Merge pull request #783 from BC-SECURITY/release/6.1.2

v6.1.2 into main

Author: vinnybod

.github/install_tests/docker-compose-install-tests.yml

@@ -19,6 +19,13 @@ services:
         BASE_IMAGE: ubuntu:22.04
     image: bcsecurity/empire-test-ubuntu2204
     <<: *common-platform
+  ubuntu2404:
+    build:
+      <<: *common-build
+      args:
+        BASE_IMAGE: ubuntu:24.04
+    image: bcsecurity/empire-test-ubuntu2404
+    <<: *common-platform
   debian11:
     build:
       <<: *common-build

.github/install_tests/run-all-cst.sh

@@ -5,7 +5,7 @@ set -e
 # or `./run-all-cst.sh debian12` to test a single image
 # or `./run-all-cst.sh` to test all images
 
-all_images=(debian12 debian11 debian10 ubuntu2004 ubuntu2204 kalirolling parrotrolling)
+all_images=(debian12 debian11 debian10 ubuntu2004 ubuntu2204 ubuntu2404 kalirolling parrotrolling)
 
 for image in "${@:-${all_images[@]}}"
 do

.github/workflows/lint-and-test.yml

@@ -85,7 +85,7 @@ jobs:
           DATABASE_USE=sqlite poetry run pytest . -v --runslow
       - name: Pytest coverage comment
         if: ${{ matrix.python-version == '3.13' }}
-        uses: MishaKav/pytest-coverage-comment@v1.1.53
+        uses: MishaKav/pytest-coverage-comment@v1.1.54
         with:
           pytest-coverage-path: ./pytest-coverage.txt
           junitxml-path: ./pytest.xml
@@ -128,7 +128,7 @@ jobs:
         # Because the box runs out of disk space, we can't run all tests on a single docker compose build.
         images:
           - ['debian11', 'debian12']
-          - ['ubuntu2004', 'ubuntu2204']
+          - ['ubuntu2004', 'ubuntu2204', 'ubuntu2404']
           - ['kalirolling'] # 'parrotrolling'
           # Parrot disabled for now because the apt repo is having some slowness issues.
           # Install is running up way too many minutes.
@@ -140,15 +140,19 @@ jobs:
       # To save CI time, only run these tests when the install script or deps changed
       - name: Get changed files using defaults
         id: changed-files
-        uses: tj-actions/changed-files@v46.0.3
+        uses: tj-actions/changed-files@v46.0.5
       - name: Build images
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: ${{ contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
           || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
+          || contains(steps.changed-files.outputs.modified_files, '.github/install_tests')
+          || startsWith(github.head_ref, 'release/') }}
         run: docker compose -f .github/install_tests/docker-compose-install-tests.yml
           build --parallel ${{ join(matrix.images, ' ') }}
       - name: run install tests
-        if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
+        if: ${{ contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
           || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
+          || contains(steps.changed-files.outputs.modified_files, '.github/install_tests')
+          || startsWith(github.head_ref, 'release/') }}
         # Using a script instead of prepackaged action because composite actions can't uses
         # a matrix and this is way simpler to read.
         run: |

CHANGELOG.md

@@ -14,6 +14,36 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.1.2] - 2025-05-21
+
+### Added
+
+-   Added support for Ubuntu 24.04 in the install script
+
+### Fixed
+
+-   Fixed issue launching powershell on some distros by installing libicu
+
+## [6.1.1] - 2025-05-21
+
+### Fixed
+
+-   Fix issue caused by ordering of API routers
+
+## [6.1.0] - 2025-05-20
+
+### Changed
+
+-   Use pyyaml's C extension for loading/dumping module yamls to make startup and tests faster
+-   Simplified Dockerfile by using TARGETARCH variable
+-   Cleanup API code
+-   Use a new version of donut that supports arm64
+-   Update all deps
+
+### Removed
+
+-   Remove unused files
+
 ## [6.0.3] - 2025-04-24
 
 -   Fixed SMB listener not sending start task
@@ -1102,7 +1132,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   Updated shellcoderdi to newest version (@Cx01N)
 -   Added a Nim launcher (@Hubbl3)
 
-[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.0.3...HEAD
+[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.1.2...HEAD
+
+[6.1.2]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.1.1...v6.1.2
+
+[6.1.1]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.1.0...v6.1.1
+
+[6.1.0]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.0.3...v6.1.0
 
 [6.0.3]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.0.2...v6.0.3
 

Dockerfile

@@ -7,13 +7,15 @@
 # 2) create volume storage: `docker create -v /empire --name data bcsecurity/empire`
 # 3) run out container: `docker run -it --volumes-from data bcsecurity/empire /bin/bash`
 
-FROM python:3.13.2-bullseye
+FROM python:3.13.3-bullseye
 
 LABEL maintainer="bc-security"
-LABEL description="Dockerfile for Empire server and client. https://bc-security.gitbook.io/empire-wiki/quickstart/installation#docker"
+LABEL description="Dockerfile for Empire. https://bc-security.gitbook.io/empire-wiki/quickstart/installation#docker"
 
 ENV DEBIAN_FRONTEND=noninteractive DOTNET_CLI_TELEMETRY_OPTOUT=1
 
+ARG TARGETARCH
+
 SHELL ["/bin/bash", "-c"]
 
 RUN apt-get update && \
@@ -27,13 +29,12 @@ RUN apt-get update && \
     default-jdk \
     && rm -rf /var/lib/apt/lists/*
 
-RUN unameOut="$(uname -m)" && \
-    case "$unameOut" in \
-      x86_64) export arch=x64 ;; \
-      aarch64) export arch=arm64 ;; \
-      *) exit 1;; \
-    esac && \
-    curl -L -o /tmp/powershell.tar.gz https://github.com/PowerShell/PowerShell/releases/download/v7.3.9/powershell-7.3.9-linux-$arch.tar.gz && \
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        PS_ARCH="x64"; \
+    elif [ "$TARGETARCH" = "arm64" ]; then \
+        PS_ARCH="arm64"; \
+    fi && \
+    curl -L -o /tmp/powershell.tar.gz https://github.com/PowerShell/PowerShell/releases/download/v7.3.9/powershell-7.3.9-linux-${PS_ARCH}.tar.gz && \
     mkdir -p /opt/microsoft/powershell/7 && \
     tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 && \
     chmod +x /opt/microsoft/powershell/7/pwsh && \
@@ -45,15 +46,7 @@ RUN curl -sSL https://install.python-poetry.org | python3 - && \
 
 ENV PARENT_PATH="/empire"
 
-RUN ARCH=$(uname -m) && \
-    if [ "$ARCH" = "x86_64" ]; then \
-        ARCH="linux-amd64"; \
-    elif [ "$ARCH" = "aarch64" ] || [ "$ARCH" = "arm64" ]; then \
-        ARCH="linux-arm64"; \
-    else \
-        echo -e "[!] Unsupported architecture: $ARCH. Exiting." && exit 1; \
-    fi && \
-    curl -L -o /tmp/go.tar.gz https://go.dev/dl/go1.23.2.$ARCH.tar.gz && \
+RUN curl -L -o /tmp/go.tar.gz https://go.dev/dl/go1.23.2.linux-${TARGETARCH}.tar.gz && \
     tar zxf /tmp/go.tar.gz -C /opt && \
     ln -s /opt/go/bin/go /usr/bin/go && \
     rm /tmp/go.tar.gz

empire/server/api/app.py

@@ -11,6 +11,22 @@
 from starlette.staticfiles import StaticFiles
 
 from empire.server.api.middleware import EmpireCORSMiddleware
+from empire.server.api.v2.admin import admin_api
+from empire.server.api.v2.agent import agent_api, agent_file_api, agent_task_api
+from empire.server.api.v2.bypass import bypass_api
+from empire.server.api.v2.credential import credential_api
+from empire.server.api.v2.download import download_api
+from empire.server.api.v2.host import host_api, process_api
+from empire.server.api.v2.ip import ip_api
+from empire.server.api.v2.listener import listener_api, listener_template_api
+from empire.server.api.v2.meta import meta_api
+from empire.server.api.v2.module import module_api
+from empire.server.api.v2.obfuscation import obfuscation_api
+from empire.server.api.v2.plugin import plugin_api, plugin_registry_api, plugin_task_api
+from empire.server.api.v2.profile import profile_api
+from empire.server.api.v2.stager import stager_api, stager_template_api
+from empire.server.api.v2.tag import tag_api
+from empire.server.api.v2.user import user_api
 from empire.server.api.v2.websocket.socketio import setup_socket_events
 from empire.server.core.config.config_manager import empire_config
 from empire.server.core.config.data_manager import sync_starkiller
@@ -71,27 +87,6 @@ def initialize(run: bool = True, cert_path=None):  # noqa: PLR0915
     port = empire_config.api.port
     secure = empire_config.api.secure
 
-    # Not pretty but allows us to use main_menu by delaying the import
-    from empire.server.api.v2.admin import admin_api
-    from empire.server.api.v2.agent import agent_api, agent_file_api, agent_task_api
-    from empire.server.api.v2.bypass import bypass_api
-    from empire.server.api.v2.credential import credential_api
-    from empire.server.api.v2.download import download_api
-    from empire.server.api.v2.host import host_api, process_api
-    from empire.server.api.v2.ip import ip_api
-    from empire.server.api.v2.listener import listener_api, listener_template_api
-    from empire.server.api.v2.meta import meta_api
-    from empire.server.api.v2.module import module_api
-    from empire.server.api.v2.obfuscation import obfuscation_api
-    from empire.server.api.v2.plugin import (
-        plugin_api,
-        plugin_registry_api,
-        plugin_task_api,
-    )
-    from empire.server.api.v2.profile import profile_api
-    from empire.server.api.v2.stager import stager_api, stager_template_api
-    from empire.server.api.v2.tag import tag_api
-    from empire.server.api.v2.user import user_api
     from empire.server.server import main
 
     @asynccontextmanager
@@ -106,29 +101,29 @@ async def lifespan(app: FastAPI):
 
     app = FastAPI(lifespan=lifespan)
 
-    app.include_router(listener_template_api.router)
-    app.include_router(listener_api.router)
-    app.include_router(stager_template_api.router)
-    app.include_router(stager_api.router)
+    app.include_router(admin_api.router)
+    app.include_router(agent_file_api.router)
     app.include_router(agent_task_api.router)
     app.include_router(agent_api.router)
-    app.include_router(agent_file_api.router)
-    app.include_router(user_api.router)
-    app.include_router(module_api.router)
     app.include_router(bypass_api.router)
-    app.include_router(obfuscation_api.router)
-    app.include_router(process_api.router)
-    app.include_router(profile_api.router)
     app.include_router(credential_api.router)
-    app.include_router(host_api.router)
     app.include_router(download_api.router)
+    app.include_router(host_api.router)
+    app.include_router(ip_api.router)
+    app.include_router(listener_api.router)
+    app.include_router(listener_template_api.router)
     app.include_router(meta_api.router)
+    app.include_router(module_api.router)
+    app.include_router(obfuscation_api.router)
+    app.include_router(plugin_registry_api.router)
     app.include_router(plugin_task_api.router)
     app.include_router(plugin_api.router)
-    app.include_router(plugin_registry_api.router)
+    app.include_router(process_api.router)
+    app.include_router(profile_api.router)
+    app.include_router(stager_api.router)
+    app.include_router(stager_template_api.router)
     app.include_router(tag_api.router)
-    app.include_router(ip_api.router)
-    app.include_router(admin_api.router)
+    app.include_router(user_api.router)
 
     app.add_middleware(
         EmpireCORSMiddleware,
@@ -149,9 +144,6 @@ async def lifespan(app: FastAPI):
     sio = socketio.AsyncServer(
         async_mode="asgi",
         cors_allowed_origins="*",
-        # logger=True,
-        # engineio_logger=True,
-        # https://github.com/miguelgrinberg/flask-socketio/issues/274#issuecomment-231206374
         json=MyJsonWrapper,
     )
     sio_app = socketio.ASGIApp(
@@ -179,7 +171,6 @@ async def lifespan(app: FastAPI):
                 lifespan="on",
                 ssl_keyfile=f"{cert_path}/empire-priv.key",
                 ssl_certfile=f"{cert_path}/empire-chain.pem",
-                # log_level="info",
             )
         else:
             uvicorn.run(
@@ -188,7 +179,6 @@ async def lifespan(app: FastAPI):
                 port=port,
                 log_config=None,
                 lifespan="on",
-                # log_level="info",
             )
 
     return app

empire/server/api/v2/admin/admin_api.py

@@ -5,11 +5,14 @@
     get_current_active_admin_user,
     get_current_active_user,
 )
-from empire.server.api.v2.shared_dependencies import CurrentSession
+from empire.server.api.v2.shared_dependencies import AppCtx, CurrentSession
 from empire.server.api.v2.shared_dto import BadRequestResponse, NotFoundResponse
-from empire.server.server import main
+from empire.server.core.ip_service import IpService
+
+
+def get_ip_service(main: AppCtx) -> IpService:
+    return main.ipsv2
 
-ip_service = main.ipsv2
 
 router = APIRouter(
     prefix="/api/v2/admin",
@@ -23,10 +26,12 @@
 
 
 @router.put("/ip_filtering", dependencies=[Depends(get_current_active_admin_user)])
-def toggle_ip_filtering(db: CurrentSession, enabled: bool):
+def toggle_ip_filtering(
+    db: CurrentSession, enabled: bool, ip_service: IpService = Depends(get_ip_service)
+):
     ip_service.toggle_ip_filtering(db, enabled)
 
 
 @router.get("/ip_filtering", dependencies=[Depends(get_current_active_user)])
-def get_ip_filtering():
+def get_ip_filtering(ip_service: IpService = Depends(get_ip_service)):
     return {"enabled": ip_service.ip_filtering}