Scanning & Searching

Version 1.5.0 of Rumble Network Discovery is live with updates in two major areas; wider scanning, through improved protocol support, scan engine enhancements, and more comprehensive decoders; and deeper searching, with the addition of a dozen new search filters and other enhancements to the web console.

Rumble Network Discovery 1.5.0

Wider Scanning

Whether you use the Rumble Agent or the Rumble Scanner, the scan engine improvements in v1.5.0 make discovery more reliable, predictable, and comprehensive. This release adds support for TFTP, NTP, NFS, dTLS, and OpenVPN discovery probes. The dTLS, OpenVPN, and TFTP probes support multiple ports per scan, enabling a wider range of product and protocol detection. The dTLS probe can identify Remote Desktop Gateway services on port 3391 as well as CAPWAP responses from Wireless LAN Controllers.

Remote Desktop Gateway Detection

The SMB, WSD, SunRPC, UPnP, and HTTP probes all received updates in this release; allowing more information to be captured, normalized, and extracted for easy fingerprinting. Scans now report more ports, more protocols, and more normalized fields for queries.

UPnP Device Attributes

The HTTP probe in particular received big updates, enabling same-host redirect follows, disabling screenshots of generic error pages, capturing generator and other meta tags, storing the final redirect separate from the first response page, and extracting icons from both web and UPnP endpoints. The HTTP probe also identifies Remote Desktop Gateway instances exposed via IIS. The screenshot below demonstrates the icon capture feature, which displays captured icons in the web console.

HTTP & UPnP Icon Capture

Deeper Searching

The web console efforts built on 1.4.0’s support for grouped queries by adding the ability to search by numerical ranges and counts of specific fields. Numeric comparisons can be applied to any asset attribute or service detail, as well as port numbers, round-trip-times, TTLs, and the counts of addresses, macs, hostnames, and domains. The screenshot below demonstrates asset filtering by the TCP service count.

Search by TCP Service Count

Applying the numeric comparisons to service inventory fields allows filtering on any value. For example, the query http.code:>=400 AND NOT http.code:404 can return only web servers with error responses, ignoring 404s.

Search by HTTP Code Range

These comparisons also work for image sizes. The example below uses the query screenshot.image.size:>=500000 to limit screenshot results to those where the image is at least 500,000 bytes (less compressible and more interesting).

Search by Screenshot Size

The presence of switch topology information can now be queried using the has:uplink, has:downlink, and has:unmapped search terms. The topology information itself is now displayed on the asset detail make, making it easier to understand how a particular system is wired into the network.

Network Topology Asset Detail

If you would like to explore the full set of search keywords, the Search Query Syntax documentation has been updated with the new keywords and examples.

More Enhancements

The Scan Configuration page now allows a set of tags to be applied to all assets discovered by that scan. This applies to both single and recurring scans.

Scan Tags

Recurring scans can now be paused and unpaused from the Tasks list.

Scan Pause

Rumble now supports 64-bit ARM on Linux (aarch64), enabling cost and power efficient scans from popular small factor boards and ARM-based cloud instances.

Linux on ARM 64-bit Support

The web interface now applies styles to the print view.

Print Style Support

Last, but not least, every account (trial or otherwise) can now create a pre-populated Demo Organization. This is available via the bottom-left link on the Organizations page. Demo organizations don’t count against your licensed assets and can be used to explore new features without running a new scan. Most of the screenshots in this article used the Demo Organization.

Create a Demo Organization

Release Notes

The complete release notes for v1.5.0 can be found in our documentation at the links below.

If you haven’t had a chance to try Rumble before, or would like to play with the new features, sign up for a free trial and let us know what you think!

Similar Content

Version 1.4.0 of Rumble Network Discovery is now available with a host of changes. This release rolls up our post-1.3.0 work, including major updates to the command-line Rumble Scanner and support for asset syncing in Splunk. The Rumble user interface and API endpoints now support grouped queries using parenthesis in search terms. Grouped queries allow for complex filtering logic and can helpful when searching for specific types of misconfigurations. These queries can be applied to the export functionality as well as the search interfaces for assets, services, screenshots, wireless networks, sites, and organizations.
Data transparancy is one of the key drivers of Rumble development. We do our best to ensure that any data gathered, transmitted, or downloaded is easy to view, import, export, and reprocess. Data generated by the Rumble Agent can be downloaded and reprocessed by the Rumble Scanner. Raw data from the Rumble Scanner can be imported into the Rumble Console. This data is consistently formatted and almost always backwards compatible between versions.
Version 1.3.0 of Rumble Network Discovery is now live with a new Organization API, support for the BACnet protocol, tons of new fingerprints, and improvements across the Rumble Console user interface. If you haven’t had a chance to try Rumble before, or would like to play with the new features, sign up for a free trial and let us know what you think! Organization API Rumble now supports a REST API tied to Organization-specific API keys.