This tool comes from Invicti Security Corp. and is a web vulnerability scanner.
This should be the counterside of Acunetix as it does check only few CVEs and is more focused on finding web CWEs.
For other infos just visit: invicti.com
CHANGELOG
SECURITY CHECKS
Added pattern for XSS via file upload SVG.
IMPROVEMENTS
Added the Cache By CSS Selector and Max Cache Elements to the scan policies.
Added the GraphQL endpoints and libraries to the Knowledge Base.
Updated the Jira tooltip for the access token or password field.
Removed the target URL health check that lets the scan continue despite getting error messages such as 403.
Improved the raw scan file expired information message.
Improved the scan profile test coverage.
Updated regex for Stack Trace Disclosure (Java) - Java.Lang Exceptions.
Improved the JSON Web Tokens secret list.
Improved the re-login process when the logout is detected.
FIXES
Fixed the retest issue.
Fixed the null reference error thrown during the late confirmation.
Fixed an issue of using the disposed objects.
Fixed the exception error when cloning the report policy.
Fixed the broken links on the report policy.
Fixed mistaken NIST and DISA classifications.
Fixed a bug that threw the database locked error when Invicti is restarted after a scan.
Fixed an issue where a JavaScript Setting option blocks inputs for the single-page applications to be reported in the Web Pages with Inputs node.
Fixed a bug that caused the scan session failure when the scan is paused and resumed.
Fixed failed scans where the Target URL is IPv6 and starting with ::1
Fixed the Postman collection parsing by removing / in front of the query in the URL.
Fixed the Shark validation issue that threw exceptions while validating.
Fixed the issue with proxy settings, so Invicti prioritizes the settings in the scan policy.
