agentstructs

package
v1.4.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2024 License: BSD-3-Clause Imports: 15 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	SUPPORTED_OS_MACOS    = "macOS"
	SUPPORTED_OS_WINDOWS  = "Windows"
	SUPPORTED_OS_LINUX    = "Linux"
	SUPPORTED_OS_CHROME   = "Chrome"
	SUPPORTED_OS_WEBSHELL = "WebShell"
)
View Source 
const (
	AgentTypeAgent          AgentType = "agent"
	AgentTypeWrapper                  = "wrapper"
	AgentTypeService                  = "service"
	AgentTypeCommandAugment           = "command_augment"
)
View Source 
const (
	BUILD_PARAMETER_TYPE_STRING            BuildParameterType = "String"
	BUILD_PARAMETER_TYPE_BOOLEAN                              = "Boolean"
	BUILD_PARAMETER_TYPE_CHOOSE_ONE                           = "ChooseOne"
	BUILD_PARAMETER_TYPE_CHOOSE_ONE_CUSTOM                    = "ChooseOneCustom"
	BUILD_PARAMETER_TYPE_CHOOSE_MULTIPLE                      = "ChooseMultiple"
	BUILD_PARAMETER_TYPE_DATE                                 = "Date"
	BUILD_PARAMETER_TYPE_DICTIONARY                           = "Dictionary"
	BUILD_PARAMETER_TYPE_ARRAY                                = "Array"
	BUILD_PARAMETER_TYPE_NUMBER                               = "Number"
	BUILD_PARAMETER_TYPE_FILE                                 = "File"
	BUILD_PARAMETER_TYPE_FILE_MULTIPLE                        = "FileMultiple"
	BUILD_PARAMETER_TYPE_TYPED_ARRAY                          = "TypedArray"
)
View Source 
const (
	COMMAND_PARAMETER_TYPE_STRING            CommandParameterType = "String"
	COMMAND_PARAMETER_TYPE_BOOLEAN                                = "Boolean"
	COMMAND_PARAMETER_TYPE_CHOOSE_ONE                             = "ChooseOne"
	COMMAND_PARAMETER_TYPE_CHOOSE_ONE_CUSTOM                      = "ChooseOneCustom"
	COMMAND_PARAMETER_TYPE_CHOOSE_MULTIPLE                        = "ChooseMultiple"
	COMMAND_PARAMETER_TYPE_FILE                                   = "File"
	COMMAND_PARAMETER_TYPE_FILE_MULTIPLE                          = "FileMultiple"
	COMMAND_PARAMETER_TYPE_ARRAY                                  = "Array"
	COMMAND_PARAMETER_TYPE_CREDENTIAL                             = "CredentialJson"
	COMMAND_PARAMETER_TYPE_NUMBER                                 = "Number"
	COMMAND_PARAMETER_TYPE_PAYLOAD_LIST                           = "PayloadList"
	COMMAND_PARAMETER_TYPE_CONNECTION_INFO                        = "AgentConnect"
	COMMAND_PARAMETER_TYPE_LINK_INFO                              = "LinkInfo"
	COMMAND_PARAMETER_TYPE_TYPED_ARRAY                            = "TypedArray"
)
View Source 
const (
	PT_TASK_FUNCTION_STATUS_OPSEC_PRE                        PT_TASK_FUNCTION_STATUS = "OPSEC Pre Check Running..."
	PT_TASK_FUNCTION_STATUS_OPSEC_PRE_ERROR                                          = "Error: opsec check - check task stdout/stderr"
	PT_TASK_FUNCTION_STATUS_OPSEC_PRE_BLOCKED                                        = "OPSEC Pre Blocked"
	PT_TASK_FUNCTION_STATUS_PREPROCESSING                                            = "creating task..."
	PT_TASK_FUNCTION_STATUS_PREPROCESSING_ERROR                                      = "Error: creating task - check task stdout/stderr"
	PT_TASK_FUNCTION_STATUS_OPSEC_POST                                               = "OPSEC Post Check Running..."
	PT_TASK_FUNCTION_STATUS_OPSEC_POST_ERROR                                         = "Error: opsec check - check task stdout/stderr"
	PT_TASK_FUNCTION_STATUS_OPSEC_POST_BLOCKED                                       = "OPSEC Post Blocked"
	PT_TASK_FUNCTION_STATUS_SUBMITTED                                                = "submitted"
	PT_TASK_FUNCTION_STATUS_PROCESSING                                               = "agent processing"
	PT_TASK_FUNCTION_STATUS_DELEGATING                                               = "delegating tasks..."
	PT_TASK_FUNCTION_STATUS_COMPLETION_FUNCTION                                      = "Completion Function Running..."
	PT_TASK_FUNCTION_STATUS_COMPLETION_FUNCTION_ERROR                                = "Error: completion function - check task stdout/stderr"
	PT_TASK_FUNCTION_STATUS_SUBTASK_COMPLETED_FUNCTION                               = "SubTask Completion Function Running..."
	PT_TASK_FUNCTION_STATUS_SUBTASK_COMPLETED_FUNCTION_ERROR                         = "Error: subtask completion function - check task stdout/stderr"
	PT_TASK_FUNCTION_STATUS_GROUP_COMPLETED_FUNCTION                                 = "Group Completion Function Running..."
	PT_TASK_FUNCTION_STATUS_GROUP_COMPLETED_FUNCTION_ERROR                           = "Error: group completion function - check task stdout/stderr"
	PT_TASK_FUNCTION_STATUS_COMPLETED                                                = "completed"
	PT_TASK_FUNCTION_STATUS_PROCESSED                                                = "processed, waiting for more messages..."
)
View Source 
const (
	OPSEC_ROLE_LEAD           OPSEC_ROLE = "lead"
	OPSEC_ROLE_OPERATOR                  = "operator"
	OPSEC_ROLE_OTHER_OPERATOR            = "other_operator"
)

Variables

View Source 
var (
	AllPayloadData containerPayloadData
)

Functions

func RunCommand 

func RunCommand(command string, arguments string, cwd string) (stdout []byte, stderr []byte, err error)

func RunShellCommand 

func RunShellCommand(arguments string, cwd string) (stdout []byte, stderr []byte, err error)

Types

type AgentType added in v1.4.0 

type AgentType string

type BrowserScript 

type BrowserScript struct {
	ScriptPath     string `json:"-"`
	Author         string `json:"author"`
	ScriptContents string `json:"script"`
}

type BuildParameter 

type BuildParameter struct {
	// Name - the name of the build parameter for use during the Payload Type's build function
	Name string `json:"name"`
	// Description - the description of the build parameter to be presented to the user during build
	Description string `json:"description"`
	// Required - indicate if this requires the user to supply a value or not
	Required bool `json:"required"`
	// VerifierRegex - if the user is supplying text and it needs to match a specific pattern, specify a regex pattern here and the UI will indicate to the user if the value is valid or not
	VerifierRegex string `json:"verifier_regex"`
	// DefaultValue - A default value to show the user when building in the Mythic UI. The type here depends on the Parameter Type - ex: for a String, supply a string. For an array, provide an array
	DefaultValue interface{} `json:"default_value"`
	// ParameterType - The type of parameter this is so that the UI can properly render components for the user to modify
	ParameterType BuildParameterType `json:"parameter_type"`
	// FormatString - If Randomize is true, this regex format string is used to generate a value when presenting the option to the user
	FormatString string `json:"format_string"`
	// Randomize - Should this value be randomized each time it's shown to the user so that each payload has a different value
	Randomize bool `json:"randomize"`
	// IsCryptoType -If this is True, then the value supplied by the user is for determining the _kind_ of crypto keys to generate (if any) and the resulting stored value in the database is a dictionary composed of the user's selected and an enc_key and dec_key value
	IsCryptoType bool `json:"crypto_type"`
	// Choices - If the ParameterType is ChooseOne or ChooseMultiple, then the options presented to the user are here.
	Choices []string `json:"choices"`
	// DictionaryChoices - if the ParameterType is Dictionary, then the dictionary choices/preconfigured data is set here
	DictionaryChoices []BuildParameterDictionary `json:"dictionary_choices"`
}

BuildParameter - A structure defining the metadata about a build parameter for the user to select when building a payload.

type BuildParameterDictionary 

type BuildParameterDictionary C2ParameterDictionary

type BuildParameterType 

type BuildParameterType = string

type BuildParameters added in v1.3.7 

type BuildParameters struct {
	Parameters map[string]interface{} `json:"build_parameters" mapstructure:"build_parameters"`
}

func (*BuildParameters) GetArg added in v1.3.7 

func (arg *BuildParameters) GetArg(name string) (interface{}, error)

func (*BuildParameters) GetArgNames added in v1.3.7 

func (arg *BuildParameters) GetArgNames() []string

func (*BuildParameters) GetArrayArg added in v1.3.7 

func (arg *BuildParameters) GetArrayArg(name string) ([]string, error)

func (*BuildParameters) GetBooleanArg added in v1.3.7 

func (arg *BuildParameters) GetBooleanArg(name string) (bool, error)

func (*BuildParameters) GetChooseMultipleArg added in v1.3.7 

func (arg *BuildParameters) GetChooseMultipleArg(name string) ([]string, error)

func (*BuildParameters) GetChooseOneArg added in v1.3.7 

func (arg *BuildParameters) GetChooseOneArg(name string) (string, error)

func (*BuildParameters) GetChooseOneCustomArg added in v1.4.0 

func (arg *BuildParameters) GetChooseOneCustomArg(name string) (string, error)

func (*BuildParameters) GetCryptoArg added in v1.3.7 

func (arg *BuildParameters) GetCryptoArg(name string) (CryptoArg, error)

func (*BuildParameters) GetDateArg added in v1.3.7 

func (arg *BuildParameters) GetDateArg(name string) (string, error)

func (*BuildParameters) GetDictionaryArg added in v1.3.7 

func (arg *BuildParameters) GetDictionaryArg(name string) (map[string]string, error)

func (*BuildParameters) GetFileArg added in v1.3.7 

func (arg *BuildParameters) GetFileArg(name string) (string, error)

func (*BuildParameters) GetFileMultipleArg added in v1.4.0 

func (arg *BuildParameters) GetFileMultipleArg(name string) ([]string, error)

func (*BuildParameters) GetNumberArg added in v1.3.7 

func (arg *BuildParameters) GetNumberArg(name string) (float64, error)

func (*BuildParameters) GetStringArg added in v1.3.7 

func (arg *BuildParameters) GetStringArg(name string) (string, error)

func (*BuildParameters) GetTypedArrayArg added in v1.3.7 

func (arg *BuildParameters) GetTypedArrayArg(name string) ([][]string, error)

type BuildStep 

type BuildStep struct {
	Name        string `json:"step_name"`
	Description string `json:"step_description"`
}

BuildStep - Identification of a step in the build process that's shown to the user to eventually collect start/end time as well as stdout/stderr per step

type C2ParameterDictionary 

type C2ParameterDictionary struct {
	Name         string `json:"name"`
	DefaultValue string `json:"default_value"`
	DefaultShow  bool   `json:"default_show"`
}

type C2ProfileInfo added in v1.0.8 

type C2ProfileInfo struct {
	Name       string                 `json:"name" mapstructure:"name"`
	Parameters map[string]interface{} `json:"parameters" mapstructure:"parameters"`
}

type Command 

type Command struct {
	// Name - the name of the command as the user would type it
	Name string `json:"name"`
	// NeedsAdminPermissions - Does the command need elevated permissions to execute?
	NeedsAdminPermissions bool `json:"needs_admin_permissions"`
	// HelpString - When the user types 'help', what short help would you provide?
	HelpString string `json:"help_string"`
	// Description - A description of what the command does that appears in the tasking modal as well as when the user is selecting commands to include in their payload
	Description string `json:"description"`
	// Version - What version of this command is this? The version is tracked overall and per-load within a Payload and Callback. This makes it easier to see if a callback or payload has an outdated version of a command.
	Version uint32 `json:"version"`
	// SupportedUIFeatures - The list of UI features that the command supports such as 'callback_table:exit` or `file_browser:list`.
	/*
		The most common of these features can be found on the Mythic documentation website, but you can make your own custom ones as well.
		When you want to do browser scripting and support issuing a task with a button click, that task is identified based on the supported_ui_features you supply here.
		There's no required format, but typically they're in the form of `general:specific`, so maybe `registry:write` or `clipboard:set`.
	*/
	SupportedUIFeatures []string `json:"supported_ui_features"`
	// Author - the author(s) of this command
	Author string `json:"author"`
	// MitreAttackMappings - A list of MITRE Technique IDs (ex: T1033) that this command maps to
	MitreAttackMappings []string `json:"attack"`
	// ScriptOnlyCommand - Is this command only defined as a script/golang file or does it have a matching function within the payload
	ScriptOnlyCommand bool `json:"script_only"`
	// CommandAttributes - Attributes about this command that can be used to determine what commands the user can select when building the payload.
	// This also comes into play when determining commands to list for some command parameters
	CommandAttributes CommandAttribute `json:"attributes"`
	// CommandParameters - A list of the parameters associated with this command (also known as arguments)
	CommandParameters []CommandParameter `json:"parameters"`
	// AssociatedBrowserScript - If this command has a browser script to manipulate the output from this command, reference that here
	AssociatedBrowserScript *BrowserScript `json:"browserscript,omitempty"`
	// TaskFunctionOPSECPre - If you want to provide an OPSEC check before your main TaskFunctionCreateTasking function, you can define that function here
	TaskFunctionOPSECPre PtTaskFunctionOPSECPre `json:"-"`
	// TaskFunctionCreateTasking - This is the main function to do additional processing, RPC calls, and anything else before your command is ready for the agent to pick it up
	TaskFunctionCreateTasking PtTaskFunctionCreateTasking `json:"-"`
	// TaskFunctionProcessResponse - If your callback returns data in the 'process_response' key within your responses array, that data gets processed here.
	TaskFunctionProcessResponse PtTaskFunctionProcessResponse `json:"-"`
	// TaskFunctionOPSECPost - If you want to provide an OPSEC check after your TaskFunctionCreateTasking function executes but before the agent picks up the tasking, you can do that here
	TaskFunctionOPSECPost PtTaskFunctionOPSECPost `json:"-"`
	// TaskFunctionParseArgString - Parse an argument string from the user into your command's CommandParameters array
	TaskFunctionParseArgString PtTaskFunctionParseArgString `json:"-"`
	// TaskFunctionParseArgDictionary - Parse an argument dictionary from the user into your command's CommandParameters array
	TaskFunctionParseArgDictionary PtTaskFunctionParseArgDictionary `json:"-"`
	// TaskCompletionFunctions - If your TaskFunctionCreateTasking function or any of your subtasks have completion functions, define them here
	TaskCompletionFunctions map[string]PTTaskCompletionFunction `json:"-"`
}

Command - The base definition of a command 

Use the following function to add this command to Mythic's internal tracking:
agentstructs.AllPayloadData.Get("poseidon").AddCommand(commandDefinition)

This is easiest to add as part of the init() function for your command file so it's added automatically

type CommandAttribute 

type CommandAttribute struct {
	// SupportedOS -  Which operating systems does this command support? An empty list means all OS.
	SupportedOS []string `json:"supported_os"`
	// CommandIsBuiltin -  Is this command baked into the agent permanently?
	CommandIsBuiltin bool `json:"builtin"`
	// CommandIsSuggested - If true, this command will appear on the "included" side when building your payload by default.
	CommandIsSuggested bool `json:"suggested_command"`
	// CommandCanOnlyBeLoadedLater - If true, this command can only be loaded after you have a callback and not included in the base payload.
	CommandCanOnlyBeLoadedLater bool `json:"load_only"`
	// FilterCommandAvailabilityByAgentBuildParameters - Specify if this command is allowed to be built into the payload or not based on build parameters the user specifies.
	/*
		is of the form {"build param name": "build param value"}
	*/
	FilterCommandAvailabilityByAgentBuildParameters map[string]string `json:"filter_by_build_parameter"`
	// AdditionalAttributes - Additional, developer-supplied, key-value pairs such as a dependency note that a command relies on another comand
	AdditionalAttributes map[string]string `json:"additional_items"`
}

CommandAttribute - Attributes about a specific command to influence build options and command parameter options

type CommandParameter 

type CommandParameter struct {
	// Name - The name of your parameter - used when adding args or changing arg values
	Name string `json:"name"`
	// ModalDisplayName - A more friendly version of the name, most likely with captialization and spaces
	ModalDisplayName string `json:"display_name"`
	// CLIName - A more CLI friendly version of the name, potentially without dashes/underscores and no spaces
	CLIName string `json:"cli_name"`
	// ParameterType - The type of parameter - this influences how things work in the UI
	ParameterType CommandParameterType `json:"parameter_type"`
	// Description - The description of the parameter that's displayed to the user when they hover over the ModalDisplayName
	Description string `json:"description"`
	// Choices - If the ParameterType is ChooseOne or ChooseMultiple, these are the choices for the user.
	// If the ParameterType is TypedArray, these are the options for each array entry
	Choices []string `json:"choices"`
	// DefaultValue - The default value to present to the user when they pull up the modal view
	DefaultValue interface{} `json:"default_value"`
	// SupportedAgents - When using the "Payload" Parameter Type, you can filter down which payloads are presented to the operator based on this list of supported agents.
	SupportedAgents []string `json:"supported_agents"`
	// SupportedAgentBuildParameters - When using the "Payload" Parameter Type, you can filter down which payloads are presented to the operator based on specific build parameters for specific payload types.
	SupportedAgentBuildParameters map[string]string `json:"supported_agent_build_parameters"`
	// ChoicesAreAllCommands - Can be used with ChooseOne or ChooseMultiple Parameter Types to automatically populate those options in the UI with all of the commands for the payload type.
	ChoicesAreAllCommands bool `json:"choices_are_all_commands"`
	// ChoicesAreLoadedCommands - Can be used with ChooseOne or ChooseMultiple Parameter Types to automatically populate those options in the UI with all of the currently loaded commands.
	ChoicesAreLoadedCommands bool `json:"choices_are_loaded_commands"`
	// FilterCommandChoicesByCommandAttributes -  When using the ChooseOne or ChooseMultiple Parameter type along with choices_are_all_commands, you can filter down those options based on attribute values in your command's CommandAttributes field.
	FilterCommandChoicesByCommandAttributes map[string]string `json:"choice_filter_by_command_attributes"`
	// DynamicQueryFunction -  Provide a dynamic query function to be called when the user views that parameter option in the UI to populate choices for the ChooseOne or ChooseMultiple Parameter Types.
	DynamicQueryFunction PTTaskingDynamicQueryFunction `json:"dynamic_query_function"`
	// TypedArrayParseFunction - Provide a function to be called when the user types out a typedArray value on the CLI, but that needs to be parsed for a Modal Popup
	TypedArrayParseFunction PTTaskingTypedArrayParseFunction `json:"typedarray_parse_function"`
	// ParameterGroupInformation - Define 0+ different parameter groups that this parameter belongs to.
	ParameterGroupInformation []ParameterGroupInfo `json:"parameter_group_info"`
	// LimitCredentialsByType - provide an option list of credential types to limit the UI dropdown options
	LimitCredentialsByType []string `json:"limit_credentials_by_type"`
	// contains filtered or unexported fields
}

CommandParameter - The base definition for a parameter (i.e. argument) to your command

func (*CommandParameter) GetCurrentValue 

func (cmd *CommandParameter) GetCurrentValue() interface{}

type CommandParameterType 

type CommandParameterType = string

type ConnectionInfo added in v1.0.8 

type ConnectionInfo struct {
	CallbackUUID  string        `json:"callback_uuid" mapstructure:"callback_uuid"`
	AgentUUID     string        `json:"agent_uuid" mapstructure:"agent_uuid"`
	Host          string        `json:"host" mapstructure:"host"`
	C2ProfileInfo C2ProfileInfo `json:"c2_profile" mapstructure:"c2_profile"`
}

type CredentialInfo added in v1.0.8 

type CredentialInfo struct {
	Realm      string `json:"realm" mapstructure:"realm"`
	Account    string `json:"account" mapstructure:"account"`
	Credential string `json:"credential" mapstructure:"credential"`
	Comment    string `json:"comment" mapstructure:"comment"`
	Type       string `json:"type" mapstructure:"type"`
}

type CryptoArg added in v1.1.0 

type CryptoArg struct {
	Value  string `json:"value" mapstructure:"value"`
	EncKey string `json:"enc_key" mapstructure:"enc_key"`
	DecKey string `json:"dec_key" mapstructure:"dec_key"`
}

type FileBrowserTask 

type FileBrowserTask struct {
	Path     string `json:"path" mapstructure:"path"`
	FullPath string `json:"full_path" mapstructure:"full_path"`
	Filename string `json:"file" mapstructure:"file"`
	Host     string `json:"host" mapstructure:"host"`
}

type MessageFormat added in v1.4.0 

type MessageFormat string
const (
	MessageFormatJSON MessageFormat = "json"
	MessageFormatXML                = "xml"
)

type OPSEC_ROLE 

type OPSEC_ROLE string

Tasking step 1: Task message/process before running create_tasking function 

opportunity to run any necessary opsec checks/blocks before the logic in create_tasking runs
	which can spawn subtasks outside of the opsec checks

type PAYLOAD_BUILD_STATUS 

type PAYLOAD_BUILD_STATUS = string
const (
	PAYLOAD_BUILD_STATUS_SUCCESS PAYLOAD_BUILD_STATUS = "success"
	PAYLOAD_BUILD_STATUS_ERROR                        = "error"
)

type PTCallbacksToCheck added in v1.4.0 

type PTCallbacksToCheck struct {
	ID               int       `json:"id"`
	DisplayID        int       `json:"display_id"`
	AgentCallbackID  string    `json:"agent_callback_id"`
	InitialCheckin   time.Time `json:"initial_checkin"`
	LastCheckin      time.Time `json:"last_checkin"`
	SleepInfo        string    `json:"sleep_info"`
	ActiveC2Profiles []string  `json:"active_c2_profiles"`
}

type PTCallbacksToCheckResponse added in v1.4.0 

type PTCallbacksToCheckResponse struct {
	ID    int  `json:"id"`
	Alive bool `json:"alive"`
}

type PTCheckIfCallbacksAliveMessage added in v1.4.0 

type PTCheckIfCallbacksAliveMessage struct {
	ContainerName string               `json:"container_name"`
	Callbacks     []PTCallbacksToCheck `json:"callbacks"`
}

type PTCheckIfCallbacksAliveMessageResponse added in v1.4.0 

type PTCheckIfCallbacksAliveMessageResponse struct {
	Success   bool   `json:"success"`
	Error     string `json:"error"`
	Callbacks []PTCallbacksToCheckResponse
}

type PTOnNewCallbackAllData added in v1.3.0 

type PTOnNewCallbackAllData struct {
	Callback        PTTaskMessageCallbackData            `json:"callback"`
	BuildParameters []PayloadConfigurationBuildParameter `json:"build_parameters"`
	Commands        []string                             `json:"commands"`
	Payload         PTTaskMessagePayloadData             `json:"payload"`
	C2Profiles      []PayloadConfigurationC2Profile      `json:"c2info"`
	PayloadType     string                               `json:"payload_type"`
	Secrets         map[string]interface{}               `json:"secrets"`
}

type PTOnNewCallbackResponse added in v1.3.0 

type PTOnNewCallbackResponse struct {
	AgentCallbackID string `json:"agent_callback_id"`
	Success         bool   `json:"success"`
	Error           string `json:"error"`
}

type PTRPCDynamicQueryFunctionMessage 

type PTRPCDynamicQueryFunctionMessage struct {
	// Command - the command name for the query function called
	Command string `json:"command" binding:"required"`
	// ParameterName - the specific parameter for the query function called
	ParameterName string `json:"parameter_name" binding:"required"`
	// PayloadType - the name of the payload type of the callback for the query function called
	PayloadType string `json:"payload_type" binding:"required"`
	// CommandPayloadType - the name of the payload type associated with this command
	CommandPayloadType string `json:"command_payload_type"`
	// Callback - the ID of the callback where this query function is called
	Callback int `json:"callback" binding:"required"`
	// PayloadOS - the string OS selected during payload creation
	PayloadOS string `json:"payload_os"`
	// PayloadUUID - the UUID of the backing payload that can be used to fetch more information about the payload
	PayloadUUID string `json:"payload_uuid"`
	// CallbackDisplayID - the number seen on the active callbacks page for the callback in question
	CallbackDisplayID int `json:"callback_display_id"`
	// AgentCallbackID - the UUID of the callback known by the agent
	AgentCallbackID string `json:"agent_callback_id"`
	// Secrets - User supplied secrets
	Secrets map[string]interface{} `json:"secrets"`
}

type PTRPCDynamicQueryFunctionMessageResponse 

type PTRPCDynamicQueryFunctionMessageResponse struct {
	// Success - indicating if the query function succeeded or not
	Success bool `json:"success"`
	// Error - if there was an error, return that message here for the user
	Error string `json:"error"`
	// Choices - the resulting choices for the user based on the dynamic query function
	Choices []string `json:"choices"`
}

type PTRPCOtherServiceRPCMessage 

type PTRPCOtherServiceRPCMessage struct {
	// Name - The name of the remote Payload type or C2 Profile
	Name string `json:"service_name"` //required
	// RPCFunction - The name of the function to call for that remote service
	RPCFunction string `json:"service_function"`
	// RPCFunctionArguments - A map of arguments to supply to that remote function
	RPCFunctionArguments map[string]interface{} `json:"service_arguments"`
}

PTRPCOtherServiceRPCMessage - A message to call RPC functionality exposed by another Payload Type or C2 Profile

type PTRPCOtherServiceRPCMessageResponse 

type PTRPCOtherServiceRPCMessageResponse struct {
	// Success - An indicator if the call was successful or not
	Success bool `json:"success"`
	// Error - If the call was unsuccessful, this is an error message about what happened
	Error string `json:"error"`
	// Result - The result returned by the remote service
	Result map[string]interface{} `json:"result"`
}

PTRPCOtherServiceRPCMessageResponse - The result of calling RPC functionality exposed by another Payload Type or C2 Profile

type PTRPCReSyncMessage 

type PTRPCReSyncMessage struct {
	Name string `json:"payload_type"`
}

type PTRPCReSyncMessageResponse 

type PTRPCReSyncMessageResponse struct {
	Success bool   `json:"success"`
	Error   string `json:"error"`
}

type PTRPCTypedArrayParseFunctionMessage added in v1.1.0 

type PTRPCTypedArrayParseFunctionMessage struct {
	// Command - the command name for the query function called
	Command string `json:"command" binding:"required"`
	// ParameterName - the specific parameter for the query function called
	ParameterName string `json:"parameter_name" binding:"required"`
	// PayloadType - the name of the payload type for the callback where query function called
	PayloadType string `json:"payload_type" binding:"required"`
	// CommandPayloadType - the name of the payload type for the command issued
	CommandPayloadType string `json:"command_payload_type"`
	// Callback - the ID of the callback where this query function is called
	Callback int `json:"callback" binding:"required"`
	// InputArray - the structured input array that the user provided
	InputArray []string `json:"input_array"`
}

type PTRPCTypedArrayParseMessageResponse added in v1.1.0 

type PTRPCTypedArrayParseMessageResponse struct {
	// Success - indicating if the query function succeeded or not
	Success bool `json:"success"`
	// Error - if there was an error, return that message here for the user
	Error string `json:"error"`
	// TypedArray - the resulting typed array based on the formatted normal array
	TypedArray [][]string `json:"typed_array"`
}

type PTTTaskOPSECPreTaskMessageResponse 

type PTTTaskOPSECPreTaskMessageResponse struct {
	TaskID             int        `json:"task_id"`
	Success            bool       `json:"success"`
	Error              string     `json:"error"`
	OpsecPreBlocked    bool       `json:"opsec_pre_blocked"`
	OpsecPreMessage    string     `json:"opsec_pre_message"`
	OpsecPreBypassed   *bool      `json:"opsec_pre_bypassed,omitempty"`
	OpsecPreBypassRole OPSEC_ROLE `json:"opsec_pre_bypass_role"`
}

type PTTaskCompletionFunction 

type PTTaskCompletionFunction func(*PTTaskMessageAllData, *PTTaskMessageAllData, *SubtaskGroupName) PTTaskCompletionFunctionMessageResponse

PTTaskCompletionFunction takes in taskData, subtaskData, groupName taskData is always your current task subtaskData is optional if this is executing once a subtask finishes execution subtaskGroupName is optional if the subtask was part of a named group

type PTTaskCompletionFunctionMessage 

type PTTaskCompletionFunctionMessage struct {
	TaskData               *PTTaskMessageAllData `json:"task"`
	SubtaskData            *PTTaskMessageAllData `json:"subtask,omitempty"`
	SubtaskGroup           *SubtaskGroupName     `json:"subtask_group_name,omitempty"`
	CompletionFunctionName string                `json:"function_name"`
}

type PTTaskCompletionFunctionMessageResponse 

type PTTaskCompletionFunctionMessageResponse struct {
	TaskID                 int     `json:"task_id"`
	ParentTaskId           int     `json:"parent_task_id"`
	Success                bool    `json:"success"`
	Error                  string  `json:"error"`
	TaskStatus             *string `json:"task_status,omitempty"`
	DisplayParams          *string `json:"display_params,omitempty"`
	Stdout                 *string `json:"stdout,omitempty"`
	Stderr                 *string `json:"stderr,omitempty"`
	Completed              *bool   `json:"completed,omitempty"`
	TokenID                *int    `json:"token_id,omitempty"`
	CompletionFunctionName *string `json:"completion_function_name,omitempty"`
	Params                 *string `json:"params,omitempty"`
	ParameterGroupName     *string `json:"parameter_group_name,omitempty"`
}

type PTTaskCreateTaskingMessageResponse 

type PTTaskCreateTaskingMessageResponse struct {
	// TaskID - the task associated with the create tasking function - this will be automatically filled in for you
	TaskID int `json:"task_id"`
	// Success - indicate if the create tasking function ran successfully or not
	Success bool `json:"success"`
	// Error - if you want to provide an error message about some error you hit while executing the create tasking
	Error string `json:"error"`
	// CommandName - if you want to change the associated command name that's sent down to the agent
	CommandName *string `json:"command_name,omitempty"`
	// TaskStatus - if you want to manually set the task status to be something other than default
	TaskStatus *string `json:"task_status,omitempty"`
	// DisplayParams - if you want to change the display parameters for your task to be something other than the default JSON
	DisplayParams *string `json:"display_params,omitempty"`
	// Stdout - Provide any task-based stdout
	Stdout *string `json:"stdout,omitempty"`
	// Stderr - Provide any task-based stderr
	Stderr *string `json:"stderr,omitempty"`
	// Completed - identify if the task is already completed and shouldn't be sent down to the agent
	Completed *bool `json:"completed,omitempty"`
	// TokenID - identifier for the token id associated with this task - normally doesn't need to be set unless you're changing it
	TokenID *uint64 `json:"token_id,omitempty"`
	// CompletionFunctionName - name of the completion function to call from the Command's TaskCompletionFunctions dictionary
	CompletionFunctionName *string `json:"completion_function_name,omitempty"`
	// ParameterGroupName - Don't set this explicitly. If you want to set the name of the parameter group explicitly, use
	// the taskData.Args.SetManualParameterGroup("name here") function.
	ParameterGroupName string `json:"parameter_group_name"`
	// ReprocessAtNewCommandPayloadType - the name of the current payload type or payload type associated with an updated CommandName field for execution to then go to for further processing
	ReprocessAtNewCommandPayloadType string `json:"reprocess_at_new_command_payload_type"`
}

type PTTaskMessageAllData 

type PTTaskMessageAllData struct {
	// Task - Read-only data about the task
	Task PTTaskMessageTaskData `json:"task"`
	// Callback - Read-only data about the callback
	Callback PTTaskMessageCallbackData `json:"callback"`
	// BuildParameters - Read-only data about the build parameters
	BuildParameters []PayloadConfigurationBuildParameter `json:"build_parameters"`
	// Commands - Read-only data about the commands built into the callback
	Commands []string `json:"commands"`
	// Payload - Read-only data about the backing payload for this task
	Payload PTTaskMessagePayloadData `json:"payload"`
	// C2Profiles - Read-only data about the c2 profiles and their values for this callback
	C2Profiles []PayloadConfigurationC2Profile `json:"c2info"`
	// PayloadType - Read-only the name of the payload type associated with this callback
	PayloadType string `json:"payload_type"`
	// CommandPayloadType The name of the payload type associated with this task
	CommandPayloadType string `json:"command_payload_type"`
	// Secrets - Map of user supplied secrets to their values to help with tasking
	Secrets map[string]interface{} `json:"secrets"`
	// Args - Read-Write argument data for adding/removing/modifying args associated with this task instance.
	// Mainly for create tasking function to augment parameters
	Args PTTaskMessageArgsData
}

type PTTaskMessageArgsData 

type PTTaskMessageArgsData struct {
	// contains filtered or unexported fields
}

PTTaskMessageArgsData - struct for tracking, adding, removing, updating, validating, etc arguments for a task. If you want to set your own manual arguments, use the .SetManualArgs function.

func GenerateArgsData 

func GenerateArgsData(cmdParams []CommandParameter, task PTTaskMessageAllData) (PTTaskMessageArgsData, error)

Args helper functions

func (*PTTaskMessageArgsData) AddArg 

func (arg *PTTaskMessageArgsData) AddArg(newArg CommandParameter) error

func (*PTTaskMessageArgsData) GetArg 

func (arg *PTTaskMessageArgsData) GetArg(name string) (interface{}, error)

func (*PTTaskMessageArgsData) GetArrayArg added in v1.0.8 

func (arg *PTTaskMessageArgsData) GetArrayArg(name string) ([]string, error)

func (*PTTaskMessageArgsData) GetBooleanArg 

func (arg *PTTaskMessageArgsData) GetBooleanArg(name string) (bool, error)

func (*PTTaskMessageArgsData) GetChooseMultipleArg added in v1.0.8 

func (arg *PTTaskMessageArgsData) GetChooseMultipleArg(name string) ([]string, error)

func (*PTTaskMessageArgsData) GetChooseOneArg added in v1.0.8 

func (arg *PTTaskMessageArgsData) GetChooseOneArg(name string) (string, error)

func (*PTTaskMessageArgsData) GetCommandLine 

func (arg *PTTaskMessageArgsData) GetCommandLine() string

func (*PTTaskMessageArgsData) GetConnectionInfoArg 

func (arg *PTTaskMessageArgsData) GetConnectionInfoArg(name string) (ConnectionInfo, error)

GetConnectionInfoArg returns structured information about a new P2P connection that can be established

func (*PTTaskMessageArgsData) GetCredentialArg added in v1.0.8 

func (arg *PTTaskMessageArgsData) GetCredentialArg(name string) (CredentialInfo, error)

GetCredentialArg returns all the data about a credential from Mythic's credential store

func (*PTTaskMessageArgsData) GetDictionaryArg 

func (arg *PTTaskMessageArgsData) GetDictionaryArg(name string) (map[string]string, error)

func (*PTTaskMessageArgsData) GetFileArg added in v1.0.8 

func (arg *PTTaskMessageArgsData) GetFileArg(name string) (string, error)

GetFileArg returns the file UUID that was registered with Mythic before tasking

func (*PTTaskMessageArgsData) GetFinalArgs 

func (arg *PTTaskMessageArgsData) GetFinalArgs() (string, error)

func (*PTTaskMessageArgsData) GetLinkInfoArg added in v1.0.8 

func (arg *PTTaskMessageArgsData) GetLinkInfoArg(name string) (ConnectionInfo, error)

GetLinkInfoArg returns structured information about an existing (or now dead) P2P connection

func (*PTTaskMessageArgsData) GetNumberArg 

func (arg *PTTaskMessageArgsData) GetNumberArg(name string) (float64, error)

func (*PTTaskMessageArgsData) GetParameterGroupArguments 

func (arg *PTTaskMessageArgsData) GetParameterGroupArguments() ([]CommandParameter, error)

func (*PTTaskMessageArgsData) GetParameterGroupName 

func (arg *PTTaskMessageArgsData) GetParameterGroupName() (string, error)

func (*PTTaskMessageArgsData) GetPayloadListArg added in v1.0.8 

func (arg *PTTaskMessageArgsData) GetPayloadListArg(name string) (string, error)

GetPayloadListArg returns the payload UUID that was selected from a dropdown list in the UI

func (*PTTaskMessageArgsData) GetRawCommandLine 

func (arg *PTTaskMessageArgsData) GetRawCommandLine() string

func (*PTTaskMessageArgsData) GetStringArg 

func (arg *PTTaskMessageArgsData) GetStringArg(name string) (string, error)

func (*PTTaskMessageArgsData) GetTaskingLocation 

func (arg *PTTaskMessageArgsData) GetTaskingLocation() string

func (*PTTaskMessageArgsData) GetTypedArrayArg added in v1.1.0 

func (arg *PTTaskMessageArgsData) GetTypedArrayArg(name string) ([][]string, error)

func (*PTTaskMessageArgsData) GetTypedArrayEntriesThatNeedProcessing added in v1.3.3 

func (arg *PTTaskMessageArgsData) GetTypedArrayEntriesThatNeedProcessing() []CommandParameter

func (*PTTaskMessageArgsData) GetUnusedArgs added in v1.0.8 

func (arg *PTTaskMessageArgsData) GetUnusedArgs() string

func (*PTTaskMessageArgsData) HasArg 

func (arg *PTTaskMessageArgsData) HasArg(name string) bool

func (*PTTaskMessageArgsData) LoadArgsFromDictionary 

func (arg *PTTaskMessageArgsData) LoadArgsFromDictionary(dictionaryArgs map[string]interface{}) error

func (*PTTaskMessageArgsData) LoadArgsFromJSONString 

func (arg *PTTaskMessageArgsData) LoadArgsFromJSONString(stringArgs string) error

func (*PTTaskMessageArgsData) RemoveArg 

func (arg *PTTaskMessageArgsData) RemoveArg(name string) error

func (*PTTaskMessageArgsData) RenameArg 

func (arg *PTTaskMessageArgsData) RenameArg(oldName string, newName string) error

func (*PTTaskMessageArgsData) SetArgValue 

func (arg *PTTaskMessageArgsData) SetArgValue(name string, value interface{}) error

func (*PTTaskMessageArgsData) SetManualArgs 

func (arg *PTTaskMessageArgsData) SetManualArgs(args string)

func (*PTTaskMessageArgsData) SetManualParameterGroup added in v1.0.5 

func (arg *PTTaskMessageArgsData) SetManualParameterGroup(groupName string)

func (*PTTaskMessageArgsData) VerifyRequiredArgsHaveValues 

func (arg *PTTaskMessageArgsData) VerifyRequiredArgsHaveValues() (bool, error)

type PTTaskMessageCallbackData 

type PTTaskMessageCallbackData struct {
	ID                  int      `json:"id"`
	DisplayID           int      `json:"display_id"`
	AgentCallbackID     string   `json:"agent_callback_id"`
	InitCallback        string   `json:"init_callback"`
	LastCheckin         string   `json:"last_checkin"`
	User                string   `json:"user"`
	Host                string   `json:"host"`
	PID                 int      `json:"pid"`
	IP                  string   `json:"ip"`
	IPs                 []string `json:"ips"`
	ExternalIp          string   `json:"external_ip"`
	ProcessName         string   `json:"process_name"`
	Description         string   `json:"description"`
	OperatorID          int      `json:"operator_id"`
	OperatorUsername    string   `json:"operator_username"`
	Active              bool     `json:"active"`
	RegisteredPayloadID int      `json:"registered_payload_id"`
	IntegrityLevel      int      `json:"integrity_level"`
	Locked              bool     `json:"locked"`
	OperationID         int      `json:"operation_id"`
	OperationName       string   `json:"operation_name"`
	CryptoType          string   `json:"crypto_type"`
	DecKey              []byte   `json:"dec_key"`
	EncKey              []byte   `json:"enc_key"`
	OS                  string   `json:"os"`
	Architecture        string   `json:"architecture"`
	Domain              string   `json:"domain"`
	ExtraInfo           string   `json:"extra_info"`
	SleepInfo           string   `json:"sleep_info"`
}

type PTTaskMessagePayloadData 

type PTTaskMessagePayloadData struct {
	OS          string `json:"os"`
	UUID        string `json:"uuid"`
	PayloadType string `json:"payload_type"`
}

type PTTaskMessageTaskData 

type PTTaskMessageTaskData struct {
	ID                                 int    `json:"id"`
	AgentTaskID                        string `json:"agent_task_id"`
	CommandName                        string `json:"command_name"`
	Params                             string `json:"params"`
	Timestamp                          string `json:"timestamp"`
	CallbackID                         int    `json:"callback_id"`
	Status                             string `json:"status"`
	OriginalParams                     string `json:"original_params"`
	DisplayParams                      string `json:"display_params"`
	Comment                            string `json:"comment"`
	Stdout                             string `json:"stdout"`
	Stderr                             string `json:"stderr"`
	Completed                          bool   `json:"completed"`
	OperatorUsername                   string `json:"operator_username"`
	OperatorID                         int    `json:"operator_id"`
	OpsecPreBlocked                    bool   `json:"opsec_pre_blocked"`
	OpsecPreMessage                    string `json:"opsec_pre_message"`
	OpsecPreBypassed                   bool   `json:"opsec_pre_bypassed"`
	OpsecPreBypassRole                 string `json:"opsec_pre_bypass_role"`
	OpsecPostBlocked                   bool   `json:"opsec_post_blocked"`
	OpsecPostMessage                   string `json:"opsec_post_message"`
	OpsecPostBypassed                  bool   `json:"opsec_post_bypassed"`
	OpsecPostBypassRole                string `json:"opsec_post_bypass_role"`
	ParentTaskID                       int    `json:"parent_task_id"`
	SubtaskCallbackFunction            string `json:"subtask_callback_function"`
	SubtaskCallbackFunctionCompleted   bool   `json:"subtask_callback_function_completed"`
	GroupCallbackFunction              string `json:"group_callback_function"`
	GroupCallbackFunctionCompleted     bool   `json:"group_callback_function_completed"`
	CompletedCallbackFunction          string `json:"completed_callback_function"`
	CompletedCallbackFunctionCompleted bool   `json:"completed_callback_function_completed"`
	SubtaskGroupName                   string `json:"subtask_group_name"`
	TaskingLocation                    string `json:"tasking_location"`
	ParameterGroupName                 string `json:"parameter_group_name"`
	TokenID                            int    `json:"token_id"`
}

type PTTaskOPSECPostTaskMessageResponse 

type PTTaskOPSECPostTaskMessageResponse struct {
	TaskID              int        `json:"task_id"`
	Success             bool       `json:"success"`
	Error               string     `json:"error"`
	OpsecPostBlocked    bool       `json:"opsec_post_blocked"`
	OpsecPostMessage    string     `json:"opsec_post_message"`
	OpsecPostBypassed   *bool      `json:"opsec_post_bypassed,omitempty"`
	OpsecPostBypassRole OPSEC_ROLE `json:"opsec_post_bypass_role"`
}

type PTTaskProcessResponseMessageResponse 

type PTTaskProcessResponseMessageResponse struct {
	TaskID  int    `json:"task_id"`
	Success bool   `json:"success"`
	Error   string `json:"error"`
}

type PTTaskingDynamicQueryFunction 

type PTTaskingDynamicQueryFunction func(PTRPCDynamicQueryFunctionMessage) []string

func (PTTaskingDynamicQueryFunction) MarshalJSON 

func (f PTTaskingDynamicQueryFunction) MarshalJSON() ([]byte, error)

type PTTaskingTypedArrayParseFunction added in v1.1.0 

type PTTaskingTypedArrayParseFunction func(message PTRPCTypedArrayParseFunctionMessage) [][]string

func (PTTaskingTypedArrayParseFunction) MarshalJSON added in v1.1.0 

func (f PTTaskingTypedArrayParseFunction) MarshalJSON() ([]byte, error)

type PT_TASK_FUNCTION_STATUS 

type PT_TASK_FUNCTION_STATUS = string

type ParameterGroupInfo 

type ParameterGroupInfo struct {
	// ParameterIsRequired - Is this parameter required?
	ParameterIsRequired bool `json:"required"`
	// GroupName - What is the name of this parameter group (i.e. group of parameters that are grouped together)
	GroupName string `json:"group_name"`
	// UIModalPosition - If the user opens a modal to fill out parameters, which position should this parameter be shown?
	UIModalPosition uint32 `json:"ui_position"`
	// AdditionalInformation - Additional, developer-supplied, key-value pairs of information
	AdditionalInformation map[string]string `json:"additional_info"`
}

ParameterGroupInfo - Allow conditional parameters displayed to the user and determine if parameters are required and the order in which they're presented to the user

type PayloadBuildC2Profile 

type PayloadBuildC2Profile struct {
	Name  string `json:"name" mapstructure:"name"`
	IsP2P bool   `json:"is_p2p" mapstructure:"is_p2p"`
	// parameter name: parameter value
	// Parameters - this is an interface of parameter name -> parameter value from the associated C2 profile.
	// The types for the various parameter names can be found by looking at the build parameters in the Mythic UI.
	Parameters map[string]interface{} `json:"parameters" mapstructure:"parameters"`
}

PayloadBuildC2Profile - A structure of the selected C2 Profile information the user selected to build into a payload.

func (*PayloadBuildC2Profile) GetArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetArg(name string) (interface{}, error)

func (*PayloadBuildC2Profile) GetArgNames added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetArgNames() []string

func (*PayloadBuildC2Profile) GetArrayArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetArrayArg(name string) ([]string, error)

func (*PayloadBuildC2Profile) GetBooleanArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetBooleanArg(name string) (bool, error)

func (*PayloadBuildC2Profile) GetChooseMultipleArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetChooseMultipleArg(name string) ([]string, error)

func (*PayloadBuildC2Profile) GetChooseOneArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetChooseOneArg(name string) (string, error)

func (*PayloadBuildC2Profile) GetChooseOneCustomArg added in v1.4.0 

func (arg *PayloadBuildC2Profile) GetChooseOneCustomArg(name string) (string, error)

func (*PayloadBuildC2Profile) GetCryptoArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetCryptoArg(name string) (CryptoArg, error)

func (*PayloadBuildC2Profile) GetDateArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetDateArg(name string) (string, error)

func (*PayloadBuildC2Profile) GetDictionaryArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetDictionaryArg(name string) (map[string]string, error)

func (*PayloadBuildC2Profile) GetFileArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetFileArg(name string) (string, error)

func (*PayloadBuildC2Profile) GetFileMultipleArg added in v1.4.0 

func (arg *PayloadBuildC2Profile) GetFileMultipleArg(name string) ([]string, error)

func (*PayloadBuildC2Profile) GetNumberArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetNumberArg(name string) (float64, error)

func (*PayloadBuildC2Profile) GetStringArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetStringArg(name string) (string, error)

func (*PayloadBuildC2Profile) GetTypedArrayArg added in v1.1.0 

func (arg *PayloadBuildC2Profile) GetTypedArrayArg(name string) ([][]string, error)

type PayloadBuildC2ProfileMessage 

type PayloadBuildC2ProfileMessage struct {
	PayloadUUID     string                 `json:"uuid"`
	Parameters      map[string]interface{} `json:"parameters"`
	BuildParameters map[string]interface{} `json:"build_parameters"`
	SelectedOS      string                 `json:"selected_os"`
	PayloadType     string                 `json:"payload_type"`
}

building just an ad-hoc c2 profile for an already existing payload

type PayloadBuildC2ProfileMessageResponse 

type PayloadBuildC2ProfileMessageResponse struct {
	PayloadUUID  string  `json:"uuid"`
	Status       string  `json:"status"`
	Payload      *[]byte `json:"payload,omitempty"`
	BuildStdErr  string  `json:"build_stderr"`
	BuildStdOut  string  `json:"build_stdout"`
	BuildMessage string  `json:"build_message"`
}

type PayloadBuildMessage 

type PayloadBuildMessage struct {
	// PayloadType - the name of the payload type for the build
	PayloadType string `json:"payload_type" mapstructure:"payload_type"`
	// Filename - the name of the file the user originally supplied for this build
	Filename string `json:"filename" mapstructure:"filename"`
	// CommandList - the list of commands the user selected to include in the build
	CommandList []string `json:"commands" mapstructure:"commands"`
	// build param name : build value
	// BuildParameters - map of param name -> build value from the user for the build parameters defined
	// File type build parameters are supplied as a string UUID to use with MythicRPC for fetching file contents
	// Array type build parameters are supplied as []string{}
	BuildParameters
	// C2Profiles - list of C2 profiles selected to include in the payload and their associated parameters
	C2Profiles []PayloadBuildC2Profile `json:"c2profiles" mapstructure:"c2profiles"`
	// WrappedPayload - bytes of the wrapped payload if one exists
	WrappedPayload *[]byte `json:"wrapped_payload,omitempty" mapstructure:"wrapped_payload"`
	// WrappedPayloadUUID - the UUID of the wrapped payload if one exists
	WrappedPayloadUUID *string `json:"wrapped_payload_uuid,omitempty" mapstructure:"wrapped_payload_uuid"`
	// SelectedOS - the operating system the user selected when building the agent
	SelectedOS string `json:"selected_os" mapstructure:"selected_os"`
	// PayloadUUID - the Mythic generated UUID for this payload instance
	PayloadUUID string `json:"uuid" mapstructure:"uuid"`
	// PayloadFileUUID - The Mythic generated File UUID associated with this payload
	PayloadFileUUID string `json:"payload_file_uuid" mapstructure:"payload_file_uuid"`
	// Secrets - User supplied secrets that get sent down with payload builds
	Secrets map[string]interface{} `json:"secrets"`
}

PayloadBuildMessage - A structure of the build information the user provided to generate an instance of the payload type. This information gets passed to your payload type's build function.

type PayloadBuildResponse 

type PayloadBuildResponse struct {
	// PayloadUUID - The UUID associated with this payload
	PayloadUUID string `json:"uuid"`
	// Success - was this build process successful or not
	Success bool `json:"success"`
	// UpdatedFilename - Optionally updated filename based on build parameters to more closely match the return file type
	UpdatedFilename *string `json:"updated_filename,omitempty"`
	// Payload - the raw bytes of the payload that was compiled/created
	Payload *[]byte `json:"-"`
	// UpdatedCommandList - if you want to adjust the list of commands in this payload from what the user provided,
	// provide the updated list of command names here
	UpdatedCommandList *[]string `json:"updated_command_list,omitempty"`
	// BuildStdErr - build stderr message to associate with the build
	BuildStdErr string `json:"build_stderr"`
	// BuildStdOut - build stdout message to associate with the build
	BuildStdOut string `json:"build_stdout"`
	// BuildMessage - general message to associate with the build. Usually not as verbose as the stdout/stderr.
	BuildMessage string `json:"build_message"`
}

PayloadBuildResponse - The result of calling a payload type's build function. This returns not only the actual payload bytes, but surrounding metadata such as updated filenames, command lists, and stdout/stderr messages.

type PayloadConfiguration 

type PayloadConfiguration struct {
	Description        string                                `json:"description"`
	PayloadType        string                                `json:"payload_type" binding:"required"`
	C2Profiles         *[]PayloadConfigurationC2Profile      `json:"c2_profiles,omitempty"`
	BuildParameters    *[]PayloadConfigurationBuildParameter `json:"build_parameters,omitempty"`
	Commands           []string                              `json:"commands"`
	SelectedOS         string                                `json:"selected_os" binding:"required"`
	Filename           string                                `json:"filename" binding:"required"`
	WrappedPayloadUUID string                                `json:"wrapped_payload"`
}

exporting a payload configuration

type PayloadConfigurationBuildParameter 

type PayloadConfigurationBuildParameter struct {
	Name  string      `json:"name" binding:"required"`
	Value interface{} `json:"value" binding:"required"`
}

type PayloadConfigurationC2Profile 

type PayloadConfigurationC2Profile struct {
	Name       string                 `json:"c2_profile"`
	IsP2P      bool                   `json:"c2_profile_is_p2p"`
	Parameters map[string]interface{} `json:"c2_profile_parameters"`
}

type PayloadType 

type PayloadType struct {
	// Name - The name of the payload type that appears in the Mythic UI
	Name string `json:"name"`
	// FileExtension - The default file extension to append to the payload type's name as a placeholder for a filename when generating a payload
	FileExtension string `json:"file_extension"`
	// Author - the name or handle of the author(s) responsible for creating this payload type
	Author string `json:"author"`
	// SupportedOS - An array of operating system names that this payload can compile for. This is used to populate that first dropdown in the Mythic UI when building a payload
	SupportedOS []string `json:"supported_os"`
	// Wrapper - Is this a payload type a wrapper for other payload types or is it a regular payload type
	Wrapper bool `json:"wrapper"`
	// CanBeWrappedByTheFollowingPayloadTypes - Which wrapper payload types does this payload type support (i.e. If this payload type can be supplied to the service_wrapper payload type, list service_wrapper here)
	CanBeWrappedByTheFollowingPayloadTypes []string `json:"supported_wrapper_payload_types"`
	// SupportsDynamicLoading - Does this payload type allow you to dynamically select which commands are loaded into the base payload? If so, set this to True, otherwise all commands are baked into the agent all the time.
	SupportsDynamicLoading bool `json:"supports_dynamic_load"`
	// Description - The description of the payload type to show in the Mythic UI
	Description string `json:"description"`
	// SupportedC2Profiles - The names of the c2 profiles that this payload type supports
	SupportedC2Profiles []string `json:"supported_c2_profiles"`
	// TranslationContainerName - If this payload type uses a translation container, this should be the name of that service
	TranslationContainerName string `json:"translation_container_name"`
	// MythicEncryptsData - If this is True, then Mythic will handle encryption/decryption in messages. If this is false, mythic expects your payload type to have a translation container to handle encryption/decryption on your behalf
	MythicEncryptsData bool `json:"mythic_encrypts"`
	// BuildParameters - A list of build parameters to show to the user during the build process to customize how your payload type's build function operates
	BuildParameters []BuildParameter `json:"build_parameters"`
	// BuildSteps - A list of steps that your build process goes through so that you can report back to the user about the state of the build while it's happening
	BuildSteps []BuildStep `json:"build_steps"`
	// AgentIcon - Don't set this directly, use the agentstructs.AllPayloadData.Get("agentName").AddIcon(filepath.Join(".", "path", "agentname.svg")) call to set this value
	AgentIcon         *[]byte `json:"agent_icon"` // automatically filled in based on Name
	DarkModeAgentIcon *[]byte `json:"dark_mode_agent_icon"`
	// CustomRPCFunctions - The RPC functions you want to expose to other PayloadTypes or C2 Profiles
	CustomRPCFunctions map[string]func(message PTRPCOtherServiceRPCMessage) PTRPCOtherServiceRPCMessageResponse `json:"-"`
	// MessageFormat identifies if the agent uses json or xml messages with Mythic. If you're using a translation container for a custom format, you'd set this to whichever (json/xml) you're going to do your conversions to.
	// This defaults to MessageFormatJSON
	MessageFormat MessageFormat `json:"message_format"`
	// UUIDLength specifies the length of the UUIDs that the payload type uses - either 16 Byte little endian or 36 Byte character string
	MessageUUIDLength int `json:"message_uuid_length"`
	// AgentType identifies if the payload type is a standard "agent" or if it is another use case.
	//  `command_augment` means this container's defined commands will be automatically loaded into callbacks based on CommandAugmentSupportedAgents restrictions
	AgentType AgentType `json:"agent_type"`
	// OnContainerStartFunction is where you can execution a function when the container first starts with access to an operation-specific API token for a few minutes
	// this helps with potential run-time configuration that's needed
	OnContainerStartFunction func(sharedStructs.ContainerOnStartMessage) sharedStructs.ContainerOnStartMessageResponse `json:"-"`
	// CheckIfCallbacksAliveFunction is given a list of callbacks and some configurations to determine if they are still alive or not
	CheckIfCallbacksAliveFunction func(PTCheckIfCallbacksAliveMessage) PTCheckIfCallbacksAliveMessageResponse `json:"-"`
	// OnNewCallback function is executed on new callbacks of this payload type to potentially do some extra setup
	OnNewCallback func(PTOnNewCallbackAllData) PTOnNewCallbackResponse `json:"-"`
	// CommandAugmentSupportedAgents allows you to limit these commands to only be added to callbacks based on the listed agents or if you leave this empty, it'll apply to all callbacks
	// ex: setting this to []string{"apollo"} will only have these commands associated with new "apollo" callbacks
	CommandAugmentSupportedAgents []string `json:"command_augment_supported_agents"`
	// UseDisplayParamsForCLIHistory allows you to leverage custom display parameters for the up/down arrow in history on the cli instead of the task's original_params which might be JSON
	UseDisplayParamsForCLIHistory bool `json:"use_display_params_for_cli_history"`
}

type PayloadTypeSyncMessage 

type PayloadTypeSyncMessage struct {
	PayloadType      PayloadType `json:"payload_type"`
	CommandList      []Command   `json:"commands"`
	ContainerVersion string      `json:"container_version"`
}

PayloadTypeSyncMessage - A sync message to Mythic describing this Payload Type

type PayloadTypeSyncMessageResponse 

type PayloadTypeSyncMessageResponse struct {
	Success bool   `json:"success"`
	Error   string `json:"error"`
}

PayloadTypeSyncMessageResponse - A message back from Mythic indicating if the Payload Sync was successful or not

type PtTaskFunctionCreateTasking 

type PtTaskFunctionCreateTasking func(*PTTaskMessageAllData) PTTaskCreateTaskingMessageResponse

PtTaskFunctionCreateTasking - Process the tasking request from the user. If you want to access/modify the arguments for this task, use the Task.Args.* functions.

type PtTaskFunctionOPSECPost 

type PtTaskFunctionOPSECPost func(*PTTaskMessageAllData) PTTaskOPSECPostTaskMessageResponse

Tasking step 3: Task message/process after running create_tasking but before the task can be picked up by an agent 

this is the time to check any artifacts generated from create_tasking

type PtTaskFunctionOPSECPre 

type PtTaskFunctionOPSECPre func(*PTTaskMessageAllData) PTTTaskOPSECPreTaskMessageResponse

type PtTaskFunctionParseArgDictionary 

type PtTaskFunctionParseArgDictionary func(args *PTTaskMessageArgsData, input map[string]interface{}) error

type PtTaskFunctionParseArgString 

type PtTaskFunctionParseArgString func(args *PTTaskMessageArgsData, input string) error

type PtTaskFunctionProcessResponse 

type PtTaskFunctionProcessResponse func(PtTaskProcessResponseMessage) PTTaskProcessResponseMessageResponse

type PtTaskProcessResponseMessage 

type PtTaskProcessResponseMessage struct {
	TaskData *PTTaskMessageAllData `json:"task"`
	Response interface{}           `json:"response"`
}

Tasking step 5: Task message/process to run for more manual processing of a message's response data

type SubtaskGroupName 

type SubtaskGroupName = string

Tasking step 4: Run this when the specified task completes

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.