Documentation
¶
Index ¶
- Variables
- func BuildOneSpites(spite *implantpb.Spite) *implantpb.Spites
- func BuildPingSpite() *implantpb.Spite
- func BuildPingSpites() *implantpb.Spites
- func BuildSpite(spite *implantpb.Spite, msg proto.Message) (*implantpb.Spite, error)
- func BuildSpites(spites []*implantpb.Spite) *implantpb.Spites
- type APIPriorityConfig
- type APIsProfile
- type AllocatorProfile
- type AntiProfile
- type BasicProfile
- type BuildProfile
- type CertConfig
- type DGAProfile
- type EncryptionConfig
- type EncryptionsConfig
- type GuardrailProfile
- type HttpProfile
- type ImplantFlags
- type ImplantProfile
- type MetadataProfile
- type MsgName
- type OLLVMProfile
- type PackItem
- type PipelineParams
- type ProfileConfig
- func (p *ProfileConfig) Clone() (*ProfileConfig, error)
- func (p *ProfileConfig) Merge(other *ProfileConfig)
- func (p *ProfileConfig) SetDefaults()
- func (p *ProfileConfig) ToJSON() ([]byte, error)
- func (p *ProfileConfig) ToYAML() ([]byte, error)
- func (p *ProfileConfig) Validate() error
- func (p *ProfileConfig) ValidateProfileFiles(baseDir string) error
- type ProfileParams
- type ProxyProfile
- type PulseFlags
- type PulseProfile
- type REMProfile
- type SecureConfig
- type SecureProfile
- type SessionContext
- type SessionInfo
- type TCPProfile
- type TLSProfile
- type Target
- type TlsConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrUnknownSpite = errors.New("unknown spite body") ErrUnknownJob = errors.New("unknown job body") )
Functions ¶
func BuildPingSpite ¶
func BuildPingSpites ¶ added in v0.0.3
func BuildSpite ¶
BuildSpite build spite request, msg: Spite body
Types ¶
type APIPriorityConfig ¶ added in v0.1.2
type APIsProfile ¶ added in v0.1.2
type APIsProfile struct {
Level string `yaml:"level" json:"level"`
Priority map[string]*APIPriorityConfig `yaml:"priority" json:"priority"`
}
type AllocatorProfile ¶ added in v0.1.2
type AntiProfile ¶ added in v0.1.2
type BasicProfile ¶ added in v0.0.3
type BasicProfile struct {
Name string `yaml:"name" json:"name"`
Proxy *ProxyProfile `yaml:"proxy" json:"proxy"`
Cron string `yaml:"cron" json:"cron"`
Jitter float64 `yaml:"jitter" json:"jitter"`
InitRetry int `yaml:"init_retry" json:"init_retry"`
ServerRetry int `yaml:"server_retry" json:"server_retry"`
GlobalRetry int `yaml:"global_retry" json:"global_retry"`
Encryption string `yaml:"encryption" json:"encryption"`
Key string `yaml:"key" json:"key"`
Secure *SecureProfile `yaml:"secure" json:"secure"`
DGA *DGAProfile `yaml:"dga" json:"dga"`
Guardrail *GuardrailProfile `yaml:"guardrail" json:"guardrail"`
Targets []Target `yaml:"targets" json:"targets"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type BuildProfile ¶ added in v0.1.2
type BuildProfile struct {
ZigBuild bool `yaml:"zigbuild" json:"zigbuild"`
Remap bool `yaml:"remap" json:"remap"`
Toolchain string `yaml:"toolchain" json:"toolchain"`
OLLVM *OLLVMProfile `yaml:"ollvm" json:"ollvm"`
Metadata *MetadataProfile `yaml:"metadata" json:"metadata"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type CertConfig ¶ added in v0.1.1
type CertConfig struct {
Enable bool `json:"enable" yaml:"enable" config:"enable"`
Cert string `json:"cert" yaml:"cert" config:"cert"`
Key string `json:"key" yaml:"key" config:"key"`
}
func FromCert ¶ added in v0.1.1
func FromCert(cert *clientpb.Cert) *CertConfig
func (*CertConfig) ToProtobuf ¶ added in v0.1.1
func (cert *CertConfig) ToProtobuf() *clientpb.Cert
type DGAProfile ¶ added in v0.1.2
type EncryptionConfig ¶ added in v0.1.0
type EncryptionConfig struct {
Type string `json:"type" config:"type"`
Key string `json:"key" config:"key"`
}
func FromEncryption ¶ added in v0.1.0
func FromEncryption(encryption *clientpb.Encryption) *EncryptionConfig
func (*EncryptionConfig) ToProtobuf ¶ added in v0.1.0
func (encryption *EncryptionConfig) ToProtobuf() *clientpb.Encryption
type EncryptionsConfig ¶ added in v0.1.1
type EncryptionsConfig []*EncryptionConfig
func FromEncryptions ¶ added in v0.1.1
func FromEncryptions(es []*clientpb.Encryption) EncryptionsConfig
func (EncryptionsConfig) Choice ¶ added in v0.1.1
func (e EncryptionsConfig) Choice() *EncryptionConfig
func (EncryptionsConfig) ToProtobuf ¶ added in v0.1.1
func (e EncryptionsConfig) ToProtobuf() []*clientpb.Encryption
type GuardrailProfile ¶ added in v0.1.2
type GuardrailProfile struct {
Enable bool `yaml:"enable" json:"enable"`
RequireAll bool `yaml:"require_all" json:"require_all"`
IPAddresses []string `yaml:"ip_addresses" json:"ip_addresses"`
Usernames []string `yaml:"usernames" json:"usernames"`
ServerNames []string `yaml:"server_names" json:"server_names"`
Domains []string `yaml:"domains" json:"domains"`
}
type HttpProfile ¶ added in v0.1.2
type HttpProfile struct {
Method string `yaml:"method" json:"method"`
Path string `yaml:"path" json:"path"`
Host string `yaml:"host" json:"host"`
Version string `yaml:"version" json:"version"`
Headers map[string]string `yaml:"headers" json:"headers"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type ImplantFlags ¶ added in v0.1.2
type ImplantProfile ¶ added in v0.0.3
type ImplantProfile struct {
Runtime string `yaml:"runtime" json:"runtime"`
Mod string `yaml:"mod" json:"mod"`
RegisterInfo bool `yaml:"register_info" json:"register_info"`
HotLoad bool `yaml:"hot_load" json:"hot_load"`
Modules []string `yaml:"modules" json:"modules"`
Enable3rd bool `yaml:"enable_3rd" json:"enable_3rd"`
ThirdModules []string `yaml:"3rd_modules" json:"3rd_modules"`
AutoRun string `yaml:"autorun" json:"autorun"`
Pack []PackItem `yaml:"pack" json:"pack"`
Flags *ImplantFlags `yaml:"flags" json:"flags"`
Anti *AntiProfile `yaml:"anti" json:"anti"`
APIs *APIsProfile `yaml:"apis" json:"apis"`
Allocator *AllocatorProfile `yaml:"allocator" json:"allocator"`
ThreadStackSpoofer bool `yaml:"thread_stack_spoofer" json:"thread_stack_spoofer"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type MetadataProfile ¶ added in v0.1.2
type MetadataProfile struct {
RemapPath string `yaml:"remap_path" json:"remap_path"`
Icon string `yaml:"icon" json:"icon"`
CompileTime string `yaml:"compile_time" json:"compile_time"`
FileVersion string `yaml:"file_version" json:"file_version"`
ProductVersion string `yaml:"product_version" json:"product_version"`
CompanyName string `yaml:"company_name" json:"company_name"`
ProductName string `yaml:"product_name" json:"product_name"`
OriginalFilename string `yaml:"original_filename" json:"original_filename"`
FileDescription string `yaml:"file_description" json:"file_description"`
InternalName string `yaml:"internal_name" json:"internal_name"`
RequireAdmin bool `yaml:"require_admin" json:"require_admin"`
RequireUAC bool `yaml:"require_uac" json:"require_uac"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type MsgName ¶
type MsgName string
const ( MsgInit MsgName = consts.ModuleInit MsgPing MsgName = consts.ModulePing MsgSleep MsgName = consts.ModuleSleep MsgSwitch MsgName = consts.ModuleSwitch MsgTask MsgName = "task" MsgTasks MsgName = "tasks" // cryptographic key exchange MsgKeyExchangeResponse MsgName = consts.ModuleKeyExchange // basic message MsgResponse MsgName = "response" MsgBlock MsgName = "block" MsgAck MsgName = "ack" MsgRegister MsgName = "register" MsgRequest MsgName = "request" MsgUnknown MsgName = "unknown" MsgNil MsgName = "nil" MsgEmpty MsgName = "empty" MsgSysInfo MsgName = consts.ModuleSysInfo MsgUpload MsgName = consts.ModuleUpload MsgDownload MsgName = consts.ModuleDownload MsgCurl MsgName = consts.ModuleRequest MsgFFmpeg MsgName = consts.ModuleFFmpeg MsgExec MsgName = consts.ModuleExecute MsgListModule MsgName = consts.ModuleListModule MsgLoadModule MsgName = consts.ModuleLoadModule MsgListAddon MsgName = consts.ModuleListAddon MsgLoadAddon MsgName = consts.ModuleLoadAddon MsgBinaryResponse MsgName = "assembly_response" MsgExecuteAddon MsgName = consts.ModuleExecuteAddon MsgExecuteLocal MsgName = consts.ModuleExecuteLocal //MsgExecuteSpawn MsgName = "execute_spawn" MsgLs MsgName = consts.ModuleLs MsgEnumDrivers = consts.ModuleEnumDrivers MsgNetstat MsgName = consts.ModuleNetstat MsgPs MsgName = consts.ModulePs MsgKill MsgName = consts.ModuleKill MsgBypass MsgName = consts.ModuleBypass MsgRegistryAdd MsgName = consts.ModuleRegAdd MsgServicesResponse MsgName = consts.ModuleServiceList MsgServiceResponse MsgName = consts.ModuleServiceQuery MsgTaskSchdsResponse MsgName = consts.ModuleTaskSchdList MsgTaskSchdResponse MsgName = consts.ModuleTaskSchdQuery MsgWmiQuery MsgName = consts.ModuleWmiQuery MsgWmiExecute MsgName = consts.ModuleWmiExec MsgKeyExchange MsgName = consts.ModuleKeyExchange MsgPty MsgName = consts.ModulePty MsgPtyRequest MsgName = consts.ModulePtyRequest MsgPtyResponse MsgName = consts.ModulePtyResponse )
func MessageType ¶
MessageType , parse response message
type OLLVMProfile ¶ added in v0.1.2
type PipelineParams ¶ added in v0.1.0
type PipelineParams struct {
Parser string `json:"parser,omitempty"`
WebPath string `json:"path,omitempty"`
Link string `json:"link,omitempty"`
Console string `json:"console,omitempty"`
Subscribe string `json:"subscribe,omitempty"`
Agents map[string]*clientpb.REMAgent `json:"agents,omitempty"`
Encryption EncryptionsConfig `json:"encryption,omitempty"`
Tls *TlsConfig `json:"tls,omitempty"`
Secure *SecureConfig `json:"secure,omitempty"`
// HTTP pipeline specific params
Headers map[string][]string `json:"headers,omitempty"`
ErrorPage string `json:"error_page,omitempty" gorm:"-"`
BodyPrefix string `json:"body_prefix,omitempty"`
BodySuffix string `json:"body_suffix,omitempty"`
}
func UnmarshalPipelineParams ¶ added in v0.1.2
func UnmarshalPipelineParams(params string) (*PipelineParams, error)
func (*PipelineParams) String ¶ added in v0.1.2
func (params *PipelineParams) String() string
type ProfileConfig ¶ added in v0.0.3
type ProfileConfig struct {
Basic *BasicProfile `yaml:"basic" json:"basic"`
Pulse *PulseProfile `yaml:"pulse" json:"pulse"`
Implant *ImplantProfile `yaml:"implants" json:"implants"`
Build *BuildProfile `yaml:"build" json:"build"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
func LoadProfile ¶ added in v0.0.3
func LoadProfile(content []byte) (*ProfileConfig, error)
func LoadProfileFromContent ¶ added in v0.1.2
func LoadProfileFromContent(content []byte) (*ProfileConfig, error)
LoadProfileFromContent 从文件加载Profile配置
func LoadProfileFromFile ¶ added in v0.1.2
func LoadProfileFromFile(filename string) (*ProfileConfig, error)
LoadProfileFromFile 从文件加载Profile配置
func (*ProfileConfig) Clone ¶ added in v0.1.2
func (p *ProfileConfig) Clone() (*ProfileConfig, error)
Clone 深拷贝ProfileConfig
func (*ProfileConfig) Merge ¶ added in v0.1.2
func (p *ProfileConfig) Merge(other *ProfileConfig)
Merge 合并另一个ProfileConfig的非空值
func (*ProfileConfig) SetDefaults ¶ added in v0.1.2
func (p *ProfileConfig) SetDefaults()
SetDefaults 设置默认值
func (*ProfileConfig) ToJSON ¶ added in v0.1.2
func (p *ProfileConfig) ToJSON() ([]byte, error)
ToJSON 将Profile配置转换为JSON格式
func (*ProfileConfig) ToYAML ¶ added in v0.1.2
func (p *ProfileConfig) ToYAML() ([]byte, error)
ToYAML 将Profile配置转换为YAML格式
func (*ProfileConfig) Validate ¶ added in v0.1.2
func (p *ProfileConfig) Validate() error
Validate 验证配置的有效性
func (*ProfileConfig) ValidateProfileFiles ¶ added in v0.1.2
func (p *ProfileConfig) ValidateProfileFiles(baseDir string) error
ValidateProfileFiles 验证 profile 中引用的文件是否存在于指定目录中
type ProfileParams ¶ added in v0.0.3
type ProfileParams struct {
Cron string `json:"cron"`
Jitter float64 `json:"jitter"`
Address string `json:"address"`
Proxy string `json:"proxy"`
OriginBeaconID uint32 `json:"origin_beacon_id"`
RelinkBeaconID uint32 `json:"relink_beacon_id"`
REMPipeline string `json:"rem"`
Enable3RD bool `json:"enable_3_rd"`
Modules string `json:"modules"`
AutoDownload bool `json:"auto_download"`
AutoRunFile string `json:"auto_run_file"`
}
func UnmarshalProfileParams ¶ added in v0.1.1
func UnmarshalProfileParams(params []byte) (*ProfileParams, error)
func (*ProfileParams) String ¶ added in v0.0.3
func (p *ProfileParams) String() string
type ProxyProfile ¶ added in v0.1.2
type PulseFlags ¶ added in v0.1.2
type PulseProfile ¶ added in v0.0.3
type PulseProfile struct {
Flags *PulseFlags `yaml:"flags" json:"flags"`
Encryption string `yaml:"encryption" json:"encryption"`
Key string `yaml:"key" json:"key"`
Target string `yaml:"target" json:"target"`
Protocol string `yaml:"protocol" json:"protocol"`
Http *HttpProfile `yaml:"http" json:"http"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type REMProfile ¶ added in v0.1.1
type REMProfile struct {
Link string `yaml:"link" json:"link"`
}
type SecureConfig ¶ added in v0.1.2
type SecureConfig struct {
Enable bool `json:"enable" config:"enable" default:"false"`
ServerPublicKey string `json:"server_public_key" config:"server_public_key"` // Age 服务端公钥
ServerPrivateKey string `json:"server_private_key" config:"server_private_key"` // Age 服务端私钥
ImplantPublicKey string `json:"implant_public_key" config:"implant_public_key"` // Age Implant公钥
ImplantPrivateKey string `json:"implant_private_key" config:"implant_private_key"` // Age Implant私钥
}
func FromSecure ¶ added in v0.1.2
func FromSecure(secure *clientpb.Secure) *SecureConfig
FromSecure 从 protobuf 转换为 SecureConfig
func (*SecureConfig) ExchangeKeyPair ¶ added in v0.1.2
func (secure *SecureConfig) ExchangeKeyPair() *clientpb.KeyPair
ExchangeKeyPair 返回用于密钥交换的密钥对(implant公钥 + server私钥)
func (*SecureConfig) ImplantKeypair ¶ added in v0.1.2
func (secure *SecureConfig) ImplantKeypair() *clientpb.KeyPair
ImplantKeypair 返回 Implant 密钥对的 protobuf 结构
func (*SecureConfig) ServerKeypair ¶ added in v0.1.2
func (secure *SecureConfig) ServerKeypair() *clientpb.KeyPair
ServerKeypair 返回服务端密钥对的 protobuf 结构
func (*SecureConfig) ToProtobuf ¶ added in v0.1.2
func (secure *SecureConfig) ToProtobuf() *clientpb.Secure
ToProtobuf 转换为 protobuf 结构
type SecureProfile ¶ added in v0.1.2
type SessionContext ¶ added in v0.1.0
type SessionContext struct {
*SessionInfo `json:",inline"`
Secure *implantpb.Secure `json:"secure"`
KeyPair *clientpb.KeyPair `json:"key_pair,omitempty"` // Age 密钥对
Modules []string `json:"modules"`
Addons []*implantpb.Addon `json:"addons"`
Argue map[string]string `json:"argue"` // 参数欺骗
Any map[string]interface{} `json:"any"`
}
func NewSessionContext ¶ added in v0.1.0
func NewSessionContext(req *clientpb.RegisterSession) *SessionContext
func RecoverSessionContext ¶ added in v0.1.0
func RecoverSessionContext(content string) (*SessionContext, error)
func (*SessionContext) Data ¶ added in v0.1.0
func (ctx *SessionContext) Data() map[string]interface{}
func (*SessionContext) GetAny ¶ added in v0.1.0
func (ctx *SessionContext) GetAny(id string) (interface{}, bool)
func (*SessionContext) IsSecureEnabled ¶ added in v0.1.2
func (ctx *SessionContext) IsSecureEnabled() bool
IsSecureEnabled 检查是否启用了安全模式
func (*SessionContext) Marshal ¶ added in v0.1.0
func (ctx *SessionContext) Marshal() string
func (*SessionContext) Update ¶ added in v0.1.0
func (ctx *SessionContext) Update(req *clientpb.RegisterSession)
type SessionInfo ¶ added in v0.1.0
type SessionInfo struct {
Os *implantpb.Os `json:"os"`
Process *implantpb.Process `json:"process"`
Expression string `json:"expression"`
Jitter float64 `json:"jitter"`
IsPrivilege bool `json:"is_privilege"`
Filepath string `json:"filepath"`
WorkDir string `json:"workdir"`
ProxyURL string `json:"proxy"`
Locale string `json:"locale"`
}
type TCPProfile ¶ added in v0.1.2
type TCPProfile struct {
}
type TLSProfile ¶ added in v0.1.1
type Target ¶ added in v0.1.2
type Target struct {
Address string `yaml:"address" json:"address"`
DomainSuffix string `yaml:"domain_suffix,omitempty" json:"domain_suffix,omitempty"`
Http *HttpProfile `yaml:"http,omitempty" json:"http,omitempty"`
TLS *TLSProfile `yaml:"tls,omitempty" json:"tls,omitempty"`
TCP *TCPProfile `yaml:"tcp,omitempty" json:"tcp,omitempty"`
REM *REMProfile `yaml:"rem,omitempty" json:"rem,omitempty"`
}
type TlsConfig ¶ added in v0.1.0
type TlsConfig struct {
Enable bool `json:"enable"`
Acme bool `json:"acme"`
Cert *CertConfig `json:"cert"`
CA *CertConfig `json:"ca"`
Domain string `json:"domain"`
Subject *pkix.Name `json:"subject"`
}
func (*TlsConfig) ToProtobuf ¶ added in v0.1.0
func (*TlsConfig) ToSubjectProtobuf ¶ added in v0.1.1
func (tls *TlsConfig) ToSubjectProtobuf() *clientpb.CertificateSubject
Source Files
Click to show internal directories.
Click to hide internal directories.