v2.0
improvements
analyzer
- issue description, recommendations and even references are fetched from a TOML file.
- recommendations and references for issues are shown at the end of the analysis.
- allow issue descriptions/recommendations to be translated (currently english and german are available).
- HTTP parser/analysis:
- add parser for
curl
(i.e. HTTP index request) - show the actual
max-age
value for HSTS - make regex (in the recommendation document) more readable
- look for CSP declared via
meta
element
- add parser for
- TLS analysis:
- allow recommendations for cipher suites to be specified via conditionals (e.g. when the
encrypt_then_mac
extension is used, etc) - add recommendation based on BSI TR-02102-2
- allow recommendations for cipher suites to be specified via conditionals (e.g. when the
scanner
- speed up Nmap scans: only use the UDP scan option (
-sU
) when the service's transport protocol actually is UDP - add more XML output options to some commands in the scan config
misc
- replace external TOML library with internal; this requires Python 3.11
- improve project documentation
- several bug fixes
contributions
several users have made contributions (via PRs, issues or private messages) for release:
thank you very much!