I occasionally run into a payload fetches dropbear and runs it on a specific, random, port. It would be cool if the javascript would parse out the port and start an SSH honeypot for that specific port. Or maybe you want to run a payload in a sandbox.
Scripts should be able to indicate whether they want to wait for the program to end. Scripts also should be able to get the output of the commands (maybe only if they wait for completion).
All commands needs to be logged in the database with the request ID, content ID, command details and the output. Lophiid needs to track commands while they run and allow a timeout per command (e.g. in the SSH honeypot example, it would be ok to run it for 10 mins). Per command it might make sense to also indicate certain files (e.g. log files) that need to be collected and archived after the command ran.
I occasionally run into a payload fetches dropbear and runs it on a specific, random, port. It would be cool if the javascript would parse out the port and start an SSH honeypot for that specific port. Or maybe you want to run a payload in a sandbox.
Scripts should be able to indicate whether they want to wait for the program to end. Scripts also should be able to get the output of the commands (maybe only if they wait for completion).
All commands needs to be logged in the database with the request ID, content ID, command details and the output. Lophiid needs to track commands while they run and allow a timeout per command (e.g. in the SSH honeypot example, it would be ok to run it for 10 mins). Per command it might make sense to also indicate certain files (e.g. log files) that need to be collected and archived after the command ran.
Other input for this change very welcome!