Merged p2p branch into dev

.github/workflows/go.yml

@@ -0,0 +1,63 @@
+# This workflow will build a golang project
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
+
+name: "Merlin Server Build & Test"
+
+on:
+  push:
+  pull_request:
+
+jobs:
+
+  build:
+    name: 'Build Job'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        id: checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21'
+
+      - name: 'Build Merlin Server'
+        id: build
+        run: 'make distro'
+
+      - name: 'Test Merlin Server'
+        id: test
+        run: 'go test ./...'
+
+      - name: GoVulnCheck
+        id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-input: '1.21'
+          go-package: './...'
+
+      - name: Gosec Security Scanner
+        id: gosec
+        uses: securego/gosec@master
+        with:
+          args: '-fmt sarif -out gosec.sarif ./...'
+
+      - name: Upload Gosec SARIF file
+        id: gosec_upload_sarif
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: gosec.sarif
+
+      - name: Go Report Card - Install
+        id: goreportcard_install
+        working-directory: /tmp
+        run: |
+          git clone https://github.com/gojp/goreportcard.git
+          cd goreportcard
+          make install
+          go install ./cmd/goreportcard-cli
+
+      - name: Go Report Card - Run
+        id: goreportcard_run
+        run: 'goreportcard-cli -v' # This renames the files in the ./rpc directory to *.grc.bak causing builds to fail

.github/workflows/qodana.yml

@@ -0,0 +1,24 @@
+name: Qodana
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+
+
+jobs:
+  qodana:
+    name: 'Qodana Job'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      checks: write
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}  # to check out the actual pull request commit, not the merge commit
+          fetch-depth: 0  # a full history is required for pull request analysis
+      - name: 'Qodana Scan'
+        uses: JetBrains/[email protected]
+        env:
+          QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,105 @@
+name: "Merlin Server Release"
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+defaults:
+  run:
+    working-directory: ~/
+
+jobs:
+  release:
+    name: 'Release Job'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Merlin
+        id: checkout_merlin
+        uses: actions/checkout@v4
+
+      - name: Checkout Merlin-Agent
+        id: checkout_merlin_agent
+        uses: actions/checkout@v4
+        with:
+          repository: 'Ne0nd0g/merlin-agent'
+          path: 'merlin-agent'
+
+      - name: Checkout Merlin-Agent-DLL
+        id: checkout_merlin_agent_dll
+        uses: actions/checkout@v4
+        with:
+          repository: 'Ne0nd0g/merlin-agent-dll'
+          path: 'merlin-agent-dll'
+
+      - name: Checkout Merlin CLI
+        id: checkout_merlin_cli
+        uses: actions/checkout@v4
+        with:
+          repository: 'Ne0nd0g/merlin-cli'
+          path: 'merlin-cli'
+
+      - name: Set up Go
+        id: setup_go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21'
+
+        # Need 7zip installed to package up the release
+      - name: Install 7zip
+        id: install_7zip
+        run: apt-get install p7zip-full
+
+        # Need MingGW installed to build the Agent DLL
+      - name: Install MingGW
+        id: install_mingw
+        run: apt-get install -y -q mingw-w64
+
+      - name: Build Merlin Agents
+        id: build_agents
+        working-directory: merlin-agent
+        run: |
+          pwd
+          make distro
+
+      - name: Build Merlin Agent DLL
+        id: build_agent_dll
+        working-directory: merlin-agent-dll
+        run: make default
+
+      - name: Move Agents
+        id: move_agents
+        run: |
+          mkdir -p data/bin
+          cp ~/merlin-agent/merlinAgent-* ~/merlin/data/bin
+          cp ~/merlin-agent-dll/merlinAgent.dll ~/merlin/data/bin
+
+      - name: Build Merlin CLI
+        id: build_cli
+        working-directory: merlin-cli
+        run: make all
+
+      - name: Build Merlin Server
+        id: build_server
+        working-directory: merlin
+        run: make distro
+
+      - name: Package Release
+        id: package_release
+        working-directory: merlin
+        run: |
+          F="README.MD LICENSE data/modules docs data/README.MD data/agents/README.MD data/log/README.MD data/x509 data/src data/bin"
+          7za a -pmerlin -mhe -mx=9 merlinServer-Linux-x64.7z $F merlinCLI-Linux-x64 merlinServer-Linux-x64
+
+      - name: Create Draft Release
+        id: create_draft_release
+        uses: ncipollo/release-action@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag: ${{ github.ref_name }}
+          name: ${{ github.ref_name }}
+          draft: true
+          prerelease: false
+          artifactErrorsFailBuild: true
+          artifacts: '*.7z'

Makefile

@@ -7,7 +7,7 @@ DIR=data/temp/v${VERSION}/${BUILD}
 $(shell mkdir -p ${DIR})
 
 # Go build flags
-LDFLAGS=-ldflags '-X main.build=${BUILD} -buildid='
+LDFLAGS=-ldflags '-X github.com/Ne0nd0g/merlin/pkg.Build=${BUILD} -buildid='
 
 # Misc
 # GOGARBLE contains a list of all the packages to obfuscate
@@ -21,30 +21,32 @@ default:
 
 # Compile Server - Windows x64
 windows:
-	export GOOS=windows;export GOARCH=amd64;go build ${LDFLAGS} -o ${DIR}/merlinServer-Windows-x64.exe main.go
+	export GOOS=windows && export GOARCH=amd64 && go build ${LDFLAGS} -o ${DIR}/merlinServer-Windows-x64.exe main.go
 
 # The SEED must be the exact same that was used when compiling the agent
 # Garble version 0.5.2 or later must be installed and accessible in the PATH environment variable
 windows-garble:
-	export GOGARBLE=${GOGARBLE};export GOOS=windows GOARCH=amd64;garble -tiny -literals -seed ${SEED} build ${LDFLAGS} -o ${DIR}/merlinServer-Windows-x64.exe main.go
+	export GOGARBLE=${GOGARBLE} && export GOOS=windows GOARCH=amd64 &&garble -tiny -literals -seed ${SEED} build ${LDFLAGS} -o ${DIR}/merlinServer-Windows-x64.exe main.go
 
 # Compile Server - Linux x64
 linux:
-	export GOOS=linux;export GOARCH=amd64;go build ${LDFLAGS} -o ${DIR}/merlinServer-Linux-x64 main.go
+	export GOOS=linux && export GOARCH=amd64 && go build ${LDFLAGS} -o ${DIR}/merlinServer-Linux-x64 main.go
 
 # The SEED must be the exact same that was used when compiling the agent
 # Garble version 0.5.2 or later must be installed and accessible in the PATH environment variable
 linux-garble:
-	export GOGARBLE=${GOGARBLE};export GOOS=linux GOARCH=amd64;garble -tiny -literals -seed ${SEED} build ${LDFLAGS} -o ${DIR}/merlinServer-Linux-x64 main.go
+	export GOGARBLE=${GOGARBLE} && export GOOS=linux GOARCH=amd64 && garble -tiny -literals -seed ${SEED} build ${LDFLAGS} -o ${DIR}/merlinServer-Linux-x64 main.go
 
 # Compile Server - Darwin x64
 darwin:
-	export GOOS=darwin;export GOARCH=amd64;go build ${LDFLAGS} -o ${DIR}/merlinServer-Darwin-x64 main.go
+	export GOOS=darwin && export GOARCH=amd64 && go build ${LDFLAGS} -o ${DIR}/merlinServer-Darwin-x64 main.go
 
 # The SEED must be the exact same that was used when compiling the agent
 # Garble version 0.5.2 or later must be installed and accessible in the PATH environment variable
 darwin-garble:
-	export GOGARBLE=${GOGARBLE};export GOOS=darwin GOARCH=amd64;garble -tiny -literals -seed ${SEED} build ${LDFLAGS} -o ${DIR}/merlinServer-Darwin-x64.exe main.go
+	export GOGARBLE=${GOGARBLE} && export GOOS=darwin GOARCH=amd64 && garble -tiny -literals -seed ${SEED} build ${LDFLAGS} -o ${DIR}/merlinServer-Darwin-x64.exe main.go
+
+distro: windows linux darwin
 
 clean:
 	rm -rf ${DIR}*

data/modules/linux/x64/bash/credentials/SwapDigger.json

@@ -9,7 +9,7 @@
     "lang": "bash",
     "type": "standard",
     "privilege": true,
-    "notes": "http://blog.sevagas.com/?Digging-passwords-in-Linux-swap",
+    "notes": "https://blog.sevagas.com/?Digging-passwords-in-Linux-swap",
     "remote": "https://raw.githubusercontent.com/sevagas/swap_digger/master/swap_digger.sh",
     "local": ["data", "src", "sevagas", "swap_digger", "swap_digger.sh"],
     "options": [

docs/CHANGELOG.MD

@@ -4,20 +4,61 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-# 1.5.1 - 2023-03-08
+## 2.0.0 - 2023-11-02
+
+### Added
+
+- New TCP listener
+  - Used to configure how the listener process Agent traffic or to generate Agents
+  - TCP listener DOES NOT bind to interfaces/ports on the Merlin server, used for Agent configuration/generation ONLY
+- Delegate message type and functions for processing them
+- Configurable listener authentication methods for Agent communications: OPAQUE & none
+- Configurable listener transforms for Agent communications: gob-base, base64, hex, aes, jwe, rc4, and xor
+- `link` command for the Agent to initiate a peer-to-peer connection with a listening bind agent
+  - Example: `link tcp 192.168.1.72:4444`
+- `listener` command for the Agent to start a listener to receive a connection from a reverse peer-to-peer connection
+  - `list` to return a list of instantiated on the Agent (e.g., `listener list`)
+  - `start` to start a listener based on the passed in type and interface
+    - Example: `listener start tcp 0.0.0.0:4444`
+  - `stop` to stop an already created listener
+    - Example: `listener stop tcp [::]:4444`
+- Help is available for all commands using `-h` after the command
+
+### Changed
+
+- Refactored _some_ areas to align with DDD and SOLID to alleviate circular dependencies implementing peer-to-peer comms
+  - Implemented base "entity" structures and "aggregates"
+  - Implemented the "Repository" pattern for Agents, Delegates, Groups, Listeners, Servers
+  - Implemented the "Services" patter for interacting with Agents, Listeners, & Base messages
+- Configurable JWT key value for HTTP listeners
+- Removed util package and relocated function to appropriate packages
+- Upgraded [quic-go](https://github.com/quic-go/quic-go) to v0.34.0
+- The Minimum supported Go version is now 1.19
+- Added support for Go version 1.20
+- Refactored the `pkg/cli` package to be more modular
+- Listeners are now handled by a UUID and no longer by a name as a string
+- Changed CLI commands:
+- Replaced `use module <module name>` with `modules` command to switch to the modules menu
+- Removed the `agents` command from the main menu. Use `sessions` instead
+- Replaces `set verbose` & `set debug` (to enable verbose & debug output) with `verbose` & `debug` switch commands
+- Moved the `build` string out of `main.go` and into `pkg/merlin.go`
+- Removed PWNBoard from `main.go`
+- Removed wiki documentation from `docs` to a new repository at https://github.com/Ne0nd0g/merlin-documentation
+
+## 1.5.1 - 2023-03-08
 
 ### Added
 
 - Documentation for proxying Agent DLL provided by @HuskyHacks in [PR 136](https://github.com/Ne0nd0g/merlin/pull/136)
 
-## Security
+### Security
 
 - [PR 137](https://github.com/Ne0nd0g/merlin/pull/137) - Bump golang.org/x/text from 0.3.7 to 0.3.8 by dependabot
 - [PR 138](https://github.com/Ne0nd0g/merlin/pull/138) - Bump golang.org/x/net from 0.0.0-20220708220712-1185a9018129 to 0.7.0 by dependabot
 - [PR 139](https://github.com/Ne0nd0g/merlin/pull/139) - Bump golang.org/x/crypto from 0.0.0-20200709230013-948cd5f35899 to 0.1.0 by dependabot
 - [PR 140](https://github.com/Ne0nd0g/merlin/pull/140) - Bump golang.org/x/net from 0.1.0 to 0.7.0 by dependabot
 
-# 1.5.0 - 2022-07-20
+## 1.5.0 - 2022-07-20
 
 ### Added
 
@@ -32,26 +73,26 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Reduced the default PBES2 count for payload JWE encryption from 500,000 to 3,000
   - https://datatracker.ietf.org/doc/html/rfc7518#section-4.8.1.2
 
-# 1.4.3 - 2022-07-09
+## 1.4.3 - 2022-07-09
 
 ### Fixed
 
 - [Issue 129](https://github.com/Ne0nd0g/merlin/issues/129) - Added references to Docker image source
 
-# 1.4.2 - 2022-04-14
+## 1.4.2 - 2022-04-14
 
 ### Added
 
 - Server shows error when BOTH the agent and the server were not obfuscated with the SAME seed
   - [merlin-agent/15](https://github.com/Ne0nd0g/merlin-agent/issues/15)
 
-# 1.4.1 - 2022-04-12
+## 1.4.1 - 2022-04-12
 
 ### Fixed
 
 - [Issue 126](https://github.com/Ne0nd0g/merlin/issues/126) - Upgraded [quic-go](https://github.com/lucas-clemente/quic-go/) to v0.27.0 for Go 1.18 support
 
-# 1.4.0 - 2022-04-02
+## 1.4.0 - 2022-04-02
 
 ### Added
 
@@ -60,7 +101,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   - The `write` command will just write the specified bytes without reading them first
   - The `patch` command will find a specified function, read the existing bytes, and then overwrite it with the provided bytes
 
-# 1.3.1 - 2022-03-22
+## 1.3.1 - 2022-03-22
 
 ### Added