Acunetix version 12 (build 12.0.190515149 – Windows and Linux) has been released. This new build introduces network scanning in Acunetix on-premise, support for IPv6, improves usage of machine resources and adds support for Selenium and Burp v2 saved files as import files. There are also a good number of new vulnerability checks for SAP, Unauthorized access detection for Redis and Memcached and source code disclosure for Ruby and Python. The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux.

New Features

  • Network Scanning via OpenVAS integration
  • Introduced support for IPv6 domains (IPv6 addresses not supported yet)
  • Dynamic resource allocation for when multiple scanners are started on the same machine
  • Improved resource usage for string comparison functions
  • Selenium scripts can now be used as import files

New Vulnerability Checks

Updates

  • Multiple improvements to the detection of Blind SQL Injection
  • Improved the Error Messages vulnerability check
  • Improved the Adobe Experience Manager tests
  • Improved detection of Java Deserialization and Mongo alert deduplication
  • Improved detection of Rails accept file content disclosure
  • Updated alert details for Oracle WebLogic Remote Code Execution via T3 (CVE-2018-3245)
  • Improved detection of Confluence
  • Improved PHP AcuSensor when used on nginx
  • Improved detection of PHP code injection
  • Updated Directory Traversal Check to make fewer requests
  • Multiple improvements to DeepScan and the LSR
  • Implemented support for WebSockets in LSR and Deepscan

Fixes

  • Fixed a few crashes
  • Fixed issue causing Postcrawl scripts to not be executed on folders
  • Fixed: Custom cookies could be used twice when the application sets the same cookies
  • Cookie processing now ignores leading . in domain
  • Fixed issue with LSR when used on Internet Explorer
  • Fixed issue with HTTP Authentication
  • Fixed false positive in Struts_RCE_S2-052_CVE-2017-9805
  • Fixed the severity level for CSRF vulnerability check
  • Fixed False Negative in Mercurial repository found check
  • Fixed issue causing site structure not to be updated with locations identified by vulnerability scripts

Upgrade to the latest build

If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.

SHARE THIS POST
THE AUTHOR
Nicholas Sciberras
Principal Program Manager
As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.