I’ve got a massive update to share with you: we’ve upgraded our hacking engine, the Artiacker. Version 2.0 has already proven to deliver 4.9x more average daily findings with CVSS ≥ 4.0. The new version is not even a week old, and it’s already improving metrics significantly.
That’s exactly what we wanted to achieve with this upgrade which has been in the works for months: better reconnaissance, more actionable findings, and higher precision in pinpointing real-world threats. This article will give you more insight of what went into this update and why it made the new engine so powerful.
Improved Asset Reconnaissance
We improved the passive and active reconnaissance logic drastically to expand our reach. We’re now able to discover more assets, including hidden or obscure domains, which were missed by our previous engine and by traditional scanning approaches. In addition, those hidden or hard-to-find assets are often the ones with the most vulnerabilities, precisely because they’re so obscure. So far we have evidence of an average increase of 193% in the detection of new assets, which is a huge improvement.
We added new techniques, such as AI-based permutations based on the target information. For more information, you can also check the blog post: Super-charging Bug Bounty Hunting with the Power of AI.
Expanded Technology Versions
Artiacker 2.0 also detects more technologies across your assets, including version information for both web applications and network services. This means it can test more effectively by knowing exactly what’s on your Attack Surface, it also gives you more visibility of potential risks when conducting audits, especially when it comes to outdated technologies.
Evidence Trail
Many customers have told us before that our mitigation guides are some of the most detailed they’ve seen. Well, we’ve decided to improve the reproduction steps even more.
For each finding, you’ll find reproduction steps and supporting evidence. This will help you understand how to reproduce a finding and see the results without actually reproducing it yourself. This is especially important for previously discovered findings that may no longer be exploitable, as they could resurface in the future. For example, when load balancers are used, a vulnerability might only show up occasionally.
80% Faster Retesting
We’ve improved the retesting speed by more than 80%, going from a few minutes to mere seconds. In addition, Artiackers will let you know when and why a finding is not properly fixed.
iOS Support and Simplified Mobile Testing
Idroid, our mobile Artiacker, now also tests for vulnerabilities in iOS apps. We’ve also changed the steps to test mobile apps, relying on APK and IPA uploads on the Assets page. This allows you to test app versions before they’re published to production, dealing with potential vulnerabilities before they’re live.
Try the Artiacker 2.0 with a 30-Day Trial
To put it in a nutshell: Artiacker 2.0 is absolutely cosmic. If you’re curious about the power of AI Pentesting, there’s really no excuse not to try it now. Sign up to Ethiack and try the new engine for free for 30 days..