Version 0.1.5
=============
Bugfix release/minor features.


Nepenthes
	FIXES and ADDITIONS
	-----
	* none
	
	
	

Modules
	FIXES and ADDITIONS
	-----
	* shellcode-generic
		* sch_generic_cmd added \r\n as lineterminator
		* shellcode-generic.conf.dist langenfeldConnect pcre added
		* sch_generic_xor 
			* deggendorf & langenfeld xor added, 
			* removed possible off by n <=3 byte in the 4 byte xor

	
	* vuln-dcom
		* made it less aggressive, if it does not look like dcom, dont handle it
		

	* shellemu-winnt
		* VFSCommandSTART added
		* VFSCommandTFTP proper var checks added
		* added handling of the escape var ^ for the shell
		* VFSCommandFTP can download >1 file per batch now 
		* VFSCommandFTP can handle "cd" now
		
	* download-http
		* handle downloads with 0 byte bodysize as broken
		
	* download-ftp 
		* can send CWD now
		* fixed missing \r on sending RETR
		
	* geolocation-hostip
		* the address to look the address up changed, so we adjusted it
		

	* geolocation-ip2location
		* tarball lacked config file


	NEW
	---
	* vuln-msdtc
		* emulation for the ms05-051 exploit by swan
		

Version 0.1.4
=============
Bugfix release/minor features.

Nepenthes
	FIXES and ADDITIONS
	-----
	* FileLogger logged to somewhere after config file was deleted as he lacked a valid path


Modules
	FIXES and ADDITIONS
	-----
	* download-nepenthes 
		* NULL pointer bug fixed
	  
	* shellcode-generic 
		* rewrapped xor code, 
		* added some bindshell codes
			* parthenstein
			* wackerow
			* kaltenborn
	  
	* geolocation-ip2location 
		* now makes use of the real ip2location c api you can download on their homepage, 
		  setting the lib up sucks, but it works
	  
	* log-surfnet
		* moduledescription changed, as we log to postgres, not to mysql
	   
	* dnsresolve-adns 
		* added modulename and description
		



Version 0.1.3
=============
Bugfix release/minor features.
FIXME

* fixed some g++ 3.2 include issues


* Autoconf
	* improved configure.ac
		* added --enable-* to configure
			* geolocation is optional
		* dump ./configure configuration to stdout



* Nepenthes core

			

	* DownloadManager & Download & DownloadCallback
		* changed structure so we can specify a DownloadCallback for internal downloads
			* intrested in a downloads result, ask the downloadmanager to download it, provide a DownloadCallback
			  the DownloadManager will pass the information encapsulated in a Download to its DownloadHandler
			  the DownloadHandler will try to download it and pass the Download as result to the DownloadCallback
			  
			  



	* DNSManager DNSQuery DNSHandler DNSResult DNSCallback
		* made DNSResolver Service modular, only module so far availible is dnsresolve-adns
		* now modules providing resolver capabilties are now called 'DNSHandler'
		  anything which is intrested in its dns resolution result is a DNSCallback now
		  (before there was no DNSCallback, no modularity, and we called classes intrested in DNS DNSHandler)
			* intrested in resolving some domain, ask the DNSManager and provide a DNSCallback
			  the DNSManager will form a DNSQuery from the request, pass it to its DNSHandler
			  the DNSHandler will try to resolve the domain and pass result as a  DNSResult to the 
			  DNSCallback
		  
	* Event 
		* use uint8_t as Eventid instead of event_type
		* added ShellcodeEvent & DialogueEvent 


	* EventManager
		* allow internal Event registration


	* GeoLocationManager GeoLocationQuery GeoLocationHandler GeoLocationResult GeoLocationCallback 
        	* created
			* GeoLocationHandler register with the GeoLocationManager
			* intrested in GeoLocation lookups, ask the GeoLocationManager and provide a GeoLocationCallback
			  the GeoLocationManager will form a GeoLocationQuery from the request, pass it to its GeoLocationHandler
			  the GeoLocationHandler will try to resolve it and pass the GeoLocationResult to the GeoLocationCallback
		* added caching of results
		


	* LogManager
		* filelogger is the default logger again, so logrotate can do its job
		* force ringbuffer logger usage with -R
		

	* log-ringbuffer
		* added
		  stop wasting diskspace with logs
		* sets correct permissions on destination files
		* uses path to log to from nepenthes.logmanager.ring_logger_file
		

	* log-file
		* uses path to log to from nepenthes.logmanager.file_logger_file


	* Nepenthes
		* improved the init, better errorhandling
		* -f can do dirs


	* ShellcodeManager
		* hooks a ShellcodeEvent on success
		

	
	* SocketManager TCPSocket UDPSocket RAWSocketListener
		* decreased poll timeout
		* moved ports to uint16_t
		* use nepenthes.socketmanager.bind_address instead of binding INADDR_ANY for bind & connect
			(suggested by Michael H. Warfield)
			

	* TCPSocket
		* hooks a DialogueEvent on success

		
		
	* UploadManager UploadQuery UploadHandler UploadResult UploadCallback 
		* created
			* intrested in uploading something to somewhere, ask the UploadManager and provide a UploadCallback
			  the UploadManager will form a UploadQuery from the request, pass it to its UploadHandler
			  the UploadHandler will try to upload the data it and pass reply to the UploadResult to the 
			  UploadCallback


	
	* Utilities
		* added escapeXMLString(char *)
		
	

* Modules
	FIXES and ADDITIONS
	-----
	* shellemu-winnt 
		* fixed sending shell header on accept shells
		* VFSCommandFTP handle -A flag for anonymous logins
		* fixed crash with -f flag for checking dumps
		* batch file handling 
		
	
	* vuln-mssql 
		* fixed tcp socket instead of udp
	
	
	* download-ftp
		* fixed quiting loop

	* dnsmanager, dnsquery, dnsresult
		* TXT record added
	

	* x-2 
		* fix memleak

	* x-5
		* now registers its own event to show hiw this works
		

	* x-6 
		* 'txt <domain>' will resolve the txt record now
		

	* submit-xmlrpc
		* can use geolocation services now
		* fixes some xml parsing
		

	* download-ftp 
		* send LOGIN after 220 Welcome
		

	* download-curl
		* add internal download capabilities
		

	* shellcode-generic
		* sch_generic_link_xor
			* improve bad length handling
		* added adenau xor
		* added adenau connectback
		* added unicode decoder
		* sch_generic_url 
			* added - to allowed chars 
			

	NEW
	---

	* dnsresolve-adns
		* made it a module
		* fixes some memoryleaks we saw before
	
	* download-http
		* written as download-curl replacement
		
	* geolocation-hostip
		* resolve geolocations via hostip.info
		
	* geolocation-geoip
		* resolve geolocations via maxminds geoip library
		
	* geolocation-ip2location
		* resolve geolocations via maxminds geoip library

	* log-surfnet
		* log to surfnet ids database
		  http://ids.surfnet.nl
		  

	* vuln-ssh 
		* created, 
		* works for ssh logins, fails for ssh worms :\

	* x-8 
		* added example how to use geolocation services


* Other
	* phpxmlrpc_server
		* added
		
	* doxygen docu
		* added
		


Version 0.1.2
=============
Bugfix release/minor features.

* Utilities
	* hexdump uses nepenthes.utilites.hexdump_path as pathinfo now
	
* shellemu-wint
	* VFSCommandFTP uses new DownloadFlags

* Download 
	* added DownloadFlags so we can handle broken ftpds better
	* added ::addFlag(uint8_t ) & ::getFlags()

* DownloadManager 
	* download() now takes uint8_t downloadflags as argument

* download-ftp
	* bind to port 0 to avoid collision
	* rewrote quite everything to handle broken ftp daemons better, including the new DownloadFlags

* Socket
	* changed SS_NULL to SS_CONNECTED
	* added SS_CONNECTING

	
* TCPSocket 
	* set localip on accept() Sockets, so we can use this info further
	* bind ConnectSockets before connecting, so we use the same ip for reverseconnect shells
	* uses SS_CONNECTING for connect sockets
	* overloads setState(), so if they are in state SS_CONNECTING and goto SS_CONNECTED they 
		can call Dialogue::connectionEstablished() for their dialogues

	* some changes in the TCPSockets internal Dialogue handling prevent nepenthes recognizing 
		the same shellcode in more than one dialogue, resulting in more than one download per exploit
		
		
* vuln-dameware
	* created
	
* Dialogue
	* added ::dump()
	* added ::connectionEstablished()

	
* many vuln-* modules
	* added CL_ASSIGN_AND_DONE handling


* many shellcodehandlers using downloadhandler
	* added valid downloadflag usage



Version 0.1.1
=============
Bugfix release/minor features.

This is the first release featuring auto(conf|make|broken|whatever) support.
Maximillian Dornseif had enough time to burn to write configure.whatever 
and such stuff for everything so far.


* Compile fixes for 
	* Mac OSX	
	* FreeBSD

* Nepenthes
	* Added functionality for -d and -l command line options (log filtering).
	* Handle SIGINT on -f (command line) usage.
	* -V is now version.
	* -v is now verbose, useful for -f when debugging new shellcodehandlers.
	* DownloadBuffer now features cutFront(unsigned int len)

* Veritas Backup Exec Exploit for port 10000 added.
	* shellcode-generic
		* Konstanz XOR added as sch_generic_konstanz_xor.
		* Konstanz connectback shell pattern added to shellcode-generic.conf.dist.
	* Removed VERITASDialogue for port 10000 hexdump, added shellcodehandling.


* shellcode-generic
	* Fixed sch_generic_connect.
	* Added sch_generic_connect_trans and Halle PCRE.
	* Added sch_generic_xor Halle.

* vuln-dcom
	* Fixed oc192 PCRE.
	* Removed SOL2k shellcode handler, as they were never seen during the last two months.

* download-csend
	* the atoi(url->path) is cut from the download buffer to be able to use csend with halle
	
* vuln-iis 
	* Handle NULL if binding the socket fails in a useful manner
	
* vuln-pnp
	* added
	* handles the MS05-039 exploit by houseofdabus
	
* vuln-lsass 
	* fixed some lines to work properly with vuln-pnp

* Utilities
	* sha512 added
	
* shellemu-wint
	* VFSCommandCMD
	the first command after the /c has to be readded to the StdIn queue, like we did before,
	but we have to add a delimiter '&' so we dont break our own parsing.

* Download 
	* added SHA512 get & set methods

* SubmitManager 
	* set SHA512 for downloads

* tools/rpcxmlxfer
	* there is an early implementation of an central collection and
	logging protocol called rpcxmlxfer in this release. The prototype is
	implemented as an external script. Just add something like
          */5 * * * * nobody /opt/nepenthes/bin/rpcxmlxfer-client -q
	to your /etc/crontab to try it.

* download-ftp
	* bind to port 0 to avoid collision

* Socket
	* changed SS_NULL to SS_CONNECTED
	* added SS_CONNECTING
	
* TCPSocket 
	* set localip on accept() Sockets, so we can use this info further
	* bind ConnectSockets before connecting, so we use the same ip for reverseconnect shells
	* uses SS_CONNECTING for connect sockets
	* overloads setState(), so if they are in state SS_CONNECTING and goto SS_CONNECTED they 
		can call Dialogue::connectionEstablished() for their dialogues
		

* submit-xmlrpc
	* created
	* depends on vuln-lsass 
	
* vuln-dameware
	* created
	
* Dialogue
	* added dump()
	* added connectionEstablished


Version 0.1.0
=============
Initial release.
