Releases: BC-SECURITY/Empire
Releases · BC-SECURITY/Empire
v5.9.3
[5.9.3] - 2024-02-09
Added
- Added option to windows_macro stager to select Excel or Word and AutoOpen or AutoClose (@Cx01N)
Fixed
v5.9.2
v5.9.1
[5.9.1] - 2024-01-25
Changed
- Convert agent task output to string before the BEFORE_TASKING_RESULT_HOOK (@vinnybod)
- Updated tasklist for powershell code to not throw error when GetOwner fails (@Cx01N)
Fixed
- Updated Uvicorn to fix issue where an open browser would cause the shutdown to hang (encode/uvicorn#2145) (@vinnybod)
- Fixed the fastapi app lifecycle not being properly called on shutdown (@vinnybod)
- Converted listener threads to daemons so they don't hang the shutdown in Python 3.12 and report
RuntimeError: can't create new thread at interpreter shutdown
(@vinnybod) - Log warning about ps/ls hooks and filters not being able to parse the JSON output (@vinnybod)
[5.9.0] - 2024-01-20
Added
- Added validation and execution exceptions for modules to raise (@vinnybod)
- Added decorators for module generate functions to automatically get the module_source and call finalize_module (@vinnybod)
- Added execution exception to plugins (@vinnybod)
- Added RUF rules to ruff config (@vinnybod)
- Added SIM rules to ruff config (@vinnybod)
- Added BOF modules to Empire as yamls (@Cx01N)
- Added ClipBoardWindow-Inject module
- Added nanodump module
- Added secinject module
- Added tgtdelegation module
- Added TrustedSec's SA modules
- Added custom certificate path to server config.yaml (@AaronVigal)
Deprecated
- Returning tuples from module generate functions is deprecated
- To return a 400, raise a
ModuleValidationException
- To return a 500, raise a
ModuleExecutionException
- Stop using
handle_error_message
- To return a 400, raise a
- Returning tuples from plugin execution functions is deprecated
- To return a 400, raise a
PluginValidationException
- To return a 500, raise a
PluginExecutionException
- To return a 400, raise a
- Loading plugins from a
.plugin
file is deprecated- Use a
.py
file with aplugin.yaml
instead
- Use a
- Extending the
Plugin
class is deprecated- Use the
BasePlugin
class instead
- Use the
Changed
- Migrated some Pydantic and FastAPI usage away from deprecated features (@vinnybod)
- Updated the install script and Docker file from Python 3.12.0 to 3.12.1 (@vinnybod)
- Upgraded all dependencies with
poetry up
(@vinnybod) - Plugin updates (@vinnybod)
- Plugins have a
plugin.yaml
- Base plugin class is now
BasePlugin
- Updated plugin documentation
- Plugins have a
- Upgraded Black to 23.12.0 (@vinnybod)
- Upgraded Ruff to 0.1.9 (@vinnybod)
- Upgraded Seatbelt to 1.2.1 (@Cx01N)
v5.8.4
v5.8.3
v5.8.2
v5.8.1
[5.8.1] - 2023-11-30
- Updated Starkiller to v2.7.1
Added
- Add tags search to credentials endpoints (@vinnybod)
- Allow Starkiller to be disabled (@vinnybod)
- Allow API port to be configured from the config.yaml (@vinnybod)
- Add flake8-comprehensions rules to ruff config (@vinnybod)
Changed
- Upgrade Pydantic to v2 (@vinnybod)
- Update common FastAPI Dependencies to use 'Annotated' types for simpler code (@vinnybod)
- Simplify TestClient setup (@vinnybod)
- Removed usages of deprecated
Credentials
andListeners
functions (@vinnybod) - Remove usages of deprecated
Agents
functions (@vinnybod) - Add typehinting for
MainMenu
object in modules (@vinnybod) - Removed
name
property from listener start and shutdown functions (@vinnybod) - Removed secretsocks as dependency for Python agents (@Cx01N)
Removed
- Remove unused migration scripts (@vinnybod)
Fixed
- Fixed the database session management for websocket endpoints (@vinnybod)
[5.8.0] - 2023-11-06
- Warning: You may run into errors installing things such as nim if you are running the install script on a machine that previously ran it. This is due to permissions changes with the install script. In this case it is recommended to use a fresh machine or manually remove the offending directories/files.
Added
- Added automatic tasking for sysinfo for stageless agents (@Cx01N)
Changed
- Modernized the Python and IronPython agents with new agent and staging code (@Cx01N)
- Updated listeners to consistently use port 80 and 443 for HTTP traffic by default (@Cx01N)
- Make the installation of donut conditional on architecture since it doesn't work on ARM (@vinnybod)
- When donut is invoked but not installed, give a useful warning (@vinnybod)
- Allow a config to be loaded from an outside directory and the downloads/logs/etc to be stored in an outside directory (@vinnybod)
- Correct more deprecation warnings for SQLAlchemy and invalid escape sequences (@vinnybod)
- Updated the ruff minimum Python version to 3.10 and applied fixes to get codebase compliant (@vinnybod)
- Remove unneeded condition statement from all listeners (@vinnybod)
- Update Docker build (@vinnybod)
- Use the official Poetry installer
- Fix Starkiller trying to auto-update inside the container
- Pre-install Starkiller as part of the docker build
- Use Python 3.12
- Don't use apt for powershell and dotnet
- DockerHub images now have linux/amd64 and linux/arm64 architectures
- Dependency changes (@vinnybod)
- Use BC-Security fork of md2pdf until upstream can support Python 3.12
- Use a patched version of pysecretsocks that packages asyncore for Python 3.12 support
- Use docopt-ng for Python 3.12 support
- Add packaging as a runtime dependency
- Update install script (@vinnybod)
- Use pyenv to install Python
- Use the official Poetry installer
- Don't run the entire script as root
- Rewrite the test containers and reuse a templated Dockerfile
- Add Debian12 support
- Bump all OS to use Python 3.12
- Refactor the script to be a bit more readable
- Condense the test_install_script job
- Added option to start MySQL service on boot (@Cx01N)
Removed
- Drop support for Python 3.8 and 3.9
v5.7.3
[5.7.3] - 2023-10-17
- Updated Starkiller to v2.6.1
- Fixed global obfuscation not working on modules (@Cx01N)
- Added bypass module in PowerShell to run bypasses after agent is staged (@Cx01N)
- Fixed IronPython and Python stagers not getting obfuscation applied (@Cx01N)
[5.7.2] - 2023-09-28
- Updated Dropbox C2 to use new API endpoints (@Cx01N)
- Standardized Kill Date and Working Hours for PowerShell Agents (@Cx01N)
- Apply fixes for future Python 3.12 compatibility (@vinnybod)
- Add additional rulesets to ruff linting (@vinnybod)
[5.7.1] - 2023-09-25
[5.7.0] - 2023-09-17
- Add avatars to users (@vinnybod)
- Update plugin documentation, update embedded plugins to not abuse notifications (@vinnybod)
- Add additional pre-commit hooks for code cleanup (@vinnybod)
- Report test coverage on pull requests (@vinnybod)
- Fixed issue with multiple parameters not executing in IronPython for C# tasks (@Cx01N)
- Fix for spawnas not generating bat file (@wizquaza)
- Fixed taskings for OneDrive listener (@Hubbl3)
v5.6.4
v5.6.3
[5.6.3] - 2023-08-27
- Updated Starkiller to v2.5.3
- Added Advanced Reporting Plugin and dependencies (@Cx01N)
- Pin linters in the workflow
- Catch error when starting up database that was seeded by an older version of Empire (@vinnybod)
- Updated Windows BAT launcher to use Base64 for all payloads (@Cx01N)
[5.6.2] - 2023-08-09
- Update the github issue templates to use forms (@vinnybod)
- Fix issue with option validator throwing error for strict non-required options (@vinnybod)
- Allow Starkiller to load even if the git pull fails if the dir exists (@vinnybod)
- Update listener descriptions to not specify languages since Empire supports more languages now
[5.6.1] - 2023-08-02
[5.6.0] - 2023-07-25
- Upgrade dependencies
- Upgrade Dockerfile to bullseye and 3.11.4
- Allow download_service to accept a pathlib.Path object to create a download (@vinnybod)
- Fix file option for listeners, stagers, plugins (@vinnybod)
- Add tags to Listeners, Agents, Agent Tasks, Plugin Tasks, Credentials, and Downloads (@vinnybod)
- Add endpoints to add, edit, and delete tags for each resource type
- Add tag list endpoint
- Add tag filters to Agent Tasks, Plugin Tasks, and Downloads
- Add events for new and updated tags
- Fix user filters for tasks to include tasks without any users (@vinnybod)
- Refactor stager and listener tests to work better in parallel (@vinnybod)
- Add a Invoke-PhishingLNK Module (@0xFFaraday)
- Fix changelog link in README (@theguly)