All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Prevent overriding of user data with default data after execute
migrate
command (pablosnt#149)
- Upgrade
node-ipc
to version9.2.6
to fix incompatibilities withNode 19
(pablosnt#138) - Upgrade
psycopg2
to version2.9.5
to fix incompatibilities withPython 3.11
(pablosnt#142)
- Upgrade
Django
to version3.2.18
(pablosnt#143)
- Support for authenticated scans using different authentication types (pablosnt#95)
- Replace
TargetTechnology
andTargetVulnerability
entities byInputTechnology
andInputVulnerability
entities (pablosnt#97) - New popup for the management of target details: target ports, authentication, input technologies and vulnerabilities (pablosnt#97)
- Support for
Nuclei
tool (pablosnt#100) - Support for
Spring4Shell Scan
tool (pablosnt#102) - Support for
Gobuster
tool (pablosnt#106) - New default wordlists (pablosnt#109)
- Save default wordlists
size
after database migration (pablosnt#109) - Save the reason of skipped executions in
output_plain
field (pablosnt#121)
- Remove
TargetEndpoint
entity because they are useless for all tools (pablosnt#92) - Optimize API handlers to reduce duplicated code (pablosnt#96)
- Remove password wordlists because they are useless for all tools (pablosnt#101)
- Replace
cisagov/log4j-scanner
tool byfullhunt/log4j-scan
(pablosnt#103) - Move
stage
parameter fromTool
entity toConfiguration
to allow configurations of the same tool to belong to different stages (pablosnt#108) - Improve favourities filters on web interface (pablosnt#110)
- Upgrade
requests
to version2.28.1
(pablosnt#114)
- Deploy Telegram bot automatically after configuring the Telegram token (pablosnt#93)
- Allow the creation of tasks without specific wordlist from the Telegram bot (pablosnt#98)
- Only apply input parameters for tool executions (pablosnt#99)
- Filter host inputs by distinct address type to prevent errors in tool configurations (pablosnt#107)
- Fix icon size and resolution to improve user experience on web interface (pablosnt#111)
- Configure
CMSeeK
to don't ask user about anything (pablosnt#115) - Fix usage of specific environment variables for tool executions (pablosnt#119)
- Validate target addresses to prevent scannings of the internal Rekono infrastructure (pablosnt#94)
- Upgrade
setuptools
to version65.6.3
(pablosnt#105)
- Popup to manage the target ports details (pablosnt#87)
- Improve user experience while the findings are obtained via API Rest (pablosnt#88)
- Upgrade
node
Docker image version to19.0.1-alpine
(pablosnt#85) - Upgrade
djangorestframework-simplejwt
version to5.2.2
(pablosnt#84)
Settings
page to configure Defect-Dojo, Telegram and security properties (pablosnt#71)
- Docker environment deployment using privileged users (pablosnt#71)
- Optimize the frontend build in Docker environment (pablosnt#72)
- Use
sessionStorage
to store access and refresh tokens in the frontend (pablosnt#74) - Upgrade
node
Docker image version to18.9.1-alpine
(pablosnt#72)
- Create multiple targets at the same time (pablosnt#49)
- Execute tasks against multiple targets at the same time (pablosnt#55)
- Show executions duration in task page (pablosnt#54)
- Show Defect-Dojo fields only when it is configured (pablosnt#53)
- Upgrade
axios
version to0.27.2
(pablosnt#62) - Upgrade
vue-router
version to3.6.5
(pablosnt#61) - Upgrade
core-js
version to3.25.2
(pablosnt#60) - Upgrade
vue
version to2.7.10
(pablosnt#59) - Upgrade
sass
version to1.55.0
(pablosnt#58)
- Upgrade
Django
version to3.2.16
(pablosnt#50)
- Retry requests to Defect-Dojo API after unexpected errors (pablosnt#39)
- Retry requests to NVD NIST API to avoid blocks by the API rate limit and after unexpected errors (pablosnt#39)
- Save unique exploits based on its
reference
instead ofedb_id
(pablosnt#30) - Prevent unexpected errors parsing malformed Sslscan reports (pablosnt#27)
- Optimize calculation of executions from previous findings to make process executions faster (pablosnt#27)
- Allow parentheses in text values like names and descriptions (pablosnt#29)
- Upgrade
nginx
Docker image version to1.22-alpine
(https://github.com/pablosnt/rekono/pull/25/files) - Upgrade
node
Docker image version to18.6.0-alpine
(https://github.com/pablosnt/rekono/pull/25/files) - Upgrade
python-libnmap
version to0.7.3
(pablosnt#31)
- Execution of
hacking tools
- Execution of
pentesting processes
combining different hacking tools automatically - Execution of
scheduled tasks
- Search of projects and processes by
tags
Like
features for tools, processes and wordlistsDefect-Dojo integration
to import findings from RekonoUser notifications
by email and Telegram- Management of
Projects
,Targets
,Wordlist
andUsers
- Execution of tools and processes from
Telegram Bot
- Initial
web UI