forked from BC-SECURITY/Empire
-
Notifications
You must be signed in to change notification settings - Fork 0
/
changelog
926 lines (809 loc) · 37.7 KB
/
changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
10/14/2020
------------
- Version 3.5.1 Master Release
- Fixed Invoke-Obfuscation in Kali/Dockers - #348 (@Cx01N, @Hubbl3)
- Refactored /api/map endpoint - #337 (@mattaereal)
10/13/2020
------------
- Version 3.5.0 Master Release
- Added socketio notifications for Starkiller - #335 (@vinnybod)
- Added Invoke-ZeroLogon - #333 (@Cx01N)
- Added Invoke-SocksProxy - #332 (@Cx01N, @Hubbl3)
- Added powercat module - #319 (@Cx01N)
- Added powermad modules - #329 (@snovvcrash)
- Added self cleanup functionality to plugins - #332 (@Hubbl3)
- Updated Mimikatz 2.2.0 20200918 ZeroLogon - #330 (@Cx01N)
- Fixed dropbox listener and staging issues - #327 (@Cx01N)
- Fixed docker missing pyparsing in requirements.txt - #324 (@Cx01N)
- Fixed modules with missing MITRE ATT&CK techniques - #321 (@Cx01N)
- Fixed issue with inputs not being assigned color in helpers.py - #332 (@Cx01N)
9/15/2020
------------
- Version 3.4.0 Master Release
- Added Malleable C2 HTTP Listener - #287 (@Johneiser, @Cx01N, @Hubbl3)
- Added reflective load ability for files - #309 (@Hubbl3)
- Added Invoke-DomainPasswordSpray - #295 (@Cx01N)
- Added Invoke-WinPEAS - #293 (@Cx01N)
- Added Invoke-Watson - #294 (@Cx01N)
- Added plugins being loaded at startup - #301 (@Cx01N)
- Updated moduleName to display full directory - #299 (@Cx01N)
- Updated info in Invoke-SMBExec to indicate single target - #286 (@Cx01N)
- Updated Slack API notifications to webhooks - #303 (@Cx01N)
- Fixed spaces for IIS default page in HTTP listener - #302 (@adamczi)
- Fixed agent spawning issue with MS-16-032 - #292 (@Cx01N)
- Fixed min language version for modules (@Cx01N)
- Fixed CLI stager incorrectly shutting down - #198 (@Cx01N)
- Fixed error message from active agents during shutdown - #308 (@Cx01N)
9/8/2020
------------
- Version 3.4.0-RC2
- Added plugins being loaded at startup - #301 (@Cx01N)
- Fixed CLI stager incorrectly shutting down - #198 (@Cx01N)
- Updated moduleName to display full directory - #299 (@Cx01N)
- Updated info in Invoke-SMBExec to indicate single target - #286 (@Cx01N)
9/1/2020
------------
- Version 3.4.0-RC1
- Added Malleable C2 HTTP Listener - #287 (@Johneiser, @Cx01N, @Hubbl3)
- Added Invoke-DomainPasswordSpray - #295 (@Cx01N)
- Added Invoke-WinPEAS - #293 (@Cx01N)
- Added Invoke-Watson - #294 (@Cx01N)
- Fixed agent spawning issue with MS-16-032 - #292 (@Cx01N)
- Fixed min language version for modules (@Cx01N)
8/18/2020
------------
- Version 3.3.4 Master Release
- Fixed preobfuscate error: could not read module source path - #282 (@Cx01N)
- Fixed issues http_foreign listener issue - #283 (@Cx01N)
8/12/2020
------------
- Version 3.3.3 Master Release
- Added get_gpo_computer module - #271 (@bytebl33d3r)
- Added port forwarding module - #265 (@snovvcrash)
- Updated HTTP/HTTP_com listeners to closer resemble IIS 7.5 - #277 (@adamczi)
- Updated lateral movements (invoke_smbexec/invoke_dcom/invoke_executemsbuild/invoke_wmi) to include option for custom commands - #247 (@Invoke-Mimikatz)
- Updated Mimikatz 2.2.0 20200809 AzureAd x-ms-RefreshTokenCredential & DPAPI everywhere - #279 (@Cx01N)
- Fixed issue with duplicate results in db - #266 (@bytebl33d3r)
- Fixed empty token issue in API - #274 (@Vinnybod)
- Fixed missing keyword argument in ETWBypass - #273 (@Cx01N)
8/5/2020
------------
- Version 3.3.2 Master Release
- Added Event Tracing for Windows (ETW) Bypass to stagers - #269 (@Hubbl3)
- Updated Mimikatz 20200805 CloudAP Key Derivation - #268 (@Cx01N)
- Updated Invoke-Kerberoast to John The Ripper format - #263 (@kazkansouh)
- Fixed indentation issues in schtasks - #267 (@adamczi)
7/20/2020
------------
- Version 3.3.1 Master Release
- Updated Mimikatz to 20200715 NPLogonNotify passwords - #260 (@Cx01N)
- Fixed syntax errors in Get-GPPPassword and MS16-135 - #259 (@PaulWhitingS2)
- Fixed missing keylogger character issue - #252 (@Cx01N)
- Fixed missing agentPSversion variable - #262 (@Cx01N)
7/10/2020
------------
- Version 3.3.0 Master Release
- Added MITRE Attack Techniques/Software Functionality - #242 (@Cx01N)
- Added keyword obfuscation option to modules - #244 (@Hubbl3)
- Added Invoke-Rubeus - #238 (@Cx01N)
- Added Filescraper commands - #236 (@vinnybod)
- Added AMSIBypass option to modules that generate new agents - #244 (@Hubbl3)
- Fixed timestamp format issue in agents list - #235 (@Cx01N)
- Fixed external/generate_agent generation issue - #240 (@Cx01N)
- Removed unused imports + few random fixes - #241 (@Cx01N)
6/7/2020
------------
- Version 3.2.3 Master Release
- Added Invoke-Seatbelt module - #222 (@Cx01N)
- Added timezone awareness timestamps - #220 (@Vinnybod)
- Added MITRE ATT&CK techniques and software IDs to modules - #223 (@Cx01N)
5/25/2020
------------
- Version 3.2.2 Master Release
- Added Invoke-PrintDemon module - #210 (@Hubbl3, @Cx01N)
- Updated Mimikatz 2.2.0 20200519 Windows 10 2004 - #211 (build 19041) (@Cx01N)
- Fixed youtube URL in trollsploit/thunderstruck - #207(@Gutters2Gardens)
- Added API endpoints for plugins - #213 (@Hubbl3)
- Fixed keylogger issue when writing to file - #206 (@Cx01N)
5/10/2020
------------
- Version 3.2.1 Master Release
- Updated reflective PE injection to work in Windows 10 - #202 (@Hubbl3)
- Updated Mimikatz to 20200502 TPM, IF & XOR - #200 (@Cx01N)
- Added option to run Mimikatz commands as non-elevated user - #193 (@Cx01N)
- Added safe string cast for reporting log - #203 (@Vinnybod)
- Fixed byte encoding error in invoke_wmi_debugger - #203 (@Cx01N)
- Removed Get-ExploitableSystem due to function being removed from PowerView- #194 (@Cx01N)
- Replaced Invoke-ReflectivePEInjection.ps1 with newer version - #202 (@Hubbl3)
4/26/2020
------------
- Version 3.2.0 Master Release
- Added SharpChromium module - #185 (@tyraniter)
- Added BloodHound 3 module - #123 (@RaphAlmeida)
- Updated to Mimikatz 2.2.0 20200308 Masterkey - #189 (@Cx01N)
- Fixed issue with first character in randomizing function names - #169 (@Hubbl3)
- Fixed encoding error for slack tokens - #181 (@Cx01N)
- Fixed typo in python/persistence/multi/desktopfile.py - #182 (@Vinnybod)
- install.sh - Updated Debian 10 powershell install and python3 library installs - #187 (@Cx01N, @Vinnybod)
- Added single user endpoint to API - #188 (@Vinnybod)
- Updated default python launcher to use | python3 - #184 (@Cx01N)
- Converted python modules to python3 formatting - #187 (@Cx01N)
- Removed duplicate exec in python agent tasking - #187 (@Cx01N)
- Fixed errors in collection/linux/hashdump - #187 (@Cx01N)
- Fixed errors in osx/native-screenshot - #187 (@Cx01N)
- Fixed error handling issue for failed python modules - #187 (@Cx01N)
- Added prompt before reset script is ran using --reset flag - #190 (@Cx01N)
- Docker builds no longer require a database reset the first time and the certs are already generated. Default cmd starts the rest api. - #188 (@vinnybod)
4/13/2020
------------
- Version 3.1.5 Master Release
- Fixed macro staging bug - #164 (@Hubbl3)
- Fixed TLS cipher suite issue with PowerShell 2 - #155 (@tyraniter)
- Updated API reporting for Starkiller integration - #168 (@Cx01N)
4/4/2020
------------
- Version 3.1.4 Master Release
- Fixed non-ascii filename download error - #141 (@tyraniter)
- Updated payload evasion against Defender - #147 (@Hubbl3)
- Added reset flag to empire launcher - #147 (@Cx01N)
- Replaced imp package with importlib - #108 (@Cx01N)
- Fixed internal monologue issue with only running once - #43 (@Cx01N)
- Fixed ascii encode error in powerbreach modules - #150 (@CykuTW)
3/22/2020
------------
- Version 3.1.3 Master Release
- Fixed errors with OneDrive listener - #40 (@Cx01N)
- Fixed REST API get config error - #131 (@chenxiangfang)
- Increased timer for stale agent checkins - #130 (@Cx01N)
3/13/2020
------------
- Version 3.1.2 Master Release
- Fixed REST login error 500 on some version of SQLite - #120 (@justsly)
- Fixed generate launcher bug for redirector listener - #125 (@RedBulletTooling)
3/8/2020
------------
- Version 3.1.1 Master Release
- Updated the /me endpoint that was added in 3.1.0 to return the full user object (@Vinnybod)
- Updated install script for Kali Powershell install - #118 (@Vinnybod)
3/2/2020
------------
- Version 3.1.0 Master Release
- Added Multi-user Collaboration to API - #105 (@Cx01N & @Vinnybod)
- Updated to Mimikatz 2.2.0 20200208 - #104 (@Cx01N)
- Fixed incorrect header on python response packet (@Cx01N)
- Added progress bar to download function - #106 (@Cx01N)
- Expanded API functionality (@Vinnybod)
- Fixed str/byte in empire.py - #103 (@hypnoticpattern)
- Fixed typos in helpers.py - #103 (@hypnoticpattern)
- Fixed unsupported formatting for null hostname - #103 (@hypnoticpattern)
- Added function name aliasing to Invoke-Empire & Mimikatz - #109 (@Hubbl3)
2/6/2020
------------
- Version 3.0.7 Master Release
- Fixed string decode error in API - #92 (@Cx01N)
- Fixed python3 conversion errors in backdoorlnkmacro, multi/war, osx/dylib, osx/pkg, and osx/macho launchers (@Cx01N & @hypnoticpattern)
- Fixed exception error in autorun queue - #95 (@Cx01N)
- Fixed report generation and SQL database errors (@Vinnybod & @Cx01N)
1/31/2020
------------
- Version 3.0.6 Master Release
- Fixed osx stager generation byte/str errors - #84 (@hypnoticpattern)
- Fixed osx appbundle generation which was stripping the wrong string - #84 (@hypnoticpattern)
- Removed future imports from python3 launcher, so it works without any extra libraries - #81 (@Cx01N)
- Staging key no longer needs to be exactly 32 characters - #85 (@Cx01N)
- Add "stale" property to agents endpoint - #90 (@Vinnybod)
- Agents endpoint now returns agents without failing due to session_key encoding - #90 (@Vinnybod)
- Fixed an indentation bug in aes.py (@Cx01N)
1/21/2020
------------
- Version 3.0.5 Master Release
- Fixed setup_database.py python3 issue - #75 (@linxon)
- Added loaded listener types to API - #78 (@Vinnybod)
- Fixed python launcherBase (@Cx01N)
- Updated Python 3.8 compatibility in stager - #72 (@complana)
- Fixed Powerup Invoke-allchecks issue - #64 (@SkiddieTech)
- Fixed shellcode stager - #76 (@Hubbl3)
- Fixed binary upload error - #55 (@Hubbl3)
- Fixed multi/bash error (@Cx01N)
1/14/2020
------------
- Version 3.0.4 Master Release
- Fixed data/agents.py error - #70 (@sbrun)
1/13/2020
------------
- Version 3.0.3 Master Release
- Updated RESTful API to Python 3 - #49 (@Cx01N)
- Fixed credential issue - #65 (@Hubbl3)
- Fixed python agent - #52 (@Cx01N, @Hubbl3)
- Cleaned up install files - #58 (@Vinnybod)
1/7/2020
------------
- Version 3.0.2 Master Release
- Updated SystemRandom() and maintain API compatibility - #29 (@moloch--)
- Fixed invoke-shell code (@Hubbl3)
- Fixed meterpreter stager generation - #59 (@Hubbl3)
- Fixed lnk and dll launchers - #57 (@C01N)
- Fixed multi/macro launcher - #60 (@Hubbl3)
- Updated orphaned agent handling - #56 (@Hubbl3)
- Fixed pip3 install - #50 (@Hubbl3)
- Removed unsupported invoke-shellcode options (@Hubbl3)
12/29/2019
------------
- Version 3.0.1 Master Release
- Fixed sysinfo error - #36 (@Invoke-Mimikatz)
- Fixed Debian 10.x docker - #38 (@Vinnybod)
- Fixed windows/macro stager error - #30 (@Cx01N)
- Fixed upload file error - #30 (@Cx01N)
- Fixed meterpreter error - #42 (@Cx01N)
- Fixed download file error (@Cx01N)
- Fixed scriptcmd error - #45 (@Invoke-Mimikatz)
- Fixed print creds error - #31 (@Hubbl3)
- Cleaned up print results (@Cx01N)
- Fixed long running module issue - #16 (@Hubbl3)
Thank you to the contributors for spending time debugging with our team.
Please contact us at [email protected] if credit is incorrectly cited.
12/22/2019
------------
- Version 3.0 Master Release
- Added Python 2.6/7 and 3.x compatibility (@Cx01N, @Hubbl3, @Vinnybod)
- Improved Windows Defender Evasion (@Hubbl3)
- Updated mimikatz binary in Invoke-Mimikatz to version 2.2.0 20191125 (@Cx01N)
- Fixed port assignment feature to listeners (@Cx01N)
- Fixed issues with http_Hop listener (@Cx01N)
- Fixed issues with redirector listener (@Cx01N)
- Fixed typos in default http listener payloads (@Hubbl3)
- Fixed psinject AV recognition (@Hubbl3)
- Updated Invoke-Obfuscation to version 1.8 (@phra)
- Updated Invoke-Kerberoast (@Zero1t0)
- Added ability to uselisteners on main menu (@Cx01N, @Hubbl3)
- Added Get-Subnet_Ranges (@benichmt1)
- Added Get-WinUpdates (@classity)
- Added Get-KerberosServiceTIcket (@OneLogicalMyth)
- Added Invoke-RID_Hijack (@r4wd3r)
- Added Invoke-internal_monologue (@audibleblink)
- Added Get-LAPSPasswords (@ippsec)
- Added Invoke-SMBLogin (@mvelazc0)
- Added Sherlock (@ippsec)
- Added Outlook Sandbox Evasion for Windows Macro launcher (@Cx01N, @Hubbl3)
- Added Randomized JA3/S signature (@Hubbl3)
- Added AMSI Bypass based on Tal Liberman's AMSI Bypass (@Hubbl3)
- Added Invoke-CredentialPhisher (@quickbreach)
- Made Security Bypasses configurable for launchers (@phra)
- Updated Readme to include install instruction, EOL of Core Developer support, new contribution rules (@Hubbl3)
- Added OSX shellcode stager (@johneiser)
- Added Invoke-Phant0m (@leesoh)
- Added Get-AppLockerConfig (@matterpreter)
- Added HostRecon (@RootUp)
- Added more informative PS agent directory listing (@winnie22)
Credit was given based on Commit Author if something is credited incorrectly or we missed an update
please contact us at [email protected]
03/15/2018
------------
- Version 2.5 Master Release
- Patched launcher generation bug
- Added OSX Mic record module #893 (@s0lst1c3)
- More robust password handling in ssh_command and ssh_launcher modules (@retro-engineer)
- Updated server responses for http listener (@xorrior)
- Template search bug fix (@DakotaNelson)
- bug fix to properly assign taskIDs (@shakagoolu)
- Kali & powershell install fix (@SadProcessor)
- Overhaul events system to provide more descriptive messages and accurate logging of events (@DakotaNelson)
- Added macro that backdoors lnk files (@G0ldenGunSec)
- Bug fix for invoke_psexec module when using custom commands (@ThePirateWhoSmellsOfSunflowers)
- Added capability to generate a vs studio project file to compile a csharp executable/launcher (@elitest)
- Added capability to enable/disable/delete listeners (@mr64bit)
- Added report generation (@bneg)
- Updated http_com listener to server IIS7 default page and added response headers to evade nessus scans (@s0lst1c3)
- Fixed script generation bug for all powerview modules (@xorrior)
- Modify the minidump module to allow for non-admin users to dump memory (@ThePirateWhoSmellsOfSunflowers)
- Removed background downloads feature for powershell agent
- Added linux persistence module via the ~/.config/autostart directory (@jarrodcoulter)
- Added download command to REST API (@shakagoolu)
- Added support for '&&' and ';' characters in shell commands for python agent (@cleb-sfdcsec)
- Added wireless network information to the osx/situational_awareness/host module. (@import-au)
- Added keychain dump module that uses the security utility (@import-au)
- Added shellcode stagers and the 'shinject' module (@xorrior, @monoxgas)
- Added a sleep and jitter parameter to the Invoke-Kerberoast module (@Retrospected)
- Added capability to update agent comms dynamically (@xorrior)
- Added onedrive listener for powershell agent (@mr64bit)
- Added opsec-safe aliases for ls, pwd, rm, mkdir, whoami, and getuid in the python agent
- Updated office macro stager for python agent (@import-au)
01/04/2018
------------
- Version 2.4 Master Release
- Added Kevin Robertson's Invoke-SMBExec.ps1
- Update Invoke-DCOM
- Added Dockerfile, Docker Hub images, Build/Release scripts (@killswitch-gui)
- Updated README for cleaner install instructions with new options
- Support for plugins (@DakotaNelson)
- Fixed module output bug #792 (@clr2of8)
- Added MSBuild XML Launcher (@p3nt4)
- Added module to extract private keys (@mlinton)
- Added cross-platform macro (@malcomvetter)
- Proxy settings fix #788 (@m7x)
- Updated mimikatz binary in Invoke-Mimikatz to version 2.1.1 20171106
- Updated install.sh
- Updated PowerView.ps1 source and all related modules
- powershell install fix, Invoke-obfuscation updates, Improve ScriptBlockLogging bypass (@cobbr)
- Custom header support for http_com listener (@leeloobeek)
- Allow for distinct values between the Host and Port options (@jetsecurity)
- Added pwd and cat aliases for the python agent (@xorrior)
- Added redirector listener, formerly known as the redirector module (@xorrior)
- Added exception handling for wmi call in powershell stager #827
- Get Agent Results REST API call returns taskID #854 (@byt3bl33d3r)
- Added templating engine (@DakotaNelson)
- Removed pyCrypto dependencies (@elitest)
- http listener update: Updated defaults response logic and default page to match IIS 7.5 #890 (@s0lst1c3)
- Added module for nix aws ec2 metadata (@TweekFawkes)
10/29/2017
------------
- Version 2.3 Master Release
— Fix for #755
— Merge PR from byt3bl33d3r for TLS version
— Removed option to set chunk size for file downloads
— Fix for #729 (Unable to download files with spaces)
— Fix renegotiation in powershell agent. Patched python agent to exit on 401 response.
— Fix for #774 (Fix pyinstaller module)
— Added resource scripts capability (Carrie Roberts)
— Fix for #749 (Fix external agent modules)
— Fix for #369 (Fixed http_hop listener with ssl and self-signed certificate)
— Merge Invoke-PowerDump fix
— Merge fixes for 718 (Fix generate function signature for module @nikaiw)
— Merge fixes for 762 (Code cleanup from EmPyre @elitest)
— Merge ntds execution module (@hightopfade)
— Updated generate function signatures in all modules
— Fixed stagerURI option (rvrsh3ll)
10/12/2017
--------
- Version 2.2 Master Release
- Update crontab to work hourly #667
- Update keylogger to log to disk on server side by @clr2of8
- Fix macro launcher #681
- Fixes vbscript string literal quoting. #702
- Add option to host a stager payload in the http listener @424f424f
- Add @enigma0x3 Token Manipulation script as a BypassUAC module @424f424f
- Hide true host name when using domain fronting #730 @clr2of8
- Fixed custom proxy config in launcher code #728 @dirkjanm
- generate_upload function added to Stagers #722 @hightopfade
- Aes kerberoast #725 @elitest
- DBX Improvements (SOCKS, Hide window via WindowHandler) #721 @IljaSchumacher
- Improved ScriptBlock logging bypasses #740 @cobbr_io
- Slack Integration - Notification for new Agents #737 @dchrastil
- Improve Get-ChromeDump #734 @ThePirateWhoSmellsOfSunFlowers
- Fix Eternal Blue Issue #656
- Merge Invoke-Kerberoast: Print hashes only. Formatting with a text editor is no longer required. #663
- Fix Macro syntax error per @utkusen issue #664
- Fix Better powershell install, obfuscation bug fixes, fixed vbs/macro launchers #686 @cobbr
- Fix creds manual add parsing with whitespace in password
- Fix validate length parameter attribute for Invoke-PSInject.ps1d
8/28/2017
--------
- Version 2.1 Master Release
-Add get schwifty trollsploit module @424f424f
-Add -sta flag to launcher @xorrior
-Fixed hardcoded cert path @xorrior
-Fix for #567
-Merge Capture OSX credentials from Prompt Module in Empire DB @malcomvetter.
-Rest API fixups #526 @byt3bl33d3r
-Added MS16-135 exploit module @ThePirateWhoSmellsOfSunflowers
-Updated Bloodhound Ingestion module @424f424f
-Added Dropbox exfil module @ktevora1
-Added EternalBlue module @ktevora1
-Fix SSL certificate issue with Flask @diskonnect
-Modify staging to handle unicode characters @killswitch-GUI
-Add wmi_updater module #509 @tristandostaler
-Add DropBox exfil module #557 @e0x70i
-Fix Unexpected error: <class 'struct.error'> run empire #567
-Fix SSL Intermediate Certificates to support Domain Fronting #569 @dchrastil
-Add ‘SandboxMode’ to evade Apple Sandbox protection on applescript #578 @dchrastil
-Add Obfuscated Empire #597 @cobbr
-Add Bypass ScriptBlock Logging #603 @cobbr
-Add mimipenguin module @424f424f
-Add dyld_print_to_file Mac privesc @checkyfuntime
-Added manual proxy specifications @xorrior
-Fix libssl-dev and libssl1.0.0 packages @xorrior
-Add backgrounding for downloads in PowerShell agent @xorrior
-Fix warning patch in http listener @viss
-Update Invoke-Kerberoast @424f424f
-Tab complete shows elevated modules: #599
- Additional bypassUAC modules added: #596
- Added show uac level module #609
- Fixed shebangs: #640
5/15/2017
---------
-Version 2.0 Master Release
-Merge of Empyre and Empire projects
-Fix REST API
-Add Dropbox Listener
-Add support for IPv6 agents and listener
-Add DCOM lateral movement module
-Add module - Sudo Piggyback + Mail Persistence + Bash Profile Backdoor #357
-Add USB ETW Keylogger #396
-Fix dcos modules and fixed pyinstaller #403
-Fix agent staging over http_hop listeners #404
-Fixed Get-SPNTicket multiple user SPNs bug #405
-Fix issue with Invoke-Shellcode Meterpreter stager #414
-Fix code_execution/invoke_reflectivepeinjection hangs empire if an invalid path is provided to DllPath #421
-Fix for PowerShell code in Invoke-PSInject too long #423
-Fix for agent shell commands #424
-Fix prompt line wrapping #430
-Fix screenshot module #435
-Add PowerUpSQL Modules #437
-Add module to monitor TCP connections #438
-Fix DLL stager #449
-Add VNC Inject #452
-Add HTTP headers to avoid proxy caching #455
-Fix hard-coded path in the OSX screenshot module. #465
-Add a module for wlrmdr.exe popup #472
-Add a module for SOCKSv5 proxy #478
-Fix bug in HTTP handler that can throw exceptions while parsing Cookies #479
-Add a BashBunny HID stager #480
-Update Inveigh 1.3.1 Modules #483
-Add support for Arch Linux and rejigged the Unknown distro option #484
-Fix for issue #420 non-ascii bug #489
-Fix the listeners API call #490
-Fix PKCS7 padding to be RFC compliant #492
-Add custom headers if any #495
-Fix using netifaces() for getting iface #496
-Add Session Gopher module
-Fix for issue 340 Added pip install setuptools and apt-get install libssl-dev
9/23/2016
---------
-Version 2.0.0 beta, DerbyCon release
-Listeners abstracted out to modules
-Flask used for listener/http instead of base http server
-client key negotiation abstracted out and implemented in agents
-New nested "routing/metadata" packet structure introduced in prep for additional transports
-all packetes now wrapped with an HMAC'ed RC4 "routing" packet that uses the staging key
-this is so all agents can decrypt 'routing' information for future p2p comms
-increases flexibilty for malleable comms (i.e. sessionid removed from POST requests)
-removes the need to keep track of which URIs are used for tasking/post/staging
-Agent data handling improved and abstracted away for listener module use
-handle_agent_data() handles raw packets, usable by any listener module
-handle_agent_staging() handles agent key exchange/staging
-handle_agent_request() handles an agent tasking request
-handle_agent_response() handles an agent result response
-EmPyre integration:
-Start of integration of EmPyre staging/comms implemented in listeners/http
-Agent is language-aware:
"interact AGENT" drops you into the language-appropriate agent menu
"usemodule [tab]" from an agent only tab-completes language-appropriate modules
-stagers were broken out into operating system designations:
-stagers.generate_launcher() now accepts a language specification, which wraps
the stager generation functionality for listener module
-PowerShell:
-RC4 implemented for first stage obfuscation
-staging now uses HMAC and nonces
-epoch-syncing removed
-core agent cleanup
-Listeners:
added http
added http_foreign (for 'foreign' Emire listeners)
added meterpreter (for meterpreter/cobalt strike, using Invoke-Shellcode)
added management/switch_listener module which switches an agent to a new listener module comms
redid hop listeners, added listeners/http_hop
added listeners/http_com which uses IE com objects for communications
-Tons of bug fixes (and new bug introductions :)
-Removed lots of code rot
-Vastly increased debugging output (--debug 2)
-New 'Language'/'MinLanguageVersion' options added to modules
-stagers now have a 'language' option, and are folder-separated by operating system
-added @mattifestation's AMSI bypass into PowerShell stagers 'safe checks'
-redid PowerShell jobs architecture to use a separate app domain instead of PowerShell jobs
-Added key reneogitation in case agents are 'orphaned'
-moved stager.ps1/stager.py to ./agent/stagers/http.ps1 / ./agent/stagers/http.py
-agent generation now patches in the comms methods into the base agent.ps1 (need to do agent.py)
-powershell listeners are now properly hot-swappable with management/switch_listener
-the external/generate_agent module will now generate a staged agent and preregister it (only for PowerShell at this time)
-PowerView code updated
-PowerUp code updated
-new tables -> results and taskings to separate out stuff for the RESTful API
-CLI/RESTful API broken, needs testing
7/20/2016
---------
-Version 1.5.3
-Fix for issue #273 - added hostnames to raw screenshot output file
-Fix for issue #285 - credential export supporting commas
-Start of code standardization/pep8 cleanup - mods to agents.py, empire.py, and credentials.py
-moved collection/keethief to collection/vaults/keethief
-added collection/vaults/find_keepass_config to enumerate KeePass configs on a system
-added collection/vaults/add_keepass_config_trigger to add a trigger backdoor to all reachable KeePass instances
-added collection/vaults/get_keepass_config_trigger to enumerate all triggers for all reachable KeePass instances
-added collection/vaults/remove_keepass_config_trigger to remove all triggers for all reachable KeePass instances
-Misc. bug fixes
7/16/2016
---------
-Added collection/keethief module to pilfer KeePass key material from memory
-"creds X" now searches additional fields for the term (like domain)
-merged credentials/enum_cred_store from @BeetleChunks
7/15/2016
---------
-Merged @rvrsh3ll's collection/browser_data module
-Merged @curi0usJack's situational_awareness/network/smbautobrute module
-fix for issue #258 - "interact AGENT" now works globally in every menu except an active agent menu
-fix for issue #221 - hop listeners
-fix for issue #252 - management/invoke_script now no longer requires an external script
-fix for issue #257 - sysinfo now executed after running the steal_token command
6/24/2016
---------
-Updated Invoke-Mimikatz to include a fix for multi-cpu boxes/processor detection
-Merged @n0clues pull request to change paths from %TEMP% to %PUBLIC% for spawnas module to fix a bug when spawning as a different user.
-Fixed a typo in the dcsync_hashdump that caused it to crash the Empire server
-Merged in Inveigh 1.1.1 and current Tater build thanks to @Kevin-Robertson
-Fixed a bug in the REST API due to the port being a string and not an int
-Added 417 Expectation failed error bug fix for older proxies (Squid) thanks to @i223t
6/9/2016
---------
-Updated SQLite dll for Get-ChromeDump.ps1
5/27/2016
---------
-Fixed format issues with Get-ComputerDetails.ps1
-More verbose output added to PowerUp's Invoke-ServiceCMD
-Made Get-SPN PowerShell 2.0 compatible
-Updated RunAs to include an argument parameter
-Merged @tristandostaler's /api/map feature to the Rest API
-Merged in @andrew-morris's installer update to include -Y switch for apt-get commands
-Merged in MS16-032 local privesc from @leoloobeek
5/4/2016
---------
-Merged @jaredhaight's Invoke-MetasploitModule module
5/2/2016
---------
-tightened up argparse validation
4/24/2016
---------
-Added credentials/get_spn_tickets to request SPN tickets.
-Added credentials/mimikatz/extract_tickets
4/21/2016
---------
-Merged @Subtee's regsvc32 (sct) stager
4/1/2016
---------
-listener starting now returns more verbose errors on failure in console and API
-merge of @mynameisiv's .jpg screenshot PR
-Fix for path errors in some cases for ./setup/setup_database.py
============
3/31/2015 - RELEASE 1.5
============
-Encompasses all changes since the 1.4 tagged release
3/31/2016
---------
-Merge of Inveigh 1.1 update and privesc/tater
-Updated of Invoke-Mimikatz.ps1 source
-Updated mimikatz dlls to version 2.1 alpha
-Included modification to suppress cmd.exe when spawned via PTH.
3/30/2016
---------
-Added loading of external modules with 'load /path/modules/'
3/25/2016
---------
-RESTful API modifications
-expanded agent/server epoch check to +/- 12 hours
-stagers now run -sta
3/24/2016
---------
-RESTful API modifications
3/22/2016
---------
-added auth to RESTful API, additional API fixes
3/21/2016
---------
-start of RESTful API implementation
3/19/2016
---------
-PowerView.ps1 update and multiple related module additions
-added github issue templates
-added situational_awareness/network/powerview/get_gpo_computer
3/11/2016
---------
-added privesc/getsystem
-bug fix for Invoke-PsExec and some x64 pointers
3/3/2016
---------
-first pass at stager retry interval
-download chunking modified
2/17/2016
---------
- '--debug 2' now displays debug information to the console as well as the empire.debug file
-added privesc/mcafee_sitelist
1/15/2016
---------
-start of command line option integration, use './empire -h' to see options
-bug fixes
-'searchmodule' with no arguments now lists all modules
1/14/2016
---------
-Fix for some UTF-8 encoding issues
1/10/2016
----------
-Corrected several bugs in how the workingHours window is handled in the agent
============
12/29/2015 - RELEASE 1.4
============
-Encompasses all changes since 1.3.1 tagged release
12/29/2015
----------
-Added situational_awareness/network/powerview/find_managed_security_groups to integrate @stufus' new code
-Fixed various issues with agent profile handling
-'DefaultProfile' option in listener menu is now tab-completable and can take a path to a profile.txt
12/28/2015
----------
-Merge of @stufus' Find-ManagedSecurityGroups code into PowerView.ps1 base
12/26/2015
----------
-Merge of @jamcut's situational_awareness/host/findtrusteddocuments module
12/22/2015
----------
-Sync of Kevin Robertson's lateral_movement/inveigh_relay module
-Sync @stufus' exfiltration/egresscheck module
-Added module menu dynamic sizing for prettified output
12/20/2015
----------
-hop.php redirector fix
12/16/2015
----------
-Sync of Kevin Robertson's collection/inveigh update
-Added trollsploit/rick_ascii
-Bug fixes
12/11/2015
----------
-Updated powerview.ps1
-Added situational_awareness/network/powerview/get_cached_rdpconnection
-Added situational_awareness/network/powerview/set_ad_object
-Added management/downgrade_account
-Merge of @mubix's setup automation
12/9/2015
---------
-Added credentials/mimikatz/cache and credentials/mimikatz/sam
11/30/2015
----------
-Combined persistence/debugger/* into persistence/misc/debugger
-Added SysWow64 option to management/spawn to spawn a 32-bit powershell.exe
-Added persistence/userland/backdoor_lnk
11/29/2015
----------
-Built several modules in management/mailraider/* to integrate @xorrior's MailRaider.ps1
11/28/2015
----------
-Merged @xorrior's FoxDump and ChromeDump modules
11/25/2015
----------
-Merged @rvrsh3ll's lateral_movement/invoke_sshcommand
11/24/2015
----------
-Added script autorun functionality
11/23/2015
----------
-Merged @rvrsh3ll's recon/http_login
11/21/2015
----------
-Merge of exploitation/exploit_jboss, bug fix
-Fix in case module returns None
-Merged debian setup.sh fix
-Merged non-interactive cert generation and added to setup.sh
-Fixed nested menu bug that caused buildup of "Agent X not active."
-Main display menu now shows each time "main" menu is entered
11/8/2015
---------
-All PowerUp modules now dynamically built from a single source file
-PowerUp bug fixes
-Added privesc/powerup/service_exe_restore, pulled logic from other modules
-Added management/spawnas to spawn agents with explicit credentials
-Debug functionality (--debug) now outputs the source of the last tasked script to ./LastTask.ps1
-Write-Verbose and Write-Debug lines now stripped from tasked scripts
-Added situational_awareness/network/powerview/get_forest module
11/4/2015
---------
-Added persistence/misc/add_netuser to add local/domain users
11/2/2015
---------
-Fixed small bug in TASK_CMD_WAIT response parsing
============
10/30/2015 - RELEASE 1.3.1
============
-Updated reflectivepick dlls to fix bug in injection and dll payload injection
============
10/29/2015 - RELEASE 1.3
============
-Encompasses all changes since 1.2 tagged release
10/26/2015
----------
-Fix for psinject bug due to lack of .NET 4.0 on target.
-Fix for bug in persistence/misc/add_sid_history
10/23/15
--------
-Updated powerview.ps1 source to Version 2.0
-Built a way to dynamically generate the stripped PowerView code for functions needed by PowerView modules (helpers -> generate_dynamic_powershell_script), and updated all relevant PowerView modules
-Renamed PowerView modules to better match PowerView 2.0 naming scheme and moved to situational_awareness/network/powerview/*
-Removed old split-out PowerView source files
-Removed situational_awareness/network/netview
-Combined stealth_userhunter into option for userhunter
-Added situational_awareness/network/get_forest_domain, situational_awareness/network/powerview/get_object_acl, situational_awareness/network/powerview/find_computer_field, situational_awareness/network/powerview/find_user_field, situational_awareness/network/powerview/get_ou, situational_awareness/network/powerview/get_group, situational_awareness/network/powerview/get_group_member, situational_awareness/network/powerview/get_gpo, situational_awareness/network/powerview/find_gpo_location, situational_awareness/network/powerview/find_gpo_computer_admin, situational_awareness/network/powerview/process_hunter, situational_awareness/network/powerview/find_foreign_group, situational_awareness/network/powerview/find_foreign_user
-renamed collection/filesearch to collection/find_interesting_file
9/21/2015
---------
-Fix for 'skywalker' file overwrite exploit on control server (thanks @zeroSteiner!)
9/12/2015
---------
-Added credentials/mimikatz/mimitokens to take advantage of Mimikatz' token listing/elevation
-Added management/enable_multi_rdp to patch terminal services to allow mutiple connections
-Fixed bug in write_dllhijacker that prevented the dll from being written out
============
8/30/2015 - RELEASE 1.2
============
-Encompasses all changes below
--- 'Native' shell commands in agent core ported to WMI equivalents
--- HMAC now uses SHA1 instead of MD5
--- Numerous bug fixes and UI tweaks throughout code
--- Six new modules and WAR stager added, /sids option added to golden_ticket
--- Fixed international locale bug with unicode text in agent.ps1
8/29/2015
---------
-HMAC algorithm for packet comms upgraded to use SHA1 instead of MD5
-credentials collected from collection/prompt now scraped/added to credential model
8/26/2015
---------
-Added module privesc/bypassuac_wscript
-Added module collection/inveigh
-Added stager war
8/24/2015
---------
-Added credentials/mimikatz/dcsync for remote DC credential extraction
-Added situational_awareness/network/get_domaintrusts
-Added /sids argument for credentials/mimikatz/golden_ticket
-Added credential parsing for dcsync output
-updated links for PowerTools
-Fixed bug in credential parsing with ":" inside of the password,username, or domain
-Fixed international locale bug with unicode text in agent.ps1. Now all results are base64 encoded prior to being packetized. Encoding will be handled at server.
8/20/2015
---------
-Continued porting native shell commands to WMI replacents in agent core
-In agent menu, 'shell CMD' now runs straight IEX CMD, and 'help agentcmds' shows safe aliases
-Modified ./setup/reset.sh to work from parent or ./setup/ folders
-Agent core functions streamlined
-"list [agents/listeners] <modifier>" should now be a global command
8/19/2015
---------
-Added collection/netripper, port of the NetRipper project
-Added collection/packet_capture for netsh event tracing
-Added management/zipfolder for native folder compression
-Corrected menu behavior on agent exit, bug fix on some dir behavior
-Started porting native shell commands to WMI in the agent core
============
8/16/2015 - RELEASE 1.1
============
-Encompasses all changes below
--- Crypto patch to prevent DOS condition
--- Numerous bug fixes throughout code
--- Extra modules added and HTA stager
--- Ability for agents to die after certain number of failed checkins
--- Added ability to easily remove "stale" agents
8/15/2015
---------
-Added modules management/timestomp, trollsploit/process_killer, persistence/elevated/wmi, situational_awareness/network/smbscanner, lateral_movement/invoke_psexec
-Accepted HTA Stager from subtee
8/12/2015
--------
-Merged in list stale and remove stale functionality
-Fixed delay in list stale feature
-Fixed active agent message in list stale feature
-Fixed registry storage in schtasks and registry persistence modules (userland and elevated)
8/11/2015
---------
-Merged in Lost Agent Detection
-"agents> remove X" now removes agents that checked in > X minutes ago
-"agents> list stale" and "agents> remove stale" now list/remove stale agents past their max checkins
8/10/2015
---------
-Fixed tab completion of usestager module
-Added dependencies for Ubuntu 14.04
-Fixed IP Whitelisting set from file
-Added "Lost Agent Detection". Allows the ability for an agent to die after a certain number of missed checkins. This is implemented via the "lostlimit" command. Default set to 60 missed checkins.
8/9/2015
----------
-Fixed flaw in crypto allowing a DOS condition.
-Added authentication to the AES crypto scheme to verify integrity of messages
8/6/2015
-----------
-Initial release. All components released
-Commited path fix to correct bug in certain modules