18 Mar 2015
Read the blog post for more details about this version
NEW FEATURE
-
Improved PDF reports.
IMPROVEMENT
- Increased performance.
18 Mar 2015
Read the blog post for more details about this version
NEW WEB SECURITY TESTS
-
Detect web statistic applications
-
Web.config check added
-
WS_FTP log check added
-
Perl RCE (Remote Code Evaluation) checks added.
NEW FEATURES
-
Ability to scan much bigger websites with high performance
-
Faster scans
- 2 New scan reports added.
18 Mar 2015
Read the blog post for more details about this version
NEW WEB SECURITY TESTS
-
Possible Windows Username Disclosure
-
LigHTTPD Directory Listing
-
Nginx Directory Listing
-
LiteSpeed Directory Listing
-
Generic Email Address Disclosure
-
LigHTTPD Version Disclosure
-
Nginx Version Disclosure
-
SharePoint Version Disclosure
-
IIS 8 Default Page Detection
-
Struts2 Development Mode Enabled.
NEW FEATURES
-
Seamless Update Support
-
Error Reporting and Help Desk Integration
- Custom HTTP Header Support.
18 Mar 2015
Read the blog post for more details about this version
NEW FEATURES
-
Windows 8/Server 2012 Support.
IMPROVEMENT
- Vulnerability Database Update.
18 Mar 2015
Read the blog post for more details about this version
NEW WEB SECURITY TESTS
-
HTTP Strict Transport Security (HSTS) Test
-
Shell Script Found detection
-
XHTML XSS Attack
-
Database Connection String Found vulnerability
-
Possible Administration Page Found Issue
-
UNC Server and Share Disclosure.
NEW FEATURES
-
Integration with Bug Tracking Tools and Send To Feature
-
Generate Exploit Feature
-
OWASP Top Ten Report.
IMPROVEMENTS
-
Vulnerability Database Update
- Performance Improvements.
18 Mar 2015
Read the blog post for more details about this version
IMPROVEMENTS
-
Vulnerability Database Update
-
Configure Authentication user interface enhancements.
BUG FIX
- Fixed issues in Form authentication logout detection.
18 Mar 2015
Read the blog post for more details about this version
NEW WEB SECURITY TESTS
-
Ruby on Rails Remote Code Execution vulnerability
-
Off the shelf Web Application Fingerprinting and detection of known security issues (Such as WordPress, Joomla and Drupal)
-
Version disclosure checks for Apache module mod_ssl, Ruby and WEBrick HTTP web server
-
Identification of phpMyAdmin and Webalizer
-
Detection of SHTML error messages that could disclose sensitive information
-
New WebDAV engine that detects WebDAV implementation security issues and vulnerabilities
-
Server-Side Includes (SSI) Injection checks.
NEW FEATURES
-
Scan Policy Editor that allows you to build own scan policies for more efficient web application security scans.
-
Oracle CHR encoding and decoding facility in the Encoder pane
-
Support for multiple exclude and include URL patterns which can also be specified in REGEX
-
Knowledge base node where additional information about the scanned website is reported to the user
-
New PCI Compliance Report template.
IMPROVEMENTS
-
Default include and exclude URL pattern has been improved
-
DOM Parser now supports proxies and client certification support
-
The performance of the Controlled Scan user interface has been improved
-
HTTP Response text editor automatically scrolls to the first highlighted text when viewed
-
Improved vulnerability classifications
-
Vulnerability templates text has been improved
-
Updated the look and feel of the vulnerability templates
-
Version vulnerability database updated with new web applications version for better finger printing
-
Cross-site scripting exploit generation improved
-
Improved confirmed vulnerability representation on Detailed Scan Report
-
Internal Path Disclosure for Windows and Unix security tests have been improved
-
Improved version disclosure security tests for Perl and ASP.NET MVC
-
Start a Scan user interface by moving rarely used settings to Invicti general settings
-
Improved the performance of security scans which are started using the same Invicti process
-
Scope documentation text has been updated
-
Updated WASC links to point to the exact threat classification page
-
Improved custom 404 detection on sites where the start URL is redirected.
BUG FIXES
-
Fixed a bug in XSS report templates where plus char encoding was wrong
-
Fixed a bug which causes multibyte unicode characters to be corrupted upon retrieval
-
Fixed a bug where “Auto Complete Enabled” isn’t reported
-
Fixed a bug where Community Edition was asking for exporting sessions
-
Fixed a bug causes redundant responses to be stored on redirects
-
Fixed a bug causing a NullReferenceException during reporting
-
Fixed a bug where custom cookies are not preserved when an exported session is imported
-
Fixed a bug on report templates where extra fields were missing when there are multiple fields
-
Fixed the radio button overlap issue on Encoder panel for high DPIs
-
Fixed an issue where CSRF tokens weren’t applied for time based (blind) engines in late confirmation
-
Fixed an issue where data grids on Settings dialog were preventing to cancel the dialog when an invalid row is present
-
Fixed an issue where some logouts occurred on attack phase couldn’t be detected
-
Fixed a bug which causes requests to URLs containing text HTMLElementInputClass
-
Fixed a bug where the injection request/response could be clipped wrong in the middle of HTML tags
-
Fixed the size of the Configure Authentication wizard for higher DPIs
-
Fixed an issue with CLI interpretation where built-in profiles couldn’t be specified
-
Fixed the COMException thrown on Configure Authentication wizard on pages that contain JavaScript calls to window.close()
-
Fixed clipped text issue on scan summary dashboard severity bar chart
-
Fixed the anchors to vulnerability details in OWASP Top Ten 2010 report template
-
Fixed incorrect buttons sizes on message dialogs on high DPI settings
-
Fixed a startup crash which occurs on systems where “Use FIPS compliant algorithms for encryption, hashing, and signing” group policy setting is enabled
-
Fixed click sounds on vulnerability view tab
-
Fixed an issue where find next button was not working on HTTP Request / Response tab
-
Fixed a bug on Configure Authentication wizard occurs when the response contains multiple headers with same names.
Note: Due to major updates to the scan files, Invicti version 3 cannot open scans exported with previous versions of Invicti (.nss files).
18 Mar 2015
Read the blog post for more details about this version
IMPROVEMENTS
-
Updated vulnerability database
-
Updated fingerprinting tables for WordPress and Movable Type
-
Improved the language used in knowledge base templates.
BUG FIXES
-
Fixed a bug to prevent auto update message dialog when the auto update setting is disabled
- Fixed a bug in meta tag parser to match the correct generator version.
18 Mar 2015
Read the blog post for more details about this version
IMPROVEMENT
-
Updated OWASP Top10 2010 classifications for SVN and CVS vulnerabilities.
BUG FIXES
-
Fixed a critical bug where vulnerability templates rendering is broken on systems with IE8
-
Fixed a bug where some vulnerabilities is not reported due to a race condition
-
Fixed a bug occurs when a scan file is imported and the related scan policy file is missing
- Fixed a syntax error on Cookie Not Marked As Secure vulnerability template
18 Mar 2015
IMPROVEMENT
-
Updated vulnerability database.
BUG FIX
- Fixed a critical bug where Possible Path Disclosure (Unix/Linux) was running slowly on large sources.
18 Mar 2015
BUG FIX
Fixed a critical bug where scan was missing scope setting when started from command line and ending prematurely.
18 Mar 2015
IMPROVEMENTS
-
Added OWASP Top Ten 2013 Report template
- Updated vulnerability database (MySQL, WordPress, Joomla)