Version 1.7.0 of Rumble Network Discovery is live with big updates to reporting. The Analysis Reports introduced in version 1.6.2 are now joined by a new Subnet Grid Report, linked off the main Subnets Report under the Explore menu.
The Query Library has been updated with small tweaks and new built-in query for finding expired TLS certificates, supported by improvements to the scan engine. The Rumble backend has been upgraded to support our larger customers as well as all of our new Starter Edition users.
The command-line runZero Scanner now generates its own Network Bridges and Switch Topology reports outside of the cloud platform. For folks who want to build their own fingerprints, the command-line scanner now supports custom Recog fingerprint stores using the --fingerprints argument and easy debugging by setting the --fingerprints-debug boolean flag.
Rumble can now provide a birds-eye view of the network through the Subnet Grid Report. The backstory on this visualization needs its own blog post, but the short version is that treating the IP address space as a grid and applying color maps based on attributes can identify interesting network properties. The Subnet Grid Report can be found linked with a
icon off of the main Subnets Report. The example below is the type color map of a public IPv4 network.
The command-line runZero Scanner now generates the Network Bridges and Switch Topology reports. These reports can help you understand the layer 2 topology and layer 3 segmentation of a network without having to upload the scans into the cloud platform.
These report can also be generated using previous scan data. The --import option can be used multiple times to merge many raw scan files into a combined report.
If you haven’t had a chance to try runZero before, or would like to play with the new features, sign up for a free trial and let us know what you think!
HD Moore is the co-founder and CTO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.