Download Armitage

Change Log

Get notified about Armitage updates. Sign up for the Armitage Technical Notes mailing list. I will email you when an update is ready. I won't send spam or give away your information.

E-mail Address:
Armitage Changelog

13 Aug 15 (tested against msf git revision: 55ef5dd484)
- Updated MsgPack library and code that uses it.
- Team server now authenticates client before exchanging serialized objects
- Fixed a repaint bug when removing last server button.
- Sped up rendering of graph view on Windows and MacOS X.
- Updated YAML parser and other code to become compatible with Kali 2.0
- Console Queue now sets some options (e.g., TARGET) before it sets others
  to avoid errors

20 Nov 14 (tested against msf git revision: 55ef5dd484)
- Added helper for SCRIPT option.
- Right-click a tab's X button and use "Send to bottom" or Ctrl+B to 
  dock a tab to the bottom of the Armitage window. Use Ctrl+E to get
  get rid of the docked tab..
- Added more YAML warnings to save heartache for custom installs
- Database layer now uses core.version results to decide which MSF 
  data model to use. 
- File tab completion (Cortana console) better handles ~
- team server startup verifies default host is an IPv4 address.
- Prompt for default address is now more aggressive and continues to
  ask until an address is put in. If a user hit cancel on this dialog,
  threads to poll the database never get started. Bad day, for sure.
- Armitage now sends a keep-alive every 1-2mins over an idle team 
  server connection to combat disconnection by a NAT device
- Armitage client now shows Disconnect message when it loses any of
  its connections to the team server.

Cortana Updates (for scripters)
- &credential_add, &credential_delete use Metasploit 4.10 conventions
- name field for hosts is now available.

18 Aug 14 (tested against msf git revision: 55ef5dd484)
- Added hard-coded database.yml path as fallback for Kali users
- Updated internal db.creds/db.creds2 calls to pull from new creds
  model in database.
- [meterpreter] -> Access -> Dump Hashes -> wdigest uses sso post 
  module now. New creds model makes this better.
- Added Import option to View -> Credentials dialog.

15 Jul 14 (tested against msf git revision: 55ef5dd484)
- Command Shell experience on Windows Meterpreter is much better now
- Java Meterpreter may now interact with a bash shell
- Removed [host] -> Meterpreter -> Access -> Migrate Now! menu item
- Ctrl+Escape temporarily drops the timeout times for Meterpreter 
  commands to 5s, across the board. If a Meterpreter session appears
  unresponsive, try this to force any hung commands to timeout
- Armitage now warns when a team server is non-responsive by making
  its server button purple. When the server is responsive again, the 
  button will turn its normal color again. This requires that you're
  connected to multiple team servers.
- Windows EXE launcher for Armitage now finds 64-bit Java.

15 May 14 (tested against msf git revision: 0a4c10876d)
- Worked around invisible text selection bug with latest Java on Kali

23 Apr 14 (tested against msf git revision: 0a4c10876d)
- Added Ctrl+L to quickly add an entry to timeline.[xml|tsv] (exported 
  through View -> Reporting -> Export Data)
- Added osx-app to Output: type for payloads. Outputs a zipped MacOS X
  app archive. 
- Scrubbed Armitage to eliminate unnecessary blocking calls from Sleep
  source code. This improves Armitage's responsiveness and takes away
  many opportunities for deadlock.
- Sync Files for Loot and Downloads is now much better with large files
- REJOICE! After more than three years of a team server capability, 
  Armitage now tells you when you are disconnected from a server. 
- Keyboard shortcuts to change text size now work in table view
- Added Copy button to View -> Creds
- Services tab right-click menu now has options to edit a service's info
- Updated Armitage's YAML parser to better deal with unexpected whitespace
  and to provide better errors when YAML file contains constructs that
  Armitage's YAML parser can't deal with.
- Armitage's intercept of the shell command now intercepts shell when 
  arguments are present too. This prevents meterp sessions from getting 
  messed up.
- Logging now deals with IPv6 addresses better for Windows users
- Launching psexec at 4+ hosts will no longer open a tab for each host
- Armitage no longer allows two buttons with the same name in its team
  server button bar.

Cortana Updates (for scripters)
- Added &script_load to load a script (as if the user did this)
- Added &script_unload to unload a script
27 Feb 14 (tested against msf git revision: 72da8299a5)
- Armitage console is now a mouse hot spot. Right-click a host in the
  console to see its menu. Click a module to open the module's launcher
- Armitage module launch console ignores false meterpreter prompt from
  msfrpcd after a successful exploit job is run.
- hashdump and wdigest menus now add usernames with spaces to database
  thanks to Steve Pinkham for reporting this issue *with* a fix.
- Added [host] -> Login -> psexec (psh) to use psexec_psh to authenticate
  to a host.
- for MacOS X now works with Oracle's Java 1.7
- Long awaited! I've added a feature to change LHOST in Armitage. Go to
  Armitage -> Listeners -> Set LHOST.
- IPv6 reverse sessions now associate with their host properly.
- Windows open with Ctrl+W now show the Armitage icon
- Armitage now uses a JFrame to display its dialogs. This will give each
  window its own button in the taskbar regardless of window manager.

21 Nov 13 (tested against msf git revision: 597eb56dcf)
- Fixed webcam selection logic that I broke last update. Go me!
- Added a helper for PATH option
- Java 1.6 is no longer a supported environment to run Armitage. Added
  a warning message to indicate as much. You should update to Java 1.7
- Connect dialog now masks the password field.
- Armitage no longer allows you to start msfrpcd on Windows. It shows an
  error stating that you need to connect to a team server on Linux.
- Fixed a potential deadlock when opening a module launcher dialog.
- Missing MSF_DATABASE_CONFIG error now gives troubleshooting steps with
  the error message.
- Added another check to detect and correct a corrupt module cache.
- [host] -> Operating System -> Firewall works again.
- You can now set PAYLOAD for windows/local/wmi exploit
- Default meterpreter/reverse_tcp listener now encodes its second stage

21 Aug 13 (tested against msf git revision: 0af2f1c611)
- Removed sunrpc and dcerpc modules from MSF Scans feature
- Fixed a potential deadlock when updating the host display
- Updated multiplexing code to be compatible with enumdesktops command
- Updated multiplexing code to be compatible with webcam_list command
- You may now choose which camera to take a Webcam Shot from
- Close button now shows w/ Armitage dialogs on Kali Linux.
- Module Launcher dialog is now always active when opened.
- EXE::Custom is no longer treated as an advanced option. When available
  it's always present for you to modify in a module.
- Meterpreter -> Access -> Persistence now uses the local exploit module
  (default settings now work without tweaks too)
- Meterpreter -> Access -> Pass Session and Process -> Inject now use the
  payload_inject local exploit module.
- Added Meterpreter -> Access -> Dump Hashes -> wdigest to run mimikatz's
  wdigest command, to retrieve plaintext creds.
- Armitage now uses a better method to shuttle files to team server and
  notify you of the progress of this action.
- Made multiplexing code smarter about load and use commands.
- Added a check to detect commercial MSF modules in the module cache and 
  to automatically clear it. When this happens you will need to restart the
  Metasploit Framework. A corrupt cache causes some RPC calls to throw 
  errors as plain msfrpcd is not allowed to interact with commercial modules.
- Added ANSI color markup to armitage's console output. It's less scary 
  than the default messages and it's nicer to look at.
- Added cmd/unix/reverse to payload selection logic.
- Updated the payload output formats to match what's now possible in MSF
- Armitage -> Listeners actions now show commands/output in a tab
- [host] -> Login options now set DB_ALL_CREDS to false. Making this option
  default to true is not the decision I would have made.

6 Jun 13 (tested against msf git revision: c705928052)
- Attacks -> Hail Mary now asks you to confirm the action.
- Fixed a potential table sorting issue
- Changed how some tables are updated to minimize blocking of other
  tasks. This should make UI feel snappier in many cases.
- Credential helper now shows credentials from all servers you're
  connected to.
- Updated multiplexing code to be compatible with mimikatz extension's
  output scheme.
- Meterpreter upload command (with no arguments) now prompts for a file.
  This file will be bounced to team server (if one is present) and 
  uploaded to the target for you.
- Cred tables no longer show SSH keys
- Added vmauthd to the Login menu
- Increased the number of modules run in response to services found during
  a sweep with the MSF Scans feature.
- Attack menu attached to host now splits menus up if there are more than
  10 items. This will help with the webapp and http menus.
- Added a menu to mark a host as a firewall
- Added a type-fix hack for MsgPack Long types

Cortana Updates (for scripters)
- Updated &log_resource to account for new log folder layout scheme that
  involves a description of the current Armitage server
- Fixed a potential argument corruption bug with filters

10 Apr 13 (tested against msf ca43900a7)
- Jobs dialog now queries job info in a separate thread context, 
  stopping it from locking up your Armitage instance.
- Fixed console queue display bug when a required option has no setting
- Hashdump -> lsass method now pops open a Meterpreter tab and shows
  its progress. Should help when there's a lot of hashes coming back.
- Hail Mary attack now gives better feedback about what it's doing
- Fixed blank line showing when a host label exists and a session w/o
  any information is associated with the host.
- The correct OS icon is now shown for Windows 2012 Server.
- Added an Inject button to the Process Explorer
- Event log now shows date with timestamp
- Messages to your nick in the event log are now highlighted
- Disabled the display of the MSF banner by default.

Cortana Updates (for scripters)
- Added work-around to prevent &psexec failing due to Ruby complaining
  about incompatible encodings.

6 Mar 13 (tested against msf ca43900a7)
- Active console now gets higher priority when polling msf for output
- Improved team server responsiveness in high latency situations by 
  creating additional connections to server to balance messages over
- Preferences are now shared among each Armitage connection.

6 Mar 13 (2000h)
- Fixed issue with additional team server connections reporting wrong
  application and receiving a summary rejection by the team server.

Cortana Updates (for scripters)
- Added a &publish, &query, &subscribe API to allow inter-script 
  communication across the team server.
- Added &table_update to set the contents of a table tab without 
  disturbing the highlighted rows.
- Added an exec_error event. Fired when &m_exec or &m_exec_local fail
  due to an error reported by meterpreter.
- Fixed a bug that sometimes caused session_sync to fire twice (boo!)
- Added a 60s timeout to &s_cmd commands. Cortana will give a shell
  command 60s to execute. If it doesn't finish in that time, Cortana
  will release the lock on the shell so the user can control it.
  (ideally, this shouldn't happen... this is a safety mechanism)
- Changed Meterpreter command timeout to 2m from 12s. This is because
  https meterpreter might not checkin for up to 60s, if it's been
  idle for a long time. This will make &m_cmd less likely to timeout

12 Feb 13 (tested against msf 16438)
- Fixed a corner case preventing the display of removed host labels 
  when connected to a team server.
- Fixed RPC call cache corruption in team server mode. This bug could 
  lead to some exploits defaulting to a shell payload when meterpreter 
  was a possibility.
- Slight optimization to some DB queries. I no longer pull unused
  fields making the query marginally faster. Team server is more
  efficient too as changes to unused fields won't force data (re)sync.
- Hosts -> Clear Database now clears host labels too.
- Added the ability to manage multiple team server instances through
  Armitage. Go to Armitage -> New Connection to connect to another
  server. A button bar will appear that allows you to switch active
  Armitage connections.
	- Credentials available across instances are pooled when using
 	  the [host] -> Login menu and the credential helper.
- Rewrote the event log management code in the team server
- Added nickname tab completion to event log. I feel like I'm writing
  an IRC client again.
- Hosts -> Clear Database now asks you to confirm the action.
- Hosts -> Import Hosts announces successful import to event log again.

23 Jan 13 (tested against msf 16351)
- Added helpers to set EXE::Custom and EXE::Template options.
- Fixed a bug displaying a Windows 8 icon for Windows 2008 hosts
- Cleaned up Armitage -> SOCKS Proxy job management code. The code to
  check if a proxy server is up was deadlock prone. Removed it.
- Starting SOCKS Proxy module now opens a tab displaying the module
  start process. An event is posted to the event log too.
- Created an option helper to select credentials for SMBUser, SMBPass, 
- Added a feature to label hosts. A label will show up in its own column
  in table view or below all info in graph view. Any team member may
  change a label through [host] -> host -> Set Label. You may also use
  dynamic workspaces to show hosts with certain labels attached.
- Fixed bad things happening when connecting Armitage to 'localhost' and
  not ''.
- Screenshots and Webcam shots are now centered in their tab.
- Added an alternate .bat file to start msfrpcd on Windows in the
  Metasploit 4.5 installer's environment.
- Added a color-style for [!] warning messages

Cortana Updates (for scripters)
- &handler function now works as advertised.
- Cortana now avoids use of core.setg

4 Jan 13 (tested against msf 16252)
- Added a helper to set REXE option
- Added an icon to represent Windows 8
- [host] -> Login menu is now built using open services for all 
  highlighted hosts, not just the first one.
- [host] -> Login items now escape punctuation characters in passwords
  before passing them to a framework module.
- Added the windows and linux postgres_payload exploits to the use a
  reverse payload by default list.
- Small tweak to allow Armitage to work with Metasploit 4.5 installed
  environment on Windows.

Cortana Updates (for scripters)
- &credential_add and &credential_delete no longer break when a 
  password has creative punctuation in it.

26 Nov 12 (tested against msf 16114)
- Windows command shell tab is now friendlier to commands that prompt
  for input (e.g., time command)
- [host] -> Meterpreter -> Access -> Escalate Privileges now shows all
  the framework's new exploit/windows/local modules too
- [host] -> Shell -> Post Modules now shows the framework's unix/local 
  and exploit/linux/local modules
- Added Ctrl+I shortcut. Lets you choose a session to interact with.
- Added Steal Token button to Processes dialog.
- Armitage now asks Metasploit for a non-expiring authentication token.
  This will prevent Armitage from losing its access to msfrpcd when you
  put your computer to sleep or pause the VM running Metasploit.
- add_user and add_[local]group_user now show all of their output when
  the -h flag is used to operate on a remote host.
- added a Delete menu to creds table. Right-click a cred to delete it

Cortana Updates (for scripters)
- aliased &data_delete to &data_clear to match the documentation.
- &file_get, &loot_get, and &file_content no longer delete the remote 
  file when connected to a teamserver.

16 Oct 12 (tested against msf 15972)
- Added port 5985 to MSF Scans list.
- Meterpreter -> Access -> Persistence sets ACTION option for you
- Changed how LHOST and LPORT are set globally to prevent Ruby 
  character encoding conversion error in the framework.
- Pass Session, Log Keystrokes, and Persist now query module info
  in a separate thread (avoids a deadlock opportunity)
- Armitage now shows folder/URL in a popup dialog for environments
  where JDesktop API to open them directly is not supported
- Check all credentials option now filters the list to avoid trying
  a pair of credentials twice.
- Armitage's exploit payload selection now selects cmd/unix/interact
  when appropriate.
- Explore -> Processes now works with Java Meterpreter again.
- MSF Scans feature now runs http_version against port 443

5 Sept 12 (tested against msf r15804)
- Setup dialog now trims host, port, user, and pass fields.
- Armitage now complains when it can't write to your preferences
  file (versus just hanging without a real error message)
- View -> Jobs now queries jobs in a thread outside of UI thread
- Tab completion now uses a separate thread to call into the RPC
  server. This prevents a deadlock if server is not responding.
- Login -> psexec now shows when 445 is open on a Windows machine.
  The old criteria was too restrictive.
- Added a helper to set Wordlist option
- Armitage now sets a random LPORT for non-exploit modules with an
  LPORT option (e.g., post modules that do priv escalation)
- Armitage now shows an error if it can't open a Win command shell
- Steal Token dialog now uses incognito module to get token data 
  instead of the MSF post module. This is more reliable.
- You may now setup the reverse payload for current_user_psexec

Cortana Updates (for scripters)
- added an eventlog popup hook

16 Aug 12 (tested against msf r15753)
- Dynamic workspaces now removes closed services from its set of
  hosts matching certain open ports.
- Cortana console now reports a clear error message a built-in
  command is executed without the right number of arguments.
- Added host icons for Android and iOS. You may now set these
  operating systems by going to [host] -> Host -> Operating System
- Armitage now shows the client-side exploit dialog for any exploit
  that does not target an RHOST (for example, windows/smb/smb_relay)
- Added support for remote exploits that use RHOSTS over RHOST
  (this includes the new windows/local/current_user_psexec)
- Added a helper for setting the SESSION option

Cortana Updates (for scripters)
- s_cmd no longer times out after 60s. It will wait forever for
  a command to complete now.
- added shell_read event which fires when a shell s_cmd comes
  back with intermediate output.
- fixed a potential deadlock with &open_console_tab
- scripts now have the ability to redefine the max size of a 
  workspace: db_workspace(%(size => #####));

2 Aug 12 (tested again msf r15698)
- Armitage now reports vulnerability module and descriptions 
  properly (again) when exporting data. Had to update to match a
  change to the db schema.
- Pass-the-Hash and Login dialogs now stay open if you press 
  shift while clicking Launch. This convention is pretty universal
  to Armitage.
- Team server now buffers all of its outgoing data. I've also 
  disabled SO_NODELAY. This will greatly improve team server latency
  on congested networks without impacting responsiveness otherwise.
- Added Cortana, a DARPA funded scripting technology, into Armitage.
  There's a lot of fun to be had here.
- Armitage now queues messages to destroy a console rather than
  spinning up a new thread for each closed console.
- Rendering of icons for hosts now happens outside of UI thread.
- Increased timeout for meterpreter read command
- Armitage now detects a corrupt module cache and attempts to clear
  it so it can be rebuilt. 

5 Jul 12
- Login -> psexec now sets a different LPORT for each host it's
  launched against when using a reverse payload. Fixes a bug where
  using a reverse connect payload against X hosts didn't work.
- Progressbar Cancel button now works with the Sync Files button
  in View -> Downloads and View -> Loot
- Fixed a potential deadlock with the Sync Files feature
- Clicking the Size column in View -> Downloads now sorts properly

24 Jun 12
- Meterpreter -> Kill now uses session.stop RPC call
- Simplified code to stop a running job
- Added an option to disable TCP_NODELAY from the comamnd line:

	java -Darmitage.enable_nagle=true -jar armitage.jar

  Use this if you see "bad mac" SSL errors when connected to a
  team server.
- Log Keystrokes tab now changes color when there is activity
- Randomized filename for USERPASS_FILE to allow multiple brute
  forces to happen at once.
- Added a View item in the File Browser's popup menu. This will
  let you quickly read several highlighted text files (it also
  saves the files to the right place locally too)

7 Jun 12 - Adding on to those quick bug fixes / tweaks
- Disabled Nagles algorithm for team server and client SSL sockets.
  This makes team server much more responsive... trust me.
- Fixed bug preventing Armitage from showing "Started Service" 
  message when starting the SOCKS Proxy server.
- Fixed a find feature highlight bug in the View tab.

30 May 12 - A few quick bug fixes / tweaks...
- Fixed an exception when killing a session or removing a route 
  through the UI. 
- Oooh, ps command added a new column to its output. Updated ps  
  parser to handle this.
- Hosts -> Import Hosts now works under Windows again. Had to 
  escape the filename. *sigh*
- Hail Mary now sets LHOST option. This is necessary for some 
  attacks to work properly.
- Tweaked console create code in beginning of Armitage setup to 
  hopefully avoid aggravating the evil console.create deadlock

21 May 12
- Added a hack to prevent the input area from flickering when the 
  prompt changes.
- Updated the color palette to something a little more subtle.
- Added an optimization to how modules are launched. This will make
  a difference for team use in high latency situations.
- Rewrote MSF Scans feature to use console queue. This option is more
  reliable and it makes the code easier to follow.
- Added a hack to combine chat message writes with a read request.
  This will make the event log more responsive in a high latency 
  situation (can't you tell I care about this "situation")
- Fixed text highlights through Ctrl+F on Windows. UNIX platforms 
  were always OK. Another good reason to not use these tools on 
  Windows. Ever.
- View -> Downloads Sync Files feature now works on Windows. It looks
  like leaving those pesky :'s in the file paths is bad.

17 May 12
- Fixed bug with loot/download viewer breaking with a font resize.
- Default console font color is now grey. I never noticed that I had
  white text on a black background before. That's a lot of contrast.
  This is adjustable too through Armitage -> Preferences.
- And... the Armitage console now displays pretty colors. If you don't
  like colors, set the console.show_colors.boolean preference to false
  through Armitage -> Preferences.
- Fixed a bug preventing input field from getting focus when popping a
  console tab using Ctrl+W.

14 May 12
- Oopserific--dynamic workspace shortcuts were not bound until you
  clicked the Workspaces menu. I fixed that.
- Improved console pool's ability to detect a dead console. If you saw
  "null" prompts in an open tab, it's because of a dead console. Fixed
- Bound Ctrl+Backspace to reset dynamic workspaces. Ctrl+0 is now back
  to what it originally did (resetting the font size to default).
- Added Ctrl+T to take a screenshot of the active tab
- Added Ctrl+W to pop the active tab into its own window
- Armitage team server is now SSL enabled. The teamserver script (you
  are using it, right?) generates a certificate for you using keytool.
  The server presents the SHA1 hash of its certificate. Armitage users
  have the opportunity to verify and trust the hash of the certificate
  presented to them or to reject it and not connect.
- Added Ctrl+Left / Ctrl+Right to quickly navigate through tabs.
- Added a check to prevent clients from connecting to msfrpcd directly
  when teaming is enabled.
- Fixed a bug that prevented command shells from opening on some sessions
- Team server client now caches certain calls to RPC server.
- Reworked the Loot/Downloads View button. Now, all highlighted files are
  displayed in one View tab. This makes searching easier. Each file is
  displayed with a colored header (to make it easier to tell when one file
  ends and the other begins). 
- Added Sync Files button to Loot/Downloads tabs when connected to a team
  server. This button will download all files associated with the highlighted
  rows and save them in the Armitage data directory.

7 May 12
Note: Armitage team server setup has changed. Refer to the manual for
the latest information:

- Armitage team mode now routes all Metasploit-bound calls through the
  deconfliction server. Armitage also pools "temporary" Metasploit
  consoles. It's too bad this is logged as one change, because it's 
  more like twenty. These changes were motivated by a desire to avoid 
  triggering a race condition that was introduced w/ Metasploit 4.3.0.

  On the bright side these changes will allow a lot more flexibility 
  to optimize how Armitage interacts with msfrpcd and to do some neat 
  things (like logging) in a centralized way.
- Module description (in module launch dialog) is now resizable.
- Added Ctrl+D keyboard shortcut to close active tab.
- Armitage now uses (more robust) console queue for launching post
  modules, handlers, brute force attacks, and other things.
- Fixed a race condition in the Jobs tab refresh after killing a job
- Armitage now filters smb hashes from non-psexec/smb login dialogs.
- Added armitage.log_data_here.folder setting. This setting lets you
  specify where Armitage will save its logs, downloaded files, and
  screenshots. *cough* Some penetration testers like to dump everything
  to an encrypted volume. *cough*. I apologize it took this long to
  get this feature in place.
- Improved perceived responsiveness of a console interaction

17 Apr 12
- Modified how Armitage determines a console command is complete to stay 
  compat with behavior changes in a recent Metasploit update.
- Armitage now queues console commands to prevent out of order execution.

16 Apr 12
- The search field in the module browser now updates results in real time.
  Start typing and Armitage will start filtering the module tree for you. 
  Clear the field to reset it to the default state.
- Added keyboard shortcuts to switch dynamic workspaces...
	Ctrl+1 = first workspace
	Ctrl+2 = second workspace
	Ctrl+0 = show all 
- Added keyboard shortcuts:
	Ctrl+N = new console
	Ctrl+O = open preferences
- Armitage's Meterpreter -> Access -> Dump Hashes -> lsass method is now 
  much better about grabbing all of the hashdump output and adding it to 
  the creds table. The hashdump command returns output as an arbitrary
  number of chunks. I now use a different read strategy for determining when
  the output is complete.
- You may now use Ctrl+Alt to deselect highlighted items in a range in the
  Jobs and Workspaces table views (most other table views that do multi
  selection should allow this already).
- Added Shell -> Pass Session for *NIX shell sessions. Uses the system_session
  module to pass a shell session elsewhere (or duplicate the current shell)

29 Mar 12
- Fixed a bug that affects first-time users. Armitage was not initializing a
  console before trying to connect to the database. 

28 Mar 12
- Team server now delivers chat messages in batches vs. one line at a time. 
  This will make syncing on reconnect much better (in theory)
- Several optimizations to prevent unnecessary reads/calls to deconfliction
  server when in team mode. This will primarily affect high latency situations.
- Use Shift+Click to close all tabs with the same name. This feature now closes
  all tabs in the same group (e.g., all screenshots, file browsers, command 
  shells, etc.)
- Armitage now logs launches of the enum_dns module.
- Hosts -> DNS Enumerate now populates NS field with highlighted host.
- Armitage now adds a tooltip to tabs associated with a session. Hover your 
  mouse over a tab X button to see which host the tab is associated with.
- Fixed a potential exception caused when listing downloads.
- Created a queue to process certain commands meant for Metasploit in order and
  in a throttled manner. Started moving some Armitage calls to it. Now you can
  fire an exploit at 1,000 hosts and Armitage won't blink. It might take awhile
  before that exploit finishes firing against all of the hosts though :)
- The file browser now has a "List Drives" button. It's only available on 
  Windows sessions. Click it to see which drives are available.
- File browser can now navigate to folders with apostrophes in their name.
- Made some major internal changes to how Armitage interacts with Metasploit. The
  goal is to make a more robust and faster hacking experience for you.

22 Mar 12
- Updated Armitage NMap profiles with the following:
	-T4 (instead of -T5) [wait longer for open services to reply]
	-n  [forces NMap to not resolve the hostname of IP addresses]
	--min-hostgroup 96 [allows more parallelism when scanning hosts]
- Armitage now intercepts screenshot and webcam_snap commands from meterpreter 
  shell and performs the appropriate action with them.
- View -> Creds -> Export button now works in team mode.
- Doh! Armitage now properly shows VMWare icon when OS is set to a VMWare ESXi
- Armitage "is command finished?" heuristic now accounts for commands like
  del /S which prompt with a (Y/N)? - you can safely use these commands again.
- Armitage now detects whether a client connecting to the team server is out 
  dated or not. It rejects old clients. They will get a message indicating they
  need to update and then their client won't do anything else. You'll see a
  message printed to STDOUT where the team server ran about the rejection.
- Added a * indicator to the active workspace in the workspaces menu.
- Added Hosts -> DNS Enumerate, this menu launches a Metasploit module that will
  attempt to discover hosts by querying a name server in different ways.
- Added a file chooser helper to WORDLIST option.
- Armitage now displays a pivot relationship between a compromised host and the
  NAT/proxy device it is connected through.
- Added a Copy button to services tab. This button copies the highlighted hosts
  to the clipboard. I found myself needing this several times recently.
- Improved reverse payload selection logic (now it includes rev php meterpreter)
- Armitage now sets a different LPORT for each exploit launched with a rev payload

- Changed algorithm for determining which edges to highlight in graph view. If there
  is a pivot and both sides have a session, then the edge is highlighted.

8 Mar 12 1.43-dev
- Armitage now uses session_host to determine which host a session is associated
  with. This value is grabbed directly from the OS itself. You'll no longer have
  20 meterpreter sessions associated with a NAT/firewall device.
- Armitage now spins up a new listener for each client-side attack (no longer
  relying on the random default listener created on startup). Of course you can
  change this... double-click the PAYLOAD option to set it to something else.
- Token stealing dialog now disables refresh button while grabbing tokens. Enables
  it again when done.
- Armitage now talks to Metasploit every two minutes to prevent auth timeout.
- Armitage now displays a firewall icon for hosts with no OS marked as a firewall
  by MSF.
- Armitage now selects an IPv6 bind payload when attacking IPv6 hosts.
- Armitage now explicitly sets RPORT for different MSF Scan options and psexec.
- Updated the about dialog to include a version number and release date.
- Added a ./teamserver [external IP] [shared pass] script to the UNIX distro of 
  Armitage. This script makes it much easier to startup Armitage's team server mode.

2 Mar 12 - Catching up to a few MSF 4.3.0-dev changes...
- Added a tab rename feature.
- Hosts that self report as .NET server now display an XP/2003 era icon.
- Updated route command parser to conform to Metasploit 4.3.0's output for it
- "Check all credentials" feature now works when running the deconfliction 
  server AND client from the same folder.
- [host] -> Host -> Operating System -> * now clears notes related to host
  before updating OS. This allows future scans to trigger MSF normalization
  code and update the OS to something else (e.g., from Unknown to X)

29 Feb 12
- Armitage now displays a VMWare icon for hosts flagged as ESX/ESXi servers
- Overhauled token stealing user experience--this is the cadillac version. You
  now get a nice list of the available tokens (from the post module), click to
  impersonate, refresh, rev2self, and getuid. 
- Improved file browser responsiveness
- Table view now allows individual hosts to be deselected in an interveral 
  (Armitage will no longer reselect these hosts for you)
- Dynamic workspaces no longer requires a comma and a space between entries (a
  comma is good enough)
- Improved the [Host] -> Remove menu option
- Deconfliction server now returns the previous 100 events to new clients.
- File browser directory up button is now more obvious
- Keyboard accelerators when you right-click in the graph view are now correct.
- Adjusted the graph view scrolling increments to something sane.
- Added a slight delay between commands issued to a console to prevent them 
  from executing out of order.

21 Feb 12
- Added Cut/Copy/Paste menu to table cell editor.
- Module browser search field now treats spaces as a wildcard. You may type:
  "win meterp" and Armitage will treat it as "win*meterp"
- Hovering over an edge in graph view no longer reports a "null" tooltip
- Fixed parsing of ps output for the process dialog (it's much much better now)

14 Feb 12
- Added ports 5631 (pc anywhere) and 902 (vmauthd) to the MSF Scans feature.
- Several cosmetic tweaks to the spacing in Armitage tables.
- Moved table render code from Sleep to Java to avoid potential lock conflicts
- Added support for vba-exe payload output type.
- Payload generation dialog now sets more appropriate default options for the
  vba output type when it is selected.
- Meterp command shell "read more stuff?" heuristic now accounts for Yes/No/All
- Fixed ExitOnSession showing up twice when setting advanced options for a 
  client-side exploit
- You may now import multiple files through Hosts -> Import again.
- Added 5s timeout to d-server connect attempt.
- Added a --client [] to specify which Metasploit server to 
  connect to. The file is a Java properties file that looks
  like this (without the leading whitespace):


19 Jan 12
- Data export now includes a sessions file. This lists all of the Metasploit
  sessions you had in your database. There's some neat data here including
  which exploit was used, which payload, start time, and close time. You can
  calculate how much time you spent on your client's boxes. Cool stuff.
- Fixed a potential dead-lock caused by mouse enter/exit events firing code
  that required a lock. Nice landmine to defuse.
- Fixed a weird condition with d-server detection. Sometimes (rarely)
  Armitage wouldn't detect the d-server even when it's present.
- Added check to d-server allowing one lock per/client. Client won't reobtain
  a lock until it lets it go. This prevents you from opening two shell tabs
  for a shell session in team mode.
- Fixed an infinite loop condition when some Windows shell commands would
  return output with no newlines (e.g., net stop [some service]). Thanks
  Jesse for pointing me to this one.
- Data export now includes a timeline file. This file documents all of the
  major engagement events seen by Armitage. Included with each of these 
  events is the source ip of the attack system and the user who carried out
  the action (when teaming is setup).
- Data export now exports timestamps with current timezone (not GMT)
- Fixed a nasty bug that's been with Armitage since the beginning! I wasn't
  freeing edges properly in the graph view. If you had pivots setup in graph
  view and used Armitage long enough--eventually Armitage would slow down until 
  the program became unusable. At least it's fixed now.
- Adjusted the d-server state identity hash combination algorithm to better
  avoid collissions.
- Armitage now displays 'shell session' below a host if the host info is just
  the Windows shell banner.

5 Jan 12
- Armitage d-server now transmits hosts, service, and session state only 
  when something has changed. This makes teaming much snappier.
- Uploading an imported hosts file now shows a progress dialog.
- File browser upload function no longer blocks the user interface in team
  mode. A progress dialog is shown for uploading larger files. 
- Removed Ctrl+R refresh hosts shortcut from graph view (it's no longer 
- Armitage now exits if it was unable to connect to the collaboration server.
- Hosts -> NMap Scans and Hosts -> MSF Scans dialogs are now populated with 
  the selected values from the target area by default.
- You may now interact with a Windows command shell through Java meterpreter.
- Armitage no longer shows Webcam Shot option through Java meterpreter.
- Armitage now detects when it does not have read permissions for the database
  YAML file and prompts with something helpful. Before it would just freeze
  with a blank dialog. Not helpful. :)
- Armitage now only shows services that are open. 
- View -> Reporting -> Export Data now has the capability of dumping the whole
  database (not just the current workspace).
- Added a dialog to View -> Reporting Export Data. Now you have the ability to
  dump all hosts or choose to dump one of the dynamic workspaces. This gives
  you a lot of flexibility with which hosts are included.
- Cleaned up exported output of vulnerabilities in the Metasploit database:
  -- duplicate entries are collapsed to one (this was the fault of my query)
  -- refs column contains references separated by a comma and a space
  -- added info and module columns. The module column indicates the appropriate
     Metasploit module
  -- Metasploit modules now populate name, info, and module in an appropriate
- Values exported to TSV are cleaned up such that newlines are replaced with a
  literal \n and tabs are converted to three spaces.

30 Dec 11 - last release of the year?
- Hosts -> Clear Database now clears the sessions and clients tables 
- Fixed a bug preventing dynamic workspace port/session filter from 
  working on a fresh database. This was a fun one. This only affected 
  folks with a completely fresh database and because Hosts -> Clear 
  Database didn't clear everything, this went unnoticed until now.
- Added various reverse shell payloads to payload helper dialog.
- Added file chooser helper for SigningCert and SigningKey options.
- Added hack to return correct route info when setting up pivoting through
  Java meterpreter.
- Armitage now posts a note to the event log when a user starts a browser 
  exploit or a server module.
- Armitage now supports dragging and dropping a module onto a host in graph
  and table view. This action opens the module launcher configured to work
  with that host.
- Drastically rewrote MSF Scans. MSF Scans now intelligently builds a list
  of ports to scan based on what Metasploit can do. After an initial port
  scan, MSF Scans runs discovery modules against relevant hosts. As a bonus
  you will see all of the output of these scans. 
- Enhanced the Windows heuristic used to guess which OS image to display
- The deconfliction server throttle is now less draconian about how long it
  throttles a call.
- Armitage no longer posts to the event log from the UI thread (this will
  prevent the UI from blocking in some cases)
- Command shell now handles interaction with d-server in a separate thread
  from the UI thread. This will prevent UI blocking in some cases.
- Added Ping Sweep... option for non-Windows meterpreter sessions. Now Java
  meterpreter users have a quick host discovery option.
- Change Host OS option now matches new Metasploit database schema.
- Deconfliction server now sets LHOST to the IP address you provided. Also,
  Armitage clients do not overwrite LHOST once it is set.
- Interacting with a shell in team mode no longer blocks UI to communicate
  with d-server.

12 Dec 11
- Armitage teaming mode now downloads the resulting file for any fileformat
- Armitage -> Set Exploit Rank and Set Target View now show a * next to an 
  item to indicate the current setting.
- Shift+click on Launch in a module launch dialog will not close the module
  launch dialog. One use case for this: set up a payload multi/handler, 
  shift+click Launch to do it, then change output type to exe, click Launch
  and you're all set.
- Dynamic Workspace editor now trims whitespace from your entries. Errant
  whitespace causes Armitage to reject the entry and your workspace never
- Updated the "msfrpcd died" troubleshooting dialog. The new one takes folks
  to a website with detailed information. 
- Armitage now uses "load" to load a meterpreter module instead of "use"
- Key logger event log announcement now notes the session ID. This is so 
  your teammates will know not to migrate that session since it's recording
  key strokes.
- Right-click X in tab -> Save Screenshot now displays filename without the
- Deconfliction server now detects when database is not available and offers
  troubleshooting steps. 
- Loot/Downloads viewer now has a right-click menu to Copy selected text.

22 Nov 11 - A big improvement...
- Services refresh is now set to 30s (vs. 60s before)
- Workspaces -> Manage now opens as a tab and shows all data about workspaces
- Fixed a bug with Edit Workspace not auto-checking session box when set.
- Meterpreter -> Access -> Escalate Privileges now highlights the priv esc
  options in the post module true. This is viable now that getsystem is a   
- Payload module launcher now lets you set Template, Iterations, Encoder, and
  KeepTemplateWorking for any Windows payload. Also, payload is generated and
  saved locally without opening a tab. 
- sessions -i ## trap is now smarter and opens a shell tab for shell sessions,
  a meterpreter tab for meterpreter sessions, and offers an error when you
  try to interact with a session that doesn't exist.
- Armitage no longer shows a host until it receives a db.hosts reply.
- Right-click a module and select Relevant Targets to create a dynamic 
  workspace that shows only targets that meet the host/port criteria for that
  module. Use Ctrl+A to select all of those hosts and rock'n'roll. :)
- Hosts -> Import Hosts now works when the folder/file has spaces in it.
- Dynamic workspaces are now local to the current Armitage client. They no
  longer have a global effect in teaming mode.
- Added an Activate button to workspace management dialog.
- Fixed a bug with sessions only dyn workspace sometimes showing hosts that
  do not have sessions.
- You may now highlight multiple jobs in View -> Jobs and select Kill to get
  rid of all them at once.

11.17.11 - All the things I wanted to do, but didn't have time
Release Note 1: if you use Armitage teaming, things changed. You have to start 
msfrpcd with a different set of flags and your team must use the latest version 
of Armitage. If you have a script that starts msfrpcd, you must update it. 

More information is at:

Release Note 2: Armitage requires a Metasploit base install of 4.0 or greater. 
If you use msfupdate to update a Metasploit install prior to 4.0, then Armitage
will not work. The Metasploit pre-4.0 installers did not install dependencies
that Armitage requires today. Missing are certain Java cryptography extensions
and the msgpack Ruby gem. BackTrack 5 is Metasploit 3.7. BackTrack 5r1 is 4.0.

- now limits its results to hosts that are returned by db.hosts. 
  This fixes a bug where services data for some hosts was not returned when
  when >3,500 hosts are in the armitage database.
- MSF Scans menu is now available under Hosts menu again.
- Removed Browser Autopwn menu as its future in Metasploit is undecided.
- Find Attacks/Hail Mary now pull latest service info from DB before resolving
  the attacks. This prevents a situation where Find Attacks after a scan yielded
  nothing because Armitage had not synced with the database yet.
- Deconfliction server now complains when you try to use as your host
- Added cut/copy/paste/clear menu to most textfields. (for Glen)
- Added Workspaces -> Manage to edit, add, and remove dynamic workspaces.
- Added code to intercept "sessions -i ##" and open a meterpreter tab instead.
- Armitage now honors port setting when starting msfrpcd for you.
- Armitage now detects msfrpcd shutdown and offers user advice to fix it. The
  most common cause is probably a lack of msgpack.
- Fixed a deadlock that happened when generating a payload.

11.13.11 - A major rewrite of a lot of stuff.
- Moved from XML/RPC interface to MSGPACK. This should be much faster.
- Removed Armitage dependence on Metapsloit db.* API--since it may go away soon.
- Attack recommendations and Hail Mary no longer depend on db_autopwn. New code
  offers same results with improved speed.
- Simplified Hail Mary and Find Attacks to use port/OS information only.
- Greatly improved keystroke recorder. The option is now called "Log Keystrokes".
  It uses the Metasploit keystroke_recorder post module. Results are regularly 
  dumped into the post module window. Also, the results are stored as loot 
  available for the team to view.
- Launching the keystroke_recorder post module now makes an announcement to the
  event log.
- Added a button to Processes tab to log keystrokes. This will bring up a the
  keystroke_recorder module configured to migrate to the process and record 
  keystrokes there.
- Removed Workspaces menu. Armitage now works from the default workspace.
- Simplified Hosts menu.
- Meterpreter -> Access -> Persistence now calls persistence post module.
- Improved Meterpreter -> Access -> Steal Tokens, it's still wonky but it's a 
  little better now.
- Host import now uses db_import command running in a console.
- Added Armitage -> Set Exploit Rank to update the minimum exploit rank value.
- Armitage now displays up to 512 hosts and 12,288 services at any given time.
  This keeps Armitage operable even if you scan a big freaking network.
- Added dynamic workspaces. This feature gives you the ability to define a filter
  on the database and Armitage will display only hosts that match this filter.
  You may define filters based on operating system, open ports, and network address.
  Go to Workspaces -> Create to create a filter. Filters show up under the 
  Workspaces menu and you may switch back and forth betweem them too.
- Simplified the Connect dialog. One button. :)
- Right-click Scan option now scans for HTTPS.
- Check all credentials option no longer tries blank passwords/username as pass
- Added a read optimization to the console code. This will reduce load in a team 
  engagement + make consoles feel faster when there is output.
- Armitage now opens the event log tab instead of a metasploit console tab in team
- Fixed a host sorting issue in table view.
- Moved View -> Targets to Armitage -> Set Target View
- Overhauled how Armitage handles downloaded files. Downloads are saved to a set
  place on the attack server. Downloads are available to the whole team through
  View -> Downloads. This works like the loot viewer. Team members may view text 
  files or download binary files. This method is friendlier when downloading whole
  directories of stuff.

- Modified hail mary attack to get a little more success with some common Windows

- Added menu item to dump hashes using the old lsass method or the smart hashdump
  registry method.

10.13.11 take II?
- updated msf3/data directories to account for new install locations.
- Removed Meterpreter -> Access - > Duplicate because it is now redundant with
  Meterpreter -> Access -> Pass Session
- Updated Meterpreter -> Access -> Pass Session to have LPORT of default 
  Meterpreter listener. Click Launch to simply duplicate your current session.
- Added Meterpreter -> Access -> Steal Token to list and steal user/group tokens
- Updated meterpreter multiplexer to not expect output from rev2self. 

- added ability to set up VNC on a target when connected to a remote Metasploit
- Armitage now tells you where to connect your VNC client to access the desktop
  of a compromised host. You'll need to have a local VNC client available.

10.12.11 - oooh SECKSY
- fixed a typo in the default armitage settings file.
- made PAYLOAD helper friendly to post/windows/manage/payload_inject
- Meterpreter -> Access -> Pass Session now uses payload_inject

- Meterpreter N -> Hashdump now runs post/windows/gather/smart_hashdump module.
  This gives you the benefit of seeing its output and it works in more
- Right-click the tab X button and select Save Screenshot to take a screenshot
  of the current tab. This image will render the tab contents exactly as seen
  on the screen. Useful for putting together a report or presentation.
  (thanks Rob for the suggestion)
- Added a module launcher helper for RHOSTS and RHOST. This helper will let you
  import a list of IPs (separated by newlines) from a file into these fields.
- View -> Reporting -> Export Data no longer fails if there are no hosts to
  export data about.
- Armitage now runs post/auxiliary modules as jobs (meaning you may kill them
  using View -> Jobs)
- hashdump and smart_hashdump post modules will now announce to the event log
  that hashes were dumped when they're run (whether through the menu or 
  the module browser).
- View -> Reporting -> Export Data now takes a screenshot of the table view
  and includes it in the artifacts (when table view is active)

09.26.11 - take 2
- Improved performance when launching exploits and other modules that open
  a new tab.
- Launching an exploit will only open a tab when fewer than four hosts are 
  highlighted. If four or more are highlighted, then Armitage will use the old
  behavior of silently launching each exploit. [You're supposed to be able to
  attack hundreds of hosts at once--hence my desire to add this caveat]
- When launching an exploit in the background, Armitage will show a dialog 
  indicating that the exploit was launched against X hosts.

- You may now drag and drop Armitage tabs to rearrange their order.
- Armitage "show all commands" option (for better exploit feedback) is now on 
  by default. 
- You may now right-click a screenshot/webcam shot to zoom in or out on the 
  image. The zoom-level stays fixed (in case you refresh the image later)
- Added a menu to the X button in the tabs. Through this menu you may open the
  current tab in its own window or close all like tabs.
- Updated Hosts -> Import Hosts to reflect the current importable file types.
- Added View -> Reporting -> Export Data to dump most Metasploit tables into 
  TSV and XML files suitable for parsing (by you!) into a report format of 
  some sort. 
- Armitage now encodes (-e x86/shikata_ga_nai -i 3) any Windows meterpreter 
  payload generated from the module launcher dialog.
- [host] -> Meterpreter -> Access -> Duplicate now uses multi_meter_inject to
  launch Meterpreter into memory directly (rather than upload and execute a file)
- In teaming mode, Armitage will now automatically upload a file selected through
  the + option (e.g., USER_FILE +) to the Metasploit server and set the value
  in Metasploit accordingly.
- Modified error output for a failed Metasploit method to only display the
  method name and error message. Displaying a large input would cause Armitage
  UI to start flashing in some weird disco mode until a hard reset. Yeaah.

- Armitage now highlights the event log tab when something new is posted and the
  tab is not active. Control the color by editing tab.highlight.color pref.
- Fixed a bug preventing preference values from saving properly (and having an
- Added "Check all credentials" option to the login dialogs. This option will 
  login to the service to test each credential. Successful logins will populate
  the credentials table.
- Fixed a bug preventing the first open console from scrolling all the way to 
  the bottom when open.
- Credential export button now escapes the file path (making the button work on
  Windows). This bug is another good example of why you should use Armitage on
  Linux. It'll just work. Windows users: expect surprises.
- Use Ctrl+Shift on a tab X button to remove the tab and create a desktop window 
  with its contents. I suspect you'll find this really useful at times.
- Armitage now remembers your auto-layout setting. Right-click in the graph area
  to change it.
- Setting armitage.show_all_commands.boolean to true will now run each exploit in 
  its own tab. Setting this is a good way to get feedback on the attacks you
  launch and to learn the Metasploit console better.

- Fixed bug preventing Meterpreter -> Access -> Hashdump from noting all hashes
  into the credentials table.

07.30.11 - Paying down some engineering debt.
- Loot viewer no longer displays non-text files. If you try to "view" a 
  binary loot, it will the folder containing it.
- Improved UI responsiveness by making sure all communication with Metasploit
  happens in some thread other than the UI thread. This will prevent latency
  from bogging the UI down and making it feel locked up. Armitage will also
  feel a lot faster for many actions.
- The code that creates a console, executes a command, and calls a callback
  now uses a much tighter sleeping schedule (10ms vs 500ms). This greatly
  improves Armitage responsiveness.
- Armitage connect progress dialog now shows progress setting up the Armitage
  environment once a connection is successful. Chances are it'll happen fast
  enough that you won't see it. 
- View -> Activity Log now opens activity log folder on MacOS X.
- Removed restriction that prevents user from deleting/clearing default 
- File chooser helper used to set values in the module launch dialog now 
  escapes all backslashes in the path. This fixes a problem on Windows caused 
  by the console stripping the unescaped backslashes.

07.28.11 - Armed for Metasploit 4
- Armitage now sends use prive with use stdapi when it gets a command not
  found error in Meterpreter.
- Armitage now sends BLANK_PASSWORDS 0 with any Login menu items. This
  should speed up the login by forcing Metasploit to not try a blank
  user/password first.
- Armitage no longer sends payload related variables to auxiliary modules.
  (note to programmer: auxiliary modules don't use PAYLOADs :P~~~)
- Module launch dialog for client-side attacks (fileformat and browser) 
  now presents payload options to you. They're still configured to a 
  reasonable default (and updated as the exploit target changes).
- Client-side payload "guess" is now better about selecting an OS X specific
  payload when appropriate.
- Double-click the PAYLOAD option in the module launch dialog to open a 
  chooser that lets you select a payload and choose whether to create a 
  handler for it or not. This will configure the appropriate payload vars
  for you. You're welcome to tweak them from there.
- Simplified some of the logic in the file browser and added better error
- Added a visual hint to clickable option names in the module launcher.
  Double-clicking these options will open a dialog to assist setting the value.
- Added a visual hint to clickable preference types in the preferences window.
  Double-clicking these types will open a dialog to assist setting the value.
- Fixed a potential deadlock caused by launching modules while Armitage is
  still initializing.
- Added a preference to disable displaying the MSF ASCII banner when a new
  console opens. This preference is set to show the banner by default.
- Added a regexp to strip non-ascii chars from usernames collected with dump
  hashes. The RPC daemon throws an exception when I try to report usernames
  with these chars in them.

23 Jul 11 - Change Log
- Ooops! My baaad. I broke db.creds in MSF. Someone else unbroke it. Now
  I call it the right way from Armitage so everything works like it's 
  supposed to. :)

21 Jul 11 - Change Log
- loots dialog is now populated by db.loots RPC call. This is faster
  and compatible with changes made to MSF.
- credentials dialog is now populated by.creds RPC call. This is 
  faster and compatible with changes made to MSF.
- RPC connection code now strips out more characters that may cause 
  the XML parser to complain. 

  ** There were a few changes made to MSF over the past few days that
     broke the credentials and loots dialog. This update brings Armitage
     back to compatability with what exists in MSF trunk. **

19 Jul 11 - Change Log
- You may now execute a post module against multiple hosts at once.
  Simply highlight the hosts, find your post module, double-click it
  and watch the magic happen. The drawback--each session will open a
  new tab to display the output of the post module.
- You may now hold down shift and click on a tab to close all tabs
  with the same title. If you run a post module against multiple hosts
  this is a good way to get rid of all those tabs.
- Graph view Ctrl+P shortcut (save screenshot of graph view) now shows
- post module output now logs to ~/.armitage/[host]/post.log
- Fixed some weirdness with popup menu mouse events not being consumed
- Added View -> Activity Logs to open folder containing Armitage logs
- Fixed command history so up arrow really gives the previous command
- Keystrokes dumped using dump button on key scan dialog are now logged
  to ~/.armitage/[host]/keyscan.log

  *Respun* Armitage.dmg with .app file fix for MacOS X Lion. Thanks to
  @NightLion for contributing this.

12 Jul 11 - Change Log
- Fixed a race condition causing some file browser actions to fail on 
  Windows hosts at times.
- Files downloaded through file browser are now archived in:
- Hail Mary output nows goes to [log dir]\all\hailmary.log
- Added Crack Passwords button to Credentials tab. This opens the 
  launcher for John the Ripper: auxiliary/analyze/jtr_crack_fast
- Added Post Modules item to Meterpreter N -> Explore and Shell N menus. 
  This menu item will show applicable post-exploitation modules in 
  the module browser.
- Loot browser now opens loot viewer as a tab.
- Loot viewer now has many of the same keyboard shortcuts as a console
  tab. You can Ctrl+F to search for stuff, Ctrl+Plus/Minus to increase
  and shrink the font, and Ctrl+A to select everything.

02 Jul 11 - Change Log
- Doubled wait time for Meterpreter ls command to complete.
- Armitage now shows psexec option instead of smb on Login menu for
  Windows hosts (when smb service is present).
- Fixed bug preventing manual import of a single host
- Removed automatic resending of console commands that didn't appear
  sent. This was a work-around for a msf bug that may not be present
  anymore. We'll find out.
- Removed --script-all from NMap profiles. I saw quite a discussion
  about this on the NMap mailing list. Oops. Oh well :)
- All host import options now use Metasploit's import_data RPC call.
  This is what all the remote calls map to anyways.
- Added Help button to start dialog.
- Armitage now opens cmd.exe and executes programs from the file 
  browser using the current process token (execute -t in Meterpreter)
- Added logging. Logs are stored in ~/.armitage organized as
  [date]/[host]/[file]. The logging captures:

  - all Console tab output (console.log)
  - the collaboration event log (event.log)
  - all Meterpreter tab output (meterpreter_[session].log)
  - all Command Shell tab output (cmd_[session]_[pid].log)
  - all Shell tab output (shell_[session].log)
  - all Screenshots captured through Armitage (.../Screenshots/)
  - all Webcam shots captured through Armitage (.../Webcam Shots/)

  You can turn this off by setting armitage.log_everything.boolean
  to false in the Armitage preferences.
- Added a Reset button to preferences dialog to reset Armitage 
- SSL now defaults to off on all platforms
- Added a Default button to the database settings helper. This 
  button loads the default database settings ignoring what is in the
  config file.
- Loot viewer now uses the same colors and font as a console tab
- Fixed bug preventing Loot browser from populating data/time column
- Preferences dialog now brings font and shortcut dialogs to front
  to prevent them from being hidden by prefs dialog.

24 Apr 11 - Happy Birthday Gerry Edition
- Added a check to prevent jerk faces from entering an empty nick in
  collaborative mode. :)
- Fixed a potential dead-lock condition with the screenshot/webcam
  shot tab.
- Armitage -> Listeners -> Reverse now binds to 
- Host import now posts an event to the collab mode shared event log
- added an option to display an MOTD message to clients that connect
  to Armitage in the collaboration mode. Use -m or --motd before
  --server and specify a file, e.g.:

  armitage -m /path/to/motd.txt --server ...

  Clients will see this message when they connect.
- Added Meterpreter -> Access -> Pass Session to send a meterpreter
  session to a handler set up on another host.
- Armitage now sets ExitOnSession to false for multi/handlers started
  within Armitage.
- Pivoting and ARP Scan dialogs now highlight first option by default.
- Added a sanity check to the Route class to prevent malformed IPs
  from screwing up sorting.
- Removed sqlite3 from the database options. I should have done this
  long ago--it has no place in Armitage.
- Armitage now intercepts meterpreter "shell" command and opens a 
  new tab with the cmd.exe interaction in it.

17 Apr 11 - Change Log 
- Windows command shell interactions are now less likely to die. How
  oh how did we get here? Armitage interacts with cmd.exe through a
  Meterpreter channel. If an unnecessary read happens, it ties up the
  meterpreter session for 10-20s AND the channel dies. If you typed
  commands in too quickly, it's probable that Armitage would do an
  unnecessary read and the channel would die. I believe I've headed 
  off this problem. Armitage now locks the channel until the command 
  completes. If the command times out or completes, the channel 
  becomes unlocked. This should prevent most out of place reads. In
  collaboration mode, this was a great way for excited teammates to
  tie up the meterp session for everyone. :) "I typed this command
  20 times and nothing happened!!!" Doh! You queued 20 reads with a
  10-20S timeout each and destroyed that channel. -- Armitage 
  protects against this situation now.
- Command history no longer saves empty commands.
- Armitage server mode now provides all details that a client needs
  to connect to the server.

13 Apr 11 - Change Log (Dayton, OH Capstone Edition)
- Metasploit now has host normalization (this is great news). I've 
  removed the OS reporting code from Armitage as a consequence. This 
  means less overhead communicating with Metasploit
- Fixed a potential deadlock triggered when interacting with a Windows
  command shell. Sorry about the freezes Matt and Brant.
- Fixed a strange condition in Armitage that sometimes caused shell
  sessions to die.
- Download from file browser now notifies user when a file is downloaded.
- Armitage server mode now prints database connect string to console to
  assist with set up of Metasploit teaming.
- Fixed a bug causing exploit recommendations to not show for Windows 
  hosts due to host normalization
- Added a check to prevent cd .. button in file browser from retriggering
  too quickly. This will prevent the meterpreter command queue from 
  becoming very backed up doing a cd/ls over and over again.
- Graph view no longer counts edges as a selected item when creating a
  list of hosts to apply an action to.
- Added another heuristic to prevent Windows cmd.exe interaction from 
  locking up.

10 Apr 11 - Change Log
- Fixed key logger dump button.
- Process migrate function displays success or fail message again.
- Armitage now displays nmap output in a tab. You can thank scriptjunkie
  for making this work in Metasploit. Please send cash, check, or money
  order directly to him.
- Greatly improved post-pivot host discovery workflow... here's the deal:
  -- [host] -> Meterpreter -> ARP Scan menu now shows networks local to
     host and lets you choose to launch an ARP scan from that Meterpreter
  -- Highlight one or more hosts, right-click, and select Scan to launch
     MSF discovery scans against the highlighted hosts.
- Added a rudimentary loot browser/viewer to Armitage. Go to View -> Loot
  to see the currently captured loots. Loot is the Metasploit term for 
  data captured by certain post/ modules.
- Armitage now presents a warning when it detects a second Metasploit 
  user connected to the same Metasploit server without the collaboration
  server in place.
- Armitage collaboration mode now updates target information more often
- Updated Armitage to work with Metasploit's new normalized host OS 
  constants and to restore the os_flavor value when it is wiped out.

16 Mar 11
- Shell -> Disconnect now executes in a separate thread.
- Armitage now creates ~/armitage-tmp and writes there if the current dir
  is /Applications or it can't write to the current directory.
- Fixed a potential deadlock issue in the file browser
- Directory up button in file browser now shows that it has been pressed
- Added Execute option to file browser (now you can run a program by
  right-clicking on it and selecting Execute--for Jesse)
- Multiple improvements to responsiveness of command shell and meterpreter
  tabs. This should benefit collaboration mode too.

12 Mar 11 (MACCDC Post Day 1 Update)
- Fixed a bug preventing host import from working with a remote connection
- Armitage client now increases default wait for meterpreter commands to
  complete when in teaming mode.
- Increased wait time to download a generated payload file to 8s.

11 Mar 11 Update (0100h EST)
- Fixed a deadlock condition in the module launcher (caused by the changes
  to increase responsiveness... oops).

10 Mar 11 Update (2230h EST)
- Fixed race condition importing manual list of hosts (sometimes the file
  would get deleted). Grr.
- Added a lock to prevent multiple Armitage clients from trying to 
  determine what OS a box has. This should help in CTF situations.

10 Mar 11 Changes

Quick story: NECCDC 2011 Red Team. TJ launches a script that lands 70
sessions in the first few seconds. 11 red team members are connected to
Armitage eager to carry out their pieces of pwnage. The Ruby process pegs
the CPU and Armitage fails spectacularly. Very funny. This releases fixes

- Armitage YAML parser now accepts quoted strings in the YAML fields
- Added caching of sessions.list, db.hosts, and to Armitage 
  collaboration server. This should help prevent msfrpcd from overloading
  when many clients are connected and owning boxen at one time.
- Improved GUI responsiveness by making several parts of the Armitage GUI
  spawn a new thread to avoid blocking while communicating with Metasploit
- Added a tooltip to the "Start MSF" and "Connect" buttons to clarify use
- Export credentials button now prompts for a remote file when connected 
  to a remote Metasploit instance.
- Export credentials and payload generate output now transparently  
  downloads to your local host when connected to Armitage's collab server.
- Armitage now loads stdapi in Meterpreter if it finds it's not loaded. 
  Armitage also prompts you to rerun the failed command when this happens.
- Right-click in services now shows popup for taking actions against 
  selected hosts. Now you can do mass actions against hosts sorted by port.
- Added Access -> Persist to Meterpreter menu. This will run Meterpreter's
  persistence script using the default Armitage handler. Meterpreter will
  start at boot and at login.
- Added an file for MacOS X. Use Armitage from OS X as a
  client to connect to Metasploit hosted in other places.
- Added a check for whether current working directory is writeable or not.  
  If it's not, Armitage does all of its read/write operations in home dir.

Tested with 10 concurrent Armitage clients from four boxes with 140+ shell 
sessions and a few meterpreter sessions. I think we're ready to rock now.

27 Feb 11 Changes
- Webcam snap features works again. Sorry about that. :)
- Download file button in file browser now works through the collaboration
  server. This feature has a few limitations / requirements:

  1) Armitage server must have the same $PWD as msfrpcd
  2) Files must download in less than 12s or else you'll need to retrieve
     them from the msfrpcd host.
  3) Recursive downloads of files from a directory are kept on the host with
     msfrpcd. You'll need to retrieve them with sftp or something else.

25 Feb 11 Changes

This release is primarily bug fixes. The network attack collaboration 
feature is further tested and ready for your use.


- Armitage now consumes data from msfrpcd's stderr when Start MSF button is
  used. This means Armitage won't lock up when database tables are 
  initialized during the first run on Windows.
- pivoting, logins, hail mary, and pass-the-hash now print to the event log.
- Pass-the-hash dialog is now available via [host] -> Login -> psexec.
- Fixed bug causing Event Log menu to be present outside of collab mode.
- start-up shell script is now named armitage
- Console destroy and shell unlocking commands on tab close now happen in a
  new thread to prevent the GUI from blocking.
- Armitage now stops meterpreter read thread when it detects a dead session.
- Replaced jyaml with a quick and dirty parser that doesn't mistake ####e#
  for a double number. This was screwing up connecting to postgres for some
  of you.
- Upload button in file browser now works through Armitage's collab server
- Added Ctrl+P shortcut to save screen capture of hosts graph view 
22 Feb 11 Changes
- Improved shell "when should I read more data from this channel" heuristic. 
  This means command shell sessions should not freeze on an errant Meterp.
  read command that blocks until the universe is recreated.
- Fixed a potential deadlock using Armitage's meterpreter dialogs with a 
  meterpreter tab open.
- Command shell tab now only opens when Armitage knows channel and PID 
- Rewrote how Armitage interfaces with Meterpreter. This has a few impacts:
  -- Armitage now waits for a command to execute and reads its output
     before executing another command. This prevents Armitage from getting
     confused when you're doing a lot of stuff at once.
  -- You can now open multiple meterpreter console tabs for a session 
  -- Commands executed by Armitage's dialogs will not show up in your 
     Meterpreter tab(s).
- File browser now does a cd "current directory" before each action. 
- Added a network attack collaboration feature to Armitage. This is as 
  beta as it gets (although it *should* work). To use it, start msfrpcd
  and connect Armitage's collaboration server (on the same box as msfrcpd!)

  ./armitage --server host port user pass [ssl? 1 or 0]

  This will connect Armitage's collaboration server to the Metasploit RPC 
  daemon you specify. This server will then bind port+1 and tell future 
  Armitage clients to use it for extra collaboration features.

  Connect one or more remote Armitage clients as normal. Some of the 
  features you get in this mode:

  1. View -> Event Log for chatting and watching major events
  2. Command shell and webcam/screenshot features work for remote clients
  3. Armitage clients automatically lock a shell session when they're in use
     and notify other clients that it's locked if they try to use it.
  4. Transparent real-time sharing of meterpreter amongst multiple clients.
- Payload generation now works on Windows (I wasn't escaping the backslashes
  in the paths... doh!)
- Armitage now prompts you for a path (and not a file chooser) when generating
  a payload using a remote connection to Metasploit.
- Armitage now loads database settings from file in MSF_DATABASE_CONFIG env var
- You can now highlight text in the Armitage console tabs on MacOS X.
- Fixed a potential deadlock when opening a Windows command shell tab

Update 9am EST
- Removed a remnant of my development environment from If you see:
  jar file to import package from was not found! at line 25

  Then you need to update.

13 Feb 11 Changes
- Organized View menu (it was getting out of control)
- Added RPC Console item to view menu (Start MSF only). This item will show
  the STDOUT for msfrpcd. Use this to watch nmap's output.
- Added Ctrl+A shortcut to select all text in a console tab
- Kill meterpreter, kill pivots, and credential dumps now use fresh 
  consoles to execute. This ensures they will execute even if the global
  console is stale (this sometimes happens.)
- Added tab completion to Meterpreter window.
- Hosts -> Import Hosts now lets you select multiple files to import at once.
- Use SSL is now checked by default on Linux (and unchecked by def. on Win)
- Updated Armitage to remove or alter some UI options when connected to a 
  remote Metasploit RPC instance. 

  -- Meterpreter shell is the only interact option 
  -- Webcam and Screenshot menu items are gone
  -- Upload asks for a full file name rather than show a file chooser dialog

  These adjustments are necessary during remote connections as Armitage does
  not have access to the local file system of the Metasploit RPC daemon.

21 Jan 11 Changes
- Increased wait time between connection attempts to MSF RPC
- Fixed bug with Windows command shell not working when using Armitage from a
  Windows host. 
- Host refresh using sysinfo now only happens when no OS is set for the host.
- Fixed a deadlock condition caused when an automatic sysinfo request was 
  made while a Meterpreter tab for the same host was open.

18 Jan 11 Changes
- Added a Migrate Now! item to Meterpreter Access menu. Runs migrate -f.
- Right-click in Meterpreter console now shows menu as before (silly bugs).
- Armitage now detects hashdump failure and reports possible causes to you.
- Armitage now binds default handler to 
- Added a table view for the targets area. Go to View -> Targets to change the
  setting. If you're working with many hosts, table view may be better for you.
- Added preliminary support for Metasploit post/ modules. You can launch them 
  and if a host is highlighted, Armitage will populate the SESSION var for you.
- Armitage now uses the sysinfo command in a meterpreter session to pull host
  OS info if it doesn't know it. This also means Armitage will auto-populate
  the host OS when a client-side attack is successful.
- Tab completion is now ignored when input field is empty

13 Jan 11 Changes
- Hosts reported as Windows Me now display W2K era Windows logo.
- "Hail Mary" attack is now launched and managed by Armitage. Exploits are 
  selected using the output of db_autopwn AND the operating system information
  Armitage knows. Also attacks are launched in a more optimal order (sorted by 
  exploit rank/age). This is a big improvement over db_autopwn by itself. 
- Added a link to the Armitage Issue Tracker in the Help menu.
- Updated remote exploit payload selection to choose Java payloads or Windows 
  shell payloads before resorting to the generic/* payloads.
- Updated client-side exploit launcher to let you select the target. Armitage 
  uses this target (plus the exploit name) to determine which payload to use.
  multi/java_signed_applet works very nicely now ;)
- Fixed (once and for all now) the mysterious OS info not refreshing bug.
  Now those pretty OS pictures will show up if Metasploit knows about the OS.
- Added a 52 character length limit to a target's description in the target
  dropdown. This stops weird GUI layouts caused by long target descriptions.
- Exploit recommendations now take into account FreeBSD hosts.
- Added an OpenBSD option to the hosts menu.
- Armitage now does a setg AutoLoadStdapi true when setting up MSF.
- Last modified field of file browser now sorts properly.
- Jobs console and its kill feature should now work in all circumstances.
- Session menus for meterpreter now limited for non-Win meterp sessions.
- Updated Armitage/Windows to provide a better startup experience. Simply
  extract the archive over your MSF install and rock n' roll.

22 Dec 10 Changes
- Updated meterpreter shell and command shell console to honor your set
  preferences. I forgot to pass $preferences to the console constructor. Doh!
- Added a -d/--debug command line option. This will dump System.getProperties()
  and a log of all exchanges with the MSF server to debug.log in the current
  working directory.
- To play nice with existing conventions, Armitage is now licensed under the
  BSD license. Distribute, use, reuse, recycle.... have fun.
- Fixed a deadlock condition that arose when a large nmap scan is imported
- About dialog now shows up centered.
- Armitage now has a graphic for Cisco IOS. You can mark a host as a Cisco IOS 
  device. Also Armitage recognizes IOS from an NMAP Scan.	
- Fixed Armitage "crash" due to read timeouts. This would occur for those of
  you who ran a really taxing operation (e.g., db_autopwn).
- Added a time limit flag to db_autopwn (20s)
- Ctrl+R is now even more aggressive clearing internal data structures.
- Shell N -> Meterpreter... no longer blocks waiting for the operation to

13 Dec 10 Changes

- Added Meterpreter -> Browse -> Webcam Shot to grab webcam snap shots.
- You may now click the image in the webcam/screenshot view to save it.
- Workspace -> Create menu now automatically switches you to the net workspace.
- UNIX shell sessions now have an Upload... menu. This item will open a local
  file and use the printf command on the remote host to put it together. It's 
  slow but it works. 
- Removed the rename file menu item from the file browser. It turns out I had 
  my Windows command shell vs. meterpreter command interface crossed. The 
  command doesn't exist in Meterpreter.
- Upload button now waits until file is uploaded to refresh file listing
- Added Timestomp item to File Browser popup menu. This works like a clipboard.
  Select Get MACE to capture the MACE values of the current file. Use Set MACE
  on another file to set the MACE values to the currently known attributes.
- Dump hashes menu item no longer pulls up a new credentials tab. 
- Added a Refresh button to the credentials tab.
- Updated db refresh code to be a little smarter about when it needs to merge
  db_notes hints into the MSF database.

6 Dec 10 Changes

- added -y filename.yml command line option for specifying a YAML file with
  database parameters
- updated "Start MSF" to launch "ruby msfrpcd" on Windows. This requires the 
  current working directory of Armitage be set to the Metasploit base directory.
- jobs view now parses job output with only 3 columns of information.
- connect dialog is now centered on your screen when you start Armitage
- Armitage now saves your settings when you use Start MSF.
- Armitage now forces cells in editor mode to save before launching a module or
  an exploit. This should prevent a few surprises where things seemed like they
  weren't working for a few of you.
- MSF Discovery Scans are now started from a separate thread, preventing 
  Armitage from "locking up" while the scans launch. A dialog also comes up to
  state how many scans were launched.
- MSF Discovery Scans are now limited to 2 threads/scan on Windows and 8 on
  other operating systems. This prevents serious lag issues caused by 
  starting too many threads.
- connect dialog is now a window, meaning it has an icon in whatever your 
  window manager is and if you close it Armitage exits.
- updated DB Connect String helper dialog to ask for DB user, DB pass, DB host, 
  and DB name. This should prevent some of you from confusing the database 
  user/pass with the MSFRPCD user/pass.
- Current environment variables are now passed to msfrpcd when executed from
  Armitage. This will allow msfrpcd to inherit any PATH changes and other 
  necessary things when Armitage is run from a shell script or batch file.
- Added .svn folders to the Armitage distribution. Now you can use svn update .
  to keep your install of Armitage up to date.
- File browser upload and make directory commands now allow files with spaces
  in them.
- Armitage will now exit if it takes longer than 5 seconds to shutdown msfrpcd
  when cancel is pressed during the connecting phase.

25 Nov 10
- start msf button now kills msfrpcd session if db_connect fails
- set default database options to mysql with BackTrack 4 R2 settings.
- Armitage -> Exit menu now kills msfrpcd, if the "Start MSF" button was used
- Added ability to set up a multi/handler from Payload launch dialog

13 Nov 10
- fixed file browser directory icon showing up in every field within Windows L&F
- added an export button to the credentials view. This will save the credentials to 
  a pwdump format file.
- fixed console highlighting issue, sadly you'll need to click in the console input 
  box for it to have focus again. Write once, debug everywhere.
- added "hail mary" attack option--this launches db_autopwn
- attack menus now honor the armitage.required_exploit_rank.string setting
- added Ctrl+R shortcut for refreshing the target view (esp. OS info)
- fixed db_notes parsing for latest version of MSF (3.5.x?)
- fixed how auxiliary scans are displayed in the jobs table.
- db connect helper now prepopulates fields with info taken from connect string
- added an 8s timeout to abort the database connect if it fails.
- OS from db_notes to db_hosts refresh is now guaranteed on connect
- Packaged everything into a single jar file, now I can code in what I like 
  without hassle from people who are too lazy to look at the code.
- SSL handshake now fails after 8 seconds (should give those of you trying
  an SSL connect to a non-SSL server an idea that something is up)
- added an executable to launch Armitage on Windows
- fixed command shell interaction bug caused by directories with spaces.
- Start MSF button now reports an error if it couldn't start MSF-RPC

2 Nov 10
- Initial (priv8) release.