Skip to content

Releases: BishopFox/sliver

v1.5.31

04 Nov 01:11
v1.5.31
cfb292d
Compare
Choose a tag to compare

Commits

  • c41fc30: Handle execute-assembly in task fetch (rkervella) #952
  • 88ca9cf: Handle in-process execute assembly in task fetch (rkervella) #952
  • 15b5b7c: Update pure go sqlite3 (moloch--) #956
  • 8b58648: Use gosqlite by default for linux-arm64 builds (moloch--) #956
  • 47d1f0d: Bump nokogiri from 1.13.6 to 1.13.9 in /docs (dependabot[bot]) #957
  • 0bb5ea5: Switch actions to Go ^1.19 (moloch--) #958
  • a144991: Update codeql config (moloch--) #959
  • eb70ed2: Tweak codeql config, fix db logging issue (moloch--) #959
  • 30b1cb8: Appease codeql's zip/path traversal false detection (moloch--) #959
  • 97dbae5: Update badge (Joe) #960
  • 8c6fe18: Download the correct garble executable for linux arm64 (moloch--) #961
  • 3cfe643: Remove status badge until github fixes (Joe) #962
  • 567e51c: Remove ioutil usage (rkervella) #964
  • 0f5262e: Update autorelease.yml (Joe) #965
  • 9f72364: Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (dependabot[bot]) #968
  • c5b3250: Bump gorm.io/driver/sqlite from 1.4.2 to 1.4.3 (dependabot[bot]) #969
  • 901e9fd: Bump golang.org/x/text from 0.3.8 to 0.4.0 (dependabot[bot]) #970
  • 0417fc1: Bump gorm.io/driver/mysql from 1.4.1 to 1.4.3 (dependabot[bot]) #971
  • 14553f9: Bump gorm.io/driver/postgres from 1.4.4 to 1.4.5 (dependabot[bot]) #967
  • 125a4ac: Bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 (dependabot[bot]) #976
  • 40a9b74: Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (dependabot[bot]) #977
  • 1e2e3ca: Bump modernc.org/sqlite from 1.19.2 to 1.19.3 (dependabot[bot]) #978
  • 430b5ff: Go v1.19.3 (moloch--) #980
  • 95ea7d8: Fix indentation (rkervella) #982
  • 418b061: Add support for ps tree (rkervella) #982
  • 6c7814c: Fix pstree (rkervella) #984
  • ac56a98: Safely delete nodes (rkervella) #984
  • 170c2bc: Use nodes vs branches when it makes sense. (rkervella) #984
  • e9945d7: Let user choose the logon type (rkervella) #985
  • eb96269: Add CreateProcessWithLogonW (rkervella) #986
  • e083fa6: Reworked runas (rkervella) #986
  • 5908033: Fix const package (rkervella) #985
  • f8ae372: Reworked runas to act as the windows utility (rkervella) #986
  • 0e66a56: Fix website content table (moloch--) #987

v1.5.30

17 Oct 21:21
v1.5.30
a8a36dd
Compare
Choose a tag to compare

Commits

  • 9e9ab20: Tweak external build api, remove 3rd party unit test framework (moloch--) #943
  • 98de546: Add template name field (moloch--) #943
  • e8a77d8: Add template name field, and basic external build workflow (moloch--) #943
  • 0df56e5: Remove ioutil (moloch--) #943
  • dd9bb01: wip on external builder cli (moloch--) #943
  • 0fab805: initial outline of external builders completed (moloch--) #943
  • 1fd850c: wip refactor of generate code (moloch--) #943
  • 1a41eac: Tweaks to sgn (moloch--) #932
  • 7c5262d: Added sgn to migrate, clean up ioutil usage (moloch--) #932
  • 4ecf42b: Add cmd flag to disable sgn (moloch--) #932
  • 338b622: Reorder code (moloch--) #932
  • 794db93: Refactor randomString to randomFileName (moloch--) #932
  • d582987: Refactor randomString to randomFileName (moloch--) #932
  • c98d1e2: Bump gorm.io/gorm from 1.23.9 to 1.23.10 (dependabot[bot]) #927
  • 4c6269b: Bump github.com/chromedp/chromedp from 0.8.5 to 0.8.6 (dependabot[bot]) #929
  • d8b9f7c: Bump github.com/shirou/gopsutil/v3 from 3.22.8 to 3.22.9 (dependabot[bot]) #930
  • 7714950: Bump github.com/jedib0t/go-pretty/v6 from 6.3.8 to 6.4.0 (dependabot[bot]) #928
  • 196d42c: Merge branch 'master' into feature/sgn-inject (moloch--) #932
  • 58e11d4: Go v1.19.2 (moloch--) #933
  • 2481b96: Updated garble (moloch--) #933
  • a1d6d00: Bump gorm.io/driver/postgres from 1.3.10 to 1.4.4 (dependabot[bot]) #938
  • 5cc5485: Bump gorm.io/driver/sqlite from 1.3.6 to 1.4.2 (dependabot[bot]) #937
  • 032e116: Bump gorm.io/driver/mysql from 1.3.6 to 1.4.1 (dependabot[bot]) #936
  • 677a079: Merged master (moloch--) #943
  • ceca730: Fix reconfig DB saving for sessions (James Golovich) #941
  • 8474692: Basic workflow is working (moloch--) #943
  • 3160c8f: Fix regenerate/file name (moloch--) #943
  • dbee282: Refactor to support tracking builder state (moloch--) #943
  • 2d376ce: Quality of life improvements (moloch--) #943
  • 69804ed: Unique builder names (moloch--) #943
  • 3668cd7: Unit tests pass (moloch--) #943
  • cf0eb21: Implement more build events (moloch--) #943
  • 6cad9d4: Regenerate external builds (moloch--) #945
  • 85d2388: Improved long help (moloch--) #945
  • 3cb0353: Implement failed build notifications (moloch--) #945
  • f5b8e3f: Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (dependabot[bot]) #946
  • 3bf6ca5: Bump golang.org/x/text from 0.3.7 to 0.3.8 (dependabot[bot]) #947
  • ab5b319: Fix issue #948 (moloch--) #950
  • 7b697ae: Fix profile beacon new (moloch--) #950
  • 0a4dfcc: Ensure at least one modern cipher suite for https (moloch--) #951

v1.5.29

30 Sep 16:21
v1.5.29
32e4ed6
Compare
Choose a tag to compare

Quick fixes to HTTPS stager compatibility

Commits

  • e27e030: Only add cache header to responses that need it (moloch--) #924
  • e65629e: Tweak https/tls server compatibility for windows (moloch--) #926

v1.5.28

29 Sep 04:15
v1.5.28
4738bf2
Compare
Choose a tag to compare

Commits

  • 4b1991a: Add kerberos support for SSH client (rkervella) #723
  • 6b0d6b2: Merge branch 'master' into feature/ssh-kerberos (rkervella) #723
  • 65a44da: Merge branch 'master' into feature/ssh-kerberos (rkervella) #723
  • c4555a1: Merge branch 'master' into feature/ssh-kerberos (rkervella) #723
  • d7d946f: Merge branch 'master' into feature/ssh-kerberos (rkervella) #723
  • 8b55dca: go1.19 (rkervella) #916
  • 68515f0: Update vendor (rkervella) #916
  • e7524d2: Implant vendor (rkervella) #916
  • 555e1d1: Update Dockerfile and assets (rkervella) #916
  • 6072aff: Update to go1.19.1 (rkervella) #916
  • 3b3987d: Update supported minor version (rkervella) #916
  • a5b4e53: Update garble (rkervella) #916
  • 8ceaff5: Update garble (rkervella) #916
  • f6281bd: Added keep-alive, headless, and additional args (moloch--) #909
  • 3b39100: Add new SliverConsoleClient function FormateDateDelta (James Golovich) #895
  • 9052347: Use 'use' Completor for 'info' command (James Golovich) #895
  • 2dc6c74: Add FirstContact to hosts/beacons/sessions info (James Golovich) #895
  • 3cd1222: Add FirstContact to ProtoBufs (James Golovich) #895
  • a6791cc: Update compiled protobufs (James Golovich) #895
  • 0b2e1c9: Add Last Checkin to info command (James Golovich) #895
  • 0f53c7c: Tweak ciphers, fix issue #896 (moloch--) #898
  • 3cb1fe6: Allow info command to work with active sessions again (James Golovich) #900
  • 1b0c524: Bump commonmarker from 0.23.4 to 0.23.6 in /docs (dependabot[bot]) #901
  • c69f68c: Save reconfig data to DB (James Golovich) #903
  • 1caf9d2: Remove -n from reconfig command, that is handled by rename (James Golovich) #903
  • 4acbb6a: Stop segfault on implant if remote port is unavailable (James Golovich) #904
  • f08b8e4: Stop segfault on server if tunnel cannot connect (James Golovich) #904
  • 86ec724: Add ability to limit implant based on locale with regexp (James Golovich) #905
  • 3f6c38f: Add LimitLocale to client.proto (James Golovich) #905
  • 7aa03f6: Update compiled client.pb.go (James Golovich) #905
  • 79b60eb: Register new hosts when beacons are received and not just sessions (James Golovich) #907
  • 49faa6e: Add new event WireGuardNewPeer to get peer configured immediately (James Golovich) #908
  • c280489: Add \n to string (James Golovich) #908
  • 7821331: Merge branch 'master' into cursed (moloch--) #909
  • d0826e6: Added cursed cookies cmd (moloch--) #909
  • 31aaeee: Save cookies to file (moloch--) #909
  • 70ba98a: hook console.log by default (moloch--) #909
  • 46e5840: add :file option to cursed console (moloch--) #909
  • 0daff15: Bump google.golang.org/protobuf from 1.27.1 to 1.28.1 (dependabot[bot]) #910
  • 352df3c: Bump github.com/onsi/ginkgo from 1.12.1 to 1.16.5 (dependabot[bot]) #912
  • c1995c6: Bump gorm.io/driver/postgres from 1.3.9 to 1.3.10 (dependabot[bot]) #913
  • 5a2f4f4: Bump github.com/onsi/gomega from 1.10.0 to 1.20.2 (dependabot[bot]) #911
  • 35a7562: Merge master (moloch--) #916
  • 0fd10d0: go mod tidy/vendor (moloch--) #916
  • f6d6e9e: Unit tests pass (moloch--) #916
  • 9dfde9d: Update implant vendor/ (moloch--) #916
  • b4b9d8d: Update wg GOGARBLE mask (moloch--) #916
  • 608de52: Update wg GOGARBLE mask (moloch--) #916
  • 2fe9b56: Add support for HTTPS stagers (rkervella) #918
  • 52c2e1b: Merge branch 'master' into feature/ssh-kerberos (rkervella) #723
  • 643a9ca: Update implant vendor (rkervella) #723
  • 3320f39: Update implant vendor (rkervella) #723
  • 106c7f0: Avoid closing nil tls connection #919 (pb376) #921
  • 97ff802: Ensure beacon tries to connect the same as session (James Golovich) #922

v1.5.27

21 Sep 00:43
v1.5.27
1194920
Compare
Choose a tag to compare

Commits

  • 01b6a3c: Updated gorm and db drivers (moloch--) #849
  • 82d1728: Updated gorm and db drivers (moloch--) #849
  • 891bb49: Make TAGS overridable in Makefile (moloch--) #849
  • 9c5aa26: Strip query parameters from URLs for incoming HTTP(s) websites (James Golovich) #850
  • eb95065: Handle err condition (James Golovich) #850
  • 56d143b: Catch error on 'loot remote' if file doesn't exist (James Golovich) #851
  • b1db1ab: improvements to the audit log (moloch--) #853
  • b68f4bf: Add additional known security tools (Chris Shields) #854
  • e4793cf: Add trend micro processes (Faisal Fs) #855
  • 59781d4: Update ps.go (Faisal Fs) #855
  • be47791: Add locale to implants Sessions and Beacons (James Golovich) #856
  • ca33777: Add Locale to protobuf definitions (James Golovich) #856
  • 18871a8: Add generated protobuf code (James Golovich) #856
  • 88abea2: Add sysmon + sysmon64 (cmprmsd) #857
  • e31cafa: Fix low entropy x509 subjects (moloch--) #859
  • 3cc7be8: Random cleanups and improvements (moloch--) #860
  • 4ed9537: Bump github.com/spf13/cobra from 1.1.1 to 1.5.0 (dependabot[bot]) #861
  • 3035d75: Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (dependabot[bot]) #863
  • ade96fa: Bump github.com/cheggaaa/pb/v3 from 3.0.5 to 3.1.0 (dependabot[bot]) #864
  • 9e6412c: Bump github.com/gofrs/uuid from 4.0.0+incompatible to 4.3.0+incompatible (dependabot[bot]) #865
  • fb5c6c0: Merge branch 'master' into a7aadependabot/go_modules/github.com/sirupsen/logrus-1.9.0 (Joe) #863
  • 76fb9df: Bump github.com/AlecAivazis/survey/v2 from 2.2.2 to 2.3.6 (dependabot[bot]) #862
  • 25a2205: Merge branch 'master' into a7aadependabot/go_modules/github.com/sirupsen/logrus-1.9.0 (Joe) #863
  • 4917c31: Stop excessive build logging if there are no canaries (James Golovich) #866
  • 187f9e9: Refactor c2 url handling (moloch--) #869
  • 100b26a: Trap failed build when running 'go generate' on the implant (James Golovich) #867
  • cda6aea: Remove un-needed pointers (moloch--) #869
  • 394ba43: Add lic (moloch--) #869
  • ba3ec02: Add lic (moloch--) #869
  • 11959d5: Separate generic and os specific locale functions (James Golovich) #856
  • 097866d: Include github.com/cubiest/jibberjabber files (James Golovich) #856
  • da45b2d: Remove processor constraints for build (James Golovich) #856
  • a2673f7: Add option to log TLS info so packets can be decoded with wireshark (James Golovich) #872
  • acc4e39: Switch to using SSLKEYLOGFILE env var instead of config var (James Golovich) #872
  • 68d624f: Add option for TLS key logging to implant when in debug mode (James Golovich) #872
  • f7a4aac: Change log entries to Debug (James Golovich) #874
  • 4748f61: Sleep before shutting down beacon instead of after (James Golovich) #875
  • 18f8a8c: Delay closing to all coroutines to complete (James Golovich) #875
  • 8bc85b2: added reverse port forwarding (MrAle98) #877
  • b036574: minor fix (MrAle98) #877
  • 0c601bd: Tweak rportfwd implementation (moloch--) #877
  • 754b9f6: Merge master (moloch--) #877
  • 7a9f216: Only include log code when debug mode is enabled (moloch--) #877
  • 5332d0c: Ensure Wireguard keyPort persists (James Golovich) #878
  • 5baf9d3: Improved rportfwd ux (moloch--) #877
  • 62748ed: Align rportfwd and portfwd bind parsing (moloch--) #877
  • 82e58c7: Update sessions.go (Chris Smith) #877
  • e1516ff: Update sessions.go (Chris Smith) #877
  • f8db5d4: Track HTTP time difference in case the implant clock is wrong (James Golovich) #881
  • 5628197: renamed add/rm operations to start/stop. stop returns more information (MrAle98) #883
  • fa11691: client minor fix (MrAle98) #883
  • 8a5855f: fix rportfwd handlers map (MrAle98) #883
  • 7b3739b: rportfwd error handling (MrAle98) #883
  • 03a6f5f: minor fix (MrAle98) #883
  • c894e62: start/stop commands renamed to add/rm (MrAle98) #883
  • f12a605: Outline external build api (moloch--) #884
  • e0b756a: Implement the rest of the external build api (moloch--) #884
  • f042dee: Improved err handling (moloch--) #884
  • bdf0c7b: Improved comments (moloch--) #884
  • b013d55: Add events api (moloch--) #884
  • d469d33: Bump github.com/jedib0t/go-pretty/v6 from 6.2.4 to 6.3.8 (dependabot[bot]) #885
  • 071a0cb: Bump gorm.io/gorm from 1.23.8 to 1.23.9 (dependabot[bot]) #887
  • 85e6121: Print console message when TLS key logging enabled (James Golovich) #872
  • d011b57: Bump github.com/grpc-ecosystem/go-grpc-middleware from 1.2.2 to 1.3.0 (dependabot[bot]) #888
  • c3df9ac: Bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.22.8 (dependabot[bot]) #886
  • 653f3c7: Reworked staging (rkervella) #889
  • 94a55f0: Remove comments (rkervella) #889
  • 8c144e3: Fix help (moloch--) #890
  • afd0b08: Optionally randomize server JARM fingerprint (moloch--) #891
  • 9c109bd: Merge branch 'master' into jarmy (Joe) #891
  • 620bdd7: Always use min tls 1.2 or lower to ensure compatibility (moloch--) #891
  • 15b7059: always select at least 4 ciphers (moloch--) #891
  • d37de4f: always select at least 4 ciphers (moloch--) #891
  • a0c0657: Add comments (moloch--) #891
  • 9a450d9: Fix max n for min tls (moloch--) #891
  • b6a4992: Remove rc4 ciphers, bump min n (moloch--) #891
  • a6d4e4f: Save implant Wireguard session keys (James Golovich) #893
  • 6b876d5: Fix typo (moloch--) #890
  • d41833c: Allow Wireguard implant to retrieve new keys after 3 connect failures (James Golovich) #893

v1.5.26

06 Sep 18:59
v1.5.26
312f133
Compare
Choose a tag to compare

Commits

  • bb51a9f: Enable dependabot workflow (moloch--) #835
  • fd1b873: Add carbon black cloud sensor (cmprmsd) #836
  • c9898b9: Bump actions/checkout from 2 to 3 (dependabot[bot]) #837
  • 381e131: Bump actions/setup-go from 2 to 3 (dependabot[bot]) #838
  • 307b199: Bump github/codeql-action from 1 to 2 (dependabot[bot]) #839
  • dd31ae2: Bump actions/upload-artifact from 2 to 3 (dependabot[bot]) #840
  • bb36fb6: Bump actions/download-artifact from 2 to 3 (dependabot[bot]) #841
  • bb2a56d: Bump github.com/miekg/dns from 1.1.35 to 1.1.50 (dependabot[bot]) #844
  • 003f882: Bump github.com/fatih/color from 1.12.0 to 1.13.0 (dependabot[bot]) #846
  • e8aae22: Go v1.18.6 (moloch--) #847
  • afe4fb0: Merge branch 'master' into 8995dependabot/go_modules/github.com/miekg/dns-1.1.50 (Joe) #844
  • 330ceea: Bump github.com/alecthomas/chroma from 0.8.1 to 0.10.0 (dependabot[bot]) #842
  • 7d8457d: Use proper type for PPID flag, add ppid + process args to sideload (rkervella) #848

v1.5.25

05 Sep 00:42
v1.5.25
f1d4a51
Compare
Choose a tag to compare

Commits

v1.5.24

26 Aug 18:20
v1.5.24
18ddfd2
Compare
Choose a tag to compare

Commits

  • 660af1f: Setup DSN properly for PostgreSQL (James Golovich) #800
  • d6c41f1: Reorder models so the dependencies are defined before they are used. (James Golovich) #800
  • b64f00a: Fix grumble flag (Uint instead of Int) (rkervella) #802

v1.5.23

24 Aug 21:01
v1.5.23
79f2d48
Compare
Choose a tag to compare

Commits

  • d55c20d: Compare command names instead of extension name (rkervella) #797
  • 8bfba5c: added delivery in chunks (MrAle98) #792
  • 28e52e4: re-added debug option (MrAle98) #792
  • f85d0d6: fix (MrAle98) #792
  • 1d885c6: fix (MrAle98) #792
  • 8a278ce: Add PPID spoofing + custom process arguments for fork/exec commands (rkervella) #795
  • 99c23dc: Only use token when specified (rkervella) #795
  • 709065a: Cast to proper message (rkervella) #795
  • 223500e: Initial integration of sgn (moloch--) #796
  • f75d791: Fix input file and rcp func name (moloch--) #796
  • 68e9dcc: Inegrated sgn into execute-shellcode (moloch--) #796
  • f0405a3: Integrated sgn with generate shellcode (moloch--) #796
  • 1be70b3: Improved standalone cmd help (moloch--) #796
  • c1a9702: Merge branch 'master' into fix/extensions (rkervella) #797
  • 0112192: Add mutex to extension structures (rkervella) #797

v1.5.22

17 Aug 02:58
v1.5.22
6bb49e4
Compare
Choose a tag to compare

Commits

  • 2840e6e: Use session agnostic info in Donut call (rkervella) #767
  • 3ec4c51: Add example connection string to prelude connect (moloch--)
  • 5d3cb88: allow custom executables with psexec (Rich Whitcroft) #770
  • d1cf558: fix spelling mistake (moloch--)
  • 4e8e254: fix DonutShellCodeFromPE call for Windows by passing through EntryPoint parameter (TÓTH István) #773
  • 3b821d1: add unicode DLL argument passing option for sideload Donut generator (TÓTH István) #773
  • b19cfba: regenerated protobuf files after adding a new option to sideload cmd (TÓTH István) #773
  • e08f420: fix longhelp for sideload (TÓTH István) #773
  • 44578c3: add recognition of SentinelOne security product to the ps cmd (TÓTH István) #776
  • aba4a14: add codeowners (moloch--)
  • 4bfb38e: go version 1.18.5 (moloch--) #782
  • 8479252: force go version in workflows (moloch--) #782
  • ae61aa0: Fix download command for folders in beacon mode (rkervella) #784
  • 9852f03: Add missing --name flag for beacon profiles (rkervella) #786
  • 34f60a7: Fix stage encryption and add zlib compression option (rkervella) #787
  • 98f55c8: Make compression configurable (moloch--) #787
  • c5853a3: Call the compression function (moloch--) #787
  • 81b8002: Compress prior to encryption (moloch--) #787
  • f19c43f: Added deflate9 compression option (moloch--) #787
  • 205737f: No compression by default (moloch--) #787