Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basic netstat functionality #40

Merged
merged 3 commits into from
Dec 19, 2024
Merged

Add basic netstat functionality #40

merged 3 commits into from
Dec 19, 2024

Conversation

maclarel
Copy link
Contributor

This PR adds basic netstat functionality to Thanatos in order to facilitate enumeration of local network connections and sockets. This is accomplished using https://github.com/ohadravid/netstat2-rs, and data is returned to Mythic in JSON format for easy manipulation.

Invocation does not currently accept any additional parameters, and output is returned to Mythic in a JSON format so it can be easily dumped for further external automation/manipulation. Example:

netstat

[
    {
        "proto": "TCP",
        "local_addr": "127.0.0.53",
        "local_port": 53,
        "remote_addr": "0.0.0.0",
        "remote_port": 0,
        "associated_pids": "",
        "state": "LISTEN"
    },
    {
        "proto": "UDP",
        "local_addr": "10.0.0.1",
        "local_port": 68,
        "remote_addr": null,
        "remote_port": null,
        "associated_pids": "",
        "state": null
    },
    {
        "proto": "TCP",
        "local_addr": "10.0.0.1",
        "local_port": 22,
        "remote_addr": "10.0.0.2",
        "remote_port": 40803,
        "associated_pids": "",
        "state": "ESTABLISHED"
    },
    ...
]

Please note that I have not been able to properly test this on Windows, however this has been validated through testing on multiple Linux systems.

<3 from GitHub's Red Team

MEhrn00
MEhrn00 requested changes Dec 17, 2024
View reviewed changes
Copy link
Member

@MEhrn00 MEhrn00 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome thank you so much! I added a little bit of minor feedback on some things. I tested this on Windows and it was working great.

I can throw together a browser script for the output to make it display better in the Mythic console.

Payload_Type/thanatos/thanatos/agent_code/src/netstat.rs Outdated Show resolved Hide resolved
Payload_Type/thanatos/thanatos/agent_code/Cargo.toml Outdated Show resolved Hide resolved
Payload_Type/thanatos/thanatos/agent_code/src/netstat.rs Outdated Show resolved Hide resolved
Payload_Type/thanatos/thanatos/mythic/agent_functions/netstat.py Outdated Show resolved Hide resolved
@maclarel
Copy link
Contributor Author

Appreciate the feedback here @MEhrn00 ! I'll get some updates pushed up in the next day or two. First time working with Rust so definitely some gaps on my end 😅

@maclarel maclarel requested a review from MEhrn00 December 19, 2024 14:09
@maclarel
Copy link
Contributor Author

Updates have been pushed. As with the original code, some testing on Linux looks positive 🤞

MEhrn00
MEhrn00 approved these changes Dec 19, 2024
View reviewed changes
Copy link
Member

@MEhrn00 MEhrn00 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sweet! This looks great. I have a browser script for this ready and can get it all merged in 👍🏻

MEhrn00 added a commit that referenced this pull request Dec 19, 2024
@MEhrn00
Merge pull request #40 from maclarel/add_netstat
e3aae0a 
Add basic netstat functionality
@MEhrn00 MEhrn00 merged commit 3671ba2 into MythicAgents:main Dec 19, 2024
@MEhrn00
Copy link
Member

MEhrn00 commented Dec 19, 2024

Okay I merged it in and added it to the latest release Thanatos v0.1.10.

Thanks for this! 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MEhrn00 MEhrn00 MEhrn00 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maclarel @MEhrn00