Refactor of the original EDC
Copy files to your run location
Start a venv and install requirements
python3 -m venv venv
source venv/bin/activate
pip install jq
pip install django
pip install Pillow
pip install djangorestframework
pip install python-docx
pip install channels
pip install websocks
pip install wsproto
pip install daphne
pip install uvicorn
Initialze the server (only if updates are made, otherwise just skip)
python manage.py makemigrations collector --empty --name populate_mitigations
python manage.py makemigrations collector
python manage.py migrate
python manage collectstatic
Create a user if required (should not be required)
python manage.py createsuperuser
Start the server
uvicorn edc_project.asgi:application --host 0.0.0.0 --port 8889 --reload
Note: DEBUG is set to True. When deploying on an open or connected network, set to False
Ensure you are handling sockets for chat. The main thing here is the upgrade and connection headers.
server {
listen 80;
server_name domain.com;
location / {
# Required for WebSocket Proxying
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Standard headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy pass to the uvicorn server running on 8889
proxy_pass http://127.0.0.1:8889;
# To lengthen timeouts (if connections are dropping)
proxy_read_timeout 86400;
proxy_send_timeout 86400;
proxy_connect_timeout 75;
}
}
# Get Token
curl -X POST http://127.0.0.1:8000/api/get-token/ \
-H 'Content-Type: application/json' \
-d '{ "username": "op1", "password": "op1_password" }'
# Test Token
curl -X GET http://127.0.0.1:8000/collector/api/oplog/ \
-H 'Authorization: Token <YOUR_TOKEN_STRING>'
# POST via TOKEN
curl -X POST http://127.0.0.1:8000/collector/api/oplog/ \
-H 'Content-Type: application/json' \
-H 'Authorization: Token <YOUR_TOKEN_STRING>' \
-d '{
"command": "ipconfig /all (via token)",
"output": "Windows IP Configuration...",
"notes": "Testing API POST with Token",
"target_id": 1
}'
## Target Fields
ip_address
hostname
operating_system
users
description
## Credential Fields
service
username
password_plaintext
hash_value
hash_type
notes
# Oplog Fields
target
dst_port
dst_host
src_ip
src_port
src_host
url
tool
command
output
notes
screenshot (file)
sys_mod
enum (file)
# Enumeration Fields
target
scan_type
description
notes
scan_file (file)
# Payload Fields
name
description
payload_type
file
#Exfil Fields
oplog_entry
file
description
- http://127.0.0.1:8000/api-auth/login/
- http://127.0.0.1:8000/collector/api/oplog/
- http://127.0.0.1:8000/collector/api/targets/
- http://127.0.0.1:8000/collector/api/credentials/
- http://127.0.0.1:8000/collector/api/payloads/
- http://127.0.0.1:8000/collector/api/enumdata/
curl -X GET http://127.0.0.1:8000/collector/api/oplog/ \
-H 'Accept: application/json' \
-H 'Cookie: sessionid=YOUR_SESSION_ID; csrftoken=YOUR_CSRF_TOKEN' \
-H 'X-CSRFToken: YOUR_CSRF_TOKEN'
# Replace cookie/CSRF values
curl -X POST http://127.0.0.1:8000/collector/api/oplog/ \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Cookie: sessionid=YOUR_SESSION_ID; csrftoken=YOUR_CSRF_TOKEN' \
-H 'X-CSRFToken: YOUR_CSRF_TOKEN' \
-d '{
"command": "whoami (via curl)",
"output": "nt authority\\system",
"notes": "Testing API POST",
"target_id": 1
}'
django-admin startproject <project_name> .
python manage.py startapp collector
python manage.py makemigrations collector
python manage.py migrate
python manage.py createsuperuser
python manage.py runserver