Skip to content

v0.4.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 29 Jun 06:05
· 8 commits to main since this release
v0.4.0
This tag was signed with the committer’s verified signature.
StrongWind1 StrongWind
SSH Key Fingerprint: Qmf8fmUKNTZ6ZgfBYeZQGvmmwxRH1vlYwTFmOFizaDM
Verified
Learn about vigilant mode.
6da81f6
This commit was signed with the committer’s verified signature.
StrongWind1 StrongWind
SSH Key Fingerprint: Qmf8fmUKNTZ6ZgfBYeZQGvmmwxRH1vlYwTFmOFizaDM
Verified
Learn about vigilant mode.

nfswolf 0.4.0

Added

  • shell: tree [depth] — recursively map a directory (default depth 3), always traversing hidden dot-directories (.ssh, .aws, .bash_history are exactly what you want on a security tool).
  • shell prompt now shows uid=<n> gid=<n> and tracks mid-session uid / gid / impersonate changes.
  • brute-handle writability hint — reports a non-destructive read-write vs read-only signal per hit from advisory ACCESS bits (probed as uid=0 and the object's owner). It never writes to the server; a handle is not itself ro/rw — the export's flag and the credential decide.
  • access::WRITE_BITS / access::grants_write() helpers in proto::nfs3::types.

Changed

  • Grouped --help — the nine subcommands are organised into Recon / Connect / Advanced / Utilities sections (commands are still invoked flat, e.g. nfswolf scan ...).
  • shell: escalation-aware getget now follows the auto-UID escalation ladder like cat, so get /etc/shadow succeeds where it previously failed with NFS3ERR_ACCES; tree escalates credentials to descend into root-only hidden directories.
  • brute-handle: optional seed--seed-handle is now optional; a bare host:/export target derives the seed by mounting the export (MNTPROC_MNT), matching escape. --seed-handle HEX stays as an explicit override and a new -e/--export flag mirrors escape.
  • brute-handle: parity with escape — candidate generation now fingerprints the seed (--fs-type auto) and tries the same known-root candidates as escape (ext4 inode 2 / compound-UUID, XFS 128/64/32, BTRFS subvolumes) before the generic inode sweep. A hit is accepted on NFS3_OK or NFS3ERR_ACCES/NFS3ERR_PERM, so it finds the same roots escape does (a root_squash'd root is a valid handle, no longer discarded).
  • Docs — reconciled the finding count (39 findings, F-1.1 through F-7.6), RFC citation format (§), write-up severities, and CLI/command references across FINDINGS / ARCHITECTURE / README / CLAUDE; CONTRIBUTING MSRV is now 1.95.

Removed

  • docs/scanning-module-plan.md (the completed scan-rewrite plan); stale NLM/NSM references in conn.rs.

Binaries below are checksummed (SHA256SUMS), cosign-signed (SHA256SUMS.sig), and carry SLSA build-provenance attestations. The mount (FUSE) subcommand is in the -full (glibc) builds only — it cannot be statically linked against musl.

Full changelog: v0.3.1...v0.4.0

Assets 14
Loading