Version 5.0 - October 2024¶

Venari 5.0 introduces deeply integrated support for running Nuclei templates out of the box. The scan engine runs Nuclei YAML templates directly without requiring the Nuclei CLI to be installed. This integration enables organizations and security test teams to easily create new security checks using the common Nuclei format. The rule importer can pull in existing templates as easily as selecting a root folder where the YAML files reside and clicking a button.

The existing LIMITER functionality has been extended to enable automatic detection of redundant discovery or fuzzing work. The auto-limiter feature detects opportunities to remove wasteful, duplicate requests, browses and analysis work and creates a new optimized job settings item based on what is detected. The user has the choice to pause a scan and apply the new limit settings immediately or to use the optimized settings in future scans.

MacOS support for ARM processors and new UI views and improvements round out the 5.0 features for the desktop Ultimate Edition.

Venari DevOps Edition has added multi-tenancy and now provides the full Venari UI desktop experience as a web application hosted by the orchestrator node. There are also new REST API endpoints to support more DevSecOps use cases.

The full list of features and enhancements is shown below.

Ultimate Edition Highlights¶

Nuclei Template Runner
Limit Detection and Automatic Configuration
MacOS on Apple Silicon now Supported
Reuse Discovery Map for Exploit Scans
Workflow Recorder/Player Improvements
UI Improvements
Quick Scan Modes
Improved Multipart Fuzzing
Authenticator Login Support

Nuclei Template Runner ¶

Venari can now run Nuclei templates directly by parsing Nuclei's YAML format and executing the checks as a part of the Venari scan. The findings can be viewed and exported as native Venari scan artifacts. The Nuclei artifacts are internally converted to Venari's common data formats for items like findings and HTTP traffic. This format conversion and integration with the core scan engine enables powerful capabilities that are a superset of Nuclei's features. The list below shows the power of running Nuclei security templates inside the full Venari scan engine with the associated UI views:

Nuclei templates can be bulk imported from a specified folder with a single button click.
Templates are run while the scanner is logged in. This opens up the full surface area of a web application to being fuzzed and/or inspected by rules in Nuclei YAML.
Runtime evaluations of template matchers, extractors, JSON/JQ expressions, kvp, xpath and DSL expressions are shown with matched pattern highlighting in the Venari UI. This highlighting is maintained in export formats like PDF reports.
The Nuclei template runner can be configured to select templates, OAST server endpoint and various other behaviors

Enhanced Visualization of Nuclei Findings¶

The animation below shows the Venari UI views that expose Nuclei findings with enhanced highlighting and extraction data

Nuclei Image Gallery¶

These images show the UI integration points between Venari Ultimate Edition and Nuclei

Review Nuclei Findings in the Venari Findings View¶

Create Nuclei-Specific Job Settings in the New App Wizard¶

Enable Nuclei Runner Module¶

Import Nuclei Templates from Folder¶

Select Nuclei Templates¶

Limit Detection and Automatic Configuration ¶

The LIMITS tab in job settings has additional limit techniques and a new checkbox to enable settings optimization. Smart limiting is an area of heavy investment for the Venari development roadmap. The ultimate goal is a self-tuning scanner that can detect and eliminate duplicate work as it is encountered. This release takes takes a big step forward with the realtime detection of 'limitability' and the generation of new job templates from these insights.

Automatic Settings Optimization¶

Venari can now automatically optimize the limit settings based on realtime scan analysis. The scan engine will track data from discovery and fuzzing to auto-detect duplicate analysis for each limit technique in the job settings. If a specific technique is not currently enabled, then the optimizer will run the associated limit tracker in 'detect mode' and will infer if this limit technique should be enabled. The limit analyzer will generate a set of optimized job settings and save it for use in future scans. When 'limitability' is detected, an alert will be shown in the UI indicating that the user has the option to pause the scan and apply the new optimized settings immediately.

New Limit Techniques¶

Several new limit techniques provide dramatic reduction in duplicate browser and traffic analysis. The limits tab has been reorganized into sub-tabs for easier manual configuration and tool tips have been added for each advanced setting.

Browser HTML Containers¶

Browser duplicate HTML containers are detected by looking for similar regions (containers) of HTML that indicate equivalent functionality on the page.

Example 1: Grid or table cells that occur in every row of a table are considered duplicates if the outer HTML of the column elements are equivalent.
Example 2: Pager UI controls that are used to navigate through a list of items are considered duplicates if the outer HTML of the numbered items are equivalent.

Venari uses a variety of techniques to detect duplicate HTML containers. These techniques can be extended by authoring custom YAML-based rules.

Skip Duplicate Fuzz Requests¶

Fuzz requests can be deduplicated by counting normalized request characteristics, such as url, query, method, body and headers. Counting normalized discovery requests allows the scan engine to reduce repetitive fuzz attacks.

Detect Fuzz Performance Issues¶

Venari can detect anomalously slow fuzzing requests. If a slow fuzz operation is not from a time-based rule, rule execution is truncated to avoid long scans. This detection is helpful when the scan attacks cause web application performance to degrade and scan completion time is significantly increased as a result.

Traffic Save Limit¶

The traffic database can now limit specific traffic items from being saved based on high degrees of similarity with instances that are already saved. This maximum count reduces scan size and improves performance. Traffic messages are considered approximately equivalent when the requests and responses have the same normalized shape. Shape-based normalization includes specific, unique components of the requests and responses including parameter names and content payload signatures.

MacOS on ARM now Supported ¶

apple silicon

Venari has extended MacOS support to cover the ARM family of processors (Apple silicon) in addition to MacOS running on Intel (x86) chips.

Reuse Discovery Map for Exploit Scans ¶

Scan jobs can now optionally enable an advanced setting to let discovery-only scans enqueue data that will allow future scans to re-use the discovered attack surface. The example below demonstrates this useful option:

User runs a discovery-only scan with this setting enabled
Later the user clicks the Rescan button for the discovery-only scan
User chooses an exploit template which will fuzz the previously discovered attack surface

Workflow Recorder/Player Improvements ¶

The workflow recorder and player have been enhanced to handle higher resolution screens and some advanced use cases. These new capabilities are described in the sections below.

Auto-Scale¶

Auto-scale is useful for screen resolutions above 2560 x 1600. For certain scale factors on high resolution monitors, the Chromium browsers can fail to select rendered HTMl elements during recording and/or playback. The auto-scale setting compensates for these scaling issues and helps to complete workflow recordings.

If the screen resolution is above 2560 x 1600, Venari will pre-select auto-scale during recording
If the recorder encounters an error, an error message will pop up instructing the user to select auto-scale mode

Multiple Browser Tabs¶

The Workflow Recorder can now capture page interactions that span multiple tabs in the browser. The 'Launch Browser' step has been added to enable the user recording the workflow to capture a new tab that is opened by the web application. The screenshots below show the new workflow recorder UI elements.

Setup Launch Browser Step¶

Confirm Correct Playback¶

The animation below shows the workflow playback including the opening of the second browser tab.

UI Improvements ¶

Version 5.0 provides many UI improvements. The sections below highlight these changes.

Application Wizard¶

Start URL Test Button¶

The start URL can be tested inline during application onboarding to make sure the URL is available and that there are no typos during data entry.

Configure Variable Name Decoration¶

API definition imports automatically annotate parameters as named variables. Users can now specify the name decoration policy during application onboarding.

Application Management¶

Rename an application¶

Application Labels¶

Import/Export Application(s)¶

Job Management¶

Bulk Job Export¶

Repair Job¶

There is a new support capability to repair corrupt job databases in the rare cases when these happen. The job repair button shown below runs a repair operation that enumerates all DB tables and recomputes the index(es) for each table.

UI Views¶

New Dashboard Counters¶

There are new dashboard counters for URL categories and request outcomes.

Alerts View Tab¶

The alerts view has been moved from the dashboard tab to a new tab to improve readability and make better use of space. A count badge dynamically appears during a running scan to notify the user of alerts.

Findings UI Selection Improved¶

The findings view has been reorganized to use a flat list on the right hand side instead of expander controls. The user can now select a row and then use arrow UP/DOWN keys to quickly view the details at the bottom of the right hand side.

Settings¶

Queue Export Columns Filtering¶

The detailed queue item export to CSV feature now respects the current state of the visible columns specified in the filter.

Browser Discovery Search Submits¶

Browser Discovery can optionally limit initiating ENTER key presses to happen ONLY when inside search inputs. This can result in better performance by limiting submits.

Browser Discovery Ignore Static Links¶

Browser Discovery can be configured to ignore static link clicks. Selecting this mode shifts more of the discovery burden to the requestor and content parsing loop. Form submissions and page harvesting are handled by HTTP requests directly rather than by browser click execution. This strategy can improve scan performance for applications with more static content that does not require a browser page load to fully expand the HTML during a page load.

HTTP Redirect Flow Control¶

HTTP redirect following can be controlled by a new HTTP setting.

Quick Scan Modes ¶

There are new job settings specifically designed to get a faster discovery and/or exploit scan. These settings have low-level module configuration and top-level presets to favor speed over thoroughness as an over-arching scan goal.

Improved Multipart Fuzzing ¶

The parsing framework has been improved to handle multipart forms and multipart mixed content with embedded octet-stream sections with different charsets. The content parsing components can flexibly handle text or byte arrays and support variable expansion using Nuclei's DSL syntax.

Venari now supports Time-based One-Time Password (TOTP) authentication workflows. Users can configure specific account identifiers and secret key pairs using the Venari credential vault. Once this information is configured, recorded workflows can refer to the TOTP information using a named credential.

Credential Setup for TOTP Data¶

The screenshots below show the input of TOTP data into the Venari credential vault and the subsequence usage of the new credential in the workflow recorder

When credentials need to be specified in the Workflow Recorder the user can simply select from the credential picker.

Venari UI Web Application ¶

The Venari orchestrator node has a web interface which has been expanded to include a replica of the Venari desktop UI. The sections below highlight some of the familiar UI elements from the desktop edition. Export downloads are managed differently and there is a separate section showing download functionality.

Sensitive information has been redacted from the images.

Launch the Web UI¶

Application Selector View¶

The application selection view is shown below.

Specific Application View¶

Findings View¶

Exports View¶

Exports are centrally managed and can be downloaded from the admin | Exports view.

Multi-Tenancy ¶

Venari DevOps 5.0 brings full support for multi-tenancy with flexible partitioning of tenants, users and applications. Users and application groups can be restricted to specific tenants. In addition to root level administrators, each tenant can specify tenant admins. The screenshots below show the high-level UI elements for configuring and managing tenants, users and applications.

Adding a Tenant¶

Tenants can be added from the Admin | tenants tab.

Applications in Tenants¶

Applications can be restricted to a tenant in the Admin | Users tab.

Users in Tenants¶

Users can be restricted to a tenant.

Applications in Groups with Associated Roles¶

Add an application group in the Admin | Permissions tab.

View the application groups in the Admin | Permissions tab.

User-Scoped DevOps API Keys ¶

With Venari 5.0, admins can now create user-specific API keys that can - optionally - expire. The steps are shown below: