Add support to track module stealth in metadata #183
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allows adding:
to the modules metadata to document how noisy the module is.
Valid values:
passive: No traffic is sent directly to the target. This includes http requests, but also dns traffic and syn packets. Running a passive module should be undetectable by the target. I'm not sure if social media modules (-- Source: accounts) should be considered passive.offline: The network is not used at all. Definitely undetectable by the target. A module like this would probably request, process and update data that was added by other modules.loud: The module is very aggressive and likely to cause alerts. This may involve bruteforcing directories with http requests or subdomains, or anything that may cause emails to be sent (for example password resets).normal: The default if nothing is specified. You'd only use this for something likepkg list --stealth normal.This still needs proper documentation for readthedocs.
It should also be possible to do:
which would prevent running any modules that aren't
offlineorpassive. A user would need to overwrite this withrun --stealth normal.Related to #170.