Changelog

On the horizon

A look at where VirtuProbe is heading next. Plans, not promises — but this is what we’re building toward.

Code-signed installers (top priority) — signed and notarized macOS, Windows and Linux builds, so your OS stops warning on first launch. Until then, every download ships with a published SHA-256 checksum you can verify.
More authentication — mutual TLS (client certificates), OAuth 1.0a and other long-tail schemes, and automatic credential mapping when you import an API description.
Team collaboration — shared workspaces built on the new directory storage, so a whole team can work from one git-backed source of truth.
Bring your own secrets — reference credentials straight from your password manager or vault instead of storing them in VirtuProbe.
More from the mocking proxy — rewrite live requests and responses, inject faults and latency, script dynamic mock responses, and generate mock rules straight from an API description or a captured session.
Run from CI — headless, scriptable test runs with JUnit-style output you can wire straight into a pipeline.
More importers — turn network scans, security templates, API schemas, mail messages, and zone/directory files into ready-to-run probes.
Export everywhere — send your bundles back out to the standard API and capture formats.
gRPC — first-class support for gRPC services.
Freestyle protocol — a build-it-yourself protocol mode for the long tail: define a raw request/response exchange over TCP or UDP and put it straight on the wire, no dedicated module required. And if you’d rather we ship a proper module for the protocol you need, just ask — the ecosystem is built to grow.
Open to other agents — an MCP server so external AI tools can drive VirtuProbe directly, plus whole-project context for the built-in assistant.

1.2.1 Latest

A maintenance release that fixes a license-validation error at startup.

Fixed

License validation handles an unrecognised license cleanly — when the licensing service reported that a license was unknown or inactive, the app could surface an internal error during the startup license check instead of quietly falling back to the free tier. Every server response is now handled correctly, so startup stays clean and entitlements always reflect the licensing service’s actual answer.

1.2.0

The biggest release yet — an in-app AI assistant that builds and runs your tests, a complete authentication overhaul, and team-shareable workspaces.

AI assistant Free — bring your own key

In-app AI chat and agent — a built-in assistant you connect to your own model: any OpenAI-compatible endpoint (OpenAI, Gemini-compatible gateways, or a local Ollama). You bring the key; VirtuProbe never charges for tokens and your key stays on your machine.
It builds and runs your tests — ask it to create a chain or script and it will, then run it on request. Every step that writes or executes is gated behind an Approve / Reject card, with a ⚡ auto-approve toggle for when you want it to move fast.
Project-aware — it knows your active project, your tier, and which protocols you’re entitled to, and puts new work in the right place.
Hands on the workbench — it can search and import from the library, import collections (OpenAPI / Postman / Bruno / HAR and more), send a probe (resolving your environment variables), run a fuzz job, and move chains and scripts between projects.
Context-aware — attach a probe’s real request and response to the conversation, and get findings written up report-style (title · severity · target · evidence · recommendation).

Authentication

Unified credential store — HTTP authentication is now a single Credential picker. NTLM and Pass-the-Hash, previously a separate toggle, are now credential schemes alongside Basic, Bearer, API Key, Digest, OAuth2, AWS SigV4, Scripted, and SPNEGO. Secrets are stored apart from the probe and never appear in history.
SPNEGO / Kerberos for HTTP Security tier — authenticate to Kerberos-protected web services with an Authorization: Negotiate ticket obtained from the KDC for HTTP/<host>.
Project-scoped credentials — credentials can be Global or scoped to a project; new credentials default to the active project. The picker shows the active project’s credentials plus globals, and a project’s default credential is applied when a probe sets none (resolution order: chain step override → probe credential → project default).
Redesigned the New credential dialog (clearer layout, scope selector).
Auth transparency — the probe editor now shows the effective credential under the picker: name, scheme, a source chip (this probe vs project default), config values inline, and which secrets are set (masked) with a per-secret reveal on demand.
Per-run overrides — change credential config/secret values, or any {{variable}}, for a single send without editing the stored credential or saving the probe. The Variables panel also shows an effective table with each value’s source (environment < inline < this run).

Workspace storage

Directory-backed (“guerrilla”) workspace — point VirtuProbe at a folder and it stores your bundles, probes, projects, chains, scripts and environments there as plaintext files, so a team can share the workspace through its own git, Dropbox, or network share. Switch under Settings → Workspace storage; an empty folder asks whether to initialize a new workspace or clone your current one. Secrets always stay in the local encrypted store and are never written to the folder. Desktop only.

Proxy & service virtualization

HTTP interception mode — the proxy gains a second mode alongside the SOCKS5 tunnel: point a client’s http_proxy at VirtuProbe and it now terminates and parses each HTTP/1.1 request (HTTPS via CONNECT and an on-the-fly leaf certificate), so it can act on whole requests instead of raw bytes. With no rules defined it forwards transparently and still feeds the DevTools-style capture view.
Mock rules — build an ordered list of interception rules that match on method, host, path template, headers, or body (first match wins). A matching rule can return a synthetic response you define — status, reason, headers, body — without the request ever reaching the real server, so you can stand in for a service that isn’t ready yet. Rulesets are saved alongside the rest of your workspace and managed from the new Interception Rules editor in the proxy view.

HTTP & GraphQL

GraphQL requests — the HTTP probe’s Body tab has a new GraphQL mode with separate Query and Variables editors; VirtuProbe serialises them into the request and sets Content-Type: application/json for you. Existing GraphQL bodies are detected automatically, so probes round-trip unchanged.

Scripting & reliability

A real script editor — the Scripts view now has a proper code editor: Groovy syntax highlighting, context-aware autocomplete (your bundle and probe names inside vp.send(...), extractor IDs inside .extract(...), environment variables after {{, and VpProbeResult members), and live syntax checking that underlines errors as you type. Ctrl+S saves, Ctrl+Enter runs.
Scripts read responses naturally — vp.send(...) now targets the latest saved version of a probe, and results expose statusCode / headers / body directly so you can assert on them.
Tier limits enforced everywhere — running a chain or script that uses a gated protocol is now correctly licence-checked (building and saving such a chain stays allowed, so the assistant can still help you design one).
Resilient licensing — a subscription-server hiccup no longer drops a paying user to the free tier; the last validated entitlements are kept until the server is reachable again.

Interface

Project Dashboard is back in the left navigation, at the top of the drawer.

1.1.0

A big one — a new protocol, pentest-grade chains, import/export across the board, and a redesigned project workspace.

New protocols & authentication

Kerberos probe Security tier — a new probe type that talks directly to a KDC over port 88 with a hand-rolled RFC 4120 / RFC 4757 implementation (no GSSAPI, no third-party library). Three modes: credential validation (AS_REQ) with structured KDC error reporting; AS-REP Roasting for accounts with pre-auth disabled (hashcat $krb5asrep$23$, mode 18200); and Kerberoasting of any SPN-bearing account ($krb5tgs$23$, mode 13100). Hashes render on a copy-ready card; the Exchanges panel shows raw DER hex
Windows authentication in the HTTP probe — the Auth section now supports NTLM (username + password) and Pass-the-Hash (32-char hex NT hash) for IIS, Exchange OWA, SharePoint, ADFS, and any Windows Integrated Authentication endpoint; all fields support {{variables}}. New HTTP_AUTH_SUCCESS extractor for spray chains

Chains & scripting

Kerberos and SMB in chains and scripts — both can now be used as chain steps and via vp.send(...); placeholders resolve in host/auth/SPN and per-command paths. New extractors: KERBEROS_SUCCESS / KERBEROS_HASH / KERBEROS_ERROR_CODE and SMB_SUCCESS / SMB_LAST_STATUS / SMB_SHARE_LIST / SMB_FILE_CONTENT
Chain run history, comparison & JSON evidence — every run is auto-saved (up to 20 per chain); restore any past run, Compare two runs in a step-level diff, and export a run as structured JSON evidence for reports and audit trails
ITERATE: wordlists, rate control & stop conditions — drive an ITERATE step from a file on the server (one item per line); add a randomised jitter delay between iterations; stop on first success for credential-stuffing flows; and max failures to abort early

Import & export

Import Collection — generate a bundle of HTTP probes from OpenAPI 3.x / Swagger 2.0, Postman (v2.1), Bruno, HAR, .http / .rest files, or Insomnia exports; folders/tags become a nested bundle tree; provide a file, pasted text, or (OpenAPI) a URL
cURL / wget — in and out — paste a curl or wget command onto an HTTP probe’s URL field to fill it in (with Undo); and export any HTTP probe to cURL, wget, Python (requests), or PowerShell from the toolbar
Environment import & export — export an environment as a standard environment file; import standard environment exports, dotenv (.env), and Bruno environments
HTTP response diff — Compare any two entries in a probe’s history to see status, changed headers, and a line-level body diff

Bundles, projects & environments

Sub-bundle tree & project scoping — nest bundles into a tree (⋯ → Add Sub-bundle, or Move bundle); scope a bundle to zero or more projects so you only see what’s relevant. Delete a bundle (and its subtree) or Clone & Link it into a project
Redesigned project dashboard — the environment editor is now the main panel, with each environment on its own tab; linked bundles, probes, chains and scripts sit in a side panel (“Project Bundles” is now Linked Bundles). Per-environment toolbar actions: Save · Clone · Rename · Delete · Export · Import

Dashboard from the logo — the Dashboard now opens by clicking the VirtuProbe logo (removed from the menu)
Quick Help on empty screens & tidier toolbars — every empty view (Bundles, Chains, Scripts, Library, Proxy) now shows a short “how it works” panel; the Library’s Add Collection and Import all, and the Proxy’s Port, moved into the action toolbar

Pentesting library

Kerberos collection Pro tier — ready-made Kerberos probes and chains: credential validation, username enumeration, AS-REP roasting, Kerberoasting, recon, and multi-step roast/spray chains

1.0.1

UX overhaul: response panels, sidebar navigation, font settings, toolbar actions, global search, and a complete probe form redesign.

Context-sensitive toolbar — a row of icon buttons between the logo and the project selector updates based on the current view; Bundles shows New Bundle, New Probe, Save, Send, and Delete; Chains and Scripts show New, Save, Run (with a live spinner), and Delete; Proxy shows Start, Stop, Download CA Certificate, Clear, and Save as Probe
Global search — press Ctrl+Shift+F (or click the search bar in the header) to search across all projects, bundles, probes, chains, and scripts; filter by category; navigate results with ↑ ↓ and Enter
All protocol probe forms redesigned — HTTP, SMTP, IMAP, LDAP, DNS, SpamAssassin, and SMB probe forms now share a consistent three-row layout: name on the first row; connection settings and Send on the second; description and tags on the third; fields have proper gutter spacing; Save and Delete are removed from each form and handled by the toolbar
HTTP response panel redesigned — a compact status bar shows status code (colour-coded), round-trip timing, body size, and Content-Type at a glance; the body area is now a tabbed panel with a Body tab (Pretty / Raw / Preview toggle, word wrap, syntax highlighting for JSON, XML, and HTML) and a Headers tab (searchable key/value table)
SpamAssassin response panel redesigned — clean status bar with OK/Fail and Spam/Not Spam chips and score inline; matched rules as a chip group; Report and Content Analysis in a tabbed card with a shared search field; raw response in a collapsible section
Chains and Scripts: permanent sidebar — both views now have a permanent left sidebar; clicking an item opens the editor on the right without navigating to a separate screen
Project view: inline environment editor — the environment editor is embedded directly in the project view instead of opening in a dialog
Navigation sidebar: manual toggle — the drawer no longer auto-expands on hover; a toggle button at the bottom collapses or expands it and remembers the preference; tooltips appear in collapsed mode
Probe list: kebab menu — five inline action buttons per probe replaced by a single ⋯ menu on hover
Loading screen with tips — a spinner and a randomly selected product tip appear while the app is initialising
Compact footer — height reduced to 24 px; breadcrumbs rendered inline
Font settings — font size (12–16 px) and font face (Geist, Roboto, System UI) are configurable in Settings → Typography; changes apply immediately and persist
Settings dialog: sections — three labelled sections: Display, Typography, and Advanced
External links open in system browser — help, documentation, and update links open in the system browser instead of a new Electron window
Validation — inline errors in Add Probe (name + protocol required) and Add Chain / Script (name required) dialogs
Bug fix: dirty probe after delete — deleting a modified probe no longer triggers the unsaved-changes warning

1.0.0

Projects, environments, new navigation, and a complete UX overhaul.

Chains and Scripts scoped to the active project — the Chains and Scripts views now show only items belonging to the active project; switching the active project instantly refreshes both views
Environment restored on project switch — switching to a project automatically restores its last-selected environment and loads the variable values; no manual re-selection needed
New project → Chains view — creating a project sets it active and navigates directly to its Chains view so you can start building immediately
Dashboard on startup — the app always opens at the Dashboard on launch, showing the last active project’s summary and counts
Protocol picker improved — protocols in the Add Probe dialog now show as HTTP (Hypertext Transfer Protocol); the list is sorted by your most-used protocols first, then alphabetically
Project picker in the top bar — click the project chip in the app bar to switch the active project, add a new one, or open the project dashboard without leaving your current view
Environment picker in the top bar — a separate chip next to the project shows the active environment; click to switch environments for the active project in one step
Auto-setup on first launch — a “Default” project and “Dev” environment are created automatically the first time the app starts with an empty workspace
Streamlined Chains and Scripts views — the project sidebar is gone; chains and scripts are listed inline, the active project is always applied when adding new items, and clicking any item opens the editor directly
Streamlined Projects view — the project list sidebar is gone; the view shows the active project’s content directly (linked probes, chains, scripts); clicking a chain or script name opens it in the editor
Dialogs replace slide-in panels — Settings, License, Help, and Feedback now open as standard centered dialogs instead of bottom sheets with an overlay behind them
Simplified license screen — the activation form is now the only content; status details moved to the dashboard
Clickable dashboard cards — the summary tiles (Bundles, Chains, Scripts, etc.) navigate directly to the relevant view; the active-project counters do the same
Navigation reordered — menu order: Bundles · Chains · Scripts · Library · Proxy, then Dashboard · Settings · License, then Feedback · Help; Projects removed from the sidebar (accessed via the top-bar chip)
Cluster renamed to Bundle — the term “Cluster” has been replaced by “Bundle” throughout the app; existing data is migrated automatically

0.0.21

UX polish, new extractor, SPAMD and DNS in chains.

HTTP_HEADER extractor — extract any response header value by name (case-insensitive) in chain steps, alongside existing JSON path, status, and body extractors
Placeholder typo detection — single-brace {var} instead of {{var}} now surfaces a clear error with the variable name, instead of silently passing through unresolved
SPAMD and DNS as chain steps — both protocols can now be used in chains with full extractor support; DNS_ANSWER_VALUE and DNS_SUCCESS extractors included
Unsaved changes warning — navigating away from a modified probe prompts to Save, Save as copy, Discard, or Cancel; dirty state shown as a dot in the sidebar
Error propagation — backend errors now surface their actual message in the UI toast and debug panel instead of a generic failure
F12 DevTools toggle in the desktop app
Auto-select on create — newly created probes, chains, and scripts are immediately selected and ready to edit

0.0.9

Desktop app, SMB protocol, library import, keyboard navigation.

Electron desktop app — single-JAR bundle for macOS, Windows, and Linux; no separate server process needed
Automatic update notifications — the app checks for newer versions on startup and shows a prompt in the footer
SMB protocol Security tier — SMB1/2/3 probe with NTLM auth, pass-the-hash, share listing, file read/write/delete/rename, directory operations, and ACL read/write; message signing (AES-128-CMAC) and encryption (AES-128-GCM, SMB 3.1.1+)
Batch library import — import an entire library group into a bundle in one click
Keyboard navigation — arrow keys, Enter, and Delete work in the probe sidebar; no mouse required
Probe rename — rename probes directly from the sidebar

0.0.5

License system, design system overhaul, DNS, advanced chains.

License system — full Paddle integration with tier-based feature and protocol gating; Engineering and Security tiers unlock protocols, library access, fuzzing, scripting, and the MITM proxy
DNS protocol — UDP with TCP fallback; A, AAAA, MX, NS, TXT, CNAME, SOA, PTR query types; custom resolver targeting; works as a chain step
Advanced chain steps — CONDITION (Groovy expression), PARALLEL (concurrent branches), CHAIN_REF (reusable sub-chains with input/output variable mapping), and ASSERT (fail chain if value does not match)
Fuzzing Engineering tier — mark any probe field with §payload§; run a payload list and get status codes, durations, and response previews for each attempt
Design system — Phosphor icon set, Geist + Geist Mono + Chakra Petch fonts, design token layer; consistent across all protocols
Community library — 78+ ready-made probes available on the Free tier; Standard and Pro tiers add integrations (Slack, Jira, GitHub, Linear, Stripe, AWS, Azure, GCP) and pentesting collections

0.0.1

Initial release.

Seven protocols — HTTP, SMTP, IMAP, LDAP, SpamAssassin, SOCKS5 proxy (MITM), and a hand-written implementation of each against the relevant RFC; no library constraints means full fuzzing and interoperability control
Chain builder — connect probes into multi-step sequences; HTTP, SMTP, and IMAP steps; extract values (JSON path, status code, regex, constant) and pass them as {{variables}} to subsequent steps; ITERATE over lists
Groovy scripting — write scripts that call probes programmatically, extract results, and drive logic with a full JVM scripting environment
Probe history — every execution is saved with a snapshot of the probe as sent and the full response; history survives restarts
Project environments — define variable sets per project; switch between environments without editing probes
Library — browse, search, and import probes from curated collections directly into your bundles
SOCKS5 MITM proxy — route traffic through VirtuProbe and inspect every exchange in a DevTools-style stream with per-connection decompression (gzip, deflate, Brotli)