Open
Conversation
- support lib - add comment flag - chore mcp port check
- Support build bind - Change cat's type to BinaryResp - Fix pipeline start logic - Improve display formatting - Fix task's handling - Update switch flag - Clear history on session use/switch
- support match info 、session - fix auth logic - chore display
…nces Convert all 25 skill files (4 SKILL.md + 21 reference files) from Chinese to English. Add anchor-based cross-references between phase files and the two canonical reference files (technique-reference.md, opsec-guide.md). Add canonical-reference header to opsec-guide.md. Remove stale $ARGUMENTS placeholders from iom-pentest and iom-opsec SKILL.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ion testing OODA-loop driven autonomous pentest skill with 5 phases: recon, privesc, credential harvest, lateral movement, persistence. Includes reference docs for OPSEC/AV evasion and technique quick-ref.
Override HasTable, HasColumn, HasIndex, HasConstraint, ColumnTypes, AlterColumn, CreateConstraint, and CurrentDatabase on the custom SQLite Migrator so that GORM AutoMigrate no longer fails on restarts with "table already exists", "near ALTER: syntax error", or "near CONSTRAINT: syntax error". Also make pipeline/website startup errors non-fatal in listener init so a single misconfigured pipeline does not crash the entire server.
…tion Rotate rpc.log and auth.log at midnight, compress previous day's logs, and delete files older than 180 days. Audit logs under .malice/audit/ are cleaned on the same schedule. Works out of the box with no config required.
Add search_commands to both MCP and LocalRPC interfaces, enabling fuzzy search of available commands by name, description, and aliases. Also bump rem to v0.3.0 and update tui submodule. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Refactor config ai/mcp/localrpc to use enable/disable subcommands instead of --enable/--disable flags; bare command shows KV table status - Unify all config display output to use consistent borderNone table style via common.NewKVTable helper and tui.NewOrderedKVTable - Add config summary table: bare `config` shows all modules overview - Add `status` command showing server, sessions, listeners, mals, and services runtime state - Update github/notify display from tui.RendStructDefault to KV tables - Change tui kvBorder to borderNone for global table style consistency Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add StreamCommand to LocalRPCServer for streaming long-running task output. Uses the existing EventHook system instead of polling or DoneCallbacks: - Register EventHook before command execution (zero race window) - Read task ID from Session.LastTask (no polling, no regex) - EventHook filters by task ID and renders via InternalFunctions - Capture LastTask within mutex to prevent concurrent access races Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
…nnel Remove suo5 TCP tunnel (transport.go) and rewrite Channel to communicate with the bridge DLL through HTTP POST requests with X-Stage headers. The webshell now calls DLL exports directly via function pointers — no TCP port opened on the target. Introduce ChannelIface for testability.
…load - Replace fixed-interval polling with adaptive long-poll (idle/active) - Add HMAC-SHA256 time-based token rotation for secrets >32 chars - Add jitter to poll intervals to avoid request synchronization - Add --dll flag for automatic DLL delivery via X-Stage: load - Accept tcp/empty pipeline types alongside webshell
CLI tool for listing, registering, starting and stopping webshell pipelines directly via the admin RPC, useful for development and debugging without the full client TUI.
- Add dependency jar delivery (e.g., jna.jar) before DLL loading for JSP targets - Add response streaming support with length-prefixed frames and fallback - Replace suo5:// URL scheme with direct HTTP(S) URL - Add structured JSON status response alongside legacy text format - Expand test coverage for new channel features
The webshell bridge functionality is being moved into the listener process as WebShellPipeline, eliminating the need for a separate binary.
Add RawCustomParams field to PipelineParams so that non-built-in pipeline types (e.g. webshell) retain their original JSON params when serialized to/from the database.
Implement WebShellPipeline inside the listener process, replacing the standalone bridge binary. Uses suo5 for full-duplex streaming, supports DLL bootstrap via HTTP staging, TLV framing, and dependency delivery.
Replace bridge-binary-oriented client commands with suo5-backed params. Add --suo5, --token, --dll, --deps flags; store params as JSON in CustomPipeline.Params; remove resolveWebShellListenerHost and bridge hints.
Reflect the move from standalone bridge binary to WebShellPipeline running inside the listener process with suo5 data channel and TLV framing.
… simplify bootstrap - Replace custom writeFrame/readFrame with MaleficParser.WritePacket/ReadPacket, gaining built-in compression and optional Age encryption - Replace body envelope bootstrap protocol with simple HTTP query string (?s=stage) - Remove token/HMAC authentication (delegate to suo5 transport) - Extract PipelineRuntimeErrorHandler to core, deduplicate across all 5 pipelines (tcp, http, bind, rem, webshell) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.