Documentation
¶
Index ¶
- type Boolean
- type CodeSigner
- type CommaSeparatedList
- type DNSBeacon
- type Data
- type Function
- type HTTPBeacon
- type HTTPConfig
- type HTTPGet
- type HTTPGetClient
- type HTTPPost
- type HTTPPostClient
- type HTTPSCertificate
- type HTTPServer
- type HTTPStager
- type HTTPStagerClient
- type Header
- type Parameter
- type PostEx
- type ProcessInject
- type Profile
- type SpaceSeparatedList
- type Stage
- type String
- type StringW
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Boolean ¶
type Boolean bool
NOTE: created because github.com/alecthomas/participle/v2 parses default bool type as true if something is found.
type CodeSigner ¶
type CodeSigner struct { Keystore string `parser:"( \"set\" \"keystore\" @String \";\""` Password string `parser:"| \"set\" \"password\" @String \";\""` Alias string `parser:"| \"set\" \"alias\" @String \";\""` DigestAlgorithm string `parser:"| \"set\" \"digest_algorithm\" @String \";\""` Timestamp Boolean `parser:"| \"set\" \"timestamp\" @String \";\""` TimestampURL string `parser:"| \"set\" \"timestamp_url\" @String \";\" )*"` }
func (CodeSigner) String ¶
func (b CodeSigner) String() string
type CommaSeparatedList ¶
type CommaSeparatedList []string
NOTE: default comma-separated string list parser and stringer, e.g. curl*,lynx*,wget*.
func (*CommaSeparatedList) Capture ¶
func (l *CommaSeparatedList) Capture(values []string) error
func (CommaSeparatedList) String ¶
func (l CommaSeparatedList) String() string
type DNSBeacon ¶
type DNSBeacon struct { Name string `parser:"@String? \"{\""` DNSIdle string `parser:"( \"set\" \"dns_idle\" @String \";\""` DNSMaxTXT int `parser:"| \"set\" \"dns_max_txt\" @String \";\""` DNSSleep int `parser:"| \"set\" \"dns_sleep\" @String \";\""` DNSTTL int `parser:"| \"set\" \"dns_ttl\" @String \";\""` MaxDNS int `parser:"| \"set\" \"maxdns\" @String \";\""` DNSStagerPrepend string `parser:"| \"set\" \"dns_stager_prepend\" @String \";\""` DNSStagerSubhost string `parser:"| \"set\" \"dns_stager_subhost\" @String \";\""` Beacon string `parser:"| \"set\" \"beacon\" @String \";\""` GetA string `parser:"| \"set\" \"get_A\" @String \";\""` GetAAAA string `parser:"| \"set\" \"get_AAAA\" @String \";\""` GetTXT string `parser:"| \"set\" \"get_TXT\" @String \";\""` PutMetadata string `parser:"| \"set\" \"put_metadata\" @String \";\""` PutOutput string `parser:"| \"set\" \"put_output\" @String \";\""` NSResponse string `parser:"| \"set\" \"ns_response\" @String \";\")* \"}\""` }
type Function ¶
NOTE: parser and stringer for function sequences, e.g. http-get output, transforms in post-ex, etc.
type HTTPBeacon ¶ added in v1.1.0
type HTTPBeacon struct { Name string `parser:"@String? \"{\""` Library string `parser:"( \"set\" \"library\" @String \";\")* \"}\""` }
func (HTTPBeacon) String ¶ added in v1.1.0
func (b HTTPBeacon) String() string
type HTTPConfig ¶
type HTTPConfig struct { HeadersOrder CommaSeparatedList `parser:"( \"set\" \"headers\" @String \";\""` Headers []Header `parser:"| \"header\" @@ \";\""` TrustXForwardedFor Boolean `parser:"| \"set\" \"trust_x_forwarded_for\" @String \";\""` BlockUserAgents CommaSeparatedList `parser:"| \"set\" \"block_useragents\" @String \";\""` AllowUserAgents CommaSeparatedList `parser:"| \"set\" \"allow_useragents\" @String \";\")*"` }
func (HTTPConfig) String ¶
func (b HTTPConfig) String() string
type HTTPGet ¶
type HTTPGet struct { Name string `parser:"@String? \"{\""` Verb string `parser:"( \"set\" \"verb\" @String \";\""` URI SpaceSeparatedList `parser:"| \"set\" \"uri\" @String \";\""` Client HTTPGetClient `parser:"| \"client\" \"{\" @@ \"}\""` Server HTTPServer `parser:"| \"server\" \"{\" @@ \"}\" )* \"}\""` }
type HTTPGetClient ¶
type HTTPGetClient struct { Headers []Header `parser:"( \"header\" @@ \";\""` Parameters []Parameter `parser:"| \"parameter\" @@ \";\""` Metadata []Function `parser:"| \"metadata\" \"{\" @@* \"}\" )*"` }
func (HTTPGetClient) String ¶
func (b HTTPGetClient) String() string
type HTTPPost ¶
type HTTPPost struct { Name string `parser:"@String? \"{\""` Verb string `parser:"( \"set\" \"verb\" @String \";\""` URI SpaceSeparatedList `parser:"| \"set\" \"uri\" @String \";\""` Client HTTPPostClient `parser:"| \"client\" \"{\" @@ \"}\""` Server HTTPServer `parser:"| \"server\" \"{\" @@ \"}\" )* \"}\""` }
type HTTPPostClient ¶
type HTTPPostClient struct { Headers []Header `parser:"( \"header\" @@ \";\""` Parameters []Parameter `parser:"| \"parameter\" @@ \";\""` Output []Function `parser:"| \"output\" \"{\" @@* \"}\""` ID []Function `parser:"| \"id\" \"{\" @@* \"}\" )*"` }
func (HTTPPostClient) String ¶
func (b HTTPPostClient) String() string
type HTTPSCertificate ¶
type HTTPSCertificate struct { Name string `parser:"@String? \"{\""` Keystore string `parser:"( \"set\" \"keystore\" @String \";\""` Password string `parser:"| \"set\" \"password\" @String \";\""` C string `parser:"| \"set\" \"C\" @String \";\""` CN string `parser:"| \"set\" \"CN\" @String \";\""` L string `parser:"| \"set\" \"L\" @String \";\""` O string `parser:"| \"set\" \"O\" @String \";\""` OU string `parser:"| \"set\" \"OU\" @String \";\""` ST string `parser:"| \"set\" \"ST\" @String \";\""` Validity int `parser:"| \"set\" \"validity\" @String \";\")* \"}\""` }
func (HTTPSCertificate) String ¶
func (b HTTPSCertificate) String() string
type HTTPServer ¶
type HTTPServer struct { Headers []Header `parser:"( \"header\" @@ \";\""` Output []Function `parser:"| \"output\" \"{\" @@* \"}\" )*"` }
func (HTTPServer) String ¶
func (b HTTPServer) String() string
type HTTPStager ¶
type HTTPStager struct { Name string `parser:"@String? \"{\""` URIx86 SpaceSeparatedList `parser:"( \"set\" \"uri_x86\" @String \";\""` URIx64 SpaceSeparatedList `parser:"| \"set\" \"uri_x64\" @String \";\""` Client HTTPStagerClient `parser:"| \"client\" \"{\" @@ \"}\""` Server HTTPServer `parser:"| \"server\" \"{\" @@ \"}\" )* \"}\""` }
func (HTTPStager) String ¶
func (b HTTPStager) String() string
type HTTPStagerClient ¶
type HTTPStagerClient struct { Headers []Header `parser:"( \"header\" @@ \";\""` Parameters []Parameter `parser:"| \"parameter\" @@ \";\" )*"` }
func (HTTPStagerClient) String ¶
func (b HTTPStagerClient) String() string
type Header ¶
NOTE: key-value type with "header" prefix, used for headers parsing and (mostly) stringer, e.g. header "Accept-Encoding" "gzip, deflate";.
type Parameter ¶
NOTE: key-value type with "parameter" prefix, used for parameters parsing and (mostly) stringer, e.g. parameter "param_name" "param_value";.
type PostEx ¶
type PostEx struct { SpawnToX86 string `parser:"( \"set\" \"spawnto_x86\" @String \";\""` SpawnToX64 string `parser:"| \"set\" \"spawnto_x64\" @String \";\""` Obfuscate Boolean `parser:"| \"set\" \"obfuscate\" @String \";\""` SmartInject Boolean `parser:"| \"set\" \"smartinject\" @String \";\""` AmsiDisable Boolean `parser:"| \"set\" \"amsi_disable\" @String \";\""` Cleanup Boolean `parser:"| \"set\" \"cleanup\" @String \";\""` ThreadHint string `parser:"| \"set\" \"thread_hint\" @String \";\""` PipeName string `parser:"| \"set\" \"pipename\" @String \";\""` Keylogger string `parser:"| \"set\" \"keylogger\" @String \";\""` TransformX86 []Function `parser:"| \"transform-x86\" \"{\" @@* \"}\""` TransformX64 []Function `parser:"| \"transform-x64\" \"{\" @@* \"}\" )*"` }
type ProcessInject ¶
type ProcessInject struct { Allocator string `parser:"( \"set\" \"allocator\" @String \";\""` BOFAllocator string `parser:"| \"set\" \"bof_allocator\" @String \";\""` BOFReuseMemory Boolean `parser:"| \"set\" \"bof_reuse_memory\" @String \";\""` MinAlloc int `parser:"| \"set\" \"min_alloc\" @String \";\""` UseRWX Boolean `parser:"| \"set\" \"userwx\" @String \";\""` StartRWX Boolean `parser:"| \"set\" \"startrwx\" @String \";\""` TransformX86 []Function `parser:"| \"transform-x86\" \"{\" @@* \"}\""` TransformX64 []Function `parser:"| \"transform-x64\" \"{\" @@* \"}\""` Execute []Function `parser:"| \"execute\" \"{\" @@* \"}\" )*"` }
func (ProcessInject) String ¶
func (b ProcessInject) String() string
type Profile ¶
type Profile struct { SampleName string `parser:"( \"set\" \"sample_name\" @String \";\""` SleepTime int `parser:"| \"set\" \"sleeptime\" @String \";\""` Jitter int `parser:"| \"set\" \"jitter\" @String \";\""` UserAgent string `parser:"| \"set\" \"useragent\" @String \";\""` DataJitter int `parser:"| \"set\" \"data_jitter\" @String \";\""` HostStage Boolean `parser:"| \"set\" \"host_stage\" @String \";\""` Pipename string `parser:"| \"set\" \"pipename\" @String \";\""` PipenameStager string `parser:"| \"set\" \"pipename_stager\" @String \";\""` SMBFrameHeader string `parser:"| \"set\" \"smb_frame_header\" @String \";\""` TCPPort int `parser:"| \"set\" \"tcp_port\" @String \";\""` TCPFrameHeader string `parser:"| \"set\" \"tcp_frame_header\" @String \";\""` SSHBanner string `parser:"| \"set\" \"ssh_banner\" @String \";\""` SSHPipename string `parser:"| \"set\" \"ssh_pipename\" @String \";\""` StealTokenAccessMask int `parser:"| \"set\" \"steal_token_access_mask\" @String \";\""` TasksMaxSize int `parser:"| \"set\" \"tasks_max_size\" @String \";\""` TasksProxyMaxSize int `parser:"| \"set\" \"tasks_proxy_max_size\" @String \";\""` TasksDNSProxyMaxSize int `parser:"| \"set\" \"tasks_dns_proxy_max_size\" @String \";\""` HeadersRemove CommaSeparatedList `parser:"| \"set\" \"headers_remove\" @String \";\""` DNSBeacon []DNSBeacon `parser:"| \"dns-beacon\" @@"` HTTPBeacon []HTTPBeacon `parser:"| \"http-beacon\" @@"` HTTPSCertificate []HTTPSCertificate `parser:"| \"https-certificate\" @@"` CodeSigner CodeSigner `parser:"| \"code-signer\" \"{\" @@ \"}\""` HTTPConfig HTTPConfig `parser:"| \"http-config\" \"{\" @@ \"}\""` HTTPGet []HTTPGet `parser:"| \"http-get\" @@"` HTTPPost []HTTPPost `parser:"| \"http-post\" @@"` HTTPStager []HTTPStager `parser:"| \"http-stager\" @@"` Stage Stage `parser:"| \"stage\" \"{\" @@ \"}\""` ProcessInject ProcessInject `parser:"| \"process-inject\" \"{\" @@ \"}\""` PostEx PostEx `parser:"| \"post-ex\" \"{\" @@ \"}\" )*"` }
type SpaceSeparatedList ¶ added in v1.1.0
type SpaceSeparatedList []string
NOTE: default space-separated string list parser and stringer, e.g. /jquery-3.3.1.min.js /jquery-1.3.3.7.min.js /someotherurl.
func (*SpaceSeparatedList) Capture ¶ added in v1.1.0
func (l *SpaceSeparatedList) Capture(values []string) error
func (SpaceSeparatedList) String ¶ added in v1.1.0
func (l SpaceSeparatedList) String() string
type Stage ¶
type Stage struct { Checksum int `parser:"( \"set\" \"checksum\" @String \";\""` CompileTime string `parser:"| \"set\" \"compile_time\" @String \";\""` EntryPoint int `parser:"| \"set\" \"entry_point\" @String \";\""` ImageSizeX86 int `parser:"| \"set\" \"image_size_x86\" @String \";\""` ImageSizeX64 int `parser:"| \"set\" \"image_size_x64\" @String \";\""` Name string `parser:"| \"set\" \"name\" @String \";\""` RichHeader string `parser:"| \"set\" \"rich_header\" @String \";\""` UseRWX Boolean `parser:"| \"set\" \"userwx\" @String \";\""` Cleanup Boolean `parser:"| \"set\" \"cleanup\" @String \";\""` SleepMask Boolean `parser:"| \"set\" \"sleep_mask\" @String \";\""` StompPE Boolean `parser:"| \"set\" \"stomppe\" @String \";\""` Obfuscate Boolean `parser:"| \"set\" \"obfuscate\" @String \";\""` Allocator string `parser:"| \"set\" \"allocator\" @String \";\""` MagicMZX86 string `parser:"| \"set\" \"magic_mz_x86\" @String \";\""` MagicMZX64 string `parser:"| \"set\" \"magic_mz_x64\" @String \";\""` MagicPE string `parser:"| \"set\" \"magic_pe\" @String \";\""` SmartInject Boolean `parser:"| \"set\" \"smartinject\" @String \";\""` ModuleX86 string `parser:"| \"set\" \"module_x86\" @String \";\""` ModuleX64 string `parser:"| \"set\" \"module_x64\" @String \";\""` SyscallMethod string `parser:"| \"set\" \"syscall_method\" @String \";\""` TransformX86 []Function `parser:"| \"transform-x86\" \"{\" @@* \"}\""` TransformX64 []Function `parser:"| \"transform-x64\" \"{\" @@* \"}\""` Data []Data `parser:"| \"data\" @String \";\""` Strings []String `parser:"| \"string\" @String \";\""` SwtringsW []StringW `parser:"| \"stringw\" @String \";\" )*"` }