Rumble Release Notes



  • A regression in the license expiration tracking of the Rumble Scanner has been resolved.
  • Fingerprint updates.



  • Fingerprint updates.



  • Fingerprint updates.



  • Organizations can now be converted to Projects from the settings page.
  • The top-level organization navigation has been updated.



  • Accounts with a default organization role of “user”, but a per-organization role of “none” were inadvertently prevented from accessing certain features.
  • An intermittent crash in the Rumble Agent was identified and resolved.



  • This is a roll-up of all 1.10.x point releases.



  • Projects are now available as temporary, self-deleting organizations. These are useful for one-off scans and exploring historical data.
  • Web screenshots now try additional Chrome locations on the Windows platform.
  • Over 10,000 new SNMP fingerprints have been added.
  • Small bugfixes and cosmetic improvements.
  • Additional fingerprint updates.



  • Web screenshots now retry on timeouts and choose the best quality image automatically.
  • Web screenshots now use more concurrent Chrome processes on x86 systems, based on available memory.
  • The Rumble Agent and Rumble Scanner now track CPU and memory usage across the life of a scan.
  • Fingerprint updates.



  • The Rumble Agent, Rumble Scanner, and Rumble Console now compress raw scan by default. The scan.rumble output from the scanner has been renamed to scan.rumble.gz. The web console and API can import both compressed and uncompressed versions of this data. Existing scan data will be migrated to the compressed form automatically. This change helps with bandwidth usage by agents and speeds up large imports over the network.
  • The Tasks view now links to the inventory search for each associated site.
  • The status of agent-run scans is now updated more frequently.



  • The completed task list now shows the task runtime in the information column.
  • The task views now also link to the inventory view of each site.
  • Fingerprint updates.



  • A regression in the Rumble Scanner that prevented API uploads from succeeding has been resolved.
  • Fingerprint updates.



  • Small bug fixes and dependency updates across the platform.
  • Fingerprint updates.



  • Site exports and imports now include the registered subnets.
  • Bulk asset updates are now possible by importing a modified CSV export from the Inventory screen.



  • A bug that made it difficult to query subnet tags with multiple subnets per tag has been resolved.
  • Fingerprint updates.



  • The console user interface received a light update around colors and styles.
  • Event logs are now available in the console.
  • Fingerprint updates.



  • A bug that prevented Scan Tags from being shown in the Scan Configuration form has been resolved.
  • The DNS and mDNS probes now always report the protocol, even for error responses.
  • Fingerprint updates.



  • Site scopes now automatically convert CIDR input into registered subnets.
  • Scan tasks can now have their Scope and Excludes pinned to their associated site using the string “defaults”.
  • Scan tasks can now be pinned to the default TCP service list using the string “defaults”.
  • A bug that caused non-Windows SMB-enabled services to be identified as Windows has been resolved.
  • A bug that caused SMB v1 to be reported incorrectly as been resolved.
  • Fingerprint updates.



  • A bug that prevented the Delete and Merge buttons in the Service Inventory toolbar from working has been resolved.
  • A bug that led to the wrong title being shown in the FTP Service Attribute report has been resolved.
  • Fingerprint updates.



  • A bug that prevented the Inventory Import action from recognizing valid scan data has been resolved.
  • The Rumble Agent and Rumble Scanner are now much more reliable for lossy network environments.



  • The TCP probes have been updated to be less bursty. This resolves an issue where scans consisting of mostly HTTP services can timeout and lose valid responses.
  • The TCP fingerprinter now handles unexpected termination more gracefully. This improves the reliability of AWS ELB scans and should help with a reliability across a range of services.



  • All paid plans now support Continuous recurring scans. These scans will run back-to-back and can simplify continuous monitoring. An agent running continuous scans will not run additional scans unless the Concurrency setting is increased beyond 1.
  • Out-of-date agents will be upgraded prior to new scans being run. For the few agents where upgrades are impossible (read-only partitions, network filters, etc), this can delay each scheduled scan by up to five minutes.



  • The Rumble Agent and Rumble Scanner now include a TLS CA root bundle to work around connectivity issues on older platforms. Bundle selection can be controlled via the environment
  • Fingerprint updates.



  • The web screenshot features now tries even harder to prevent orphaned Chrome.exe processes.
  • The Rumble Agent now removes all agent-related files on uninstall.
  • Rumble Agents can now be reassigned to other organizations.



  • The Export API now supports an optional fields parameter that determines which fields are exported in JSON/JSONL exports. The fields parameter is supported for Assets, Services, Wireless, and Sites.



  • A bug in the scan engine that could cause scans to hang when probing unresponsive SSH daemons has been resolved.
  • A bug in the scan engine that could result in SMBv1 being reported erroneously on some NAS devices has been resolved.



Scan Engine
  • A bug in the TFTP probe that could lead to missing results in some cases has been fixed.
  • The SNMP probe now gathers the route table from many types of switches and routers.
  • TCP SYN scans of non-local targets now try harder when there is congestion.
  • Fingerprint matches that include a hardware version are now given priority.
  • Fingerprint matches for SSH daemons now support more platforms.
User Interface & Reports
  • The permanent organization and permanent site can now be deleted/recreated.
  • The Scan Configuration page now shows a notice when input validation failed.
  • The Scan Configuration now shows SNMP parameters at the top of the form.
  • The Network Bridges report now links all external IPs to an internet cloud.
  • The Network Bridges report now uses subnet masks from Sites.
  • The Subnet Utilization report now provides a Scan link for each network.
  • The Subnet Utilization report now uses subnet masks from Sites.
  • The Subnet Grid report now handles errors more gracefully.
  • A bug that prevented some users from logging in has been resolved.
  • Search queries are now slightly faster across assets and services.



  • Tasks are now searchable and sortable via the Search tab.
  • A regression in numerical search queries has been resolved.



  • The Scan Configuration page now provides an estimated runtime through a confirmation dialog.
  • Trial accounts are now longer limited to scanning a /16 and may now scan a full /8.
  • The Rumble Agent now supports log configuration using the environment. See the documentation for details.
  • The Rumble Agent and Rumble Scanner now collect SSH pre-auth banners and host keys.
  • Bogus service responses from Fortigate helpers on ports 80 and 8008 are now ignored.
  • Fingerprint updates.



  • The Rumble Agent and Rumble Scanner now handle a wider range of ppp-based link types on Linux and macOS.
  • Bogus service responses from Fortigate helpers on ports 21, 25, 80, 110, 143, 8008, 8010, and 8020 are now ignored.
  • Fingerprint updates.



  • Bogus service responses from Cisco H.323 helpers on port 1720 are now ignored.
  • The Rumble Agent now stores additional diagnostics in the raw task data.
  • Fingerprint updates.



  • Bogus service responses from Fortigate SIP ALG helpers on ports 2000 and 5060 are now ignored.
  • A regression in HTTP handling with redirects and TLS+HTTP headers has been resolved.
  • Fingerprint updates.



  • The Rumble Agent and Rumble Scanner now handle malformed HTTP responses and redirects better.
  • Fingerprint updates.



  • ICMP Echo probes now record the IP header information from the response (useful for Ripple20/Treck detection).
  • The Rumble favicon.ico MD5 fingerprint database has been contributed to the Recog project.



  • The Rumble Agent and Rumble Scanner now support “cooked” interface types (ppp-based VPNs).
  • The scan engine now extracts additional information from Netgear routers.
  • Fingerprint coverage for Netgear routers has been improved.



  • Fingerprint updates.



  • Fingerprint updates.



  • Fingerprint updates.



  • Asset Inventory and Search Inventory performance has been improved.
  • The bundled npcap driver in the Rumble Agent and Rumble Scanner for Windows has been upgraded to version 0.9994.
  • Fingerprint updates.



  • The Rumble Scanner CSV output now includes populated UUID values.
  • The Rumble Scanner now creates a standalone bridges.json file for third-party processing.
  • Fingerprint updates.



  • A bug that could cause agent uninstalls to crash on BSD platforms has been resolved.



  • This release is a roll-up of the 1.7.x changes listed below.



  • Sites now support registered subnets. Assets can be queried via the associated Site subnet tags.
  • Tags can be set with empty values and queried more precisely through the Inventory search.
  • Asset fingerprinting via favicon.ico hashes has been implemented.
  • The Rumble Scanner now creates a standalone topology.json file for third-party processing.
  • Assets now store the MAC-to-IP relationship in the hidden _macs.ipmap attribute.
  • The Rumble Agent and Rumble Scanner now support OpenBSD on x86 (64-bit).
  • Fingerprint updates.



  • This release fixes a bug that prevents the Rumble Agent from restarting automatically after an update on certain Debian-based distributions.
  • Fingerprint updates.



  • A reliability bug in the Rumble Agent and Rumble Scanner for BSD-based platforms (macOS, FreeBSD, NetBSD, DragonFly BSD) has been resolved. This bug would manifest as missing scan results in the TCP SYN and ARP probe responses.
  • The bundled npcap driver in the Rumble Agent and Rumble Scanner for Windows has been upgraded to version 0.9992.



  • The Rumble Agent and Rumble Scanner now support FreeBSD, NetBSD, and DragonFly BSD. FreeBSD and NetBSD support cover the following architectures: x86 (64-bit, 32-bit), ARM v5, ARM v6, and ARM v7. DragonFly BSD is supported on x86 (64-bit).
  • The Rumble Agent and Rumble Scanner now support additional Linux architectures. These include x86 (64-bit, 32-bit), ARM v5, ARM v6, ARM v7, ARM 64-bit (aarch64), MIPS (BE/LE), MIPS64 (BE/LE), PowerPC64 (LE), and s390x (IBM Z).
  • The Rumble Agent now runs in standalone mode when no supported services backend is detected.
  • The Rumble Agent now supports automatic updates in standalone mode on non-Windows platforms.
  • The Rumble Agent binary now supports command-line flags (-h, -v, -l) and displays usage.



  • MAC address fingerprints are now live. The initial set includes fingerprints for devices manufactured by Amazon, Google, Honeywell, August, SimpliSafe, TRENDnet, FLIR, Microsoft, Belkin, Meross, LG, Logitech, Hunter, Lutron, Orbit, Arlo, Panasonic, Sony, Vizio, Chameleon, iRobot, SharkNinja, Netatmo, Nintendo, HP, Intel, Lenovo, Dell, and PC Engines. MAC fingerprints are used as a fallback when more precise fingerprinting is not available.
  • Microsoft SQL Server versions obtained from the network are now mapped to specific releases and patch levels, enabling queries that look for end-of-life versions and missing patches.
  • Chromecast devices now return additional service attributes, including information about the wireless network that they are connected to. Fingerprinting of older Chromecast models (Gen 1) has been improved. MAC addresses and additional IP addresses from the Chromecast web endpoint is now applied to the asset.
  • MySQL and MariaDB version detection now also applies the appropriate OS fingerprint, if known.
  • HTTP services that return JSON responses now camelCase the attribute names and support a wider range of data types. This impacts JSON-based HTTP interfaces such as ElasticSearch and Riak HTTP.
  • OS and Hardware matching is more precise after adjustments were made to the weighting and priorities. The most precise and most confident fingerprint should always be chosen going forward.
  • The confidence of the OS match is now reported as the asset-level match.score attribute. This may be renamed to match.os.score in the future as we accommodate more granular hardware weights.
  • NTLMSSP-based OS matching now disqualifies systems that are obviously not Windows (BSD-based stacks, etc).
  • Brother printers now use distinct hardware and firmware (OS) fingerprints. This should address cases where the firmware version overrode the hardware model by mistake.
  • Release notes are now consolidated across the Platform, Agent, and Scanner.
  • Versioning is now shared across the Platform, Agent, and Scanner.

Archived Release Notes

Prior to version 1.7.9, release notes and versions were split between the Platform, Agent, and Scanner. You can find these archived release notes at the links below.