We’re excited to announce the release of SmartScanner 2.2, packed with meaningful improvements and new features designed to give you more control, better coverage, and a smoother scanning experience. From expanded test capabilities to important bug fixes, this update reflects our continued focus on precision, usability, and performance.
Let’s walk through what’s new in this release.
🔍 New Features
Sensitive Data Disclosure Detection
SmartScanner 2.2 introduces a powerful new test for detecting Sensitive Data Disclosure. This helps uncover exposed information such as:
- API keys and access tokens
- Credentials in code or comments
This addition strengthens your ability to prevent accidental data leaks that could otherwise become an entry point for attackers.
Powered by Trusted Patterns
Our new Sensitive Data Disclosure test is built using detection patterns inspired by the excellent gitleaks project. While the scanning logic is fully developed in-house, we’ve incorporated some of the same proven rulesets to enhance detection coverage for secrets, credentials, and other exposed data.
This allows us to deliver precise, high-confidence results while ensuring full integration into SmartScanner’s existing engine and reporting system.
No-Crawl Option for Targeted Scans
Need to scan a predefined list of URLs without crawling? Now you can. SmartScanner 2.2 includes a no-crawl mode perfect for tight scope assessments or automation workflows where crawl behavior isn’t needed. Just provide a list of URLs, and we’ll take it from there without crawling beyond them.
JavaScript File Scanning
You can now directly scan standalone JavaScript (.js
) files. This allows you to inspect public scripts for issues such as insecure APIs, exposed secrets, or obfuscated malicious code, giving you broader coverage for both client-side and back-end assets.
đź§ Smarter and Smoother Experience
Improved Manual Login Workflow
We’ve refined the manual login process: the browser window now auto-fills the target URL when launched, saving time and making the process more intuitive, especially helpful when working with authentication-heavy web apps.
🔄 Detection Rule Updates
We’ve updated several core vulnerability checks to reflect the latest threat intelligence and software versions. These enhancements improve detection accuracy for:
- Vulnerable Apache Versions
- Vulnerable Tomcat Versions
- Vulnerable PHP Versions
- Vulnerable OpenSSL Versions
Keeping these rules current ensures that SmartScanner stays ahead of emerging threats.
đź› Bug Fixes
We also resolved a couple of important issues:
- Crash during scan: Fixed a rare but disruptive crash that could occur mid-scan.
- Report truncation issue: Fixed a bug where HTTP responses in reports were improperly truncated, causing proof-of-concept payloads to be partially hidden.
Final Thoughts
SmartScanner 2.2 is another step forward in making web vulnerability scanning more accurate, efficient, and Smarter. Whether you’re performing ad hoc security reviews, scanning during deployments, or using SmartScanner manually, this release gives you more precision and control over how scans are executed and reported.
As always, we’re grateful for your feedback and support. Try out the new version and let us know what you think!
Ready to upgrade? Download SmartScanner 2.2 Free now
Stay secure, The SmartScanner Team