Links

Release Notes

All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[5.0.3] - 2023-02-20

  • Fix Invoke-Kerberoast with etype 17 or 18 (@AdrianVollmer)
  • Add 3.11 support, bump Dockerfile to 3.11, bump Debian install to 3.8.16 (@Cx01N)
  • Update the GitHub actions to remove usages of deprecated ::set-output function (@Vinnybod)
  • Update plugin submodule references post 5.0 branch merges (@Vinnybod)

[5.0.2] - 2023-02-14

  • Fix the test that detects errors loading modules (@Vinnybod)
  • Allow empty user id and username on the task API (@Vinnybod)
  • Rename module_slug to module_id for tasks for consistent naming on the api (@Vinnybod)
  • Add a shebang to the checkout-latest-tag.sh script (@xambroz)

[5.0.1] - 2023-02-04

  • Fixed the uniqueness check for MariaDB (@Vinnybod)
  • Fixed redirector issue with parent listeners (@Cx01N)
  • Added exception for agent task when server is initializing (@Cx01N)
  • Fixed listener menu displaying error when viewing options (@Cx01N)
  • Starkiller sync process now attempts to pull the ref from the remote (@Vinnybod)
  • Auto-merge private-main to downstream main branches using a label (@Vinnybod)
  • Fixed error in IronPython agent when running PowerShell tasks (@Cx01N)
  • Fixed issue adding comms twice to stageless python agents (@Cx01N)
  • Updated Redirector to Port Forward Pivot (@Cx01N)
  • Updated to Mimikatz 2.2.0-20220919 (@Cx01N)
  • Add Ruff linter and pre-commit hook (@Vinnybod)

[5.0.0] - 2023-01-15

  • Added Starkiller as an integrated web app (@Vinnybod)
  • Added full MySQL support (@Vinnybod)
    • MySQL is the new default
    • Database type can be changed by setting database.use in config.yaml or environment variable DATABASE_USE
    • SQLite is still supported
    • The Docker image still defaults to SQLite, but can be changed to MySQL by modifying the config.yaml or setting the environment variable DATABASE_USE=mysql.
  • Added v2 API (@Vinnybod)
  • Added autogenerated docs for v2 API (@Vinnybod)
  • Added stageless options for agents (@Cx01N)
  • Added clear window command to client (@Cx01N)
  • Added mouse_support to client (@Cx01N)
  • Added RunOF module to support COFF/BOF execution (@Cx01N)
  • Added new database table for files (@Vinnybod)
  • Added server-side storage of stagers (@Vinnybod)
  • Added new listener object is created for each listener instead of using a shared state (@Vinnybod)
  • Added listener, agent, and task hooks (@Vinnybod)
  • Added db session to hooks (@Vinnybod)
  • Added global obfuscation config and removed from config table (@Vinnybod)
  • Added authors to bypass endpoints (@Vinnybod)
  • Added a help command to the client to print the full doc string of a function. such as help shell or help script_import (@Vinnybod)
  • Added --literal flag that can be used on shell commands that forces the agent to execute the command literally, ignoring any built-in aliases that exist such as for whoami or ps (@Vinnybod)
  • Updated plugins endpoints and options (@Vinnybod)
  • Updated authentication to use JWT auth instead of basic auth (@Vinnybod)
  • Updated to MITRE ATT&CK v11 for sub-technique and tactic support (@Cx01N)
  • Updated SOCKS & Chisel plugins for 5.0 (@Cx01N)
  • Updated socketio emit to be async (@Vinnybod)
  • Updated hooks to handle sync or async functions (@Vinnybod)
  • Updated authors to have name, handle, and link for modules, listeners, stagers, and plugins (@Vinnybod)
  • Updated Dockerfile for better caching (@Vinnybod)
  • Updated agent.py to extract logic for sleep duration and lazily calculate file sizes (@lavafroth)
  • Moved keyword_obfuscation config property under database defaults (@Vinnybod)
  • Moved obfuscate and obfuscateCommand defaults under database.defaults.obfuscation (@Vinnybod)
  • Restructured all the 'common' code (@Vinnybod)
  • Converted reports to a plugin (@Cx01N)
  • Converted generate_agent module to stager (@Cx01N)
  • Removed malleable.Profile from listener options (@Cx01N)
  • Removed old REST API (@Vinnybod)
  • Removed old WebSocket API (@Vinnybod)
  • Removed socketport since socketio runs on the same port as the API (@Vinnybod)
  • Removed AFTER_AGENT_STAGE2_HOOK and replaced with AFTER_AGENT_CHECKIN_HOOK (@Vinnybod)
  • Removed last seen time for users since it could cause db locking issues (@Vinnybod)
  • Removed pydispatcher (@Vinnybod)
  • Removed prompt line from server (@Vinnybod)

[4.10.0] - 2023-01-03

  • Updated agent model for consumer methods to use the info property (@lavafroth)
  • Debian 11, Ubuntu 2204, and ParrotOS Support (@Vinnybod)
  • Add a "-y" option to the install script and fixed a bunch of formatting (@ajanvrin)
  • Fixed issues with stripping comments from Python code and executing certain Python modules (@Jackrin)
  • Added C# Crypto Miner module (@Cx01N)
  • Added PSRansom module (@Cx01N)

[4.9.0] - 2022-11-29

  • New CI/CD Process (@Vinnybod)

[4.8.4] - 2022-11-26

  • Fixed #540 PydanticModule object has no attribute 'info' in API module search (@lavafroth)
  • Fixed agent/server module version check (@Jackrin)

[4.8.3] - 2022-11-11

[4.8.2] - 2022-11-11

  • Updated crontab method to work with python3 (@Cx01N)
  • Updated linux_privesc_check to work with python3 (@Cx01N)
  • Fixed mistakes in README.md (@Cx01N)
  • Removed unused class in python agents (@Cx01N)

[4.8.1] - 2022-10-30

  • Added container structure test to CI (@Vinnybod)
  • Added a fallback checkout that doesn't use a token (@Vinnybod)
  • Revamped README.md (@Cx01N)
  • Simplified Dockerfile install process (@lavafroth)
  • Fixed crashing issue with IronPython agent (@Cx01N)
  • Fixed infinite loop output stream for csharpserver plugin (@dwilson5)
  • Fixed querying stale and active agents (@lavafroth)

[4.8.0] - 2022-08-30

  • Updated compiler to .NET SDK 6.0 (@Hubbl3)

[4.7.3] - 2022-08-20

  • Added SANS 565 to README (@Cx01N)
  • Fixed error when entering empty line into client (@Cx01N)
  • Fixed Dropbox listener staging issue (@Cx01N)
  • Fixed OneDrive listener staging issue (@Cx01N)

[4.7.2] - 2022-08-20

[4.7.1] - 2022-07-29

  • Fix write_dllhijacker.yaml script_path reference (@kevNii)

[4.7.0] - 2022-06-25

  • Update Python version on Dockerfile (@Vinnybod)
  • Add Python 3.10 to CI tests (@Vinnybod)
  • Add a resource file command to the client (@Vinnybod)
  • Add PowerShell and C# to IronPython modules (@Cx01N)
  • Add ChiselServer, SocksProxyServer plugin as a submodule (@Cx01N)
  • Fixed Sharpire download function (@Cx01N)
  • Fixed spawnas to work with new bat file format (@Cx01N)
  • Fixed tasking error for IronPython launcher executable (@Cx01N)
  • Remove some python dependencies (@Vinnybod)
  • Make tkinter import failure a warning instead of a fatal error (@Vinnybod)

[4.6.1] - 2022-06-10

  • Use a BC-Security fork of Donut to resolve a python 3.10 issue (@Cx01N)
  • Update reflective pick dlls (@Hubbl3)

[4.6.0] - 2022-05-24

  • Added Certify C# module (@Cx01N)
  • Added embedded VNC client and launcher (@Cx01N)
  • Added obfuscate option to C# payloads (@Hubbl3)
  • Added global obfuscation to C# modules (@Cx01N)
  • Added -BasicParsing to .bat launcher (@X0RW3LL)
  • Added obfuscation to bat launcher for HTTP and HTTP COM (@Cx01N)
  • Added option to enable/disable JA3 evasion (@Cx01N)
  • Added JA3 evasion technique to Malleable HTTP (@Cx01N)
  • Added option to client config to remove borders on tables (@Cx01N)
  • Updated staging for agents (@Cx01N)
  • Updated confuser to confuserex 2 (@Cx01N)
  • Fixed nim install on Ubuntu by using choosenim installer (@vinnybod)
  • Converted reset.sh script to Python and add tests (@Vinnybod)
  • Add a --reset flag to the client (@Vinnybod)

[4.5.5] - 2022-05-07

  • Fixed http bug in malleable, http-com, and onedrive listeners (@Cx01N)
  • Updated jq to 1.2.2 to avoid install errors (@Cx01N)

[4.5.4] - 2022-04-26

  • Fixed typo from 4.5.3 with the bypass database model (@Vinnybod)

[4.5.3] - 2022-04-24

  • Fixed issue where default_response is needed for external/generate_agent (@Cx01N)
  • Added check if bypass language is compatible (@Cx01N)
  • Added error message formatting for listeners and stagers (@Cx01N)
  • Added zip to the Dockerfile which is necessary to create ms files such as docx (@junquera)

[4.5.2] - 2022-04-12

  • Fix string format errors in dbx listener (@awsmhacks)
  • Fix script_end error in schtasks.py (@harry-cmdzero)
  • Add workflows for doing the public releases (@Vinnybod)
  • Pull out common code from listeners to a listener_utils module (@Cx01N)
  • Fix missing script_path and fix variable references in service_stager and service_exe_stager (@harry-cmdzero)

[4.5.1] - 2022-03-27

  • Fixed empire_config yaml property to include fields that don't exist on the config object (@Vinnybod)

[4.5.0] - 2022-03-27

  • Updated changelog to use Keep a Changelog (@Vinnybod).
  • Added tests for listener launchers (@Vinnybod).
  • Add a step to run the test suite on the Docker image itself (@Vinnybod)
  • Removed .plugin from the black configuration (@Vinnybod)
  • Removed random caps from backdoorlnk (@Cx01N)
  • Added html files for listener responses (@Cx01N)
  • Converted server config to a typed class (@Vinnybod)
  • Add keyword obfuscation to the config.yaml (@Vinnybod)
  • Fix proxy_creds variable name in bypassuac (@Cx01N)
  • Updated launcher_bat to use web request for launcher (@Cx01N)
  • updated malleable profiles with banzarloader (@Cx01N)
  • Added C# execution modules (@Cx01N)
  • Add tests for launcher code (@Vinnybod)
  • Split ls/dir command line to get the first element for ls/dir command (@CyrilleFranchet)
  • Updated lastwritetime on ls/dir command (@CyrilleFranchet)
  • Fix script_end variable on privesc/ask module (@CyrilleFranchet)
  • script_import will upload a file from the client's machine (@Cx01N)

[4.4.1] - 2022-03-06

  • Fixed agent generation with custom headers (@Hubbl3)
  • Fixed missing quote in get_users.yaml (@Cx01N)
  • Fixed displaying info for plugins (@Cx01N)
  • Fixed legacy plugin loading to ignore folders (@Cx01N)
  • Removed http_mapi.ps1
  • Removed comment that global obfuscation and keyword obfuscation cannot be combined (@Cx01N)

[4.4.0] - 2022-02-14

  • Added auto copy to clipboard feature (@Cx01N)
  • Added directory settings to yaml for downloads/stagers/obfuscated_modules (@Cx01N)
  • Added C# process injection module (Cx01N)
  • Added bypass yamls for PowerShell (@Hubbl3)
  • Added Black and Isort integration (@Vinnybod)
  • Added tests for loading and generating scripts with defaults (@Vinnybod)
  • Updated Psinject to use updated version of reflective pick and bypasses (@Hubbl3)
  • Fixed check for preobfuscation of files (Cx01N)
  • Fixed issue with plugins using tuple (@Vinnybod)
  • Removed random capitialization function for listeners (@Cx01N)
  • Removed meterpreter and mapi listeners (@Cx01N)
  • Powerview - added functions for group managed service accounts and fine grained pw pol (@jfmaes)

[4.3.3] - 2022-01-24

  • Added a hook for when an agent is fully checked in (stage2) (@Vinnybod)

[4.3.2] - 2022-01-14

  • Fixed issues with variables names in Mimikatz & Privesc modules (@sbrun)
  • Fixed issue with Invoke-Obfuscation not being properly called (@Cx01N)
  • Add dotnet install to dockerfile (@Vinnybod)

[4.3.1] - 2022-01-08

  • Fixed issue with module variables referenced before assignment or undefined (@Vinnybod)
  • Fixed bug with Invoke-Seatbelt caused by variable name mismatch (@Vinnybod)
  • Fixed IronPython exit/shutdown issue (@Cx01N)
  • Fixed ToLower() bug in PowerShell agent when using route (@CyrilleFranchet)
  • Fixed multiline shell output bug (#491) (@CyrilleFranchet)
  • Added dir command to the file browser hook (@CyrilleFranchet)
  • Generate test account with secure rng (@moloch--)
  • Add Invoke-FodhelperProgIDs module (@m1m1k4tz)
  • Add Invoke-VeeamGetCreds module (@sadshade)

[4.3.0] - 2021-12-23

  • Updated Invoke-Seatbelt, Invoke-Rubeus, & Invoke-WinPeas (@Cx01N)
  • Updated C# modules: Seatbelt, SharpSploit (@Cx01N)
  • Updated profiles to include APT29 (@Cx01N)
  • Updated Mimikatz to 20210810-2 (@Cx01N)
  • Updated reset script to remove c# tasks and generated-stagers (@Cx01N)
  • Added obfuscation options into Empire CLI (@Cx01N)
  • Added Invoke-BOF module (@Cx01N)
  • Added C# server plugin to run on startup (@Cx01N)
  • Added autostart plugin with options to config file (@Cx01N)
  • Added upload & download options for Empire CLI (@Cx01N)
  • Added Plugin folders and extensions (@Cx01N)
  • Added C# redirector (@Cx01N)
  • Added Invoke-DownloadFile (@Cx01N)
  • Added error message in client for file downloads >1MB (@Cx01N)
  • Moved NVNC and Sharpire as C# submodules (@Cx01N)
  • Fixed Invoke-Assembley (@Cx01N)
  • Fixed osx/clipboard & pilliageuser modules (@Cx01N)
  • Removed unused wiki workflows (@Cx01N)

[4.2.0] - 2021-11-01

  • Added revershell & cmd launchers with reversehell (@Cx01N)
  • Added ironpython to compile through empire with embedded std lib (@Cx01N)
  • Added proxy (SOCKS/TOR/HTTP) pivots to python agents (@Cx01N)
  • Added notifications in bottom toolbar for plugins and agents (@Cx01N)
  • Added C# VNC server (@Cx01N)
  • Added extended rights for certificate templates (@daem0nc0re)
  • Added donut for shellcode generation (@Cx01N)
  • Updated WMI persistence and bug fixes (@janit0rjoe)
  • Updated covenant compiler (@Hubbl3)
  • Updated csharp powershell launcher to compile through empire (@Hubbl3)
  • Fixed formatting error in enable_rdp (@jamarir)
  • Fixed nim launcher to run internal to exe (@Cx01N)
  • Fixed misc python module errors (@Cx01N)
  • Fixed outfile message displaying wrong directory (@Cx01N)
  • Removed sRDI for shellcode (@Cx01N)

[4.1.3] - 2021-09-28

  • Fixed output from files throwing a error for the client (@Cx01N)

[4.1.2] - 2021-09-21

  • Removed pyminifier as a dependency to prevent install errors (@Cx01N)

[4.1.1] - 2021-09-20

  • Add OutputFunction to dcsync_hashdump (@jamarir)
  • Convert file operations to use with syntax (@jamarir)
  • Added Invoke-IronPython3 and some OffensiveDLR fixes (@Cx01N)
  • Fix for (#476) - String indices error ms16-032 & ms16-135 (@Cx01N)
  • Fix help menu text on the interact menu (@archcloudlabs)
  • Rework agent taskings in the client to not poll for a result (@Cx01N)
  • Added Python agents to the external/generate_agent module (@Cx01N)
  • Update add_sid_history module command (@ilanisme)

[4.1.0] - 2021-08-29

  • Correct issue where install script would break depending on the current working directory (@Vinnybod)
  • Empire client now currently refreshes listener list after killing a listener (@Vinnybod)
  • Removed the wiki and added a link to the new docs (@Vinnybod)
  • Added the initial filtering/hooking feature (@Vinnybod)
  • Fix an issue where the docker builds would not run because it was deleting the database (@Vinnybod)
  • Added autocomplete for taskings in the Empire Client and added a command to view a specific task (@Cx01N)
  • Updated the OutputFunction feature to allow for arbitrary values (@Vinnybod)
  • Added an IronPython3 agent (@Cx01N)

[4.0.2] - 2021-08-16

  • Added socketio messages to screenshot/download/upload (@Cx01N)
  • Added help message when no input is given to empire.py (@Cx01N)
  • Fixed missing slash for module directories (@Cx01N)
  • Fixed modules Get-SQLServerLoginDefaultPw and PortScan (@jamarir)
  • Fixed formatting bug in the options table on the listener menu (@Vinnybod)
  • Fixed querying retain-last-value config parameters (@ilanisme)
  • Fixed invalid concat on keylogs (@Cx01N)
  • Fixed mimikatz command and added suggested values (@Cx01N)
  • Fixed misc bugs (@Vinnybod)
  • Updated suggested values for stagers and reformatted code (@Cx01N)
  • Updated editlistener menu (@Vinnybod)
  • Removed client suppression for job started taskings (@Cx01N)

[4.0.1] - 2021-07-19

  • Added API endpoints for sleep/jitter to agents (@Cx01N)
  • Added sleep command to CLI (@Cx01N)
  • Added sleep/jitter option to C# agents (@Hubbl3)
  • Fix for Invoke-Obfuscation installation
  • Added PrintNightmare module (@Cx01N)

[4.0.0] - 2021-06-28

Breaking Changes

  • Removed old Empire CLI and cmdloop from server (@Cx01N)
  • The credential create endpoint now accepts a single credential instead of a list
  • Some endpoints which were previously throwing 500s when not found, now properly return a 404
  • Plugin endpoints and socketio channels renamed to plural (plugin -> plugins) to match naming convention of other resources (@Vinnybod)

New Features

  • Integrated server and client into Empire (@Cx01N, @Vinnybod)
  • Introduced C# agents (@Hubbl3)
  • Integrated Covenant Roslyn compiler for task compilation (@Hubbl3)
  • Covenant Task compatibility (@Hubbl3, @Vinnybod)
  • Added support for 'suggested values' on the server and auto completing the suggested values in the CLI (@Vinnybod)
  • Added new launch parameters for starting server/client (@Cx01N, @Vinnybod)
  • Added Offensive DLR Modules: IronPython, ClearScript, & Boolang (@Cx01N)
  • Added MS16-051 stager (@Cx01N)
  • Added Start-ProcessAsUser module (@Cx01N)
  • Added NTLM-Extract module (@Cx01N)
  • Added Invoke-SharpSecDump module (@Cx01N)
  • Added sriptimport and scriptcommand to API (@Cx01N)
  • Added auto generate certificate function to startup script (@Cx01N)
  • Added Invoke-SpoolSample (@Cx01N)
  • Added redirector chaining and proper tunneling (@Cx01N)
  • Updated pycrypto to pycryptodome (@Cx01N)
  • Updated PowerDump with AES NTLM hashes (@Cx01N)
  • Updated cert/install/reset script with new directories (@Cx01N)
  • Updated all modules to new YAML format (@Vinnybod, @Cx01N)
  • Updated to Mimikatz 2.2.0 20210531 X11 RDP Clients (@Cx01N)
  • Removed M2Crypto dependency (@Cx01N)
  • Simplified kill/remove commands and added 'all' and 'stale' options (@Cx01N)
  • Removed the need for manual database timestamp updates, merge taskings and results table to a single table (@Vinnybod)
  • Added a socketio event for when tasking results come back (@Vinnybod)
  • Readded rastamouse's bypass (@Cx01N)
  • Added a 'since' query parameter to the tasks endpoint for more efficient querying (@Vinnybod)
  • Added socketio tasking event handler to CLI for displaying task results in the interact menu (@Vinnybod)
  • Install script prompts for xar, bomutils, openjdk, and dotnet for a more streamlined install (@Vinnybod)
  • Install script now includes dotnet (@Vinnybod)
  • Dockerfile size decreased by ~1GB by only installing the essentials. There is a note in the README (@Vinnybod)
  • Made powershell bypasses dynamic. Now set with a single field Bypasses and they will be applied in the order provided (@Vinnybod)
  • Added API endpoints for managing bypasses (@Vinnybod)
  • Add processor architecture to powershell, csharp, and python agents (@Vinnybod)
  • Add a display command to interact menu (@Vinnybod)
  • Add additional endpoints for credential for get, update, and delete (@Vinnybod)
  • Add create, update, remove credential functionality to the CLI (@Cx01N)
  • Add an "output function" option on several modules (@jamarir)
  • Updated shellcoderdi to newest version (@Cx01N)
  • Added a Nim launcher (@Hubbl3)