R0 CREW

Netsparker Standard 5.9 - 30th of September 2020

Here is a new release with also a stupid “check” for anti tampering lol, easy to bypass lol. (checks are done be me lol)
pass: h0nus-reign
Enjoy (:

Download:

Changelog:

NEW FEATURES

  • Added a new signature limit for URL Rewrite matched links
  • Added a crawling limit for Not found (404) links
  • Added a WASC Classification Report template
  • Added an option to exclude authentication pages and removed authentication related regexes from the default settings

NEW SECURITY CHECKS

  • Added Out-of-date security checks for the Liferay portal
  • Added Version Disclosure and Out-of-date security checks for Jolokia
  • Added Nested XSS security checks
  • Added an ASP.NET Razor SSTI security check
  • Added a Java Pebble SSTI security check
  • Added a Theymeleaf SSTI security check
  • Added Version Disclosure and Out-of-date security checks for Grafana

IMPROVEMENTS

  • Improved custom scripting to send raw requests
  • Improved the authenticator to hide passwords in request data in order to prevent exposing them in reports
  • Added an Auto Follow Redirect setting to the Advanced settings
  • Added request and response details to Out of Band vulnerabilities
  • Improved logging for timed out regexes in the Javascript Library Checker
  • Updated signature of Stack Trace/Custom Stack Trace (Python)
  • Improved the memory consumption on long running scans

FIXES

  • Fixed an error that was caused when parsing duplicate response content-type headers
  • Updated Netsparker logos, splash screen and icons
  • Fixed reporting of Crawl Performance for crawl-only scans
  • Fixed an issue where Form Value Errors were occurring after simulation was finished
  • Fixed the Maximum Body Length exceeded log message
  • Fixed the log level of the Dom Parser’s ignored link message
  • Fixed the Jira Send To application description
  • Fixed an issue that occured when the content-type and accept header was used in a parameter in the Open API (Swagger) file
  • Fixed an issue where the custom Comparison Report was not generated
  • Fixed an ArgumentNullException that was occuring in the TestSiteConfiguration dialog
  • Disabled the LFI button for possible xxe
  • Fixed a certificate error problem on the new ssl checker
  • Fixed the timezone problem on reports
  • Fixed the Executive Summary Report title
  • Fixed an ArgumentException that was thrown when the URI was empty
  • Fixed HIPAA classification links
  • Fixed the issue where the Netsparker session importer did not import all links from the session
  • Fixed the bug where the URL was split incorrectly when a segment contained the file extension
  • Fixed the issue responses that were not being analyzed in the Signatures engine during the re-crawl phase
  • Fixed the HIPAA classification link when there are multiple classifications
  • Removed plugin functions that are used to detect bootstrap to prevent false positive versions from being reported
  • Fixed NRE in the static detection engine
  • Fixed the Swagger parser that caused an object to be imported with a parent node while the object was inside an array

Netsparker Standard 5.8.2.28358 - 10th of July 2020

IMPROVEMENTS

  • Added a highlight icon to the attack parameters on the vulnerability reports
  • Added a report URL to the scheduled reports

FIXES

  • Fixed a ObjectDisposedException that was occasionally thrown when the attacker started in manual proxy mode
  • Fixed a NRE that occurred when exporting a report from a scheduled scan
  • Fixed an issue caused when the login page identifier was disabled in the Scan Policy
  • Fixed an issue where the Jira Send To Action failed to create an issue when the components field did not exist in the project
  • Fixed the issue where the content type was not parsed correctly when there were multiple Content-type headers
  • Fixed the issue where responses were not being analyzed in signature detection in the re-crawl phase.
  • Fixed the list of enabled security checks on reports
  • Changed the Sans Top 25 classification name to CWE on reports

NEW SECURITY CHECKS

  • Added an F5 Big IP LFI (CVE-2020-5902) attack pattern
  • Added out of date checks for Apache Traffic Server
  • Added version disclosure for Undertow Server
  • Added out of date checks for Undertow Server
  • Added version disclosure for Jenkins
  • Added out of date checks for Jenkins
  • Added signature detection for Kestrel
  • Added detection for Tableau Server
  • Added detection for Bomgar Remote Support Software
  • Added version disclosure for Apache Traffic Server
4 Likes

The reporting module does not work after the security scan of the application.
Thank you very much for your interest.