-
Notifications
You must be signed in to change notification settings - Fork 44
/
main.sh
265 lines (256 loc) · 4.53 KB
/
main.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
# Only source modules dynamically if the script is executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
MODULES_DIR="$(dirname "${BASH_SOURCE[0]}")/modules"
for module in "$MODULES_DIR"/*.sh; do
if [[ -f $module ]]; then
source "$module"
fi
done
fi
main() {
local QUIET=0
if [[ $# -eq 0 ]]; then
if [[ $QUIET -ne 1 ]]; then
print_banner
fi
if check_root; then
usage_root
else
usage_user
fi
exit 0
fi
# Parse command line arguments
while [[ "$1" != "" ]]; do
case $1 in
-q | --quiet )
QUIET=1
;;
-h | --help )
if check_root; then
usage_root
else
usage_user
fi
exit
;;
--mitre-matrix )
display_mitre_matrix
exit
;;
--at )
shift
setup_at "$@"
exit
;;
--authorized-keys )
shift
setup_authorized_keys "$@"
exit
;;
--backdoor-user )
shift
setup_backdoor_user "$@"
exit
;;
--bind-shell )
shift
setup_bind_shell "$@"
exit
;;
--cap )
shift
setup_cap_backdoor "$@"
exit
;;
--create-user )
shift
setup_create_new_user "$@"
exit
;;
--cron )
shift
setup_cron "$@"
exit
;;
--generator )
shift
setup_generator_persistence "$@"
exit
;;
--git )
shift
setup_git_persistence "$@"
exit
;;
--initd )
shift
setup_initd_backdoor "$@"
exit
;;
--ld-preload )
shift
setup_ld_preload_backdoor "$@"
exit
;;
--lkm )
shift
setup_lkm_backdoor "$@"
exit
;;
--malicious-container )
shift
setup_malicious_docker_container "$@"
exit
;;
--malicious-package )
shift
setup_malicious_package "$@"
exit
;;
--motd )
shift
setup_motd_backdoor "$@"
exit
;;
--package-manager )
shift
setup_package_manager_persistence "$@"
exit
;;
--pam )
shift
setup_pam_persistence "$@"
exit
;;
--passwd-user )
shift
setup_passwd_user "$@"
exit
;;
--password-change )
shift
setup_password_change "$@"
exit
;;
--rc-local )
shift
setup_rc_local_backdoor "$@"
exit
;;
--reverse-shell )
shift
setup_reverse_shell "$@"
exit
;;
--rootkit )
shift
setup_rootkit "$@"
exit
;;
--shell-profile )
shift
setup_shell_profile "$@"
exit
;;
--ssh-key )
shift
setup_ssh_key "$@"
exit
;;
--sudoers )
shift
setup_sudoers_backdoor "$@"
exit
;;
--suid )
shift
setup_suid_backdoor "$@"
exit
;;
--system-binary )
shift
setup_system_binary_backdoor "$@"
exit
;;
--systemd )
shift
setup_systemd "$@"
exit
;;
--udev )
shift
setup_udev "$@"
exit
;;
--web-shell )
shift
setup_web_shell "$@"
exit
;;
--xdg )
shift
setup_xdg "$@"
exit
;;
--revert )
shift
if [[ -z $1 ]]; then
echo "Error: Missing module name. Use '--revert all' to revert all modules or specify a module name."
echo ""
echo "Example 1: ./panix.sh --revert malicious-package"
echo "Example 2: ./panix.sh --revert all"
echo "Example 3: ./panix.sh --revert-all"
echo ""
echo "Modules: all, at, authorized-keys, backdoor-user, bind-shell, cap, create-user, cron, malicious-container, generator, git, initd, ld-preload, lkm, malicious-package, motd, package-manager, pam, passwd-user, password-change, rc-local, rootkit, shell-profile, ssh-key, sudoers, suid, system-binary, systemd, udev, xdg"
echo ""
exit 1
fi
# Check if "all" is specified
if [[ "$1" == "all" ]]; then
echo "[+] Running full reversion with --revert-all..."
revert_all
exit
fi
# Replace hyphens with underscores for function names
MODULE_NAME="revert_${1//-/_}"
if type "$MODULE_NAME" &>/dev/null; then
echo ""
echo "######################### [+] Reverting $1 module... #########################"
echo ""
$MODULE_NAME # Execute the function
else
echo ""
echo "Error: Revert function for module '$1' not found."
echo ""
exit 1
fi
exit
;;
--revert-all )
revert_all
exit
;;
* )
echo "Invalid option: $1"
if check_root; then
usage_root
else
usage_user
fi
exit 1
esac
shift
done
# Print banner unless in quiet mode
if [[ $QUIET -ne 1 ]]; then
print_banner
fi
# Show the usage menu if no specific command is given
if check_root; then
usage_root
else
usage_user
fi
}
main "$@"