Update information

Latest Release Version 3.0 - 02/10/2022

• FEATURE Directory scanner replaced with an interactive website map. Map includes all files linked on a website.
• FEATURE Major framework detection has been added, this is a passive feature that causes no additional requests.
• FEATURE Multithreading added to the directory fuzzer, configurable within the application settings.
• FEATURE Request time added to the URL crawler, displayed next to the status code.
• FEATURE Basic and advanced scan preferences tabs have in introduced to allow arctil to be more inclusive.
• FEATURE Scope items have been added to advanced scan preferences.
• FEATURE File upload form detections has been added.
• FEATURE Page response inspector added the the website map, this allows users to view the code of individual files.
• FEATURE Detection for basic authentication over HTTP added to the URL crawler, this is a passive feature.
• CHANGE With the release of arctil version 3 you'll get to experience a brand new user interface.
• CHANGE Like always arctil 3 includes a brand new report design.
• CHANGE Specific information is now provided for missing security headers, additionally arctil will now check for more headers.
• CHANGE Improvements made to local file inclusion testing, arctil will now test for both Windows and Linux based vulnerabilities.
• CHANGE New identifiers added to full path disclosure detection.
• CHANGE Open directory listing is now checked on each found directory.
• CHANGE Updates made to default error page detection, now includes options for DJango, Ruby on Rails and more.
• CHANGE New about dialog added to the "help" menu.
• CHANGE URL crawler now filters out anchor links as these are essentially duplicate URL's.
• CHANGE Improvments made for WAF detections (inc. mod_security)
• CHANGE Various code improvments to improve efficiancy, maintainability and decrease filesize.
• CHANGE Points of interest now link to relevant arctil articles, CVE links removed from software versions.
• CHANGE HTTP request system has been re-written to be much more efficient and maintainable.
• CHANGE Changes made to the request limiting and queued scanning to randomize the delay between requests.
• CHANGE Updates made to URL redirect detection, feature now has a larger detection success rate.
• CHANGE Directory fuzzer now runs after the URL crawler and vulnerability scanner have complete, found directories are added to the website map.
• CHANGE Changes have been made to the way arctil handles directory traversal, ../ will now step up a directory.
• BUG FIX Tweaks have been made to the way arctil opens config files as to prevent errors during report creation.
• BUG FIX Fix added for same host URL's being marked as not local resulting in fewer URL's found.
• BUG FIX Issue relating to POST requests returning 400 status code has been resolved.
• BUG FIX Change made to cookie inspector to prevent segmentation faults.
• BUG FIX Issue resolved with the injection engine not detecting input fields.
• BUG FIX Fix added to the URL crawler to help prevent target URL's and files being incorrectly appended.

Previous Release Version 2.1.1 - 08/07/2022

• FEATURE Multi-language Support - Select or make your own language profile to use within the arctil application.
• FEATURE Scan With Cookie - Scan deeper into your target website by setting authentication cookies.
• FEATURE Cookie Inspector - Examine cookie contents using the built in cookie list and inspector.
• FEATURE LDAP Injection has been added to the injection engine allowing to test for common LDAP injection errors.
• FEATURE Settings Window - Introduction of a settings window to handle language and theme selction. More controls will come in future.
• FEATURE Information Leakage - arctil will now check web page HTML comments for common words such as username and password etc.
• FEATURE Queued Scanning - Crawl a site using the queued scanning profile, this helps prevent WAF detection as it reduces arctil to one scan at a time.
• FEATURE Scanning Profiles - 3 default scanning profiles added to arctil, see Scanning Profiles for more information.
• CHANGE Improvements to the way arctil tests for unvalidate redirect vulnerabilities.
• CHANGE Improved WAF detection built into the requests, now utilises waf.json file. "waf.json" filename cannot be altered anymore.
• CHANGE Increased the number of automatically detected JS libraries.
• CHANGE arctil has implemented the software package browser to open urls from the crawler list.
• CHANGE Improvements made to the ways arctil detacts SQL injections buy testing multiple ways to break the query.
• CHANGE A UNIX timestamp has been added to all application errors which are logged in error.log allowing for easier debugging.
• CHANGE Changes made to software detector allowing users to add custom software, currently does not support version detection.
• CHANGE Error 404 and 500 links are reported during the initial web crawl rather than during the scan.
• CHANGE Timestamp has been added to export files preventing file overwriting.
• CHANGE Max file size for scanned links lowered to 3MB to speed up scans and increase the chance of scanning relevant files.
• CHANGE Changes made to how arctil loads config.json should result in improved performance and requre less memory.
• BUG FIX Page request can now handle redirects set by Set-Cookie, if redirected arctil will try again once.
• BUG FIX JSON Escape string implemented to avoid parse errors resulting from XSS vulnerable URL's.
• BUG FIX Result export issue relating to directoies not being exported has now been resolved.
• BUG FIX Directory scanner has bee updated to help avoid duplicate directories being added to the directory scanner list.
• BUG FIX Changes have been made to the URL crawler to prevent files with URL parameters being excluded.
• BUG FIX Javascript Library Detection bug fixed relating to json file not being added to config.json during setup.

Previous Release Version 2.0.2 - 19/04/2022

• FEATURE Website Structure directory tree - Directories list changes to a treeview to simulate a file browser.
• FEATURE Scan Robots.txt for Directories - Check through the robots.txt file to check for directories, these directories are then added to the directory scanner.
• FEATURE JS Library Detection - Arctil will now check .js (javascript) files for common javascript libraries such as jQuery and Angular..
• FEATURE Blind SQL Injection - Arctil now checks for SQL injection using "Blind" testing methods. This does not rely on common SQL injection errors.
• FEATURE Missing Security Headers - Checks to see if industry security headers are in use. Checks look for: Strict-Transport-Security, Content-Security-Policy and X-Frame-Options.
• FEATURE Added CVE when version detected - When version numbers are detected on software arctil will add a CVE link.
• CHANGE WAF detection - Detector is now built into the page requests.
• CHANGE Scan Preview Dialog - When a new scan is started the user is presented with a dialog box confirming the scan preferences they have selected.
• CHANGE Preferences Window -> Dialog Window - Preferences window is changed to a dialog box box.
• CHANGE UI Tweaks - Found urls now have a background colour on alternative links.
• CHANGE Imporved SQLi Testing - Increased number of detection markers. Each url parameter is tested individually.
• CHANGE Improved Expose Phone Number Detection - Changes made to how the exposed numbers are detected, increase detection probability.
• CHANGE Improved vulnerability feedback - Display vulnerable parameter and payload (SQL Injection, Reflected XSS) XSS returns the vulnerable parameter and payload.
• CHANGE Basic WAF bypass added to LFI scanner - LFI scanner will only traverse 7 directories and has WAF detections and bypass built into the core.
• BUG FIX URL crawler bug fix relating to www. domain prefix. Simple fix to allow to detect different urls with www. prefix.
• BUG FIX URL duplicate same page different parameter Bug fix implemented for urls when the file is the same but the parameter value is different. e.g. index.php?id=1 and index.php?id=2
• BUG FIX LFI url request issue with incorrect url being passed has been fixed.

Release Version 2.0.1 - 26/03/2022

• No information is available.

Release Version 1.0.1 - 21/02/2022

• No information is available.