Merge pull request #680 from BC-SECURITY/release/5.5.3

v5.5.3 into main

.github/CONTRIBUTING.md

@@ -44,4 +44,10 @@ The more information you provide in a Github issue the easier it will be for us
     3. run `ruff . --fix` (or `poetry run ruff . --fix`). 
 * The repo is also configured to use [pre-commit](https://pre-commit.com/) to automatically format code.
   * Once you have pre-commit installed, you can run `pre-commit install` to install the pre-commit hooks.
-  * Then pre-commit will execute black, isort, and ruff automatically before committing.
+  * Then pre-commit will execute black, isort, and ruff automatically before committing.
+
+## Tests
+
+Please write tests for your code! We use [pytest](https://docs.pytest.org/en/latest/) for testing. Tests are located in the `tests/` directory. To run the tests, run `pytest` from the root directory of the project.
+
+For tests that take >20-30 seconds, please add the `@pytest.mark.slow` decorator to the test function. This will allow us to skip the slow tests when running the tests, unless we explicitly want to run them with `pytest --runslow`.

.github/docker-compose.yml

@@ -13,9 +13,9 @@ services:
     entrypoint: /bin/bash
     platform: linux/amd64
     command: >
-      -c "DATABASE_USE=sqlite poetry run python -m pytest .
+      -c "DATABASE_USE=sqlite poetry run python -m pytest . --runslow
       && sed -i 's/localhost:3306/db:3306/g' empire/test/test_server_config.yaml
-      && DATABASE_USE=mysql poetry run python -m pytest ."
+      && DATABASE_USE=mysql poetry run python -m pytest . --runslow"
   db:
     image: mysql:8.0
     restart: always

.github/install_tests/cst-config-debian10.yaml

@@ -15,4 +15,4 @@ commandTests:
   - name: "mysql version"
     command: "mysql"
     args: ["--version"]
-    expectedOutput: ["mysql  Ver 8.0.*"]
+    expectedOutput: ["mysql  Ver 15.*10.*-MariaDB"]

.github/install_tests/cst-config-debian11.yaml

@@ -15,4 +15,4 @@ commandTests:
   - name: "mysql version"
     command: "mysql"
     args: ["--version"]
-    expectedOutput: ["mysql  Ver 8.0.*"]
+    expectedOutput: ["mysql  Ver 15.*10.*-MariaDB"]

.github/workflows/lint-and-test.yml

@@ -37,7 +37,7 @@ jobs:
     needs:
       - matrix-prep-config
       - lint
-    timeout-minutes: 15
+    timeout-minutes: 30
     runs-on: ubuntu-latest
     name: Test Python ${{ matrix.python-version }}
     strategy:
@@ -76,16 +76,16 @@ jobs:
           poetry install
       - name: Run test suite - mysql
         run: |
-          DATABASE_USE=mysql poetry run pytest . -v
+          DATABASE_USE=mysql poetry run pytest . -v --runslow
       - name: Run test suite - sqlite
         if: ${{ startsWith(github.head_ref, 'release/') || contains(github.event.pull_request.labels.*.name, 'test-sqlite') }}
         run: |
-          DATABASE_USE=sqlite poetry run pytest . -v
+          DATABASE_USE=sqlite poetry run pytest . -v --runslow
 
   test_image:
     # To save CI time, only run these tests on the release PRs
     if: ${{ startsWith(github.head_ref, 'release/') }}
-    timeout-minutes: 20
+    timeout-minutes: 30
     runs-on: ubuntu-latest
     name: Test Docker Image
     steps:
@@ -118,81 +118,81 @@ jobs:
           submodules: 'recursive'
           depth: 0
           token: ${{ secrets.RELEASE_TOKEN }}
-      # To save CI time, only run these tests when the install script is changed
+      # To save CI time, only run these tests when the install script or deps changed
       - name: Get changed files using defaults
         id: changed-files
         uses: tj-actions/[email protected]
       - name: Build images
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         run: docker-compose -f .github/install_tests/docker-compose-install-tests.yml build --parallel
       - name: run structure tests base Ubuntu 20.04
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-ubuntu2004:latest
           config: .github/cst-config-base.yaml
       - name: run structure tests Ubuntu 20.04
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-ubuntu2004:latest
           config: .github/install_tests/cst-config-ubuntu2004.yaml
       - name: run structure tests base Ubuntu 22.04
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-ubuntu2204:latest
           config: .github/cst-config-base.yaml
       - name: run structure tests Ubuntu 22.04
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-ubuntu2204:latest
           config: .github/install_tests/cst-config-ubuntu2204.yaml
       - name: run structure tests base Debian 10
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-debian10:latest
           config: .github/cst-config-base.yaml
       - name: run structure tests Debian 10
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-debian10:latest
           config: .github/install_tests/cst-config-debian10.yaml
       - name: run structure tests base Debian 11
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-debian11:latest
           config: .github/cst-config-base.yaml
       - name: run structure tests Debian 11
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-debian11:latest
           config: .github/install_tests/cst-config-debian11.yaml
       - name: run structure tests Kali base
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-kalirolling:latest
           config: .github/cst-config-base.yaml
       - name: run structure tests Kali
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-kalirolling:latest
           config: .github/install_tests/cst-config-kalirolling.yaml
       - name: run structure tests Parrot base
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-parrotrolling:latest
           config: .github/cst-config-base.yaml
       - name: run structure tests Parrot
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         uses: plexsystems/[email protected]
         with:
           image: docker.io/bcsecurity/empire-test-parrotrolling:latest

.github/workflows/release-sponsor-kali-start.yml

@@ -31,13 +31,6 @@ jobs:
         run: |
           # Get the version from pyproject.toml using sed
           echo "APP_VERSION=$(sed -n 's/^version = "\(.*\)"/\1/p' pyproject.toml)" >> $GITHUB_ENV
-      - name: Update Starkiller Version
-        if: ${{ github.event.inputs.starkillerVersion }}
-        uses: ./.github/actions/update-starkiller
-        with:
-          starkiller-version: ${{ env.STARKILLER_TAG }}
-          app-version: ${{ env.APP_VERSION }}
-          changelog-path: CHANGELOG-SPONSORS.md
       - name: Update Sponsors Changelog
         uses: vinnybod/[email protected]
         with:
@@ -50,6 +43,13 @@ jobs:
           git add -A
           git commit --message "Prepare release ${{ env.APP_VERSION }} sponsors"
           echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+      - name: Update Starkiller Version
+        if: ${{ github.event.inputs.starkillerVersion }}
+        uses: ./.github/actions/update-starkiller
+        with:
+          starkiller-version: ${{ env.STARKILLER_TAG }}
+          app-version: ${{ env.APP_VERSION }}
+          changelog-path: CHANGELOG-SPONSORS.md
       - name: Get release branch name
         run: |
             echo "RELEASE_BRANCH=release/$APP_VERSION-sponsors" >> $GITHUB_ENV

CHANGELOG.md

@@ -7,7 +7,55 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.5.3] - 2023-07-20
+
+-   Updated Starkiller to v2.4.2
+-   Updated restip message to show IP address on server (@Cx01N)
+-   Fixed onedrive taskings for powershell (@Cx01N)
+-   Update pyyaml to 6.0.1 to avoid build issue from cython (@Vinnybod)
+-   Use MariaDB in Debian (@Vinnybod)
+
+## [5.5.2] - 2023-07-14
+
+-   Fix TypeError and crash when using `main` command in client (@jellyjellyrobot)
+-   Fix extraneous semi-colon breaking powershell 'literal' execution (@crittico)
+
+## [5.5.1] - 2023-07-06
+
+-   Fix basic_reporting plugin using the wrong agent checkin column
+
+## [5.5.0] - 2023-06-21
+
+-   Break out agent checkins to a new table (@Vinnybod)
+    -   New checkins endpoint to get them as a list
+    -   New checkins aggregate endpoint to get aggregated checkin data
+    -   Aggregate endpoint not supported with SQLite
+-   Add a warning message about using SQLite
+-   Added LinPEAS to Python modules (@Cx01N)
+-   Added python obfusscation using python-obfuscator (@Cx01N)
+-   Added IronPython SMB Agents/Listener (@Cx01N)
+-   Expand file options to plugins, stagers, and listeners (@Vinnybod)
+-   Added Python agent support to hop listener (@Cx01N)
+-   Added staging to hop listener (@Cx01N)
+-   Added python module for Pwnkit (CVE-2021-4034) (@Cx01N)
+-   Added python module for Polkit (CVE-2021-3560) (@Cx01N)
+-   Fixed safecheck error for python module sudo spawn (@Cx01N)
+-   Fixed file error in Invoke-Shellcode (@Cx01N)
+-   Removed duplicate modules between languages (@Cx01N) 
+    -   Removed .NET Core modules due to errors
+    -   Removed redundant C# lateral movement modules
+    -   Removed Covenant Mimikatz in favor of Invoke-Mimikatz
+    -   Removed Invoke-Assembly in favor of Covenant's execute assembly
+    -   Removed Invoke-BOF in favor of RunOF
+    -   Removed Invoke-Rubeus in favor of Covenant's Rubeus
+    -   Removed Invoke-Seatbelt in favor of Covenant's Seatbelt
+    -   Removed Bloodhound v1 module
+-   Revamped malleable profiles and increased their generation reliability (@Cx01N)
+-   Allow the server to start even when starkiller sync fails (@Vinnybod)
+-   Remove libssl1.1 from the install script since it doesn't appear to be needed and causes install failures on some OS (@Vinnybod)
 -   Fix the restip argument which wasn't being used (@Vinnybod)
+-   Added reload endpoint to Malleable Profiles, Modules, Bypasses, and Plugins (@Cx01N)
+-   Updated and fixed pyinstaller stager (@Cx01N)
 
 ## [5.4.2] - 2023-06-07
 
@@ -493,7 +541,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   Updated shellcoderdi to newest version (@Cx01N)
 -   Added a Nim launcher (@Hubbl3)
 
-[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.4.2...HEAD
+[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.5.3...HEAD
+
+[5.5.3]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.5.2...v5.5.3
+
+[5.5.2]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.5.1...v5.5.2
+
+[5.5.1]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.5.0...v5.5.1
+
+[5.5.0]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.4.2...v5.5.0
 
 [5.4.2]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.4.1...v5.4.2
 

README.md

@@ -1,11 +1,20 @@
-![Empire](https://user-images.githubusercontent.com/20302208/70022749-1ad2b080-154a-11ea-9d8c-1b42632fd9f9.jpg)
-
+<div align="center">
+
+![Empire](https://user-images.githubusercontent.com/20302208/70022749-1ad2b080-154a-11ea-9d8c-1b42632fd9f9.jpg)  
+[![Donate](https://img.shields.io/badge/Donate-Sponsor-blue?style=plastic&logo=github)](https://github.com/sponsors/BC-SECURITY)
 [![Docs](https://img.shields.io/badge/Wiki-Docs-green?style=plastic&logo=wikipedia)](https://bc-security.gitbook.io/empire-wiki/)
-[![Twitter URL](https://img.shields.io/twitter/follow/BCSecurity1?style=plastic&logo=twitter)](https://twitter.com/BCSecurity1)
-[![YouTube URL](https://img.shields.io/youtube/channel/views/UCIV4xSntF1h1bvFt8SUfzZg?style=plastic&logo=youtube)](https://www.youtube.com/channel/UCIV4xSntF1h1bvFt8SUfzZg)
 [![Discord](https://img.shields.io/discord/716165691383873536?style=plastic&logo=discord)](https://discord.gg/P8PZPyf)
-[![Donate](https://img.shields.io/badge/Donate-Sponsor-blue?style=plastic&logo=github)](https://github.com/sponsors/BC-SECURITY)
 [![Blog](https://img.shields.io/badge/Blog-Read%20me-orange?style=plastic&logo=wordpress)](https://www.bc-security.org/blog)
+[![Twitter URL](https://img.shields.io/twitter/follow/BCSecurity?style=plastic&logo=twitter)](https://twitter.com/BCSecurity)
+[![Twitter URL](https://img.shields.io/twitter/follow/EmpireC2Project?style=plastic&logo=twitter)](https://twitter.com/EmpireC2Project)
+[![YouTube URL](https://img.shields.io/youtube/channel/views/UCIV4xSntF1h1bvFt8SUfzZg?style=plastic&logo=youtube)](https://www.youtube.com/channel/UCIV4xSntF1h1bvFt8SUfzZg)
+![Mastodon Follow](https://img.shields.io/mastodon/follow/109299433521243792?domain=https%3A%2F%2Finfosec.exchange%2F&style=plastic&logo=mastodon)
+![Mastodon Follow](https://img.shields.io/mastodon/follow/109384907460361134?domain=https%3A%2F%2Finfosec.exchange%2F&style=plastic&logo=mastodon)
+[![Threads](https://img.shields.io/badge/follow%20@BCSecurity0-grey?style=plastic&logo=threads&logoColor=#000000)](https://www.threads.net/@bcsecurity0)
+[![Threads](https://img.shields.io/badge/follow%20@EmpireC2Project-grey?style=plastic&logo=threads&logoColor=#000000)](https://www.threads.net/@empirec2project)
+[![LinkedIn](https://img.shields.io/badge/Linkedin-blue?style=plastic&logo=linkedin&logoColor=#0A66C2)](https://www.linkedin.com/company/bc-security/)
+
+</div>
 
 # Empire
 Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server, [Starkiller](https://github.com/BC-SECURITY/Starkiller).
@@ -45,9 +54,13 @@ Empire is a post-exploitation and adversary emulation framework that is used to
 - And Many More
 
 ## Sponsors
-[<img src="https://user-images.githubusercontent.com/20302208/185246508-56f4f574-5a06-4a2c-ac62-320922588dcf.png" width="100"/>](https://www.sans.org/cyber-security-courses/red-team-operations-adversary-emulation/) &emsp; &emsp; &emsp;
-[<img src="https://user-images.githubusercontent.com/20302208/208271681-235c914b-5359-426e-8a3d-903bbd018847.png" width="100"/>](https://www.cybrary.it/)
+<div align="center">
+
+[<img src="https://github.com/BC-SECURITY/Empire/assets/9831420/f273f4b0-400c-49ce-b62f-521239a86754" width="100"/>](https://www.cybrary.it/)
 
+[<img src="https://github.com/BC-SECURITY/Empire/assets/9831420/d14af000-80d2-4f67-b70c-b62ac42b6a52" width="100"/>](https://twitter.com/joehelle)
+
+</div>
 
 ## Release Notes
 
@@ -70,6 +83,10 @@ cd Empire
 sudo ./setup/install.sh
 ```
 
+If you are using the sponsors version of Empire, it will pull the sponsors version of Starkiller.
+Because these are private repositories, you need to have ssh credentials configured for GitHub.
+Instructions can be found [here](https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh).
+
 #### Server
 
 ```bash
@@ -117,7 +134,7 @@ A special thanks to the following contributors for their help with Empire:
 [@Vinnybod](https://twitter.com/_vinnybod)
 
 ## Official Discord Channel
-Join us in [our Discord](https://discord.gg/P8PZPyf) to with any comments, questions, concerns, or problems!
+Join us in [our Discord](https://discord.gg/P8PZPyf) with any comments, questions, concerns, or problems!
 
 <p align="center">
 <a href="https://discord.gg/P8PZPyf">

conftest.py

@@ -0,0 +1,21 @@
+import pytest
+
+
+def pytest_addoption(parser):
+    parser.addoption(
+        "--runslow", action="store_true", default=False, help="run slow tests"
+    )
+
+
+def pytest_configure(config):
+    config.addinivalue_line("markers", "slow: mark test as slow to run")
+
+
+def pytest_collection_modifyitems(config, items):
+    if config.getoption("--runslow"):
+        # --runslow given in cli: do not skip slow tests
+        return
+    skip_slow = pytest.mark.skip(reason="need --runslow option to run")
+    for item in items:
+        if "slow" in item.keywords:
+            item.add_marker(skip_slow)