Add mock query results for the XGraphMockProvider component, and automatically replace XGraphProvider with XGraphMockProvider if being run in development mode (i.e. from npm).

P0

• Worker

  • ssh/exec
  • ssh/sendFile
  • ssh/recvFile
  • PubSub

• Pagination

P1

• Notifications
• RedLight
• CDN

P2

• News Feed
• Script Editor

P3

• Build Service
• Flow / TypeScript
• Scanner

Display existing tags to the user.

Implement buffer + sender + registry as a write through cache. Current polling model pins CPU, added temporary fix with time.Sleep to mitigate CPU issues.

Display a 404 page instead of the standard components if a URL is not found.

Prevent menu items from scrolling if page has enough content to scroll.

Worker should submit results & execution errors after handling a tasks execution

Add a modal form to create a new tag. Upon form submission, issue a graphql mutation to create the tag based on form parameters.

• Upload / Download files via UI
• Enable worker scripts to reference CDN files by name
• Enable URL generation (with optional download limits & user-agent restriction)
• Centralized store for files (i.e. work with more than one teamserver and/or worker)

we need it

Currently the agent reports the primary IP address in CIDR notation. The trailing network information (i.e. after the /) needs to be removed.

When viewing a task, display which target the task is assigned to (if available)

Implement an HTTPBeacon type that implements the agent.Reporter interface to submit an HTTP request to an endpoint, providing it with JSON marshaled result objects. The endpoint should return JSON that can be marshalled into starlark scripts implementing agent.Task.

• Move topics to constant values in pkg/event
• Leave concurrency to the caller
• Move subscriber & publisher implementations to pkg/event
  • event.NewSubscriber() Subscriber // event implements based on build tags

The command to package assets for the dropper is poorly named, we should rename it sooner rather than later.

The use of Alpine Linux at this point requires VS Code Insiders for the dev container to work correctly. We should specify this requirement in the README.

• Create Target (by Name & IP)
• Update Target Fields
• View Targets
• View Target Details
• Create Job
• Queue Job
• View Jobs
• View Job Details
• Tag input box

Display verbose information about a single target

View verbose information about a task, such as timestamp information, output, etc.

Extend graphql client functionality to enable easy utilization of SubmitTaskResult mutation (perhaps vargs and batched if possible)

Worker should claim tasks before handling them.

Add a modal form to create a new target. Upon form submission, issue a graphql mutation to create the target based on form parameters.

Would be nice to create / remove credentials from the single target view, just a quick form ought to do

Wrap standard element with prettier button. Upon file selection, render a label that is dismissable. Upon dismiss, clear the selected file. Remove dependency on semantic-ui-react-input-file

• Agent Checkin
• Task output
• Task Claims
• Context-based task view

When an agent checkin occurs, if no target is found for the agent, notify the user.

Create a front-end view of uploaded files, enable uploading new files, creating new links, and updating existing files.

Implement a Script type that implements the agent.Task interface that is capable of executing a starlark script and reporting the results. The starlark script may define an entrypoint method (i.e. main() ) which is expected to return information to populate the agent.Result struct. Additionally, the Script type will need to provide the starlark thread with a Print function that captures stderr/stdout and includes it on the returned Result object. It should also include some unique identifer of the script on the Result object.

The GoDoc provides documentation for the functions in stdlib packages that we expose to the script environment. We need to ensure that the name of the function in go is the same as the exposed name, to enable more clear documentation.

Example of inconsistency is Detect() which is exposed as detectOS() to the scripting environment, therefore making documentation hard to find.

Add a modal form to queue a new job. Upon form submission, issue a graphql mutation to queue the job based on form parameters.

Centralize topics into the pkg/event package for easy reference.

Currently files are linted using golangci-lint. Although it has a wide array of available linters, we currently only enable the defaults. This may be insufficient going forward, as some of the expected defaults (such as comments on exported types&methods) are disabled. golangci-lint can be configured by adding a dotfile to the root of the repo.

When an agent checks in, call the SubmitTaskResult mutation for all received task results

Create a Link node in the graph that references a file
Create an HTTP handler which strips a prefix (i.e '/link/') and uses the linkname to resolve a Link, and serve the related file content.
Enable restriction based on Download Limit and User Agent

• Add type enum field, defaulting to password

Instead of having a single monolithic file to define GraphQL resolvers, we should split each type of resolver into it's own file. This likely involves writing a small GQLGen plugin.

Expose functions to a scripting environment that will be used in tasks sent to a worker.

For local development (and non-GCP environments), we can use NATS as a simple pub/sub service.

https://nats.io
https://github.com/nats-io/nats.go

• move
• chattr
• remove
• copy
• exec
• read
• lsattr
• write
• chmod
• ssh
• chown
• list processes
• list network connections
• cURL
• kill
• list directory entries
• regex replace string
• spawn Process
• timestomp

See convo with cictrone

XScriptEditor was configured with custom renegade language definitions, however the file containing the configurations was not pushed (@Cictrone 👀 ). Our script editor syntax highlighting & autocomplete will be broken until this can be resolved.

During agent checkin, if the C2 request issued to the teamserver errors, return an empty array of tasks to the agent instead of returning it the error.

Summary

Create a GraphQL server endpoint capable of processing graphql queries for the models defined by ent schemas and compliant with the relay spec.

Requirements

• Ent Schemas -> Models -> GraphQLServer w/ Relay Compatibility
• /graphql endpoint for queries
• /graphiql for testing & debug

References

• Thunder (Reflect Based)
• GQLGen (Code generation)
• GraphQL-Go-Relay (Relay helpers if needed)
• Relay Spec

Display tasks created by the job, etc.

Make a proxy in NodeJS to handle graphql for now

• Targets
• Jobs

Replicate the view described in #71 but as a form where fields may be edited. Upon form submission, a graphql mutation should be issued to reflect changes.

Models are structs that hold request parameters, it would be significantly easier for client applications to only import the graphql package instead of needing to import both graphql and graphql/models