Changelogs

Invicti Standard

RSS Feed

27 Jan 2017

Fixes Fixed an InvalidOperationException which occurs on some specific setups. Fixed several scan activity list issues and enhanced performance.

Fixes

  • Fixed an InvalidOperationException which occurs on some specific setups.
  • Fixed several scan activity list issues and enhanced performance.

20 Jan 2017

IMPROVEMENTS Added CVSS information to more vulnerabilities. Updated vulnerability database. FIXES Fixed a crash which occurs when too many elements are nested in the HTTP response. Fixed a text parsing issue where absolute URLs were converted to invalid relative URLs. Fixed incorrect protocol detection for protocol-relative URLs.

IMPROVEMENTS

  • Added CVSS information to more vulnerabilities.
  • Updated vulnerability database.

FIXES

  • Fixed a crash which occurs when too many elements are nested in the HTTP response.
  • Fixed a text parsing issue where absolute URLs were converted to invalid relative URLs.
  • Fixed incorrect protocol detection for protocol-relative URLs.

12 Jan 2017

New Features Included support for the Invicti Hawk infrastructure for detection of SSRF and OOB vulnerabilities. Support for importation of Postman files. Added “Copy as cURL” context menu item to sitemap. Added “Copy sqlmap Payload” context menu item for SQL Injection vulnerabilities. Added HTTP request rate limiting options to Scan Policy. Added “Ignored Email Addresses” …

New Features

  • Included support for the Invicti Hawk infrastructure for detection of SSRF and OOB vulnerabilities.
  • Support for importation of Postman files.
  • Added “Copy as cURL” context menu item to sitemap.
  • Added “Copy sqlmap Payload” context menu item for SQL Injection vulnerabilities.
  • Added HTTP request rate limiting options to Scan Policy.
  • Added “Ignored Email Addresses” section for Scan Policy.
  • Added accept and reject options for untrusted SSL certificates.
  • Added an option to disable automatic detection of 404 error pages.

New Security Checks

  • New security checks for Server Side Request Forgery (SSRF) vulnerability
  • New security checks for out-of-band vulnerabilities such as OOB SQL Injection, OOB XXE, Blind XSS, OOB RCE, OOB RFI etc.
  • Added “Missing object-src in CSP Declaration” vulnerability detection.
  • Added “Apache Multiple Choices” vulnerability detection.
  • Added “Stored DOM based XSS” vulnerability detection.

Improvements

  • Improved the message displayed when trying to open an invalid session file.
  • Added /nopdf command line switch to prevent generating PDF reports while performing automated scans.
  • Added AttackPattern.GetAllEngines() and AttackPattern.GetAllPatterns() methods to reporting API to get the list of engine and pattern IDs.
  • Added “Test Credentials” support for Basic, NTLM/Kerberos authentication configuration screen.
  • Added progress dialog for importing links.
  • Improved the performance of several link importers.
  • Added global proxy options under Tools > Options to configure an application wide proxy.
  • Added “Bearer Token” support for form authentication.
  • Added confirmation for Frame Injection vulnerabilities.
  • Added http: and https: checks for CSP vulnerability detection.
  • Improved link importers where redundant CONNECT requests are now excluded.
  • Optimized attacker performance for links containing single parameter.
  • Added SSL protocol selection for scan policies.
  • Added context menu items to the Report Policy Editor to multiple selected vulnerabilities by severity.
  • Optimized crawling parser by skipping DOM simulation on pages with static content.
  • Improved coverage of CORS security check with extra attacks.
  • Removed GWT attacks from file upload security checks.
  • Improved DOM simulation performance.
  • Improved CSS parsing which now follows CSS import directives.
  • Improved coverage of open redirect security checks by adding/updating attacks patterns.
  • Improved logout detection by skipping JavaScript responses.
  • Added support for “HTTP 410 Gone” and “HTTP 451 Unavailable For Legal Reasons” response status codes.

Bug Fixes

  • Fixed an issue where a multiple cookies issue should not be reported.
  • Fixed a JSON parsing issue with text parser.
  • Fixed a request builder issue where the credentials on URL were not preserved.
  • Fixed a request builder issue where the port number change is not reflected to raw request tab.
  • Fixed a NullReferenceException which may have been thrown while closing the splash screen.
  • Fixed a NullReferenceException which may have been thrown while updating activities on scan summary dashboard.
  • Fixed clipped texts on several windows while using higher DPI settings.
  • Fixed a request builder issue where the port on pasted URL is not parsed.
  • Fixed a request builder issue where Cookie request header is not sent.
  • Fixed a request builder issue where Cache-Control request header value was being duplicated.
  • Fixed an HTTP response reading issue where the response could not be read when only BOM bytes are sent on first read attempt.
  • Fixed the list on LFI exploitation panel where the same files were being duplicated.
  • Fixed an issue in report policy editor that causes CVSS editing controls to disappear.
  • Fixed a NullReferenceException on scan policy editor dialog thrown while clicking select inverse context menu on some security check groups.
  • Fixed an issue where a false-positive file upload vulnerability might be reported.
  • Fixed several DOM simulation issues on pages that have many iframe elements.
  • Fixed a NullReferenceException while performing an internal MD5 encoding operation.
  • Fixed an issue where the vulnerabilities found on a scan lingers to the next scan started.
  • Fixed an encoding issue on a proof URL of an XSS vulnerability.
  • Fixed a hang issue occurs when too many email addresses found on the response.
  • Fixed an issue where “Shell Script Identified” vulnerability is not found when retested.
  • Fixed a scan profile load issue occurs when a link with binary body is imported.
  • Fixed the table layout on comparison report which was having too wide columns when the URLs were too long.
  • Fixed the duplicate request issue on “AJAX / XML HTTP Requests” knowledge base report.
  • Fixed URL parsing on pages where the URLs were containing whitespace characters like carriage return and line feeds.
  • Fixed an ArgumentOutOfRangeException thrown while trying to match the redirected URL to configured logout detection pattern.

11 Nov 2016

FIXES Fixed a hang issue occurs on some configurations.

FIXES

  • Fixed a hang issue occurs on some configurations.

02 Nov 2016

FIXES Fixed an issue that occurs during the attacking phase where all threads cannot be utilized. Fixed handling of blob: protocol on DOM simulation.

FIXES

  • Fixed an issue that occurs during the attacking phase where all threads cannot be utilized.
  • Fixed handling of blob: protocol on DOM simulation.

01 Nov 2016

New Technical Check Added “Cookie Header Contains Multiple Cookies” check Improvements Improved the Content Security Policy (CSP) and “Misconfigured Access-Control-Allow-Origin Header” vulnerability templates. Improved CSP vulnerability detection by only reporting vulnerabilities on HTML resources. Team Foundation Server Send To action now populates severity and repro steps fields. Improved report generation dialog by remembering the last used settings separately …

New Technical Check

Improvements

  • Improved the Content Security Policy (CSP) and “Misconfigured Access-Control-Allow-Origin Header” vulnerability templates.
  • Improved CSP vulnerability detection by only reporting vulnerabilities on HTML resources.
  • Team Foundation Server Send To action now populates severity and repro steps fields.
  • Improved report generation dialog by remembering the last used settings separately for each report type.
  • Added “Copy as cURL” context menu item to site map.
  • Added support for HTTP POST method while using Open in Browser site map context menu option.
  • Added support for attacking to User-Agent and Referer request headers.
  • Improved scan session export dialog by suggesting default file names.
  • Improved the coverage of the boolean SQL injection vulnerability engine.
  • Improved GitHub send to configuration by check the existence of the specified repository.

Fixes

  • Fixed various encoding issues on request builder.
  • Fixed the splash screen issue where it opens on wrong monitor on multi monitor setups.
  • Fixed External CSS, Script and Frame knowledge base items which do not consider the port while performing checks.
  • Fixed the missing method values on vulnerability summary table of reports.
  • Fixed the missing dashboard statistics when a scan session is imported.
  • Fixed the site map Copy URL issue for some nodes which were missing URL information.
  • Fixed a hang that may occur when windows gets locked, goes to sleep or hibernation.
  • Fixed an issue with auto save where scan is not saved during the extra confirmation phase.
  • Fixed an issue in open redirect detection where incorrect URLs may also be reported.
  • Fixed the zero progress bar issue on loaded scan files.
  • Fixed various CSP vulnerability highlight issues.
  • Fixed an issue related with form authentication which prevents logout detection during attacking phase.
  • Fixed an issue related with temp file generation.
  • Fixed an Local File Inclusion vulnerability detection issue when attacked with a FullUrl payload.
  • Fixed an extra tab on Scanned URLs List (CSV) report template.
  • Fixed the size of scan policy editor dialog on screens with high DPI.
  • Fixed the incorrect severity icon on site map when a vulnerability is selected.
  • Fixed an incorrect retest result occurs when the target web site is not reachable.
  • Fixed a CSP vulnerability issue for deprecated CSP header name on meta tags.
  • Fixed the remaining registry keys after uninstall.

21 Oct 2016

IMPROVEMENTS Improved vulnerability templates. Added support for sending vulnerabilities to JIRA when JIRA is homed at a path instead of the root. Added support for detecting requests made to blob-schemed URIs during DOM simulation. FIXES Fixed missing external references on some vulnerability templates.

IMPROVEMENTS

  • Improved vulnerability templates.
  • Added support for sending vulnerabilities to JIRA when JIRA is homed at a path instead of the root.
  • Added support for detecting requests made to blob-schemed URIs during DOM simulation.

FIXES

  • Fixed missing external references on some vulnerability templates.

12 Oct 2016

FIXES Fixed the issue where HTTPS protocol is enforced while using JIRA Send To action. Fixed an issue where print dialogs could be displayed during scans. Fixed a form authentication issue where the last form authentication sequence requests were prematurely cancelled.

FIXES

  • Fixed the issue where HTTPS protocol is enforced while using JIRA Send To action.
  • Fixed an issue where print dialogs could be displayed during scans.
  • Fixed a form authentication issue where the last form authentication sequence requests were prematurely cancelled.

07 Oct 2016

FIXES Fixed an issue where some scan files from older versions cannot be opened with the latest version. Fixed an issue with TFS Send To action when the project name contains spaces.

FIXES

  • Fixed an issue where some scan files from older versions cannot be opened with the latest version.
  • Fixed an issue with TFS Send To action when the project name contains spaces.

05 Oct 2016

FIXES Fixed an issue which prevents resource files (report templates, etc.) updates.

FIXES

  • Fixed an issue which prevents resource files (report templates, etc.) updates.

03 Oct 2016

NEW FEATURES Added the ability to configure the scanner to scan websites which are linked from the target website. Added the Common Vulnerability Scoring System (CVSS) in vulnerability reports. Added ability to play sounds while certain program events occur (i.e. scan finished, vulnerability found). Added OWASP Proactive Guide to classification list. NEW SECURITY CHECKS Added …

NEW FEATURES

NEW SECURITY CHECKS

IMPROVEMENTS

  • Improved XSS security checks coverage.
  • Improved the Report Policy Editor.
  • Improved the default filename of generated exploits.
  • Renamed “Permanent XSS” vulnerability to “Stored XSS”.
  • Authentication credentials are now stored encrypted in profile files.
  • Increased the number of vulnerabilities for which the scanner highlights the text related to the vulnerability in the HTTP response viewer.
  • Added an option to follow redirects for the HTTP Request Builder.
  • Added auto completion support to Scan Policy > Headers grid for well-known request headers.
  • Added the version information of Invicti to the reports.
  • Added type ahead search functionality for Scan Policy > Security Checks.
  • Added HTTP methods to AJAX / XML HTTP Requests knowledgebase section.
  • Added editing support for imported links.
  • Optimized the performance of SOAP web service parsing by skipping the WSDLs that are already parsed.
  • Added Scan Policy > Crawling options to enable/disable parsing of SOAP and REST web services.
  • Added JavaScript dialog support for form authentication verification dialog.
  • Improved HTTP request logging by splitting log files once a certain amount of requests are logged.
  • Improved DOM simulation by simulating “contextmenu” events.
  • Added “Attacked Parameters” column to “Scanned URLs List” report.
  • Improved Manual Crawl (Proxy Mode) feature to work as passive and not re-issue the requests made during manual crawl phase.
  • Increased the default values for “Maximum Page Visit” and “Max. Number of Parameters to Attack on a Single Page” settings.
  • Improved XML parsing during crawling by parsing empty XML elements as parameters too.
  • Added the ability to attack parameter names.
  • Added a note to vulnerability detail for non-exploitable frame injection.
  • Added .jhtml and .jsp attacks to file upload engine.
  • Improved CORS security checks.
  • Improved Open Redirect engine to detect CNAME injection such as example.com.r87.com.
  • Added tooltips for long texts shown on activity dashboard.
  • Added current DOM XSS attack information to activity pane.
  • Improved XSS confirmation for vulnerabilities found inside noscript tags.
  • Added a new method (Vulnerability.GetTemplateSections) for reporting API to be able to get vulnerability template section content separately.
  • Added an attack pattern to the command injection engine to bypass whitespace filtering using $IFS environment variable.
  • Added /resumescan parameter to command line options to resume the loaded scan.

FIXES

  • Fixed an issue where incorrect PHP source code disclosures are reported for some binary responses.
  • Fixed the position of clipped auto update notification.
  • Fixed the broken External Reference link on Remote Code Evaluation (PHP) vulnerability.
  • Fixed a file upload input DOM parsing issue which prevents some file upload attacks.
  • Fixed an issue where switching between builder and raw tabs causes POST parameter to be removed on Request Builder.
  • Fixed the duplicate log printed for same WSDLs.
  • Fixed a NullReferenceException thrown when the Request Builder fails to make a request with the current SecurityProtocol setting.
  • Fixed the blurred message dialog icons on high DPI screens.
  • Fixed various navigation issues of Previous and Next buttons on HTTP Response viewer.
  • Fixed the missing GET parameter request builder issue occurs when a full querystring/URL attack request is sent.
  • Fixed a form authentication issue occurs on web sites that opens popups during form authentication sequence.
  • Fixed a DOM simulation issue occurs when there is a form element with name “action” on target web page.
  • Fixed the duplicate cookie issue occurs while using Manual Crawling (Proxy Mode) scanning feature.
  • Fixed duplicate “Email Address Disclosure” reporting issue.
  • Fixed a NullReferenceException on occurs during CORS security checks.
  • Fixed an issue where current OS UI language was not being selected automatically upon first start.
  • Fixed a CSRF exploit generation issue where the generated file is empty.
  • Fixed an issue where injection/identification responses are unable to display for file upload vulnerability.
  • Fixed an issue where XSS vulnerability is missed when multiple redirects occur.
  • Fixed a text parsing issue where relative URLs were not supported as base href values.
  • Fixed an issue where Missing X-Frame-Options Header vulnerability is reported even though ALLOW-FROM is included in the header.
  • Fixed an XSS attacking issue where duplicate attacks are made for same payload.
  • Fixed a Header Injection attack issue where first line of the HTTP request gets corrupted on full URL attacks.
  • Fixed an issue where post exploitation does not work sometimes.
  • Fixed a form authentication issue where any slash character in credentials cannot be used.

26 Jul 2016

FIXES Fixed an issue in which Invicti crashes when using the Korean interface and trying to start a scan or load a scan file.

FIXES

  • Fixed an issue in which Invicti crashes when using the Korean interface and trying to start a scan or load a scan file.