Proxsneak/bettercap/modules/c2/c2.go

package c2

import (
	"bytes"
	"crypto/tls"
	"fmt"
	"github.com/acarl005/stripansi"
	"github.com/bettercap/bettercap/modules/events_stream"
	"github.com/bettercap/bettercap/session"
	"github.com/evilsocket/islazy/log"
	"github.com/evilsocket/islazy/str"
	irc "github.com/thoj/go-ircevent"
	"strings"
	"text/template"
)

type settings struct {
	server         string
	tls            bool
	tlsVerify      bool
	nick           string
	user           string
	password       string
	saslUser       string
	saslPassword   string
	operator       string
	controlChannel string
	eventsChannel  string
	outputChannel  string
}

type C2 struct {
	session.SessionModule

	settings  settings
	stream    *events_stream.EventsStream
	templates map[string]*template.Template
	channels  map[string]string
	client    *irc.Connection
	eventBus  session.EventBus
	quit      chan bool
}

type eventContext struct {
	Session *session.Session
	Event   session.Event
}

func NewC2(s *session.Session) *C2 {
	mod := &C2{
		SessionModule: session.NewSessionModule("c2", s),
		stream:        events_stream.NewEventsStream(s),
		templates:     make(map[string]*template.Template),
		channels:      make(map[string]string),
		quit:          make(chan bool),
		settings: settings{
			server:         "localhost:6697",
			tls:            true,
			tlsVerify:      false,
			nick:           "bettercap",
			user:           "bettercap",
			password:       "password",
			operator:       "admin",
			eventsChannel:  "#events",
			outputChannel:  "#events",
			controlChannel: "#events",
		},
	}

	mod.AddParam(session.NewStringParameter("c2.server",
		mod.settings.server,
		"",
		"IRC server address and port."))

	mod.AddParam(session.NewBoolParameter("c2.server.tls",
		"true",
		"Enable TLS."))

	mod.AddParam(session.NewBoolParameter("c2.server.tls.verify",
		"false",
		"Enable TLS certificate validation."))

	mod.AddParam(session.NewStringParameter("c2.operator",
		mod.settings.operator,
		"",
		"IRC nickname of the user allowed to run commands."))

	mod.AddParam(session.NewStringParameter("c2.nick",
		mod.settings.nick,
		"",
		"IRC nickname."))

	mod.AddParam(session.NewStringParameter("c2.username",
		mod.settings.user,
		"",
		"IRC username."))

	mod.AddParam(session.NewStringParameter("c2.password",
		mod.settings.password,
		"",
		"IRC server password."))

	mod.AddParam(session.NewStringParameter("c2.sasl.username",
		mod.settings.saslUser,
		"",
		"IRC SASL username."))

	mod.AddParam(session.NewStringParameter("c2.sasl.password",
		mod.settings.saslPassword,
		"",
		"IRC server SASL password."))

	mod.AddParam(session.NewStringParameter("c2.channel.output",
		mod.settings.outputChannel,
		"",
		"IRC channel to send commands output to."))

	mod.AddParam(session.NewStringParameter("c2.channel.events",
		mod.settings.eventsChannel,
		"",
		"IRC channel to send events to."))

	mod.AddParam(session.NewStringParameter("c2.channel.control",
		mod.settings.controlChannel,
		"",
		"IRC channel to receive commands from."))

	mod.AddHandler(session.NewModuleHandler("c2 on", "",
		"Start the C2 module.",
		func(args []string) error {
			return mod.Start()
		}))

	mod.AddHandler(session.NewModuleHandler("c2 off", "",
		"Stop the C2 module.",
		func(args []string) error {
			return mod.Stop()
		}))

	mod.AddHandler(session.NewModuleHandler("c2.channel.set EVENT_TYPE CHANNEL",
		"c2.channel.set ([^\\s]+) (.+)",
		"Set a specific channel to report events of this type.",
		func(args []string) error {
			eventType := args[0]
			channel := args[1]

			mod.Debug("setting channel for event %s: %v", eventType, channel)
			mod.channels[eventType] = channel
			return nil
		}))

	mod.AddHandler(session.NewModuleHandler("c2.channel.clear EVENT_TYPE",
		"c2.channel.clear ([^\\s]+)",
		"Clear the channel to use for a specific event type.",
		func(args []string) error {
			eventType := args[0]
			if _, found := mod.channels[args[0]]; found {
				delete(mod.channels, eventType)
				mod.Debug("cleared channel for %s", eventType)
			} else {
				return fmt.Errorf("channel for event %s not set", args[0])
			}
			return nil
		}))

	mod.AddHandler(session.NewModuleHandler("c2.template.set EVENT_TYPE TEMPLATE",
		"c2.template.set ([^\\s]+) (.+)",
		"Set the reporting template to use for a specific event type.",
		func(args []string) error {
			eventType := args[0]
			eventTemplate := args[1]

			parsed, err := template.New(eventType).Parse(eventTemplate)
			if err != nil {
				return err
			}

			mod.Debug("setting template for event %s: %v", eventType, parsed)
			mod.templates[eventType] = parsed
			return nil
		}))

	mod.AddHandler(session.NewModuleHandler("c2.template.clear EVENT_TYPE",
		"c2.template.clear ([^\\s]+)",
		"Clear the reporting template to use for a specific event type.",
		func(args []string) error {
			eventType := args[0]
			if _, found := mod.templates[args[0]]; found {
				delete(mod.templates, eventType)
				mod.Debug("cleared template for %s", eventType)
			} else {
				return fmt.Errorf("template for event %s not set", args[0])
			}
			return nil
		}))

	mod.Session.Events.OnPrint(mod.onPrint)

	return mod
}

func (mod *C2) Name() string {
	return "c2"
}

func (mod *C2) Description() string {
	return "A CnC module that connects to an IRC server for reporting and commands."
}

func (mod *C2) Author() string {
	return "Simone Margaritelli <evilsocket@gmail.com>"
}

func (mod *C2) Configure() (err error) {
	if mod.Running() {
		return session.ErrAlreadyStarted(mod.Name())
	}

	if err, mod.settings.server = mod.StringParam("c2.server"); err != nil {
		return err
	} else if err, mod.settings.tls = mod.BoolParam("c2.server.tls"); err != nil {
		return err
	} else if err, mod.settings.tlsVerify = mod.BoolParam("c2.server.tls.verify"); err != nil {
		return err
	} else if err, mod.settings.nick = mod.StringParam("c2.nick"); err != nil {
		return err
	} else if err, mod.settings.user = mod.StringParam("c2.username"); err != nil {
		return err
	} else if err, mod.settings.password = mod.StringParam("c2.password"); err != nil {
		return err
	} else if err, mod.settings.saslUser = mod.StringParam("c2.sasl.username"); err != nil {
		return err
	} else if err, mod.settings.saslPassword = mod.StringParam("c2.sasl.password"); err != nil {
		return err
	} else if err, mod.settings.operator = mod.StringParam("c2.operator"); err != nil {
		return err
	} else if err, mod.settings.eventsChannel = mod.StringParam("c2.channel.events"); err != nil {
		return err
	} else if err, mod.settings.controlChannel = mod.StringParam("c2.channel.control"); err != nil {
		return err
	} else if err, mod.settings.outputChannel = mod.StringParam("c2.channel.output"); err != nil {
		return err
	}

	mod.eventBus = mod.Session.Events.Listen()

	mod.client = irc.IRC(mod.settings.nick, mod.settings.user)

	if log.Level == log.DEBUG {
		mod.client.VerboseCallbackHandler = true
		mod.client.Debug = true
	}

	mod.client.Password = mod.settings.password
	mod.client.UseTLS = mod.settings.tls
	mod.client.TLSConfig = &tls.Config{
		InsecureSkipVerify: !mod.settings.tlsVerify,
	}

	if mod.settings.saslUser != "" || mod.settings.saslPassword != "" {
		mod.client.SASLLogin = mod.settings.saslUser
		mod.client.SASLPassword = mod.settings.saslPassword
		mod.client.UseSASL = true
	}

	mod.client.AddCallback("PRIVMSG", func(event *irc.Event) {
		channel := event.Arguments[0]
		message := event.Message()
		from := event.Nick

		if from != mod.settings.operator {
			mod.client.Privmsg(event.Nick, "nope")
			return
		}

		if channel != mod.settings.controlChannel && channel != mod.settings.nick {
			mod.Debug("from:%s on:%s - '%s'", from, channel, message)
			return
		}

		mod.Debug("from:%s on:%s - '%s'", from, channel, message)

		parts := strings.SplitN(message, " ", 2)
		cmd := parts[0]
		args := ""
		if len(parts) > 1 {
			args = parts[1]
		}

		if cmd == "join" {
			mod.client.Join(args)
		} else if cmd == "part" {
			mod.client.Part(args)
		} else if cmd == "nick" {
			mod.client.Nick(args)
		} else if err = mod.Session.Run(message); err == nil {

		} else {
			mod.client.Privmsgf(event.Nick, "error: %v", stripansi.Strip(err.Error()))
		}
	})

	mod.client.AddCallback("001", func(e *irc.Event) {
		mod.Debug("got 101")
		mod.client.Join(mod.settings.controlChannel)
		mod.client.Join(mod.settings.outputChannel)
		mod.client.Join(mod.settings.eventsChannel)
	})

	return mod.client.Connect(mod.settings.server)
}

func (mod *C2) onPrint(format string, args ...interface{}) {
	if !mod.Running() {
		return
	}

	msg := stripansi.Strip(str.Trim(fmt.Sprintf(format, args...)))

	for _, line := range strings.Split(msg, "\n") {
		mod.client.Privmsg(mod.settings.outputChannel, line)
	}
}

func (mod *C2) onEvent(e session.Event) {
	if mod.Session.EventsIgnoreList.Ignored(e) {
		return
	}

	// default channel or event specific channel?
	channel := mod.settings.eventsChannel
	if custom, found := mod.channels[e.Tag]; found {
		channel = custom
	}

	var out bytes.Buffer
	if tpl, found := mod.templates[e.Tag]; found {
		// use a custom template to render this event
		if err := tpl.Execute(&out, eventContext{
			Session: mod.Session,
			Event:   e,
		}); err != nil {
			fmt.Fprintf(&out, "%v", err)
		}
	} else {
		// use the default view to render this event
		mod.stream.Render(&out, e)
	}

	// make sure colors and in general bash escape sequences are removed
	msg := stripansi.Strip(str.Trim(string(out.Bytes())))

	mod.client.Privmsg(channel, msg)
}

func (mod *C2) Start() error {
	if err := mod.Configure(); err != nil {
		return err
	}

	return mod.SetRunning(true, func() {
		mod.Info("started")

		for mod.Running() {
			var e session.Event
			select {
			case e = <-mod.eventBus:
				mod.onEvent(e)

			case <-mod.quit:
				mod.Debug("got quit")
				return
			}
		}
	})
}

func (mod *C2) Stop() error {
	return mod.SetRunning(false, func() {
		mod.quit <- true
		mod.Session.Events.Unlisten(mod.eventBus)
		mod.client.Quit()
		mod.client.Disconnect()
	})
}