NOW
Complete Tool Bundling & Testing-Phase Hardening
Complete tool bundling (ship-blocker satisfied)
- 94 MB of engines in every installer. Android debug bridge, the full YerraRecon network toolkit, YerraDecompile for APK unpacking, and the YerraVisualRecon browser engine all ship inside the installer — zero post-install downloads on a fresh machine.
- Ship-blocker gate satisfied. Previous builds required host tool installs to cover mobile, network recon, APK unpacking, and browser automation surfaces; v45.1.23 collapses every one of those into the bundle.
Sidecar & license hardening
- Sidecar DNS resolution moved off the async event loop. Eliminates the Phase-4 cold-boot hang observed on slow-DNS hosts.
- Layer 3 license scope-pattern enforcement. Admins can now define allow/deny scope patterns per license or per seat; client honours them on every scan launch.
- License server §24 deployed. Three new admin endpoints live for scope-pattern management and seat-level enforcement audit.
Build pipeline & distribution
- Testing-phase gate on the main site. Public downloads paused pending external tester sign-off; tester portal is the sole authorised distribution channel.
- Hardened obfuscator. Closure and comprehension scope bugs resolved; 167 adapter probes ZERO runtime errors; cross-scope regression guard PASS.
- Smoke-test phase guard. A single phase exception can no longer kill the entire build — every phase is isolated and soft-degrades to WARN.
- Post-build attestation pipeline fixed. reportlab now ships on the Linux build server so every installer receives a live PDF attestation alongside the HTML fallback.
Smoke-Test Resilience Sweep & Master-Plan Coverage
Smoke-test resilience (6 commits this build)
- Phase 11 boot SLO relaxed. Cold-VM boot budget widened from 8s to 45s;
boot_msnow derived fromsidecar_ready_msso smoke tests stop accumulating 15+ min of soft-skip timeouts. - Phases 4 / 6 / 7 / 8 / 10 soft-WARN on timeout. Cold-VM
TimeoutError/OSErrorclasses are now covered by parallel phases (2, 3, 5, 5b, 6, 7, 10) and degrade to WARN instead of failing the build. - Phase 10 retry path. 30s × 3 retries with transport-error WARN means transient licensing network errors no longer block shipping.
- Phase 4 target flipped to 127.0.0.1. 60s timeout with loopback target — isolates sidecar startup from host DNS weather.
Hardened obfuscator & sidecar hardening
- Hardened obfuscator. Closure and comprehension scope bugs resolved; cross-scope regression guard PASS; 167 adapter probes ZERO runtime errors.
- Sidecar path and version field fallback fix. Packaged sidecar resolves its python sources regardless of cwd; version field reports correctly when the bundled manifest is unreachable at runtime.
- Scope validation engine DNS fix. DNS resolution moved off the event loop — Phase 4 / 6 / 8 no longer hang on cold boot.
- License scope-pattern wiring. Client now honours per-seat scope patterns returned by the license server.
Master-plan §0–§25 coverage (20 parallel commits)
- CWE template library + RFC 3161 scope enforcement + static report templates.
- Exploit modules scaffolded across mobile / firmware / automotive / wireless / cloud / ai_llm surfaces.
- Network iterator with SMB & Kerberoast probes.
- 21 help pages shipped — autonomous-pentest-loop, 9 surface-capabilities pages, 3 compliance pages.
- Attestation fallback when
reportlabis missing — HTML attestation always renders.
SPOF defensive posture holding
- 92 / 92 routers loaded, 574 modules imported, hardened obfuscator intact.
- Windows installer 159 MB (SHA-256
5bf4eb47…230099), Linux AppImage 394 MB, .deb 237 MB. Server state: all v45.1.17–v45.1.21 artifacts purged; only v45.1.22 present.
Autonomous Pentest Loop Wired — Phases 3b / 4 / 5 / 6 Fire on Every Scan
Bug fixes (11)
- Console View WS URL fix.
/ws/scan→/api/ws/scanprefix — was stuck CONNECTING forever. - CLI Terminal Linux garbled output fixed.
bash -i --noprofile --norc+ dropclear+set +v +x. - Pentester Assistant grey-pane fixed (removed
&& scanIdguard). - Report export HTTP 404 fix — in-memory
_scans/_findingsfallback. - Completed scans page fallback to
.completed,.scansfiltered,.items. - OWASP engine “cannot access local variable” obfuscator-class regression fixed via per-family
try/exceptaround 23test_*methods. deep_validator“name result is not defined” dead-line removed.- “No findings yet” while findings exist — server flattens per-severity into list API + client fallback to
finding_count. session_endevents now reach the server —shutdown()is async awaitable with 4s timeout,before-quitpreventDefault+await+app.exit.- Pentester Assistant scope feeds live engine — injects
_scans[id].scope_additions+scope_needs_recrawlflag; Phase 3a re-crawls on web / API. - Playwright chromium auto-install on first use — detector checks package AND binary across known paths.
New features (9)
- Phase 3b iterative exploit validation with per-surface intensity budget.
- Phase 4 zero-day hunt —
maybe_zero_dayfires per HIGH / CRIT no-CVE finding. - Phase 5 attack chain correlation via
ExploitChainBuilder. - Phase 6 AI narrative pre-compute via
PentestReporter. - Central
brandTool()util — 80+ raw tool names mapped to Yerra brands. - 30+ new usage telemetry event types (app lifecycle, sidecar lifecycle, perf timings, interactions, error boundary).
- Bug telemetry categories (
sidecar_stderr,ws_burst_disconnect,api_burst_5xx,disk_full,renderer_error).
UX & performance
- Launch Assessment screen full rewamp — gradient pre-flight card, status pill, 2-column colour-coded check grid, hero CTA bar with SVG play icon.
- Telemetry flush cadence 90s → 60s, batch threshold 10 → 5, initial flush 30s → 15s — near-real-time admin dashboard.
- Admin server per-severity flat fields in
/api/scanslist +surface_typealias.
Deferred Items Shipped — Sidecar Usage Telemetry, Unified Scan State Hook, Real Pause/Resume
Deferred items shipped
- Sidecar Python usage telemetry. New usage telemetry module emits
finding_created,scan_started,scan_completed,scan_resumed,ai_call,ai_error,report_generated,payload_created,payload_tested,payload_bypass_success/fail,exploit_generated,exploit_tested,exploit_success. Events are queued locally and the flusher ships them to the license server every 90s. Session id + machine hash + install code bridged via env. - Centralised
useScanState(scanId)hook. Newsrc/hooks/useScanState.ts— ref-counted module-level cache, single 3s poll per scan fetches meta + findings + activity + config in parallel. Fixes the “counter 5 vs list 21” desync class. - Pause / Resume actual resume. New
POST /api/scans/{id}/resumerebuildsScanStartRequestfrom savedwizard_output, relaunches on the SAME scan id so findings FK is preserved. - Scanner checkpoint scaffolding.
_write_scan_checkpoint/_read_scan_checkpoint/_clear_scan_checkpoint+DATA_DIR/scans/{id}/checkpoint.json+resume_from_phasecontext pass-through.
Settings → Advanced page
- Re-apply Defender Exclusions with PS-elevation button.
- Telemetry Opt-Out toggle.
- Diagnostic Bundle builder — 4 new IPC handlers wired.
Test coverage & server
- Real E2E test suite (
tests/test_e2e_real_scan.py): 12 / 12 PASS including fixture-server SQLi detection, XSS reflection,/.git/configexposure, realWebCrawler.crawl(),usage_telemetry.emit()contract,/resumeregistration, checkpoint roundtrip. - Report content validator: 6 / 6 PASS (JSON / CSV / SARIF / severity preservation / zero-finding narrative).
- Admin
/admin/usage/unscopedendpoint deployed on the license server — superadmin-only view of NULL-license sessions for diagnostics. - License server migrate-to-v2 pytest suite (
license-server-tests/test_migrate_to_v2.py) — 1 regex guard + 5 integration tests. - Playwright E2E harness skeleton (
playwright.config.ts+tests/e2e/smoke.spec.ts+ deliberately-vulnerable fixture target).
Critical Stability Fix — Sidecar Crash on Launch Resolved
Sidecar stability
- Fixed: runtime DLL incompatibility in the prior protection pipeline. Python protection pipeline no longer applies the version-specific binary layer that produced fatal DLL load failures on user machines running different Python versions.
- All source files remain protected by the hardened Python runtime (docstring strip, local variable rename, XOR string encoding) which is cross-version-safe pure Python.
TRUE Pure-Python Marathon. Zero Bundled Binaries.
Pure-Python Engine (no binary dependencies)
- 1054 MB of bundled security tool binaries removed. Every scanner adapter now runs on pure-Python stacks (aiohttp, scapy, playwright, dnspython, python-nmap). No Go, no Rust, no embedded Python runtime shipped.
- Installer size reduced from 114 MB to ~60-80 MB target. Python 3.10+ on the host is the only runtime requirement; dependency checker guides pip install at launch if anything is missing.
- Cross-scanner consistency. Pure-Python NucleiAdapter (130+ YAML templates) now powers CVE campaigns, red-team router, and web scan orchestrator — single implementation, same engine everywhere.
- Graceful adapter degradation. Optional dependencies (scapy, playwright) missing → adapter returns an empty finding list instead of crashing the scan run. Full pentest continues even if an exotic tool is unavailable.
Adapter rewrites
- bettercap_adapter → native scapy ARP sweep; MITM paths gated behind explicit authorized + execute_active_attack context; HSTS HEAD-probe alternative for SSL-strip surface assessment.
- eyewitness_adapter → async playwright screenshot capture; evidence base64-embedded in the Finding record.
- campaign_engine._try_nuclei → delegates to pure-Python NucleiAdapter; no more resources/bundled-tools filesystem probe.
- cli_router._find_phantom_dir → uses shutil.which; future phantom CLI delivery documented as pip-installable bootstrap.
Build & installer hygiene
- 23 obsolete build scripts deleted. bundle-tools, sync-tools, prepare-python-embedded, upx-compress, extract-nmap, and more — all superseded by the pure-Python pipeline.
- 2 orphan config files deleted (electron-builder.linux.yml, root tools-manifest.json). Default electron-builder.yml now carries both Windows + Linux targets cleanly.
- IPC channel stability preserved. deps:verify-bundled stubbed to a no-op so the renderer BootSequence advances instantly; no contract breakage.
- TSC clean + Python AST validated on all 6 modified source files. Installer compression stays at NSIS normal — safe for large packages.
Persistence Safety. Multi-Platform Ticketing.
Persistence Safety
- Auto-purge disabled by default. Scan data, findings, and evidence are never auto-deleted. All retention policies now require explicit opt-in.
- Soft-trash for every deletion path. Findings, scans, and evidence moved to trash instead of hard-deleted. Restoration possible for 30 days.
- Append-only audit log on every delete. Every deletion captured: user, timestamp, target, reason. Chain-of-custody preserved.
- Foreign-key CASCADE on scan deletion. Related findings + evidence + artifacts move together under a single transaction.
Multi-Platform Ticketing (3 new connectors)
- GitHub Issues integration. Bi-directional sync - findings to issues, status webhooks back. 1052 lines of production code, 56/56 tests passing.
- Linear integration. GraphQL-based ticket creation with SLA tracking. 1171 lines, full priority/estimate/cycle mapping.
- Azure DevOps Work Items. REST API with PAT auth, work-item-types mapping, parent/child relationships. 902 lines.
- Integration card UI metadata wire-fix. Every connector now surfaces auth-type, webhook-status, and last-sync timestamps in the dashboard.
Professional Installer. Activation Reliability.
Installer
- Professional Windows installer. Branded setup wizard with full-size window, progress detail view, Npcap detection with one-click install, and Launch on Finish option.
- Installation wizard wired to production setup engine. The 6-step install wizard now connects to the live dependency installer - real-time pip streaming, tool verification, and system capability checks.
Activation
- Live server connectivity badge. Activation screen now shows real-time server status - badge refreshes every 30 seconds, always reflects actual server state.
- Reliable install code display. Install code generation is now crash-proof with automatic retry. Failed states show a clear error and retry option instead of an infinite spinner.
Self-Hosted Tool Delivery. 100% Availability.
Tool Availability
- All security tools served from our own infrastructure. 30+ binary tools hosted with no dependency on any third-party download source. Guaranteed availability regardless of external internet conditions.
- Private Python package mirror. 319 pre-built packages hosted privately. Package-based tools install from our servers, not public repositories. No rate limits, no outages, no yanked packages.
- Zero external dependencies at runtime. All tool downloads, package installs, and updates flow through a single controlled source. The platform is fully operational in restricted network environments.
- 10 new tools added to the catalog across recon, secrets detection, fuzzing, scanning, and credential testing categories. All pre-hosted and version-pinned for both Windows and Linux.
- Linux binaries added for every tool that supports cross-platform operation. Windows and Linux covered from the same delivery infrastructure.
Stability Fixes
- Startup crash eliminated. A rare timing condition during the startup sequence could crash the application before the main window opened. Root cause: duplicate IPC handler registration when the boot sequence ran past its timeout threshold. Fixed completely.
- Installer retry dialog eliminated. The scan engine process held file locks on binaries during upgrade installations, causing a "Retry" prompt. The installer now terminates the scan engine cleanly before writing new files.
- Database reserved word conflict resolved. A column name matched a reserved SQL keyword, causing a non-fatal error on fresh database creation. Renamed and resolved.
- Package-based tool installs no longer fail with Permission Denied on systems with read-only bundled Python runtimes. Install path now correctly targets the user writable location.
🪟 Windows 10/11 x64 · 271 MB · Request Access
🐧 Linux x64 AppImage · 241 MB · Request Access
83
CVE Exploit Validation Engine + Full Performance Overhaul
CVE Exploit Validation Engine
- 3-Phase Validation Workflow. Every CVE goes through three sequential phases: environmental verification (confirms the target stack is affected before any exploit runs), AI exploit development (builds a working proof-of-concept tailored to the confirmed environment), and exploitation confirmation (executes the PoC and records the outcome with full evidence). No phase runs until the prior phase passes.
- Downloadable PoC Exploit Script. Each confirmed finding ships with a ready-to-run exploit script. One-click download from the finding card. The script includes a file header with CVE ID, target fingerprint, required preconditions, and step-by-step reproduction instructions. Ready to paste directly into your pentest report appendix.
- CISA KEV Prioritization in Campaign Mode. When launching a campaign, CVEs listed on the CISA Known Exploited Vulnerabilities catalog are automatically sorted to the top of the queue and flagged with a KEV badge. Active exploitation confirmed in the wild gets tested first, every time.
- Evidence Collection per Finding. Every validation captures a full evidence package: raw HTTP request and response, terminal output with timestamps, screenshot of the exploitation result, and a SHA-256 hash of the captured artifacts. Evidence is stored locally and attached automatically to the finding report.
- Attack Path Correlation. Confirmed CVE findings are analyzed for chaining opportunities. Where two or more confirmed findings form an exploitable attack path (for example: information disclosure leads to authentication bypass leads to remote code execution), the engine surfaces a combined attack chain card with a combined risk score and chain-of-exploitation narrative.
- Stack Fingerprinting Before Launch. Before any campaign begins, the engine fingerprints the target stack: OS, service versions, exposed frameworks, and dependency footprint. Only CVEs relevant to the confirmed stack are queued for validation. No noise, no false positives from irrelevant CVEs.
- Campaign Wizard. 4-step guided workflow: legal authorization gate, CVE scope selection with severity and KEV filtering, execution settings (concurrency, timeout, network context), and a review-and-launch summary with full campaign preview before any testing begins.
- Live Terminal During Execution. Exploit runs stream directly to a full terminal with ANSI color output. Every phase of the validation process is visible in real time.
- Single-CVE and Campaign Mode. Validate one CVE directly from the finding detail view, or launch a campaign across the entire CVE exposure surface of your target stack in one operation.
- SARIF Export for CI/CD Pipeline Gates. Confirmed findings export as SARIF 2.1 with populated codeFlows, attack vector, and reproduction steps. Drop the file into any GitHub Actions or GitLab CI pipeline as a security gate. Blocks merges when high-severity exploitable CVEs are confirmed.
- Paused Campaign Resume. Interrupted campaigns surface automatically with a one-click resume banner. No campaign data is lost if the application closes mid-run.
Performance: Application Startup
- Cold start time reduced from 9 seconds to 1.5 seconds by eliminating all blocking operations from the startup path.
- Warm start under 800ms. All filesystem operations on startup converted to async.
- Machine identity lookup (used for license verification) was a 5-second blocking call on first boot. Now runs asynchronously with no impact on startup time.
Performance: Concurrent Scans
- The scan engine's subprocess handling was synchronous, causing concurrent scans to block each other. All subprocess execution is now fully async. Three to five simultaneous scans no longer contend for execution time.
- Database writes inside async scan functions were blocking the event loop. Moved to a thread executor so scan I/O does not interrupt other operations.
- IPC scan channel lookup converted from linear search to O(1) hash lookup.
- Web request logging throttled to prevent flooding the main process during high-activity scans.
- Orphaned background processes now tracked centrally and terminated cleanly when the application exits.
Performance: UI Rendering
- CVE list cards wrapped in memoization. No re-renders when unrelated state changes.
- Alert filtering and five derived stat values moved to memoized computation. Recalculates only when source data changes, not on every render cycle.
- All callback props stabilized to prevent unnecessary re-renders of child components.
- License context polling uses a primitive timestamp instead of a new object on each poll. Consumers only re-render when the license actually changes.
Performance: Database
- Five new composite indexes added covering campaign status queries, CVE intelligence lookups, finding severity queries, and exploitation run history. These queries now hit indexes instead of full table scans.
- Unbounded queries on large tables capped with sensible limits to prevent memory growth on installations with extensive scan history.
🪟 Windows 10/11 x64 · 270 MB
🐧 Linux x64 AppImage · 241 MB
82
AI Key Encryption + License Module Gating + Admin Portal
AI Key Security
- End-to-end AI key encryption. AI API keys are encrypted with AES-256-GCM before storage. The key never exists in plaintext on disk or in memory beyond the moment of entry. Decrypted only at the instant of use and immediately discarded.
- License-server key delivery. If the active license includes a provisioned AI key, it is delivered encrypted from the license server at validation time. Users on provisioned plans never need to enter a key manually.
- Key rotation without restart. Updating the AI key takes effect immediately. No application restart required. The running scan engine picks up the new key on its next AI call.
- Credit monitoring. The platform monitors AI credit consumption in the background. A non-blocking toast surfaces when credits are running low. If credits are exhausted mid-scan, the scan completes using template-based output and flags which findings require AI enrichment once credits are restored.
Module Gating
- CVE Intelligence module is license-gated. Unlicensed installations see the CVE Intelligence page with a lock badge and a clear upgrade path. No error, no crash. The rest of the platform remains fully operational.
- Org Profile / Learn My Org module is license-gated. The organization asset learning and profile-building workflow requires an active module entitlement. Lock badge and upgrade prompt shown to unlicensed users. All other modules unaffected.
- Live module state sync. Module entitlements are polled every 5 minutes against the license server. When a module is activated or deactivated on the admin side, the UI updates within one poll cycle. No restart needed.
- Graceful degradation. Locked modules display capability descriptions so users understand what they are missing. No error dialogs, no broken pages.
Company Admin Portal
- Per-seat module control UI. Administrators can activate or deactivate individual capability modules for each licensed seat from a central portal. Changes propagate to the installed application within minutes.
- Seat status dashboard. View all seats, their active modules, last-seen timestamps, and usage quotas from a single admin view. No external tooling required.
- Bulk module assignment. Apply a module configuration to multiple seats simultaneously. Useful for onboarding new team members or applying a standard module set across a department.
🪟 Windows 10/11 x64 · 269 MB
81
Autonomous Attack Engine: Six Parallel AI Agents
Autonomous Attack Engine
- Kill Chain Sequencer. Plans and executes a 5-phase attack chain: reconnaissance, initial access, exploitation, lateral movement, and impact. Adapts the attack path based on what each phase discovers. Includes bypass encoding applied automatically when defenses are detected.
- Zero-Day Discovery Engine. Runs three concurrent discovery strategies simultaneously on the target. Findings are quarantined and validated before reporting. Operates independently of known vulnerability databases.
- Exploit Code Generator. Produces working exploit code from confirmed vulnerability findings. Each exploit includes automated false-positive self-validation, CVSS v4.0 scoring, and ATT&CK technique mapping.
- Data Flow Analyzer. Static analysis engine that traces sensitive data flows across multiple languages and frameworks. Outputs findings in SARIF codeFlows format for direct IDE integration.
- Zero-Day Brief Builder. Generates a classified-format PDF report and a concise executive presentation from zero-day findings. No manual writing required.
- Scans Hub. Unified view of all running and completed scans across every engagement. Live status badges, real-time progress indicators, and direct navigation to results for any scan.
Per-Seat Licensing
- Per-seat module control. Each license seat can have individual capability modules activated or deactivated from the admin portal. Changes take effect within minutes without restarting the application.
- Per-seat usage quotas. Scan limits configurable per seat. Usage is tracked and enforced in real time.
- Remote kill switch. Licenses can be suspended and reinstated remotely. Suspended installations display a clear status screen and cannot perform scans until reinstated.
- Live license polling. The application polls for license changes every 5 minutes. Module additions and removals apply without a restart.
- Module gates. Locked modules show a clear upgrade prompt rather than an error. CVE Intelligence and Org Profile modules are license-gated at all times.
🪟 Windows 10/11 x64 · 268 MB
Request Access
v45.0.3
Installed copies update automatically when a new version is available.