TUI 2.0

This release introduces a new Terminal User Interface (TUI) with runtime introspection capabilities, along with various improvements to the codebase structure and tooling.

Major New Features

Terminal User Interface (TUI) with Runtime Introspection

A comprehensive terminal-based interface has been introduced, providing interactive runtime introspection and control capabilities:

• REPL Commands: Added a full set of commands for runtime inspection and management:

  • env: Inspect environment variables and runtime state
  • ip: Display network interface and IP configuration information
  • config: View and modify global configuration settings
  • proto: Manage and inspect protocol modules
  • db: Database interaction and query commands with completion support
  • Service management commands to start/stop services dynamically

• Interactive Features:

  • Inline completion support for enhanced usability
  • Command completion for database operations
  • Error handling improvements for unexpected runtime issues

• Runtime Introspection: The TUI enables deep inspection of the running Dementor instance, allowing users to:

  • Monitor active services and their status
  • Examine protocol configurations in real-time
  • Query captured data and credentials
  • Adjust settings without restarting

Codebase Improvements

• Protocol Modules: Transitioned to class-style protocol modules for better organization
• Server Architecture: Added async server threads for SMTP and QUIC protocols
• Configuration Management: Moved interface settings into SessionConfig for centralized management
• Comprehensive import cleanup and organization across the codebase
• Updated CLI reference and added comprehensive TUI documentation

What's Changed

• enable all ruff rules with curated ignores and fix violations by @StrongWind1 in #30
• Update pyproject.toml and CI workflows by @StrongWind1 in #29
• [DEV] Better Terminal UI by @MatrixEditor in #31

Full Changelog: v1.0.0.dev20...v1.0.0.dev21

This release introduces an updated project layout:

• use uv instead of bare-metal python pip for development
• use ruff for linting and formatting

CI pipelines

Additions also include new CI/CD pipelines to automatically check and test the project's code base.

• ci-docs: updated documentation job
• ci-test: run pytest
• ci-lint: validate source code format conformance
• Updates to wheel-publish include changes introduced while changing to uv

Full Changelog: v1.0.0.dev19...v1.0.0.dev20

This pull requests includes a complete revamp of the hash extraction from the NTLM authentication flow (huge shout-out to @StrongWind1 ) that also includes labeling the captured hashes correctly. A detailed overview of the changes introduced, refer to #22 (comment).

Added

• New configuration options for NTLM:
  • ntlm_disable_ess (replaces ntlm_ess with inverted polarity)
  • ntlm_disable_ntlmv2 to force NTLMv1-only captures
  • ntlm_challenge (fixed typo from ntlm_challange)
• Support for hex: and ascii: prefixes in NTLM challenge configuration
• Enhanced hash extraction returning all crackable hash types (NetNTLMv2, NetLMv2, NetNTLMv1-ESS, NetNTLMv1)
• Dummy LM filtering to exclude null/empty-string LM hashes
• Detailed information of the client that tries to authenticate using the NTLM SSP (hostname, domain, version/OS)
• docstrings for all development-relevant modules

Changed

• ntlm.py for spec-aligned hash extraction:
  • Improved version detection using payload length instead of ESS flag
  • Proper flag echoing for SEAL, ALWAYS_SIGN, and KEY_EXCH
  • Mutual exclusivity enforcement between ESS and LM_KEY
  • Removed NTLMSSP_AV_TIME from AV_PAIRS to allow LMv2 capture
• Updated hash labels: NTLMv1 → NetNTLMv1, NTLMv1-ESS → NetNTLMv1-ESS, NTLMv2 → NetNTLMv2, LMv2 → NetLMv2
• Updated imports and configurations across all affected protocols (HTTP, IMAP, MSSQL, POP3, SMB, RPC, LDAP)
• Updated session config defaults and example Dementor.toml
• Updated FTP server implementation to be flexible for future additions

Fixed

• Spec-compliance gaps in NTLM hash capture quality
• Anonymous and null LMv2 filtering
• Invalid source code links in the documentation

Removed

• Single hash extraction limitation (now able to return multiple hashes per message)
• Removed ProtocolLoggerMixin and merged functionality into BaseRequestHandler

What's Changed

• Overhaul ntlm.py for Spec-Aligned Hash Extraction by @StrongWind1 in #23
• Docs: Add Python docstrings by @MatrixEditor in #26

New Contributors

• @StrongWind1 made their first contribution in #23

Full Changelog: v1.0.0.dev18...v1.0.0.dev19

What's Changed

• [FIX] multiple SMB server fixes in #21

Full Changelog: v1.0.0.dev17...v1.0.0.dev18

This release adds support for SMB3.xx dialects and automatically selects the highest requested dialect when negotiating a session.

Full Changelog: v1.0.0.dev16...v1.0.0.dev17

This release adds support for timestamps within the terminal log along other new features, including.

• SMBv2 server now supports the LOGOFF command
• Timestamps can be enabled with --ts in the CLI
• The default configuration paths of Dementor can be viewed with --paths in the CLI
• The currently installed version can be checked with --version
• Documentation is now up-to-date with the source code configuration options

What's Changed

• [DEV] Timestamps in terminal output by @MatrixEditor in #18

Full Changelog: v1.0.0.dev15...v1.0.0.dev16

Changes

• Missing workspace directory will be created before session begins
• Add type hints to DatabaseConfig

Full Changelog: v1.0.0.dev14...v1.0.0.dev15

This release introduces breaking changes to the database model and adds some type hints to the code base.

There are also two new CLI flags to declare a blacklist and whitelist on-the-fly:

Whitelist:

$ Dementor -I <IFACE> --target="SHARE,127.0.0.1"

Same can be done to set a blacklist with (--ignore/-i)

Changes

• Database: New tables hosts and extras as well as a refined credentials table
• Database connection configuration can be changed to use other dbms like mysql or postgres. New configuration attributes are:

  # specify custom dialect to use
  Dialect = "sqlite"
  Driver = "pysqlite"
  # either specify the complete URL or the path (relative, 
  # absolute or relative to workspace dir)
  # Url = "sqlite:///:memory:"
  Path = "Dementor.db"

• QA: added type hints to all configuration classes
• The logger now emits all log messages to the file if file logging is enabled even if --verbose is not set

Fixes

• Global filter configuration renamed from AnswerTo to Target
• Filter configuration import fixed

What's Changed

• [PATCH] Filter Rules by @MatrixEditor in #14
• [DEV] Database model revamp by @MatrixEditor in #15

Full Changelog: v1.0.0.dev13...v1.0.0.dev14

This release includes important bug fixes and logging enhancements:

• Logging credentials within a domain will be displayed as: <DOMAIN>/<USERNAME> instead of <USERNAME>/<DOMAIN>
• The logging directory can be set to an arbitrary (non-existing) path (absolute, relative to current dir or relative to workspace)
• Replaces logger.error messages with logger.fail and traceback for exceptions are now displayed in debug/verbose mode
• Invalid packets will be displayed as hexdump in debug/verbose mode
• Fixed request handling in SMB and IPP as well as UPnP to be more robust
• Specifying options in the CLI now accepts nested sections, e.g. Log.Stream.Hashes.Path
• Fixed a typo in confirmation prompt

Full Changelog: v1.0.0.dev12...v1.0.0.dev13

This release enhances the logging output by defining extra logging streams that operate separately from the central terminal and file log. For instance, a custom stream can be configured to capture all multicast DNS queries (Log.Stream.DNS) which in turn can be used as a blacklist or whitelist filter within the configuration.

Hashes can be dumped to separate files too

# simply modify the logging sections at the end of the config file
[Log.Stream.Hashes]
# dump to subdirectory in current dir
Path = "./hashes" 
# split hashes by type into separate files
Split = true

Fixed bugs:

• Fixed issues with parsing packets in (C)LDAP, SMB, MySQL , MSSQL and MSRPC
• Fixed a parsing logic error within the UPnP/SSDR module resulting in a stack trace
• Fixed a wrong default port configuration for the IMAP server

New features:

• Custom logging streams with separate files for: host IPs, multicast DNS queries (mDNS, LLMNR and NetBIOS), hashes (all types)
• Currently selected database path and configuration files will be printed when starting Dementor
• Additional safety check when starting Dementor in attack mode