Changelogs » Brunnhilde

PyUp Safety actively tracks 232,000 Python packages for vulnerabilities and notifies you when to upgrade.



* A new simpler syntax for calling Brunnhilde: ` source destination`. The old API (` source destination basename`) is officially deprecated but will continue to be supported for API stability.
  * New stylings for the HTML report, which no longer require Bootstrap or any external JavaScript or CSS dependencies. This removes the need for an internet connection or for caching asset files locally.
  * A new properly-formatted "Virus report" section of the HTML report with its own link in the navigational bar.
  * Improved "Duplicates", "Warnings", and "Errors" sections of the HTML report.
  * Improving terminal logging, using Python's built-in `logging` module.
  * Better handling of output directories. If the output directory already exists, Brunnhilde will now quit with a warning unless the`-o/--overwrite` option is provided.
  * Support for running `bulk_extractor` on windows.
  **New features**
  * The new `--stdin` and `--csv` options enable Brunnhilde to use a Siegfried CSV file as input from either piped stdin or a file, respectively, if the source being analyzed is a directory (issue 1).
  * The new `--hfs_partition` and `--hfs_fsroot` options enable users to specify a partition number or POSIX path to `unhfs` to specify which files should be extracted from HFS disk images (issue 45, with thanks to Brian Dietz, NCSU Libraries, for submitting the issue).
  * The new `--regex` option enables users to pass a user-supplied regular expressions file to `bulk_extractor` which can be used to search for custom patterns (with thanks to Joe Carrano, MIT Libraries,
  * Close connections before deleting the sqlite database (
  * Empty CSV files are no longer written to the `csv_reports` directory.


* Adds `-v` or `--verbosesf` argument which enables verbose Siegfried logging to the terminal during scanning. This addresses and should make it easier for users to tell the current status of the Siegfried scan for larger sources.


* Addresses [Issue 38]( by:
  * Replacing the `wget` Python module with `requests` (removing the cryptic "-1/unknown" terminal output and improving handling of downloads)
  * Adding `--save_assets` and `--load_assets` arguments that allow users to cache and retrieve the HTML report's Bootstrap CSS and JavaScript dependencies at a local filepath of their choosing, removing the need for an internet connection to use Brunnhilde. Previously, Brunnhilde HTML reports linked out to CDNs to render correctly; this was seen to be a preservation risk. The default behavior remains for Brunnhilde to download its Bootstrap dependencies from the Brunnhilde Github repository on each run.
  * Renames the `assets` directory to hidden directory `.assets`.
  * Fixes buggy formatting in display of Social Security Numbers found by bulk_extractor in the Brunnhilde HTML report.
  * Renames the "PII" section of the Brunnhilde HTML report to "SSNs", more accurately reflecting the content being displayed, which is currently only Social Security Numbers. Other features found by bulk_extractor can be found in the `bulk_extractor` output directory.


* Changes to HTML report: now named `report.html`; CSS updated to Bootstrap 4; significant stylistic changes.
  * All CSS and JS requirements for the HTML report are now downloaded locally rather than being linked from CDNs (unfortunately, at this time this means you need an internet connection at the time you run Brunnhilde).
  * SQLite database is now removed by default at end of processing. `-k` and `--keepsqlite` arguments were introduced to give users the option to retain the database.


Bugfix release.
  * Adds error handling for UnicodeDecodeErrors when writing Siegfried CSV files into the SQLite database.
  * Adds error handling for OSErrors when determining file size for files whose filepath is invalid (behavior noticed with trailing spaces in file names and similar naming issues).


* Adds "-l"/"--largefiles" option to support ClamAV scanning of large source directories and files


**Operating system support:**
  * Adds Windows support for reporting on directories (disk images, virus scanning, and bulk_extractor not yet supported in Windows)
  * Expected location for HFSExplorer on macOS changed to /usr/local/share/hfsexplorer to account for System Integrity Protection (reported by Brian Dietz)
  **Functional changes:**
  * DFXML created using fiwalk for non-HFS disks in -d mode
  * '--hash none' option allows user to skip generation of checksums in Siegfried, changes reports accordingly
  * Users now have option to extract AppleDouble resource forks from HFS disk images
  **Bug fixes:**
  * Infected files warning no longer appears if ClamAV is not properly installed and user forgets to choose '-n' option to skip virus scanning


Bug fix release:
  * Fixes list indexing of tsk_recover options (reported by Brian Dietz)
  * Fixes failures caused by single quotes in filepaths (reported by farrell)


* Adds ability to specify ssn_mode for bulk_extractor (defaults to ssn_mode=1)


* Adds size formatting in HTML report for sources that are >1 TB large
  * Adds additional tsk_recover functionality for disk images:
  * Option to choose to extract only allocated files
  * Options to specify disk image type, file system type, and sector offset
  * Adds 5px margin to body of HTML report
  * Adds some basic integration tests (TO DO: more integration and unit tests)
  * Adds sample data directory for tests


* Fixes bug related to scanning of empty dirs


- Fixes bug where null bytes in Siegfried-generated CSV prevented import to SQLite database


- Supports relative paths for source and destination


- Adds file and pip packaging
  - Code refactor to fit code into a main() function


- Improves regex handling of PUIDs to write links to PRONOM pages for all PUIDs, including those listed as potential options for unidentified files


New features:
  - User can now choose hash algorithm (md5, sha1, sha256, sha512)
  - Siegfried warnings no longer printed to HTML report by default  (this is to keep report size reasonable. To include Siegfried warnings in this report, pass the -w or --showwarnings flags to Brunnhilde)
  - New, more readable display of duplicate files in HTML report
  - Python 2 and 3 compatible (tested with 2.7 and 3.5)


Replaces deprecated PRONOM URIs


- Important bug fixes re: spaces in file paths and bulk_extractor


- Various bug fixes
  - Virus scan results now written to HTML report
  - Functionality when viruses found changed to better integrate with Brunnhilde GUI


- Adds 'destination' argument for compatibility with [Brunnhilde GUI](


- Default clamAV virus scan (thanks to Kevin Powell)
  - Optional bulk_extractor scan (thanks to Kevin Powell)
  - Additional bug fixes related to spaces in file paths
  - Improvements to HTML output (improved CSS/table formatting, improved provenance information and statistics, links to PRONOM format pages from tables, added bulk_extractor PII report)
  - Reorganization and renaming of other file outputs
  - Changed final argument from filename (e.g. "MyFolder.csv") to identifier (e.g. "MyFolder")


- Bug fix: No longer throws error when receiving filepaths with spaces as input


New features:
  - Disk images (including HFS disks) can now be used as input
  - Added better provenance information about scan to HTML report
  - Now works with Siegfried 1.5.0


- Brunnhilde now outputs a recursive tree.txt report of source directory
  - "uniqueyears" csv output now deleted after being used to generate aggregate stats for HTML report


- Added provenance information (source of files, Siegfried version used) and improved aggregate stats in HTML output


- Improved header and aggregate stats in HTML output


- Fixed bug related to counting of duplicate files in aggregate stats


- Added aggregate stats to HTML report


- Fixed bug related to valid SQLite table names


- Refactored code
  - Files generated now all sent to a shared folder
  - CSVs now sent to shared sub-directory
  - Added HTML report
  - Still only compatible with Siegfried versions 1.0.0 to 1.4.5 (i.e. not yet compatible with version 1.5.*)