Skip to content

v1.5.0

Latest

Choose a tag to compare

@github-actions github-actions released this 30 Jun 16:52

Changelog

[1.5.0] — 2026-06-30

Added

  • Program Intelligence Engine: Added program intelligence engine and hunting playbook generator.
  • Advanced Testing Tools: Added ReDoS, supply chain, and multi-tenant isolation testing tools.
  • Coverage Heatmap: Added endpoint coverage heatmap with DB schema and query methods.
  • Second-Order Injection: Added detector for stored XSS, SSTI, SQLi.
  • Smart Wordlist Generator: Added tool with tech/industry vocabulary.
  • Business Logic Test Suite: Added tests for amount, coupon, quantity manipulation.
  • Blind Injection Hub: Added tool for XSS, SSTI, CMDi, SSRF via OOB.
  • Rate Limit Bypass: Added detection tool for rate limiting bypasses.
  • Auth Matrix Tool: Added IDOR and broken access control detection.
  • Specialized Scanners: Added SOAP, mobile manifest, and cloud credentials scanners.

Commit History

  • b4ba489 Add -draft-report CLI flag for AI-assisted report drafting
  • 3685075 Add AI JS analysis testing infrastructure
  • 3a25d81 Add AI tools to presets and update tests
  • 6cc3469 Add AI triage engine for false positive filtering
  • 81fc05a Add AI vulnerability detection for prompt injection
  • adc464e Add AI-powered JavaScript analysis for endpoint discovery
  • 77ec33d Add ASN, CVE, gRPC, Git scan tools and companion server APIs
  • 430b549 Add Arjun wrapper for hidden parameter discovery in scan stage 3
  • af951ae Add CORS OPTIONS preflight test
  • 8eda8de Add GitHub org member enumeration, expand chain builder, wire IDOR Obsidian export, fix lint
  • 0c2b997 Add GraphQL introspection bypass probes
  • 5972477 Add IDOR assistant for parameter clustering and testing
  • e48860c Add JWT HTTP response scanning and RS256 to HS256 confusion test
  • 1fd9c23 Add LLM integration infrastructure
  • e442f0f Add ReDoS, supply chain, and multi-tenant isolation testing tools
  • 6b19eeb Add SOAP, mobile manifest, and cloud credentials scanners
  • 8087f73 Add Web3, paste, cert, price, and dependency audit scan tools
  • bb5a225 Add auth matrix tool for IDOR and broken access control detection
  • 06dadff Add blind injection hub tool for XSS, SSTI, CMDi, SSRF via OOB
  • b29d818 Add business logic test suite for amount, coupon, quantity manipulation
  • cc5ebe0 Add custom adapter guide, case study, and update README links
  • cb2fa74 Add dynamic tool gating with shouldSkipTool in orchestrator
  • 945a2e7 Add email enumeration and swagger parser services
  • 21c33ed Add encoding bypasses to 403 bypass tester
  • aee677e Add endpoint coverage heatmap with DB schema and query methods
  • b23e6e6 Add false positive confidence scoring and filtering to reports
  • 3a80038 Add interactsh OOB URL context and first-run execution
  • 0603d9d Add multiple payload formats for AI prompt injection testing
  • cbe7c17 Add native Go security scanners: CORS, 403 bypass, JWT, open redirect
  • f5fc9f4 Add program intelligence engine and hunting playbook generator
  • 4ce11c5 Add rate limit bypass detection tool
  • d6488ef Add second-order injection detector for stored XSS, SSTI, SQLi
  • 5b3ac29 Add smart wordlist generator tool with tech/industry vocabulary
  • af38fe7 Add unit tests for dynamic tool gating logic
  • 230d90f Add validate-config CLI option and resolve make validate target
  • a639548 Decouple security tools from services and implement domain/recon ScanContext
  • 6f7708d Downgrade Go version to 1.23 and adjust Grype DB age limit
  • e22c8da Enrich Diff struct with ChangeReasons for context-aware diffs
  • 8bde20f Expand GraphQL scanner with query batching, mutations, and IDOR testing
  • db75b04 Fix CI issue
  • a90e372 Fix IDE lint warnings and update secret scanner patterns
  • ba6324e Fix bypass403 false positive rate and OpenAI chat completions delegation
  • 609696e Fix code problems, lints, and CI workflow errors
  • 01e074e Implement CPU scaling and process niceness for low-resource mode
  • bcdd273 Implement Gemini-powered LLM report drafting in app_output.go
  • 6bb0d20 Implement HTTP Request Smuggling detector for CL.TE and TE.CL
  • dd1024a Implement HackerOne and Bugcrowd API program profile auto-loader
  • b56d5cb Implement JS change detection and diff reporting in JSAnalyzer
  • 15b5f39 Implement LLM-assisted noise triage engine for scan findings
  • c440f94 Implement OAuth 2.0 flow tester for CSRF, open redirects, and PKCE bypass
  • 2c370d0 Implement Prototype Pollution detector with client and server-side testing
  • 598f5bd Implement Race Condition tester for state-changing endpoints
  • 002f81b Implement WebSocket security tester for CSWSH and Origin validation
  • 35c4af1 Implement auto CTEM transitions and integrate scanner presets
  • 972396f Implement contextual AI bug bounty report drafting
  • f990b99 Implement false positive confidence scoring engine with corroboration and configurable threshold
  • 7eff4c1 Implement host header injection and cache poisoning detector
  • 6404b76 Implement loopback auto-authentication for web dashboard
  • f4cd7df Implement tech stack fingerprinting and targeted nuclei mapping
  • 4b8e997 Implement vulnerability chain analysis and attack path reporting
  • 870210a Increase test coverage for scope engine and raise CI threshold
  • c3ffe09 Inject custom header context into Gowitness adapter scans
  • b8053e9 Merge cache into main SQLite database and batch worker pool queries
  • 206f72b Optimize TUI, resolve client data races, upgrade dependencies, and register active probe tools
  • 735651d Redesign dashboard with dark cybersecurity theme and update docs
  • cab3bbf Refactor dashboard frontend into standalone embedded static files
  • 9dd114f Refactor domain recon code for cleaner implementation
  • bbf3d2e Refactor report generator by splitting god-class
  • 94f288f Refactor scorer environment switch for cleaner code
  • d241f59 Refactor server entrypoint into lifecycle, routing, and middleware
  • ad4bfc2 Register CORS, 403 bypass, JWT, open redirect adapters in registry
  • 7c9e619 Register GraphQL and OAuth flow tester as default tools and doctor diagnostics
  • 372bcf6 Remove false-positive shodan_key pattern from secrets scanner
  • 8a7ffeb Update TUI demo recording to terminal.gif
  • 7bad0d6 Wire interactsh OOB URL to nuclei and dalfox
  • 799c372 chore: prepare v1.5.0 release