Penetrator 47 – June 2020

-AI Processing

A new AI-Processing menu has been created. Here you can configure AI processing of scans and view the targets where AI processing has occurred.

Page AI-Processed Scans shows the list of targets where AI processing has been launched and has determined that one or more vulnerabilities are false positives.

In the list, the scan status is “AI-processed scan” and a little robot icon is shown. Clicking on the target IP, the complete list of vulnerabilities is shown, and those marked as False Positives by the AI processor are displayed with a green bug icon. Here you can manually add or remove false positives.

AI and manually-added false positives are displayed with a different icon.

To simplify the management of long lists of vulnerabilities, this page also allows to separately hide AI and manually-added false positives by simply clicking on the two check boxes on top of the list. The same filter has also been added to all the lists where the vulnerabilities for a scan target are shown.

If you un-mark an AI-added false positive and then you add it again to false positives, it will be added as a Manually-added false positives.

 
 

Penetrator 47 Firmware release

The second page in the AI menu allows to configure the behavior of the AI processor. You can:

-Turn on/off the AI processor.

-Turn on/off the AI learning algorithm. The AI learning uses the result of past scans to improve the behavior of the AI processor on the next scans.

-Alter some trigger values: Minimum probability of being a false positive is the minimum probability that a vulnerability

must reach to be considered a false positive; Minimum number of similar vulnerabilities is the minimum number of similar vulnerabilities that must exist on the same target. When both conditions are met, a vulnerability is automatically marked as false positive.

-Alter the algorithm for computing the probability of the previous case.

In this page you can also cleanup the database of false positives detected by the AI processor. This will permanently wipe out the memory of past scans that the AI processor uses to learn and improve false positive detection on new scans. This action cannot be undone.

 
 

 

-Scan Notifications

The setup of scan notifications has been simplified. Scan notification can be configured when creating or modifying a Template. Now you can easily specify under which circumstances a notification must be sent at the end of a scan, and whether a scan report must be attached or not.

-Items in lists

The number of items in the lists can be configured in the System > Pagination page. Here you can configure the number of items in the lists separately for the home page and the other pages.

This is the initial number of items that will be displayed when the list is first shown. The list of items in every list can temporarily be changed through the drop-down menu on top of every list, and range from “10” to “All”.

 

 
 

 

-And…

-All connected network adapters are shown on right panel and under the menu

-Domain names with special characters like ü ö æ ø etc. are allowed

-The Scan Processing window shows date and time instead of just the time. This is useful on scans that span on multiple days

-Option to add IP addresses separated by blanks or newlines, to simplify the data entry of IP addresses

-OWASP 2017 list has replaced old OWASP 2013

-When the scan name is too long, there were parts of the text overlapping in the report

-Report issue: there was no image for some operating systems

-Report bugfix: When the description contains an Impact with a HTML indent <>, the content is interpreted as HTML and is not displayed

-On the report, red, orange yellow and green colors have been changed when not used with the meaning of Severity

-On the report, the PCI-DSS information is displayed when the profile is OWASP-10

-New function to load Vhosts for a target from a CSV file has been added to Advanced Settings

-Big scans at 100% but not ending

-Deletion of large scans could cause the unit hang for a long time

-New default image in the Interface Branding page

-New layout for the tables in the home page, with filtering, sorting and paging

-Charts on the home page can start growing in height under some circumstances

-Some pages still show in the old layout

-Error "Invalid day or Month" could be issued when editing an "On Date" scheduled scan

-In some cases the sub-menu closed immediately after being opened

-When the scan of a CIDR is repeated, the targets were displayed in a random order

-Console: New function to set DHCP, error fixed in option 9, option to display MAC Address

-When creating a scan on an IP address the Vhost is not automatically added. Since it may cause a delay in the scan

-The Unit ID is cleaned on a factory reset

-After getting the handshake, the dictionary crack wouldn't start

-Bugfix: the form to submit new vulnerabilities returned an error

-Schedule scan on multiple IPs displayed the same IP on screen and report

-Bugfix: sometimes the report dump failed and could only download a corrupted 33K file

-Login to Lounge has been removed from the top banner