Skip to content

Latest commit

 

History

History
154 lines (98 loc) · 7.15 KB

CHANGELOG.md

File metadata and controls

154 lines (98 loc) · 7.15 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.4.2] - 2023-02-16

Fixed

  • Prevent overriding of user data with default data after execute migrate command (pablosnt#149)

[1.4.1] - 2023-02-15

Fixed

  • Upgrade node-ipc to version 9.2.6 to fix incompatibilities with Node 19 (pablosnt#138)
  • Upgrade psycopg2 to version 2.9.5 to fix incompatibilities with Python 3.11 (pablosnt#142)

Security

[1.4.0] - 2023-01-11

Added

  • Support for authenticated scans using different authentication types (pablosnt#95)
  • Replace TargetTechnology and TargetVulnerability entities by InputTechnology and InputVulnerability entities (pablosnt#97)
  • New popup for the management of target details: target ports, authentication, input technologies and vulnerabilities (pablosnt#97)
  • Support for Nuclei tool (pablosnt#100)
  • Support for Spring4Shell Scan tool (pablosnt#102)
  • Support for Gobuster tool (pablosnt#106)
  • New default wordlists (pablosnt#109)
  • Save default wordlists size after database migration (pablosnt#109)
  • Save the reason of skipped executions in output_plain field (pablosnt#121)

Changed

  • Remove TargetEndpoint entity because they are useless for all tools (pablosnt#92)
  • Optimize API handlers to reduce duplicated code (pablosnt#96)
  • Remove password wordlists because they are useless for all tools (pablosnt#101)
  • Replace cisagov/log4j-scanner tool by fullhunt/log4j-scan (pablosnt#103)
  • Move stage parameter from Tool entity to Configuration to allow configurations of the same tool to belong to different stages (pablosnt#108)
  • Improve favourities filters on web interface (pablosnt#110)
  • Upgrade requests to version 2.28.1 (pablosnt#114)

Fixed

  • Deploy Telegram bot automatically after configuring the Telegram token (pablosnt#93)
  • Allow the creation of tasks without specific wordlist from the Telegram bot (pablosnt#98)
  • Only apply input parameters for tool executions (pablosnt#99)
  • Filter host inputs by distinct address type to prevent errors in tool configurations (pablosnt#107)
  • Fix icon size and resolution to improve user experience on web interface (pablosnt#111)
  • Configure CMSeeK to don't ask user about anything (pablosnt#115)
  • Fix usage of specific environment variables for tool executions (pablosnt#119)

Security

  • Validate target addresses to prevent scannings of the internal Rekono infrastructure (pablosnt#94)
  • Upgrade setuptools to version 65.6.3 (pablosnt#105)

[1.3.0] - 2022-11-19

Added

  • Popup to manage the target ports details (pablosnt#87)
  • Improve user experience while the findings are obtained via API Rest (pablosnt#88)

Security

  • Upgrade node Docker image version to 19.0.1-alpine (pablosnt#85)
  • Upgrade djangorestframework-simplejwt version to 5.2.2 (pablosnt#84)

[1.2.0] - 2022-11-01

Added

  • Settings page to configure Defect-Dojo, Telegram and security properties (pablosnt#71)

Fixed

  • Docker environment deployment using privileged users (pablosnt#71)
  • Optimize the frontend build in Docker environment (pablosnt#72)

Security

  • Use sessionStorage to store access and refresh tokens in the frontend (pablosnt#74)
  • Upgrade node Docker image version to 18.9.1-alpine (pablosnt#72)

[1.1.0] - 2022-10-16

Added

  • Create multiple targets at the same time (pablosnt#49)
  • Execute tasks against multiple targets at the same time (pablosnt#55)
  • Show executions duration in task page (pablosnt#54)

Fixed

  • Show Defect-Dojo fields only when it is configured (pablosnt#53)

Changed

Security

[1.0.1] - 2022-09-20

Fixed

  • Retry requests to Defect-Dojo API after unexpected errors (pablosnt#39)
  • Retry requests to NVD NIST API to avoid blocks by the API rate limit and after unexpected errors (pablosnt#39)
  • Save unique exploits based on its reference instead of edb_id (pablosnt#30)
  • Prevent unexpected errors parsing malformed Sslscan reports (pablosnt#27)

Changed

  • Optimize calculation of executions from previous findings to make process executions faster (pablosnt#27)
  • Allow parentheses in text values like names and descriptions (pablosnt#29)

Security

[1.0.0] - 2022-08-19

Added

  • Execution of hacking tools
  • Execution of pentesting processes combining different hacking tools automatically
  • Execution of scheduled tasks
  • Search of projects and processes by tags
  • Like features for tools, processes and wordlists
  • Defect-Dojo integration to import findings from Rekono
  • User notifications by email and Telegram
  • Management of Projects, Targets, Wordlist and Users
  • Execution of tools and processes from Telegram Bot
  • Initial web UI