As of September 9th, 2019 the following is the history of Pwnix Releases as reflected in the /opt/pwnix/chef/CHANGELOG file2019-09-09 -- version 1.9.19General:- Remove Louis gem (from public repo) dependency- Use patrous_fati gem from Pwnieexpress GitHub and not public Ruby gem repo- Remove portly2019-08-29 -- version 1.9.18General:- Perform backup before px-system-update- BlueHydra to sync all devices to Pulse and perform hard_reset before each sync- Hermes - renew expired certificates2019-06-25 -- version 1.9.17General:- Fix insight_api/api_endpoints/vulnerability_scanner.rb for px-openvas-report-fallback- Discard "N/A - Random Address" in BlueHydra scan2019-05-12 -- version 1.9.16General:- Fix OpenVas connection check in px-connection-dr script- Make use of /etc/lsb-release.conf file to determine OS version codename- Changes required for kalirepo update2019-01-16 -- version 1.9.15General:- GPG key expired on updates server- Created new key, signed images, replaced public key2018-06-05 -- version 1.9.14General:- Fix AD integration insight api plugin- Prune OpenVAS plugins after upgrade- Cleanup AD integration on deregistration from Pulse2018-04-09 -- version 1.9.13General:- Fix AD integration status reporting- Fix PwnScan and BlueHydra config parsing from Pulse- Fix update endpoint used by Pulse2018-04-06 -- version 1.9.12General:- Fix configuration updates for reverse shells from Pulse- Fix status reporting of shells to Pulse2018-04-02 -- version 1.9.11General:- InsightAPI ...updated local UI- InsightAPI fixed all reverse shells- InsightAPI added HTTP and Proxy type shells- InsightAPI added user management- Make reverse shells more reliable- Remove color from scripts exposed through web interface- Add ability to completely disable OpenVAS- Add error handling to system health check- Fix passive recon's OS detection log- Fix passive recon's HTTP log- PwnScan add current scans to context- PwnScan confirm IP rolled when coming from passive arp- PwnScan increase arpscan speed- Fix updating over reverse shells- Update all Ruby gems- PF dont respect AP updates that try to change bands2018-03-01 -- version 1.9.10General:- BlueHydra fix btmon parsing due to bitrot- BlueHydra info scan rate changed to 4 min from 1 minute- BlueHydra 3 minute granularity, sync every 3 minutes- BlueHydra stop unknown company_data flapping- BlueHydra prevent from DDOSing cloud with runtime failue loops- Remove CWIPS from updates- Remove Trihard from updates- Fix OpenVAS status endpoint in insight- Update PX scripts to properly hit insight endpoints- Remove kali1 migrations (shells)- Kismet slow down channel hopping- No longer install radiotap-signals- PwnScan fix OpenVAS endpoint- PF Handle multiple cloaked SSIDs- PF Add signal threshold for client and AP detection- PF Disregard channel 0- PF reduce message flapping2018-02-07 -- version 1.9.9General:- Fix upstream Kali key from improper rolling2018-01-12 -- version 1.9.8General:- Sensor Notifications adjust throttle to 1 per minute per event- Upgrade to Ruby 2.3.6- PwnScan add IP context cache for smarter scanning- PwnScan track dirty attributes; cache hook, change integrity check- PwnScan throttle remote target notifications once per run- PwnScan abstract DM rescues to function call instead of manual rescues everywhere- PwnScan fix dark magic voodoo nmap timeout parsing for smaller queues- PwnScan lower subnet scan timeout to 120- PwnScan smarter sync throttling to further prevent cloud race condition- PwnScan sync thread reduced to every 12 hours from every 1 hour- PwnScan add config flag for intrusive scans to be turned off- BlueHydra make sensor events optional for open source users- BlueHydra update parser to handle new version of BlueZ- BlueHydra automatically reject obviously bad data and warn- CWIPS handle disconnection from Kismet- CWIPS minor parse improvementMobile:- Dont install ifplugd2017-12-08 -- version 1.9.7General:- Remove Ardennais Plus definition- Add Shire and Shire Plus definitions- AtCtMon Validate db is sane- AtCtMon quiet the no modem error- AtCtmon fix the failed lookup errors- AtCtMon update the lookup table- AtCtMon reset the dongle every 3 hours instead of 8- Limit RAM usage for Kismet and Openvas-scanner- Added intel microcode for ardennais and shire errata- PwnScan add port confidence for weighted updates- PwnScan retry checks for fatal network failures at runtime- PwnScan "fix" sprintf on incomplete packets for passive arp- PwnScan downgrade troubleshooting output from warn to debug- PwnScan move tsa line warning- Watchdog will restart if unable to map 50M RAM- PatFat updated to avoid microsecond race- Openvas pause scans during update and resume after- CWIPS improve parsing- CWIPS move warning to more useful place- Openvas pause before updating and resume after2017-11-17 -- version 1.9.6General:- Bump Patfat version to fix errors in log- Sensor Notifications - gather version at startup to avoid OOM while processing OOM notifications- PwnScan/DHCP0f fix domain parsing/passing- PwnScan throw out invalid looking domain_names passed from DHCP0f- PwnScan fix in logic during port fingerprint analysis- PwnScan add explicit passive cache deletion for remote hosts on save model hook- More properly ban kernel 4.9, additionally ban 4.12- Remove non-existant unused package xtables-addons-common from the install list- Revert improper removal of non systemd support2017-11-03 -- version 1.9.5General:- AtCtMon bandaid- Hermes rescue broken connections to keep logs cleaner- InsightAPI ensure directories exist- Remove dead SMS code- Fix service wants/requires in systemd- Remove unneeded GPSD package on fixed sensors- Trihard config validation- Remove Kali 1 support- BlueHydra consistency check on DB- InsightAPI config validation fix- Pwnix Service files cleanup- Add Watchdog- Dhcp0f ignore failure- Dhcp0f pass domain name if available- PwnScan weight hostname- PwnScan parse domain name from dhcp into fqdn when possible- PwnScan speed up slowest db access by a factor of 5- PwnScan ensure 0.0.0.0 hosts are set offline- PwnScan bring passive arp back into targets- PwnScan intelligent IP handling from passive dhcp- PwnScan hosts unthrottled on meaningful changes- PwnScan arp_up savior added- PwnScan stop port fingerprint flapping from time data- PwnScan extra sync measures to prevent cloud CDP race condition- PwnScan disable dns resolution when not required- Patfat Include last_visible time with SSIDs- Patfat Include whether it is likely that an AP is broadcasting multiple SSIDs (as opposed to transitioning to another SSID)- Patfat Do not expire the last SSID an AP has to reduce flapping (will still be removed when it's presence rotates out after two hours)- Patfat Fix race with two last_visible calls that extremely rarely may cause a nil exception- Patfat Fix nil check issue when an item has expired but we're still trying to identify how long it was visible for2017-09-28 -- version 1.9.4General:- PwnScan fix mark online call- PwnScan pass score for best device_type match2017-09-27 -- version 1.9.3General:- Blue Hydra stun database instead of cause backlog- Blue Hydra cleanup ancient stuff from db (lowers RAM usage slightly)- CWIPS add wireshark 2.4 support- CWIPS slightly modify hop/xmit pattern- PwnScan dhcp0f and fingerbank support- PwnScan port timeout detection improvement- PwnScan host inspection queue push/pop reorder- PwnScan status thread poke recently offline hosts2017-08-24 -- version 1.9.2General:- Blue Hydra must be root to start- Blue Hydra CUI filtering *glory*- CWIPS add new prevention rules- Remove deprecated sshd_config options- Make automated testing available on sensor with gusto- Remove OpenVAS temporary tasks when not needednoise from PXT- Add sensor events to PXT- Deregistration / cleanup.sh restart insight last- Re-add aircrack-ng for EvilAP- PwnScan improve matching logic - split local and remote, refine local rules further- PwnScan add host inspection thread/queue/scan for individual host scanning- PwnScan auto detect host (port) scan timeouts and inspect host further- PwnScan improve host status checking- PwnScan improve port scan used for port savior checking - stops port flapping- PwnScan fix host OS updating around OS info (accuracy vs source ranking)- PwnScan inspect hosts based on status changes- PwnScan drop all scan timeouts- PwnScan improve service scan accuracy- PwnScan stop SMB vuln detection from creating cloud side duplicates for new records- Fix OpenVAS provisioning for Kali 1- Bump Louis version: update OUI database, minor performance improvements- CWIPS - Add channel verification- CWIPS - Add RSSI API- BlueHydra - Add RSSI API- Trihard - Consume rssi api from cwips and bluehydra- Hermes handle and shame failed insight calls which return no dataMobile:- Actually export Blue Hydra in CSV2017-07-21 -- version 1.9.1General:- MOTD last thing done on update- Diasble older SSL connection options Hermes & Connection Dr- PwnScan blob targets uniq fix- Ease upgrade of hosts which upgraded from Kali 1- Prevent chef from updating more than once a day- Add cwips events for demo purposesMobile:- Remove too specific deps on libbtbb and libubertooth2017-07-17 -- version 1.9.0General:- InsightAPI AdNauseam rename fix- InsightAPI expand permitted update pack target names- px connection dr stop testing things we dont connect to- OpenVAS submit report ourselves if it fails to- OpenVAS remove --deep, dangerous and mostly untested- px update openvas update OpenVAS9- fix pwnscan.service to actually run netvalid prestart- autorun dist-upgrade after adding Pwnie debian repo- restart redis immediately on upgrade- PwnScan fix vlan helper IPAddr include? bug- PwnScan fix port flapping bug- PwnScan add more fatal notifications- PwnScan add eth0 check, add overlapping target check- make update slightly quieter- make update more resiliant to dpkg failures- downgrade broken kernels- kernel safety check to ensure broken kernel isnt installed- fix logic bug forcing reinstallation of ruby dev every update- improve logic for kernel change reboots2017-07-10 -- version 1.8.10General:- Minor fix to ruby development check- Minor fixes to gold image script- Tweak to openvas update logic (what utility gets run)- Don't log martian packets- Don't manipulate legacy service unless required2017-07-06 -- version 1.8.9General:- Add Trihard alpha- Add CWIPS public beta- Rename AdNauseam- Catch oom errors and exit when possible- Update for OpenVAS9- Realtime Wireless drop sqlite internally- Realtime Wireless vast performance improvments- Realtime Wireless now tracking wireless assets over a longer period of time- Realtime Wireless assets now have an internal history, allowing more reliable logic on their uptime and state- Realtime Wireless more reliably track client's probes- Realtime Wireless adjusted connection logic to reduce noise and false connections- Realtime Wireless added comprehensive test coverage over all business logic- Vuln Scan minor adjustments to client library to handle unexpected disconnects- Prevent vuln scan from triggering errors in insight's logs- Ensure OpenVAS is restarted after database migrations- Add safety checks and notifications to sensor upgrade- Only permit sensor to update to the same version once per day- BlueHydra add sensor notifications for errors- BlueHydra remove excessive sync to pulse- Hermes expose currently running jobs through process names- Pwnix utils add sensor notifications- Px subnet info (re)add sensor's non-normalized IP- Px troublshooter show top 5 memory users, up from 2- Pwnix chef add sensor notifications- Fix sensor notificaiton rate limiting- Bump nmap version- Send event crashes wont propegate to code that includes it- Insight plugin cleanup and fixes- PwnScan large refactor, performance optimizations- PwnScan newly created host save relationships at sync- PwnScan validate sensors network configuration in systemd pre-start- PwnScan use iNotify- PwnScan port closing bug fix- PwnScan newly created host double status check bug fix- PwnScan status thread lookalike bug fix- PwnScan passive arp offline host creation bug fix- PwnScan deduplicate macs at startup- PwnScan enforce macs are unique across all records while creating and updating- PwnScan resultsprocessor ignore single IP targets in set_hosts_offline- PwnScan fix changed to reflect changed not last_seen in attribute meta- PwnScan reorder + add in reliable attributes to also consider in matching- PwnScan track targeted hosts with passive arp too- PwnScan scan queue wont allow overlapping CIDRs- PwnScan removes dead targets from queue if config changes- PwnScan fix nmap smb vuln parsing after nmap verison bump2017-05-26 -- version 1.8.8General:- Chef cleanup warnings- Chef disabled services now masked- Hermes handle unified config messages from Pulse- Hermes sync time to pulse on connection- InsightAPI add network_info to system properties- InsightAPI add config valid check for PwnScan in system properties- InsightAPI write status file when updating Pulse- InsightAPI multiple Ruby 1.9 fixes- sync_properties handle corrupt properties file- add SensorEvents (Pulse SensorNotifications)- px-connection-dr now validates sni MITM- px-subnet-info add json mode and normalize subnet- px-system-id add hardware detection- BlueHydra fix various warnings- PwnScan prevent multiple instances from running concurrently- PwnScan add timestamps to all attributes_meta (includes startup migration)- PwnScan remove redundant less accurate data (os version)- PwnScan add attribute meta reset- PwnScan stop shipping os_accuracy to Pulse (its unused)- PwnScan add sensor notifications- PwnScan add fatal error for no valid px-subnet-info data- PwnScan add in_targets boolean on network hosts- PwnScan dont send to pulse while starting- PwnScan dont sync to pulse unless there is a reason to- PwnScan simplify marking hosts online, offline and duplicate- PwnScan format hostnames consistently- PwnScan merge smb-os script data with nmaps os data instead of overriding- PwnScan remove discovery and service scans in favor of smb-os-service scan to reduce inaccurate data and simplify matching- PwnScan only rewrite the config if it changed and fix target validation and remove old keys- PwnScan remove expensive db query for debug log- PwnScan bump version and fix spec- PwnScan dont double send hard reset- PwnScan refactor vulnscan thread and add vulnscan flush- PwnScan simplify passive arp offliner- PwnScan allow status thread to mark hosts in target subnet online as well as offline- PwnScan allow_match consistency check- PwnScan rename variables from reserved words2017-05-02 -- version 1.8.7General:- CWIPS fix kismet integration- Patfat remove sqlite db- Vulnscan dont scan when OpenVAS considers a target invalid- px-subnet-info more safety checks- px-system-id get MACs from wizard not macchanger due to macchanger bug- px-system-id get specific ssd serials, not a jumble of all of them- PwnScan add gateway_ip,gateway_mac,interface detected on, vlan detected on, subnet detected on- PwnScan avoid double sync_to_pulse on new host creation to avoid cloud race- PwnScan validate network information and cache when reading in- Add Ardennais PlusMobile:- fix freeradius wpe configs- read MAC address through wizardry instead of macchanger2017-04-21 -- version 1.8.6General:- Tags were incorrectly applied to repos2017-04-21 -- version 1.8.5General:- insight_api send up system information for all registered sensors- insight_api add Credential Request plugin- px_subnet_info add gateway MAC when available- add Pwnie apt repository- PatFat correctly parse encryption type- PatFat detect WPS properly- AdNauseam beta (v0.0.2) Pulse + Credential management- px-subnet-info fix several bugs- PwnScan fix passive arp reply parsing- PwnScan add cache for network information + warnings- PwnScan add discovered_by Network Host model- PwnScan add IP validation on Network Host model- PwnScan more reliably pass source for attributes meta- PwnScan only actively scan things in targets- PwnScan default logger to info to surpress early debug log leakage- PwnScan use passive arp to offline hosts not in targets- PwnScan passive arp only used for hosts outside of targets- PwnScan automatically create new DB if DB is corrupt- PwnScan fix network config warnings and elevate to error- PwnScan validate host offline if possible not just missing from scan results2017-04-04 -- version 1.8.4General:- PwnScan fix for non-scoped targets- PwnScan more information for non-scoped targets- CWIPS alpha with channel control2017-03-31 -- version 1.8.3General:- add AdNauseam alpha- add Cool WIPS alpha- blue_hydra add sighup support for logrotation- blue_hydra lower severity of debug message- blue_hydra fix service data leaking into service name- hermes fix tests, code cleanup, dead code removal- hermes fixing breaks in read threads- insight drop direct manipulation of Pwnscan config file- insight fix crash when scanned by OpenVAS- realtime wireless add safelogger- px troubleshooter add new services and top memory users- insight, patfat - fix logrotate- blue_hydra, pwnscan - add logrotate- pwnscan add config validate mode- pwnscan handle sighup rereads config and reinits logger- pwnscan replace magic with standardized deep magic- pwnscan fix to work on moto- pwnscan remove local and remote targets in favor of targets- pwnscan fix discovery scan to scan things in db- pwnscan initial discovery scan blocks like it was intended to- pwnscan another hard reset on update - simple vulnscan was bad- massively update ruby gems in useMobile:- fix typo in kismet one touch script2017-03-17 -- version 1.8.2General:- debian needs ifupdown to configure network interfaces but somehow it isn't default2017-03-15 -- version 1.8.1General:- w3af-console is no longer found in Packages upstream- drop some unneeded packages2017-02-09 -- version 1.8.0General:- px-subnet-info -l add vlan information- px-subnet-info show eth0 subnet by default- PwnScan add optional offline all cloud network hosts at first run after update- PwnScan process arp replies correctly- PwnScan dont clobber mac addresses- PwnScan remove unused ip_addresses function- PwnScan cache interface/vlan info- PwnScan process and handle vlan tags properly- PwnScan add warnings for unusual (broken) network configurations- PwnScan do not delete duplicate hosts - mark ineligible for matching- PwnScan pass interface flag to arpscan- PwnScan add pwnix management interface to blacklist dynamically at startup- PwnScan handle known IP matching corner cases- PwnScan add logging to identify source of host duplication- PwnScan fix "evalute" function typo- PwnScan deterministicly choose exact duplicate hosts in weightedmatcher- PwnScan send up hard reset if duplicate hosts found- PwnScan send up a sync (reset) to offline all not in current DB at start- PwnScan handle passive arp correctly- PwnScan only union remote and local targets since pulse cannot set targets directly- PwnScan offline duplicate IP hosts2017-01-27 -- version 1.7.30General:- atctmon: send reset to pulse when first started to ensure old data can be cleaned up- blue_hydra: send reset to pulse when first started to ensure old data can be cleaned up- blue_hydra: add icon- blue_hydra: adjust scanning script to logfile name- insight_api: Fix subnet matching- updates: restart kismet whenever the update restart realtime wireless- realtime_wireless: use kismet timing information to drop pre-cached data2016-12-28 -- version 1.7.29bGeneral:- refactor service disabling- update spec2016-12-26 -- version 1.7.29aGeneral: improve service disabling to only happen when needed2016-12-23 -- version 1.7.29General:- px-subnet-info: -i updated to only show if we have an interface- backup script: add default file name with date- pwnscan: sync_version support- pwnscan: prevent IPV6 addresses from being used in the VlanHelper- disable clamav services due to logs filling the drive- do not add metasploit by default on fixed line2016-12-12 -- version 1.7.28General:- atctmon: sync data to pulse at startup- atctmon: add sync_version to pulse data- blue_hydra: fix developer console- px-subnet-info: improve -i flag- pwnscan: specify interface for nmap scans- pwnscan: automatically determine local vs remote subnets- pwnscan: add rake task to offline hosts- vulnscan: safer renewal of certificates- openvas: fix auto cert renewal time logic- spec: fix typo in spec introduced in 1.7.27 for kali1 sensors- spec: remove tests that don't apply to packages that we don't touch- update.sh: better testing for installed packages- update.sh: keep locale fixing non-interactive- realtime_wireless: better dealing with timestamps from kismet- realtime_wireless: bad data from kismet won't stop the service2016-12-05 -- version 1.7.27General:- insight: Add in support for radiotap- insight: Disconnect redis from openvas service control- insight: Fix reverse SSH over SSL- insight: Minor copy fix on shell names- insight: Fix system blacklist updating- px-subnet-info: Add -i flag for showing interface / subnet- redis: Moved to general service, not vuln scan specific- Remove chkconfig, on kali 2- Remove SET and manatoolkit on fixed lines- vulnscan: Allow database rebuilds to fail when updating (safety mechanism)- pwnscan: Send vulnerabilities for open smb shares on network hosts- receiver script: updates and fixes2016-11-18 -- version 1.7.26General:- insight: Make registration log available- insight: Some language display adjustment around Pulse registration- insight: Tweak to service control to prevent running start scripts when the service is already running.- openvas: Added automatic certificate renewal system to help keep OpenVAS stable.- Disable intel bt in preference for using the sena2016-11-11 -- version 1.7.25General:- atctmon: import world mcc/mnc list from wikipedia- atctmon: add pulse reset- image-prep: rm kali upgrade backup file- kali-rolling: auto upgrade from kali 1 (fixed line only)- patfat: bump to version 0.9.22- patfat: changed SSID expiration to 600s- patfat: included kismet alert type information- patfat: output useful error when failed to save SSIDMobile:- evilap: fix log creation of active clients when quitting2016-11-04 -- version 1.7.24General:- cleanup vulnscans when running cleanup script- cleanup.sh only remove history from homedirs- fix typo in pwnix_kismet_server- px-troubleshooter: force text mode when parsing log files- update kali-rolling upgrade scriptMobile:- evil_ap: fancy new ui2016-10-25 -- version 1.7.23bGeneral:- fix rspec to not test gnokii-smsd2016-10-24 -- version 1.7.23General:- rename Sophia to Ardennais- px-troubleshooter: truncate update.log- passive_recon service: switch dsniff to ettercap and fix logging- update.sh: set locale if unset- update.sh: ease transition to https repo automatically- remove gnokii-smd package for kali rollingMobile:- add AOPP product- px-connection-dr: do not test openvas stuff- evilap: fix double/triple cleanup to ensure multiple runs work properly- evilap: add noise so it's obvious what is happening2016-10-14 -- version 1.7.22General:- hermes: support dispatch stunning- debug-pack: add xz compression- debug-pack: only search rootfs for large files- insight: add debug pack function- insight: add connection dr function- insight: add system-health function- insight: reorg navigation and page structure to match pulse use case- insight: add admin page with functions- insight: alert user when default password has not been changed- insight: improve documentation2016-10-07 -- version 1.7.21General:- blue_hydra: add pulse debug option- blue_hydra: add sync_version- blue_hydra: update corelation process- blue_hydra: add reset for starting with empty DB- blue_hydra: add support for agressive RSSI syncing- blue_hydra: handle SIGINT better- cleanup.sh: restart insight to deal with logging issues- pwnscan: protect against missing values in custom script xml- realtime_wireless: send up periodic status messages for devices we have seen in last 5 minutes- nac bypass: overhaul nac bypass scripts to support kali rolling- kail rolling upgrade: ensure systemd is installed- minor logfile fix for update scriptMobile:- evil_ap: switch from dhcpd to dnsmasq- ssl_strip: change default interface for new evil ap support- wifite: use aircrack instead of tshark to find handshakes- blue_hydra: fixed CUI for mobile line2016-09-09 -- version 1.7.20General:- blue_hydra: handle already dead threads- blue_hydra: supress known l2ping errors- blue_hydra: fix path for corrupt database recovery- insight: get service status from exit code- insight: v1 update now calls v2- px-subnet-info: fix and add -a flag- px-system-update: fix for new syntax- px-update-blacklist: update path to pwnscan.json- pwnscan: prevent syncing test data to pulse- update: switch to https- update: better testing for missing packages- update: use --reinstall to fix broken critical packages- update: fix bugs caused by system-setup migration- kismet: add regular check for health, restarting the service when it fails2016-08-26 -- version 1.7.19General:- blue_hydra: properly test for ubertooth and reflect status in CUI- blue_hydra: set mode type from parser and enforce default values- blue_hydra: fix offlining bug for devices detected by ubertooth- blue_hydra: fix call absolute path call to ubertooth-util- fix kali-rolling to use dist-upgrade instead of upgrade- syntax improvements and code cleanup for update.sh & run-chef-solo.sh- fix bug with remounting system read-only- merge system-setup.sh into update.shMobile:- automatically detect when wifi devices labels are switched- automatically run 'dpkg --configure -a' as needed during update- evilap.sh: fix regresion on AOPP- nmap_scan.sh: specify interface2016-08-19 -- version 1.7.18bGeneral:- pwnscan: drop nbtscan due to mis-corelation issues2016-08-19 -- version 1.7.18aGeneral:- insight: fix pwnscan config migration when pwnscan is off during migration2016-08-19 -- version 1.7.18General:- blue_hydra: ubuntu path fix for bluez test scripts- blue_hydra: add 'q' to quit to cui- blue_hydra: default cui sort order to 'seen at'- blue_hydra: nil logger support- insight: properly check which init system to use for managing services- insight: added a service target to update kali-rolling sensors- px-troubleshooter: truncate logs to show only last 100 lines- kali-rolling switch to QA'd repos- pwnscan: add nbtscan support- pwnscan: extract fqdn from SMB OS detection script to use as hostname- pwnscan: tell me i'm frozen but what can i do- pwnscan: only kill threads that exists (haven't crashed)- pwnscan: deduplicate SMB and Service scans and prioritize SMB queue to improve rate of SMB OS detection script runs- patronus fati: limit active ssids per bssid- update script: fix locking to prevent running update script multiple times- update script: don't run fix_apt code unless absolutely neededMobile:- evilap: fix non AOPP regression2016-07-29 -- version 1.7.17General:- blue_hydra: check if threads are alive before killing- blue_hydra: require more exactly- blue_hydra: more errors on cli- blue_hydra: only kill the running threads- drop build-essential cookbook- insight: remove citadel licensing- insight: fix for new data location- insight: update pwnscan config location- minimize openssh and sudo cookbooks- fix permissions on /opt/pwnix/dataMobile:- evilap: fix hostapd-wpe cleanup- set: fix site cloner to not need apache- tshark: fix logging mode to still show packets- usb copy: dereference symlinks and do not try to preserve permissions- fix for updating very old PP2014 factory images to current for AOPP upgrade pathing2016-07-21 -- version 1.7.16aGeneral:- Ensure new paths are purged by image_prep- Purge blue_hydra and atctmon configs and database during image_prep- Fix pwnscan development consoleMobile:- Fix blue_hydra database path in blue_hydra utility2016-07-21 -- version 1.7.16General:- Migrate service state and config to common directory for sensor 2.0- migrate atctmon and blue_hydra to yaml config files- hermes - handle pre-emptive certificate expiration check more reliably- insight_api - don't attempt start / stop / status checks on unavailable services- insight_api - pass generated session secret through to secure cookie handler explicitly to silence warning- prevent raised exceptions in px-connection-dr when unable to connect to server- better clean up logic when deregistering a sensor- silence warning in px-system-id when lsblk isn't present- include network config in px-troubleshooter- include complete iptables state in px-troubleshooter- include pwnix license check in px-troubleshooter- include blue_hydra and atctmon configs in px-troubleshooter- whitelisted firmware packages for the autoupgrade script- update kali-rolling magic upgrade scripts- backup / restore scripts more gracefully handles missing directories- blue_hydra - default to no pulse- blue_hydra - add support for demo masking of mac addresses- blue_hydra - add magic recovery from rfkill and hardware lockup- blue_hydra - add magic recovery from bluetoothd lockup- blue_hydra - compress btmon logs- blue_hydra - make cui pretty- blue_hydra - support reading gzipped btmon files- blue_hydra - support testing on devices with no bluetooth adapter- blue_hydra - Fix Gemfile for actual use- blue_hydra - add BSD-3 license for open source release- blue_hydra - lots and lots of comments- make update.sh log more- ensure e2fsprogs is installedMobile:- evil ap - perform cleanup when receiving more aggressive signals- fix bad syntax in choices for some scripts2016-07-19 -- version 1.7.15aGeneral:- hermes - wait for renewal request confirmation before disconnecting- hermes - log additional error messages from Pulse2016-07-13 -- version 1.7.15General:- hermes - add better dead lock protections- hermes - fix issues with wrong worker killed during IPC issues- hermes - when authentication fails five times, will now request it's status from pulse- hermes - handle expiration and revoked status for authentication material- hermes - fix typo on method that cleans up after a sensor has been rejected2016-07-08 -- version 1.7.14General:- fix novatel on newer kernel to use option driver- blue_hydra - fix aggressive_rssiMobile:- Fixes for sns endpoint generation and package verification (legacy)- Ensure update path functional on all non-aopp builds2016-07-01 -- version 1.7.13General:- pwnscan - sanitize local_targets in the config file- pwnscan - a few extra workarounds for dm-types bug- drop "datamapper" in favor of "data_mapper"- insight - add the secure flag on session cookies2016-06-29 -- version 1.7.12aMobile:- fix copy pasta reversed safety logic2016-06-29 -- version 1.7.12General:- blue_hydra - add compressed raw log- blue_hydra - add initial ibeacon support- blue_hydra - add initial gimbal support- blue_hydra - add and use uuid tracking in cui- blue_hydra - improve mac address tracking to support changes- blue_hydra - improve ubertooth detection- blue_hydra - add some hot keys to adjust cui sort and columns shown- blue_hydra - catch sigint "properly"- px-system-id - add system information and send with registration- networking - dhcp only request gateway and dns on primary interface- xtables - add xtables for support of Android 5 default rules, etc- pwnscan - offline blacklisted hosts- pwnscan - add support for "no_arp" mode- update kali-rolling upgrade scripts with whitelist package check- update kali-rolling upgrade with minor fixesMobile:- evilap - add support for hostapd-wpe- dnsspoof - add support for hostapd-wpe2016-06-14 -- version 1.7.11General:- spec - switch rspec to use in memory db for pwnscan & atctmon- pwnscan - auto-black list first and last addresses of default subnets (.0 / .255)- blue hydra - add uuid to device modelsMobile:- evil ap - ensure dhcpd.leases file exists2016-06-10 -- version 1.7.10General:- hermes - handle errors around IPC pipes- insight - rm deprecated wireless survey functionality- insight - prevent blank passwords from being set for pwnie user- insight - fix use of ip route for pwnscan and system properties- kali-rolling upgrade - improve service management post upgrade- pwnscan - fix bad call in port model callback- patronus_fati - fix early client recording bug- patronus_fati - remove client connection threshold- connection-dr - test www.openvas.org:80- connection-dr - allow siphon tld- update - run apt-get --fix-broken liberallyMobile:- blue_hydra - write summary to captures directory after app run- ubertooth - fix selection of ubetrtooth-rx or ubertooth-lap2016-06-03 -- version 1.7.9General:- enforce updating config files during apt use- ship optional kali-rolling upgrade scripts- add vlan package for proper vlan support- blue_hydra - add optional aggressive rssi reporting- troubleshooter - recursive list of log files- troubleshooter - selectively read ssd temp- troubleshooter - add smart disk diagnostic information- troubleshooter - alert on diskspace- evilap - fix config file locations- passive_recon - prohibit/stop service when drive is >79% full- pwnscan - consolidate db access to avoid write lock contention- pwnscan - remove unused method- pwnscan - split vulnscan queue into high (new hosts) and low priority- pwnscan - do not add hosts to vulnscan queue if they have been recently scanned- improve date wrapping during upgradeMobile:- ettercap - update to support kali-rolling, cleanup script- sslstrip - update to support kali-rolling, cleanup script- tshark - cleanup script- ubertooth - update to support kali-rolling, minor improvements- remove unused samba and smbclient packages2016-05-25 -- version 1.7.8General:- chef - add tcpdump package- chef - purge unused system packages- hermes - improve logging- hermes - additional error handling- hermes - remove use of zlib and fix IPC bug- hermes - improve recovery in working communciations- hermes - handles additional error states for workers- openvas - add --pulse flag to parser script to send directly to pulse- openvas - improve service checkin in insight- pwnscan - Add configurable vulnscan flag to run Vulnerability Scan against new hosts one at a time- pwnscan - Add OS Version attribute- pwnscan - Add use of SMB OS Detection Nmap Script for certain Systems- pwnscan - Improve behavior and consistency of Blacklist- pwnscan - Improve local subnet Enumeration to allow for scenarios where tunneling is enabled- pwnscan - Track what scan source an attribute was set for, attempt to not down grade to prevent flapping- troubleshooter script improvements around service checking- unsafe-cell-id - caputre sim mccmnc2016-05-05 -- version 1.7.7General:- Remove unused cookbooks- atctmon - autodetect serial port- blue_hydra - add rssi logfile- blue_hydra - always rewrite pretty config file- hermes - reduce logging on messages while disconnected- insight - fix interface up/down detection- insight - fix service not available checking- Add Sophia (not Sofia) hardware support- 4g rshell - add support for att m2m network- 4g rshell - add routing options- rshell - prevent shell from closing on insight restart- health check - add thermals- cell id - always call safely- cell id - add support for detecting cell/sim issues- cell id - add support for detecting physical device- move hostname setting from image_prep to firstboot- patfat - respect gemfile version- patfat - ssid expiration fix- patfat - do not reset ssid on restart- patfat - fix thread spawning on unsuccessful connection- patfat - optimize sqlite usage- use the correct public repo for kali2/rolling- openvas - fix updater to check time delta properly- add locking support to update.sh to prevent simultaneous runsMobile:- evilap - fix hostname/mac rolling- evilap - fix magic ipv4 -> ipv6 nat2016-04-15 -- version 1.7.6aMobile:- Properly notify PXUpdater of successful update2016-04-15 -- version 1.7.6General:- Blue Hydra -- fix ubertooth-rx -z detection- Hermes -- run client thread rescue properly- Rshell -- unify setup and checking for rshell- Rshell -- use ssh keep alive instead of autossh port forward loopback- Rshell -- do not connect if port forward fails- px-realtime-wireless -- retry Kismet 3 times then accept defeat- px-troubleshooter -- cleanup and various improvements- Create installed-version-id on update successMobile:- Remove Android apks (except PXUpdater), now built into aopp- Prevent PXUpdater from being installed on aopp- Remove system scripts, now built into aopp- Fix nmap script ip conversion bug and add support for multi-homing- Change _apt group to default to AID_INET and add required members- Stop mounting /system rw on Android API > 19- Stop creating /system/etc/vendor/pwnieexpress for latest-version-id file2016-04-07 -- version 1.7.5General:- Blue Hydra -- handle known Bluez warnings- Blue Hydra -- add ubertooth package to be installed via chef- Blue Hydra -- require bluetooth.service not just bluetooth.target- Insight -- don't disclose sensor type to unauthenticated users- px-connection-dr -- more invalid cert info- OpenVas -- moved redis socket to /var/lib/redis/redis.sock- Handle nmap version change in spec- bump nokogiri gem version- px-bluetooth-discovery -- fix crash on corner case error from hcitool2016-03-21 -- version 1.7.4General:- Add Support for PwnPlug R4- Use packaged bundler instead of gem bundler- Add support for safely calling update.sh from pulse- Handle new `ifconfig` output or switch to use of `ip`- Add kali-rolling Support- Use dist-upgrade instead of upgrade for kali 2+ in run-chef-solo script- Add support for ruby 2.2 and 2.3- Inform Pulse about presence of cell adapter- Remove unused subnet_info.sh script- Use --force-confnew & --force-confmiss DPKG options for apt-get- Add htop, iotop, nano and strace packages- Ensure libopenvas8 is installed where needed- Redirect update.sh to call Insight if RUNNING_IN_INSIGHT flag is set- AtCtMon -- split mccmnc files into country code groups- AtCtMon -- add config file support- Blue Hydra -- add CUI option- Blue Hydra -- reduce sync volume- Blue Hydra -- add Blue Hydra periodic sync- Blue Hydra -- ensure bluetooth target has started first- Hermes -- avoid starting extra API workers- Hermes -- add heartbeat- Hermes -- stabilize network socket result thread- Hermes -- remove use of config file- Hermes -- improve management of workers- Hermes -- add timeout to IPC connection to master in generic worker- Insight -- handle invalid JSON in config file on start- Insight -- add passive recon disk usage warning- Insight -- prevent from failing to start on deregistration- Insight -- add RUNNING_IN_INSIGHT flag to bin_runner pluginMobile:- Blue Hydra -- add blue_hydra.sh to launch cui- Fix _apt user groups2016-02-24 -- version 1.7.3General:- Disable automatic partition resizing on non-gold generated images2016-02-19 -- version 1.7.2General:- Remove unused resetting code from at_ct_mon's run script- Handle random MAC addresses reported vendor in blue hydra- Offline bluetooth devices during blue hydra's startup- Add ubertooth support to blue hydra when present- Add diagnostic server endpoint utility for hermes- Massive overhaul of the hermes worker that communicates with Pulse- px-bluetooth-discovery is completely replaced by blue_hydra where supported- Added tool for identifying what GSM adapter is plugged into a sensor- Reporting connected GSM adapter to Pulse- Made ruby safe logger thread safe- Preliminary cookbook support for kali-rolling- Gold image disk will be automatically resized during first boot- Ensure EPA's wireless firmware is installed on clean gold images- Ensure traditional linux interface names are used in clean gold images- Removed, db5.1-util from installed packages- Added psmisc to installed packages- Ensuring apache isn't running after it gets installed as a dependency- Enable weekly fstrim on devices that support it- Move redis socket location out of /tmp to /var/tmp- Fix some broken test coverageMobile:- Removed hostapd deb and config that was no longer necessary- Updated PXUpdater2016-02-05 -- version 1.7.1General:- Fix issue with Hermes IPC communications- Offline old bluetooth devices when restarting blue_hydra- Enforce shutdown of hermes in init script when stop call is sent- Fix support for alternative server ports in Hermes- Allow controlling at_ct_mon through local UI- Fix 4G shell and cleanup other shell's status check- Report blue_hydra, at_ct_mon, and openvas service status's to Pulse- Allow OpenVAS's scap data sync to retry database update automatically- Automatically resize system partitions during first boot- Add SafeLogger to PwnScan- Added hermes testing utility that works as a stand in for Pulse2016-02-02 -- version 1.7.0General:- use network result socket for Hermes- add BlueHydra realtime bluetooth service- add system safe logger and test- switch Hermes & Insight to use system safe logger- ability to specify update version in Insight v2 system/update plugin- move AtCtMon db file to /opt/pwnix- remove auto-reset of 4g card in AtCtMon- cleanup legacy Hermes code- send system properties from hermes with every connection to Dispatch- fix 'socket would block' errors in Hermes- suppress output of service management in Insight logs- add distribution to system properties info- ditch external Nginx cookbook- better error logging for OpenVas utilities- update px troubleshooter script- switch blacklist script to use drop target instead of reject- add --quiet flag to OpenVas update- handle OpenVas connection issues gracefully- enable retrial of downloads for package updates- rotate Insight logfile properly- fix backup and restore scripts- add AtCtMon to systemd controls- handle kali forcibly disabling network services- stop installation of unused packages- enourage rsyslog and cron to start- use curl where possible for initial OpenVas data sync- reject bad BSSIDs in realtime wirless service- remove tech_debt() as a function- fix truncating of update log- Fix bluetooth discovery crashing with longer intervals- Prevent 3G & 4G from setting up multiple times- Remove resource handle leak in hermes master loop2016-01-20 -- version 1.6.20General:- Fix issue where AP MACs would be sent up instead of Client MACs2016-01-08 -- version 1.6.19General:- Silence OpenVAS update during Chef run- Handle local / global bit in MAC address vendor lookups- Drop wired clients leaking into realtime wireless- Remove gem server from px-connection-dr- Enforce population of node['pwnix'] by default2016-01-06 -- version 1.6.18General:- Optimize 4G scanning (atctmon)- Attempt to recover 4G dongle when out to lunch (atctmon)- Add and use system attributes in chef- Hermes fixes for handling messages coming from result socket- Fix pwnix-utils tests- Add ruby safe_logger- Restart px-realtime-wireless on update- Add connection thresholding logic to px-realtime-wireless- patfat - Prevent crash when parsing client message from kismet- patfat - Add online sync messages to eliminate ghost online devices- fix passive recon writing to daemon log- fix nac bypass to allow r2 and AE- install linux on sensors- unneeded package cleanupMobile:- Run chef-solo on firstboot- Mark SElinuxfs readonly so apt-get works- Chroot v2 support- Support for AOPP builds- Fix /data being improperly mounted nosuid2015-12-17 -- version 1.6.17General:- Fixed issue with problem environment when update is run from insight2015-12-17 -- version 1.6.16General:- Added 4G Service (atctmon)- Centralized Gem and lock files- Centralized Gem vendoring- Created Ruby 1.9 and Ruby 2.1 specific gem lock files- Fixed init script headers- Configured ruby services to use central gem lock file- Fixed realtime wireless crash during long quiet periods- Fixed invalid data handling on BSSID records in realtime wireless- Service control fixes to support kali 2 (systemd)- Updated, cleanup and fixed pwnix_passive_recon, ssh_vpn, stealth_mode and fixed line evil AP- Added systemd unit files for pwnix services in preparation for systemd transition- Switch chef to make use of node attributes where appropriate rather than shelling out- Merged 'EPA only' packages into all sensor lines (required for clean images)- Fix conditional restart on pwnscan when it's enabled- Cleanup fix and improve system tests- Ensure update script exits with an error code when it fail- Create a swap file if it doesn't exit before running the update- Fix hermes handling of UTF-8 on the result socket- Update backup and restore scripts- Prevent excessively large log files from PwnScan2015-11-30 -- version 1.6.15General:- Pin version of ohai to prevent gem resolution errors2015-11-24 -- version 1.6.14General:- Added system wide blacklist for all scans and communications controlled by the PwnScan blacklist- Ensured network changes, and pwnscan configuration changes would trigger the blacklist update- Fix system spec that couldn't find some chef managed files2015-11-19 -- version 1.6.13aGeneral:- Update version of patronus_fati gem to correct WEP reporting issue- Add sources.list fix to update.sh script for correcting sources.list earlier in the update process2015-11-13 -- version 1.6.13General:- Prevent insight from starting reverse shells or running custom scripts if /opt/pwnix/.sensor-lock exists- Properly disable pwnscan service when stop action occurs- Pause, not stop openvas and restart properly when updating- Reorganize OpenVas recipe in chef- Output current system version before running chef solo to update- Do not truncate update log when updating2015-10-27 -- version 1.6.12General:- Fix path in Hermes init script- Handle bad JSON being sent to hermes result socket more gracefully- Suppress bad output in Insight service status checks- Prevent R3's from attempting to start openvas via Insight- Support checking of Pwnscan Status in Insight on kali 2 sensors- Clean up all shells when a duplicate shell_id exists- Remove unused parameter in px-wireless-discovery script and Insight endpoint- Remove unused cookbook dependencies- Fix sequence of steps in px-deregister-dispatch script- Add px-troubleshooter script- Bump default scan length for bluetooth discovery- Update kismet xml parser to dedup APs- Add custom channel list to kismet config- Pwnscan 0.2.0 Update- - replace ProcessingHelper with ResultsProcessor- - Update weighting logic to improve correlation- - Add more spec- - Improve loggingMobile:- Add stock chroot fallback logic to handle when kali image doesn't exist- Deprecate wlan_interface_assigner.sh script2015-09-17 -- version 1.6.11aGeneral:- Still provide vulnerability results even when the scan has error'd out.2015-09-16 -- version 1.6.11General:- Update Package Repository Paths- kali 2 compatability refactor- - Service Scripts- - Insight compatability changes- - Update Spec- OpenVas fixes- - Properly report openvas status to pulse with system properties info- - Properly report errored scans in OpenVas- - Enforce target variable always passed to px-simple-vulnscan script- - properly configure redis for OpenVas- - Only run initial DB rebuild once through chef- - Initial population of OpenVAS is now done from a tarball on the update server.- PwnScan Fixes- - Recast String Columns VarChar(255)- - Add lightweight model validations for Port Number Mac string format- - Test coverage on host upate helper- - Process macs to remove duplicate macs in string taking the last mac in every case- - Fix comparison serializer method on Network Hosts- Add logrotation for realtime wireless- fix passive recon script- chef run fixes in chroot creation environments- Update default packages in chef- Fix issue in wireless discovery where an AP would be connected to itselfMobile:- Safely created sdcard and system mountpoints if missing- improve interface selection for evil ap script- remove OpenVas installation from chef for mobile- detect if running inside android system before installing apk's2015-08-25 -- version 1.6.10bGeneral:- Remove code that was breaking R3 system/request_properties- Add test covering system/request_properties2015-08-21 -- version 1.6.10aGeneral:- Switch package update flag from force-confold to force-confdef- Ignore default stunnel config in system integrity spec2015-08-21 -- version 1.6.10General:- Added random nonce and logic time to Insight's session cookies- Insight sessions automatically expire after two hours- Insight sessions are invalidated after a user changes their password from anywhere on the system.- Added new version of vulnerability scanning tools- Rotating OpenVAS logs- Replaced broken OpenVAS service control scripts- Add OpenVAS service control to Insight- Sending status of OpenVAS services to Pulse when available- Added support for 'Deep' vulnerability scans- Automatically handle modeswitching for huawei lowlink devices- Added locales packages to the base package list- Added mana-toolkit to the base package list- Updated OpenVAS update process to gracefully handle running scans and only update changed files.- Deprecated iconv gem in favor of Ruby 2.0.0+ compatible string encodings2015-08-12 -- version 1.6.9bGeneral:- Fix swapoff issue in image_prep.sh- Ensure mkswap is formatting the system swapfile correctly during first_boot2015-08-05 -- version 1.6.9aMobile:- actually enforce cleanup of stale directories to allow MSF to run- actually install device specific Settings APK2015-08-03 -- version 1.6.9General:- Remove -Pn flag from default nmap scanning behavior- Move PwnScan rescue block inside of loop so threads don't exit on errors- allow PwnScan service to reload when chef updates so code updates get shipped out properly- Fix behavior around creation of latest-version-id file- enforce creation of swapfilesMobile:- Enforce cleanup of stale directories to allow MSF to run- Add support for chroot-only reset as well as full system reset- New PXUpdater APK- New device specific Settings APK2015-07-10 -- version 1.6.8General:- updates to check-pwnix-license script in hermes- remove deprecated legacy fix cookbook- add px-connection-dr script- prevent registration if sensor is already registered- enforce stopped kali services- install crda package- add passive host detection to PwnScan based on ARP repliesMobile:- add version 1 chroot support for legacy sensors- check default runlevel and start services as appropriate- configure PS setting for each mobile script- fix interface for dnsspoof- allow dual band operation for EvilAP- fix macchanger behavior to set sane hostname- add f_channel_list function- support version 1 for reset.shscript- fix sslstrip script to prevent errors being printed to STDOUT- fix airodump-ng flags- add squashfs-tools package- allow latest-version-id file to be read2015-06-18 -- version 1.6.7General:- Handling certificate renewal logic in hermes- Verifying authentication status when connected to dispatch server before starting communications- Resolved issue with hermes startup when no log file is provided- Add "change wipe to shred on logwiper" to 1.6.6 changelog- run px-simple-vulnscan in jenkins- fix kismet.conf checksum error in rspec- Refactor openvas setup and run it on the mobile lineMobileT- Minor chroot script fixes- rewritten wlan interface assignment script- always use wlan1mon interface for tools that need monitor mode- move monitor mode control functions to px_functions.sh- fix logging in btscan- up interface before running tcpdump and tshark- ship and/or update PXUpdater for all devices using chef- use /proc/self/mounts for /etc/mtab- autodetect window size in bootpwn- Make image prep remove sensor registration- Enable some sslstrip-hsts features when available2015-06-15 -- version 1.6.6General:- Remove legacy console code- Additional cleanup on deregistration- standardize kismet.conf location- Additional kismet init script safety checks- on update only restart kismet if neededMobile:- /var/run on tmpfs- kismet.conf sync with fixed- minor kismet_ui to avoid corruption- disable SE Linux during update- add nobody to AID_INET group so hermes can reach pulse- safety checks for missing adapters, etc- force interface up for dnsspoof- force interface up for dsniff- force interface up for ettercap- kismet can suspend/resume pulse kismet- kismet can optionally kill interfering processes- ssh on informs user of IP- check for usb before running copy to usb- add validate_one to make sure needed adapters are in place- add bluetooth checking to validate_one- messages enhanced in interface selection- handled showing intentionally disabled interfaces in grey- change wipe to shred on logwiper (just as secure on flash)2015-6-5 -- version 1.6.5General:- Ensure Pwnscan is enabled when started via Insight- Fix key conflict in Reverse shell configuration in Insight- Add support for new Huawei hilink 3g/4g cards- prevent history clearing on user logout- setup friendlier shell defaults for all users- Ensure Pwnscan respects configured blacklist for nmap scans- Create System status syncing cron task to push changes to pulseMobile:- make /system read only by default- use px_interface_selector.sh for unified interface selection2015-5-29 -- version 1.6.4General:- fix regressed OpenVas Package- allow virtual sensor to run OpenVasMobile:- setup friendlier shell defaults for mobile users- call busybox directly- verify /system is rw on update2015-5-22 -- version 1.6.3General- Enforce /tmp/result.sock is never owned by root when hermes starts- fix V1 Insight Api for update- Return pid from V2 API with system update- Allow Virtual Sensor to Run VulnScan- include gawk package- Unlock Metasploit version in run-chef-solo.shMobile- Prevent first_boot from looping restart- Background wlan interface assigner in chrootboot- fix imageprep for selinux2015-5-21 -- version 1.6.2a- fix syntax in image prep- shred /tmp/result.sock in image prep2015-5-21 -- version 1.6.2General: - Enforce default Pwnscan local_targets in Insight configuration - Allow Pwn Pro Plus 2015 to behave like a Pwn Pro - Prevent Insight from failing to start after triggering an update via Insight v2 APIMobile: - Make chrootboot & bootpwn scripts represent the lollipop guild - handle mon1 to wlan1mon in interface selection menus - loop interface selection menu on invalid choice2015-5-19 -- version 1.6.1- Improve spec tests- fix wireless management for mobile sensors2015-5-13 -- version 1.6.0- Add PwnScan persistent network scanning service- Add Patronus Fati based pwnix_realtime_wireless wifi scanning service- Add pwnix_kismet_server service- Sync System properties to Pulse after an Updated- Deprecate legacy ConsolePoller worker in Hermes- Allow registration of mobile sensors to PwnPulse- Allow scripts to function of "Pwn Pro Plus 2015" sensor type2015-4-27 -- version 1.5.12h- Switch to using Pwnie Hosted Gem server and kali Mirrors2015-4-09 -- version 1.5.12g- fix openvas for deprecated openvasad package, replaced with openvasmd2015-4-03 -- version 1.5.12f- adjust path for route command in reverse shell plugin- add `ip route` command to debug pack script2015-3-17 -- version 1.5.12e- Install updated GPG key for kali Repos2015-3-12 -- version 1.5.12d- add uptime to debug pack- enforce installation of bundler for msf2015-3-2 -- version 1.5.12c- Fix path in insight for 3g reverse shell- enforce apt-get update is run before attempting MSF install or apt-get upgrade2015-2-27 -- version 1.5.12b- Install metasploit-framework package from fixed .debs hosted on the Pwnie Update server until kali has a working version of the metasploit package again.2015-1-16 -- version 1.5.12aGeneral - Remove installation of package kali deprecated for the EPA to ensure that chef is able to run on those systems.2015-1-9 -- version 1.5.12General: - Additional nmap parser improvements - Fix spec so that it only checks nac bypass script status on R3 - Fix bluetooth results to handle errors better - Update image_prep.sh script cleanup of root directory - Add Pineapple Management 1471/tcp to nmap services file - Remove failing CGI::unescape call in Insight V2 BinRunner plugin2014-12-12 -- version 1.5.11/1.5.11aGeneral: - Suppress hermes console poller log - Default to local subnet for Insight V2 Network Discovery tools - Add Explicit require to Insight for shellwords - Fix security of Insight API Key for logged out users - Improvement to quality of Wireless result data - Improvements to NAC Bypass script2014-11-14 -- version 1.5.10fGeneral: - Add interactive confirmation to px-deregister-dispatch script - Add Pwn Pulse registration link to local sensor UI - Add -Pn flag to px-service-scan nmap flags - Capture additional fields where available for Nmap parser: Host Vendor NIC (OUI), Port Service Product, Device Type and Service Fingerprint - Add PwnPro Specific Cookbook - Fix potential instability around OpenVas for px-simple-vulnscan - Disable Register Dispatch link in Insight for mobile sensors - Add px-system-health && px-system-update scripts - Fix rspec tests & deprecation warnings2014-10-03 -- version 1.5.10eGeneral: - fix proxy timeout configuration & sesion expiration issue for Insight - default appropriate Bluetooth adapter to be loaded as hci0 for PwnPro - attempt to bring hci0 interface up for px-bluetooth-discovery scans - support standalone PwnPro recipe in chef - install mdk3 package on all kali sensors rather than only PwnPad - improve update script loggin with better timestamping2014-09-15 -- version 1.5.10dGeneral: - Support Pwn Plug R3 in Updates - Reduce Hermes log level to "info" - Kill Kismet with `-9` flag when px-wireless-survey is run - Install `amap` package with chef - Hermes stuck hot loop issue - Fix Insight static IP configuration issue - Dispatch Deregistration support in Insight2014-07-31 -- version 1.5.10cGeneral: - Fix v2 Insight Update Plugin for Pwn Pulse Support - Improve px-wireless-discovery client summary2014-07-29 -- version 1.5.10bGeneral: - Include summary of Wireless Clients with px-wireless-discovery result - When px-wireless-discovery runs kill all other running versions of Kismet - Clean up Shell Config in Image Prep Script - Enforce deprecated pwnix_msfrpcd service is cleaned up2014-07-22 -- version 1.5.10aGeneral:- Allow Pwn Pro 2014 to run px-simple-vulnscan2014-07-22 -- version 1.5.10General:- Remove Citadel Registration Capabilities- Deprecate pwnix_msfrpcd service- Remove Postgres Default Installation- Deprecate Network Bruteforce plugin from Insight v1 API- Minor fix for Hermes startup script- Dispatch client added to Hermes- Support for Insight V2 API in Hermes- Send version identifier to Citadel- Insight V2 API- NTP service management in Insight UI- Overhaul reverse shells and shells UI in Insight- Dispatch registration support in Insight UI- Add /opt/pwnix/bin to the Insight path- Improve HTML escaping in Insight- Minor updates to Insight styles- Various Insight updates to support future Dispatch release- Add pwnix-utils (/opt/pwnix/bin and /opt/pwnix/lib)- Fix SSH VPN script- Add Kismet config to support px-wireless-discovery- Better information gathering in build-debug-pack.sh- Reboot device after running first_boot.sh- Update pwnix_bluelog service to use pwnix-utils- Add /opt/pwnix/bin to the default path- Minor change to chrootboot- Deprecate update support for first-gen Ubuntu-based EPAs- Install OpenVAS on EPA hardware- Chef updates to support pwnix-utils and Dispatch- Install reaver on all devices2014-05-16 -- version 1.5.9eMobile:- Updates Chrootboot & System Reset Script for Pad & Phone2014-05-12 -- version 1.5.9dMobile:- Updates to bootpwn, chrootboot, WLAN switcher, image_prep scripts to support PwnPhone- Updates to application launcher scripts to support PwnPhone- Add factory reset app for Android devices- Fix incorrect PATH causing updates to fail on mobile devices2104-04-14 -- version 1.5.9cGeneral:- PwnPad interface switcher hotfix2104-04-08 -- version 1.5.9bGeneral:- Heartbleed SSL vulnerability hotfix2014-03-17 -- version 1.5.9General:- Improve Insight UI on Pwn Pad- Update rsync flags for backup and restore scripts- Add kismet_ui.conf for Pwn Pad- Update airodump and kismet scripts on Pwn Pad to support BlueNMEA GPS- Add Pwn Pad script to copy capture data to USB media- Add /opt/pwnix/bin and /etc/reaver to sensor filesystem- Add ruby-nokogiri to installed packages on sensors- Fix Hermes log rotationConsole:- Modify console log file location and ownership- Update pidfile location- Run console as 'nobody' user- Add console restore and backup scripts- Security improvements for nginx- General security hardening for console systems2014-02-18 -- version 1.5.8General:- Backup / Restore now handling root user SSH keys- Fixed permission issue on /etc/bash.bash_logout after cleanup- Cleaned up grammar / spelling in update Pwn Pad script- Configure default timezone to America/New_York when /etc/timezone is missing2014-02-17 -- version 1.5.7General:- Add /opt/pwnix/pwnix-scripts/build-debug-pack.sh- Add Backup / Restore scripts to Pwnix- Disable GSM reverse shell in Insight UI of pad- Add beacon rate option to Pwn Pad EvilAP launcher- Clear Bash history in Pwn Pad logwiper script- Ensure proper cleanup after killing SSLStrip on Pwn PadSecurity:- Removed the following accounts: games news lp list irc- Added cron task to automatically update network services- Configure SSH Client & Daemon to use FIPS-140-2 approved MACs & Ciphers- Prevent Insight UI from pre-populating forms from get parameters- Add 'autocomplete=off' to Inisght UI login form- Update security settings for Nginx- Disable core dumps in /etc/security/limits.conf- Restrict dmesg to only privileged users- Restrict secure ttys to 'console' and tty[1-6]- Restrict system accounts login shell- Prevent login to accounts with an empty password- Harden kernel parameters- Remove Passwordless Sudo- Run Hermes Daemon as nobody user2014-02-10 -- Version 1.5.6General:- Update chrootboot for backwards compatibility with 2012 Pad hardware- Update Pad launcher scripts for backwards compatibility with 2012 Pad- Enforce root ownership on /opt/pwnix/pwnix-config/shells- Add colored logo to MOTD- Remove sms_message config file from rspec- Add --local to `bundle install` in update.sh2014-01-30 -- Version 1.5.5General:- Added updated header information to Pwnie Express scripts- Improved documentation and updated UI language- Improved reverse shell scripts- Added SSH VPN scriptinsight_api:- Improved logging for reverse shells and added log to Insight log page- Removed Backtrack reciever script and added kali receiver script- Added helper methods for product type- Refactored reverse shells plugin for device-specific functionality- Log rotating support- Fix issue with 'service insight_api stop'pwnix_base_cookbook:- Improved logging configurations for reverse shells- Update get_public_ip.sh to use -api.net/ip- Refactored sms_message.sh- Removed normal_mode.sh- Improved thoroughness of cleanup script- Bugfixes in first_boot.sh- Add subnet_info.sh helper script- Deprecated wepbuster package- Update Pwn Pad .apk files- Add /etc/product information to Ubuntu EPAs- Preserve EvilAP configuration on update- merge script_services_cookbook into pwnix_base_cookbookpwn_pad_sources:- Fix bootpwn mounting issues- Ensure first_boot.sh runs in chrootboot as required- Update default Kismet packet source and improve logging configuration- Improve input validation and formatting of PwnPad scripts- Add SSH On/Off apppwnix_chef:- Enable root logon via SSH key authentication- Updated spec tests- Merge Pad preparation script into image_prep.sh- Add dev build target in addition to stable and qa
Smart Launcher Pro 1.7.29
2ff7e9595c
Kommentare