Rumble Network Discovery Beta 5

|
Updated

Rumble Two Ways with Beta 5 #

The last few months have been incredible thanks to our wonderful beta community and their vocal feedback. Quite a few folks asked for a version of Rumble they could use independent of the cloud and Beta 5 delivers it.

The runZero Scanner has undergone a makeover and now handles fingerprinting, asset correlation, and rudimentary reporting, making it far more adaptable for restrictive environments and security consulting. We want the runZero Scanner to be the best possible option for any advanced network discovery task. If you haven't tried the Scanner yet, download a binary and let us know what you think.

The runZero Scanner now generates a directory of output files by default. This directory includes

  • scan.rumble.gz: The raw scan data, this can be imported or reprocessed via --import
  • assets.jsonl: The new optimized format for correlated, fingerprinted assets.
  • nmap.xml: A Nmap XML compatible data file that can be imported into various security tools.
  • urls.txt: A list of discovered web services in URL format.
  • assets.html: A rudimentary HTML report with screenshots.
  • screenshots: A directory of raw screenshot images, headers in JSON format, and HTML bodies.
  • Various lists including addresses.txt, addresses_all.txt, hostnames.txt, and domains.txt

We are continuing to invest the Rumble asset inventory platform, and this release includes many improvements to the infrastructure, agents, and cloud console.

The inventory now supports asset tags, allowing metadata such as asset owners, locations, and field notes to be set, cleared, and queried. Tags provide a simple way to organize, flag, and communicate with colleagues about assets.

Two new export formats are available; JSONL, a more efficient option for processing large exports, and Nmap® XML, a format widely supported by security tools. Exports are now streamed on download, making more efficient clients easier to implement.

User profiles can now be configured to required FIDO2 WebAuthn security tokens for multi-factor authentication. We believe WebAuthn is the best standard available today, but if you prefer something else for MFA, please let us know.

Check out the release notes below for a complete list of changes since Beta 4 and drop us a line if you have any questions, suggestions, or feedback.

Release Notes #

  • The runZero Scanner has been revamped with a fancy new terminal interface and updated options. Major changes include support for asset correlation, fingerprinting, and artifact generation. The runZero Scanner documentation has been updated to match.

  • The Inventory now supports setting, clearing, and searching based on Tags. Tags are key-value pairs that can signify organization structure or process. Good uses of Tags include setting the location of an asset, indicating the asset owner, or noting that an asset is part of a critical business process.

  • The Inventory now displays Comments as a column by default, making it easy to set, view, clear, and search for quick notes. Comments can be useful for coordinating remediation or maintenance tasks.

  • The Inventory now supports searching and exporting based on Site names (site:"Name").

  • The default export format is now JSONL. This format requires less memory to process in most client applications, as each record is separated by a newline.

  • Exports (API and via Inventory) now stream their responses, allow for more efficient client applications.

  • The Inventory can now export a Nmap® XML compatible document, complete with an XSL template that produces a lovely report.

  • User profiles can be configured to require FIDO2 WebAuthn compatible security tokens, such as the Yubico YubiKey and Google Titan devices.

  • The Tasks screen now shows failed tasks by default and can list all failed tasks via a new tab.

  • The original scan data for a given task can be downloaded from the Task details page. This data can be fed into the new runZero Scanner, re-uploaded as an Import, or used in your own internal processes.

  • AWS S3 is now used for screenshots, scan data, and change reports. This should improve performance and help us maintain a consistent approach to server-side data encryption and data lifecycles.

  • Agents try much harder to deliver their scan data. The default is a direct upload to AWS S3 using a per-scan pre-signed URL, with a fallback method that uses an endpoint of the Rumble Hub instead.

  • Agents will now load environment settings from $install/.env, allowing for easier configuration of proxy support and other environment-based settings.

  • FreeBSD is now a supported platform for the runZero Scanner. We are still looking into full support of BSD-like platforms for the agent and would love to know if there any specific platforms you would like us to support first.

  • The scan engine now reports the overall progress more accurately. The progress is based on the percent of target hosts completed, which has subtle differences for routed versus local segment discovery speeds.

  • The scan engine now detects TCP services via UDP discovery, improving overall coverage with minimal performance costs.

  • The default TCP port list has been adjusted based on real-world scan data of internal networks in order to provide a better trade-off of coverage versus performance.

  • The scan engine received numerous fingerprint and protocol negotiation improvements, including multicast MDNS, improved Ubiquiti discovery, and bug fixes to tje Memcache, Redis, and AMQP handlers.

  • The Agent and Scanner have been upgraded to npcap v0.9981.

* NMAP is a registered trademark of Insecure.Com LLC (and an awesome network scanner!).

Written by HD Moore

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved