Changelogs

Invicti Standard

RSS Feed

18 Mar 2015

Read the blog post for more details about this version NEW FEATURE Improved PDF reports. IMPROVEMENT Increased performance.

Read the blog post for more details about this version

NEW FEATURE

  • Improved PDF reports.

IMPROVEMENT

  • Increased performance.

18 Mar 2015

Read the blog post for more details about this version NEW WEB SECURITY TESTS Detect web statistic applications Web.config check added WS_FTP log check added Perl RCE (Remote Code Evaluation) checks added. NEW FEATURES Ability to scan much bigger websites with high performance Faster scans 2 New scan reports added.

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • Detect web statistic applications

  • Web.config check added

  • WS_FTP log check added

  • Perl RCE (Remote Code Evaluation) checks added.

NEW FEATURES

  • Ability to scan much bigger websites with high performance

  • Faster scans

  • 2 New scan reports added.

18 Mar 2015

Read the blog post for more details about this version NEW WEB SECURITY TESTS Possible Windows Username Disclosure LigHTTPD Directory Listing Nginx Directory Listing LiteSpeed Directory Listing Generic Email Address Disclosure LigHTTPD Version Disclosure Nginx Version Disclosure SharePoint Version Disclosure IIS 8 Default Page Detection Struts2 Development Mode Enabled. NEW FEATURES Seamless Update Support Error …

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • Possible Windows Username Disclosure

  • LigHTTPD Directory Listing

  • Nginx Directory Listing

  • LiteSpeed Directory Listing

  • Generic Email Address Disclosure

  • LigHTTPD Version Disclosure

  • Nginx Version Disclosure

  • SharePoint Version Disclosure

  • IIS 8 Default Page Detection

  • Struts2 Development Mode Enabled.

NEW FEATURES

  • Seamless Update Support

  • Error Reporting and Help Desk Integration

  • Custom HTTP Header Support.

18 Mar 2015

Read the blog post for more details about this version NEW FEATURES Windows 8/Server 2012 Support. IMPROVEMENT Vulnerability Database Update.

Read the blog post for more details about this version

NEW FEATURES

  • Windows 8/Server 2012 Support.

IMPROVEMENT

  • Vulnerability Database Update.

18 Mar 2015

Read the blog post for more details about this version NEW WEB SECURITY TESTS HTTP Strict Transport Security (HSTS) Test Shell Script Found detection XHTML XSS Attack Database Connection String Found vulnerability Possible Administration Page Found Issue UNC Server and Share Disclosure. NEW FEATURES Integration with Bug Tracking Tools and Send To Feature Generate Exploit …

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • HTTP Strict Transport Security (HSTS) Test

  • Shell Script Found detection

  • XHTML XSS Attack

  • Database Connection String Found vulnerability

  • Possible Administration Page Found Issue

  • UNC Server and Share Disclosure.

NEW FEATURES

  • Integration with Bug Tracking Tools and Send To Feature

  • Generate Exploit Feature

  • OWASP Top Ten Report.

IMPROVEMENTS

  • Vulnerability Database Update

  • Performance Improvements.

18 Mar 2015

Read the blog post for more details about this version IMPROVEMENTS Vulnerability Database Update Configure Authentication user interface enhancements. BUG FIX Fixed issues in Form authentication logout detection.

Read the blog post for more details about this version

IMPROVEMENTS

  • Vulnerability Database Update

  • Configure Authentication user interface enhancements.

BUG FIX

  • Fixed issues in Form authentication logout detection.

18 Mar 2015

Read the blog post for more details about this version NEW WEB SECURITY TESTS Ruby on Rails Remote Code Execution vulnerability Off the shelf Web Application Fingerprinting and detection of known security issues (Such as WordPress, Joomla and Drupal) Version disclosure checks for Apache module mod_ssl, Ruby and WEBrick HTTP web server Identification of phpMyAdmin …

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • Ruby on Rails Remote Code Execution vulnerability

  • Off the shelf Web Application Fingerprinting and detection of known security issues (Such as WordPress, Joomla and Drupal)

  • Version disclosure checks for Apache module mod_ssl, Ruby and WEBrick HTTP web server

  • Identification of phpMyAdmin and Webalizer

  • Detection of SHTML error messages that could disclose sensitive information

  • New WebDAV engine that detects WebDAV implementation security issues and vulnerabilities

  • Server-Side Includes (SSI) Injection checks.

NEW FEATURES

  • Scan Policy Editor that allows you to build own scan policies for more efficient web application security scans.

  • Oracle CHR encoding and decoding facility in the Encoder pane

  • Support for multiple exclude and include URL patterns which can also be specified in REGEX

  • Knowledge base node where additional information about the scanned website is reported to the user

  • New PCI Compliance Report template.

IMPROVEMENTS

  • Default include and exclude URL pattern has been improved

  • DOM Parser now supports proxies and client certification support

  • The performance of the Controlled Scan user interface has been improved

  • HTTP Response text editor automatically scrolls to the first highlighted text when viewed

  • Improved vulnerability classifications

  • Vulnerability templates text has been improved

  • Updated the look and feel of the vulnerability templates

  • Version vulnerability database updated with new web applications version for better finger printing

  • Cross-site scripting exploit generation improved

  • Improved confirmed vulnerability representation on Detailed Scan Report

  • Internal Path Disclosure for Windows and Unix security tests have been improved

  • Improved version disclosure security tests for Perl and ASP.NET MVC

  • Start a Scan user interface by moving rarely used settings to Invicti general settings

  • Improved the performance of security scans which are started using the same Invicti process

  • Scope documentation text has been updated

  • Updated WASC links to point to the exact threat classification page

  • Improved custom 404 detection on sites where the start URL is redirected.

BUG FIXES

  • Fixed a bug in XSS report templates where plus char encoding was wrong

  • Fixed a bug which causes multibyte unicode characters to be corrupted upon retrieval

  • Fixed a bug where “Auto Complete Enabled” isn’t reported

  • Fixed a bug where Community Edition was asking for exporting sessions

  • Fixed a bug causes redundant responses to be stored on redirects

  • Fixed a bug causing a NullReferenceException during reporting

  • Fixed a bug where custom cookies are not preserved when an exported session is imported

  • Fixed a bug on report templates where extra fields were missing when there are multiple fields

  • Fixed the radio button overlap issue on Encoder panel for high DPIs

  • Fixed an issue where CSRF tokens weren’t applied for time based (blind) engines in late confirmation

  • Fixed an issue where data grids on Settings dialog were preventing to cancel the dialog when an invalid row is present

  • Fixed an issue where some logouts occurred on attack phase couldn’t be detected

  • Fixed a bug which causes requests to URLs containing text HTMLElementInputClass

  • Fixed a bug where the injection request/response could be clipped wrong in the middle of HTML tags

  • Fixed the size of the Configure Authentication wizard for higher DPIs

  • Fixed an issue with CLI interpretation where built-in profiles couldn’t be specified

  • Fixed the COMException thrown on Configure Authentication wizard on pages that contain JavaScript calls to window.close()

  • Fixed clipped text issue on scan summary dashboard severity bar chart

  • Fixed the anchors to vulnerability details in OWASP Top Ten 2010 report template

  • Fixed incorrect buttons sizes on message dialogs on high DPI settings

  • Fixed a startup crash which occurs on systems where “Use FIPS compliant algorithms for encryption, hashing, and signing” group policy setting is enabled

  • Fixed click sounds on vulnerability view tab

  • Fixed an issue where find next button was not working on HTTP Request / Response tab

  • Fixed a bug on Configure Authentication wizard occurs when the response contains multiple headers with same names.


Note: Due to major updates to the scan files, Invicti version 3 cannot open scans exported with previous versions of Invicti (.nss files).

18 Mar 2015

Read the blog post for more details about this version IMPROVEMENTS Updated vulnerability database Updated fingerprinting tables for WordPress and Movable Type Improved the language used in knowledge base templates. BUG FIXES Fixed a bug to prevent auto update message dialog when the auto update setting is disabled Fixed a bug in meta tag parser …

Read the blog post for more details about this version

IMPROVEMENTS

  • Updated vulnerability database

  • Updated fingerprinting tables for WordPress and Movable Type

  • Improved the language used in knowledge base templates.

BUG FIXES

  • Fixed a bug to prevent auto update message dialog when the auto update setting is disabled

  • Fixed a bug in meta tag parser to match the correct generator version.

18 Mar 2015

Read the blog post for more details about this version IMPROVEMENT Updated OWASP Top10 2010 classifications for SVN and CVS vulnerabilities. BUG FIXES Fixed a critical bug where vulnerability templates rendering is broken on systems with IE8 Fixed a bug where some vulnerabilities is not reported due to a race condition Fixed a bug occurs …

Read the blog post for more details about this version

IMPROVEMENT

  • Updated OWASP Top10 2010 classifications for SVN and CVS vulnerabilities.

BUG FIXES

  • Fixed a critical bug where vulnerability templates rendering is broken on systems with IE8

  • Fixed a bug where some vulnerabilities is not reported due to a race condition

  • Fixed a bug occurs when a scan file is imported and the related scan policy file is missing

  • Fixed a syntax error on Cookie Not Marked As Secure vulnerability template

18 Mar 2015

IMPROVEMENT Updated vulnerability database. BUG FIX Fixed a critical bug where Possible Path Disclosure (Unix/Linux) was running slowly on large sources.

IMPROVEMENT

  • Updated vulnerability database.

BUG FIX

  • Fixed a critical bug where Possible Path Disclosure (Unix/Linux) was running slowly on large sources.

18 Mar 2015

BUG FIX Fixed a critical bug where scan was missing scope setting when started from command line and ending prematurely.

BUG FIX

Fixed a critical bug where scan was missing scope setting when started from command line and ending prematurely.

18 Mar 2015

IMPROVEMENTS Added OWASP Top Ten 2013 Report template Updated vulnerability database (MySQL, WordPress, Joomla)

IMPROVEMENTS

  • Added OWASP Top Ten 2013 Report template

  • Updated vulnerability database (MySQL, WordPress, Joomla)