CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.4.3] - 2023-02-23

Fixed

• Replace kalilinux/kali-rolling by kalilinux/kali-last-release as base Docker image (pablosnt#167)

[1.4.2] - 2023-02-16

Fixed

• Prevent overriding of user data with default data after execute migrate command (pablosnt#149)

[1.4.1] - 2023-02-15

Fixed

• Upgrade node-ipc to version 9.2.6 to fix incompatibilities with Node 19 (pablosnt#138)
• Upgrade psycopg2 to version 2.9.5 to fix incompatibilities with Python 3.11 (pablosnt#142)

Security

• Upgrade Django to version 3.2.18 (pablosnt#143)

[1.4.0] - 2023-01-11

Added

• Support for authenticated scans using different authentication types (pablosnt#95)
• Replace TargetTechnology and TargetVulnerability entities by InputTechnology and InputVulnerability entities (pablosnt#97)
• New popup for the management of target details: target ports, authentication, input technologies and vulnerabilities (pablosnt#97)
• Support for Nuclei tool (pablosnt#100)
• Support for Spring4Shell Scan tool (pablosnt#102)
• Support for Gobuster tool (pablosnt#106)
• New default wordlists (pablosnt#109)
• Save default wordlists size after database migration (pablosnt#109)
• Save the reason of skipped executions in output_plain field (pablosnt#121)

Changed

• Remove TargetEndpoint entity because they are useless for all tools (pablosnt#92)
• Optimize API handlers to reduce duplicated code (pablosnt#96)
• Remove password wordlists because they are useless for all tools (pablosnt#101)
• Replace cisagov/log4j-scanner tool by fullhunt/log4j-scan (pablosnt#103)
• Move stage parameter from Tool entity to Configuration to allow configurations of the same tool to belong to different stages (pablosnt#108)
• Improve favourities filters on web interface (pablosnt#110)
• Upgrade requests to version 2.28.1 (pablosnt#114)

Fixed

• Deploy Telegram bot automatically after configuring the Telegram token (pablosnt#93)
• Allow the creation of tasks without specific wordlist from the Telegram bot (pablosnt#98)
• Only apply input parameters for tool executions (pablosnt#99)
• Filter host inputs by distinct address type to prevent errors in tool configurations (pablosnt#107)
• Fix icon size and resolution to improve user experience on web interface (pablosnt#111)
• Configure CMSeeK to don't ask user about anything (pablosnt#115)
• Fix usage of specific environment variables for tool executions (pablosnt#119)

Security

• Validate target addresses to prevent scannings of the internal Rekono infrastructure (pablosnt#94)
• Upgrade setuptools to version 65.6.3 (pablosnt#105)

[1.3.0] - 2022-11-19

Added

• Popup to manage the target ports details (pablosnt#87)
• Improve user experience while the findings are obtained via API Rest (pablosnt#88)

Security

• Upgrade node Docker image version to 19.0.1-alpine (pablosnt#85)
• Upgrade djangorestframework-simplejwt version to 5.2.2 (pablosnt#84)

[1.2.0] - 2022-11-01

Added

• Settings page to configure Defect-Dojo, Telegram and security properties (pablosnt#71)

Fixed

• Docker environment deployment using privileged users (pablosnt#71)
• Optimize the frontend build in Docker environment (pablosnt#72)

Security

• Use sessionStorage to store access and refresh tokens in the frontend (pablosnt#74)
• Upgrade node Docker image version to 18.9.1-alpine (pablosnt#72)

[1.1.0] - 2022-10-16

Added

• Create multiple targets at the same time (pablosnt#49)
• Execute tasks against multiple targets at the same time (pablosnt#55)
• Show executions duration in task page (pablosnt#54)

Fixed

• Show Defect-Dojo fields only when it is configured (pablosnt#53)

Changed

• Upgrade axios version to 0.27.2 (pablosnt#62)
• Upgrade vue-router version to 3.6.5 (pablosnt#61)
• Upgrade core-js version to 3.25.2 (pablosnt#60)
• Upgrade vue version to 2.7.10 (pablosnt#59)
• Upgrade sass version to 1.55.0 (pablosnt#58)

Security

• Upgrade Django version to 3.2.16 (pablosnt#50)

[1.0.1] - 2022-09-20

Fixed

• Retry requests to Defect-Dojo API after unexpected errors (pablosnt#39)
• Retry requests to NVD NIST API to avoid blocks by the API rate limit and after unexpected errors (pablosnt#39)
• Save unique exploits based on its reference instead of edb_id (pablosnt#30)
• Prevent unexpected errors parsing malformed Sslscan reports (pablosnt#27)

Changed

• Optimize calculation of executions from previous findings to make process executions faster (pablosnt#27)
• Allow parentheses in text values like names and descriptions (pablosnt#29)

Security

• Upgrade nginx Docker image version to 1.22-alpine (https://github.com/pablosnt/rekono/pull/25/files)
• Upgrade node Docker image version to 18.6.0-alpine (https://github.com/pablosnt/rekono/pull/25/files)
• Upgrade python-libnmap version to 0.7.3 (pablosnt#31)

[1.0.0] - 2022-08-19

Added

• Execution of hacking tools
• Execution of pentesting processes combining different hacking tools automatically
• Execution of scheduled tasks
• Search of projects and processes by tags
• Like features for tools, processes and wordlists
• Defect-Dojo integration to import findings from Rekono
• User notifications by email and Telegram
• Management of Projects, Targets, Wordlist and Users
• Execution of tools and processes from Telegram Bot
• Initial web UI