All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- Added a config variable, NGINX_MAX_BODY_SIZE, to adjust how big of a file is allowed through the Mythic UI for uploads
- Updated the container stopping logic to thread instead of doing it sequentially
- Added check for docker compose plugin, not just docker version
- Updated the default value for an installed service's *_use_volume setting to be
false
instead oftrue
- too many people were having issues with lingering volumes, so it's better to have people explicitly set this if they need it
- Updated mythic_server_allow_invite_links to get passed into the mythic_server container
- Dropped support for
docker-compose
script as it causes too many breaking issues in Kali- Make sure the
compose
plugin is installed with Docker (should be default in modern installs)
- Make sure the
- Added support for
--keep-volume
flag with start, build, and install commands- This allows you to manually override on a per-command basis if you want to keep the volume with an agent/c2 container or not
- By default, if
rebuild_on_start
is true, then volumes will be removed when containers start. - By default, volumes are removed on explicit
build
commands.
- Added support for tracking an installed service's
install_location
mythic-cli update --all-services
and./mythic-cli update --services [name] [name]
can check for updated remote_images
- Added option for
mythic_docker_networking
to allow forbridge
orhost
networking- This applies to all main mythic services
- Added a check for a GraphQL query to help make sure things are fully online before returning success from start
- Hopefully fixed a permissions issue with the /projects directory for jupyter notebooks
- Made the default for dynamic ports to bind to localhost
- Added experimental support for changing the mythic_server container to host networking
- Fixed an issue with wrapper payload installs that was checking the wrong environment variables
- Updated docker go library and had to slightly refactor namings due to incompatible updates
- Added a -f (--force) flag for the
sudo ./mythic-cli database reset
command to not prompt for confirmation to help with automation
- During installation there's a typo for checking the .env for the documentation_use_volume boolean that broke wrapper installs
- Updated mythic_react to not use volumes since they keep old UI pieces around
- Fixed improper golang type when adding new services
- Updated the default values for docker-compose to add back in labels and names
- Added
global_restart_policy
env option to allow configuring of docker containers to restart 'always', 'unless-stopped' - Fixed bug in installed agents where additional docker-config attributes would get overridden after initial install
- Updated postgres processing for exposed ports for proper handling in Docker vs docker-compose
- Reverted back to using command in docker-compose to fix permissions issues
- Fixed a bug where postgres wasn't exposing the port properly
- When installing an agent/c2, check for the *_use_build_context and *_use_volume keys before setting them
- Updated how file volume copies work to leverage the
docker cp
command - Added a
backup
command with subcommands fordatabase
andfiles
- Added a
restore
command with subcommands fordatabase
andfiles
- Updated commands with Help displays when subcommands are available
- Updated
*_build_build_context
to default to false - Fixed an issue with a typo in mythic-cli's default value for the rabbitmq_host variable
- Updated the addition of 3rd party containers to remove existing volumes if they exist
- Updated the config get/set regex matching to search for matching settings as all upper case or all lower case
- Fixed an issue with parsing empty docker-compose files not adding in necessary services key
- Removed the usage of the volume container for
mythic_graphql
- Existing volumes for mythic_graphql break new updates since the old volume information is used
- Refactored to allow multiple kinds of managers for Mythic (defaults to
Docker
) - Added volume support
- Updated the 3rd party service additions to respect existing volume mounts
- Updated environment variables to have
nginx_use_ipv4
andnginx_use_ipv6
configuration options
- Updated environment variables to support *_mem_limit to restrict the memory usage by the various containers. This applies to all containers that also support setting their cpu limits. To restrict to 2GB, set "2gb", to restrict to 512MB, set "512mb"
- Removed the hard-coded mythic docker network subnet of 172.100.0.0/16. With this update you need to tear down all containers and rebuild so that the new networking applies.
- Updated the docker-compose creation process to not exit on failing to read in a newly created yaml file
- Added
services
command to list out container status, image build status, and dockercompose entry status for all folders in InstalledServices
- Adjusted installs to not error out if documentation folders fail to install
- Fixed a control flow bug that would restart all containers if building a new single container
- Updated the
./mythic-cli status
command to break out a distinction between services in docker compose that aren't running and those not in docker compose
- Pulled in a PR to make sure documentation-wrapper information is pulled in on install for services
- Updated the
./mythic-cli status
command to list out additional services installed but not present in docker-compose - Updated the
./mythic-cli config service
command to list out just configurations needed for remote agent development - Added new variable,
mythic_server_dynamic_ports_bind_localhost_only
, specifically to control if dynamic ports are bound to localhost or not, separate from mythic_server
- Updated docker-compose to bind the Dynamic ports for Mythic to localhost if
mythic_server_bind_localhost_only
is set to true
- Updated mythic_jupyter docker-compose entry to keep the
deploy
key and all sub keys - Updated health check for mythic_nginx to use curl instead of wget
- re-building mythic service containers will re-generate their docker-compose file entries first
- Added a command to remove containers
- Fixed an issue where installing another services after mythic_sync would uninstall mythic_sync
- Updated failed installs to return exit code 1 instead of just printing error and exiting
- Updated Mythic's env to take in configuration channels for the various webhook types and mirror it to containers
- mythic_sync installation pointed to normal service installation instead of mythic_sync install
- Added DEFAULT_OPERATION_WEBHOOK_URL and DEFAULT_OPERATION_WEBHOOK_CHANNEL values
- updated install service functionality to also start the service
- Updated to use viper and cobra
- If the
services
section of the docker-compose.yml file is already set, then themythic-cli
binary doesn't modify it. This allows people to make small modifications (such as adding IPv6 addresses) without being overridden. The only field that gets statically changed back each time the mythic-cli binary is run is thenetworks.default_network.driver_opts
field since the yaml parser will break up thecom.docker.network.bridge.name
field into subkeys rather than leaving it as a single key.