atk > download > changelog

Last update: 2005/01/23 by Marc Ruef

Changelog

The following list shows the made and planned changes of the different ATK releases you are able to download here:

Already published versions

ATK 4.1, bugfixes for the last major release, not yet released, approx. 2005/02/11

Fixed the resizing problem of the ProgressBar in the main frame after resizing with Windows XP designs.
Replaced, whenever possible, the Default and Cancel buttons with a form key press preview function.
Corrected a problem with the date format.
Fixed the tab select order in the configuration frame.
Added the sorting and re-sorting of the listview in the reporting frame.
Fixed a run-time error due a double click in an empty listview.

ATK 4.0, enhancement and improvement of the reporting, 2005/01/11

Splitted some of the modules (e.g. ATK read and export). Also splitted the report handling and report templates handling into two modules.
Replaced all vbCrLf with vbNewLine - Because these are a bit faster.
Optimized some of the string functions (e.g. Mid and LCase).
Renamed ParseATKPluginTag to ParseAMLTag. AML is the new name for the whole XML based plugin and suggestions structure.
Improved the speed of the XML tag parsing; especially if small plugins are loaded.
Improved the possibility of parsing the XML tags case insensitive (liberate).
Really introduced the application_response_directory.
Added the procedures for handling the external plugin editor.
Added a tagging routine and editing check in the configuration frame as like in the Attack Editor.
Added the ToolTipText for the TabStrip sheets.
Replaced al directory boxes with usual textboxes in the configuration frame.
Added a browse and default button for all the directory textboxes in the configuration frame.
Added a routine to check a given path in the configuration. Bad path names are reported with red textboxes.
Added the elements and procedures for handling the external plugin editor.
Fixed a run-time error if a minor number in the plugin_version in the Attack Editor is missing.
Also fixed a run-time error if a mail address field lost its focus and is empty.
ASL suggestions for new commands added.
Fixed a bug in the pluginslist routine of the Plugin AutoUpdate. The first item was not checked because the checking started with 1 instead of 0.
Completely replaced and improved the reporting feature.
Also improved the plugin to html export feature.
Made the first preparations for the new reporting functionality in 4.0.
Added a html sanitizing routine to prevent html errors (e.g. xss attacks).
Added the Reports menu item and icon by Pascal Widmer.
Changed the frame boarder style to sizeable and added the resize sub in the report configuration frame.
Completely replaced the reporting template routines.
Fixed a bug in the report listview if a command button is pressed and no index is selected.
Re-ordered the available positions in the report configuration alphabetically.
Added a function to focus the new line of the example report after adding a new tag.
Also added the possibility of double clicking urls to open them in the browser.
Introduced a NSR (Nessus Report) reporting feature. This allows an import and re-generation of an ATK reports in Nessus.
Re-introduced and improved the Nessus NASL functionality. It is now possible to use the most of the pattern matching Nessus NASL plugins.
Added the feature to load and show the latest nasl plugin if nasl plugins are available.
Replaced the old Nessus plugins URLs with the new ones.
Optimized the visualizing routines in the Attack Visualizing.
Added the source and destination ports in the listing.
Added the printing of the pattern during pattern matching.
Fixed a bug with a listing misorder (pattern matching after vulnerability found.
Fixed a source/destination misorder during data receiving.
Improved the (speed of the) suggestions handling.

ATK 3.1, bugfixes for the last major release, 2004/11/27

Fixed a bug in the dns module. Especially asian/chinese users should upgrade to this release. See the news for more details.
Added a routine to show also the plugin loading progress in the splash screen.
Fixed an error with the progress bar value during loading of the plugins.
Updated the icons for packetstormsecurity.org and securiteam.com.
Added a small update checking routine for the software.

ATK 3.0, introduction of the exploiting procedure and the Plugin AutoUpdate, 2004/11/14

Enhanced the splash screen with more information.
Changed the appearance of the progress bar of the splash screen.
Added a modular and centralized error message routine that is faster and smaller than the older approaches.
Added the plugin search.
Fixed a bug in the sending command. It was not possible to use several new lines in one single send command. Also increased the speed of the send command.
Added the run command to let the ATK run shell based commands.
Deleted the plugin_trigger element and all procedures and elements that were using this plugin data.
The normal plugin procedure is now able to handle the whole trigger savings and analysises.
Put the increasing of the status bar after a command has been run. This prevents the software from beeing showing 100 % has reached but the last command is running.
Fixed some errors if a special mouse click sequence is sent and if no treeview element is selected. The whole checking should also be faster than the old.
Changed the context menu popup to a mouseup event.
Optimized and centralized the routine for resorting entries in listview elements.
Added the possibility of opening web URLs by double clicking a http link in the plugin overview.
Optimized the form resize procedure of the main frame to be a bit faster.
Added default cancel buttons in the whole project. Most sub-frames can be closed by clicking the esc button now.
Added a better freeze frame handling for more resource intensive procedures.
Fixed the File/New function in the Configuration frame.
Deleted all not needed nor supported elements.
Added the error message behavior if the target specifying is wrong.
Enhanced and bugfixed the whole logging.
Added the update features for the AutoUpdate.
Fixed a bug if opening the report configuration within the configuration.
Added the menu file open function to open specific/other configuration files.
Added the menu save as function to save specific/other configuration files.
Fully enhanced and re-sorted the configuration file output. We are now using a Unix/Linux conf file format that allows commenting out lines by using the #
Added the tab and routines for the online help configuration.
Fixed the vbModeless bug if the Attack Editor is opened via the treeview.
Changed the placing of the attack procedure fields in the Attack Editor.
Deleted the today buttons to save elements. The double click in the textboxes is the only remaining possibility of fetching todays date.
Added the double click feature for the plugin updated fields to fetch the data from the plugin created textboxes.
Added the command wizard for adding pattern_not_exists.
Added the wizard for adding the run command.
Optimized (speed) the centralized routines for the add command wizard.
Corrected an error if the port wizard is used but the port textbox is not visible.
Fixed the remaining errors during using a wizard and if the setfocus element is not visible.
Added/corrected the textbox to listbox conversion of the new procedures.
Improved the speed of most of the wizards.
Enhanced the HTTP GET template to be more accurate.
Added the forgotten click event for the US-CERT TA.
Replaced all useless functions with normal subs.
Introduced the Plugin AutoUpdate function. This one replaces the old ZIP download of the latest ATK plugin repository.
Added a routine for the plugin autoupdate which detects new plugins. Only in this case the new available plugins are loaded.
Enhanced the logging. Introduced a security level as like used in syslog to determine the severity of a log entry.
Added the whole procedures for handling the new logging security levels in the log frame.
Corrected the procedure to show the last log file.
Added the possibility of resizing this sub form.
Replaced the keypress events with the default/cancel properties in the Attack Visualizing frame.
Added the tab and frame for the PayPal donation in the about frame.
Added the possibility of independent resizing, minimizing and maximizing of the log frame.
Added/corrected the procedure to show the last log file in the log frame.
Added a modular procedure to actualize the log frame in real-time.
Fixed the hidden painting copyright information in the about alien picture.
Resorted and reordered the whole graphical elements in the about frame.
Added an online help for every functional frame.
Added the html title tag for description and comments in the main html file.
Fixed the bug with the missing space in the title link.
Shortened the title information for the plugin comments.
Changed the misc source link to not using the search engine.
Cut off the whole Nessus support. Sorry, I know, it is very sad. But this this is just for this version because the Nessus support was not working correctly and I did some major changes in the whole internal software concept.

ATK 2.1, bugfixes for the last major release, 2004/09/10

Deleted the individual plugin context menu in the main frame. Instead using the plugin menu point also as context menu.
Added the plugin option to open a plugin with an external editor (e.g. notepad.exe).
Eliminated a crash if the context menu in the plugin treeview should be opened but no node is selected.
Changed the configuration menu entry and added the option to edit the toolbar.
Eliminated a problem if customized toolbar menus are used.
Added a percent status message in the status bar.
Eliminated an error with the statusbar during full audits.
Fixed a problem with the statusbar if 200 or more plugins are loaded.
Added a checking routine to prevent the loss of unsaved data in the attack editor. The warning message and the responses have changed!
Added a better error checking routine for CVE names.
Corrected a nasty bug in handling the checkbox for remote vulnerability.
Corrected a bug in the wizard for the send command. All length of parameters are now computed correctly.
Optimized the wizards to prevent unsaved changes.
Optimized the wizard for HTTP GET requests. It was possible to delete the first sleep command.
Added Directory Traversal in the Class ComboBox in the attack editor (no icon yet!).
Changed the whole SecurityTracker.com from URL to ID handling. This affects many internal parts of ATK 2.x!
Increased the length of the textbox for plugin comments. It seems to be needed.
Added some additional data that is going to be filled in a plugin if the fields are empty (e.g. literature and misc source).
Enhanced the Plugin2HTML export. The mailto tags are now providing a mail body template.

ATK 2.0, replaced and optimized the main parts, added a few new features and plugin fields, 2004/08/31

Added a startup splash screen.
Changed the main layout.
All useless elements with the old listview fall away. Also the plugin overview is not made of labels anymore - Instead we are using a single textbox.
The plugins were listed as a listview in 1.x - Now there used to be a treeview.
New icons - made by Pascal Widmer - are used.
Changed the main frame menu completely.
Exliminated the showing of the wrong plugin id if a new plugin is selected.
Important sub-frames are now showed modal to prevent the unwanted hiding of a sub-frame.
Added a warning message if full audit is selected.
Alerting is introduced to popup a message if a vulnerability is (not) found.
Active speech is introduced to let the application say the most important states (e.g. starting a scan, finishing a scan, found a vulnerability).
Changed the layout of the internal plugin editor.
Added a wizard in the internal plugin editor to create solutions easily.
Moved the field for the plugin family (plugin_family) in the internal editor from Plugin Information to Description.
Added sub-fields for the person who published the vulnerability (bug_published_name, bug_published_email, bug_published_web, bug_published_company).
Added sub-fields for the person who created the plugin (plugin_created_name, plugin_created_email, plugin_created_web).
Added sub-fields for the person who updated the plugin (plugin_created_company, plugin_updated_name, plugin_updated_email, plugin_updated_web, plugin_updated_company).
Added tooltiptexts for the field names in the internal attack editor.
Added many new sources and changed some names of old source fields.
Added a logging option and frame.
Added a real-time attack visualizer.
Optimized a few computations with arrays.

ATK 1.0, initial public release, 2004/02/18

Initial public release.

Road-map for upcoming releases

This is the road-map for the upcoming releases of the ATK. Here I note the features I want to implement in the different major releases. These are not promised and planned only. Also the releases dates are just predicting values that may change during time.

ATK 5.0, automated scanning of large environments, not yet released, approx. 2005/05/01

Planned: Scanning of multiple targets (e.g. IP ranges or multiple host names)
Planned: Scanning of specific categories (e.g. cross site scripting and SQL injection attacks only)
Planned: Scripting of scannings (e.g. starting at 10:00 pm, running some web server checks and sending the html report as email at 10:30 pm)
Planned: Improvement of the ATK scripting language to garant more flexibility (e.g. function for creating buffer overrun strings)

ATK 5.1, bugfixes for the last major release, approx. 2005/07/01

Planned: Bugfixes for the last major release

ATK 6.0, improvement of enumeration and scanning, approx. 2005/10/01

Planned: Very clear re-organisation of the whole scanning processes (e.g. first mapping, then portscanning, enumeration and finally scanning or exploiting)
Planned: Introduction of an enumeration database (e.g. OS and application fingerprinting) for a faster and better silent check model

ATK 6.1, bugfixes for the last major release, approx. 2006/01/01

Planned: Bugfixes for the last major release