src/server/core/server.nim

import prompt, terminal, argparse, parsetoml, times
import strutils, strformat, system, tables

import ./[agent, listener, builder]
import ../globals
import ../db/database
import ../core/logger
import ../../common/[types, crypto, profile]
import ../websocket/[receive, send]
import mummy, mummy/routers

#[
    Argument parsing
]# 
var parser = newParser: 
    help("Conquest Command & Control")
    nohelpflag()

    command("listener"):
        help("Manage, start and stop listeners.")

        command("list"): 
            help("List all active listeners.")
            
        command("start"): 
            help("Starts a new HTTP listener.")
            option("-i", "--ip", default=some("127.0.0.1"), help="IPv4 address to listen on.", required=false)
            option("-p", "--port", help="Port to listen on.", required=true)

        command("stop"):
            help("Stop an active listener.")
            option("-n", "--name", help="Name of the listener.", required=true)
    
    command("agent"): 
        help("Manage, build and interact with agents.")

        command("list"):
            help("List all agents.")
            option("-l", "--listener", help="Name of the listener.")

        command("info"): 
            help("Display details for a specific agent.")
            option("-n", "--name", help="Name of the agent.", required=true)

        command("kill"):
            help("Terminate the connection of an active listener and remove it from the interface.")
            option("-n", "--name", help="Name of the agent.", required=true)
            # flag("--self-delete", help="Remove agent executable from target system.")

        command("interact"):
            help("Interact with an active agent.")
            option("-n", "--name", help="Name of the agent.", required=true)

        command("build"): 
            help("Generate a new agent to connect to an active listener.")
            option("-l", "--listener", help="Name of the listener.", required=true)
            option("-s", "--sleep", help="Sleep delay in seconds.")
            option("--sleepmask", help="Sleep obfuscation technique.", default=some("none"), choices = @["ekko", "zilean", "foliage", "none"])
            flag("--spoof-stack", help="Use stack duplication to spoof the call stack. Supported by EKKO and ZILEAN techniques.")

    command("help"):
        nohelpflag()

    command("exit"):
        nohelpflag()

proc handleConsoleCommand(cq: Conquest, args: string) = 

    # Return if no command (or just whitespace) is entered
    if args.replace(" ", "").len == 0: return

    cq.input(args)

    try:
        let opts = parser.parse(args.split(" ").filterIt(it.len > 0))

        case opts.command
        
        of "exit": # Exit program 
            echo "\n"
            quit(0) 

        of "help": # Display help menu
            cq.output(parser.help())

        of "listener": 
            case opts.listener.get.command
            of "list":
                cq.listenerList()
            of "start": 
                #cq.listenerStart(opts.listener.get.start.get.ip, opts.listener.get.start.get.port)
                discard
            of "stop": 
                #cq.listenerStop(opts.listener.get.stop.get.name)
                discard
            else: 
                cq.listenerUsage()

        of "agent":
            case opts.agent.get.command
            of "list":    
                cq.agentList(opts.agent.get.list.get.listener)
            of "info":
                cq.agentInfo(opts.agent.get.info.get.name)
            of "kill": 
                cq.agentKill(opts.agent.get.kill.get.name)
            of "interact":
                cq.agentInteract(opts.agent.get.interact.get.name) 
            of "build": 
                cq.agentBuild(opts.agent.get.build.get.listener, opts.agent.get.build.get.sleep, opts.agent.get.build.get.sleepmask, opts.agent.get.build.get.spoof_stack)
            else: 
                cq.agentUsage()

    # Handle help flag
    except ShortCircuit as err:
        if err.flag == "argparse_help":
            cq.output(err.help)
    
    # Handle invalid arguments
    except CatchableError: 
        cq.error(getCurrentExceptionMsg())
    
    cq.output()

proc header() = 
    echo ""
    echo "┏┏┓┏┓┏┓┓┏┏┓┏╋"
    echo "┗┗┛┛┗┗┫┗┻┗ ┛┗ V0.1"
    echo "      ┗  @jakobfriedl"  
    echo "─".repeat(21) 
    echo ""

proc init*(T: type Conquest, profile: Profile): Conquest = 
    var cq = new Conquest
    cq.prompt = Prompt.init() 
    cq.listeners = initTable[string, tuple[listener: Listener, thread: Thread[Listener]]]()
    cq.agents = initTable[string, Agent]() 
    cq.interactAgent = nil 
    cq.profile = profile
    cq.keyPair = loadKeyPair(CONQUEST_ROOT & "/" & profile.getString("private-key-file"))
    cq.dbPath = CONQUEST_ROOT & "/" & profile.getString("database-file")
    return cq

#[
    WebSocket
]#
proc upgradeHandler(request: Request) = 
    {.cast(gcsafe).}:
        let ws = request.upgradeToWebSocket()
        cq.ws = ws
        # Send client connection message
        ws.sendEventlogItem(LOG_SUCCESS_SHORT, "CQ-V1")

proc websocketHandler(ws: WebSocket, event: WebSocketEvent, message: Message) {.gcsafe.} = 
    {.cast(gcsafe).}:
        case event:
        of OpenEvent:
            discard
        of MessageEvent:
            ws.sendHeartbeat() 

            case message.getMessageType(): 
            of CLIENT_AGENT_COMMAND:
                discard 
            of CLIENT_LISTENER_START:
                message.receiveStartListener()
            of CLIENT_LISTENER_STOP:
                message.receiveStopListener() 
            of CLIENT_AGENT_BUILD:
                discard 
            else: discard
        of ErrorEvent:
            discard
        of CloseEvent:
            discard

proc serve(server: Server) {.thread.} = 
    try:
        server.serve(Port(12345))
    except Exception:
        discard 
    
proc startServer*(profilePath: string) =

    # Ensure that the conquest root directory was passed as a compile-time define 
    when not defined(CONQUEST_ROOT): 
        quit(0)

    # Handle CTRL+C,  
    proc exit() {.noconv.} = 
        echo "Received CTRL+C. Type \"exit\" to close the application.\n"    
    setControlCHook(exit)

    header()
    
    try:
        # Initialize framework context
        # Load and parse profile 
        let profile = parseFile(profilePath)
        cq = Conquest.init(profile)

        cq.info("Using profile \"", profile.getString("name"), "\" (", profilePath ,").")
        
    except CatchableError as err:
        echo err.msg
        quit(0)
    
    # Initialize database
    cq.dbInit()
    cq.restartListeners()
    cq.addMultiple(cq.dbGetAllAgents())

    # Start websocket server
    var router: Router
    router.get("/*", upgradeHandler)
    let server = newServer(router, websocketHandler)
    
    var thread: Thread[Server]
    createThread(thread, serve, server)

    # Main loop
    while true: 
        cq.prompt.setIndicator("[conquest]> ")
        cq.prompt.setStatusBar(@[("[mode]", "manage"), ("[listeners]", $len(cq.listeners)), ("[agents]", $len(cq.agents))])    
        cq.prompt.showPrompt() 
 
        var command: string = cq.prompt.readLine()
        cq.handleConsoleCommand(command)
Started work on websocket communication: Parsing/Serialization of WebSocket packets. 2025-09-22 21:53:13 +02:00			`import prompt, terminal, argparse, parsetoml, times`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`import strutils, strformat, system, tables`
Implemented listener management (start, stop, list) and database integration. 2025-05-09 12:04:14 +02:00
Improved logging format. 2025-08-21 15:08:52 +02:00			`import ./[agent, listener, builder]`
Refactored random byte generation functions. 2025-08-25 20:08:23 +02:00			`import ../globals`
Updated directory structure 2025-07-16 10:33:13 +02:00			`import ../db/database`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`import ../core/logger`
Improved logging format. 2025-08-21 15:08:52 +02:00			`import ../../common/[types, crypto, profile]`
Added more websocket commands and started agent generation modal window. 2025-09-23 15:51:57 +02:00			`import ../websocket/[receive, send]`
Started work on websocket communication: Parsing/Serialization of WebSocket packets. 2025-09-22 21:53:13 +02:00			`import mummy, mummy/routers`
Experiment with Listener Creation 2025-05-02 18:10:30 +02:00
Started work on agent registration 2025-05-12 21:53:37 +02:00			`#[`
			`Argument parsing`
			`]#`
			`var parser = newParser:`
			`help("Conquest Command & Control")`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`nohelpflag()`
Started work on agent registration 2025-05-12 21:53:37 +02:00
			`command("listener"):`
			`help("Manage, start and stop listeners.")`

			`command("list"):`
			`help("List all active listeners.")`
Reworked module system. Modules can now be individually set to be included in the agent. For example, it is possible to compile an agent only capable of executing BOFs and nothing else. 2025-09-17 15:55:13 +02:00
Started work on agent registration 2025-05-12 21:53:37 +02:00			`command("start"):`
			`help("Starts a new HTTP listener.")`
Updated task result console output 2025-06-02 21:14:13 +02:00			`option("-i", "--ip", default=some("127.0.0.1"), help="IPv4 address to listen on.", required=false)`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`option("-p", "--port", help="Port to listen on.", required=true)`
Reworked module system. Modules can now be individually set to be included in the agent. For example, it is possible to compile an agent only capable of executing BOFs and nothing else. 2025-09-17 15:55:13 +02:00
Started work on agent registration 2025-05-12 21:53:37 +02:00			`command("stop"):`
			`help("Stop an active listener.")`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`option("-n", "--name", help="Name of the listener.", required=true)`
Started work on agent registration 2025-05-12 21:53:37 +02:00
			`command("agent"):`
			`help("Manage, build and interact with agents.")`

			`command("list"):`
			`help("List all agents.")`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`option("-l", "--listener", help="Name of the listener.")`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00			`command("info"):`
			`help("Display details for a specific agent.")`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`option("-n", "--name", help="Name of the agent.", required=true)`
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00
Implemented agent removal, changed object structures 2025-05-14 15:48:01 +02:00			`command("kill"):`
			`help("Terminate the connection of an active listener and remove it from the interface.")`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`option("-n", "--name", help="Name of the agent.", required=true)`
			`# flag("--self-delete", help="Remove agent executable from target system.")`
Started work on agent registration 2025-05-12 21:53:37 +02:00
			`command("interact"):`
			`help("Interact with an active agent.")`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`option("-n", "--name", help="Name of the agent.", required=true)`

			`command("build"):`
			`help("Generate a new agent to connect to an active listener.")`
			`option("-l", "--listener", help="Name of the listener.", required=true)`
Integrated sleep obfuscation settings into agent generation. 2025-09-04 13:44:50 +02:00			`option("-s", "--sleep", help="Sleep delay in seconds.")`
			`option("--sleepmask", help="Sleep obfuscation technique.", default=some("none"), choices = @["ekko", "zilean", "foliage", "none"])`
			`flag("--spoof-stack", help="Use stack duplication to spoof the call stack. Supported by EKKO and ZILEAN techniques.")`
Reworked module system. Modules can now be individually set to be included in the agent. For example, it is possible to compile an agent only capable of executing BOFs and nothing else. 2025-09-17 15:55:13 +02:00
Started work on agent registration 2025-05-12 21:53:37 +02:00			`command("help"):`
			`nohelpflag()`

			`command("exit"):`
			`nohelpflag()`

Updated directory structure 2025-07-16 10:33:13 +02:00			`proc handleConsoleCommand(cq: Conquest, args: string) =`
Started work on agent registration 2025-05-12 21:53:37 +02:00
			`# Return if no command (or just whitespace) is entered`
Refactored agent command handling to remove redundant boiler-plate code. Commands are parsed dynamically based on a single definition. Command-specific actions might still need distinct implementations. 2025-07-14 22:14:27 +02:00			`if args.replace(" ", "").len == 0: return`
Experiment with Listener Creation 2025-05-02 18:10:30 +02:00
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`cq.input(args)`
Experiment with TUI implementation using illwill 2025-05-06 22:46:36 +02:00
Started work on agent registration 2025-05-12 21:53:37 +02:00			`try:`
Refactored agent command handling to remove redundant boiler-plate code. Commands are parsed dynamically based on a single definition. Command-specific actions might still need distinct implementations. 2025-07-14 22:14:27 +02:00			`let opts = parser.parse(args.split(" ").filterIt(it.len > 0))`
Started work on agent registration 2025-05-12 21:53:37 +02:00
			`case opts.command`

			`of "exit": # Exit program`
			`echo "\n"`
			`quit(0)`

			`of "help": # Display help menu`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`cq.output(parser.help())`
Started work on agent registration 2025-05-12 21:53:37 +02:00
			`of "listener":`
			`case opts.listener.get.command`
			`of "list":`
			`cq.listenerList()`
			`of "start":`
Added more websocket commands and started agent generation modal window. 2025-09-23 15:51:57 +02:00			`#cq.listenerStart(opts.listener.get.start.get.ip, opts.listener.get.start.get.port)`
			`discard`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`of "stop":`
Added more websocket commands and started agent generation modal window. 2025-09-23 15:51:57 +02:00			`#cq.listenerStop(opts.listener.get.stop.get.name)`
			`discard`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`else:`
			`cq.listenerUsage()`

			`of "agent":`
			`case opts.agent.get.command`
Added number of agents to listener list 2025-05-15 15:24:46 +02:00			`of "list":`
			`cq.agentList(opts.agent.get.list.get.listener)`
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00			`of "info":`
			`cq.agentInfo(opts.agent.get.info.get.name)`
Implemented agent removal, changed object structures 2025-05-14 15:48:01 +02:00			`of "kill":`
			`cq.agentKill(opts.agent.get.kill.get.name)`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`of "interact":`
Implemented switch to agent interaction mode. 2025-05-18 12:51:26 +02:00			`cq.agentInteract(opts.agent.get.interact.get.name)`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`of "build":`
Integrated sleep obfuscation settings into agent generation. 2025-09-04 13:44:50 +02:00			`cq.agentBuild(opts.agent.get.build.get.listener, opts.agent.get.build.get.sleep, opts.agent.get.build.get.sleepmask, opts.agent.get.build.get.spoof_stack)`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`else:`
			`cq.agentUsage()`

			`# Handle help flag`
			`except ShortCircuit as err:`
			`if err.flag == "argparse_help":`
Fixed help flag output. 2025-09-04 15:29:54 +02:00			`cq.output(err.help)`
Started work on agent registration 2025-05-12 21:53:37 +02:00
			`# Handle invalid arguments`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`except CatchableError:`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`cq.error(getCurrentExceptionMsg())`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`cq.output()`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Refine profile structure. 2025-08-13 21:42:58 +02:00			`proc header() =`
			`echo ""`
			`echo "┏┏┓┏┓┏┓┓┏┏┓┏╋"`
			`echo "┗┗┛┛┗┗┫┗┻┗ ┛┗ V0.1"`
			`echo " ┗ @jakobfriedl"`
			`echo "─".repeat(21)`
			`echo ""`
Updated directory structure 2025-07-16 10:33:13 +02:00
Started implementing profile system. 2025-08-13 19:32:51 +02:00			`proc init*(T: type Conquest, profile: Profile): Conquest =`
Cleanup types.nim to only contain type definitions. 2025-07-16 14:45:45 +02:00			`var cq = new Conquest`
Implemented profile embedding via patching a placeholder in the agent executable. Agent correctly deserializes and parses the profile and listener configuration. 2025-08-18 22:05:23 +02:00			`cq.prompt = Prompt.init()`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`cq.listeners = initTable[string, tuple[listener: Listener, thread: Thread[Listener]]]()`
Cleanup types.nim to only contain type definitions. 2025-07-16 14:45:45 +02:00			`cq.agents = initTable[string, Agent]()`
			`cq.interactAgent = nil`
Implemented profile embedding via patching a placeholder in the agent executable. Agent correctly deserializes and parses the profile and listener configuration. 2025-08-18 22:05:23 +02:00			`cq.profile = profile`
Created nimble package and installation instructions. 2025-08-22 10:48:00 +02:00			`cq.keyPair = loadKeyPair(CONQUEST_ROOT & "/" & profile.getString("private-key-file"))`
			`cq.dbPath = CONQUEST_ROOT & "/" & profile.getString("database-file")`
Cleanup types.nim to only contain type definitions. 2025-07-16 14:45:45 +02:00			`return cq`

Started work on websocket communication: Parsing/Serialization of WebSocket packets. 2025-09-22 21:53:13 +02:00			`#[`
			`WebSocket`
			`]#`
			`proc upgradeHandler(request: Request) =`
Added more websocket commands and started agent generation modal window. 2025-09-23 15:51:57 +02:00			`{.cast(gcsafe).}:`
			`let ws = request.upgradeToWebSocket()`
			`cq.ws = ws`
			`# Send client connection message`
			`ws.sendEventlogItem(LOG_SUCCESS_SHORT, "CQ-V1")`

			`proc websocketHandler(ws: WebSocket, event: WebSocketEvent, message: Message) {.gcsafe.} =`
			`{.cast(gcsafe).}:`
			`case event:`
			`of OpenEvent:`
			`discard`
			`of MessageEvent:`
			`ws.sendHeartbeat()`

			`case message.getMessageType():`
			`of CLIENT_AGENT_COMMAND:`
			`discard`
			`of CLIENT_LISTENER_START:`
			`message.receiveStartListener()`
			`of CLIENT_LISTENER_STOP:`
			`message.receiveStopListener()`
			`of CLIENT_AGENT_BUILD:`
			`discard`
			`else: discard`
			`of ErrorEvent:`
			`discard`
			`of CloseEvent:`
			`discard`
Started work on websocket communication: Parsing/Serialization of WebSocket packets. 2025-09-22 21:53:13 +02:00
			`proc serve(server: Server) {.thread.} =`
			`try:`
			`server.serve(Port(12345))`
			`except Exception:`
			`discard`

Refine profile structure. 2025-08-13 21:42:58 +02:00			`proc startServer*(profilePath: string) =`
Started implementing profile system. 2025-08-13 19:32:51 +02:00
Created nimble package and installation instructions. 2025-08-22 10:48:00 +02:00			`# Ensure that the conquest root directory was passed as a compile-time define`
			`when not defined(CONQUEST_ROOT):`
			`quit(0)`

Started work on agent registration 2025-05-12 21:53:37 +02:00			`# Handle CTRL+C,`
			`proc exit() {.noconv.} =`
			`echo "Received CTRL+C. Type \"exit\" to close the application.\n"`
			`setControlCHook(exit)`

Refine profile structure. 2025-08-13 21:42:58 +02:00			`header()`
Started implementing profile system. 2025-08-13 19:32:51 +02:00
Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network. 2025-07-24 15:31:46 +02:00			`try:`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`# Initialize framework context`
Refine profile structure. 2025-08-13 21:42:58 +02:00			`# Load and parse profile`
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`let profile = parseFile(profilePath)`
Started implementing profile system. 2025-08-13 19:32:51 +02:00			`cq = Conquest.init(profile)`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00
			`cq.info("Using profile \"", profile.getString("name"), "\" (", profilePath ,").")`
Updated key management to create a new private key file if no existing one is found. 2025-07-24 22:34:12 +02:00
Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network. 2025-07-24 15:31:46 +02:00			`except CatchableError as err:`
			`echo err.msg`
			`quit(0)`
Started work on agent registration 2025-05-12 21:53:37 +02:00
			`# Initialize database`
			`cq.dbInit()`
			`cq.restartListeners()`
Implemented switch to agent interaction mode. 2025-05-18 12:51:26 +02:00			`cq.addMultiple(cq.dbGetAllAgents())`
Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network. 2025-07-24 15:31:46 +02:00
Added more websocket commands and started agent generation modal window. 2025-09-23 15:51:57 +02:00			`# Start websocket server`
Started work on websocket communication: Parsing/Serialization of WebSocket packets. 2025-09-22 21:53:13 +02:00			`var router: Router`
			`router.get("/*", upgradeHandler)`
			`let server = newServer(router, websocketHandler)`

			`var thread: Thread[Server]`
			`createThread(thread, serve, server)`

Started work on agent registration 2025-05-12 21:53:37 +02:00			`# Main loop`
			`while true:`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`cq.prompt.setIndicator("[conquest]> ")`
			`cq.prompt.setStatusBar(@[("[mode]", "manage"), ("[listeners]", $len(cq.listeners)), ("[agents]", $len(cq.agents))])`
			`cq.prompt.showPrompt()`
Implemented agent removal, changed object structures 2025-05-14 15:48:01 +02:00
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`var command: string = cq.prompt.readLine()`
Cleaned up utils.nim by removing unnecessary functions. 2025-08-21 17:08:46 +02:00			`cq.handleConsoleCommand(command)`