Release Notes

What's new in PhantomYerra, full version history, new capabilities, performance improvements, and fixes.

Auto-Update: PhantomYerra checks for updates on every launch and every 4 hours. When a new version is available, an update banner appears in the top bar - click Download to fetch in the background, then Restart & Install when ready.
v45.1.15 2026-04-16
Latest
Pentester Assistant · Evidence Auto-Seal (RFC 3161) · Deterministic Attack Chain · Draft-Test AI Keys
  • NEW Live Pentester Assistant. A chat panel on every running scan. Tell it about hidden endpoints, business-logic flows, or test credentials — it suggests targeted scope expansions (admin paths, API discovery, JWT tests, BOLA enumeration, race conditions, subdomain recon) with one-click "Add to scope". Works offline with built-in pentest knowledge; AI-enhanced when a provider is configured. Replaces the previously-unused Tools panel.
  • NEW Evidence Auto-Capture with RFC 3161 Seals. Every confirmed finding now auto-persists request snippet, response snippet, proof-of-concept, and raw tool output as Evidence rows with SHA-256 hashes and RFC 3161 timestamps (soft-timestamp fallback when TSA is unreachable). The Evidence tab finally populates for every finding — legal-grade chain of custody, no manual step required.
  • NEW Deterministic Cross-Scanner Attack Chain. At scan completion, PhantomYerra unconditionally correlates findings across SAST, DAST, and fuzzer scanners — mapping source sinks to exploitable endpoints, confirming via fuzzer crash data, and persisting the full chain to disk. No longer dependent on AI choosing to build it. Available at /api/scans/{id}/attack-chain.
  • NEW Raw Tool Execution Log. A new "Logs" tab on the scan dashboard shows every tool's lifecycle (started/completed/failed/crashed), raw stdout, stderr, and exit codes — live, per-tool, filterable. Pentesters can see exactly what ran and what it produced, not just summarized findings.
  • NEW Draft-Test AI Provider Keys. A new Test button in AI Configuration validates the key you're currently editing BEFORE you Save & Activate. No more committing a bad key and finding out at scan time. Works for all 8 providers, including Ollama/LM Studio endpoint probing. The activated provider switches immediately — all scans, Ask AI, and assistant calls route through the new key from the moment you save.
  • NEW Use Default Platform Key. When your enterprise license includes a platform-default AI key, a single click switches to it and clears any custom key. Perfect for standardized team deployments.
  • NEW Honest Report Generation Progress. Report downloads now surface a live multi-phase progress modal (gathering evidence, correlating CVEs, building narrative, rendering pages, signing + packaging) with filename and size on success. No more silent "downloaded" spinner that felt fake.
  • FIX Live Scan Dashboard Unblocked. The Console view, Live Activity, top vulnerability counters, and sidebar active-scan chip all now update in real time during scans. A WebSocket state-machine issue previously left the UI stuck at "CONNECTING" even when events were arriving.
  • FIX CLI Terminal Connects. The in-app CLI terminal now connects cleanly; a Content Security Policy mismatch previously blocked the WebSocket handshake silently.
  • FIX Re-test Flow Works End-to-End. Finding Re-test (formerly Replay Lab) no longer errors on the request lookup. The response is saved as fresh evidence automatically. Plain-language labels throughout ("Run Test", "Session Token", "What we'll send") replace pentester jargon.
  • FIX Global Findings & Sidebar Counts Live. The Findings page polls every 5 seconds and correctly excludes soft-trashed entries. Active Projects / Completed badges in the sidebar reflect true counts.
  • FIX Encrypted Backup Works. Backup now auto-resolves its encryption password from the license (org-rotated) with a safe default fallback. "Row is not defined" error eliminated via obfuscator-safe refactor. 5 round-trip tests confirm encrypt / restore / wrong-password-rejects.
  • FIX Ollama Activation Never 500s. Save & Activate on Ollama / LM Studio surfaces a structured error with remediation hint instead of an opaque "Internal server error" when the local endpoint isn't reachable.
  • PERF All Scanner Families Ship Mandatorily. Every scanner family (Playwright + Chromium binary, scapy, frida, semgrep, binwalk, androguard, bandit, impacket, pymodbus, paho-mqtt, python-can, pyserial, pyusb, tree-sitter, z3) now installs as a single mandatory pass — no best-effort Phase 2 that could silently skip tools. "Tool not installed" errors at scan time are eliminated.
v45.1.11 2026-04-16
Zero-Day Detection Suite (11 Engines) · Ask PhantomYerra Hero · 7-Provider AI Chain · 87+ Engine Arsenal
  • NEW Zero-Day Detection Suite — 11 Dedicated Engines. An entirely new class of security analysis: 7 SAST zero-day engines (interprocedural taint flow, race condition detection, crypto oracle analysis, auth chain analysis, deserialization gadget finding, supply chain analysis, AI adversarial scanning) plus 4 Mobile zero-day engines (DEX bytecode analysis, intent fuzzing, WebView bridge exploitation, IPC violation detection). These engines find vulnerabilities that have never been assigned a CVE — they detect logic-level flaws invisible to pattern-based scanners.
  • NEW Ask PhantomYerra (AI Pentester) — Redesigned Hero. The home screen now features a full hero section with "Ask PhantomYerra (AI Pentester)" identity, gradient background, glowing bot icon, and 6 capability chips. The interaction bar is larger, more prominent, and surfaced as the primary entry point to the platform.
  • NEW 7-Provider AI Chain. The AI engine now routes through 7 providers in priority order: Anthropic → OpenAI → Google → Groq → Together → Ollama → LM Studio. Automatic failover with graceful degradation — scans never fail due to a single provider being unavailable. Groq and Together add ultra-low-latency options; Ollama and LM Studio support fully air-gapped deployments.
  • PERF 87+ Engine Arsenal. Total engine count grows from 76 to 87+: 10 SAST engines (3 original + 7 zero-day), 6 Mobile engines (2 original + 4 zero-day), plus 14 Web, 21 Recon/OSINT, 10 Network, and more across 16 surfaces. All 11 zero-day engines are non-fatal — a single engine failure never aborts the parent scan.
  • NEW Scan Config Persistence. All 60+ wizard fields are now saved to the scan database on every scan start. The "Scan Configuration" panel is shown for all scan types — not just Ask AI. Completed pentests support full re-run with the original wizard configuration pre-populated.
v45.1.0 2026-04-14
TRUE Pure-Python Build · Wire-Audit Clean · No-Degradation Parity Verified
  • NEW TRUE Pure-Python Build. 60+ security engines now run natively inside the sidecar with zero binary shell-outs. Every authored adapter is self-contained Python.
  • NEW Source Tree Stripped 1054 MB. Bundled tool payloads, embedded runtimes, and obsolete scripts removed from the source tree. Installer footprint shrinks dramatically while capability increases.
  • FIX Wire-Audit Clean (10/10 Gaps Closed). Every UI entry point now flows cleanly through IPC to backend, to reports, to exports. Silent surfaces and orphan routes eliminated.
  • FIX Parity Verified (9/9 Adapters, 0 Degradations). Every rewritten adapter preserves 100% of prior findings, rules, and payloads. Enhanced-scope SAST: 88 → 137 rules (+56%).
v44.32.84 2026-04-08
CDN-Only Tool Delivery · Installer Process Cleanup · Startup Crash Fix
  • NEW CDN-Only Tool Delivery. All 70+ security assessment tools are now served exclusively from phantomyerra.com/downloads. The installer no longer bundles binaries - this reduces the installer size significantly and ensures every fresh install and reinstall always pulls the latest tool versions. Tools are downloaded in parallel during first launch with real-time progress displayed per tool.
  • FIX NSIS Installer - Retry Dialog Eliminated. The Windows installer no longer shows a "Retry / Ignore / Cancel" dialog when a running process is detected during upgrade. The installer now cleanly terminates any active PhantomYerra processes before replacing files, then completes silently. Silent enterprise deployment via Group Policy and SCCM is unaffected.
  • FIX Startup Crash Fix. A race condition in the boot sequence caused an intermittent crash on systems where the scan engine initialised faster than expected, resulting in a duplicate IPC registration. This has been resolved: the boot sequence now correctly deduplicates handler registration and handles early-ready signals from the scan engine without crashing.
v44.32.83 2026-04-07
CVE Exploit Validation Engine · Campaign Mode · Real-Time Exploit Terminal · Paused Run Recovery · Performance Overhaul · Export
  • NEW CVE Exploit Validation Engine. Validates whether CVEs affecting your tech stack are actually exploitable against your specific environment. Develops working exploits using AI when no public exploit exists, and delivers the exploit script as a download alongside the finding report. Every confirmed finding includes reproducible PoC steps, business impact assessment, and specific remediation guidance. Privacy-filtered throughout: no target data or environment details ever leave your machine during AI processing.
  • NEW Campaign Mode. Run validation across your entire CVE exposure surface in a single autonomous operation. Multi-CVE validation executes in sequence with live progress tracking, pause/resume controls, and a full campaign report showing exactly which CVEs are confirmed exploitable in your environment. Scope can be narrowed to specific technologies, severity levels, or individual CVEs from your tracked exposure.
  • NEW Campaign Wizard. 4-step guided setup: Authorization confirmation → CVE Scope selection → Settings configuration → Launch.
  • NEW Real-Time Exploit Terminal. Full terminal output streams live during exploit execution. Color-coded output distinguishes phases, findings, errors, and success states. Terminal session is saved and exportable with the finding report.
  • NEW Finding Report with Exploit Download. Confirmed exploits automatically generate a professional pentest finding report - severity, evidence, business impact, PoC steps, and remediation. The working exploit script is available as a one-click download directly from the finding detail view.
  • NEW Paused Run Recovery. Interrupted validation runs can be resumed from where they stopped: no re-validation of already-completed CVEs. Global shortcut Ctrl+Shift+P pauses any active validation run immediately.
  • NEW Export: PDF, DOCX, SARIF. Validation findings and campaign reports are exportable in three formats directly from the wizard results view: ready for client delivery, internal documentation, or CI pipeline integration.
  • PERF Startup 9s → 1.5s. Main thread blocking eliminated from the boot sequence. The application window opens immediately while the scan engine initialises in parallel: no perceptible delay between launch and UI readiness. Boot time reduced from 9 seconds to under 1.5 seconds on typical hardware.
  • PERF Async Scan Engine. The scan engine now runs all tool invocations asynchronously with no blocking calls in the event loop. Concurrent operations including vulnerability sync, status checks, and org profile matching are fully non-blocking.
  • PERF Database Indexing + React Memoization. Database indexes added on all frequently queried columns. React component memoization applied across the CVE dashboard and findings list - 200+ items now render without UI freeze. Activity feed uses virtualized rendering for large datasets.
v44.32.82 2026-04-07
CVE Intelligence · Org Profile Module Gating · Company Admin Portal · Activity Audit Log · AI Key Encryption · Security Hardening
  • NEW CVE Intelligence Dashboard - License-Gated. Aggregates the live CISA Known Exploited Vulnerabilities feed, tracks exploit availability per technology in your org's confirmed stack, delivers an org-wide risk score, and renders a per-technology CVE heatmap. The control mitigation engine maps active CVEs to remediation controls. A lock icon renders on the module card for unlicensed seats.
  • NEW Org Profile / Learn My Org - License-Gated. The 6-step guided profiling wizard builds a full picture of your organization's technology environment, automatically detects your tech stack from existing scan history, and computes a live risk score preview as each step is completed. The completed profile powers targeted CVE intelligence and makes every subsequent scan context-aware from the first request.
  • NEW Company Admin Self-Service Portal. Enterprise companies can manage their own deployments independently. Company admins provision seats, assign which modules each user can access, restrict users to specific attack surfaces, and review a full activity audit log showing who scanned, what target, which surface, when, and how many findings were confirmed: no support tickets required for routine seat management.
  • NEW End-to-End AI Key Encryption. AI credentials are protected with installation-specific encryption. The encryption key is derived from unique machine identifiers at install time: the key ciphertext on one machine cannot be decrypted on any other. Keys are never transmitted in plaintext at any point in their delivery, storage, or usage lifecycle.
  • NEW Per-Seat Module Assignment. Company admins can restrict individual users to specific attack surfaces. A user configured for web-only access will see lock icons on all other surface cards and cannot launch scans outside their assigned surfaces - enforced server-side.
  • FIX IPC Handlers - Full Wiring. The audit log, platform detection, and recovery IPC channels are now fully wired and functional. Previous builds had these channels registered but unhandled, causing silent failures in audit logging and platform detection from the renderer.
  • FIX Security Hardening. BrowserWindow now launches with sandbox and context isolation enforced. The license cache file is AES-256-GCM encrypted at rest - plaintext license data no longer persists on disk between sessions.
v44.32.81 2026-04-07
Autonomous Attack Engine - 6 AI Agents · Per-Seat Licensing with Module Gates · Kill Switch · Offline Grace Period
  • NEW Autonomous Attack Engine - 6 Specialized AI Agents. The Automated AI mode now deploys a coordinated team of six specialized agents: Recon (discovers the full attack surface), Exploitation (probes and confirms vulnerabilities), Lateral Movement (chains findings into escalation paths), Active Directory (domain attack analysis), Cloud Audit (infrastructure and configuration assessment), and Report Writer (generates professional pentest narrative and remediation). Agents coordinate in real time, passing findings between stages to build a complete attack chain.
  • NEW Per-Seat Licensing with Module Gates. License validation now gates each attack surface module independently. Unlicensed modules display a lock icon and cannot be launched. Module status updates every 5 minutes in the background: no restart required when new modules are activated on your license.
  • NEW Kill Switch. License administrators can remotely deactivate a seat. The seat is locked on next license poll (within 5 minutes) without requiring physical access to the machine. The user is shown a clear notification with a support contact path.
  • NEW Offline Grace Period - 72 Hours. If the license server is unreachable, the cached license is used for up to 72 hours. After 72 hours without a successful validation, the app enters a restricted mode showing a connectivity warning. Users are never hard-locked by temporary network issues.
  • NEW Scans Hub. A unified scan management view listing all past and active scans - filterable by surface, date, severity, and status. Directly reopen findings, regenerate reports, or resume paused scans from one location.
v44.32.74 2026-04-07
License Intelligence · Scanning Access Control · Live License Polling · Bundled Tools · Smart Uninstall
  • NEW License Details Redesigned. The License page now shows your exact licensed seat details - company name, first name, last name, and seat email. Per-module execution limits displayed with used/max scan counters and colour-coded progress bars.
  • NEW Scanning Access Badge. Every session clearly shows Local Scanning Access or Global Scanning Access based on your license scope. Local mode restricts active network, DAST, cloud, and IP-based scanning to internal/private targets only. Code analysis and repository scanning are always unrestricted.
  • NEW Live License Polling - 5-Minute Background Check. Module activations, deactivations, scope changes, and AI key additions/removals take effect within 5 minutes without a restart.
  • NEW Security Tools Bundled in Installer. Key security tools now ship inside the installer: no downloads required at first launch.
  • FIX Sidecar Crash Loop - Async Fix. Blocking subprocess calls inside async generators froze the Python event loop, causing the watchdog to repeatedly kill and restart the sidecar. All blocking calls now run on a thread: the event loop stays responsive throughout tool installation.
  • NEW Smart Uninstall - Three Options. Uninstaller now offers: (1) Keep tools and data; (2) Remove tools only, keep scan data; (3) Full removal. Choice is remembered for rollback scenarios.
v44.32.69 2026-04-06
Scope Enforcement · Per-Seat Activity Dashboard · DevOps Surface · 127 Security Tools · Wizard Improvements
  • NEW LOCAL / PUBLIC Scope Enforcement. Per-seat network scope control enforced platform-wide. LOCAL seats can only target internal IPs and private hostnames. PUBLIC seats have no restriction. Enforced at both wizard launch and the scan engine layer: no bypass possible.
  • NEW Per-Seat Activity Dashboard. Drills down to individual scan rows showing target URL/IP, module used, date/time, and findings per severity. Filter by seat. Load-more pagination keeps the view fast on large datasets.
  • NEW DevOps / CI-CD Pentesting Surface. New dedicated attack surface covering secrets scanning in git history, container image vulnerability analysis, IaC misconfiguration detection, and supply chain dependency analysis. Full compliance mapping: SLSA, CIS Docker/Kubernetes, NIST SSDF, OWASP CI-CD Top 10.
  • NEW 127 Security Tools - Full Inventory. Complete tool inventory documented across 21 attack surfaces. Every tool listed with its surface, role, and invocation method.
  • NEW Wizard Improvements across all surfaces. Network wizard adds AD Domain and DC fields. Cloud wizard adds Azure Tenant ID and Kubernetes context. IoT wizard adds BLE MAC, Zigbee/Z-Wave channel fields. API wizard adds GraphQL endpoint, gRPC target, and WebSocket endpoint. DevOps wizard adds branch name and CI server URL.
  • FIX Admin portal routing bug causing an empty page resolved. Sidebar navigation improvements.
v44.32.68 2026-04-06
Freeze Fix · Silent Installer · AI Key at Boot · 19 Surface Report Sections · MSI Installer
  • FIX "Not Responding" freeze eliminated. The main window startup sequence is now fully asynchronous: the scan engine starts on a parallel thread with no blocking calls on the main thread. PhantomYerra opens instantly and stays responsive during initialization.
  • FIX Silent installer. The installer no longer shows a "Choose Installation Options" dialog. Installs silently to the default location - compatible with enterprise deployment via Group Policy and SCCM.
  • FIX AI key active before first scan. The AI key is now delivered and validated within 45 seconds of first launch via a background process. Previously the key was unavailable until after the first manual settings visit.
  • NEW 19 Surface-Specific Report Sections. Each surface generates its own dedicated report section with surface-specific finding categories, compliance framework mapping, AI narrative, and remediation table. Surfaces covered: Web, API/GraphQL, Mobile, Network/Infra, Cloud, Container, DevOps/CI-CD, SAST, DAST, SBOM/SCA, Enterprise AD, IoT, Automotive/ICS, AI/LLM, Red Team, Reverse Engineering, Robotics, Blockchain, Physical.
  • NEW Enterprise MSI Installer. An MSI package is now published alongside the standard EXE installer: supports Group Policy software deployment, SCCM/Intune push installation, and silent per-machine installation across enterprise fleets.
v44.32.67 2026-04-06
19 Surface-Specific Report Builders: DAST · Red Team · Enterprise AD · Robotics · Network · Reverse Engineering
  • NEW 19 surface-specific report builders. Each scan surface now has a dedicated report builder module that generates a structured section in the Technical Report tailored to that surface's findings, techniques, and compliance controls.
  • NEW DAST report section - active scan results, spider coverage map, OWASP Top 10 coverage matrix, and AI-written exploitation narrative for each confirmed finding.
  • NEW Red Team report section, full kill chain narrative, lateral movement path, data exfiltration evidence, MITRE ATT&CK technique mapping, and detection gap analysis.
  • NEW Enterprise AD report section - Active Directory attack path diagrams, Kerberoasting hash table (masked), AS-REP roasting results, DCSync evidence, and AD hardening roadmap.
  • NEW Network report section - asset inventory table, open port matrix, service CVE list, AD attack paths, cloud audit findings, CIS benchmark score table, and remediation roadmap.
  • Each surface section includes compliance framework table, AI-written narrative summary, severity distribution, and copy-paste remediation guidance.
v44.32.65 2026-04-06
Parallel Tool Installation · Findings Streaming · Event Log · Fast CVE Lookup
  • NEW Parallel tool installation. Security tools now install concurrently during first-run setup. Installation time on a fast connection reduced from ~8 minutes to under 2 minutes.
  • NEW Findings streaming. Confirmed findings stream to the Scan Dashboard in real time as each tool produces output, rather than appearing in a batch at scan completion.
  • NEW Event log. A structured event log records every scan phase, tool invocation, finding creation, and error event with timestamps. Accessible via Settings → Logs → Event Log.
  • PERF CVE lookup - 5ms vs 800ms. CVE-to-exploit lookup time reduced from ~800ms to under 5ms on the full 50k+ entry dataset via binary-searchable index.
v44.32.54 2026-04-06
CVE Intelligence Feed · Exploit Button · Authenticated Testing
  • NEW CVE Intelligence page, live CVE feed cross-referenced against your org's tech stack. Filter by 24h / 48h / 7d / 30d / 1yr. Tabs for CVEs, active Exploits, and CISA KEV. Summary dashboard shows critical count, KEV count, exploit-available count, and org-relevant matches.
  • NEW Exploit button - appears inline on any CVE that has an exploit or PoC available. Opens a wizard to configure target and authentication, then streams live exploitation. Confirms findings with severity, matched URL, description, remediation, and copy-ready reproduction command.
  • NEW CVE data pre-loaded before UI. Python startup phases seed and sync the full CVE database before the main window opens - threat data is available instantly on first paint.
  • FIX Authenticated testing fully wired end-to-end. Auth Vault credentials now correctly pass to every scan tool. Supported: Bearer token, API Key, Session Cookie, HTTP Basic, TOTP, SAML session cookie.
v44.32.49 2026-04-06
AI Key Delivery Fix · Silent Update Checks · Splash Minimize
  • FIX AI key delivery fixed: reads from locally stored key immediately after activation, eliminating a 20-second timeout race on first launch.
  • FIX Network errors during background update checks are now silent: no error dialogs during startup on restricted networks.
  • NEW Splash screen now has a minimize button so you can use other applications while the platform boots.
  • FIX Update check uses a 20-second timeout: the update banner never freezes the UI on slow connections.
v44.32.46 2026-04-06
Per-Module Scan Quotas
  • NEW All scan modules now enforce license-based scan quotas. A quota badge on every launch button shows scans remaining - turns amber when under 60%, red when under 40%. When quota is exceeded, a dialog blocks the scan and shows a usage progress bar with options to contact support.
v44.32.44 2026-04-06
Attack Graph · External Links · License Page
  • FIX External links to vulnerability databases, exploit repositories, and advisory sources now correctly open in the system browser.
  • NEW Attack Graph now shows a full demo attack chain on new installs before any scans are run - Discovery → Exploitation → Lateral Movement → Escalation.
  • NEW License & About page: shows license status badge, company info, AI configuration, active modules grid, and named seats table.

Related

First Launch Scan Modes Automated AI Mode CVE Exploit Validation Generating Reports License Management
© RAVI YERRA. ALL RIGHTS RESERVED.: PHANTOMYERRA HELP CENTER