contact

package

v0.0.0-...-b408f3f Latest Latest Go to latest Published: Feb 13, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mitre/sandcat

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CreatePayloadRequest(profile map[string]interface{}, payloadName string) ([]byte, error)
type DnsTunneling
type FTP
type GIST
type Slack

Constants ¶

View Source

const (
	RECORD_TYPE_A         = 1
	RECORD_TYPE_TXT       = 16
	TIMEOUT_SECONDS       = 10
	BASE_DOMAIN           = "{DNS_TUNNELING_C2_DOMAIN}"
	MIN_MESSAGE_ID        = 10000000
	MAX_MESSAGE_ID        = 99999999
	MAX_UPLOAD_CHUNK_SIZE = 31 // DNS label is 63 characters max, so 31 bytes in hex reaches 62 characters.

	BEACON_UPLOAD_TYPE             = "be"
	INSTRUCTION_DOWNLOAD_TYPE      = "id"
	PAYLOAD_REQUEST_TYPE           = "pr"
	PAYLOAD_FILENAME_DOWNLOAD_TYPE = "pf"
	PAYLOAD_DATA_DOWNLOAD_TYPE     = "pd"
	UPLOAD_REQUEST_TYPE            = "ur"
	UPLOAD_DATA_TYPE               = "ud"
)

View Source

const (
	USER              = "{FTP_C2_USER}"
	PWORD             = "{FTP_C2_PASSWORD}"
	DIRECTORY         = "/" + "{FTP_C2_DIRECTORY}"
	BEACON_FILENAME   = "Alive.txt"
	PAYLOAD_FILENAME  = "Payload.txt"
	RESPONSE_FILENAME = "Response.txt"
	RESULT_FILENAME   = "Alive.txt"
)

Variables ¶

This section is empty.

Functions ¶

func CreatePayloadRequest ¶

func CreatePayloadRequest(profile map[string]interface{}, payloadName string) ([]byte, error)

Types ¶

type DnsTunneling ¶

type DnsTunneling struct {
	// contains filtered or unexported fields
}

func (*DnsTunneling) C2RequirementsMet ¶

func (d *DnsTunneling) C2RequirementsMet(profile map[string]interface{}, criteria map[string]string) (bool, map[string]string)

C2RequirementsMet determines if sandcat can use the selected comm channel

func (*DnsTunneling) GetBeaconBytes ¶

func (d *DnsTunneling) GetBeaconBytes(profile map[string]interface{}) []byte

GetInstructions sends a beacon and returns instructions

func (*DnsTunneling) GetName ¶

func (d *DnsTunneling) GetName() string

func (*DnsTunneling) GetPayloadBytes ¶

func (d *DnsTunneling) GetPayloadBytes(profile map[string]interface{}, payloadName string) ([]byte, string)

GetPayloadBytes fetch payload bytes from server

func (*DnsTunneling) SendExecutionResults ¶

func (d *DnsTunneling) SendExecutionResults(profile map[string]interface{}, result map[string]interface{})

SendExecutionResults send results to server

func (*DnsTunneling) SetUpstreamDestAddr ¶

func (d *DnsTunneling) SetUpstreamDestAddr(upstreamDestAddr string)

func (*DnsTunneling) SupportsContinuous ¶

func (d *DnsTunneling) SupportsContinuous() bool

func (*DnsTunneling) UploadFileBytes ¶

func (d *DnsTunneling) UploadFileBytes(profile map[string]interface{}, uploadName string, data []byte) error

type FTP ¶

type FTP struct {
	// contains filtered or unexported fields
}

API communicates through FTP

func (*FTP) C2RequirementsMet ¶

func (f *FTP) C2RequirementsMet(profile map[string]interface{}, c2Config map[string]string) (bool, map[string]string)

C2RequirementsMet determines if sandcat can use the selected comm channel

func (*FTP) DownloadFile ¶

func (f *FTP) DownloadFile(filename string) ([]byte, error)

Download file from server

func (*FTP) FtpBeacon ¶

func (f *FTP) FtpBeacon(profile map[string]interface{}) ([]byte, bool)

Controls process to send beacon to server

func (*FTP) GetBeaconBytes ¶

func (f *FTP) GetBeaconBytes(profile map[string]interface{}) []byte

GetBeaconBytes sends a beacon and returns instructions

func (*FTP) GetName ¶

func (f *FTP) GetName() string

Return 'ftp'

func (*FTP) GetPayloadBytes ¶

func (f *FTP) GetPayloadBytes(profile map[string]interface{}, payloadName string) ([]byte, string)

GetPayloadBytes fetch payload bytes from ftp server

func (*FTP) SendExecutionResults ¶

func (f *FTP) SendExecutionResults(profile map[string]interface{}, result map[string]interface{})

SendExecutionResults send results to the server

func (*FTP) ServerSetDir ¶

func (f *FTP) ServerSetDir(paw string) error

Connect to ftp server with username and password

func (*FTP) SetUpstreamDestAddr ¶

func (f *FTP) SetUpstreamDestAddr(upstreamDestAddr string)

Set upstreamDestAddr

func (*FTP) SupportsContinuous ¶

func (f *FTP) SupportsContinuous() bool

func (*FTP) UploadFile ¶

func (f *FTP) UploadFile(filename string, data []byte) error

Upload file to server

func (*FTP) UploadFileBytes ¶

func (f *FTP) UploadFileBytes(profile map[string]interface{}, uploadName string, data []byte) error

Upload file found by agent to server

type GIST ¶

type GIST struct {
	// contains filtered or unexported fields
}

func (GIST) C2RequirementsMet ¶

func (g GIST) C2RequirementsMet(profile map[string]interface{}, criteria map[string]string) (bool, map[string]string)

C2RequirementsMet determines if sandcat can use the selected comm channel

func (GIST) GetBeaconBytes ¶

func (g GIST) GetBeaconBytes(profile map[string]interface{}) []byte

GetInstructions sends a beacon and returns instructions

func (GIST) GetName ¶

func (g GIST) GetName() string

func (GIST) GetPayloadBytes ¶

func (g GIST) GetPayloadBytes(profile map[string]interface{}, payloadName string) ([]byte, string)

GetPayloadBytes load payload bytes from github

func (GIST) SendExecutionResults ¶

func (g GIST) SendExecutionResults(profile map[string]interface{}, result map[string]interface{})

SendExecutionResults send results to the server

func (GIST) SetUpstreamDestAddr ¶

func (g GIST) SetUpstreamDestAddr(upstreamDestAddr string)

func (GIST) SupportsContinuous ¶

func (g GIST) SupportsContinuous() bool

func (GIST) UploadFileBytes ¶

func (g GIST) UploadFileBytes(profile map[string]interface{}, uploadName string, data []byte) error

type Slack ¶

type Slack struct {
	// contains filtered or unexported fields
}

func (*Slack) C2RequirementsMet ¶

func (s *Slack) C2RequirementsMet(profile map[string]interface{}, criteria map[string]string) (bool, map[string]string)

C2RequirementsMet determines if sandcat can use the selected comm channel

func (*Slack) GetBeaconBytes ¶

func (s *Slack) GetBeaconBytes(profile map[string]interface{}) []byte

GetInstructions sends a beacon and returns instructions

func (*Slack) GetName ¶

func (s *Slack) GetName() string

func (*Slack) GetPayloadBytes ¶

func (s *Slack) GetPayloadBytes(profile map[string]interface{}, payloadName string) ([]byte, string)

GetPayloadBytes load payload bytes

func (*Slack) SendExecutionResults ¶

func (s *Slack) SendExecutionResults(profile map[string]interface{}, result map[string]interface{})

SendExecutionResults send results to the server

func (*Slack) SetUpstreamDestAddr ¶

func (s *Slack) SetUpstreamDestAddr(upstreamDestAddr string)

func (*Slack) SupportsContinuous ¶

func (s *Slack) SupportsContinuous() bool

func (*Slack) UploadFileBytes ¶

func (s *Slack) UploadFileBytes(profile map[string]interface{}, uploadName string, data []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL