v0.21.1

• Fix build failure on aarch64 musl

Thanks

We'd like to thank @repi for their support on github sponsors.

v0.21.0

• Added new stats command to show data in the workspace. This is also available as a subcommand with sn0int -w foo stats
• Add select --values as shorthand for jq -r .value
• Allow deleting multiple workspaces at once

Thanks

We'd like to thank @repi for their support on github sponsors.

v0.20.1

• Speedup initial setup of a new workspace by 1242% (2913ms vs 217ms in my tests)
• Update dependencies (including security updates)

Thanks

We'd like to thank @repi for their support on github sponsors.

v0.20.0

• Introduce stealth levels (loud, normal, silent, offline) that modules can specify and you can select which modules you want to enable based on the stealth level
• The author and repository can be added to module metadata
• Support inverse rules for notifications
• Some structs can now be streamed into the database from stdin with sn0int add --stdin
• The http functions now support redirects

Thanks

We'd like to thank @repi for their support on github sponsors.

v0.19.1

Bugfixes in notification system

• Execution of a notification hook doesn't cause further queued executions to abort anymore.
• Ratelimits are now shared with notification modules as well so webhook ratelimits can be honored.

Thanks

We'd like to thank @repi for their support on github sponsors.

v0.19.0

New Feature: calendar

Previous releases introduced activity as a new discoverable datapoint, there's now a new cal command to show a calendar that's annotated with a heat-map.

sn0int cal 2020

It's also possible to break them down to a specific time (-T) which defaults to 12 minute slices, or group by hour instead (-H). To -C to show additional days for context (this also works in the month view):

sn0int cal -TC3

New Feature: notify

There's a new notification system that you can hook into. Notifications are also just sent with regular sn0int modules that take -- Source: notifications as input, to get the list of notification modules that are currently installed run:

sn0int pkg list --source notifications

This enables you to run sn0int automatically and unattended to monitor infrastructure. A full walk-through of how to setup notification routing can be found here:

https://sn0int.readthedocs.io/en/latest/notifications.html

Please note that this feature is still very much work in progress.

Misc

• Add deprecation notice for mod command in favor of pkg
• Make pkg quickstart skip already installed modules
• Make sn0int more forgiving with accidential ^C
• Fix seccomp issues with sleep

Thanks

We'd like to thank @repi for their support on github sponsors.

v0.18.2

• Fix incomplete osx 10.13 dns bugfix

v0.18.1

• Work around issue with ipv6 dns resolvers on OSX 10.13
• Support patterns in pkg list
• Add select --count
• Improve error messages
• Fix a display issue with netblocks in detailed view

v0.18.0

• Add functions to connect to mqtt broker
• Add decryption function for libsodium secret box
• Add binary support in http_request/http_send
• Fix a bug that prevented adding urls with empty body
• Switch docker container to alpine
• Do not error for read timeouts in sock_recvline
• Support geoip database path used by geoipupdate
• Replace quickstart with pkg quickstart
• Support more advanced time references in sn0int activity, like '1h ago'
• Change update check interval

v0.17.1

• Fix seccomp build issues on aarch64
• Fix regression in x509_parse_pem (dependency downgraded and sent rusticata/x509-parser#27)
• Add sn0int run --dump-sandbox-init-msg for sandbox debugging
• Add exit and quit to exit the sn0int cli