This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!
This release includes many bug fixes and performance improvements, as well as new features:
- External Tool interface was refined and improved. There is now a GUI which allows users to upload their own tool, serve it locally or from an external URL and retrieve tools from GitHub releases.
- Added a standalone
velociraptor.exe guicommand. This automatically creates a frontend/client and brings up the GUI. Useful for demos or to just write some VQL in the browser without having to install first. - Added support for OSQuery - simply collect the
Windows.OSQuery.Genericartifact. Velociraptor will take care of uploading the osquery binary to the endpoint and converting output to VQL for further processing. - Implement row limits and total upload limits on artifact collections. When collecting an artifact from the endpoint, if it returns too many rows or uploads too many bytes then it will be cancelled to protect server stability.
An example of the new Tools UI is below - we can upload a substitute version of the tool in the browser, serve locally (all endpoints download the tool from the Velociraptor server) or serve from upstream directly.
As always please file issues on the bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord
Known issues
- The command
velociraptor debian serverwas broken in the 0.4.9 release - please use 0.4.9-1 to fix.