Version 1.17.0

Hello dear community! The OpenBAS 1.17.0 is out ! Hope you will enjoy it! 🎉

🚀 Nuclei injector

“With over 6500 templates contributed thus far, Nuclei is continuously updated with real-world exploits and cutting-edge attack vectors.”

Introducing our brand-new Nuclei injector ! Based on the open source project Nuclei, these injects let you scan potential vulnerabilities and returns found vulnerabilities in the shape of findings.

Related documentation: https://github.com/OpenBAS-Platform/injectors/tree/main/nuclei

🙏 Scenario assistant

You don’t know where to start in OpenBAS ? Your Assistant is here to help !

Choose your targets, the TTPs you’d like to cover and let your assistant generate a full technical scenario in only few clicks.

Related documentation: https://docs.openbas.io/latest/usage/scenario/?h=assis#scenario-assistant

💻 Agentless endpoint creation

We brought back the capability to create endpoints without registering an agent. These can be targeted by agentless endpoints such as nmap scans or Nuclei injects.

Related documentation: https://docs.openbas.io/latest/usage/assets/?h=agentles#agentless-endpoints

🪄 Findings lists clarification

To avoid duplicates and clarify our finding views, we are removing the old findings found in previous simulations in our aggregated views (scenario and findings page)

Related documentation: https://docs.openbas.io/latest/usage/findings/?h=findings

👍 Flattening targets in injects results

For performance and scaling reasons, we decided to flatten the list of targets, allowing you to manage and filters results on big numbers of targets.

This release also includes bugs fixes and UI improvements. Here is the complete list:

Enhancements:

• #3219 Improve assets selection in inject creation/update
• #3169 PoC: Inject Chaining
• #3076 Don't create a finding each time a scenario is run
• #2449 Scenario assistant - manual input
• #2286 Ability to create manually "agentless" endpoints

Bug Fixes:

• #3263 Bad label for "Delete filters"
• #3244 Error querying Openbas in generating Scenario from Octi - Testing
• #3213 Flicker in atomic testing on results by target execution tab
• #3181 Problem creation injects from openCTI
• #3161 Payload with CMD command is executed with escaped character
• #3147 Can't create a new atomic test with an asset group automatically created from Crowdstrike
• #3134 EE mark and alert message should not be displayed when EE is enabled
• #3119 I’m able to launch an inject on a non-existent endpoint, but no logs are generated for it.
• #3091 Clicking on "Update widget" should always land you on the parameters
• #2985 challenge preview is not working
• #2946 Desynchro between injects tab and animation tab when an inject is removed
• #2184 Can't launch a "exe path" from a payload when the executor is cmd

Pull Requests:

• [backend] Fix inject pending status when an agent is inactive by @damgouj in #3126
• [frontend / backend] endpoint targets paginated tab (#2663) by @antoinemzs in #3035
• [frontend] Fix crash on definition team by @RomuDeuxfois in #3130
• [dependencies] Upgrade swagger typescript api 13.1.3 by @antoinemzs in #3146
• [frontend] Update dependency @types/node to v22.15.17 (release/current) by @renovate in #3154
• [backend] Update dependency net.javacrumbs.json-unit:json-unit-assertj to v4.1.1 (release/current) by @renovate in #3153
• [backend] Update dependency io.pyroscope:agent to v2.1.2 (release/current) by @renovate in #3152
• [frontend] Update dependency react-router to v7.6.0 (release/current) by @renovate in #3151
• [backend] Separate URL for API and public link (#3087) by @savacano28 in #3149
• [backend] Update dependency io.swagger.core.v3:swagger-annotations-jakarta to v2.2.31 (release/current) by @renovate in #3163
• [frontend] Update dependency @xyflow/react to v12.6.1 (release/current) by @renovate in #3164
• [frontend] Update dependency esbuild to v0.25.4 (release/current) by @renovate in #3165
• [frontend] Update dependency html-react-parser to v5.2.5 (release/current) by @renovate in #3166
• Fix : Report is not displayed correclty by @MarineLeM in #3156
• Add CVE finding type by @RomuDeuxfois in #3158
• [frontend/backend] remove pagination flag lock by @antoinemzs in #3160
• Refacto Inject Form by @MarineLeM in #3143
• [frontend] Update dependency @faker-js/faker to v9.8.0 (release/current) by @renovate in #3177
• [frontend] Update dependency ckeditor5 to v45.1.0 (release/current) by @renovate in #3178
• [frontend] Select a default target on tab change, load by @antoinemzs in #3167
• [frontend] Interactive view don’t take all the available screens (#3064) by @EmilieFo17 in #3128
• [frontend] Fix filter in dashboards by @savacano28 in #3170
• [backend] Update dependency io.swagger.core.v3:swagger-annotations-jakarta to v2.2.32 (release/current) by @renovate in #3183
• [frontend] Update dependency @mui/x-date-pickers to v8.3.1 (release/current) by @renovate in #3184
• [frontend] Update dependency immutable to v5.1.2 (release/current) by @renovate in #3186
• [frontend] Update dependency @xyflow/react to v12.6.4 (release/current) by @renovate in #3185
• [frontend] Fix overflow in traces by @savacano28 in #3182
• [frontend] Update dependency @types/qs to v6.14.0 (release/current) by @renovate in #3198
• [frontend] Update dependency pdfmake to v0.2.20 (release/current) by @renovate in #3197
• [frontend] Update dependency monocart-coverage-reports to v2.12.6 (release/current) by @renovate in #3196
• [frontend] Update eslint monorepo to v9.27.0 (release/current) by @renovate in #3195
• [frontend] Update dependency @vitest/eslint-plugin to v1.2.0 (release/current) by @renovate in #3194
• [frontend/backend] "players" target paginated tab by @damgouj in #3188
• [frontend/backend] "agents" target paginated tab by @antoinemzs in #3176
• [frontend/backend] remove ALL TARGETS tab and related functionality (#2663) by @antoinemzs in #3192
• [frontend] reenable tags filter in injects list (#3032) by @antoinemzs in #3189
• [frontend] Update dependency monocart-reporter to v2.9.19 (release/current) by @renovate in #3207
• [frontend] Update dependency dompurify to v3.2.6 (release/current) by @renovate in #3206
• [frontend] Update dependency zod to v3.25.7 (release/current) by @renovate in #3205
• [backend] add openapi docs to new endpoints (#2663) by @antoinemzs in #3201
• [backend] Asset group dynamic filter not null by @damgouj in #3209
• [frontend] fix Inject Form by @MarineLeM in #3211
• [backend] Modify result label for expectations by @savacano28 in #3175
• [frontend] Update dependency vite to v6.3.5 (release/current) by @renovate in #3217
• [frontend] Update dependency react-hook-form to v7.56.4 (release/current) by @renovate in #3215
• [frontend] Update dependency tss-react to v4.9.18 (release/current) by @renovate in #3216
• [frontend] fetch only when target id or type change in atomic executi… by @guillaumejparis in #3214
• [frontend] Update dependency @vitejs/plugin-react to v4.5.0 (release/current) by @renovate in #3228
• [tool] Update Node.js to v22.16.0 (release/current) by @renovate in #3227
• [frontend] Update dependency @mui/x-date-pickers to v8.4.0 (release/current) by @renovate in #3226
• [frontend] Update dependency vitest to v3.1.4 (release/current) by @renovate in #3218
• [frontend] Update dependency @uiw/react-md-editor to v4.0.7 (release/current) by @renovate in #3229
• [frontend] Update dependency zustand to v5.0.5 (release/current) by @renovate in #3231
• [frontend] Update react monorepo to v19.1.5 (release/current) by @renovate in #3232
• [backend] Avoiding parallel launch of parent/children by @Dimfacion in #3155
• [CI] Feature branch staging by @efaure in #3237
• [frontend] Update typescript-eslint monorepo to v8.32.1 (release/current) by @renovate in #3233
• [frontend] Add cve type for output parser by @savacano28 in #3222
• [backend/frontend] Ability to create agentless endpoints (chunk 1) by @johanah29 in #3212
• [frontend] Update dependency globals to v16.2.0 (release/current) by @renovate in #3246
• [tools] Persist dev db volume by @antoinemzs in #3224
• [tools] configure maven to skip top POM to run through cli by @antoinemzs in #3220
• [frontend/backend] chunk 1 scenario assistant by @MarineLeM in #3225
• [frontend] Update dependency moment-timezone to v0.6.0 (release/current) by @renovate in #3251
• [frontend] fix create inject layout by @MarineLeM in #3252
• [frontend/backend] fix payload form by @MarineLeM in #3253
• [backend/frontend] Add challenge preview for scenarios (#2985) by @johanah29 in #3120
• [backend/frontend] Ability to create agentless endpoints (chunk 2) by @damgouj in #3249
• [frontend] remove EEChip when license is activate by @MarineLeM in #3254
• [frontend] add select ttp widget by @MarineLeM in #3250
• [frontend] Update typescript-eslint monorepo to v8.33.0 (release/current) by @renovate in #3259
• [backend] Batch insert of execution traces by @Dimfacion in #3026
• [backend] Only show findings of latest simulation for global, scenario, endpoint findings view (#3076) by @antoinemzs in #3239
• [frontend] update scenario assistant button border color by @MarineLeM in #3258
• [frontend] Fix tooltip label for filter by @savacano28 in #3264
• [frontend] Update dependency @stylistic/eslint-plugin to v4.4.0 (release/current) by @renovate in #3245
• [frontend] add active & executors columns to assets selection in inje… by @guillaumejparis in #3221
• [frontend] Fix use scenario assistant button by @MarineLeM in #3269
• [frontend] update select TTP button border color by @MarineLeM in #3268
• [frontend] update widget land you on the parameters stepper by @MarineLeM in #3255
• [frontend] add update button on mitre drawer by @MarineLeM in #3273
• [backend] Add default value from the injector contract whent inject's content is empty Issue/3181 by @heditar in #3256
• [backend/frontend] Ability to create agentless endpoints (chunk 3) by @damgouj in #3262
• [frontend] less aggressive tab reload (#3274) by @antoinemzs in #3275
• [backend] remove injects serialisation from asset group and team by @antoinemzs in #3284

New Contributors:

• @efaure made their first contribution in #3237

Full Changelog: 1.16.4...1.17.0