SmartScanner 2.3: Smarter JavaScript Detection, Faster Scans, and Powerful CLI Enhancements
We’re excited to announce the release of SmartScanner 2.3, a feature-rich update focused on improving client-side vulnerability detection, boosting scan performance, and giving you more control through the CLI and reporting.
This release builds on our mission to deliver precise, efficient, and developer-friendly web vulnerability scanning. Let’s take a closer look at what’s new.
🚀 New Features
Vulnerable JavaScript Library Detection
SmartScanner can now identify JavaScript libraries in use and test them against 1,000+ publicly available client-side vulnerabilities from the GitHub Advisory Database. This means you’ll be alerted when your application is using outdated or insecure libraries, helping you quickly address risks in the front-end stack.
More Control in the CLI (sms.exe)
- No-Crawl Mode: Run scans against a predefined list of URLs without crawling additional pages, ideal for targeted, script-driven workflows.
- Manual Scope: Define custom URL scopes using regex directly in the CLI, giving you fine-grained control over what gets scanned.
Richer Reporting
- JSON Reports: Now include vulnerability references and classifications for easier automation and tracking.
- PDF Reports: Include vulnerability classifications, making reports clearer for compliance and team handovers.
⚡ Improvements
Smarter, Faster Scans
- Efficient JavaScript Evaluation:
- Pages with the same script set are evaluated only once.
- Pages with only analytics scripts (e.g., Google Analytics) are skipped, saving time.
- Resilient JavaScript Handling: Better recovery from failures when evaluating complex, script-heavy pages.
- Optimized CPU Usage: SmartScanner now dynamically adapts to available CPU cores for faster, more efficient scans.
More Accurate Testing
- Improved Sensitive Unreferenced Resource detection.
- Reduced false positives across multiple tests, including data disclosure, CMS/server detection, hidden resources, and OS command execution.
🔄 Updates & Fixes
- Rule Updates: Enhanced detection for vulnerabilities in Nginx and Tomcat.
- Bug Fixes:
- Fixed duplicate reporting of the same secret across multiple URLs.
- Fixed several false positives.
- Fixed a rare crash during scans.
Why This Matters
Version 2.3 makes SmartScanner more effective at catching modern threats, especially those related to JavaScript libraries and client-side security. At the same time, we’ve made it faster, more resource-efficient, and easier to integrate into your workflow, whether you’re running scans manually or automating them through the CLI.
Get Started with SmartScanner 2.3
SmartScanner 2.3 is available now. Download the latest version and start securing your applications with faster, smarter scans.
Stay secure, The SmartScanner Team
