v1.9.1-shelld3v

Added:

• New command line flag -header to add optional headers to requests
• More domain takeover fingerprints
• New url_tls_checker agent that check TLS/SSL version of secure web-servers

Changed:

• Do not follow redirects by default (changed command-line flag -no-redirect to -follow-redirect)
• Colors/styles of report tags are now look cooler
• Debug mode has been replaced with a debug log inside output directory
• No more ports validation when parsing Nmap/Masscan output

v1.9.0-shelld3v

Added:

• BigCartel domain takeover detection
• New command line flags -filter-string to filter hosts by string in response body

Changed:

• Some new default HTTP request headers
• Wappalyzergo for web technology fingerprinting

Removed:

• Client-side Prototype Pollution vulnerability detection (affects scanning result)

v1.8.0-shelld3v

The first release with a lot of updates from https://github.com/michenriksen/aquatone

Added:

• Client-side Prototype Pollution vulnerability detection
• New command line flags -match-codes|-filter-codes to filter hosts by HTTP status codes
• New command line flags -screenshot-delay to set delay between screenshots
• New command line flags -thumbnail-size to select screenshot thumbnail size
• New command line flags -full-page to do full page screenshotting
• New command line flags -no-redirect to not follow redirects
• New command line flags -offline to use local JS files, able to view Aquatone reports without Internet
• New command line flags -input-file to load targets from file
• New command line flags -similarity to set similarity rate for screenshots clustering
• Support for port range
• More subdomain-takeover fingerprints

Changed:

• Changed screenshot technology from backend to headless chromedp