Rumble Release Notes

v1.9.0

2020-07-06

Scan Engine
  • A bug in the TFTP probe that could lead to missing results in some cases has been fixed.
  • The SNMP probe now gathers the route table from many types of switches and routers.
  • TCP SYN scans of non-local targets now try harder when there is congestion.
  • Fingerprint matches that include a hardware version are now given priority.
  • Fingerprint matches for SSH daemons now support more platforms.
User Interface & Reports
  • The permanent organization and permanent site can now be deleted/recreated.
  • The Scan Configuration page now shows a notice when input validation failed.
  • The Scan Configuration now shows SNMP parameters at the top of the form.
  • The Network Bridges report now links all external IPs to an internet cloud.
  • The Network Bridges report now uses subnet masks from Sites.
  • The Subnet Utilization report now provides a Scan link for each network.
  • The Subnet Utilization report now uses subnet masks from Sites.
  • The Subnet Grid report now handles errors more gracefully.
  • A bug that prevented some users from logging in has been resolved.
  • Search queries are now slightly faster across assets and services.

v1.8.14

2020-07-02

  • Tasks are now searchable and sortable via the Search tab.
  • A regression in numerical search queries has been resolved.

v1.8.13

2020-07-01

  • The Scan Configuration page now provides an estimated runtime through a confirmation dialog.
  • Trial accounts are now longer limited to scanning a /16 and may now scan a full /8.
  • The Rumble Agent now supports log configuration using the environment. See the documentation for details.
  • The Rumble Agent and Rumble Scanner now collect SSH pre-auth banners and host keys.
  • Bogus service responses from Fortigate helpers on ports 80 and 8008 are now ignored.
  • Fingerprint updates.

v1.8.12

2020-06-24

  • The Rumble Agent and Rumble Scanner now handle a wider range of ppp-based link types on Linux and macOS.
  • Bogus service responses from Fortigate helpers on ports 21, 25, 80, 110, 143, 8008, 8010, and 8020 are now ignored.
  • Fingerprint updates.

v1.8.11

2020-06-22

  • Bogus service responses from Cisco H.323 helpers on port 1720 are now ignored.
  • The Rumble Agent now stores additional diagnostics in the raw task data.
  • Fingerprint updates.

v1.8.10

2020-06-21

  • Bogus service responses from Fortigate SIP ALG helpers on ports 2000 and 5060 are now ignored.
  • A regression in HTTP handling with redirects and TLS+HTTP headers has been resolved.
  • Fingerprint updates.

v1.8.9

2020-06-20

  • The Rumble Agent and Rumble Scanner now handle malformed HTTP responses and redirects better.
  • Fingerprint updates.

v1.8.8

2020-06-18

  • ICMP Echo probes now record the IP header information from the response (useful for Ripple20/Treck detection).
  • The Rumble favicon.ico MD5 fingerprint database has been contributed to the Recog project.

v1.8.7

2020-06-16

  • The Rumble Agent and Rumble Scanner now support “cooked” interface types (ppp-based VPNs).
  • The scan engine now extracts additional information from Netgear routers.
  • Fingerprint coverage for Netgear routers has been improved.

v1.8.6

2020-06-15

  • Fingerprint updates.

v1.8.5

2020-06-15

  • Fingerprint updates.

v1.8.4

2020-06-15

  • Fingerprint updates.

v1.8.3

2020-06-14

  • Asset Inventory and Search Inventory performance has been improved.
  • The bundled npcap driver in the Rumble Agent and Rumble Scanner for Windows has been upgraded to version 0.9994.
  • Fingerprint updates.

v1.8.2

2020-06-09

  • The Rumble Scanner CSV output now includes populated UUID values.
  • The Rumble Scanner now creates a standalone bridges.json file for third-party processing.
  • Fingerprint updates.

v1.8.1

2020-06-09

  • A bug that could cause agent uninstalls to crash on BSD platforms has been resolved.

v1.8.0

2020-06-09

  • This release is a roll-up of the 1.7.x changes listed below.

v1.7.13

2020-06-08

  • Sites now support registered subnets. Assets can be queried via the associated Site subnet tags.

  • Tags can be set with empty values and queried more precisely through the Inventory search.

  • Asset fingerprinting via favicon.ico hashes has been implemented.

  • The Rumble Scanner now creates a standalone topology.json file for third-party processing.

  • Assets now store the MAC-to-IP relationship in the hidden _macs.ipmap attribute.

  • The Rumble Agent and Rumble Scanner now support OpenBSD on x86 (64-bit).

  • Fingerprint updates.

v1.7.12

2020-06-05

  • This release fixes a bug that prevents the Rumble Agent from restarting automatically after an update on certain Debian-based distributions.

  • Fingerprint updates.

v1.7.11

2020-06-04

  • A reliability bug in the Rumble Agent and Rumble Scanner for BSD-based platforms (macOS, FreeBSD, NetBSD, DragonFly BSD) has been resolved. This bug would manifest as missing scan results in the TCP SYN and ARP probe responses.

  • The bundled npcap driver in the Rumble Agent and Rumble Scanner for Windows has been upgraded to version 0.9992.

v1.7.10

2020-06-02

  • The Rumble Agent and Rumble Scanner now support FreeBSD, NetBSD, and DragonFly BSD. FreeBSD and NetBSD support cover the following architectures: x86 (64-bit, 32-bit), ARM v5, ARM v6, and ARM v7. DragonFly BSD is supported on x86 (64-bit).

  • The Rumble Agent and Rumble Scanner now support additional Linux architectures. These include x86 (64-bit, 32-bit), ARM v5, ARM v6, ARM v7, ARM 64-bit (aarch64), MIPS (BE/LE), MIPS64 (BE/LE), PowerPC64 (LE), and s390x (IBM Z).

  • The Rumble Agent now runs in standalone mode when no supported services backend is detected.

  • The Rumble Agent now supports automatic updates in standalone mode on non-Windows platforms.

  • The Rumble Agent binary now supports command-line flags (-h, -v, -l) and displays usage.

v1.7.9

2020-05-27

  • MAC address fingerprints are now live. The initial set includes fingerprints for devices manufactured by Amazon, Google, Honeywell, August, SimpliSafe, TRENDnet, FLIR, Microsoft, Belkin, Meross, LG, Logitech, Hunter, Lutron, Orbit, Arlo, Panasonic, Sony, Vizio, Chameleon, iRobot, SharkNinja, Netatmo, Nintendo, HP, Intel, Lenovo, Dell, and PC Engines. MAC fingerprints are used as a fallback when more precise fingerprinting is not available.

  • Microsoft SQL Server versions obtained from the network are now mapped to specific releases and patch levels, enabling queries that look for end-of-life versions and missing patches.

  • Chromecast devices now return additional service attributes, including information about the wireless network that they are connected to. Fingerprinting of older Chromecast models (Gen 1) has been improved. MAC addresses and additional IP addresses from the Chromecast web endpoint is now applied to the asset.

  • MySQL and MariaDB version detection now also applies the appropriate OS fingerprint, if known.

  • HTTP services that return JSON responses now camelCase the attribute names and support a wider range of data types. This impacts JSON-based HTTP interfaces such as ElasticSearch and Riak HTTP.

  • OS and Hardware matching is more precise after adjustments were made to the weighting and priorities. The most precise and most confident fingerprint should always be chosen going forward.

  • The confidence of the OS match is now reported as the asset-level match.score attribute. This may be renamed to match.os.score in the future as we accommodate more granular hardware weights.

  • NTLMSSP-based OS matching now disqualifies systems that are obviously not Windows (BSD-based stacks, etc).

  • Brother printers now use distinct hardware and firmware (OS) fingerprints. This should address cases where the firmware version overrode the hardware model by mistake.

  • Release notes are now consolidated across the Platform, Agent, and Scanner.

  • Versioning is now shared across the Platform, Agent, and Scanner.

Archived Release Notes

Prior to version 1.7.9, release notes and versions were split between the Platform, Agent, and Scanner. You can find these archived release notes at the links below.