Changelog

v0.7.0

PowerShell beacon — full PS 5.1+ beacon with three evasion layers:
- AMSI bypass via amsiInitFailed reflection (strings split, never in plaintext)
- ScriptBlock logging disable via cachedGroupPolicySettings reflection
- ETW disable via m_enabled=0 on PSEtwTracer
- In-memory execution only — no files written to disk
- All sensitive strings (C2 URLs, secret, API paths) XOR-encoded
FQDN support in IP whitelist — add hostnames in addition to IPs; resolved with DNS cache

PowerShell beacon string encryption edge cases (backtick escaping in template literals)
PS beacon shell execution and __ls__ / __pty__ command handling
i18n: translated all remaining hardcoded strings in stager one-liners and generator UI

Stager payload system — deliver beacons via one-time token URLs:
- Payload GZip-compressed and AES-256-CBC encrypted at rest
- AES decryption key embedded only in the delivery one-liner
- Max-use limit and expiry time per token
- Instant revocation from the panel
Expanded stager delivery methods — one-liners generated automatically:
- PowerShell IEX, EncodedCommand (base64 UTF-16LE)
- PowerShell AES (fetches and decrypts encrypted payload)
- HTA (mshta), VBS (wscript), certutil (LOLBin), curl, wget, nc
- Python one-liner (Linux/Mac)
Startup folder persistence — additional Windows/Linux persistence method alongside registry run key and crontab

Network topology graph — vis.js interactive map of discovered internal hosts; built from neighbors task output across all sessions
Operator real-time chat — shared chat panel in session view, persisted in DB, unread badge
Multi-operator task sync — task_created WebSocket event broadcast to all connected operators in real time
Operator traceability — operator username recorded on each task; visible in reports and audit log
EDR/AV detection tracking — mark a session as detected with EDR name; shown in session list and reports
Beacon execution time — task duration tracked and displayed in the terminal

Go beacon — cross-compiled native binary (Linux ELF + Windows EXE); zero runtime dependencies, smallest binary of all types
AES-256-CTR encryption mode — selectable in the beacon generator; stronger payload confidentiality than XOR
Server-side key delivery — beacon fetches its AES key from the C2 at runtime; key never embedded in the binary
Python beacon obfuscation — xPy string encryption, PyArmor, --strip, docstring removal
Java beacon obfuscation — ProGuard, -g:none, xL string encryption
Heartbeat timeout — beacon self-destructs if C2 unreachable for N days
Agent secret rotation — rotate the shared secret; active beacons auto-update on next check-in, old secret stays valid during transition
Engagement reports — Markdown, HTML, and PDF export with activity timeline, command log, and exfil listing
File browser improvements — image preview, PDF/DOCX/XLSX viewer, icon view, image thumbnails

All API paths XOR-encrypted in Python beacon (previously some paths were cleartext)
File browser Windows path handling (backslash escaping, navigation history)

Java beacon — cross-platform JAR (JRE required); ProGuard obfuscation
Webhook notifications — Discord-compatible rich embeds for: new agent, operator login, failed login, agent deleted, task sent
Audit log — admin-only timestamped log of all security-relevant events; filterable by user, action, and date
Geographic agent map — world map (Leaflet + ip-api.com) with agent locations resolved at check-in
Kill date — beacon auto-destructs after a configured date
EN/ES language switcher — full bilingual UI (English / Spanish)
Security headers — HSTS, X-XSS-Protection, CSP, X-Frame-Options, and more
Timezone selector — per-operator UI setting

Windows cd tracking (batch file workaround to avoid %CD% parse-time expansion)

TOTP / MFA — two-factor authentication compatible with Google Authenticator, Aegis, Authy
Multi-user management — create and delete operator accounts from the admin panel
Background execution — Linux double-fork daemon, Windows no-console process

Initial release.