Netsparker
هو عبارة عن برنامج فحص أو ماسح لخوادم الويب
أي Web Application Security Scanner
والشركة المنتجة لا تقوم بإنتاج أي منتج آخر
ولهذا تركيزهم كله منصب على هذا البرنامج الرائع
الماسح Netsparker يمتاز بإمكانيات متعددة منها:
إكتشاف ثغرات SQL Injection
إكتشاف ثغرات Cross-site Scripting أو XSS
إكتشاف ثغرات Local File Inclusion أو ما يعرف بـ LFI
إكتشاف ثغرات Remote File Inclusions أو ما يعرف بـ RFI
إكتشاف Remote Code Injection / Evaluation
وجود Integrated Exploitation Engine
بداخله يمكنك من إستغلال الثغرة في حالة إكتشافها …
التعامل مع عدة أنظمة تخص الـ Authentication مثل Basic Authentication و NTLM Authentication و Digest Authentication وغيرها
كونه يحتوي على Exploitation Engine
فذلك يمكنه من عمل بعض الـ Post-Exploitation
إكتشاف صفحات الخلل 404 الخاصة
إكتشاف إمكانية عمل OS Level Command Injection على الخادم
وغيرها الكثيير جداً، لمعرفتهم جميعهم أقرأ
هو عبارة عن برنامج فحص أو ماسح لخوادم الويب
أي Web Application Security Scanner
والشركة المنتجة لا تقوم بإنتاج أي منتج آخر
ولهذا تركيزهم كله منصب على هذا البرنامج الرائع
الماسح Netsparker يمتاز بإمكانيات متعددة منها:
إكتشاف ثغرات SQL Injection
إكتشاف ثغرات Cross-site Scripting أو XSS
إكتشاف ثغرات Local File Inclusion أو ما يعرف بـ LFI
إكتشاف ثغرات Remote File Inclusions أو ما يعرف بـ RFI
إكتشاف Remote Code Injection / Evaluation
وجود Integrated Exploitation Engine
بداخله يمكنك من إستغلال الثغرة في حالة إكتشافها …
التعامل مع عدة أنظمة تخص الـ Authentication مثل Basic Authentication و NTLM Authentication و Digest Authentication وغيرها
كونه يحتوي على Exploitation Engine
فذلك يمكنه من عمل بعض الـ Post-Exploitation
إكتشاف صفحات الخلل 404 الخاصة
إكتشاف إمكانية عمل OS Level Command Injection على الخادم
وغيرها الكثيير جداً، لمعرفتهم جميعهم أقرأ
معلومات البرنامج :
إسم البرنامج : Netsparker Professional
سعر البرنامج : 16,000 دولار أمريكي ترخيص ثلاث سنوات
يعني سعر البرنامج بالجنيه المصري 280 الف جنيه مصري للترخيص
يعني سعر البرنامج بالجنيه المصري 280 الف جنيه مصري للترخيص
إصدار البرنامج : v4.9.5.18523
الترخيص : الترخيص ثلاث سنوات ولكن تم عمل تفعيل مدى الحياه
ملحوظة هامة جداً :
البرنامج غير مجاني .
تم كسر البرنامج ليصبح النسخه المدفوع مدى الحياة $$ .
ميزات جديدة في تحديث أخر اصدار :
Users can now preconfigure local/session web storage data for a website.
Added a new send to action to send e-mails.
Added HTTP Header Authentication settings to add request HTTP Headers with authentication information.
Added CSV file link importer.
Parsing of form values from a specified URL.
Added custom root certificate support for manual crawling.
Added gzipped sitemap parsing support.
NEW SECURITY CHECKS
Added reflected "Code Evaluation (Apache Struts 2)" security check (CVE-2017-12611).
Added "Remote Code Execution in Apache Struts" security check. (CVE-2017-5638).
IMPROVEMENTS
Renamed "Important" severity name to "High".
Updated external references for several vulnerabilities.
Improved default Form Values settings.
Improved scan stability and performance.
Added Form Authentication performance data to Scan Performance knowledgebase node.
Added "Run only when user is logged on" option to the scan scheduling.
Added a warning before the scan starting if there are out of scope links in imported links.
Improved Active Mixed Content vulnerability description.
Improved DOM simulation for events attached to document object.
Added "Alternates", "Content-Location" and "Refresh" response header parsing.
Removed "Disable IE ESC" requirement on Windows server operating systems.
Improved Content Security Policy (CSP) engine performance by checking CSP Nonce value per directory.
Changed sqlmap payloads to start with sqlmap.py, including the .py extension.
Added --batch argument to sqlmap payloads.
Removed Markdown Injection XSS attack payloads.
Filtered out irrelevant certificates generated by Netsparker from client certificate selection dropdown on Client Certificate Authentication settings.
Added highlighting for detected out of date JavaScript libraries.
Added ALL parameter type option to the Ignored Parameters settings.
Added gtm.js (Google Tag Manager JS library) to the default excluded scope patterns.
Added an option to export only PDF reports without HTML.
Added -nohtml argument to CLI to create only pdf reports.
Updated the Accept header value for default scan policy.
Added CSS exclusion selector supports frames and iframes.
Added embedded space parsing for JavaScript code in HTML attribute values.
Added scan start time information to the dashboard.
Skip Phase button is disabled if the phase cannot be skipped.
Added validation messages for invalid entries on start new scan dialog sections.
Added parsing source information to Scanned URLs List and Crawled URLs List (JSON) reports.
Added highlight support for password transmitted over HTTP vulnerabilities.
Email disclosure will not be reported for email address used in form authentication credentials.
Added focus and blur event simulation for form authentication set value API calls.
Uninstaller now checks for any running instances.
Internal proxy now serves the certificate used through HTTP echo page.
Added spell checker for Report Policy Editor.
Added an error page if any internal proxy exception occurs.
Added more information about the HTML form and input for vulnerabilities found on HTML forms.
Added a JavaScript option to specify JavaScript cookies to persist across authentication and DOM simulation.
Extensions on the URLs are handled by the custom URL rewrite rule wizard.
Added Parameter Value column to Vulnerabilities List CSV report.
Added match by HTML element id for form values.
Added "Ignore document events" to JavaScript settings to ignore triggering events attached to document object.
Improved Windows Short Filename vulnerability details Remedy section.
Improved scan policy security check filtering by supporting short names of security checks.
Improved Burp file import dialog by removing the file extension filter.
Improved table column widths on several reports.
Updated default User-Agent HTTP request header string.
URL Rewrite parameters are now represented as asterisks in sqlmap payloads.
FIXES
Fixed the InvalidOperationException on application exit.
Fixed CSRF vulnerability reporting on change password forms.
Fixed Email Disclosure highlight issue where only the first email address is highlighted when there are multiple email addresses on the page.
Fixed case sensitivity checks while matching ignored parameters, now it matches case sensitive.
Fixed the incorrect progress bar value displayed when a scan is imported.
Fixed the incorrect disabled external references section in WordPress Setup Configuration File template.
Fixed up/down movement issue on Form Values when multiple rows are selected.
Fixed various source code disclosure issues.
Fixed an escaping issue with CSS exclusion selectors.
Fixed the issue where the basic authentication credentials are not being sent on logout detection phase.
Fixed a NullReferenceException when an invalid raw request is entered in request builder.
Fixed HTTP Request Builder where it does not set request method to POST if the selected method is PUT.
Fixed the issue where the response URL is displayed in the vulnerability details.
Fixed the issue where some links were not excluded from scan from sitemap.
Fixed enabled security check group with all security checks within are disabled.
Fixed a random DOM simulation exception occurs when site creates popup windows.
Fixed a RemotingException occurs on Form Authentication Verifier.
Fixed a possible NullReferenceException on Form Authentication.
Fixed the message dialog windows displayed by the 3rd party component on Form Authentication Verification.
Fixed the broken form authentication custom script when the last line of the script is a single line comment.
Fixed certificate search in store by subject name returns matches without exact subject names.
Fixed ESC key handling on message dialogs.
Fixed huge parameter value deserialization memory usage.
Fixed an issue with Load New License occurs when the source and destination license files are same.
Fixed the issue where the parsing source is set to Unspecified for links found by resource finder in reports.
Fixed the incorrect sitemap representation of excluded nodes when a scan is imported.
Fixed the wrong URLs added with only extension values.
Fixed the logout detection portion of form authentication verification where it was not using the configured proxy.
Fixed the message overflow issue in the out of scope link warning dialog.
Fixed a NullReferenceException which may be thrown while importing a swagger file.
Fixed the incorrect Skip Current Phase button state when scan phase is changed
Fixed internal proxy throwing when certain browsers do not send the full URL with the initial request.
Fixed an issue in which the form authentication is not being triggered on retest.
Fixed StackOverflowException in swagger parser thrown while parsing objects containing circular references.
Fixed a swagger file parsing issue where target URL should be used when host field is missing.
Fixed swagger importer by ignoring any metadata properties.
Fixed the empty request/response displayed for some sitemap nodes with 404 response.
Fixed the autocomplete issue in Content-Type header in Request builder
Fixed a NullReferenceException occurs during DOM simulation.
Fixed the incorrect URLs parsed on attack responses.
Fixed the redundant duplicate HTTP requests issued by Web App Fingerprinter.
Fixed show/hide issue for Dashboard and Sitemap panels.
Fixed the issue where Retest All button disappears after a Retest.
Fixed the issue where the dollar sign in imported URL is encoded after scan.
Fixed the empty request/response header issue for links discovered during attacking.
Fixed ignore parameter issue for parameters containing special characters.
Fixed a NullReferenceException that occurs for select elements missing option elements on multipart requests.
Fixed missing vulnerabilities requiring late confirmation for incremental scans.
Fixed a NullReferenceException may occur on iframe security checks.
Fixed the exception that occurs while adding duplicate POST parameters with the same name in Request builder.
Added a new send to action to send e-mails.
Added HTTP Header Authentication settings to add request HTTP Headers with authentication information.
Added CSV file link importer.
Parsing of form values from a specified URL.
Added custom root certificate support for manual crawling.
Added gzipped sitemap parsing support.
NEW SECURITY CHECKS
Added reflected "Code Evaluation (Apache Struts 2)" security check (CVE-2017-12611).
Added "Remote Code Execution in Apache Struts" security check. (CVE-2017-5638).
IMPROVEMENTS
Renamed "Important" severity name to "High".
Updated external references for several vulnerabilities.
Improved default Form Values settings.
Improved scan stability and performance.
Added Form Authentication performance data to Scan Performance knowledgebase node.
Added "Run only when user is logged on" option to the scan scheduling.
Added a warning before the scan starting if there are out of scope links in imported links.
Improved Active Mixed Content vulnerability description.
Improved DOM simulation for events attached to document object.
Added "Alternates", "Content-Location" and "Refresh" response header parsing.
Removed "Disable IE ESC" requirement on Windows server operating systems.
Improved Content Security Policy (CSP) engine performance by checking CSP Nonce value per directory.
Changed sqlmap payloads to start with sqlmap.py, including the .py extension.
Added --batch argument to sqlmap payloads.
Removed Markdown Injection XSS attack payloads.
Filtered out irrelevant certificates generated by Netsparker from client certificate selection dropdown on Client Certificate Authentication settings.
Added highlighting for detected out of date JavaScript libraries.
Added ALL parameter type option to the Ignored Parameters settings.
Added gtm.js (Google Tag Manager JS library) to the default excluded scope patterns.
Added an option to export only PDF reports without HTML.
Added -nohtml argument to CLI to create only pdf reports.
Updated the Accept header value for default scan policy.
Added CSS exclusion selector supports frames and iframes.
Added embedded space parsing for JavaScript code in HTML attribute values.
Added scan start time information to the dashboard.
Skip Phase button is disabled if the phase cannot be skipped.
Added validation messages for invalid entries on start new scan dialog sections.
Added parsing source information to Scanned URLs List and Crawled URLs List (JSON) reports.
Added highlight support for password transmitted over HTTP vulnerabilities.
Email disclosure will not be reported for email address used in form authentication credentials.
Added focus and blur event simulation for form authentication set value API calls.
Uninstaller now checks for any running instances.
Internal proxy now serves the certificate used through HTTP echo page.
Added spell checker for Report Policy Editor.
Added an error page if any internal proxy exception occurs.
Added more information about the HTML form and input for vulnerabilities found on HTML forms.
Added a JavaScript option to specify JavaScript cookies to persist across authentication and DOM simulation.
Extensions on the URLs are handled by the custom URL rewrite rule wizard.
Added Parameter Value column to Vulnerabilities List CSV report.
Added match by HTML element id for form values.
Added "Ignore document events" to JavaScript settings to ignore triggering events attached to document object.
Improved Windows Short Filename vulnerability details Remedy section.
Improved scan policy security check filtering by supporting short names of security checks.
Improved Burp file import dialog by removing the file extension filter.
Improved table column widths on several reports.
Updated default User-Agent HTTP request header string.
URL Rewrite parameters are now represented as asterisks in sqlmap payloads.
FIXES
Fixed the InvalidOperationException on application exit.
Fixed CSRF vulnerability reporting on change password forms.
Fixed Email Disclosure highlight issue where only the first email address is highlighted when there are multiple email addresses on the page.
Fixed case sensitivity checks while matching ignored parameters, now it matches case sensitive.
Fixed the incorrect progress bar value displayed when a scan is imported.
Fixed the incorrect disabled external references section in WordPress Setup Configuration File template.
Fixed up/down movement issue on Form Values when multiple rows are selected.
Fixed various source code disclosure issues.
Fixed an escaping issue with CSS exclusion selectors.
Fixed the issue where the basic authentication credentials are not being sent on logout detection phase.
Fixed a NullReferenceException when an invalid raw request is entered in request builder.
Fixed HTTP Request Builder where it does not set request method to POST if the selected method is PUT.
Fixed the issue where the response URL is displayed in the vulnerability details.
Fixed the issue where some links were not excluded from scan from sitemap.
Fixed enabled security check group with all security checks within are disabled.
Fixed a random DOM simulation exception occurs when site creates popup windows.
Fixed a RemotingException occurs on Form Authentication Verifier.
Fixed a possible NullReferenceException on Form Authentication.
Fixed the message dialog windows displayed by the 3rd party component on Form Authentication Verification.
Fixed the broken form authentication custom script when the last line of the script is a single line comment.
Fixed certificate search in store by subject name returns matches without exact subject names.
Fixed ESC key handling on message dialogs.
Fixed huge parameter value deserialization memory usage.
Fixed an issue with Load New License occurs when the source and destination license files are same.
Fixed the issue where the parsing source is set to Unspecified for links found by resource finder in reports.
Fixed the incorrect sitemap representation of excluded nodes when a scan is imported.
Fixed the wrong URLs added with only extension values.
Fixed the logout detection portion of form authentication verification where it was not using the configured proxy.
Fixed the message overflow issue in the out of scope link warning dialog.
Fixed a NullReferenceException which may be thrown while importing a swagger file.
Fixed the incorrect Skip Current Phase button state when scan phase is changed
Fixed internal proxy throwing when certain browsers do not send the full URL with the initial request.
Fixed an issue in which the form authentication is not being triggered on retest.
Fixed StackOverflowException in swagger parser thrown while parsing objects containing circular references.
Fixed a swagger file parsing issue where target URL should be used when host field is missing.
Fixed swagger importer by ignoring any metadata properties.
Fixed the empty request/response displayed for some sitemap nodes with 404 response.
Fixed the autocomplete issue in Content-Type header in Request builder
Fixed a NullReferenceException occurs during DOM simulation.
Fixed the incorrect URLs parsed on attack responses.
Fixed the redundant duplicate HTTP requests issued by Web App Fingerprinter.
Fixed show/hide issue for Dashboard and Sitemap panels.
Fixed the issue where Retest All button disappears after a Retest.
Fixed the issue where the dollar sign in imported URL is encoded after scan.
Fixed the empty request/response header issue for links discovered during attacking.
Fixed ignore parameter issue for parameters containing special characters.
Fixed a NullReferenceException that occurs for select elements missing option elements on multipart requests.
Fixed missing vulnerabilities requiring late confirmation for incremental scans.
Fixed a NullReferenceException may occur on iframe security checks.
Fixed the exception that occurs while adding duplicate POST parameters with the same name in Request builder.
صورة من صفحة بيع البرنامج :
مشاهدة فيديو الاستخدام :
تحميل البرنامج :
تحميل البرنامج - Download Software
باسورد فك الضغط : Dr.FarFar
Zip Password : Dr.FarFar
تحياتي
إرسال تعليق