otplock

package module
v1.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2021 License: GPL-3.0 Imports: 19 Imported by: 0

README

One-Time-Padlock (OTPLock)

🍪 Buy me a cookie

Go Report Card

What is this?

This go package provides a utility for Red Teamers to host dynamic OTP codes for their payloads.

How to install

Open a terminal and run the following:

$ go get -ldflags "-s -w" -u gitlab.com/mjwhitta/otplock/cmd/otplock

Or install from source:

$ git clone https://gitlab.com/mjwhitta/otplock.git
$ cd otplock
$ git submodule update --init
$ make install

Note: make install will install to $HOME/.local/bin.

Usage

Simply run otplock [--unsave] in a terminal, and open the URL it prints out.

Simple

To start, enter the endpoint, the length of time the OTP key should be valid, and the payload in hex. After hitting submit, you will be given the URL for the decryption key and the encrypted payload in hex. Copy and paste those to your source code and compile.

Advanced

Warning: This usage can be unsafe. This will allow anyone with the link to run arbitrary commands on your box. It is suggested to only run this on a fresh VM with minimal network connections (separate VLAN).

Change to the Advanced config level to get a little more functionality. The Advanced config will let you upload your source code and will attempt to compile it for you as you submit payloads.

To start, enter the endpoint, the source filename, the command to compile, and the name of the compiled binary to return to the user upon payload submission. After hitting submit, you will be given a URL to save for submitting payloads.

From here it is quite similar to the Simple config, except a binary is returned instead of the URL for the decryption key and the encrypted payload.

TODO

  • Better README

Documentation

Index

Constants

View Source
const Version = "1.0.9"

Version is the package version

Variables

This section is empty.

Functions

This section is empty.

Types

type OTPLock

type OTPLock struct {
	Addr        string
	AllowUnsafe bool
	Keys        *safety.Map
	Root        string
	// contains filtered or unexported fields
}

OTPLock is a struct containing all metadata required to host an HTTP server.

func New

func New(port int) (otp *OTPLock, e error)

New will return a pointer to a new OTPLock instance.

func (*OTPLock) Run

func (otp *OTPLock) Run(allowUnsafe bool) error

Run will listen for incoming connections and return the requested OTP if still valid.

func (*OTPLock) Stop

func (otp *OTPLock) Stop()

Stop will shutdown the OTPLock instance.

Directories

Path Synopsis
cmd
samples
go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL