kcarretto / paragon Goto Github PK
View Code? Open in Web Editor NEWRed Team engagement platform with the goal of unifying offensive tools behind a simple UI
License: GNU Affero General Public License v3.0
Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
License: GNU Affero General Public License v3.0
Extend graphql client functionality to enable easy utilization of SubmitTaskResult mutation (perhaps vargs and batched if possible)
Add a modal form to create a new target. Upon form submission, issue a graphql mutation to create the target based on form parameters.
Worker should claim tasks before handling them.
Add a modal form to queue a new job. Upon form submission, issue a graphql mutation to queue the job based on form parameters.
See convo with cictrone
For local development (and non-GCP environments), we can use NATS as a simple pub/sub service.
Prevent menu items from scrolling if page has enough content to scroll.
Create a Link node in the graph that references a file
Create an HTTP handler which strips a prefix (i.e '/link/') and uses the linkname to resolve a Link, and serve the related file content.
Enable restriction based on Download Limit and User Agent
Display verbose information about a single target
Replicate the view described in #71 but as a form where fields may be edited. Upon form submission, a graphql mutation should be issued to reflect changes.
Currently the agent reports the primary IP address in CIDR notation. The trailing network information (i.e. after the /) needs to be removed.
When an agent checkin occurs, if no target is found for the agent, notify the user.
The use of Alpine Linux at this point requires VS Code Insiders for the dev container to work correctly. We should specify this requirement in the README.
During agent checkin, if the C2 request issued to the teamserver errors, return an empty array of tasks to the agent instead of returning it the error.
Implement an HTTPBeacon type that implements the agent.Reporter interface to submit an HTTP request to an endpoint, providing it with JSON marshaled result objects. The endpoint should return JSON that can be marshalled into starlark scripts implementing agent.Task.
Create a front-end view of uploaded files, enable uploading new files, creating new links, and updating existing files.
XScriptEditor
was configured with custom renegade language definitions, however the file containing the configurations was not pushed (@Cictrone ๐ ). Our script editor syntax highlighting & autocomplete will be broken until this can be resolved.
Centralize topics into the pkg/event package for easy reference.
Models are structs that hold request parameters, it would be significantly easier for client applications to only import the graphql
package instead of needing to import both graphql
and graphql/models
The GoDoc provides documentation for the functions in stdlib packages that we expose to the script environment. We need to ensure that the name of the function in go is the same as the exposed name, to enable more clear documentation.
Example of inconsistency is Detect() which is exposed as detectOS()
to the scripting environment, therefore making documentation hard to find.
Worker should submit results & execution errors after handling a tasks execution
Implement a Script type that implements the agent.Task interface that is capable of executing a starlark script and reporting the results. The starlark script may define an entrypoint method (i.e. main() ) which is expected to return information to populate the agent.Result struct. Additionally, the Script type will need to provide the starlark thread with a Print function that captures stderr/stdout and includes it on the returned Result object. It should also include some unique identifer of the script on the Result object.
View verbose information about a task, such as timestamp information, output, etc.
Display existing tags to the user.
Add a modal form to create a new tag. Upon form submission, issue a graphql mutation to create the tag based on form parameters.
we need it
The command to package assets for the dropper is poorly named, we should rename it sooner rather than later.
Display a 404 page instead of the standard components if a URL is not found.
Implement buffer + sender + registry as a write through cache. Current polling model pins CPU, added temporary fix with time.Sleep to mitigate CPU issues.
Expose functions to a scripting environment that will be used in tasks sent to a worker.
Make a proxy in NodeJS to handle graphql for now
Currently files are linted using golangci-lint. Although it has a wide array of available linters, we currently only enable the defaults. This may be insufficient going forward, as some of the expected defaults (such as comments on exported types&methods) are disabled. golangci-lint can be configured by adding a dotfile to the root of the repo.
file(name: String!) {
id
name
size
}
files {
id
name
size
}
Wrap standard element with prettier button. Upon file selection, render a label that is dismissable. Upon dismiss, clear the selected file. Remove dependency on semantic-ui-react-input-file
Would be nice to create / remove credentials from the single target view, just a quick form ought to do
When an agent checks in, call the SubmitTaskResult mutation for all received task results
Instead of having a single monolithic file to define GraphQL resolvers, we should split each type of resolver into it's own file. This likely involves writing a small GQLGen plugin.
Worker
Pagination
Display tasks created by the job, etc.
When viewing a task, display which target the task is assigned to (if available)
Add mock query results for the XGraphMockProvider
component, and automatically replace XGraphProvider
with XGraphMockProvider
if being run in development mode (i.e. from npm).
Create a GraphQL server endpoint capable of processing graphql queries for the models defined by ent schemas and compliant with the relay spec.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.