Acunetix update introduces Node.js AcuSensor, target knowledge base, and multiple unrestricted access vulnerability checks

A new Acunetix update has been released for Windows, Linux, and macOS: 13.0.210129162.

This Acunetix update introduces AcuSensor for Node.js and a feature called target knowledge base, which holds data from past scans and helps improve future scans. We also made fully qualified domain names more prominent in the Acunetix UI. This update also includes checks for unrestricted access to a number of well-known applications. In addition, there are numerous updates and fixes, all of which are available for all editions of Acunetix.

New Features

• New AcuSensor for Node.js
• New target knowledge base records scan data – this data is then used to improve future scans
• New FQDN and target filter in the Grouped Vulnerabilities page
• New FQDN column in the Targets page

New Vulnerability Checks

• New test for unrestricted access to the Prometheus interface
• New test for unrestricted access to Prometheus metrics
• New test for unrestricted access to Golang expvar
• New test for unrestricted access to the Node.js status-monitor page
• New test for unrestricted access to the HAProxy stats page
• New test for unrestricted access to the Nginx stub_status page
• New test for unrestricted access to the Nginx nginx-module-vts status page
• New test for unrestricted access to the Traefik dashboard
• New test for unrestricted access to Kafka monitoring
• New test for unrestricted access to the Netdata dashboard
• New test for Typo3 Admin publicly accessible
• New test for Typo3 sensitive files
• Updated WordPress plugin checks
• Updated Drupal core checks

Updates

• Simplified User Profile page
• Improved handling of HTML comments
• Improved processing of sites using dynamic links
• Improved parsing of JavaScript for new paths
• The form input type is taken into consideration when processing forms
• Scanner now supports NTLM authentication for proxy authentication
• Multiple DeepScan updates
• Comprehensive report updated to use time zone configured for the Acunetix user
• Added setting in settings.xml to choose the SSL cipher to be used by the scanner
• Integrated LSR logs are now stored for troubleshooting purposes
• Notify user when a client certificate is required but not configured for the target
• Improvements in macOS installation
• The PHP AcuSensor will now include stack traces
• Multiple LSR/BLR updates

Fixes

• Filter items sorted alphabetically
• Fixed a minor UI glitch in the multi-engine registration page
• Multiple fixes in SlowLoris detection
• Fixed scanner crashes
• Fixed a CSV injection in target export
• Fixed UI issues in the Target Groups page
• Fixed formatting for issues pushed to Jira
• Fixed issue when installing on Centos 8

Upgrade to the Latest Build

If you are already using Acunetix build 13.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

If you are using Acunetix build 12.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.