consts

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 20, 2024 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MinTimeout                  = time.Duration(30 * time.Second)
	KB                          = 1024
	MB                          = KB * 1024
	GB                          = MB * 1024
	BufSize                     = 2 * MB
	ClientMaxReceiveMessageSize = 256 * MB
	// ServerMaxMessageSize - Server-side max GRPC message size
	ServerMaxMessageSize = 2 * GB
	DefaultTimeout       = 10 * time.Second // second
)

Default config

View Source
const (
	ClientMenu  = "client"
	ImplantMenu = "implant"
)
View Source
const (
	GenericGroup   = "generic"
	ManageGroup    = "manage"
	ListenerGroup  = "listener"
	GeneratorGroup = "generator"
)

client Groups

View Source
const (
	ImplantGroup = "implant"
	ExecuteGroup = "execute"
	SysGroup     = "sys"
	FileGroup    = "file"

	ArmoryGroup = "armory"
	AddonGroup  = "addon"
	MalGroup    = "mal"
)

implant Groups

View Source
const (
	CryptorXOR = "XOR"
	CryptorRAW = "RAW" // debug only
	CryptorAES = "AES"
)
View Source
const (
	ConfigMaxPacketLength = "server.config.packet_length"
	ConfigAuditLevel      = "server.audit"
)

config

View Source
const (
	UnknownFile = iota
	EXEFile
	DLLFile
)
View Source
const (
	DefaultMaxBodyLength   = 2 * 1024 * 1024 * 1024 // 2Gb
	DefaultHTTPTimeout     = time.Minute
	DefaultLongPollTimeout = time.Second
	DefaultLongPollJitter  = time.Second

	DefaultCacheInterval = 60
)

Time

View Source
const (
	CalleeCMD      = "cmd"
	CalleeMal      = "mal"
	CalleeSDK      = "sdk"
	CalleeExplorer = "explorer"
)
View Source
const (
	CtrlTaskCallback    = "task_callback"
	CtrlTaskFinish      = "task_finish"
	CtrlTaskCancel      = "task_cancel"
	CtrlTaskError       = "task_error"
	CtrlClientJoin      = "client_join"
	CtrlClientLeft      = "client_left"
	CtrlWebUpload       = "web_upload"
	CtrlListenerStart   = "listener_start"
	CtrlListenerStop    = "listener_stop"
	CtrlPipelineStart   = "pipeline_start"
	CtrlPipelineStop    = "pipeline_stop"
	CtrlWebsiteStart    = "website_start"
	CtrlWebsiteStop     = "website_stop"
	CtrlWebsiteRegister = "website_register"
	CtrlJobStart        = "job_start"
	CtrlJobStop         = "job_stop"
	CtrlSessionRegister = "session_register"
	CtrlSessionDead     = "session_dead"
	CtrlSessionInit     = "session_init"
	CtrlSessionReborn   = "session_reborn"
	CtrlSessionLog      = "session_log"
	CtrlSessionTask     = "session_task"
	CtrlSessionError    = "session_error"
	CtrlSessionLeave    = "session_leave"
	CtrlSessionCheckin  = "session_checkin"
)
View Source
const (
	CtrlHeartbeat1s  = "heartbeat_1s"  // 每秒触发
	CtrlHeartbeat5s  = "heartbeat_5s"  // 每5秒触发
	CtrlHeartbeat10s = "heartbeat_10s" // 每10秒触发
	CtrlHeartbeat15s = "heartbeat_15s" // 每15秒触发
	CtrlHeartbeat30s = "heartbeat_30s" // 每30秒触发
	CtrlHeartbeat1m  = "heartbeat_1m"  // 每分钟触发
	CtrlHeartbeat5m  = "heartbeat_5m"  // 每5分钟触发
	CtrlHeartbeat10m = "heartbeat_10m" // 每10分钟触发
	CtrlHeartbeat15m = "heartbeat_15m" // 每15分钟触发
	CtrlHeartbeat20m = "heartbeat_20m" // 每20分钟触发
	CtrlHeartbeat30m = "heartbeat_30m" // 每30分钟触发
	CtrlHeartbeat60m = "heartbeat_60m" // 每60分钟触发
)
View Source
const (
	CtrlStatusSuccess = 0 + iota
	CtrlStatusFailed
)

ctrl status

View Source
const (
	EventJoin      = "join"
	EventLeft      = "left"
	EventClient    = "client"
	EventBroadcast = "broadcast"
	EventNotify    = "notify"
	EventSession   = "session"
	EventListener  = "listener"
	EventTask      = "task"
	EventWebsite   = "website"
	EventPipeline  = "pipeline"
	EventJob       = "job"
	EventHeartbeat = "heartbeat"
)

event

View Source
const (
	ImplantMalefic      = "malefic"
	ImplantPulse        = "pulse"
	ImplantCobaltStrike = "cobaltstrike"
)
View Source
const (
	ImplantModBeacon  = "beacon"
	ImplantModBind    = "bind"
	ImplantModPulse   = "pulse"
	ImplantModPrelude = "prelude"
	SRDIType          = "srdi"
)
View Source
const (
	Windows = "windows"
	Linux   = "linux"
	Darwin
)
View Source
const (
	ELF           = ".elf"
	PE            = ".pe"
	DLL           = ".dll"
	PEFile        = ".exe"
	ShellcodeFile = ".bin"
	DllFile       = ".dll"
)
View Source
const (
	TargetX64Darwin     = "x86_64-apple-darwin"
	TargetArm64Darwin   = "aarch64-apple-darwin"
	TargetX64Linux      = "x86_64-unknown-linux-musl"
	TargetX86Linux      = "i686-unknown-linux-musl"
	TargetX64Windows    = "x86_64-pc-windows-msvc"
	TargetX86Windows    = "i686-pc-windows-msvc"
	TargetX86WindowsGnu = "i686-pc-windows-gnu"
	TargetX64WindowsGnu = "x86_64-pc-windows-gnu"
)

target

View Source
const (
	TCPPipeline     = "tcp"
	BindPipeline    = "bind"
	WebsitePipeline = "website"
)
View Source
const (
	// internal
	ModulePing       = "ping"
	ModuleClear      = "clear"
	ModuleCancelTask = "cancel_task"
	ModuleSleep      = "sleep"
	ModuleSuicide    = "suicide"
	ModuleInit       = "init"
	//execute
	ModuleAliasShell           = "shell"
	ModuleAliasPowershell      = "powershell"
	ModuleExecution            = "exec"
	ModuleExecuteLocal         = "execute_local"
	ModuleExecuteAssembly      = "execute_assembly"
	ModuleInlineAssembly       = "inline_assembly"
	ModuleExecuteShellcode     = "execute_shellcode"
	ModuleAliasInlineShellcode = "inline_shellcode"
	ModuleExecuteExe           = "execute_exe"
	ModuleAliasInlineExe       = "inline_exe"
	ModuleExecuteDll           = "execute_dll"
	ModuleAliasInlineDll       = "inline_dll"
	ModuleExecuteBof           = "bof"
	ModulePowerpick            = "powerpick"
	ModuleUpload               = "upload"
	ModuleDownload             = "download"
	ModulePwd                  = "pwd"
	ModuleLs                   = "ls"
	ModuleCd                   = "cd"
	ModuleMv                   = "mv"
	ModuleMkdir                = "mkdir"
	ModuleRm                   = "rm"
	ModuleCat                  = "cat"
	ModulePs                   = "ps"
	ModuleCp                   = "cp"
	ModuleChmod                = "chmod"
	ModuleChown                = "chown"
	ModuleKill                 = "kill"
	ModuleWhoami               = "whoami"
	ModuleEnv                  = "env"
	ModuleSetEnv               = "env_set"
	ModuleUnsetEnv             = "env_unset"

	ModuleSysInfo = "sysinfo"
	ModuleNetstat = "netstat"
	ModuleBypass  = "bypass"
	ModuleCurl    = "curl"

	// module
	ModuleListModule    = "list_module"
	ModuleLoadModule    = "load_module"
	ModuleRefreshModule = "refresh_module"

	// addon
	ModuleListAddon    = "list_addon"
	ModuleLoadAddon    = "load_addon"
	ModuleExecuteAddon = "execute_addon"

	// registry
	ModuleRegQuery     = "reg_query"
	ModuleRegAdd       = "reg_add"
	ModuleRegDelete    = "reg_delete"
	ModuleRegListKey   = "reg_list_key"
	ModuleRegListValue = "reg_list_value"

	// service
	ModuleServiceList   = "service_list"
	ModuleServiceCreate = "service_create"
	ModuleServiceQuery  = "service_query"
	ModuleServiceStart  = "service_start"
	ModuleServiceStop   = "service_stop"
	ModuleServiceDelete = "service_delete"

	// taskschd
	ModuleTaskSchdList   = "taskschd_list"
	ModuleTaskSchdCreate = "taskschd_create"
	ModuleTaskSchdQuery  = "taskschd_query"
	ModuleTaskSchdStart  = "taskschd_start"
	ModuleTaskSchdStop   = "taskschd_stop"
	ModuleTaskSchdDelete = "taskschd_delete"
	ModuleTaskSchdRun    = "taskschd_run"

	// wmi
	ModuleWmiQuery = "wmi_query"
	ModuleWmiExec  = "wmi_execute"

	// pipe
	ModulePipeUpload = "pipe_upload"
	ModulePipeClose  = "pipe_close"
	ModulePipeRead   = "pipe_read"

	// privilege
	ModuleRunas     = "runas"
	ModulePrivs     = "privs"
	ModuleGetSystem = "getsystem"
)

client module and command

View Source
const (
	CommandLogin            = "login"
	CommandExit             = "exit"
	CommandWait             = "wait"
	CommandRecover          = "recover"
	CommandPolling          = "polling"
	CommandSessions         = "sessions"
	CommandNewBindSession   = "newbind"
	CommandTasks            = "tasks"
	CommandFiles            = "files"
	CommandExplore          = "explorer"
	CommandSession          = "session"
	CommandSessionNote      = "note"
	CommandSessionGroup     = "group"
	CommandObverse          = "obverse"
	CommandHistory          = "history"
	CommandDelSession       = "del"
	CommandUse              = "use"
	CommandBackground       = "background"
	CommandSync             = "sync"
	CommandBroadcast        = "broadcast"
	CommandVersion          = "version"
	CommandNotify           = "notify"
	CommandAlias            = "alias"
	CommandAliasLoad        = "load"
	CommandAliasList        = "list"
	CommandAliasInstall     = "install"
	CommandAliasRemove      = "remove"
	CommandArmory           = "armory"
	CommandArmoryUpdate     = "update"
	CommandArmorySearch     = "search"
	CommandArmoryLoad       = "load"
	CommandArmoryInstall    = "install"
	CommandExtension        = "extension"
	CommandExtensionList    = "list"
	CommandExtensionLoad    = "load"
	CommandExtensionInstall = "install"
	CommandExtensionRemove  = "remove"
	CommandMal              = "mal"
	CommandMalLoad          = "load"
	CommandMalList          = "list"
	CommandMalInstall       = "install"
	CommandMalRemove        = "remove"
	CommandMalRefresh       = "refresh"
	CommandTcp              = "tcp"
	CommandWebsite          = "website"
	CommandListener         = "listener"
	CommandJob              = "job"
	CommandPipeline         = "pipeline"
	CommandPipelineNew      = "new"
	CommandPipelineList     = "list"
	CommandPipelineStart    = "start"
	CommandPipelineStop     = "stop"
	CommandBuild            = "build"
	CommandBuildPrelude     = "prelude"
	CommandBuildBeacon      = "beacon"
	CommandBuildBind        = "bind"
	CommandBuildShellCode   = "shellcode"
	CommandBuildModules     = "modules"
	CommandBuildPulse       = "pulse"
	CommandArtifact         = "artifact"
	CommandArtifactList     = "list"
	CommandArtifactDownload = "download"
	CommandArtifactUpload   = "upload"
	CommandProfile          = "profile"
	CommandProfileList      = "list"
	CommandProfileLoad      = "load"
	CommandSRDI             = "srdi"
	CommandReg              = "reg"
	CommandRegExplorer      = "reg_explorer"
	CommandService          = "service"
	CommandTaskSchd         = "taskschd"
	CommandPipe             = "pipe"
)
View Source
const (
	OPSecLOW   = "low"
	OPSecMID   = "mid"
	OPSecHIGH  = "high"
	OPSecOPsec = "opsec"
)
View Source
const (
	ClientPrompt = "IoM"
)

UI

Variables

View Source
var ArchAlias = map[string]string{
	"x86_64": "x64",
	"amd64":  "x64",
	"x86":    "x86",
	"386":    "x86",
}

ArchAlias 将别名映射为标准的架构名称

View Source
var ArchMap = map[string]Arch{
	"x64":   X86_64,
	"x86":   I686,
	"arm":   Arm,
	"arm64": Aarch64,
	"mips":  Mips,
}

ArchMap 将字符串映射为 Arch 枚举值

View Source
var BuildTargetMap = map[string]*BuildTarget{
	TargetX64Darwin: {
		Name: TargetX64Darwin,
		Arch: ArchMap["x64"].String(),
		OS:   Darwin,
	},
	TargetArm64Darwin: {
		Name: TargetArm64Darwin,
		Arch: ArchMap["arm64"].String(),
		OS:   Darwin,
	},
	TargetX64Linux: {
		Name: TargetX64Linux,
		Arch: ArchMap["x64"].String(),
		OS:   Linux,
	},
	TargetX86Linux: {
		Name: TargetX86Linux,
		Arch: ArchMap["x86"].String(),
		OS:   Linux,
	},
	TargetX64Windows: {
		Name: TargetX64Windows,
		Arch: ArchMap["x64"].String(),
		OS:   Windows,
	},
	TargetX86Windows: {
		Name: TargetX86Windows,
		Arch: ArchMap["x86"].String(),
		OS:   Windows,
	},
	TargetX86WindowsGnu: {
		Name: TargetX86WindowsGnu,
		Arch: ArchMap["x86"].String(),
		OS:   Windows,
	},
	TargetX64WindowsGnu: {
		Name: TargetX64WindowsGnu,
		Arch: ArchMap["x64"].String(),
		OS:   Windows,
	},
}
View Source
var (
	WindowsVer = map[string]string{
		"5.0.2195": "2000",
		"5.1.2600": "XP",

		"5.2.3790": "Server 2003/Server 2003 R2",

		"6.0.6000":   "Vista",
		"6.0.6001":   "Vista SP1/Server2008",
		"6.0.6002":   "Vista SP2/Server2008 SP2",
		"6.1.0":      "7/Server2008 R2",
		"6.1.7600":   "7/Server2008 R2",
		"6.1.7601":   "7 SP1/Server2008 R2 SP1",
		"6.2.9200":   "8/Server2012",
		"6.3.9600":   "8.1/Server2012 R2",
		"10.0.10240": "10 1507",
		"10.0.10586": "10 1511",
		"10.0.14393": "10 1607/Server2016",
		"10.0.15063": "10 1703",
		"10.0.16299": "10 1709",
		"10.0.17134": "10 1803",
		"10.0.17763": "10 1809/Server2019",
		"10.0.18362": "10 1903",
		"10.0.18363": "10 1909",
		"10.0.19041": "10 2004/Server2004",
		"10.0.19042": "10 20H2/Server20H2",
		"10.0.19043": "10 21H2",
		"10.0.20348": "Server2022",
		"10.0.22621": "11",
		"11.0.22000": "11",
	}
)

Functions

func FormatArch added in v0.0.3

func FormatArch(arch string) string

func MapArch added in v0.0.3

func MapArch(arch string) uint32

func SubCommandName added in v0.0.3

func SubCommandName(module string) string

Types

type Arch added in v0.0.3

type Arch uint32
const (
	I686    Arch = 0
	X86_64  Arch = 1
	Arm     Arch = 2
	Aarch64 Arch = 3
	Mips    Arch = 4
)

func (Arch) String added in v0.0.3

func (a Arch) String() string

type BuildTarget added in v0.0.3

type BuildTarget struct {
	Name string
	Arch string
	OS   string
}

func GetBuildTarget added in v0.0.3

func GetBuildTarget(name string) (*BuildTarget, bool)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL