STRLCPY/goc2

updates
Brian Stegemoller committed 3 years ago

6c8a479b

1 parent c99c01f3

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

cmd/goc2/goc2.go

1		-	package main
	1	+	package goc2
2	2
3		-	import "goc2/cmd/goc2"
	3	+	import (
	4	+	"flag"
	5	+	//"fmt"
	6	+	//"os"
	7	+	"goc2/web"
	8	+	"goc2/pkg/cli"
	9	+	)
4	10
5		-	func main() {
6		-	goc2.Start()
	11	+	var (
	12	+	cliPtr bool
	13	+	webPtr bool
	14	+	)
	15	+
	16	+	//Start RedMap
	17	+	func Start() {
	18	+	//flags
	19	+	flag.BoolVar(&cliPtr, "cli", false, "run email check")
	20	+	flag.BoolVar(&webPtr, "web", false, "Start Web Server")
	21	+	flag.Parse()
	22	+
	23	+	if webPtr == true {
	24	+	web.Start()
	25	+	}
	26	+
	27	+	if cliPtr == true {
	28	+	cli.Start()
	29	+	}
	30	+
7	31		}
8	32

■ ■ ■ ■ ■ ■ ■

internal/app/api/agent.go

1		-	//agent stuff
	1	+	package api
	2	+
	3	+	import (
	4	+	"encoding/json"
	5	+	"log"
	6	+	"fmt"
	7	+
	8	+	"github.com/globalsign/mgo"
	9	+	"github.com/globalsign/mgo/bson"
	10	+	)
	11	+
	12	+	type Agent struct {
	13	+	ID bson.ObjectId `bson:"_id,omitempty"`
	14	+	Name string
	15	+	}
	16	+
	17	+	type Command struct {
	18	+	ID bson.ObjectId `bson:"_id,omitempty"`
	19	+	Command string
	20	+	Agent string
	21	+	Status string
	22	+	}
	23	+
	24	+	//GetSecrets api data
	25	+	func GetAgents() []byte {
	26	+	//query := bson.M{}
	27	+
	28	+	session, err := mgo.Dial("127.0.0.1")
	29	+	if err != nil {
	30	+	panic(err)
	31	+	}
	32	+
	33	+	defer session.Close()
	34	+
	35	+	c := session.DB("c2").C("agents")
	36	+
	37	+	// Query All
	38	+	var results []Agent
	39	+	err = c.Find(bson.M{}).All(&results)
	40	+
	41	+	if err != nil {
	42	+	panic(err)
	43	+	}
	44	+	fmt.Println("Results All: ", results)
	45	+
	46	+	jsondat, err := json.Marshal(results)
	47	+	if err != nil {
	48	+	log.Fatal("Cannot encode to JSON ", err)
	49	+	}
	50	+
	51	+	return jsondat
	52	+	}
	53	+
	54	+	func GetCommands(agent string) []byte {
	55	+	//query := bson.M{}
	56	+
	57	+	session, err := mgo.Dial("127.0.0.1")
	58	+	if err != nil {
	59	+	panic(err)
	60	+	}
2	61
	62	+	defer session.Close()
	63	+
	64	+	c := session.DB("c2").C("commands")
	65	+
	66	+	// Query All
	67	+	var results []Command
	68	+	err = c.Find(bson.M{"agent": "test"}).All(&results)
	69	+
	70	+	if err != nil {
	71	+	panic(err)
	72	+	}
	73	+	fmt.Println("Results All: ", results)
	74	+
	75	+	jsondat, err := json.Marshal(results)
	76	+	if err != nil {
	77	+	log.Fatal("Cannot encode to JSON ", err)
	78	+	}
	79	+
	80	+	return jsondat
	81	+	}

■ ■ ■ ■ ■ ■

main.go

1 + package main
2 +
3 + import "goc2/cmd/goc2"
4 +
5 + func main() {
6 + goc2.Start()
7 + }

All occurrences

■ ■ ■ ■ ■ ■

pkg/cli/cli.go

		skipped 8 lines
9	9		"strings"
10	10		)
11	11
12		-	func main() {
	12	+	func Start() {
13	13		reader := bufio.NewReader(os.Stdin)
14	14		for {
15	15		path, err := os.Getwd()
		skipped 41 lines

■ ■ ■ ■ ■ ■

web/server.go

1	1		package web
2	2
3	3		import (
4		-	"RedMap/internal/app/api"
	4	+	"goc2/internal/app/api"
5	5		"encoding/json"
6	6		"fmt"
7	7		"log"
8	8		"net/http"
9	9
10		-	"text/template"
	10	+	//"text/template"
11	11
12	12		"github.com/globalsign/mgo/bson"
13	13		"github.com/julienschmidt/httprouter"
14	14		)
15	15
16		-	type Todo struct {
17		-	Title string
18		-	Done bool
19		-	}
20		-
21		-	type TodoPageData struct {
22		-	PageTitle string
23		-	ScanID string
24		-	Todos []Todo
25		-	}
26		-
27	16		type domainObject struct {
28	17		ID bson.ObjectId `bson:"_id,omitempty"`
29	18		Type string
		skipped 8 lines
38	27		router := httprouter.New()
39	28
40	29		//Main Entry
41		-	router.GET("/api/reports", apiReports)
42		-	router.GET("/", reports)
43		-
44		-	router.GET("/scan", scan)
45	30		router.POST("/api/scan", apiScan)
46	31
47		-	//Services Endpoints
48		-	router.GET("/api/services/:name", apiServices)
49		-	router.GET("/services/:name", services)
50		-	router.GET("/services/", redirect)
	32	+	//Main Entry
	33	+	router.GET("/api/test", apiTest)
51	34
52		-	//Vulnerabilities Endpoints
53		-	router.GET("/api/vulns/:name", apiVulns)
54		-	router.GET("/vulns/:name", vulns)
55		-	router.GET("/vulns/", redirect)
56		-
57		-	//Secrets Endpoints
58		-	router.GET("/api/secrets/:name", apiSecrets)
59		-	router.GET("/secrets/:name", secrets)
60		-	router.GET("/secrets/", redirect)
61		-
62		-	//Users Endpoints
63		-	router.GET("/api/users/:name", apiUsers)
64		-	router.GET("/users/:name", users)
65		-	router.GET("/users/", redirect)
	35	+	//Agents Endpoints
	36	+	router.GET("/api/agents", apiAgents)
	37	+	router.GET("/agents/", redirect)
66	38
67		-	//Sub Endpoints
68		-	router.GET("/api/sub/:name", apiSub)
69		-	router.GET("/sub/:name", sub)
70		-	router.GET("/sub/", redirect)
	39	+	//commands Endpoints
	40	+	router.GET("/api/cmds/:name", apiCmds)
	41	+	router.GET("/cmds/", redirect)
71	42
72	43		fmt.Printf("Starting server at port 8005\n")
73	44		if err := http.ListenAndServe(":8005", router); err != nil {
		skipped 6 lines
80	51		http.Redirect(w, r, "/", 301)
81	52		}
82	53
83		-	func scan(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
84		-	w.Header().Set("Content-Type", "text/html")
85		-	tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-scan.html"))
86		-	data := TodoPageData{
87		-	PageTitle: "RedMap - Reports",
88		-	}
89		-	tmpl.ExecuteTemplate(w, "base", data)
90		-	}
91		-
92	54		func apiScan(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
93	55		w.Header().Set("Content-Type", "application/json")
94	56		if err := r.ParseForm(); err != nil {
		skipped 1 lines
96	58		return
97	59		}
98	60
99		-	domains := r.FormValue("domains")
100		-	git := r.FormValue("git")
101		-	email := r.FormValue("email")
102		-	scanner := r.FormValue("scanner")
	61	+	//domains := r.FormValue("domains")
	62	+	//git := r.FormValue("git")
	63	+	//email := r.FormValue("email")
	64	+	//scanner := r.FormValue("scanner")
103	65
104	66		jsond := map[string]interface{}{
105	67		"status": "Scan Started",
		skipped 4 lines
110	72		log.Fatalln(err)
111	73		}
112	74		fmt.Fprintf(w, string(jsondata))
113		-	go api.WebScan(domains, git, email, scanner)
114		-	}
115		-
116		-	func apiReports(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
117		-	w.Header().Set("Content-Type", "application/json")
118		-
119		-	fmt.Fprintf(w, "%s", api.GetReports())
120		-	}
121		-
122		-	func reports(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
123		-	w.Header().Set("Content-Type", "text/html")
124		-	tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-reports.html"))
125		-	data := TodoPageData{
126		-	PageTitle: "RedMap - Reports",
127		-	ScanID: ps.ByName("name"),
128		-	}
129		-	tmpl.ExecuteTemplate(w, "base", data)
	75	+	//go api.WebScan(domains, git, email, scanner)
130	76		}
131	77
132		-	func apiServices(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
	78	+	func apiAgents(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
133	79		w.Header().Set("Content-Type", "application/json")
134		-	d := api.GetServices(ps.ByName("name"))
	80	+	d := api.GetAgents()
135	81
136	82		fmt.Fprintf(w, "%s", string(d))
137	83		}
138	84
139		-	func services(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
140		-	w.Header().Set("Content-Type", "text/html")
141		-	tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-services.html"))
142		-	data := TodoPageData{
143		-	PageTitle: "RedMap - Services",
144		-	ScanID: ps.ByName("name"),
145		-	Todos: []Todo{
146		-	{Title: "Task 1", Done: false},
147		-	{Title: "Task 2", Done: true},
148		-	{Title: "Task 3", Done: true},
149		-	},
150		-	}
151		-	tmpl.ExecuteTemplate(w, "base", data)
152		-	}
153	85
154		-	func apiVulns(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
	86	+	func apiCmds(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
155	87		w.Header().Set("Content-Type", "application/json")
156		-	d := api.GetVulns(ps.ByName("name"))
	88	+	d := api.GetCommands(ps.ByName("name"))
157	89
158	90		fmt.Fprintf(w, "%s", string(d))
159	91		}
160	92
161		-	func vulns(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
162		-	w.Header().Set("Content-Type", "text/html")
163		-	tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-vulns.html"))
164		-	data := TodoPageData{
165		-	PageTitle: "RedMap - Vulnerabilities",
166		-	ScanID: ps.ByName("name"),
167		-	Todos: []Todo{
168		-	{Title: "Task 1", Done: false},
169		-	{Title: "Task 2", Done: true},
170		-	{Title: "Task 3", Done: true},
171		-	},
172		-	}
173		-	tmpl.ExecuteTemplate(w, "base", data)
174		-	}
175		-
176		-	func apiSecrets(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
177		-	w.Header().Set("Content-Type", "application/json")
178		-	d := api.GetSecrets(ps.ByName("name"))
179		-
180		-	fmt.Fprintf(w, "%s", string(d))
181		-	}
182		-
183		-	func secrets(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
184		-	w.Header().Set("Content-Type", "text/html")
185		-	tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-secrets.html"))
186		-	data := TodoPageData{
187		-	PageTitle: "RedMap - Secrets",
188		-	ScanID: ps.ByName("name"),
189		-	Todos: []Todo{
190		-	{Title: "Task 1", Done: false},
191		-	{Title: "Task 2", Done: true},
192		-	{Title: "Task 3", Done: true},
193		-	},
194		-	}
195		-	tmpl.ExecuteTemplate(w, "base", data)
196		-	}
197		-
198		-	func apiUsers(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
199		-	w.Header().Set("Content-Type", "application/json")
200		-	d := api.GetEmails(ps.ByName("name"))
201		-
202		-	fmt.Fprintf(w, "%s", string(d))
203		-	}
204		-
205		-	func users(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
206		-	w.Header().Set("Content-Type", "text/html")
207		-	tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-users.html"))
208		-	data := TodoPageData{
209		-	PageTitle: "RedMap - Users",
210		-	ScanID: ps.ByName("name"),
211		-	Todos: []Todo{
212		-	{Title: "Task 1", Done: false},
213		-	{Title: "Task 2", Done: true},
214		-	{Title: "Task 3", Done: true},
215		-	},
216		-	}
217		-	tmpl.ExecuteTemplate(w, "base", data)
218		-	}
219		-
220		-	func apiSub(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
221		-	w.Header().Set("Content-Type", "application/json")
222		-	d := api.GetSubs(ps.ByName("name"))
223		-
224		-	fmt.Fprintf(w, "%s", string(d))
225		-	}
226		-
227		-	func sub(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
228		-	w.Header().Set("Content-Type", "text/html")
229		-	tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-sub.html"))
230		-	data := TodoPageData{
231		-	PageTitle: "RedMap - Subdomain Takeovers",
232		-	ScanID: ps.ByName("name"),
233		-	Todos: []Todo{
234		-	{Title: "Task 1", Done: false},
235		-	{Title: "Task 2", Done: true},
236		-	{Title: "Task 3", Done: true},
237		-	},
238		-	}
239		-	tmpl.ExecuteTemplate(w, "base", data)
240		-	}
241		-
242		-	func helloHandler(w http.ResponseWriter, r *http.Request) {
243		-	if r.URL.Path != "/hello" {
244		-	http.Error(w, "404 not found.", http.StatusNotFound)
245		-	return
246		-	}
247		-
248		-	if r.Method != "GET" {
249		-	http.Error(w, "Method is not supported.", http.StatusNotFound)
250		-	return
251		-	}
252		-
253		-	fmt.Fprintf(w, "Hello!")
254		-	}
255		-
256		-	func formHandler(w http.ResponseWriter, r *http.Request) {
	93	+	func apiTest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
257	94		w.Header().Set("Content-Type", "application/json")
258		-	if err := r.ParseForm(); err != nil {
259		-	fmt.Fprintf(w, "ParseForm() err: %v", err)
260		-	return
261		-	}
262	95		//fmt.Fprintf(w, "POST request successful")
263	96		//name := r.FormValue("name")
264	97		//address := r.FormValue("address")
265	98
266	99		//fmt.Fprintf(w, "Name = %s\n", name)
267	100		//fmt.Fprintf(w, "Address = %s\n", address)
268		-	json := "{'status': 'started'}"
	101	+	json := "{\"status\": \"started\"}"
269	102		fmt.Fprintf(w, json)
270	103		}
271	104

updates