Rumble 1.8.0 Subnets, Fingerprints, BSD Support, and More!

|
Updated

Overview #

The 1.8.0 release of Rumble Network Discovery adds Registered Subnets to Sites, increases fingerprint coverage across databases, MAC addresses, and web applications, adds support for FreeBSD, OpenBSD, NetBSD, and DragonFly BSD, and expands support for additional Linux architectures. Tagging has been updated across the platform and numerous small bugs have been fixed.

Registered Subnets #

Sites now allow subnets to be registered with optional tags and descriptions. These subnets work in conjunction with the normal Scope and can be used to apply tags to any assets within the defined networks. This helps folks with complex environments manage assets by subnet and query those assets via their associated subnet tags.

Registered Subnets

This configuration above shows three registered subnets. Assets within those subnets can be queried through their respective tags without having to tag every asset directly. To find all assets managed by the Helpdesk and running Windows, we can use the query tag:owner=Helpdesk and os:Windows.

Subnets Tags

To identify all assets where there is no assigned owner, we can use negation with the bare tag name in the query NOT tag:owner.

Assets With No Owner

Subnet tags work in conjunction with asset tags to make it easy to group, flag, and manage assets across complex environments. Registered subnets and their respective tags can also be managed automatically using the Remote API.

Platform Support #

This release introduces support for FreeBSD, NetBSD, OpenBSD, and DragonFly BSD, along with additional Linux builds for ARM6, MIPS variants, PowerPC (LE), and IBM Z machines. On systems without a supported system service manager, the Agent will switch to standalone mode and update in-place automatically.

Rumble BSD Support

Rumble Linux Platforms

Fingerprint Updates #

MAC address fingerprints are now live. The initial set includes fingerprints for devices manufactured by Amazon, Google, Honeywell, August, SimpliSafe, TRENDnet, FLIR, Microsoft, Belkin, Meross, LG, Logitech, Hunter, Lutron, Orbit, Arlo, Panasonic, Sony, Vizio, Chameleon, iRobot, SharkNinja, Netatmo, Nintendo, HP, Intel, Lenovo, Dell, and PC Engines. MAC fingerprints are used as a fallback when more precise fingerprinting is not available.

On the database side, Microsoft SQL Server versions obtained from the network are now mapped to specific releases and patch levels, enabling queries that look for end-of-life versions and missing patches. MySQL and MariaDB version detection is now also used to detect the respective OS, where possible. The Query Library now includes an option to find all exposed database services across the organization.

Exposed Databases Query

Chromecast devices now return additional service attributes, including information about the wireless network that they are connected to. Fingerprinting of older Chromecast models (Gen 1) has been improved. MAC addresses and additional IP addresses from the Chromecast web endpoint is now applied to the asset.

Chromecast Fields

HTTP services that return JSON responses now camelCase the attribute names and support a wider range of data types. This impacts JSON-based HTTP interfaces such as ElasticSearch and Riak HTTP. The new naming convention improves consistency, but may require some tweaks to your saved queries.

Website and application icons are now used for fingerprinting. These fingerprints are low priority, but helpful when trying to identify white-labeled network equipment and common web application frameworks.

More Enhancements #

  • The tags search keyword is now a precise match of either the tag name (mytag) or the full tag name and value (mytag=myvalue).

  • Existing assets tags are now merged in the Set Tags dialog of the Asset Inventory.

  • The Asset Details page now allows the tags to be set or cleared.

  • The bundled npcap driver in the Rumble Agent and runZero Scanner for Windows has been upgraded to version 0.9993.

  • The Rumble Agent binary now supports command-line flags (-h, -v, -l) and displays usage.

Release Notes #

The complete release notes for v1.8.0 can be found in our documentation

If you haven't had a chance to try runZero before, or would like to play with the new features, sign up for a free trial and let us know what you think!

Written by HD Moore

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved