BishopFox · rkervella · Mar 30, 2023 · Mar 30, 2023
@@ -1324,6 +1324,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("a", "arch", "amd64", "cpu architecture")
 			f.String("N", "name", "", "agent name")
 			f.Bool("d", "debug", false, "enable debug features")
+			f.String("O", "debug-file", "", "path to debug output")
 			f.Bool("e", "evasion", false, "enable evasion features (e.g. overwrite user space hooks)")
 			f.Bool("l", "skip-symbols", false, "skip symbol obfuscation")
 			f.String("I", "template", "sliver", "implant code template")
@@ -1385,6 +1386,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("a", "arch", "amd64", "cpu architecture")
 			f.String("N", "name", "", "agent name")
 			f.Bool("d", "debug", false, "enable debug features")
+			f.String("O", "debug-file", "", "path to debug output")
 			f.Bool("e", "evasion", false, "enable evasion features  (e.g. overwrite user space hooks)")
 			f.Bool("l", "skip-symbols", false, "skip symbol obfuscation")
 			f.String("I", "template", "sliver", "implant code template")
@@ -1541,6 +1543,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("a", "arch", "amd64", "cpu architecture")
 
 			f.Bool("d", "debug", false, "enable debug features")
+			f.String("O", "debug-file", "", "path to debug output")
 			f.Bool("e", "evasion", false, "enable evasion features")
 			f.Bool("l", "skip-symbols", false, "skip symbol obfuscation")
 			f.Bool("G", "disable-sgn", false, "disable shikata ga nai shellcode encoder")
@@ -1609,6 +1612,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("a", "arch", "amd64", "cpu architecture")
 
 			f.Bool("d", "debug", false, "enable debug features")
+			f.String("O", "debug-file", "", "path to debug output")
 			f.Bool("e", "evasion", false, "enable evasion features")
 			f.Bool("l", "skip-symbols", false, "skip symbol obfuscation")
 

@@ -272,6 +272,7 @@ func parseCompileFlags(ctx *grumble.Context, con *console.SliverConsoleClient) *
 	limitDatetime := ctx.Flags.String("limit-datetime")
 	limitFileExists := ctx.Flags.String("limit-fileexists")
 	limitLocale := ctx.Flags.String("limit-locale")
+	debugFile := ctx.Flags.String("debug-file")
 
 	isSharedLib := false
 	isService := false
@@ -369,6 +370,8 @@ func parseCompileFlags(ctx *grumble.Context, con *console.SliverConsoleClient) *
 		IsShellcode: isShellcode,
 
 		RunAtLoad: runAtLoad,
+
+		DebugFile: debugFile,
 	}
 
 	return config

@@ -162,6 +162,14 @@ func main() {
 
 	// {{if .Config.Debug}}
 	log.SetFlags(log.LstdFlags | log.Lshortfile)
+	debugFilePath := "{{ .Config.DebugFile }}"
+	if debugFilePath != "" {
+		// Open the log file for writing
+		file, err := os.OpenFile(debugFilePath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
+		if err == nil {
+			log.SetOutput(file)
+		}
+	}
 	// {{else}}
 	log.SetFlags(0)
 	log.SetOutput(ioutil.Discard)

@@ -171,6 +171,7 @@ message ImplantConfig {
   bool IsShellcode = 104;
 
   bool RunAtLoad = 105;
+  string DebugFile = 106;
 }
 
 message ExternalImplantConfig {

@@ -87,6 +87,7 @@ type ImplantConfig struct {
 	MtlsKey    string
 
 	Debug               bool
+	DebugFile           string
 	Evasion             bool
 	ObfuscateSymbols    bool
 	ReconnectInterval   int64
@@ -159,6 +160,7 @@ func (ic *ImplantConfig) ToProtobuf() *clientpb.ImplantConfig {
 		MtlsKey:    ic.MtlsKey,
 
 		Debug:            ic.Debug,
+		DebugFile:        ic.DebugFile,
 		Evasion:          ic.Evasion,
 		ObfuscateSymbols: ic.ObfuscateSymbols,
 		TemplateName:     ic.TemplateName,

@@ -148,6 +148,7 @@ func ImplantConfigFromProtobuf(pbConfig *clientpb.ImplantConfig) (string, *model
 	cfg.MtlsCert = pbConfig.MtlsCert
 	cfg.MtlsKey = pbConfig.MtlsKey
 	cfg.Debug = pbConfig.Debug
+	cfg.DebugFile = pbConfig.DebugFile
 	cfg.Evasion = pbConfig.Evasion
 	cfg.ObfuscateSymbols = pbConfig.ObfuscateSymbols
 	cfg.TemplateName = pbConfig.TemplateName