cisagov / redeye Goto Github PK
View Code? Open in Web Editor NEWRedEye is a visual analytic tool supporting Red & Blue Team operations
Home Page: https://cisagov.github.io/RedEye/
License: BSD 3-Clause "New" or "Revised" License
RedEye is a visual analytic tool supporting Red & Blue Team operations
Home Page: https://cisagov.github.io/RedEye/
License: BSD 3-Clause "New" or "Revised" License
Describe the bug
The user setting is displaying incorrect data
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Should show as change name or the actual name of the user
Desktop (please complete the following information):
Additional context
Add any other context about the problem here.
Please consider adding log ingestion for common C2 frameworks documented on thec2matrix
Describe the bug
When a user is within the explorer mode, if the user clicks the settings and turns on the show hidden beacons buttons and attempts to open the search it shows that an error occurred
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Search opens with the search bar at the top and allows user to search
Desktop (please complete the following information):
Additional context
Clicking the try again button returns the modal to working state until the show hidden beacon button is clicked again
Is your feature request related to a problem? Please describe.
Its not very clear how to set up the end to end testing which is a part of this project to contribute to it.
Describe the solution you'd like
Add a section in the read me file about how to set up the end to end testing and getting a projectId for contribution
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Not sure how to deal with these as check in because I assume the id is unique and it gets added to the cypress.config file. There should probably be an environment variable that can be set some where for the global project unless the intention is for each user to check in one but that would mean it would be checked in with the changes from the previous authors check in and projectId for testing
Describe the bug
Spacing issues in the text of the upload modal
To Reproduce
Steps to reproduce the behavior:
Expected behavior
CobaltStrike should be Cobalt Strike . CobaltStrikeServer should be Cobalt Strike Server
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
Add any other context about the problem here.
I'm interested in contributing to the project by helping implement new parsers for known C2 frameworks.
As Cobalt Strike is behind a paywall, it would be awesome if a sample log folder/dataset was provided so people that don't have access to CS could test and contribute to RedEye.
Describe the bug
Export of campaign fails if campaign contains hidden hosts.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Campaign to successfully export and the exported campaign does not contain the host(s) that were hidden.
Desktop (please complete the following information):
Additional context
I created a campaign, and then hid two hosts (SA-WIN10-21H1-1 and SA-DC01-2019). I then attempted to export the campaign with the option 'Remove all hidden Beacons, Hosts, and Servers' checked, and received the errors in the above screenshots.
Hello,
thank you for the good service.
Can you add Criminal IP?
if it matches for IP and URL, I would like to move to Criminal IP search result.
like Mitre TID
Describe the bug
The OperatorResolvers
are missing @Authorized()
decorators, which allows anybody to query operator names without authentication.
To Reproduce
Send this POST request to the /graphql
endpoint of RedEye:
POST /api/graphql HTTP/1.1
Host: localhost:4000
content-type: application/json
Content-Length: 67
{"query":"query test { globalOperators { __typename id name } }"
}
The response will leak the registered operator names. Example response:
{"data":{"globalOperators":[{"__typename":"GlobalOperator","id":"dev","name":"dev"},{"__typename":"GlobalOperator","id":"analyst01","name":"analyst01"},{"__typename":"GlobalOperator","id":"john.doe","name":"john.doe"},{"__typename":"GlobalOperator","id":"dev2","name":"dev2"}]}}
The mutation also is lacking the @Authorized
decorator, thus allows creating global operators without authentication:
{
"query": "mutation createGlobalOperator($username: String!) { createGlobalOperator(username: $username) { id name } }",
"variables": {
"username": "john.doe"
}
}
To fix, simply add the @Authorized
decorator to all queries.
Background Info
We created this CodeQL query live on stream to find the resolvers without the authorized decorator:
import javascript
from Decorator d1
where
d1.getAChildExpr().(CallExpr).getCalleeName()
in ["Mutation", "Query"]
and
not d1.getParent().getAChild().(Decorator).getAChildExpr().(CallExpr).getCalleeName() in ["Authorized"]
select d1, "is not authorized"
We only found these affected files, the progress resolver is uninteresting. And the issue with the operator resolver is mentioned above.
Describe the bug
❯ AUTHENTICATION_PASSWORD=foo ./release/mac/RedEye --redTeam
HTTP server closed
To Reproduce
Expected behavior
The server should probably notice something is wrong, instead of just exiting suddenly.
Screenshots
❯ AUTHENTICATION_PASSWORD=foo ./release/mac/RedEye --redTeam
HTTP server closed
Desktop (please complete the following information):
This was resolved by moving to Node18, but the error was really mysterious and I could not figure out what was going wrong.
Is your feature request related to a problem? Please describe.
When using the application there is really no way to distinguish if a user is in blue team(review) mode or red team
Describe the solution you'd like
There should be an indication somewhere within the main view or once a user logs in letting them know what mode they are in
Describe alternatives you've considered
N/A
Additional context
Add any other context or screenshots about the feature request here.
Describe the bug
Trying to create a new initial campaign, but only have the ability to import a campaign and DB files.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Screen shots on User Guide show "Create Campaign" but not in my run.
Desktop (please complete the following information):
Additional context
Running Windows: RedEye Server v0.8.0-beta w/no additional parameters in originally "empty" directory.
Am I missing a config to allow new campaigns? Is there a sample or an empty campaign that I can import for now to "create"?
RedEye folk,
Could you take a look at your testing workflow. When it kicks off it is occupying over half of our organization's available runners, and has starved out some of the other projects.
12
identical jobs running in parallel in the workflow. e.g., the parallel tests are non-deterministic.max-parallel
to limit the matrix to a couple of jobs at a time if this parallelism isn't necessary.Thank,
@felddy
RedEye/.github/workflows/test.yml
Lines 47 to 51 in 336919c
RedEye/.github/workflows/test.yml
Lines 90 to 94 in 336919c
(disclaimer: I'm trying to help a user. I'm not the user and not using redeye but just the messenger reporting this bug).
using the static binary from your release page on a remote server. I can start RedEye but it exists after 1 second without any output:
ssh -L5900:0:5900 [email protected] # password is 'segfault'
startxvnc
Connect to 127.0.0.1:5900 with any VNC client, then start RedEye in an Xterm:
┌──(root💀sf-TellPistol)-[~]
└─# ./RedEye
┌──(root💀sf-TellPistol)-[~]
└─#
No output. No process is started.
After selecting C/S logs for import, the page stays at Importing... Status
The error message reported on the server is as follows
PARSING ERROR: error in exec callback {
error: Error: spawn /home/test/linux/test/parsers/cs-parser ENOENT
at Process.ChildProcess._handle.onexit (node:internal/child_process:283:19)
at onErrorNT (node:internal/child_process:478:16)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
errno: -2,
code: 'ENOENT',
syscall: 'spawn /home/test/linux/test/parsers/cs-parser',
path: '/home/test/linux/test/parsers/cs-parser',
spawnargs: [
'campaign',
'-d',
'/home/test/linux/test/campaign/13aafb0c-ecb4-43c8-827a-542c7a3c5ac6/db.redeye',
'-p',
'/home/test/linux/test/campaign/13aafb0c-ecb4-43c8-827a-542c7a3c5ac6',
'-t',
'7'
],
cmd: '/home/test/linux/test/parsers/cs-parser campaign -d /home/test/linux/test/campaign/13aafb0c-ecb4-43c8-827a-542c7a3c5ac6/db.redeye -p /home/test/linux/test/campaign/13aafb0c-ecb4-43c8-827a-542c7a3c5ac6 -t 7'
},
stdout: '',
stderror: ''
}
Is your feature request related to a problem? Please describe.
Importing logs with hosts that are not "engagement impactful" (e.g., sandboxes, test targets, etc). need to be manually hidden individually currently and for each host this currently takes 4 clicks, so this ends up being (4 * n) clicks where n is the number of hosts to hide.
Describe the solution you'd like
Reduce the number of clicks it takes to hide hosts, either through a bulk update, "checkbox/apply" all UX, or a context menu on the host, or a host-name filter upon import.
Describe alternatives you've considered
As a work-around I've opened the sqlitedb in sqlitebrowser and modified the specific field/value in the db directly however, that appears to only affect the metadata and leaves empty information in the sidebar and the nodes remain in the graph.
Additional context
N/A
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
Add any other context about the problem here.
We're planning on integrating up to three additional C2 framework parsers this year into RedEye. The list of parsers is still being finalized, so please comment below with any framework parser you'd like to see in RedEye!
Our threat hunting product has been using the RedEye name for the past 3 years.
Is it possible for you to change the name to avoid confusion? Our product is commercial and also intended for an identical purpose.
Our RED TEAM company is also well-known in the foreign market, including the United States:
environment:
ubuntu:20.04
nodejs:16.17.1
npm:8.19.2
yarn:3.2.3
The following error occurs when I run the yarn install
command:
root:~/RedEye# yarn install
➤ YN0000: ┌ Resolution step
➤ YN0002: │ @nrwl/cypress@npm:14.6.5 [63507] doesn't provide nx (p10390), requested by @nrwl/devkit
➤ YN0002: │ @nrwl/cypress@npm:14.6.5 [63507] doesn't provide typescript (p12f21), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/cypress@npm:14.6.5 [63507] doesn't provide typescript (p6345b), requested by fork-ts-checker-webpack-plugin
➤ YN0002: │ @nrwl/cypress@npm:14.6.5 [63507] doesn't provide typescript (pfc203), requested by ts-loader
➤ YN0002: │ @nrwl/cypress@npm:14.6.5 [7a45f] doesn't provide nx (p1f374), requested by @nrwl/devkit
➤ YN0002: │ @nrwl/cypress@npm:14.6.5 [7a45f] doesn't provide typescript (p1ce2c), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/cypress@npm:14.6.5 [7a45f] doesn't provide typescript (p88b83), requested by fork-ts-checker-webpack-plugin
➤ YN0002: │ @nrwl/cypress@npm:14.6.5 [7a45f] doesn't provide typescript (p52358), requested by ts-loader
➤ YN0002: │ @nrwl/devkit@npm:14.6.3 [7d709] doesn't provide typescript (p4b372), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/devkit@npm:14.6.3 [f7f79] doesn't provide typescript (pd13ca), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/devkit@npm:14.6.5 [466ed] doesn't provide typescript (p952f2), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/devkit@npm:14.6.5 [7a45f] doesn't provide typescript (p88aeb), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/devkit@npm:14.6.5 [e712c] doesn't provide typescript (p121bf), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/eslint-plugin-nx@npm:14.6.3 [7a45f] doesn't provide eslint (pcdd36), requested by @typescript-eslint/utils
➤ YN0002: │ @nrwl/eslint-plugin-nx@npm:14.6.3 [7a45f] doesn't provide nx (p3f0ed), requested by @nrwl/devkit
➤ YN0002: │ @nrwl/jest@npm:14.6.3 doesn't provide nx (p7bd51), requested by @nrwl/devkit
➤ YN0002: │ @nrwl/jest@npm:14.6.3 doesn't provide typescript (paa32c), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/jest@npm:14.6.5 doesn't provide nx (p51599), requested by @nrwl/devkit
➤ YN0002: │ @nrwl/jest@npm:14.6.5 doesn't provide typescript (p68cd3), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/js@npm:14.6.3 doesn't provide nx (p2cb88), requested by @nrwl/devkit
➤ YN0002: │ @nrwl/js@npm:14.6.5 doesn't provide nx (p8ee91), requested by @nrwl/devkit
➤ YN0002: │ @nrwl/linter@npm:14.6.3 [7a45f] doesn't provide typescript (pe0811), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/linter@npm:14.6.3 [89c3e] doesn't provide typescript (pbe7e7), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/linter@npm:14.6.5 [ecbee] doesn't provide typescript (pf9585), requested by @phenomnomnominal/tsquery
➤ YN0002: │ @nrwl/node@npm:14.6.5 doesn't provide @types/node (pf093b), requested by ts-node
➤ YN0002: │ @nrwl/node@npm:14.6.5 doesn't provide nx (p3e1ba), requested by @nrwl/devkit
➤ YN0002: │ @nrwl/node@npm:14.6.5 doesn't provide typescript (p931a2), requested by fork-ts-checker-webpack-plugin
➤ YN0002: │ @nrwl/node@npm:14.6.5 doesn't provide typescript (p42906), requested by ts-loader
➤ YN0002: │ @nrwl/node@npm:14.6.5 doesn't provide typescript (p3b16b), requested by ts-node
➤ YN0002: │ @nrwl/web@npm:14.6.5 doesn't provide @types/node (pbf886), requested by ts-node
➤ YN0002: │ @nrwl/web@npm:14.6.5 doesn't provide nx (p66ace), requested by @nrwl/devkit
➤ YN0002: │ @nrwl/web@npm:14.6.5 doesn't provide typescript (pd976f), requested by fork-ts-checker-webpack-plugin
➤ YN0002: │ @nrwl/web@npm:14.6.5 doesn't provide typescript (p796a9), requested by ts-loader
➤ YN0002: │ @nrwl/web@npm:14.6.5 doesn't provide typescript (p032d9), requested by ts-node
➤ YN0002: │ @nrwl/web@npm:14.6.5 doesn't provide typescript (p7ef8a), requested by rollup-plugin-typescript2
➤ YN0002: │ @nxext/vite@npm:14.0.0 [7a45f] doesn't provide nx (p23fe6), requested by @nrwl/devkit
➤ YN0002: │ @types/testing-library__react@npm:10.2.0 doesn't provide react (p31675), requested by @testing-library/react
➤ YN0002: │ @types/testing-library__react@npm:10.2.0 doesn't provide react-dom (p45428), requested by @testing-library/react
➤ YN0002: │ redeye@workspace:. doesn't provide @babel/core (p5e601), requested by @emotion/babel-plugin
➤ YN0002: │ redeye@workspace:. doesn't provide @babel/plugin-syntax-flow (p48cba), requested by eslint-plugin-flowtype
➤ YN0002: │ redeye@workspace:. doesn't provide @babel/plugin-transform-react-jsx (pbf514), requested by eslint-plugin-flowtype
➤ YN0002: │ redeye@workspace:. doesn't provide @blueprintjs/docs-theme (p9d6a0), requested by blueprint-styler
➤ YN0002: │ redeye@workspace:. doesn't provide @blueprintjs/icons (p9e3bc), requested by blueprint-styler
➤ YN0002: │ redeye@workspace:. doesn't provide @blueprintjs/table (p457d2), requested by blueprint-styler
➤ YN0002: │ redeye@workspace:. doesn't provide @blueprintjs/timezone (pcdff1), requested by blueprint-styler
➤ YN0002: │ redeye@workspace:. doesn't provide @testing-library/dom (p4b37a), requested by @testing-library/user-event
➤ YN0002: │ redeye@workspace:. doesn't provide eslint-plugin-n (p61d4a), requested by eslint-config-standard
➤ YN0060: │ redeye@workspace:. provides mobx-keystone (p05af7) with version 1.0.0, which doesn't satisfy what mk-gql requests
➤ YN0060: │ redeye@workspace:. provides prettier (p92f8b) with version 2.5.1, which doesn't satisfy what @nrwl/workspace requests
➤ YN0060: │ redeye@workspace:. provides react (pca4bc) with version 18.2.0, which doesn't satisfy what @blueprintjs/core and some of its descendants request
➤ YN0060: │ redeye@workspace:. provides react (p15ae2) with version 18.2.0, which doesn't satisfy what @blueprintjs/datetime and some of its descendants request
➤ YN0060: │ redeye@workspace:. provides react (pe4698) with version 18.2.0, which doesn't satisfy what @blueprintjs/popover2 and some of its descendants request
➤ YN0060: │ redeye@workspace:. provides react (p81fea) with version 18.2.0, which doesn't satisfy what react-resize-detector requests
➤ YN0060: │ redeye@workspace:. provides react-dom (p22dbf) with version 18.2.0, which doesn't satisfy what react-resize-detector requests
➤ YN0002: │ redeye@workspace:. doesn't provide rollup (p85155), requested by rollup-plugin-auto-external
➤ YN0060: │ redeye@workspace:. provides vite (pacda5) with version 3.1.3, which doesn't satisfy what @nxext/vite requests
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 1s 377ms
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed in 3m 25s
➤ YN0000: ┌ Link step
➤ YN0007: │ cypress@npm:10.9.0 must be built because it never has been before or the last one failed
➤ YN0007: │ nodemon@npm:2.0.15 must be built because it never has been before or the last one failed
➤ YN0007: │ playwright-webkit@npm:1.25.2 must be built because it never has been before or the last one failed
➤ YN0007: │ @carbon/icons-react@npm:10.44.0 [7a45f] must be built because it never has been before or the last one failed
➤ YN0007: │ type-graphql@npm:1.1.1 [7a45f] must be built because it never has been before or the last one failed
➤ YN0007: │ @parcel/watcher@npm:2.0.4 must be built because it never has been before or the last one failed
➤ YN0007: │ core-js@npm:3.22.7 must be built because it never has been before or the last one failed
➤ YN0007: │ better-sqlite3@npm:7.6.2 must be built because it never has been before or the last one failed
➤ YN0007: │ esbuild@npm:0.15.9 must be built because it never has been before or the last one failed
➤ YN0007: │ core-js-pure@npm:3.22.7 must be built because it never has been before or the last one failed
➤ YN0007: │ @apollo/protobufjs@npm:1.2.4 must be built because it never has been before or the last one failed
➤ YN0007: │ redeye@workspace:. must be built because it never has been before or the last one failed
➤ YN0007: │ nx@npm:14.6.3 [f7f79] must be built because it never has been before or the last one failed
➤ YN0007: │ nx@npm:14.6.5 [4a848] must be built because it never has been before or the last one failed
➤ YN0000: └ Completed in 1m 53s
➤ YN0000: Done with warnings in 5m 20s
run yarn release:all
✔ nx run models:build [remote cache]
✔ nx run graph:build [remote cache]
✔ nx run parser:build [remote cache]
✔ nx run client:build:production [remote cache]
✔ nx run server:build [remote cache]
✖ nx run parser:release-all
> NX Running target release for project parser and 2 task(s) it depends on
> nx run parser:build [existing outputs match the cache, left as is]
Compiling with SWC for parser...
Successfully compiled: 41 files with swc (58.2ms)
> nx run parser:release --platform=mac
> [email protected]
> Fetching base Node.js binaries to PKG_CACHE_PATH
> Error! Binary hash does NOT match.
> NX ERROR: Something went wrong in run-commands - Command failed: pkg dist/packages/cs-parser/package.json -t node16-mac -o release/mac/parsers/cs-parser
Pass --verbose to see the stacktrace.
> NX Running target "parser:release" failed
Failed tasks:
- parser:release
Hint: run the command with --verbose for more details.
> NX ERROR: Something went wrong in run-commands - Command failed: yarn nx release parser --platform mac
Pass --verbose to see the stacktrace.
✖ nx run server:release-all
> NX Running target release for project server and 5 task(s) it depends on
> nx run server:build [existing outputs match the cache, left as is]
Compiling with SWC for server...
Successfully compiled: 56 files with swc (63.79ms)
> nx run server:release --platform=mac
> [email protected]
> Fetching base Node.js binaries to PKG_CACHE_PATH
node:internal/fs/utils:347
throw err;
^
Error: ENOENT: no such file or directory, stat '/root/.pkg-cache/v3.4/fetched-v16.16.0-macos-x64.downloading'
at Object.statSync (node:fs:1588:3)
at Object.statSync (/root/RedEye-cisa/node_modules/graceful-fs/polyfills.js:318:34)
at statSync (/root/RedEye-cisa/node_modules/fs-extra/lib/util/stat.js:10:52)
at getStatsSync (/root/RedEye-cisa/node_modules/fs-extra/lib/util/stat.js:24:19)
at Object.checkPathsSync (/root/RedEye-cisa/node_modules/fs-extra/lib/util/stat.js:49:33)
at Object.moveSync (/root/RedEye-cisa/node_modules/fs-extra/lib/move-sync/move-sync.js:14:28)
at WriteStream.<anonymous> (/root/RedEye-cisa/node_modules/pkg-fetch/lib-es5/utils.js:90:56)
at WriteStream.<anonymous> (node:internal/util:445:5)
at WriteStream.onclose (node:internal/streams/end-of-stream:147:14)
at WriteStream.emit (node:events:513:28) {
errno: -2,
syscall: 'stat',
code: 'ENOENT',
path: '/root/.pkg-cache/v3.4/fetched-v16.16.0-macos-x64.downloading'
}
> NX ERROR: Something went wrong in run-commands - Command failed: pkg dist/applications/server/package.json -t node16-mac -o release/mac/RedEye
Pass --verbose to see the stacktrace.
> NX Running target "server:release" failed
Failed tasks:
- server:release
Hint: run the command with --verbose for more details.
> NX ERROR: Something went wrong in run-commands - Command failed: yarn nx release server --platform mac
Pass --verbose to see the stacktrace.
—————————————————————————————————————————————————————————————————————————————————————————————————————————
> NX Ran target release-all for 2 projects and 5 task(s) they depend on (12s)
✔ 5/7 succeeded [5 read from cache]
✖ 2/7 targets failed, including the following:
- nx run parser:release-all
- nx run server:release-all
Nx Cloud made it possible to reuse 5 tasks: https://nx.app/runs/mXmOCfDmj8
run yarn run start:server
root:~/RedEye# yarn run start:server
> nx run server:serve
Compiling with SWC for models...
Successfully compiled: 27 files with swc (134.79ms)
Compiling with SWC for parser...
Successfully compiled: 41 files with swc (92.14ms)
> NX inotify_add_watch on '/root/RedEye-cisa/node_modules/@faker-js/faker/dist/types/locales/hy/color' failed: No space left on device
Pass --verbose to see the stacktrace.
—————————————————————————————————————————————————————————————————————————————————————————————————————————
> NX Running target "server:serve" failed
Failed tasks:
- server:serve
Hint: run the command with --verbose for more details.
See Nx Cloud run details at https://nx.app/runs/Ck14JFu42J
Is your feature request related to a problem? Please describe.
When I first used RedEye, I attempted to navigate the time slider by clicking into the upper 'canvas' area with the activity bar graph as (poorly) circled here.
Since this UI doesn't do anything else, it might be a nice improvement to jump the timeline to the area clicked.
Tt might just be, but that was the first thing I tried to do when I inspected the timeline, and it did not work as expected.
Describe the solution you'd like
Clicking in the area above the draggable dot jumps the dot to the horizontal spot you clicked on.
Describe alternatives you've considered
I guess the current implementation is the most obvious alternative.
Scrubbing credentials from command tasks (and potential output) is burdensome. I'd like to be able to define a regex pattern to replace with a value. For example, when running SharpDPAPI, it's quite common for us to specify /pvk:......
. It would be useful to have that regex to be supplied at export, rather than individual specific values.
An alternative would be able to paste or upload multiple value to be replaced at once. For example, if we have 30 credentials in the command line, rather than having to add a new find & replace row for each credential, we'd paste/upload all of them at once.
Thanks!
Is your feature request related to a problem? Please describe.
No way to include any list of artifacts for each host.
Describe the solution you'd like
Either the ability to add comments directly to hosts (would be good for notating certain things about hosts in general. i.e. DC, FileServer, etc.) or when selecting a host from the "Hosts" tab, include a new tab for "Artifacts" that allows an operator to copy/paste them in.
Describe alternatives you've considered
Selecting the first command entered on a host and adding a comment for it, then including all the hosts artifacts.
Is your feature request related to a problem? Please describe.
We are planning on using RedEye as a visualization tool during our red team assessments. As of now, it seems like RedEye is unable to add data to a campaign once it has been parsed initially.
Describe the solution you'd like
A solution to allow upload of additional/updated log files would allow RedEye to be used as a live-view of a running campaign.
Describe alternatives you've considered
I attempted to create a wrapper script that parses new log files and uploads them to the API with the corresponding campaign ID, but it seems like this is currently not supported. As of now, I don't see an alternative way.
Additional context
None
Currently using:
macos montery
node v18.11.0
rancher desktop 1.6.1 for container build
When I run yarn run release
with mac or linux, I fail with varying errors.
> yarn run release --platform linux
✔ nx run models:build [existing outputs match the cache, left as is]
✔ nx run graph:build [existing outputs match the cache, left as is]
✔ nx run parser:build [existing outputs match the cache, left as is]
✔ nx run client:build:production [existing outputs match the cache, left as is]
✔ nx run server:build [existing outputs match the cache, left as is]
✖ nx run server:release
> [email protected]
/Users/[REDACTED]/.pkg-cache/v3.4/fetched-v16.16.0-macos-x64-signed: No such file or directory
> Error! Cannot generate bytecode
pkg fails to run "codesign" utility. Due to the mandatory signing
requirement of macOS, executables must be signed. Please ensure the
utility is installed and properly configured.
Same issue when building --platform mac
It's worth noting that I do have codesign in my PATH
Docker gets farther, and appears to build my version, but fails when running it.
>docker compose build
...
...
=> ERROR [redeye-core:latest redeye-linux-builder 5/5] RUN yarn run release --platform=linux 39.6s
------
> [redeye-core:latest redeye-linux-builder 5/5] RUN yarn run release --platform=linux:
#0 4.290
#0 4.292 > NX Running target release for 2 project(s) and 5 task(s) they depend on:
#0 4.292
#0 4.292 - parser
#0 4.292 - server
#0 4.292
#0 4.292 With additional flags:
#0 4.292 --platform=linux
#0 4.292
#0 4.293
#0 4.983
#0 4.984 > nx run models:build [remote cache]
#0 4.984
#0 4.984 Compiling with SWC for models...
#0 4.984 Successfully compiled: 27 files with swc (67.66ms)
#0 5.008
#0 5.008 > nx run graph:build [remote cache]
#0 5.008
#0 5.008 vite v3.1.3 building for production...
#0 5.008 transforming...
#0 5.008 ✓ 28 modules transformed.
#0 5.008 rendering chunks...
#0 5.008 ../../dist/packages/graph/graph.es.js 69.13 KiB / gzip: 17.36 KiB
#0 5.008 ../../dist/packages/graph/assets/index.7f7ce887.css 973.22 KiB / gzip: 736.92 KiB
#0 5.008 ../../dist/packages/graph/graph.umd.js 57.00 KiB / gzip: 16.07 KiB
#0 5.008 Copying asset files...
#0 5.008 Done copying asset files.
#0 5.008 Bundle complete.
#0 5.409
#0 5.409 > nx run parser:build [remote cache]
#0 5.409
#0 5.409 Compiling with SWC for parser...
#0 5.409 Successfully compiled: 41 files with swc (47.54ms)
#0 5.609
#0 5.609 > nx run client:build:production [remote cache]
#0 5.609
#0 5.609 vite v3.1.3 building for production...
#0 5.609 transforming...
#0 5.609 transforming...
#0 5.609 ✓ 9 modules transformed.
#0 5.609 rendering chunks...
#0 5.609 ✓ 3790 modules transformed.
#0 5.609 rendering chunks...
#0 5.609 ../../dist/applications/client/assets/Logo-Dark.cca6b38e.svg 7.72 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-sans-all-400.205b5e5a.woff2 51.82 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-sans-all-400-italic.f8bbd0e3.woff2 56.15 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-sans-all-500.1212e7ab.woff2 55.14 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-sans-all-500-italic.c62c7ee9.woff2 59.40 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-sans-all-600.d8b4efc9.woff2 55.66 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-sans-all-600-italic.3778adf3.woff2 58.68 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-sans-all-700.36fc9410.woff2 51.78 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-sans-all-700-italic.ac0eed09.woff2 55.39 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-mono-all-400.0581085d.woff2 32.63 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-mono-all-400-italic.738db8c6.woff2 36.53 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-mono-all-500.10aef5a3.woff2 33.51 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-mono-all-500-italic.91e97a3c.woff2 37.52 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-mono-all-600.01f3197a.woff2 34.47 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-mono-all-600-italic.36e707a0.woff2 38.11 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-mono-all-700.25a2510f.woff2 33.80 KiB
#0 5.609 ../../dist/applications/client/assets/ibm-plex-mono-all-700-italic.88c19110.woff2 36.98 KiB
#0 5.609 ../../dist/applications/client/assets/file-worker.348138a2.js 1.90 KiB
#0 5.609 ../../dist/applications/client/index.html 0.87 KiB
#0 5.609 ../../dist/applications/client/assets/index.cbda0dd0.css 303.86 KiB / gzip: 35.74 KiB
#0 5.609 ../../dist/applications/client/assets/vendor.00901628.js 306.09 KiB / gzip: 96.90 KiB
#0 5.609 ../../dist/applications/client/assets/index.05ec905a.js 3691.92 KiB / gzip: 797.72 KiB
#0 5.609 Bundle complete.
#0 6.194
#0 6.195 > nx run server:build [remote cache]
#0 6.196
#0 6.196 Compiling with SWC for server...
#0 6.196 Successfully compiled: 56 files with swc (66.29ms)
#0 14.02
#0 14.02 > nx run server:release --platform=linux
#0 14.02
#0 14.02 > [email protected]
#0 14.02 > Fetching base Node.js binaries to PKG_CACHE_PATH
#0 14.02
#0 14.02
#0 14.02 node:internal/fs/utils:347
#0 14.02 throw err;
#0 14.02 ^
#0 14.02
#0 14.02 Error: ENOENT: no such file or directory, stat '/root/.pkg-cache/v3.4/fetched-v16.16.0-linux-x64.downloading'
#0 14.02 at Object.statSync (node:fs:1583:3)
#0 14.02 at Object.statSync (/app/node_modules/graceful-fs/polyfills.js:318:34)
#0 14.02 at statSync (/app/node_modules/fs-extra/lib/util/stat.js:10:52)
#0 14.02 at getStatsSync (/app/node_modules/fs-extra/lib/util/stat.js:24:19)
#0 14.02 at Object.checkPathsSync (/app/node_modules/fs-extra/lib/util/stat.js:49:33)
#0 14.02 at Object.moveSync (/app/node_modules/fs-extra/lib/move-sync/move-sync.js:14:28)
#0 14.02 at WriteStream.<anonymous> (/app/node_modules/pkg-fetch/lib-es5/utils.js:90:56)
#0 14.02 at WriteStream.<anonymous> (node:internal/util:453:5)
#0 14.02 at WriteStream.onclose (node:internal/streams/end-of-stream:147:14)
#0 14.02 at WriteStream.emit (node:events:513:28) {
#0 14.02 errno: -2,
#0 14.02 syscall: 'stat',
#0 14.02 code: 'ENOENT',
#0 14.02 path: '/root/.pkg-cache/v3.4/fetched-v16.16.0-linux-x64.downloading'
#0 14.02 }
#0 14.02
#0 14.02 > NX ERROR: Something went wrong in run-commands - Command failed: pkg dist/applications/server/package.json -t node16-linux -o release/linux/RedEye
#0 14.02
#0 14.02 Pass --verbose to see the stacktrace.
#0 14.02
#0 39.23
#0 39.23 > nx run parser:release --platform=linux
#0 39.23
#0 39.24 > [email protected]
#0 39.24 > Fetching base Node.js binaries to PKG_CACHE_PATH
#0 39.24
#0 39.24
#0 39.24 > Warning Failed to make bytecode node16-x64 for file /snapshot/app/node_modules/supports-color/index.js
#0 39.24
#0 39.24
#0 39.24
#0 39.24 > NX Running target "release" failed
#0 39.25
#0 39.25 Failed tasks:
#0 39.25
#0 39.25 - server:release
#0 39.25
#0 39.41 Nx Cloud made it possible to reuse 5 tasks: https://nx.app/runs/CjpHlyxcIr
#0 39.41
------
failed to solve: executor failed running [/bin/sh -c yarn run release --platform=linux]: exit code: 1
I think my current plan is try to build the mac binaries in the a container build step and copy them out.
Describe the bug
Receiving an error when trying to run on Windows
No config file found, using defaults
No parsers specified in config, only .redeye files can be uploaded
Error: C:\Users\user\AppData\Local\Temp\pkg\6090aceae56dd7014cf4fb03930bc2a1031f87eb0a8f1f8ce4b2d9e7f1524366\better-sqlite3\build\Release\better_sqlite3.node is not a valid Win32 application.
C:\Users\user\AppData\Local\Temp\pkg\6090aceae56dd7014cf4fb03930bc2a1031f87eb0a8f1f8ce4b2d9e7f1524366\better-sqlite3\build\Release\better_sqlite3.node
at process.dlopen (pkg/prelude/bootstrap.js:2251:28)
at Object.Module._extensions..node (node:internal/modules/cjs/loader:1189:18)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Module.require (node:internal/modules/cjs/loader:1005:19)
at Module.require (pkg/prelude/bootstrap.js:1851:31)
at require (node:internal/modules/cjs/helpers:102:18)
at bindings (C:\snapshot\RedEye\node_modules\bindings\bindings.js:112:48)
at new Database (C:\snapshot\RedEye\node_modules\better-sqlite3\lib\database.js:48:64)
at Client_BetterSQLite3.acquireRawConnection (C:\snapshot\RedEye\node_modules\knex\lib\dialects\better-sqlite3\index.js:12:12) {
code: 'ERR_DLOPEN_FAILED'
}
Cleaning up... {
type: 'error.platform.SERVER_MACHINE.loadDatabase:invocation[0]',
data: undefined,
toString: [Function (anonymous)]
}
Receiving an error when trying to run on Ubuntu 22.04.2 Linux
$ ./RedEye -r -p password
No config file found, using defaults
No parsers specified in config, only .redeye files can be uploaded
Error: /tmp/pkg/6090aceae56dd7014cf4fb03930bc2a1031f87eb0a8f1f8ce4b2d9e7f1524366/better-sqlite3/build/Release/better_sqlite3.node: invalid ELF header
at process.dlopen (pkg/prelude/bootstrap.js:2251:28)
at Object.Module._extensions..node (node:internal/modules/cjs/loader:1189:18)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Module.require (node:internal/modules/cjs/loader:1005:19)
at Module.require (pkg/prelude/bootstrap.js:1851:31)
at require (node:internal/modules/cjs/helpers:102:18)
at bindings (/snapshot/RedEye/node_modules/bindings/bindings.js:112:48)
at new Database (/snapshot/RedEye/node_modules/better-sqlite3/lib/database.js:48:64)
at Client_BetterSQLite3.acquireRawConnection (/snapshot/RedEye/node_modules/knex/lib/dialects/better-sqlite3/index.js:12:12) {
code: 'ERR_DLOPEN_FAILED'
}
Cleaning up... {
type: 'error.platform.SERVER_MACHINE.loadDatabase:invocation[0]',
data: undefined,
toString: [Function (anonymous)]
}
To Reproduce
Steps to reproduce the behavior:
RedEye --redTeam --password REDACTED
Expected behavior
Work
Desktop (please complete the following information):
Would a forensic version be possible? It would allow the use of redEye for the analysis of cobaltstrike cybercriminal C2 servers.
Unlike a RedTeam, Cobaltstrike is used on simultaneous multi-campaigns.
This requires much more resources for the graphical display
On this version, it could have for example :
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.