Netsparker Standard Change Log
Netsparker 1.6.0.0 - 7th October 2010

Read the blog post for more details about this version

NEW FEATURES

  • Client Certificate Authentication Support

  • Vulnerability Classification data reported the GUI and reports

  • New Save / Load Files.

NEW WEB SECURITY TEST

  • Blind Command Injection.

Netsparker 1.5.0.0 - 15th June 2010

Read the blog post for more details about this version

NEW FEATURES

  • Import / Enter Proxy Logs and HTTP Requests

  • Manual Crawling / Internal Proxy / Proxy Mode

  • Ability to Include & Exclude links

Netsparker 1.4.0.0 - 24th May 2010

Read the blog post for more details about this version

NEW FEATURES

  • New reporting format

  • New Security Tests

  • Open Redirection.

Netsparker 1.3.7.38 - 21st April 2010

Engines & Exploitation

  • Experimental Second Order SQL Injection support added. Doesn't support confirmation or exploitation yet.
  • Confirmation added to Permanent Cross-site Scripting Engine
  • SQL Injection Error based confirmation added for PostgreSQL, MySQL and Oracle.
  • SQL Injection Engine was missing string based SQL Injection vulnerabilities in LIKE clauses when crawler can't find the correct search string. This issue is fixed and works regardless of the found default string.
  • URI Based Cross-site Scripting Confirmation added
  • URI Based issues were reported more than once, this problem fixed
  • LFI Engine and exploitation works better now. Several minor bugs addressed.
  • Many possible SQL Injections issues removed as we are now sure they are not vulnerable
  • XSS Confirmation now bypasses more blacklists
  • Content-Type based XSS detection added and ratings changed
  • Email disclosure check improved
  • Minor bugs addressed in Unix and Windows Internal Path Disclosure issues. Windows Internal Path Disclosure improved.

Proxy

  • Proxy settings moved to global settings
  • Now you can see the active proxy settings in the status bar
  • Netsparker now support NTLM, Basic, Digest, Kerberos and Negotiation Authentication for Proxy

GUI

  • New Community menu added for easier access to Netsparker Blog and Request a Feature
  • All message boxes use the correct theme now
  • Attack Possibility in the dashboard is now more accurate
  • Some typos and missing tooltips addressed

Form Authentication

  • Several minor bugs addressed and features improved
  • Now it's possible to use use Form Authentication even when the website requires NTLM, Basic, Digest, Kerberos and Negotiation Authentication as well
  • Now it's possible to use Form Authentication even when server uses an invalid SSL certificate

Parsers

  • Text parser works better now

Installer

  • Installer simplified
  • Extra checks added for .NET Framework 3.5 SP1 check and installation

Other Fixes & Improvements

  • Extra runtime checking and error handling added for .NET Framework 3.5 SP1 and SQL Server CE dependencies
  • Static and Backup tests weren't working when Netsparker launched from CLI in auto-pilot mode
  • LFI Panel crashes fixed
  • Full HTTP Response added XML Reports
  • XML reports doesn't show attack parameter anymore if the vulnerability identified passively such as Server Version Disclosure
  • Several other minor bug fixes and improvements
Netsparker 1.3.0.0 - 22nd March 2010

Read the blog post for more details about this version

NEW FEATURES

  • New Settings Interface

  • Resume Support

  • Better GUI for Permanent XSS vulnerabilities.

NEW WEB SECURITY TEST

  • Second Order SQL Injection.

Netsparker 1.1.5.57 - 28th January 2010

Read the blog post for more details about this version

NEW FEATURES

  • Scheduling Support

  • Command Line Automation Support

  • ViewState Panel.

NEW WEB SECURITY TESTS

  • ASP.NET Viewstate Analyzer

  • Confirmation for Remote code evaluation

  • Confirmation for Remote file inclusion

  • Confirmation for Command Injection.

Netsparker 1.1.2.3 - 12th January 2010

Read the blog post for more details about this version

NEW FEATURES

  • Encoder

  • Custom Reporting API

  • New Security Tests

  • Confirmation for RCE

  • Confirmation for CI via LFI.

Netsparker 1.0.0.0 - 09 December 2009

Read the blog post for more details about this version

 

  • First public release.