Release v0.7.1

What's New

Capture Progress in Auto-Discovery

The auto-discovery workflow now shows live progress during the Stage 1 packet capture. A background poller emits structured progress markers every 5 seconds while tshark is running, so the TUI global status bar, jobs panel, and output viewer all reflect elapsed/total time — instead of appearing frozen during a 10-minute capture.

Progress Unit Display

Progress markers now carry an optional unit suffix (e.g. [300s/600s] for seconds). The job system threads this unit through parsePhaseProgress → SetPhaseProgress → GetPhaseProgress, and all rendering surfaces preserve it:

• Global status bar: ● auto_discover.sh 150s/600s Capturing on eth0
• Jobs panel: [██░░░░░░░░] 150s/600s
• Output viewer status line: [150s/600s] Capturing on eth0

Count-based progress (phases, VLANs) continues to render without a suffix as before.

UI Fixes

• Duplicate VLAN progress in main view resolved: the jobs panel no longer renders per-VLAN entries twice when both the progress bar description and the dedicated VLAN breakdown line were showing the same data
• Auto-enter input mode: when opening a running job that is waiting for input (e.g. a script prompt), focus now lands directly on the input field instead of the output view
• Nexus hostname extraction: improved hostname parsing from captured network data

Files Changed

• scripts/discovery/auto_discover.sh — progress marker poller for Stage 1 capture
• scripts/discovery/network_capture.sh — progress marker poller for standalone capture
• internal/jobs/manager.go — unit-aware parsePhaseProgress, SetPhaseProgress, GetPhaseProgress
• internal/ui/tui.go — VLAN deduplication in jobs panel, unit-aware rendering
• internal/ui/output.go — unit-aware rendering, auto-input-mode on focus
• internal/ui/jobs.go — unit-aware renderProgressBar
• scripts/config/gather_network_configs.{sh,py} — Nexus hostname extraction fixes

Release v0.7.0

What's New

Global Status Footer

A persistent one-line status bar is now visible at the bottom of every view (main, dashboard, jobs, correlation, output viewer). It shows real-time progress for the most relevant running job, including per-VLAN breakdowns for multi-VLAN discovery runs. When a job is waiting for user input, the footer highlights this with a yellow flag indicator so it is never missed regardless of which view is active.

Hostname Recognition Improvements

• NetBIOS computer names (from Phase 4 netbios_names.txt) are now parsed and used as hostname fallback when no DNS name is available — Windows hosts like WINTARGET now show their name throughout the correlation view, dashboard, and topology output
• IP addresses are no longer stored as hostnames; sources that previously set the target IP as the hostname (nikto targethostname, nmap hostname entries) are filtered out
• mergeHostInfo now upgrades an IP-placeholder hostname to a real name when a better source is available

Vulnerability Assessment Fixes

• Nikto findings from repeated scans no longer accumulate as duplicates in correlation results and risk scores; items are deduplicated across all <scandetails> blocks by (id, url, method, description) before grouping
• Consolidated finding titles (e.g. "Suggested security header missing") are now sorted deterministically so the title-based dedup key is stable across runs
• Vulnerability counts in the assessment summary are now accurate and correctly associated to their respective hosts
• Nikto XML parsing and supplementary tool report sections improved

Release v0.6.4

What's New

Parallel Multi-Phase Discovery

Independent sub-phases within each discovery phase now run concurrently, significantly reducing scan time on larger networks. A POSIX FIFO semaphore with per-phase concurrency caps controls load:

• Phase 1: ARP + SNMP (cap 2)
• Phase 2: ICMP, TCP, UDP, masscan, IPv6 (cap 5)
• Phase 3: per-host DNS lookups (cap 16)
• Phase 4: per-host Windows probes (cap 16)
• Phase 5: TCP + UDP port scans (cap 2)
• Phase 6: version/script scans + 7 service enumerations (cap 7)

Set DISCOVERY_PARALLEL_CAP=N to globally limit concurrency (e.g. DISCOVERY_PARALLEL_CAP=2 for slow or congested networks).

Network Config Collection (Python)

Added gather_network_configs.py — a netmiko-based script for extracting configurations from network devices. Supports Cisco IOS, Cisco Nexus, HP Comware, HP ProVision, and HP Aruba CX/Switch.

The executor now uses shebang-based interpreter detection so .py scripts run via the correct interpreter automatically.

Bug Fixes

• gather_network_configs: Fixed non-functional subprocess fallback path (missing ssh in sshpass command arrays); switched from -p to -e + SSHPASS env var to avoid exposing passwords in the process list
• gather_network_configs: Threaded username/password explicitly through _collect_config instead of reading private netmiko connection attributes
• auto-discovery UX: Eliminated premature and duplicate output; moved "Discovery will now begin" message to just before the launch loop; added VLAN labels in network review prompt
• Parallel discovery: Fixed semaphore double-release on normal worker exit; fixed FIFO leak on SIGINT/SIGTERM; fixed _wait_bg_pids return value wrapping on large host lists; buffered per-subshell report output to prevent interleaved lines in the final report

Release v0.6.3

What's Changed

Bug Fixes

• Tab mode-switch hints: All output viewer status bars now consistently show Input Mode / View Mode after the Tab keybinding, so users always know what mode they are switching to (EN + DE)
• Code review findings: Address multiple review findings from v0.5.0..HEAD — IP validation in gather_network_configs.sh to prevent path traversal, severity constant usage in parsers.go, stale comments, and indentation drift

Improvements

• Lightweight auto-discovery host categorization: Extract service versions, SSH banners, HTTP server headers, and HTTP titles from nmap_inventory.nmap as fallback sources when full-mode enumeration output is unavailable. Adds Cisco NX-OS and ASA recognition, lowers minimum classification threshold from 40 to 30

Internal

• Config cleanup: Remove 6 unused config fields (LastUsedInterface, RecentTargets, RecentCommands, DefaultInterface, AutoCreateWorkspace, ShowPathsShort) and all associated methods, validation helpers, and tests. Config now holds only WorkspaceDir and Language (−776 lines)

Full Changelog: v0.6.2...v0.6.3

Release v0.6.2

v0.6.2 — Topology Viewer Overhaul

Fixed

• Black screen on VLAN tab switch — a loading spinner now appears instantly; nodes pre-position near the centre so the graph is visible within ~1 second instead of 2–4 seconds of blank viewport.
• Confirmed connections missing from detail panel — all physical links for a device are now derived from the global connections data and shown in full; previously only a subset appeared.
• Edge toggle replaced — the single "Show connections" checkbox has been replaced with three independent toggles (Physical, Gateway, VLAN links) so confirmed MAC-table links can be shown or hidden without affecting inferred connections.

Added

• Hover tooltip — hovering a node shows a floating tooltip with hostname, IP, risk badge, category, and total connection count.
• Connection count badges — a small red badge on each node shows the total number of connections across all types.
• Direction arrows on physical links — blue arrowheads indicate switch → host direction on confirmed physical connections.
• Aggregated + curved links — multiple same-type connections between the same pair are merged into one thicker line labelled ×N; connections of different types between the same pair render as offset bezier curves.
• Collapsible VLAN clusters — in the overview, double-click a VLAN hull label to collapse all hosts into a single cluster node; double-click the cluster to expand.
• Right-click context menu — right-clicking any node opens a menu with: Copy IP, Find paths from/to here, Isolate this host, Open detail panel (hosts), Expand VLAN (clusters).
• BFS path finder — finds the shortest path between two nodes across the full connection graph; highlights the path in yellow and dims unrelated nodes.
• Minimap — a fixed bottom-right canvas shows the full graph at scale with a red dashed viewport rectangle; click to pan.
• Keyboard shortcuts — / focuses search, Esc closes panels/clears path, 0 fits all nodes, p/g/v toggle Physical/Gateway/VLAN links. A ? button in the header shows the shortcut reference.

Full Changelog: v0.6.1...v0.6.2

Release v0.6.1

v0.6.1 Hotfix

Fixed

• Workspace output files (correlations, hostfiles, topology HTML, manual overrides, excluded hosts) were written with 0600 permissions, making them inaccessible to group/other even after ownership fixup. Changed to 0644 so scan results are readable by the invoking user and their group.

No change

• Credential and config files remain at 0600.
• Directory permissions remain at 0750.
• Ownership fixup (chown) behavior unchanged.

Full Changelog: v0.6...v0.6.1

Release v0.6

What's Changed

• fix/lint backlog by @fortifyde in #3

Full Changelog: v0.5.2...v0.6

Release v0.5.2

Build Tooling, Linter Setup, and 43 New Tests

Build Tooling

• Makefile with build, test, lint, clean targets and git-derived version
• Version injection via -ldflags for netutil, ouihelper, and fileserver
• --version flag added to all three binaries
• Remove committed binaries from repository — built via CI/releases only
• Single source of truth for version — no more hardcoded AppVersion constant

Linter Setup

• golangci-lint v2 config (.golangci.yml) with errcheck, govet, staticcheck, gosec, goconst, gocyclo, misspell
• CI lint job (non-blocking while backlog exists)
• goconst excluded from test files to reduce noise
• G204 excluded (intentional subprocess usage in script runner)

Test Coverage (+43 tests)

• internal/app/ — 2 tests (root access, API surface)
• cmd/netutil/ — 13 tests (fuzzy matching, CLI handling, shortcut validation)
• internal/ui/ — 11 tests (wrapText edge cases, compareIPs sorting, formatCategoryName)
• internal/config/ — 14 tests (workspace creation, ownership, sanitization, status)
• internal/correlation/ — 3 tests (concurrent AddScanResult, batch consistency, concurrent reads)

Bug Fixes

• .gitignore /netutil anchored to repo root (was matching cmd/netutil/)
• Fileserver version default corrected from "1.0.0" to "dev"
• Release workflow now injects version via -ldflags into all binaries

Release v0.5.1

What's Changed

Bug Fixes

• Process cleanup on exit — StreamingExecutor now kills the entire process group (not just context cancel), ensuring child processes like nmap/tcpdump are cleaned up when the TUI exits
• Process group safety — Guard e.cmd write with mutex to close data race; replace stopChan with sync.Once to prevent double-close panic in JobManager
• Config gather restructuring — Replaced session-based directory layout with flat per-IP layout (configs/IP/). Re-collections timestamp existing files by mtime before overwriting. Simplified config enricher discovery
• Script validation — Run check_command via sh -c instead of exec.LookPath so shell tool checks resolve correctly (e.g. which nmap)
• SNMP script — Trap-based temp file cleanup to prevent leaks on early exit (5 temp files/host were left behind on INT/TERM)
• Aruba compliance — Added ArubaOS-CX and ArubaOS-Switch compliance checkers with correct config-line regexes; routed aruba_cx/aruba_switch/provision away from Comware checker
• Testssl detection — Tightened JSON detection to require ip+port fields, preventing false matches on non-testssl vulnerability output
• ARP ingest — Added XML escaping for all four attribute values in output
• Reconnaissance category — Fixed hardcoded category to list actual recon scripts instead of nonexistent integrated_workflow.sh
• Auto-discover — Adjusted script path for capture analysis

Improvements

• Arrow left/right (h/l) pane switching in TUI matching vim-style navigation
• confirmQuit() uses TUI.Stop() in both exit paths; main.go defers tui.Stop() as safety net

Full Changelog: v0.5.0...v0.5.1

Full Changelog: v0.5.0...v0.5.1

Release v0.5.0

What's New

Topology Visualization

• Interactive D3.js network topology viewer with force-directed graph layout
• VLAN grouping, connection inference, and risk overlay
• Pan, zoom, filter by VLAN, search hosts — opens in browser from TUI

Compliance Checking

• Automated security compliance assessment against network device configurations
• Checks for weak passwords, insecure protocols, missing authentication, SNMP defaults, and more

New Scripts

• Passive OS Fingerprinting (fingerprint) — OS detection via passive traffic analysis
• LLDP/CDP Neighbor Discovery (lldp) — discover Layer-2 topology from LLDP/CDP frames
• ARP Table Ingestion (arp) — ingest ARP tables for host correlation
• SNMP Device Interrogation (snmp) — query device info via SNMP
• Exploit Search (exploits) — search exploit databases for known vulnerabilities
• Web Screenshot (screenshot) — capture web service screenshots (moved to Reconnaissance)

New Category: Reconnaissance

• Web screenshot capture, exploit search, SNMP interrogation

New Category: Config Gathering

• Network device config extraction with per-vendor command sets (Cisco IOS/Nexus, HP Comware/ProVision/Aruba)
• Compliance command output now shows the relevant show command for each section

Improvements

• Nmap XML parser for accurate vulnerability detection
• SSLscan XML parser
• Nikto finding deduplication
• Topology directory ownership fixed when running via sudo
• Multi-phase discovery IPv6 improvements

Full Changelog

v0.4.0...v0.5.0

Full Changelog: v0.4.0...v0.5.0