All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added ability to specify custom admin port number
- Disallow Administrators from changing other user's passwords
- Restrict non-admin users from visiting other user's profile in UI
- Updated ShellCode task to use file upload of raw binary
- Updated streaming tasks to autoflush the console
- Updated Keylogger to handle VK_PACKET virtual keys
- Fix edit roles for CovenantUser UI bug
- Fix profile bug when HttpGetResponse differs from HttpPostResponse
- Fix TaskKill display bug
- Fix token impersonation issues
- Fix streaming output to capture output after Delay time elapsed
- Fix streaming output does not capture exceptions issue
- Fix Keylogger task Delegate gets garbage collected
- Fix ImplantTemplate becomes null on GruntTable
- Fix P2P routing when disconnecting/reconnecting to same Grunt repeatedly
- Fixed and improved P2P stability for GruntSMB
- Fix streaming output immediate write for push implants (SMB/Bridge)
- Fix streaming output leftover buffer remaining output
- Fix Download Task adding extra byte to files
- Fix Download task exception on unexpected output
v0.6 - 2020-08-04
- Added CreateDirectory task
- Add SharpSC submodule, ReferenceSourceLibrary, and GruntTask
- Added CreateProcessWithToken task
- Added aliases for Shell tasks
- Added ShellCodeLauncher using Donut
- Added Copy command
- Added missing Keylogger task
- Added streaming task output
- Added Download/Upload .NET Core Tasks
- Added ReadTextFile,CreateDirectory,Delete .NET Core Tasks
- Added UI Themes, new Heathen Mode theme
- Added a TabbedTerminal view to GruntIndex component
- Added message that Covenant has started
- Add SharpSploit.LateralMovement namespace to SharpShell command
- Updated PowerShellRemoting tasks to show output
- Update implants to use WellKnownSidType enum rather than string for non-english systems
- Update all launchers to support non-http profiles
- Changed Shell tasks to use CreateProcess to get output
- Updated SharpSploit, Rubeus, Seatbelt ReferenceSourceLibaries to latest versions
- Simplified compilation optimization to use HashSet
- Limited compilation optimization for SharpSC
- Updated Seatbelt to latest version
- Updated SharpSploit to latest version, PowerShell task should include verbose/error output
- Changed GruntTask export to exclude GruntTaskOption value property
- Updated codemirror, added night theme for codemirror
- Removed Covenant certificate hash message
- Fixed order of Upload parameters
- Fixed Brute compilation path for case-sensitive file systems
- Fixed HttpPost issue on Linux servers
- Fixed Listeners stop issue
- Fixed Seatbelt command group suggestions
- Fixed EditGruntTask for task with aliases, validationmessage issue
- Fixed Task aliases to be able to be edited
- Fixed InstallUtil launcher
- Fixed PowerShellLauncher maxlength too short
- Fixed BridgeListener null exception on creation
- Fixed Dockerfile to use sdk for runtime
- Fixed ordering of deserialized GruntTask Options
- Fixed Assembly tasks to do command-line style parsing
- Updated YAML task file code options to use literal strings, may have been causing some problems
- Fixed parameter parsing bug when multiple trailing double-quotes
- Fixed command parameter parsing bug when multiple trailing double-quotes
- Fixed command parameter parsing bug when labeled parameter
- Fixed CovenantUser default properties set to null, not following OpenApi spec
- Fixed task aliases use incorrect case comparisons
- Fixed LauncherForm exception when no active listeners
- Fixed missing ReferenceAssemblies for SharpSploit
- Fixed WMICommand/WMIGrunt output format
- Fixed ConnectAttempts bug
- Fixed BridgeListener ArgumentOutOfRangeException
- Fix/tweak Connect/Disconnect tasks
- Fixed JwtKey issue
- Fixed ImplantTemplateForm options resetting issue
- Fixed terminal typeahead issues
- Fixed HttpProfile editing issue
- Fixed POST /api/users API endpoint authentication issue
- Fixed profiles using Cookie header
- Fixed profile using curly brace character
- Fix create/edit for ReferenceSourceLibraries,ReferenceAssemblies,EmbeddedResources
- Fix launcher commands (i.e. BypassUacGrunt, WMIGrunt, PowerShellRemotingGrunt)
- Fix Launcher properties not being applied during generation
- Fixed Graph with BridgeListener issue
v0.5 - 2020-06-04
- Added GetNetShare task
- Added Keylogger task
- Added Brute .NET Core implant
- Added .NET Core tasks: shell, shellcmd, ls, cd, ps, assembly
- Added GruntTask import/export ability
- Improved ComputerName parsing and output for Domain tasks
- Upgraded to .NET Core 3.1
- Changed UI to use Blazor
- Changed profiles to use .NET Core 3.1
- Downloaded launchers filename set to implanttemplate name
- Update Dockerfile for .NET Core 3.1
- Moved GruntTasks to yaml files
- Changed delay/jitter/killdate commands to not use 'Set'
- Fixed missing http profiles on Ubuntu w/ workaround due to corefx issue
- Made changes necessary for C3 integration, allowing outbound SMB grunts
- Fixed missing http profiles on Ubuntu w/ workaround due to corefx issue
- Fix GET /api/gruntcommand/{id} endpoint missing output
- Fix #122 multiple connection addresses issue
- Fix #137 grunt last checked-in field sorting issue on table
v0.4 - 2019-10-30
- Added ShellRunAs and ShellCmdRunAs tasks
- Added GetCurrentDirectory task
- Added DCSync task
- Added ReadTextFile (cat) task
- Added support to supply CLI options via environment variables
- Added Delete (rm/del) task
- Added PowerShellRemotingCommand/PowerShellRemotingGrunt tasks
- Added Kill task
- Added /api/grunts/{id}/interact API endpoint
- Added BridgeListeners
- Added BridgeProfiles
- Added GruntBridge implant
- Changed command-line parsing, Task parsing, added DefaultValue for optional parameters
- Changed DCOM, WMI, BypassUAC task handling
- Updated SharpSploit to latest version
- Changed PowerShellImport Task tab to use file control
- Changed PowerShellImport to strip PowerShell ISE magic header value
- Updated SharpSploit to latest version, updated powerkatz dlls
- Improved PortScan to accept port ranges
- Updated SharpSploit to latest version
- Fixed ConnectAttemptCount incrementing on valid response w/o a task
- Fixed null tasking display
- Fixed BindPort changes to ConnectPort on listener restart
- Fixed command-line parsing issues
- Fixed PersistAutorun option ordering
- Fixed ImpersonateProcess using wrong task code
- Fixed InstallUtilLauncher dll was base64 encoded when hosted
- Fixed SharpUp error when no CLI args provided
- Fixed Connect/Disconnect/Set/SharpShell error when using Task tab
- Fixed missing DefaultValues for Assembly and GhostPack tasks
- Fixed bug preventing files with the same name being hosted on different Listeners
- Fixed WMIGrunt adding executable name twice to command
- Fixed CapturedCredential parsing with ':' character
- Fixed change Grunt name, SetOption commands
- Fixed changing Grunt status to Exited
- Fixed SignalR GetInteract occasionally could not determine requesting username
- Fixed InstallUtil dll download output format
v0.3.2 - 2019-09-11
- Added PersistAutorun task, PersistStartup task, and PersistWMI task
- Added Screenshot task, added ScreenshotEvent
- Added displaying image for ScreenShot events/tasks in Grunt interact view, GruntTasking interact view, and Data view
- Added BypassAmsi task
- Updated SharpSploit referencesourcelibrary
- Updated Rubeus referencesourcelibrary
- Fixed hosting files issue
- Fixed profile edit/create javascript issue
v0.3.1 - 2019-08-26
- Added codemirror code editing
- Added ability to hide a Grunt
- Added lost grunt calculations
- Added toast notifications on events
- Added multiple connectaddresses to HttpListener
- Lost grunts faded in table
- Modularized Listeners to make adding new listener types easier
- Fixed Download task to work with remote downloads over shares
- ReferenceSourceLibraries converted back to git submodules
- Fix https URL calculation for Listener Create
- Fix SSLCertificate upload error
v0.3 - 2019-08-02
- Added web interface
- Updated powerkatz dlls
- Reduced resource utilization
v0.2 - 2019-05-01
- Added p2p communications over SMB named pipes
- Added TaskingUser and TaskingCommand to GruntTaskings
- Added Elite display events on user tasking (prior to completed)
- Added better Elite error messages
- Added forked version of ReadLine, with better tab-complete
- Added change user password
- Added shellcmd task
- Added sharpdpapi task
- Added sharpup task
- Added sharpdump task
- Added sharpwmi task
- Added safetykatz task
- Added Seatbelt task
- Added remote registry tasks
- Added KillDate to launchers and grunts
- Moved Eventing from Listeners/Elite to Covenant Controllers
- AdminPassword no longer encrypts certificate file, can be changed
- TaskMenu now displays full task description, detailed parameter info
- Updated SharpSploit code
- Tasks now catch Exceptions, return better error messages
- Fixed RegistryWrite Task
- Fixed Create user error message
- Fixed ssl certificate password error, no longer need to use CovenantDev
v0.1.3 - 2019-03-18
- Added Credential Manager and mimikatz/rubeus parser
- Added PrivExchange, PersistCOMHijack tasks
- Split wmi, dcom, and bypassuac tasks to wmicommand, wmigrunt, dcomcommand, dcomgrunt, bypassuaccommand, bypassuacgrunt tasks
- Updated SharpSploit to latest commit
- Updated Rubeus to latest commit
- Changed Grunts to use CookieContainer WebClient for Cookie authentication
- Re-added missing appsettings.json, moved to Data folder
- Check for initialized submodules
- Fixed download task (missing folder)
- Fixed xls vs xsl typo
v0.1.2 - 2019-02-14
- Added Rubeus as a git submodule
- Added Rubeus task
- Added AssemblyReflect task
- Added 'ReferenceSourceLibrary' and 'EmbeddedResources' properties to GruntTask
- Changed Assembly task to execute EntryPoint
- Changed SharpSploit source to a git submodule
- Changed Compiler source optimization
- Updated Microsoft.AspNetCore.App package version
- Fixed Assembly task
v0.1.1 - 2019-02-09
- Added CHANGELOG.md
- Updated SharpSploit Mimikatz.cs source code
- Temporary fix for source code optimization removing "System" imports, causing issues with PortScan task
- Initial release