Skip to content

Commit

Permalink
Changes to disable credentials in ghostwriter log
Browse files Browse the repository at this point in the history
  • Loading branch information
domwhewell-sage committed May 7, 2024
1 parent 1f16faf commit ada9b0b
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 17 deletions.
11 changes: 11 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,17 @@ email:
# Email host address
host_addr: smtp.gmail.com:587

# Ghostwriter Profile
ghostwriter:
# Ghostwriter graphql endpoint
graphql_endpoint: http://localhost:4000/graphql
# Ghostwriter API key
api_key: deadbeef
# Oplog ID
oplog_id: 1
# (Optional) Disable email, username, and credentials from being sent to ghostwriter
disable_credentials: true

# You can also supply an email template for each notification
email_submitted_credentials_template: |
Someone submitted credentials!
Expand Down
19 changes: 6 additions & 13 deletions config.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,26 +22,19 @@ Email Address - {{ .Email }}
IP Address - {{ .Address }}
User Agent - {{ .UserAgent }}`

var defaultgraphqlTemplate = `mutation InsertCobaltSyncLog (
$oplog: bigint!, $startDate: timestamptz, $endDate: timestamptz, $sourceIp: String, $destIp: String,
$tool: String, $userContext: String, $command: String, $description: String,
$output: String, $comments: String, $operatorName: String, $entry_identifier: String!, $extraFields: jsonb!
var defaultgraphqlTemplate = `mutation InsertGophishLog (
$oplog: bigint!, $sourceIp: String, $tool: String,
$userContext: String, $description: String, $output: String,
$comments: String
) {
insert_oplogEntry(objects: {
oplog: $oplog,
startDate: $startDate,
endDate: $endDate,
sourceIp: $sourceIp,
destIp: $destIp,
tool: $tool,
userContext: $userContext,
command: $command,
description: $description,
output: $output,
comments: $comments,
operatorName: $operatorName,
entryIdentifier: $entry_identifier,
extraFields: $extraFields
comments: $comments
}) {
returning { id }
}
Expand Down Expand Up @@ -116,7 +109,7 @@ func validateConfig() {
if profile == "ghostwriter" {
ghostwriterConfigs := []string{"ghostwriter.graphql_endpoint", "ghostwriter.api_key"}
checkKeysExist(ghostwriterConfigs...)
log.Infof("Using Ghostwriter sending profile. Will send messages to %s", viper.GetString("ghostwriter.url"))
log.Infof("Using Ghostwriter sending profile. Will send messages to %s", viper.GetString("ghostwriter.graphql_endpoint"))
continue
}
log.Fatalf("Profile \"%s\" does not exist", profile)
Expand Down
6 changes: 6 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,12 @@ func handler(w http.ResponseWriter, r *http.Request) {
return
}
}
if profile == "ghostwriter" {
if err := sender.SendGraphql(); err != nil {
log.Error(err)
return
}
}
}

w.WriteHeader(http.StatusNoContent)
Expand Down
19 changes: 16 additions & 3 deletions messages.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ var (
type Sender interface {
SendSlack() error
SendEmail() error
SendGraphql() error
}

func senderDispatch(status string, webhookResponse WebhookResponse, response []byte) (Sender, error) {
Expand Down Expand Up @@ -131,7 +132,11 @@ func (w SubmittedDetails) SendEmail() error {
}

func (w SubmittedDetails) SendGraphql() error {
oplog_entry := ghostwriter_oplog_entry{SourceIp: w.Address, UserContext: w.UserAgent, Description: "User ID: " + string(w.ID) + "\nCampaign ID: " + string(w.CampaignID), Output: "Email: " + w.Email + "\nUsername: " + w.Username + "\nPassword: " + w.Password, Comments: SubmittedData}
var output string
if !viper.GetBool("ghostwriter.disable_credentials") {
output := "Email: " + w.Email + "\nUsername: " + w.Username + "\nPassword: " + w.Password
}
oplog_entry := ghostwriter_oplog_entry{SourceIp: w.Address, UserContext: w.UserAgent, Description: "User ID: " + string(w.ID) + "\nCampaign ID: " + string(w.CampaignID), Output: output, Comments: SubmittedData}
return sendGraphql(oplog_entry)
}

Expand Down Expand Up @@ -181,7 +186,11 @@ func (w ClickDetails) SendEmail() error {
}

func (w ClickDetails) SendGraphql() error {
oplog_entry := ghostwriter_oplog_entry{SourceIp: w.Address, UserContext: w.UserAgent, Description: "User ID: " + string(w.ID) + "\nCampaign ID: " + string(w.CampaignID), Output: "Email: " + w.Email, Comments: ClickedLink}
var output string
if !viper.GetBool("ghostwriter.disable_credentials") {
output := "Email: " + w.Email
}
oplog_entry := ghostwriter_oplog_entry{SourceIp: w.Address, UserContext: w.UserAgent, Description: "User ID: " + string(w.ID) + "\nCampaign ID: " + string(w.CampaignID), Output: output, Comments: ClickedLink}
return sendGraphql(oplog_entry)
}

Expand Down Expand Up @@ -243,6 +252,10 @@ func (w OpenedDetails) SendEmail() error {
}

func (w OpenedDetails) SendGraphql() error {
oplog_entry := ghostwriter_oplog_entry{SourceIp: w.Address, UserContext: w.UserAgent, Description: "User ID: " + string(w.ID) + "\nCampaign ID: " + string(w.CampaignID), Output: "Email: " + w.Email, Comments: EmailOpened}
var output string
if !viper.GetBool("ghostwriter.disable_credentials") {
output := "Email: " + w.Email
}
oplog_entry := ghostwriter_oplog_entry{SourceIp: w.Address, UserContext: w.UserAgent, Description: "User ID: " + string(w.ID) + "\nCampaign ID: " + string(w.CampaignID), Output: output, Comments: EmailOpened}
return sendGraphql(oplog_entry)
}
2 changes: 1 addition & 1 deletion sending_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func sendEmail(subject, body string) error {
}

func sendGraphql(data ghostwriter_oplog_entry) error {
url := viper.GetString("ghostwriter.url")
url := viper.GetString("ghostwriter.graphql_endpoint")
query := viper.GetString("graphql_default_query")
oplog_id := viper.GetInt("ghostwriter.oplog_id")
client := graphql.NewClient(url)
Expand Down

0 comments on commit ada9b0b

Please sign in to comment.