Invicti Standard 13 Oct 2022 v6.8.0.38168


  • Added auto-GraphQL attack after endpoint is detected.
  • Added request wait filter for request wait handler.


  • Added MongoDB Time-based (Blind) Injection.
  • Added SQLite Boolean SQL Injection.
  • Added MongoDB Error-based Injection.


  • Updated the embedded browser.
  • Updated the hardcoded scan policy for
  • Added the out-of-scope check for the target website content links.
  • Updated the Check for VDB Update status and tooltip when users start the check for update.
  • Updated Vulnerability Detection Logic in JWT engine.
  • Updated Liferay portal signature and added a mapping for version conversion.


  • Fixed the web security issue for the origin header problem.
  • Fixed the sitemap bug that caused missing information when imported.
  • Fixed the bug that threw an error when exporting as SQL script.
  • Fixed the bug that threw an error, as HTTP Requester deletes the whole body part of the request which contains the login credentials.
  • Fixed multiple headers highlighting for the same value.
  • Fixed highlighting CSP Directives in different header issues.
  • Fixed duplicate bearer tokens for some requests.
  • Fixed the out-of-memory bug at the browser manager.
  • Fixed the null reference exception on the custom script screen.
  • Fixed the connection time-out issue caused by the RegEx engine.
  • Fixed an issue that resulted in false positive Cross-site Scripting (DOM-based).
  • Fixed the retest issue that displays zero requests in the repetitive retests.
  • Fixed the bug that shows the previous version of VDB.
  • Fixed parsable false attack patterns place.