Releases: evilsocket/legba
1.2.0
🚀 New Features
- Adaptive timeout system - Timeout-sensitive plugins like DNS and port scanner can now dynamically adjust worker timeouts for better performance
- Port scanner improvements - Enhanced banner grabbing and protocol detection, now defaults to scanning common ports instead of full 1-65535 range
- Performance optimizations - Precompiled HTTP success expressions, dedicated DNS resolver objects per worker, and configurable report intervals (--report-time)
- MCP server enhancements - Improved prompts for better clarity about plugins and tooling
🐛 Fixes
- Fixed default regexp for HTTP CSRF token name
- Fixed parsing of multiple comma-separated credential expressions
- Fixed VNC plugin password field naming and reduced log verbosity (#82)
- Ensured DNS plugin only uses host targets (removes schema, port, etc.)
- Restored original default value for --http-follow-redirects
📚 Documentation
- Added Bludit CMS example (#83)
- Fixed CSRF regex documentation for HTTP plugin
Miscellaneous
- Improved DNS resolver memory allocations
- Replaced HashMaps with DashMap/DashSet in DNS plugin for better performance
- Added TCP_NODELAY and single HTTP client for port scanner
- Updated MCP tools to return string responses for increased compatibility
- Various CI improvements and minor refactoring
- Added human coded badge
- Homebrew formula version bump
1.1.1
New Features 🚀
- Improved SNMP plugin with full SNMP tree walking capabilities
- Added project as a Homebrew tap for easier installation on macOS
- Enhanced release script and deployment process
- Added insecure TLS configuration option for MQTT
Fixes 🐛
- Fixed Debian package generation to build with MUSL
- Resolved crates.io publishing issue
Other
- Improved Debian package metadata
- Various small fixes and general refactoring improvements
1.1.0
New Features 🚀
- Pure Rust Dependencies: Replaced MQTT and SMB dependencies with pure Rust crates for easier cross-compilation
- SNMP Support: Added SNMP v1, v2 and v3 plugin support
- HTTP Improvements:
- New
--http-successboolean expression mechanism for better success/failure detection - HTTP plugin now follows redirects by default
- New
- SSL/TLS Support: Added SSL/TLS support for MQTT connections with
--mqtt-ssloption - MCP Server Enhancements: Now supports stdio mode as well as SSE
- Cross-Compilation: Legba can now be cross-compiled for any platform (native dependency free)
- JSON Output: Added
-J/--jsonargument to print loot and statistics as JSON lines - Dynamic Placeholders: Added
{user}placeholder replacement in password templates
Fixes 🔧
- Fixed HTTP hostname interpolation handling
- Fixed TLS 'Bad Protocol Version' errors in HTTP plugin
- Fixed MongoDB empty credentials handling
- Fixed Redis authentication detection when no auth required
- Fixed SQL authentication success detection without database permissions
- Fixed Ctrl-C signal handling for immediate stop
- Fixed Windows compilation errors
Documentation 📚
- Moved documentation from GitHub wiki to standalone markdown files
- Added Azure, Firebase/GCP and AWS enumeration examples
- Added session save/restore and output format documentation
- Updated Samba and IRC plugin documentation
Miscellaneous
- Optimized worker distribution logic for performance improvements
- Updated multiple dependencies to latest versions
- Added GitHub release action and improved CI/CD pipeline
- Added Android testing via cross tool
- Refactored REST API for faster session data parsing
- Various small fixes and general refactoring
This changelog was generated by Changelog.
v0.11.0
New Features ✨
- Implemented MCP server support (SSE) - Enhanced with better prompts for MCP server tooling
- Added IRC server password authentication support
- Migrated to Rust 2024 edition
Fixes 🔧
- Fixed HTTPS certificate grabber bug that prevented functionality in some cases
- Fixed SSH plugin support for older key exchange algorithms (fixes #71)
- Fixed SSH plugin when using a single key
- Fixed command line arguments to properly override recipe options (fixes #66)
- Updated URL crate to include Cyrillic characters fix (fixes #69)
- Fixed samba linkage for Homebrew builds
Dependencies & Build
- Bumped paho-mqtt to 0.13.3
- Updated to latest samba version
- Removed libsmbclient workaround from CI
- General cargo updates
Miscellaneous
- Multiple MCP-related fixes and improvements
- Added Homebrew badge to README
- Updated README.md
- Docker tag publishing for released versions
- Various small fixes and refactoring improvements
This changelog was generated by Changelog.
v0.10.0
Changelog
New Features
REST API
- Introduced a REST API via with
/pluginsand/sessionsendpoints.
Plugins
- DNS Plugin: Extracts subdomains from TLS alternate name records.
- Port Scanner:
- Unified TCP/UDP scanning under
port.scanner. - Defaulted to common ports and added TLS certificate info.
- Unified TCP/UDP scanning under
- MySQL Plugin: Added banner grabbing capability.
Other Features
- Variables Interpolation: Implemented for HTTP success/failure strings.
Fixes
- MacOS CI Workflow: Resolved dependency and build issues.
- Oracle Plugin: Fixed compilation (closes #59).
- Port Scanner: Fixed argument parsing.
- General: Various API and plugin fixes.
Improvements
- Plugin Registration: Simplified via macro refactoring.
- Codebase Refactoring:
- Removed
ctors. - Removed lazy-static dependency.
- Removed
Documentation
- Updated README with plugin and API usage details.
- Added test server documentation for XSS.
Maintenance
- Ignored
.DS_Storein.gitignore. - Updated dependencies for Cargo and RISC-V support.
Miscellaneous
- Small fixes and refactorings for better maintainability.
Full Changelog: v0.9.0...v0.10.0
v0.9.0
New
fefff61 new: improved tcp.ports http banner grabbing by content type
0c43394 new: tcp.ports line grabber will send some data with newlines at the beginning
ae864f2 new: --dns-max-positives option
c7cea27 new: --dns-ip-lookup option
Fixes
123f71c Merge pull request #43 from kpcyrd/riscv
42f4300 Update pavao dependency to fix RISC-V build
071002b Merge pull request #39 from dimtgsn/tokio-time-sleep-instead-of-std-thread-sleep
84185d0 replace std::thread::sleep with tokio::time::sleep in async function
41a134a misc: small fix or general refactoring i did not bother commenting
b007e43 fix: renamed proto field to transport and setting protocol from banner grabber
f06e3f9 misc: small fix or general refactoring i did not bother commenting
ccf2361 fix: using --tcp-ports-http-headers
3381b1a fix: handling samba BadFileDescriptor error (ref #38)
67070d8 fix: fixed cmd-binary option description
v0.8.0
New
c51ac13 new: added basic cookbook (#35)
1ec76e0 new: implemented recipes engine (closes #35)
efc8925 new: the user-agent for the http plugins is now randomized by default, new --http-ua argument replaced --http-random-ua
74267c9 new: added flag to generate shell completions
674e1b2 new: cross compilation file
c7d21c0 new: new --tcp-ports-banner-timeout argument
70d18bc new: added basic banner grabbing capabilities to the tcp.ports plugin
ab15307 new: added new cmd plugin
Fixes
0a3c067 fix: --http-payload is not mandatory anymore
a1fcfbe fix: url dependency override to allow relative paths in URLs (fixes #36)
0ed709a fix: using default db name in mysql and pgsql plugins (fixes #37)
0978500 fix: refactored http placeholders parsing
5fe6c32 fix: fixed interpolation of credentials in http target
ed9a56a cross compilation fixes
39e8c51 fix: restored banner after shell completion generation block
2844290 Merge pull request #33 from kpcyrd/shell-completions
fef45ab fix: clippy driven minor fixes
ec69c1e fix: cmd plugin now uses --target/-T instead of --cmd-binary
e25d6e9 fix: check --cmd-binary only if cmd plugin is used
50f2854 fix: removed unused import
61cb085 fix: fixed stats reporting getting stuck while the tokio runtime is blocking
and more minor fixes
v0.7.1
v0.7.0
v0.6.1
Drastically improved binary and docker image size.