Documentation ¶
Index ¶
- Constants
- Variables
- func Base64Encode(path string, b []byte) ([]byte, error)
- func ExecuteScript(method string, clean bool, cmds ...string) (string, error)
- type EncryptFunc
- type ExfilFunc
- func DNSResolvedExfil(domain string) (ExfilFunc, error)
- func FTPExfil(dst, user, passwd string) (ExfilFunc, error)
- func FTPParallelExfil(dst, user, passwd string) (ExfilFunc, error)
- func HTTPExfil(dst string, headers map[string]string) (ExfilFunc, error)
- func WebsocketExfil(dst string, headers map[string]string, proxy ...string) (ExfilFunc, error)
- func WebsocketParallelExfil(dst string, headers map[string]string, proxy ...string) (ExfilFunc, error)
- type NotifyFunc
- type Simulator
Constants ¶
const ( DesktopCenter string = "0" DesktopFill string = "10" DesktopFit string = "6" DesktopSpan string = "22" DesktopStretch string = "2" DesktopTile string = "0" )
Desktop wallpaper style consts
const Version string = "0.27.2"
Version is the package version
Variables ¶
DefaultEncrypt is the default encryption behavior.
var DefaultExfil = func(path string, b []byte) error { return nil }
DefaultExfil is the default exfil behavior.
var DefaultNotify = func() error { return nil }
DefaultNotify is the default notify behavior.
var DefaultPNG []byte
DefaultPNG is an example PNG for use with WallpaperNotify().
Functions ¶
func Base64Encode ¶
Base64Encode will "encrypt" using base64, obvs.
Types ¶
type EncryptFunc ¶
EncryptFunc defines a function pointer that can be used to encrypt file contents before exfil.
func AESDecrypt ¶
func AESDecrypt(passwd string) EncryptFunc
AESDecrypt will return a function pointer to an EncryptFunc that actually decrypts using the specified password.
func AESEncrypt ¶
func AESEncrypt(passwd string) EncryptFunc
AESEncrypt will return a function pointer to an EncryptFunc that uses the specified password.
func RSADecrypt ¶
func RSADecrypt(priv *rsa.PrivateKey) EncryptFunc
RSADecrypt will return a function pointer to an EncryptFunc that actually decrypts using the specified private key. The private key is used to decrypt an OTP used with AES for a hybrid RSA+AES scheme.
func RSAEncrypt ¶
func RSAEncrypt(pub *rsa.PublicKey) EncryptFunc
RSAEncrypt will return a function pointer to an EncryptFunc that uses the specified public key. The public key is used to encrypt an OTP used with AES for a hybrid RSA+AES scheme.
type ExfilFunc ¶
ExfilFunc defines a function pointer that can be used to exil file contents.
func DNSResolvedExfil ¶
DNSResolvedExfil will return a function pointer to an ExfilFunc that exfils by sending DNS queries to the authoritative nameserver for the specified domain.
func FTPExfil ¶
FTPExfil will return a function pointer to an ExfilFunc that exfils via an FTP connection.
func FTPParallelExfil ¶
FTPParallelExfil will return a function pointer to an ExfilFunc that exfils via multiple FTP connections.
func HTTPExfil ¶
HTTPExfil will return a function pointer to an ExfilFunc that exfils via HTTP POST requests with the specified headers.
func WebsocketExfil ¶
WebsocketExfil will return a function pointer to an ExfilFunc that exfils via a websocket connection.
type NotifyFunc ¶
type NotifyFunc func() error
NotifyFunc defines a function pointer that can be used to notify the user of the ransom.
func RansomNote ¶
func RansomNote(path string, text ...string) NotifyFunc
RansomNote will return a function pointer to a NotifyFunc that appends the specified text to the specified file.
func WallpaperNotify ¶
func WallpaperNotify( img string, png []byte, fit string, clean bool, ) NotifyFunc
WallpaperNotify is a NotifyFunc that sets the background wallpaper.
type Simulator ¶
type Simulator struct { Encrypt func(fn string, b []byte) ([]byte, error) Exfil func(fn string, b []byte) error ExfilFilenames bool ExfilThreshold uint64 MaxFileSize int64 Notify func() error OTP [32]byte Threads int WaitEvery time.Duration WaitFor time.Duration // contains filtered or unexported fields }
Simulator is a struct containing all simulation metadata.