mythic-c2 0.1.0

Mythic C2 agent protocol library — message encoding, AES-256-CBC-HMAC crypto, and transport abstraction
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

//! # mythic-c2
//!
//! Mythic C2 agent protocol library — message encoding/decoding,
//! AES-256-CBC-HMAC encryption, and transport abstraction.
//!
//! `#![no_std]` compatible with `alloc`, suitable for embedded agent binaries.
//!
//! ## Architecture
//!
//! ```text
//! ┌─────────────────────────┐
//! │  [`Mythic`] facade       │  build_* / parse_* / checkin() / get_tasking() / …
//! │  holds UUID + crypto     │
//! └──────────┬──────────────┘
//!            │  base64 string
//! └──────────┼──────────────┘
//! │  [`C2Transport`] trait   │  deliver to Mythic server (HTTP, DNS, WS, …)
//! └──────────┬──────────────┘
//!//! └──────────┼──────────────┘
//! │  `protocol` layer        │  message types, framing, crypto
//! └─────────────────────────┘
//! ```
//!
//! ## Quick Example
//!
//! ```rust
//! use mythic::{Mythic, Aes256HmacCrypto, CheckinInfo, C2Transport};
//! use uuid::Uuid;
//!
//! # struct HttpC2;
//! # impl C2Transport for HttpC2 {
//! #     type Error = &'static str;
//! #     fn checkin(&self, p: &str) -> Result<String, Self::Error> { Ok(String::new()) }
//! #     fn get_tasking(&self, p: &str) -> Result<String, Self::Error> { Ok(String::new()) }
//! #     fn post_response(&self, p: &str) -> Result<String, Self::Error> { Ok(String::new()) }
//! # }
//! let crypto = Aes256HmacCrypto::new([0xAB; 32], [0xCD; 16]);
//! let mut mythic = Mythic::with_crypto(
//!     Uuid::parse_str("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee").unwrap(),
//!     crypto,
//! );
//!
//! // Build a checkin packet
//! let pkt = mythic.build_checkin(CheckinInfo {
//!     os: Some("linux".into()),
//!     host: Some("web01".into()),
//!     user: Some("root".into()),
//!     pid: Some(1337),
//!     ips: vec!["10.0.0.1".into()],
//!     ..Default::default()
//! }).unwrap();
//!
//! // Or combined: build → send → parse in one call
//! // let (uuid, resp) = mythic.checkin(info, &transport)?;
//! ```
//!
//! ## Three Communication Scenarios
//!
//! | Scenario | Setup | First Message |
//! |---|---|---|
//! | Plaintext | `Mythic::new(uuid)` | `build_checkin()` — no encryption |
//! | Static key | `Mythic::with_crypto(uuid, key)` | `build_checkin()` — AES encrypted |
//! | RSA EKE | `Mythic::with_crypto(uuid, aes_psk)` → `staging_rsa()` → `set_crypto(…)` | `build_checkin()` — negotiated key |

#![no_std]

extern crate alloc;

pub mod c2;
pub mod mythic;
pub mod protocol;

pub use c2::{C2Transport, MythicError, NoopC2};
pub use mythic::Mythic;
pub use protocol::*;