README
¶
Manticore is a framework for working with Windows network protocols (SMB, LDAP, DCE/RPC, and more), cryptography, and authentication, designed for building cross-platform security tooling.
Features
- Cross-Platform Support: Works on Windows, Linux, and macOS.
- Multiple Authentication Protocols: Supports NTLM, Kerberos (soon), and LDAP authentication.
- Cryptography: cmac, dcc, dcc2, gppp, lm, md4, nt, ntlmv1, ntlmv2, pkcs7, rc4, uuid
- Network Protocol Implementations: Includes SMB, LDAP, and other common Windows protocols.
- Extensible Architecture: Easily add new modules and functionality.
Installation
To use this framework you can either download the latest release from the GitHub release page or add it to your project with the following go command:
go get github.com/TheManticoreProject/Manticore@latest
Contributing
Pull requests are welcome. Feel free to open an issue if you want to add other features.
Credits
- Remi GASCOU (Podalirius) for the creation of the Manticore project.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
crypto
|
|
|
aescts
Package aescts implements AES-CTS (Ciphertext Stealing) mode as used by Kerberos per RFC 3962.
|
Package aescts implements AES-CTS (Ciphertext Stealing) mode as used by Kerberos per RFC 3962. |
|
nfold
Package nfold implements the N-FOLD function from RFC 3961 Section 5.1.
|
Package nfold implements the N-FOLD function from RFC 3961 Section 5.1. |
|
spnego/ntlm/security
Package security implements NTLMSSP per-message security: the message integrity (signing) and confidentiality (sealing) services used by GSS_WrapEx / GSS_GetMICEx once an NTLM authentication exchange has produced an exported session key.
|
Package security implements NTLMSSP per-message security: the message integrity (signing) and confidentiality (sealing) services used by GSS_WrapEx / GSS_GetMICEx once an NTLM authentication exchange has produced an exported session key. |
|
encoding
|
|
|
network
|
|
|
dcerpc/dtyp
Package dtyp provides the [MS-DTYP] common data types that recur across DCE/RPC interfaces (lsarpc, samr, srvsvc, …) as NDR-marshallable Go types, so each interface reuses one definition instead of redeclaring the same NDR-tagged structs.
|
Package dtyp provides the [MS-DTYP] common data types that recur across DCE/RPC interfaces (lsarpc, samr, srvsvc, …) as NDR-marshallable Go types, so each interface reuses one definition instead of redeclaring the same NDR-tagged structs. |
|
dcerpc/interfaces/12345778-1234-abcd-ef00-0123456789ab/0.0
Package rpcinterface_123457781234abcdef000123456789ab_0_0 is the descriptor for the LSA Directory (lsarpc) RPC interface, abstract syntax 12345778-1234-abcd-ef00-0123456789ab version 0.0 ([MS-LSAD] / [MS-LSAT]).
|
Package rpcinterface_123457781234abcdef000123456789ab_0_0 is the descriptor for the LSA Directory (lsarpc) RPC interface, abstract syntax 12345778-1234-abcd-ef00-0123456789ab version 0.0 ([MS-LSAD] / [MS-LSAT]). |
|
dcerpc/interfaces/12345778-1234-abcd-ef00-0123456789ab/0.0/functions
Package functions implements the method stubs of the lsarpc interface (12345778-1234-abcd-ef00-0123456789ab v0.0).
|
Package functions implements the method stubs of the lsarpc interface (12345778-1234-abcd-ef00-0123456789ab v0.0). |
|
dcerpc/interfaces/12345778-1234-abcd-ef00-0123456789ac/1.0
Package rpcinterface_123457781234abcdef000123456789ac_1_0 is the descriptor for the Security Account Manager (SAM) Remote Protocol (samr) RPC interface, abstract syntax 12345778-1234-abcd-ef00-0123456789ac version 1.0 ([MS-SAMR]).
|
Package rpcinterface_123457781234abcdef000123456789ac_1_0 is the descriptor for the Security Account Manager (SAM) Remote Protocol (samr) RPC interface, abstract syntax 12345778-1234-abcd-ef00-0123456789ac version 1.0 ([MS-SAMR]). |
|
dcerpc/interfaces/12345778-1234-abcd-ef00-0123456789ac/1.0/functions
Package functions implements the method stubs of the samr interface (12345778-1234-abcd-ef00-0123456789ac v1.0, [MS-SAMR]).
|
Package functions implements the method stubs of the samr interface (12345778-1234-abcd-ef00-0123456789ac v1.0, [MS-SAMR]). |
|
dcerpc/interfaces/338cd001-2244-31f1-aaaa-900038001003/1.0
Package rpcinterface_338cd001224431f1aaaa900038001003_1_0 is the descriptor for the winreg RPC interface, abstract syntax 338cd001-2244-31f1-aaaa-900038001003 version 1.0 ([MS-RRP]).
|
Package rpcinterface_338cd001224431f1aaaa900038001003_1_0 is the descriptor for the winreg RPC interface, abstract syntax 338cd001-2244-31f1-aaaa-900038001003 version 1.0 ([MS-RRP]). |
|
dcerpc/interfaces/367abb81-9844-35f1-ad32-98f038001003/2.0
Package rpcinterface_367abb81984435f1ad3298f038001003_2_0 is the descriptor for the svcctl RPC interface, abstract syntax 367abb81-9844-35f1-ad32-98f038001003 version 2.0 ([MS-SCMR]).
|
Package rpcinterface_367abb81984435f1ad3298f038001003_2_0 is the descriptor for the svcctl RPC interface, abstract syntax 367abb81-9844-35f1-ad32-98f038001003 version 2.0 ([MS-SCMR]). |
|
dcerpc/interfaces/4b324fc8-1670-01d3-1278-5a47bf6ee188/3.0
Package rpcinterface_4b324fc8167001d312785a47bf6ee188_3_0 is the descriptor for the Server Service Remote Protocol (srvsvc) RPC interface, abstract syntax 4b324fc8-1670-01d3-1278-5a47bf6ee188 version 3.0 ([MS-SRVS]).
|
Package rpcinterface_4b324fc8167001d312785a47bf6ee188_3_0 is the descriptor for the Server Service Remote Protocol (srvsvc) RPC interface, abstract syntax 4b324fc8-1670-01d3-1278-5a47bf6ee188 version 3.0 ([MS-SRVS]). |
|
dcerpc/interfaces/4b324fc8-1670-01d3-1278-5a47bf6ee188/3.0/functions
Package functions implements the method stubs of the srvsvc interface (4b324fc8-1670-01d3-1278-5a47bf6ee188 v3.0, [MS-SRVS]).
|
Package functions implements the method stubs of the srvsvc interface (4b324fc8-1670-01d3-1278-5a47bf6ee188 v3.0, [MS-SRVS]). |
|
dcerpc/interfaces/c681d488-d850-11d0-8c52-00c04fd90f7e/1.0
Package rpcinterface_c681d488d85011d08c5200c04fd90f7e_1_0 is the descriptor for the efsrpc RPC interface, abstract syntax c681d488-d850-11d0-8c52-00c04fd90f7e version 1.0 ([MS-EFSR]).
|
Package rpcinterface_c681d488d85011d08c5200c04fd90f7e_1_0 is the descriptor for the efsrpc RPC interface, abstract syntax c681d488-d850-11d0-8c52-00c04fd90f7e version 1.0 ([MS-EFSR]). |
|
dcerpc/interfaces/catalog
Package catalog is a database of well-known DCE/RPC interfaces: it maps an interface UUID (and version) to human-readable metadata — a short name, a title, a description, the executable or DLL that implements the server, the hosting Windows service, the MS-* protocol document, and the well-known named pipe(s).
|
Package catalog is a database of well-known DCE/RPC interfaces: it maps an interface UUID (and version) to human-readable metadata — a short name, a title, a description, the executable or DLL that implements the server, the hosting Windows service, the MS-* protocol document, and the well-known named pipe(s). |
|
dcerpc/interfaces/e1af8308-5d1f-11c9-91a4-08002b14a0fa/3.0
Package rpcinterface_e1af83085d1f11c991a408002b14a0fa_3_0 is the descriptor for the endpoint mapper (ept, "epmapper") RPC interface, abstract syntax e1af8308-5d1f-11c9-91a4-08002b14a0fa version 3.0 ([C706] Appendix O, [MS-RPCE]).
|
Package rpcinterface_e1af83085d1f11c991a408002b14a0fa_3_0 is the descriptor for the endpoint mapper (ept, "epmapper") RPC interface, abstract syntax e1af8308-5d1f-11c9-91a4-08002b14a0fa version 3.0 ([C706] Appendix O, [MS-RPCE]). |
|
dcerpc/interfaces/e1af8308-5d1f-11c9-91a4-08002b14a0fa/3.0/functions
Package functions holds the endpoint mapper (ept) method stubs.
|
Package functions holds the endpoint mapper (ept) method stubs. |
|
dcerpc/ms-protocols/ms-rrp
Package ms_rrp implements the high-level MS-RRP (Windows Remote Registry Protocol) client API over the winreg DCE/RPC interface (338cd001-2244-31f1-aaaa-900038001003 v1.0), carried over the \winreg named pipe on the IPC$ tree.
|
Package ms_rrp implements the high-level MS-RRP (Windows Remote Registry Protocol) client API over the winreg DCE/RPC interface (338cd001-2244-31f1-aaaa-900038001003 v1.0), carried over the \winreg named pipe on the IPC$ tree. |
|
dcerpc/ms-protocols/ms-srvs
Package mssrvs implements high-level MS-SRVS (Server Service Remote Protocol) workflows over the srvsvc DCE/RPC interface (4b324fc8-1670-01d3-1278-5a47bf6ee188 v3.0), carried over the \srvsvc named pipe on the IPC$ tree.
|
Package mssrvs implements high-level MS-SRVS (Server Service Remote Protocol) workflows over the srvsvc DCE/RPC interface (4b324fc8-1670-01d3-1278-5a47bf6ee188 v3.0), carried over the \srvsvc named pipe on the IPC$ tree. |
|
dcerpc/ndr
Package ndr implements the DCE/RPC Network Data Representation (NDR) transfer syntax, version 2.0 (the "NDR20" little-endian encoding used by Windows RPC), with a declarative, reflection-driven API for marshalling RPC call structures.
|
Package ndr implements the DCE/RPC Network Data Representation (NDR) transfer syntax, version 2.0 (the "NDR20" little-endian encoding used by Windows RPC), with a declarative, reflection-driven API for marshalling RPC call structures. |
|
dcerpc/syntax
Package syntax models DCE/RPC presentation syntax identifiers (p_syntax_id_t).
|
Package syntax models DCE/RPC presentation syntax identifiers (p_syntax_id_t). |
|
dcerpc/v4
Package dcerpccl implements the connectionless (datagram) DCE/RPC protocol (C706 protocol version 4, rpc_vers = 4), as used over datagram transports such as ncadg_ip_udp (UDP, well-known endpoint-mapper port 135).
|
Package dcerpccl implements the connectionless (datagram) DCE/RPC protocol (C706 protocol version 4, rpc_vers = 4), as used over datagram transports such as ncadg_ip_udp (UDP, well-known endpoint-mapper port 135). |
|
dcerpc/v4/client
Package client implements the client side of the connectionless (datagram) DCE/RPC protocol machine ([C706] chapter 10), layered on a datagram transport (network/dcerpc/v4/transport) and the connectionless PDU codec (network/dcerpc/v4/pdu).
|
Package client implements the client side of the connectionless (datagram) DCE/RPC protocol machine ([C706] chapter 10), layered on a datagram transport (network/dcerpc/v4/transport) and the connectionless PDU codec (network/dcerpc/v4/pdu). |
|
dcerpc/v4/epm
Package epm implements the RPC endpoint mapper (ept) over the connectionless (v4) transport: it resolves an interface UUID to its bound transport endpoints by calling ept_map on the endpoint mapper at UDP port 135.
|
Package epm implements the RPC endpoint mapper (ept) over the connectionless (v4) transport: it resolves an interface UUID to its bound transport endpoints by calling ept_map on the endpoint mapper at UDP port 135. |
|
dcerpc/v4/interfaces
Package interfaces provides the binding pattern for invoking concrete DCE/RPC interfaces over the connectionless (v4) client.
|
Package interfaces provides the binding pattern for invoking concrete DCE/RPC interfaces over the connectionless (v4) client. |
|
dcerpc/v4/interfaces/mgmt
Package mgmt implements a client for the DCE/RPC remote management (mgmt) interface over the connectionless (v4) transport ([C706] Appendix Q).
|
Package mgmt implements a client for the DCE/RPC remote management (mgmt) interface over the connectionless (v4) transport ([C706] Appendix Q). |
|
dcerpc/v4/internal/ndr
Package ndr provides a minimal little-endian NDR (NDR 2.0) octet cursor for the connectionless (v4) packages that hand-marshal small, fixed wire shapes (the endpoint mapper and the interface bindings).
|
Package ndr provides a minimal little-endian NDR (NDR 2.0) octet cursor for the connectionless (v4) packages that hand-marshal small, fixed wire shapes (the endpoint mapper and the interface bindings). |
|
dcerpc/v4/pdu
Package pdu models connectionless (datagram) DCE/RPC protocol data units (PDUs): the fixed 80-octet common header and the bodies of the connectionless PDU types (request, ping, response, working, nocall, reject, ack, fault, cl_cancel, fack, cancel_ack) ([C706] chapter 12).
|
Package pdu models connectionless (datagram) DCE/RPC protocol data units (PDUs): the fixed 80-octet common header and the bodies of the connectionless PDU types (request, ping, response, working, nocall, reject, ack, fault, cl_cancel, fack, cancel_ack) ([C706] chapter 12). |
|
dcerpc/v4/transport
Package transport defines the datagram transport abstraction used by the connectionless (v4) DCE/RPC protocol machine.
|
Package transport defines the datagram transport abstraction used by the connectionless (v4) DCE/RPC protocol machine. |
|
dcerpc/v4/transport/udp
Package udp implements the connectionless DCE/RPC datagram transport for the ncadg_ip_udp protocol sequence: RPC PDUs carried directly over UDP, with no intermediate protocol ([MS-RPCE] 2.1.1.1, [C706] Appendix I protocol identifier 0x08).
|
Package udp implements the connectionless DCE/RPC datagram transport for the ncadg_ip_udp protocol sequence: RPC PDUs carried directly over UDP, with no intermediate protocol ([MS-RPCE] 2.1.1.1, [C706] Appendix I protocol identifier 0x08). |
|
dcerpc/v5
Package dcerpc implements the connection-oriented DCE/RPC protocol (C706 protocol version 5, rpc_vers = 5) with the Microsoft MS-RPCE extensions, layered on top of a pluggable transport.
|
Package dcerpc implements the connection-oriented DCE/RPC protocol (C706 protocol version 5, rpc_vers = 5) with the Microsoft MS-RPCE extensions, layered on top of a pluggable transport. |
|
dcerpc/v5/client
Package client implements the high-level connection-oriented DCE/RPC client: it binds to an interface and issues calls over a transport.
|
Package client implements the high-level connection-oriented DCE/RPC client: it binds to an interface and issues calls over a transport. |
|
dcerpc/v5/pdu
Package pdu models connection-oriented DCE/RPC protocol data units (PDUs): the 16-byte common header and the Bind, Bind_Ack, Bind_Nak, Request, Response, and Fault bodies ([C706] section 12, [MS-RPCE] section 2.2).
|
Package pdu models connection-oriented DCE/RPC protocol data units (PDUs): the 16-byte common header and the Bind, Bind_Ack, Bind_Nak, Request, Response, and Fault bodies ([C706] section 12, [MS-RPCE] section 2.2). |
|
dcerpc/v5/transport
Package transport defines the transport abstraction used by the DCE/RPC client.
|
Package transport defines the transport abstraction used by the DCE/RPC client. |
|
dcerpc/v5/transport/smb
Package smb implements the DCE/RPC ncacn_np protocol sequence: DCE/RPC directly over an SMB named pipe.
|
Package smb implements the DCE/RPC ncacn_np protocol sequence: DCE/RPC directly over an SMB named pipe. |
|
dcerpc/v5/transport/smb2
Package smb2 implements the DCE/RPC ncacn_np protocol sequence over an SMB 2.x named pipe.
|
Package smb2 implements the DCE/RPC ncacn_np protocol sequence over an SMB 2.x named pipe. |
|
dcerpc/v5/transport/tcp
Package tcp implements the DCE/RPC ncacn_ip_tcp protocol sequence: DCE/RPC directly over a TCP connection.
|
Package tcp implements the DCE/RPC ncacn_ip_tcp protocol sequence: DCE/RPC directly over a TCP connection. |
|
kerberos/v5
Package kerberos provides Kerberos authentication primitives for Active Directory.
|
Package kerberos provides Kerberos authentication primitives for Active Directory. |
|
kerberos/v5/crypto
Package kerbcrypto provides Kerberos cryptographic operations including string-to-key derivation, encryption, and decryption for RC4-HMAC and AES-CTS-HMAC-SHA1-96 encryption types.
|
Package kerbcrypto provides Kerberos cryptographic operations including string-to-key derivation, encryption, and decryption for RC4-HMAC and AES-CTS-HMAC-SHA1-96 encryption types. |
|
kerberos/v5/messages
Package messages provides Kerberos protocol message types and constants as defined in RFC 4120 and related specifications.
|
Package messages provides Kerberos protocol message types and constants as defined in RFC 4120 and related specifications. |
|
smb/client
Package client provides a single, version-agnostic SMB client.
|
Package client provides a single, version-agnostic SMB client. |
|
smb/smb_v20/createcontext
Package createcontext implements the SMB2_CREATE_CONTEXT structure carried in the variable buffer of SMB2 CREATE requests and responses.
|
Package createcontext implements the SMB2_CREATE_CONTEXT structure carried in the variable buffer of SMB2 CREATE requests and responses. |
|
windows
|
|
|
activedirectory/replication/dsrepl
Package dsrepl implements the DS_REPL_*_BLOB structures defined in [MS-ADTS] section 2.2.
|
Package dsrepl implements the DS_REPL_*_BLOB structures defined in [MS-ADTS] section 2.2. |
|
fileflags
Package fileflags holds Windows file-related bit-flag values: the access mask, share access, create disposition, create options, and file attributes.
|
Package fileflags holds Windows file-related bit-flag values: the access mask, share access, create disposition, create options, and file attributes. |
|
filesystem
Package filesystem holds Windows file-system data structures used over SMB and by the local file-system APIs.
|
Package filesystem holds Windows file-system data structures used over SMB and by the local file-system APIs. |
|
filesystem/infoclass
Package infoclass holds the [MS-FSCC] FILE_INFORMATION_CLASS and FILE_FS_*_INFORMATION class numbers used with SMB2 QUERY_INFO / SET_INFO.
|
Package infoclass holds the [MS-FSCC] FILE_INFORMATION_CLASS and FILE_FS_*_INFORMATION class numbers used with SMB2 QUERY_INFO / SET_INFO. |
|
kerberos/serviceprincipalname
Package serviceprincipalname implements a parser, validator and renderer for Kerberos Service Principal Names (SPNs).
|
Package serviceprincipalname implements a parser, validator and renderer for Kerberos Service Principal Names (SPNs). |
|
registry
Package registry holds network-independent helpers for working with the Windows registry as data: the REG_* value types, a typed Value carrying a REG_* type and its raw little-endian bytes, and (in the regfile sub-package) an encoder/decoder for the textual ".reg" export format produced by regedit and reg.exe.
|
Package registry holds network-independent helpers for working with the Windows registry as data: the REG_* value types, a typed Value carrying a REG_* type and its raw little-endian bytes, and (in the regfile sub-package) an encoder/decoder for the textual ".reg" export format produced by regedit and reg.exe. |
|
registry/regfile
Package regfile encodes and decodes the textual ".reg" registry export format produced by regedit and reg.exe (the "Windows Registry Editor Version 5.00" / legacy "REGEDIT4" files).
|
Package regfile encodes and decodes the textual ".reg" registry export format produced by regedit and reg.exe (the "Windows Registry Editor Version 5.00" / legacy "REGEDIT4" files). |
Click to show internal directories.
Click to hide internal directories.