Skip to content
This repository has been archived by the owner on Apr 7, 2022. It is now read-only.

Latest commit

 

History

History
55 lines (40 loc) · 2.83 KB

CHANGELOG.md

File metadata and controls

55 lines (40 loc) · 2.83 KB
Raw

Version 1.8 (TBA)

  • More features & bug fixes!

Version 1.7 (11-10-2019)

  • Implemented interactive history command available when server.py runs on Unix systems.
  • Also on unix systems, the inject shellcode command, instead of spawning a new thread will spawn a new process. In this way even if e.g. the meterpreter session closes the HTTP(S) connection remains intact. On windows systems there was no such problem...
  • hex <(path to) file> command added!
  • Comments are supported...

Version 1.6 (09-10-2019)

  • screenshot command doesn't store the screenshot captured on the client and then trasmits it to server, but directly transmits it to the server avoiding to touch the disk on client.
  • Direct browser connections are not allowed.
  • help command added.

Version 1.5 (28-09-2019)

  • Now shellcode can be set or modified on the fly from the server using the set shellcode <id> command.

Version 1.4 (22-09-2019)

  • migrate <PID> command now works for both x86 and x64 Windows systems!

Version 1.3 (22-09-2019)

  • Shellcode injection into the current process now works for more platforms. The platforms supported are:
    • Unix x86
    • Unix x64
    • Windows x86
      Also now instead of injecting directly into the current process the shellcode injection takes place into the memory space of a current's process thread. As a result the HTTP(S) shell does not gets affected in any wat by the shellcode injection!

Version 1.2 (20-09-2019)

  • Python 2.x compatibility removed since there were some bugs regarding some present and future features.

Version 1.1 (20-08-2019)

  • It's stealthy
  • TLS support 🔑
    • Either using on-the-fly certificates or
    • By specifying a cert/key pair (more details below...)
  • Proxy 🦊 support on client.
  • Directory navigation (cd command and variants).
  • download/upload/screenshot commands available.
  • shellcode injection 💉 (for the time it is available only for windows x86 systems but support for other OSs and ARCHs will be added soon!)
    • Either shellcode injection into another process by specifying its PID
    • or shellcode injection in the current running process
  • Pipelining (|) & chained commands (;) are supported
  • Support for every non-interactive (like gdb, top etc...) command
  • Server is both HTTP & HTTPS capable.
  • It comes with two built-in servers 🌐 so far... flask built-in & tornado-WSGI while it's also compatible with other production servers like gunicorn and Nginx.
  • Both server.py and client.py are easily extensible.
  • Since the most functionality comes from server's endpoint-design it's very easy to write a client in any other language e.g. java, GO etc...