The 0.5 release brings several new protocols and features!
The most exciting is probably the integration with maltego!
Make sure to check out the new documentation for all infos.
Fixed
- multiple bugs in the stream reassembly
- several panics during parsing in gopacket
Changed
- CLI interface refactored: single binary app with subcommands, stripped size ~17MB
- Updated units tests
- Documentation updates
- Updated Docker containers for Ubuntu and Alpine
- Built with Go 1.14.2
- removed custom audit records Link-, Network- and TransportFlow
New Features
- Maltego integration
- File audit records
- Diameter protocol audit records
- SMTP audit records
- POP3 support for extracting Mails
- JA3S support and separate audit record for TLSServerHello
- New configuration options: via environment or configuration file
- Resolvers package for Geolocation, DNS and Service lookups and whitelisting
- Deep Packet Inspection via nDPI and libprotoident
- DeviceProfile Audit records, to capture the behavior of a single device within a traffic dump
- Added an integration for bash-completion support