Skip to content

Releases: ARCANGEL0/EVA

Release list

v3.1

Choose a tag to compare

@ARCANGEL0 ARCANGEL0 released this 20 Feb 09:49

EVA Release Notes (v3.1)

Major updates made

  • Massive refactor from single-file EVA into a modular codebase:
    • modules/ for LLM, workflow, tooling, reporting, attack-map, vuln intel, search and other stuff
    • sessions/ for storing all sessions, maps and report files.
    • utils/ for UI/system helpers and utilities.
  • Added major new providers:
    • Anthropic Claude backend
    • Google Gemini backend
    • Fixed Ollama output parsing
  • Added full CLI tooling with eva entrypoint:
    • --search for vulnerability/exploit searching with AI assist, to find quick results for a specific query.
    • --config to open configure EVA variables
    • other flags such as --update, --version, --delete
  • Full UI flow overhaul:
    • new banner screen
    • EVA UI revamp with self updater in menu options
    • Now EVA can generate vulnerability assessment reports in HTML/PDF and Attack Surface maps using html and js libraries.

Ollama + LLM Reliability Upgrades

  • Reworked Ollama handling with layered fallbacks:
  • Improved model response parsing:
    • robust JSON extraction, and with debug output in case of errors.
    • command extraction fallback when strict JSON is not returned or other exceptions.
  • Added refusal-retry override path for Ollama in authorized CTF/lab mode, as some models would keep avoiding to respond.
  • Added output chunking + evidence-lock context for better adherence on the pentest workflow for EVA.

New --search Intel Tool

  • Added EVA exploit/vulnerability search pipeline powered by configurable Ollama Cloud model (default gpt-oss-120b).
  • Query expansion + AI powered
  • Aggregates and ranks findings from:
    • local searchsploit
    • NVD
    • Vulners
    • GitHub PoC search
    • Exploit-DB web search
    • CISA KEV feed
  • Returns risk scoring, trending signal, AI analyst summary, and safe verification command hints.

Session Workflow, Reporting, and Visualization

  • Added workflow-aware context builder:
    • infers pentest stage
    • extracts service/host signals
    • tracks tool/wordlist availability
    • injects vuln-intel hints into prompt context
  • Added command hardening helpers:
    • tool detection + install one-liners (still not 100% though, working on it)
    • missing local path checks (as for wordlists and whatsoever)
    • sudo normalization + scanner sudo enforcement
  • Added /report:
    • concise HTML report generation
    • optional PDF via wkhtmltopdf
  • Added /viewmap:
    • interactive attack-map HTML + JSON generation
    • node/edge visualization for target/services/software/users/CVEs/workflow steps

Config, Packaging, and Update Flow

  • Centralized runtime config in config.py:
  • Standardized EVA data directories under ~/EVA_data:
    • sessions/
    • reports/
    • attack_maps/
  • Added self-update flow (CLI + session menu), with restart attempt after successful update.