Documentation
¶
Index ¶
- Variables
- func BuildOneSpites(spite *implantpb.Spite) *implantpb.Spites
- func BuildPingSpite() *implantpb.Spite
- func BuildPingSpites() *implantpb.Spites
- func BuildSpite(spite *implantpb.Spite, msg proto.Message) (*implantpb.Spite, error)
- func BuildSpites(spites []*implantpb.Spite) *implantpb.Spites
- type BasicProfile
- type CertConfig
- type EncryptionConfig
- type EncryptionsConfig
- type ImplantProfile
- type MsgName
- type PipelineParams
- type ProfileConfig
- type ProfileParams
- type PulseProfile
- type REMProfile
- type SessionContext
- type SessionInfo
- type TLSProfile
- type TlsConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrUnknownSpite = errors.New("unknown spite body") ErrUnknownJob = errors.New("unknown job body") )
View Source
var DefaultProfile []byte
Functions ¶
func BuildPingSpite ¶
func BuildPingSpites ¶ added in v0.0.3
func BuildSpite ¶
BuildSpite build spite request
Types ¶
type BasicProfile ¶ added in v0.0.3
type BasicProfile struct {
Name string `yaml:"name" config:"name" default:"malefic"`
Targets []string `yaml:"targets" config:"targets" default:"[]"`
Protocol string `yaml:"protocol" config:"protocol" default:"tcp"`
TLS *TLSProfile `yaml:"tls" config:"tls"`
Proxy string `yaml:"proxy" config:"proxy" default:""`
Interval int `yaml:"interval" config:"interval" default:"5"`
Jitter float64 `yaml:"jitter" config:"jitter" default:"0.2"`
Encryption string `yaml:"encryption" config:"encryption" default:"aes"`
Key string `yaml:"key" config:"key" default:"maliceofinternal"`
REM *REMProfile `yaml:"rem" config:"rem"`
Extras map[string]interface{} `yaml:",inline"`
}
type CertConfig ¶ added in v0.1.1
type CertConfig struct {
Enable bool `json:"enable" yaml:"enable" config:"enable"`
Cert string `json:"cert" yaml:"cert" config:"cert"`
Key string `json:"key" yaml:"key" config:"key"`
}
func FromCert ¶ added in v0.1.1
func FromCert(cert *clientpb.Cert) *CertConfig
func (*CertConfig) ToProtobuf ¶ added in v0.1.1
func (cert *CertConfig) ToProtobuf() *clientpb.Cert
type EncryptionConfig ¶ added in v0.1.0
type EncryptionConfig struct {
Type string `json:"type" config:"type"`
Key string `json:"key" config:"key"`
}
func FromEncryption ¶ added in v0.1.0
func FromEncryption(encryption *clientpb.Encryption) *EncryptionConfig
func (*EncryptionConfig) ToProtobuf ¶ added in v0.1.0
func (encryption *EncryptionConfig) ToProtobuf() *clientpb.Encryption
type EncryptionsConfig ¶ added in v0.1.1
type EncryptionsConfig []*EncryptionConfig
func FromEncryptions ¶ added in v0.1.1
func FromEncryptions(es []*clientpb.Encryption) EncryptionsConfig
func (EncryptionsConfig) Choice ¶ added in v0.1.1
func (e EncryptionsConfig) Choice() *EncryptionConfig
func (EncryptionsConfig) ToProtobuf ¶ added in v0.1.1
func (e EncryptionsConfig) ToProtobuf() []*clientpb.Encryption
type ImplantProfile ¶ added in v0.0.3
type ImplantProfile struct {
Mod string `yaml:"mod" config:"mod" default:""`
RegisterInfo bool `yaml:"register_info" config:"register_info" default:"false"`
HotLoad bool `yaml:"hot_load" config:"hot_load" default:"false"`
Modules []string `yaml:"modules" config:"modules" default:"[]"`
Extras map[string]interface{} `yaml:",inline"`
}
type MsgName ¶
type MsgName string
const ( MsgInit MsgName = consts.ModuleInit MsgPing MsgName = consts.ModulePing MsgSleep MsgName = consts.ModuleSleep MsgSwitch MsgName = consts.ModuleSwitch MsgTask MsgName = "task" MsgTasks MsgName = "tasks" // basic message MsgResponse MsgName = "response" MsgBlock MsgName = "block" MsgAck MsgName = "ack" MsgRegister MsgName = "register" MsgRequest MsgName = "request" MsgUnknown MsgName = "unknown" MsgNil MsgName = "nil" MsgEmpty MsgName = "empty" MsgSysInfo MsgName = consts.ModuleSysInfo MsgUpload MsgName = consts.ModuleUpload MsgDownload MsgName = consts.ModuleDownload MsgCurl MsgName = consts.ModuleRequest MsgExec MsgName = consts.ModuleExecute MsgListModule MsgName = consts.ModuleListModule MsgLoadModule MsgName = consts.ModuleLoadModule MsgListAddon MsgName = consts.ModuleListAddon MsgLoadAddon MsgName = consts.ModuleLoadAddon MsgBinaryResponse MsgName = "assembly_response" MsgExecuteAddon MsgName = consts.ModuleExecuteAddon MsgExecuteLocal MsgName = consts.ModuleExecuteLocal //MsgExecuteSpawn MsgName = "execute_spawn" MsgLs MsgName = consts.ModuleLs MsgNetstat MsgName = consts.ModuleNetstat MsgPs MsgName = consts.ModulePs MsgKill MsgName = consts.ModuleKill MsgBypass MsgName = consts.ModuleBypass MsgRegistryAdd MsgName = consts.ModuleRegAdd MsgServicesResponse MsgName = consts.ModuleServiceList MsgServiceResponse MsgName = consts.ModuleServiceQuery MsgTaskSchdsResponse MsgName = consts.ModuleTaskSchdList MsgTaskSchdResponse MsgName = consts.ModuleTaskSchdQuery MsgWmiQuery MsgName = consts.ModuleWmiQuery MsgWmiExecute MsgName = consts.ModuleWmiExec )
func MessageType ¶
MessageType , parse response message
type PipelineParams ¶ added in v0.1.0
type PipelineParams struct {
Parser string `json:"parser,omitempty"`
WebPath string `json:"path,omitempty"`
Link string `json:"link,omitempty"`
Console string `json:"console,omitempty"`
Subscribe string `json:"subscribe,omitempty"`
Agents map[string]*clientpb.REMAgent `json:"agents,omitempty"`
Encryption EncryptionsConfig `json:"encryption,omitempty"`
Tls *TlsConfig `json:"tls,omitempty"`
// HTTP pipeline specific params
Headers map[string][]string `json:"headers,omitempty"`
ErrorPage string `json:"error_page,omitempty" gorm:"-"`
BodyPrefix string `json:"body_prefix,omitempty"`
BodySuffix string `json:"body_suffix,omitempty"`
}
type ProfileConfig ¶ added in v0.0.3
type ProfileConfig struct {
Basic *BasicProfile `yaml:"basic" config:"basic"`
Pulse *PulseProfile `yaml:"pulse" config:"pulse"`
Implant *ImplantProfile `yaml:"implants" config:"implants"`
Extras map[string]interface{} `yaml:",inline"`
}
func LoadProfile ¶ added in v0.0.3
func LoadProfile(content []byte) (*ProfileConfig, error)
type ProfileParams ¶ added in v0.0.3
type ProfileParams struct {
Interval int `json:"interval"`
Jitter float64 `json:"jitter"`
Proxy string `json:"proxy"`
OriginBeaconID uint32 `json:"origin_beacon_id"`
RelinkBeaconID uint32 `json:"relink_beacon_id"`
REMPipeline string `json:"rem"`
Enable3RD bool `json:"enable_3_rd"`
Modules string `json:"modules"`
}
func UnmarshalProfileParams ¶ added in v0.1.1
func UnmarshalProfileParams(params []byte) (*ProfileParams, error)
func (*ProfileParams) String ¶ added in v0.0.3
func (p *ProfileParams) String() string
type PulseProfile ¶ added in v0.0.3
type PulseProfile struct {
Target string `yaml:"target"`
Encryption string `yaml:"encryption"`
Key string `yaml:"key"`
Protocol string `yaml:"protocol"`
Flags struct {
ArtifactID uint32 `yaml:"artifact_id" config:"artifact_id" default:"0"`
Extras map[string]interface{} `yaml:",inline"`
}
Extras map[string]interface{} `yaml:",inline"`
}
type REMProfile ¶ added in v0.1.1
type REMProfile struct {
Link string `yaml:"link" config:"link" default:""`
}
type SessionContext ¶ added in v0.1.0
type SessionContext struct {
*SessionInfo `json:",inline"`
Modules []string `json:"modules"`
Addons []*implantpb.Addon `json:"addons"`
Argue map[string]string `json:"argue"` // 参数欺骗
Any map[string]interface{} `json:"any"`
}
func NewSessionContext ¶ added in v0.1.0
func NewSessionContext(req *clientpb.RegisterSession) *SessionContext
func RecoverSessionContext ¶ added in v0.1.0
func RecoverSessionContext(content string) (*SessionContext, error)
func (*SessionContext) Data ¶ added in v0.1.0
func (ctx *SessionContext) Data() map[string]interface{}
func (*SessionContext) GetAny ¶ added in v0.1.0
func (ctx *SessionContext) GetAny(id string) (interface{}, bool)
func (*SessionContext) Marshal ¶ added in v0.1.0
func (ctx *SessionContext) Marshal() string
func (*SessionContext) Update ¶ added in v0.1.0
func (ctx *SessionContext) Update(req *clientpb.RegisterSession)
type SessionInfo ¶ added in v0.1.0
type SessionInfo struct {
Os *implantpb.Os `json:"os"`
Process *implantpb.Process `json:"process"`
Interval uint64 `json:"interval"`
Jitter float64 `json:"jitter"`
IsPrivilege bool `json:"is_privilege"`
Filepath string `json:"filepath"`
WorkDir string `json:"workdir"`
ProxyURL string `json:"proxy"`
Locale string `json:"locale"`
}
type TLSProfile ¶ added in v0.1.1
type TlsConfig ¶ added in v0.1.0
type TlsConfig struct {
Enable bool `json:"enable"`
Acme bool `json:"acme"`
Cert *CertConfig `json:"cert"`
CA *CertConfig `json:"ca"`
Domain string `json:"domain"`
Subject *pkix.Name `json:"subject"`
}
func (*TlsConfig) ToProtobuf ¶ added in v0.1.0
func (*TlsConfig) ToSubjectProtobuf ¶ added in v0.1.1
func (tls *TlsConfig) ToSubjectProtobuf() *clientpb.CertificateSubject
Source Files
Click to show internal directories.
Click to hide internal directories.