← Back to Home

Changelog

Updates, new features, and improvements

v1.2.4April 3, 2026Latest

Intelligence Integrity Audit

  • Fixed 7 deprecated or broken API key validation methods in the API Key Checker, including FCM (shut down July 2024), Calendly v1, Travis CI, GitHub client auth, and Instagram Basic Display API
  • Fixed broken ProjectDiscovery Chaos snippet that pointed to a removed URL, corrected Nuclei concurrency flag, and removed defunct data sources from recon commands
  • Verified accuracy of all 76 API key validators and 100+ recon snippets against official documentation
  • Corrected Heroku validation to use a read-only endpoint instead of one that created resources
  • Audited and corrected WAF bypass techniques, CVE data, vulnerability hunting locations, and misconfiguration payloads
v1.2.3March 27, 2026

Pipeline Stability & Performance

  • Fixed a critical issue where organization scans could produce zero results due to DNS saturation during the validation step
  • ShuffleDNS now uses targeted resolve mode during DNS validation instead of brute-force, reducing queries from millions to only the discovered subdomains
  • Adjusted per-tool timeouts so slower tools like WAF detection, port scanning, and service fingerprinting complete reliably instead of being killed early
  • Live scan results now stream in batches every 3 seconds instead of individually, keeping the UI responsive even during 500K+ result scans
  • Lightweight polling during active scans: the frontend fetches only result counts instead of full datasets, reducing network overhead from megabytes to bytes
  • New system health check: Auto-Recon now verifies that all recon tools are installed and DNS resolution is working when you open the page, showing a warning banner if anything is wrong
  • Scan Intelligence analysis with AI-powered briefing for completed scans
  • General stability improvements for sequential scan execution
v1.2.2March 21, 2026

Security Hardening

  • Improved license validation and integrity checks
  • Single-target scans now enforce strict hostname filtering on all URL-producing tools to prevent out-of-scope results
  • Added performance advisory in Auto-Recon configuration for users running large-scale scans
  • General security improvements and bug fixes
v1.2.1March 17, 2026

Auto-Recon Complete

  • Single-target scan is now live, completing the full Auto-Recon cycle: organization scan to map the attack surface, domain scan to go deep on priority targets, and single-target scan for focused analysis on a specific host
  • Nuclei fingerprinting expanded to ~3800 templates covering technologies, misconfigurations, exposures, admin panels, and TLS/SSL issues
  • AI Briefcase for single-target scans generates a 10-phase attack methodology with Nuclei findings, parameter classification, security header analysis, and chain-building instructions
  • General bug fixes and security improvements
v1.2.0March 15, 2026

Advanced AI Briefcase

  • Domain scan is now available in Auto-Recon, completing the first two stages of the recon workflow: organization scan to map the full attack surface, then domain scan to go deep on individual targets
  • The intended workflow: run an org scan, export the AI Briefcase into Claude Code to identify priority targets, then run a domain scan on those targets and export a second briefcase for focused testing
  • AI Briefcase now generates a 10-phase attack methodology tailored to each scan type instead of a generic brief
  • Domain briefs include directory bypass techniques for 403 responses, parameter fuzzing tables with classified attack types and quick-win payloads, and JavaScript file analysis instructions
  • Organization briefs include subdomain takeover deep dive for S3, Azure, GitHub Pages, and Heroku, service-specific port testing for 12 common services, cross-host lateral movement, and GitHub credential recon
  • New phase: Chain Hunting with instructions for combining findings into higher-impact attacks such as XSS to account takeover or open redirect to OAuth theft
  • New phase: Authentication and Session Testing covering JWT analysis, OAuth/SSO, 2FA bypass, and password reset attacks
  • New phase: HTTP Infrastructure Attacks covering request smuggling, cache poisoning, and WAF bypass with automated detection of ALB, CDN, and WAF in your scan data
  • New phase: Business Logic Testing covering race conditions, price manipulation, rate limiting, and state manipulation
  • Contextual attack suggestions that adapt to your detected tech stack such as Amazon ALB, Cloudflare, and specific frameworks
  • ParamSpider integration for automated parameter discovery and fuzzing targets in domain scans
v1.1.1March 14, 2026

AI Briefcase & Smart Recon Export

  • New AI Briefcase: select scan results, export a structured Markdown brief, and paste it into Claude Code for AI-assisted vulnerability hunting
  • The exported brief includes 5-phase instructions (verify, enrich, analyze, generate, report), data tables, high-value signals, and full scan context
  • Dual checkbox system on result rows: violet checkboxes for AI Briefcase, emerald checkboxes for Export to Reconnaissance
  • Export to Reconnaissance allows you to send selected results directly to a program's asset inventory with smart type mapping
  • Select All / Deselect All per tool for both AI Briefcase and Recon export
  • Legend strip on expanded tool groups so you always know what each checkbox does
  • Floating action bars at the bottom of the screen for quick export and clear actions
  • New subdomain permutation step in Organization scans powered by Alterx
  • ShuffleDNS resolves permutations against DNS to find hidden subdomains that passive sources miss
  • Port scanning is now included in all intensity levels, not just balanced and aggressive
v1.1.0March 12, 2026

Auto-Recon Engine

  • New Auto-Recon section with a fully automated reconnaissance pipeline
  • Organization mode runs 15+ tools in sequence to map an entire attack surface from a single domain
  • Subdomain enumeration with Subfinder, Assetfinder, and Findomain running in parallel
  • DNS validation with ShuffleDNS to brute-force and verify discovered subdomains
  • DNS enrichment with DNSx, CDNcheck, and TLSx for records, CDN/WAF detection, and certificate analysis
  • HTTP discovery with HTTPx to identify live hosts, technologies, and response data
  • Passive endpoint harvesting with Waymore, GAU, Waybackurls, and SubJS
  • Smart filtering that deduplicates and removes noise from collected URLs before re-validation
  • Real-time result streaming so you see findings as they come in
  • Scan history with full results persistence and session comparison via scan diff
  • Domain and Single Target modes are coming soon
  • Auto-Recon is available in multi-panel mode so you can scan while using other sections
v1.0.1March 8, 2026

Bug Fixes & Improvements

  • General stability improvements and minor bug fixes
v1.0.0March 5, 2026

Initial Release

  • All-in-one workspace for bug bounty hunters with 39 features
  • Program management, vulnerability tracking, and report building
  • Reconnaissance organization and attack surface mapping
  • Built-in security tools: encoder, scanner, wordlist generator, and more
  • Research hub with vulnerability guides and hunting methodology
  • Visual workflow builder and whiteboard for planning
  • Focus mode, achievements, mental health tracking
  • 100% local, 100% private. All data stays on your machine

How to Update

Run these commands to update your Bug Bounty Center to the latest version. Your data is preserved automatically.

$ docker compose pull
$ docker compose up -d