Invicti Enterprise On-Premises 17 Aug 2023 v23.8.0

Important note

  • Customers currently using version 23.7.0 on Windows running internal agents will need to perform additional steps in order for this update to run successfully in their environment. Affected customers have been contacted directly with more information.

New features

  • [Closed beta] Added the Team Administrator default role
  • Changed compression tool from 7zip to Tar
  • Added Diana.jl support for GraphQL Library Detection
  • Added Hot Chocolate support for GraphQL Library Detection
  • Added Zero Day Vulnerability for MOVEit Software


  • Improved the scan deletion process
  • Improved the authentication agent to carry out any stepped authentication, such as first Form Authentication then OAuth2 
  • Added filter for discovered websites via AWS connection 
  • Enabled regex case sensitivity for attack payloads
  • Updated Boolean NoSQL / SQL Injection attack payloads
  • Expanded scenarios for Discovery Service with AWS Connections
  • Improved performance when updating vulnerability lookups
  • Improved performance of database indexes
  • Improved added API endpoints for Custom Scripts
  • Improved performance for Issues Report API endpoint
  • Improved detection of IT Hit WebDav Server .Net versions
  • Improved Internal Path Disclosure detection
  • Improved Remediation Advice for Autocomplete Enabled vulnerability
  • Improved detection logic for LFI vulnerability
  • Improved identification and version disclosure for PopperJS, CanvasJS, and Next.js
  • Improved WAF Detection for F5 BIG IP


  • Fixed PCI Report generation error when selecting a specific group
  • Fixed the issue that prevents users from saving the scan profile when the Is Regex checkbox next to the Excluded Path field is selected on the URL Rewrite page
  • Fixed the timezone problem on the Knowledge Base Reports
  • Fixed issue with scans stopping with the Find & Follow New Links option enabled
  • Fixed issue with agent compression of chromium and node files
  • Fixed null value exception with REST API
  • Fixed InvalidCastException with REST API
  • Fixed ArgumentNullException with Custom Security Checks
  • Fixed Access Denied error when attempting to delete scan files which were already previously deleted
  • Fixed cannot login to web app after changing database password
  • Fixed unclear results with PCI reports with edge date ranges
  • Fixed BLR cannot fill address fields
  • Fixed licensing issue when adding a previously-deleted website
  • Fixed adding some MongoDB vulnerabilities to Knowledge Base report
  • Fixed importing Swagger/OpenAPI links
  • Fixed Discovery Service issue with AWS Connection throttling
  • Fixed authentication failure with MFA recovery codes
  • Fixed license file corruption issue during version upgrade
  • Fixed scans unauthenticated after successful authentication verification
  • Fixed Linux agent update issue
  • Fixed the data type detection when importing Swagger schemas