Documentation ¶
Index ¶
Constants ¶
View Source
const ( MinTimeout = time.Duration(30 * time.Second) KB = 1024 MB = KB * 1024 GB = MB * 1024 BufSize = 2 * MB ClientMaxReceiveMessageSize = 256 * MB // ServerMaxMessageSize - Server-side max GRPC message size ServerMaxMessageSize = 2 * GB DefaultTimeout = 10 * time.Second // second )
Default config
View Source
const ( ClientMenu = "client" ImplantMenu = "implant" )
View Source
const ( GenericGroup = "generic" ManageGroup = "manage" ListenerGroup = "listener" GeneratorGroup = "generator" )
client Groups
View Source
const ( ImplantGroup = "implant" ExecuteGroup = "execute" SysGroup = "sys" FileGroup = "file" ArmoryGroup = "armory" AddonGroup = "addon" MalGroup = "mal" )
implant Groups
View Source
const ( CryptorXOR = "XOR" CryptorRAW = "RAW" // debug only CryptorAES = "AES" )
View Source
const ( ConfigMaxPacketLength = "server.config.packet_length" ConfigAuditLevel = "server.audit" )
config
View Source
const ( UnknownFile = iota EXEFile DLLFile )
View Source
const ( DefaultMaxBodyLength = 2 * 1024 * 1024 * 1024 // 2Gb DefaultHTTPTimeout = time.Minute DefaultLongPollTimeout = time.Second DefaultLongPollJitter = time.Second DefaultCacheInterval = 60 )
Time
View Source
const ( CalleeCMD = "cmd" CalleeMal = "mal" CalleeSDK = "sdk" CalleeExplorer = "explorer" )
View Source
const ( CtrlTaskCallback = "task_callback" CtrlTaskFinish = "task_finish" CtrlTaskCancel = "task_cancel" CtrlTaskError = "task_error" CtrlClientJoin = "client_join" CtrlClientLeft = "client_left" CtrlWebUpload = "web_upload" CtrlListenerStart = "listener_start" CtrlListenerStop = "listener_stop" CtrlPipelineStart = "pipeline_start" CtrlPipelineStop = "pipeline_stop" CtrlWebsiteStart = "website_start" CtrlWebsiteStop = "website_stop" CtrlWebsiteRegister = "website_register" CtrlJobStart = "job_start" CtrlJobStop = "job_stop" CtrlSessionRegister = "session_register" CtrlSessionDead = "session_dead" CtrlSessionInit = "session_init" CtrlSessionReborn = "session_reborn" CtrlSessionLog = "session_log" CtrlSessionTask = "session_task" CtrlSessionError = "session_error" CtrlSessionLeave = "session_leave" CtrlSessionCheckin = "session_checkin" )
View Source
const ( CtrlHeartbeat1s = "heartbeat_1s" // 每秒触发 CtrlHeartbeat5s = "heartbeat_5s" // 每5秒触发 CtrlHeartbeat10s = "heartbeat_10s" // 每10秒触发 CtrlHeartbeat15s = "heartbeat_15s" // 每15秒触发 CtrlHeartbeat30s = "heartbeat_30s" // 每30秒触发 CtrlHeartbeat1m = "heartbeat_1m" // 每分钟触发 CtrlHeartbeat5m = "heartbeat_5m" // 每5分钟触发 CtrlHeartbeat10m = "heartbeat_10m" // 每10分钟触发 CtrlHeartbeat15m = "heartbeat_15m" // 每15分钟触发 CtrlHeartbeat20m = "heartbeat_20m" // 每20分钟触发 CtrlHeartbeat30m = "heartbeat_30m" // 每30分钟触发 CtrlHeartbeat60m = "heartbeat_60m" // 每60分钟触发 )
View Source
const ( CtrlStatusSuccess = 0 + iota CtrlStatusFailed )
ctrl status
View Source
const ( EventJoin = "join" EventLeft = "left" EventClient = "client" EventBroadcast = "broadcast" EventNotify = "notify" EventSession = "session" EventListener = "listener" EventTask = "task" EventWebsite = "website" EventPipeline = "pipeline" EventJob = "job" EventHeartbeat = "heartbeat" )
event
View Source
const ( ImplantMalefic = "malefic" ImplantPulse = "pulse" ImplantCobaltStrike = "cobaltstrike" )
View Source
const ( ImplantModBeacon = "beacon" ImplantModBind = "bind" ImplantModPulse = "pulse" ImplantModPrelude = "prelude" SRDIType = "srdi" )
View Source
const ( Windows = "windows" Linux = "linux" Darwin )
View Source
const ( ELF = ".elf" PE = ".pe" DLL = ".dll" PEFile = ".exe" ShellcodeFile = ".bin" DllFile = ".dll" )
View Source
const ( TargetX64Darwin = "x86_64-apple-darwin" TargetArm64Darwin = "aarch64-apple-darwin" TargetX64Linux = "x86_64-unknown-linux-musl" TargetX86Linux = "i686-unknown-linux-musl" TargetX64Windows = "x86_64-pc-windows-msvc" TargetX86Windows = "i686-pc-windows-msvc" TargetX86WindowsGnu = "i686-pc-windows-gnu" TargetX64WindowsGnu = "x86_64-pc-windows-gnu" )
target
View Source
const ( TCPPipeline = "tcp" BindPipeline = "bind" WebsitePipeline = "website" )
View Source
const ( // internal ModulePing = "ping" ModuleClear = "clear" ModuleCancelTask = "cancel_task" ModuleSleep = "sleep" ModuleSuicide = "suicide" ModuleInit = "init" //execute ModuleAliasShell = "shell" ModuleAliasPowershell = "powershell" ModuleExecution = "exec" ModuleExecuteLocal = "execute_local" ModuleExecuteAssembly = "execute_assembly" ModuleInlineAssembly = "inline_assembly" ModuleExecuteShellcode = "execute_shellcode" ModuleAliasInlineShellcode = "inline_shellcode" ModuleExecuteExe = "execute_exe" ModuleAliasInlineExe = "inline_exe" ModuleExecuteDll = "execute_dll" ModuleAliasInlineDll = "inline_dll" ModuleExecuteBof = "bof" ModulePowerpick = "powerpick" ModuleUpload = "upload" ModuleDownload = "download" ModulePwd = "pwd" ModuleLs = "ls" ModuleCd = "cd" ModuleMv = "mv" ModuleMkdir = "mkdir" ModuleRm = "rm" ModuleCat = "cat" ModulePs = "ps" ModuleCp = "cp" ModuleChmod = "chmod" ModuleChown = "chown" ModuleKill = "kill" ModuleWhoami = "whoami" ModuleEnv = "env" ModuleSetEnv = "env_set" ModuleUnsetEnv = "env_unset" ModuleSysInfo = "sysinfo" ModuleNetstat = "netstat" ModuleBypass = "bypass" ModuleCurl = "curl" // module ModuleListModule = "list_module" ModuleLoadModule = "load_module" ModuleRefreshModule = "refresh_module" // addon ModuleListAddon = "list_addon" ModuleLoadAddon = "load_addon" ModuleExecuteAddon = "execute_addon" // registry ModuleRegQuery = "reg_query" ModuleRegAdd = "reg_add" ModuleRegDelete = "reg_delete" ModuleRegListKey = "reg_list_key" ModuleRegListValue = "reg_list_value" // service ModuleServiceList = "service_list" ModuleServiceCreate = "service_create" ModuleServiceQuery = "service_query" ModuleServiceStart = "service_start" ModuleServiceStop = "service_stop" ModuleServiceDelete = "service_delete" // taskschd ModuleTaskSchdList = "taskschd_list" ModuleTaskSchdCreate = "taskschd_create" ModuleTaskSchdQuery = "taskschd_query" ModuleTaskSchdStart = "taskschd_start" ModuleTaskSchdStop = "taskschd_stop" ModuleTaskSchdDelete = "taskschd_delete" ModuleTaskSchdRun = "taskschd_run" // wmi ModuleWmiQuery = "wmi_query" ModuleWmiExec = "wmi_execute" // pipe ModulePipeUpload = "pipe_upload" ModulePipeClose = "pipe_close" ModulePipeRead = "pipe_read" // privilege ModuleRunas = "runas" ModulePrivs = "privs" ModuleGetSystem = "getsystem" )
client module and command
View Source
const ( CommandLogin = "login" CommandExit = "exit" CommandWait = "wait" CommandRecover = "recover" CommandPolling = "polling" CommandSessions = "sessions" CommandNewBindSession = "newbind" CommandTasks = "tasks" CommandFiles = "files" CommandExplore = "explorer" CommandSession = "session" CommandSessionNote = "note" CommandSessionGroup = "group" CommandObverse = "obverse" CommandHistory = "history" CommandDelSession = "del" CommandUse = "use" CommandBackground = "background" CommandSync = "sync" CommandBroadcast = "broadcast" CommandVersion = "version" CommandNotify = "notify" CommandAlias = "alias" CommandAliasLoad = "load" CommandAliasList = "list" CommandAliasInstall = "install" CommandAliasRemove = "remove" CommandArmory = "armory" CommandArmoryUpdate = "update" CommandArmorySearch = "search" CommandArmoryLoad = "load" CommandArmoryInstall = "install" CommandExtension = "extension" CommandExtensionList = "list" CommandExtensionLoad = "load" CommandExtensionInstall = "install" CommandExtensionRemove = "remove" CommandMal = "mal" CommandMalLoad = "load" CommandMalList = "list" CommandMalInstall = "install" CommandMalRemove = "remove" CommandMalRefresh = "refresh" CommandTcp = "tcp" CommandWebsite = "website" CommandListener = "listener" CommandJob = "job" CommandPipeline = "pipeline" CommandPipelineNew = "new" CommandPipelineList = "list" CommandPipelineStart = "start" CommandPipelineStop = "stop" CommandBuild = "build" CommandBuildPrelude = "prelude" CommandBuildBeacon = "beacon" CommandBuildBind = "bind" CommandBuildShellCode = "shellcode" CommandBuildModules = "modules" CommandBuildPulse = "pulse" CommandArtifact = "artifact" CommandArtifactList = "list" CommandArtifactDownload = "download" CommandArtifactUpload = "upload" CommandProfile = "profile" CommandProfileList = "list" CommandProfileLoad = "load" CommandSRDI = "srdi" CommandReg = "reg" CommandRegExplorer = "reg_explorer" CommandService = "service" CommandTaskSchd = "taskschd" CommandPipe = "pipe" )
View Source
const ( OPSecLOW = "low" OPSecMID = "mid" OPSecHIGH = "high" OPSecOPsec = "opsec" )
View Source
const (
ClientPrompt = "IoM"
)
UI
Variables ¶
View Source
var ( ModuleAliases = map[string]string{ ModuleAliasInlineShellcode: ModuleExecuteShellcode, ModuleAliasInlineExe: ModuleExecuteExe, ModuleAliasInlineDll: ModuleExecuteDll, ModuleAliasShell: ModuleExecution, ModuleAliasPowershell: ModuleExecution, } ExecuteModules = []string{ ModuleExecuteBof, ModuleExecuteDll, ModuleExecuteShellcode, ModuleExecuteExe, ModulePowerpick, ModuleExecuteAssembly, ModuleAliasInlineExe, ModuleAliasInlineDll, ModuleAliasInlineShellcode, } InlineModules = []string{ ModuleAliasInlineExe, ModuleAliasInlineDll, ModuleAliasInlineShellcode, } SacrificeModules = []string{ ModuleExecuteExe, ModuleExecuteDll, ModuleExecuteShellcode, } )
View Source
var ArchAlias = map[string]string{
"x86_64": "x64",
"amd64": "x64",
"x86": "x86",
"386": "x86",
}
ArchAlias 将别名映射为标准的架构名称
View Source
var ArchMap = map[string]Arch{ "x64": X86_64, "x86": I686, "arm": Arm, "arm64": Aarch64, "mips": Mips, }
ArchMap 将字符串映射为 Arch 枚举值
View Source
var BuildTargetMap = map[string]*BuildTarget{ TargetX64Darwin: { Name: TargetX64Darwin, Arch: ArchMap["x64"].String(), OS: Darwin, }, TargetArm64Darwin: { Name: TargetArm64Darwin, Arch: ArchMap["arm64"].String(), OS: Darwin, }, TargetX64Linux: { Name: TargetX64Linux, Arch: ArchMap["x64"].String(), OS: Linux, }, TargetX86Linux: { Name: TargetX86Linux, Arch: ArchMap["x86"].String(), OS: Linux, }, TargetX64Windows: { Name: TargetX64Windows, Arch: ArchMap["x64"].String(), OS: Windows, }, TargetX86Windows: { Name: TargetX86Windows, Arch: ArchMap["x86"].String(), OS: Windows, }, TargetX86WindowsGnu: { Name: TargetX86WindowsGnu, Arch: ArchMap["x86"].String(), OS: Windows, }, TargetX64WindowsGnu: { Name: TargetX64WindowsGnu, Arch: ArchMap["x64"].String(), OS: Windows, }, }
View Source
var (
WindowsVer = map[string]string{
"5.0.2195": "2000",
"5.1.2600": "XP",
"5.2.3790": "Server 2003/Server 2003 R2",
"6.0.6000": "Vista",
"6.0.6001": "Vista SP1/Server2008",
"6.0.6002": "Vista SP2/Server2008 SP2",
"6.1.0": "7/Server2008 R2",
"6.1.7600": "7/Server2008 R2",
"6.1.7601": "7 SP1/Server2008 R2 SP1",
"6.2.9200": "8/Server2012",
"6.3.9600": "8.1/Server2012 R2",
"10.0.10240": "10 1507",
"10.0.10586": "10 1511",
"10.0.14393": "10 1607/Server2016",
"10.0.15063": "10 1703",
"10.0.16299": "10 1709",
"10.0.17134": "10 1803",
"10.0.17763": "10 1809/Server2019",
"10.0.18362": "10 1903",
"10.0.18363": "10 1909",
"10.0.19041": "10 2004/Server2004",
"10.0.19042": "10 20H2/Server20H2",
"10.0.19043": "10 21H2",
"10.0.20348": "Server2022",
"10.0.22621": "11",
"11.0.22000": "11",
}
)
Functions ¶
func FormatArch ¶ added in v0.0.3
func SubCommandName ¶ added in v0.0.3
Types ¶
type BuildTarget ¶ added in v0.0.3
func GetBuildTarget ¶ added in v0.0.3
func GetBuildTarget(name string) (*BuildTarget, bool)
Click to show internal directories.
Click to hide internal directories.