Discover the latest features
Version 2.30 - 10/04/2025
Summary
- New Artiacker Engine
- Better Reconnaissance
- Technology Versions
- Finding Evidence
- Faster and Improved Retesting
- iOS App Testing
- APK and IPA uploads
- Bug fixes and improvements
New Artiacker Engine
We’re excited to announce the launch of our new artiacker engine 🎉 After more than a year of development, we couldn’t be happier to share it with you. This means better results across performance, coverage, and accuracy.
Better Reconnaissance
We’ve added new reconnaissance modules to expand coverage of your attack surface and completely revamp the logic behind both passive and active reconnaissance. For organizations with wildcard domains in their machine event scopes and active recon enabled, we estimate a 200% increase in the detection of new assets. This means more hard-to-find or previously unknown assets will be discovered and tested - assets that often have more vulnerabilities.
Technology Versions
The new engine can detect more technologies across your assets, including version information for both web and network services. This allows you to search for specific technologies and versions, giving you a clearer understanding of your attack surface and the third-party libraries in use.
Finding Evidence
Our machine findings now include clear steps to reproduce and supporting evidence. This means you can easily understand how to reproduce a finding and see the results without needing to reproduce it yourself. This is especially important for findings that were previously discovered but may no longer be exploitable, as they could resurface in the future. One example is a load balancer with one vulnerable server among dozens - such a finding may only appear with a certain probability.
Faster and Improved Retesting
Understanding whether a vulnerability has been fixed is crucial, especially for high-severity findings. Our team has reduced retesting time from several minutes to just seconds. Please note that some findings, particularly older ones, may still take longer to retest, depending on their complexity.
Additionally, artiackers will now provide evidence when a finding is not properly fixed, helping you understand why the fix is incomplete or missing. This addresses a common pain point for many organizations that previously struggled to identify why a finding remained unresolved.
iOS App Testing
Idroid, our mobile artiacker, can now identify vulnerabilities in iOS applications. Previously, it was capable of detecting security issues in Android apps, but lacked support for automated iOS analysis. With this new enhancement, Idroid now performs static analysis on iOS bundles.
APK and IPA Uploads
Google removed support for automatically downloading APKs from the Play Store, which made automated analysis more difficult. We've resolved this by allowing organizations to upload both APK (Android) and IPA (iOS) packages. You can now upload your bundle files to test your mobile applications before they go into production. If mobile testing is included in your plan, please go to your assets page and upload your bundle for analysis.
Bug fixes and improvements
- Fixed a bug that prevented changing domains to wildcards in certain scenarios
- Fixed a bug in the Partners Portal where a 404 error was returned on the Organizations page
- Informative findings are now hidden when the "Hide Informative" toggle is enabled in the Organization Dashboard
- Properly deny access to the Visualizer if the user's subscription does not include this feature
- Added beacon support to the CI/CD API
- Added support for selecting events in the CI/CD API
- Technologies are now visible in the Visualizer
- Fixed a bug where the onboarding event was incorrectly shown as a human action
- Other minor fixes