cattails

package

v0.0.0-...-b5c3a14 Latest Latest Go to latest Published: Nov 20, 2019 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/oneNutW0nder/CatTails

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func BotReadPacket(fd int, vm *bpf.VM) (gopacket.Packet, bool)
func CreateAddrStruct(ifaceInfo *net.Interface) (addr unix.SockaddrLinklayer)
func CreateBPFVM(filter []bpf.RawInstruction) (vm *bpf.VM)
func CreateCommand(cmd string) (command string)
func CreateHello(hostMAC net.HardwareAddr, srcIP net.IP) (hello string)
func CreatePacket(ifaceInfo *net.Interface, srcIp net.IP, dstIP net.IP, srcPort int, dstPort int, ...) (packetData []byte)
func CreateTargetCommand(cmd string, ip string) (command string)
func GetOutwardIface(addr string) (byNameiface *net.Interface, ip net.IP)
func GetRouterMAC() (net.HardwareAddr, error)
func NewSocket() (fd int)
func SendPacket(fd int, ifaceInfo *net.Interface, addr unix.SockaddrLinklayer, ...)
func ServerReadPacket(fd int, vm *bpf.VM) gopacket.Packet

Constants ¶

This section is empty.

Variables ¶

View Source

var FilterRaw = []bpf.RawInstruction{
	{0x28, 0, 0, 0x0000000c},
	{0x15, 0, 6, 0x000086dd},
	{0x30, 0, 0, 0x00000014},
	{0x15, 0, 15, 0x00000011},
	{0x28, 0, 0, 0x00000036},
	{0x15, 12, 0, 0x0000de89},
	{0x28, 0, 0, 0x00000038},
	{0x15, 10, 11, 0x0000de89},
	{0x15, 0, 10, 0x00000800},
	{0x30, 0, 0, 0x00000017},
	{0x15, 0, 8, 0x00000011},
	{0x28, 0, 0, 0x00000014},
	{0x45, 6, 0, 0x00001fff},
	{0xb1, 0, 0, 0x0000000e},
	{0x48, 0, 0, 0x0000000e},
	{0x15, 2, 0, 0x0000de89},
	{0x48, 0, 0, 0x00000010},
	{0x15, 0, 1, 0x0000de89},
	{0x6, 0, 0, 0x00040000},
	{0x6, 0, 0, 0x00000000},
}

FilterRaw is a BPF struct containing raw instructions. Generate with tcpdump udp and port 56969 -dd or whatever filter you would like to generate

Functions ¶

func BotReadPacket ¶

func BotReadPacket(fd int, vm *bpf.VM) (gopacket.Packet, bool)

BotReadPacket reads packets from a socket file descriptor (fd)

fd --> file descriptor that relates to the socket created in main vm --> BPF VM that contains the BPF Program

Returns --> None

func CreateAddrStruct ¶

func CreateAddrStruct(ifaceInfo *net.Interface) (addr unix.SockaddrLinklayer)

CreateAddrStruct creates a "syscall.ScokaddrLinklayer" struct used

for binding the socket to an interface

ifaceInfo --> net.Interface pointer

Returns --> syscall.SockaddrLinklayer struct

func CreateBPFVM ¶

func CreateBPFVM(filter []bpf.RawInstruction) (vm *bpf.VM)

CreateBPFVM creates a BPF VM that contains a BPF program

given by the user in the form of "[]bpf.RawInstruction".

You can create this by using "tcpdump -dd [your filter here]"

filter --> Raw BPF instructions generated from tcpdump

Returns --> Pointer to a BPF VM containing the filter/program

func CreateCommand ¶

func CreateCommand(cmd string) (command string)

CreateCommand creates the payload for sending commands to bots

func CreateHello ¶

func CreateHello(hostMAC net.HardwareAddr, srcIP net.IP) (hello string)

CreateHello creates a HELLO string for callbacks HELLO format:

HELLO: hostname hostMAC hostIP

*NOTE* hostMAC and hostIP will end up being the MAC/IP of the gateway
		we are dealing with NAT. This will be handled by the C2 parsing

func CreatePacket ¶

func CreatePacket(ifaceInfo *net.Interface, srcIp net.IP,
	dstIP net.IP, srcPort int, dstPort int, dstMAC net.HardwareAddr, payload string) (packetData []byte)

CreatePacket takes a net.Interface pointer to access

things like the MAC Address... and yeah... the MAC Address

ifaceInfo --> pointer to a net.Interface

Returns --> Byte array that is a properly formed/serialized packet

func CreateTargetCommand ¶

func CreateTargetCommand(cmd string, ip string) (command string)

CreateTargetCommand creates a target command string

func GetOutwardIface ¶

func GetOutwardIface(addr string) (byNameiface *net.Interface, ip net.IP)

GetOutwardIface determines the interface associated with sending traffic out on the wire and returns a *net.Interface struct

addr --> The IP you want to be able to reach from an interface

Returns --> *net.Interface struct of outward interface

--> net.IP used for creating a packet

func GetRouterMAC ¶

func GetRouterMAC() (net.HardwareAddr, error)

GetRouterMAC gets the default gateway MAC addr from the system

Returns --> MAC addr of the gateway of type net.HardwareAddr

Credit: Milkshak3s & Cictrone

func NewSocket ¶

func NewSocket() (fd int)

NewSocket creates a new RAW socket and returns the file descriptor

Returns --> File descriptor for the raw socket

func SendPacket ¶

func SendPacket(fd int, ifaceInfo *net.Interface, addr unix.SockaddrLinklayer, packetData []byte)

SendPacket sends a packet using a provided

socket file descriptor (fd)

fd --> The file descriptor for the socket to use ifaceInfo --> pointer to net.Interface struct addr --> struct from CreateAddrStruct() packetdata --> The packet to send

Returns --> None

func ServerReadPacket ¶

func ServerReadPacket(fd int, vm *bpf.VM) gopacket.Packet

ServerReadPacket reads packets from a socket file descriptor (fd)

fd --> file descriptor that relates to the socket created in main vm --> BPF VM that contains the BPF Program

Returns --> None

Types ¶

This section is empty.

Source Files ¶

View all Source files

cattails.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL