app.contacts namespace

Submodules

app.contacts.contact_dns module

class app.contacts.contact_dns.Contact(services)

Bases: app.utility.base_world.BaseWorld

async start()
class app.contacts.contact_dns.DnsAnswerObj(record_type, dns_class, ttl, data)

Bases: object

get_bytes(byteorder='big')
class app.contacts.contact_dns.DnsPacket(transaction_id, flags, num_questions, num_answer_rrs, num_auth_rrs, num_additional_rrs, qname_labels, record_type, dns_class)

Bases: object

authoritative_resp_flag = 1024
static generate_packet_from_bytes(data, byteorder='big')
get_opcode()
get_response_code()
has_standard_query()
is_query()
is_response()
opcode_mask = 30720
opcode_offset = 11
query_response_flag = 32768
recursion_available()
recursion_available_flag = 128
recursion_desired()
recursion_desired_flag = 256
response_code_mask = 15
truncated()
truncated_flag = 512
class app.contacts.contact_dns.DnsRecordType

Bases: enum.Enum

An enumeration.

A = 1
AAAA = 28
CNAME = 5
NS = 2
TXT = 16
class app.contacts.contact_dns.DnsResponse(transaction_id, flags, num_questions, num_answer_rrs, num_auth_rrs, num_additional_rrs, qname_labels, record_type, dns_class, answers)

Bases: app.contacts.contact_dns.DnsPacket

default_ttl = 300
static generate_response_for_query(dns_query, r_code, answers, authoritative=True, recursion_available=False, truncated=False)

Given DnsPacket query, return response with provided fields. Answers is list of DnsAnswerObj for the given query.

get_bytes(byteorder='big')
max_ttl = 86400
max_txt_size = 255
min_ttl = 300
standard_pointer = 49164
class app.contacts.contact_dns.DnsResponseCodes

Bases: enum.Enum

An enumeration.

NXDOMAIN = 3
SUCCESS = 0
class app.contacts.contact_dns.Handler(domain, services, name)

Bases: asyncio.protocols.DatagramProtocol

class ClientRequestContext(request_id, dns_request, request_contents)

Bases: object

class FileUploadRequest(request_id, requesting_paw, directory, filename)

Bases: object

class MessageType

Bases: enum.Enum

An enumeration.

Beacon = 'be'
FileUploadData = 'ud'
FileUploadRequest = 'ur'
InstructionDownload = 'id'
PayloadDataDownload = 'pd'
PayloadFilenameDownload = 'pf'
PayloadRequest = 'pr'
class StoredResponse(data)

Bases: object

finished_reading()
read_data(num_bytes)
class TunneledMessage(message_id, message_type, num_chunks)

Bases: object

add_chunk(chunk_index, contents)
export_contents()
is_complete()
connection_made(transport)

Called when a connection is made.

The argument is the transport representing the pipe connection. To receive data, wait for data_received() calls. When the connection is closed, connection_lost() is called.

datagram_received(data, addr)

Called when some datagram is received.

async generate_dns_tunneling_response_bytes(data)

app.contacts.contact_ftp module

class app.contacts.contact_ftp.Contact(services)

Bases: app.utility.base_world.BaseWorld

check_config()
async ftp_server_python_new()
async ftp_server_python_old()
set_up_server()
setup_ftp_users()
async start()
async stop()
class app.contacts.contact_ftp.FtpHandler(user, contact_svc, file_svc, logger, host, port, username, password, user_dir)

Bases: aioftp.server.Server

async contact_caldera_server(profile)
async create_beacon_response(agent, instructions)
async get_payload_file(payload_dict)
async handle_agent_file(split_file_path, file_bytes)
async stor(connection, rest, mode='wb')
async submit_uploaded_file(paw, filename, data)
write_file(paw, file_name, contents)

app.contacts.contact_gist module

class app.contacts.contact_gist.Contact(services)

Bases: app.utility.base_world.BaseWorld

class GistUpload(upload_id, filename, num_chunks)

Bases: object

add_chunk(chunk_index, contents)
export_contents()
is_complete()
VALID_TOKEN_FORMATS = ['^[a-fA-F0-9]{40,255}$', '^ghp_[A-Za-z0-9_]{36,251}$']
async get_beacons()

Retrieve all GIST beacons for a particular api token :return: the beacons

async get_results()

Retrieve all GIST posted results for a this C2’s api token :return:

async get_uploads()

Retrieve all GIST posted file uploads for this C2’s api token :return: list of (raw content, gist description, gist filename) tuples for upload GISTs

async gist_operation_loop()
async handle_beacons(beacons)

Handles various beacons types (beacon and results)

async handle_uploads(upload_gist_info)
retrieve_config()
async start()
valid_config(token)
app.contacts.contact_gist.api_access(func)

app.contacts.contact_html module

class app.contacts.contact_html.Contact(services)

Bases: app.utility.base_world.BaseWorld

async start()

app.contacts.contact_http module

class app.contacts.contact_http.Contact(services)

Bases: app.utility.base_world.BaseWorld

async start()

app.contacts.contact_slack module

class app.contacts.contact_slack.Contact(services)

Bases: app.utility.base_world.BaseWorld

class SlackUpload(upload_id, filename, num_chunks)

Bases: object

add_chunk(chunk_index, contents)
export_contents()
is_complete()
async get_beacons()

Retrieve all SLACK beacons for a particular api key :return: the beacons

async get_results()

Retrieve all SLACK posted results for a this C2’s api key :return:

async get_uploads()

Retrieve all SLACK posted file uploads for this C2’s api key :return: list of (raw content, slack description, slack filename) tuples for upload SLACKs

async handle_beacons(beacons)

Handles various beacons types (beacon and results)

async handle_uploads(upload_slack_info)
retrieve_config()
async slack_operation_loop()
async start()
async valid_config()
app.contacts.contact_slack.api_access(func)

app.contacts.contact_tcp module

class app.contacts.contact_tcp.Contact(services)

Bases: app.utility.base_world.BaseWorld

async operation_loop()
async start()
class app.contacts.contact_tcp.TcpSessionHandler(services, log)

Bases: app.utility.base_world.BaseWorld

async accept(reader, writer)
async refresh()
async send(session_id: int, cmd: str, timeout: int = 60) → Tuple[int, str, str, str]

app.contacts.contact_udp module

class app.contacts.contact_udp.Contact(services)

Bases: app.utility.base_world.BaseWorld

async start()
class app.contacts.contact_udp.Handler(services)

Bases: asyncio.protocols.DatagramProtocol

datagram_received(data, addr)

Called when some datagram is received.

app.contacts.contact_websocket module

class app.contacts.contact_websocket.Contact(services)

Bases: app.utility.base_world.BaseWorld

async start()
async stop()
class app.contacts.contact_websocket.Handler(services)

Bases: object

async handle(socket, path)