Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enumerate c2 families #44

Merged
merged 3 commits into from
Oct 19, 2021
Merged

enumerate c2 families #44

merged 3 commits into from
Oct 19, 2021

Conversation

kmroz
Copy link
Contributor

@kmroz kmroz commented Oct 13, 2021

Addresses #26

Setting this as a draft until wisdom work is pushed.

@kmroz
Copy link
Contributor Author

kmroz commented Oct 13, 2021

Totally open to changing the look/feel/syntax of the command (ie. use of terms like element, category, etc). I tried keeping inline with how the run command looks.

  • help
$ ./flightsim get -h

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:34:49

usage: flightsim get [flags] element:category

Available elements:

        families

Available categories:

        c2

Available flags:
  -cols int
        print elements in number of columns
  -max int
        max number of elements returned (default 9223372036854775807)
  • basic run
$ ./flightsim get families:c2

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:36:08

12:36:08 [families:c2] Fetching c2 families
12:36:08 [families:c2] 404 Keylogger, AB Stealer, APT29, ARS VBS Loader, ATRAPS, AZORult, AceRAT, Adwind, Agent Tesla, Alien, ...HUGE_SNIP... , ztds
12:36:08 [families:c2] Fetched 214 c2 families

All done!
  • limiting number of families returned
$ ./flightsim get -max 5 families:c2

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:37:35

12:37:35 [families:c2] Fetching c2 families
12:37:35 [families:c2] 404 Keylogger, AB Stealer, APT29, ARS VBS Loader, ATRAPS
12:37:35 [families:c2] Fetched 5 c2 families

All done!
  • columns
$ ./flightsim get -max 3 -cols 1 families:c2

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:41:28

12:41:28 [families:c2] Fetching c2 families

404 Keylogger
AB Stealer
APT29

12:41:28 [families:c2] Fetched 3 c2 families

All done!
$ ./flightsim get -max 10 -cols 2 families:c2

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:38:13

12:38:13 [families:c2] Fetching c2 families

404 Keylogger   AB Stealer
APT29           ARS VBS Loader
ATRAPS          AZORult
AceRAT          Adwind
Agent Tesla     Alien

12:38:13 [families:c2] Fetched 10 c2 families

All done!
$ ./flightsim get -max 10 -cols 3 families:c2

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:38:17

12:38:17 [families:c2] Fetching c2 families

404 Keylogger   AB Stealer      APT29
ARS VBS Loader  ATRAPS          AZORult
AceRAT          Adwind          Agent Tesla
Alien

12:38:17 [families:c2] Fetched 10 c2 families

All done!
  • some error handling
$ ./flightsim get

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:39:28

nothing to get
$ ./flightsim get foo

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:39:32

unable to get 'foo': invalid format
$ ./flightsim get foo:

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:39:37

unable to get 'foo:': unsupported element 'foo'
$ ./flightsim get families:fsck

AlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)
The current time is 13-Oct-21 12:39:51

12:39:51 [families:fsck] Fetching fsck families
api.open.wisdom.alphasoc.net said: 400: {"reason":"category must be 'c2'"}

@kmroz kmroz requested review from tg and ioj October 13, 2021 10:46
@kmroz kmroz force-pushed the cmd-families branch 2 times, most recently from 58953b1 to b697728 Compare October 14, 2021 16:51
@kmroz kmroz marked this pull request as ready for review October 17, 2021 02:55
@kmroz kmroz force-pushed the cmd-families branch 2 times, most recently from 57a5261 to bd8f93b Compare October 19, 2021 10:42
@kmroz kmroz merged commit 376628d into alphasoc:master Oct 19, 2021
@kmroz kmroz deleted the cmd-families branch October 19, 2021 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tg tg Awaiting requested review from tg

@ioj ioj Awaiting requested review from ioj

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@kmroz