| 1 | Add upstream proxy support | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 2 | Support SSL through Proxy | Ready for CFP and for limited private release | byrnedr | Fixed |
| 3 | Queue length monitors | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 4 | Distribution mechanism | Ready for CFP and for limited private release | eduprey | Fixed |
| 5 | Hibernate or other persistence mechanism | Ready for CFP and for limited private release | byrnedr | Fixed |
| 6 | User-level documentation | Ready for DC/BH - 1.0 | | Fixed |
| 7 | HTML reports | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 8 | PDF reports | Version 1.2 | | New |
| 9 | Commercial product comparison | Ready for DC/BH - 1.0 | | Invalid |
| 10 | Improved session handling | Version 1.1 | byrnedr | Accepted |
| 11 | Authentication package wizard | Version 1.1 | | Fixed |
| 12 | Nikto | Ready for CFP and for limited private release | byrnedr | Fixed |
| 13 | More granular directory & file enumeration settings | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 14 | XSS aggression | Ready for CFP and for limited private release | byrnedr | Fixed |
| 15 | Developer documentation | Version 1.1 | byrnedr | Accepted |
| 16 | Cleanup GUI | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 17 | HTTP client limits | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 18 | Generate reports from past scans | Version 1.2 | | New |
| 19 | Ability to pause scan | Version 1.1 | | Fixed |
| 20 | Ability to save and resume scan | Version 1.2 | | New |
| 21 | XML report | Version 1.2 | | New |
| 22 | Authentication domain handling | Version 1.2 | byrnedr | Accepted |
| 23 | Research more forbidden parameters | Ready for DC/BH - 1.0 | | Invalid |
| 24 | Improve test module descriptions | Ready for CFP and for limited private release | byrnedr | Fixed |
| 25 | Test Module: HTML / JS comments | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 26 | Test Module: Look for source code control headers | Version 1.1 | | New |
| 27 | Test Module: Simultaneous logins | Version 1.1 | | New |
| 28 | Test Module: CRLF injection | Ready for CFP and for limited private release | | Fixed |
| 29 | Test Module: Parameter incrementing | Version 1.1 | byrnedr | Accepted |
| 30 | Test Module: Search Engine Recon | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 31 | Test Module: Google Hacking | Version 1.1 | | Invalid |
| 32 | Test Module: Report input/output flows | Ready for DC/BH - 1.0 | | Fixed |
| 33 | Save/load scan settings | Version 1.?: Hopefully by DC/BH; if not, in 1.1 | byrnedr | Fixed |
| 34 | Test Module: Re-crawl phase | Version 1.1 | byrnedr | Accepted |
| 35 | Execute JavaScript in HREF attributes. | Version 1.1 | byrnedr | Accepted |
| 36 | Soft prerequisites | Ready for CFP and for limited private release | byrnedr | Fixed |
| 37 | Duplicate response headers | Ready for CFP and for limited private release | byrnedr | Fixed |
| 38 | Test Module: WebDAV | Version 1.1 | byrnedr | New |
| 39 | Test Module: Cross Site Request Forgery | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 40 | Test Module: SSL pages available over HTTP | Ready for DC/BH - 1.0 | | Fixed |
| 41 | Test Module: Remote file inclusion | Version 1.1 | | New |
| 42 | Test Module: Brute force authentication | Version 1.1 | | New |
| 43 | Test Module: Robots.txt analysis | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 44 | Test Module: Test for proxy | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 45 | Look into HMAP functionality | Version 1.1 | | New |
| 46 | Test Module: Server internal path disclosure | Version 1.1 | | New |
| 47 | Test Module: Name variations | Version 1.2 | | New |
| 48 | Test Module: Platform error messages | Version 1.1 | | Fixed |
| 49 | Test Module: Look for SQL errors unrealted to SQL testing | Version 1.1 | | Fixed |
| 50 | Support for one-time passwords | Version 1.2 | | New |
| 51 | Auto-update | Version 1.1 | | Invalid |
| 52 | Get rid of test module numbers | Version 1.1 | byrnedr | Accepted |
| 53 | Setup automatic JUnit testing | Version 1.1 | | New |
| 54 | Track running time per test module | Version 1.?: Hopefully by DC/BH; if not, in 1.1 | byrnedr | Fixed |
| 55 | Test Module: Directory indexing | Ready for DC/BH - 1.0 | | Fixed |
| 56 | Web Site | Ready for DC/BH - 1.0 | | Fixed |
| 57 | Support Mime-encoded POST bodies | Version 1.1 | byrnedr | New |
| 58 | Thread priority | Version 1.1 | byrnedr | Fixed |
| 59 | Propagate default module settings to GUI | Ready for CFP and for limited private release | | Fixed |
| 60 | Move most test module reporting to ScanComplete | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 61 | Respawn threads after exceptions | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 62 | Database directory | Ready for CFP and for limited private release | byrnedr | Fixed |
| 63 | Figure out licensing | Ready for DC/BH - 1.0 | | Fixed |
| 64 | Compare results to previous tool reviews | Ready for DC/BH - 1.0 | eduprey | Invalid |
| 65 | Improve proxy code | Version 1.1 | byrnedr | Fixed |
| 66 | Fix socket close logic in SSL proxy | Version 1.?: Hopefully by DC/BH; if not, in 1.1 | byrnedr | Fixed |
| 67 | GUI fixes | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 68 | Figure out null pointer exception in JDBC finalizer | Version 1.?: Hopefully by DC/BH; if not, in 1.1 | byrnedr | Fixed |
| 69 | HTTP client efficiency | Ready for CFP and for limited private release | byrnedr | Fixed |
| 70 | Allow users to craft manual requests during scan | Version 2.0 | | Fixed |
| 71 | Edit proxied requests | Version 2.0 | | Fixed |
| 72 | Full featured HTTP fuzzer | Version 2.0 | | Fixed |
| 73 | Support graphs in scan reports | Version 1.2 | | New |
| 74 | Graph Session IDs in report | Version 1.2 | | New |
| 75 | Reveal hidden fields in proxied requests | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 76 | Make method(s) an option for auto-form fill | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 77 | Add option for element types in spider modules | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 78 | Check for JavaScripts that run too long in XSS checking | Version 1.1 | byrnedr | New |
| 79 | Test Module: Authorization enforcement | Version 1.1 | byrnedr | New |
| 80 | Proxy-based user profile definition | Version 1.1 | | New |
| 81 | Test Module: Favicon hashes (Nikto) | Version 1.1 | | New |
| 82 | Test Module: Nikto auth realms | Version 1.1 | byrnedr | New |
| 83 | Test Module: Nikto version weakness tests (db_server_msgs) | Version 1.1 | byrnedr | New |
| 84 | Figure out what Nikto's db_servers is for | Version 1.1 | byrnedr | New |
| 85 | Test Module: Check for Apache user dirs | Version 1.1 | byrnedr | New |
| 86 | Test Module(s): Implement logic similar to nikto_headers.plugin | Version 1.1 | byrnedr | New |
| 87 | Test Module: Parse results from an OPTIONS request | Version 1.1 | byrnedr | New |
| 88 | Figure out what Nikto's nikto_passfiles.plugin is for | Version 1.1 | | New |
| 89 | Test Module: Test for PUT & DEL methods | Version 1.1 | byrnedr | New |
| 90 | Test Module: Test for XST | Version 1.?: Hopefully by DC/BH; if not, in 1.1 | byrnedr | Fixed |
| 91 | Remove dates & times from body text w/ auto response code overrides | Version 1.1 | | New |
| 92 | Test Module: Try random credentials to see if authentication is broken | Version 1.1 | byrnedr | New |
| 93 | Add iframe as an HTML context | Version 1.1 | byrnedr | New |
| 94 | Have auto 404 detection consider users | Version 1.1 | byrnedr | New |
| 95 | Address header formatting in HttpComponents | Version 1.1 | byrnedr | New |
| 96 | Global query parameters | Version 1.?: Hopefully by DC/BH; if not, in 1.1 | byrnedr | Fixed |
| 97 | BUG: NullPointerException in Module0004 (Form baseline) | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 98 | BUG: HTML output in text report | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 99 | BUG: CSRF parameter name written incorrectly when only one exists | Ready for DC/BH - 1.0 | byrnedr | Fixed |
| 100 | BUG: java.util.ConcurrentModificationException thrown in Modules 5 and 6 (Directory Enumerator, File Enumerator) | Bug fixes and minor changes | byrnedr | New |
