Changelog

Follow new updates and improvements to ProjectDiscovery Cloud Platform.

September 16th 2024

Improved

We're excited to announce new pricing and changes to our automated scan offerings. This significant update makes scanning more predictable and simpler. It aligns with our mission to make advanced security technologies accessible to everyone, not just enterprises.

Starting this month, we're updating our pricing to give you more for your money. We're replacing the current token-based pricing with asset-based pricing.

What is asset-based pricing?

The Pro plan will now be priced based on unique assets scanned each billing month. A unique asset is a combination of host (subdomain or IP) and port. Once scanned, you can rescan any asset again without extra cost for the rest of the month.

Our new Pro plan lets you scan up to 1,000 unique assets per month.

What is the new price?

The new Pro plan will be $250/month or $2,500/year. While this is more than the current $100/month, you get much more with our new plan. Scanning 1k unique assets daily would have required 31k tokens, so this new plan gives you 15x more scanning capability than the current 2k token limit—without additional cost for rescans.

What if I need to scan more than 1k assets?

We believe 1,000 unique assets are enough for startups and small to mid-sized organizations. Our Enterprise tier comes with custom limits for larger scanning requirements. It also includes a host of other features and automations for larger organizations. To learn more, schedule a meeting with sales.


Linear Integration

We've also added Linear ticketing integration. Now you can automatically or manually create tickets from your vulnerability detections. You can set up the integration here.


The dashboard has been updated with the following improvements:

An asset graph card that shows how your exposures and unique technologies grow over time.

An enhanced vulnerability feed that includes more metadata related to each CVE. We've also made these vulnerability templates easily shareable by allowing you to copy the URL directly from your browser with a given vulnerability.

And with many other bug fixes and performance improvements.

Team ProjectDiscovery!

September 3rd 2024

New

In this release, we've significantly improved our vulnerability management capabilities, introduced new AWS integration features, enhanced overall user experience, and added real-time feed of Nuclei templates. We're focusing on providing more comprehensive vulnerability tracking, streamlining cloud integrations and improving scan and asset management.

Sign up for Enterprise


Vulnerability Management Enhancements

We've introduced several new features to make vulnerability management more effective and insightful:

  • Real-time Nuclei Templates Vulnerability Feed: Integrated a real-time feed of Nuclei templates for up-to-date vulnerability detection.

  • New Vulnerability Statuses: Added In-Progress and Accepted Risk statuses to better track and manage vulnerabilities.

  • Technology-Specific Vulnerability Scans: New option to run vulnerability scans for specific technologies.

  • Vulnerability Result Insights: Added First Seen and Last Seen columns to vulnerability result data lists for better tracking.

  • Vulnerability Results export: Added filter based vulnerability export in all results section.

Cloud Integration Improvements

  • AWS Assume Role Support: Enhanced AWS Cloud Integration with Assume Role capability for more flexible and secure access management.

Scan / Asset Management

  • Technology-Specific Asset Export: Added option to export assets for given technologies.

  • Asset Insights: Introduced First Seen and Last Seen columns to asset data lists for improved tracking.

  • pdcp x httpx Integration: Implemented integration with httpx asset data management visualization.

UI/UX Improvements

  • Revamped Dashboard - Redesigned with more actionable and data-driven insights for a better home experience.

  • Added support for bulk deletion from scans and asset enumeration list.

  • Added tooltips to display exact timestamps for dates in lists.

  • Moved rename and schedule options under the update menu in scan and asset lists.

  • Jira Integration Enhancements:

    • Interactive project, issue type, and status selection for easier setup.

    • Support for issue types IDs instead of names.

    • Option to remove existing linked Jira tickets from vulnerabilities.

Bug Fixes

We've addressed several issues to improve platform stability and user experience:

  • Fixed pagination filter reset issues.

  • Corrected the display of trial remaining days in the account switcher.

  • Resolved issues with dynamic max team member count display.

We're continuously improving our platform with new features and integrations. The addition of the real-time Nuclei template vulnerability feed significantly enhances our vulnerability scanning capabilities. What's next? Automatic vulnerability scan upon new template release. We welcome your feedback and feature suggestions to help shape our product's future. Thank you for your continued support.

What’s next? Automatically run a vulnerability scan whenever a new template is added to the feed. Interested in learning more? Reach out to us.

August 1st 2024

In this release, we've significantly enhanced our asset management capabilities, introduced Asset inventory with AI-powered search filters, and improved the overall user experience. In addition we’re focusing on providing more comprehensive asset insights, streamlining asset filtering and export processes, and enhancing cloud integration features.




Asset Management Enhancements


We've introduced several new features to make asset management more comprehensive and insightful:

  • Asset Inventory and Technologies: A new system for cataloging and organizing your all assets along with their associated technologies.

  • AI-Powered Asset Search: Use natural language queries to filter and find assets more intuitively.

  • Asynchronous Export: Support for asynchronous export of scan results and assets, enabling users to export large datasets efficiently.

  • Email Alerts for Asset Discovery: Stay informed about new asset discoveries through email notifications.

  • Customizable Cloud Integration:

    • Enhanced enumeration options for more thorough asset enrichment with cloud integration.

    • Added the ability to modify discovery options for existing cloud integrations.

UI/UX Improvements

  • Interactive Asset Filters: Redesigned with an interactive UI for a more intuitive and user-friendly experience.

  • Icon Enhancements: Improved icons throughout the application for better visual clarity.

  • Technology Icon Visibility: Fixed technology icon backgrounds with dynamic colors to enhance visibility.

Bug Fixes

We've addressed several issues to improve platform stability and user experience:

  • Fixed issues with Jira Integration, particularly regarding custom fields.

  • Fixed asset content auto-refresh functionality.

  • Fixed problems with the changelog pop-up window.

  • Fixed an issue where the screenshot option was causing enumeration to get stuck.

  • Fixed the display of total asset count for running discoveries.


Billing and Access Changes

  • Yearly Billing Option: We've added an annual billing cycle for Pro subscription.

  • For enterprise customers: Contact our team here to schedule a demo and free trial.


This update represents our ongoing commitment to improving our platform's functionality, user experience, and security. We appreciate your continued support and feedback as we strive to provide the best possible service.

July 9th 2024

In this release, we've made substantial enhancements to our asset discovery capabilities, introduced new features for Basic Tier (Free) users, and resolved several critical issues. Our primary focus has been on improving the visibility and analysis of discovered assets, and refining the insights for assets.

Our mission with the platform includes making advanced security tools available to as many people as possible. We are rolling out more features to ProjectDiscovery Cloud Platform Basic Tier (Free) users over the coming weeks and months.

Basic Tier (Free) users will now have access to:

  • Discover and monitor assets (up to 10 domains and unlimited cloud integrations)

  • Write and manage vulnerability templates

  • Use AI for template generation

Updates & Improvements

Asset Discovery Enhancements

We've introduced several new features to make asset discovery more comprehensive and insightful:

  • Screenshots for Web Services: Automatically capture images of discovered web assets.

  • Improved Tech Stack Detection: Use headless browser-based detection for more accurate and comprehensive technology identification.

  • Favicon Icon: When available, favicon icons are now captured.

  • Enhanced DNS Discovery:

    • DNS Permutation for additional subdomain discovery (enabled by default).

    • DNS Wildcard Filtering for both passive and active discovery (enabled by default).

Notes:

  • Screenshot is an optional feature that can be enabled from advanced discovery settings.

  • Discovery options can be customized in advanced discovery settings, enabling users to tailor the discovery process to their specific needs.

Severity-based Sorting:

Scan results are now sorted based on severity by default, allowing users to prioritize high-risk vulnerability findings.

Improved Log-in and Sign-up Pages:

We've revamped the UI for our log-in and sign-up pages to provide a more intuitive and user-friendly experience.

Bug Fixes

This release addresses several critical issues to improve platform stability and user experience

  • Fixed manual ticket creation issues for vulnerability results.

  • Fixed scheduling problems with next run time for scans and enumerations.

  • Fixed input deduplication for scans with target input lists.

  • Fixed issues in re-scans caused by deleted alerting or reporting configurations.

  • Fixed scan export issues for large results.

  • Fixed issues with asset deletion.

  • Fixed token consumption issues for user-stopped scans.

June 17th 2024

In this release, we have introduced support for the creation of multiple teams. Team support includes new features for member segregation and enhanced 2FA (two-factor authentication). For assets, we have added the ability to filter and scan assets directly from the asset content page. This release improves the flexibility and control of team and account management, with significant updates to our API.

Multiple Team Creation with Member Segregation

Details for teams features are summarized below.

Personal and Team Accounts

  • Account Management: Users can have personal and team accounts, eliminating the need to convert personal accounts into team accounts.

  • Join Multiple Teams: Users can join multiple teams within the same organization.

Team Feature Availability

  • Basic Plan: Team features are not supported.

  • Pro Plan: Users can create one team (for a total of two).

  • Custom Plan: Users can create multiple teams.

Member Configuration

  • Member Segregation: Each team workspace allows members to access data within their specific teams.

  • Member-Level Access Control: Different roles within a team workspace come with specific permissions to manage data and team operations. The roles include the following permissions:

    • Owner: Read data, write data, invite new members, and manage billing

    • Admin: Read data, write data, and invite new members

    • Member: Read and write data

    • Viewer: Read data

API Update for Teams

Admin Flexibility

  • Support for single or multiple team administrators.

Data Segregation

  • Team data is segregated, ensuring no cross-access between different teams.

2FA Management & Account Security

  • 2FA: Users on platform can now configure 2FA using authenticator apps from security page.

  • Password Management:

    • Users who signed up with social login can now set a new password to login using email and password.

    • All users can update their existing password.

Asset Filtering and Scanning

  • Asset Content Page: Added support to filter newly discovered assets.

  • Scan Creation: Added support to create scans with filtered assets from the asset content page.

Cloud Integration

  • AWS Session Token: Added support for optional AWS session token input.

June 3rd 2024

New

This release focuses on improving Asset management. Key highlights include new asset filtering options and a Free Trial for new users.

New Features

  • Free Trial Support: Introducing support for a PDCP free trial. New users can sign up for for a free 14-day trial to explore fast cloud scanning powered by Nuclei, automatic asset discovery, and more.

  • Asset Content Filters: Implemented filters for the Asset Content page across technology, status code, and page title.

  • DNS Bruteforce: Added DNS Bruteforce support, enabled by default as part of our auto- discovery workflow. This option can be disabled under advanced settings. DNS Bruteforce helps identify subdomains that are sometimes hidden from integrations.

  • Export Menu: Added an export menu on the Scan and Asset List pages.

  • Status Filter: Added a status filter on the Asset List page.

May 21st 2024

New

Improved

This release continues to improves the asset discovery and management experience. We are enhancing PDCP with more context and options for assets. Future updates will include asset filtering, labeling, and additional metadata (for example: asset categories and screenshots).

  • This release introduces a new asset detail page, providing additional columns: Technology, Title, Status, IP.

  • Added the ability to manually create tickets for vulnerabilities and view the referencing issue link, enabling you to track and manage vulnerabilities more effectively.

  • Implemented sorting functionality in various part of the app including scans and assets.

  • Introduced URLs with query parameters to easily share specific pages including filtering, templates, and search.

  • Added DSL based function auto-completion in the template editor, enhancing the template creation and editing experience.

  • Added asset export options for CSV and JSON, in addition to existing .TXT option.

  • Introduced a new in-app feedback option, enabling you to easily share your ideas, suggestions, and bug reports.

  • Fixed many other bug fixes and enhancements.

May 2nd 2024

In this release, we have refreshed and simplified the assets page. Now a single screen displays all of your assets across cloud integrations, file uploads, and discovered assets. We have also included an option to run a vulnerability scan directly from assets view. Asset discovery is still in early beta, so expect to see a lot of improvements in the coming releases.

  • All your assets across cloud integrations, file uploads, and discovered assets have been consolidated into a single, easy-to-navigate screen.

  • Now you can view the new assets discovered in the recent run.

  • Updated to discover custom port ranges under the advanced settings. This option allows you to define custom ports and ranges during the discovery process.

  • Initiate vulnerability scans directly from the assets page for any given asset.

  • Roll out for early pricing experiments and billing features.

  • Various UX improvements and bug fixes.

April 22nd 2024

New

Improved

New Features

  • Added the ability to reconfigure scans, allowing users to edit assets, templates, and configurations (including integrations and custom headers). Changes made to existing scan configurations will be applied on the next scan run or according to the modified schedule.

    Note: Asset and configuration settings are not visible in scans created before this release. You can still update the settings, but previously applied configurations won't be visible.

  • Support for setting up multiple reporting integrations from same provider and selecting a specific one when editing or running a scan.

Improvements

  • Streamlined the scan creation flow by merging the asset and configuration setting steps into a single, more intuitive flow.

  • Enhanced the scan list for better readability and easier navigation between different scans.

  • Implemented various UX updates (pop-ups, dialogue) throughout the application to ensure a consistent theme and improved user experience (ongoing effort).

  • Refactored significant portions of the application to improve content loading speed.

  • Users now have the option to delete their account under settings.

API Updates

  • Sorting options available on scans and stored vulnerabilities. You can sort the results by time, severity. API Reference.

  • Get or export all the assets in one API call. Now you can list all your assets under. API Reference.

  • Filter vulnerabilities and assets by “new”, this allows you to query or list the vulnerabilities or assets that were seen as new in the recent runs. This can be applied both at a specific scan or asset level, as well as across all the results. API Reference.

  • Filter vulnerabilities by the tags defined within the vulnerability template. API Reference.

April 2nd 2024

New

Improved

Fixed

New Features and Improvements

Results Page

  • Results are now grouped by matched templates, vulnerable assets, and related meta information for better organization.

  • Bulk status updates and result deletion can be performed directly from the results page for increased efficiency.

  • Vulnerabilities are uniquely filtered across all scans to eliminate duplicates.

  • Detailed vulnerability information can be accessed within the table of vulnerabilities using the side view.

    Note: This is the initial iteration of these changes, and further improvements, such as sorting features, advanced filtering, and search functionality, will be added in the coming weeks. We appreciate your feedback and ideas to enhance the user experience.


Scan Logs

  • Scan Logs, our newest feature has been introduced to support browsing logs of individual scans. This includes details on template matches against a given asset and any encountered errors during test execution.

  • Logs can be easily navigated for each scan to verify template matches.

  • Advanced filtering options are available to filter scan logs by host, template, and result status for targeted analysis.


Scheduling Enhancements

  • Custom scheduling allows users to set specific times, days, or intervals (in days) for their scans.

  • Hourly scans can now be automated by defining a set number of hours interval for scan repetition.


API Updates

  • New APIs have been added for viewing and modifying existing scan configurations, including templates, assets, and configurations. These features will soon be available as UI updates in the platform.

  • A new result filter API has been introduced for efficiently filtering new results and assets from enumeration.


Template Leaderboard

We have enabled the live leaderboard for the public template contributors. Browse here.


Bug Fixes and Improvements

  • Resolved an issue that prevented team members from viewing the team workspace.

  • Fixed a bug related to template variable inputs on the scan configuration page.

  • Improved settings page.

  • Improved login and invitation experience.