runZero to join Dragos, creating an industry-transforming security platform backed by $4B Accenture investment. More

🗓️ Live on July 23: Securing the modern IT/OT attack surface Register
runZero CAASM

On This Page:

  1. Rumble v1.15
  2. Release Notes

Rumble 1.15 Global Deployments, PostgreSQL, Crestron, and More!

HD Moore
|
Updated

Rumble v1.15 #

The 1.15 release improves global deployments, fingerprinting, and asset tracking. Rumble is still free for individuals and small businesses with less than 256 assets and is a great fit for security assessments using its temporary project feature.

Read on for the full list of changes since v1.14.

Global Deployment Support #

For folks who need a local scanner in each broadcast domain, such as retail environments where each location has overlapping network ranges, the deployment process has become much easier. Site imports make it simple to generate and import a full list of sites and corresponding subnets from the web interface.

Mass-deployment of agents can be handled through just about any installer environment, either by running the standard agent executable with the UPDATER argument, or by using the MSI Installer to automatically install an agent from an arbitrary URL (with signature verification).

Mapping those agents to sites is easier than ever through the Automatically Assign Sites action in the Agents Manage menu. This feature automatically assigns each agent to the Site where a subnet matches the agent network interfaces. This saves quite a bit of time when deploying into hundreds of retail locations or micro-segmented environments

Finally, in order to manage hundreds of recurring scans, our team has provided an API example that can be used to configure recurring scans on every active site. You can find this example code in the rumble-api repository.

As always, if you run into a challenging deployment scenario, please reach out to our support team!

Screenshot of Rumble Automatic Agent to Site Assignment

Scanning Enhancements: Crestron & SolarWinds Orion #

The Rumble scan engine now supports the Crestron UDP discovery protocol. This default probe provides substantially better fingerprinting for Crestron equipment and the various service attributes can be queried and reported via the inventory and attribute report.

The default TCP port list has been expanded to include additional services used by the SolarWinds Orion product. These additional ports improve detection of SolarWinds services and the Query Library now includes a pre-built query for finding Orion servers.

Rumble now negotiates TLS with PostgreSQL endpoints that support it. The stored fields include all of the standard TLS fields, including certificate expiration, TLS version, and chosen cipher.

Services where at least one virtual host has been identified (via TLS or DNS) will now merge the blank virtual host services into the first virtual host found. This reduces the number of unique services shown and makes the service attribute view less noisy without sacrificing accuracy.

SNMP fingerprints are now considered more reliable than SSH-based fingerprints in most cases. This improves identification of Cumulus Linux and other Linux-based switches.

Virtual MAC addresses used by PAN-OS as well as certain SonicWall VPNs are now ignored for the purpose of asset correlation, which in turn prevents inadvertent asset grouping.

On the Windows platform, the Rumble Agent and runZero Scanner now bundle npcap 1.10, which includes a number of reliability and performance improvements.

Screenshot of Rumble Crestron Identification Screenshot of Rumble PostgreSQL TLS Attributes

Bug Fixes & Improvements #

  • Proxy support for the Rumble Agent and runZero Scanner is now handled consistently. The HTTPS_PROXY environment variable can be used to proxy communication between the host and the Rumble cloud and any environment-specified proxies are now ignored for the Chrome-based web screenshot functionality. In addition, the .env method of specifying a proxy is now used consistently regardless of the execution environment. These improvements apply to the Rumble Agent, runZero Scanner, and Rumble MSI Installer.

  • Subtasks created by a recurring task now carry the "defaults" placeholders over as opposed to saving the expanded values. This results in the Copy action being more intuitive.

  • The tasks API now handles custom probe configurations correctly and the stopTask API documentation has been updated to indicate that it can be used to remove a recurring task.

  • The web screenshot probe now longer leaves zombie processes when running in container environments without a standard init(1) daemon.

  • A handful of small memory leaks in the Rumble scan engine have been resolved.

Release Notes #

The complete release notes for v1.15.0 can be found in our documentation

If you haven't had a chance to try runZero before, or would like to play with the new features, sign up for a free trial and let us know what you think!

Written by HD Moore

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Explore more runZero

Product
Announcing runZero 5.0: Exposure management built to outpace AI-driven attacks
When you're up against AI, every minute counts. Get deep, actionable intelligence across your entire attack surface to close the gaps and hold the...
Read More
Product Videos
runZero 5.0: Platform Demo
With the new 5.0 release, runZero is giving defenders the edge they need to succeed in the AI-attack era.
Watch Now
runZero Perspective
BOD 26-04: A new era of prioritized remediation
A complete breakdown of CISA's BOD 26-04 directive. Learn how the shift to SSVC, risk-based KEV prioritization, and 3-day remediation impacts your...
Read More
runZero Perspective
Dawn of the apex agentic adversary
When agentic AI can weaponize exploits in seconds, visibility is everything. Stop the predator with runZero’s exposure management for the AI-attack...
Read More
Webcasts
Defending in the shadow era: when the CVE feed goes dark
HD Moore walks through the three eras of vulnerability management: the predictable cycles era, the triage ara of AI-scale discovery, and now the...
Watch Now
Webcasts
runZero Hour, Ep. 31: The New Rules of Risk: EPSS v5 and Agentic Adversaries
In this episode, learn how your security team can use EPSS v5 to inform daily risk decisions in a world increasingly targeted by the apex agentic...
Watch Now
Webcasts
Beyond the Zero-Day: Mapping the network attackers actually see
Breaches are inevitable. Learn from HD Moore how attackers exploit the seams between IT, IoT, and OT networks — and how to fix the segmentation...
Watch Now
Podcasts
Risky Biz Interview: Navigating the AI vibe shift with HD Moore
runZero Founder and CEO HD Moore drops by in this week's Risky Biz sponsor interview to talk about the concerning AI vibe shift and what to do...
Watch Now

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Try runZero for Free
runZero CAASM
© Copyright 2026 runZero, Inc. All Rights Reserved