-
Notifications
You must be signed in to change notification settings - Fork 48
Support
Kraken maintains exhaustive control of the technologies and versions for which the modules and agents are supported.
The retrocompatibility is essential if you (really) care about the correct functioning of the tool. In my opinion, it is a point of differentiation from other tools.
Kraken's client (the component that runs on the attacker's machine) is developed entirely in Python. It requires:
- Python3.8 or higher
- Python libraries from requirements.txt
Note: I recommend using Conda/Miniconda to avoid problems with different versions of Python libraries (if installed) and to isolate the Kraken environment from other tools.
Although not mandatory, there are several components that require Docker to be installed in order to function properly. These components may or may not be used depending on the needs of the operator. The components that require Docker are listed below:
- Compiler: container
- Syntax checking utilities (check_syntax)
- Deployment environments for testing (envs)
Note: It's important to check the scenario in which it will work to avoid unexpected errors or missing dependencies.
The different support versions of the available Kraken executors are listed in the following tables:
| Version | Eval | Create Function | Include | Require |
|---|---|---|---|---|
| PHP 5.4 | ✔️ | ✔️ | ✔️ | ✔️ |
| PHP 5.5 | ✔️ | ✔️ | ✔️ | ✔️ |
| PHP 5.6 | ✔️ | ✔️ | ✔️ | ✔️ |
| PHP 7.0 | ✔️ | ✔️ | ✔️ | ✔️ |
| PHP 7.1 | ✔️ | ✔️ | ✔️ | ✔️ |
| PHP 7.2 | ✔️ | ✔️ | ✔️ | ✔️ |
| PHP 7.3 | ✔️ | ✔️ | ✔️ | ✔️ |
| PHP 7.4 | ✔️ | ✔️ | ✔️ | ✔️ |
| PHP 8.0 | ✔️ | ➖ | ✔️ | ✔️ |
| PHP 8.1 | ✔️ | ➖ | ✔️ | ✔️ |
| PHP 8.2 | ✔️ | ➖ | ✔️ | ✔️ |
| Version | ClassLoader |
|---|---|
| Java 6 | ✔️ |
| Java 7 | ✔️ |
| Java 8 | ✔️ |
| Java 9 | ✔️ |
| Java 10 | ✔️ |
| Java 11 | ✔️ |
| Java 12 | ✔️ |
| Java 13 | ✔️ |
| Java 14 | ✔️ |
| Java 15 | ✔️ |
| Java 16 | ✔️ |
| Java 17 | ✔️ |
| Version | CsharpCodeProvider | Assembly.Load | Emit MSIL |
|---|---|---|---|
| NET Framework 2.0 | ✔️ | ✔️ | ✔️ |
| NET Framework 4.0 | ✔️ | ✔️ | ✔️ |
| NET Framework 4.5 | ✔️ | ✔️ | ✔️ |
| NET Framework 4.6 | ✔️ | ✔️ | ✔️ |
| NET Framework 4.7 | ✔️ | ✔️ | ✔️ |
| NET Framework 4.8 | ✔️ | ✔️ | ✔️ |
On the other hand, support in Kraken modules is not common, because depends on the combination of:
Module + Technology + Operating System
There is a summary table about the release status of Kraken modules:
- ✔️ (done)
- ❌ (not yet)
- ➖ (not applicable in this context)
| Modules | PHP >=5.4 | PHP 7 | PHP 8 | JAVA 6 | JAVA >=7 |
|---|---|---|---|---|---|
| cat | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| cd | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| chmod | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
| cp | ✔️ | ✔️ | ✔️ | ❌ | ✔️ |
| download | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| execute | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| find | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
| grep | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
| id | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| ls | ✔️ | ✔️ | ✔️ | ❌ | ✔️ |
| mkdir | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| mv | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| netstat | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
| ps | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
| pspy | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
| rm | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| sysinfo | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| tcpconnect | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| touch | ✔️ | ✔️ | ✔️ | ❌ | ✔️ |
| upload | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| webinfo | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
| Modules | PHP >=5.4 | PHP 7 | PHP 8 | JAVA 6 | JAVA >=7 | NET 2 | NET 3.5 | NET 4.0 |
|---|---|---|---|---|---|---|---|---|
| amsi_patch | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| cat | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| cd | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| cp | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ |
| download | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| driveinfo | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| dump_iis_secrets | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| dup_token | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| enum_antivirus | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| execute | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| execute_assembly | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| execute_with_token | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| find | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| grep | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| hotfixes | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| id | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| impersonate | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| list_tokens | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| ls | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ |
| mkdir | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| mv | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| netstat | ➖ | ➖ | ➖ | ➖ | ➖ | ❌ | ❌ | ❌ |
| powerpick | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| ps | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| pspy | ➖ | ➖ | ➖ | ➖ | ➖ | ❌ | ❌ | ❌ |
| reg_dump_trans | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| rm | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| sc | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| set_token | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| show_integrity | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
| sysinfo | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| tcpconnect | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| touch | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ |
| upload | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| whoami | ➖ | ➖ | ➖ | ➖ | ➖ | ✔️ | ✔️ | ✔️ |
In order to check each version of each module, a utility called check_syntax has been developed. This tool automates the compilation and execution of each module for all supported versions of each technology (in some cases this orchestration is done through the deployment of Docker containers).
On the other hand, a more thorough usability check has been performed using Kraken's test environments. It is possible that, in some particular environment, some module does not work as expected, in that case, please open an issue to fix it!