Invicti Standard 30 Jun 2016


  • Added the HTTP Request Builder penetration testing tool.
  • Added a button on start new scan dialog to open target URL on default web browser.
  • Added a new activity type group called “Passive Analysis” which shows the analysis activity of attack responses.


  • Improved the “HTML Base Tag Hijacking” vulnerability template.
  • Improved the long-term memory usage of the DOM simulation and cross-site scripting (XSS). scanning
  • DOM simulation smart filtering now prunes unnecessary DOM branches.
  • Improved the detection of “Redirect Body Too Large” vulnerability.


  • Fixed an issue in which the editing of a report policy can cause some external references to be removed unintentionally.
  • Fixed an issue in which multiple tabs on the web browser could be opened while trying to open a vulnerability URL.
  • Fixed a comparison report issue in which charts were not being generated according to selected report policy.
  • Fixed a NullReferenceException that can be thrown by the Subresource integrity security checks.
  • Fixed a report policy editor bug where clicking check all/none affects the vulnerability types that are not currently displayed.
  • Fixed an issue where the vulnerability types disabled on current report policy were affecting the number of vulnerability count on “Issues” panel title.