v0.6.0

What's Changed

• Improve packed ELF detection by @tstromberg in #71
• Update based on AcidPour analysis by @tstromberg in #67
• Improve rules based on analysis of trojan.stealer/amos by @tstromberg in #68
• Tune rules based on ua-parser-js analysis by @tstromberg in #69
• Improve suspicious eval() detection in scripting languages by @tstromberg in #70

Full Changelog: v0.5.0...v0.6.0

v0.5.0

What's Changed

It's our biggest release yet! With the latest additions, bincapz now implements all of the features you might need to monitor CI/CD artifacts. Enjoy!

New Features!

• Add 'diff' implementation (--diff flag) by @tstromberg in #51
• Add markdown rendering, refactor renderer handling by @tstromberg in #53

Improvements

• Improve rules through hCrypto analysis, update README by @tstromberg in #45
• Improve rules through laysound PyPi analysis by @tstromberg in #46
• Improve rules through Magnet Goblin analysis by @tstromberg in #47
• Make table output more concise & magical by @tstromberg in #44
• Simplify table output by @tstromberg in #48
• More rule and output tuning from local malware analysis by @tstromberg in #49
• Increase risk width by 1 to include diff marker by @tstromberg in #52
• Shorten terminal rendering width by @tstromberg in #56
• Update to latest YaraFORGE ruleset by @tstromberg in #50

Bugfixes

• test cleanup: Add tests for markdown, simple & diff by @tstromberg in #54
• Improve Markdown titles, add tests by @tstromberg in #55

Full Changelog: v0.4.1...v0.5.0

v0.4.1

What's Changed

• Make output more concise by @tstromberg in #43

Full Changelog: v0.4.0...v0.4.1

v0.4.0

What's Changed

• Rule description improvements for consistency by @tstromberg in #29
• Increase /dev/shm suspicion, more proclist rules by @tstromberg in #30
• Improve fake process name detection by @tstromberg in #31
• Improve identification of shell scripts by @tstromberg in #32
• Stream table rendering, widen values column by @tstromberg in #33
• Tune query results against Wolfi by @tstromberg in #34
• Improve rules from FreeDownloadManager analysis by @tstromberg in #35
• Improve rules from Godzilla webshell analysis by @tstromberg in #36
• Colorize risk levels in table output by @tstromberg in #37
• Show rule name for base64/xor content by @tstromberg in #38
• table output: separate matching values with newlines by @tstromberg in #39
• Improve rules from Platypus/Termite inspection by @tstromberg in #40
• Improve rules from Stealthworker inspection by @tstromberg in #41
• Improve PHP/Python/NodeJS rules through BSKC analysis by @tstromberg in #42

Full Changelog: v0.3.0...v0.4.0

v0.3.0

What's Changed

• Improve SSH worm detection by @tstromberg in #17
• Add rules for tools within D3m0n1z3dShell by @tstromberg in #18
• Improve detection for Hugging AI backdoor & ChinaZ_Managers by @tstromberg in #19
• Rename --only-programs to include-data-files by @tstromberg in #20
• Improve rule description output for samples by @tstromberg in #21
• Improve table presentation, add generic rules by @tstromberg in #22
• Update out-of-date README.md by @tstromberg in #23
• Add RuleLicense to JSON output by @tstromberg in #24
• Upgrade Yara FORGE data to 20240303 by @tstromberg in #25
• Omit empty fields from JSON/YAML output by @tstromberg in #26

Full Changelog: v0.2.0...v0.3.0

v0.2.0

What's Changed

• Port remaining rules from yara-defense-kit by @tstromberg in #3
• Return an error for nonexistent scan paths by @tstromberg in #4
• Make all combo/ rules a minimum of notable by @tstromberg in #5
• Use rule name for descriptions, limit key length by @tstromberg in #6
• Add --omit-empty flag, force-wrap output strings by @tstromberg in #7
• Simplify existing rules by @tstromberg in #8
• rules: Tune down false positives by @tstromberg in #9
• Add --only-programs flag by @tstromberg in #10
• Add hostinfo_collector rule by @tstromberg in #11

New Contributors

• @tstromberg made their first contribution in #3

Full Changelog: v0.1.0...v0.2.0

v0.1.0

Oh hey, it's the first release! Recent enhancements:

• Recursive directory walking
• YARA Forge support

Full Changelog: https://github.com/chainguard-dev/bincapz/commits/v0.1.0