-
Notifications
You must be signed in to change notification settings - Fork 300
/
logvis.cna
132 lines (109 loc) · 3.63 KB
/
logvis.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# Beacon Command Log visualization
# Author: @001SPARTaN (for @r3dqu1nn)
# Tracks all your commands you executed on every beacon
import ui.*;
import table.*;
import java.awt.*;
import javax.swing.*;
import javax.swing.table.*;
global('$model $console $table');
sub updateTable {
fork({
local('$entry');
# Clear the model so we can put new stuff in it.
[$model clear: 1024];
foreach @entry (data_query('beaconlog')) {
if (@entry[0] eq "beacon_input") {
%modelEntry['operator'] = @entry[2];
$bid = @entry[1];
%modelEntry['ip'] = binfo($bid, "internal");
%modelEntry['hostname'] = binfo($bid, "computer");
%modelEntry['user'] = binfo($bid, "user");
%modelEntry['pid'] = binfo($bid, "pid");
%modelEntry['command'] = @entry[3];
%modelEntry['timestamp'] = formatDate(@entry[4], "MMM dd HH:mm:ss z");
# Add the new entry to $model
[$model addEntry: %modelEntry];
}
}
# Update with the new table
[$model fireListeners];
}, \$model);
}
# setupPopupMenu provided by Raphael Mudge
# https://gist.github.com/rsmudge/87ce80cd8d8d185c5870d559af2dc0c2
sub setupPopupMenu {
# we're using fork({}) to run this in a separate Aggressor Script environment.
# This reduces deadlock potential due to Sleep's global interpreter lock
#
# this especially matters as our mouse listener will be fired for *everything*
# to include mouse movements.
fork({
[$component addMouseListener: lambda({
if ([$1 isPopupTrigger]) {
# If right click, show popup
show_popup($1, $name, $component);
}
}, \$component, \$name)];
}, $component => $1, $name => $2, $model => $model, $table => $table);
}
sub createVisualization {
this('$client');
# GenericTableModel from table.*
# Columns for each data model
$model = [new GenericTableModel: @("operator", "ip", "hostname", "user", "pid", "command", "timestamp"), "beacon", 16];
# Create a table from the GenericTableModel
$table = [new ATable: $model];
# Controls how the column headers will sort the table
$sorter = [new TableRowSorter: $model];
[$sorter toggleSortOrder: 3];
[$sorter setComparator: 0, {
return $1 cmp $2;
}];
[$sorter setComparator: 1, {
return $1 cmp $2;
}];
[$sorter setComparator: 2, {
return $1 cmp $2;
}];
[$sorter setComparator: 3, {
return $1 <=> $2;
}];
# Set $sorter as the row sorter for $table
[$table setRowSorter: $sorter];
# Create a split pane (divider you can drag around)
$content = [new JScrollPane: $table];
# Set popup menu for the table
setupPopupMenu($table, "command_log");
updateTable();
# Register the visualization with CS
addVisualization("Beacon Command Log", $content);
return $content;
}
popup command_log {
item "Copy" {
println("Right click captured!");
$selected = "";
foreach $row ([$table getSelectedRows]) {
# operator [ip_hostname] user/proc | timestamp> command
$operator = [$model getValueAt: $row, 0];
$ip = [$model getValueAt: $row, 1];
$hostname = [$model getValueAt: $row, 2];
$user = [$model getValueAt: $row, 3];
$proc = [$model getValueAt: $row, 4];
$time = [$model getValueAt: $row, 6];
$command = [$model getValueAt: $row, 5];
$selected .= "$operator \[$ip\_$hostname\] $user\/$proc | $time\> $command\n";
}
add_to_clipboard($selected);
}
}
popup view {
item "Command Log" {
# Show the visualization
addTab("Beacon Command Log", createVisualization(), "All commands you have executed in a beacon");
}
}
on beacon_input {
updateTable();
}