Plum Island - Searing Spring Release - v0.2606.0

v0.2606.0 Highlight

• HTTP header name and/or value acquisition engine - 86 Headers Collected.
• Switch from host to port in database.
• Huge improvement of devices/software discovery - 844 Tags.
• Docker availability and support thank's to t0kubetsu.

v0.2606.0 Changes

• Other changes:
  • Make bot job submission idempotent (ac9c7fe)
  • Prevent concurrent scanner agents from claiming the same queued job
  • Return validation errors instead of TypeError for malformed bot UID fields, closes #86
  • Add scan profile cycle tracking with current and previous cycle visibility, closes #52
  • Add curated HTTP header presence/value collection and structured Kvrocks search, closes #54
  • Improve Kvrocks rebuild tooling: direct Meili rebuild, multiprocessing parser workers, retag mode, graceful Ctrl+C, quieter logs, and progress output (23b9d83)
  • Prevent network info refresh from crashing on FQDN targets, closes #116
  • Avoid blocking Kvrocks wildcard fallback searches on Redis KEYS, closes #90
  • Split tools Meilisearch config into IN_MEILI_* and OUT_MEILI_*; remove legacy MEILI_* tool config keys (ef4ceec)
  • Rework index_meili.py to import dumps into OUT_MEILI_*, with batching and optional --progress (ef4ceec)
  • Scheduler FQDN/IP job batching now fills 256-item packets when due targets remain, closes #51
  • Remove unused scheduler module-level job list, closes #102
  • Show scan profile cycle progress by concrete scan units instead of target rows, closes #118
  • Fix bot API SQLAlchemy limit calls to use integer arguments, closes #87
  • Bound Kvrocks rebuild memory use by preserving doc timestamps in place and parsing Meili pages batch-by-batch, closes #80
  • Make result parsing config explicit per call to avoid cross-thread parser state leaks, closes #88
  • Fix setup.sh to use explicit venv Python/Flask commands and seed HTTP header tagging plus a default banner scan profile during initial setup
  • Add required tool dependency update (acbe2d1)
  • Harden job result rendering against banner HTML injection, closes #37 (7224443)
• Tag-related changes:
  • Dropbear SSH (eac052b), FRITZ!Box SIP (ff2fcc6), Microsoft SMTP gateway (b19b027)
  • SIP protocol and SIP_Phone WWW-Authenticate realm tagging, closes #26 (0227c6a)
  • CrushFTP server header, closes #38 (b41e40f)
  • Red Hat Enterprise Linux HTTP server header in Apache RedHat detection, closes #39
  • NetScaler AAA title and LogonPoint path tagging, closes #40
  • Netskope Borderless SD-WAN certificate issuer tagging, closes #41
  • WatchGuard Fireware XTM favicon, title, and certificate tagging, closes #42
  • Cisco Catalyst SD-WAN title and certificate tagging, closes #43
  • ProFTPD, closes #36 (3e4f7a2)
  • Pure-FTPd, closes #35 (d019905)
  • pfSense, closes #34 (6b609d9)
  • Mitel 108, closes #30 (0c019fa)
  • Dovecot, closes #28 (63e2001)
  • Raspberry/Raspbian HTTP and SSH tagging, closes #25 (2f618ba, b2c9b5e)
  • Zyxel USG20 plus separate Zyxel SSH rule, closes #32 (98e6e75, a2e0f95)
  • Add soft:ssh to all SSH banner detections (d8b16d2)
  • Bump MixVoip tag rule version to force corrected soft:telephony import, closes #48
  • Normalize Apache favicon-derived tag names/tags and merge Tomcat favicon detection, refs #50
  • Normalize Cisco, Check Point, Debian, and Gargoyle tag rule names/tags, refs #50
  • Normalize Arris favicon-derived rule names/tags as router hardware, refs #50
  • Merge SonicWall favicon-derived rules into the main SonicWall rule, refs #50
  • Normalize Zyxel tag rule names/tags as Zyxel hardware, refs #50
  • Validate Ubuntu/Debian SSH banner tagging for OpenSSH package banners, refs #50
  • Merge Windows OpenSSH version-specific banner rules into one generic rule, refs #50
  • Add generic OpenSSH banner tagging and include soft:openssh on OpenSSH-derived rules, refs #50
  • Add generic SSH protocol banner tagging for ssh-2.0 banners, refs #50
  • Add SSH banner rules for Cerberus FTP Server and MOVEit Transfer SFTP, refs #50
  • Add SSH banner rules for Serv-U FTP Server and WS_FTP SSH, keeping Serv-U web favicon separate, refs #50
  • Add NetScreen SSH banner tagging, refs #50
  • Add Cisco and Lancom SSH banner tagging, and classify Zyxel SSH as router hardware, refs #50
  • Add SFTPGo and Bitvise SSH Server banner tagging, refs #50
  • Add Crestron SSH banner tagging, refs #50
  • Add generic FTP welcome banner tagging for FTP server/service banners, refs #50
  • Add Microsoft FTP Service banner tagging, refs #50
  • Add FileZilla FTP Server banner tagging, refs #50
  • Add vsftpd FTP banner tagging, refs #50
  • Rename Mikrotik tag rule file typo from microtik to mikrotik, refs #50
  • Add Mikrotik FTP banner tagging, refs #50
  • Add QNAP NASFTPD/ProFTPD FTP banner tagging, refs #50
  • Add Debian ProFTPD FTP banner tagging, refs #50
  • Add Drupal x-generator header value tagging, closes #56
  • Add WordPress redirect and powered-by header value tagging with PHP classification, closes #57
  • Add PHP and Ubuntu x-powered-by header value tagging, closes #62
  • Merge Joomla favicon rules and add x-content-encoded-by header value tagging, closes #59
  • Merge OWA favicon rules and add x-owa-version header tagging, closes #60
  • Add Polylang x-redirect-by header value tagging, closes #61
  • Replace SSH software tag with proto:ssh and tighten generic SSH banner tagging, closes #65
  • Add generic HTTP banner/header protocol tagging, closes #64
  • Add Telnet protocol negotiation banner tagging, closes #72
  • Add Telnet XDISPLOC option tagging, closes #72
  • Merge ASP.NET favicon detection and add ASP.NET header tagging, closes #63
  • Add LiteSpeed header tagging, closes #58
  • Add Cisco Expressway server header tagging, closes #78
  • Rename detection tag prefixes from hard/soft to vendor/product, refs #50
  • Complete tag taxonomy normalization for vendor/product/type/protocol tags, closes #50
  • Add BGP protocol banner tagging, closes #71
  • Add HP iLO default certificate issuer tagging and rename iLO rule, closes #73
  • Improve Cisco router detection with IOS server and authentication realm tags, closes #79
  • Improve FortiGate title and default certificate subject tagging, closes #67
  • Add Icecast2 / ICY streaming protocol banner tagging, closes #69
  • Normalize remaining protocol and legacy hardware tag prefixes to proto:* and type:*
  • Add RTSP protocol banner tagging, closes #70
  • Improve Polycom detection with default certificate issuer and login title tagging, closes #74
  • Add Cisco ASA default certificate issuer tagging, closes #76
  • Add WWW-Authenticate realm tagging for RocketMQ, MOBOTIX, Netgear, Prometheus, Alertmanager, TP-Link, D-Link, Campbell, Wisenet, OpenClaw, OpenSearch, and Radware, closes #82
  • Add FileZilla FTP Server default certificate issuer tagging, closes #75
  • Add HPE Comware switch banner tagging, closes #115
  • Add Barracuda CloudGen Firewall server header tagging, closes #77
  • Rename FRITZ!Box vendor tag from fritzbox to avm
  • Add F5 Distributed Cloud load balancer detection from default volt-adc Server header, closes #123
  • Store tag rule values as namespace:value while keeping tag:* search and Kvrocks keys
  • Merge tag import and Kvrocks tag reindex commands into tools/tag_mgmt.py; import/delete now require --all, --id, or --tags-file
  • Accumulate repeated per-port parser results so multi-service banners can all receive tag rules
  • Show inserted Tag Rule IDs in import_tags.py (bf1afd5)
  • Add import_tags.py --flush-tag to remove one tag from Kvrocks tag indexes, closes #47
  • Fix import_tags.py to update DB tag rules from newer YAML versions and print existing rule IDs, closes #49

v0.2606.0 Current Limitation

• Only TCP Supported.
• IPv6 scan not supported yet.