cattails

package

v0.0.0-...-b5c3a14 Latest Latest Go to latest Published: Nov 20, 2019 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/oneNutW0nder/CatTails

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func BotReadPacket(fd int, vm *bpf.VM) (gopacket.Packet, bool)
func CreateAddrStruct(ifaceInfo *net.Interface) (addr unix.SockaddrLinklayer)
func CreateBPFVM(filter []bpf.RawInstruction) (vm *bpf.VM)
func CreateCommand(cmd string) (command string)
func CreateHello(hostMAC net.HardwareAddr, srcIP net.IP) (hello string)
func CreatePacket(ifaceInfo *net.Interface, srcIp net.IP, dstIP net.IP, srcPort int, dstPort int, ...) (packetData []byte)
func CreateTargetCommand(cmd string, ip string) (command string)
func GetOutwardIface(addr string) (byNameiface *net.Interface, ip net.IP)
func GetRouterMAC() (net.HardwareAddr, error)
func NewSocket() (fd int)
func SendPacket(fd int, ifaceInfo *net.Interface, addr unix.SockaddrLinklayer, ...)
func ServerReadPacket(fd int, vm *bpf.VM) gopacket.Packet

Constants ¶

This section is empty.

Variables ¶

View Source

var FilterRaw = []bpf.RawInstruction{
	{0x28, 0, 0, 0x0000000c},
	{0x15, 0, 6, 0x000086dd},
	{0x30, 0, 0, 0x00000014},
	{0x15, 0, 15, 0x00000011},
	{0x28, 0, 0, 0x00000036},
	{0x15, 12, 0, 0x0000de89},
	{0x28, 0, 0, 0x00000038},
	{0x15, 10, 11, 0x0000de89},
	{0x15, 0, 10, 0x00000800},
	{0x30, 0, 0, 0x00000017},
	{0x15, 0, 8, 0x00000011},
	{0x28, 0, 0, 0x00000014},
	{0x45, 6, 0, 0x00001fff},
	{0xb1, 0, 0, 0x0000000e},
	{0x48, 0, 0, 0x0000000e},
	{0x15, 2, 0, 0x0000de89},
	{0x48, 0, 0, 0x00000010},
	{0x15, 0, 1, 0x0000de89},
	{0x6, 0, 0, 0x00040000},
	{0x6, 0, 0, 0x00000000},
}

FilterRaw is a BPF struct containing raw instructions. Generate with tcpdump udp and port 56969 -dd or whatever filter you would like to generate

Functions ¶

func BotReadPacket ¶

func BotReadPacket(fd int, vm *bpf.VM) (gopacket.Packet, bool)

BotReadPacket reads packets from a socket file descriptor (fd)

fd --> file descriptor that relates to the socket created in main vm --> BPF VM that contains the BPF Program

Returns --> None

func CreateAddrStruct ¶

func CreateAddrStruct(ifaceInfo *net.Interface) (addr unix.SockaddrLinklayer)

CreateAddrStruct creates a "syscall.ScokaddrLinklayer" struct used

for binding the socket to an interface

ifaceInfo --> net.Interface pointer

Returns --> syscall.SockaddrLinklayer struct

func CreateBPFVM ¶

func CreateBPFVM(filter []bpf.RawInstruction) (vm *bpf.VM)

CreateBPFVM creates a BPF VM that contains a BPF program

given by the user in the form of "[]bpf.RawInstruction".

You can create this by using "tcpdump -dd [your filter here]"

filter --> Raw BPF instructions generated from tcpdump

Returns --> Pointer to a BPF VM containing the filter/program

func CreateCommand ¶

func CreateCommand(cmd string) (command string)

CreateCommand creates the payload for sending commands to bots

func CreateHello ¶

func CreateHello(hostMAC net.HardwareAddr, srcIP net.IP) (hello string)

CreateHello creates a HELLO string for callbacks HELLO format:

HELLO: hostname hostMAC hostIP

*NOTE* hostMAC and hostIP will end up being the MAC/IP of the gateway
		we are dealing with NAT. This will be handled by the C2 parsing

func CreatePacket ¶

func CreatePacket(ifaceInfo *net.Interface, srcIp net.IP,
	dstIP net.IP, srcPort int, dstPort int, dstMAC net.HardwareAddr, payload string) (packetData []byte)

CreatePacket takes a net.Interface pointer to access

things like the MAC Address... and yeah... the MAC Address

ifaceInfo --> pointer to a net.Interface

Returns --> Byte array that is a properly formed/serialized packet

func CreateTargetCommand ¶

func CreateTargetCommand(cmd string, ip string) (command string)

CreateTargetCommand creates a target command string

func GetOutwardIface ¶

func GetOutwardIface(addr string) (byNameiface *net.Interface, ip net.IP)

GetOutwardIface determines the interface associated with sending traffic out on the wire and returns a *net.Interface struct

addr --> The IP you want to be able to reach from an interface

Returns --> *net.Interface struct of outward interface

--> net.IP used for creating a packet

func GetRouterMAC ¶

func GetRouterMAC() (net.HardwareAddr, error)

GetRouterMAC gets the default gateway MAC addr from the system

Returns --> MAC addr of the gateway of type net.HardwareAddr

Credit: Milkshak3s & Cictrone

func NewSocket ¶

func NewSocket() (fd int)

NewSocket creates a new RAW socket and returns the file descriptor

Returns --> File descriptor for the raw socket

func SendPacket ¶

func SendPacket(fd int, ifaceInfo *net.Interface, addr unix.SockaddrLinklayer, packetData []byte)

SendPacket sends a packet using a provided

socket file descriptor (fd)

fd --> The file descriptor for the socket to use ifaceInfo --> pointer to net.Interface struct addr --> struct from CreateAddrStruct() packetdata --> The packet to send

Returns --> None

func ServerReadPacket ¶

func ServerReadPacket(fd int, vm *bpf.VM) gopacket.Packet

ServerReadPacket reads packets from a socket file descriptor (fd)

fd --> file descriptor that relates to the socket created in main vm --> BPF VM that contains the BPF Program

Returns --> None

Types ¶

This section is empty.

Source Files ¶

View all Source files

cattails.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL