Added more web server configuration checks for server path, internal IP and username/password disclosure
Improved RSS/Atom parses
Added more attack vectors to source code disclosure and directory traversal tests for both Windows and Unix
Bug Fixes
Reporter now filters very long knowledge base items
Fixed SSL3, TLS1 parsing issues
Fix in Crawler to handle better query variable in start URL’s
Build v6.0.20081209 – 9th December 2008
General improvements
Optimized large portions of the code to improve speed
Optimized Progress text for scripts and port scan
Show progress on ScanInfo frame
Bug Fixes
Module tm_backup_files – can make tests like {filename}{test}{extension} (e.g. file1.php from file.php)
Crawler was not sending the custom cookies for the first request reporter crash on settings read (only try/except)
Fixed crash in “import scan results to database” when the scan was running
SSL certificate validity year fix
Fixed a bug in parameter manipulation. Crashing when Combination was nil (no values)
Error in interpreting redirections of type “?getvar=value”
Fixed jsessionid session fixation test
Fixed Activation in v6 for Windows Vista.
Fixed a problem with Authentication Tester (the app was not recovering when an invalid protocol was specified as target) – Reported by Harutyun Sardaryan
Fixed a crash in HTTP Fuzzer – Reported by Harutyun Sardaryan
Fix in Blind SQL Injector: On UNION SELECT based string extraction when httpencoding is applied the last char was eaten
Build v6.0.20081028 – 28th October 2008 – NEW VERSION
New tools / Applications
AcuSensor Technology
Port Scanner and Network Alerts tool
Blind SQL Injector Tool
General improvements
Pause and Resume scan functionality
Option to mark an alert as false positive
Support for NTLM v2
Scanner can now gather a list of uncommon HTTP responses
Scanner can automatically stop if a number of network errors occure or web server does not respond.
User Interface improvements
Compare results tool now compares also Knowledge Base items and list of open web server ports
Possibility to quickly locate a vulnerability by using a filter while before only search was allowed
In Scanning profiles and Vulnerability Edior vulnerabilities are automatically sorted by name
In HTTP Fuzzer results can be sorted by clicking on header columns and changes in Fuzzer filters are automatically reflected in results window
Scheduler improvements
All scanning options are now available in scheduler
Option to configure the day of the week or month for a scheduled scan
Option to configure scan exclusion hours, i.e. when an ongoing scan should be paused and resumed