Skip to content

Releases: sanmaxdev/SentinelDeck

SentinelDeck 2.2.2

Choose a tag to compare

@sanmaxdev sanmaxdev released this 29 Jun 15:56

Adds python -m sentineldeck as a PATH-independent way to run the CLI. If pip install does a user install and you see sentineldeck: command not found (or "not recognized" on Windows), the package is fine — its Scripts directory just isn't on PATH. Run python -m sentineldeck scan example.com, or install with pipx install sentineldeck which sets up PATH for you.

SentinelDeck 2.2.1

Choose a tag to compare

@sanmaxdev sanmaxdev released this 29 Jun 15:26

Fixes a crash in sentineldeck dashboard when its port is already in use or blocked by the OS (e.g. Windows error 10013). It now falls back to a free port — and finally an OS-assigned one — and prints the address it actually bound, so the dashboard always starts.

SentinelDeck 2.2.0

Choose a tag to compare

@sanmaxdev sanmaxdev released this 29 Jun 15:17

SentinelDeck now scans IP addresses as well as domains, and turns a single target into real exposure, vulnerability, and footprint intelligence — all passive, all keyless. This release bundles everything from 1.2.2 through 2.2.0.

Scan IPs, not just domains (2.0.0)

  • The search box and sentineldeck scan accept a domain, a bare IP (v4/v6), or a URL, and auto-detect which it is.
  • For an IP: geolocation + ASN, network allocation via RDAP (owning org, CIDR, abuse contact), reverse-IP hosted domains, reverse DNS, reputation, TLS, and HTTP. Private/reserved IPs run only the locally reachable surfaces.

Exposure + CVE intelligence (2.1.0)

  • Shodan InternetDB (free, keyless) for the host's open ports and known CVEs — returned passively, without scanning the target.
  • CVEs are cross-referenced with the CISA Known Exploited Vulnerabilities catalog, so actively-exploited ones are flagged and scored.
  • SaaS footprint: the vendors a domain leaks through its TXT/SPF/MX records, decoded into a readable profile (Microsoft 365, Google Workspace, Atlassian, Shopify, Stripe, Jamf, and more).

Network footprint mapping (2.2.0)

  • From the resolved host, the owning ASN and every announced prefix (via RIPEstat) — one domain or IP reveals the organisation's whole routed IP estate, with the total IPv4 address space.

Dashboard (1.3.0)

  • A live telemetry console streams each surface as it runs, with a short result summary, an elapsed clock, and a blinking cursor.
  • Masonry card layout so a tall card no longer stretches its neighbours; new cards for exposure/CVEs, SaaS footprint, network allocation, reverse IP, and ASN footprint.

Reliability (1.2.2)

  • A single failing probe can no longer abort a scan — every surface degrades on its own.
  • Added type checking (mypy), coverage gating, and a headless dashboard-render check to CI.

Full details in the CHANGELOG.

SentinelDeck 1.2.1

Choose a tag to compare

@sanmaxdev sanmaxdev released this 28 Jun 20:37

Patch release.

Fixed

  • The dashboard could hang on "scanning" after a scan finished, because a card renderer was missing. Restored it, and a render error now shows a message instead of leaving the page stuck.
pip install -U sentineldeck
sentineldeck dashboard

SentinelDeck 1.2.0

Choose a tag to compare

@sanmaxdev sanmaxdev released this 28 Jun 20:21

A redesigned web dashboard.

Changed

  • New terminal-style dashboard theme: monospace type, a grid-divided layout, and square corners.
  • Dark / light mode toggle that remembers your choice.
  • A security-posture radar (TLS, email, DNS, headers, surface, trust) and a server-location map drawn from continent outlines with a coordinate pin.
  • Clearer active-scan toggle; removed the per-finding checkboxes.

Fixed

  • Faster scans: typosquatting uses a short-timeout resolver for its bulk lookups, and the certificate-transparency and archive lookups retry for less time, so one slow source no longer stalls the scan.
pip install -U sentineldeck
sentineldeck dashboard

SentinelDeck 1.1.0

Choose a tag to compare

@sanmaxdev sanmaxdev released this 28 Jun 18:54

Dashboard depth: matches and exceeds comparable tools on the same domain.

The dashboard is now a complete data view, not just a findings list.

Added

  • Full DNS records (A/AAAA/MX/NS/SOA/TXT), raw HTTP headers, cookies, social tags with an Open Graph image preview, robots.txt rules, sitemap pages, linked domains, security.txt, and a server-status card with response time.
  • TLS connection detail: cipher suite, ALPN, forward secrecy, and certificate serial / SHA-256 fingerprint / extended key usage.
  • Reverse DNS host names, a server-location map, DNS blocklist checks (Cloudflare, Quad9, AdGuard, and more), and Cross-Origin-Resource-Policy / Embedder-Policy headers.
  • A "Passes" roll-up showing what the domain gets right, and an active-scan toggle in the dashboard.

All of this on top of what SentinelDeck already does and comparable tools do not: a risk grade, copy-paste fixes, a remediation simulator, subdomain-takeover, vulnerable-JS, cloud-bucket exposure, and typosquatting detection.

pip install -U sentineldeck
sentineldeck dashboard

SentinelDeck 1.0.0

Choose a tag to compare

@sanmaxdev sanmaxdev released this 28 Jun 18:28

First stable release.

SentinelDeck turns a domain into a risk grade, prioritised findings, and a copy-paste fix for each, across DNS, email authentication, HTTP, TLS, certificate transparency, technology fingerprinting, infrastructure intelligence, and threat intelligence. Passive by default; an opt-in --active mode adds a port scan.

Highlights since 0.6.0

  • Web dashboard (sentineldeck dashboard): a local, browser-based UI that runs the scan with live progress and renders it as a grid of cards, now with an interactive remediation simulator that recomputes the grade as you tick fixes.
  • Infrastructure intel: IP geolocation + ASN/hosting, full redirect chain, WAF/CDN detection, robots.txt, sitemap.xml, link analysis, social meta tags.
  • Threat intel: typosquatting / lookalike-domain detection, malware/phishing reputation, Wayback archive history.
  • TLS depth: protocol enumeration and a Mozilla-style config grade.

Everything is zero-dependency beyond cryptography/dnspython, and pip install stays self-contained (no Node build).

pip install -U sentineldeck
sentineldeck dashboard

SentinelDeck 0.6.0

Choose a tag to compare

@sanmaxdev sanmaxdev released this 28 Jun 17:51

The web dashboard.

Run sentineldeck dashboard and a local, browser-based UI opens. Enter a domain and the same passive scan runs with live progress streamed to the page, then renders as a grid of cards: the grade, findings with copy-paste fixes, technology stack, TLS, email authentication, DNS, subdomains, security headers, domain registration, and cloud storage.

  • Built on the Python standard library (no new dependencies; the install stays self-contained).
  • Bound to 127.0.0.1 only — never exposed to the network.
  • --port to change the port, --no-open to skip opening the browser.

Upgrade:

pip install -U sentineldeck
sentineldeck dashboard

SentinelDeck 0.5.0

Choose a tag to compare

@sanmaxdev sanmaxdev released this 27 Jun 11:32

Passive recon and fingerprinting.

Added

  • Technology fingerprinting: identifies the CMS, framework, web server, CDN, and analytics from the homepage (headers + HTML), with versions where detectable. The detected stack shows in the scan summary and JSON report.
  • Vulnerable JavaScript detection: flags known-vulnerable library versions (jQuery, Bootstrap, lodash, moment, AngularJS, Vue 2, DOMPurify) from script tags, each with an advisory and an upgrade fix.
  • Cloud-storage exposure: finds S3, Google Cloud Storage, and Azure Blob buckets referenced on the site and flags any that allow public listing (high), with a provider-specific lock-down fix.
  • Passive-DNS subdomain source (HackerTarget) merged with certificate transparency for broader attack-surface coverage.

Upgrade:

pip install -U sentineldeck

SentinelDeck 0.4.0

Choose a tag to compare

@sanmaxdev sanmaxdev released this 25 Jun 18:28

HTTP header depth plus a much richer terminal experience.

Added

  • HTTP security-header depth: CORS misconfiguration (a wildcard origin with credentials is flagged high), Referrer-Policy quality, HSTS preload eligibility, cookie SameSite, and Cross-Origin-Opener-Policy. Each ships a copy-paste fix.
  • Live scan progress: each surface (DNS, TLS, HTTP, email, certificate transparency) is reported as it finishes, on stderr so piped output stays clean.
  • A red ASCII-art SENTINELDECK banner on the home screen.
  • New commands: checks lists every check, explain <finding-id> prints the copy-paste fix for a finding, and version.
  • scan now writes HTML/score-card/badge output directly (--html, --svg, --badge) and prints the absolute path of every file it saves.

Upgrade:

pip install -U sentineldeck