github BC-SECURITY/Empire v5.0.3
on GitHub

latest releases: v6.2.1, v6.2.0, v6.1.3...
2 years ago

[5.0.3] - 2023-02-20

  • Updated Starkiller to v2.0.5
  • Fix Invoke-Kerberoast with etype 17 or 18 (@AdrianVollmer)
  • Add 3.11 support, bump Dockerfile to 3.11, bump Debian install to 3.8.16 (@Cx01N)
  • Update the GitHub actions to remove usages of deprecated ::set-output function (@vinnybod)
  • Update plugin submodule references post 5.0 branch merges (@vinnybod)

[5.0.2] - 2023-02-14

  • Fix the test that detects errors loading modules (@vinnybod)
  • Allow empty user id and username on the task API (@vinnybod)
  • Rename module_slug to module_id for tasks for consistent naming on the api (@vinnybod)
  • Add a shebang to the checkout-latest-tag.sh script (@xambroz)

[5.0.1] - 2023-02-04

  • Fixed the uniqueness check for MariaDB (@vinnybod)
  • Fixed redirector issue with parent listeners (@Cx01N)
  • Added exception for agent task when server is initializing (@Cx01N)
  • Fixed listener menu displaying error when viewing options (@Cx01N)
  • Starkiller sync process now attempts to pull the ref from the remote (@vinnybod)
  • Auto-merge private-main to downstream main branches using a label (@vinnybod)
  • Fixed error in IronPython agent when running PowerShell tasks (@Cx01N)
  • Fixed issue adding comms twice to stageless python agents (@Cx01N)
  • Updated Redirector to Port Forward Pivot (@Cx01N)
  • Updated to Mimikatz 2.2.0-20220919 (@Cx01N)
  • Add Ruff linter and pre-commit hook (@vinnybod)

[5.0.0] - 2023-01-15

  • Added Starkiller as an integrated web app (@vinnybod)
  • Added full MySQL support (@vinnybod)
    • MySQL is the new default
    • Database type can be changed by setting database.use in config.yaml or environment variable DATABASE_USE
    • SQLite is still supported
    • The Docker image still defaults to SQLite, but can be changed to MySQL by modifying the config.yaml or setting the environment variable DATABASE_USE=mysql.
  • Added v2 API (@vinnybod)
  • Added autogenerated docs for v2 API (@vinnybod)
  • Added stageless options for agents (@Cx01N)
  • Added clear window command to client (@Cx01N)
  • Added mouse_support to client (@Cx01N)
  • Added RunOF module to support COFF/BOF execution (@Cx01N)
  • Added new database table for files (@vinnybod)
  • Added server-side storage of stagers (@vinnybod)
  • Added new listener object is created for each listener instead of using a shared state (@vinnybod)
  • Added listener, agent, and task hooks (@vinnybod)
  • Added db session to hooks (@vinnybod)
  • Added global obfuscation config and removed from config table (@vinnybod)
  • Added authors to bypass endpoints (@vinnybod)
  • Added a help command to the client to print the full doc string of a function. such as help shell or help script_import (@vinnybod)
  • Added --literal flag that can be used on shell commands that forces the agent to execute the command literally, ignoring any built-in aliases that exist such as for whoami or ps (@vinnybod)
  • Updated plugins endpoints and options (@vinnybod)
  • Updated authentication to use JWT auth instead of basic auth (@vinnybod)
  • Updated to MITRE ATT&CK v11 for sub-technique and tactic support (@Cx01N)
  • Updated SOCKS & Chisel plugins for 5.0 (@Cx01N)
  • Updated socketio emit to be async (@vinnybod)
  • Updated hooks to handle sync or async functions (@vinnybod)
  • Updated authors to have name, handle, and link for modules, listeners, stagers, and plugins (@vinnybod)
  • Updated Dockerfile for better caching (@vinnybod)
  • Updated agent.py to extract logic for sleep duration and lazily calculate file sizes (@lavafroth)
  • Moved keyword_obfuscation config property under database defaults (@vinnybod)
  • Moved obfuscate and obfuscateCommand defaults under database.defaults.obfuscation (@vinnybod)
  • Restructured all the 'common' code (@vinnybod)
  • Converted reports to a plugin (@Cx01N)
  • Converted generate_agent module to stager (@Cx01N)
  • Removed malleable.Profile from listener options (@Cx01N)
  • Removed old REST API (@vinnybod)
  • Removed old WebSocket API (@vinnybod)
  • Removed socketport since socketio runs on the same port as the API (@vinnybod)
  • Removed AFTER_AGENT_STAGE2_HOOK and replaced with AFTER_AGENT_CHECKIN_HOOK (@vinnybod)
  • Removed last seen time for users since it could cause db locking issues (@vinnybod)
  • Removed pydispatcher (@vinnybod)
  • Removed prompt line from server (@vinnybod)
Check out latest releases or
releases around BC-SECURITY/Empire v5.0.3

Don't miss a new Empire release

NewReleases is sending notifications on new releases.

Get notifications