- HTTP header name and/or value acquisition engine.
- Switch from host to port in database - 86 Headers.
- Huge improvement of devices/software discovery - 844 Tags.
- Docker availability and support thank's to t0kubetsu.
- Other changes:
- Make bot job submission idempotent (
ac9c7fe) - Prevent concurrent scanner agents from claiming the same queued job
- Return validation errors instead of TypeError for malformed bot UID fields, closes #86
- Add scan profile cycle tracking with current and previous cycle visibility, closes #52
- Add curated HTTP header presence/value collection and structured Kvrocks search, closes #54
- Improve Kvrocks rebuild tooling: direct Meili rebuild, multiprocessing parser workers, retag mode, graceful Ctrl+C, quieter logs, and progress output (
23b9d83) - Prevent network info refresh from crashing on FQDN targets, closes #116
- Avoid blocking Kvrocks wildcard fallback searches on Redis KEYS, closes #90
- Split tools Meilisearch config into
IN_MEILI_*andOUT_MEILI_*; remove legacyMEILI_*tool config keys (ef4ceec) - Rework
index_meili.pyto import dumps intoOUT_MEILI_*, with batching and optional--progress(ef4ceec) - Scheduler FQDN/IP job batching now fills 256-item packets when due targets remain, closes #51
- Remove unused scheduler module-level job list, closes #102
- Show scan profile cycle progress by concrete scan units instead of target rows, closes #118
- Fix bot API SQLAlchemy limit calls to use integer arguments, closes #87
- Bound Kvrocks rebuild memory use by preserving doc timestamps in place and parsing Meili pages batch-by-batch, closes #80
- Make result parsing config explicit per call to avoid cross-thread parser state leaks, closes #88
- Fix
setup.shto use explicit venv Python/Flask commands and seed HTTP header tagging plus a default banner scan profile during initial setup - Add required tool dependency update (
acbe2d1) - Harden job result rendering against banner HTML injection, closes #37 (
7224443)
- Make bot job submission idempotent (
- Tag-related changes:
- Dropbear SSH (
eac052b), FRITZ!Box SIP (ff2fcc6), Microsoft SMTP gateway (b19b027) - SIP protocol and SIP_Phone WWW-Authenticate realm tagging, closes #26 (
0227c6a) - CrushFTP server header, closes #38 (
b41e40f) - Red Hat Enterprise Linux HTTP server header in Apache RedHat detection, closes #39
- NetScaler AAA title and LogonPoint path tagging, closes #40
- Netskope Borderless SD-WAN certificate issuer tagging, closes #41
- WatchGuard Fireware XTM favicon, title, and certificate tagging, closes #42
- Cisco Catalyst SD-WAN title and certificate tagging, closes #43
- ProFTPD, closes #36 (
3e4f7a2) - Pure-FTPd, closes #35 (
d019905) - pfSense, closes #34 (
6b609d9) - Mitel 108, closes #30 (
0c019fa) - Dovecot, closes #28 (
63e2001) - Raspberry/Raspbian HTTP and SSH tagging, closes #25 (
2f618ba,b2c9b5e) - Zyxel USG20 plus separate Zyxel SSH rule, closes #32 (
98e6e75,a2e0f95) - Add
soft:sshto all SSH banner detections (d8b16d2) - Bump MixVoip tag rule version to force corrected
soft:telephonyimport, closes #48 - Normalize Apache favicon-derived tag names/tags and merge Tomcat favicon detection, refs #50
- Normalize Cisco, Check Point, Debian, and Gargoyle tag rule names/tags, refs #50
- Normalize Arris favicon-derived rule names/tags as router hardware, refs #50
- Merge SonicWall favicon-derived rules into the main SonicWall rule, refs #50
- Normalize Zyxel tag rule names/tags as Zyxel hardware, refs #50
- Validate Ubuntu/Debian SSH banner tagging for OpenSSH package banners, refs #50
- Merge Windows OpenSSH version-specific banner rules into one generic rule, refs #50
- Add generic OpenSSH banner tagging and include
soft:opensshon OpenSSH-derived rules, refs #50 - Add generic SSH protocol banner tagging for
ssh-2.0banners, refs #50 - Add SSH banner rules for Cerberus FTP Server and MOVEit Transfer SFTP, refs #50
- Add SSH banner rules for Serv-U FTP Server and WS_FTP SSH, keeping Serv-U web favicon separate, refs #50
- Add NetScreen SSH banner tagging, refs #50
- Add Cisco and Lancom SSH banner tagging, and classify Zyxel SSH as router hardware, refs #50
- Add SFTPGo and Bitvise SSH Server banner tagging, refs #50
- Add Crestron SSH banner tagging, refs #50
- Add generic FTP welcome banner tagging for FTP server/service banners, refs #50
- Add Microsoft FTP Service banner tagging, refs #50
- Add FileZilla FTP Server banner tagging, refs #50
- Add vsftpd FTP banner tagging, refs #50
- Rename Mikrotik tag rule file typo from
microtiktomikrotik, refs #50 - Add Mikrotik FTP banner tagging, refs #50
- Add QNAP NASFTPD/ProFTPD FTP banner tagging, refs #50
- Add Debian ProFTPD FTP banner tagging, refs #50
- Add Drupal x-generator header value tagging, closes #56
- Add WordPress redirect and powered-by header value tagging with PHP classification, closes #57
- Add PHP and Ubuntu x-powered-by header value tagging, closes #62
- Merge Joomla favicon rules and add x-content-encoded-by header value tagging, closes #59
- Merge OWA favicon rules and add x-owa-version header tagging, closes #60
- Add Polylang x-redirect-by header value tagging, closes #61
- Replace SSH software tag with proto:ssh and tighten generic SSH banner tagging, closes #65
- Add generic HTTP banner/header protocol tagging, closes #64
- Add Telnet protocol negotiation banner tagging, closes #72
- Add Telnet XDISPLOC option tagging, closes #72
- Merge ASP.NET favicon detection and add ASP.NET header tagging, closes #63
- Add LiteSpeed header tagging, closes #58
- Add Cisco Expressway server header tagging, closes #78
- Rename detection tag prefixes from
hard/softtovendor/product, refs #50 - Complete tag taxonomy normalization for vendor/product/type/protocol tags, closes #50
- Add BGP protocol banner tagging, closes #71
- Add HP iLO default certificate issuer tagging and rename iLO rule, closes #73
- Improve Cisco router detection with IOS server and authentication realm tags, closes #79
- Improve FortiGate title and default certificate subject tagging, closes #67
- Add Icecast2 / ICY streaming protocol banner tagging, closes #69
- Normalize remaining protocol and legacy hardware tag prefixes to
proto:*andtype:* - Add RTSP protocol banner tagging, closes #70
- Improve Polycom detection with default certificate issuer and login title tagging, closes #74
- Add Cisco ASA default certificate issuer tagging, closes #76
- Add WWW-Authenticate realm tagging for RocketMQ, MOBOTIX, Netgear, Prometheus, Alertmanager, TP-Link, D-Link, Campbell, Wisenet, OpenClaw, OpenSearch, and Radware, closes #82
- Add FileZilla FTP Server default certificate issuer tagging, closes #75
- Add HPE Comware switch banner tagging, closes #115
- Add Barracuda CloudGen Firewall server header tagging, closes #77
- Rename FRITZ!Box vendor tag from
fritzboxtoavm - Add F5 Distributed Cloud load balancer detection from default
volt-adcServer header, closes #123 - Store tag rule values as
namespace:valuewhile keepingtag:*search and Kvrocks keys - Merge tag import and Kvrocks tag reindex commands into
tools/tag_mgmt.py; import/delete now require--all,--id, or--tags-file - Accumulate repeated per-port parser results so multi-service banners can all receive tag rules
- Show inserted Tag Rule IDs in
import_tags.py(bf1afd5) - Add
import_tags.py --flush-tagto remove one tag from Kvrocks tag indexes, closes #47 - Fix
import_tags.pyto update DB tag rules from newer YAML versions and print existing rule IDs, closes #49
- Dropbear SSH (
- Only TCP Supported.
- IPv6 scan not supported yet.
Nearly ready for production.
- IP detail view with scan history, vhost filtering, PTR hostnames, cert details, and quick service links
- Passive DNS and CIRCL geolookup enrichment
- YAML-backed Tag Rules, automatic Kvrocks tagging, and import/export support
- Built-in technology fingerprint library
- Configurable scan profiles, priorities, target bindings, and scan cycles
- Target/profile scan state tracking
- Scheduled Markdown reports with async preview and manual runs
- Controller-managed NSE scripts deployed to agents
- Expanded structured search:
OR,since:N, requested FQDN/domain, tags, favicon hashes, and banners - Async search result downloads for IP lists and full JSON exports
- Stats dashboard and read-only security role template
- TLD validation via faup-rs or IANA data
- Add IP detail view with per-port scan history, timestamp tabs, vhost filtering, PTR hostnames, certificate details, and quick service links
- Add Passive DNS and CIRCL geolookup enrichment in IP detail
- Add Tag Rules with YAML-backed signatures, automatic Kvrocks tagging, and import/export support
- Add a large built-in technology fingerprint library
- Add configurable scan profiles with ports, NSE scripts, target bindings, scan cycles, and priorities
- Add target/profile scan state tracking with working state, last scan, previous scan, and cycle duration
- Add scheduled Markdown reports with asynchronous preview and manual run support
- Add controller-managed NSE scripts deployed to agents with hash-based cache synchronization
- Improve structured search page
- Add
OR,since:N,fqdn_requested,domain_requested,tag, favicon hash, and banner search capabilities - Add asynchronous Search result Download function for IP lists and full JSON exports
- Add stats dashboard for targets, estimated scan scope, and object counts
- Add read-only security role template
- Add documentation for many topics
- Validate TLD using faup-rs lib or data.iana.org
- Add IP detail hostname from target details for FQDN targets
- Add IP detail hostname from KV search using requested hostnames stored in Kvrocks
- Add tool script for PDNS hosts extraction last_fqdns.py
- Add tool script for API target import
- Only TCP Supported.
- IPv6 scan not supported yet.
- Improve document storage to avoid lock
- Add cleanup of old jobs
- Add index for scan timeline
- Refactor scheduler job generation to reduce SQLite lock contention
- Add weighted priority queues and queued-job priority retagging for scan profiles
- Add batched orphan working-state repair for target scan states
- Harden bot job ownership checks on
/bot_api/getjoband/bot_api/sndjob - Throttling of bot job submissions
- Prevent stale Flask-Login sessions from crashing when a user no longer exists
- Add missing Flask-AppBuilder access checks on Tag Rules export routes
- Escape dynamic HTML helper output in models to reduce stored XSS risk
Initial public release for Hack.lu.
- Initial Plum Island orchestration server
- Target and job storage with Flask-AppBuilder UI
- Remote agent job dispatch and scan result collection
- Historical scan result storage
- Meilisearch and Kvrocks-backed search
- Structured search keywords:
ip,net,fqdn,host,domain,tld,port,http_*,x509_* - Search modifiers:
like,begin, pluslkandbgabbreviations - Basic installation flow with
setup.sh