v5.10.1

[5.10.1] - 2024-04-26

• Updated Starkiller to v2.8.0

Added

• Added removal of starkiller directory to server reset (@Cx01N)

Fixed

• Fixed missing .NET 4.5 DLLs (@Cx01N)
• Fixed run_as_user issue when dealing with directories (@Cx01N)
• Fixed missing clr package for IronPython standard library (@Cx01N)

[5.10.0] - 2024-04-08

Added

• Added dependabot for github actions dependencies (@vinnybod)
• Added install option to ./ps-empire file (@Cx01N)
• Added auto pull options for submodules on startup (@Cx01N)
• Added hook and socket message to receive callback messages for individual agents (@AaronVigal)
• Added sacrificial Spawn Process bof (@Cx01N)
• Added suggested values to most modules (@Cx01N)
• Added continuous, error, and completed tasking statuses (@Cx01N)
• Added continuous and error plugin statuses (@Cx01N)
• Added Moriary module (@Cx01N)
• Added .NET 4.5 compile option (@Cx01N)

Changed

• Updated all dependencies (@vinnybod)
• Updated Dockerfile and install script to Python 3.12.2 (@vinnybod)
• Updated starkiller snyc to no longer require root (@Cx01N)
• Change file permissions for empire and listener logs to be non-root (@Cx01N)

Fixed

• Fixed issue loading openapi.json (@vinnybod)
• Fixed issue when False is given for options and option is appended with 'False' (@Cx01N)
• Fixed module generation error in ComputerDetails (@Cx01N)

v5.9.5

[5.9.5] - 2024-02-22

• Updated Starkiller to v2.7.3

v5.9.4

[5.9.4] - 2024-02-17

Fixed

• Fixed downloads for C# agent (@Cx01N)

v5.9.3

[5.9.3] - 2024-02-09

Added

• Added option to windows_macro stager to select Excel or Word and AutoOpen or AutoClose (@Cx01N)

Fixed

• Fixed obfuscation issue in Malleable HTTP listeners and added tests (@Cx01N)
• Fixed issue that invalid session IDs were accepted by the server (@Cx01N)
• Fixed skywalker exploit (again) and added tests (@Cx01N)

v5.9.2

[5.9.2] - 2024-01-31

• Updated Starkiller to v2.7.2

Fixed

• Fixed the ForeignKeyConstraint error when refreshing a directory that contains a file with a linked Download (@vinnybod)
• Downgraded bcrypt to version 4.0.1 to resolve issue in passlib (@Cx01N)

v5.9.1

[5.9.1] - 2024-01-25

Changed

• Convert agent task output to string before the BEFORE_TASKING_RESULT_HOOK (@vinnybod)
• Updated tasklist for powershell code to not throw error when GetOwner fails (@Cx01N)

Fixed

• Updated Uvicorn to fix issue where an open browser would cause the shutdown to hang (encode/uvicorn#2145) (@vinnybod)
• Fixed the fastapi app lifecycle not being properly called on shutdown (@vinnybod)
• Converted listener threads to daemons so they don't hang the shutdown in Python 3.12 and report RuntimeError: can't create new thread at interpreter shutdown (@vinnybod)
• Log warning about ps/ls hooks and filters not being able to parse the JSON output (@vinnybod)

[5.9.0] - 2024-01-20

Added

• Added validation and execution exceptions for modules to raise (@vinnybod)
• Added decorators for module generate functions to automatically get the module_source and call finalize_module (@vinnybod)
• Added execution exception to plugins (@vinnybod)
• Added RUF rules to ruff config (@vinnybod)
• Added SIM rules to ruff config (@vinnybod)
• Added BOF modules to Empire as yamls (@Cx01N)
  • Added ClipBoardWindow-Inject module
  • Added nanodump module
  • Added secinject module
  • Added tgtdelegation module
  • Added TrustedSec's SA modules
• Added custom certificate path to server config.yaml (@AaronVigal)

Deprecated

• Returning tuples from module generate functions is deprecated
  • To return a 400, raise a ModuleValidationException
  • To return a 500, raise a ModuleExecutionException
  • Stop using handle_error_message
• Returning tuples from plugin execution functions is deprecated
  • To return a 400, raise a PluginValidationException
  • To return a 500, raise a PluginExecutionException
• Loading plugins from a .plugin file is deprecated
  • Use a .py file with a plugin.yaml instead
• Extending the Plugin class is deprecated
  • Use the BasePlugin class instead

Changed

• Migrated some Pydantic and FastAPI usage away from deprecated features (@vinnybod)
• Updated the install script and Docker file from Python 3.12.0 to 3.12.1 (@vinnybod)
• Upgraded all dependencies with poetry up (@vinnybod)
• Plugin updates (@vinnybod)
  • Plugins have a plugin.yaml
  • Base plugin class is now BasePlugin
  • Updated plugin documentation
• Upgraded Black to 23.12.0 (@vinnybod)
• Upgraded Ruff to 0.1.9 (@vinnybod)
• Upgraded Seatbelt to 1.2.1 (@Cx01N)

v5.8.4

[5.8.4] - 2023-12-22

Fixed

• Fixed Path variables in EmpireConfig not properly expanding ~ (@vinnybod)

v5.8.3

[5.8.3] - 2023-12-15

Fixed

• Fixed error in Get-DomainComputer in Powerview when dnshostname property is missing (@Cx01N)

v5.8.2

[5.8.2] - 2023-12-09

Fixed

• Fixed error in generating stager for HTTP Hop listener (@Cx01N)
• Fixed the publishing of docker images to go to the correct DockerHub coordinate (@vinnybod)

v5.8.1

[5.8.1] - 2023-11-30

• Updated Starkiller to v2.7.1

Added

• Add tags search to credentials endpoints (@vinnybod)
• Allow Starkiller to be disabled (@vinnybod)
• Allow API port to be configured from the config.yaml (@vinnybod)
• Add flake8-comprehensions rules to ruff config (@vinnybod)

Changed

• Upgrade Pydantic to v2 (@vinnybod)
• Update common FastAPI Dependencies to use 'Annotated' types for simpler code (@vinnybod)
• Simplify TestClient setup (@vinnybod)
• Removed usages of deprecated Credentials and Listeners functions (@vinnybod)
• Remove usages of deprecated Agents functions (@vinnybod)
• Add typehinting for MainMenu object in modules (@vinnybod)
• Removed name property from listener start and shutdown functions (@vinnybod)
• Removed secretsocks as dependency for Python agents (@Cx01N)

Removed

• Remove unused migration scripts (@vinnybod)

Fixed

• Fixed the database session management for websocket endpoints (@vinnybod)

[5.8.0] - 2023-11-06

• Warning: You may run into errors installing things such as nim if you are running the install script on a machine that previously ran it. This is due to permissions changes with the install script. In this case it is recommended to use a fresh machine or manually remove the offending directories/files.

Added

• Added automatic tasking for sysinfo for stageless agents (@Cx01N)

Changed

• Modernized the Python and IronPython agents with new agent and staging code (@Cx01N)
• Updated listeners to consistently use port 80 and 443 for HTTP traffic by default (@Cx01N)
• Make the installation of donut conditional on architecture since it doesn't work on ARM (@vinnybod)
  • When donut is invoked but not installed, give a useful warning (@vinnybod)
• Allow a config to be loaded from an outside directory and the downloads/logs/etc to be stored in an outside directory (@vinnybod)
• Correct more deprecation warnings for SQLAlchemy and invalid escape sequences (@vinnybod)
• Updated the ruff minimum Python version to 3.10 and applied fixes to get codebase compliant (@vinnybod)
• Remove unneeded condition statement from all listeners (@vinnybod)
• Update Docker build (@vinnybod)
  • Use the official Poetry installer
  • Fix Starkiller trying to auto-update inside the container
  • Pre-install Starkiller as part of the docker build
  • Use Python 3.12
  • Don't use apt for powershell and dotnet
  • DockerHub images now have linux/amd64 and linux/arm64 architectures
• Dependency changes (@vinnybod)
  • Use BC-Security fork of md2pdf until upstream can support Python 3.12
  • Use a patched version of pysecretsocks that packages asyncore for Python 3.12 support
  • Use docopt-ng for Python 3.12 support
  • Add packaging as a runtime dependency
• Update install script (@vinnybod)
  • Use pyenv to install Python
  • Use the official Poetry installer
  • Don't run the entire script as root
  • Rewrite the test containers and reuse a templated Dockerfile
  • Add Debian12 support
  • Bump all OS to use Python 3.12
  • Refactor the script to be a bit more readable
  • Condense the test_install_script job
  • Added option to start MySQL service on boot (@Cx01N)

Removed

• Drop support for Python 3.8 and 3.9