core

package
v1.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2026 License: GPL-3.0 Imports: 21 Imported by: 27

README

client/core

Overview

Maintains client application state, background workers, and RPC coordination. Orchestrates session tracking, event streams, and health checks. Core logic addresses BOF, curses, portfwd, and reactions within the core package.

Go Files

  • bof.go – Defines Beacon Object File argument buffers and helpers for executing BOF modules.
  • curses.go – Manages cursed browser sessions, caching processes and coordinating lifecycle events.
  • portfwd.go – Tracks active port forwards and exposes shared state for command packages.
  • reactions.go – Stores reaction definitions and evaluates triggers when new events arrive.
  • socks.go – Maintains SOCKS proxy metadata and orchestrates background goroutines.
  • tunnel.go – Represents individual tunnels and their configuration details.
  • tunnel_io.go – Implements IO handling and relay loops for tunnel data streams.
  • tunnels.go – Coordinates tunnel creation, lookup, and teardown across the client.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Reactions - Manages/tracks reactions
	Reactions = &reactions{
		reactionMap: map[string][]Reaction{},
		mutex:       &sync.RWMutex{},
	}

	// ReactableEvents - A list of reactionable events
	ReactableEvents = []string{
		consts.SessionOpenedEvent,
		consts.SessionUpdateEvent,
		consts.SessionClosedEvent,
		consts.BeaconRegisteredEvent,
		consts.CanaryEvent,
		consts.WatchtowerEvent,
		consts.LootAddedEvent,
		consts.LootRemovedEvent,
	}
)
View Source 
var (
	// SocksProxies - Struct instance that holds all the portfwds
	SocksProxies = socksProxy{
					// contains filtered or unexported fields
	}
	SocksConnPool = sync.Map{}
	SocksProxyID  = (uint64)(0)
)
View Source 
var (
	// SessionID -> CursedProcess
	CursedProcesses = &sync.Map{}
)
View Source 
var (
	// Portfwds - Struct instance that holds all the portfwds
	Portfwds = portfwds{
		// contains filtered or unexported fields
	}
)

Functions

func CloseCursedProcesses added in v1.5.25 

func CloseCursedProcesses(sessionID string)

func CloseCursedProcessesByBindPort added in v1.5.25 

func CloseCursedProcessesByBindPort(sessionID string, bindPort int)

func GetTunnels added in v1.5.14 

func GetTunnels() *tunnels

GetTunnels - singleton function that returns or initializes all tunnels

func TunnelLoop 

func TunnelLoop(rpc rpcpb.SliverRPCClient) error

TunnelLoop - Parses incoming tunnel messages and distributes them 

             to session/tunnel objects
				Expected to be called only once during initialization

Types

type BOFArgsBuffer added in v1.5.0 

type BOFArgsBuffer struct {
	Buffer *bytes.Buffer
}

func (*BOFArgsBuffer) AddData added in v1.5.0 

func (b *BOFArgsBuffer) AddData(d []byte) error

func (*BOFArgsBuffer) AddInt added in v1.5.0 

func (b *BOFArgsBuffer) AddInt(d uint32) error

func (*BOFArgsBuffer) AddShort added in v1.5.0 

func (b *BOFArgsBuffer) AddShort(d uint16) error

func (*BOFArgsBuffer) AddString added in v1.5.0 

func (b *BOFArgsBuffer) AddString(d string) error

func (*BOFArgsBuffer) AddWString added in v1.5.0 

func (b *BOFArgsBuffer) AddWString(d string) error

func (*BOFArgsBuffer) GetBuffer added in v1.5.0 

func (b *BOFArgsBuffer) GetBuffer() ([]byte, error)

type ChannelProxy added in v1.4.12 

type ChannelProxy struct {
	Rpc     rpcpb.SliverRPCClient
	Session *clientpb.Session

	BindAddr        string
	RemoteAddr      string
	KeepAlivePeriod time.Duration
	DialTimeout     time.Duration
}

ChannelProxy binds the Sliver Tunnel to a net.Conn object one ChannelProxy per port bind.

Implements the Target interface from tcpproxy pkg

func (*ChannelProxy) HandleConn added in v1.4.12 

func (p *ChannelProxy) HandleConn(conn net.Conn)

HandleConn - Handle a TCP connection

func (*ChannelProxy) Host added in v1.4.12 

func (p *ChannelProxy) Host() string

Host - Returns the host (i.e., interface) of the TCP proxy

func (*ChannelProxy) HostPort added in v1.4.12 

func (p *ChannelProxy) HostPort() (string, uint32)

HostPort - Returns the host and port of the TCP proxy

func (*ChannelProxy) Port added in v1.4.12 

func (p *ChannelProxy) Port() uint32

Port - Returns the TCP port of the proxy

type CursedProcess added in v1.5.25 

type CursedProcess struct {
	SessionID         string
	PID               uint32
	BindTCPPort       int
	PortFwd           *Portfwd
	Platform          string
	ExePath           string
	ChromeUserDataDir string
}

func CursedProcessBySessionID added in v1.5.25 

func CursedProcessBySessionID(sessionID string) []*CursedProcess

func (*CursedProcess) DebugURL added in v1.5.25 

func (c *CursedProcess) DebugURL() *url.URL

type Portfwd added in v1.4.12 

type Portfwd struct {
	ID           int
	TCPProxy     *tcpproxy.Proxy
	ChannelProxy *ChannelProxy
}

Portfwd - Tracks portfwd<->tcpproxy

func (*Portfwd) GetMetadata added in v1.4.12 

func (p *Portfwd) GetMetadata() *PortfwdMeta

GetMetadata - Get metadata about the portfwd

type PortfwdMeta added in v1.4.12 

type PortfwdMeta struct {
	ID         int
	SessionID  string
	BindAddr   string
	RemoteAddr string
}

PortfwdMeta - Metadata about a portfwd listener

type Reaction added in v1.4.19 

type Reaction struct {
	ID        int      `json:"-"`
	EventType string   `json:"event_type"`
	Commands  []string `json:"commands"`
}

Reaction - Metadata about a portfwd listener

type SocksProxy added in v1.5.0 

type SocksProxy struct {
	ID           uint64
	ChannelProxy *TcpProxy
}

SocksProxy - Tracks portfwd<->tcpproxy

func (*SocksProxy) GetMetadata added in v1.5.0 

func (p *SocksProxy) GetMetadata() *SocksProxyMeta

GetMetadata - Get metadata about the portfwd

type SocksProxyMeta added in v1.5.0 

type SocksProxyMeta struct {
	ID        uint64
	SessionID string
	BindAddr  string
	Username  string
	Password  string
}

PortfwdMeta - Metadata about a portfwd listener

type TcpProxy added in v1.5.0 

type TcpProxy struct {
	Rpc     rpcpb.SliverRPCClient
	Session *clientpb.Session

	Username        string
	Password        string
	BindAddr        string
	Listener        net.Listener
	KeepAlivePeriod time.Duration
	DialTimeout     time.Duration
}

func (*TcpProxy) Stop added in v1.5.14 

func (tcp *TcpProxy) Stop() error

type TunnelIO added in v1.5.14 

type TunnelIO struct {
	ID        uint64
	SessionID string

	Send chan []byte
	Recv chan []byte
	// contains filtered or unexported fields
}

TunnelIO - Duplex data tunnel, compatible with both io.ReadWriter

func NewTunnelIO added in v1.5.14 

func NewTunnelIO(tunnelID uint64, sessionID string) *TunnelIO

NewTunnelIO - Single entry point for creating instance of new TunnelIO

func (*TunnelIO) Close added in v1.5.14 

func (tun *TunnelIO) Close() error

Close - Close tunnel IO operations

func (*TunnelIO) IsOpen added in v1.5.14 

func (tun *TunnelIO) IsOpen() bool

func (*TunnelIO) Open added in v1.5.14 

func (tun *TunnelIO) Open() error

func (*TunnelIO) Read added in v1.5.14 

func (tun *TunnelIO) Read(data []byte) (int, error)

Read - Reader method for interface

func (*TunnelIO) RecvData added in v1.5.14 

func (tun *TunnelIO) RecvData(data []byte) error

RecvData - safe way to send data to internal Recv channel. Blocking.

func (*TunnelIO) Write added in v1.5.14 

func (tun *TunnelIO) Write(data []byte) (int, error)

Write - Writer method for interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.