Veil 3.0 Release

Veil 3.0 is the largest single update in the framework's history. Driven by Python 2's end-of-life and years of accumulated technical debt, the 3.0 cycle involved a ground-up rearchitecture of the core framework while maintaining compatibility with existing workflows and module conventions.

Why 3.0

The decision to pursue a major version was not taken lightly. Major versions mean breaking changes, migration effort, and the risk of introducing new bugs across a broad surface. But several factors made it necessary:

Python 2 end-of-life. Python 2 reached end-of-life in January 2020. Continuing to build on a language version with no security patches was untenable for a security tool. The 3.0 migration to Python 3 was a prerequisite for continued maintenance.

Technical debt. The codebase had accumulated significant technical debt over multiple release cycles. Module interfaces had grown inconsistent, error handling was uneven, and the dependency tree included deprecated libraries. A clean-up pass at this scale required a major version boundary.

Modernization opportunity. The Python 3 migration provided an opportunity to redesign the module loading system, update the CLI interface, and improve the internal API for module developers — changes that would have been too disruptive within the 2.x line.

What Changed

Python 3 Migration

The entire codebase was ported to Python 3. This affected:

• String handling (Python 3's unicode-by-default model)
• Print function syntax
• Library imports and dependency management
• Exception handling patterns
• File I/O operations

Redesigned Module System

The module loading and selection system was rebuilt:

• Cleaner interface for module developers to register new payload types
• Consistent configuration schema across all modules
• Improved validation of module outputs
• Better error reporting when modules fail

Modernized CLI

The command-line interface received a significant overhaul:

• Consistent flag naming across all operations
• Improved help text and usage examples
• Better integration between interactive and scripted modes
• Tab completion support in interactive mode

Dependency Updates

• Removed deprecated libraries
• Updated all dependencies to current, maintained versions
• Reduced the total dependency count by consolidating overlapping libraries
• Improved installation experience with clearer dependency resolution

Migration Guide

Teams upgrading from 2.x to 3.0:

1. Back up your environment — Snapshot your testing systems before upgrading
2. Verify Python 3 — Ensure Python 3.6 or later is available on your attack host
3. Install fresh — A clean installation is recommended over an in-place upgrade
4. Re-create configurations — Some 2.x configuration files are not directly compatible
5. Test thoroughly — Generate your standard test suite and verify results
6. Update automation — Any scripts that invoke the framework may need flag updates

Detection Impact

The 3.0 release may produce payloads with slightly different characteristics than 2.x versions. Defensive teams should:

• Re-run detection tests with 3.0-generated payloads
• Compare detection rates between 2.x and 3.0 outputs
• Update signatures if needed based on changes in payload structure
• Verify that behavioral detection (which is less sensitive to structural changes) still fires

Related

• Version 2.2.0 Release — Previous version
• V-Day Release Overview — Release cycle context
• Changelog — Complete release history
• Framework Overview — Architecture documentation