Update eliminate connection logic to refine firewall rules and upgrade Scurvy library to latest version

cmd/root.go

@@ -7,6 +7,7 @@ import (
 	"rmm-hunter/internal/pkg/hunter"
 	"rmm-hunter/internal/tui"
 
+	scurvy "github.com/Kraken-OffSec/Scurvy"
 	"github.com/spf13/cobra"
 )
 
@@ -51,9 +52,26 @@ var huntCmd = &cobra.Command{
 var eliminateCmd = &cobra.Command{
 	Use:   "eliminate",
 	Short: "Eliminate Sus software based on hunt results",
-	Long: `Eliminate mode removes detected Sus software from the system.
+	Long: `Eliminate mode removes detected RMM Software from the system.
-Requires a JSON input file containing hunt results to determine what to remove.`,
+Requires a JSON input file containing hunt results to determine what to remove.
+Administrative Privileges are required. 
+Steps:
+- Click start
+- Type Powershell (see Windows Powershell)
+- Right click and select "Run as administrator"
+- Navigate to the directory containing rmm-hunter.exe 
+	> cd ~\Downloads\
+- Run the following command:
+	> CLI
+    	-> .\rmm-hunter.exe eliminate--cli
+	> Web
+    	-> .\rmm-hunter.exe eliminate --web
+`,
 	Run: func(cmd *cobra.Command, args []string) {
+		if admin, err := scurvy.IsAdmin(); err != nil || !admin {
+			fmt.Println("User is not admin, please run as administrator")
+			os.Exit(1)
+		}
 		fmt.Println("Starting Elimination UI...")
 		runEliminate()
 	},

internal/tui/actions.go

@@ -3,6 +3,7 @@ package tui
 import (
 	"fmt"
 	"path/filepath"
+	"rmm-hunter/internal/pkg/hunt/eliminate"
 	"rmm-hunter/internal/suspicious"
 	"strings"
 )
@@ -101,7 +102,7 @@ func CheckDirectoryBlocked(dir string, data suspicious.Suspicious) error {
 	return nil
 }
 
-// Elimination placeholders; TODO: replace with internal/pkg/hunt/eliminate/*
+// Elimination functions
 var (
 	EliminateAutoRun       = func(ar suspicious.AutoRun) error { return eliminateAutoRun(ar) }
 	EliminateBinary        = func(path string) error { return eliminateBinary(path) }
@@ -113,11 +114,29 @@ var (
 )
 
 func eliminateAutoRun(ar suspicious.AutoRun) error {
-	return fmt.Errorf("eliminate autorun not implemented")
+	return eliminate.EliminateAutoRun(ar)
+}
+
+func eliminateBinary(path string) error {
+	return eliminate.EliminateBinary(path)
+}
+
+func eliminateConnection(conn suspicious.NetworkConnection) error {
+	return eliminate.EliminateConnection(conn.RemoteHost)
+}
+
+func eliminateDirectory(path string) error {
+	return eliminate.EliminateDirectory(path)
+}
+
+func eliminateProcess(p suspicious.Process) error {
+	return eliminate.EliminateProcess(p)
+}
+
+func eliminateScheduledTask(t suspicious.ScheduledTask) error {
+	return eliminate.EliminateScheduledTask(t)
+}
+
+func eliminateService(s suspicious.Service) error {
+	return eliminate.EliminateService(s)
 }
-func eliminateBinary(path string) error                           { return nil }
-func eliminateConnection(conn suspicious.NetworkConnection) error { return nil }
-func eliminateDirectory(path string) error                        { return nil }
-func eliminateProcess(p suspicious.Process) error                 { return nil }
-func eliminateScheduledTask(t suspicious.ScheduledTask) error     { return nil }
-func eliminateService(s suspicious.Service) error                 { return nil }

internal/web/webserver.go

@@ -1 +1,5 @@
 package web
+
+func StartWebServer() {
+	// TODO: Start web server
+}