v1.0.4

v1.0.4

🐛 Bug Fixes

POC Execution Improvements

• Fixed variable replacement in expression evaluation
• Added complete vulnerability information in scan results
• Fixed bytes() function handling in expressions
• Added proper CVEID and Type in POC results

Expression Evaluation

• Fixed the logic for multiple rules evaluation (now requires all rules to match)
• Improved variable substitution in bytes() function calls
• Enhanced debug logging for expression evaluation

🔍 Technical Details

The main improvements focus on:

1. Variable handling in POC expressions
2. More accurate vulnerability detection
3. Complete vulnerability information in results

📝 Notes

This release improves the accuracy and reliability of vulnerability detection by fixing several core issues in the POC execution engine.

What's Changed

• dev_fix_conflict_for_1122poc by @YGHS4 in #5

Full Changelog: v1.0.3...v1.0.4

v1.0.3

Release v1.0.3

Changes

• Enable vulnerability scanning with content-type detection
• Add support for response.content_type.contains() rule evaluation
• Remove debug print statements for cleaner code

Improvements

• Enhanced detection capabilities with content-type checking
• More accurate vulnerability scanning
• Cleaner code output

Full Changelog: v1.0.2...v1.0.3

v1.0.2

Release v1.0.2

Bug Fixes

• Fix duplicate vulnerabilities in JSON output
• Update POCResult struct with proper JSON tags
• Implement proper deduplication in processResults
• Convert vulnerability field names to lowercase in JSON output
• Add missing service.go changes for vulnerability collection

Changes

• Optimize vulnerability collection from ports
• Improve JSON output format
• Complete implementation of vulnerability processing

What's Changed

• dev_add_20_fg by @YGHS4 in #3
• add_fir by @zcv19 in #2

New Contributors

• @YGHS4 made their first contribution in #3

Full Changelog: v1.0.1...v1.0.2

v1.0.1

v1.0.1

Migrated to Go 1.16+ embed feature for better resource management:

• Embedded Lua plugins into binary
• Embedded fingerprint files into binary
• Removed dependency on external resource files

Benefits:

• Simplified deployment: No need to distribute resource files separately
• Improved reliability: Eliminated potential file path and loading issues
• Better portability: Single binary contains all necessary resources

Note: Requires Go 1.16 or higher for compilation

Full Changelog: v1.0.0...v1.0.1

v1.0.0

ZScan v1.0.0

🎉 First stable release of ZScan - A powerful security scanning tool written in Go.

🚀 Features

• Multi-platform support (Windows, Linux, macOS)
• Configurable scanning options
• Plugin system for extensibility
• GeoIP integration support
• Censys data enrichment capability
• YAML-based configuration
• JSON fingerprint support

📦 Binary Downloads

Pre-built binaries are available for:

• Windows (amd64)
• Linux (amd64)

💡 Usage

zscan -target example.com -config config.yaml

📋 Configuration

Default configuration files are included in the release:

• config/config.yaml
• config/fingerprints.json

🔍 Library Usage

ZScan can also be used as a Go library:

import "github.com/zcyberseclab/zscan/pkg/stage"

📝 Notes

• Requires Go 1.23.2 or later
• Configuration files must be in the same directory as the binary
• API keys for Censys integration should be set via environment variables or CLI flags