Added directory-based shellcode repo, removed the "bits" field in favor of just Os/Arch scheme similar to golang.

Author: awgh

api/shellcode.go

@@ -32,17 +32,22 @@ const (
 
 	// Architecture Options
 
-	// Intel flag for Intel/AMD architectures
-	Intel Arch = "intel"
-	// Arm flag for Arm architectures
+	// Intel32 flag for Intel/AMD 32 bit architectures
+	Intel32 Arch = "x32"
+	// Intel64 flag for Intel/AMD 64 bit architectures
+	Intel64 Arch = "x64"
+	// Intel32y64 flag for Intel/AMD 32+64 bit combo shellcodes
+	Intel32y64 Arch = "x32x64"
+	// Arm flag for Arm 32 bit shellcodes
 	Arm Arch = "arm"
+)
 
-	// Bits Options
+var (
+	// Arches - list of human readable architecture names
+	Arches []string = []string{"x32", "x64", "x32x64", "arm"}
 
-	// Bits32 flag for 32 bit architectures
-	Bits32 Bits = "32"
-	// Bits64 flag for 64 bit architectures
-	Bits64 Bits = "64"
+	// Oses - list of human readable OS names
+	Oses []string = []string{"windows", "linux", "darwin"}
 )
 
 // Generator - type for a shellcode generator
@@ -60,27 +65,26 @@ var generators []Generator
 func RegisterShellCode(
 	os Os,
 	arch Arch,
-	bit Bits,
 	name string,
 	fx func(Parameters) ([]byte, error)) {
 
-	generators = append(generators, Generator{Os: os, Arch: arch, Bit: bit, Name: name, Function: fx})
+	generators = append(generators, Generator{Os: os, Arch: arch, Name: name, Function: fx})
 }
 
 // LookupShellCode - looks up shellcode by OS and architecture
-func LookupShellCode(os Os, arch Arch, bit Bits) []Generator {
+func LookupShellCode(os Os, arch Arch) []Generator {
 	var ret []Generator
 	for _, g := range generators {
-		if g.Os == os && g.Arch == arch && g.Bit == bit {
+		if g.Os == os && g.Arch == arch {
 			ret = append(ret, g)
 		}
 	}
 	return ret
 }
 
 // PrintShellCodes - looks up shellcode by OS and architecture and prints the output
-func PrintShellCodes(os Os, arch Arch, bit Bits) {
-	gens := LookupShellCode(os, arch, bit)
+func PrintShellCodes(os Os, arch Arch) {
+	gens := LookupShellCode(os, arch)
 	for _, g := range gens {
 		log.Printf("%+v\n", g)
 	}

generate.go

@@ -6,10 +6,10 @@ import (
 	"github.com/Binject/shellcode/api"
 )
 
-// Generate - makes a shellcode
-func Generate(os api.Os, arch api.Arch, bit api.Bits, name string, params api.Parameters) ([]byte, error) {
+// Generate - makes a shellcode from a registered template module
+func Generate(os api.Os, arch api.Arch, name string, params api.Parameters) ([]byte, error) {
 
-	gs := api.LookupShellCode(os, arch, bit)
+	gs := api.LookupShellCode(os, arch)
 	for _, g := range gs {
 		if g.Name == name {
 			return g.Function(params)

govenom/main.go

@@ -11,10 +11,9 @@ import (
 
 func main() {
 
-	var os, arch, bit string
+	var os, arch string
 	flag.StringVar(&os, "o", "linux", "Operating System: linux, windows, or freebsd")
 	flag.StringVar(&arch, "a", "intel", "Architecture: intel or arm")
-	flag.StringVar(&bit, "b", "64", "Bits (of the Architecture): 32 or 64")
 	flag.Parse()
 
 	var osFlag api.Os
@@ -44,22 +43,12 @@ func main() {
 	case "amd64":
 		fallthrough
 	case "intel":
-		archFlag = api.Intel
+		archFlag = api.Intel32
 	case "arm":
 		archFlag = api.Arm
 	default:
 		log.Fatal("Unknown Architecture")
 	}
 
-	var bitsFlag api.Bits
-	switch bit {
-	case "32":
-		bitsFlag = api.Bits32
-	case "64":
-		bitsFlag = api.Bits64
-	default:
-		log.Fatal("Unknown Bits")
-	}
-
-	api.PrintShellCodes(osFlag, archFlag, bitsFlag)
+	api.PrintShellCodes(osFlag, archFlag)
 }

modules/darwin_intel_32.go

@@ -3,13 +3,13 @@ package modules
 import "github.com/Binject/shellcode/api"
 
 func init() {
-	api.RegisterShellCode(api.Darwin, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Darwin, api.Intel32,
 		"beaconing_reverse_shell_tcp", beaconing_reverse_shell_tcp_darwin_intel_32)
-	api.RegisterShellCode(api.Darwin, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Darwin, api.Intel32,
 		"delay_reverse_tcp_shell", delay_reverse_tcp_shell_darwin_intel_32)
-	api.RegisterShellCode(api.Darwin, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Darwin, api.Intel32,
 		"reverse_tcp_shell", reverse_tcp_shell_darwin_intel_32)
-	api.RegisterShellCode(api.Darwin, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Darwin, api.Intel32,
 		"user_shellcode", user_shellcode_darwin_intel_32)
 }
 

modules/darwin_intel_64.go

@@ -3,13 +3,13 @@ package modules
 import "github.com/Binject/shellcode/api"
 
 func init() {
-	api.RegisterShellCode(api.Darwin, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Darwin, api.Intel64,
 		"beaconing_reverse_shell_tcp", beaconing_reverse_shell_tcp_darwin_intel_64)
-	api.RegisterShellCode(api.Darwin, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Darwin, api.Intel64,
 		"delay_reverse_tcp_shell", delay_reverse_tcp_shell_darwin_intel_64)
-	api.RegisterShellCode(api.Darwin, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Darwin, api.Intel64,
 		"reverse_tcp_shell", reverse_tcp_shell_darwin_intel_64)
-	api.RegisterShellCode(api.Darwin, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Darwin, api.Intel64,
 		"user_shellcode", user_shellcode_darwin_intel_64)
 }
 

modules/freebsd_intel_32.go

@@ -3,11 +3,11 @@ package modules
 import "github.com/Binject/shellcode/api"
 
 func init() {
-	api.RegisterShellCode(api.FreeBSD, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.FreeBSD, api.Intel32,
 		"reverse_tcp_shell", reverse_tcp_shell_freebsd_intel_32)
-	api.RegisterShellCode(api.FreeBSD, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.FreeBSD, api.Intel32,
 		"reverse_tcp_stager", reverse_tcp_stager_freebsd_intel_32)
-	api.RegisterShellCode(api.FreeBSD, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.FreeBSD, api.Intel32,
 		"user_shellcode", user_shellcode_freebsd_intel_32)
 }
 

modules/linux_arm_32.go

@@ -3,11 +3,11 @@ package modules
 import "github.com/Binject/shellcode/api"
 
 func init() {
-	api.RegisterShellCode(api.Linux, api.Arm, api.Bits32,
+	api.RegisterShellCode(api.Linux, api.Arm,
 		"reverse_tcp_shell", reverse_tcp_shell_linux_arm_32)
-	api.RegisterShellCode(api.Linux, api.Arm, api.Bits32,
+	api.RegisterShellCode(api.Linux, api.Arm,
 		"reverse_tcp_stager", reverse_tcp_stager_linux_arm_32)
-	api.RegisterShellCode(api.Linux, api.Arm, api.Bits32,
+	api.RegisterShellCode(api.Linux, api.Arm,
 		"user_shellcode", user_shellcode_linux_arm_32)
 }
 

modules/linux_intel_32.go

@@ -3,11 +3,11 @@ package modules
 import "github.com/Binject/shellcode/api"
 
 func init() {
-	api.RegisterShellCode(api.Linux, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Linux, api.Intel32,
 		"reverse_tcp_shell", reverse_tcp_shell_linux_intel_32)
-	api.RegisterShellCode(api.Linux, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Linux, api.Intel32,
 		"reverse_tcp_stager", reverse_tcp_stager_linux_intel_32)
-	api.RegisterShellCode(api.Linux, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Linux, api.Intel32,
 		"user_shellcode", user_shellcode_linux_intel_32)
 }
 

modules/linux_intel_64.go

@@ -3,11 +3,11 @@ package modules
 import "github.com/Binject/shellcode/api"
 
 func init() {
-	api.RegisterShellCode(api.Linux, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Linux, api.Intel64,
 		"reverse_tcp_shell", reverse_tcp_shell_linux_intel_64)
-	api.RegisterShellCode(api.Linux, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Linux, api.Intel64,
 		"reverse_tcp_stager", reverse_tcp_stager_linux_intel_64)
-	api.RegisterShellCode(api.Linux, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Linux, api.Intel64,
 		"user_shellcode", user_shellcode_linux_intel_64)
 }
 

modules/windows_intel_32.go

@@ -7,22 +7,22 @@ import (
 )
 
 func init() {
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Windows, api.Intel32,
 		"iat_reverse_tcp_inline", iat_reverse_tcp_inline_win_intel_32)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Windows, api.Intel32,
 		"iat_reverse_tcp_inline_threaded", iat_reverse_tcp_inline_threaded_win_intel_32)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Windows, api.Intel32,
 		"iat_reverse_tcp_stager_threaded", iat_reverse_tcp_stager_threaded_win_intel_32)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Windows, api.Intel32,
 		"iat_user_shellcode_threaded", iat_user_shellcode_threaded_win_intel_32)
 
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Windows, api.Intel32,
 		"meterpreter_reverse_https_threaded", meterpreter_reverse_https_threaded_win_intel_32)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Windows, api.Intel32,
 		"reverse_tcp_shell_inline", reverse_tcp_shell_inline_win_intel_32)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Windows, api.Intel32,
 		"reverse_tcp_stager_threaded", reverse_tcp_stager_threaded_win_intel_32)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits32,
+	api.RegisterShellCode(api.Windows, api.Intel32,
 		"user_shellcode_threaded", user_shellcode_threaded_win_intel_32)
 }
 

modules/windows_intel_64.go

@@ -7,22 +7,22 @@ import (
 )
 
 func init() {
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Windows, api.Intel64,
 		"iat_reverse_tcp_inline", iat_reverse_tcp_inline_win_intel_64)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Windows, api.Intel64,
 		"iat_reverse_tcp_inline_threaded", iat_reverse_tcp_inline_threaded_win_intel_64)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Windows, api.Intel64,
 		"iat_reverse_tcp_stager_threaded", iat_reverse_tcp_stager_threaded_win_intel_64)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Windows, api.Intel64,
 		"iat_user_shellcode_threaded", iat_user_shellcode_threaded_win_intel_64)
 
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Windows, api.Intel64,
 		"meterpreter_reverse_https_threaded", meterpreter_reverse_https_threaded_win_intel_64)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Windows, api.Intel64,
 		"reverse_tcp_shell_inline", reverse_tcp_shell_inline_win_intel_64)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Windows, api.Intel64,
 		"reverse_tcp_stager_threaded", reverse_tcp_stager_threaded_win_intel_64)
-	api.RegisterShellCode(api.Windows, api.Intel, api.Bits64,
+	api.RegisterShellCode(api.Windows, api.Intel64,
 		"user_shellcode_threaded", user_shellcode_threaded_win_intel_64)
 }
 

repo.go

@@ -0,0 +1,72 @@
+package shellcode
+
+import (
+	"errors"
+	"io/ioutil"
+	"log"
+	"os"
+	"path/filepath"
+
+	"github.com/Binject/shellcode/api"
+)
+
+// Repo - Shellcode Repository, directory-backed
+type Repo struct {
+	Directory string
+}
+
+//NewRepo - create a new Repo object, if dirName is provided, directory structure will be created if it doesn't exist
+func NewRepo(dirName string) *Repo {
+	repo := new(Repo)
+	if dirName != "" {
+		repo.Directory = dirName
+		if err := initShellcodeDir(dirName); err != nil {
+			log.Fatal(err)
+		}
+	}
+	return repo
+}
+
+func initShellcodeDir(dirName string) error {
+
+	if !DirExists(dirName) {
+		if err := os.Mkdir(dirName, os.FileMode(int(0755))); err != nil {
+			return err
+		}
+	}
+	for _, ose := range api.Oses {
+		osDir := filepath.Join(dirName, ose)
+		if !DirExists(osDir) {
+			if err := os.Mkdir(osDir, os.FileMode(int(0755))); err != nil {
+				return err
+			}
+		}
+		for _, arch := range api.Arches {
+			archDir := filepath.Join(osDir, arch)
+			if !DirExists(archDir) {
+				if err := os.Mkdir(archDir, os.FileMode(int(0755))); err != nil {
+					return err
+				}
+			}
+		}
+	}
+	return nil
+}
+
+// Lookup - fetches a completed shellcode from the filesystem
+func (r *Repo) Lookup(os api.Os, arch api.Arch, pattern string) ([]byte, error) {
+
+	// check specific directory first
+	dir := filepath.Join(r.Directory, string(os), string(arch))
+	if DirExists(dir) {
+		files, err := WalkMatch(dir, pattern)
+		if err != nil {
+			return nil, err
+		}
+		if len(files) > 0 {
+			return ioutil.ReadFile(files[0])
+		}
+	}
+	// todo: fallback from intel32 or 64 to 32y64
+	return nil, errors.New("No Matching Shellcode Found")
+}

shellcode_test.go

@@ -0,0 +1,23 @@
+package shellcode
+
+import (
+	"encoding/hex"
+	"log"
+	"path/filepath"
+	"testing"
+
+	"github.com/Binject/shellcode/api"
+)
+
+func Test_Shellcode_1(t *testing.T) {
+	repo := NewRepo("shellcodes")
+	_, err := CopyFile(filepath.Join("test", "win32messagebox.bin"), filepath.Join("shellcodes", "windows", "x32", "win32messagebox.bin"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	shellcode, err := repo.Lookup(api.Windows, api.Intel32, "*.bin")
+	log.Println(hex.Dump(shellcode))
+	if err != nil {
+		t.Fatal(err)
+	}
+}