changeme v1.2.3

Changes:

• Moving from yaml.load to yaml.safe_load - #91 @Graph-X
• Fixes in http_post scanner by @Graph-X

New Creds:

• Endpoint Protector
• iCatch or LILIN DVRs
• EON SNMP - h4knet
• Zyxel FTP - h4knet

Announcements

Likely the last version supporting python 2.7. Future plan is to move to Python 3 and reworking the scanning engine to take advantage of async.io instead of the current threading implementation.

changeme v1.2.1

• Fixing broken success.status check from #79
• Adding @mzet-'s Aruba ClearPass credentials

changeme v1.2.0

• Merged @binarycanary's Telnet scanner code
• New Creds
  • Cisco Collaboration Endpoint
  • SonarQube 7.x
  • Odoo
  • Misc IoT creds
  • Netscreen backdoor creds

changeme v1.1.1

Changelog

• Fixed #62
• Reworked multiprocessing to help with #60 (crosses fingers)
• Implemented --ssl switch to implement feature request #52
• New credentials
  • Speco Technologies IP Camera
  • ActiveMQ
  • Proliphix Thermostat
  • MySQL
  • Postgres
  • Antsle
  • HipChat (SSH)
  • IBM Storwize

Thanks to sil3ntcor3, madtownliz for creds and inspiration.

changeme v1.1

Changelog

• Fixed #62
• Reworked multiprocessing to help with #60 (crosses fingers)
• Implemented --ssl switch to implement feature request #52
• New credentials
  • Speco Technologies IP Camera
  • ActiveMQ
  • Proliphix Thermostat
  • MySQL
  • Postgres
  • Antsle
  • HipChat (SSH)
  • IBM Storwize
  • SSH from @jtesta #61

Thanks to @jtesta, @sil3ntcor3 and @madtownliz for creds and inspiration.

changeme v1.0.5

• A bug fix for non-redis backed scans that would result in false negatives
• -n now supports multiple names separated by a comma i.e. -n "tomcat manager",jboss,nexus

changeme v1.0.4

• Closes #38 by upgrading persist-queue to 0.3.1 and making the storage mech :memory:
• Optimized queue storage for fingerprints by modifying how the creds dict is passed to the methods
• Modified to HttpFingerprint.__eq__ so it's better at uniquing fingerprints
• Added Apache Tomcat Host Manager creds based on #48
• Re-adding kanboard and makito creds that were accidentally removed during the refactor

Note: You'll need to run pip install -r requirements.txt to pick up the new library versions.

changeme v1.0.3

• Closed #45 - Run changeme from outside the project directory
• Merged #44 - Strip trailing slashes from target to improve compatability with aquatone
• New creds
  • Grafana
  • Modern IE SSH creds
  • Nuxeo

changeme v1.0.2

This release fixes a number of bugs.

• Closing #39 SSH bug
• Splitting out dev/test requirements to dev-requirements.txt
• Fixing bug with version check
• Removing some extraneous debug logging
• Merging Graph-X's port checking code for the Target class
• Adding get_ip method to the Target class that resolves host names to ips
• Splitting out snmp public/private community strings to their own cred file
• Updated snmp test to have more stringent checks

changeme v1.0.1 DerbyCon fixes

• Fixes bug where sqlite didn't delete the found_q after a successful scan
• Fixing python2/3 issue with --mkcred