From 294c7cbf84258290ead3ee0e6f0aff270ce895f0 Mon Sep 17 00:00:00 2001 From: nox-project Date: Wed, 15 Apr 2026 12:22:05 +0200 Subject: [PATCH] release: v1.0.3 - Fix Avalanche Engine: paste pattern identifiers now harvested as pivot seeds - Bump version to 1.0.3 --- CHANGELOG.md | 5 +++++ README.md | 2 +- build_deb.sh | 4 ++-- nox.py | 2 +- pyproject.toml | 2 +- sources/helpers/scanner.py | 7 +++++++ 6 files changed, 17 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f842dbd..018b0af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ All notable changes to NOX are documented here. +## [1.0.3] — 2026-04-15 + +### Engine +- **Fixed:** Recursive Avalanche Engine — identifiers extracted from paste content (`paste["patterns"]`) were not being harvested as pivot seeds. Bare emails and other identifiers found in IntelX paste bodies that lacked a `:password` separator were silently dropped from the pivot queue. All `scrape_res["pastes"]` pattern matches are now fed into `_extract_ids_from_text` and reinjected consistently with `credentials`, `telegram`, and `dork_misconfigs`. + ## [1.0.2] — 2026-04-14 ### Sources diff --git a/README.md b/README.md index 7e42a52..df34969 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ **Cyber Threat Intelligence Framework** -[![Status](https://img.shields.io/badge/Status-v1.0.2-success)](https://github.com/nox-project/nox-framework/releases/tag/v1.0.2) +[![Status](https://img.shields.io/badge/Status-v1.0.3-success)](https://github.com/nox-project/nox-framework/releases/tag/v1.0.3) [![Python](https://img.shields.io/badge/Python-3.8%2B-blue?logo=python&logoColor=white)](https://www.python.org/) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE.txt) [![Kali Linux](https://img.shields.io/badge/Kali%20Linux-Ready-557C94?logo=kalilinux&logoColor=white)](https://www.kali.org/) diff --git a/build_deb.sh b/build_deb.sh index a81b6d0..fb866d1 100755 --- a/build_deb.sh +++ b/build_deb.sh @@ -1,10 +1,10 @@ #!/usr/bin/env bash set -e -# NOX v1.0.2 — .deb build script (FPM) +# NOX v1.0.3 — .deb build script (FPM) # Requires: fpm → gem install fpm -VERSION="1.0.2" +VERSION="1.0.3" PKG_NAME="nox-cli" ARCH="all" OUT_DIR="dist" diff --git a/nox.py b/nox.py index af817f2..76eaca3 100644 --- a/nox.py +++ b/nox.py @@ -150,7 +150,7 @@ except Exception: VERSION = _sp2.check_output(["dpkg-query", "-W", "-f=${Version}", "nox-cli"], stderr=_sp2.DEVNULL).decode().strip() or VERSION except Exception: pass -BUILD_DATE = "2026-04-14" +BUILD_DATE = "2026-04-15" # ── Smart Path Layout ────────────────────────────────────────────────── HOME_NOX = Path.home() / ".nox" diff --git a/pyproject.toml b/pyproject.toml index 2ed74c3..19f591e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "nox-cli" -version = "1.0.2" +version = "1.0.3" description = "Advanced Asynchronous Cyber Threat Intelligence Framework" readme = { file = "README.md", content-type = "text/markdown" } license = { text = "Apache-2.0" } diff --git a/sources/helpers/scanner.py b/sources/helpers/scanner.py index 5ed699b..e71f856 100644 --- a/sources/helpers/scanner.py +++ b/sources/helpers/scanner.py @@ -362,6 +362,13 @@ class AvalancheScanner: for val, vqtype in _extract_ids_from_text(raw, exclude=asset): if vqtype in _PIVOT_TYPES: new_ids.append((val, vqtype, "scrape", ref)) + for paste in (scrape_res or {}).get("pastes", []): + ref = f"paste:{paste.get('id', paste.get('site', 'paste'))}" + for matches in (paste.get("patterns") or {}).values(): + for m in (matches or []): + for val, vqtype in _extract_ids_from_text(str(m), exclude=asset): + if vqtype in _PIVOT_TYPES: + new_ids.append((val, vqtype, "scrape", ref)) for tg in (scrape_res or {}).get("telegram", []): ref = f"t.me/{tg.get('channel','')}" for val, vqtype in _extract_ids_from_text(tg.get("text", ""), exclude=asset):