Published on July 30, 2019

Rumble Two Ways with Beta 5

The last few months have been incredible thanks to our wonderful beta community and their vocal feedback. Quite a few folks asked for a version of Rumble they could use independent of the cloud and Beta 5 delivers it.

The Rumble Scanner has undergone a makeover and now handles fingerprinting, asset correlation, and rudimentary reporting, making it far more adaptable for restrictive environments and security consulting. We want the Rumble Scanner to be the best possible option for any advanced network discovery task. If you haven’t tried the Scanner yet, download a binary and let us know what you think.

The Rumble Scanner now generates a directory of output files by default. This directory includes

  • scan.rumble: The raw scan data, this can be imported or reprocessed via --import
  • assets.jsonl: The new optimized format for correlated, fingerprinted assets.
  • nmap.xml: A Nmap XML compatible data file that can be imported into various security tools.
  • urls.txt: A list of discovered web services in URL format.
  • assets.html: A rudimentary HTML report with screenshots.
  • screenshots: A directory of raw screenshot images, headers in JSON format, and HTML bodies.
  • Various lists including addresses.txt, addresses_all.txt, hostnames.txt, and domains.txt

We are continuing to invest the Rumble asset inventory platform, and this release includes many improvements to the infrastructure, agents, and cloud console.

The inventory now supports asset tags, allowing metadata such as asset owners, locations, and field notes to be set, cleared, and queried. Tags provide a simple way to organize, flag, and communicate with colleagues about assets.

Two new export formats are available; JSONL, a more efficient option for processing large exports, and Nmap® XML, a format widely supported by security tools. Exports are now streamed on download, making more efficient clients easier to implement.

User profiles can now be configured to required FIDO2 WebAuthn security tokens for multi-factor authentication. We believe WebAuthn is the best standard available today, but if you prefer something else for MFA, please let us know.

Check out the release notes below for a complete list of changes since Beta 4 and drop us a line if you have any questions, suggestions, or feedback.

Release Notes

  • The Rumble Scanner has been revamped with a fancy new terminal interface and updated options. Major changes include support for asset correlation, fingerprinting, and artifact generation. The Rumble Scanner documentation has been updated to match.

  • The Inventory now supports setting, clearing, and searching based on Tags. Tags are key-value pairs that can signify organization structure or process. Good uses of Tags include setting the location of an asset, indicating the asset owner, or noting that an asset is part of a critical business process.

  • The Inventory now displays Comments as a column by default, making it easy to set, view, clear, and search for quick notes. Comments can be useful for coordinating remediation or maintenance tasks.

  • The Inventory now supports searching and exporting based on Site names (site:"Name").

  • The default export format is now JSONL. This format requires less memory to process in most client applications, as each record is separated by a newline.

  • Exports (API and via Inventory) now stream their responses, allow for more efficient client applications.

  • The Inventory can now export a Nmap® XML compatible document, complete with an XSL template that produces a lovely report.

  • User profiles can be configured to require FIDO2 WebAuthn compatible security tokens, such as the Yubico YubiKey and Google Titan devices.

  • The Tasks screen now shows failed tasks by default and can list all failed tasks via a new tab.

  • The original scan data for a given task can be downloaded from the Task details page. This data can be fed into the new Rumble Scanner, re-uploaded as an Import, or used in your own internal processes.

  • AWS S3 is now used for screenshots, scan data, and change reports. This should improve performance and help us maintain a consistent approach to server-side data encryption and data lifecycles.

  • Agents try much harder to deliver their scan data. The default is a direct upload to AWS S3 using a per-scan pre-signed URL, with a fallback method that uses an endpoint of the Rumble Hub instead.

  • Agents will now load environment settings from $install/.env, allowing for easier configuration of proxy support and other environment-based settings.

  • FreeBSD is now a supported platform for the Rumble Scanner. We are still looking into full support of BSD-like platforms for the agent and would love to know if there any specific platforms you would like us to support first.

  • The scan engine now reports the overall progress more accurately. The progress is based on the percent of target hosts completed, which has subtle differences for routed versus local segment discovery speeds.

  • The scan engine now detects TCP services via UDP discovery, improving overall coverage with minimal performance costs.

  • The default TCP port list has been adjusted based on real-world scan data of internal networks in order to provide a better trade-off of coverage versus performance.

  • The scan engine received numerous fingerprint and protocol negotiation improvements, including multicast MDNS, improved Ubiquiti discovery, and bug fixes to tje Memcache, Redis, and AMQP handlers.

  • The Agent and Scanner have been upgraded to npcap v0.9981.

* NMAP is a registered trademark of Insecure.Com LLC (and an awesome network scanner!).

Similar Content

Authenticated SNMP v3 Support
Published on November 19, 2019
After announcing v1.1.5 with the new Switch Topology report, quite a few folks wrote in to ask if this feature was available in SNMPv3 environments. As of this evening, the answer is yes. To leverage SNMP v3 credentials in a Rumble scan, set the following options in the Advanced Options section of the Scan Configuration screen. Depending on your environment, these settings may require some tweaking. The standard security levels of NoAuthNoPriv, AuthNoPriv, and AuthPriv map to these options as follows:
Rumble Network Discovery: Wrapping up Beta
Published on September 9, 2019
The Rumble Beta program is winding down after an incredible six months. Rumble now tracks over 1.8 million assets, runs approximately 1,500 scans a day, and has been accessed by almost 2,000 users. We are ridiculously grateful to the folks who tried the Rumble discovery platform, shared their feedback, and helped us build a unique take on network discovery and asset inventory. As we get closer to launch, we want to share the timeline and pricing details for folks who are interested in making Rumble part of their operations.
Rumble Network Discovery Beta 6
Published on September 3, 2019
The Final Beta Beta 6 of Rumble Network Discovery is live with a new Service Inventory, per-organization roles for team members, Site import and export, and much more! This will be our last beta release as we focus on the official launch. If you haven’t tried the platform yet, it is now better than ever thanks to the amazing feedback from our Beta community. Beta 6 is free to use until early October and all Beta participants will receive a discount code good for 50% off the first year of service.