Home
Welcome!
Here you can find all information about all editions of Octopwn:
- Getting started with Octopwn
- How to install Octopwn
- Overview of clients
- Overview of scanners
- Overview of utilities
If you need further help, please write us here or use the support channel on our Discord.
Current Octopwn version: v1.1 (6-November 2024)
Currently in development: New UI, Attacks, improved file uploader, bug fixes, documentation updates
Release notes for v1.1:
DNS client
- can resolve already stored targets (both IP and hostname)
- can resolve addresses from files
- some fixes on the underlying client
NFS3 client improvements
- file browsing and downloads/deletion etc. is now supported from the file browser window
- some fixes applied to the client code itself
[NEW] NFS3 file scanner
- same as SMB file scanner, but on NFS3
[NEW] HTTP client (beta)
- can render single pages via the proxy
- can perform GET and POST queries
[NEW] NEO4J client (beta)
- attach to neo4j database
- store octopwn data as nodes (targets,credentials, proxies) and edges (sessions)
- can interpret existing bloodhound data
- perform bloodhound queries
- extend existing bloodhound data with octopwn data, and perform combined queries
[NEW] Python IDE (beta)
- uses Monaco IDE, same as VSCode
- can run python scripts from the browser (pyodide limitations apply)
- can automate octopwn
- has languageserver support for python
[NEW] Octopwn API interface via languageserver
- supports the new IDE
- must be run separately
- available on our github
Bug fixes
- image editor (beta) fixed
- share enumerator statistics fixed
User Interface improvements
- you can close windows now. Finally :)
- window title text improvement
- scanner mandatory parameters indicated
- frontend-only utilities can be launched from the utils menu
Release notes for v1.0:
GUI Enhancements:
- File Integration: Load targets directly from files, enhancing ease of use.
- Improved Navigation: Enjoy paginated target views.
- Batch Processing: Targets are now sent in batches from the Python core.
- Enhanced Interaction: Copy IP and hostname details individually from the targets table.
- Credential Management: Merge hashes and create new plaintext credentials via file upload.
- Error Handling: Clear notifications for missing parameters, avoiding unnecessary exceptions.
- Session Setup: Enhanced display of selected targets and credentials in the client creation modal.
- Demo Lab Access: Triggered exclusively via wsnet URL during setup.
Client Improvements:
LDAP & SMB Enhancements:
- LDAP target enumeration is now faster with batch processing.
- SMB notifications for session status are more reliable.
- Cross-forest dcsyncing is possible with extended target specification options in SMB dcsync.
- New regdump2 command in SMB for safer registry secrets dumping.
- Beta feature for DPAPI secrets dumping and parsing in SMB, enhancing data security.
Scanner Enhancements:
- User Experience: Direct file downloads from the SMBFILE scanner results.
- LDAPSIG Scanner: Fixed display issues in results table.
Utility Tools Updates:
- pypykatz’s 'ofscan' Tool: Enhanced decryption capability with updated regex and 'latin-1' encoding.
Core System Updates:
- Session Management: Improved file versioning and accurate storage of target port and group details.