Glenn Wilkinson
8776694aa2
Merge pull request #1946 from glennzw/arb-events
...
Custom Events - Local Branch
2020-08-25 14:25:04 +01:00
Jordan Wright
b01bd6cbc0
Updated github.com/jordan-wright/email dependency
2020-08-24 13:15:16 -05:00
Jordan Wright
6df62e85fd
Added a simple Content-Security-Policy to mitigate clickjacking attempts.
2020-08-20 10:39:23 -05:00
Jordan Wright
e3352f481e
Implement SSRF Mitigations ( #1940 )
...
Initial commit of SSRF mitigations.
This fixes #1908 by creating a *net.Dialer which restricts outbound connections to only allowed IP ranges. This implementation is based on the blog post at https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang
To keep things backwards compatible, by default we'll only block connections to 169.254.169.254, the link-local IP address commonly used in cloud environments to retrieve metadata about the running instance. For other internal addresses (e.g. localhost or RFC 1918 addresses), it's assumed that those are available to Gophish.
To support more secure environments, we introduce the `allowed_internal_hosts` configuration option where an admin can set one or more IP ranges in CIDR format. If addresses are specified here, then all internal connections will be blocked except to these hosts.
There are various bits about this approach I don't really like. For example, since various packages all need this functionality, I had to make the RestrictedDialer a global singleton rather than a dependency off of, say, the admin server. Additionally, since webhooks are implemented via a singleton, I had to introduce a new function, `SetTransport`.
Finally, I had to make an update in the gomail package to support a custom net.Dialer.
2020-08-20 09:36:18 -05:00
Jordan Wright
27d13a0584
Gofmt'ing so that tests pass
2020-08-15 10:31:49 -05:00
Glenn Wilkinson
1adfc323b4
Small fixes
2020-08-12 12:30:41 +01:00
Glenn Wilkinson
ee2d7398a7
Updated naming scheme from Arbitrary Events to Custom Events
2020-08-12 12:02:13 +01:00
Jordan Wright
735880c398
Creating minified JS file from chnages in #1909
2020-08-08 15:04:59 -05:00
Glenn Wilkinson
0558da90fe
Added support to allow invalid IMAP certificates ( #1909 )
...
This commit allows self-signed certificates to be used in upstream IMAP connections.
2020-08-08 15:03:42 -05:00
Glenn Wilkinson
f5509a56c2
Added support for pie charts for arbitrary events
2020-08-08 20:34:38 +01:00
Glenn Wilkinson
f212c13375
Fixed refresh bug whereby new arbitary event properties weren't being imported
2020-08-07 22:27:02 +01:00
Glenn Wilkinson
c8abed4896
Added initial functionality to allow arbitrary events
2020-08-07 20:51:25 +01:00
Jordan Wright
90fed5a575
Added escaping for error message in sending profile hostname
2020-08-06 22:21:41 -05:00
dependabot[bot]
81aa65ba62
Bump elliptic from 6.4.1 to 6.5.3 ( #1919 )
...
Bumps [elliptic](https://github.com/indutny/elliptic ) from 6.4.1 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases )
- [Commits](https://github.com/indutny/elliptic/compare/v6.4.1...v6.5.3 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-08-02 21:08:49 -05:00
Andrew
da18b9db94
Update credentials in Readme. ( #1914 )
...
The credentials were listed as admin/gophish, but this changed in v0.10.1, as per: https://docs.getgophish.com/user-guide/getting-started
2020-07-28 20:35:40 -05:00
Jordan Wright
b684fb4ebd
Fixing issue where campaigns aren't showing up in the archived tab if they have been marked as completed.
...
Fixes #1892
2020-07-25 14:47:37 -05:00
Jordan Wright
65f06c138f
Create SECURITY.md
...
Add a very high-level SECURITY.md
2020-07-24 23:14:29 -05:00
Jordan Wright
19ef924d89
Properly escaping server output when a request is made to ping a malicious webhook URL.
...
Fixes #1901
2020-07-24 23:04:55 -05:00
Jordan Wright
b25f5ac5e4
Updated PapaParse config to prevent CSV injection.
...
I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software.
When a new PapaParse release is created, I'll update this code to use the updated minified file.
2020-07-24 22:44:24 -05:00
Jordan Wright
4e9b94b641
Fixed validation when setting IMAP hostname
2020-07-17 22:40:10 -05:00
Jordan Wright
cf7d058f1d
Fixed config test to match new default logger
2020-07-17 22:23:44 -05:00
Jordan Wright
1c5ad85de1
Added handling for default logger if one is not specified. Fixes #1899
2020-07-17 22:14:04 -05:00
dependabot[bot]
f2042de3bc
Bump lodash from 4.17.15 to 4.17.19 ( #1898 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-07-17 22:09:17 -05:00
Stuart Small
afa00e2a9c
Add ability to provide initial API key on service standup ( #1883 )
2020-07-01 22:06:31 -05:00
Jordan Wright
bf76f86ea4
Adds environment variable to set the initial admin password
...
This change adds a `GOPHISH_INITIAL_ADMIN_PASSWORD` environment variable so that system administrators can set the initial admin password rather than having it randomly generated. This is especially useful in automated deployment scenarios, or scenarios using Docker (ref #1876 , #1874 )
2020-06-25 08:31:28 -05:00
Jordan Wright
bb7de8df3e
Initial Implementation of a Password Policy ( #1867 )
...
This PR adds the initial work to implement a password policy as defined in #1538 .
Specifically, this implements the following
* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password
Fixes #1538
2020-06-19 22:03:51 -05:00
Jordan Wright
0f6439de5a
gofmt'ing the IMAP changes
2020-06-16 20:13:24 -05:00
Jordan Wright
61bbb22f7c
Updating the modules used for IMAP and email support
...
$ go get -u github.com/jordan-wright/email
$ go build
$ go mod tidy
2020-06-16 20:10:12 -05:00
Glenn Wilkinson
6f95da00ba
IMAP update; new library and attachment support ( #1791 )
...
Updates the IMAP processing to use a more mature library. This allows for more robust IMAP support.
Additionally, this adds support for reporting emails as attachments.
2020-06-16 20:02:09 -05:00
Jordan Wright
8ebdb43469
Documentation and code cleanup for webhooks
2020-06-13 13:44:20 -05:00
Jordan Wright
ec8b17238e
General code cleanup as part of an effort to integrate staticcheck into our CI pipeline.
2020-05-25 21:46:36 -05:00
Jordan Wright
0961e22126
Removed unneeded print statement
2020-05-25 20:55:00 -05:00
Jordan Wright
782f80fa12
Bumped version to 0.10.1
2020-05-24 22:26:48 -05:00
Jordan Wright
b57210f6e7
Rebuilt JS files from #1812
2020-05-24 22:24:57 -05:00
Jordan Wright
520b0b8d87
Initial commit of automatic releases via GitHub Actions.
2020-05-24 21:53:38 -05:00
Jordan Wright
ba38bfdbdd
Bumped version to 0.10.0
2020-05-24 21:49:40 -05:00
Jordan Wright
b29544c208
Rebuilding JS files from #1838
2020-05-23 12:56:18 -05:00
Prasoon Dwivedi
353639e168
Use GroupsSummary to create and copy campaign ( #1838 )
...
The Groups (get all groups and associated targets) call is used while
loading the modal for creating and copying a campaign. As the Groups API gets
all the associated targets for a groups as well, it slows the system
considerably if there are large number of groups and targets (~200
groups each with ~100-10000 targets).
As targets are not really needed in this workflow, this call can be
replaced by the GroupsSummary call.
2020-05-23 12:51:43 -05:00
Jordan Wright
726e3c96ac
Rebuilding JS files from #1830
2020-05-08 21:02:05 -05:00
Prasoon Dwivedi
40b77840f5
Add favicon ( #1831 )
...
Added favicon image and corrected the path to the favicon
2020-05-08 21:00:22 -05:00
Prasoon Dwivedi
116c2a7e7e
Load datatable rows all at once ( #1830 )
...
This change modifies how we populate DataTables to draw the table only once vs. drawing it when we add each new row. This should result in tables loading quicker.
2020-05-03 22:03:58 -05:00
Glenn Wilkinson
38a6a77c9c
Added ability to allow admin to 'su' to other accounts ( #1812 )
...
* Added ability to allow admin to 'su' to other accounts
* Naming convention and user message modifications
* Removed debug statement
2020-04-27 18:19:20 -05:00
Prasoon Dwivedi
26e82cb2e3
Add capability to run the binary in a mode ( #1817 )
...
These commit includes changes to start the server as one of admin (also
IMAP) or phish server. Before this change the servers used to run in
monolith this change will decouple the two core component i.e. admin
and phish server so that they can be run independently.
This will help where admin and phish server are required to run
saperately e.g. phish server runs in a DMZ.
The available modes are `admin`, `phish` and `all`. Running the binary
in the `admin` mode will start the admin and IMAP server, while running
the binary in the `phish` mode will start the phish server. `all` mode,
which is also the default mode will start admin, IMAP and phish servers.
e.g. `go run gophish.go --mode admin`
2020-04-26 22:51:39 -05:00
Jordan Wright
a0e8c4a369
Added optional csrf_key to config to better support H/A configurations. Fixes #1816 . Fixes #1820 .
2020-04-23 23:16:44 -05:00
Jordan Wright
07b46d226a
Updated the TLS configuration.
...
This commit removes support for the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA and TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ciphers. It also removes support for CurveP384. This is to match up with recommendations given by Cloudflare [0], Mozilla (the "Intermediate" compatibility) [1], and referencing the default ciphers in Caddy [2].
[0] https://blog.cloudflare.com/exposing-go-on-the-internet/
[1] https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
[2] 008415f206/caddytls/config.go (L492)
Here is the diff of running testssl against the old and new configurations:
```
git diff --no-index -- old.txt new.txt
diff --git a/old.txt b/new.txt
index fc624a1..53d0c97 100644
--- a/old.txt
+++ b/new.txt
@@ -13,11 +13,11 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna
###########################################################
Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
- on 4831dc55e53f:$PWD/bin/openssl.Linux.x86_64
+ on 41ae723da66a:$PWD/bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")
- Start 2020-03-28 02:54:41 -->> 192.168.65.2:3333 (host.docker.internal) <<--
+ Start 2020-03-28 03:15:21 -->> 192.168.65.2:3333 (host.docker.internal) <<--
rDNS (192.168.65.2): --
Service detected: HTTP
@@ -41,15 +41,14 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered (OK)
- Obsolete: SEED + 128+256 Bit CBC cipher offered
+ Obsolete: SEED + 128+256 Bit CBC cipher not offered
Strong encryption (AEAD ciphers) offered (OK)
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
- PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256
- ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA
- Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519
+ PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
+ Elliptic curves offered: prime256v1 X25519
Testing server preferences
@@ -58,7 +57,7 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna
Negotiated protocol TLSv1.3
Negotiated cipher TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
Cipher order
- TLSv1.2: ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA
+ TLSv1.2: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256
TLSv1.3: TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_256_GCM_SHA384
@@ -125,7 +124,7 @@ docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.interna
no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) no SSL3 or TLS1 (OK)
- LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
+ LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
@@ -136,50 +135,48 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
+ LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
@@ -136,50 +135,48 @@ Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Ciphe
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Running client simulations (HTTP) via sockets
- Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
+ Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Android 5.0.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Android 7.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
- Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
+ Android 7.0 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
+ Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
Android 9.0 (native) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
- Chrome 65 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
+ Chrome 65 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
Chrome 74 (Win 10) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
- Firefox 62 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
+ Firefox 62 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
- IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
- Edge 17 (Win 10) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
+ IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
+ IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
+ IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
+ IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
+ Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
+ Edge 17 (Win 10) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
Opera 60 (Win 10) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
- Safari 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
+ Safari 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
+ Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
+ Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Safari 12.1 (iOS 12.2) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
- Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
+ Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Java 6u45 No connection
Java 7u25 No connection
- Java 8u161 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
+ Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_128_GCM_SHA256, 256 bit ECDH (P-256)
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_128_GCM_SHA256, 256 bit ECDH (P-256)
- OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
- OpenSSL 1.1.0j (Debian) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
+ OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
+ OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
+ OpenSSL 1.1.0j (Debian) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
OpenSSL 1.1.1b (Debian) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
Thunderbird (60.6) TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
- Done 2020-03-28 02:57:48 [ 189s] -->> 192.168.65.2:3333 (host.docker.internal) <<--
+ Done 2020-03-28 03:17:25 [ 128s] -->> 192.168.65.2:3333 (host.docker.internal) <<--
```
Fixes #1698
2020-03-27 22:25:18 -05:00
Jordan Wright
138b486b2f
Caching the campaign for those that are launched immediately. This is related to #1726
2020-03-27 21:29:41 -05:00
Paul
c5c1e6ff68
Updated the Ansible role ( #1786 )
2020-03-22 12:55:52 -05:00
Jordan Wright
118d9899d6
Updated minified scripts from #1772
2020-03-15 12:41:19 -05:00
Paul Werther
c0be58aa3d
Add "mark as reported" to results table ( #1772 )
...
This commit adds the ability to mark a result as reported directly from the campaign results view.
2020-03-15 12:38:51 -05:00
dependabot[bot]
053b998b84
Bump acorn from 6.1.1 to 6.4.1 ( #1785 )
...
Bumps [acorn](https://github.com/acornjs/acorn ) from 6.1.1 to 6.4.1.
- [Release notes](https://github.com/acornjs/acorn/releases )
- [Commits](https://github.com/acornjs/acorn/compare/6.1.1...6.4.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-03-15 12:33:49 -05:00