sidaf/moonshine

Moonshine is a C2 framework with a custom Lua interpreter (called Moon, see here for further details) runtime at it's core. The runtime is used in the implants to execute scripts on the remote host, with the option of loading Lua C or script modules to provide additional functionality.

Moonshine is a C2 framework with a custom Lua interpreter (called Moon) at its core. It is designed to allow for rapid prototyping of new adversarial techniques, as well as the simulation of such techniques. The framework is composed of an implant and a server, both of which are implemented as Lua scripts, allowing for complete control and flexibility. The implant is easily expandable and customisable, and works cross-platform. The server can be accessed via a REST based API, making it easy to automate or integrate with other tools.

The framework includes a Makefile that provides a convenience wrapper around CMake, as well as for Docker which enables the framework to be cross-compiled within a container containing all the pre-requisite development tools. The Makefile implements common targets such as 'make', 'make debug', 'make release', 'make install', 'make dist', 'make check', 'make clean', and 'make distclean'. It also includes a test harness which can be executed using the standard CMake commands or the provided Makefile.

To build the framework, the CMake build system and version 14 of the Clang compiler are required. All dependant libraries are automatically downloaded and compiled by the build system, and where possible, libraries are statically linked into the resultant artifacts at compile time. For Windows, choco can be used for a less arduous setup, while Homebrew can be used for macOS. For Linux, a recent version of cmake needs to be installed, and the LLVM compiler needs to be downloaded.

The server component needs to be executed first. It provides a REST API and a WebSocket interface for clients to interact with the server. The REST API allows an operator to create listeners, generate implants artifacts, and send tasks to connected implants. The server publishes a Swagger / OpenAPI based interface that provides details of the REST API, and a Python SDK can be generated using an openapi generator. A Jupyter Notebook is also included, which uses the generated Python SDK and provides example usage of the framework. Lua modules and scripts for use in the framework can be found in the examples/scripts subdirectory. With all these features, Moonshine is a powerful C2 framework that can be used to rapidly prototype and simulate adversarial techniques.

📓 sidaf/moonshine

👉🏽 Moonshine is a C2 framework with a custom Lua interpreter (called Moon, see here for further details) runtime at it's core. The runtime is used in the implants to execute scripts on the remote host, with the option of loading Lua C or script modules to provide additional functionality. 👉🏽 Moonshine is a C2 framework designed for rapid prototyping of adversarial techniques. 👉🏽 The framework includes a custom Lua interpreter called Moon for flexibility and control. 👉🏽 It allows for the simulation of adversarial techniques and provides complete control. 👉🏽 The implant is easily expandable, customizable, and works on various platforms. 👉🏽 The server component can be accessed via a REST-based API for automation and integration. 👉🏽 A Makefile is provided for convenience, with common targets for building and testing. 👉🏽 The framework automatically downloads and compiles dependent libraries. 👉🏽 Different setup methods are available for Windows, macOS, and Linux. 👉🏽 The server component provides a REST API and WebSocket interface for interaction. 👉🏽 Moonshine includes a Jupyter Notebook and Lua modules for example usage and script integration.

🔗 source link: https://github.com/sidaf/moonshine

🔗 summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/sidafmoonshine

#MoonshineFramework #LuaInterpreter #RapidPrototyping #Automation #AdversarialTechniques