Release on July 23, 2024
July 23rd, 2024
Enhancements
- Referencing OTP objects:
- Old syntax:
{{ authobject.otpToken1 }}
- New syntax:
{{ authobject.otps.<OTPNAME> }}
- all current tokens will be named "token1" so you will use{{ auth_object.otps.token1 }}
. OTP names can be modified to any name consisting of alphanumeric characters and underscore_
only.
- Old syntax:
- Referencing stages (Custom API flow): Stage names will no longer be restricted to starting with the
stage.
They can consist of alphanumeric characters and underscore_
only. The termany
is a reserved name and cannot be used.- Old syntax:
{{ auth_object.<STAGE_NAME>.request.headers }}
or{{ auth_object.any_stage.request.headers }}
. You can refer to request/response and headers/body/URL as usual, where the<STAGE_NAME>
must start with the stage). - New syntax:
{{ auth_object.stages.<STAGE_NAME>.request.headers }}
or{{ auth_object.stages.any.request.headers }}
. Existing authentication objects will be upgraded automatically.
- Old syntax:
- Enhanced crawler logic: Improved the crawler logic to identify more Entrypoints, which expands the attack surface. Users may notice increased crawling and scanning times as a result. New discoveries will reveal more entrypoints, so users should select their attack surface carefully to manage scan times. Legacy scans may also experience longer crawling and testing times due to the expanded attack surface.