-
Notifications
You must be signed in to change notification settings - Fork 8
Contribute
Ayan Saha edited this page Jun 17, 2022
·
1 revision
-
Right now you can contribute by adding support for more modules. You are also welcome to report bugs or suggest improvements.
-
Modules are the evil actions that you can do on victim after you have got access to the same.
-
The modules are in data/modules/<category_of_module>/<module_name>.py
-
Category is determined by the kind of action the module is supposed to do, for example, a screenshot module is supposed to collect secreenshot/data from victim, so put in the collection folder.
-
You can add new folders for new category of modules or add to the already existing ones.
-
To write a new module, just copy the code of a previous module to get the template. Then do the below modifications -
- Change the name of the class to correspond the module name and same as the name of the file with initial letters capitalized, for ex: screenshot.py , the class name is Screenshot.py for browser_history.py the class name is Browser_History.py
- Change the description field, describing the work of the module with any special instruction you might have for running the module
- Then in module_options, you would want to add the various parameters of the module which you want to be customizable for the user. Add them in the hash
- Then you can add the script_powershell and/or the script_python function which should be the scripts when ran on victim gives you the desirable out, for example on running the script for the screenshot, it gives the screenshot of victim in base64 encoded form. NOTE : You might want to make changes to the script at runtime according to the parameters provided by user, for Ex : In revershell module, we take the lhost and lport as parameters, which we subsitiute in the script_python function before sending the script.
- Then you can define the handle_task_output function which tells the SpyderC2 server what to do with the output recived by the atttacker server on running the powershell/python script, for screenshot the variable data will be recieving the base64 encoded data of the screenshot, so that function decodes it and saves it to a file and then finally return a string which will inform the attacker what has been done, typically where to find the output. The options variable has the user configurable paramters, so you might want to do modifcation based on that, like saving to a location mentioned in the configuration.
- After it's written make sure it works on docker and non-docker installations and works properly with the OS and language intended for and submit a PR request.