Welcome to our official feedback forum. Do you have an idea? Do you have a bug that you want to report. Please do it from here. You can sign up for an account to keep track of your feature requests and bugs but you don't have to.
You can always use support@mavitunasecurity.com or give us a call for support as well.
-
33 votes
Ability to Change Scan Settings When Scan Paused
In the middle of the scan, after the pause, I may want to;
1. update the cookies perhaps
2 or change the proxy settings
3 or increase the number of threads
e.t.c.
Status: plannedThanks for the suggestion.
I think this is one of he most requested features. It'll be done before 13/10/2009.
-
21 votes
Internal Proxy Feature and Manual Crawling/Auditing
A proxy plugin is a must. This will also enable us to crawl/audit manually which sometimes stand as a last resort to scan some of the complex site parts.
Status: startedThanks for the feature request.
We finished the development of the proxy however integration with Dilemma might take a while. We don't have a decided time for it now, I'll try to keep you updated.
-
17 votes
HTTP Method Generator
A feature that most tools miss on having is a good old HTTP Method Generator.
What I am looking for a HTTP Method Generator which supports multi-threading, so that we can use the same to generate multiple requests to the server.The second feature that I would Love this tool to have is a HTTP U... more
Status: under reviewThanks for the feature request,
In the long term we might add such a feature but I think many fuzzers can handle this task, (some of them might require a little bit tweaking). You can an HTTP fuzzer with raw HTTP request fuzzing feature with this kind of attack. I think all fuzzers in OWASP projects supports that.
To be honest we prefer to focus on issues that you can't easily or adequately solve with current tools. We are considering developing a fuzzer alike functionality in the long run but I think it'll take a bit while for us to get there.
Thanks again,
-
15 votes
Analyzing Web Services
In the long term a web services attack analysis plugin is needed. It doesn't have to cover all of the implementation types and can be basic first.
Status: plannedThanks for the suggestion.
This is a planned feature however due to the current workload, there is a high possibility we might not finish it in the first version. Although as soon as we got time we are going to add this.
-
12 votes
Smooth Management of Exclude/Include Links
Instead of using a single regex, "write/add" approach might be easier for the end user. You choose the semantic first; exclude or include. Then uou write the regex and hit the add button, which adds it to a table row. Then you can edit or remove it.
-
10 votes
Add SOCKS proxy support
add SOCKS proxy support
-
9 votes
executive Summary
it would be nice to have good presentable reports to executives who do not understand technical details about stuff but would like to know the report as how many high medium , low findings with some fancy histogram, bar, pie chart.
Status: plannedHi,
We added a better reporting in the latest release however it's still not shiny enough :)
We are working on that, hopefully we'll improve the report and make it more friendly for management.
Thanks for the feature request.
-
9 votes
Skip tests for specific folder\file after crawling
Situation: After crawling step, you see that some file\folder shouldn't be tested. It would be perfect! If you could right click and skip tests in this folder\files.
Status: plannedVery good idea,
We added this to our list, hopefully will be available in the next release or the one after that.
Thanks a lot
-
9 votes
Comprehensive list of tests
Do you have documentation of all of the tests that will eventually make it into this product? Is the list that is available now the final list? Test that are obviously missing are Cross-site Request Forgery, Link Injection, Phishing through Frames, and others.
Will these types of tests be available?
Status: completedUPDATE:
Hey Jay,
Here is the list of Netsparker features. It's not too detailed but should answer many of your questions.
http://www.mavitunasecurity.com/netsparker/
Also you can always reach us to ask more detailed questions: support(at)mavitunasecurity.com - http://www.mavitunasecurity.com/contact/
------------------
Hi,We are working on such a document and hopefully it'll be finalised in 2 weeks. It hasn't yet since we are still adding features, new engines and increasing our coverage.
According to the second question, we are not planning to add CSRF for another couple of months but a generic "Content Injection " issue is planned which hopefully will cover link injection, frame/iframe link injection issues.
I'll try to keep you posted about the status of these possible new engines.
Cheers,
-
9 votes
Suggestion for report customization
I would like to request for a feature that lets us choose which vulnerability is to be added to the report. Or a feature where we can have only the "High" or say confirmed vulnerabilities reported in the report.
Status: plannedIt's a very good idea and added to our to do list.
Our reporting is a bit weak, we'll do a big update on it. Also we are lacking some compliance reports hopefully these and other features will be added soon to reporting.
-
7 votes
Explanation of Manage Settings
Some of the settings in "manage/advance settings" are unclear; AnalyzeAttacks, AutoConfirm
Status: plannedWe are planning to add a new Settings / Options window which allow users to see all the setting in a detailed and categorised way.
-
6 votes
Enterprise Vulnerability Scanning
This is an idea. It can be implemented as a plugin or more like a port of Dilemma. One may call it "Lightweight Enterprise Vulnerability Scan";
Scope:
Internet Facing >200 Servers,Goal:
I'd like a tool acting like a sentinel, given IP ranges, constantly scanning the netw... moreStatus: under reviewWe are planning to introduce such a feature, however I think it'll be after the initial public release.
But quite soon we are going to support new command line options for automation. Until we introduce a feature like this as a workaround command line options can be used.
I'll keep you posted about this feature and new Command Line Options. We already implemented them but there are some limitations and bugs. We'll clear them and release it.
-
6 votes
Exclude parameters
In some applications, it is necessary to "lock" a certain parameter to a specific value. For example, an "environment id", this should not be changed or fuzzed, any other value and you may be touching on e.g. production data. Changing this parameter may cause damage, and would... more
Status: plannedIt's a very good point. We are planning to add this to Release Candidate, so it might take a while.
But as workaround for now you can edit "IgnoreParameters.xml" located in "Mavituna Security\Dilemma\Resource"
Do not forget to restart it after changing that XML file. It'll globally effect to all scans.
Hope that helps until we do it right :)
-
6 votes
Custom Http Header support like custom cookies
It'd be nice set custom Http Headers for scans.
Status: plannedThanks for the feature request,
We are planning to add these feature soon. It might take about 2-3 releases before adding it but it'll go into a new menu with all other advanced options and extra tweaking.
Regards,
-
6 votes
DoS Protection
in order to avoid DoS situation, form submit number should be limited in configuration manually or automatically.
Status: plannedVery important point, we are going to add this soon. Also we are planning introduce some new limits to the forms with so many parameters so attacking phase would be faster.
Thanks for the feature request, I'll keep you posted about this feature.
Cheers,
-
6 votes
-
5 votes
An auxiliary fuzzer tool
Fuzzers can be usefull to find some vulnerabilitys in web apps. Maybe a fuzzer as an auxiliary tool will be great!
Status: under reviewIn the long run we are planning more integrated tools such as fuzzer, proxy, brute force etc.
But for now we are trying to focus on the detection and exploitation as there are many tools for fuzzing. However when it comes to scanning, detecting and exploiting there are not many good tools out there, hopefully we'll first get this right then we'll start adding new features like fuzzer.
I don't know how long it's going to take to get there :) But that's the plan.
Thanks for the request, I'll keep this under review and see what other testers and users think about it. We might consider adding a fuzzer earlier than planned.
-
4 votes
Able to queue multiple domains or have multi site projects
a lot of times we get multiple domains to test, it would be useful to either be able to submit multiple sites as a project or just be able to queue sites to run in succession.
Status: plannedThanks for the feature request.
We are planning to add such a feature in the long run.
I know it's not that convenient but as a workaround you can open new instances of Netsparker. However this won't queue but run the tests simultaneously.
Kind Regards,
-
3 votes
captcha support
Status: under reviewWe are planning to add such a functionality in the long run but to be honest it might take a while to get there.
Cheers,
-
3 votes
Referer header doesn't match spider results
The referer header said a request came from http://example.com/scripts/boxover.js however, the sitemap did not have a /scripts/boxover.js listed as being found or crawled. I need to be able to trace requests and determine if they are part of a standalone test, or part of a series of transactions.
