Documents/Features/

Change Log

Version 1.24 – October 2, 2024

New Features:

Improvements:

Bug Fixes:

Updates:

Version 1.23 – June 3, 2024

  • Added support for the following technologies in scan configurations: Apache, Nginx, IIS, Tomcat, WordPress, Joomla, and Drupal.
  • Separated Path Traversal tests from File Inclusion tests.
  • Updated vulnerability descriptions and recommendations for greater clarity.

Improvements:

  • Enhanced Microsoft SQL Server error-based SQL injection detection.
  • Improved File Inclusion detection.
  • Enhanced PHP Remote File Inclusion detection.
  • Improved database error detection.

Bug Fixes:

  • Corrected PHP version detection.
  • Fixed missed XSS vulnerabilities on 404 pages.
  • Fixed missed XSS vulnerabilities on pages without query parameters.

Updates:

Version 1.22 – Feb 16, 2024

  • New:
    • New option in scan configurations to identify the target’s utilized technologies for enhancing the efficiency of the scan
    • Detailed scan statistics by hovering on the Requests count in the scan window
    • Support for manipulation of non-quoted JSON data
  • Improvements:

Version 1.21 – Nov 13, 2023

  • New:
    • Html report format
    • Option for adding custom cookies in scan configurations
    • Option for adding custom headers in scan configurations
    • Option for using HTTP basic and HTTP form login methods together
    • Manual login in configurations now respects the proxy
  • Improvements:

Version 1.20 – Aug 29, 2023

  • New:
    • XSS detection in URI
    • XSS detection in 404 not found pages
    • Support for detection of Lucee errors
  • Improvements:

Version 1.19 – May 30, 2023

Version 1.18 – February 15, 2023

  • New:
  • Improvements:
    • Better exception handling and more log details
    • Increased crawler speed and accuracy
    • Improved Possible SQL Injection detection
    • BugFix: missed PHP errors
    • BugFix: Crash in testing known SQL injections
    • BugFix: missed Blind SQL Injection vulnerabilities
    • BugFix: missed known SQL Injections
    • BugFix: missed Drupal RCE
    • BugFix: missed Drupal SQL Injection vulnerability
    • BugFix: WordPress user enumeration warning error
    • BugFix: missed Java Object Insecure Deserialization vulnerability
    • Improved WordPress 4.6 Blind OS Command Execution for none admin users
    • Improved detection of XSS in various vectors
    • Improved detection of XSS in edge cases when input is filtered
    • Improved detection of XSS in redirected pages
    • Improved hidden resource detection
    • Updated Vulnerable Apache Version, Vulnerable Nginx Version, Vulnerable OpenSSL Version, and Vulnerable WordPress Version

Version 1.17.3 – December 26, 2022

  • BugFix: Crash during scanning WordPress sites
  • BugFix: Crash during scan

Version 1.17.2 – December 13, 2022

  • BugFix: Crash during scan

Version 1.17.1 – December 11, 2022

  • BugFix: Crash during scan

Version 1.17 – December 10, 2022

  • New:
    • Testing of JSON parameters (number and string types)
  • Improvements:
    • Optimzied memory usage
    • Enhanced UI vulnerability list display
    • BugFix: TLS initialization failed
    • Minor improvements in error detection issues

Version 1.16 – October 10, 2022

  • New:
    • Support for all HTTP Verbs (POST,DELETE, PATCH, …) and custom headers in AJAX API (XMLHttpRequest)
    • Smoother progress bar on the scan page
    • Support for detection of errors in Ruby programming language
    • Lazy load tests to optimize memory consumption
  • Improvements:

Version 1.15 – August 1, 2022

Version 1.14 – June 6, 2022

Version 1.13 – April 10, 2022

Version 1.12 – February 7, 2022

Version 1.11 – December 12, 2021

Version 1.10 – October 10, 2021

Version 1.9.1 – September 5, 2021

  • Improvements:
    • BugFix: Wrong emails in target information

Version 1.9.0 – September 5, 2021

  • New:
    • CSRF bypass support for weak password issues
    • Tests for 12 known Joomla! vulnerabilities and one test for Drupal
    • Cross-Site Scripting test generalized for easy adding of any known vulnerabilities in CMSs like WordPress, Drupal, Joomla, etc.
    • Subresource Integrity is Missing
  • Improvements:
    • Enhanced passive tests for 404 pages
    • BugFix: Bypassing weak password test in case of too many inputs in the login form
    • BugFix: Duplicate login form detection

Version 1.8.0 – August 7, 2021

  • New:
    • SQL injection test generalized for easy adding of any known vulnerabilities in CMSs like WordPress, Drupal, Joomla, etc.
    • Tests for 44 known WordPress SQL Injection vulnerabilities
    • Passive Mixed Content
  • Improvements:
    • WordPress user identification improved
    • BugFix: WordPress brute force
    • BugFix: Scan doesn’t proceed when starting url contains unicode characters

Version 1.7.0 – July 7, 2021

Version 1.6.0 – June 8, 2021

Version 1.5.0 – May 6, 2021

Version 1.4.0 – April 4, 2021

Version 1.3.0 – March 9, 2021

Version 1.2.0 – February 1, 2021

  • New:
  • Improvements:
    • Improved Crawler Performance: Automatic detection & limitation of content pages like ecomerce product pages.
    • New “Requested URL” attribute for unreferenced/old file issue reports
    • Minor improvements on Form Brute Force and unreferenced login page tests
    • BugFix: False-negative & False-positive Unreferenced resource detection
    • BugFix: Broken link issue for sitemap

Version 1.1.0 – January 6, 2021

  • New:
  • Improvements:
    • Support for WordPress in Form Brute Force test
    • Support for PHP 8.0 in phpinfo() test
    • CVE-2020-1971 added to “Vulnerable OpenSSL Version” test
    • Better detection of session cookies
    • Minor enhancements in “Breach Attack”, “X-Frame-Options Header is Missing”, “Referrer-Policy Header is Missing”, “Basic Authentication Over HTTP”, “Robots.txt” tests
    • Support for MariaDB in “Database Error” and SQLi tests
    • BugFix: False-positive Source Code disclosure detection
    • BugFix: Wrong results in Form Brute Force test
    • BugFix: Wrong URL detection in crawler
    • BugFix: Random crash

Version 1.0.0 – December 1, 2020

  • Initial version
Still need help? contact us Last updated on October 02, 2024

Need more information? Feel free to ask your questions!

Ask a question