kcarretto / paragon Goto Github PK
View Code? Open in Web Editor NEWRed Team engagement platform with the goal of unifying offensive tools behind a simple UI
License: GNU Affero General Public License v3.0
Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
License: GNU Affero General Public License v3.0
Add mock query results for the XGraphMockProvider
component, and automatically replace XGraphProvider
with XGraphMockProvider
if being run in development mode (i.e. from npm).
Worker
Pagination
Display existing tags to the user.
Implement buffer + sender + registry as a write through cache. Current polling model pins CPU, added temporary fix with time.Sleep to mitigate CPU issues.
Display a 404 page instead of the standard components if a URL is not found.
Prevent menu items from scrolling if page has enough content to scroll.
Worker should submit results & execution errors after handling a tasks execution
Add a modal form to create a new tag. Upon form submission, issue a graphql mutation to create the tag based on form parameters.
we need it
Currently the agent reports the primary IP address in CIDR notation. The trailing network information (i.e. after the /) needs to be removed.
When viewing a task, display which target the task is assigned to (if available)
Implement an HTTPBeacon type that implements the agent.Reporter interface to submit an HTTP request to an endpoint, providing it with JSON marshaled result objects. The endpoint should return JSON that can be marshalled into starlark scripts implementing agent.Task.
The command to package assets for the dropper is poorly named, we should rename it sooner rather than later.
The use of Alpine Linux at this point requires VS Code Insiders for the dev container to work correctly. We should specify this requirement in the README.
Display verbose information about a single target
View verbose information about a task, such as timestamp information, output, etc.
Extend graphql client functionality to enable easy utilization of SubmitTaskResult mutation (perhaps vargs and batched if possible)
Worker should claim tasks before handling them.
Add a modal form to create a new target. Upon form submission, issue a graphql mutation to create the target based on form parameters.
Would be nice to create / remove credentials from the single target view, just a quick form ought to do
Wrap standard element with prettier button. Upon file selection, render a label that is dismissable. Upon dismiss, clear the selected file. Remove dependency on semantic-ui-react-input-file
When an agent checkin occurs, if no target is found for the agent, notify the user.
Create a front-end view of uploaded files, enable uploading new files, creating new links, and updating existing files.
Implement a Script type that implements the agent.Task interface that is capable of executing a starlark script and reporting the results. The starlark script may define an entrypoint method (i.e. main() ) which is expected to return information to populate the agent.Result struct. Additionally, the Script type will need to provide the starlark thread with a Print function that captures stderr/stdout and includes it on the returned Result object. It should also include some unique identifer of the script on the Result object.
The GoDoc provides documentation for the functions in stdlib packages that we expose to the script environment. We need to ensure that the name of the function in go is the same as the exposed name, to enable more clear documentation.
Example of inconsistency is Detect() which is exposed as detectOS()
to the scripting environment, therefore making documentation hard to find.
Add a modal form to queue a new job. Upon form submission, issue a graphql mutation to queue the job based on form parameters.
Centralize topics into the pkg/event package for easy reference.
Currently files are linted using golangci-lint. Although it has a wide array of available linters, we currently only enable the defaults. This may be insufficient going forward, as some of the expected defaults (such as comments on exported types&methods) are disabled. golangci-lint can be configured by adding a dotfile to the root of the repo.
When an agent checks in, call the SubmitTaskResult mutation for all received task results
Create a Link node in the graph that references a file
Create an HTTP handler which strips a prefix (i.e '/link/') and uses the linkname to resolve a Link, and serve the related file content.
Enable restriction based on Download Limit and User Agent
Instead of having a single monolithic file to define GraphQL resolvers, we should split each type of resolver into it's own file. This likely involves writing a small GQLGen plugin.
file(name: String!) {
id
name
size
}
files {
id
name
size
}
Expose functions to a scripting environment that will be used in tasks sent to a worker.
For local development (and non-GCP environments), we can use NATS as a simple pub/sub service.
See convo with cictrone
XScriptEditor
was configured with custom renegade language definitions, however the file containing the configurations was not pushed (@Cictrone ๐ ). Our script editor syntax highlighting & autocomplete will be broken until this can be resolved.
During agent checkin, if the C2 request issued to the teamserver errors, return an empty array of tasks to the agent instead of returning it the error.
Create a GraphQL server endpoint capable of processing graphql queries for the models defined by ent schemas and compliant with the relay spec.
Display tasks created by the job, etc.
Make a proxy in NodeJS to handle graphql for now
Replicate the view described in #71 but as a form where fields may be edited. Upon form submission, a graphql mutation should be issued to reflect changes.
Models are structs that hold request parameters, it would be significantly easier for client applications to only import the graphql
package instead of needing to import both graphql
and graphql/models
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.