Releases: mbrg/power-pwn
v6.0.0
Release notes (high-level):
General
improved out of the box install and run
improved dependencies installation and on the go guidance + readmes
adaptation to platform changes (cps,PP) + bug fixes
improved & clearer help menu and examples commands
improved results indications for multiple modules (colors, files)
improved cross-OS support
added dependency-handling auto-install files for missing installation errors
automated tools recon on some of the modules for better usability
Improved CPS module:
prefixes updates
word lists updates
improved prefix
updated docs and initial usage clearing
improved tools recon prompt (working again and hopefully better)
env id deep scan
open chat test doesn't run pup on api 401/404 responses unnecessarily (the bots only exists, we know they aren't open)
rotating proxies
get-tenant feature
added template names
retry mechanism when demo website is being tested for robustness
check live bots directly feature
New agentic recon modules
agent builder hunter (scanning and probing)
custom gpt hunter (scan for gpts and tools)
tenant-mcp-recon - ppwn guest recon for shared mcp connectors to discover MCP server tenant works with
llm hound (scanning and probing): mcps & llm wrappers and proxies (AI integration surfaces)
Notes
full docs and wikis tbd
additional updates and possible fixes tbd later on
Full Changelog: v5.0.0...v6.0.0
v5.0.0
What's Changed
- Upgrade to latest Python version
- Deprecate browserpy package by @lanasalameh1 in #124
- Update readme.md by @AvishaiEZen in #125
Full Changelog: v4.0.1...v5.0.0
Contributors
Assets 4
v4.0.1
What's Changed
- i74/task - Several changes related to installation fixes and instructions by @AvishaiEZen in #86
- knowledge extraction from open copilot by @zen-ayush in #88
- Create Dockerfile to allow containerized running of powerpwn by @shanko07 in #87
- fix copilot 365 EP and parsing by @lanasalameh1 in #94
- support declarative agents by @lanasalameh1 in #95
- added pupeteer script by @zen-ayush in #96
- Feature - Created tools-recon module and additional related updates by @AvishaiEZen in #121
New Contributors
- @zen-ayush made their first contribution in #88
Full Changelog: v3.0.1...v4.0.1
Contributors
Assets 4
v3.0.1
v3.0.0
Major release with Copilot and Copilot studio modules.
Red teaming tools for Copilot M365:
- Whoami : Current user's info including name, organizational hierarchy, top collaborators, documents and sharepoint sites access, emails, Teams messages, etc.
- Data dump: Data dump from whoami recon including document, emails and sharepoints sites data dump.
- Spearphishing: Automated spearphishing. Discover latest conversations and craft highly personalized phishing emails.
- Chat: Chat with Copilot through the Terminal.
- Chat automator: Automate chat process with Copilot to further implement automate processes logic.
- Deep scan: Conducts deep scanning to find open Copilot Studio bots based on domains or tenant IDs.
- Enum: Utilizes open-source intelligence to compile lists of environment and tenant IDs to be used by the other Copilot Studio scanning sub-modules.
v2.1.5
What's Changed
- some modifications by @lanasalameh1 in #26
- add resource type filter per env by @lanasalameh1 in #27
- fix dependency issues by @mbrg in #28
Full Changelog: v2.1.4...v2.1.5
Contributors
Assets 4
v2.1.4
Fix authentication debug log exception