Changelog

This page shows the list of all evolutive and corrective (bug fixes) changes made for each version of VulnIT.

v4.6 (2012/03/26)

Added a new plugin targeting ACL review on Windows file shares,
Added new web tests (directory indexing on IIS and HTTP functions like DELETE),
Validating authentication credentials (for whitebox testing) when saving (used to be after the first test),
Fixing unreliable patch management tests (which could not start in particular environments),
Fixing uneffective interruption of the network scan,

v4.5 (2012/02/22)

Added DBMS configuration review (white box testing) on Oracle, SQL Server and MySQL,
Added a new plugin targeting DBMS passwords decryption offline (complexity check) on Oracle, SQL Server and MySQL,
Configuration of which service runs on each socket, enabling testing known services running on exotic sockets,
Added aggressive patch management tests, executed optionnally (through a hidden configuration page),
Fixing unwanted account lock while testing DCs,

v4.4 (2012/01/16)

Added new patch management tests of low and medium risk (CVSS<7). Risk rating change (low, medium, high, major, critical),
Added Windows configuration review (security policy, groups and accounts, firewall activation, up-to-date antivirus, etc),
Integration of new web tests (command and LDAP injections),
Added Unix configuration review (white box testing),
Added a new plugin targeting Unix passwords decryption offline (using a remote SSH access),
Improved test parallelization (significant time saved on SSH and Oracle testing),
Fixing unwanted printings during port scanning,
Fixing a memory leak bug in web testing,

v4.3 (2011/11/22)

Added task monitoring and manual start/stop/delete (VulnIT-VM),
Weighting of vulnerability risks by the asset value attributed to each device (VulnIT-VM),
Improvement of the display delay of the user interface (VulnIT-VM),
Creation of task by group of assets or websites (VulnIT-VM),
Email alerts, on task termination and ticket follow-up (VulnIT-VM),
Crawling of websites with JS events/frameworks (by integrating a browser with javascript support),
Added network filtering in the Windows shares console,
Improvement of port scanning reliability (by integrating nmap),

v4.2 (2011/09/28)

Improvement of the user experience (through numerous functionalities added in VulnIT-VM user interface),
Added 2 new tests of web vulnerabilities (CSRF and XSS),
Added support for offline activation (in case the user has no access to the Internet),
Fixing a few bugs (VulnIT-VM first boot screen, VulnIT-KEY report saving),

v4.1 (2011/08/05)

3 major functionalities have been added to the VulnIT-VM software : test automation (through task programming), remediation follow-up (using tickets) and advanced monitoring (dashboards),
Creation of groups of assets (for instance, web servers or printers) to provide consolidated views in dashboards and reports,
Significant improvement of web testing speed and reliability,
Added support for HTTPS and AD authentication in web applications,
New dictionaries for authentication testing on websites and MySQL databases,
Fixing a few bugs (on Oracle testing mostly),

v4.0 (2011/06/09)

The software interface has been completely renewed, greatly improving the user experience (see the new user guide),
Integration of the new Ubuntu 11.04 in order to support the latest hardware,
Migration to OpenVAS 4 in order to perform white box testing of patch management and integrate the latest plugins,
Split the vulnerabilities - in the technical report - whether they have been identified in white box or black box testing,
Improvement of Internet connection (by adding Kerberos authentication support),
Adding in the report a summary of every tested device,
Fixing a dozen minor bugs,

v3.1 (2011/03/03)

The software has been ported to a virtual machine called VulnIT-VM,
Adding a new specific console dedicated to Windows file sharing (optional module),
Report export available in new formats: CSV (for easy integration in Microsoft Excel for instance), and MHT (in order to modify the report in Microsoft Word for isntance), provided as an optional module,
Enabling adding the workstation running the software to a Windows domain in order to facilitate access to the Internet and to the updates provided online,
Improving website crawler (following redirections, detecting all the ports hosting a web service, limitating the crawler to an alias or even a specific folder of the website),
Adding references to the web vulnerabilities (see a report sample),
Fixing a bug in the patch management testing (wrong management of the Windows administrator account),
Enhancement of open relay (spam) and MSSQL authentication tests,

v3.0 (10/02/2011)

Integration of website testing (optionnal feature),
The 'ping' test is not performed when a single target is specified (to avoid any firewall filtering),
Bug fix (report layout),
Improvement in cleaning the workspace, when starting a new check,

v2.3 (2011/01/03)

v2.1 et v2.2 (october-november 2010)

v2.0b (2010/09/24)

Reliability improvement of OpenVAS execution (in particular in its final phase),
Fix of the license file error at boot time,
Enhancement of SSH and Windows file shares tests,

v2.0a (2010/09/20)

openvas-libraries update (version 3.1.3), improving testing performace by about 40%,
Fix of download progress bar during updates,
Medusa and net-snmp recompilation,

v2.0 (2010/09/06)

Integration of OpenVAS to address patch management, with or without providing a local access to the target,
Integration of aircrack (to add a wifi testing console),
Improvement of the post scan (previously performed by propecia, which has been replaced by a TCP half-open scan using synscan),
Test depth parameter added (number of scanned services),

v1.0 (2010/05/22)

Resources