Invicti Standard 24 Apr 2023 v23.4.0

Version information:

New security checks

  • Added new patterns for GrapQL attack usage.
  • Added new attack pattern to CommandInjection.xml.
  • Implemented Bootstrap Libraries Detection.
  • Added Out-of-Date vulnerability for mod_ssl.
  • Added a report template and vulnerability type for Spring Framework Identified.
  • Added JavaMelody Interface Detected Signature.
  • Changed WAF Identification Signature for F5 Big IP.
  • Added the support for Nested objects for GraphQL attacks.


  • Updated Invicti Standard with new brand logo.
  • Added external schema import to solve a WSDL file importing another WSDL file.
  • Removed the interactive login button from the verifier dialog.
  • Added the Retest All Subitems in the Sitemap to prevent non-retestable issues from being retested.
  • Added a null check for HAR files imported.
  • Improved the cookie importing process in order for cookies to be compatible with RFC.
  • Updated IAST NuGet PHP package.
  • Updated StaticDetection.xml & StaticResourceFinder.xml.
  • Added service worker request support for authentication, login simulation, and crawling.


  • Fixed an issue that caused high memory usage while collecting form values.
  • Fixed the untrusted certificate error for internal proxies.
  • Fixed the issue that caused the change in the date and time format during the Postman file importing.
  • Fixed the Linux agents problem that failed to work in the FIPS-enabled environment.
  • Fixed the untrusted certificate error for internal proxies.
  • Fixed the “Catastrophic Backtracking” in Whoops Debugging detection.