2.2.2

What's Changed

• noseyparker_scanner Rust project replaced with Golang titus_scanner project based on Praetorian's new Titus scanner by @HarmJ0y
• added evtx Windows Event Log parsing module by @HarmJ0y
• Type checker, reg parsing improvements, UI improvements by @leechristensen in #101
• Minor update to make Dapr pubsub components compliant by @aggr0cr4g in #104
• Codex skills by @HarmJ0y in #103

Full Changelog: v2.2.1...v2.2.2

2.2.1

Nemesis v2.2.1

This release includes all changes from 2.2.0 (which was not released separately) plus additional improvements.

Added

DPAPI Auto-Decryption Pipeline

• Automatic decryption of Chromium cookies, saved passwords, and Local State files
• CNG/Chromekey file parsing and decryption
• Retroactive decryption when plaintext masterkeys are submitted
• New nemesis_dpapi support library with Postgres backend and Dapr pubsub integration

Large Container Processing

• Support for disk images and large archive processing
• File monitoring for containers at MOUNTED_CONTAINER_PATH with automatic extraction
• Live container tracking in the dashboard

AI Agents & Triage

• Expanded agent infrastructure with JWT validation, finding triage, and text translation
• LiteLLM integration with cost limits and Arize Phoenix tracing
• Triage consensus scoring with confidence and risk details
• UI for editing agent prompts and viewing token spend

New Enrichment Modules

• prefetch - Windows Prefetch file parsing
• ccache - Kerberos credential cache parsing

Frontend

• Chromium page with history, downloads, cookies, logins (filtering + CSV export)
• File Browser for navigating collected files
• DPAPI viewer and submission pages
• Drag/drop folder uploads

Claude Code Integration

• CLAUDE.md project file for AI-assisted development
• /new-enrichment-module skill for rapid enrichment module development
• Proper GitHub issue templates

Changed

• Enrichment modules converted to async with shared DB pool and LRU caching
• Dapr pubsub components converted to task queues for improved scaling
• Bumped Dapr to 1.16.1, updated state store to Postgres v2
• CLI --repeat renamed to --times (defaults to 1)

Fixed

• Race condition when NoseyParker/DotNET findings arrive after workflow completion
• Proper entropy handling for DPAPI blob decryption
• Path normalization bugs and duplicate normalization
• Queue/workflow persistence with proper RabbitMQ restoration
• Various async issues and security dependency updates

Nemesis 2.0.0

Complete, nearly ground-up rewrite of the 1.0 branch.

• Almost too many things to count.
• k3s support dropped (for now) for Docker for more rapid development
• General-data-modeling approach abandoned to focus (for now) solely on file enrichment
  • MASSIVELY simplify the data schema: just file and file_enriched
• Droped rarely-used, performance heavy functionality (NLP embedding models, top 10k password cracking, etc.)
• Eliminated Elasticsearch, relying solely on Postgres for final data storage.
• Heavy Dapr integration including Dapr workflows for durability + tracing
• Completely new, custom React dashboard (dropping Streamlit)
• Introduced "findings" and "transforms" concepts emitted from process files
• Alerting generalized with Apprise
• New alerting/logging/tracing infrastructure (Loki, Jaeger, etc.)
• Dynamic Yara rule deployment
• Dropped S3 support (for now) - solely local Minio for datalake
• Dropped Protobufs for increased flexibility
• cli now Docker based
• Production now building + publishing via GitHub actions/workflows
• Customized Nosey Parker Rust service
• Several file enrichment modules added
• Jupyter notebooks added

Nemesis v1.0.1

Nemesis v1.0.1 release

Nemesis v1.0.0

Nemesis v1.0.0 release

Nemesis v0.1.0

Nemesis v0.1.0 release