Skip to content

Releases: Rootless-Ghost/SnortForge

v1.2.0 — Multi-Content Chaining, Snort 3 Output, Performance Scoring

22 Mar 01:30
@Rootless-Ghost Rootless-Ghost
v1.2.0
208e98f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.2.0 — Multi-Content Chaining, Snort 3 Output, Performance Scoring Latest
Latest

What's New

Multi-Content Rule Support

  • Chain multiple content matches with independent modifiers (depth, offset, distance, within)
  • Each block has its own nocase, negated, HTTP URI, and HTTP Header controls
  • Primary match (blue) and chained matches (purple) visually distinct

Snort 3 Syntax Output

  • Toggle between Snort 2 and Snort 3 in the live preview
  • Sticky buffers (http.uri, http.header), space-separated modifiers, detection_filter
  • Export respects the toggle

Rule Performance Scoring

  • 8-criteria scoring engine (0–100 with letter grades)
  • Content match quality, positional modifiers, flow state, network scope, PCRE efficiency, threshold config, metadata quality, general hygiene
  • Actionable optimization tips

Other

  • Updated README with full feature documentation
  • Content block spacing improvements
Assets 2
Loading

v1.1.0 — Detection Options Tooltips & UI Overhaul

21 Mar 18:35
@Rootless-Ghost Rootless-Ghost
v1.1.0
862fd32
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.1.0 — Detection Options Tooltips & UI Overhaul

What's New
Inline Help Tooltips
Hover-activated ? icons throughout the Rule Builder that explain each field without leaving the page. No more guessing what depth vs offset vs distance vs within does — or the difference between limit, threshold, and both.
Tooltips added to:

Detection Options — Content Match, Negated Match, Nocase, HTTP URI, Depth, Offset, Distance, Within, PCRE, and all PCRE flag checkboxes
Flow Options — established, to_server, to_client, from_server, from_client, stateless
Threshold — Type (with limit/threshold/both breakdown), Track, Count, Seconds

HTTP URI Content Modifier
New HTTP URI checkbox in Detection Options. Adds Snort's http_uri keyword to restrict content matching to the request URI only — better performance and fewer false positives for web application attack detection.
PCRE Flag Checkboxes
Individual checkboxes for common PCRE flags instead of manually typing /pattern/flags:

nocase /i — Case-insensitive matching
dotall /s — Dot matches newlines
multiline /m — ^ and $ match per line
extended /x — Whitespace ignored in pattern

Flags auto-build into the PCRE string. Full /pattern/flags format still works if typed manually.
Visual Overhaul

Amber field labels — Warm contrast against the dark theme for better readability
White card titles — Clean, high-contrast section headers
White input values — Typed text pops against dark input backgrounds
Amber tagline — Header subtitle matches the new label color scheme
Descriptive placeholders — Number fields now show context hints (e.g., "Bytes from start", "Bytes to skip")

No Breaking Changes

All existing rules, templates, imports, and exports work exactly as before
No new Python dependencies — all changes are frontend (HTML/CSS/JS)
Backward compatible with existing SnortForge JSON project files

Files Changed

snortforge/templates/index.html — Tooltips, HTTP URI checkbox, PCRE flags, version bump
snortforge/static/css/style.css — Amber/white color scheme, tooltip styles, PCRE flags row
snortforge/static/js/app.js — HTTP URI support, PCRE flag auto-build logic, form state management

Loading