Documentation
¶
Index ¶
Constants ¶
View Source
const ( MinTimeout = time.Duration(30 * time.Second) KB = 1024 MB = KB * 1024 GB = MB * 1024 BufSize = 2 * MB ClientMaxReceiveMessageSize = 256 * MB // ServerMaxMessageSize - Server-side max GRPC message size ServerMaxMessageSize = 2 * GB DefaultTimeout = 10 * time.Second // second SyncBuildTimeout = 300 * time.Second )
Default config
View Source
const ( ClientMenu = "client" ImplantMenu = "implant" )
View Source
const ( GenericGroup = "generic" ManageGroup = "manage" ListenerGroup = "listener" GeneratorGroup = "generator" )
client Groups
View Source
const ( ImplantGroup = "implant" ExecuteGroup = "execute" SysGroup = "sys" FileGroup = "file" PivotGroup = "pivot" ArmoryGroup = "armory" AddonGroup = "addon" MalGroup = "mal" ThirdGroup = "3rd" )
implant Groups
View Source
const ( CryptorXOR = "XOR" CryptorRAW = "RAW" // debug only CryptorAES = "AES" )
View Source
const ( ConfigMaxPacketLength = "server.config.packet_length" ConfigAuditLevel = "server.audit" )
config
View Source
const ( UnknownFile = iota EXEFile DLLFile )
View Source
const ( DefaultMaxBodyLength = 2 * 1024 * 1024 * 1024 // 2Gb DefaultHTTPTimeout = time.Minute DefaultLongPollTimeout = time.Second DefaultLongPollJitter = time.Second DefaultCacheInterval = 60 )
Time
View Source
const ( ContextScreenShot = "screenshot" ContextKeyLogger = "keylogger" ContextCredential = "credential" ContextPivoting = "pivoting" ContextDownload = "download" ContextUpload = "upload" ContextPort = "port" )
View Source
const ( DownloadPath = "download" KeyLoggerPath = "keylogger" ScreenShotPath = "screenshot" TaskPath = "task" CachePath = "cache" RequestPath = "request" )
View Source
const ( BuildStatusRunning = "running" BuildStatusWaiting = "waiting" BuildStatusError = "error" BuildStatusFailure = "failure" BuildStatusNetworkError = "networkerr" BuildStatusCompleted = "completed" BuildStatusDBError = "db_err" BuildStatusSRDIError = "srdi_err" )
View Source
const ( LicenseCommunity = "community" LicensePro = "professional" LicenseAdmin = "admin" )
View Source
const ( CalleeCMD = "cmd" CalleeMal = "mal" CalleeSDK = "sdk" CalleeGui = "gui" CalleeExplorer = "explorer" CalleePty = "pty" )
View Source
const ( CtrlTaskCallback = "task_callback" CtrlTaskFinish = "task_finish" CtrlTaskCancel = "task_cancel" CtrlTaskError = "task_error" CtrlClientJoin = "client_join" CtrlClientLeft = "client_left" CtrlWebUpload = "web_upload" CtrlListenerStart = "listener_start" CtrlListenerStop = "listener_stop" CtrlPipelineStart = "pipeline_start" CtrlPipelineStop = "pipeline_stop" CtrlPipelineSync = "pipeline_sync" CtrlWebsiteStart = "website_start" CtrlWebsiteStop = "website_stop" CtrlWebsiteRegister = "website_register" CtrlJobStart = "job_start" CtrlJobStop = "job_stop" CtrlSessionRegister = "session_register" CtrlSessionUpdate = "session_update" CtrlSessionDead = "session_dead" CtrlSessionInit = "session_init" CtrlSessionReborn = "session_reborn" CtrlSessionLog = "session_log" CtrlSessionTask = "session_task" CtrlSessionError = "session_error" CtrlSessionCheckin = "session_checkin" CtrlWebContentAdd = "web_content_add" CtrlWebContentUpdate = "web_content_update" CtrlWebContentRemove = "web_content_remove" CtrlWebContentAddArtifact = "web_content_add_artifact" CtrlRemStart = "rem_start" CtrlRemStop = "rem_stop" CtrlRemAgentCtrl = "rem_agent_ctrl" CtrlRemAgentLog = "rem_agent_log" CtrlRemAgentStop = "rem_agent_stop" CtrlRemRegister = "rem_register" CtrlPivotReverse = "pivot_reverse" CtrlPivotProxy = "pivot_proxy" CtrlPivotConnect = "pivot_connect" CtrlPivotPortForward = "pivot_portfw" CtrlPivotReversePortForward = "pivot_rportfw" CtrlContextScreenShot = ContextScreenShot CtrlContextCred = ContextCredential CtrlContextKeyLogger = ContextKeyLogger CtrlContextDownload = ContextDownload CtrlContextPort = ContextPort CtrlContextFileCreate = "file_create" CtrlContextFileWrite = "file_write" CtrlContextFileClose = "file_end" CtrlAcme = "acme" CtrlArtifactDownload = "artifact_download" CtrlListenerSyncSession = "sync_session" )
View Source
const ( CtrlHeartbeat1s = "heartbeat_1s" // 每秒触发 CtrlHeartbeat5s = "heartbeat_5s" // 每5秒触发 CtrlHeartbeat10s = "heartbeat_10s" // 每10秒触发 CtrlHeartbeat15s = "heartbeat_15s" // 每15秒触发 CtrlHeartbeat30s = "heartbeat_30s" // 每30秒触发 CtrlHeartbeat1m = "heartbeat_1m" // 每分钟触发 CtrlHeartbeat5m = "heartbeat_5m" // 每5分钟触发 CtrlHeartbeat10m = "heartbeat_10m" // 每10分钟触发 CtrlHeartbeat15m = "heartbeat_15m" // 每15分钟触发 CtrlHeartbeat20m = "heartbeat_20m" // 每20分钟触发 CtrlHeartbeat30m = "heartbeat_30m" // 每30分钟触发 CtrlHeartbeat60m = "heartbeat_60m" // 每60分钟触发 )
View Source
const ( CtrlStatusSuccess = 0 + iota CtrlStatusFailed )
ctrl status
View Source
const ( EventJoin = "join" EventLeft = "left" EventClient = "client" EventBroadcast = "broadcast" EventNotify = "notify" EventSession = "session" EventListener = "listener" EventTask = "task" EventWebsite = "website" EventJob = "job" EventHeartbeat = "heartbeat" EventBuild = "build" EventPivot = "pivot" EventContext = "context" EventCert = "cert" EventSecure = "secure" )
event
View Source
const ( ImplantMalefic = "malefic" ImplantPulse = "pulse" ImplantMaleficBind = "bind" )
parser
View Source
const ( RDIMutant = "mutant" RDIObjcopy = "objcopy" RDIDonut = "donut" )
View Source
const ( ArtifactFromGithubAction = "action" ArtifactFromDocker = "docker" ArtifactFromUpload = "upload" ArtifactFromSaas = "saas" )
View Source
const ( FormatExecutable = "executable" FormatRaw = "raw" FormatC = "c" FormatCSharp = "csharp" FormatJava = "java" FormatGolang = "golang" FormatPython = "python" FormatPerl = "perl" FormatRuby = "ruby" FormatBash = "bash" FormatPowerShell = "powershell" FormatHexOneLine = "hex-oneline" FormatHexMultiLine = "hex-multiline" FormatNum = "num" FormatDword = "dword" FormatJavaScriptBE = "js_be" FormatJavaScriptLE = "js_le" FormatVBScript = "vbscript" FormatVBApplication = "vbapplication" FormatPowerShellRemote = "powershell-remote" FormatCurlRemote = "curl-remote" FormatWgetRemote = "wget-remote" )
Format constants for artifact conversion
View Source
const ( Windows = "windows" Linux = "linux" Darwin )
View Source
const ( ELF = ".elf" DLL = ".dll" PEFile = ".exe" ShellcodeFile = ".bin" DllFile = ".dll" )
View Source
const ( TargetX64Darwin = "x86_64-apple-darwin" TargetArm64Darwin = "aarch64-apple-darwin" TargetX64Linux = "x86_64-unknown-linux-musl" TargetX86Linux = "i686-unknown-linux-musl" TargetX64Windows = "x86_64-pc-windows-msvc" TargetX86Windows = "i686-pc-windows-msvc" TargetX86WindowsGnu = "i686-pc-windows-gnu" TargetX64WindowsGnu = "x86_64-pc-windows-gnu" )
target
View Source
const ( TCPPipeline = "tcp" HTTPPipeline = "http" BindPipeline = "bind" WebsitePipeline = "website" RemPipeline = "rem" )
View Source
const ( // internal ModulePing = "ping" ModuleClear = "clear" ModuleSleep = "sleep" ModuleSuicide = "suicide" ModuleInit = "init" ModuleSwitch = "switch" ModuleCancelTask = "cancel_task" ModuleQueryTask = "query_task" ModuleListTask = "list_task" ModuleKeyExchange = "key_exchange" //execute ModuleAliasShell = "shell" ModuleAliasPowershell = "powershell" ModuleExecute = "exec" ModuleAliasRun = "run" ModuleAliasExecute = "execute" ModuleExecuteLocal = "execute_local" ModuleInlineLocal = "inline_local" ModuleExecuteAssembly = "execute_assembly" ModuleInlineAssembly = "inline_assembly" ModuleExecuteShellcode = "execute_shellcode" ModuleAliasInlineShellcode = "inline_shellcode" ModuleExecuteExe = "execute_exe" ModuleAliasInlineExe = "inline_exe" ModuleExecuteDll = "execute_dll" ModuleDllSpawn = "dllspawn" ModuleAliasInlineDll = "inline_dll" ModuleExecuteBof = "bof" ModulePowerpick = "powerpick" ModuleUpload = "upload" ModuleDownload = "download" ModulePwd = "pwd" ModuleLs = "ls" ModuleEnumDrivers = "enum_drivers" ModuleCd = "cd" ModuleMv = "mv" ModuleMkdir = "mkdir" ModuleRm = "rm" ModuleCat = "cat" ModulePs = "ps" ModuleCp = "cp" ModuleChmod = "chmod" ModuleChown = "chown" ModuleKill = "kill" ModuleWhoami = "whoami" ModuleEnv = "env" ModuleSetEnv = "env_set" ModuleUnsetEnv = "env_unset" ModuleSysInfo = "sysinfo" ModuleNetstat = "netstat" ModuleBypass = "bypass" ModuleRequest = "request" // module ModuleListModule = "list_module" ModuleLoadModule = "load_module" ModuleRefreshModule = "refresh_module" // addon ModuleListAddon = "list_addon" ModuleLoadAddon = "load_addon" ModuleExecuteAddon = "execute_addon" // registry ModuleRegQuery = "reg_query" ModuleRegAdd = "reg_add" ModuleRegDelete = "reg_delete" ModuleRegListKey = "reg_list_key" ModuleRegListValue = "reg_list_value" // service ModuleServiceList = "service_list" ModuleServiceCreate = "service_create" ModuleServiceQuery = "service_query" ModuleServiceStart = "service_start" ModuleServiceStop = "service_stop" ModuleServiceDelete = "service_delete" // taskschd ModuleTaskSchdList = "taskschd_list" ModuleTaskSchdCreate = "taskschd_create" ModuleTaskSchdQuery = "taskschd_query" ModuleTaskSchdStart = "taskschd_start" ModuleTaskSchdStop = "taskschd_stop" ModuleTaskSchdDelete = "taskschd_delete" ModuleTaskSchdRun = "taskschd_run" // wmi ModuleWmiQuery = "wmi_query" ModuleWmiExec = "wmi_execute" // pipe ModulePipeUpload = "pipe_upload" ModulePipeClose = "pipe_close" ModulePipeRead = "pipe_read" // privilege ModuleRunas = "runas" ModulePrivs = "privs" ModuleGetSystem = "getsystem" ModuleRev2Self = "rev2self" // 3rd ModuleRemDial = "rem_dial" ModuleRem = "rem" ModuleClientPty = "interactive" ModulePty = "pty" ModulePtyStart = "start" ModulePtyStop = "stop" ModulePtyInput = "input" ModulePtyRequest = "pty_request" ModulePtyResponse = "pty_response" ModuleFFmpeg = "ffmpeg" )
client module and command
View Source
const ( CommandLogin = "login" CommandExit = "exit" CommandWait = "wait" CommandRecover = "recover" CommandPolling = "polling" CommandNewBindSession = "newbind" CommandTasks = "tasks" CommandTaskFetch = "fetch_task" CommandFiles = "files" CommandExplore = "explorer" CommandSession = "session" CommandSessionNote = "note" CommandSessionGroup = "group" CommandObverse = "obverse" CommandHistory = "history" CommandAudit = "audit" CommandRemoveSession = "remove" CommandUse = "use" CommandBackground = "background" CommandSync = "sync" CommandBroadcast = "broadcast" CommandVersion = "version" CommandNotify = "notify" CommandAlias = "alias" CommandAliasLoad = "load" CommandAliasList = "list" CommandAliasInstall = "install" CommandAliasRemove = "remove" CommandArmory = "armory" CommandArmoryUpdate = "update" CommandArmorySearch = "search" CommandArmoryLoad = "load" CommandArmoryInstall = "install" CommandExtension = "extension" CommandExtensionList = "list" CommandExtensionLoad = "load" CommandExtensionInstall = "install" CommandExtensionRemove = "remove" CommandMal = "mal" CommandMalLoad = "load" CommandMalList = "list" CommandMalInstall = "install" CommandMalRemove = "remove" CommandMalRefresh = "refresh" CommandMalUpdate = "update" CommandPipelineTcp = "tcp" CommandPipelineBind = "bind" CommandWebsite = "website" CommandListener = "listener" CommandJob = "job" CommandPipeline = "pipeline" CommandPipelineNew = "new" CommandPipelineList = "list" CommandPipelineStart = "start" CommandPipelineStop = "stop" CommandPipelineDelete = "delete" CommandPipelineRestart = "restart" CommandBuild = "build" CommandBuildPrelude = "prelude" CommandBuildBeacon = "beacon" CommandBuildBind = "bind" CommandBuildShellCode = "shellcode" CommandBuildModules = "modules" CommandBuild3rdModules = "3rd" CommandBuildPulse = "pulse" CommandBuildLog = "log" CommandArtifact = "artifact" CommandArtifactList = "list" CommandArtifactShow = "show" CommandArtifactDownload = "download" CommandArtifactUpload = "upload" CommandArtifactDelete = "delete " CommandProfile = "profile" CommandProfileList = "list" CommandProfileLoad = "load" CommandProfileNew = "new" CommandProfileDelete = "delete" CommandSRDI = "srdi" CommandDonut = "donut" CommandReg = "reg" CommandRegExplorer = "reg_explorer" CommandService = "service" CommandTaskSchd = "taskschd" CommandPipe = "pipe" CommandAction = "action" CommandActionRun = "run" CommandActionEnable = "enable" CommandActionDisable = "disable" CommandActionList = "list" CommandSaas = "saas" CommandLicense = "license" CommandLicenseNew = "new" CommandLicenseDelete = "delete" CommandLicenseUpdate = "update" CommandConfig = "config" CommandRefresh = "refresh" CommandConfigUpdate = "update" CommandGithub = "github" CommandRem = "rem" CommandListRem = "list" CommandRemNew = "new" CommandRemStart = "start" CommandRemStop = "stop" CommandRemDelete = "delete" CommandRemDial = "rem_dial" CommandPivot = "pivot" CommandProxy = "proxy" CommandReverse = "reverse" CommandPortForward = "portfwd" CommandReversePortForward = "rportfwd" CommandReversePortForwardLocal = "rportfwd_local" CommandPortForwardLocal = "portfwd_local" CommandScreenShot = "screenshot" CommandCert = "cert" CommandCertDelete = "delete" CommandCertUpdate = "update" CommandCertDownload = "download" CommandCertImport = "import" CommandCertSelfSigned = "self_signed" CommandCertAcme = "acme" )
View Source
const ( OPSecLOW = "low" OPSecMID = "mid" OPSecHIGH = "high" OPSecOPsec = "opsec" )
View Source
const (
ArtifactWebcontent = "artifact"
)
View Source
const (
ClientPrompt = "IoM"
)
UI
Variables ¶
View Source
var ( Ver = "latest" Commit = "" Buildstamp = "" )
View Source
var ( ModuleAliases = map[string]string{ ModuleAliasInlineShellcode: ModuleExecuteShellcode, ModuleAliasInlineExe: ModuleExecuteExe, ModuleAliasInlineDll: ModuleExecuteDll, ModuleAliasShell: ModuleExecute, ModuleAliasPowershell: ModuleExecute, } ExecuteModules = []string{ ModuleExecuteBof, ModuleExecuteDll, ModuleExecuteShellcode, ModuleExecuteExe, ModulePowerpick, ModuleExecuteAssembly, ModuleAliasInlineExe, ModuleAliasInlineDll, ModuleAliasInlineShellcode, } InlineModules = []string{ ModuleAliasInlineExe, ModuleAliasInlineDll, ModuleAliasInlineShellcode, } SacrificeModules = []string{ ModuleExecuteExe, ModuleExecuteDll, ModuleExecuteShellcode, } )
View Source
var ArchAlias = map[string]string{
"x86_64": "x64",
"amd64": "x64",
"x86": "x86",
"386": "x86",
}
ArchAlias 将别名映射为标准的架构名称
View Source
var ArchMap = map[string]Arch{ "x64": X86_64, "x86": I686, "arm": Arm, "arm64": Aarch64, "mips": Mips, }
ArchMap 将字符串映射为 Arch 枚举值
View Source
var BuildSource = []string{ ArtifactFromDocker, ArtifactFromGithubAction, ArtifactFromSaas, }
View Source
var BuildTargetMap = map[string]*BuildTarget{ TargetX64Darwin: { Name: TargetX64Darwin, Arch: ArchMap["x64"].String(), OS: Darwin, }, TargetArm64Darwin: { Name: TargetArm64Darwin, Arch: ArchMap["arm64"].String(), OS: Darwin, }, TargetX64Linux: { Name: TargetX64Linux, Arch: ArchMap["x64"].String(), OS: Linux, }, TargetX86Linux: { Name: TargetX86Linux, Arch: ArchMap["x86"].String(), OS: Linux, }, TargetX64Windows: { Name: TargetX64Windows, Arch: ArchMap["x64"].String(), OS: Windows, }, TargetX86Windows: { Name: TargetX86Windows, Arch: ArchMap["x86"].String(), OS: Windows, }, TargetX86WindowsGnu: { Name: TargetX86WindowsGnu, Arch: ArchMap["x86"].String(), OS: Windows, }, TargetX64WindowsGnu: { Name: TargetX64WindowsGnu, Arch: ArchMap["x64"].String(), OS: Windows, }, }
View Source
var BuildType = []string{
"beacon",
"bind",
"pulse",
"prelude",
"modules",
}
View Source
var DefaultProfile []byte
View Source
var DefaultRDI = RDIDonut
View Source
var Modules = []string{
"nano",
"full",
"base",
"extend",
"fs_full",
"sys_full",
"execute_full",
"net_full",
}
View Source
var (
WindowsVer = map[string]string{
"5.0.2195": "2000",
"5.1.2600": "XP",
"5.2.3790": "Server 2003/Server 2003 R2",
"6.0.6000": "Vista",
"6.0.6001": "Vista SP1/Server2008",
"6.0.6002": "Vista SP2/Server2008 SP2",
"6.1.0": "7/Server2008 R2",
"6.1.7600": "7/Server2008 R2",
"6.1.7601": "7 SP1/Server2008 R2 SP1",
"6.2.9200": "8/Server2012",
"6.3.9600": "8.1/Server2012 R2",
"10.0.10240": "10 1507",
"10.0.10586": "10 1511",
"10.0.14393": "10 1607/Server2016",
"10.0.15063": "10 1703",
"10.0.16299": "10 1709",
"10.0.17134": "10 1803",
"10.0.17763": "10 1809/Server2019",
"10.0.18362": "10 1903",
"10.0.18363": "10 1909",
"10.0.19041": "10 2004/Server2004",
"10.0.19042": "10 20H2/Server20H2",
"10.0.19043": "10 21H2",
"10.0.20348": "Server2022",
"10.0.22621": "11",
"11.0.22000": "11",
}
)
Functions ¶
func FormatArch ¶ added in v0.0.3
func GetBuildTargetNameByArchOS ¶ added in v0.1.1
func SubCommandName ¶ added in v0.0.3
Types ¶
type BuildTarget ¶ added in v0.0.3
func GetBuildTarget ¶ added in v0.0.3
func GetBuildTarget(name string) (*BuildTarget, bool)
Source Files
Click to show internal directories.
Click to hide internal directories.