Home

Welcome!

Here you can find all information about all editions of Octopwn:

• Getting started with Octopwn
• How to install Octopwn
• Overview of clients
• Overview of scanners
• Overview of utilities
• Overview of attacks
• Overview of credentials
• Overview of servers
• Overview of targets

If you need further help, please write us here or use the support channel on our Discord.

Current Octopwn version: v3.0 (20-November 2025)
Current open beta: none

Release notes for v3.0:

Scan Engine & Plugin Improvements
- Added new scanners: NTLM Reflection scanner, NTLMv1 scanner, Local Resolver, improved Relay engine, and improved Spoofer.
- Enhanced MSSQLPipeScanner and MSSQLPipeExecutor with improved credential handling, target configuration, and login state reporting.
- Improved error handling across all scanner modules, especially for MSSQL
- Made minidump/registry/NTDS parsing much easier and taking up way less memory
- Credential editor view added

• Made krbetypes optional in scannerbase for broader scanner compatibility.
• Introduced batch credential loading via do_streamcreds to efficiently process large credential sets.
• Improved path validation, normalization, and sanitization in multiple scanning and file-handling functions. This step made sure all files end up in the work directory and not in some random place on the disk
• Updated logging behavior to hide low-value commands and reduce noise.

New servers: (serving work directory files)
- HTTP file server
- Webdav file server

Relay attack module:
- Relay to SMB
- Relay to LDAP
- NTLM reflection relay to SMB (automatically connects back to the client's IP address to start the attack)
- Improved coercer attack, added option to stop at first successful step. This means after the DNS query via LDAP has been created for the reflection attack, coercer and NTLM reflection relay can create a shell-cascade of successful attacks.

Scan Result Viewer & History
- Added unified scan result viewer for consistent display across all scanner modules.
- Added a new session history tab showing past scans and results over time.
- Improved handling of scan result metadata from SQL storage.
- Improved stability and rendering of large result sets.

Credential & Secret Management
- Introduced a full Credential Editor feature for inspecting and modifying stored credentials.
- Added support for credential status reporting and new credential-related messages.
- Implemented new Secrets Editor feature with worker-backed processing.
- Added password cracking reporting, including parsing and structured display of cracked entries.
- Integrated NTDS, minidump (LSASS), and registry parsing tools directly into the UI sidebar.

SMB, LDAP, and File Browsing
- Added SMB file previewing using Monaco editor.
- Added right-click context menu for file viewing.
- Added warning and handling for large file previews.
- Introduced worker-based LDAP object browsing for better performance on large directories.
- Improved file download/upload handling and backend integration.

AutoPwn & Attack Workflow Improvements
- Added new BloodHound attack options.
- Added ability to create non-admin sessions from AutoPwn (default is off).
- Improved scanner information display to include credential state and enhanced metadata.

Core Backend & Architecture
- Migrated entire data storage layer from in-memory JSON structures to a fully SQL-backed system.
- Significantly improved scalability, persistence, stability, and performance for large scan datasets.
- Refactored core modules to support SQL-powered result retrieval,history tracking, and metadata storage.
- Added new storage methods for counting, streaming, filtering, and searching scan results.
- Unified JSON serialization and history entry structure with support for result counts and richer metadata.

Web Server & Worker Architecture
- Improved request handling, error recovery, and response streaming across the framework.

Enterprise version:
- Completely refactored internal web server to an asynchronous architecture insted of multiprocessing.
- Moved the entire OctoPwn core engine into a dedicated WebWorker for improved responsiveness and isolation.

PRO version:
- Moved the entire OctoPwn core engine into a dedicated WebWorker for improved responsiveness and isolation.

Terminal, Sessions, and Performance
- Refactored terminal and console engine to drastically reduce memory usage
- Improved session restore logic with more reliable state handling and lower memory footprint.
- Better command lifecycle handling and reduced overhead during interactive sessions.

Enterprise version:
- Added new terminal utility, so you don't need to rely on SSH.

Frontend (Webpack) & UI Enhancements
- Multiple Pyodide wheel updates for compatibility, stability, and performance.
- Migrated PRO version from browserfs to Pyodide FS for faster, more reliable storage.
- Refactored communication manager for more efficient message flow.
- Introduced worker-based processing for LDAP and secret management paths.
- Refactored initialization flow for cleaner startup and more stable communication.
- Removed redundant logging to improve front-end performance.
- Improved window layout, tab styling, and scanner action button UI.
- Added global project name dialog.
- Added option to hide new session windows on lunch.

Quality-of-Life Fixes & Stability
- Dozens of relay engine fixes and reliability improvements.
- Cleaned up error handling, logging clarity, and crash resilience across both core and UI.
- Improved message handling in the OctoPwn interface.
- Fixed memory issues in terminal and session subsystems.

Release notes for v2.14:

New Octopwn Enterprise is in open beta:
- Runs as a binary
- Fully programmable pentesting (Autopwn) available. See more details here:
- Added full Hashcat integration for automatic credential pwning
- Added LLM integration (local and cloud) for automatic credential parsing for Autopwn
- Much faster operation due to access to all system resources
- Builds are available for all major platforms (Linux, MacOS and Windows)

Octopwn improvements:
Automated scanning:
- All scanners can be started easily with the new Automated Scanner.

New scanners are added:
- added ftp anonymous scanner
- added smb sppoler scanner
- added smb webdav scanner

New attacks are added:
- added ESC1/ESC4 attack
- added shadowcredentials attack
- added RBCD attack
- added constraineddelegation attack

Graph view utility added:
- Added 'Graph' view to represent the internal state of the octopwn application.
- Domain attacks graph representation created, this allows exploiting certain edge types from the UI.

LLM integration (in Beta):
- added LLM ask to all sessions, so you can directly ask the LLM eg. to fetch relevant parts of the documentation or explain certain features and commands
- added LLM run to all sessions, so you can prompt the LLM to perform any activity available in Octopwn

Improved reporting:
- Reporting can now add scanner results to the report

Scanner improvements:
- improved (unified) scanner outputs
- scanners store results not in separate files but in their result parameter
- mssql pipe scanner now verifies if the pipe is accessible to the user

Improved plugin system:
- Easier to add your own plugins to Octopwn and use them in Autopwn

Proxy improvements:
- the GOlang proxy binary, now supports interfacing with processes, filesystem operations and has a tailscale server and client version as well
- .net and python proxies processes/filesystem capabilities are enhanced
- .net proxy now has RDP/SMB pipe agent capabilities as well as websocket client version (connect back)

Misc:
- normalized session parameter handling (now all sessions regardless of type can store arbitrary metadata)
- more LDAP commands (like certify, trusts etc.) now automatically add targets when successful
- more SMB commands now automatically add targets when successful
- added 'source' attributes to each object to allow visually (and programmatically) track how each target/proxy/credential/session/scanner was created and from which other session
- multiple bug fixes

Improved UI:
- Enhanced UI functionality and the startup screen
- Refactored community license handling in the OctoPwn application
- Enabled all clients to be created driectly from the ui, including mssql over named pipes
- SMB pipe scanner now allows one-click client creation on the results
- All tools are ordered alphabetically now

Release notes for v2.1:

New scanners:
- SSHLOGIN: Checks if user can login
- MSSQLLOGIN: Checks if user can login
- FTPLOGIN: Checks if user can login
- MSSQLFINGER: Gets basic NTLM information
- MSSQLPIPE: It's actually an SMB scanner that checks if servers expose MSSQL pipes
- MSSQLQUERY: Performs MSSQL query on multiple targets
- HTTPHEADER: Fetches HTTP(S) headers from targets

New clients:
- MSSQL
- FTP

Added new snaffler utility:
- besides the core snaffler feature this module can use LLMs via ollama to automatically parse and create new credentials found during a snaffling run

Added Octopwn core callbacks: - target creation callback
- credential creation callback
- port creation callbacks
- session creation callbacks
These callbacks can be used to automate octopwn via already existing or user-defined modules.

Added autoscan utility:
- automatically use built-in (or custom) scanner modules against newlty created targets and/or newly discovered ports which match the pre-set triggerport of any scanner.

Target ports are now merged when an existing target is added with ports which have not seen before

Improved remote control modules

Changing session file password now automatically performs a save immediately to actualize the password change on disk.

Improved plugin system:
- The plugin system received some improvements, and we're providing "header" files for octopwn which can be used in vscode/visual studio to help plugin developement.

Bug fixes:
- UI bug fixed: the starter modal's start button could be pressed mutiple times which caused multiple octopwn instances to start in paralel. Now it's been fixed.

Pyodide upgrade:
- We moved from Pyodide version 0.24 to 0.27. This change means considerable speed improrovements and fixes many stability issues.

Release notes for v2.0:

Documentation Improvements

• Comprehensive updates for better clarity and usability.

First attacks are implemented

• New attack plugins include IPMI, Kerberoast, Timeroast, DPAPI, and more.

New Scanners Added

• SMB Signing Check

• SMB Share Enumeration with Write-Test

• PMI Scanners

• NFS File Scanner

Target Enhancements

• Port/Protocol Pairs: Targets now store port and protocol information.

• Flexible import: Load targets from Nmap, Nessus, Masscan, or plaintext files, including port details.

• Prefix Support: Add prefixes when loading targets from list files.

• Group Assignments: Assign targets to groups during import and creation.

• One-Click Remote Name Resolution: Simplify single-target creation with remote name resolution.

Scanner Target Specification

• Add group and port-based target filtering for more precise scanning.

Reworked Product Core

• Faster Session Reloads: Experience significantly reduced loading times.

• Improved Scan Parameters: Enhanced descriptions for better clarity.

• Overall Performance Boost: Enjoy a much faster and more responsive product.

Integrated Python Code Execution

• Run Python scripts directly from a VSCode-like editor in your browser.

• Automate various aspects of Octopwn seamlessly.

Switch protocols directly within the scanners

• Create client sessions using different protocols than the scanners themselves.

UI Improvements

• Improved and more consistent UI screens

Improved Creator Logic

• Client/Target/Credential/Proxy Creators: Complete in-place configuration without the need to close and reopen them.

Proxy Improvements

• Protocol Support: Python, .NET, and Golang proxies now support UDP.

• Authentication Proxy: Available in the Golang version.

• Tailscale Integration: Golang proxies can act as nodes on your Tailscale VPN.

• Name Resolution: All proxies support name resolution without predefined DNS assignments.

Neo4j Integration

• Optional utility for Bloodhound database integration.

Session File Enhancements

• JSON Serialization: Faster saving and loading times compared to TOML.

• Important: Older session files are no longer supported. If you have data in older formats, please use the previous version of the session viewer available on [GitHub].

• Scan History: Now stored in session files for easy access.

Enhanced User Profile

• Displays up-to-date information on the current release.

• Enables direct proxy code downloads.

QR Code Login for live.octopwn.com

• Seamlessly log in without entering credentials on the machine running Octopwn.

Release notes for v1.1:

DNS client
- can resolve already stored targets (both IP and hostname)
- can resolve addresses from files
- some fixes on the underlying client

NFS3 client improvements
- file browsing and downloads/deletion etc. is now supported from the file browser window
- some fixes applied to the client code itself

[NEW] NFS3 file scanner
- same as SMB file scanner, but on NFS3

[NEW] HTTP client (beta)
- can render single pages via the proxy
- can perform GET and POST queries

[NEW] NEO4J client (beta)
- attach to neo4j database
- store octopwn data as nodes (targets,credentials, proxies) and edges (sessions)
- can interpret existing bloodhound data
- perform bloodhound queries
- extend existing bloodhound data with octopwn data, and perform combined queries

[NEW] Python IDE (beta)
- uses Monaco IDE, same as VSCode
- can run python scripts from the browser (pyodide limitations apply)
- can automate octopwn
- has languageserver support for python

[NEW] Octopwn API interface via languageserver
- supports the new IDE
- must be run separately
- available on our github

Bug fixes
- image editor (beta) fixed
- share enumerator statistics fixed

User Interface improvements
- you can close windows now. Finally :)
- window title text improvement
- scanner mandatory parameters indicated
- frontend-only utilities can be launched from the utils menu

Release notes for v1.0:

GUI Enhancements:
- File Integration: Load targets directly from files, enhancing ease of use.
- Improved Navigation: Enjoy paginated target views.
- Batch Processing: Targets are now sent in batches from the Python core.
- Enhanced Interaction: Copy IP and hostname details individually from the targets table.
- Credential Management: Merge hashes and create new plaintext credentials via file upload.
- Error Handling: Clear notifications for missing parameters, avoiding unnecessary exceptions.
- Session Setup: Enhanced display of selected targets and credentials in the client creation modal.
- Demo Lab Access: Triggered exclusively via wsnet URL during setup.

Client Improvements:
LDAP & SMB Enhancements:
- LDAP target enumeration is now faster with batch processing.
- SMB notifications for session status are more reliable.
- Cross-forest dcsyncing is possible with extended target specification options in SMB dcsync.
- New regdump2 command in SMB for safer registry secrets dumping.
- Beta feature for DPAPI secrets dumping and parsing in SMB, enhancing data security.

Scanner Enhancements:
- User Experience: Direct file downloads from the SMBFILE scanner results.
- LDAPSIG Scanner: Fixed display issues in results table.

Utility Tools Updates:
- pypykatz’s 'ofscan' Tool: Enhanced decryption capability with updated regex and 'latin-1' encoding.

Core System Updates:
- Session Management: Improved file versioning and accurate storage of target port and group details.