Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: devploit/debugHunter
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: devploit/scan-toggle-button
Choose a base ref
...
head repository: devploit/debugHunter
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 12 commits
  • 4 files changed
  • 3 contributors

Commits on Feb 4, 2026

  1. Merge pull request #2 from devploit/devploit/scan-toggle-button

    feat: add scan toggle button (v2.0.1)
    devploit authored Feb 4, 2026
    Configuration menu
    Copy the full SHA
    a13e0a4 View commit details
    Browse the repository at this point in the history
  2. fix: reduce false positives in path and param/header detection (v2.0.2)

    - Add redirect detection: compare path redirects with catch-all redirect from random path probe
    - Add natural variance measurement: verify ambiguous signals with control request on dynamic sites
    - Improve soft-404 detection: filter paths with nearly identical content length (within 3%)
    
    Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
    devploit and claude committed Feb 4, 2026
    Configuration menu
    Copy the full SHA
    7e49510 View commit details
    Browse the repository at this point in the history
  3. Merge pull request #3 from devploit/devploit/fix-false-positives

    fix: reduce false positives in detection (v2.0.2)
    devploit authored Feb 4, 2026
    Configuration menu
    Copy the full SHA
    3c696af View commit details
    Browse the repository at this point in the history
  4. fix: require variance check for all detections without debug indicato…

    …rs (v2.0.3)
    
    Previously, variance check was only triggered for similarity-based signals.
    Now it triggers for ANY detection that lacks debug indicators, preventing
    false positives on dynamic pages like login.microsoftonline.com.
    
    Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
    devploit and claude committed Feb 4, 2026
    Configuration menu
    Copy the full SHA
    6f4c48e View commit details
    Browse the repository at this point in the history
  5. Merge pull request #4 from devploit/devploit/fix-false-positives

    fix: require variance check for detections without debug indicators (v2.0.3)
    devploit authored Feb 4, 2026
    Configuration menu
    Copy the full SHA
    72aa752 View commit details
    Browse the repository at this point in the history
  6. fix: always re-analyze with variance, not just for highly dynamic sit…

    …es (v2.0.4)
    
    Previously only re-analyzed if site had < 95% natural similarity.
    Now always re-analyzes with measured variance to catch subtler false positives.
    
    Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
    devploit and claude committed Feb 4, 2026
    Configuration menu
    Copy the full SHA
    b08e37f View commit details
    Browse the repository at this point in the history
  7. Merge pull request #5 from devploit/devploit/fix-false-positives

    fix: always re-analyze with measured variance (v2.0.4)
    devploit authored Feb 4, 2026
    Configuration menu
    Copy the full SHA
    df24ba8 View commit details
    Browse the repository at this point in the history
  8. fix: only skip paths that redirect to catch-all destination (v2.0.5)

    Previously all redirecting paths were skipped. Now only paths that
    redirect to the SAME destination as the random probe are filtered.
    Other redirects (like /admin -> /admin/login) are followed and checked.
    
    Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
    devploit and claude committed Feb 4, 2026
    Configuration menu
    Copy the full SHA
    3928c93 View commit details
    Browse the repository at this point in the history
  9. Merge pull request #6 from devploit/devploit/fix-false-positives

    fix: only skip paths with catch-all redirect (v2.0.5)
    devploit authored Feb 4, 2026
    Configuration menu
    Copy the full SHA
    c559601 View commit details
    Browse the repository at this point in the history
  10. fix: include port in baseUrl for path checking (v2.0.6)

    Changed urlObj.hostname to urlObj.host to include the port number.
    Without this, paths on localhost:9000 were being checked on localhost:80.
    
    Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
    devploit and claude committed Feb 4, 2026
    Configuration menu
    Copy the full SHA
    2430682 View commit details
    Browse the repository at this point in the history
  11. fix: reduce false positives in path and param/header detection (v2.0.6)

    Major changes to reduce false positives:
    - Redirect detection: compare with catch-all redirect from random path probe
    - Natural variance measurement for dynamic sites
    - Smart mode requires clear evidence (debug indicators or status changes)
    - Debug indicators must be NEW (not present in original response)
    - Fixed path detection on non-standard ports (use host instead of hostname)
    - Improved soft-404 detection with tighter content length comparison
    
    Added dynamic test server (test/server.py) that serves different content
    based on debug params/headers, mimicking real-world behavior.
    
    Updated README with new test server instructions and changelog.
    
    Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
    devploit and claude committed Feb 4, 2026
    Configuration menu
    Copy the full SHA
    5d7eaef View commit details
    Browse the repository at this point in the history
  12. Merge pull request #7 from devploit/devploit/fix-false-positives

    fix: reduce false positives in detection (v2.0.6)
    devploit authored Feb 4, 2026
    Configuration menu
    Copy the full SHA
    60dfc2f View commit details
    Browse the repository at this point in the history
Loading