Evan Hosinski
ec307bc91f
Introduce `--web` and `--cli` flags to select alternative interfaces for the elimination flow. Add validation to enforce mutual exclusivity and ensure one option is specified. Include placeholder logic for web UI implementation.
126 lines
3.3 KiB
Go
126 lines
3.3 KiB
Go
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"rmm-hunter/internal/pkg"
|
|
"rmm-hunter/internal/pkg/hunter"
|
|
"rmm-hunter/internal/tui"
|
|
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
var (
|
|
excludeRMMs []string
|
|
outputFile string
|
|
webUI bool
|
|
cliUI bool
|
|
)
|
|
|
|
// rootCmd represents the base command when called without any subcommands
|
|
var rootCmd = &cobra.Command{
|
|
Use: "rmm-hunter",
|
|
Short: "RMM-Hunter - Detect and eliminate Remote Monitoring and Management software",
|
|
Long: `RMM-Hunter is a tool designed to detect and eliminate Remote Monitoring
|
|
and Management (RMM) software on Windows systems. It can hunt for suspicious
|
|
processes, services, binaries, and network connections associated with RMM tools.`,
|
|
Version: "1.0.0",
|
|
}
|
|
|
|
// huntCmd represents the hunt command
|
|
var huntCmd = &cobra.Command{
|
|
Use: "hunt",
|
|
Short: "Hunt for RMM software on the system",
|
|
Long: `Hunt mode scans the system for signs of RMM software including:
|
|
- Suspicious Processes
|
|
- Suspicious Autoruns
|
|
- Services
|
|
- Binaries and Executables
|
|
- Directories
|
|
- Processes
|
|
- Outbound Network Connections
|
|
- Scheduled Tasks
|
|
- Registry Entries`,
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
fmt.Println("Starting RMM Hunt...")
|
|
runHunt()
|
|
},
|
|
}
|
|
|
|
// eliminateCmd represents the eliminate command
|
|
var eliminateCmd = &cobra.Command{
|
|
Use: "eliminate",
|
|
Short: "Eliminate Sus software based on hunt results",
|
|
Long: `Eliminate mode removes detected Sus software from the system.
|
|
Requires a JSON input file containing hunt results to determine what to remove.`,
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
fmt.Println("Starting Elimination UI...")
|
|
runEliminate()
|
|
},
|
|
}
|
|
|
|
// Execute adds all child commands to the root command and sets flags appropriately.
|
|
func Execute() {
|
|
err := rootCmd.Execute()
|
|
if err != nil {
|
|
os.Exit(1)
|
|
}
|
|
}
|
|
|
|
func init() {
|
|
// Add subcommands
|
|
rootCmd.AddCommand(huntCmd)
|
|
rootCmd.AddCommand(eliminateCmd)
|
|
|
|
// Global flags
|
|
rootCmd.PersistentFlags().StringSliceVar(&excludeRMMs, "exclude", []string{},
|
|
"Comma-separated list of Sus names to exclude from detection (optional)")
|
|
|
|
// Hunt command flags
|
|
huntCmd.Flags().StringSliceVar(&excludeRMMs, "exclude", []string{},
|
|
"Comma-separated list of Sus names to exclude from hunt")
|
|
huntCmd.Flags().StringVarP(&outputFile, "output", "o", "suspicious-hunter.json",
|
|
"Output file to write hunt results (optional) Default: suspicious-hunter.json")
|
|
|
|
// Eliminate command flags
|
|
eliminateCmd.Flags().BoolVarP(&webUI, "web", "w", false,
|
|
"Use web UI instead of TUI (optional)")
|
|
eliminateCmd.Flags().BoolVarP(&cliUI, "cli", "c", false,
|
|
"Use CLI UI instead of TUI (optional)")
|
|
|
|
// Mark web and cli flags as mutually exclusive
|
|
eliminateCmd.MarkFlagsMutuallyExclusive("web", "cli")
|
|
|
|
// Mark one of web or cli as required
|
|
eliminateCmd.MarkFlagsOneRequired("web", "cli")
|
|
}
|
|
|
|
func runHunt() {
|
|
if len(excludeRMMs) > 0 {
|
|
fmt.Printf("Excluding RMMs: %v\n", excludeRMMs)
|
|
}
|
|
|
|
hunter.Start(pkg.RunOptions{
|
|
ExcludeRMMs: excludeRMMs,
|
|
})
|
|
|
|
}
|
|
|
|
func runEliminate() {
|
|
if webUI {
|
|
// Launch the web UI for elimination flow
|
|
// TODO: Launch web UI
|
|
fmt.Println("Web UI not implemented yet")
|
|
return
|
|
} else if cliUI {
|
|
// Launch the TUI for elimination flow
|
|
if err := tui.RunEliminateUI(); err != nil {
|
|
fmt.Printf("[-] TUI error: %v\n", err)
|
|
os.Exit(1)
|
|
}
|
|
} else {
|
|
fmt.Println("No UI specified")
|
|
os.Exit(1)
|
|
}
|
|
}
|