NimPlant v1.4 - Black Hat Edition

.devcontainer/devcontainer.json

@@ -0,0 +1,28 @@
+{
+    "name": "NimPlant Dev Container",
+    "build": {
+        "dockerfile": "../Dockerfile"
+    },
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "GitHub.copilot-chat",
+                "GitHub.copilot",
+                "kosz78.nim",
+                "littlefoxteam.vscode-python-test-adapter",
+                "matklad.rust-analyzer",
+                "ms-azuretools.vscode-docker",
+                "ms-python.black-formatter",
+                "ms-python.isort",
+                "ms-python.pylint",
+                "ms-python.python",
+                "ms-python.vscode-pylance",
+                "serayuzgur.crates",
+                "tamasfe.even-better-toml",
+                "vadimcn.vscode-lldb"
+            ]
+        }
+    },
+    "postCreateCommand": "apt-get update && apt-get install -y ssh",
+    "remoteUser": "root"
+}

.dockerignore

@@ -0,0 +1,15 @@
+.devcontainer
+.git
+.github
+.gitignore
+.venv
+.xorkey
+client-rs/bin/
+client-rs/target/
+client/bin/
+config.toml
+config.toml.example
+detection/
+LICENSE
+README.md
+ui/

.github/workflows/main.yml

@@ -1,56 +1,78 @@
-name: Test NimPlant builds
+name: Build NimPlant container and test builds
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
   workflow_dispatch:
 
 jobs:
-  build-nimplant:
+  build-container:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code into workspace directory
+        uses: actions/checkout@v4
+
+      - name: Set Docker image tag
+        id: set_tag
+        run: |
+          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+            echo "::set-output name=tag::dev"
+          else
+            echo "::set-output name=tag::latest"
+          fi
+        shell: bash
+
+      - name: Build Docker container
+        run: docker build . -t ${{ vars.DOCKERHUB_USERNAME }}/nimplant:${{ steps.set_tag.outputs.tag }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Push Docker image to Docker Hub
+        run: docker push ${{ vars.DOCKERHUB_USERNAME }}/nimplant:${{ steps.set_tag.outputs.tag }}
+
+  test-builds:
+    needs: build-container
     strategy:
-      max-parallel: 1
+      max-parallel: 2
       fail-fast: false
       matrix:
-        os: [windows-latest, ubuntu-latest]
-    runs-on: ${{ matrix.os }}
+        include:
+          - language: "nim"
+            paths: ./client/bin/NimPlant.exe, ./client/bin/NimPlant.dll, ./client/bin/NimPlant.bin, ./client/bin/NimPlant-selfdelete.exe
+          - language: "rust"
+            paths: ./client-rs/bin/nimplant.bin, ./client-rs/bin/nimplant.dll, ./client-rs/bin/nimplant.exe, ./client-rs/bin/nimplant-selfdelete.exe
+    runs-on: ubuntu-latest
     steps:
-    - name: Checkout code into workspace directory
-      uses: actions/checkout@v3
-
-    - name: Install Python 3.10
-      uses: actions/setup-python@v1
-      with:
-        python-version: '3.10'
-
-    - name: Install Nim 1.6.12
-      uses: iffy/install-nim@v4
-      with:
-        version: binary:1.6.12
-
-    - name: Install Python dependencies for NimPlant
-      run: pip install -r ./server/requirements.txt
-
-    - name: Install Nim dependencies for NimPlant
-      working-directory: ./client
-      run: nimble install -d -y
-
-    - name: Install mingw-w64 on Linux
-      if: matrix.os == 'ubuntu-latest'
-      uses: egor-tensin/setup-mingw@v2
-      with:
-        platform: x64
-
-    - name: Copy example configuration
-      run: cp config.toml.example config.toml
-      shell: bash
-
-    - name: Compile NimPlant
-      run: python NimPlant.py compile all
-
-    - name: Check if all files compiled correctly
-      uses: andstor/file-existence-action@v2
-      with:
-        fail: true
-        files: "./client/bin/NimPlant.bin, ./client/bin/NimPlant.dll, ./client/bin/NimPlant.exe, ./client/bin/NimPlant-selfdelete.exe"
+      - name: Checkout code into workspace directory
+        uses: actions/checkout@v4
+
+      - name: Set Docker image tag
+        id: set_tag
+        run: |
+          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+            echo "::set-output name=tag::dev"
+          else
+            echo "::set-output name=tag::latest"
+          fi
+        shell: bash
+
+      - name: Pull Docker image from Docker Hub
+        run: docker pull ${{ vars.DOCKERHUB_USERNAME }}/nimplant:${{ steps.set_tag.outputs.tag }}
+
+      - name: Copy example configuration
+        run: cp config.toml.example config.toml
+
+      - name: Compile binaries using Docker
+        run: docker run -v ${PWD}:/nimplant ${{ vars.DOCKERHUB_USERNAME }}/nimplant:${{ steps.set_tag.outputs.tag }} /bin/bash -c "python3 ./nimplant.py compile all ${{ matrix.language }}"
+
+      - name: Check if all files compiled correctly for ${{ matrix.language }}
+        uses: andstor/file-existence-action@v3
+        with:
+          fail: true
+          files: ${{ matrix.paths }}

.gitignore

@@ -1,15 +1,17 @@
 __pycache__/
+.venv
 .vscode
 .xorkey
-*.pem
-*.key
 *.bin
 *.db
 *.dll
 *.exe
+*.key
+*.pem
 *.pyc
 bin/
 config.toml
 server/downloads/
 server/logs/
-server/uploads/
+server/uploads/
+target/

Dockerfile

@@ -0,0 +1,37 @@
+FROM ubuntu:24.04
+
+LABEL maintainer="Cas van Cooten (@chvancooten)"
+
+WORKDIR /nimplant
+
+# Install system dependencies
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    build-essential \
+    curl \
+    git \
+    mingw-w64 \
+    nim \
+    python3 \
+    python3-pip \
+    rustup \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Rust w/ Cargo opsec improvements
+RUN curl https://sh.rustup.rs -sSf | bash -s -- -y --default-toolchain nightly --target x86_64-pc-windows-gnu --profile minimal
+ENV PATH="/root/.cargo/bin:${PATH}"
+RUN printf "[build]\nrustflags = [\"--remap-path-prefix\", \"/nimplant=/build\", \"-Zlocation-detail=none\"]" > /root/.cargo/config.toml
+
+# Copy files
+COPY . /nimplant
+
+# Install Python requirements
+RUN pip install --no-cache-dir -r server/requirements.txt --break-system-packages
+
+# Install Nim requirements
+RUN cd client; nimble install -d -y; cd ..
+
+# Expose ports
+EXPOSE 80
+EXPOSE 443
+EXPOSE 31337