output

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2026 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CallbackOutput      = 0
	CallbackFile        = 0x02
	CallbackFileWrite   = 0x08
	CallbackFileClose   = 0x09
	CallbackScreenshot  = 0x03
	CallbackError       = 0x0d
	CallbackOutputOem   = 0x1e
	CallbackOutputUtf8  = 0x20
	CallbackSystemError = 0x4d
)

Variables

View Source 
var (
	UserPassCredential = "user/pass"
	NtlmCredential     = "user/ntlm"
	TOKENCredential    = "token"
	CERTCredential     = "cert"
)
View Source 
var (
	GOGOPortType = "gogo"
)
View Source 
var SupportedFormats = Formatter{
	consts.FormatExecutable: {
		Extension: ".exe", Desc: "executable format", Converter: func(data []byte) []byte { return data },
	},
	consts.FormatRaw: {
		Extension: ".bin", Desc: "raw binary format", Converter: func(data []byte) []byte { return data },
	},
	consts.FormatC: {
		Extension: ".c", Desc: "C language format", Converter: toC,
	},
	consts.FormatCSharp: {
		Extension: ".cs", Desc: "C# language format", Converter: toCSharp,
	},
	consts.FormatJava: {
		Extension: ".java", Desc: "Java language format", Converter: toJava,
	},
	consts.FormatGolang: {
		Extension: ".go", Desc: "Go language format", Converter: toGo,
	},
	consts.FormatPython: {
		Extension: ".py", Desc: "Python language format", Converter: toPython,
	},
	consts.FormatPerl: {
		Extension: ".pl", Desc: "Perl language format", Converter: toPerl,
	},
	consts.FormatRuby: {
		Extension: ".rb", Desc: "Ruby language format", Converter: toRuby,
	},
	consts.FormatBash: {
		Extension: ".sh", Desc: "Bash script format", Converter: toBash,
	},
	consts.FormatPowerShell: {
		Extension: ".ps1", Desc: "PowerShell script format", Converter: toPowerShell,
	},
	consts.FormatHexOneLine: {
		Extension: ".hex", Desc: "hexadecimal oneline format", Converter: toHexOneLine,
	},
	consts.FormatHexMultiLine: {
		Extension: ".hex", Desc: "hexadecimal multiline format", Converter: toHexMultiLine,
	},
	consts.FormatNum: {
		Extension: ".txt", Desc: "numeric format", Converter: toNum,
	},
	consts.FormatDword: {
		Extension: ".txt", Desc: "dword format", Converter: toDword,
	},
	consts.FormatJavaScriptBE: {
		Extension: ".js", Desc: "JavaScript big-endian format", Converter: func(data []byte) []byte { return toJavaScript(data, true) },
	},
	consts.FormatJavaScriptLE: {
		Extension: ".js", Desc: "JavaScript little-endian format", Converter: func(data []byte) []byte { return toJavaScript(data, false) },
	},
	consts.FormatVBScript: {
		Extension: ".vbs", Desc: "VBScript format", Converter: toVBScript,
	},
	consts.FormatVBApplication: {
		Extension: ".vba", Desc: "VBA application format", Converter: toVBApplication,
	},
	consts.FormatPowerShellRemote: {
		Extension: ".ps1", Desc: "Execute ShellCode By PowerShell",
		SupportRemote: true,
		Converter:     toPowershellRemote,
		Usage:         PowershellRemoteUsage,
	},
	consts.FormatCurlRemote: {
		Extension: ".bash", Desc: "Execute ELF by curl",
		SupportRemote: true,
		Converter:     toShRemote,
		Usage:         CurlRemoteUsage,
	},
	consts.FormatWgetRemote: {
		Extension: ".bash", Desc: "Execute ELF by wget",
		SupportRemote: true,
		Converter:     toShRemote,
		Usage:         WgetRemoteUsage,
	},
}

Functions

func AsContext 

func AsContext[T Context](ctx Context) (T, error)

AsContext 将Context接口转换为具体的实现类型

func AsContexts 

func AsContexts[T Context](ctxs []Context) ([]T, error)

func CurlRemoteUsage added in v0.3.0 

func CurlRemoteUsage(url string) string

func Decode added in v0.3.0 

func Decode(encode string) (string, error)

func Encode added in v0.3.0 

func Encode(s string) string

func EncodeFormat added in v0.3.0 

func EncodeFormat(name, format string) string

func FormatArrayResponse 

func FormatArrayResponse(ctx *clientpb.TaskContext) (string, error)

func FormatCommonBody added in v0.3.0 

func FormatCommonBody(ctx *clientpb.TaskContext) (string, error)

FormatCommonBody renders CommonBody content as a readable string.

func FormatKVResponse 

func FormatKVResponse(ctx *clientpb.TaskContext) (string, error)

func GetFormatsWithDescriptions added in v0.3.0 

func GetFormatsWithDescriptions() map[string]string

GetFormatsWithDescriptions returns a map of format names to descriptions

func IsSupportedRemote added in v0.3.0 

func IsSupportedRemote(format string) bool

func MapJoin 

func MapJoin(m map[string]string) string

func MarshalContext 

func MarshalContext(ctx Context) []byte

func NewBinary 

func NewBinary(module string, path string, args []string, output bool, timeout uint32, arch string, process string, sac *implantpb.SacrificeProcess) (*implantpb.ExecuteBinary, error)

func NewBinaryData 

func NewBinaryData(module string, path string, data string, output bool, timeout uint32, arch string, process string, sac *implantpb.SacrificeProcess) (*implantpb.ExecuteBinary, error)

func NewExecutable 

func NewExecutable(module string, path string, args []string, arch string, output bool, sac *implantpb.SacrificeProcess) (*implantpb.ExecuteBinary, error)

func NewSacrifice 

func NewSacrifice(ppid uint32, hidden, block_dll, disable_etw bool, argue string) *implantpb.SacrificeProcess

func ParseArrayResponse 

func ParseArrayResponse(ctx *clientpb.TaskContext) (interface{}, error)

func ParseBOFResponse 

func ParseBOFResponse(ctx *clientpb.TaskContext) (interface{}, error)

func ParseBinaryResponse 

func ParseBinaryResponse(ctx *clientpb.TaskContext) (interface{}, error)

func ParseCommonBody added in v0.3.0 

func ParseCommonBody(ctx *clientpb.TaskContext) (interface{}, error)

ParseCommonBody returns the CommonBody attached to the spite, if any.

func ParseExecResponse 

func ParseExecResponse(ctx *clientpb.TaskContext) (interface{}, error)

func ParseKVResponse 

func ParseKVResponse(ctx *clientpb.TaskContext) (interface{}, error)

func ParseResponse 

func ParseResponse(ctx *clientpb.TaskContext) (interface{}, error)

func ParseStatus 

func ParseStatus(ctx *clientpb.TaskContext) (interface{}, error)

func PowershellRemoteUsage added in v0.3.0 

func PowershellRemoteUsage(powershellURL string) string

func ToContext 

func ToContext[T Context](ctx *clientpb.Context) (T, error)

func ToContexts 

func ToContexts[T Context](ctxs []*clientpb.Context) ([]T, error)

func WgetRemoteUsage added in v0.3.0 

func WgetRemoteUsage(url string) string

Types

type BOFResponse 

type BOFResponse struct {
	CallbackType uint8
	OutputType   uint8
	Length       uint32
	Data         []byte
}

type BOFResponses 

type BOFResponses []*BOFResponse

func (BOFResponses) String 

func (bofResps BOFResponses) String() string

type Context 

type Context interface {
	Type() string
	// Marshal 返回用于存储到数据库的序列化数据,忽略大型二进制数据
	Marshal() []byte
	// String 返回context的简要描述
	String() string
}

func ParseContext 

func ParseContext(typ string, content []byte) (Context, error)

type Contexts 

type Contexts []Context

func (Contexts) String 

func (ctxs Contexts) String() string

type CredentialContext 

type CredentialContext struct {
	CredentialType string            `json:"type"`
	Target         string            `json:"target"`
	Params         map[string]string `json:"params"`
}

func NewCredential 

func NewCredential(content []byte) (*CredentialContext, error)

func ParseMimikatz added in v0.1.1 

func ParseMimikatz(content []byte) ([]*CredentialContext, error)

ParseMimikatz parses mimikatz sekurlsa::logonpasswords output

func ParseZombie 

func ParseZombie(content []byte) ([]*CredentialContext, error)

func (*CredentialContext) Marshal 

func (c *CredentialContext) Marshal() []byte

func (*CredentialContext) String 

func (c *CredentialContext) String() string

func (*CredentialContext) Type 

func (c *CredentialContext) Type() string

type DownloadContext 

type DownloadContext struct {
	*FileDescriptor `json:",inline"`
	Content         []byte
}

func NewDownloadContext 

func NewDownloadContext(content []byte) (*DownloadContext, error)

func (*DownloadContext) Marshal 

func (d *DownloadContext) Marshal() []byte

func (*DownloadContext) String 

func (d *DownloadContext) String() string

func (*DownloadContext) Type 

func (d *DownloadContext) Type() string

type FileDescriptor 

type FileDescriptor struct {
	Name       string `json:"name"`
	TargetPath string `json:"target_path"`
	FilePath   string `json:"filepath"`
	Size       int64  `json:"size"`
	Checksum   string `json:"checksum"`
	Abstract   string `json:"abstract"`
}

func (*FileDescriptor) Marshal 

func (file *FileDescriptor) Marshal() (string, error)

type FormatInfo added in v0.3.0 

type FormatInfo struct {
	Extension     string
	Desc          string
	Converter     func([]byte) []byte
	SupportRemote bool
	Usage         func(string) string
}

type FormatResult added in v0.3.0 

type FormatResult struct {
	Data      []byte
	Extension string
}

func Convert added in v0.3.0 

func Convert(data []byte, format string) (*FormatResult, error)

type Formatter added in v0.3.0 

type Formatter map[string]*FormatInfo

func (Formatter) Convert added in v0.3.0 

func (formatter Formatter) Convert(data []byte, format string) (*FormatResult, error)

Convert converts raw shellcode bytes to the specified format

type KeyLoggerContext 

type KeyLoggerContext struct {
	*FileDescriptor `json:",inline"`
	Content         []byte
}

func NewKeyLogger 

func NewKeyLogger(content []byte) (*KeyLoggerContext, error)

func ParseKeylogger added in v0.3.0 

func ParseKeylogger(content []byte) (*KeyLoggerContext, error)

func (*KeyLoggerContext) Marshal 

func (k *KeyLoggerContext) Marshal() []byte

func (*KeyLoggerContext) String 

func (k *KeyLoggerContext) String() string

func (*KeyLoggerContext) Type 

func (k *KeyLoggerContext) Type() string

type MediaContext added in v0.3.0 

type MediaContext struct {
	*FileDescriptor `json:",inline"`
	Identifier      string `json:"identifier"`
	MediaKind       string `json:"media_kind"`
	Content         []byte `json:"-"`
}

func NewMediaContext added in v0.3.0 

func NewMediaContext(content []byte) (*MediaContext, error)

func (*MediaContext) Marshal added in v0.3.0 

func (m *MediaContext) Marshal() []byte

func (*MediaContext) String added in v0.3.0 

func (m *MediaContext) String() string

func (*MediaContext) Type added in v0.3.0 

func (m *MediaContext) Type() string

type PivotingContext 

type PivotingContext struct {
	Enable      bool   `json:"enable"`
	Listener    string `json:"listener_id"`
	ListenerIP  string `json:"listener_ip"`
	Pipeline    string `json:"pipeline_id"`
	RemAgentID  string `json:"id"`
	LocalURL    string `json:"local"`
	RemoteURL   string `json:"remote"`
	InboundSide string `json:"inbound_side"`
	CreatedAt   int64  `json:"created_at,omitempty"`
}

func NewPivoting 

func NewPivoting(content []byte) (*PivotingContext, error)

func NewPivotingWithRem 

func NewPivotingWithRem(agent *clientpb.REMAgent, pipe *clientpb.Pipeline) *PivotingContext

func (*PivotingContext) Abstract 

func (p *PivotingContext) Abstract() string

func (*PivotingContext) Marshal 

func (p *PivotingContext) Marshal() []byte

func (*PivotingContext) String 

func (p *PivotingContext) String() string

func (*PivotingContext) ToRemAgent 

func (p *PivotingContext) ToRemAgent() *clientpb.REMAgent

func (*PivotingContext) Type 

func (p *PivotingContext) Type() string

type Port 

type Port struct {
	Ip       string `json:"ip"`
	Port     string `json:"port"`
	Protocol string `json:"protocol"`
	Status   string `json:"status"`
}

type PortContext 

type PortContext struct {
	Ports   []*Port     `json:"ports"`
	Extends interface{} `json:"extend"`
}

func NewPortContext 

func NewPortContext(content []byte) (*PortContext, error)

func ParseGOGO 

func ParseGOGO(content []byte) (*PortContext, error)

func (*PortContext) GogoData 

func (p *PortContext) GogoData() (*parsers.GOGOData, bool)

func (*PortContext) Marshal 

func (p *PortContext) Marshal() []byte

func (*PortContext) String 

func (p *PortContext) String() string

func (*PortContext) Type 

func (p *PortContext) Type() string

type ScreenShotContext 

type ScreenShotContext struct {
	*FileDescriptor `json:",inline"`
	Content         []byte
}

func NewScreenShot 

func NewScreenShot(content []byte) (*ScreenShotContext, error)

func (*ScreenShotContext) Marshal 

func (s *ScreenShotContext) Marshal() []byte

func (*ScreenShotContext) String 

func (s *ScreenShotContext) String() string

func (*ScreenShotContext) Type 

func (s *ScreenShotContext) Type() string

type UploadContext 

type UploadContext struct {
	*FileDescriptor `json:",inline"`
	Content         []byte
}

func NewUploadContext 

func NewUploadContext(content []byte) (*UploadContext, error)

func (*UploadContext) Marshal 

func (u *UploadContext) Marshal() []byte

func (*UploadContext) String 

func (u *UploadContext) String() string

func (*UploadContext) Type 

func (u *UploadContext) Type() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.