0.14.1

Release Notes - Tuoni v0.14.1

✨ Highlights

• Plugin SDK compatibility - Restored support for plugins built against Tuoni SDK 0.10.0 through 0.12.0.
• 🔒 Commercial payload uploads - Fixed a hang when uploading larger files to commercial agents.
• Terminal command fixes - Fixed stale terminal autocomplete and safer execConf clearing.

Server

🐞 Bug Fixes, Reliability & Performance

• Plugin SDK backward compatibility - Fixed the PluginSettingOption compatibility issue that could break plugins built against Tuoni SDK 0.10.0 through 0.12.0.

Client

🐞 Bug Fixes, Reliability & Performance

• Terminal autocomplete state - Editing the command name now closes stale argument suggestions and refreshes completion against the active command.
• Execution config parsing - Dangling, empty, or null --execConf flags now clear optional values safely while preserving the default execution type.

Agents

⭐ New Features & Improvements

• 🔒 Commercial payload builds - Rebuilt the Windows Commercial payloads.

🐞 Bug Fixes, Reliability & Performance

• 🔒 Commercial agent uploads - Fixed a hang when uploading larger files to commercial agents.

0.14.0

Release Notes - Tuoni v0.14.0

✨ Highlights

• 🔒 ExecUnit support - Introduced ExecUnit support for payloads, listeners, and commands. Learn more
• 🔒 Embedded HTTP listener - Added support for embedding HTTP listeners into generated payloads.
• Payload Generation Wizard - Replaced older payload dialogs with a guided Payload Generation Wizard.
• High-load UI and bulk workflows - Improved reconnect handling, stale-agent protection, agent table performance, multi-select actions, and bulk workflows for environments with 1000+ agents.
• Theme engine - Added runtime theming with Dracula, GitHub and deuteranopia themes.

Server

⭐ New Features & Improvements

• ExecUnit API support - Added server-side support for command, listener, and payload ExecUnits.
• Agent callback metadata - Added agent metadata for supported execution types, preferred execution order, sleep and sleepUntil values, and next expected callback.
• Permission discovery endpoint - Added /api/v1/permissions so clients can discover permission labels, codes, descriptions, and mandatory status dynamically.
• MD5 hash in activity log - Added MD5 logging for hosted file and payload downloads.

🐞 Bug Fixes, Reliability & Performance

• Script stability - Fixed race conditions during script restarts and reduced locking during script execution.
• Hosted file robustness - Improved file upload and replacement logic for safer validation and storage.
• High-load event processing - Improved performance for job updates and event creation.
• Command-result protection - Reduced WebSocket and API command-result limits to keep large command output from overloading clients and response delivery.
• Reduced database load - Reduced database queries and updates during agent fetches and command updates.

Client

⭐ New Features & Improvements

• Payload Wizard - Added a multi-step generation flow to simplify payload creation.
• Payload management - Added payload multi-select, bulk delete, improved file upload, and clearer validation feedback.
• Agent multi-select - Added Ctrl/Shift selection workflows, a floating bulk action bar, and reusable table selection behavior.
• Theme engine - Added runtime theme registration, Dracula and GitHub theme variants, and deuteranopia themes.
• Terminal polish - Improved execConf and @files autocomplete and highlighting, execUnitType support, hyphenated argument parsing, Ctrl+U/Ctrl+C behavior, browser find handling, and cursor positioning after font load.
• Navigation polish - Added a left drawer rail toggle, fixed drawer viewport sizing, improved help/API links, notifier actions, and user authority initialization.

🐞 Bug Fixes, Reliability & Performance

• XSS - Fixed XSS vulnerability in UI reported by https://github.com/spaceraccoon
• Reconnect UX - Added persistent reconnect banners, per-server retry controls, and quieter handling for inactive servers.
• High-volume agent handling - Improved agent store and table behavior for environments with 1000+ agents.
• Agent table stability - Added fixed headers, sortable next-callback display, and better cleanup for pending timers, fetches, and removed agents.

Agents

⭐ New Features & Improvements

• 🔒 Commercial ExecUnit support - Commercial agents now advertise execution capabilities and support shellcode, .NET EXE, .NET DLL, and native library payload execution.
• 🔒 Configurable execution order - Payloads can receive an execution-unit preference order so generated payloads can choose supported execution methods explicitly.
• 🔒 Templated IPC pipe names - Non-shellcode Windows execution can generate pipe names from configuration templates for better payload and listener coordination.
• 🔒 Embedded HTTP listener mode - Added an option for Windows agents to embed HTTP listener directly to the agent.
• 🔒 PE signing for Windows agents - Added Authenticode PE signing for Windows payloads, including configurable signing certificate support.
• 🔒 PE VersionInfo - Added support for embedding PE VersionInfo metadata into generated payloads.
• 🔒 Linux in-memory ELF loading - Linux and BSD payloads now support pure in-memory custom plugin loading.

🐞 Bug Fixes, Reliability & Performance

• Multiple stability and compatibility fixes

Commands

⭐ New Features & Improvements

• 🔒 ExecUnit command variants - Added .NET DLL, .NET EXE, shellcode, and native library ExecUnit support for the main Windows command set.
• Powerpick command - Added Powerpick with TLV configuration, streamed output, and error stream reporting.
• Remote execution workflows - Added or updated templates for remote exec over SSH, WinRM, WMI, service execution, and remote upload over SCP.
• Timestomp command - Added timestamp manipulation support through the command template set.
• Jump-SSH command - Added Kerberos support for Jump-SSH.

🐞 Bug Fixes, Reliability & Performance

• Port scan hostname output - Port scan can now return hostname data through DNS, NetBIOS, or fallback resolution with updated result framing.
• Screenshot compatibility - Added .NET and native screenshot variants with improved DPI handling and JPEG encoding.

Listeners

⭐ New Features & Improvements

• 🔒 Windows listener ExecUnits - Added .NET EXE, .NET DLL, shellcode, and native library ExecUnit support outputs for HTTP, TCP, and DNS listeners.
• Listener bind controls - Added bindToPort and bindAddress handling for TCP reverse listeners and fixed HTTPS listener bind-address handling.
• HTTP listener metadata headers - HTTP listeners can read listener-specific metadata from configured headers.

🐞 Bug Fixes, Reliability & Performance

• 🔒 Linux DNS hardening - Malformed DNS labels and truncated A/TXT responses now fail in a controlled way.
• HTTP listener reliability - Improved stability for HTTP listener workflows across Windows, Linux, and BSD implementations.

0.13.0

Release Notes - Tuoni v0.13.0

---

Highlights

• Multi-Server Support - Major overhaul including spawn across servers, multi-server notifications, redesigned left menu for better server overview, and tab persistence per server connection
• Major Performance Improvements - Event actor caching, parallel shutdown of command queues and listeners, command template caching, deferred file list loading, and virtual scrolling for large directories
• Agent Blocking - New BLOCKED agent status with endpoints to block/unblock agents, UI dialogs, and bulk block-all/block-selected actions
• Evasion & Commercial Improvements - New AMSI bypass for the commercial agent, .NET listener code obfuscation, obfuscation configuration for commercial payloads, self-destruction via die command and autoDestructDate payload option, DNS listener rotation fix, keepConnectionsAlive for HTTP listeners

---

Server

New Features

• Agent block/unblock - New API endpoints to block and unblock agents; introduces AgentStatus to indicate whether agent is Active, Inactive or Blocked
• Cancel queued commands - Calling the stop endpoint now cancels a command if it hasn't been sent to the agent yet
• Edit payload name - New endpoint to rename payloads after creation
• Script alias descriptions - Script aliases can now have an optional description field
• SDK settings - Improved setting registration mechanism for SDK plugins

Bug Fixes

• Fix failed commands being re-queued on startup
• Fix command canceling sometimes removing other queued commands from the queue
• Fix payload endpoint permissions
• Fix DNS listener host rotation for commercial payloads; resolver now also accepts domain names instead of just IP addresses
• Fix IP separators in Linux & BSD DNS listeners
• Fix rportfwd configuration info
• Fix portscan crash condition in BSD templates
• Fix ls command basedir when using wildcards
• Fix download command handling of NT kernel namespace paths
• Fix duplicate key exception in EntityCache

Evasion & Commercial Improvements

• Obfuscation configuration added to commercial payload settings with supporting templates
• New AMSI bypass without any memory protection manipulation, available inside the commercial agent and as a command
• All listeners' .NET code is now obfuscated
• Garbage code generator for commercial payloads
• Improved shellcode detection handling for single command shellcode
• Additional obfuscation improvements across commercial templates
• Metadata value transformation defaults in listeners

Agent & Payload Improvements

• Self-destruction added to the commercial agent via the die command, and as a payload configuration option (autoDestructDate) to help limit unplanned sessions
• Payload download via name (not just ID) over HTTP listener - first match will apply
• Launchers can now use payload name in addition to payload ID
• Payload padding support for Linux & BSD
• Portscan support for BSD agents
• Linux agent named pipe files are now cleaned up
• keepConnectionsAlive configuration for HTTP listeners - reuses established connections instead of opening new ones per request, reducing network noise. Now optional and can be disabled

---

Client

Multi-Server Support

• Spawn across servers - Use the spawn command to display payloads by listener, template, payload type, or configuration - and inject across remote servers. Type spawn without arguments to get started
• Multi-server notifications - Stay informed across all connected servers via shared WebSocket
• Redesigned left menu - Better overview of connected servers with emoji and notification indicators
• Tab persistence - Tabs are saved and restored per server connection

New Features

• Agent blocking UI - Block/unblock agents with confirmation dialog; bulk block-all and block-selected actions
• Kill all agent confirmation - Confirmation dialog before killing all agents
• Clear command queue - New clear command to clear an agent's command queue
• Command context menu - Right-click menu on commands for quick actions
• Copy to clipboard for downloaded file viewer - Copy functionality with visual feedback added to download command
• File list overhaul - Complete redesign for ls command output. Now supports listing C:\windows\system32 and much bigger folders without performance issues. Includes virtual scrolling, deferred loading, and search functionality
• Terminal find - Browser Ctrl+F capture in terminal is now optional
• Keyboard shortcuts - Cursor navigation shortcuts in terminal input added: ctrl+a and ctrl+e
• Command highlighting - Terminal input highlighting better reflects how the command will be parsed
• Command sent indicator - Commands now show sent status in terminal output
• Debug toggle - Toggle to show/hide failed command debug info in terminal via profile settings
• Improved help - Help command output now groups and prioritizes commands
• Execution configuration - Added all new spawn dialog for execConf options
• MANAGE_JOBS permission - Users page now shows MANAGE_JOBS permission

Bug Fixes

• Fix job page timestamps
• Fix localStorage access check in general store initialization
• Fix null string in execConf assignment (now properly converts to null)

Payload & Template Changes

• RocketShip JSON now uses only the payload.configuration object, same as payloads page
• Payload page JSON viewer supports configuration-only mode same as rocket ship

UI Improvements

• RocketShip visual: support for 10+ launchers, headphones icon for listener chip
• Improved error handling for command-not-found with detailed notification

0.12.2

Tuoni 0.12.2

BindTCP, rportfwd and QoL

Misc

• Added rportfwd command for windows/linux/bsd
• Linux & BSD agents now return payloadId value in metadata
• Relay Bind TCP listener is now supported also for Linux and BSD agents
• Fixed token related issues in commercial agent
• Crashed listener shellcode execution is restored where possible on windows agent
• Better use of tokens when network related COM is used (jump-wmi can now use stolen token)
• Relay Bind TCP listener can be reconnected

Tuoni 0.12.1

SMB, bindAddress and filename

🖥️ Client

• In the terminal all "integer" values can now also be entered in the HEX format, eg. 0xFF will be converted to 255

⚙️ Server

• Reordered the new filename and bindAddress fields in the HTTP listener default conf
• Additional template values in HTTP listener filename

🔒 Commercial

• Refactor and overall improvement of tokens handling
• Shellcode does not allocate RWE memory for itself anymore

Misc

• SMB listener allows reconnection without previous connection failure

0.12.0

New commands, launchers and better encryption!

🖥️ Client

• explorer.exe is now highlighted in the ps command output
• Fixed terminal crash when agent metadata does not have IP set to better support 3rd party agents
• Users view now has confirmation box when trying to disable your own account
• Added search for "hosts" and "credentials" view
• Improved hosts view sorting to sort correctly by IP addresses

⚙️ Server

• Added feature to specify payload filename template when served via the http listener.
• Added API endpoint to clear agent queue
• Supports agent communication encryption in CBC and GCM (used to be only CBC)
• Payload plugins are now initialized before listener and command plugins
• Add create/update timestamps to API for each command result entry
• Add option for command plugins to hide some result entries from API response

🔒 Commercial

• Added keylogger windows command
• Added memory-layout command
• Fix token not applying for plugin commands correctly for commercial agent
• screen-tracker command now prints out the correct count for screenshots taken
• Improved DNS listener
• Added native privilege-list command to commercial agent (current works with process token only)
• Added native privilege-enable command to commercial agent (current works with process token only)
• Added native privilege-disable command to commercial agent (current works with process token only)
• Fixed command stopping handling issues with some commands

Misc

• Added 2 new launchers #86 by @palangosjuze
• Improved licence key validation #89 by @AllRWeak
• Added token-from-handle command that can be used with token handles created by BOF's or .NET code
• Commands shellcode can provide new token directly to agent
• Upgraded agent communication encryption to GCM

🏗️ SDK 0.12.0 Released!

https://docs.shelldot.com/plugins/server/SdkChangelog.html

0.11.2

DNS Listener, Scripting and Mimikatz

🖥️ Client Improvements

• Improved shelldot.listener.relay-agent-reverse-tcp listener creation dialog
• Added shelldot.listener.agent-reverse-dns listener creation dialog
• Improved new payload creation dialog on the Payloads page to fit with the rest of the dialogs style

⚙️ Server Enhancements

• Added shelldot.listener.agent-reverse-dns plugin for commercial tier ( BETA )
• Tuoni Scripting Engine (TSE) scripts now allow editing agent metadata
• mimikatz command now supports multiple commands in one execution (space delimited)
• screenshot & screen-tracker commands now return jpeg instead of png, saving ~10x network bandwidth
• screen-tracker now calculates the --timeout argument more accurately
• --execConf.ppid now works as expected in the commercial payload
• cd command in Linux now properly updates agent metadata again

For a complete list of changes, visit our GitHub release page.

Tuoni 0.11.1

Performance Improvements and Network Intelligence

🖥️ Client Improvements

• Terminal Performance: Resolved command debouncing issues that occurred when processing multiple simultaneous command events
• Connection Management: Standardized default connection URL to https://local-c2:8443, removing automatic URL detection for more consistent behavior
• Client Server Middleware: Enhanced localhost connection handling with improved override configurations
• Error Handling: Strengthened API error management to prevent console logging issues

⚙️ Server Enhancements

• ELF Loading: Cleaned up load-elf command output by removing extraneous stdout messages
• Network Intelligence: Enhanced agent.metadata.listenerProperties.connectionIp to properly parse and respect Forwarded, X-Forwarded-For, and X-Real-IP headers for accurate client IP detection
• Linux Library Payload: Linux Library payload now supports LD_PRELOAD injection method
• Proxy Authentication: Added Kerberos and NTLM proxy authentication detection & support for HTTP listener (enabled by default, Windows only)

For a complete list of changes, visit our GitHub release page.

0.11.0

Tuoni 0.11.0

Payload Guardrails, Mutex, BOF Upgrades & More!

🖥️ Client Enhancements

• Redesigned text file preview in the terminal with full syntax highlighting for a better viewing experience
• Expanded file download support to all command status types (ongoing, failed, success) and added support for multiple files in results
• Terminal commands now accept number (float) arguments, and ls command output time format is now set to en-CA locale
• Improved autocompletion for --@files arguments and made payloadid validation case-insensitive

⚙️ Server Improvements

• Username minimum length reduced from 3 to 1 character
• Default payload metadata now includes version and type
• Fixed Screenshot Hi-DPI issue and improved wording in portscan command documentation
• Added screen-tracker command for commercial payloads
• Introduced guardrails to default and commercial Windows payloads, including 4 new options (DomainExists, DomainNotExists, TimeBefore, TimeAfter) and a special EnvSecret guardrail for commercial payloads
• All payloads now support mutex to enforce single instance execution
• BOFs now support sending back files and introduce two new options:
  • designated_thread: By default, each BOF runs in its own thread. If this option is set to true, the BOF will instead run on a shared thread with all other BOFs that also have this option set to true.
  • keep_in_memory: By default, a loaded BOF is removed from memory once execution finishes. If this option is set to true, the BOF stays in memory and will be reused on subsequent executions instead of being reloaded.
• Added support for reverse-relay-tcp listeners (commercial Windows payload) and manual webProxy configuration for HTTP listener
• Numerous internal fixes and optimizations across default, commercial, Linux, and BSD payloads

🧪 Experimental

• Added API scripting endpoints to support future features
• Added initial event triggers support in the Tuoni Scripting Engine (TSE)

0.10.4

🖥️ Client Enhancements

• Introduced comprehensive plugin settings management within server configuration interface
• Enhanced terminal capabilities with direct inline viewing support for additional image file formats
• Improved terminal selection highlighting consistency and reliability

⚙️ Server Improvements

• Enhanced download command functionality to support file retrieval even when files are actively opened by other processes
• Introduced TLS Common Name configuration option for agent-reverse-http plugin, enabling custom certificate CN override for self-signed certificates under server settings
• Implemented intelligent plugin version management to automatically load the most recent version when multiple instances of the same plugin exist in /srv/tuoni/plugins/server
• Enhanced bof command argument processing with support for null value packing in function parameters
• Resolved missing relocations in bof command execution for improved stability
• EXPERIMENTAL Server-Side-Scripting
  • Implemented configurable file-change debouncing mechanism for script monitoring
  • Introduced preliminary support for third-party Python package integration within server-side scripts

🔒 COMMERCIAL Tier

• Introduced new LIBRARY payload type for Linux payload plugin, enabling sophisticated library-based execution techniques
• Added additional configuration options to Linux Payload for code execution, such as disabling memfd and specifying a custom location for temporary files
• Improved ls command handling in Linux agent for better detection and display of hidden files and empty directory structures

🚀 tuoni command

• Introduced update-plugins sub-command for streamlined access and installation of licensed plugin components. - @AllRWeak in #73