Improvements:
- perf: reduce max assessment timeout to 10min
- perf: increase conn limit per module to 10, increase concurrent modules to 5
- perf(!): run apps/crawl-independent modules concurrently to apps/crawl, run apps concurrently to filefuzzing
- perf(wprestapi): parallelize xmlrpc, REST API request
- perf(brokenlinkhijacking): parallelize extraction of hostnames from response body, http headers
- perf(brokenlinkhijacking): reduce dns request delay 300 -> 50ms
- refactor(sender): add all legacy information except
websiteto assessment for endpoint pdf - perf(server-misconfig): parallelize root url and other crawled targets
- perf(assessment): run dns recursion, smtp concurrently, not in series
- perf(malware,hardcodedcredentials, backenderrors): improve performance by skipping costly single or array of regexes unless bytes.Contains finds clear indicator
Issues Fixed:
- fix(backenderrors): too extensive, faulty php error matching
- fix(hardcodedcredentials): add false negative testcases
- fix(smtp): re-use cached portscan results for domain-based targets
- fix(brokenlinkhijacking): do not consider domains without TLD