http://open-source-security-software.net/organization/D4/releases.atom 2024-05-15T09:43:37.578481+00:00 python-feedgen analyzer-d4-passivedns v0.1 2019-04-05T14:11:57+00:00 # Features of the analyzer-d4-passivedns version 0.1 - A dedicated Passive DNS analyzer for D4 client (passive dns client type 8) to ingest passive DNS records into a Passive DNS COF server - analyzer can filter out records coming from D4 sensors (such as specific types or records) - analyzer can set an expiration time for specific DNS record type (to expire common data that should be removed from the Passive DNS after a specific time) - A Passive DNS server supporting a REST API has been added to allow query and output of the Passive DNS records in [COF format](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-05). - A simple PDNS injector to reinject Passive DNS records in COF format (from other Passive DNS server) into the Passive DNS server. 2019-04-05T14:11:57+00:00 analyzer-d4-passivedns v0.2 2020-07-28T13:11:44+00:00 # Main changes ``` New ~~~ - [launcher] scripts that launch all components in screens -t. [Jean- Louis Huynen] Fix ~~~ - [launcher] Removed hardcoded paths. [airkeyp] - [launcher] cd in subshell. [Jean-Louis Huynen] Other ~~~~~ - Merge pull request #7 from axtux/master. [Alexandre Dulaunoy] Fix IP/domain stripping and database directory - Create db directory and correct path. [Axtux] - Only remove extrema dots. [Axtux] - Merge pull request #3 from trolldbois/master. [Alexandre Dulaunoy] Use Environmental variables for redis - Back to INFO. [ljaqueme] - Let be simple. [ljaqueme] - Superseed config with ENV if available. [ljaqueme] - Support env for docker. [ljaqueme] ``` 2020-07-28T13:11:44+00:00 analyzer-d4-passivedns v0.5 2022-07-15T10:16:53+00:00 analyzer-d4-passivedns is an analyzer for a D4 network sensor including a complete Passive DNS server. The analyser can process data produced by D4 sensors (in [passivedns](https://github.com/gamelinux/passivedns) CSV format (more to come)) or independently from D4 using [COF websocket](https://datatracker.ietf.org/doc/html/draft-dulaunoy-dnsop-passive-dns-cof) streams. A new version of analyzer-d4-passivedns has been released which includes: - Feeding from [COF websocket](https://datatracker.ietf.org/doc/html/draft-dulaunoy-dnsop-passive-dns-cof) stream (independently of D4 collection). A sample COF stream (newly seen IPv6 addresses and DNS records) is included in the documentation and kindly provided by CIRCL. - Add new back-end for large Passive DNS server [kvrocks](https://kvrocks.apache.org/) instead of redis 2022-07-15T10:16:53+00:00 d4-core v0.1 2019-01-25T11:03:40+00:00 D4 core client and server version 0.1 (alpha) has been released including a minimal C client implementation of an encapsulation protocol in D4 protocol version 1. An alpha server is included decoding clients, doing auto registration and decapsulating into the native protocol (tested with pcap and dnscap output). 2019-01-25T11:03:40+00:00 d4-core v0.2 2019-02-14T15:52:51+00:00 D4 core server has been significantly updated including improvements in sensor management and new model of analyzers. - Support for IPv6 has been added. - New analyzer to compress file of type (1) - New worker type (8) to queue in redis for analyzer processing (like the [Passive DNS analyzer](https://github.com/D4-project/analyzer-d4-passivedns)) - Blacklist/unblacklist by network range - Allow the ability to filter per sensor - Many improvements in the sensor management and monitoring 2019-02-14T15:52:51+00:00 d4-core v0.3 2019-04-08T07:18:40+00:00 A new version of the D4 core client and server has been released including significant improvements such as a support of the custom type (type 254), statistics and many more improvements. - [client] improvement to compile on older version of Linux + OpenBSD - [server] New kick functionality to remove sensor per UUID - [server] Extended types is now supported by the D4 server - [server/worker] Various improvements including save JSON to disk and others depending of the type - [server] Many bugs fixed (following intensive existing new sensor such as [Passive DNS](https://github.com/D4-project/analyzer-d4-passivedns) and [Passive SSL](https://github.com/D4-project/analyzer-d4-passivessl)) - [server] Statistics per sensor added to the UI 2019-04-08T07:18:40+00:00 d4-core v0.4 2020-01-14T08:29:26+00:00 A new version of the D4 core client and server has been released including significant improvements such as an API to interact with [d4-sensor-generator](https://github.com/D4-project/d4-sensor-generator) and others tools, authentication and user management, generics analyzers to easily export D4 data to the outside world and many more improvements and bug fixes. - [server] API - [server] generic analyzer: UDP, TCP, stdout, syslog and UNIX socket - [server] sensor registration and filtering - [server] sensor description - [server] UI improvements 2020-01-14T08:29:26+00:00 d4-core v1.0 2020-03-12T09:36:27+00:00 # D4 core client and server - version 1.0 released D4 core server version 1.0 has been released. As the server is now actively in production by different users, we reach the v1.0. This version includes some new features such as having a queue size per group of sensors.  # Changes - [Analyzer Queue] add template: edit queue. [Terrtia] - [Metatype default] send data to analyzer queues by default. [Terrtia] - [Analyzer Queue] add update script + global queue_uuid by type/extended type. [Terrtia] - [Analyzer Queues] Add queue by group of sensors (TODO: add sensor uuid in the UI) [Terrtia] - [worker] add worker 3. [Terrtia] # Fixes - [Analyzer queue 254] fix metatype: push to queue. [Terrtia] - [Analyzer queue 254] fix list by type. [Terrtia] - [worker 2 8] fix config redis. [Terrtia] - [worker 2 8] fix config import. [Terrtia] - [worker 1] fix config import. [Terrtia] - Typo. [Terrtia] - [Flask server + cookie session] chg default cookie name (also use port number) + add Flask port number to config. [Terrtia] # Other - Chg; [Analyzer Queue UI] add queue creator template + bug fix. [Terrtia] 2020-03-12T09:36:27+00:00 d4-core v1.1 2020-07-28T08:50:50+00:00 v1.1 (2020-05-26) ----------------- # Changes - [install] popper folder name changed. [Jean-Louis Huynen] - [README] update screenshot. [Terrtia] - [server] add screenshots. [Terrtia] - [exporter TLS] add client cert. [Terrtia] - [TLS Exporter] add new analyzer: tls export, fix: #35. [Terrtia] # Fix - [Analyzer queues] delete an analyzer queue. [Terrtia] - [edit user] edit user password. [Terrtia] - [Flask cookie name] [Terrtia] - [Analyzer - close socket] use shutdown fct. [Terrtia] - [README] [Terrtia] # Other - Merge pull request #37 from D4-project/gallypette-patch-1. [Thirion Aurélien] chg: [install] popper folder name changed. 2020-07-28T08:50:50+00:00 d4-core v1.2 2021-04-19T14:00:36+00:00 v1.2 (2021-04-19) ----------------- # Changes - [filerwatcher] new worker to handle d4-goclient filewatcher meta-type [Jean-Louis Huynen] - [Sensors monitoring] API to monitor offline sensors [Terrtia] - [config] new variables [Terrtia] - [Flask] change default host [Terrtia] - [d4-core] change default max queue size [Jean-Louis Huynen] - [client] no data: send empty D4 packet [Terrtia] # Fix - [Flask] fix flask host [Terrtia] - [Flask] typo [Terrtia] - [UI sensor_register role] avoid login + fix error template [Terrtia] - [UI change password] check user role [Terrtia] 2021-04-19T14:00:36+00:00 analyzer-d4-ipa v0.1 2020-01-13T09:44:40+00:00 This is analyzer-d4-ipa's initial release. # Main features * reads a pcap file and analyze icmp packets to detect potential DDoS attacks, * fetches from d4 redis queue or from a folder. 2020-01-13T09:44:40+00:00 analyzer-d4-ipa v0.2 2021-04-30T09:40:29+00:00 # Mains changes - Bump lxml to v4.6.3 2021-04-30T09:40:29+00:00 BGPRanking 2.0 2022-01-18T14:03:43+00:00 ## BGP Ranking version 2.0 release - major upgrade 2.0 (2022-01-18) BGP Ranking version 2.0 is released including an improvement back-end relying on [kvrocks](https://github.com/KvrocksLabs/kvrocks) and many improvements including source import, additional sources and many bugs fixed. ### New * Add missing types in ssfetcher. [Raphaël Vinot] * Abuse.ch lists - SSLBlacklist, ThreatFox. [Raphaël Vinot] ### Changes * Bump deps, add pybgpranking2. [Raphaël Vinot] * Use best source from ipasnhistory if possible. [Raphaël Vinot] * Improve shadow server import, support network in sanitizer. [Raphaël Vinot] * Improve logging when something is broken when caching. [Raphaël Vinot] * Improve logging for parser on exception. [Raphaël Vinot] * Bump deps. [Raphaël Vinot] * Slight changes in migrate script. [Raphaël Vinot] * Remove old file. [Raphaël Vinot] * Bump deps. [Raphaël Vinot] * Improve logging. [Raphaël Vinot] * Move API to restx. [Raphaël Vinot] * Migrate to new framework. [Raphaël Vinot] * Sync code with prod. [Raphaël Vinot] * Remove bambenekconsulting feeds (not free anymore) [Raphaël Vinot] ### Fix * Incorrect redirect in asn. [Raphaël Vinot] * Avoid exception if the source is created after we try to get the modules. [Raphaël Vinot] * Do not cache load_all_modules_configs, it is dynamic. [Raphaël Vinot] * Properly forward data to ipasnhistory. [Raphaël Vinot] * Incorrect regex, again. [Raphaël Vinot] * Incorrect regex match for list update. [Raphaël Vinot] * Missing variable in threatfox parser. [Raphaël Vinot] * Properly name abuse.ch SSL blacklist. [Raphaël Vinot] * Avoid exception on GET request for ipasnhistory proxy. [Raphaël Vinot] * POST for ipasnhistory via bgpranking works again. [Raphaël Vinot] * Also start the website. [Raphaël Vinot] ### Other * Merge pull request #13 from D4-project/dependabot/pip/jinja2-2.11.3. [Steve Clement] * Build(deps): bump jinja2 from 2.10.3 to 2.11.3. [dependabot[bot]] Bumps [jinja2](https://github.com/pallets/jinja) from 2.10.3 to 2.11.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/2.10.3...2.11.3) 2022-01-18T14:03:43+00:00 BGPRanking 2.1 2022-04-27T08:22:03+00:00 BGP Ranking version 2.1 released including updated dependencies. 2022-04-27T08:22:03+00:00 d4-goclient 1.0 2017-11-17T14:41:48+00:00 This is the first version of the CASES Diagnostic. The application should be found by typing the address http://10.0.0.102 in your navigation bar. Do not forget to add the Host-Only card to make the VM Work, as it is explained in the [Quick Start Guide](https://github.com/CASES-LU/diagnostic/blob/master/README.md) >Credentials for this VM (under the format `Login`:`Password` : >Login Diagnostic : `diagnostic@cases.lu`:`Diagnostic1!` >SSH login: `diagnostic`:`diagnostic` >Mysql root login: `root`:`4da74c250b218c70989d982fb7e5486b00ef79cedfd5e4847ac7a8ff4ff8aba5` >Mysql diagnostic login: `diagnostic`:`f5e75d203bfac8965aab080f121151db92b0d529acffb0097dda1013f3611ade` >SHA512 sum : `e0649312e8e217a092bd6e2e7a0fac2d46d4506c619f807d2e6d5594101c223602e50949986149ef6b4ac27bfdf531cc2f1e13952d0d9a34dab68d2d4081ea80` > SHA1 sum : `381680be239ab821f594fa55ca29e2b6dbc21644` 2017-11-17T14:41:48+00:00 d4-goclient 1.1 2018-06-11T09:57:28+00:00 What's new in this new version ? >**CHANGE LOG VERSION 1.1 JUNE 2018** > >- Update Ubuntu from 17.04 to 18.04. >- Update Php from 7.0 to 7.1. >- Add color to the category in the report (radar chart and tabs). >- Update the Diagnostic's logo from CASES to DIAGNOSTIC. >- Modify report to be more visual. >- Update calculation method (no more Planned Maturity, there is now a Non Applicable button). >- Display red points instead of triangles in the diagnostic to match with the MONARC convention. >- Use of OpenSSL to export and upload new diagnosis which wasn't working anymore since Php7.1. >- Add category tab in the adminitration mode. It is now possible to add/modify/delete new categories for the >Diagnostic. >- Update the administration mode. It is now possible to translate questions and categories without getting in >the .po files. >- Update documentation to match with new features. The application should be found by typing the address http://10.0.0.102 in your navigation bar. Do not forget to add the Host-Only card to make the VM Work, as it is explained in the [Quick Start Guide](https://github.com/CASES-LU/diagnostic/blob/master/README.md) >**Credentials for this VM (under the format** _`Login`_:_`Password`_**) :** >Login Diagnostic : _`diagnostic@cases.lu`_:_`Diagnostic1!`_ >SSH login: _`diagnostic`_:_`diagnostic`_ >Mysql root login: _`root`_:_`9091d0a91ade1803fb5b4dce`_ >Mysql diagnostic login: _`diagnostic`_:_`0376dea30f32943d3cd6c48b`_ >SHA512 sum : _`b3906022eaf981168e0bf05811e8311e396056733d32b752bacb861d15fe7756426cada7c3a468e3e8f2766a6689e905280b4bbf0335972e03ea4323fa1c0e59`_ > SHA1 sum : _`dfda33de19120793f31ccc30b2ee14d1292ced86`_ 2018-06-11T09:57:28+00:00 d4-goclient 1.2 2018-11-14T09:54:42+00:00 What's new in this new version ? >**CHANGE LOG VERSION 1.2 NOVEMBER 2018** > >- Add language tab in the administration mode. It is now possible to add/modify/delete new languages and new translations. >- Add confirmation before deleting something(questions, categories, languages, translations). >- Add Reports tab in the administration mode in which we can download/upload report template modals. >- Add Settings tab in the administration mode in which we can change some global settings and add diagnostic statistics. >- Add importation/exportation for questions, categories and translations. >- Add an Uid for the Diagnostic, for the questions and for the categories. >- Add statistics importation for a diagnosis. >- Add several information in a diagnosis. We can now choose the activity of the company and its number of employees. >- Change the threshold calcul method for each question. It is now equal to threat*weight depends on the question. >- Add blocking question. Used if an essential domain for the entity is not managed. >- Update the evolution of maturity bar chart. We can now see the average of diagnoses of the current domain and overall diagnoses done for a year given. >- Add an help part for the organization and synthesis parts in a diagnosis. >- Aesthetics and ergonomics improved in the report. Better colors, N/A displayed instead of 0% out of 0%. >- Translation files now divided between questions, categories and translations for more visibility. >- Update documentation to match with new features. Do **not** forget to add the Host-Only card to make the VM Work, as it is explained in the [Quick Start Guide](https://github.com/CASES-LU/diagnostic/blob/master/README.md) The application should be found by typing the address http://10.0.0.102 in your navigation bar. >**Credentials for this VM (under the format** _`Login`_:_`Password`_**) :** >Login Diagnostic : _`diagnostic@cases.lu`_:_`Diagnostic1!`_ >SSH login: _`diagnostic`_:_`diagnostic`_ >Mysql root login: _`root`_:_`4ff519383e1ba8cc948395b8`_ >Mysql diagnostic login: _`diagnostic`_:_`4a76bf589340dd3ce86168a0`_ >SHA512 sum : _`d8be0abaff0fac0cfbec18ef80334a83c7a7870d71db04afb6a1356492e45114adfe3035779bb462fa048b5d7f380d6cbb133aeec1d285e65cb55671b0d4e6fa`_ > SHA1 sum : _`8e1e776634c75c226607e6f7ca04db785c113b6f`_ 2018-11-14T09:54:42+00:00 d4-goclient v0.1 2019-02-14T09:10:47+00:00 **Initial release** of D4-project's go client: This version is released for testing purpose. It works properly with server version ~ 08809cf57439e8dace993ca4459aa93a68fe37b9 # SHA 256 # ```shell dbde4f87aa0035947c3bbd161b29d8214f11c3c40fc4265e7e1375bebd34100f d4-amd64l 9c5367dd8bc6ce9d4d56e1ea9e75638fdc3b955af2fb4139df5b1694b38e6307 d4-arm5l f5916dad1820434c0bdf4a3339a1829f848d0e133be07fdae4a3107aebeadf10 d4-goclient-0.1.tar.gz 1803af77a6f9ff45f69fcbc3508a9d51927b9cfe8c31e8b7d0b4a0d7b8e3a3dc d4-goclient-0.1.zip ``` 2019-02-14T09:10:47+00:00 d4-goclient v0.2 2019-04-08T07:29:00+00:00 Version 0.2 of the D4 Project client in Golang has been released including: - Support for meta header (type 254) - DNS resolution - Multiple bugs were fixed 2019-04-08T07:29:00+00:00 d4-goclient v0.3.0 2020-01-10T09:32:28+00:00 # Main changes * chg: [main] fix #6 * chg: [modules] opt-in to Go modules * chg: [modules] use d4-golang-utils # SHA 256 ```shell c41ebdcb589942a59d96c31c3f03a8574601a3c32580de5ea73b98f1f9df07f2 d4-goclient ``` 2020-01-10T09:32:28+00:00 d4-goclient v0.3.1 2020-02-12T14:08:05+00:00 # Main changes * chg: [mod] bump d4-golang-utils # SHA 256 ```shell 2c1314debbe6ce6bf29e7b9777cebcd06d36152df9b972b6e5239c71965ff0a4 d4-goclient ``` 2020-02-12T14:08:05+00:00 d4-goclient v0.4 2020-04-27T12:58:06+00:00 # Main changes * add: [input] d4 forward from d4 server redis #9 * chg: [log] proper log file * chg: [main] no exit unless specified #10 * chg: [main] rate limiter when reaching EOF * chg: [main] no output on stdout unless specified * chg: [main] fix various typos # SHA 256 ```shell d728dc1eee84bff892cd535f16c71191eef0a73870c9526b7575a3ce38755746 d4-goclient 4730571393e188aee5b6aa9f147bf6f907523b50e59cc8de47fcfb8fc076b4bf d4-goclient-arm5l ``` 2020-04-27T12:58:06+00:00 d4-goclient v0.5 2020-07-28T08:34:02+00:00 # Main changes * chg: [main] complete rewrite of initialization, OS signaling and goroutine handling * chg: [network] if possible TCP connections are reused * fix: [config] #13 issue with relative paths * fix: [log] #14 correctly timestamp loglines # SHA 256 ```shell ff71013e8d2d1af074c7408d08854b09a829b2a335279eef38ca14001536ee2b d4-goclient cf04a24673ffb338278abe5f2cedb1ecb991e750987882f8216614daa5cae169 d4-goclient-arm5l ``` 2020-07-28T08:34:02+00:00 d4-goclient v1.0 2021-04-19T14:13:43+00:00 # Main changes - [filewatcher] filewatcher [Jean-Louis Huynen] - [proxy] hardcoded tor proxy [Jean-Louis Huynen] # SHA 256 ```shell 427b227865f9f4a808028f42e0107a687f84e75378069345b558b4bd5f0b1fa3 d4-goclient 1ef021626cd0f1871edf2bd690d5e02fb0aab58b0a4dc2f9ce8d52cc22c24fbe d4-goclient-arm5l ``` 2021-04-19T14:13:43+00:00 sensor-d4-tls-fingerprinting 0.1 2019-04-25T08:15:32+00:00 This is the inital release of sensor-d4-tls-fingerprinting. # Current Features * Extract x509 certificates from pcap files or network interfaces * Export TLS sessions description in JSON form - to stdout or to disk * Export Certificates to disk * Fingerprints TLS client/server interactions with ja3/ja3s * Fingerprints TLS interactions with TLSH fuzzy hashing on the tuple {ja3, ja3s, [certficate.issuer, certificate.subject]} # SHA 256 # ```shell 2c52f40ce7b606b4edeef7d9c6b2b5f622464effcfd3408852019b567e0620df d4-tlsf-amd64l ``` 2019-04-25T08:15:32+00:00 sensor-d4-tls-fingerprinting 0.2.0 2020-01-08T15:02:25+00:00 # Main changes * chg: [sessions] switch from sha256 to sha1 for consistency with TLS * fix: [ja3] grease values were not checked on elliptic curves extensions #13 * chg [modules] opt-in to Go Modules (that also explains the version numbering change) # SHA 256 # ```shell 90c2147f5fe700509302b4c1ff01b79d828ee883d09a37762a0a9a8c3327c054 sensor-d4-tls-fingerprinting ``` 2020-01-08T15:02:25+00:00