v6.4.1

[6.4.1] - 2026-02-15

• Updated Starkiller to v3.3.0

Added

• Added config.user.yaml layering support — create a config.user.yaml next to config.yaml to override specific settings without modifying the base config
• Added auto_install option to plugin_marketplace config for automatic plugin installation during setup
• Added server.socketio config option to disable Socket.IO (default: true)
• Added C# spawn module with Powershell and C# executables

Fixed

• Fixed Go agent failing to run powershell modules that are too long
• Removed StagerURI from http listeners
• Fixed HTTP hop listener not getting proper host address
• Fixed arguments for bof module netloggedon
• Fixed option ComputerName being removed from modules without custom_generate
• Fixed missing CompatibleDotNetVersions for ShellcmdRunas and ShellRunAs
• Fixed missing CompatibleDotNetVersions for Assembly and AssemblyReflect
• Fixed parameter error when running Sharpsploit.Assembly

[6.4.0] - 2026-01-18

Added

• Added Debian 13 support
• Added error message if running ps-empire server under root without -f
• Added hide_disabled parameter to GET /api/v2/modules/ endpoint
• Added a health check endpoint at /healthz
• Added module_options to AgentTask and plugin_options to PluginTask for better execution tracking
• Added -c (compile from source) and -o (override) options to ps-empire
• Added local ticket support to Invoke-PSRemoting module
• Added an endpoint to stop background jobs on agents
• Added foreground C# tasking support to IronPython agent
• Added Get-ClipboardHistory PowerShell module to enumerate Windows clipboard history (Windows 10/11) via WinRT APIs

Changed

• Updated the module categeories to be more clear
• Updated FastAPI deps to use Annotated types
• Changed StratumMiner, Moriarty, and Sharpup to background tasks
• Updated empire-compiler to v0.4.3

Fixed

• Fixed results not coming back properly for powershell agents on C# background tasks

v6.3.0

[6.3.0] - 2025-12-11

• Updated Starkiller to v3.2.0

Added

• Exposed all agent language options in PSexec so that C#, Ironpython, and Go can be selected for the Empire payload in addition to PowerShell
• Add support for overriding all config values with environment variables
• Updated Empire Compiler to v0.4.1
• Add customizable C# obfuscation to EmpireCompiler through confuser xml
• Added mTLS support to agents and listeners
• Added mono to install script for confuser obfuscation support on Linux

Changed

• Upgrade all dependencies to latest
• https host can be used on http and malleable listeners without a cert path
• Upgraded routing packets from RC4 to use ChaCha20-Poly1305 for encryption and authentication
• Changed key exchange for Powershell agent from RSA to Diffie-Hellman
• Updated server to use AESCipher class for encryption/decryption
• Updated multi-launcher launcher to use EntryPoint.Invoke for Powershell
• Moved default bypasses from stager and modules to config

Fixed

• Fix typo in variable name suppress_self_cert_warning
• Fixed all the new ruff linting issues after the upgrade
• URL encode database credentials in case they have special characters
• Fixed EmpireCompiler not obfuscating C# code properly
• Fixed issue where some C# modules would not run in Go agent
• Fixed SharpSploit/ShellCmd not running due to additional yaml argument
• Fixed install script failing on a subsequent run
• Fixed cookie naming for HTTP, foreign, and hop listeners
• Fixed port appending issues with listeners when not needed

Changed

• Install script invokes setup command to download starkiller, empire-compiler, and plugin registries

Removed

• Removed Ubuntu 20.04 from install tests
• Removed RC4 being used to deliver to agents

v6.2.1

[6.2.1] - 2025-09-05

• Fix bug where websocket connection would fail because the jwt_auth method arguments changed

v6.2.0

[6.2.0] - 2025-09-02

• Updated Starkiller to v3.1.0
• Added clean and reset options to the server
• Added other agent language support to fodhelper
• Added go support to spawn and spawnas
• Fixed launcher_bat when go agent is used
• Fixed issue where gopire doesn't detect high integrity agents
• Fixed C# execution in iron python agent to use ordered arguements
• Removed redundant C# function from iron python agent
• Cleaned up Rubeus and RunCoff yamls
• Fixed port normalization to allow host port and bind port to be different
• Allow 'X-Empire-Token' as an alternative header to 'Authorization'
• Remove abandoned passlib library and use bcrypt directly

v6.1.3

[6.1.3] - 2025-07-11

• Updated Starkiller to v3.0.1
• Fixed PowerShell agent having base64 encoded Cookie name for HTTP listener

v6.1.2

[6.1.2] - 2025-05-21

Added

• Added support for Ubuntu 24.04 in the install script

Fixed

• Fixed issue launching powershell on some distros by installing libicu

[6.1.1] - 2025-05-21

Fixed

• Fix issue caused by ordering of API routers

[6.1.0] - 2025-05-20

Changed

• Use pyyaml's C extension for loading/dumping module yamls to make startup and tests faster
• Simplified Dockerfile by using TARGETARCH variable
• Cleanup API code
• Use a new version of donut that supports arm64
• Update all deps

Removed

• Remove unused files

v6.0.3

[6.0.3] - 2025-04-24

• Fixed SMB listener not sending start task
• Fixed ironpython shell commands running as cmd instead of powershell
• Added literal interpretation for shell commands to ironpython agent
• Fixed multi_launcher not being able to build smb agent
• Removed linux as go agent option as its not implemented yet

v6.0.2

[6.0.2] - 2025-04-07

• Fixed issue where C# modules on powershell agent would be improperly formatted
• Fixed SharpWMI argument errors when using escaped quotes
• Updated result parser on SharpWMI to not use StreamWriter due to messing up results

v6.0.1

[6.0.1] - 2025-04-03

Fixed

• Fixed issue generating Sharpire exes

v6.0.0

Common Issues

Issue

Current Python version (3.12.2) is not allowed by the project (>=3.13,<3.14).
Please change python executable via the "env use" command.

Solution:

sudo rm -rf .venv
poetry install

Issue

[*] Updating goenv
fatal: not a git repository (or any of the parent directories): git

Solution:

Open a new terminal, the install script should have set $GOENV_ROOT in your bashrc or zshrc file.

[6.0.0] - 2025-03-25

• Updated Starkiller to v3.0.0

Highlights

• Plugin Marketplace
• Go agents
• Empire Compiler for C#
• Command line client removed

Added

• Added support for plugin registries and installing plugins via the API
  • See the Plugin Marketplace in Starkiller 3.0!
• New allow/deny list implementation that properly supports IPv4, IPv6, Ranges, and CIDRs
• Added API endpoints for managing autorun commands on agent checkin
• Added api.ip and api.secure as server config options
• Added Go agents
  • Added Go to install script
  • Added new stager type multi_go_exe
  • Added Go is an option for multi_launcher
  • Added new compiler class GoCompiler
• Added -f flag for install script to force install as root
• Added dynamic options to modules
• Added module code_execution/invoke-script for remote ps1 script execution
• Added module python/code_execution/invoke-script for remote py script execution
• Added sharphound ingestor for CE and tagged bloodhound with legacy
• Added check that module can be ran on the agent based on language

Changed

• Changed minimum Python version to 3.13
• Updated module_service logic for tasking types
• Swapped C# module RunOF for COFFLoader
• Updated parsing for bof formatting to use bof_pack
• Moved bash and pyinstaller stagers to linux folder
• Change formatter to ruff to consolidate developer tooling
• Revised the staging process for agents. Session IDs are provided by the server and all packets are wrapped in routing packets.
  • Updated stageless agents to work with python, ironpython, and powershell with the new staging process.
• Updated tactics and techniques on all modules
• Added a yaml formatter and run pre-commit across all files
• Combined config with config_manager
• Converted many parts of codebase to be compliant with flake8-use-pathlib
• Csharp and bof tasks attach the executable as a 'download' with a tag 'task:input'
• Pass output path to dotnet compiler, only compile the requested version
• Limited staging key space to letters and numbers to avoid invalid combinations

Breaking

• Many improvements to plugins - see the plugin-development wiki page
• Moved Agents class to AgentCommunicationService
  • Refactored many of the functions and parameter names
• Moved Stagers class to StagerGenerationService
  • Refactored many of the funtions and parameter names
• Moved Plugin Task handling from PluginService to PluginTaskService
• Moved socks management to AgentSocksService
  • Renamed socks properties on AgentSocksService to use plural naming
• Removed update_lastseen parameter from handle_agent_request
• Renamed all config properties in client and server configs to use snake_case
• Starkiller is now accessed at {api_url}/ instead of {api_url}/index.html
• ip_whitelist and ip_blacklist are now ip_allow_list and ip_deny_list and are lists instead of comma separated strings
• Using a new and improved [Empire-Compiler] for C# compilation
  • Downloads pre-compiled Empire-Compiler to eliminate dotnet as an OS dependency
  • Updated shortened task results to show the C# command ran and full input to show directory of the file
  • Updated C# tasks into folders and split yaml configs to be one per module and match Empire yaml format
  • All C# module code has been moved as submodules of Empire-Compiler
  • Moved EmpireCompiler compression from application to the server
  • Moved EmpireCompiler from install script to startup with autoupdate functionality
  • Replaced csharpserver plugin with DotnetCompiler class in empire.server.common
• module_service.execute_module returns a pydantic model
• agent_task_service functions take a user model instead of user id
• All writeable data moved out of the install path into ~/.local/share/empire

Deprecated

Removed

• Removed autorun config options which haven't been used since Empire 3
• Removed install support for Debian 10
• Removed nim stager from Empire and install script
• Removed slack notifications from listeners
• Removed the following stagers
  • osx/pkg
  • windows/backdoorlnkmacro
  • windows/launcher_lnk
  • windows/launcher_sct
  • windows/ms16-051
  • windows/reverseshell
• Removed the following listeners
  • HTTP COM only supports powershell agent and uses an older COM object that isn't used often
  • OneDrive has new APIs and Microsoft hs made registration harder. May return in the future with revisions.
  • Dropbox has new APIs and may return in the future with revisions.
• Removed empire_config.directories.module_source and empire_config.directories.obfuscated_module_source
• Removed BLANK and RANDOM options for staging_keys (wasn't documented anyway)

Breaking

• Removed the command line client. Use Starkiller instead.
• Removed Listeners class
• Removed Credentials class
• Removed functions from Agents class that were marked as deprecated in 5.x
• Removed --restip and --restport options from the command line. Use the config file instead.
• Removed socketport config option on the client which was no longer being used
• Removed script and module upload to memory in favor of modules with same functionality
• Removed reverseshellserver plugin

Fixed

• Fixed Powershell agent overwritting results for C# taskings
• Simplify option_util.validate_options, fixes a bug where an optional file option was treated as required
• Fixed issue loading a plugin that has multiple files
• Fixed issue with permissions caused by git operations being done with de-elevated permissions
• Fixed go agent using a preshared session id

Security