
• Auto-update enabled; no need to reclone unless on version v1.0.5 or older.

v1.0.8

• Added concurrency to utilize more CPU threads, speeding up SQL injection scans.
• Improved stability.
• Added logging functionality.

v1.0.9

• Minor bug fix.

v1.1.0

• Added a new scan type: Server Side Template Injection (--scan ssti).
• Now you can run all scan types in one command using --scan all.
• Added threading in SSTI (Server Side Template Injection).

v1.1.1

• Fixed SSTI exiting error.

v1.2.1

• Added new scanning module: XSS (Cross-Site Scripting) --scan xss.
• Added XSS filter bypass payload testing.
• Added threading in XSS testing.
• Added new scanning module: LFI (Local File Inclusion) --scan lfi.
• Added threading in LFI testing.

v1.3.1

• Added new scanning module: Open Redirect --scan open-redirect.
• Added custom thread count in Open Redirect testing.
• Fixed minor bugs.

v2.4.1

• Added new scanning module: CRLF Injection --scan crlf (Carriage Return and Line Feed).
• Added custom threading count in CRLF scans.
• Improved Waymap Crawler to crawl at any depth.
• Added custom threading in crawling.
• Added new User-Agents in ua.txt.
• Fixed major bugs/errors.

v2.5.2

• Added new scan type: CORS Misconfiguration --scan cors (Cross-Origin Resource Sharing).
• Added threading in CORS scan.
• Fixed CRLF bug.
• Fixed minor bugs.

v2.5.3

• Fixed scanning exiting error.

v2.5.4

• Fixed bug in Open-Redirect, CRLF, CORS.

v2.5.5

• Updated SQLi module to handle multiple parameters.
• Added new argument --random-agent: Waymap will use a random user agent only when this argument is used.
• Updated Waymap to use headers during scans to make requests look more legitimate and reduce the chance of being flagged or blocked.

v2.5.6

• Bugs fixed.
• No SSL verify update.
• New updates coming soon.

v3.5.6

• New Web Crawler (v2.5) with extended scope.
• Fixed injection module testing errors.

v3.6.6

• Improved v3 Crawler (Waymap Crawler is now better than SQLMap Crawler).
• Added new arguments: --url/-u and --multi-url/-mu to scan URLs without crawling them.
• Bug fixes.

v3.7.6

• Added new argument --threads/-T (no more prompting for threads).
• Optimized Waymap.

v3.7.7

• Fixed bug/error.

v3.8.7

• Added new argument --no-prompt/-np (it will not prompt for any input during scan, default input = 'n').
• Bug fixes.

v4.8.7

• Big update in Waymap.
• Added new scan profiles: --scan critical-risk and --scan high-risk.
• These profiles will use CVE scanners and exploits added in Waymap according to the severity from NVD.
• Currently, there are 32 CVE exploits and scanners added:
• WordPress: 19 CVEs
• Drupal: 4 CVEs
• Joomla: 7 CVEs
• Generic/Others: 2 CVEs

v4.9.0

• Added new arguments to handle profiles:
• --profile critical-risk / --profile high-risk
• --profileurl https://example.com/
• Fixed import errors.
• Optimized Waymap.

v4.9.1

• Made Waymap more stable for faster processing.

v5.0.1

• Added --no-prompt and --threads usage in crawling.
• Bug fixes.

v5.1.1

• Added new argument --check-updates: when used, it will check for the latest version of Waymap and automatically update it.
• No more forced updates.

v5.2.1

• New SQL Injection scanning module.
• High accuracy and fewer false positives.
• Access it using: --scan sqli.

v5.3.1

• Added Boolean-Based SQLi Testing
• High accuracy but may give false positives
• Access it using: --scan sqli

v5.4.1

• Updated CVE testing logic for Profile-Critical CMS (WordPress)
• Improved detection accuracy

v5.5.1

• Added 45 new CVE detection logics
• 11 Critical-Risk CVEs
• 34 High-Risk CVEs
• For CVE details, see CVEVULN.md

v5.6.1

• Added 19 new CVE detection logics
• 8 Critical-Risk CVEs
• 11 High-Risk CVEs
• For CVE details, see CVEVULN.md

v5.7.1

• Removed --random-agent (Waymap now uses different headers for each request by default)
• Added IP Spoofing for more anonymity
• Updated WP plugin checking logic (High-Profile & Critical-Profile)
• Minor bug fixes

v5.7.2

• Added new logic to update Waymap

v5.8.2

• Removed --profileurl/-pu argument
• New usage: Use --target with --profile instead
• Removed --url and --multi-url/-mu arguments
• Added 74 Critical Severity CVEs
• For CVE details, see CVEVULN.md

v5.9.4

• Removed old error-based SQL injection method
• New method available via --scan sqli
• Updated open redirect vulnerability testing
• Updated crawler to v4
• Added 249 high-risk CVEs
• Total CVEs count: 390

v6.0.4

• Added new scan profile: deepscan
• Features in Deepscan:
• Scans for 25+ header vulnerabilities
• Massive directory fuzzing
• Finds backup files on the server
• Fixed CORS scan type error
• Minor bug fixes

v6.0.5

• Fixed issue regarding Waymap updates

v6.0.6

• Minor code fixes

v6.1.6

• Added new module in Deepscan profile: Vulnerable JavaScript Library & Files Scanner
• Added WAF/IPS detector (Detects 160+ types of WAFs)
• Usage: --check-waf or --waf https://example.com

v6.1.7

• Fixed missing XSS payload file error
• Minor bug fixes

v6.1.8

• Updated SQL injection exiting logic
• Minor bug fixes

For more detailed information, visit the README file.

Get in Touch

If you have questions or feedback, feel free to reach out on GitHub or join our Waymap repository.