v4.2.0

• Added build hash and timestamp to compiled binaries.
• Improved and added unit tests.
• Improved unit test settings, missing settings will skip affected unit tests.
• Implemented PgProxy component that can be put in between to terminate SSL connections applying SNI techniques and to log SQL queries executed by users.
• Integrated GSSAPI to improve scan results with cross-domain trusts on Linux.
• Added max instances setting for scan agents to allow them local custom settings overriding scan scope settings.
• Added OT discovery scan mode allowing scan agents to scan local L2 networks for OT devices using OT protocols and L2 scanning techniques.
• Added Nuclei scan module.
• Agents now reporting installed tool versions back to the backend.
• Agents now reporting their configured max limit and whether they are processing multiple scan scopes.
• Agents now reporting more hardware information like cores, MHz and memory bytes.
• Improved agent instance names to keep their purpose even if agent folders are copied/moved.
• Shutting down agent if it runs into a general problem launching scan tasks, to avoid going rogue ripping through the scan tasks.
• Sensitive parts are now honored (enforced) by the discovery scan.
• Added crash output catching and printing critical errors that might have slipped any other error handling.
• Fixed some foreign key issues with sqlite and made sure pragmas are applied across connections.
• Fixed vacuum for sqlite files to regularly shrink them again.
• Added pruning of submodule tasks if a scan module is disabled.
• SSL connections for internal components can now be disabled, e.g. to deploy behind load balancer.
• RPC connections are now authorized on the connection level, so they could also be deployed in less isolated networks.
• Improved shutdown of components, they will now finish ongoing RPC requests.
• Improved definition of scan time spans, it's now fully flexible and customizable.
• Re-worked SSL result data structure to be more intuitive and cover everything from the latest SSLyze version.
• Implemented function to check Nmap args string vor plausibility. Nmap args entered in the web interface are now pre-checked with that function, to increase likelihood of correctness.
• Added rate limit middleware for requests to the web backend.
• Added API to web backend for external scan scope/target automation.
• Added demo user mode, where users can log in but only see what they could do there, not execute actual things.
• Implemented configuration and selection of backend database, allowing to assign different database servers to different groups.
• Credentials and some other sensitive data is now one-time viewed via the web interface if a user doesn't have certificates to send an encrypted e-mail.
• Networks exceeding Nmap's capabilities are now split into smaller subnetworks automatically.
• Added button to re-queue failed input targets back into queue within the same scan cycle.
• Fixed double submit issue where fomantic-ui events were triggering on enter in parallel.
• Added warn message to web frontend when scan agent has dedicated local limits configured.
• Upgraded all dependencies.
• Various bug fixes, refactorings, improvements and unifications.