Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,8 @@ cargo fmt
3. **Rust Formatting**: Always run `cargo fmt` - CI will fail without it.
4. **Linear History**: Use squash merge for PRs.
5. **React Components**: Avoid large ternary operations, instead break out the two pieces into components and use a simple ternary operation e.g. `condition ? <ComponentA /> : <ComponentB />`
6. **React Utilities**: Separate styling from logic and abstract reuseable functions into utils files.
7. **React Styling**: Attempt to reference existing pages and components for style guidelines, be sure to re-use components and match styling to maintain consistency.
6. **React Utilities**: Separate styling from logic and abstract reusable functions into utils files.
7. **React Styling**: Attempt to reference existing pages and components for style guidelines, be sure to reuse components and match styling to maintain consistency.
8. **Prefer Line-of-Sight Coding**: Avoid large indentation by returning early and keeping an unnested control flow, for example:

```golang
Expand Down
2 changes: 1 addition & 1 deletion bin/reflective_loader/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ edition = "2021"
crate-type = ["cdylib"]

[profile.dev]
opt-level = "z" # This reduces the numebr of symbols not found.
opt-level = "z" # This reduces the number of symbols not found.
lto = true
codegen-units = 1
panic = "abort"
Expand Down
10 changes: 5 additions & 5 deletions bin/reflective_loader/src/loader.rs
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ struct PeFileHeaders64 {
section_headers: [IMAGE_SECTION_HEADER; MAX_PE_SECTIONS],
}

// Pares the PE file from a series of bytes
// Parses the PE file from a series of bytes
#[cfg(target_arch = "x86_64")]
impl PeFileHeaders64 {
fn new(dll_bytes_ptr: *mut c_void) -> Self {
Expand Down Expand Up @@ -390,7 +390,7 @@ fn process_import_address_tables(
function_ordinal_ptr,
) as _;
} else {
// Calculate a refernce to the function name by adding the dll_base and name's RVA.
// Calculate a reference to the function name by adding the dll_base and name's RVA.
let image_import_ptr: *mut IMAGE_IMPORT_BY_NAME = (new_dll_base as usize
+ unsafe { library_thunk.u1.AddressOfData } as usize)
as *mut IMAGE_IMPORT_BY_NAME;
Expand Down Expand Up @@ -679,9 +679,9 @@ mod tests {
};

const TEST_PAYLOAD: &[u8] =
include_bytes!("..\\..\\create_file_dll\\target\\debug\\create_file_dll.dll");
include_bytes!("../../create_file_dll/target/debug/create_file_dll.dll");
const TEST_PAYLOAD_RELATIVE_PATH: &str =
"..\\create_file_dll\\target\\debug\\create_file_dll.dll";
"../../create_file_dll/target/debug/create_file_dll.dll";

fn get_export_address_by_name(
pe_bytes: &[u8],
Expand Down Expand Up @@ -819,7 +819,7 @@ mod tests {
assert_eq!(base_reloc_entry.reloc_type, 0xa);
}

// PE Headers change everytime create file dll is built
// PE Headers change every time create file dll is built
// #[test]
// fn test_reflective_loader_parse_pe_headers() -> () {

Expand Down
2 changes: 1 addition & 1 deletion docs/_docs/admin-guide/tavern.md
Original file line number Diff line number Diff line change
Expand Up @@ -571,7 +571,7 @@ mutation tempLink {
}
```

This will create a link that allows the link to be active until Feburary 2nd 2026 at 21:33:18 UTC with 10 downloads. These two conditions are or'd so if either is allowed the download will work.
This will create a link that allows the link to be active until February 2nd 2026 at 21:33:18 UTC with 10 downloads. These two conditions are or'd so if either is allowed the download will work.

If no path is specified a random 6 character path will be generated. In the graphql query above we request the path back to ensure we know where to grab the file.

Expand Down
2 changes: 1 addition & 1 deletion docs/_docs/dev-guide/tavern.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func (<NAME>) Annotations() []schema.Annotation {
entgql.MutationUpdate(), // Auto generate update mutation
),
entsql.Annotation{
Collation: "utf8mb4_general_ci", // Recommended - requried for case insensitive searching
Collation: "utf8mb4_general_ci", // Recommended - required for case insensitive searching
},
}
}
Expand Down
2 changes: 1 addition & 1 deletion docs/_docs/user-guide/eldritch.md
Original file line number Diff line number Diff line change
Expand Up @@ -962,7 +962,7 @@ It can use specific timestamps (epoch seconds or string format) or copy timestam
`file.write(path: str, content: str) -> None`

The **file.write** method writes to a given file path with the given content.
If a file already exists at this path, the method will overwite it. If a directory
If a file already exists at this path, the method will overwrite it. If a directory
already exists at the path the method will error.

### file.write_binary
Expand Down
4 changes: 2 additions & 2 deletions docs/_docs/user-guide/imix.md
Original file line number Diff line number Diff line change
Expand Up @@ -383,8 +383,8 @@ To change the default uniqueness behavior you can set the `IMIX_UNIQUE` environm

### Available Selectors

To proiritize stealth we reccomend removing the file uniqueness selectors: `export IMIX_UNIQUE='[{"type":"env"},{"type":"macaddr"}]'`
If you know the environment will have VMs cloned without sysprep we recommend proritizing the file selectors and removing macaddr: `export IMIX_UNIQUE='[{"type":"env"},{"type":"file"},{"type":"file","args":{"path_override":"/etc/system-id"}}]'`
To prioritize stealth we recommend removing the file uniqueness selectors: `export IMIX_UNIQUE='[{"type":"env"},{"type":"macaddr"}]'`
If you know the environment will have VMs cloned without sysprep we recommend prioritizing the file selectors and removing macaddr: `export IMIX_UNIQUE='[{"type":"env"},{"type":"file"},{"type":"file","args":{"path_override":"/etc/system-id"}}]'`

### Default Behavior

Expand Down
2 changes: 1 addition & 1 deletion implants/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ rand_chacha = { version = "0.3.1", default-features = false, features = ["std"]}
regex = { version = "1.5.5", default-features = false}
reqwest = { version = "0.12.15", default-features = false }
russh = "0.37.1"
russh-sftp = "=2.0.8" # `thiserror` dependcy in older versions causes downstream issues in other libraries.
russh-sftp = "=2.0.8" # `thiserror` dependency in older versions causes downstream issues in other libraries.
russh-keys = "0.37.1"
rustls = "0.23"
quinn = { version = "0.11", default-features = false, features = ["ring", "runtime-tokio"] }
Expand Down
2 changes: 1 addition & 1 deletion implants/golem/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ fn main() -> anyhow::Result<()> {
});
}
}
// If we havent specified tomes in INPUT, we need to look through the asset locker for tomes to run
// If we haven't specified tomes in INPUT, we need to look through the asset locker for tomes to run
if parsed_tomes.is_empty() {
match locker.list() {
Ok(assets) => {
Expand Down
2 changes: 1 addition & 1 deletion implants/golem/tests/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ fn test_golem_main_loaded_files() -> anyhow::Result<()> {

// Test running `./golem -a ../../bin/golem_cli_test/ -e`
// NOTE: Depending on how this test is run, the commands may not actually be run
// therefor we only test the output of eldritch and not the stdlib
// therefore we only test the output of eldritch and not the stdlib
#[test]
fn test_golem_main_loaded_and_embdedded_files() -> anyhow::Result<()> {
let mut cmd = Command::new(cargo_bin!("golem"));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ pub fn find_best_match(target: &str, candidates: &[String]) -> Option<String> {
// Threshold logic:
// Allow a distance of up to 4, or half the string length + 1.
// This allows "config" (6) -> "get_config" (10) (dist 4, threshold 4)
// "apend" (5) -> "append" (6) (dist 1, threshold 3)
// "append" (5) -> "append" (6) (dist 1, threshold 3)
let threshold = (target.len() / 2 + 1).clamp(1, 4);

for candidate in candidates {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ impl StdAssetsLibrary {
// Make a hashset of the new asset names
let new_assets: HashSet<String> =
backend.assets().into_iter().map(Cow::into_owned).collect();
// See if any name overlap with existin assets
// See if any name overlap with existing assets
let colliding_names: Vec<&str> = self
.asset_names
.intersection(&new_assets)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ async fn handle_ncat(address: String, port: i32, data: String, protocol: String)
// Connect to remote host
let mut connection = TcpStream::connect(&address_and_port).await?;

// Write our meessage
// Write our message
connection.write_all(data.as_bytes()).await?;

// Read server response
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -402,7 +402,7 @@ async fn handle_port_scan(

let mut result: Vec<(String, i32, String, String)> = vec![];
// Await results of each job.
// We are not acting on scan results indepently so it's okay to loop through each and only return when all have finished.
// We are not acting on scan results independently so it's okay to loop through each and only return when all have finished.
for task in all_scan_futures {
match task.await? {
Ok(res) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ mod tests {
offset: u64,
data: Vec<u8>,
) -> Result<Status, Self::Error> {
//Warning this will only write one chunk - subsequesnt chunks will overwirte the old ones.
//Warning this will only write one chunk - subsequent chunks will overwrite the old ones.
// Tests over the size of the chunk will fail
let tmp_data = String::from_utf8(data).unwrap();
fs::write(handle, tmp_data.trim_end_matches(char::from(0))).unwrap();
Expand Down
2 changes: 1 addition & 1 deletion implants/lib/transport/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ http = { workspace = true }
tower = { workspace = true }
# Use hyper 1.x for grpc
hyper = { workspace = true, features = ["client"] }
# These crates are kinda funky gonna keep them in just transprot for now.
# These crates are kinda funky gonna keep them in just transport for now.
hyper_legacy = { package = "hyper", version = "0.14", features = ["client", "http1", "http2", "stream"] }
hyper-util = { version = "0.1", features = ["client", "client-legacy", "http1", "http2"] }
hyper-rustls = { version = "0.27", default-features = false, features = ["webpki-tokio", "http2"] }
Expand Down
2 changes: 1 addition & 1 deletion tavern/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ import (
tavernmcp "realm.pub/tavern/internal/mcp"
"realm.pub/tavern/internal/portals"
"realm.pub/tavern/internal/portals/mux"
"realm.pub/tavern/internal/portals/ssh"
"realm.pub/tavern/internal/portals/pty"
"realm.pub/tavern/internal/portals/ssh"
"realm.pub/tavern/internal/redirectors"
"realm.pub/tavern/internal/scheduler"
"realm.pub/tavern/internal/secrets"
Expand Down
2 changes: 1 addition & 1 deletion tavern/internal/auth/token_auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ const ParamTokenRedirToken = "access_token"
// HeaderAPIAccessToken is the name of the header clients should set to authenticate with personal access tokens.
const HeaderAPIAccessToken = "X-Tavern-Access-Token"

// NewTokenRedirectHandler returns a new http endpoint that redirects the requestor to http://127.0.0.1 at the port specified
// NewTokenRedirectHandler returns a new http endpoint that redirects the requester to http://127.0.0.1 at the port specified
// in the query parameters. This method requires an authenticated session, and will set the user's personal access token in the redirected
// URL query parameters intended for use by CLI applications authenticating to Tavern.
func NewTokenRedirectHandler() http.HandlerFunc {
Expand Down
4 changes: 2 additions & 2 deletions tavern/internal/builder/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ The builder package orchestrates agent compilation for target platforms. It conn

### future
- Add terraform for build server
- Register redirectors so bulider callback uri can be a drop down.
- Register redirectors so builder callback uri can be a drop down.
- Modifying the agent IMIX_CONFIG currently requires changes to both imix and tavern code bases now. Is there a way to codegen a YAML spec from tavern to the agent?
- De-dupe agent builds should the API stop builds that have the same params and point to the existing build? Or is this a UI thing?

Expand All @@ -33,7 +33,7 @@ The builder package orchestrates agent compilation for target platforms. It conn
- Target OS + Target Format ---> rust target
- TargetOS's only support certain formats
- where to get the realm source code from - pull public repo?
- Currentt pattern with arbitrary bulid script is RCE as a service. Scope and limit this to just build configuration options.
- Currentt pattern with arbitrary build script is RCE as a service. Scope and limit this to just build configuration options.
- upstream should be free form
- pubkey can be set by the server
## Overview
Expand Down
1 change: 0 additions & 1 deletion tavern/internal/c2/api_claim_tasks.go
Original file line number Diff line number Diff line change
Expand Up @@ -494,4 +494,3 @@ func (srv *Server) ClaimTasks(ctx context.Context, req *c2pb.ClaimTasksRequest)
// Return claimed tasks
return &resp, nil
}

4 changes: 2 additions & 2 deletions tavern/internal/cdn/download_screenshot_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ func TestDownloadScreenshot(t *testing.T) {
wantBody: []byte(fmt.Sprintf("%s\n", cdn.ErrInvalidFileID.Error())),
},
{
name: "Cached",
reqURL: fmt.Sprintf("/download/%d", existingScreenshot.ID),
name: "Cached",
reqURL: fmt.Sprintf("/download/%d", existingScreenshot.ID),
wantStatus: cdn.ErrFileNotModified.StatusCode,
wantBody: []byte(fmt.Sprintf("%s\n", cdn.ErrFileNotModified.Error())),
},
Expand Down
2 changes: 1 addition & 1 deletion tavern/internal/ent/enttest/testdb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions tavern/internal/ent/hook_events_test.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion tavern/internal/http/shell/websocket.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ const (
type WebsocketControlFlowSignal string

// WebsocketControlFlowSignalPortalUpgrade indicates that the connection has been upgraded to use a portal for interactivity.
// WebsocketControlFlowSignalPortalDowngrade indicates that the connection has been downgraded to a non-interactive polling model, indicating that the portal has closed or is unuseable.
// WebsocketControlFlowSignalPortalDowngrade indicates that the connection has been downgraded to a non-interactive polling model, indicating that the portal has closed or is unusable.
const (
WebsocketControlFlowSignalPortalUpgrade = "PORTAL_UPGRADE"
WebsocketControlFlowSignalPortalDowngrade = "PORTAL_DOWNGRADE"
Expand Down
2 changes: 1 addition & 1 deletion tavern/internal/redirectors/quic/quic_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func TestRedirector_QUIC_UnaryAndStreaming(t *testing.T) {

// 2. Setup the QUIC redirector
redirecter := &quicRedirector.Redirector{}

// Create UDP listener to find a free port
conn, err := net.ListenUDP("udp", &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 0})
require.NoError(t, err)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ describe("useCallbackTimer", () => {
});

it("should return true for isMissedCallback but false for isLateCheckin when checkin is 1 minute late", () => {
const pastTime = moment().subtract(1, "minute").subtract(10, "seconds").toISOString();
const beaconData = { node: { nextSeenAt: pastTime } };
const pastime = moment().subtract(1, "minute").subtract(10, "seconds").toISOString();
const beaconData = { node: { nextSeenAt: pastime } };

const { result } = renderHook(() => useCallbackTimer(beaconData));

Expand All @@ -35,8 +35,8 @@ describe("useCallbackTimer", () => {
});

it("should return true for isLateCheckin when checkin is over 5 minutes late", () => {
const pastTime = moment().subtract(5, "minutes").subtract(10, "seconds").toISOString();
const beaconData = { node: { nextSeenAt: pastTime } };
const pastime = moment().subtract(5, "minutes").subtract(10, "seconds").toISOString();
const beaconData = { node: { nextSeenAt: pastime } };

const { result } = renderHook(() => useCallbackTimer(beaconData));

Expand Down
2 changes: 1 addition & 1 deletion tavern/test_data_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (
// TestCreateTestData ensures createTestData runs without error and creates at least one beacon.
func TestCreateTestData(t *testing.T) {
var (
ctx = context.Background()
ctx = context.Background()
)
graph := enttest.OpenTempDB(t)
defer graph.Close()
Expand Down
4 changes: 2 additions & 2 deletions tavern/tomes/file_tree/main.eldritch
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,14 @@ def can_read(f):
# Are we root?
root = usernfo["euid"]["uid"] == 0

# If the user isnt root and the user doesnt own the file, clear the user byte
# If the user isn't root and the user doesnt own the file, clear the user byte
if not root and f["owner"] not in (usernfo["euid"]["name"], usernfo["uid"]["name"]):
f_user = 0

# TODO: https://github.com/spellshift/realm/issues/570
# Will NOT match any group other than primary until #570 is fixed

# If the user isnt root and the group doesnt own the file, clear the group byte
# If the user isn't root and the group doesnt own the file, clear the group byte
if not root and f["group"] not in (str(usernfo["egid"]), str(usernfo["gid"])):
f_group = 0

Expand Down
2 changes: 1 addition & 1 deletion tavern/tomes/git.go
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,7 @@ func findTomePaths(tree *object.Tree) ([]string, error) {
return tomePaths, nil
}

// parseNamespaceFromGit attempts to return a shortend namespace for the tome based on the git URL.
// parseNamespaceFromGit attempts to return a shortened namespace for the tome based on the git URL.
// If it cannot or something goes wrong, this will return the provided git URL as the namespace.
func parseNamespaceFromGit(gitURLStr string) string {
gitURL, err := url.Parse(gitURLStr)
Expand Down
2 changes: 1 addition & 1 deletion tavern/tomes/netstat/main.eldritch
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ def netstat():
for p in process.list():
pids[p['pid']] = p['name']

# Counts for dynamic column formating
# Counts for dynamic column formatting
counts = [6, 6, 7, 6, 8]
rows = [["PROTO", "LOCAL", "REMOTE", "STATE", "PROCESS"]]
# Loop through each net result and format the columns
Expand Down
Loading