– Fixed a crash that could be triggered during 404 fingerprint failures
– Signature IDs for detected issues are now stored in the report
– Added mod_status, mod_info, MySQL dump, phpMyAdmin SQL dump and
– Improved the Flash and Silverlight crossdomain policy signatures to
only warn about them when they use wildcards.
- High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
- Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
- Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
- The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.