In this release we focused mostly on performance of Netsparker to scan bigger websites, faster with less CPU consumption.
Input injection points improved in all engines so Netsparker will find more vulnerabilities in places such as HTTP Referers. We significantly improved some security checks and as usual kept improving the user experience.
Faster & Better
- Makes less requests for crawling web application without sacrificing the coverage.
- Requires less CPU.
- Ability to handle huge websites and survive very long scans with no trouble or performance hit.
Security Check Improvements
- Now Netsparker identifies common publicly accessible installed web statistic applications.
- Remote Code Evaluation checks improved and checks for Perl Remote code Evaluation added.
- LFI attacks improved.
- RFI attacks improved.
- Compliance mapping references for lots of vulnerabilities updated.
- Internal Path Leakage checks improved.
- Detection for WS_FTP Log File added.
- Readable Web.Config File check added.
- PHP Source Code Disclosure check improved.
Reporting
- Compliance mapping references for lots of vulnerabilities updated.
- 2 new CSV reports added, “Crawled URLs List” and “Scanned URLs List”.
- Certainty added to XML reports.
Other Changes
- Now Netsparker uses 2 files to store saved sessions. .NSS and .NDB you need to save both of these files if you want to open the scan later on or move to another computer.
Fixes & Improvements
- Silent command in CLI now suppresses host connection errors as well.
- %time% and %date% in CLI renamed to [time] and [date] to avoid conflicts when used with batch scripting.
- Highlighting in the GUI for several vulnerabilities improved.
- Netsparker handles documents directory in network locations better.
- A rare crash that about resource deployment addressed. This was especially happening in first run.
- Import Links feature now works better, duplicate link bugs addressed.
- Autopilot mode now chooses “Detailed Scan Report” by default when a report type is not selected.
- A minor bug about PDF report generation addressed. We are aware of some performance issues in the PDF generation. We'll address this in the next release.
- Improved Visual Studio debugger support for user scripts.
- Now it's possible to bind Netsparker's internal proxy to all interfaces, so you can connect to it from other computers.
- A bug about URL based attacks addressed. This was causing Netsparker to miss some attacks for some directories.
- Vulnerability detail pages improved.
- A critical bug in Manual Crawl (Proxy Mode) addressed. It was missing some POST requests.
- Explicit SSLv2 support added for proxy and normal scans. This can be accessed via Advanced Settings.
Update
If you have a valid Netsparker Professional or Standard license then all you need to do is click "Help > Check for Updates" to update to Netsparker 2.2.0.5