Invicti Standard

Features

• Added Diana.jl support for GraphQL Library Detection
• Added Hot Chocolate support for GraphQL Library Detection
• Added Zero Day Vulnerability for MOVEit Software

Improvements

• Improved logout detection for OAuth2 authenticated websites
• Improved detection of IT Hit WebDav Server .Net versions
• Improved Internal Path Disclosure detection
• Improved Remediation Advice for Autocomplete Enabled vulnerability
• Improved detection logic for LFI vulnerability
• Improved identification and version disclosure for PopperJS, CanvasJS, and Next.js
• Improved WAF Detection for F5 BIG IP

Fixes

• Fixed issue with scans stopping with the Find & Follow New Links option enabled
• Fixed issue with agent compression of chromium and node files
• Fixed InvalidCastException with REST API
• Fixed ArgumentNullException with Custom Security Checks
• Fixed BLR cannot fill address fields
• Fixed adding some MongoDB vulnerabilities to Knowledge Base report
• Fixed scans unauthenticated after successful authentication verification
• Fixed rare stuck scan issue
• Fixed false positive due to TLS v1.3 not enabled
• Fixed ArgumentNullException during scan launch
• Fixed Authentication Verifier fails creating a new scan while another scan is running
• Fixed GraphQL import OutOfMemoryException

New security checks

• Added the check for Boolean-based MongoDB injection.
• Added the check for MongoDB Operator Injector.
• Implemented the XML external entity check for IAST.
• Added the ISO/IEC27001:2022 Classification.
• Added the report template and attack pattern to the Out-of-band RCE.
• Added passive check for Lua.
• Added a security check to detect public Docker files.
• Implemented a new engine to identify WordPress themes and Plugins.
• Added new security checks for SAML.
• Added security check for IT Hit WebDAV Server .Net Version Disclosure.
• Added security check for MS Exchange Version Disclosure.
• Added new payloads for Command Injection.
• Added support for PopperJS.
• Added support for CanvasJS.
• Added new security check for the SQLite Database Detection.
• Added new payloads for Header Injection.
• Added new security check for Spring Boot Actuator Detection.
• Added security check for NodeJS Stack Trace Disclosure.
• Added security check for SailsJS and ActionHero Identified.
• Added security check for JetBrains .idea Detected.
• Added security check for GraphQL Stack Trace Disclosure.
• Added security checks for Javascript Libraries.
• Added security checks for Web Application Fingerprinter Engine.
• Added new security checks for WordPress Hello Elementor Theme Detection.
• Added new security checks for WordPress Twenty Twenty-Three Theme Detection.
• Added new security checks for WordPress Twenty Twenty-Two Theme Detection.
• Added new security checks for WordPress Astra Theme Detection.
• Added new security checks for WordPress Twenty Twenty-One Theme Detection.
• Added new security checks for WordPress Twenty Twenty Theme Detection.
• Added new security checks for WordPress OceanWP Theme Detection.
• Added new security checks for WordPress Twenty Seventeen Theme Detection.
• Added new security checks for WordPress Kadence Theme Detection.
• Added new security checks for WordPress Twenty-Sixteen Theme Detection.
• Added new security checks for WordPress Twenty Nineteen Theme Detection.
• Added new security checks for WordPress PopularFX Theme Detection.
• Added new security checks for WordPress GeneratePress Theme Detection.
• Added new security checks for WordPress Inspiro Theme Detection.
• Added new security checks for WordPress Go Theme Detection.
• Added new security checks for WordPress Smash Balloon Social Photo Feed Plugin Detection.
• Added new security checks for WordPress Contact Form 7 Plugin Detection.
• Added new security checks for WordPress Yoast SEO Plugin Detection.
• Added new security checks for WordPress Elementor Website Builder Plugin Detection.
• Added new security checks for WordPress Classic Editor Plugin Detection.
• Added new security checks for WordPress Akismet Spam Protection Plugin Detection.
• Added new security checks for WordPress WooCommerce Plugin Detection.
• Added new security checks for WordPress Contact Form by WPForms Plugin Detection.
• Added new security checks for WordPress Really Simple SSL Plugin Detection.
• Added new security checks for WordPress Jetpack Plugin Detection.
• Added new security checks for WordPress All-in-One WP Migration Plugin Detection.
• Added new security checks for WordPress Wordfence Security Plugin Detection.
• Added new security checks for WordPress Yoast Duplicate Post Plugin Detection.
• Added new security checks for WordPress WordPress Importer Plugin Detection.
• Added new security checks for WordPress LiteSpeed Cache Plugin Detection.
• Added new security checks for WordPress UpdraftPlus WordPress Backup Plugin Plugin Detection.
• Added new security check for EZProxy Identified.

Improvements

• Updated the Signature Detection pattern.
• Improved the wordlist for Forced Browsing checks.
• Changed the Session Cookie not marked as Secure severity from High to Medium.
• Improved the task queue by optimizing code.
• Improved Drupal and Joomla detection.
• Improved the Next.js version detection.
• Improved Django debug mode enabled.
• Updated the SSL/TLS report template.

Fixes

• Fixed the navigational error by ignoring initial requests other than the document-type resources.
• Fixed an issue about HTTP Status codes on the crawler performance in the Knowledge Base Report.
• Fixed the importing GraphQL introspection issue.
• Fixed the weak Nonce detection in Content Security Policy.

New security checks

• Added new security check for LDAP injection for IAST.
• Added new security check for MongoDB injection.
• Added new security check for Server-side Template Injection for IAST.
• Added new security check for XPath injection for IAST.
• Implemented security check for Sensitive Data Exposure.

Improvements

• Improved the text parser to check URI before parsing.
• Added the Response Receiver information event to remove waiting time for requests.
• Improved the GraphQL Introspection query.

Fixes

• Fixed an issue that caused a bad CSRF token when confirming Cross-site Scripting.
• Fixed an issue that caused an argument null exception when the browser context was closed.
• Fixed the issue that is filling out the login form on the logout page during the login verification.
• Fixed the issue of changing the order of API parameters while importing the JSON file.
• Fixed the dark template issue that displayed the What’s New section in the light template.
• Fixed the vulnerability signature types for Cloudflare and Cdnjs.

Version information: 23.4.0.40376

New security checks

• Added new patterns for GrapQL attack usage.
• Added new attack pattern to CommandInjection.xml.
• Implemented Bootstrap Libraries Detection.
• Added Out-of-Date vulnerability for mod_ssl.
• Added a report template and vulnerability type for Spring Framework Identified.
• Added JavaMelody Interface Detected Signature.
• Changed WAF Identification Signature for F5 Big IP.
• Added the support for Nested objects for GraphQL attacks.

Improvements

• Updated Invicti Standard with new brand logo.
• Added external schema import to solve a WSDL file importing another WSDL file.
• Removed the interactive login button from the verifier dialog.
• Added the Retest All Subitems in the Sitemap to prevent non-retestable issues from being retested.
• Added a null check for HAR files imported.
• Improved the cookie importing process in order for cookies to be compatible with RFC.
• Updated IAST NuGet PHP package.
• Updated StaticDetection.xml & StaticResourceFinder.xml.
• Added service worker request support for authentication, login simulation, and crawling.

Fixes

• Fixed an issue that caused high memory usage while collecting form values.
• Fixed the untrusted certificate error for internal proxies.
• Fixed the issue that caused the change in the date and time format during the Postman file importing.
• Fixed the Linux agents problem that failed to work in the FIPS-enabled environment.
• Fixed the untrusted certificate error for internal proxies.
• Fixed the “Catastrophic Backtracking” in Whoops Debugging detection.

Version information: 23.3.0.39944

New security checks

• Added package.json Configuration File attack pattern.
• Added new File Upload Injection pattern.
• Added SSRF (Equinix) vulnerability.
• Added Swagger user interface Out-of-Date vulnerability.
• Added a file upload injection pattern.
• Added StackPath CDN Identified vulnerability.
• Added Insecure Usage of Version 1 GUID vulnerability.
• Added JBoss Web Console JMX Invoker check.
• Added Windows Server check.
• Added Windows CE check.
• Added Cloudflare Identified, Cloudflare Bot Management, Cloudflare Browser Insights, and cdnjs checks.
• Added Varnish Version Disclosure vulnerability check.
• Added Stack Trace Disclosure (Apache Shiro) vulnerability check.
• Added Java Servlet Ouf-of-Date vulnerability check.
• Added AEM Detected vulnerability check.
• Added CDN Detected(JsDelivr) vulnerability check.

Improvements

• Improved the scan compression algorithm to lower the size of the scan data.
• Improved WS_FTP Log vulnerability test pattern.
• Improved X-XSS-Protection Header Issue vulnerability template.
• Improved MySQL Database Error Message attack pattern.
• Improved XML External Entity Injection vulnerability test pattern.
• Improved Forced Browsing List.
• Added CWE classification for Insecure HTTP Usage.
• Added GraphQL Attack Usage to existing test patterns by default.

Fixes

• Fixed an issue that may cause out-of-memory when cloning callbacks of the browser.
• Fixed the update issue in the Proof node in the Knowledge Base panel.

Version information: 23.2.0.39705

New security checks

• Added JWT Forgery through Kid by using static files.
• Added the JSON Web Tokens detected check.

Improvements

• Improved the default browser settings to be reflected in the business logic recorder (BLR).
• Improved the JWT Finder Regex in the JWT engine.
• Extended excluded header names with new headers.
• Updated JWT Forgery check condition.
• Improved the JSON Web Tokens’ vulnerability detection logic.
• Added the link scope check for the user-controllable cookie vulnerability.

Fixes

• Fixed an issue that caused unhandled exceptions when there is no service endpoint definition in the WSDL file.
• Fixed “file in use error” while archiving scan logs.
• Fixed the OAuth 2.0 authentication problem caused by the failure to get code information and certification validation in out-of-scope links.
• Fixed missing cookies for the JSON Web Tokens attack requests.
• Fixed the vulnerability family issue that caused the Hawk not to detect issues.
• Fixed the vulnerability serialization issue that caused the out-of-memory error.

Improvements

• Added control for login and logout during vulnerability retest.
• Added auto responder for images to escape the onerror issue.

Fixes

• Fixed an issue that overrode TLS settings available in the scan policy when the Ignore SSL Certificate Errors is set to True in the Appsetting.json file.
• Fixed a bug that throws a null reference exception at the authentication.
• Fixed missing CSP 3 Directive.
• Fixed an issue about 3-legged OAuth which cause failed authentication at scan.
• Fixed the scheduled scans not being exported issue to Invicti Enterprise.
• Fixed an issue about header encoding that cause false positive CSP reporting.
• Fixed the bug on the Interactive Login page where the Ok and Pause buttons are not available.
• Fixed case sensitivity when checking HTTP headers for JSON Web Tokens.
• Fixed the IPv6 registered website resolution issue thrown before scanning.
• Improved the vulnerability database updating process to enable it to use a proxy.
• Fixed a bug that prevents the scanner from attacking to login and logout pages.
• Fixed the bug in which OAuth2 settings were not transferred properly from the web application to the agent.

Improvements

• Added an explanation for the failed requests error.
• Added name variable support for Passive and Singular Custom Security Checks.

Fixes

• Fixed WSDL parse issue for non-defined object types.
• Fixed the deserialization problem when importing the scan session.
• Fixed the CSP analyzer Regex enumeration problem.
• Fixed the null reference exception on HTTP Requester.

New security check

• Added the Text4Shell (CVE-2022-42889) check.

Improvements

• Updated the embedded Chromium browser.
• Improved the importing link to parse the complex example value for RAML.
• Added the support for browser flag.
• Improved the scan failure messages on the issue page.
• Added the URL decode to scanned and crawled URL list reports.

Fixes

• Fixed the issue that deleted the customization folder in the agent’s folder after the update.
• Fixed the knowledge base report format to display information clearly.

NEW FEATURES

• Added auto-GraphQL attack after endpoint is detected.
• Added request wait filter for request wait handler.

NEW SECURITY CHECKS

• Added MongoDB Time-based (Blind) Injection.
• Added SQLite Boolean SQL Injection.
• Added MongoDB Error-based Injection.

IMPROVEMENTS

• Updated the embedded browser.
• Updated the hardcoded scan policy for http://rest.testinvicti.com.
• Added the out-of-scope check for the target website content links.
• Updated the Check for VDB Update status and tooltip when users start the check for update.
• Updated Vulnerability Detection Logic in JWT engine.
• Updated Liferay portal signature and added a mapping for version conversion.

FIXES

• Fixed the web security issue for the origin header problem.
• Fixed the sitemap bug that caused missing information when imported.
• Fixed the bug that threw an error when exporting as SQL script.
• Fixed the bug that threw an error, as HTTP Requester deletes the whole body part of the request which contains the login credentials.
• Fixed multiple headers highlighting for the same value.
• Fixed highlighting CSP Directives in different header issues.
• Fixed duplicate bearer tokens for some requests.
• Fixed the out-of-memory bug at the browser manager.
• Fixed the null reference exception on the custom script screen.
• Fixed the connection time-out issue caused by the RegEx engine.
• Fixed an issue that resulted in false positive Cross-site Scripting (DOM-based).
• Fixed the retest issue that displays zero requests in the repetitive retests.
• Fixed the bug that shows the previous version of VDB.
• Fixed parsable false attack patterns place.

IMPROVEMENTS

• Updated embedded Chromium browser.

SECURITY CHECKS

• Added pattern for XSS via file upload SVG.

IMPROVEMENTS

• Added the Cache By CSS Selector and Max Cache Elements to the scan policies.
• Added the GraphQL endpoints and libraries to the Knowledge Base.
• Updated the Jira tooltip for the access token or password field.
• Removed the target URL health check that lets the scan continue despite getting error messages such as 403.
• Improved the raw scan file expired information message.
• Improved the scan profile test coverage.
  
• Updated regex for Stack Trace Disclosure (Java) – Java.Lang Exceptions.
• Improved the JSON Web Tokens secret list.
• Improved the re-login process when the logout is detected.

FIXES

• Fixed the retest issue.
• Fixed the null reference error thrown during the late confirmation.
• Fixed an issue of using the disposed objects.
• Fixed the exception error when cloning the report policy.
• Fixed the broken links on the report policy.
• Fixed mistaken NIST and DISA classifications.
• Fixed a bug that threw the database locked error when Invicti is restarted after a scan.
• Fixed an issue where a JavaScript Setting option blocks inputs for the single-page applications to be reported in the Web Pages with Inputs node.
• Fixed a bug that caused the scan session failure when the scan is paused and resumed.
• Fixed failed scans where the Target URL is IPv6 and starting with ::1
• Fixed the Postman collection parsing by removing / in front of the query in the URL.
• Fixed the Shark validation issue that threw exceptions while validating.
• Fixed the issue with proxy settings, so Invicti prioritizes the settings in the scan policy.
• Fixed NodeJS RCE-OOB security check.