Support Center

History of Pwnix Releases

Last Updated: Nov 20, 2019 09:04AM EST
As of September 9th, 2019 the following is the history of Pwnix Releases as reflected in the /opt/pwnix/chef/CHANGELOG file

2019-09-09 -- version 1.9.19
General:
- Remove Louis gem (from public repo) dependency
- Use patrous_fati gem from Pwnieexpress GitHub and not public Ruby gem repo
- Remove portly

2019-08-29 -- version 1.9.18
General:
- Perform backup before px-system-update
- BlueHydra to sync all devices to Pulse and perform hard_reset before each sync
- Hermes - renew expired certificates

2019-06-25 -- version 1.9.17
General:
- Fix insight_api/api_endpoints/vulnerability_scanner.rb for px-openvas-report-fallback
- Discard "N/A - Random Address" in BlueHydra scan

2019-05-12 -- version 1.9.16
General:
- Fix OpenVas connection check in px-connection-dr script
- Make use of /etc/lsb-release.conf file to determine OS version codename
- Changes required for kalirepo update

2019-01-16 -- version 1.9.15
General:
- GPG key expired on updates server
- Created new key, signed images, replaced public key

2018-06-05 -- version 1.9.14
General:
- Fix AD integration insight api plugin
- Prune OpenVAS plugins after upgrade
- Cleanup AD integration on deregistration from Pulse

2018-04-09 -- version 1.9.13
General:
- Fix AD integration status reporting
- Fix PwnScan and BlueHydra config parsing from Pulse
- Fix update endpoint used by Pulse

2018-04-06 -- version 1.9.12
General:
- Fix configuration updates for reverse shells from Pulse
- Fix status reporting of shells to Pulse

2018-04-02 -- version 1.9.11
General:
- InsightAPI ...updated local UI
- InsightAPI fixed all reverse shells
- InsightAPI added HTTP and Proxy type shells
- InsightAPI added user management
- Make reverse shells more reliable
- Remove color from scripts exposed through web interface
- Add ability to completely disable OpenVAS
- Add error handling to system health check
- Fix passive recon's OS detection log
- Fix passive recon's HTTP log
- PwnScan add current scans to context
- PwnScan confirm IP rolled when coming from passive arp
- PwnScan increase arpscan speed
- Fix updating over reverse shells
- Update all Ruby gems
- PF dont respect AP updates that try to change bands


2018-03-01 -- version 1.9.10
General:
- BlueHydra fix btmon parsing due to bitrot
- BlueHydra info scan rate changed to 4 min from 1 minute
- BlueHydra 3 minute granularity, sync every 3 minutes
- BlueHydra stop unknown company_data flapping
- BlueHydra prevent from DDOSing cloud with runtime failue loops
- Remove CWIPS from updates
- Remove Trihard from updates
- Fix OpenVAS status endpoint in insight
- Update PX scripts to properly hit insight endpoints
- Remove kali1 migrations (shells)
- Kismet slow down channel hopping
- No longer install radiotap-signals
- PwnScan fix OpenVAS endpoint
- PF Handle multiple cloaked SSIDs
- PF Add signal threshold for client and AP detection
- PF Disregard channel 0
- PF reduce message flapping


2018-02-07 -- version 1.9.9
General:
- Fix upstream Kali key from improper rolling

2018-01-12 -- version 1.9.8
General:
- Sensor Notifications adjust throttle to 1 per minute per event
- Upgrade to Ruby 2.3.6
- PwnScan add IP context cache for smarter scanning
- PwnScan track dirty attributes; cache hook, change integrity check
- PwnScan throttle remote target notifications once per run
- PwnScan abstract DM rescues to function call instead of manual rescues everywhere
- PwnScan fix dark magic voodoo nmap timeout parsing for smaller queues
- PwnScan lower subnet scan timeout to 120
- PwnScan smarter sync throttling to further prevent cloud race condition
- PwnScan sync thread reduced to every 12 hours from every 1 hour
- PwnScan add config flag for intrusive scans to be turned off
- BlueHydra make sensor events optional for open source users
- BlueHydra update parser to handle new version of BlueZ
- BlueHydra automatically reject obviously bad data and warn
- CWIPS handle disconnection from Kismet
- CWIPS minor parse improvement
Mobile:
- Dont install ifplugd

2017-12-08 -- version 1.9.7
General:
- Remove Ardennais Plus definition
- Add Shire and Shire Plus definitions
- AtCtMon Validate db is sane
- AtCtMon quiet the no modem error
- AtCtmon fix the failed lookup errors
- AtCtMon update the lookup table
- AtCtMon reset the dongle every 3 hours instead of 8
- Limit RAM usage for Kismet and Openvas-scanner
- Added intel microcode for ardennais and shire errata
- PwnScan add port confidence for weighted updates
- PwnScan retry checks for fatal network failures at runtime
- PwnScan "fix" sprintf on incomplete packets for passive arp
- PwnScan downgrade troubleshooting output from warn to debug
- PwnScan move tsa line warning
- Watchdog will restart if unable to map 50M RAM
- PatFat updated to avoid microsecond race
- Openvas pause scans during update and resume after
- CWIPS improve parsing
- CWIPS move warning to more useful place
- Openvas pause before updating and resume after

2017-11-17 -- version 1.9.6
General:
- Bump Patfat version to fix errors in log
- Sensor Notifications - gather version at startup to avoid OOM while processing OOM notifications
- PwnScan/DHCP0f fix domain parsing/passing
- PwnScan throw out invalid looking domain_names passed from DHCP0f
- PwnScan fix in logic during port fingerprint analysis
- PwnScan add explicit passive cache deletion for remote hosts on save model hook
- More properly ban kernel 4.9, additionally ban 4.12
- Remove non-existant unused package xtables-addons-common from the install list
- Revert improper removal of non systemd support

2017-11-03 -- version 1.9.5
General:
- AtCtMon bandaid
- Hermes rescue broken connections to keep logs cleaner
- InsightAPI ensure directories exist
- Remove dead SMS code
- Fix service wants/requires in systemd
- Remove unneeded GPSD package on fixed sensors
- Trihard config validation
- Remove Kali 1 support
- BlueHydra consistency check on DB
- InsightAPI config validation fix
- Pwnix Service files cleanup
- Add Watchdog
- Dhcp0f ignore failure
- Dhcp0f pass domain name if available
- PwnScan weight hostname
- PwnScan parse domain name from dhcp into fqdn when possible
- PwnScan speed up slowest db access by a factor of ~5
- PwnScan ensure 0.0.0.0 hosts are set offline
- PwnScan bring passive arp back into targets
- PwnScan intelligent IP handling from passive dhcp
- PwnScan hosts unthrottled on meaningful changes
- PwnScan arp_up savior added
- PwnScan stop port fingerprint flapping from time data
- PwnScan extra sync measures to prevent cloud CDP race condition
- PwnScan disable dns resolution when not required
- Patfat Include last_visible time with SSIDs
- Patfat Include whether it is likely that an AP is broadcasting multiple SSIDs (as opposed to transitioning to another SSID)
- Patfat Do not expire the last SSID an AP has to reduce flapping (will still be removed when it's presence rotates out after two hours)
- Patfat Fix race with two last_visible calls that extremely rarely may cause a nil exception
- Patfat Fix nil check issue when an item has expired but we're still trying to identify how long it was visible for

2017-09-28 -- version 1.9.4
General:
- PwnScan fix mark online call
- PwnScan pass score for best device_type match

2017-09-27 -- version 1.9.3
General:
- Blue Hydra stun database instead of cause backlog
- Blue Hydra cleanup ancient stuff from db (lowers RAM usage slightly)
- CWIPS add wireshark 2.4 support
- CWIPS slightly modify hop/xmit pattern
- PwnScan dhcp0f and fingerbank support
- PwnScan port timeout detection improvement
- PwnScan host inspection queue push/pop reorder
- PwnScan status thread poke recently offline hosts

2017-08-24 -- version 1.9.2
General:
- Blue Hydra must be root to start
- Blue Hydra CUI filtering *glory*
- CWIPS add new prevention rules
- Remove deprecated sshd_config options
- Make automated testing available on sensor with gusto
- Remove OpenVAS temporary tasks when not needednoise from PXT
- Add sensor events to PXT
- Deregistration / cleanup.sh restart insight last
- Re-add aircrack-ng for EvilAP
- PwnScan improve matching logic - split local and remote, refine local rules further
- PwnScan add host inspection thread/queue/scan for individual host scanning
- PwnScan auto detect host (port) scan timeouts and inspect host further
- PwnScan improve host status checking
- PwnScan improve port scan used for port savior checking - stops port flapping
- PwnScan fix host OS updating around OS info (accuracy vs source ranking)
- PwnScan inspect hosts based on status changes
- PwnScan drop all scan timeouts
- PwnScan improve service scan accuracy
- PwnScan stop SMB vuln detection from creating cloud side duplicates for new records
- Fix OpenVAS provisioning for Kali 1
- Bump Louis version: update OUI database, minor performance improvements
- CWIPS - Add channel verification
- CWIPS - Add RSSI API
- BlueHydra - Add RSSI API
- Trihard - Consume rssi api from cwips and bluehydra
- Hermes handle and shame failed insight calls which return no data
Mobile:
- Actually export Blue Hydra in CSV

2017-07-21 -- version 1.9.1
General:
- MOTD last thing done on update
- Diasble older SSL connection options Hermes & Connection Dr
- PwnScan blob targets uniq fix
- Ease upgrade of hosts which upgraded from Kali 1
- Prevent chef from updating more than once a day
- Add cwips events for demo purposes
Mobile:
- Remove too specific deps on libbtbb and libubertooth

2017-07-17 -- version 1.9.0
General:
- InsightAPI AdNauseam rename fix
- InsightAPI expand permitted update pack target names
- px connection dr stop testing things we dont connect to
- OpenVAS submit report ourselves if it fails to
- OpenVAS remove --deep, dangerous and mostly untested
- px update openvas update OpenVAS9
- fix pwnscan.service to actually run netvalid prestart
- autorun dist-upgrade after adding Pwnie debian repo
- restart redis immediately on upgrade
- PwnScan fix vlan helper IPAddr include? bug
- PwnScan fix port flapping bug
- PwnScan add more fatal notifications
- PwnScan add eth0 check, add overlapping target check
- make update slightly quieter
- make update more resiliant to dpkg failures
- downgrade broken kernels
- kernel safety check to ensure broken kernel isnt installed
- fix logic bug forcing reinstallation of ruby dev every update
- improve logic for kernel change reboots

2017-07-10 -- version 1.8.10
General:
- Minor fix to ruby development check
- Minor fixes to gold image script
- Tweak to openvas update logic (what utility gets run)
- Don't log martian packets
- Don't manipulate legacy service unless required

2017-07-06 -- version 1.8.9
General:
- Add Trihard alpha
- Add CWIPS public beta
- Rename AdNauseam
- Catch oom errors and exit when possible
- Update for OpenVAS9
- Realtime Wireless drop sqlite internally
- Realtime Wireless vast performance improvments
- Realtime Wireless now tracking wireless assets over a longer period of time
- Realtime Wireless assets now have an internal history, allowing more reliable logic on their uptime and state
- Realtime Wireless more reliably track client's probes
- Realtime Wireless adjusted connection logic to reduce noise and false connections
- Realtime Wireless added comprehensive test coverage over all business logic
- Vuln Scan minor adjustments to client library to handle unexpected disconnects
- Prevent vuln scan from triggering errors in insight's logs
- Ensure OpenVAS is restarted after database migrations
- Add safety checks and notifications to sensor upgrade
- Only permit sensor to update to the same version once per day
- BlueHydra add sensor notifications for errors
- BlueHydra remove excessive sync to pulse
- Hermes expose currently running jobs through process names
- Pwnix utils add sensor notifications
- Px subnet info (re)add sensor's non-normalized IP
- Px troublshooter show top 5 memory users, up from 2
- Pwnix chef add sensor notifications
- Fix sensor notificaiton rate limiting
- Bump nmap version
- Send event crashes wont propegate to code that includes it
- Insight plugin cleanup and fixes
- PwnScan large refactor, performance optimizations
- PwnScan newly created host save relationships at sync
- PwnScan validate sensors network configuration in systemd pre-start
- PwnScan use iNotify
- PwnScan port closing bug fix
- PwnScan newly created host double status check bug fix
- PwnScan status thread lookalike bug fix
- PwnScan passive arp offline host creation bug fix
- PwnScan deduplicate macs at startup
- PwnScan enforce macs are unique across all records while creating and updating
- PwnScan resultsprocessor ignore single IP targets in set_hosts_offline
- PwnScan fix changed to reflect changed not last_seen in attribute meta
- PwnScan reorder + add in reliable attributes to also consider in matching
- PwnScan track targeted hosts with passive arp too
- PwnScan scan queue wont allow overlapping CIDRs
- PwnScan removes dead targets from queue if config changes
- PwnScan fix nmap smb vuln parsing after nmap verison bump

2017-05-26 -- version 1.8.8
General:
- Chef cleanup warnings
- Chef disabled services now masked
- Hermes handle unified config messages from Pulse
- Hermes sync time to pulse on connection
- InsightAPI add network_info to system properties
- InsightAPI add config valid check for PwnScan in system properties
- InsightAPI write status file when updating Pulse
- InsightAPI multiple Ruby 1.9 fixes
- sync_properties handle corrupt properties file
- add SensorEvents (Pulse SensorNotifications)
- px-connection-dr now validates sni MITM
- px-subnet-info add json mode and normalize subnet
- px-system-id add hardware detection
- BlueHydra fix various warnings
- PwnScan prevent multiple instances from running concurrently
- PwnScan add timestamps to all attributes_meta (includes startup migration)
- PwnScan remove redundant less accurate data (os version)
- PwnScan add attribute meta reset
- PwnScan stop shipping os_accuracy to Pulse (its unused)
- PwnScan add sensor notifications
- PwnScan add fatal error for no valid px-subnet-info data
- PwnScan add in_targets boolean on network hosts
- PwnScan dont send to pulse while starting
- PwnScan dont sync to pulse unless there is a reason to
- PwnScan simplify marking hosts online, offline and duplicate
- PwnScan format hostnames consistently
- PwnScan merge smb-os script data with nmaps os data instead of overriding
- PwnScan remove discovery and service scans in favor of smb-os-service scan to reduce inaccurate data and simplify matching
- PwnScan only rewrite the config if it changed and fix target validation and remove old keys
- PwnScan remove expensive db query for debug log
- PwnScan bump version and fix spec
- PwnScan dont double send hard reset
- PwnScan refactor vulnscan thread and add vulnscan flush
- PwnScan simplify passive arp offliner
- PwnScan allow status thread to mark hosts in target subnet online as well as offline
- PwnScan allow_match consistency check
- PwnScan rename variables from reserved words

2017-05-02 -- version 1.8.7
General:
- CWIPS fix kismet integration
- Patfat remove sqlite db
- Vulnscan dont scan when OpenVAS considers a target invalid
- px-subnet-info more safety checks
- px-system-id get MACs from wizard not macchanger due to macchanger bug
- px-system-id get specific ssd serials, not a jumble of all of them
- PwnScan add gateway_ip,gateway_mac,interface detected on, vlan detected on, subnet detected on
- PwnScan avoid double sync_to_pulse on new host creation to avoid cloud race
- PwnScan validate network information and cache when reading in
- Add Ardennais Plus
Mobile:
- fix freeradius wpe configs
- read MAC address through wizardry instead of macchanger

2017-04-21 -- version 1.8.6
General:
- Tags were incorrectly applied to repos

2017-04-21 -- version 1.8.5
General:
- insight_api send up system information for all registered sensors
- insight_api add Credential Request plugin
- px_subnet_info add gateway MAC when available
- add Pwnie apt repository
- PatFat correctly parse encryption type
- PatFat detect WPS properly
- AdNauseam beta (v0.0.2) Pulse + Credential management
- px-subnet-info fix several bugs
- PwnScan fix passive arp reply parsing
- PwnScan add cache for network information + warnings
- PwnScan add discovered_by Network Host model
- PwnScan add IP validation on Network Host model
- PwnScan more reliably pass source for attributes meta
- PwnScan only actively scan things in targets
- PwnScan default logger to info to surpress early debug log leakage
- PwnScan use passive arp to offline hosts not in targets
- PwnScan passive arp only used for hosts outside of targets
- PwnScan automatically create new DB if DB is corrupt
- PwnScan fix network config warnings and elevate to error
- PwnScan validate host offline if possible not just missing from scan results

2017-04-04 -- version 1.8.4
General:
- PwnScan fix for non-scoped targets
- PwnScan more information for non-scoped targets
- CWIPS alpha with channel control

2017-03-31 -- version 1.8.3
General:
- add AdNauseam alpha
- add Cool WIPS alpha
- blue_hydra add sighup support for logrotation
- blue_hydra lower severity of debug message
- blue_hydra fix service data leaking into service name
- hermes fix tests, code cleanup, dead code removal
- hermes fixing breaks in read threads
- insight drop direct manipulation of Pwnscan config file
- insight fix crash when scanned by OpenVAS
- realtime wireless add safelogger
- px troubleshooter add new services and top memory users
- insight, patfat - fix logrotate
- blue_hydra, pwnscan - add logrotate
- pwnscan add config validate mode
- pwnscan handle sighup rereads config and reinits logger
- pwnscan replace magic with standardized deep magic
- pwnscan fix to work on moto
- pwnscan remove local and remote targets in favor of targets
- pwnscan fix discovery scan to scan things in db
- pwnscan initial discovery scan blocks like it was intended to
- pwnscan another hard reset on update - simple vulnscan was bad
- massively update ruby gems in use
Mobile:
- fix typo in kismet one touch script

2017-03-17 -- version 1.8.2
General:
- debian needs ifupdown to configure network interfaces but somehow it isn't default

2017-03-15 -- version 1.8.1
General:
- w3af-console is no longer found in Packages upstream
- drop some unneeded packages

2017-02-09 -- version 1.8.0
General:
- px-subnet-info -l add vlan information
- px-subnet-info show eth0 subnet by default
- PwnScan add optional offline all cloud network hosts at first run after update
- PwnScan process arp replies correctly
- PwnScan dont clobber mac addresses
- PwnScan remove unused ip_addresses function
- PwnScan cache interface/vlan info
- PwnScan process and handle vlan tags properly
- PwnScan add warnings for unusual (broken) network configurations
- PwnScan do not delete duplicate hosts - mark ineligible for matching
- PwnScan pass interface flag to arpscan
- PwnScan add pwnix management interface to blacklist dynamically at startup
- PwnScan handle known IP matching corner cases
- PwnScan add logging to identify source of host duplication
- PwnScan fix "evalute" function typo
- PwnScan deterministicly choose exact duplicate hosts in weightedmatcher
- PwnScan send up hard reset if duplicate hosts found
- PwnScan send up a sync (reset) to offline all not in current DB at start
- PwnScan handle passive arp correctly
- PwnScan only union remote and local targets since pulse cannot set targets directly
- PwnScan offline duplicate IP hosts

2017-01-27 -- version 1.7.30
General:
- atctmon: send reset to pulse when first started to ensure old data can be cleaned up
- blue_hydra: send reset to pulse when first started to ensure old data can be cleaned up
- blue_hydra: add icon
- blue_hydra: adjust scanning script to logfile name
- insight_api: Fix subnet matching
- updates: restart kismet whenever the update restart realtime wireless
- realtime_wireless: use kismet timing information to drop pre-cached data

2016-12-28 -- version 1.7.29b
General:
- refactor service disabling
- update spec

2016-12-26 -- version 1.7.29a
General: improve service disabling to only happen when needed

2016-12-23 -- version 1.7.29
General:
- px-subnet-info: -i updated to only show if we have an interface
- backup script: add default file name with date
- pwnscan: sync_version support
- pwnscan: prevent IPV6 addresses from being used in the VlanHelper
- disable clamav services due to logs filling the drive
- do not add metasploit by default on fixed line

2016-12-12 -- version 1.7.28
General:
- atctmon: sync data to pulse at startup
- atctmon: add sync_version to pulse data
- blue_hydra: fix developer console
- px-subnet-info: improve -i flag
- pwnscan: specify interface for nmap scans
- pwnscan: automatically determine local vs remote subnets
- pwnscan: add rake task to offline hosts
- vulnscan: safer renewal of certificates
- openvas: fix auto cert renewal time logic
- spec: fix typo in spec introduced in 1.7.27 for kali1 sensors
- spec: remove tests that don't apply to packages that we don't touch
- update.sh: better testing for installed packages
- update.sh: keep locale fixing non-interactive
- realtime_wireless: better dealing with timestamps from kismet
- realtime_wireless: bad data from kismet won't stop the service

2016-12-05 -- version 1.7.27
General:
- insight: Add in support for radiotap
- insight: Disconnect redis from openvas service control
- insight: Fix reverse SSH over SSL
- insight: Minor copy fix on shell names
- insight: Fix system blacklist updating
- px-subnet-info: Add -i flag for showing interface / subnet
- redis: Moved to general service, not vuln scan specific
- Remove chkconfig, on kali 2
- Remove SET and manatoolkit on fixed lines
- vulnscan: Allow database rebuilds to fail when updating (safety mechanism)
- pwnscan: Send vulnerabilities for open smb shares on network hosts
- receiver script: updates and fixes

2016-11-18 -- version 1.7.26
General:
- insight: Make registration log available
- insight: Some language display adjustment around Pulse registration
- insight: Tweak to service control to prevent running start scripts when the
  service is already running.
- openvas: Added automatic certificate renewal system to help keep OpenVAS
  stable.
- Disable intel bt in preference for using the sena

2016-11-11 -- version 1.7.25
General:
- atctmon: import world mcc/mnc list from wikipedia
- atctmon: add pulse reset
- image-prep: rm kali upgrade backup file
- kali-rolling: auto upgrade from kali 1 (fixed line only)
- patfat: bump to version 0.9.22
- patfat: changed SSID expiration to 600s
- patfat: included kismet alert type information
- patfat: output useful error when failed to save SSID

Mobile:
- evilap: fix log creation of active clients when quitting

2016-11-04 -- version 1.7.24
General:
- cleanup vulnscans when running cleanup script
- cleanup.sh only remove history from homedirs
- fix typo in pwnix_kismet_server
- px-troubleshooter: force text mode when parsing log files
- update kali-rolling upgrade script

Mobile:
- evil_ap: fancy new ui

2016-10-25 -- version 1.7.23b
General:
- fix rspec to not test gnokii-smsd

2016-10-24 -- version 1.7.23
General:
- rename Sophia to Ardennais
- px-troubleshooter: truncate update.log
- passive_recon service: switch dsniff to ettercap and fix logging
- update.sh: set locale if unset
- update.sh: ease transition to https repo automatically
- remove gnokii-smd package for kali rolling

Mobile:
- add AOPP product
- px-connection-dr: do not test openvas stuff
- evilap: fix double/triple cleanup to ensure multiple runs work properly
- evilap: add noise so it's obvious what is happening

2016-10-14 -- version 1.7.22
General:
- hermes: support dispatch stunning
- debug-pack: add xz compression
- debug-pack: only search rootfs for large files
- insight: add debug pack function
- insight: add connection dr function
- insight: add system-health function
- insight: reorg navigation and page structure to match pulse use case
- insight: add admin page with functions
- insight: alert user when default password has not been changed
- insight: improve documentation

2016-10-07 -- version 1.7.21
General:
- blue_hydra: add pulse debug option
- blue_hydra: add sync_version
- blue_hydra: update corelation process
- blue_hydra: add reset for starting with empty DB
- blue_hydra: add support for agressive RSSI syncing
- blue_hydra: handle SIGINT better
- cleanup.sh: restart insight to deal with logging issues
- pwnscan: protect against missing values in custom script xml
- realtime_wireless: send up periodic status messages for devices we have seen in last 5 minutes
- nac bypass: overhaul nac bypass scripts to support kali rolling
- kail rolling upgrade: ensure systemd is installed
- minor logfile fix for update script

Mobile:
- evil_ap: switch from dhcpd to dnsmasq
- ssl_strip: change default interface for new evil ap support
- wifite: use aircrack instead of tshark to find handshakes
- blue_hydra: fixed CUI for mobile line

2016-09-09 -- version 1.7.20

General:
- blue_hydra: handle already dead threads
- blue_hydra: supress known l2ping errors
- blue_hydra: fix path for corrupt database recovery
- insight: get service status from exit code
- insight: v1 update now calls v2
- px-subnet-info: fix and add -a flag
- px-system-update: fix for new syntax
- px-update-blacklist: update path to pwnscan.json
- pwnscan: prevent syncing test data to pulse
- update: switch to https
- update: better testing for missing packages
- update: use --reinstall to fix broken critical packages
- update: fix bugs caused by system-setup migration
- kismet: add regular check for health, restarting the service when it fails

2016-08-26 -- version 1.7.19

General:
- blue_hydra: properly test for ubertooth and reflect status in CUI
- blue_hydra: set mode type from parser and enforce default values
- blue_hydra: fix offlining bug for devices detected by ubertooth
- blue_hydra: fix call absolute path call to ubertooth-util
- fix kali-rolling to use dist-upgrade instead of upgrade
- syntax improvements and code cleanup for update.sh & run-chef-solo.sh
- fix bug with remounting system read-only
- merge system-setup.sh into update.sh

Mobile:
- automatically detect when wifi devices labels are switched
- automatically run 'dpkg --configure -a' as needed during update
- evilap.sh: fix regresion on AOPP
- nmap_scan.sh: specify interface

2016-08-19 -- version 1.7.18b

General:
- pwnscan: drop nbtscan due to mis-corelation issues

2016-08-19 -- version 1.7.18a

General:
- insight: fix pwnscan config migration when pwnscan is off during migration

2016-08-19 -- version 1.7.18

General:
- blue_hydra: ubuntu path fix for bluez test scripts
- blue_hydra: add 'q' to quit to cui
- blue_hydra: default cui sort order to 'seen at'
- blue_hydra: nil logger support
- insight: properly check which init system to use for managing services
- insight: added a service target to update kali-rolling sensors
- px-troubleshooter: truncate logs to show only last 100 lines
- kali-rolling switch to QA'd repos
- pwnscan: add nbtscan support
- pwnscan: extract fqdn from SMB OS detection script to use as hostname
- pwnscan: tell me i'm frozen but what can i do
- pwnscan: only kill threads that exists (haven't crashed)
- pwnscan: deduplicate SMB and Service scans and prioritize SMB queue to improve rate of SMB OS detection script runs
- patronus fati: limit active ssids per bssid
- update script: fix locking to prevent running update script multiple times
- update script: don't run fix_apt code unless absolutely needed

Mobile:
- evilap: fix non AOPP regression

2016-07-29 -- version 1.7.17

General:
- blue_hydra: check if threads are alive before killing
- blue_hydra: require more exactly
- blue_hydra: more errors on cli
- blue_hydra: only kill the running threads
- drop build-essential cookbook
- insight: remove citadel licensing
- insight: fix for new data location
- insight: update pwnscan config location
- minimize openssh and sudo cookbooks
- fix permissions on /opt/pwnix/data

Mobile:
- evilap: fix hostapd-wpe cleanup
- set: fix site cloner to not need apache
- tshark: fix logging mode to still show packets
- usb copy: dereference symlinks and do not try to preserve permissions
- fix for updating very old PP2014 factory images to current for AOPP upgrade pathing

2016-07-21 -- version 1.7.16a

General:
- Ensure new paths are purged by image_prep
- Purge blue_hydra and atctmon configs and database during image_prep
- Fix pwnscan development console

Mobile:
- Fix blue_hydra database path in blue_hydra utility

2016-07-21 -- version 1.7.16

General:
- Migrate service state and config to common directory for sensor 2.0
- migrate atctmon and blue_hydra to yaml config files
- hermes - handle pre-emptive certificate expiration check more reliably
- insight_api - don't attempt start / stop / status checks on unavailable services
- insight_api - pass generated session secret through to secure cookie handler explicitly to silence warning
- prevent raised exceptions in px-connection-dr when unable to connect to server
- better clean up logic when deregistering a sensor
- silence warning in px-system-id when lsblk isn't present
- include network config in px-troubleshooter
- include complete iptables state in px-troubleshooter
- include pwnix license check in px-troubleshooter
- include blue_hydra and atctmon configs in px-troubleshooter
- whitelisted firmware packages for the autoupgrade script
- update kali-rolling magic upgrade scripts
- backup / restore scripts more gracefully handles missing directories
- blue_hydra - default to no pulse
- blue_hydra - add support for demo masking of mac addresses
- blue_hydra - add magic recovery from rfkill and hardware lockup
- blue_hydra - add magic recovery from bluetoothd lockup
- blue_hydra - compress btmon logs
- blue_hydra - make cui pretty
- blue_hydra - support reading gzipped btmon files
- blue_hydra - support testing on devices with no bluetooth adapter
- blue_hydra - Fix Gemfile for actual use
- blue_hydra - add BSD-3 license for open source release
- blue_hydra - lots and lots of comments
- make update.sh log more
- ensure e2fsprogs is installed

Mobile:
- evil ap - perform cleanup when receiving more aggressive signals
- fix bad syntax in choices for some scripts

2016-07-19 -- version 1.7.15a

General:
- hermes - wait for renewal request confirmation before disconnecting
- hermes - log additional error messages from Pulse

2016-07-13 -- version 1.7.15

General:
- hermes - add better dead lock protections
- hermes - fix issues with wrong worker killed during IPC issues
- hermes - when authentication fails five times, will now request it's status from pulse
- hermes - handle expiration and revoked status for authentication material
- hermes - fix typo on method that cleans up after a sensor has been rejected

2016-07-08 -- version 1.7.14

General:
- fix novatel on newer kernel to use option driver
- blue_hydra - fix aggressive_rssi

Mobile:
- Fixes for sns endpoint generation and package verification (legacy)
- Ensure update path functional on all non-aopp builds

2016-07-01 -- version 1.7.13

General:
- pwnscan - sanitize local_targets in the config file
- pwnscan - a few extra workarounds for dm-types bug
- drop "datamapper" in favor of "data_mapper"
- insight - add the secure flag on session cookies

2016-06-29 -- version 1.7.12a

Mobile:

- fix copy pasta reversed safety logic

2016-06-29 -- version 1.7.12

General:
- blue_hydra - add compressed raw log
- blue_hydra - add initial ibeacon support
- blue_hydra - add initial gimbal support
- blue_hydra - add and use uuid tracking in cui
- blue_hydra - improve mac address tracking to support changes
- blue_hydra - improve ubertooth detection
- blue_hydra - add some hot keys to adjust cui sort and columns shown
- blue_hydra - catch sigint "properly"
- px-system-id - add system information and send with registration
- networking - dhcp only request gateway and dns on primary interface
- xtables - add xtables for support of Android 5 default rules, etc
- pwnscan - offline blacklisted hosts
- pwnscan - add support for "no_arp" mode
- update kali-rolling upgrade scripts with whitelist package check
- update kali-rolling upgrade with minor fixes

Mobile:
- evilap - add support for hostapd-wpe
- dnsspoof - add support for hostapd-wpe


2016-06-14 -- version 1.7.11

General:
- spec - switch rspec to use in memory db for pwnscan & atctmon
- pwnscan - auto-black list first and last addresses of default subnets (.0 / .255)
- blue hydra - add uuid to device models

Mobile:
- evil ap - ensure dhcpd.leases file exists

2016-06-10 -- version 1.7.10

General:
- hermes - handle errors around IPC pipes
- insight - rm deprecated wireless survey functionality
- insight - prevent blank passwords from being set for pwnie user
- insight - fix use of ip route for pwnscan and system properties
- kali-rolling upgrade - improve service management post upgrade
- pwnscan - fix bad call in port model callback
- patronus_fati - fix early client recording bug
- patronus_fati - remove client connection threshold
- connection-dr - test www.openvas.org:80
- connection-dr - allow siphon tld
- update - run apt-get --fix-broken liberally

Mobile:
- blue_hydra - write summary to captures directory after app run
- ubertooth - fix selection of ubetrtooth-rx or ubertooth-lap


2016-06-03 -- version 1.7.9
General:
- enforce updating config files during apt use
- ship optional kali-rolling upgrade scripts
- add vlan package for proper vlan support
- blue_hydra - add optional aggressive rssi reporting
- troubleshooter - recursive list of log files
- troubleshooter - selectively read ssd temp
- troubleshooter - add smart disk diagnostic information
- troubleshooter - alert on diskspace
- evilap - fix config file locations
- passive_recon - prohibit/stop service when drive is >79% full
- pwnscan - consolidate db access to avoid write lock contention
- pwnscan - remove unused method
- pwnscan - split vulnscan queue into high (new hosts) and low priority
- pwnscan - do not add hosts to vulnscan queue if they have been recently scanned
- improve date wrapping during upgrade

Mobile:
- ettercap - update to support kali-rolling, cleanup script
- sslstrip - update to support kali-rolling, cleanup script
- tshark - cleanup script
- ubertooth - update to support kali-rolling, minor improvements
- remove unused samba and smbclient packages

2016-05-25 -- version 1.7.8
General:
- chef - add tcpdump package
- chef - purge unused system packages
- hermes - improve logging
- hermes - additional error handling
- hermes - remove use of zlib and fix IPC bug
- hermes - improve recovery in working communciations
- hermes - handles additional error states for workers
- openvas - add --pulse flag to parser script to send directly to pulse
- openvas - improve service checkin in insight
- pwnscan - Add configurable vulnscan flag to run Vulnerability Scan against new hosts one at a time
- pwnscan - Add OS Version attribute
- pwnscan - Add use of SMB OS Detection Nmap Script for certain Systems
- pwnscan - Improve behavior and consistency of Blacklist
- pwnscan - Improve local subnet Enumeration to allow for scenarios where tunneling is enabled
- pwnscan - Track what scan source an attribute was set for, attempt to not down grade to prevent flapping
- troubleshooter script improvements around service checking
- unsafe-cell-id - caputre sim mccmnc

2016-05-05 -- version 1.7.7

General:
- Remove unused cookbooks
- atctmon - autodetect serial port
- blue_hydra - add rssi logfile
- blue_hydra - always rewrite pretty config file
- hermes - reduce logging on messages while disconnected
- insight - fix interface up/down detection
- insight - fix service not available checking
- Add Sophia (not Sofia) hardware support
- 4g rshell - add support for att m2m network
- 4g rshell - add routing options
- rshell - prevent shell from closing on insight restart
- health check - add thermals
- cell id - always call safely
- cell id - add support for detecting cell/sim issues
- cell id - add support for detecting physical device
- move hostname setting from image_prep to firstboot
- patfat - respect gemfile version
- patfat - ssid expiration fix
- patfat - do not reset ssid on restart
- patfat - fix thread spawning on unsuccessful connection
- patfat - optimize sqlite usage
- use the correct public repo for kali2/rolling
- openvas - fix updater to check time delta properly
- add locking support to update.sh to prevent simultaneous runs

Mobile:
- evilap - fix hostname/mac rolling
- evilap - fix magic ipv4 -> ipv6 nat


2016-04-15 -- version 1.7.6a

Mobile:
- Properly notify PXUpdater of successful update

2016-04-15 -- version 1.7.6

General:
- Blue Hydra -- fix ubertooth-rx -z detection
- Hermes -- run client thread rescue properly
- Rshell -- unify setup and checking for rshell
- Rshell -- use ssh keep alive instead of autossh port forward loopback
- Rshell -- do not connect if port forward fails
- px-realtime-wireless -- retry Kismet 3 times then accept defeat
- px-troubleshooter -- cleanup and various improvements
- Create installed-version-id on update success

Mobile:
- Remove Android apks (except PXUpdater), now built into aopp
- Prevent PXUpdater from being installed on aopp
- Remove system scripts, now built into aopp
- Fix nmap script ip conversion bug and add support for multi-homing
- Change _apt group to default to AID_INET and add required members
- Stop mounting /system rw on Android API > 19
- Stop creating /system/etc/vendor/pwnieexpress for latest-version-id file

2016-04-07 -- version 1.7.5

General:
- Blue Hydra -- handle known Bluez warnings
- Blue Hydra -- add ubertooth package to be installed via chef
- Blue Hydra -- require bluetooth.service not just bluetooth.target
- Insight -- don't disclose sensor type to unauthenticated users
- px-connection-dr -- more invalid cert info
- OpenVas -- moved redis socket to /var/lib/redis/redis.sock
- Handle nmap version change in spec
- bump nokogiri gem version
- px-bluetooth-discovery -- fix crash on corner case error from hcitool

2016-03-21 -- version 1.7.4

General:
- Add Support for PwnPlug R4
- Use packaged bundler instead of gem bundler
- Add support for safely calling update.sh from pulse
- Handle new `ifconfig` output or switch to use of `ip`
- Add kali-rolling Support
- Use dist-upgrade instead of upgrade for kali 2+ in run-chef-solo script
- Add support for ruby 2.2 and 2.3
- Inform Pulse about presence of cell adapter
- Remove unused subnet_info.sh script
- Use --force-confnew & --force-confmiss DPKG options for apt-get
- Add  htop, iotop, nano and strace packages
- Ensure libopenvas8 is installed where needed
- Redirect update.sh to call Insight if RUNNING_IN_INSIGHT flag is set
- AtCtMon -- split mccmnc files into country code groups
- AtCtMon -- add config file support
- Blue Hydra -- add  CUI option
- Blue Hydra -- reduce sync volume
- Blue Hydra -- add Blue Hydra periodic sync
- Blue Hydra -- ensure bluetooth target has started first
- Hermes -- avoid starting extra API workers
- Hermes -- add heartbeat
- Hermes -- stabilize network socket result thread
- Hermes -- remove use of config file
- Hermes -- improve management of workers
- Hermes -- add timeout to IPC connection to master in generic worker
- Insight -- handle invalid JSON in config file on start
- Insight -- add passive recon disk usage warning
- Insight -- prevent from failing to start on deregistration
- Insight -- add RUNNING_IN_INSIGHT flag to bin_runner plugin

Mobile:
- Blue Hydra -- add blue_hydra.sh to launch cui
- Fix _apt user groups

2016-02-24 -- version 1.7.3

General:
- Disable automatic partition resizing on non-gold generated images

2016-02-19 -- version 1.7.2

General:
- Remove unused resetting code from at_ct_mon's run script
- Handle random MAC addresses reported vendor in blue hydra
- Offline bluetooth devices during blue hydra's startup
- Add ubertooth support to blue hydra when present
- Add diagnostic server endpoint utility for hermes
- Massive overhaul of the hermes worker that communicates with Pulse
- px-bluetooth-discovery is completely replaced by blue_hydra where supported
- Added tool for identifying what GSM adapter is plugged into a sensor
- Reporting connected GSM adapter to Pulse
- Made ruby safe logger thread safe
- Preliminary cookbook support for kali-rolling
- Gold image disk will be automatically resized during first boot
- Ensure EPA's wireless firmware is installed on clean gold images
- Ensure traditional linux interface names are used in clean gold images
- Removed, db5.1-util from installed packages
- Added psmisc to installed packages
- Ensuring apache isn't running after it gets installed as a dependency
- Enable weekly fstrim on devices that support it
- Move redis socket location out of /tmp to /var/tmp
- Fix some broken test coverage

Mobile:
- Removed hostapd deb and config that was no longer necessary
- Updated PXUpdater

2016-02-05 -- version 1.7.1

General:
- Fix issue with Hermes IPC communications
- Offline old bluetooth devices when restarting blue_hydra
- Enforce shutdown of hermes in init script when stop call is sent
- Fix support for alternative server ports in Hermes
- Allow controlling at_ct_mon through local UI
- Fix 4G shell and cleanup other shell's status check
- Report blue_hydra, at_ct_mon, and openvas service status's to Pulse
- Allow OpenVAS's scap data sync to retry database update automatically
- Automatically resize system partitions during first boot
- Add SafeLogger to PwnScan
- Added hermes testing utility that works as a stand in for Pulse

2016-02-02 -- version 1.7.0

General:
- use network result socket for Hermes
- add BlueHydra realtime bluetooth service
- add system safe logger and test
- switch Hermes & Insight to use system safe logger
- ability to specify update version in Insight v2 system/update plugin
- move AtCtMon db file to /opt/pwnix
- remove auto-reset of 4g card in AtCtMon
- cleanup legacy Hermes code
- send system properties from hermes with every connection to Dispatch
- fix 'socket would block' errors in Hermes
- suppress output of service management in Insight logs
- add distribution to system properties info
- ditch external Nginx cookbook
- better error logging for OpenVas utilities
- update px troubleshooter script
- switch blacklist script to use drop target instead of reject
- add --quiet flag to OpenVas update
- handle OpenVas connection issues gracefully
- enable retrial of downloads for package updates
- rotate Insight logfile properly
- fix backup and restore scripts
- add AtCtMon to systemd controls
- handle kali forcibly disabling network services
- stop installation of unused packages
- enourage rsyslog and cron to start
- use curl where possible for initial OpenVas data sync
- reject bad BSSIDs in realtime wirless service
- remove tech_debt() as a function
- fix truncating of update log
- Fix bluetooth discovery crashing with longer intervals
- Prevent 3G & 4G from setting up multiple times
- Remove resource handle leak in hermes master loop

2016-01-20 -- version 1.6.20

General:
- Fix issue where AP MACs would be sent up instead of Client MACs

2016-01-08 -- version 1.6.19

General:
- Silence OpenVAS update during Chef run
- Handle local / global bit in MAC address vendor lookups
- Drop wired clients leaking into realtime wireless
- Remove gem server from px-connection-dr
- Enforce population of node['pwnix'] by default

2016-01-06 -- version 1.6.18

General:
- Optimize 4G scanning (atctmon)
- Attempt to recover 4G dongle when out to lunch (atctmon)
- Add and use system attributes in chef
- Hermes fixes for handling messages coming from result socket
- Fix pwnix-utils tests
- Add ruby safe_logger
- Restart px-realtime-wireless on update
- Add connection thresholding logic to px-realtime-wireless
- patfat - Prevent crash when parsing client message from kismet
- patfat - Add online sync messages to eliminate ghost online devices
- fix passive recon writing to daemon log
- fix nac bypass to allow r2 and AE
- install linux on sensors
- unneeded package cleanup

Mobile:
- Run chef-solo on firstboot
- Mark SElinuxfs readonly so apt-get works
- Chroot v2 support
- Support for AOPP builds
- Fix /data being improperly mounted nosuid

2015-12-17 -- version 1.6.17

General:
- Fixed issue with problem environment when update is run from insight

2015-12-17 -- version 1.6.16

General:
- Added 4G Service (atctmon)
- Centralized Gem and lock files
- Centralized Gem vendoring
- Created Ruby 1.9 and Ruby 2.1 specific gem lock files
- Fixed init script headers
- Configured ruby services to use central gem lock file
- Fixed realtime wireless crash during long quiet periods
- Fixed invalid data handling on BSSID records in realtime wireless
- Service control fixes to support kali 2 (systemd)
- Updated, cleanup and fixed pwnix_passive_recon, ssh_vpn, stealth_mode and fixed line evil AP
- Added systemd unit files for pwnix services in preparation for systemd transition
- Switch chef to make use of node attributes where appropriate rather than shelling out
- Merged 'EPA only' packages into all sensor lines (required for clean images)
- Fix conditional restart on pwnscan when it's enabled
- Cleanup fix and improve system tests
- Ensure update script exits with an error code when it fail
- Create a swap file if it doesn't exit before running the update
- Fix hermes handling of UTF-8 on the result socket
- Update backup and restore scripts
- Prevent excessively large log files from PwnScan

2015-11-30 -- version 1.6.15

General:
- Pin version of ohai to prevent gem resolution errors

2015-11-24 -- version 1.6.14

General:
- Added system wide blacklist for all scans and communications controlled by the PwnScan blacklist
- Ensured network changes, and pwnscan configuration changes would trigger the blacklist update
- Fix system spec that couldn't find some chef managed files

2015-11-19 -- version 1.6.13a

General:
- Update version of patronus_fati gem to correct WEP reporting issue
- Add sources.list fix to update.sh script for correcting sources.list earlier in the update process

2015-11-13 -- version 1.6.13

General:
- Prevent insight from starting reverse shells or running custom scripts if /opt/pwnix/.sensor-lock exists
- Properly disable pwnscan service when stop action occurs
- Pause, not stop openvas and restart properly when updating
- Reorganize OpenVas recipe in chef
- Output current system version before running chef solo to update
- Do not truncate update log when updating

2015-10-27 -- version 1.6.12

General:
- Fix path in Hermes init script
- Handle bad JSON being sent to hermes result socket more gracefully
- Suppress bad output in Insight service status checks
- Prevent R3's from attempting to start openvas via Insight
- Support checking of Pwnscan Status in Insight on kali 2 sensors
- Clean up all shells when a duplicate shell_id exists
- Remove unused parameter in px-wireless-discovery script and Insight endpoint
- Remove unused cookbook dependencies
- Fix sequence of steps in px-deregister-dispatch script
- Add px-troubleshooter script
- Bump default scan length for bluetooth discovery
- Update kismet xml parser to dedup APs
- Add custom channel list to kismet config
- Pwnscan 0.2.0 Update
- - replace ProcessingHelper with ResultsProcessor
- - Update weighting logic to improve correlation
- - Add more spec
- - Improve logging


Mobile:
- Add stock chroot fallback logic to handle when kali image doesn't exist
- Deprecate wlan_interface_assigner.sh script

2015-09-17 -- version 1.6.11a

General:

- Still provide vulnerability results even when the scan has error'd out.

2015-09-16 -- version 1.6.11

General:

- Update Package Repository Paths
- kali 2 compatability refactor
- - Service Scripts
- - Insight compatability changes
- - Update Spec
- OpenVas fixes
- - Properly report openvas status to pulse with system properties info
- - Properly report errored scans in OpenVas
- - Enforce target variable always passed to px-simple-vulnscan script
- - properly configure redis for OpenVas
- - Only run initial DB rebuild once through chef
- - Initial population of OpenVAS is now done from a tarball on the update server.
- PwnScan Fixes
- - Recast String Columns VarChar(255)
- - Add lightweight model validations for Port Number Mac string format
- - Test coverage on host upate helper
- - Process macs to remove duplicate macs in string taking the last mac in every case
- - Fix comparison serializer method on Network Hosts
- Add logrotation for realtime wireless
- fix passive recon script
- chef run fixes in chroot creation environments
- Update default packages in chef
- Fix issue in wireless discovery where an AP would be connected to itself

Mobile:
- Safely created sdcard and system mountpoints if missing
- improve interface selection for evil ap script
- remove OpenVas installation from chef for mobile
- detect if running inside android system before installing apk's

2015-08-25 -- version 1.6.10b

General:
- Remove code that was breaking R3 system/request_properties
- Add test covering system/request_properties

2015-08-21 -- version 1.6.10a

General:
- Switch package update flag from force-confold to force-confdef
- Ignore default stunnel config in system integrity spec

2015-08-21 -- version 1.6.10

General:
- Added random nonce and logic time to Insight's session cookies
- Insight sessions automatically expire after two hours
- Insight sessions are invalidated after a user changes their password from
  anywhere on the system.
- Added new version of vulnerability scanning tools
- Rotating OpenVAS logs
- Replaced broken OpenVAS service control scripts
- Add OpenVAS service control to Insight
- Sending status of OpenVAS services to Pulse when available
- Added support for 'Deep' vulnerability scans
- Automatically handle modeswitching for huawei lowlink devices
- Added locales packages to the base package list
- Added mana-toolkit to the base package list
- Updated OpenVAS update process to gracefully handle running scans and only
  update changed files.
- Deprecated iconv gem in favor of Ruby 2.0.0+ compatible string encodings

2015-08-12 -- version 1.6.9b

General:
- Fix swapoff issue in image_prep.sh
- Ensure mkswap is formatting the system swapfile correctly during first_boot

2015-08-05 -- version 1.6.9a

Mobile:
- actually enforce cleanup of stale directories to allow MSF to run
- actually install device specific Settings APK

2015-08-03 -- version 1.6.9

General:
- Remove -Pn flag from default nmap scanning behavior
- Move PwnScan rescue block inside of loop so threads don't exit on errors
- allow PwnScan service to reload when chef updates so code updates get shipped out properly
- Fix behavior around creation of latest-version-id file
- enforce creation of swapfiles

Mobile:
- Enforce cleanup of stale directories to allow MSF to run
- Add support for chroot-only reset as well as full system reset
- New PXUpdater APK
- New device specific Settings APK

2015-07-10 -- version 1.6.8

General:
- updates to check-pwnix-license script in hermes
- remove deprecated legacy fix cookbook
- add px-connection-dr script
- prevent registration if sensor is already registered
- enforce stopped kali services
- install crda package
- add passive host detection to PwnScan based on ARP replies

Mobile:
- add version 1 chroot support for legacy sensors
- check default runlevel and start services as appropriate
- configure PS setting for each mobile script
- fix interface for dnsspoof
- allow dual band operation for EvilAP
- fix macchanger behavior to set sane hostname
- add f_channel_list function
- support version 1 for reset.shscript
- fix sslstrip script to prevent errors being printed to STDOUT
- fix airodump-ng flags
- add squashfs-tools package
- allow latest-version-id file to be read

2015-06-18 -- version 1.6.7

General:
- Handling certificate renewal logic in hermes
- Verifying authentication status when connected to dispatch server before
  starting communications
- Resolved issue with hermes startup when no log file is provided
- Add "change wipe to shred on logwiper" to 1.6.6 changelog
- run px-simple-vulnscan in jenkins
- fix kismet.conf checksum error in rspec
- Refactor openvas setup and run it on the mobile line

MobileT
- Minor chroot script fixes
- rewritten wlan interface assignment script
- always use wlan1mon interface for tools that need monitor mode
- move monitor mode control functions to px_functions.sh
- fix logging in btscan
- up interface before running tcpdump and tshark
- ship and/or update PXUpdater for all devices using chef
- use /proc/self/mounts for /etc/mtab
- autodetect window size in bootpwn
- Make image prep remove sensor registration
- Enable some sslstrip-hsts features when available

2015-06-15 -- version 1.6.6

General:
- Remove legacy console code
- Additional cleanup on deregistration
- standardize kismet.conf location
- Additional kismet init script safety checks
- on update only restart kismet if needed

Mobile:
- /var/run on tmpfs
- kismet.conf sync with fixed
- minor kismet_ui to avoid corruption
- disable SE Linux during update
- add nobody to AID_INET group so hermes can reach pulse
- safety checks for missing adapters, etc
- force interface up for dnsspoof
- force interface up for dsniff
- force interface up for ettercap
- kismet can suspend/resume pulse kismet
- kismet can optionally kill interfering processes
- ssh on informs user of IP
- check for usb before running copy to usb
- add validate_one to make sure needed adapters are in place
- add bluetooth checking to validate_one
- messages enhanced in interface selection
- handled showing intentionally disabled interfaces in grey
- change wipe to shred on logwiper (just as secure on flash)

2015-6-5 -- version 1.6.5

General:
- Ensure Pwnscan is enabled when started via Insight
- Fix key conflict in Reverse shell configuration in Insight
- Add support for new Huawei hilink 3g/4g cards
- prevent history clearing on user logout
- setup friendlier shell defaults for all users
- Ensure Pwnscan respects configured blacklist for nmap scans
- Create System status syncing cron task to push changes to pulse

Mobile:
- make /system read only by default
- use px_interface_selector.sh for unified interface selection

2015-5-29 -- version 1.6.4

General:
- fix regressed OpenVas Package
- allow virtual sensor to run OpenVas

Mobile:
- setup friendlier shell defaults for mobile users
- call busybox directly
- verify /system is rw on update

2015-5-22 -- version 1.6.3

General
- Enforce /tmp/result.sock is never owned by root when hermes starts
- fix V1 Insight Api for update
- Return pid from V2 API with system update
- Allow Virtual Sensor to Run VulnScan
- include gawk package
- Unlock Metasploit version in run-chef-solo.sh

Mobile
- Prevent first_boot from looping restart
- Background wlan interface assigner in chrootboot
- fix imageprep for selinux

2015-5-21 -- version 1.6.2a

- fix syntax in image prep
- shred /tmp/result.sock in image prep

2015-5-21 -- version 1.6.2

General:
  - Enforce default Pwnscan local_targets in Insight configuration
  - Allow Pwn Pro Plus 2015 to behave like a Pwn Pro
  - Prevent Insight from failing to start after triggering an update via Insight v2 API

Mobile:
  - Make chrootboot & bootpwn scripts represent the lollipop guild
  - handle mon1 to wlan1mon in interface selection menus
  - loop interface selection menu on invalid choice

2015-5-19 -- version 1.6.1

- Improve spec tests
- fix wireless management for mobile sensors

2015-5-13 -- version 1.6.0

- Add PwnScan persistent network scanning service
- Add Patronus Fati based pwnix_realtime_wireless wifi scanning service
- Add pwnix_kismet_server service
- Sync System properties to Pulse after an Updated
- Deprecate legacy ConsolePoller worker in Hermes
- Allow registration of mobile sensors to PwnPulse
- Allow scripts to function of "Pwn Pro Plus 2015" sensor type

2015-4-27 -- version 1.5.12h

- Switch to using Pwnie Hosted Gem server and kali Mirrors

2015-4-09 -- version 1.5.12g

- fix openvas for deprecated openvasad package, replaced with openvasmd

2015-4-03 -- version 1.5.12f

- adjust path for route command in reverse shell plugin
- add `ip route` command to debug pack script

2015-3-17 -- version 1.5.12e

- Install updated GPG key for kali Repos

2015-3-12 -- version 1.5.12d

- add uptime to debug pack
- enforce installation of bundler for msf

2015-3-2 -- version 1.5.12c

- Fix path in insight for 3g reverse shell
- enforce apt-get update is run before attempting MSF install or apt-get upgrade

2015-2-27 -- version 1.5.12b

- Install metasploit-framework package from fixed .debs hosted on the Pwnie
  Update server until kali has a working version of the metasploit package
  again.

2015-1-16 -- version 1.5.12a

General
  - Remove installation of package kali deprecated for the EPA to ensure that
    chef is able to run on those systems.

2015-1-9 -- version 1.5.12

General:
  - Additional nmap parser improvements
  - Fix spec so that it only checks nac bypass script status on R3
  - Fix bluetooth results to handle errors better
  - Update image_prep.sh script cleanup of root directory
  - Add Pineapple Management 1471/tcp to nmap services file
  - Remove failing CGI::unescape call in Insight V2 BinRunner plugin

2014-12-12 -- version 1.5.11/1.5.11a

General:
  - Suppress hermes console poller log
  - Default to local subnet for Insight V2 Network Discovery tools
  - Add Explicit require to Insight for shellwords
  - Fix security of Insight API Key for logged out users
  - Improvement to quality of Wireless result data
  - Improvements to NAC Bypass script

2014-11-14 -- version 1.5.10f

General:
  - Add interactive confirmation to px-deregister-dispatch script
  - Add Pwn Pulse registration link to local sensor UI
  - Add -Pn flag to px-service-scan nmap flags
  - Capture additional fields where available for Nmap parser: Host Vendor NIC
    (OUI), Port Service Product, Device Type and Service Fingerprint
  - Add PwnPro Specific Cookbook
  - Fix potential instability around OpenVas for px-simple-vulnscan
  - Disable Register Dispatch link in Insight for mobile sensors
  - Add px-system-health && px-system-update scripts
  - Fix rspec tests & deprecation warnings

2014-10-03 -- version 1.5.10e

General:
  - fix proxy timeout configuration & sesion expiration issue for Insight
  - default appropriate Bluetooth adapter to be loaded as hci0 for PwnPro
  - attempt to bring hci0 interface up for px-bluetooth-discovery scans
  - support standalone PwnPro recipe in chef
  - install mdk3 package on all kali sensors rather than only PwnPad
  - improve update script loggin with better timestamping

2014-09-15 -- version 1.5.10d

General:
  - Support Pwn Plug R3 in Updates
  - Reduce Hermes log level to "info"
  - Kill Kismet with `-9` flag when px-wireless-survey is run
  - Install `amap` package with chef
  - Hermes stuck hot loop issue
  - Fix Insight static IP configuration issue
  - Dispatch Deregistration support in Insight

2014-07-31 -- version 1.5.10c

General:
  - Fix v2 Insight Update Plugin for Pwn Pulse Support
  - Improve px-wireless-discovery client summary

2014-07-29 -- version 1.5.10b

General:
  - Include summary of Wireless Clients with px-wireless-discovery result
  - When px-wireless-discovery runs kill all other running versions of Kismet
  - Clean up Shell Config in Image Prep Script
  - Enforce deprecated pwnix_msfrpcd service is cleaned up

2014-07-22 -- version 1.5.10a

General:
- Allow Pwn Pro 2014 to run px-simple-vulnscan

2014-07-22 -- version 1.5.10

General:
- Remove Citadel Registration Capabilities
- Deprecate pwnix_msfrpcd service
- Remove Postgres Default Installation
- Deprecate Network Bruteforce plugin from Insight v1 API
- Minor fix for Hermes startup script
- Dispatch client added to Hermes
- Support for Insight V2 API in Hermes
- Send version identifier to Citadel
- Insight V2 API
- NTP service management in Insight UI
- Overhaul reverse shells and shells UI in Insight
- Dispatch registration support in Insight UI
- Add /opt/pwnix/bin to the Insight path
- Improve HTML escaping in Insight
- Minor updates to Insight styles
- Various Insight updates to support future Dispatch release
- Add pwnix-utils (/opt/pwnix/bin and /opt/pwnix/lib)
- Fix SSH VPN script
- Add Kismet config to support px-wireless-discovery
- Better information gathering in build-debug-pack.sh
- Reboot device after running first_boot.sh
- Update pwnix_bluelog service to use pwnix-utils
- Add /opt/pwnix/bin to the default path
- Minor change to chrootboot
- Deprecate update support for first-gen Ubuntu-based EPAs
- Install OpenVAS on EPA hardware
- Chef updates to support pwnix-utils and Dispatch
- Install reaver on all devices

2014-05-16 -- version 1.5.9e

Mobile:
- Updates Chrootboot & System Reset Script for Pad & Phone

2014-05-12 -- version 1.5.9d

Mobile:
- Updates to bootpwn, chrootboot, WLAN switcher, image_prep scripts to support
  PwnPhone
- Updates to application launcher scripts to support PwnPhone
- Add factory reset app for Android devices
- Fix incorrect PATH causing updates to fail on mobile devices

2104-04-14 -- version 1.5.9c

General:
- PwnPad interface switcher hotfix

2104-04-08 -- version 1.5.9b

General:
- Heartbleed SSL vulnerability hotfix

2014-03-17 -- version 1.5.9

General:
- Improve Insight UI on Pwn Pad
- Update rsync flags for backup and restore scripts
- Add kismet_ui.conf for Pwn Pad
- Update airodump and kismet scripts on Pwn Pad to support BlueNMEA GPS
- Add Pwn Pad script to copy capture data to USB media
- Add /opt/pwnix/bin and /etc/reaver to sensor filesystem
- Add ruby-nokogiri to installed packages on sensors
- Fix Hermes log rotation

Console:
- Modify console log file location and ownership
- Update pidfile location
- Run console as 'nobody' user
- Add console restore and backup scripts
- Security improvements for nginx
- General security hardening for console systems

2014-02-18 -- version 1.5.8

General:
- Backup / Restore now handling root user SSH keys
- Fixed permission issue on /etc/bash.bash_logout after cleanup
- Cleaned up grammar / spelling in update Pwn Pad script
- Configure default timezone to America/New_York when /etc/timezone is missing

2014-02-17 -- version 1.5.7

General:
- Add /opt/pwnix/pwnix-scripts/build-debug-pack.sh
- Add Backup / Restore scripts to Pwnix
- Disable GSM reverse shell in Insight UI of pad
- Add beacon rate option to Pwn Pad EvilAP launcher
- Clear Bash history in Pwn Pad logwiper script
- Ensure proper cleanup after killing SSLStrip on Pwn Pad


Security:
- Removed the following accounts: games news lp list irc
- Added cron task to automatically update network services
- Configure SSH Client & Daemon to use FIPS-140-2 approved MACs & Ciphers
- Prevent Insight UI from pre-populating forms from get parameters
- Add 'autocomplete=off' to Inisght UI login form
- Update security settings for Nginx
- Disable core dumps in /etc/security/limits.conf
- Restrict dmesg to only privileged users
- Restrict secure ttys to 'console' and tty[1-6]
- Restrict system accounts login shell
- Prevent login to accounts with an empty password
- Harden kernel parameters
- Remove Passwordless Sudo
- Run Hermes Daemon as nobody user

2014-02-10 -- Version 1.5.6

General:
- Update chrootboot for backwards compatibility with 2012 Pad hardware
- Update Pad launcher scripts for backwards compatibility with 2012 Pad
- Enforce root ownership on /opt/pwnix/pwnix-config/shells
- Add colored logo to MOTD
- Remove sms_message config file from rspec
- Add --local to `bundle install` in update.sh

2014-01-30 -- Version 1.5.5

General:
- Added updated header information to Pwnie Express scripts
- Improved documentation and updated UI language
- Improved reverse shell scripts
- Added SSH VPN script

insight_api:
- Improved logging for reverse shells and added log to Insight log page
- Removed Backtrack reciever script and added kali receiver script
- Added helper methods for product type
- Refactored reverse shells plugin for device-specific functionality
- Log rotating support
- Fix issue with 'service insight_api stop'

pwnix_base_cookbook:
- Improved logging configurations for reverse shells
- Update get_public_ip.sh to use http://ip-api.net/ip
- Refactored sms_message.sh
- Removed normal_mode.sh
- Improved thoroughness of cleanup script
- Bugfixes in first_boot.sh
- Add subnet_info.sh helper script
- Deprecated wepbuster package
- Update Pwn Pad .apk files
- Add /etc/product information to Ubuntu EPAs
- Preserve EvilAP configuration on update
- merge script_services_cookbook into pwnix_base_cookbook

pwn_pad_sources:
- Fix bootpwn mounting issues
- Ensure first_boot.sh runs in chrootboot as required
- Update default Kismet packet source and improve logging configuration
- Improve input validation and formatting of PwnPad scripts
- Add SSH On/Off app

pwnix_chef:
- Enable root logon via SSH key authentication
- Updated spec tests
- Merge Pad preparation script into image_prep.sh
- Add dev build target in addition to stable and qa

Contact Us

support@pwnieexpress.com
http://assets1.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete