Product

Discovery of hidden web paths, detection of libwebp vulnerability, and new CVE detections.

This update adds the discovery of hidden web paths, detection of libwebp vulnerability, and new CVE detections.

Mon 06 May 2024

This update adds the discovery of hidden web paths, detection of libwebp vulnerability, and new CVE detections.

🤖 Open Source

OXO version 1.0 was released. It is 10x times faster, supports ARM64 architectures, and is packed with improved capabilities like scanning multiple assets, simpler and powerful CLI.

  • Start a scan is now x10 times faster: In previous versions, starting a scan took almost 3 minutes. With OXO v1, it is now 10 times faster, starting a scan in just 16.5 seconds.
  • Standalone Binary: OXO is now available as a standalone binary for macOS, Linux, and Windows.
  • Support for macOS and ARM64 architecture for agents: If you're a macOS user with an ARM64 processor, we've got some great news for you! OXO can now support ARM64 agents natively.
  • Scan an Inventory file: OXO added scanning multiple assets using an asset definition YAML file. This gives you the possibility to scan a large number of different types of assets at the same time.
  • Friendlier CLI: As of OXO version 1, you can now specify the agent key in a concise way when running scans. Instead of using the full agent key, you can use the shorthand <org>@<name> format.
  • New Documentation Website: OXO now has its dedicated documentation website, packed with tutorials and numerous examples.
  • Agent Store: OXO now has a public agent store. You can publish your agent to the OXO store by simply following this tutorial.
  • Follow scan progress by Default: Starting from the version v1, --follow is the default mode when you start a scan. OXO will keep you updated on the scan's progress.
  • Pass Arguments to agents directly from the CLI: Agents can be fine-tuned using arguments which give you more control and flexibility. Passing arguments is now available throughout the CLI.
  • Add the ability to persist messages: You can now persist any type of message you wish, such as IP, domain, link, and exposed services through the new OXO Open Source agent Nebula.

To read more about OXO v1.0, read the full blog post.

📦 Detection

  • Added discovery of hidden web paths in agent hubble using Google Search and Wayback.
  • Added detection of libwebp vulnerability.
  • Added detection for CVE-2024-4040, CVE-2024-31461, CVE-2024-2389, CVE-2024-32764, CVE-2024-27956, CVE-2024-28890, CVE-2024-28255, and CVE-2024-26331.

🐞 Bug Fixes & Small improvements

  • Fixed bug with CSV import of IPs not updating existing IP assets.
  • Fixed bug with Jira Sync Fields.

Tags:

detection, web security, opensource, oxo

We do newsletters, too

Get the latest news, updates, and product innovations from Ostorlab right in your inbox.

Table of Contents