AHA-GUI-v0.6.5b1-20181217

v0.6.5b1 Changes:

√ Add currently open filename to titlebar
√ Code cleanup and organization
√ GUI will now exit cleanly without help if you have opened the data view during your GUI session

SHA256(AHA-GUI-v0.6.5b1-20181217.zip)= 83b746ebad748cc7aa63bca3efee8cf3a432dc2f042d14136c39d9864531cf60

AHA-GUI-v0.6.4b5-20181215

AHA-GUI-v0.6.4b5-20181215 (Includes notes from builds not released to public):

New:
√ Back to "betas", pre-release tag removed
√ Search feedback! Now when you enter a search, the status of hidden and highlighted nodes will appear next to the search bar (tooltip still contains examples for how to search).
√ Added overlay with color legend at the top.
√ Moved inspector window inboard the regular window, making things easier to resize without losing the inspector.
√ Added a file chooser, which will pop up on first launch unless --inputFile.
√ Added "open new file" button to allow choosing a new file rather than relaunching.
√ The GUI report will now be saved in the same directory as the input file with the suffix "-AHAReport.csv" in place of ".csv" of the regular file (i.e. BinaryAnalysis.csv will have a report named BinaryAnalysis-AHAReport.csv saved into the same directory BinaryAnalysis.csv was loaded from) -- Extra care was taken not to overwrite the input file in the case '.csv' was not found, but, maybe be cautious for a couple weeks until this is tested in all possible scenarios. If you have a one-off input file, make a backup :)
√ Move the graph to the right a bit to hopefully keep it more centered after loading (there will be more work at some future date on improving autolayout of the graph nodes).
√ Bottom info area now updated when "update on mouseover" checkbox is checked (and checkbox moved to the bottom area from the side info panel).

Fixed:
√ Removed obsolete logic that was causing connected processes to not show correctly in the info overview and the inspector.
√ Copy and paste on macOS now uses the correct keyboard shortcuts.
√ Fixed most of the causes of annoying flicker while the graph was initially loading.
√ Capped zoom in/out so that you cant trigger odd drawing errors anymore by zooming in past the supported level of graph zoom.
√ Improved inter-component borders/bounds to improve visibility and also reduce wasted pixels.
√ GUI stays the same size if you open a new file.
√ Reset the search text to "Search..." if nothing is entered so it remains obvious what the search box is for.
√ Made some effort not to orphan any threads or megabytes when opening a new file.
√ Took other steps to further reduce clicking related crashes/hangs/stack traces/dumps.
√ Ability to crash part of the graph backend by furiously clicking a node should be further reduced...
√ Fix mouseHandler registering multiple click events for a single click -- which seems to have improved performance and other behavior.
√ Fixed other perf issues induced by other problems within the mouseHandler.
√ Fail more gracefully if input filename is bad, or if user clicks cancel at the file selection prompt.
√ Legend/Overlay now correctly respects --bigfont.
√ Some edgecases causing nodes to pop around suddenly if you single click with a very short timespan should be fixed now.

SHA256(AHA-GUI-v0.6.4b5-20181215.zip)= bd7556f7a978691e5a241056e01684b0b3b1ddc12bb84531bf834a0b77b89373

AHA-GUI-v0.6.3a6-20181119

New in v0.6.3a6:

√ Removed ECScoreBeta scoring algorithm as RelativeScoreBeta is intended to replace it
√ RelativeScoreBeta now properly colorizes the graph when selected
√ Removed some extra debug info for RelativeScoreBeta from the Graph Data View
√ Cleaned up misc errors that could occur when colorizing the graph nodes

! Still marked as a pre-release due to some pending rough edges on search functionality.

SHA256(AHA-GUI-v0.6.3a6-20181119.zip)= bd25a05caa901642b0a526a93484cb1f32f64a0cd777586b89239366300ef1e4

AHA-GUI-v0.6.3a2-20181107

New in v0.6.3a2:

√ Experimental new scoring algorithm that's a work in progress by ATamimi called "RelativeScore"
√ Added a checkbox that is defaultly enabled which hides unmatched score metrics
√ Fixed a potential NPE if the build system did not correctly put the version number into the jar manifest
√ Misc fixes

! Still marked as a pre-release due to some pending rough edges on search functionality.

SHA256(AHA-GUI-v0.6.3a2-20181107.zip)= 4d52af780387d635f58d6de684b9a0ca2d258fc5ef52cb65fb771e29df9b8031

AHA-GUI-v0.6.3a1-20181016

Search remains Alpha quality.

Improvements in this build:
√ Added mouseover/tooltip text to all JTable column headers with info about each column, for example, what ASLR is/etc.

SHA256(AHA-GUI-v0.6.3a1-20181016.zip)= a3b4b06ed31a584e041d3356c8fbc0091091292e80308e4634bcd1c3e8cde5e7

AHA-GUI-v0.6.2a1-20181010

Changes for AHA-GUI-v0.6.2a1-20181010:

Search is still in Alpha quality and being developed on the side, everything else is still the usual quality. The following changes are included in this new version:

√ Improved MetricsTable format to have platform attribution which allows us to calculate a maximum score possible. There are two special categories for scoring "multiplatform" which is included in all platforms, "other" which will not include the points towards any platform. Beyond those two special lables, any arbitrary label can be used. Further information is available in the comments in the MetricsTable.cfg
√ Updated metrics. Now windows has 100pts total, and negative scores are clamped to a minimum of zero. This lets us include metrics that effectively zero out the score without making the scale odd, as was previously common to be a -50 to +70 range is now 0-100 (with the supplied updated metrics).
√ Scores are now graded to 4 colors. The maximum score is computed based on MetricsTable (i.e. the new 100pts max). Using this we break that down to 4 bands: 0-25% of maximum, 25% to 50%, 50% to 75%, and above 75%, color progression is red, orange, yellow, green.
√ Tagged WPScore and ECScore scoring algorithms as BETA to reduce confusion, since they are still in the theoretical evaluation stages.
√ Misc fixes.

SHA256(AHA-GUI-v0.6.2a1-20181010.zip)= 0acb103e90fb5714c264c6aee04f8004288f8b1335b71263317fbc4ec9086863

AHA-GUI-v0.6.1a2-20181003

AHA-GUI-v0.6.1a2-20181003

This is an alpha quality pre-release that adds the new search functionality:
processname==svchost.exe will emphasize svchost.exe
~processname==spoolsv.exe will hide spoolsv.exe
processname!=svchost.exe will emphasize everything that is not svchost.exe
~processname==spoolsv.exe will hide everything that is not spoolsv.exe

These terms can also be or'd together with the || symbol:

processname==svchost.exe || ~processname==spoolsv.exe will emphasize svchost.exe and hide spoolsv.exe at the same time. Please note this syntax is lazily evaluated from beginning to end per token. This means we split the complex query up by || and then process starting with the leftmost term, moving rightward. Thus if there is any conflict between the terms, the rightmost will win.

Changelog:
√ Documentation site (aha-project.github.io) site updated
√ Adds support for search
√ Should fix race condition if you click a node in rapid succession
√ Fixes tooltips not existing for the two checkboxes in the inspector
√ Adds better node highlighting on clicking which includes all the edges of the clicked node
√ Misc fixes

Code needs a bit of cleanup before this moves out of alpha, and a lot more feedback to the user on the search stuff (which terms were not validated, maybe some mild syntax suggestions, etc)

SHA256(AHA-GUI-v0.6.1a2-20181003.zip)= e35ac2dd75e868a593b6c46e63bf37286ebbe07418741c06b3520a1b81de38bb

AHA-GUI-v0.6.0b1-20180806

Minor release with a couple of tweaks, but you can consider it the stable result of the 0.5.x series:

0.6.0b1
√ Fixed a typo
√ Minor update to MetricsTable.cfg
√ Removed spurious debug print that got missed

Probably no major updates for at least a couple of weeks as I'll be on travel to some security related conferences.

Enjoy! If you have feedback you can send it to aha-project at eecs.wsu.edu

SHA256(AHA-GUI-v0.6.0b1-20180806.zip)= a1b04549c16d1a4921c87251083c84d4ca0bb14ada0342b9588ee1f7fed5686d

AHA-GUI-v0.5.9b1-20180802

v0.5.9b1: quick bugfix turned into:

! If you modified your metrics table, please grab the new one and modify it again, the format has changed
√ Added support for multiple criteria on a single line of the metrics table (use sparingly or the graph inspector gets a bit busy)
√ Added additional field to MetricsTable (the first field) which specifies the compare operation. Currently supported are "eq" (case insensitive equals) and "ct" (case insensitive contains)
√ "SYN_RECV" and "LAST_ACK" added to the list of states that are handled the same as TIME_WAIT by the GUI (drawn as a dashed line) (is now anything including "wait", "syn_", "last_". This is mostly to support Linux as it has much more granular reporting of these sorts of states
√ Revert change that caused clipped text on openjdk for the checkboxes
√ Connections region of Graph Node Inspector now correctly prints names of Ext_<IP/DNS> rather than splitting it into two columns
√ Fixed parsing of oddly formatted CSVs that have multiple LF/CRLF at the end of a line and/or lots of blank lines interspersed with useful data
√ Ability to show more detail in the inspector about which value the score metric is checking for (e.g. aslr.eq[true], privileges.ct[system], etc), but his hidden by default since some of them are quite verbose/long and tend to clip off of the inspector (though tooltip will show the full text)
√ For time_wait, syn_sent, etc states: if the process name starts with 'unknown' attempt to correlate the local port number to a listening process. If found, the line is drawn from that local endpoint rather than 'unknown_'
√ Improved correctness of 'connections' column in data view > listening processes
√ Cleaned up the way vertices and edges are generated somewhat, but future work will clean this up further.

SHA256(AHA-GUI-v0.5.9b1-20180802.zip)= cf5745606b85c5191164b5c3b32298c1fc2f68eadce5cbd629597c0e4b7d6282

AHA-GUI-v0.5.8b1-20180731

v0.5.8b1 release notes:

√ Build script now prints version of java found while building
√ Build script now enables linter options (extra warnings)
√ Build now targets whatever version of java you have installed, removing warnings about bootclasspath not being set, but will cause compat issues with the built jar (i.e. a jar built on jdk10 probably wont run on jre8)
√ Fixed table header sort icons for real (0.5.7b2 and 0.5.7b3 disabled them since they were causing build errors on jdk9 and jdk10
√ The checkmarks in checkboxes are now more visible
√ Added "connections" column to 'data view > listening processes' to show how many connections each of the listening ports has
√ When printing about connections in the input CSV that are orphaned, ignore those with the state "syn-sent"
√ Improvements to internal bookkeeping related to the local addresses of the machine that was scanned

! Known issue: Checkbox labels may be clipped on some platforms/JREs (so far at least openjdk10 on Kali), hopefully will be fixed soon. In the meantime, if you don't know what a checkbox is for, mouseover it to read the tooltip. Update: so far it seems limited to openjdk10 on kali. Oracle JRE 10 on windows 10 looks fine. This will get fixed eventually but is not a super high priority.

SHA256(AHA-GUI-v0.5.8b1-20180731.zip)= 89f43aa8731391e53160bc8c7ce3849beafc029c1439cb7e2c410a3cf7d923db