-
Notifications
You must be signed in to change notification settings - Fork 28
III. Listing Modules
s0lst1c3 edited this page Nov 16, 2020
·
4 revisions
To list all modules available within DropEngine, use the --list flag as shown below.
Command:
./dropengine.py --list
Example Output:
(venv) s0lst1c3@DESKTOP-NC0U49D:/mnt/c/Users/s0lst1c3/mmtest/dropengine$ ./dropengine.py --list
Listing interfaces:
csharp_runner_interface
Listing ekeys:
ekey_env_ad_domain_name
ekey_env_ext_fqdn
ekey_env_ext_ip
ekey_env_hd_serial
ekey_env_int_fqdn
...snip...
Listing postmodules:
csharp_post_cmd_del_from_disk
To list modules of one or more specific type, pass the module type as an argument to the --list flag as shown below.
Command:
# list all crypter and dkey modules
./dropengine.py --list crypters dkeys
Example Output:
(venv) s0lst1c3@DESKTOP-NC0U49D:/mnt/c/Users/s0lst1c3/mmtest/dropengine$ ./dropengine.py --list crypters dkeys
Listing dkeys:
dkey_csharp_static
dkey_csharp_env_ad_domain_name
dkey_env_csharp_ext_fqdn
dkey_env_csharp_ext_ip
...snip...
dkey_env_csharp_vol_serial
dkey_remote_csharp_otk_http
skey_test_module_11123233xxaaa
Listing crypters:
crypter_aes
skey_test_module_111sdf23233xxaaaf
To list all modules compatible with a specific payload component, use the --list, --compatible flags as shown in the following example. Note that you must also use the flag corresponding to payload component's type. For example, if we want know all of the modules that are compatible with the DKey module dkey_csharp_static, we'd use the --dkey flag.
Command:
./dropengine.py --list --compatible --dkey dkey_csharp_static
Example Output:
(venv) s0lst1c3@DESKTOP-NC0U49D:/mnt/c/Users/s0lst1c3/mmtest/dropengine$ ./dropengine.py --list --compatible --dkey dkey_csharp_static
For module: dkey - dkey_csharp_static
Listing compatible input modules:
ekey_static
Listing compatible interfaces:
csharp_runner_interface
(venv) s0lst1c3@DESKTOP-NC0U49D:/mnt/c/Users/s0lst1c3/mmtest/dropengine$