v1.5.23

Commits

• d55c20d: Compare command names instead of extension name (rkervella) #797
• 8bfba5c: added delivery in chunks (MrAle98) #792
• 28e52e4: re-added debug option (MrAle98) #792
• f85d0d6: fix (MrAle98) #792
• 1d885c6: fix (MrAle98) #792
• 8a278ce: Add PPID spoofing + custom process arguments for fork/exec commands (rkervella) #795
• 99c23dc: Only use token when specified (rkervella) #795
• 709065a: Cast to proper message (rkervella) #795
• 223500e: Initial integration of sgn (moloch--) #796
• f75d791: Fix input file and rcp func name (moloch--) #796
• 68e9dcc: Inegrated sgn into execute-shellcode (moloch--) #796
• f0405a3: Integrated sgn with generate shellcode (moloch--) #796
• 1be70b3: Improved standalone cmd help (moloch--) #796
• c1a9702: Merge branch 'master' into fix/extensions (rkervella) #797
• 0112192: Add mutex to extension structures (rkervella) #797

v1.5.22

Commits

• 2840e6e: Use session agnostic info in Donut call (rkervella) #767
• 3ec4c51: Add example connection string to prelude connect (moloch--)
• 5d3cb88: allow custom executables with psexec (Rich Whitcroft) #770
• d1cf558: fix spelling mistake (moloch--)
• 4e8e254: fix DonutShellCodeFromPE call for Windows by passing through EntryPoint parameter (TÓTH István) #773
• 3b821d1: add unicode DLL argument passing option for sideload Donut generator (TÓTH István) #773
• b19cfba: regenerated protobuf files after adding a new option to sideload cmd (TÓTH István) #773
• e08f420: fix longhelp for sideload (TÓTH István) #773
• 44578c3: add recognition of SentinelOne security product to the ps cmd (TÓTH István) #776
• aba4a14: add codeowners (moloch--)
• 4bfb38e: go version 1.18.5 (moloch--) #782
• 8479252: force go version in workflows (moloch--) #782
• ae61aa0: Fix download command for folders in beacon mode (rkervella) #784
• 9852f03: Add missing --name flag for beacon profiles (rkervella) #786
• 34f60a7: Fix stage encryption and add zlib compression option (rkervella) #787
• 98f55c8: Make compression configurable (moloch--) #787
• c5853a3: Call the compression function (moloch--) #787
• 81b8002: Compress prior to encryption (moloch--) #787
• f19c43f: Added deflate9 compression option (moloch--) #787
• 205737f: No compression by default (moloch--) #787

v1.5.21

Commits

• 8c8dd28: create vendor dir for implants and script to update it (Andrew LeFevre) #762
• 09a97fb: force implant building tests to run offline, document the need to keep the implant vendor dir updated (Andrew LeFevre) #762
• 7476a3d: Merge branch 'capnspacehook-easier-offline-implant-builds' into offline-builds (moloch--) #762
• e1d7208: Default to GOPROXY=off (moloch--) #762
• a1d3cbd: Add instructions to shell cmd (moloch--)
• fee6ee8: Avoid closing nil tunnel readers #749 (moloch--)

v1.5.20

Commits

• b0d6a9b: Fix build constraints for windows/arm (moloch--)
• c442042: fix #751, fix ps arch on x86 windows (timwr) #752
• 7b5ff47: Bump tzinfo from 1.2.9 to 1.2.10 in /docs (dependabot[bot]) #757
• 57fe465: Check for nil pointer before using loot.File (rkervella) #760

v1.5.19

Commits

• e6277fb: skip nil tunnel readers (moloch--)
• ac262a3: fix #714, Add process Architecture to the ps command (timwr) #745
• e1b1132: Add missing name flag to profiles command (rkervella) #748

v1.5.18

Commits

• d935bfb: Adding filtering to the download command (RafBishopFox) #731
• c989e29: Fixing protobuf for backwards compatibility (RafBishopFox) #731
• fb38c6e: download command: Closing files after adding them to the archive (RafBishopFox) #731
• a018ba6: client/download: use filepath.Base to prevent directory traversal (RafBishopFox) #731
• 5a78150: Fix [SMB Named Pipe] ACL is too restrictive on pivot named pipe #732 (rkervella) #734
• fb4e056: Merge branch 'master' into fix/named-pipe-perms (rkervella) #734
• f83007f: Allow additional characters in implant names; closes #735 (Marshall Hallenbeck) #737
• 31e0ad2: use actual util AllowedName function in server side check for #735 (Marshall Hallenbeck) #737
• 253197f: Allow for _-. characters in session & beacon names; closes #738 (Marshall Hallenbeck) #737
• f5646d9: Fix flag parsing for implant name (rkervella) #740
• 8350b44: Remove raw dump of session data (rkervella) #740
• 0b9cf0f: Remove raw data print (rkervella) #740
• e7284b5: Handle stderr for shell command (rkervella) #740
• a51c318: Fix regression from #737 (rkervella) #739
• e9d0f23: Use a ReadCloser slice in transports.Tunnel (rkervella) #740
• 4e70936: Update to Go v1.18.4 and bump grumble (moloch--) #743
• afe6c88: Make vim mode configurable via client settings (rkervella) #744

v1.5.17

Commits

• c7844f5: Fix regression: add back IP forwarding for wireguard tunnels. (rkervella) #716
• a19ec2b: Fix argument parsing in execute-assembly to remove trailing spaces (rkervella) #722
• 709a5fa: Use CommandName as base directory (rkervella) #724
• 0f7b6c0: Report errors on failure for shell and portfwd (rkervella) #725
• 2052075: Add client side error handling (rkervella) #725
• be7b723: Spelling fix (moloch--)
• e28b062: Moving ls filtering fuctionality to the implant, add item count and total size to ls output, resolve symlinks in ls output (RafBishopFox) #727
• 140c47e: Merge branch 'BishopFox:master' into master (Raf) #727

v1.5.16

Commits

• 30c5692: Outline auth support for private armories (moloch--) #703
• 7972fce: Initial implementation (moloch--) #703
• 9110861: Init headers map (moloch--) #703
• 3752459: Base64 fix to default index parser (moloch--) #703
• 6262266: Rename util.Encrypt to PreludeEncrypt (moloch--) #703
• 48a061d: Merge branch 'master' into armory/auth (moloch--) #703
• 573ec4d: Fix download and cat regression (rkervella) #705
• 6cbfe64: Remove commented code (rkervella) #705
• 22b2704: Go v1.18.3 (moloch--) #706

v1.5.15

Commits

• bb5f424: Improve packet reading handling (mr.The) #699
• d7e740b: Improve socks handling (mr.The) #699
• ffb0b0e: Improve shell handling (mr.The) #699
• 1345c5e: Tun-handlers file is a way to big, decided to split into different files (mr.The) #699
• 136b506: Extract structs from implants session.go (mr.The) #699
• 838db70: Improve closed connection handling (mr.The) #699
• 4b2558d: Fix io reference (mr.The) #699
• 754aab2: Fix namedpipe build (mr.The) #699
• 16aa774: Fix panic on beacon session interactive mode (mr.The) #700
• 2620758: Enable Domain Fronting (Chris Shields) #702

v1.5.14

Commits

• e16b13c: Fix datarace on error handling in beacon handler (mr.The) #691
• 5049079: Fix datarace on last checkin timestamp (mr.The) #691
• 62be36e: Tunnels refactoring and datarace fixes (mr.The) #691
• 797365d: Add sync.Mutex for rpc-tunnel so it wont race (mr.The) #691
• 647c8ae: Improve pivot sessions handling, avoid stucking on implant crash (mr.The) #691
• d1e97e9: Improve stability for remove shells (mr.The) #691
• 2010b08: Change mtls reader to io.ReadFull (mr.The) #691
• f7633bb: Fix race condition on closing tunnels (mr.The) #691
• b42c615: Portfwd connection handling improvements (mr.The) #691
• 6757230: Implant additional debug logs and imroved tunnels handling (mr.The) #691
• 1594a2a: Client improved tunnel handling and additional logging (mr.The) #691
• 56c0193: Socks stability improvements (mr.The) #691
• 8865eeb: Fix tests for non debug and windows builds (mr.The) #691
• 4c7ae8d: Fix restarting pivot listeners, so it don't panic (mr.The) #692
• ae9fc59: Remove pivot listener once it stoped from the server (mr.The) #692
• 3451490: Added lic, updated assets gitgitnore for linux/arm64 (moloch--)
• 6dfb64a: Added 'armory install all' option (moloch--) #693