v5.8.1

[5.8.1] - 2023-11-30

• Updated Starkiller to v2.7.1

Added

• Add tags search to credentials endpoints (@vinnybod)
• Allow Starkiller to be disabled (@vinnybod)
• Allow API port to be configured from the config.yaml (@vinnybod)
• Add flake8-comprehensions rules to ruff config (@vinnybod)

Changed

• Upgrade Pydantic to v2 (@vinnybod)
• Update common FastAPI Dependencies to use 'Annotated' types for simpler code (@vinnybod)
• Simplify TestClient setup (@vinnybod)
• Removed usages of deprecated Credentials and Listeners functions (@vinnybod)
• Remove usages of deprecated Agents functions (@vinnybod)
• Add typehinting for MainMenu object in modules (@vinnybod)
• Removed name property from listener start and shutdown functions (@vinnybod)
• Removed secretsocks as dependency for Python agents (@Cx01N)

Removed

• Remove unused migration scripts (@vinnybod)

Fixed

• Fixed the database session management for websocket endpoints (@vinnybod)

[5.8.0] - 2023-11-06

• Warning: You may run into errors installing things such as nim if you are running the install script on a machine that previously ran it. This is due to permissions changes with the install script. In this case it is recommended to use a fresh machine or manually remove the offending directories/files.

Added

• Added automatic tasking for sysinfo for stageless agents (@Cx01N)

Changed

• Modernized the Python and IronPython agents with new agent and staging code (@Cx01N)
• Updated listeners to consistently use port 80 and 443 for HTTP traffic by default (@Cx01N)
• Make the installation of donut conditional on architecture since it doesn't work on ARM (@vinnybod)
  • When donut is invoked but not installed, give a useful warning (@vinnybod)
• Allow a config to be loaded from an outside directory and the downloads/logs/etc to be stored in an outside directory (@vinnybod)
• Correct more deprecation warnings for SQLAlchemy and invalid escape sequences (@vinnybod)
• Updated the ruff minimum Python version to 3.10 and applied fixes to get codebase compliant (@vinnybod)
• Remove unneeded condition statement from all listeners (@vinnybod)
• Update Docker build (@vinnybod)
  • Use the official Poetry installer
  • Fix Starkiller trying to auto-update inside the container
  • Pre-install Starkiller as part of the docker build
  • Use Python 3.12
  • Don't use apt for powershell and dotnet
  • DockerHub images now have linux/amd64 and linux/arm64 architectures
• Dependency changes (@vinnybod)
  • Use BC-Security fork of md2pdf until upstream can support Python 3.12
  • Use a patched version of pysecretsocks that packages asyncore for Python 3.12 support
  • Use docopt-ng for Python 3.12 support
  • Add packaging as a runtime dependency
• Update install script (@vinnybod)
  • Use pyenv to install Python
  • Use the official Poetry installer
  • Don't run the entire script as root
  • Rewrite the test containers and reuse a templated Dockerfile
  • Add Debian12 support
  • Bump all OS to use Python 3.12
  • Refactor the script to be a bit more readable
  • Condense the test_install_script job
  • Added option to start MySQL service on boot (@Cx01N)

Removed

• Drop support for Python 3.8 and 3.9

v5.7.3

[5.7.3] - 2023-10-17

• Updated Starkiller to v2.6.1
• Fixed global obfuscation not working on modules (@Cx01N)
• Added bypass module in PowerShell to run bypasses after agent is staged (@Cx01N)
• Fixed IronPython and Python stagers not getting obfuscation applied (@Cx01N)

[5.7.2] - 2023-09-28

• Updated Dropbox C2 to use new API endpoints (@Cx01N)
• Standardized Kill Date and Working Hours for PowerShell Agents (@Cx01N)
• Apply fixes for future Python 3.12 compatibility (@vinnybod)
• Add additional rulesets to ruff linting (@vinnybod)

[5.7.1] - 2023-09-25

[5.7.0] - 2023-09-17

• Add avatars to users (@vinnybod)
• Update plugin documentation, update embedded plugins to not abuse notifications (@vinnybod)
• Add additional pre-commit hooks for code cleanup (@vinnybod)
• Report test coverage on pull requests (@vinnybod)
• Fixed issue with multiple parameters not executing in IronPython for C# tasks (@Cx01N)
• Fix for spawnas not generating bat file (@wizquaza)
• Fixed taskings for OneDrive listener (@Hubbl3)

v5.6.4

[5.6.4] - 2023-09-08

• Added Stix2 to dependency list for Advanced Reports (@Cx01N)
• Fixed C# module imports for IronPython agent (@Cx01N)
• Updated Invoke-DllInjection.ps1 (@Signum21)
• Fix nimble install error (@fukusuket)

v5.6.3

[5.6.3] - 2023-08-27

• Updated Starkiller to v2.5.3
• Added Advanced Reporting Plugin and dependencies (@Cx01N)
• Pin linters in the workflow
• Catch error when starting up database that was seeded by an older version of Empire (@vinnybod)
• Updated Windows BAT launcher to use Base64 for all payloads (@Cx01N)

[5.6.2] - 2023-08-09

• Update the github issue templates to use forms (@vinnybod)
• Fix issue with option validator throwing error for strict non-required options (@vinnybod)
• Allow Starkiller to load even if the git pull fails if the dir exists (@vinnybod)
• Update listener descriptions to not specify languages since Empire supports more languages now

[5.6.1] - 2023-08-02

[5.6.0] - 2023-07-25

• Upgrade dependencies
• Upgrade Dockerfile to bullseye and 3.11.4
• Allow download_service to accept a pathlib.Path object to create a download (@vinnybod)
• Fix file option for listeners, stagers, plugins (@vinnybod)
• Add tags to Listeners, Agents, Agent Tasks, Plugin Tasks, Credentials, and Downloads (@vinnybod)
  • Add endpoints to add, edit, and delete tags for each resource type
  • Add tag list endpoint
  • Add tag filters to Agent Tasks, Plugin Tasks, and Downloads
  • Add events for new and updated tags
• Fix user filters for tasks to include tasks without any users (@vinnybod)
• Refactor stager and listener tests to work better in parallel (@vinnybod)
• Add a Invoke-PhishingLNK Module (@0xFFaraday)
• Fix changelog link in README (@theguly)

v5.5.4

[5.5.4] - 2023-07-20

• Updated Starkiller to v2.4.3

v5.5.3

[5.5.3] - 2023-07-20

• Updated Starkiller to v2.4.2
• Updated restip message to show IP address on server (@Cx01N)
• Fixed onedrive taskings for powershell (@Cx01N)
• Update pyyaml to 6.0.1 to avoid build issue from cython (@vinnybod)
• Use MariaDB in Debian (@vinnybod)

[5.5.2] - 2023-07-14

• Fix TypeError and crash when using main command in client (@jellyjellyrobot)
• Fix extraneous semi-colon breaking powershell 'literal' execution (@crittico)

[5.5.1] - 2023-07-06

• Fix basic_reporting plugin using the wrong agent checkin column

[5.5.0] - 2023-06-21

• Break out agent checkins to a new table (@vinnybod)
  • New checkins endpoint to get them as a list
  • New checkins aggregate endpoint to get aggregated checkin data
  • Aggregate endpoint not supported with SQLite
• Add a warning message about using SQLite
• Added LinPEAS to Python modules (@Cx01N)
• Added python obfusscation using python-obfuscator (@Cx01N)
• Added IronPython SMB Agents/Listener (@Cx01N)
• Expand file options to plugins, stagers, and listeners (@vinnybod)
• Added Python agent support to hop listener (@Cx01N)
• Added staging to hop listener (@Cx01N)
• Added python module for Pwnkit (CVE-2021-4034) (@Cx01N)
• Added python module for Polkit (CVE-2021-3560) (@Cx01N)
• Fixed safecheck error for python module sudo spawn (@Cx01N)
• Fixed file error in Invoke-Shellcode (@Cx01N)
• Removed duplicate modules between languages (@Cx01N)
  • Removed .NET Core modules due to errors
  • Removed redundant C# lateral movement modules
  • Removed Covenant Mimikatz in favor of Invoke-Mimikatz
  • Removed Invoke-Assembly in favor of Covenant's execute assembly
  • Removed Invoke-BOF in favor of RunOF
  • Removed Invoke-Rubeus in favor of Covenant's Rubeus
  • Removed Invoke-Seatbelt in favor of Covenant's Seatbelt
  • Removed Bloodhound v1 module
• Revamped malleable profiles and increased their generation reliability (@Cx01N)
• Allow the server to start even when starkiller sync fails (@vinnybod)
• Remove libssl1.1 from the install script since it doesn't appear to be needed and causes install failures on some OS (@vinnybod)
• Fix the restip argument which wasn't being used (@vinnybod)
• Added reload endpoint to Malleable Profiles, Modules, Bypasses, and Plugins (@Cx01N)
• Updated and fixed pyinstaller stager (@Cx01N)

v5.4.2

[5.4.2] - 2023-06-07

• Updated Starkiller to v2.3.2
• Fixed python modules not running properly (Cx01N)
• Updated python multi_socks to run with Python 3 (Cx01N)

[5.4.1] - 2023-06-02

• Fix database reset issue with MySQL (@vinnybod)
• Add a message to the client recommending the use of the Starkiller (@vinnybod)
• Fixed issue with Invoke-wmi not returning a success message (@Cx01N)
• Fixed dynamic function issue with Powerview (@Cx01N)
• Pair down the amount of minutes needed to run pull request builds (@vinnybod)

[5.4.0] - 2023-05-22

• Remove Starkiller as a submodule, treat it as a normal directory (@vinnybod)
  • Everything should 'just work', but if you have issues after pulling these latest changes, try deleting the Starkiller directory before running the server rm -r empire/server/api/v2/starkiller.
• Some improvements to the release flow after starkiller submodule removal (@vinnybod)

[5.3.0] - 2023-05-17

• Add the ability to specify a module option as a file (@vinnybod)

v5.2.2

[5.2.2] - 2023-04-30

• Updated Starkiller to v2.2.0
• Dependency upgrades (@vinnybod)

[5.2.1] - 2023-04-30

• Updated Donut to v1.0.2 (@Cx01N)
• Fixed issue with install path not being used properly when switching empire location (@vinnybod)
• Lock nim version in the install script (@vinnybod)
• Fixed issue with Powerview modules not performing dynamic detect on overhead functions (@Cx01N)
• Fixes for the onedrive listener that broke with 5.0 (@vinnybod)

[5.2.0] - 2023-03-31

• Added new plugin functionality (@vinnybod)
  • Added plugin tasks
  • Added plugin task endpoints
  • Gave plugins kwargs to allow for more flexibility. Plugins are now receiving a database session and user object.
• Tasks renamed to AgentTasks to avoid confusion with PluginTasks
• Rename tasking to task in most places to standardize the naming. The hook names have not been changed yet.
• Fix Starkiller error in Docker (@0x4xel)
• Fixed launcher_bat to work with all listeners (@Cx01N)
• Fixed issue with duplicate Server Header being added by Flask (@Cx01N)
• Fixed malleable c2 not generating IronPython agents correctly (@Cx01N)

v5.1.2

[5.1.2] - 2023-03-29

• Updated Starkiller to v2.1.1
• Removed thread from IronPython agent (@Hubbl3)
• Fixed foreign listener issue with cookies (@Hubbl3)
• Fixed error message handling for port forward pivot (@Cx01N)
• Fixed upload not reporting error in PowerShell agent (@Cx01N)
• Fixed client not giving option to select upload directory (@Cx01N)
• Fixed persistence/powerbreach/eventlog launcher generation (@Cx01N)

[5.1.1] - 2023-03-17

• Added D/Invoke option to Process Injection (@Cx01N)
• Added IronPython and csharp to windows/launcher_bat (@Cx01N)
• Added language option to spawn and spawnas modules (@Cx01N)
• Fixed issue with powershell and ironpython agents not using public classes (@Cx01N)
• Fixed issue where large shellcode files lock up server in Invoke_Shellcode (@Cx01N)
• Increased the default time for base64 encoded ironpython payloads (@Cx01N)
• Fix issue with large stacktrace on stale socketio connection (@vinnybod)

[5.1.0] - 2023-03-01

• Added a 'modified_input' field to the 'execute module' task (@vinnybod)
• Added an endpoint to get the script for a module (@vinnybod)

v5.0.4

[5.0.4] - 2023-02-25

• Fix module error in PSRansom (@Cx01N)
• Update the install script to set up a new db user instead of overwriting the root user (@vinnybod)
• Update the Starkiller syncer to skip updating if not in a git repo (@vinnybod)
• Update the Docker CI action to publish latest on 'main' branch (@vinnybod)
• Fix install of Poetry for Debian based systems (@vinnybod)