Merge branch 'main' into cp/quest-details-page

.devcontainer/devcontainer.json

@@ -13,23 +13,42 @@
 	"runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ],
 
 	// Set *default* container specific settings.json values on container create.
-	"settings": {
-		// GO
-		"go.toolsManagement.checkForUpdates": "local",
-		"go.useLanguageServer": true,
-		"go.gopath": "/go",
-		"go.goroot": "/usr/local/go",
-
-		// Misc
-		"trailing-spaces.trimOnSave": true
-	},
+	"customizations": {
+		"vscode": {
+			"settings": {
+				// GO
+				"go.toolsManagement.checkForUpdates": "local",
+				"go.useLanguageServer": true,
+				"go.gopath": "/go",
+				"go.goroot": "/usr/local/go",
 
-	// Add the IDs of extensions you want installed when the container is created.
-	"extensions": [
-		"golang.Go",
-		"graphql.vscode-graphql",
-		"rust-lang.rust-analyzer"
-	],
+				// Formatting
+				"editor.formatOnSave": true,
+				"files.trimTrailingWhitespace": true,
+				"files.insertFinalNewline": true,
+				"files.trimFinalNewlines": true,
+
+				// Misc
+				"vsicons.dontShowNewVersionMessage": true,
+				"workbench.iconTheme": "vscode-icons",
+				"git.autofetch": true
+			},
+
+			// Add the IDs of extensions you want installed when the container is created.
+			"extensions": [
+				"DavidAnson.vscode-markdownlint",
+				"golang.Go",
+				"graphql.vscode-graphql",
+				"GraphQL.vscode-graphql-syntax",
+				"HashiCorp.terraform",
+				"rust-lang.rust-analyzer",
+				"sourcegraph.sourcegraph",
+				"vscode-icons-team.vscode-icons",
+				"xaver.clang-format",
+				"zxh404.vscode-proto3"
+			]
+		}
+	},
 
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	"appPort": [
@@ -48,4 +67,4 @@
 	"mounts": [
 		"source=realm-bashhistory,target=/commandhistory,type=volume"
 	]
-}
+}

.github/workflows/tests.yml

@@ -50,17 +50,17 @@ jobs:
     - name: Setup Rust
       uses: actions-rs/toolchain@v1
       with:
-        toolchain: nightly-2022-11-03
+        toolchain: nightly-2023-09-04
         default: true
         profile: minimal
     - name: rust-cache
       uses: Swatinem/rust-cache@v2
       with:
         workspaces: "./implants/ -> ../target"
-    - name: Install latest nextest release
-      uses: taiki-e/install-action@nextest
-    - name: Install cargo-llvm-cov
-      uses: taiki-e/install-action@cargo-llvm-cov
+    - name: Install latest nextest & cargo-llvm-cov release
+      uses: taiki-e/install-action@v2.17.7
+      with:
+        tool: nextest,cargo-llvm-cov
     - name: 🔎 Run tests
       run: cd ./implants/ && cargo llvm-cov nextest --lcov --output-path lcov.info
     - name: 📶 Upload Coverage Results

.gitignore

@@ -15,7 +15,6 @@ cmd/implants/Cargo.lock
 
 # Build artifacts
 dist/**
-build/**
 
 # Binaries for programs and plugins
 *.exe

docs/_docs/dev-guide/introduction.md

@@ -1,6 +1,6 @@
 ---
 title: Introduction
-tags: 
+tags:
  - Dev Guide
 description: Read this before contributing to Realm!
 permalink: dev-guide/introduction
@@ -15,7 +15,7 @@ Realm is under heavy active development and documentation can go stale quickly i
 
 We will do our best during code review to catch changes that require documentation updates, but sometimes things will slip by. If you notice a discrepancy between our codebase and the documentation, please kindly [file an issue](https://github.com/kcarretto/realm/issues/new?labels=documentation&title=Documentation%20Discrepancy:&body=Please%20include%20the%20location%20of%20the%20inaccurate%20documentation%20and%20a%20helpful%20description%20of%20what%20needs%20improvement.) to track it or submit a PR to correct it. You can use the ["Edit this page"](https://github.com/kcarretto/realm/edit/main/docs/_docs/dev-guide/introduction.md) feature in the right navbar of the documentation to quickly navigate to the appropriate section of documentation that requires an update.
 
-### Testing 
+### Testing
 
 Realm contains code across a variety of languages and frameworks. Testing helps ensure our codebase remains stable, enables us to refactor and develop new features with confidence, and can help new Realm developers understand the expected behavior of our code. Below is an outline of the testing requirements for each portion of the codebase, as well as guidance on testing best practices.
 
@@ -60,7 +60,7 @@ A Task represents a set of instructions to perform on a Target system. For examp
 References malicious code or persistence mechanisms that are deployed to compromise target systems. Some configuration information for Implants (e.g. `ImplantConfigs`) can be managed through Tavern.
 
 ### Agent
-An Agent is a type of implant which retrieves execution instructions by connecting to our backend infrastructure (calling back) and querying for new tasks. 
+An Agent is a type of implant which retrieves execution instructions by connecting to our backend infrastructure (calling back) and querying for new tasks.
 
 # Project Structure
 * **[.devcontainer](https://github.com/KCarretto/realm/tree/main/.devcontainer)** contains settings required for configuring a VSCode dev container that can be used for Realm development
@@ -75,9 +75,9 @@ An Agent is a type of implant which retrieves execution instructions by connecti
     * **[implants/lib/tavern](https://github.com/KCarretto/realm/tree/main/implants/lib/tavern)** is the source of our agents graphql API to interface with Tavern (Rust)
 * **[tavern](https://github.com/KCarretto/realm/tree/main/tavern)** is the parent folder of Tavern related code and packages, and stores the `main.go` executable for the service
     * **[tavern/auth](https://github.com/KCarretto/realm/tree/main/tavern/auth)** is a package for managing authentication for Tavern, and is used by various packages that rely on obtaining viewer information
-    * **[tavern/ent](https://github.com/KCarretto/realm/tree/main/tavern/ent)** contains models and related code for interacting with the database (most of this is code generated by **[entgo](https://entgo.io/))**
-        * **[tavern/ent/schema](https://github.com/KCarretto/realm/tree/main/tavern/ent/schema)** contains the schema definitions for our DB models
-    * **[tavern/graphql](https://github.com/KCarretto/realm/tree/main/tavern/graphql)** contains our GraphQL definitions and resolvers (most of this code is generated by **[entgo](https://entgo.io/)** and **[gqlgen](https://github.com/99designs/gqlgen))**
+    * **[tavern/internal/ent](https://github.com/KCarretto/realm/tree/main/tavern/internal/ent)** contains models and related code for interacting with the database (most of this is code generated by **[entgo](https://entgo.io/))**
+        * **[tavern/internal/ent/schema](https://github.com/KCarretto/realm/tree/main/tavern/internal/ent/schema)** contains the schema definitions for our DB models
+    * **[tavern/internal/graphql](https://github.com/KCarretto/realm/tree/main/tavern/internal/graphql)** contains our GraphQL definitions and resolvers (most of this code is generated by **[entgo](https://entgo.io/)** and **[gqlgen](https://github.com/99designs/gqlgen))**
     * **[tavern/internal](https://github.com/KCarretto/realm/tree/main/tavern/internal)** contains various internal packages that makeup Tavern
         * **[tavern/internal/www](https://github.com/KCarretto/realm/tree/main/tavern/internal/www)** contains Tavern's UI code
 * **[terraform](https://github.com/KCarretto/realm/tree/main/terraform)** contains the Terraform used to deploy a production ready Realm instance. See [Tavern User Guide](https://docs.realm.pub/user-guide/tavern) to learn how to use.

docs/_docs/dev-guide/tavern.md

@@ -214,33 +214,33 @@ query get_task_res {
 ### Creating a New Model
 
 1. Initialize the schema `cd tavern && go run entgo.io/ent/cmd/ent init <NAME>`
-2. Update the generated file in `tavern/ent/schema/<NAME>.go`
+2. Update the generated file in `tavern/internal/ent/schema/<NAME>.go`
 3. Ensure you include a `func (<NAME>) Annotations() []schema.Annotation` method which returns a `entgql.QueryField()` annotation to tell entgo to generate a GraphQL root query for this model (if you'd like it to be queryable from the root query)
-4. Update `tavern/graphql/gqlgen.yml` to include the ent types in the `autobind:` section (e.g.`- github.com/kcarretto/realm/tavern/ent/<NAME>`)
-5. **Optionally** update the `models:` section of `tavern/graphql/gqlgen.yml` to bind any GraphQL enum types to their respective `entgo` generated types (e.g. `github.com/kcarretto/realm/tavern/ent/<NAME>.<ENUM_FIELD>`)
+4. Update `tavern/internal/graphql/gqlgen.yml` to include the ent types in the `autobind:` section (e.g.`- github.com/kcarretto/realm/tavern/internal/ent/<NAME>`)
+5. **Optionally** update the `models:` section of `tavern/internal/graphql/gqlgen.yml` to bind any GraphQL enum types to their respective `entgo` generated types (e.g. `github.com/kcarretto/realm/tavern/internal/ent/<NAME>.<ENUM_FIELD>`)
 6. Run `go generate ./tavern/...` from the project root
 7. If you added an annotation for a root query field (see above), you will notice auto-generated the `query.resolvers.go` file has been updated with new methods to query your model (e.g. `func (r *queryResolver) <NAME>s ...`)
     * This must be implemented (e.g. `return r.client.<NAME>.Query().All(ctx)` where NAME is the name of your model)
 
 ### Adding Mutations
 
 1. Update the `mutation.graphql` schema file to include your new mutation and please include it in the section for the model it's mutating if applicable (e.g. createUser should be defined near all the related User mutations)
-    * **Note:** Input types such as `Create<NAME>Input` or `Update<NAME>Input` will already be generated if you [added the appropriate annotations to your ent schema](https://entgo.io/docs/tutorial-todo-gql#install-and-configure-entgql). If you require custom input mutations (e.g. `ClaimTasksInput`) then add them to the `inputs.graphql` file (Golang code will be generated in tavern/graphql/models e.g. `models.ClaimTasksInput`).
+    * **Note:** Input types such as `Create<NAME>Input` or `Update<NAME>Input` will already be generated if you [added the appropriate annotations to your ent schema](https://entgo.io/docs/tutorial-todo-gql#install-and-configure-entgql). If you require custom input mutations (e.g. `ClaimTasksInput`) then add them to the `inputs.graphql` file (Golang code will be generated in tavern/internal/graphql/models e.g. `models.ClaimTasksInput`).
 2. Run `go generate ./...`
-3. Implement generated the generated mutation resolver method in `tavern/graphql/mutation.resolvers.go`
+3. Implement generated the generated mutation resolver method in `tavern/internal/graphql/mutation.resolvers.go`
     * Depending on the mutation you're trying to implement, a one liner such as `return r.client.<NAME>.Create().SetInput(input).Save(ctx)` might be sufficient
-4. Please write a unit test for your new mutation by defining YAML test cases in a new `testdata/mutations` subdirectory with your mutations name (e.g. `tavern/graphql/testdata/mutations/mymutation/SomeTest.yml`)
+4. Please write a unit test for your new mutation by defining YAML test cases in a new `testdata/mutations` subdirectory with your mutations name (e.g. `tavern/internal/graphql/testdata/mutations/mymutation/SomeTest.yml`)
 
 ### Code Generation Reference
 
 * After making a change, remember to run `go generate ./...` from the project root.
-* `tavern/ent/schema` is a directory which defines our graph using database models (ents) and the relations between them
+* `tavern/internal/ent/schema` is a directory which defines our graph using database models (ents) and the relations between them
 * `tavern/generate.go` is responsible for generating ents defined by the ent schema as well as updating the GraphQL schema and generating related code
-* `tavern/ent/entc.go` is responsible for generating code for the entgo <-> 99designs/gqlgen GraphQL integration
-* `tavern/graphql/schema/mutation.graphql` defines all mutations supported by our API
-* `tavern/graphql/schema/query.graphql` is a GraphQL schema automatically generated by ent, providing useful types derived from our ent schemas as well as root-level queries defined by entgo annotations
-* `tavern/graphql/schema/scalars.graphql` defines scalar GraphQL types that can be used to help with Go bindings (See [gqlgen docs](https://gqlgen.com/reference/scalars/) for more info)
-* `tavern/graphql/schema/inputs.graphql` defines custom GraphQL inputs that can be used with your mutations (e.g. outside of the default auto-generated CRUD inputs)
+* `tavern/internal/ent/entc.go` is responsible for generating code for the entgo <-> 99designs/gqlgen GraphQL integration
+* `tavern/internal/graphql/schema/mutation.graphql` defines all mutations supported by our API
+* `tavern/internal/graphql/schema/query.graphql` is a GraphQL schema automatically generated by ent, providing useful types derived from our ent schemas as well as root-level queries defined by entgo annotations
+* `tavern/internal/graphql/schema/scalars.graphql` defines scalar GraphQL types that can be used to help with Go bindings (See [gqlgen docs](https://gqlgen.com/reference/scalars/) for more info)
+* `tavern/internal/graphql/schema/inputs.graphql` defines custom GraphQL inputs that can be used with your mutations (e.g. outside of the default auto-generated CRUD inputs)
 
 ### YAML Test Reference
 
@@ -274,7 +274,7 @@ This however restricts the available transport methods the agent may use to comm
 
 ### GraphQL Example
 
-GraphQL mutations enable clients to _mutate_ or modify backend data. Tavern supports a variety of different mutations for interacting with the graph ([see schema](https://github.com/KCarretto/realm/blob/main/tavern/graphql/schema/mutation.graphql)). The two mutations agents rely on are `claimTasks` and `submitTaskResult` (covered in more detail below). GraphQL requests are submitted as HTTP POST requests to Tavern, with a JSON body including the GraphQL mutation. Below is an example JSON body that may be sent to the Tavern GraphQL API:
+GraphQL mutations enable clients to _mutate_ or modify backend data. Tavern supports a variety of different mutations for interacting with the graph ([see schema](https://github.com/KCarretto/realm/blob/main/tavern/internal/graphql/schema/mutation.graphql)). The two mutations agents rely on are `claimTasks` and `submitTaskResult` (covered in more detail below). GraphQL requests are submitted as HTTP POST requests to Tavern, with a JSON body including the GraphQL mutation. Below is an example JSON body that may be sent to the Tavern GraphQL API:
 
 ```json
 {

docs/_docs/user-guide/eldritch.md

@@ -56,6 +56,7 @@ It currently contains five modules:
 - `pivot` - Used to identify and move between systems.
 - `process` - Used to interact with processes on the system.
 - `sys` - General system capabilities can include loading libraries, or information about the current context.
+- `crypto` - Used to encrypt/decrypt or hash data.
 
 Functions fall into one of these five modules. This is done to improve clarity about function use.
 
@@ -143,7 +144,7 @@ The <b>file.list</b> method returns a list of files at the specified path. The p
 Each file is represented by a Dict type.
 Here is an example of the Dict layout:
 
-```JSON
+```json
 [
     {
         "file_name": "implants",
@@ -230,6 +231,28 @@ If a file or directory already exists at this path, the method will fail.
 `pivot.arp_scan(target_cidrs: List<str>) -> List<str>`
 
 The <b>pivot.arp_scan</b> method is being proposed to allow users to enumerate hosts on their network without using TCP connect or ping.
+- `target_cidrs` must be in a CIDR format eg. `127.0.0.1/32`. Domains and single IPs `example.com` / `127.0.0.1` cannot be passed.
+- Must be running as `root` to use.
+- Not supported on Windows
+
+Results will be in the format:
+
+```python
+$> pivot.arp_scan(["192.168.1.1/32"])
+```
+**Success**
+
+```json
+[
+    { "ip": "192.168.1.1", "mac": "ab:cd:ef:01:23:45", "interface": "eno0" }
+]
+```
+
+**Failure**
+
+```json
+[]
+```
 
 ### pivot.bind_proxy
 `pivot.bind_proxy(listen_address: str, listen_port: int, username: str, password: str ) -> None`
@@ -255,7 +278,7 @@ Inputs:
 
 Results will be in the format:
 
-```JSON
+```json
 [
     { "ip": "127.0.0.1", "port": 22, "protocol": "tcp", "status": "open"},
     { "ip": "127.0.0.1", "port": 21, "protocol": "tcp", "status": "closed"},
@@ -366,12 +389,25 @@ sys.execute("/bin/bash",["-c", "ls /nofile"])
 }
 ```
 
+### sys.get_env
+`sys.get_env() -> Dict`
+
+The <b>sys.get_env</b> method returns a dictionary that describes the current process's environment variables.
+An example is below:
+
+```json
+{
+    "FOO": "BAR",
+    "CWD": "/"
+}
+```
+
 ### sys.get_ip
 `sys.get_ip() -> List<Dict>`
 
 The <b>sys.get_ip</b> method returns a list of network interfaces as a dictionary. An example is available below:
 
-```JSON
+```json
 [
     {
         "name": "eth0",
@@ -403,6 +439,44 @@ An example is below:
     "distro": "Debian GNU/Linux 10 (buster)",
     "platform": "Linux"
 }
+```
+
+### sys.get_pid
+`sys.get_pid() -> int`
+
+The <b>sys.get_pid</b> method returns the process ID of the current process.
+An example is below:
+
+```python
+$> sys.get_pid()
+123456
+```
+
+### sys.get_user
+`sys.get_user() -> Dict`
+
+The <b>sys.get_user</b> method returns a dictionary that describes the current process's running user.
+On *Nix, will return UID, EUID, GID, EGID, and detailed user info for the UID and EUID mappings.
+For users, will return name and groups of user.
+
+```json
+{
+    "uid": {
+        "uid": 0,
+        "name": "root",
+        "gid": 0,
+        "groups": ["root"]
+    },
+    "euid": {
+        "uid": 0,
+        "name": "root",
+        "gid": 0,
+        "groups": ["root"]
+    },
+    "gid": 0,
+    "egid": 0
+}
+```
 
 ### sys.is_linux
 `sys.is_linux() -> bool`
@@ -439,3 +513,27 @@ sys.shell("ls /nofile")
 }
 ```
 
+## Crypto
+### crypto.aes_encrypt_file
+`crypto.aes_encrypt_file(src: str, dst: str, key: str) -> None`
+
+The <b>crypto.aes_encrypt_file</b> method encrypts the given src file, encrypts it using the given key and writes it to disk at the dst location.
+
+Key must be 16 Bytes (Characters)
+
+### crypto.aes_decrypt_file
+`crypto.aes_decrypt_file(src: str, dst: str, key: str) -> None`
+
+The <b>crypto.aes_decrypt_file</b> method decrypts the given src file using the given key and writes it to disk at the dst location.
+
+Key must be 16 Bytes (Characters)
+
+### crypto.hash_file
+`crypto.hash_file(file: str, algo: str) -> str`
+
+The <b>crypto.hash_file</b> method will produce the hash of the given file's contents. Valid algorithms include:
+
+- MD5
+- SHA1
+- SHA256
+- SHA512

go.sum

@@ -88,14 +88,12 @@ github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=
 github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli/v2 v2.24.4 h1:0gyJJEBYtCV87zI/x2nZCPyDxD51K6xM8SkwjHFCNEU=
 github.com/vektah/gqlparser/v2 v2.5.1 h1:ZGu+bquAY23jsxDRcYpWjttRZrUz07LbiY77gUOHcr4=
 github.com/vektah/gqlparser/v2 v2.5.1/go.mod h1:mPgqFBu/woKTVYWyNk8cO3kh4S/f4aRFZrvOnp3hmCs=
 github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
 github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/zclconf/go-cty v1.13.0 h1:It5dfKTTZHe9aeppbNOda3mN7Ag7sg6QkBNm6TkyFa0=
 github.com/zclconf/go-cty v1.13.0/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=