Open antoinemzs opened 5 days ago
jborozco
commented
3 days ago Hi @antoinemzs you can already duplicate a payload isn't it enough ? do you have a use case where someone asked to share payloads ? It could be interesting I think but the priority might depend on the use case
antoinemzs
commented
3 days ago Let's say I have a complex payload on my own OBAS instance (e.g. multiple prerequisites, multiple arguments, complex command and cleanup), and I want to have it available on a second, separate instance: I don't see an easy way of doing it other than copy/pasting the data manually between the instances, or craft an ad hoc API parser and client (requiring simultaneous access to both instances, impractical in lots of cases e.g. instances behind NAT).
The immediate use case is born of a small pain of trying to share payload definitions amongst developers to reproduce (non-)detection edge cases on various OBAS instances and assets; second, to be able to install locally crafted payloads onto the testing OBAS instance.
Use case
As an OpenBAS community member, I want to be able to easily share and receive payloads among the community, so that I can prop up my payload library with new attack forms as they are discovered or benefit the community.
Current Workaround
Payloads must be entered manually using the webform, or via the API.
Proposed Solution
A web-based feature that allows exporting select payloads in a structured file format, and a sibling web-based feature for importing them into the OpenBAS instance's database.
If the feature request is approved, would you be willing to submit a PR?
Yes 🤓