New Features
- Network Scanning via OpenVAS integration
- Introduced support for IPv6 domains (IPv6 addresses not supported yet)
- Dynamic resource allocation for when multiple scanners are started on the same machine
- Improved resource usage for string comparison functions
- Selenium scripts can now be used as import files
New Vulnerability Checks
Updates
- Multiple improvements to the detection of Blind SQL Injection
- Improved the Error Messages vulnerability check
- Improved the Adobe Experience Manager tests
- Improved detection of Java Deserialization and Mongo alert deduplication
- Improved detection of Rails accept file content disclosure
- Updated alert details for Oracle WebLogic Remote Code Execution via T3 (CVE-2018-3245)
- Improved detection of Confluence
- Improved PHP AcuSensor when used on nginx
- Improved detection of PHP code injection
- Updated Directory Traversal Check to make fewer requests
- Multiple improvements to DeepScan and the LSR
- Implemented support for WebSockets in LSR and Deepscan
Fixes
- Fixed a few crashes
- Fixed issue causing Postcrawl scripts to not be executed on folders
- Fixed: Custom cookies could be used twice when the application sets the same cookies
- Cookie processing now ignores leading . in domain
- Fixed issue with LSR when used on Internet Explorer
- Fixed issue with HTTP Authentication
- Fixed false positive in Struts_RCE_S2-052_CVE-2017-9805
- Fixed severity level for CSRF vulnerability check
- Fixed False Negative in Mercurial repository found check
- Fixed issue causing site structure not to be updated with locations identified by vulnerability scripts