This post will document how to create server, client, and datatype modules for Egress-Assess. I’ll document the necessary functions and attributes that the framework requires, and hopefully try to give some helpful info.
Some basic info before diving into the specifics of the differences between the module types. All __init__ methods are able to access any command line parameter passed in by the user. If any module requires information from the command line (hint, all of them do in one way or another), you should declare attributes (based off of the command line options) for each class instance within the __init__ method.
All template modules are currently a .txt file. Once you’ve created your module and want to test/use it, rename it to a .py file within its respective folder.
Server Modules
The first module type to discuss are server modules. These modules will allow the framework to be put into a “server mode” which typically entails listening and waiting for the client to connect into the server, and transmit data to the server. A blank server module template is available at this link to use as a base for creating a server module.
The self.protocol attribute is the only required attribute for server modules. This attribute is what is displayed to the user when typing --list-servers. This is also the value that is used to identify and use the server module when used in conjunction with the --server flag.
The serve function is the only required function for the server class. It is what is used by the framework to start the server. You can create as many different functions as needed for the server class, but the serve function should be considered the “main” of the server module.
Client Modules
The client module will typically be used to transmit data over a specific protocol, vs. receiving any data. A blank client module template can be found at this location.
The self.protocol attribute is the only required attribute for client modules. This attribute is what is displayed to the user when typing --list-clients. This is also the value that is used to identify and use the server module when used in conjunction with the --client flag.
The transmit function is the only required function for client modules. It is the function called by the framework to transmit data. The transmit function has a variable passed into it (data_to_transmit) which is the data that the client is supposed to transmit to the server. Similar to server modules, the transmit function should be considered like the “main” function of client modules. You can create as many additional functions necessary for the client module’s use, but the transmit function is what will be invoked by the framework.
Datatype Modules
The datatype module is used to generate any sort of data. Currently, there’s support for modules that generate social security numbers or credit card numbers. A blank datatype template can be found at this location.
The self.cli, self.description, and self.filetype attributes are required for datatype modules. The self.cli attributes is part of what is displayed when the user types --list-datatypes and is what is used to uniquely select the specific datatype to use with the --datatype flag. This should be short since it is what is passed in by the user in the command line.
The self.description attribute can be used to better describe the datatype that is generated by the module. This is also displayed when a user types --list-datatypes. For example, the credit card module has “cc” as the self.cli attribute and “Credit Card Numbers” as the self.description attribute.
The self.filetype is currently only used when attempting to exfil data over ftp, but it is a required attribute. This is to let the framework know if the data is text or binary data. If text, keep the filetype attribute as text. Otherwise, change it.
The generate_data function is a required function for datatype modules. It is what is invoked by the framework to generate the specific type of data requested by the user. It must also return the total “data” generated. As an example, the social security number datatype module generates X number of credit cards, and they are returned into the framework at the conclusion of the generate_data function.
Helper Functions
There are a few helper functions that are accessible to all modules. The functions are in the helpers.py file within the framework. However, a brief description of this is:
helpers.randomNumbers(X)– returns “X” number of random numbershelpers.ea_path()– returns the current path the Egress-Assess is inhelpers.writeout_text_data(incoming_data)– writes out a file containing the data passed into function, and returns the name of the file
I hope this helps explain how to write any of the currently available modules. If anyone has any questions, feel free to hit me up on twitter or on IRC in #veil!