CatchClaw v5.2.0 — 72-Module Full CVE Coverage

What's New in v5.2.0

13 New CVE-Targeted Exploit Modules (59 → 72)

Module	CVE / Source	Description
gateway_hijack	CVE-2026-25253 (CVSS 8.8)	gatewayURL WebSocket hijacking → Token theft
safebins_bypass	CVE-2026-28363 (CVSS 9.9)	GNU long-option abbreviation bypass → RCE
ws_auth_brute	CVE-2026-32025	WebSocket auth brute-force
localhost_trust	ClawJacked	localhost implicit trust bypass
guest_mode_abuse	Conscia Audit	Guest Mode dangerous API exposure
mdns_leak	Conscia Audit	mDNS/HTTP configuration parameter leakage
skill_supply_chain	ClawHavoc	Malicious skill supply chain detection
voice_ext_rce	CVE-2026-28446 (CVSS 9.8)	Voice Extension RCE
env_inject	CVE-2026-32056	Environment variable injection
ipv6_ssrf_bypass	—	IPv4-mapped IPv6 SSRF bypass
msg_platform_spoof	—	Telegram/Discord/Matrix identity spoofing
librechat_probe	CVE-2025-69222/69220/54868	LibreChat multi-CVE probe
lobechat_probe	CVE-2026-23733	LobeChat Mermaid XSS→RCE

New Features

• Multi-target scanning — CIDR notation, IP ranges, comma-separated targets, target file (-f)
• Port scanning & service discovery — TCP connect scan + OpenClaw fingerprinting
• 200+ external payloads — SSRF, injection, prompt injection, auth bypass, XSS (YAML)
• CLI enhancements — --profile, --severity-filter, --format (json/html/markdown), --dry-run
• HTML report (dark-themed, self-contained) + Markdown report output
• TOML profile presets (quick/stealth/full)
• Release CI — automated multi-platform builds (Linux/macOS/Windows)
• 110 unit tests (up from 38)

Fixes

• MinGW linker failure on CJK/bracket paths
• log_clean()/log_outcome() signature mismatch across 59 modules
• Various config serde defaults, test escaping, Unicode char count

---

Full Changelog: v5.1.0...v5.2.0

Full Changelog: v5.1.0...v5.2.0

CatchClaw v5.1.0 — Multi-Target Scanning & Payload Enhancement

What's New in v5.1.0

Multi-Target Scanning

• CIDR notation (--targets "192.168.1.0/24:8080")
• IP range (--targets "10.0.0.1-10.0.0.50:8080")
• Target file (-f targets.txt) — one host:port per line
• Comma-separated (-t host1:8080,host2:443)
• Bounded parallel scanning with configurable concurrency

Port Scanning & Service Discovery

• TCP connect scan across common ports (80, 443, 3000, 8080, etc.)
• OpenClaw fingerprinting via /api/v1/auths/, /health, /api/config, WebSocket /ws
• Custom port ranges (--ports 8000-9000)

200+ External Payloads

• payloads/ssrf.yaml — AWS/GCP/Azure/DigitalOcean metadata, IP bypass (0x7f000001, etc.), protocol smuggling (gopher, dict, file)
• payloads/injection.yaml — Command injection, shell metachar, encoding bypass, template injection
• payloads/prompt_inject.yaml — System prompt extraction, DAN jailbreak, role override, context overflow
• payloads/auth_bypass.yaml — Token manipulation, header bypass, path traversal, default creds
• payloads/xss.yaml — Reflected, event handlers, filter bypass, polyglot

CLI Enhancements

• --profile — Select scan presets from catchclaw.toml (quick/stealth/full)
• --severity-filter critical,high — Filter results by severity
• --format html|markdown|json — Choose report output format
• --dry-run — Preview DAG execution plan without scanning
• Improved list output with numbered table
• Scan config summary box before execution

Report Formats

• HTML — Dark-themed, self-contained, XSS-safe report with summary cards
• Markdown — GitHub-flavored with summary table and detailed findings
• JSON — Existing structured output (now supports multi-target)

CI/CD

• Release workflow: automated Linux/macOS/Windows builds on version tags
• rustfmt --check and cargo-audit security scanning in CI

Code Quality

• 110 unit tests (up from 38 in v5.0.0)
• Build fix for paths containing CJK/bracket characters
• Fixed log_clean()/log_outcome() signature mismatch across 59 modules
• TOML profile mechanism with apply_profile()
• PayloadRegistry with directory loading and merge support

---

Full Changelog: v5.0.0...v5.1.0

Full Changelog: https://github.com/Coff0xc/catchclaw/commits/v5.1.0