3.21

What's Changed

• Improve SQLite table exist checks by @JSCU-CNI in #958
• Add support for ISO 8601 timestamps in syslogs by @JSCU-CNI in #907
• Improve cit plugin exception handling by @JSCU-CNI in #961
• Improve catroot plugin exception handling by @JSCU-CNI in #962
• Improve lnk plugin exception handling by @JSCU-CNI in #963
• Add target-diff by @JSCU-CNI in #664
• Fix Sphinx warnings by @JSCU-CNI in #942
• Strip trailing dir separator for translated file paths in ITunesLoader by @Poeloe in #952
• Parse hostname from /proc/sys/kernel/hostname by @CinisSec in #704
• Add support for Fortinet AES encrypted firmware images by @yunzheng in #969
• Remove paho from mqqt unit test by @twiggler in #967
• Fix URL-encoded filesystem entries in the Velociraptor loader by @Zawadidone in #700
• Add Unix DHCP lease file parser for target.ips by @JSCU-CNI in #965
• Make Mssql errorlog plugin more robust by @Horofic in #978
• Unify digest field names across the project by @JSCU-CNI in #982
• Continue parsing tasks after invalid Windows XML Task by @Horofic in #986
• Fix argument checks in env plugin by @JSCU-CNI in #988
• Add None checks around read_sid by @JSCU-CNI in #989
• Add New Capability Access Manager plugin by @qmadev in #979
• Add warning for OBJECT_UNUSED in journal plugin by @JSCU-CNI in #971
• Fix inconsistent duplicate field mappings in various plugins by @JSCU-CNI in #990
• Fix file header detection in open_decompress by @yunzheng in #998
• Fix crash in unix users plugins if GID or UID is empty by @wbi-ocd in #996
• Fix ANSI color prompt in target-shell by @yunzheng in #1004
• Add Windows 11 Prefetch version by @Horofic in #1005
• Don't attempt to load child targets when initial target loading fails by @JSCU-CNI in #987
• Normalize UTC timezone names for unix and windows targets by @JSCU-CNI in #1001
• Initial commit for plugin internals refactor by @Schamper in #763
• Prevent enumerating entire non-ISO formatted syslog files in is_iso_fmt by @JSCU-CNI in #972
• Add Kape VHDX loader by @qmadev in #993
• Improve compatibility checks on various plugins by @JSCU-CNI in #1008
• Attempt to load previous snapshot VMDK when missing snapshot disks by @Schamper in #1011
• Microsoft Office add-in detection by @twiggler in #966
• POC: Pure Python NFS client by @twiggler in #997
• Improve target-diff tool by @JSCU-CNI in #1014
• Add FortiGate decryption keys up to v7.0.17, v7.2.10, v7.4.6 and v7.6.1 by @yunzheng in #1016
• Move 7-Zip and WinRAR plugins to productivity namespace by @JSCU-CNI in #1017
• Fix compatibility with latest flow.record by @JSCU-CNI in #1018
• Fix sphinx docs warnings by @JSCU-CNI in #1020
• Improve Linux detection by @JSCU-CNI in #1023
• Add support for plugin directories by @Schamper in #788
• Parse recycle bins from non sysvol volumes by @Zawadidone in #1026
• Fix parent plugin namespaces by @Schamper in #1024
• Add proper datetime conversion for StartTime and EndTime in the sru plugin by @Miauwkeru in #1025
• Move tasks and defender plugin into plugin directories by @Schamper in #1028
• Add additional profile parsing to Chromium browsers by @qmadev in #1031
• Unify -L loader argument as a generic argument by @Schamper in #1033
• Revert "Fix ANSI color prompt in target-shell" by @yunzheng in #1040
• Bump the flow.record dependency to version 3.19 by @Miauwkeru in #1037
• Add Python 3.13 compatibility by @JSCU-CNI in #897
• Add exception to Kape VHDX loader by @qmadev in #1047
• Refactor unix cronjob plugin by @JSCU-CNI in #1009
• Add "alias" to FunctionDescriptor and "required" field to arguments by @JSCU-CNI in #1043
• Add support for kernel log entries in syslog by @JSCU-CNI in #1050
• Improve Linux services parsing by @JSCU-CNI in #1049
• Clean up some files by @Schamper in #1052
• Add retrieval of runtime information to plugin descriptors by @Schamper in #1007
• Sanitize linux and windows hostnames by @JSCU-CNI in #1051
• Fix compatible plugins filter by @JSCU-CNI in #1054
• Improve Android OS detection by @JSCU-CNI in #1053
• Parse Docker container environment variables by @JSCU-CNI in #1055
• Add readline ignore sequences to PS1 prompt by @yunzheng in #1041
• Add qfind plugin and tool by @Schamper in #1035
• Fix compatible plugins filter (2) by @JSCU-CNI in #1059

New Contributors

• @CinisSec made their first contribution in #704
• @qmadev made their first contribution in #979

Full Changelog: 3.20.1...3.21