Update RedGuard Version 22.7.22

CHANGELOG

@@ -1,31 +1,35 @@
-## [22.7.21.1632] - 2022-7-21
-### Added
-- Limit the maximum number of log backup files that can be generated
-
-## [22.7.14.1043] - 2022-7-14
-### Added
-- Resolve the problem that the custom certificate is overwritten
-
-## [22.7.12.1111] - 2022-7-12
-### Added
-- Profile Header authentication ignores case
-- Disable the default JARM fingerprint randomization parameter
-- Change the long version name!!
-- Forward the packet XFF header so that C2 gets the real IP address
-- Custom configuration file path
-- Added validity verification for parameter IP input
-
-## [22.6.28.1712] - 2022-6-28
-### Added
-- JA3 fingerprint Identify sandbox
-- Code has been optimized
-- Solved the problem that communication cannot be performed normally
-due to the incompatibility of TLS jarm fingerprint randomize with custom certificates
-
-## [22.5.26.1716] - 2022-5-26
-### Added
-- TLS jarm fingerprint randomize
-
-## [22.5.20.1220] - 2022-5-20
-### Added
-- Initialize project
+## [22.7.22.1036] - 2022-7-22
+### Added
+- Add ThreatBook Cloud SandBox to JA3 Fingerprint Base Interception rule library
+
+## [22.7.21.1632] - 2022-7-21
+### Added
+- Limit the maximum number of log backup files that can be generated
+
+## [22.7.14.1043] - 2022-7-14
+### Added
+- Resolve the problem that the custom certificate is overwritten
+
+## [22.7.12.1111] - 2022-7-12
+### Added
+- Profile Header authentication ignores case
+- Disable the default JARM fingerprint randomization parameter
+- Change the long version name!!
+- Forward the packet XFF header so that C2 gets the real IP address
+- Custom configuration file path
+- Added validity verification for parameter IP input
+
+## [22.6.28.1712] - 2022-6-28
+### Added
+- JA3 fingerprint Identify sandbox
+- Code has been optimized
+- Solved the problem that communication cannot be performed normally
+due to the incompatibility of TLS jarm fingerprint randomize with custom certificates
+
+## [22.5.26.1716] - 2022-5-26
+### Added
+- TLS jarm fingerprint randomize
+
+## [22.5.20.1220] - 2022-5-20
+### Added
+- Initialize project

README.md

@@ -41,7 +41,7 @@ You can directly download and use the compiled version, or you can download the
 git clone https://github.com/wikiZ/RedGuard.git
 cd RedGuard
 # You can also use upx to compress the compiled file size
-go build -ldflags "-s -w"
+go build -ldflags "-s -w" -trimpath
 # Give the tool executable permission and perform initialization operations
 chmod +x ./RedGuard&&./RedGuard
 

RedGuard.go

@@ -1,106 +1,106 @@
-/**
- * @Author 风起
- * @contact: [email protected]
- * @File: RedGuard.go
- * @Time: 2022/5/4 10:44
- **/
-
-package main
-
-import (
-	"fmt"
-	"os"
-	"strings"
-
-	"RedGuard/config"
-	"RedGuard/core"
-	"RedGuard/core/parameter"
-	"RedGuard/lib"
-)
-
-var logger = lib.Logger() // logger output model
-
-type C2 struct {
-	Type string //Server interface{}
-}
-
-type c2Action interface {
-	serverInit()
-}
-
-type cobaltStrike struct {
-	action string
-}
-
-// ServerInit CobaltStrike module core method entry
-func (cs *cobaltStrike) serverInit() {
-	cs.action = "CobaltStrike"
-	var (
-		proxy parameter.ProxyConf // Proxy configuration structure
-		cfg   = lib.InitConfig()  // config file object
-		num   int                 // counting variable
-	)
-	// HTTPS Reverse proxy SSL certificate is created
-	lib.InitGenerateSelfSignedCert()
-	for key, value := range map[string]string{
-		"HTTPS": "/",
-		"HTTP":  "/http",
-	} {
-		proxy.Action = key    // Gets the reverse proxy listening port type
-		proxy.Pattern = value // Gets the pattern associated with the listening type
-		proxy.Port = lib.ReadConfig("proxy", fmt.Sprintf("Port_%s", key), cfg)
-		// When num is greater than 0, the main program is called out of the loop
-		if num > 0 {
-			break
-		}
-		num += 1
-		logger.Noticef("HostTarget: %s", lib.ReadConfig("proxy", "HostTarget", cfg))
-		// HTTP reverse proxy
-		go core.ProxyManger(proxy.Action, proxy.Port, proxy.Pattern)
-	}
-	// HTTPS reverse proxy
-	core.ProxyManger(proxy.Action, proxy.Port, proxy.Pattern)
-	// TODO CobaltStrike Core flow control method
-}
-
-func (c2 C2) configInit(args *parameter.Parses) {
-	c2.Type = args.C2Type
-	// Check C2 Server type
-	switch strings.ToLower(c2.Type) {
-	case "cobaltstrike":
-		// CobaltStrike Server initialize method
-		(&cobaltStrike{}).serverInit()
-	}
-	// TODO:Development Pending for other C2 frameworks
-}
-
-func main() {
-	fmt.Println(fmt.Sprintf(config.BANNER, config.VERSION, config.URL)) // output banner information.
-	// Create the tool argument
-	var (
-		parse  parameter.Parses // Basic parameter structure
-		cert   parameter.Cert   // Certificate configuration parameter structure
-		_proxy parameter.Proxy  // Proxy configuration parameter structure
-	)
-	core.CmdParse(&parse, &cert, &_proxy)
-	// Check whether RedGuard has been initialized
-	if num, isExits := lib.CreateConfig(parse.C2Type /* C2 Facility Type */, parse.ConfigPath); isExits {
-		switch {
-		case parse.Update:
-			lib.UpdateConfig(&cert, &_proxy) // Update RedGuard Config
-			logger.Notice("RedGuard Configuration file updated successfully!")
-		case parse.IP != "":
-			if lib.CheckIP(parse.IP) == false {
-				logger.Warning("Please enter a valid IP address")
-				os.Exit(0)
-			}
-			logger.Noticef("Search ipLookUpHelper: %s", parse.IP)
-			core.IPLookUp(parse.Location /* owning place to be verified */, parse.IP) // Query the location of an IP address
-		case num == 0:
-			// Select different C2 Server modes based on user parameters,default CobaltStrike.
-			(C2{}).configInit(&parse)
-		case num == 1: // Initialization is run for the first time
-			os.Exit(0)
-		}
-	}
-}
+/**
+ * @Author 风起
+ * @contact: [email protected]
+ * @File: RedGuard.go
+ * @Time: 2022/5/4 10:44
+ **/
+
+package main
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"RedGuard/config"
+	"RedGuard/core"
+	"RedGuard/core/parameter"
+	"RedGuard/lib"
+)
+
+var logger = lib.Logger() // logger output model
+
+type C2 struct {
+	Type string //Server interface{}
+}
+
+type c2Action interface {
+	serverInit()
+}
+
+type cobaltStrike struct {
+	action string
+}
+
+// ServerInit CobaltStrike module core method entry
+func (cs *cobaltStrike) serverInit() {
+	cs.action = "CobaltStrike"
+	var (
+		proxy parameter.ProxyConf // Proxy configuration structure
+		cfg   = lib.InitConfig()  // config file object
+		num   int                 // counting variable
+	)
+	// HTTPS Reverse proxy SSL certificate is created
+	lib.InitGenerateSelfSignedCert()
+	for key, value := range map[string]string{
+		"HTTPS": "/",
+		"HTTP":  "/http",
+	} {
+		proxy.Action = key    // Gets the reverse proxy listening port type
+		proxy.Pattern = value // Gets the pattern associated with the listening type
+		proxy.Port = lib.ReadConfig("proxy", fmt.Sprintf("Port_%s", key), cfg)
+		// When num is greater than 0, the main program is called out of the loop
+		if num > 0 {
+			break
+		}
+		num += 1
+		logger.Noticef("HostTarget: %s", lib.ReadConfig("proxy", "HostTarget", cfg))
+		// HTTP reverse proxy
+		go core.ProxyManger(proxy.Action, proxy.Port, proxy.Pattern)
+	}
+	// HTTPS reverse proxy
+	core.ProxyManger(proxy.Action, proxy.Port, proxy.Pattern)
+	// TODO CobaltStrike Core flow control method
+}
+
+func (c2 C2) configInit(args *parameter.Parses) {
+	c2.Type = args.C2Type
+	// Check C2 Server type
+	switch strings.ToLower(c2.Type) {
+	case "cobaltstrike":
+		// CobaltStrike Server initialize method
+		(&cobaltStrike{}).serverInit()
+	}
+	// TODO:Development Pending for other C2 frameworks
+}
+
+func main() {
+	fmt.Println(fmt.Sprintf(config.BANNER, config.VERSION, config.URL)) // output banner information.
+	// Create the tool argument
+	var (
+		parse  parameter.Parses // Basic parameter structure
+		cert   parameter.Cert   // Certificate configuration parameter structure
+		_proxy parameter.Proxy  // Proxy configuration parameter structure
+	)
+	core.CmdParse(&parse, &cert, &_proxy)
+	// Check whether RedGuard has been initialized
+	if num, isExits := lib.CreateConfig(parse.C2Type /* C2 Facility Type */, parse.ConfigPath); isExits {
+		switch {
+		case parse.Update:
+			lib.UpdateConfig(&cert, &_proxy) // Update RedGuard Config
+			logger.Notice("RedGuard Configuration file updated successfully!")
+		case parse.IP != "":
+			if lib.CheckIP(parse.IP) == false {
+				logger.Warning("Please enter a valid IP address")
+				os.Exit(0)
+			}
+			logger.Noticef("Search ipLookUpHelper: %s", parse.IP)
+			core.IPLookUp(parse.Location /* owning place to be verified */, parse.IP) // Query the location of an IP address
+		case num == 0:
+			// Select different C2 Server modes based on user parameters,default CobaltStrike.
+			(C2{}).configInit(&parse)
+		case num == 1: // Initialization is run for the first time
+			os.Exit(0)
+		}
+	}
+}