Changes to the project will be tracked in this file via the date of change.
- "beautified" field (bool) to ScanJavascript (jshlbrd)
- strelka_dirstream.py now supports recursive directory scanning (zachsis)
- ScanZip now supports decryption via password bruteforcing (ksdahl)
- Unit tests for ScanPe added (infosec-intern)
- strelka_dirstream.py now supports moving files after upload (zachsis)
- Added version info to ScanPe (infosec-intern)
- Expanded identification of email files (DavidJBianco)
- pip packages now installed via requirements.txt file(s) (infosec-intern)
- EOF error flag to ScanBzip2 (jshlbrd)
- taste_yara now loads files from directories, not a static file (ksdahl)
- Options for manually setting ZeroMQ TCP reconnections on the task socket (between broker and workers) (jshlbrd)
- "request_port" option renamed to "request_socket_port" (jshlbrd)
- "task_port" option renamed to "task_socket_port" (jshlbrd)
- strelka_dirstream.py switched from using inotify to directory polling (jshlbrd)
- strelka_dirstream.py supports monitoring multiple directories (jshlbrd)
- extract-strelka.bro will temporarily disable file extraction when the extraction directory reaches a maximum threshold (jshlbrd)
- New scanner ScanFalconSandbox can send files to CrowdStrike's Falcon Sandbox (ksdahl)
- New scanner ScanPhp can collect tokenized metadata from PHP files (jshlbrd)
- New scanner ScanStrings can collect strings from file data (similar to Unix "strings" utility) (jshlbrd)
- ScanPdf was unintentionally extracting duplicate streams, but now it is fixed to only extract unique streams (jshlbrd)
- ScanJavascript now supports deobfuscating JavaScript files before parsing metadata (jshlbrd)
- ScanUrl now supports user-defined regular expressions that can be called per-file (jshlbrd)
- Refactored taste.yara
javascript_filerule for readability (jshlbrd) - Removed JavaScript files from ScanUrl in the default strelka.yml (jshlbrd)
- Project went public!