v0.17.0

• Migrate to new workspace format. Existing workspaces are migrated automatically.
• Add pkg as a new command as a replacement for mod
• Add geo_polygon_contains, to check if a location is inside a polygon
• Improve sn0int select output
• Return true if uniq activity event is already known
• Add missing seccomp syscall (poll)
• Add str_find, str_replace and strval
• Add sn0int paths to show
• Add sn0int pkg to manage modules

v0.16.0

• Websocket functions have been added
• http_send now returns the server ip address that was used
• sqlite performance has been improved by setting PRAGMA synchronous = NORMAL
• Socket timeout support has been improved

v0.15.0

• Fix breaking changes in geoip download. GeoIP is still supported but sn0int isn't going to try to download it anymore.
• Activity logging: Allows modules to create events that are tied to a datetime and can have data tied to them. There's a proper frontend planned for this.
• Added ratelimit_throttle which behaves similar to a mutex that scripts can lock to get rate limited automatically according to the limit configured by the function arguments.
• Tab completion for sn0int repl
• Missing add subcommands have been added for urls and ports
• Minor improvements in the UI

v0.14.0

• Added a very basic sn0int repl to make script development easier
• Added improved support for apis hosted on .onions
• Added crypto currency addresses as new struct
• Added sn0int export as a command to export a workspace to json
• The target option is now exposed on the cli to run an investigation on a subset of the structs in scope, this can be used with sn0int run -t 'where id=1' foo
• Improved normalization when adding structs
• Improved date functions (there are going to be deprecation warnings on the next release)
• Added stdin_read_to_end to read all of stdin into a string
• last_seen automatically selects the most recent date so scripts don't need to check this manually
• Fixed pgp uid decoding issue
• Minor bugfixes and improvements

v0.13.0

• There is now an autonoscope engine that can automatically apply rules to exclude structs from scope when added
• quickstart and mod update are now much faster
• http_fetch and http_fetch_json have been added as a shorthand for http_send with status code validation and optionally parsing the body as json, reducing the boilerplate in a few modules
• tls support has been added to sock_connect
• pgp_pubkey can now return the primary key fingerprint and signatures
• netblocks have been added as a struct
• Modules can be listed by input source
• base64 and base32 functions have been added, with support for custom alphabets
• Startup time has been improve significantly
• noscope/scope are now exposed to the cli as sn0int noscope and sn0int scope
• set_err has been added for certain control-flow cases
• Some fields are now automatically lowercased
• Installed modules are now tagged with [installed] in the search results
• The module search got a --new flag to show only modules we haven't installed yet

v0.12.0

• Add models for ports
• Add hmac and cryptographic hash functions
• Add strftime and strptime
• Add an xml parser and processing functions
• Add more advanced workspace options
• ipv4/ipv6 is now automatically detected and set for the ipaddr model
• warn and warn_once functions have been added
• Some seccomp bugfixes

v0.11.2

• Resolve an issue on openbsd with std::env::current_exe

v0.11.1

• Fix openbsd issues in 2 dependencies
• Add missing /dev/urandom to unveil policy

v0.11.0

• Improve management of private modules
• Add support for images (including exif)
• Structs can now have blobs attached, the path can be queried with select --paths
• Improve various modules
• Add a displayname field for emails

v0.10.0

• Added accounts structs to the database
• Added breach structs to the database
• Using >= and <= in queries now works correctly
• Unknown script metadata is now non-fatal
• Improved aarch64 support
• seccomp bugfix (mremap)

Note about the registry

The registry is currently difficult to build due to an unresolved problem in Rocket, if you are interested in deploying a registry please join the #sn0int irc channel for instructions.