Recent releases for pandora

http://open-source-security-software.net/project/pandora/releases.atom Recent releases for pandora 2025-05-19T10:09:01.913531+00:00 python-feedgen pandora v1.0.0 pandora v1.0.0 2022-06-29T16:30:21+00:00 This is the first official stable open source release of [Pandora](https://github.com/pandora-analysis/pandora). Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results. The solution can be installed on-prem to avoid information leak in organisations. It has been tested relatively extensively over the last few months, but there might still be issues. If anything goes wrong, please open an issue and we will do our best to solve it. If you want to test Pandora without installing it, the online version is available at [pandora.circl.lu](https://pandora.circl.lu/). # Core functionalities * Easy to implement workers to analyze specific file formats, or connect to third party services * Admin interface * Session-based user management interface, and sharing * Generate a preview of the submitted document (if applicable) * Extract indicators/observables from submitted files * Extract content of archives * Extract attachments from email in EML and MSG format * Extract text content (if applicable) * Extract EXIF metadata * Pool service to fetch emails from an IMAP mailbox * Notify Administrator * MISP export and submission (admin only) * Statistics (admin only) * Role management (admin only) * Locally defined observables (legitimate/suspicious) (admin only) # Screenshots ## Submission interface ![pandora1](https://user-images.githubusercontent.com/248875/176490605-28763966-f924-4fad-855e-017f88f1954a.png) ## Result page ![pandora2](https://user-images.githubusercontent.com/248875/176490653-d0a1c658-1dc5-4b90-90e5-a565404f2447.png) --------------- ![pandora3](https://user-images.githubusercontent.com/248875/176492185-b4bb61cc-78c0-4146-8ff8-447fbf719a0c.png) 2022-06-29T16:30:21+00:00 pandora v1.0.1 pandora v1.0.1 2022-07-11T14:44:26+00:00 Quick release to improve handling of submissions with passwords. # New features * Support password on submit via API. # Maintenance * Bugfixes * Dependencies update. 2022-07-11T14:44:26+00:00 pandora v1.1.0 pandora v1.1.0 2022-08-31T09:25:44+00:00 # Breaking change This release requires poetry v1.2.0 or more recent. Run the following command to upgrade it: `poetry self update` # New feature * HTML documents can be submitted to [Lookyloo](https://github.com/Lookyloo/lookyloo) (requires v1.15.0 or more recent) ![submit to lookyloo](https://user-images.githubusercontent.com/248875/187422078-f601b1f7-0cbf-47f0-aa9f-31353d3ee4d6.png) ![lookyloo capture](https://user-images.githubusercontent.com/248875/187422923-a75474e7-269f-413e-ae43-1437d6dcc59b.png) # Changes * Improvements in the modules (archives, ISO, EML) * Improvements on the stats page * Configure the links on the index * Bump dependencies # Fixes * Support ingesting a file downloaded from a Pandora instance * Automatically restart unoserver when it crashes (makes previews with libreoffice more reliable) # Notes * Many have reported issues with the reviews generated by LibreOffice. A seemingly universal fix seems to be installing the [full package from the PPA](https://github.com/pandora-analysis/pandora#important-notes-regarding-libreoffice). 2022-08-31T09:25:44+00:00 pandora v1.2.0 pandora v1.2.0 2022-10-27T12:23:19+00:00 This is a pretty major maintenance release aiming to make the code easier to maintain. There are no big new features but a lot of the back end code was heavily modified. # Changes * Remove all asserts, replace them with proper exceptions * UI improvements on the submission and analysis pages * Detailed view (WiP) to reduce the visual load on the user * Add bandit, pylint, codespell, flake8 and semgrep in the github actions (many thanks to @juju4 for the heavy lifting) # Fixes * Better handling of date times on non-UTC machines * Support for new exiftool 2022-10-27T12:23:19+00:00 pandora v1.3.0 pandora v1.3.0 2022-12-30T12:12:36+00:00 # Breaking change Poetry v1.3.0 or more recent is now required, please [upgrade](https://python-poetry.org/docs/#installation) to the latest version. # New Features * Support for CAB files (with hachoir) * Support for VHD files (with dfvfs) * Pre-load the analysis results instead of loading it in javascript after the page is loaded * Much better handling of ODF files * Improve extraction of URLs from office documents * Improve logging, use a config file * Improve processes handling and avoid deadlocks on stop * [API only] Get stats by worker and mimetype # Bugfixes * Improve handling of 7z files * Add timeout on observables worker (avoid exceptions is a sample has way too many observables) * Improve mimetype synonyms to match the types better between python core mimetypes and the python-magic library * Improve handling of html bodies in emails, support for signed emails * Improve handling of password protected OLE files * Avoid getting the IMAP handler stuck (timeout) # Changes * Major improvements in rendering the stats page * Major improvements in exceptions handling * Autokill libreoffice every hours to avoid memory leak * Allow to mark issues with extractor module as error instead of alert when we reach the limits (size or number of files in archives) * Improve UI and docs, move to bootstrap 5.2 * Updates all dependencies 2022-12-30T12:12:36+00:00 pandora v1.3.1 pandora v1.3.1 2023-01-10T17:10:40+00:00 # Security patch This releases fixes [CVE-2023-22898](https://cve.circl.lu/cve/CVE-2023-22898) where a nested archive (aka ZIP Bomb) could trigger a DOS to the platform, especially to the extractor module. Thank you @kurgans0 for reporting it. # New features * Limit the amount of archives to recursively extract from a file, and the maximal depth (Fixes CVE-2023-22898) * Display link to VT report instead of text in the report # Changes * Many improvements in the dfVFS extractor, support files with multiple filesystems * Improve mime types synonyms * Improve notification email (set reply-to if possible, insert full link in email body. * Bump all dependencies # Bug fixes * Fix exception on edge cases when using the dfVFS extractor * Only allow submitting one file at the time - the UI was allowing multiple files by mistake, it wasn't supposed to be supported and causes UI issues. Supporting multiple upload will be implemented later. 2023-01-10T17:10:40+00:00 pandora v1.4.0 pandora v1.4.0 2023-03-31T10:40:19+00:00 # New features * Progress bar when uploading a file * Add SMTP auth for email notification (thanks to @sebdraven) # Changes * Many UI Improvements * Much improved logging all around * Improvements in blocklist module * Improvements in workers initialization. * Bump dependencies (Python, JS), make the project compatible with Python 3.11 * Remove IRMA module (project deprecated) * Code cleanup and maintenance # Bugfixes * Fix Dockerfile and docker compose * Better support for MSG files 2023-03-31T10:40:19+00:00 pandora v1.5.0 pandora v1.5.0 2023-06-30T14:00:14+00:00 This is mostly a maintenance release with a whole bunch of bugfixes. # Changes * Many improvements in the logging * Improve sessions handling * Improve SMTP login settings # Bugfixes * Calling dfvfs was globally changing the timezone in the python environment * Use the right version of kvrocks * Better handling of timeouts * Cleanup in observables extraction 2023-06-30T14:00:14+00:00 pandora v1.6.0 pandora v1.6.0 2023-10-13T10:55:34+00:00 # New features * Module to decode QR codes # Changes * Improve support of recent Libreoffice * Support latest redis and kvrocks releases * Bump dependencies, yara signatures # Bugfixes * Maintenance and cleanups, mainly related to dependencies updates. Note that this release isn't compatible with python 3.12. The next one will be. 2023-10-13T10:55:34+00:00