There’s a new version out containing new security checks, accuracy and coverage improvements and bug fixes.
There are new passive (recon) and active (audit) modules along with big coverage improvements for existing ones.
- X-Forwarded-For Access Restriction Bypass (
- Retries denied requests with a X-Forwarded-For header to try and trick the web application into thinking that the request originates from localhost and checks whether the restrictions were bypassed.
- Form-based upload (
- Flags file-upload forms as they require manual testing.
- .htaccess LIMIT misconfiguration (
- Updated to use verb tampering as well.
- Source code disclosure (
- Checks whether or not the web application can be forced to reveal source code.
- Code execution via the php://input wrapper (
- It injects PHP code into the HTTP request body and uses the php://input wrapper to try and load it.
- Blind SQL Injection (Boolean/Differential analysis) (
- Improved accuracy of results.
- Path traversal (
- Severity set to “High”.
- Updated to start with / and go all the way up to /../../../../../../.
- Added fingerprints for /proc/self/environ.
- Improved coverage for MS Windows.
- Remote file inclusion (
- Updated to handle cases where the web application appends its own extension to the injected string.
The user interface hasn’t received many changes but a crippling bug has been resolved, which caused the interface to hang after a certain amount of time.
- Fixed bug causing the system to hang after 1:24 hours of scan monitoring, caused by improper caching of RPC clients.
- Redirect to the Scans list page with an alert if the monitored scan was deleted.
- Added HTTP auth options.
I hope you enjoy it and take some time to provide feedback.