Join us during RSA Conference for some very special events Register now

Rumble 1.8.0 Subnets, Fingerprints, BSD Support, and More!

HD Moore
Updated

Overview #

The 1.8.0 release of Rumble Network Discovery adds Registered Subnets to Sites, increases fingerprint coverage across databases, MAC addresses, and web applications, adds support for FreeBSD, OpenBSD, NetBSD, and DragonFly BSD, and expands support for additional Linux architectures. Tagging has been updated across the platform and numerous small bugs have been fixed.

Registered Subnets #

Sites now allow subnets to be registered with optional tags and descriptions. These subnets work in conjunction with the normal Scope and can be used to apply tags to any assets within the defined networks. This helps folks with complex environments manage assets by subnet and query those assets via their associated subnet tags.

Registered Subnets

This configuration above shows three registered subnets. Assets within those subnets can be queried through their respective tags without having to tag every asset directly. To find all assets managed by the Helpdesk and running Windows, we can use the query tag:owner=Helpdesk and os:Windows.

Subnets Tags

To identify all assets where there is no assigned owner, we can use negation with the bare tag name in the query NOT tag:owner.

Assets With No Owner

Subnet tags work in conjunction with asset tags to make it easy to group, flag, and manage assets across complex environments. Registered subnets and their respective tags can also be managed automatically using the Remote API.

Platform Support #

This release introduces support for FreeBSD, NetBSD, OpenBSD, and DragonFly BSD, along with additional Linux builds for ARM6, MIPS variants, PowerPC (LE), and IBM Z machines. On systems without a supported system service manager, the Agent will switch to standalone mode and update in-place automatically.

Rumble BSD Support

Rumble Linux Platforms

Fingerprint Updates #

MAC address fingerprints are now live. The initial set includes fingerprints for devices manufactured by Amazon, Google, Honeywell, August, SimpliSafe, TRENDnet, FLIR, Microsoft, Belkin, Meross, LG, Logitech, Hunter, Lutron, Orbit, Arlo, Panasonic, Sony, Vizio, Chameleon, iRobot, SharkNinja, Netatmo, Nintendo, HP, Intel, Lenovo, Dell, and PC Engines. MAC fingerprints are used as a fallback when more precise fingerprinting is not available.

On the database side, Microsoft SQL Server versions obtained from the network are now mapped to specific releases and patch levels, enabling queries that look for end-of-life versions and missing patches. MySQL and MariaDB version detection is now also used to detect the respective OS, where possible. The Query Library now includes an option to find all exposed database services across the organization.

Exposed Databases Query

Chromecast devices now return additional service attributes, including information about the wireless network that they are connected to. Fingerprinting of older Chromecast models (Gen 1) has been improved. MAC addresses and additional IP addresses from the Chromecast web endpoint is now applied to the asset.

Chromecast Fields

HTTP services that return JSON responses now camelCase the attribute names and support a wider range of data types. This impacts JSON-based HTTP interfaces such as ElasticSearch and Riak HTTP. The new naming convention improves consistency, but may require some tweaks to your saved queries.

Website and application icons are now used for fingerprinting. These fingerprints are low priority, but helpful when trying to identify white-labeled network equipment and common web application frameworks.

More Enhancements #

  • The tags search keyword is now a precise match of either the tag name (mytag) or the full tag name and value (mytag=myvalue).

  • Existing assets tags are now merged in the Set Tags dialog of the Asset Inventory.

  • The Asset Details page now allows the tags to be set or cleared.

  • The bundled npcap driver in the Rumble Agent and runZero Scanner for Windows has been upgraded to version 0.9993.

  • The Rumble Agent binary now supports command-line flags (-h, -v, -l) and displays usage.

Release Notes #

The complete release notes for v1.8.0 can be found in our documentation

If you haven't had a chance to try runZero before, or would like to play with the new features, sign up for a free trial and let us know what you think!

Written by HD Moore

HD Moore is the co-founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.
More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Related Articles

Life at runZero
Employee Spotlight: James McNulty
James is our website manager and dynamic SEO strategist! Read on to learn about James' journey on the Marketing team at runZero!
Read More
Product Release
Introducing the customizable dashboard, Wiz integration, and more!
Introducing the customizable dashboard, Wiz Integration, and other Q2 2024 enhancements to the runZero Platform.
Read More
Product Release
How to integrate your SIEM platform with runZero to create an actionable asset inventory
Learn how to combine runZero's real-time asset inventory with SIEM exports for comprehensive asset tracking and historical data analysis..
Read More
runZero Insights
Celebrating Women’s History Month with trailblazers & innovators
It’s Women’s History Month! runZero is celebrating all month long by highlighting innovative women who have been technological trailblazers.
Read More

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

Try It Free
© Copyright 2024 runZero, Inc. All Rights Reserved