-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cSploit 2 architecture #597
Comments
Hey our beloved @tux-mind, its great to have you back! How did your exams go? EDIT: Will you be hangin out on the csploit IRC soon? because ive got some questions. If you could answer then that would be great :) |
Hey @tux-mind, I think the web server will have a problem: we won't be able to run it from android right ? |
@tux-mind, thanks for great work , love this app ,keep this. I can help translate PT-BR and PT-PT.. |
@tux-mind, I can help translate to spanish |
@daniloscala @jorge705 you are welcome. |
I'm open to anything new. Maby you can create an early draft to show your ideas? |
I can translate to german . Iam system Engineer so i can be a tester if needed. |
I might translate to french.
|
We can use this page to translations: |
Can translate to Russian, and can test this app on my 4.1, 4.4, 5.0, 5.1, 6.0 android. I have the phone with this OS. |
Have you considered opening a patreon account? Csploit is a great tool, and I bet there would be a lot of people to support your work |
@raynommo thanks for the suggestion, but I prefer to keep a our contributions as donations. Crowdfunding campaign implies guarantying that, after a certain target of money has been reached, I will work on the project and make an usable product in a certain time. BTW I just got some new toys ! I'm looking forward to learn Go and start writing the new core 😊 |
@developpsoft no worries about where the server is. As now cSploit already "uses" a web server on your phone, just think about the MitM tools. This architecture it's though to let you install the cSploit daemon on a device ( say, a Raspberry PI ), attach it to the network and control it from your phone, with ❤️ |
Well, patreon is not quite "crowdfunding". I saw people there, that were video-blogging travelling to other countries, or just writing games and stuff. It's not like kickstarter or indiegogo. On patreon people support you, because they love your work, that's all really. It can prove to be a source of mediocre income now and then. PS: I'm glad to know you're still enthusiastic about cSploit. |
@raynommo I will setup an account on patreon soon then 😊 thanks for your interest and precious suggestions ❤️ Anyway, I just resumed fixing bugs of current version of cSploit. I've already started learning Go language for writing the new daemon 😋 |
Hey @tux_mind, just find this: github.com/kr/mitm (might be useful for...
Mitm).
|
@tux_mind, here is something for you : https://github.com/xiam/hyperfox.
|
@developpsoft thank you for the references. I've sent an email to some of the developers of the projects you pointed me out. hyperfox codebase it's quite crappy ( spaghetti code ), right now I'm designing the model of cSploit. we used to have the |
Go tux mind!! We are with you!!! |
I will definietly spend my time with rewriting my whole android branch in kotlin to reduce code size and protect our "most advanced and modern" philosopy and also include some new attack vectors like site clone phising and offline attacks like badUSB |
@Silur ❤️ but I have to suggest you to not proceed, cSploit 2 for android will be a simple web client... So, you'll rewrite something that will be deprecated shortly... Right now I'm designing the MitM model.
For phishing I was looking to gophish, I have to study the way it work to understand which kind of data we have to store. For traffic analysis I was looking to xplico and it's capanalysis project, it looks very promising and do exactly what we need! So, guys, fasten your belts, I want to rock this party xD |
@tux_mind is there a way to help you designing cSploit 2 ??
|
Where is the best place to keep up with the project so I don't have to clutter here? Are the nightly releases still going on? What is this about a cSploit 2? |
@developpsoft I'll post pics of my sketches on twitter, so you can review and comment them 😉 @evertking I'm going to tweet short news with my twitter account, just follow me to see them 😊 |
@tux-mind I think cSploit 2 will be a great app, only if we can use it without Internet. For example, at my school i have a wifi with no connection to the Internet. But use metasploit on PC i can hack PC in this wifi. |
@0MazaHacka0 thank you for your suggestion! cSploit will have an heavy integration with MSF, but I'll keep it optional. This way you'll get all the power of the MSF with cSploit even without internet 😋 I've just ended to design the model, I'll post a photo of the entire thing ASAP to obtain your suggestions. I'll start to implement it soon 😉 What are your suggestion about versioning ?
What should we use as APK version ? Thank you for your help and for getting in touch with me ❤️ |
@tux_mind I think it can 2.0.0 Release |
@developpsoft nice suggestion 😆 😆 😆 I prefer numbers rather than names 😁 I was talking about which versioning algorithm to use. If we update the "core" component from I think that the android apk will be a totally different project with it's own version number. Also I will drop the update features to use only F-droid. KISS 😉 |
Hi @tux-mind I want to thank you for all the hard work you do, and tell you that cSploit is actually the most amazing app that I've ever used! If you need an italian translator for your project I'm up! |
Guys, more than 14 people in this post and nobody can donate to tux_mind? Why? Just 1 dollar. |
still waiting for csploit 2.1.7 :') even the last release has much bugs :3 broo for real we need u to comeback , google is shutting down every good app out there :3 we really need u bro :') ( is there anyway to contact u? got much ideas ) |
use metasploit on nethunter |
i think the project is dead , now there's another tool they said it's better than nethunter , andrax , if u heard about it , few days ago there was a new release |
Yeah no. Their website is filled with ridiculous marketing like "Hack everything in everywhere", no source code is actually public and overall it just doesn't look legit at all. nethunter is still maintained in Gitlab. |
I received an email from a guy that want to joint the dev team.
I replied with the following email, I just want to share it with you.
I'm looking forward to receive your comments and suggestions, especially from my loved contributors ( @cSploit/core-devs @cSploit/android-devs @cSploit/translators ).
As i told you I really love the project but I'm overloaded of work to fill my fridge besides lessons and exams for my master degree.
I would really appreciate any help in maintaining/developing cSploit.
I have a lot of ideas that will make it more flexible and cross-platform.
As now I've started working on a new fragmented layout of the app .
But combining what I learned from school and work with the huge amount of work needed to switch to this new layout makes me think about a new architecture for the whole app.
First let me explain you a bit how the app worked, how it works and what are my thoughts for the future.
The old dSploit
dSploit were entirely written in Java, using the Android SDK.
It used some prebuilt binary with some from-sources ones to have hackers-must-have tools ( arpspoof, nmap, hydra, ettercap ... ).
Then it spawned a su shell each time a command is issues.
We encountered many problems, like dynamic library loading restrictions, limitations on su shell opened in a certain time window and so on...
One of the major ones was the MitM performances: when a lot of traffic passed though dSploit it cannot satisfy that load.
The current cSploit
The idea behind cSploit is to rewrite the "problematic stuff" of the app into C ( from there the new app name).
As now there is a daemon ( cSploitd ) that just manage child processes.
The Java app connects to it via a unix socket ( using a native library ) and use it to spawn processes and get their results.
This a very "old school" architecture, hard to maintain, hard to add a new tool to our set and so on.
I probably made a bad choice when I was forced to abandon the dSploit project as it were merged into zAnti.
My thoughts for the future
I'm working pretty much with web apps now and I saw the awesome of having a full decupled system.
Having an API server and a thin frontend makes everything clean and easily maintainable.
So I was thinking about using this architecture for cSploit, using a REST daemon that crunch data and make the whole work,
beside with a thin client that just represent the data from the daemon.
For the frontend I was loooking to angularJS and cordova.
For the backend I was looking at Go.
AngularJS, HTML5, CSS3 will make us able to provide a web client to the daemon (responsive [PC, mobile, tablet]).
Cordova ( and maybe Ionic ) will then take care of turning this web app into a mobile app for any kind of mobile platform ( Android, iOS, blackberry, windows phone ... ).
For the backend I was looking to Go because the alternatives just do not fit well with android and it's performances are simply awesome.
I love the idea of having a compiled daemon ( this is because I designed cSploit daemon in C ), it just run very fast!
Now, thanks to Go we can have a native program written in a high-level language!
Conclusions
I'm looking forward to resume forking on the project, really, but now I have to finish my jobs and follow my courses.
There is a kindness guy that it's about to send me a Thinkpad to work better when I'm not at home ( mostly all days ).
I hope to get back writing code as I resume my courses ( just tomorrow xD ), but depends on my workload.
So, if you can help me in any way I will really appreciate it.
Tell me your skills and super-powers, there is very much to do.
Feel free to suggest anything you want, I'm really open to hints and I will make my best to fit your needs.
The text was updated successfully, but these errors were encountered: