C² 3.4.0 has been released!
Tons of improvements and some new features that have been long awaited; 2FA, user account invite links, built in application firewall and many performance improvements and bug fixes!
https://downloads.hak5.org/cloudc2
If you have a server already running no need to download from the above link as always it will come through via OTA.
New features are self explanatory however docs will be brought up to speed ASAP.
Thanks for the feedback as always ❤️
Enjoy!
Changelog
General
Added support and binaries for Apple Silicon devices.
Adjusted update and license check-in intervals.
Fixed a bug causing device online/sync/offline status to flip erratically.
Addressed a rare race condition resulting in server hang.
Drastically improved server DB performance across multiple areas.
Removed static title from root index to eliminate identifiable information if server is scanned.
Adjusted max picture upload size for sites/users/devices to ensure optimal server performance.
Improved state syncing in the UI when navigating between components.
Improved notification serving to prevent flooding users with a large number of notifications after extended periods of inactivity.
Corrected a typo in audit logs when renaming a site.
Added audit logging for user editing device actions.
Added or adjusted various debug logging functionalities.
Optimized default site/user/device pictures.
Command Line
Added a banner to the first start output.
Included a -nobanner flag to omit the banner on first start.
Implemented hostname checks for local/private IP ranges.
Added output for current configuration.
Detection of configuration changes now notifies the user.
Server setup now generates a direct link to open the Setup page with a prepopulated token.
Settings
Added server configuration info.
Added a loading spinner to log modals.
Reorganized settings for improved accessibility.
Application Firewall
Added the ability to configure allow/deny rules for device/UI access using regex.
Included a configurable "autoban" option for failed login attempts.
Added firewall reset and -allowip commands to command line arguments for recovery purposes.
User Accounts
Added support for direct user invite links.
Implemented support for 2FA.
Added a configuration option to force 2FA enrollment.
Provided the ability to force password reset upon the next login.
Deleted users are now forcibly and instantly disconnected.
Added an option to disable login for a user.
Login Page
Dynamically generated login prompt to enhance obscurity against scanners.
Polished UX by replacing the background.
Dashboard
Added device last seen to the dashboard for a more real-time view of device check-ins.
Fixed dashboard sorting issues.
Fixed the dark mode banner.
Fixed notifications theme.
Corrected the display of offline device rows appearing as "half online."
Overview
Added last seen and time online to the Uptime card.
Pineapple Recon Module
Improved stats, pagination, sorting, filtering, scope, and live data update experience.
Enhanced the cartography view with onclick filtering and camera travel.
Orientation of nodes loosely generated based on signal strength in the cartography view.
Pineapple Probes Module
Fixed "Total Probes" and "Most probed SSID" stats.
Added pagination, sorting, and filtering.
Included confirmation dialogue for clearing probes.
Enabled clicking on top probed SSIDs/MACs for filtering.
Improved page loading performance and database efficiency for high-traffic devices.
Pineapple PineAP Module
Added confirmation dialogs for removing SSID from the pool and clearing SSID pool.
Introduced deduplication when adding SSID to the pool.
Included an "Enable Karma" option for a less fragmented experience (duplicate of Clients module).
Fixed toggles flickering on load.
Terminal Module
Fixed UI component flickering on load.
Addressed a regression loading context.
Resolved a bug causing desync on recon status in C2 due to stopping tunneling services on a pineapple with recon running.
Clients Module
Improved page loading performance.
Fixed an issue where table columns weren't device-specific.
Added confirmation dialogs for "Forget" and "Disconnect" client buttons.
Renamed "Allow Associations" to "Enable Karma" for clarity.
Crab
Fixed the issue where the server failed to ingest images properly, resulting in missing loot and error notifications.
Improved page loading performance.
Made minor UI adjustments to the Configuration module.
Loot Module
Fixed the "Learn more" link.
Added titles when viewing or deleting loot.
Rearranged the position of delete all, export, and filter fields.
Automatically sorted by upload date and displayed size in a readable format.
Enhanced the Export dialog and displayed file names in delete dialog.
Croc
Fixed rendering issues in keystroke history that removed leading/trailing spaces (underlying data unaffected, correct keylogs displayed in downloads).