Invicti Standard 28 Mar 2024 v24.3.1

New features

  • Provided a new encryption method of API Token for Agent/Verifier Agent
  • Added a pre-request script to generate AWS Signature token

New security checks

  • Added a new security check for TLS/SSL certificate key size too small issue
  • Improved WP Config detection over backup files
  • Added a new security check for CVE-2023-46805 / CVE-2024-21887
  • Added detection for exposed WordPress configuration files
  • Added a new Security Check that allows to report two vulnerabilities: TorchServe Management API Publicly Exposed and TorchServe Management API SSRF
  • Command Injection in VMware Aria Operations for Networks can now be detected


  • Implemented enhancements: Highlighting and Verification of Response Status Codes
  • Disabled the BREACH Security Engine
  • Report template of Possible XSS is updated to cover mime sniffing
  • Increased the default Severity level of Version Disclosure (Varnish) from ‘Information’ to ‘Low’


  • Fixed the issue where the customer couldn’t scan their target with the additional website properly
  • Fixed an issue that was causing a memory issue in Javascript Parser
  • Fixed the inability of the custom script editor to load the form authentication fields