Loads of bug fixes and minor improvements
This release addresses a few issues in the 2.7.0 and older releases, in addition to introducing a few tweaks to provide more flexibility:
- sfp_xforce was not collecting passive DNS information, now it is.
- sfp_xforce was still running even if you didn’t set an API key.
- sfp_xforce was dismissing data as being too old, even if it wasn’t.
- sfp_xforce can now take 0 (unlimited) for an age range.
- sfp_whois collects Whois information about netblocks now.
- Modules requiring an API key that wasn’t set would continually complain, resulting in high errors. Now they only complain once (at the beginning of a scan) and that’s all.
- Search engine modules won’t report pages anymore if they don’t contain links associated with your target.
- sfp_tldsearch would previously run against a domain for each hostname identified, pointlessly slowing down a scan. It doesn’t do that anymore.
- Historic interesting files identified by sfp_historic are now reported.
- Removed stale debug messages from sfp_sharedip.
- sfp_email was reporting duplicate events from the same data source.
- sfp_spider and sfp_intfiles fixed to identify interesting files from URLs.
- sfp_sharedip fixed to parse robtex.com properly.
- sfp_sharedip improved to be able to search both Bing and Robtex.
- sfp_sharedip to now look up netblocks rather than just individual hosts.
- sfp_pwned now respects HaveIBeenPwned?’s rate limiting.
- sfp_pastes no longer returns search engine web content - too many false positives.
- Made sfp_s3bucket more respectful of scan abort requests.
- Removed the ‘fetchlinks’ option from search engine modules, as this was pointless seeing as the module didn’t do any fetching of pages anyway yet the option was still needed to be set in order for this module to be useful.
- Fixed a bug in sfp_filemeta causing it to crash when it encountered empty PDFs files.