This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Docsy Blog

This is the blog section. It has two categories: News and Releases.

Files in these directories will be listed in reverse chronological order.

News About Docsy

Time to follow the Hype

There have been no updates and commits for vulnman for some time now.

The reason is that the focus was moved to rebuild everything from scratch and follow the hype of modern frontend frameworks like VueJs. During last month, I completly rewritten the backend part into a REST-API, learning VueJs and build a - hopefully not so ugly - new frontend.

vulnman will be deprecated once the new tool will be available. The new version will have more advantages and can be easily integrated into other tools using its REST-API. The database schema is a bit more flexible, more code reuse and other improvements in maintance. There will be filters, searches and ways to order findings, projects and more, which was not done in original vulnman.

But be warned, I am not a developer and certainly not a frontend developer. ;)

The next version will be completly free and open source too.

If you have ideas for new features, improvements or want to contribute to the new tool before it is going public, feel free to reach out to vulnman-project dot riseup dot net.

Current Development Status

This post is intended to give a brief summary of the current development processes and ideas in vulnman.

Currently the focus is on implementing and improving the “Responsible Disclosure” application. There have been some bug fixes and UI improvements here.

In addition, preparations are underway for new user roles that will be able to log in and use vulnman in the future. Using the “Responsible Disclosure” application as an example, we are thinking of developers of the software in question. These should be able to be invited in the future and thus receive a release for the corresponding vulnerabilities.

A few other quick updates:

We have already implemented our own user model. This is a breaking change to version 0.3.0. Data from version 0.3.0 will probably not be migratable. However, this change will allow us more flexibility in the future.

User profiles already exist. These are currently still minimalistic, but the base is already done. Pentester profiles are public and should be able to be changed to private in the future.

Soon there will be a first implementation of a comment function under vulnerabilities in the RD.

The page a user sees after login will differ per user role.

These will be by and large the changes in the next release.

See you soon.

New Documentation

The vulnman documentation got a new home.

New Releases

First Release Candidate for v0.4.0 is ready.

Release v0.4.0-rc1 out now!

It’s been a while since there have been any updates on vulnman. Here is the first release candidate for v0.4.0.

There were many changes and the following list is just a small summary what is coming in the new release:

  • Users can delete their accounts.
  • many UI improvements (hopefully)
  • rewritten handling of vulnerability scoring, which adds a new score for the OWASP Risk Rating.
  • deleting and editing report versions
  • Fix: 403 Forbidden when trying to create a new log entry in the BugHunting application.
  • Rewritten report generator to be fully customizable with a bit of Python and web dev skills.
  • Customers can be invited to vulnman and invited to projects.
  • Users can reset their password
  • Primary development migrated to Gitea. However, Github remains active for the time being.
  • drop official docker support!

Happy testing!