Documentation ¶
Index ¶
- Constants
- Variables
- func AddBuilder(builder *clientpb.Builder) error
- func AllBuilders() []*clientpb.Builder
- func EnvelopeID() int64
- func GetBuilder(builderName string) *clientpb.Builder
- func NewTunnelID() uint64
- func NextJobID() int
- func RemoveBuilder(builderName string)
- func StartEventAutomation()
- type Client
- type Event
- type ImplantConnection
- type Job
- type Pivot
- type PivotGraphEntry
- type Session
- type TcpTunnel
- type Tunnel
Constants ¶
const (
PivotTransportName = "pivot"
)
Variables ¶
var ( // Sessions - Manages implant connections Sessions = &sessions{ sessions: &sync.Map{}, } // ErrUnknownMessageType - Returned if the implant did not understand the message for // example when the command is not supported on the platform ErrUnknownMessageType = errors.New("unknown message type") // ErrImplantTimeout - The implant did not respond prior to timeout deadline ErrImplantTimeout = errors.New("implant timeout") )
var ( // Tunnels - Interacting with duplex tunnels Tunnels = tunnels{ // contains filtered or unexported fields } // ErrInvalidTunnelID - Invalid tunnel ID value ErrInvalidTunnelID = errors.New("invalid tunnel ID") )
var ( // Clients - Manages client active Clients = &clients{ active: map[int]*Client{}, mutex: &sync.Mutex{}, } )
var (
ErrDuplicateExternalBuilderName = errors.New("builder name must be unique, this name is already in use")
)
var (
// EventBroker - Distributes event messages
EventBroker = newBroker()
)
var ( // Jobs - Holds pointers to all the current jobs Jobs = &jobs{ active: &sync.Map{}, } )
var (
PivotSessions = &sync.Map{} // ID -> Pivot
)
var ( // TunSocksTunnels - Interacting with duplex SocksTunnels SocksTunnels = tcpTunnel{ // contains filtered or unexported fields } )
Functions ¶
func AddBuilder ¶ added in v1.5.30
func AllBuilders ¶ added in v1.5.30
func GetBuilder ¶ added in v1.5.30
func RemoveBuilder ¶ added in v1.5.30
func RemoveBuilder(builderName string)
func StartEventAutomation ¶ added in v1.5.0
func StartEventAutomation()
StartEventAutomation - Starts an event automation goroutine
Types ¶
type Client ¶
Client - Single client connection
func (*Client) ToProtobuf ¶
ToProtobuf - Get the protobuf version of the object
type Event ¶
type Event struct { Session *Session Job *Job Client *Client Beacon *models.Beacon EventType string Data []byte Err error }
Event - An event is fired when there's a state change involving a
session, job, or client.
type ImplantConnection ¶ added in v1.5.0
type ImplantConnection struct { ID string Send chan *sliverpb.Envelope RespMutex *sync.RWMutex LastMessageMutex *sync.RWMutex Resp map[int64]chan *sliverpb.Envelope Transport string RemoteAddress string LastMessage time.Time Cleanup func() }
ImplantConnection - Abstract connection to an implant
func NewImplantConnection ¶ added in v1.5.0
func NewImplantConnection(transport string, remoteAddress string) *ImplantConnection
NewImplantConnection - Creates a new implant connection
func (*ImplantConnection) GetLastMessage ¶ added in v1.5.14
func (c *ImplantConnection) GetLastMessage() time.Time
GetLastMessage - Retrieves the last message time
func (*ImplantConnection) RequestResend ¶ added in v1.5.27
func (c *ImplantConnection) RequestResend(data []byte)
func (*ImplantConnection) UpdateLastMessage ¶ added in v1.5.0
func (c *ImplantConnection) UpdateLastMessage()
UpdateLastMessage - Updates the last message time
type Job ¶
type Job struct { ID int Name string Description string Protocol string Port uint16 Domains []string JobCtrl chan bool PersistentID string }
Job - Manages background jobs
func (*Job) ToProtobuf ¶
ToProtobuf - Get the protobuf version of the object
type Pivot ¶ added in v1.5.0
type Pivot struct { ID string OriginID int64 ImplantConn *ImplantConnection ImmediateImplantConn *ImplantConnection CipherCtx *cryptography.CipherContext Peers []*sliverpb.PivotPeer }
Pivot - Wraps an ImplantConnection
func NewPivotSession ¶ added in v1.5.0
NewPivotSession - Creates a new pivot session
type PivotGraphEntry ¶ added in v1.5.0
type PivotGraphEntry struct { PeerID int64 SessionID string Name string // PeerID -> Child Children map[int64]*PivotGraphEntry }
PivotGraphEntry - A single entry in the pivot graph
func PivotGraph ¶ added in v1.5.0
func PivotGraph() []*PivotGraphEntry
PivotGraph - Creates a graph structure of sessions/pivots
func (*PivotGraphEntry) AllChildren ¶ added in v1.5.0
func (e *PivotGraphEntry) AllChildren() []*PivotGraphEntry
AllChildren - Flat list of all children (including children of children)
func (*PivotGraphEntry) FindEntryByPeerID ¶ added in v1.5.0
func (e *PivotGraphEntry) FindEntryByPeerID(peerID int64) *PivotGraphEntry
FindEntryByPeerID - Finds a pivot graph entry by peer ID, recursively
func (*PivotGraphEntry) Insert ¶ added in v1.5.0
func (e *PivotGraphEntry) Insert(input *PivotGraphEntry)
Insert - Inserts a pivot into the graph, if it doesn't yet exist
func (*PivotGraphEntry) ToProtobuf ¶ added in v1.5.0
func (e *PivotGraphEntry) ToProtobuf() *clientpb.PivotGraphEntry
ToProtobuf - Recursively converts the pivot graph to protobuf
type Session ¶
type Session struct { ID string Name string Hostname string Username string UUID string UID string GID string OS string Version string Arch string PID int32 Filename string Connection *ImplantConnection ActiveC2 string ReconnectInterval int64 ProxyURL string PollTimeout int64 Burned bool Extensions []string ConfigID string PeerID int64 Locale string FirstContact int64 }
Session - Represents a connection to an implant
func NewSession ¶ added in v1.5.0
func NewSession(implantConn *ImplantConnection) *Session
NewSession - Create a new session
func (*Session) LastCheckin ¶
LastCheckin - Get the last time a session message was received
func (*Session) Request ¶
Request - Sends a protobuf request to the active sliver and returns the response
func (*Session) ToProtobuf ¶
ToProtobuf - Get the protobuf version of the object
type Tunnel ¶
type Tunnel struct { ID uint64 SessionID string ToImplant chan []byte ToImplantSequence uint64 FromImplant chan *sliverpb.TunnelData FromImplantSequence uint64 Client rpcpb.SliverRPC_TunnelDataServer // contains filtered or unexported fields }
Tunnel - Essentially just a mapping between a specific client and sliver with an identifier, these tunnels are full duplex. The server doesn't really care what data gets passed back and forth it just facilitates the connection
func (*Tunnel) GetLastMessageTime ¶ added in v1.5.14
func (*Tunnel) SendDataFromImplant ¶ added in v1.5.14
func (t *Tunnel) SendDataFromImplant(tunnelData *sliverpb.TunnelData)