Skip to content

Commit

Permalink
Start adding graphql
Browse files Browse the repository at this point in the history
  • Loading branch information
@domwhewell-sage
domwhewell-sage committed May 7, 2024
1 parent 453d784 commit 1f16faf
Show file tree
Hide file tree
Showing 5 changed files with 93 additions and 0 deletions.
32 changes: 32 additions & 0 deletions config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,31 @@ Email Address - {{ .Email }}
IP Address - {{ .Address }}
User Agent - {{ .UserAgent }}`

var defaultgraphqlTemplate = `mutation InsertCobaltSyncLog (
$oplog: bigint!, $startDate: timestamptz, $endDate: timestamptz, $sourceIp: String, $destIp: String,
$tool: String, $userContext: String, $command: String, $description: String,
$output: String, $comments: String, $operatorName: String, $entry_identifier: String!, $extraFields: jsonb!
) {
insert_oplogEntry(objects: {
oplog: $oplog,
startDate: $startDate,
endDate: $endDate,
sourceIp: $sourceIp,
destIp: $destIp,
tool: $tool,
userContext: $userContext,
command: $command,
description: $description,
output: $output,
comments: $comments,
operatorName: $operatorName,
entryIdentifier: $entry_identifier,
extraFields: $extraFields
}) {
returning { id }
}
}`

func init() {
viper.SetConfigName("config")
viper.SetConfigType("yaml")
Expand All @@ -48,6 +73,7 @@ func setDefaults() {
viper.SetDefault("email_send_click_template", defaultClickedTemplate)
viper.SetDefault("email_submitted_credentials_template", defaultSubmittedCredentailsTemplate)
viper.SetDefault("email_default_email_open_template", defaultEmailOpenedTemplate)
viper.SetDefault("graphql_default_query", defaultgraphqlTemplate)
viper.SetDefault("profiles", []string{"slack"})
}

Expand Down Expand Up @@ -87,6 +113,12 @@ func validateConfig() {
viper.GetString("email.recipient"))
continue
}
if profile == "ghostwriter" {
ghostwriterConfigs := []string{"ghostwriter.graphql_endpoint", "ghostwriter.api_key"}
checkKeysExist(ghostwriterConfigs...)
log.Infof("Using Ghostwriter sending profile. Will send messages to %s", viper.GetString("ghostwriter.url"))
continue
}
log.Fatalf("Profile \"%s\" does not exist", profile)
}
}
1 change: 1 addition & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ go 1.12
require (
github.com/ashwanthkumar/slack-go-webhook v0.0.0-20200209025033-430dd4e66960
github.com/elazarl/goproxy v0.0.0-20210801061803-8e322dfb79c4 // indirect
github.com/machinebox/graphql v0.2.2 // indirect
github.com/parnurzeal/gorequest v0.2.16 // indirect
github.com/sirupsen/logrus v1.8.1
github.com/spf13/viper v1.8.1
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,8 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/machinebox/graphql v0.2.2 h1:dWKpJligYKhYKO5A2gvNhkJdQMNZeChZYyBbrZkBZfo=
github.com/machinebox/graphql v0.2.2/go.mod h1:F+kbVMHuwrQ5tYgU9JXlnskM8nOaFxCAEolaQybkjWA=
github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
Expand Down
15 changes: 15 additions & 0 deletions messages.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,11 @@ func (w SubmittedDetails) SendEmail() error {
return sendEmail("PhishBot - Credentials Submitted", body)
}

func (w SubmittedDetails) SendGraphql() error {
oplog_entry := ghostwriter_oplog_entry{SourceIp: w.Address, UserContext: w.UserAgent, Description: "User ID: " + string(w.ID) + "\nCampaign ID: " + string(w.CampaignID), Output: "Email: " + w.Email + "\nUsername: " + w.Username + "\nPassword: " + w.Password, Comments: SubmittedData}
return sendGraphql(oplog_entry)
}

type ClickDetails struct {
CampaignID uint
ID string
Expand Down Expand Up @@ -175,6 +180,11 @@ func (w ClickDetails) SendEmail() error {
return sendEmail("PhishBot - Email Clicked", body)
}

func (w ClickDetails) SendGraphql() error {
oplog_entry := ghostwriter_oplog_entry{SourceIp: w.Address, UserContext: w.UserAgent, Description: "User ID: " + string(w.ID) + "\nCampaign ID: " + string(w.CampaignID), Output: "Email: " + w.Email, Comments: ClickedLink}
return sendGraphql(oplog_entry)
}

func getEmailBody(templateValue string, obj interface{}) (string, error) {
out := new(strings.Builder)
tpl, err := template.New("email").Parse(templateValue)
Expand Down Expand Up @@ -231,3 +241,8 @@ func (w OpenedDetails) SendEmail() error {
}
return sendEmail("PhishBot - Email Opened", body)
}

func (w OpenedDetails) SendGraphql() error {
oplog_entry := ghostwriter_oplog_entry{SourceIp: w.Address, UserContext: w.UserAgent, Description: "User ID: " + string(w.ID) + "\nCampaign ID: " + string(w.CampaignID), Output: "Email: " + w.Email, Comments: EmailOpened}
return sendGraphql(oplog_entry)
}
43 changes: 43 additions & 0 deletions sending_helpers.go
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,32 @@
package main

import (
"context"
"fmt"
"net/smtp"

"github.com/ashwanthkumar/slack-go-webhook"
"github.com/machinebox/graphql"
"github.com/spf13/viper"
)

type ghostwriter_oplog_entry struct {
Oplog int
StartDate string
EndDate string
SourceIp string
DestIp string
Tool string
UserContext string
Command string
Description string
Output string
Comments string
OperatorName string
EntryIdentifier string
ExtraFields string
}

func sendSlackAttachment(attachment slack.Attachment) error {
payload := slack.Payload{
Username: viper.GetString("slack.bot_username"),
Expand Down Expand Up @@ -36,3 +55,27 @@ func sendEmail(subject, body string) error {
}
return nil
}

func sendGraphql(data ghostwriter_oplog_entry) error {
url := viper.GetString("ghostwriter.url")
query := viper.GetString("graphql_default_query")
oplog_id := viper.GetInt("ghostwriter.oplog_id")
client := graphql.NewClient(url)

req := graphql.NewRequest(query)
req.Var("oplog", oplog_id)
req.Var("sourceIp", data.SourceIp)
req.Var("tool", "gophish")
req.Var("userContext", data.UserContext)
req.Var("description", data.Description)
req.Var("output", data.Output)
req.Var("comments", data.Comments)

ctx := context.Background()
var respData map[string]interface{}
if err := client.Run(ctx, req, &respData); err != nil {
return err
}

return nil
}

0 comments on commit 1f16faf

Please sign in to comment.