Releases: akshaydotweb/HunterTrace
Releases · akshaydotweb/HunterTrace
HunterTrace v1.2.3
What's Changed
- Fix ARC validation wiring and restore auth output by @akshaydotweb in #18
- Fix/ouput by @akshaydotweb in #19
Full Changelog: v1.2.2...v1.2.3
Contributors
akshaydotweb
Assets 4
HunterTrace v1.2.2 — ARC Chain Validation & Forwarding Detection
- Added cryptographic ARC chain validation (AMS/AS verification) with upstream auth extraction
- Forwarding classification now uses ARC results to reduce false spoofing
- Exposed ARC signals and failure details for explainability and scoring
- Version bumped to 1.2.2 in project metadata and docs
HunterTrace v1.2.1 — DKIM Verification + SPF/DMARC Alignment
This release adds real DKIM cryptographic verification (DNS key fetch, body/header validation, signed header checks) and stronger SPF/DKIM/DMARC alignment validation, including ARC-aware handling for forwarded mail. These upgrades improve tampering detection and spoofing vs. legitimate relay differentiation.
Highlights
- DKIM: actual signature verification and tamper detection
- SPF/DMARC: alignment validation with policy outcome
- ARC-aware handling for forwarded messages
HunterTrace 1.2.0 - Phase 0: Attacker Technique Profiler — Pre-Attribution TTP Fingerprinting and Enhanced Header Integrity Analysis
Major Feature: Phase 0 — Attacker Technique Profiler
- Introduces a new "Phase 0" to the HunterTrace pipeline, running before IP classification.
- Profiles attacker techniques using MITRE ATT&CK TTPs, providing early insight into adversary behavior.
- Computes header integrity scores to detect forged Received: chains and discount unreliable signals.
- Detects passive attribution blocking (e.g., ProtonMail/Tutanota) and escalates canary token deployment when needed.
- Surfaces real sender IP leaks from webmail/phishing kits, with confidence scoring.
- All findings are propagated to downstream pipeline stages for improved attribution and response.
Improvements
- Thorough test coverage for Phase 0 via a dedicated test suite (test_p0.py).
- Documentation and codebase organization updated to reflect the new pipeline stage.
- Version bump and packaging fixes for PyPI and GitHub compliance.
Fixes
- Packaging and distribution issues resolved for PyPI.
- Consistent versioning across all packaging files.
What's Changed
- v1.1.2: Comprehensive technique audit — fix imports, remove dead code, improve backtracking by @akshaydotweb in #13
- Fix/v1.1.2 technique audit by @akshaydotweb in #14
Full Changelog: v1.1.1...v1.2.0
Contributors
akshaydotweb
Assets 4
HunterTrace v1.1.1 — Geolocation Accuracy Fix
Fixes
- ipinfo.io URL bug — was returning caller's IP instead of target IP
- ISO country code resolution — ipinfo.io returns "BR" not "Brazil"; added ~90-country mapping
- ipwho.is IPv4 fallback — added as second fallback (was IPv6-only)
- API timeouts — increased from 4–5s to 10s across all endpoints
- AttributeError —
attacker_geo.isp→.providerin pipeline - Bayesian attribution — flattened priors, added country aliases, fixed DE→Sweden bug, force Unknown on no-match
Install
pip install --upgrade huntertrace
HunterTrace v1.1.0
HunterTrace v1.1.0
What's New
- 7-stage email forensic attribution pipeline
- Bayesian attribution engine with confidence scoring
- VPN/proxy backtracking with real-IP extraction
- Campaign correlation across multiple emails
- Interactive attack graph visualisation
- CLI:
huntertrace analyze,batch,campaign
Install
pip install huntertrace