We’re excited to announce the release of SmartScanner 2.0, a significant update that builds upon the solid foundation of SmartScanner 1.x. This new version introduces several key improvements and new features designed to enhance your vulnerability scanning process, along with early-stage CICD integration possibilities.
New Features at a Glance
CLI Tool: sms
SmartScanner 2.0 introduces a new command-line interface tool called sms. This tool opens up basic opportunities for integrating vulnerability scans into your CI/CD pipelines. While the integration is still in its early stages—not yet fully seamless or highly scalable—it provides a useful starting point for automation and scripting. With sms, you can:
- Automate Scanning: Trigger scans as part of your build process.
- Streamline Workflows: Use simple scripts to execute scans and generate reports without the overhead of a graphical interface.
Learn more about sms SmartScanner command line interface.
Expanded Vulnerability Testing
- IDOR Testing: New tests now cover Insecure Direct Object Reference (IDOR) vulnerabilities, helping you identify potential unauthorized access issues.
- Fuzzing Capabilities: Fuzzing tests have been incorporated into scan configurations to enhance the detection of unexpected vulnerabilities.
- Customizable Crawl Depth: Setting the crawl depth to zero now limits the scan to the input URL only, preventing unnecessary crawling of additional pages.
- Selective Subdomain Scanning: By default, subdomains are no longer scanned, reducing extraneous network requests.
Improvements and Updates
Enhanced Accuracy and Performance
- Reduced False Positives: Adjustments to passive tests have minimized false positives, so you spend more time addressing real security issues.
- Improved Performance: Optimizations in scanning and crawling processes lead to faster execution times and more efficient resource usage.
- Bug Fixes: We’ve resolved issues with manual login and improved input URL validation to ensure a smoother scanning experience.
- UI Adjustments: Minor tweaks have been made to enhance the overall user experience.
Updated Vulnerability Rules
Our detection rules have been updated to better identify vulnerabilities in popular software:
System Requirements Update
To focus on delivering improved performance and security, we’ve updated our system requirements:
- 32-bit Systems Dropped: We are now optimized for 64-bit systems, leveraging modern processor capabilities and enhanced memory management.
- Windows 10 Support: Only Windows 10 version 1809 and above are supported, ensuring compatibility with the latest security features and performance improvements.
- Chromium Upgrade: Embedded Chromium has been updated to version 122, providing better compatibility and security.
A Look Towards the Future
While the new CLI tool sms provides promising avenues for integrating security scans into CI/CD workflows, we recognize that there’s still room for improvement. The current implementation offers a foundational level of automation, and we’re committed to refining it further in future releases to better meet the needs of larger and more complex environments.
Conclusion
SmartScanner 2.0 is a meaningful step forward in our commitment to enhancing web security testing. With new features like the CLI tool, expanded vulnerability testing, and essential performance improvements, this release aims to streamline your scanning process—even as we continue to work on making integrations smoother and more scalable.
We invite you to try out SmartScanner 2.0 and explore its new capabilities. Your feedback is invaluable as we strive to make each release even more effective and user-friendly.
Happy scanning!
