callback

package
v0.0.0-...-20f8cf1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 26, 2026 License: GPL-3.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func OpenDB 

func OpenDB(path string) (*sql.DB, error)

OpenDB opens (or creates) the SQLite database at path and runs migrations.

Types

type CallbackConfig 

type CallbackConfig struct {
	Domain     string `json:"domain"`
	ResponseIP string `json:"responseIp"`
}

CallbackConfig holds callback server configuration.

type DNSServer 

type DNSServer struct {
	// contains filtered or unexported fields
}

DNSServer listens for DNS queries and records interactions for matching tokens.

func NewDNSServer 

func NewDNSServer(store *Store, broadcast chan<- any, bindAddr string, port int) *DNSServer

NewDNSServer creates a DNS callback server.

func (*DNSServer) Start 

func (d *DNSServer) Start(ctx context.Context) error

Start begins listening on UDP and TCP. It blocks until ctx is cancelled.

type FTPServer 

type FTPServer struct {
	// contains filtered or unexported fields
}

FTPServer listens for FTP connections and records them as callback interactions. It is a capture-only server — it never opens a data channel, completes a transfer, or authenticates a user. The correlation token is expected in the USER argument or a path argument (e.g. CWD/RETR), which are captured before any data transfer would occur.

func NewFTPServer 

func NewFTPServer(store *Store, broadcast chan<- any, bindAddr string,
	plainPort, tlsPort int, tlsCfg *tls.Config) *FTPServer

NewFTPServer creates an FTP capture server. plainPort=0 disables the plain listener; tlsPort=0 disables the implicit-TLS (FTPS) listener. tlsCfg must be non-nil if tlsPort>0.

func (*FTPServer) Start 

func (s *FTPServer) Start(ctx context.Context) error

Start opens the configured listeners and accepts connections until ctx is cancelled.

type HTTPServer 

type HTTPServer struct {
	// contains filtered or unexported fields
}

HTTPServer listens for HTTP requests and records interactions for matching tokens.

func NewHTTPServer 

func NewHTTPServer(store *Store, xssStore *xsshunter.Store, broadcast chan<- any, bindAddr string, port int) *HTTPServer

NewHTTPServer creates an HTTP callback server.

func (*HTTPServer) Start 

func (h *HTTPServer) Start(ctx context.Context) error

Start begins listening. It blocks until ctx is cancelled.

func (*HTTPServer) WithTLS 

func (h *HTTPServer) WithTLS(tlsCfg *tls.Config, port int)

WithTLS configures a parallel HTTPS listener on the given port.

type Interaction 

type Interaction struct {
	ID         string    `json:"id"`
	TokenID    string    `json:"tokenId"`
	Token      string    `json:"token"`
	Type       string    `json:"type"`
	SourceIP   string    `json:"sourceIp"`
	Timestamp  time.Time `json:"timestamp"`
	QueryName  string    `json:"queryName,omitempty"`
	QueryType  string    `json:"queryType,omitempty"`
	Method     string    `json:"method,omitempty"`
	Path       string    `json:"path,omitempty"`
	Headers    string    `json:"headers,omitempty"`
	Body       string    `json:"body,omitempty"`
	RawRequest string    `json:"rawRequest,omitempty"`
	Source     string    `json:"source,omitempty"`
}

Interaction represents a recorded callback interaction (DNS or HTTP).

type LDAPServer 

type LDAPServer struct {
	// contains filtered or unexported fields
}

LDAPServer listens for LDAP connections and records them as callback interactions. It is a capture-only server that parses just enough BER to extract the bind DN / search baseObject (where JNDI/Log4Shell payloads place data) and replies with canned success responses so the client completes.

func NewLDAPServer 

func NewLDAPServer(store *Store, broadcast chan<- any, bindAddr string,
	plainPort, tlsPort int, tlsCfg *tls.Config) *LDAPServer

NewLDAPServer creates an LDAP capture server. plainPort=0 disables the plain listener; tlsPort=0 disables the implicit-TLS (LDAPS) listener. tlsCfg must be non-nil if tlsPort>0.

func (*LDAPServer) Start 

func (s *LDAPServer) Start(ctx context.Context) error

Start opens the configured listeners and accepts connections until ctx is cancelled.

type SMTPServer 

type SMTPServer struct {
	// contains filtered or unexported fields
}

SMTPServer listens for SMTP connections and records inbound mail as callback interactions. It is a capture-only server — no relay, no AUTH.

func NewSMTPServer 

func NewSMTPServer(store *Store, broadcast chan<- any, bindAddr string,
	plainPort, tlsPort int, tlsCfg *tls.Config) *SMTPServer

NewSMTPServer creates an SMTP capture server. plainPort=0 disables the plain listener; tlsPort=0 disables the implicit-TLS (SMTPS) listener. tlsCfg=nil disables STARTTLS on the plain listener.

func (*SMTPServer) Start 

func (s *SMTPServer) Start(ctx context.Context) error

Start opens the configured listeners and accepts connections until ctx is cancelled.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store provides CRUD operations for tokens and interactions.

func NewStore 

func NewStore(db *sql.DB) *Store

NewStore creates a new Store.

func (*Store) ClearInteractions 

func (s *Store) ClearInteractions(tokenID string) error

ClearInteractions deletes interactions, optionally filtered by token ID.

func (*Store) CreateToken 

func (s *Store) CreateToken(id, note, hex string) (*Token, error)

CreateToken inserts a new token.

func (*Store) DeleteToken 

func (s *Store) DeleteToken(id string) error

DeleteToken deletes a token and cascades to interactions.

func (*Store) FindTokenByHex 

func (s *Store) FindTokenByHex(hex string) (*Token, error)

FindTokenByHex looks up a token by its hex string.

func (*Store) GetConfig 

func (s *Store) GetConfig() (*CallbackConfig, error)

GetConfig returns the callback configuration.

func (*Store) GetConfigValue 

func (s *Store) GetConfigValue(key string) (string, error)

GetConfigValue returns a single config value by key.

func (*Store) ListInteractions 

func (s *Store) ListInteractions(tokenID string, offset, limit int) ([]Interaction, int, error)

ListInteractions returns interactions, optionally filtered by token ID.

func (*Store) ListTokens 

func (s *Store) ListTokens() ([]Token, error)

ListTokens returns all tokens with their hit counts.

func (*Store) RecordInteraction 

func (s *Store) RecordInteraction(i *Interaction) error

RecordInteraction inserts a new interaction.

func (*Store) SetConfig 

func (s *Store) SetConfig(cfg *CallbackConfig) error

SetConfig saves the callback configuration.

func (*Store) SetConfigValue 

func (s *Store) SetConfigValue(key, value string) error

SetConfigValue sets a single config value by key.

type Token 

type Token struct {
	ID        string    `json:"id"`
	Note      string    `json:"note"`
	Token     string    `json:"token"`
	CreatedAt time.Time `json:"createdAt"`
	HitCount  int       `json:"hitCount"`
}

Token represents a callback token.

func Correlate 

func Correlate(store *Store, hostname, domain string) (*Token, error)

Correlate extracts the token hex from a subdomain and looks it up. For example, given "abc123def456.cb.example.com" with domain "cb.example.com", it extracts "abc123def456" and looks up the token.

func CorrelateAny 

func CorrelateAny(store *Store, candidates ...string) (*Token, error)

CorrelateAny scans arbitrary captured strings for hex runs that may be a callback token. For each [0-9a-fA-F]{16,} run it takes the first 16 chars and tries FindTokenByHex; the first match wins. Candidates are scanned in the order given (and left-to-right within each), so callers should pass the most specific fields (a DN, a username, a path) first and fall back to a full transcript or hex dump last.

This correlates protocols whose payload embeds the token (e.g. an LDAP base DN, an FTP path or username). It cannot correlate a connection whose token appears only in the hostname used to reach this listener — but that hostname was resolved via DNS, so the existing DNS listener records that interaction under the "dns" type. This matches interactsh's behavior.

func CorrelateSMTP 

func CorrelateSMTP(store *Store, rcpt, callbackDomain string) (*Token, error)

CorrelateSMTP extracts a token from an SMTP recipient address. It first tries the local-part (token@anything), then falls back to subdomain-style correlation on the domain part (anything@token.callback-domain).

func GenerateToken 

func GenerateToken(store *Store, name string) (*Token, error)

GenerateToken creates a new token with a random 16-char hex identifier.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.