@vulcn/engine 0.3.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -0
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,32 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.4.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- d4fd4df: ### Breaking: Remove built-in payloads, PayloadBox is now the default
|
|
8
|
+
|
|
9
|
+
All hardcoded built-in payloads have been removed. Payloads are now fetched on demand from [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings), the largest community-curated security payload collection.
|
|
10
|
+
|
|
11
|
+
**`@vulcn/engine`**
|
|
12
|
+
- Removed `"builtin"` from `PayloadSource` type — valid sources are now `"custom" | "payloadbox" | "plugin"`
|
|
13
|
+
|
|
14
|
+
**`@vulcn/plugin-payloads`**
|
|
15
|
+
- Removed all built-in payload sets and the `builtin`, `include`, `exclude`, `payloadbox` config options
|
|
16
|
+
- New config: `types` (short aliases), `limit`, `files`
|
|
17
|
+
- Short aliases for payload types: `xss`, `sqli`, `xxe`, `cmd`, `redirect`, `traversal`
|
|
18
|
+
- Removed legacy `payloadbox:` prefix — use short aliases directly
|
|
19
|
+
|
|
20
|
+
**`vulcn` (CLI)**
|
|
21
|
+
- Default payload changed from `xss-basic` to `xss` (PayloadBox)
|
|
22
|
+
- `vulcn payloads` now lists PayloadBox types with short aliases
|
|
23
|
+
- `vulcn run` help updated with payload type reference
|
|
24
|
+
- Auto-loads `@vulcn/plugin-detect-sqli` when `sqli` payloads are used
|
|
25
|
+
|
|
26
|
+
**`@vulcn/plugin-detect-sqli`**
|
|
27
|
+
- SQL injection detection plugin with error-based, response diffing, and timing-based strategies
|
|
28
|
+
- Auto-loaded by CLI when SQLi payloads are selected
|
|
29
|
+
|
|
3
30
|
## 0.3.2
|
|
4
31
|
|
|
5
32
|
### Patch Changes
|
package/dist/index.d.cts
CHANGED
|
@@ -11,7 +11,7 @@ type PayloadCategory = "xss" | "sqli" | "ssrf" | "xxe" | "command-injection" | "
|
|
|
11
11
|
/**
|
|
12
12
|
* Payload source types
|
|
13
13
|
*/
|
|
14
|
-
type PayloadSource = "
|
|
14
|
+
type PayloadSource = "custom" | "payloadbox" | "plugin";
|
|
15
15
|
/**
|
|
16
16
|
* Runtime payload structure - used by plugins and the runner
|
|
17
17
|
*/
|
package/dist/index.d.ts
CHANGED
|
@@ -11,7 +11,7 @@ type PayloadCategory = "xss" | "sqli" | "ssrf" | "xxe" | "command-injection" | "
|
|
|
11
11
|
/**
|
|
12
12
|
* Payload source types
|
|
13
13
|
*/
|
|
14
|
-
type PayloadSource = "
|
|
14
|
+
type PayloadSource = "custom" | "payloadbox" | "plugin";
|
|
15
15
|
/**
|
|
16
16
|
* Runtime payload structure - used by plugins and the runner
|
|
17
17
|
*/
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vulcn/engine",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0",
|
|
4
4
|
"description": "Fast, modern security testing engine — record browser sessions, replay with attack payloads, and detect vulnerabilities automatically. Pluggable driver and detection system for web application penetration testing.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|