Documentation
¶
Index ¶
- type APIPriorityConfig
- type APIsProfile
- type AllocatorProfile
- type AntiProfile
- type BasicProfile
- type BuildProfile
- type CertConfig
- type DGAProfile
- type EncryptionConfig
- type EncryptionsConfig
- type EvaderProfile
- type GuardrailProfile
- type HttpProfile
- type ImplantFlags
- type ImplantProfile
- type LoaderProfile
- type MTLSProfile
- type MetadataProfile
- type OLLVMProfile
- type PackItem
- type PipelineParams
- type ProfileConfig
- type ProfileParams
- type ProxyDllProfile
- type ProxyProfile
- type PulseFlags
- type PulseProfile
- type REMProfile
- type SecureConfig
- type SecureProfile
- type TCPProfile
- type TLSProfile
- type Target
- type TlsConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type APIPriorityConfig ¶
type APIsProfile ¶
type APIsProfile struct {
Level string `yaml:"level" json:"level"`
Priority map[string]*APIPriorityConfig `yaml:"priority" json:"priority"`
}
type AllocatorProfile ¶
type AntiProfile ¶
type BasicProfile ¶
type BasicProfile struct {
Name string `yaml:"name" json:"name"`
Proxy *ProxyProfile `yaml:"proxy" json:"proxy"`
Cron string `yaml:"cron" json:"cron"`
Jitter float64 `yaml:"jitter" json:"jitter"`
Keepalive bool `yaml:"keepalive" json:"keepalive"`
Retry int `yaml:"retry" json:"retry"`
MaxCycles int `yaml:"max_cycles" json:"max_cycles"`
Encryption string `yaml:"encryption" json:"encryption"`
Key string `yaml:"key" json:"key"`
Secure *SecureProfile `yaml:"secure" json:"secure"`
DGA *DGAProfile `yaml:"dga" json:"dga"`
Guardrail *GuardrailProfile `yaml:"guardrail" json:"guardrail"`
Targets []Target `yaml:"targets" json:"targets"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type BuildProfile ¶
type BuildProfile struct {
ZigBuild bool `yaml:"zigbuild" json:"zigbuild"`
Remap bool `yaml:"remap" json:"remap"`
Toolchain string `yaml:"toolchain" json:"toolchain"`
OLLVM *OLLVMProfile `yaml:"ollvm" json:"ollvm"`
Metadata *MetadataProfile `yaml:"metadata" json:"metadata"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type CertConfig ¶
type CertConfig struct {
Enable bool `json:"enable" yaml:"enable" config:"enable"`
Cert string `json:"cert" yaml:"cert" config:"cert"`
Key string `json:"key" yaml:"key" config:"key"`
}
func FromCert ¶
func FromCert(cert *clientpb.Cert) *CertConfig
func (*CertConfig) ToProtobuf ¶
func (cert *CertConfig) ToProtobuf() *clientpb.Cert
type DGAProfile ¶
type EncryptionConfig ¶
type EncryptionConfig struct {
Type string `json:"type" config:"type" yaml:"type"`
Key string `json:"key" config:"key" yaml:"key"`
}
func (*EncryptionConfig) ToProtobuf ¶
func (encryption *EncryptionConfig) ToProtobuf() *clientpb.Encryption
type EncryptionsConfig ¶
type EncryptionsConfig []*EncryptionConfig
func FromEncryptions ¶
func FromEncryptions(es []*clientpb.Encryption) EncryptionsConfig
func (EncryptionsConfig) Choice ¶
func (e EncryptionsConfig) Choice() *EncryptionConfig
func (EncryptionsConfig) ToProtobuf ¶
func (e EncryptionsConfig) ToProtobuf() []*clientpb.Encryption
type EvaderProfile ¶
type EvaderProfile struct {
AntiEmu bool `yaml:"anti_emu" json:"anti_emu"`
EtwPass bool `yaml:"etw_pass" json:"etw_pass"`
GodSpeed bool `yaml:"god_speed" json:"god_speed"`
SleepEncrypt bool `yaml:"sleep_encrypt" json:"sleep_encrypt"`
AntiForensic bool `yaml:"anti_forensic" json:"anti_forensic"`
CfgPatch bool `yaml:"cfg_patch" json:"cfg_patch"`
ApiUntangle bool `yaml:"api_untangle" json:"api_untangle"`
NormalApi bool `yaml:"normal_api" json:"normal_api"`
}
type GuardrailProfile ¶
type GuardrailProfile struct {
Enable bool `yaml:"enable" json:"enable"`
RequireAll bool `yaml:"require_all" json:"require_all"`
IPAddresses []string `yaml:"ip_addresses" json:"ip_addresses"`
Usernames []string `yaml:"usernames" json:"usernames"`
ServerNames []string `yaml:"server_names" json:"server_names"`
Domains []string `yaml:"domains" json:"domains"`
}
type HttpProfile ¶
type HttpProfile struct {
Method string `yaml:"method" json:"method"`
Path string `yaml:"path" json:"path"`
Host string `yaml:"host" json:"host"`
Version string `yaml:"version" json:"version"`
Headers map[string]string `yaml:"headers" json:"headers"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type ImplantFlags ¶
type ImplantProfile ¶
type ImplantProfile struct {
Runtime string `yaml:"runtime" json:"runtime"`
Mod string `yaml:"mod" json:"mod"`
RegisterInfo bool `yaml:"register_info" json:"register_info"`
HotLoad bool `yaml:"hot_load" json:"hot_load"`
Modules []string `yaml:"modules" json:"modules"`
Enable3rd bool `yaml:"enable_3rd" json:"enable_3rd"`
ThirdModules []string `yaml:"3rd_modules" json:"3rd_modules"`
Prelude string `yaml:"prelude" json:"prelude"`
Pack []PackItem `yaml:"pack" json:"pack"`
Flags *ImplantFlags `yaml:"flags" json:"flags"`
Anti *AntiProfile `yaml:"anti" json:"anti"`
APIs *APIsProfile `yaml:"apis" json:"apis"`
Allocator *AllocatorProfile `yaml:"allocator" json:"allocator"`
ThreadStackSpoofer bool `yaml:"thread_stack_spoofer" json:"thread_stack_spoofer"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type LoaderProfile ¶
type LoaderProfile struct {
Evader *EvaderProfile `yaml:"evader" json:"evader"`
ProxyDll *ProxyDllProfile `yaml:"proxydll" json:"proxydll"`
}
type MTLSProfile ¶
type MetadataProfile ¶
type MetadataProfile struct {
RemapPath string `yaml:"remap_path" json:"remap_path"`
Icon string `yaml:"icon" json:"icon"`
CompileTime string `yaml:"compile_time" json:"compile_time"`
FileVersion string `yaml:"file_version" json:"file_version"`
ProductVersion string `yaml:"product_version" json:"product_version"`
CompanyName string `yaml:"company_name" json:"company_name"`
ProductName string `yaml:"product_name" json:"product_name"`
OriginalFilename string `yaml:"original_filename" json:"original_filename"`
FileDescription string `yaml:"file_description" json:"file_description"`
InternalName string `yaml:"internal_name" json:"internal_name"`
RequireAdmin bool `yaml:"require_admin" json:"require_admin"`
RequireUAC bool `yaml:"require_uac" json:"require_uac"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type OLLVMProfile ¶
type PipelineParams ¶
type PipelineParams struct {
Parser string `json:"parser,omitempty"`
WebPath string `json:"path,omitempty"`
Link string `json:"link,omitempty"`
Console string `json:"console,omitempty"`
Subscribe string `json:"subscribe,omitempty"`
Agents map[string]*clientpb.REMAgent `json:"agents,omitempty"`
Encryption EncryptionsConfig `json:"encryption,omitempty"`
Tls *TlsConfig `json:"tls,omitempty"`
Secure *SecureConfig `json:"secure,omitempty"`
// HTTP pipeline specific params
Headers map[string][]string `json:"headers,omitempty"`
ErrorPage string `json:"error_page,omitempty" gorm:"-"`
BodyPrefix string `json:"body_prefix,omitempty"`
BodySuffix string `json:"body_suffix,omitempty"`
PacketLength int `json:"packet_length,omitempty" yaml:"packet_length,omitempty"`
}
func UnmarshalPipelineParams ¶
func UnmarshalPipelineParams(params string) (*PipelineParams, error)
func (*PipelineParams) String ¶
func (params *PipelineParams) String() string
type ProfileConfig ¶
type ProfileConfig struct {
Basic *BasicProfile `yaml:"basic" json:"basic"`
Pulse *PulseProfile `yaml:"pulse" json:"pulse"`
Implant *ImplantProfile `yaml:"implants" json:"implants"`
Build *BuildProfile `yaml:"build" json:"build"`
Loader *LoaderProfile `yaml:"loader" json:"loader"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
func LoadProfile ¶
func LoadProfile(content []byte) (*ProfileConfig, error)
func LoadProfileFromContent ¶
func LoadProfileFromContent(content []byte) (*ProfileConfig, error)
LoadProfileFromContent 从文件加载Profile配置
func (*ProfileConfig) ToJSON ¶
func (p *ProfileConfig) ToJSON() ([]byte, error)
ToJSON 将Profile配置转换为JSON格式
func (*ProfileConfig) ToYAML ¶
func (p *ProfileConfig) ToYAML() ([]byte, error)
ToYAML 将Profile配置转换为YAML格式
func (*ProfileConfig) ValidateProfileFiles ¶
func (p *ProfileConfig) ValidateProfileFiles(baseDir string) error
ValidateProfileFiles 验证 profile 中引用的文件是否存在于指定目录中
type ProfileParams ¶
type ProfileParams struct {
Cron string `json:"cron"`
Jitter float64 `json:"jitter"`
Address string `json:"address"`
Proxy string `json:"proxy"`
OriginBeaconID uint32 `json:"origin_beacon_id"`
RelinkBeaconID uint32 `json:"relink_beacon_id"`
REMPipeline string `json:"rem"`
Enable3RD bool `json:"enable_3_rd"`
Modules string `json:"modules"`
AutoDownload bool `json:"auto_download"`
AutoRunFile string `json:"auto_run_file"`
}
func UnmarshalProfileParams ¶
func UnmarshalProfileParams(params []byte) (*ProfileParams, error)
func (*ProfileParams) String ¶
func (p *ProfileParams) String() string
type ProxyDllProfile ¶
type ProxyDllProfile struct {
ProxyFunc string `yaml:"proxyfunc" json:"proxyfunc"`
RawDll string `yaml:"raw_dll" json:"raw_dll"`
ProxiedDll string `yaml:"proxied_dll" json:"proxied_dll"`
ProxyDll string `yaml:"proxy_dll" json:"proxy_dll"`
PackResources bool `yaml:"pack_resources" json:"pack_resources"`
Block bool `yaml:"block" json:"block"`
HijackDllmain bool `yaml:"hijack_dllmain" json:"hijack_dllmain"`
}
type ProxyProfile ¶
type PulseFlags ¶
type PulseProfile ¶
type PulseProfile struct {
Flags *PulseFlags `yaml:"flags" json:"flags"`
Encryption string `yaml:"encryption" json:"encryption"`
Key string `yaml:"key" json:"key"`
Target string `yaml:"target" json:"target"`
Protocol string `yaml:"protocol" json:"protocol"`
Http *HttpProfile `yaml:"http" json:"http"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type REMProfile ¶
type REMProfile struct {
Link string `yaml:"link" json:"link"`
}
type SecureConfig ¶
type SecureConfig struct {
Enable bool `json:"enable" config:"enable" default:"false" yaml:"enable"`
ServerPublicKey string `json:"server_public_key" config:"server_public_key" yaml:"server_public_key"` // Age 服务端公钥
ServerPrivateKey string `json:"server_private_key" config:"server_private_key" yaml:"server_private_key"` // Age 服务端私钥
ImplantPublicKey string `json:"implant_public_key" config:"implant_public_key" yaml:"implant_public_key"` // Age Implant公钥
ImplantPrivateKey string `json:"implant_private_key" config:"implant_private_key" yaml:"implant_private_key"` // Age Implant私钥
}
func FromSecure ¶
func FromSecure(secure *clientpb.Secure) *SecureConfig
FromSecure 从 protobuf 转换为 SecureConfig
func (*SecureConfig) ImplantKeypair ¶
func (secure *SecureConfig) ImplantKeypair() *clientpb.KeyPair
ImplantKeypair 返回 Implant 密钥对的 protobuf 结构
func (*SecureConfig) ServerKeypair ¶
func (secure *SecureConfig) ServerKeypair() *clientpb.KeyPair
ServerKeypair 返回服务端密钥对的 protobuf 结构
func (*SecureConfig) ToProtobuf ¶
func (secure *SecureConfig) ToProtobuf() *clientpb.Secure
ToProtobuf 转换为 protobuf 结构
type SecureProfile ¶
type TCPProfile ¶
type TCPProfile struct {
}
type TLSProfile ¶
type TLSProfile struct {
Enable bool `yaml:"enable" json:"enable"`
SNI string `yaml:"sni" json:"sni"`
SkipVerification bool `yaml:"skip_verification" json:"skip_verification"`
ServerCA string `yaml:"server_ca,omitempty" json:"server_ca,omitempty"`
MTLS *MTLSProfile `yaml:"mtls,omitempty" json:"mtls,omitempty"`
Extras map[string]interface{} `yaml:",inline" json:",inline"`
}
type Target ¶
type Target struct {
Address string `yaml:"address" json:"address"`
DomainSuffix string `yaml:"domain_suffix,omitempty" json:"domain_suffix,omitempty"`
Http *HttpProfile `yaml:"http,omitempty" json:"http,omitempty"`
TLS *TLSProfile `yaml:"tls,omitempty" json:"tls,omitempty"`
TCP *TCPProfile `yaml:"tcp,omitempty" json:"tcp,omitempty"`
REM *REMProfile `yaml:"rem,omitempty" json:"rem,omitempty"`
}
type TlsConfig ¶
type TlsConfig struct {
Enable bool `json:"enable"`
MTLS bool `json:"mtls"`
Acme bool `json:"acme"`
Cert *CertConfig `json:"cert"`
CA *CertConfig `json:"ca"`
Domain string `json:"domain"`
Subject *pkix.Name `json:"subject"`
}
func (*TlsConfig) ToProtobuf ¶
func (*TlsConfig) ToSubjectProtobuf ¶
func (tls *TlsConfig) ToSubjectProtobuf() *clientpb.CertificateSubject
Source Files
Click to show internal directories.
Click to hide internal directories.