config

package
v1.37.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 14, 2025 License: Apache-2.0 Imports: 8 Imported by: 10

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {

	// implemented features describes which three stages the exploit implements
	Impl ImplementedFeatures
	// the vendor of the targeted product
	Vendor string
	// the targeted products
	Products []string
	// A combination of the Vendor and Products strings
	Product string
	// the CPE for the targeted product
	CPE []string
	// the CVE being tested
	CVE string
	// the protocol being targeted
	Protocol string
	// the type of exploit being executed
	ExType ExploitType
	// the c2 supported by the exploit
	SupportedC2 []c2.Impl

	StringFlagsMap map[string]*string
	IntFlagsMap    map[string]*int
	UintFlagsMap   map[string]*uint
	BoolFlagsMap   map[string]*bool

	// target host, the target address/name the exploit will work on
	Rhost string
	// target port, the target port the exploit will work on
	Rport int
	// a list of specific targets
	RhostsNTuple []RhostTriplet
	// local host for remote exploits
	Lhost string
	// local port
	Lport int
	// bind port
	Bport int
	// indicates if the framework should autodetect ssl/plain
	DetermineSSL bool
	// indicates if ssl is used in comms
	SSL bool
	// indicates if we run the target verify
	DoVerify bool
	// indicates if we run the version check
	DoVersionCheck bool
	// indicates if we run the exploit
	DoExploit bool
	// automatically start the c2 or not
	C2AutoStart bool
	// the user requested c2 to use
	C2Type c2.Impl
	// C2 server timeout
	C2Timeout int
	// Indicates if the c2 server will be handled elsewhere
	ThirdPartyC2Server bool
	// The database we are working with
	DBName string
	// File format template
	FileTemplateData string
	// File format exploit output
	FileFormatFilePath string
}

The config struct contains a mix of module specified configurations and user specified configurations. The Config struct is first generated by the exploit implementation and then modified by option parsing.

func New deprecated 

func New(extype ExploitType, supportedC2 []c2.Impl, product string, cve string, defaultPort int) *Config

Deprecated: New does not affectively describe the affected/targeted product. Use NewRemoteExploit.

func NewLocal deprecated added in v1.23.0 

func NewLocal(extype ExploitType, supportedC2 []c2.Impl, product string, cve string) *Config

Deprecated: NewLocal does not affectively describe the affected/targeted product. Use NewLocalExploit.

func NewLocalExploit added in v1.24.0 

func NewLocalExploit(implemented ImplementedFeatures, extype ExploitType, supportedC2 []c2.Impl, vendor string,
	product []string, cpe []string, cve string,
) *Config

Defines a new remote exploit and associates with CVE/Product/Protocol metadata. Usage example:.

func NewRemoteExploit added in v1.24.0 

func NewRemoteExploit(implemented ImplementedFeatures, extype ExploitType, supportedC2 []c2.Impl, vendor string,
	product []string, cpe []string, cve string, protocol string, defaultPort int,
) *Config

Defines a new remote exploit and associates with CVE/Product/Protocol metadata. Usage example: 

conf := config.NewRemoteExploit(
  config.ImplementedFeatures{AssetDetection: true, VersionScanning: true, Exploitation: true},
  config.CodeExecution, []c2.Impl{c2.SimpleShellServer},
  "Atlassian", []string{"Confluence"}, []string{"cpe:2.3:a:atlassian:confluence"},
  "CVE-2023-22527", "HTTP", 8090)

func (*Config) ApplyTemplate added in v1.36.0 

func (conf *Config) ApplyTemplate(name string) string

Apply the configuration settings to a Go text template. This will take the `Config` struct and apply it to a `text/template`, allowing for strings to be built directly from the already set configuration variables. 

s := conf.ApplyTemplate(`CVE: {{.CVE}} - {{.Product}}`)
output.PrintStatus(s) // Output: CVE: CVE-2024-1337 - OFBiz

Flags that are user defined with CreateStringFlag and other types are directly accessible from their map values, for example if a command line argument is added with conf.CreateStringFlag("output", "do output", "instructions") it will be accessible via the following ApplyTemplate call: 

conf.ApplyTemplate(`Output flag {{.StringFlagsMap.output}}`)

This function only returns the processed string and if a templating error occurs the function emits a framework error and sets the string to an empty string. This makes it harder to process any dynamic content and properly catch errors, but simplifies the return value to only provide a string.

This should not be used with potentially attacker controlled input.

Some Config types might be complex and will require usage of range components of text/template, follow the package docs if necessary.

func (*Config) CreateBoolFlag added in v1.29.0 

func (conf *Config) CreateBoolFlag(name string, value bool, usage string)

Create a command line flag for the bool var "name" with the default value of "value" and store the result locally.

func (*Config) CreateBoolVarFlag added in v1.29.0 

func (conf *Config) CreateBoolVarFlag(param *bool, name string, value bool, usage string)

Create a command line flag for the bool var "name" with the default value of "value" and store the result locally *using an external "param" pointer*.

func (*Config) CreateIntFlag added in v1.29.0 

func (conf *Config) CreateIntFlag(name string, value int, usage string)

Create a command line flag for the int var "name" with the default value of "value" and store the result locally.

func (*Config) CreateIntVarFlag added in v1.29.0 

func (conf *Config) CreateIntVarFlag(param *int, name string, value int, usage string)

Create a command line flag for the int var "name" with the default value of "value" and store the result locally *using an external "param" pointer*.

func (*Config) CreateStringFlag added in v1.29.0 

func (conf *Config) CreateStringFlag(name string, value string, usage string)

Create a command line flag for the string var "name" with the default value of "value" and store the result locally.

func (*Config) CreateStringVarFlag added in v1.29.0 

func (conf *Config) CreateStringVarFlag(param *string, name string, value string, usage string)

Create a command line flag for the string var "name" with the default value of "value" and store the result locally *using an external "param" pointer*.

func (*Config) CreateUintFlag added in v1.29.0 

func (conf *Config) CreateUintFlag(name string, value uint, usage string)

Create a command line flag for the uint var "name" with the default value of "value" and store the result locally.

func (*Config) CreateUintVarFlag added in v1.29.0 

func (conf *Config) CreateUintVarFlag(param *uint, name string, value uint, usage string)

Create a command line flag for the uint var "name" with the default value of "value" and store the result locally *using an external "param" pointer*.

func (*Config) DisableC2Start added in v1.35.0 

func (conf *Config) DisableC2Start()

Disable automatic start of c2 servers. Manually starting is required after this function is called. This is useful when you have an exploit that may have multiple stages and you are guaranteed to not need the C2 setup. An example is an exploit that needs to retrieve a CAPTCHA may not want to start up the C2 until the first stage is retrieved and the CAPTCHA is solved.

func (*Config) GetBoolFlag added in v1.29.0 

func (conf *Config) GetBoolFlag(name string) bool

Fetch the configured uint value for "name".

func (*Config) GetIntFlag added in v1.29.0 

func (conf *Config) GetIntFlag(name string) int

Fetch the configured uint value for "name".

func (*Config) GetStringFlag added in v1.29.0 

func (conf *Config) GetStringFlag(name string) string

Fetch the configured string value for "name".

func (*Config) GetUintFlag added in v1.29.0 

func (conf *Config) GetUintFlag(name string) uint

Fetch the configured uint value for "name".

func (*Config) InitFlagsStructs added in v1.29.0 

func (conf *Config) InitFlagsStructs()

func (*Config) ResolveC2Payload added in v1.30.1 

func (conf *Config) ResolveC2Payload() c2.Impl

Some C2 (ShellTunnel) don't actually care how the payload is generated, but the underlying C2 might be implied depending on how the individual exploit has been developed. It is certainly not a requirement to call this function but it can help simplify the handling of secure shell vs insecure.

type ExploitType 

type ExploitType int
const (
	CodeExecution         ExploitType = 0
	InformationDisclosure ExploitType = 1
	Webshell              ExploitType = 2
	FileFormat            ExploitType = 3
	Local                 ExploitType = 4
)

func (ExploitType) String added in v1.25.0 

func (eType ExploitType) String() string

Convert ExploitType to String.

type ImplementedFeatures added in v1.24.0 

type ImplementedFeatures struct {
	AssetDetection  bool
	VersionScanning bool
	Exploitation    bool
}

type RhostTriplet added in v1.0.14 

type RhostTriplet struct {
	Rhost string
	Rport int
	SSL   SSLSupport
}

type SSLSupport added in v1.0.14 

type SSLSupport int
const (
	SSLDisabled     SSLSupport = 0
	SSLEnabled      SSLSupport = 1
	SSLAutodiscover SSLSupport = 2
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.