We do frequent updates to the Detectify tool, however in the past we have not been transparent with the updates. We are typically releasing a new version every two weeks with new functionality and is now planning to provide a bit more information after each release.
Major updates this time were
- Complete rewrite of the trail feature. Newer trails will be able to login/logout and perform business-logic tests even with CSRF activated. Update your Chrome plugin!
- Complete rewrite of the DNS enumeration module. We’ll now bruteforce ~5000 common domain names instead of the 600 we’ve used previously. Although HTTP VHOST scanning will still use the previous subset of 600 common names.
In addition we did also update
- Added a RPO module based on the research from Soroush Dalili (@irsdl).
- Added a module for identifying “trace.axd” in misconfigured IIS installations.
- Added a Magento XXE plugin (https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20120712-0_Magento_eCommerce_xxe_injection.txt). It’s surprising to see how many that haven’t updated for the past three years.
- Added GHOST vulnerability checks for various CMS’es.
- Added checks for RFC1918 violations and the security implications of misconfigured domains.
- Added a separate finding for SSL FREAK. It would previously still stand out as “SSL Deprecated Cipher Suites”, but export ciphers will now go by the label of “SSL FREAK (CVE-2015-0204)”.
False positive improvements (thanks for your reports)
- CloudFlare users with the WAF activated would get false positives in their reports on boolean-based (blind) SQL injection attacks.
- Tumblr & Google Tag Manager in the “Small/Hidden frames”-findings.
- Overly sensitive SQL error patterns.
- “Unencrypted Login”-finding.