You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HTTP Client Reuse: Requests now share a pooled http.Client (cached by proxy+timeout+redirect config) instead of creating a new client and TCP connection per request. This dramatically reduces connection overhead on large scans.
Eliminated httputil.DumpResponse: Response bodies are no longer loaded entirely into memory. Body size is now counted via io.Copy(io.Discard, ...), preventing OOM on large responses and enabling proper connection reuse.
Removed Close: true from requests: HTTP keep-alive connections are now properly reused instead of being forcefully closed after each request.
Reliability
Suppressed transient error noise: Retry-loop errors (e.g., unexpected EOF, connection reset) are no longer printed unless -v (verbose) is enabled. Only actionable errors are shown in normal mode.
Curl subprocess timeout: The HTTP versions technique (curl) now respects the configured timeout via context.WithTimeout, preventing indefinite hangs on unresponsive targets.
Non-standard URL encoding support: Added parseRawURL fallback for URLs with non-standard encodings (e.g., %u002f IIS-style unicode escapes) that Go's url.Parse rejects.
Maintenance
Removed deprecated rand.Seed() calls: Go 1.20+ auto-seeds the global PRNG; explicit seeding was unnecessary and produced deprecation warnings.
Explicit workflow permissions: Added contents: write to the release workflow for least-privilege compliance. Closes #6.
Updated go-viper/mapstructure to v2.4.0: Fixes Dependabot security alerts.
