Merge pull request #810 from BC-SECURITY/release/6.4.1

v6.4.1 into main

Author: vinnybod

.github/install_tests/cst-config-debian.yaml

@@ -5,4 +5,5 @@ commandTests:
   - name: "mysql version"
     command: "mysql"
     args: ["--version"]
-    expectedOutput: ["mysql  Ver 15.*10.*-MariaDB"]
+    expectedOutput: ["mysql  Ver 15.*10.*-MariaDB|mysql from 11.*-MariaDB, client
+        15.*"]

.github/install_tests/cst-config-ubuntu.yaml

@@ -5,4 +5,4 @@ commandTests:
   - name: "mysql version"
     command: "mysql"
     args: ["--version"]
-    expectedOutput: ["mysql  Ver 8.0.*"]
+    expectedOutput: ["mysql  Ver 8\\.[04].*"]

.github/install_tests/docker-compose-install-tests.yml

@@ -35,6 +35,13 @@ services:
         BASE_IMAGE: debian:bookworm
     image: bcsecurity/empire-test-debian12
     <<: *common-platform
+  debian13:
+    build:
+      <<: *common-build
+      args:
+        BASE_IMAGE: debian:trixie
+    image: bcsecurity/empire-test-debian13
+    <<: *common-platform
   kalirolling:
     build:
       <<: *common-build

.github/install_tests/run-all-cst.sh

@@ -5,7 +5,7 @@ set -e
 # or `./run-all-cst.sh debian12` to test a single image
 # or `./run-all-cst.sh` to test all images
 
-all_images=(debian12 debian11 ubuntu2204 ubuntu2404 kalirolling parrotrolling)
+all_images=(debian13 debian12 debian11 ubuntu2204 ubuntu2404 kalirolling parrotrolling)
 
 for image in "${@:-${all_images[@]}}"
 do

.github/workflows/lint-and-test.yml

@@ -102,8 +102,7 @@ jobs:
         with:
           submodules: 'recursive'
           token: ${{ secrets.RELEASE_TOKEN }}
-      - name: Set up SSH (sponsors only)
-        if: ${{ endswith(github.repository, 'Empire-Sponsors') }}
+      - name: Set up SSH
         run: |
           eval "$(ssh-agent -s)"
           echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> $GITHUB_ENV
@@ -133,7 +132,7 @@ jobs:
       matrix:
         # Because the box runs out of disk space, we can't run all tests on a single docker compose build.
         images:
-          - ['debian11', 'debian12']
+          - ['debian11', 'debian12', 'debian13']
           - ['ubuntu2204', 'ubuntu2404']
           - ['kalirolling'] # 'parrotrolling'
           # Parrot disabled for now because the apt repo is having some slowness issues.
@@ -143,8 +142,7 @@ jobs:
         with:
           submodules: 'recursive'
           depth: 0
-      - name: Set up SSH (sponsors only)
-        if: ${{ endswith(github.repository, 'Empire-Sponsors') }}
+      - name: Set up SSH
         run: |
           eval "$(ssh-agent -s)"
           echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> $GITHUB_ENV
@@ -159,7 +157,7 @@ jobs:
       # To save CI time, only run these tests when the install script or deps changed
       - name: Get changed files using defaults
         id: changed-files
-        uses: tj-actions/changed-files@v47.0.0
+        uses: tj-actions/changed-files@v47.0.1
       - name: Build images
         if: ${{ contains(steps.changed-files.outputs.modified_files, 'setup/install.sh')
           || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')

.github/workflows/release-private-start.yml

@@ -37,7 +37,7 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v6
         with:
-          python-version: '3.9'
+          python-version: '3.12'
       - name: Setup poetry
         run: |
           curl -sL https://install.python-poetry.org | python - -y

.github/workflows/release-private-tag.yml

@@ -24,7 +24,7 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v6
         with:
-          python-version: '3.9'
+          python-version: '3.12'
       - name: Setup poetry
         run: |
           curl -sL https://install.python-poetry.org | python - -y

.gitignore

@@ -57,3 +57,5 @@ addons/
 __pycache__/
 workspace.xml
 starkiller-dist.tar.gz
+.worktrees/
+config.user.yaml

CHANGELOG.md

@@ -14,12 +14,53 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.4.1] - 2026-02-15
+-   Updated Starkiller to v3.3.0
+
+### Added
+
+-   Added `config.user.yaml` layering support — create a `config.user.yaml` next to `config.yaml` to override specific settings without modifying the base config
+-   Added `auto_install` option to `plugin_marketplace` config for automatic plugin installation during setup
+-   Added `server.socketio` config option to disable Socket.IO (default: `true`)
+-   Added C# spawn module with Powershell and C# executables
+
+### Fixed
+
+-   Fixed Go agent failing to run powershell modules that are too long
+-   Removed StagerURI from http listeners
+-   Fixed HTTP hop listener not getting proper host address
+-   Fixed arguments for bof module netloggedon
+-   Fixed option ComputerName being removed from modules without custom_generate
+-   Fixed missing CompatibleDotNetVersions for ShellcmdRunas and ShellRunAs
+-   Fixed missing CompatibleDotNetVersions for Assembly and AssemblyReflect
+-   Fixed parameter error when running Sharpsploit.Assembly
+
+## [6.4.0] - 2026-01-18
+
+
 ### Added
 
 -   Added Debian 13 support
 -   Added error message if running `ps-empire server` under root without `-f`
--   Added Get-ClipboardHistory PowerShell module to enumerate Windows clipboard history (Windows 10/11) via WinRT APIs
+-   Added `hide_disabled` parameter to `GET /api/v2/modules/` endpoint
+-   Added a health check endpoint at `/healthz`
+-   Added `module_options` to `AgentTask` and `plugin_options` to `PluginTask` for better execution tracking
+-   Added `-c` (compile from source) and `-o` (override) options to `ps-empire`
 -   Added local ticket support to Invoke-PSRemoting module
+-   Added an endpoint to stop background jobs on agents
+-   Added foreground C# tasking support to IronPython agent
+-   Added Get-ClipboardHistory PowerShell module to enumerate Windows clipboard history (Windows 10/11) via WinRT APIs
+
+### Changed
+
+-   Updated the module categeories to be more clear
+-   Updated FastAPI deps to use Annotated types
+-   Changed StratumMiner, Moriarty, and Sharpup to background tasks
+-   Updated empire-compiler to v0.4.3
+
+### Fixed
+
+-   Fixed results not coming back properly for powershell agents on C# background tasks
 
 ## [6.3.0] - 2025-12-11
 -   Updated Starkiller to v3.2.0
@@ -1206,7 +1247,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   Updated shellcoderdi to newest version (@Cx01N)
 -   Added a Nim launcher (@Hubbl3)
 
-[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.3.0...HEAD
+[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.4.1...HEAD
+
+[6.4.1]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.4.0...v6.4.1
+
+[6.4.0]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.3.0...v6.4.0
 
 [6.3.0]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v6.2.1...v6.3.0
 

README.md

@@ -29,7 +29,7 @@ Empire is a post-exploitation and adversary emulation framework that is used to
 - JA3/S and JARM Evasion
 - MITRE ATT&CK Integration
 - Integrated Roslyn compiler (Thanks to [Covenant](https://github.com/cobbr/Covenant))
-- Docker, Kali, ParrotOS, Ubuntu 22.04/24.04, and Debian 11/12 Install Support
+- Docker, Kali, ParrotOS, Ubuntu 22.04/24.04, and Debian 11/12/13 Install Support
 
 ### Agents
 - PowerShell