Tuoni 0.12.1

SMB, bindAddress and filename

🖥️ Client

• In the terminal all "integer" values can now also be entered in the HEX format, eg. 0xFF will be converted to 255

⚙️ Server

• Reordered the new filename and bindAddress fields in the HTTP listener default conf
• Additional template values in HTTP listener filename

🔒 Commercial

• Refactor and overall improvement of tokens handling
• Shellcode does not allocate RWE memory for itself anymore

Misc

• SMB listener allows reconnection without previous connection failure

0.12.0

New commands, launchers and better encryption!

🖥️ Client

• explorer.exe is now highlighted in the ps command output
• Fixed terminal crash when agent metadata does not have IP set to better support 3rd party agents
• Users view now has confirmation box when trying to disable your own account
• Added search for "hosts" and "credentials" view
• Improved hosts view sorting to sort correctly by IP addresses

⚙️ Server

• Added feature to specify payload filename template when served via the http listener.
• Added API endpoint to clear agent queue
• Supports agent communication encryption in CBC and GCM (used to be only CBC)
• Payload plugins are now initialized before listener and command plugins
• Add create/update timestamps to API for each command result entry
• Add option for command plugins to hide some result entries from API response

🔒 Commercial

• Added keylogger windows command
• Added memory-layout command
• Fix token not applying for plugin commands correctly for commercial agent
• screen-tracker command now prints out the correct count for screenshots taken
• Improved DNS listener
• Added native privilege-list command to commercial agent (current works with process token only)
• Added native privilege-enable command to commercial agent (current works with process token only)
• Added native privilege-disable command to commercial agent (current works with process token only)
• Fixed command stopping handling issues with some commands

Misc

• Added 2 new launchers #86 by @palangosjuze
• Improved licence key validation #89 by @AllRWeak
• Added token-from-handle command that can be used with token handles created by BOF's or .NET code
• Commands shellcode can provide new token directly to agent
• Upgraded agent communication encryption to GCM

🏗️ SDK 0.12.0 Released!

https://docs.shelldot.com/plugins/server/SdkChangelog.html

0.11.2

DNS Listener, Scripting and Mimikatz

🖥️ Client Improvements

• Improved shelldot.listener.relay-agent-reverse-tcp listener creation dialog
• Added shelldot.listener.agent-reverse-dns listener creation dialog
• Improved new payload creation dialog on the Payloads page to fit with the rest of the dialogs style

⚙️ Server Enhancements

• Added shelldot.listener.agent-reverse-dns plugin for commercial tier ( BETA )
• Tuoni Scripting Engine (TSE) scripts now allow editing agent metadata
• mimikatz command now supports multiple commands in one execution (space delimited)
• screenshot & screen-tracker commands now return jpeg instead of png, saving ~10x network bandwidth
• screen-tracker now calculates the --timeout argument more accurately
• --execConf.ppid now works as expected in the commercial payload
• cd command in Linux now properly updates agent metadata again

For a complete list of changes, visit our GitHub release page.

Tuoni 0.11.1

Performance Improvements and Network Intelligence

🖥️ Client Improvements

• Terminal Performance: Resolved command debouncing issues that occurred when processing multiple simultaneous command events
• Connection Management: Standardized default connection URL to https://local-c2:8443, removing automatic URL detection for more consistent behavior
• Client Server Middleware: Enhanced localhost connection handling with improved override configurations
• Error Handling: Strengthened API error management to prevent console logging issues

⚙️ Server Enhancements

• ELF Loading: Cleaned up load-elf command output by removing extraneous stdout messages
• Network Intelligence: Enhanced agent.metadata.listenerProperties.connectionIp to properly parse and respect Forwarded, X-Forwarded-For, and X-Real-IP headers for accurate client IP detection
• Linux Library Payload: Linux Library payload now supports LD_PRELOAD injection method
• Proxy Authentication: Added Kerberos and NTLM proxy authentication detection & support for HTTP listener (enabled by default, Windows only)

For a complete list of changes, visit our GitHub release page.

0.11.0

Tuoni 0.11.0

Payload Guardrails, Mutex, BOF Upgrades & More!

🖥️ Client Enhancements

• Redesigned text file preview in the terminal with full syntax highlighting for a better viewing experience
• Expanded file download support to all command status types (ongoing, failed, success) and added support for multiple files in results
• Terminal commands now accept number (float) arguments, and ls command output time format is now set to en-CA locale
• Improved autocompletion for --@files arguments and made payloadid validation case-insensitive

⚙️ Server Improvements

• Username minimum length reduced from 3 to 1 character
• Default payload metadata now includes version and type
• Fixed Screenshot Hi-DPI issue and improved wording in portscan command documentation
• Added screen-tracker command for commercial payloads
• Introduced guardrails to default and commercial Windows payloads, including 4 new options (DomainExists, DomainNotExists, TimeBefore, TimeAfter) and a special EnvSecret guardrail for commercial payloads
• All payloads now support mutex to enforce single instance execution
• BOFs now support sending back files and introduce two new options:
  • designated_thread: By default, each BOF runs in its own thread. If this option is set to true, the BOF will instead run on a shared thread with all other BOFs that also have this option set to true.
  • keep_in_memory: By default, a loaded BOF is removed from memory once execution finishes. If this option is set to true, the BOF stays in memory and will be reused on subsequent executions instead of being reloaded.
• Added support for reverse-relay-tcp listeners (commercial Windows payload) and manual webProxy configuration for HTTP listener
• Numerous internal fixes and optimizations across default, commercial, Linux, and BSD payloads

🧪 Experimental

• Added API scripting endpoints to support future features
• Added initial event triggers support in the Tuoni Scripting Engine (TSE)

0.10.4

🖥️ Client Enhancements

• Introduced comprehensive plugin settings management within server configuration interface
• Enhanced terminal capabilities with direct inline viewing support for additional image file formats
• Improved terminal selection highlighting consistency and reliability

⚙️ Server Improvements

• Enhanced download command functionality to support file retrieval even when files are actively opened by other processes
• Introduced TLS Common Name configuration option for agent-reverse-http plugin, enabling custom certificate CN override for self-signed certificates under server settings
• Implemented intelligent plugin version management to automatically load the most recent version when multiple instances of the same plugin exist in /srv/tuoni/plugins/server
• Enhanced bof command argument processing with support for null value packing in function parameters
• Resolved missing relocations in bof command execution for improved stability
• EXPERIMENTAL Server-Side-Scripting
  • Implemented configurable file-change debouncing mechanism for script monitoring
  • Introduced preliminary support for third-party Python package integration within server-side scripts

🔒 COMMERCIAL Tier

• Introduced new LIBRARY payload type for Linux payload plugin, enabling sophisticated library-based execution techniques
• Added additional configuration options to Linux Payload for code execution, such as disabling memfd and specifying a custom location for temporary files
• Improved ls command handling in Linux agent for better detection and display of hidden files and empty directory structures

🚀 tuoni command

• Introduced update-plugins sub-command for streamlined access and installation of licensed plugin components. - @AllRWeak in #73

0.10.3

Tuoni 0.10.3

Maintenance and Stability Improvements

🖥️ Client Enhancements

• Resolved terminal file caching issue that impacted --@files commands
• Fixed terminal autocomplete functionality to ensure consistent command completion
  • For terminal memory
  • For terminal history
• Enhanced --@files commands positional detection

⚙️ Server Improvements

• EXPERIMENTAL
  • Implemented graceful error handling in Server-Side Script engine when scripts directory is not present

🏗️ SDK 0.10.0 Released!

https://docs.shelldot.com/plugins/server/SdkChangelog.html

0.10.2

Tuoni 0.10.2

Enhanced User Experience and Python Support

🖥️ Client Enhancements

• Implemented persistent memory for agent table sorting preferences, improving workflow efficiency
• Refined Jobs page to display only active jobs since last server reboot by default, with additional option to view complete history
• Added sorting capabilities to the Jobs Table for better data management

⚙️ Server Improvements

• EXPERIMENTAL
  • Enhanced Server-Side Scripting with full Python standard library support, significantly expanding automation capabilities
  • Introduced configurable sandboxing levels for Server-Side Scripts, providing flexible security options based on deployment requirements

🗎 Documentation

• Redesigned releases page to accommodate growing version history

0.10.1

Tuoni 0.10.1

Stability Release

🖥️ Client Enhancements

• Enhanced reliability of agent repopulation following websocket events
• Improved terminal resilience against malformed command schemas
• Implemented loading states for listener creation dialogs to prevent duplicates on slow servers
• Added contextual "dot-menu" functionality to discovery data models (credentials, hosts, and services) enabling bulk operations
• Introduced bulk archiving capabilities for credentials
• Restructured Server edit page button layout for improved usability

⚙️ Server Improvements

• Introduced EXPERIMENTAL Server-Side-Scripting feature
  • Supports creation of CommandAliases that trigger server-side Python scripts
  • Enables population of "discovery" data models'
  • Enables triggering multiple internal commands on the agent and returning a single result
• Added Server Settings option to enable the experimental scripting engine
• Resolved Agent reactivation websocket event issue
• Fixed schema definitions for various commands with allOf configurations (particularly jump-* commands)

🚀 Launchers

• @palangosjuze added CMD service launcher
• @palangosjuze added remote APC injection python launcher for the shellcode

0.10.0

Tuoni 0.10.0

No more "API ERRORS", Server settings, Server jobs and much more...

🖥️ CLIENT

Terminal Improvements

• Terminal arguments now support "fuzzy-complete": execute-assembly --par + tab will complete to execute-assembly --parameters
• Terminal unfinished command is now cached when clicking around in the UI (tabs, pages)
• Command errors are now visible in the terminal
• Added several layers of failsafes to avoid rendering overly large command results in the terminal
  • If file is omitted by the server, a download option appears
  • Additional option to show "last 500 lines" of the result is now offered
• Improved the preview of downloaded files

Agent Management

• Improved "remove-all-agents" feature, it is now instantaneous
• All agent.metadata.customProperties fields are now searchable. Even the ones not pre-defined by default
• Sorting by "last" column in agents table now works again
• It is now possible to specify a file in the "send-command-to-all" dialog

UI Enhancements

• Changed icon on Files page to better indicate if file can be downloaded
• All listeners are now visible, removed hidden pagination
• Added a feature to edit server settings & configurations
• 3rd party listeners are now supported in the Client. Migrated most of plugins to use universal listener dialog
• Added support to specify Java keystore for HTTPs listener in the client

Command & Job Management

• Inject command alias now works correctly
• Added jobs page to manage all server side jobs
• Major overhaul of error handling. No more generic "API - error"

New Features

• Added new python shellcode launchers by @palangosjuze

⚙️ SERVER

Listener Enhancements

• HTTP listener now validates HOSTS entries for valid IPv4, IPv6 and domain names
• HTTP listener now has validation for port ranges
• HTTPS listener now supports selecting alias from the Java keystore for certificates
• Enhanced Listener configuration stability

API Improvements

• Agents API now sends payloadId with agent metadata if provided by the payload plugin
• Fixed issue with agents sometimes getting empty metadata
• Files API now sends supportedActions indicating if file can be deleted
• Tuoni API now omits large text results from batch queries. They need to be requested implicitly. This improves performance all around

Command & Job Functionality

• BOF command --pack_args now supports fewer arguments than defined in --pack_format
• Added run-as native command
• Added API support for background jobs

Server Configuration

• Added a new feature - "server settings". It's now possible to specify:
  • Name for the server
  • If agents should be automatically set to inactive (removed) when "die" command is sent

🔒 COMMERCIAL

Linux Payload Improvements

• Linux payload is now embedded, making it "true elf". This makes Tuoni Linux payload compatible with the load-elf command and alternatives. Also enhances the compatibility with various Linux distributions and overall stability
• Fixed issue with Linux payload Domain Fronting feature
• Linux listener configuration is now encoded
• Linux and BSD payloads and HTTP listener can handle high volume text results better
• Linux and BSD ls command now supports file globbing

Windows Payload Enhancements

• Windows payload template can now be specified in the payload configuration, making it easy to quickly switch between various templates
• Windows payload template can also be specified as a URL to fetch it remotely
• Added support for custom Windows shellcode encoding in the commercial payload
• Windows payload now implements import table randomization by default giving it unique imphash on every payload generation

New Contributors

• @palangosjuze: #66
• @se-fLa: shell-dot/tuoni-pip#4
• @karlkr: shell-dot/tuoni-pip#3