Documentation
¶
Index ¶
- Constants
- Variables
- func CheckHTTPC2ConfigErrors() error
- func GetConfig(key string) any
- func GetHTTPC2ConfigPath() string
- func InitConfig() error
- func LoadConfig(filename string, v interface{}) error
- func LoadMiscConfig() ([]byte, []byte, error)
- func NewDebugLog(filename string) *logs.Logger
- func NewFileLog(filename string) *logs.Logger
- type DaemonConfig
- type DatabaseConfig
- type EncryptionConfig
- type HTTPC2Config
- type HTTPC2ImplantConfig
- func (h *HTTPC2ImplantConfig) RandomCloseFiles() []string
- func (h *HTTPC2ImplantConfig) RandomClosePaths() []string
- func (h *HTTPC2ImplantConfig) RandomPollFiles() []string
- func (h *HTTPC2ImplantConfig) RandomPollPaths() []string
- func (h *HTTPC2ImplantConfig) RandomSessionFiles() []string
- func (h *HTTPC2ImplantConfig) RandomSessionPaths() []string
- type HTTPC2ServerConfig
- type HttpPipelineConfig
- type ListenerConfig
- type LogConfig
- type MiscConfig
- type NameValueProbability
- type ServerConfig
- type TcpPipelineConfig
- type TlsConfig
- type WebsiteConfig
Constants ¶
View Source
const ( // Sqlite - SQLite protocol Sqlite = "sqlite3" // Postgres - Postgresql protocol Postgres = "postgresql" // MySQL - MySQL protocol MySQL = "mysql" )
View Source
const ( DefaultChromeBaseVer = 106 DefaultMacOSVer = "10_15_7" )
Variables ¶
View Source
var ( ErrMissingCookies = errors.New("server config must specify at least one cookie") ErrMissingStagerFileExt = errors.New("implant config must specify a stager_file_ext") ErrTooFewStagerFiles = errors.New("implant config must specify at least one stager_files value") ErrMissingPollFileExt = errors.New("implant config must specify a poll_file_ext") ErrTooFewPollFiles = errors.New("implant config must specify at least one poll_files value") ErrMissingKeyExchangeFileExt = errors.New("implant config must specify a key_exchange_file_ext") ErrTooFewKeyExchangeFiles = errors.New("implant config must specify at least one key_exchange_files value") ErrMissingCloseFileExt = errors.New("implant config must specify a close_file_ext") ErrTooFewCloseFiles = errors.New("implant config must specify at least one close_files value") ErrMissingStartSessionFileExt = errors.New("implant config must specify a start_session_file_ext") ErrMissingSessionFileExt = errors.New("implant config must specify a session_file_ext") ErrTooFewSessionFiles = errors.New("implant config must specify at least one session_files value") ErrNonuniqueFileExt = errors.New("implant config must specify unique file extensions") ErrQueryParamNameLen = errors.New("implant config url query parameter names must be 3 or more characters") )
View Source
var ( ServerConfigFileName = "config.yaml" ServerRootPath = files.GetExcPath() + ".malice" CurrentServerConfigFilename = "config.yaml" LogPath = path.Join(ServerRootPath, "logs") CertsPath = path.Join(ServerRootPath, "certs") ListenerPath = path.Join(ServerRootPath, "listener") TempPath = path.Join(ServerRootPath, "temp") PluginPath = path.Join(ServerRootPath, "plugins") AuditPath = path.Join(ServerRootPath, "audit") CachePath = path.Join(TempPath, "cache") ErrNoConfig = errors.New("no config found") WebsitePath = path.Join(ServerRootPath, "web") )
View Source
var ( // ErrInvalidDialect - An invalid dialect was specified ErrInvalidDialect = errors.New("invalid SQL Dialect") )
View Source
var ListenerConfigFileName = "listener.yaml"
Functions ¶
func CheckHTTPC2ConfigErrors ¶
func CheckHTTPC2ConfigErrors() error
CheckHTTPC2ConfigErrors - Get the current HTTP C2 config
func GetHTTPC2ConfigPath ¶
func GetHTTPC2ConfigPath() string
GetHTTPC2ConfigPath - File path to http-c2.json
func InitConfig ¶
func InitConfig() error
func LoadConfig ¶
func LoadMiscConfig ¶
func NewDebugLog ¶
func NewFileLog ¶
Types ¶
type DaemonConfig ¶
type DaemonConfig struct {
Host string `json:"host" default:"0.0.0.0"`
Port int `json:"port" default:"5001"`
}
DaemonConfig - Configure daemon mode
type DatabaseConfig ¶
type DatabaseConfig struct {
Dialect string `json:"dialect"`
Database string `json:"database"`
Username string `json:"username"`
Password string `json:"password"`
Host string `json:"host"`
Port uint16 `json:"port"`
Params map[string]string `json:"params"`
MaxIdleConns int `json:"max_idle_conns"`
MaxOpenConns int `json:"max_open_conns"`
LogLevel string `json:"log_level"`
}
DatabaseConfig - Server config
func GetDatabaseConfig ¶
func GetDatabaseConfig() *DatabaseConfig
GetDatabaseConfig - Get config value
func (*DatabaseConfig) DSN ¶
func (c *DatabaseConfig) DSN() (string, error)
DSN - Get the db connections string https://github.com/go-sql-driver/mysql#examples
type EncryptionConfig ¶
type HTTPC2Config ¶
type HTTPC2Config struct {
ImplantConfig *HTTPC2ImplantConfig `json:"implant_config"`
ServerConfig *HTTPC2ServerConfig `json:"server_config"`
}
HTTPC2Config - Parent config file struct for implant/server
func GetHTTPC2Config ¶
func GetHTTPC2Config() *HTTPC2Config
GetHTTPC2Config - Get the current HTTP C2 config
func (*HTTPC2Config) ChromeVer ¶
func (h *HTTPC2Config) ChromeVer() string
ChromeVer - Generate a random Chrome user-agent
func (*HTTPC2Config) GenerateUserAgent ¶
func (h *HTTPC2Config) GenerateUserAgent(goos string, goarch string) string
GenerateUserAgent - Generate a user-agent depending on OS/Arch
func (*HTTPC2Config) MacOSVer ¶
func (h *HTTPC2Config) MacOSVer() string
func (*HTTPC2Config) RandomImplantConfig ¶
func (h *HTTPC2Config) RandomImplantConfig() *HTTPC2ImplantConfig
RandomImplantConfig - Randomly generate a new implant config from the parent config, this is the primary configuration used by the implant generation.
type HTTPC2ImplantConfig ¶
type HTTPC2ImplantConfig struct {
UserAgent string `json:"user_agent"`
ChromeBaseVersion int `json:"chrome_base_version"`
MacOSVersion string `json:"macos_version"`
NonceQueryArgs string `json:"nonce_query_args"`
URLParameters []NameValueProbability `json:"url_parameters"`
Headers []NameValueProbability `json:"headers"`
MaxFiles int `json:"max_files"`
MinFiles int `json:"min_files"`
MaxPaths int `json:"max_paths"`
MinPaths int `json:"min_paths"`
// Stager files and paths
StagerFileExt string `json:"stager_file_ext"`
StagerFiles []string `json:"stager_files"`
StagerPaths []string `json:"stager_paths"`
// Poll files and paths
PollFileExt string `json:"poll_file_ext"`
PollFiles []string `json:"poll_files"`
PollPaths []string `json:"poll_paths"`
// Session files and paths
StartSessionFileExt string `json:"start_session_file_ext"`
SessionFileExt string `json:"session_file_ext"`
SessionFiles []string `json:"session_files"`
SessionPaths []string `json:"session_paths"`
// Close session files and paths
CloseFileExt string `json:"close_file_ext"`
CloseFiles []string `json:"close_files"`
ClosePaths []string `json:"close_paths"`
}
HTTPC2ImplantConfig - Implant configuration options Procedural C2 =============== .txt = rsakey .css = start .php = session
.js = poll
.png = stop .woff = sliver shellcode
func (*HTTPC2ImplantConfig) RandomCloseFiles ¶
func (h *HTTPC2ImplantConfig) RandomCloseFiles() []string
func (*HTTPC2ImplantConfig) RandomClosePaths ¶
func (h *HTTPC2ImplantConfig) RandomClosePaths() []string
func (*HTTPC2ImplantConfig) RandomPollFiles ¶
func (h *HTTPC2ImplantConfig) RandomPollFiles() []string
func (*HTTPC2ImplantConfig) RandomPollPaths ¶
func (h *HTTPC2ImplantConfig) RandomPollPaths() []string
func (*HTTPC2ImplantConfig) RandomSessionFiles ¶
func (h *HTTPC2ImplantConfig) RandomSessionFiles() []string
func (*HTTPC2ImplantConfig) RandomSessionPaths ¶
func (h *HTTPC2ImplantConfig) RandomSessionPaths() []string
type HTTPC2ServerConfig ¶
type HTTPC2ServerConfig struct {
RandomVersionHeaders bool `json:"random_version_headers"`
Headers []NameValueProbability `json:"headers"`
Cookies []string `json:"cookies"`
}
HTTPC2ServerConfig - Server configuration options
type HttpPipelineConfig ¶
type ListenerConfig ¶
type ListenerConfig struct {
Name string `config:"name"`
Auth string `config:"auth"`
TcpPipelines []*TcpPipelineConfig `config:"tcp"`
HttpPipelines []*HttpPipelineConfig `config:"http"`
Websites []*WebsiteConfig `config:"websites"`
}
func GetListenerConfig ¶
func GetListenerConfig() *ListenerConfig
type LogConfig ¶
type LogConfig struct {
Level int `json:"level" default:"20"`
GRPCUnaryPayloads bool `json:"grpc_unary_payloads"`
GRPCStreamPayloads bool `json:"grpc_stream_payloads"`
TLSKeyLogger bool `json:"tls_key_logger"`
}
LogConfig - Server logging config
type MiscConfig ¶
type NameValueProbability ¶
type ServerConfig ¶
type ServerConfig struct {
GRPCPort uint16 `config:"grpc_port" default:"5004"`
GRPCHost string `config:"grpc_host" default:"0.0.0.0"`
DaemonConfig *DaemonConfig `config:"daemon"`
LogConfig *LogConfig `config:"log" default:""`
MiscConfig *MiscConfig `config:"config" default:""`
}
func GetServerConfig ¶
func GetServerConfig() *ServerConfig
func (*ServerConfig) Address ¶
func (c *ServerConfig) Address() string
func (*ServerConfig) Save ¶
func (c *ServerConfig) Save() error
type TcpPipelineConfig ¶
type TlsConfig ¶
type TlsConfig struct {
Enable bool `config:"enable"`
Name string `config:"name"`
CN string `config:"CN"`
O string `config:"O"`
C string `config:"C"`
L string `config:"L"`
OU string `config:"OU"`
ST string `config:"ST"`
Validity string `config:"validity"`
CertFile string `config:"cert"`
KeyFile string `config:"key"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.