processes

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 31, 2025 License: GPL-3.0 Imports: 25 Imported by: 4

README

client/command/processes

Overview

Implements the 'processes' command group for the Sliver client console. Handlers map Cobra invocations to processes workflows such as procdump, PS, pstree, and terminate.

Go Files

  • commands.go – Creates the processes command suite and binds subcommands for inspection and control.
  • procdump.go – Dumps process memory to loot for forensic analysis via RPC tasks.
  • ps.go – Lists active processes on the target with filtering options.
  • pstree.go – Renders process hierarchies as a tree view.
  • services.go – Enumerates Windows services and their states.
  • terminate.go – Terminates processes by PID with confirmation messaging.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Commands added in v1.6.0 

func Commands(con *console.SliverClient) []*cobra.Command

Commands returns the “ command and its subcommands.

func GetPIDByName 

func GetPIDByName(cmd *cobra.Command, name string, con *console.SliverClient) int

GetPIDByName - Get a PID by name from the active session

func LootProcessDump added in v1.5.13 

func LootProcessDump(dump *sliverpb.ProcessDump, lootName string, hostName string, pid int, con *console.SliverClient)

func PrintPS added in v1.5.0 

func PrintPS(os string, ps *sliverpb.Ps, interactive bool, fullInfo bool, flags *pflag.FlagSet, con *console.SliverClient)

PrintPS - Prints the process list

func PrintProcessDump added in v1.5.0 

func PrintProcessDump(dump *sliverpb.ProcessDump, saveTo string, hostname string, pid int, con *console.SliverClient)

PrintProcessDump - Handle the results of a process dump

func PrintServiceDetail added in v1.6.0 

func PrintServiceDetail(serviceDetail *sliverpb.ServiceDetail, con *console.SliverClient)

func PrintServices added in v1.6.0 

func PrintServices(serviceInfo *sliverpb.Services, con *console.SliverClient)

func PrintTerminate added in v1.5.0 

func PrintTerminate(terminated *sliverpb.Terminate, con *console.SliverClient)

PrintTerminate - Print the results of the terminate command

func ProcdumpCmd 

func ProcdumpCmd(cmd *cobra.Command, con *console.SliverClient, args []string)

ProcdumpCmd - Dump the memory of a remote process

func PsCmd 

func PsCmd(cmd *cobra.Command, con *console.SliverClient, args []string)

PsCmd - List processes on the remote system

func ServiceInfoCmd added in v1.6.0 

func ServiceInfoCmd(cmd *cobra.Command, con *console.SliverClient, args []string)

func ServiceStartCmd added in v1.6.0 

func ServiceStartCmd(cmd *cobra.Command, con *console.SliverClient, args []string)

func ServiceStopCmd added in v1.6.0 

func ServiceStopCmd(cmd *cobra.Command, con *console.SliverClient, args []string)

func ServicesCmd added in v1.6.0 

func ServicesCmd(cmd *cobra.Command, con *console.SliverClient, args []string)

func SortProcessesByPID added in v1.5.31 

func SortProcessesByPID(ps []*commonpb.Process) []*commonpb.Process

SortProcessesByPID - Sorts a list of processes by PID

func TerminateCmd 

func TerminateCmd(cmd *cobra.Command, con *console.SliverClient, args []string)

TerminateCmd - Terminate a process on the remote system

Types

type PsTree added in v1.5.31 

type PsTree struct {
	// contains filtered or unexported fields
}

A PsTree is a tree of *commonpb.Process

func NewPsTree added in v1.5.31 

func NewPsTree(pid int32) *PsTree

NewPsTree creates a new PsTree

func (*PsTree) AddProcess added in v1.5.31 

func (t *PsTree) AddProcess(proc *commonpb.Process)

func (*PsTree) Print added in v1.5.31 

func (t *PsTree) Print() string

func (*PsTree) String added in v1.5.31 

func (t *PsTree) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.