diff --git a/TABS/docs/docs.py b/TABS/docs/docs.py index 81667ca..0a49580 100644 --- a/TABS/docs/docs.py +++ b/TABS/docs/docs.py @@ -24,32 +24,121 @@ class DocsWidget(QWidget): # Embedded documentation (previously in DOC.md) DOC_CONTENT = """ -# RABIDS +**RABIDS: Modules, Tabs & Settings** -RABIDS is a modular framework for building payloads and tooling. This in-application documentation provides installation instructions, usage notes, and brief descriptions of available modules. +This document summarizes the purpose of each module in `MODULE/`, the function of each UI tab in `TABS/`, and the configuration settings surfaced by the application. The intent is to provide a code-oriented reference for maintainers and reviewers. This file intentionally avoids step-by-step operational advice or guidance that could be used to misuse the code. -## Getting Started +**Legal / Ethical Use:** +- **NOTE:** This repository contains code that can be used to produce offensive tooling. Use, modification, or deployment must occur only in controlled, legal, authorized environments (research labs, red-team engagements with written consent, or education). The author and maintainers are not responsible for misuse. -1. Install UI dependencies: +**Contents** +- **Modules:** Brief description of each file in `MODULE/`. +- **Tabs:** Explanation of each tab widget in `TABS/` and the UI controls they expose. +- **Settings & Persistence:** Where settings live and how widgets expose configuration. -``` -pip install PyQt5 discord -``` +**Modules (folder `MODULE/`)** +- **`ctrlvamp.nim`**: High-level description: a module that targets clipboard contents to replace cryptocurrency addresses. Key concepts: collects clipboard text, compares for known address formats, and replaces with attacker-provided addresses. Configurable aspects (in the Builder UI) typically include persistence and target patterns. +- **`dumpster.nim`**: High-level description: collects and archives files from a specified directory into a single archive (a “dumpster”). Configurable items include input directory, output/archive name and possibly file filters. +- **`ghostintheshell.nim`**: High-level description: a reverse shell / remote access backdoor that uses an out-of-band transport. The UI provides a Command & Control tab to interact with this module. +- **`krash.nim`**: High-level description: an encryption module (ransomware-style). The UI provides a decryptor builder for artifacts produced by this module (key, IV, extension). The decryptor builder accepts values such as encryption key, IV, extension, target OS/arch, and exe name. +- **`poof.nim`**: High-level description: recursively deletes files from a target directory. Typical configuration: target directory and any safe/ignore patterns. +- **`undeleteme.nim`**: High-level description: persistence helper; sets up autorun/persistence and may interact with security tools settings. Configurable: persistence toggle, optional defender exclusion flags. +- **`bankruptsys.nim`**: High-level description: an integration-style module intended to demonstrate interactions with ATM middleware (XFS). This module represents a specialized payload shape and will include parameters for target systems and middleware interactions. +- **`winkrashv2.nim`**: High-level description: an alternate ransomware implementation that uses low-level Windows techniques (e.g., direct syscalls) to attempt to avoid API instrumentation. Configurable options may mirror `krash`. +- **`poof.nim` / `dumpster.nim` etc.**: Many modules share common option types (paths, file lists, booleans for persistence). The Builder exposes those options — see the Builder section below. +- **`shaihulud.asm`**: Assembly utility that enumerates files and can modify `package.json` files it finds (the file in this repository traverses user profile directories looking for `package.json`, examines `preinstall`, and patches it before running a system command). This is low-level native code intended for platform-specific operations. (This file contains direct filesystem and process interactions; maintainers should review it carefully before reuse.) -2. Run the application: +**UI Tabs (folder `TABS/`)** +Each UI tab is implemented as a widget class. The main application (`main.py`) imports these widgets and adds them to the main `QTabWidget` in the following order. -``` -python3 main.py -``` +- **`BUILDER` — `TABS/builder/builder.py`** + - **Purpose:** Select and chain modules, configure module-specific options, and configure build options. + - **Key controls:** + - **Module selection combo:** choose from available modules and add to the module chain. + - **Module chain table:** reorder or remove modules; the order determines how modules are combined. + - **Module options pane:** per-module fields created from `module_options` provided by configuration (fields may be text inputs or checkboxes for booleans like `persistence` or `defenderExclusion`). + - **Build Options:** `EXE NAME`, `OS` (`windows`, `linux`, `macos`), `PROCESSOR` (`amd64`, `arm64`), `HIDE CONSOLE` (Windows-only), `OBFUSCATE` and `OLLVM` flags. + - **BUILD button:** Emits a build request; the main app builds a command line invoking `compiler.py`. + - **Signals / API:** Emits `build_requested` with a build configuration dict; the main app listens and spawns `compiler.py` in a thread. -## Features +- **`OUTPUT` — `TABS/output/output.py`** + - **Purpose:** Show build logs and provide access to the `LOOT/` folder where build artifacts or extracted files are stored. + - **Key controls:** + - **Log area:** receives messages from other parts of the app (build thread, installers, C2). Use `log_message()` to append color-coded messages. + - **LOOT list and controls:** refresh and open the `LOOT/` directory in the OS file manager; lists files by modification time. -- Modular payload composition -- Cross-platform compilation (Windows/Linux/macOS) -- Optional Docker-based obfuscation -- Integrated C2 and build UI +- **`C2` — `TABS/c2/c2.py`** + - **Purpose:** Command-and-control interface for interacting with remote agents implemented by the `ghostintheshell` module. + - **Key controls:** `Connect` (emits connect request), command input, `Send` button, and a log area. The widget emits `connect_requested` and `send_message_requested` signals. -Refer to the repository README for more details. +- **`KRASH` — `TABS/krash/krash.py`** + - **Purpose:** Build a standalone decryptor for files encrypted with the `krash` module; also displays a live list of encrypted devices reported via the configured HTTP listener. + - **Key controls:** fields for `Key`, `IV`, `Extension` and build options (`EXE Name`, `OS`, `Processor`) and a `BUILD DECRYPTOR` button. Also includes controls to start/refresh a listener and a table of live encrypted devices. + +- **`GARBAGE COLLECTOR` — `TABS/garbage/garbage.py`** + - **Purpose:** Restore files from a `dumpster` archive created by the `dumpster` module. + - **Key controls:** `Dumpster File Path` and `Destination Directory` inputs, `Browse...` dialogs, and `Restore` button. The widget emits `restore_requested(dumpster_file, output_dir)` when the user starts a restore. + +- **`WHISPERS` — `TABS/whispers/whispers.py`** + - **Purpose:** Integrates with a Node.js bridge (`whatsapp_bridge.js`) to control WhatsApp Web for sending messages or reaction-spam testing; includes optional plotting when `matplotlib` is available. + - **Key controls:** `Start Client` (launches `node whatsapp_bridge.js`), QR code display, phone number input, `DELAY` (ms), `START SPAM` / `STOP SPAM` controls, and a small log + optional graph view. The widget communicates with a background `WhatsAppWebThread` which reads JSON lines from the Node bridge. + - **Dependencies:** Node.js + the local Node bridge script. The tab exposes `get_settings()` and `load_settings()` for persistence. + +- **`DOCUMENTATION` — `TABS/docs/docs.py`** + - **Purpose:** Embedded in-app documentation; the widget displays a Markdown string describing the project and basic usage. This content is read-only and serves as a quick reference for users of the GUI. + +- **`SETTINGS` — `TABS/settings/settings.py`** + - **Purpose:** Configure application-level settings and install helper tools (Nim, Rust, Python packages, Nimble packages, Rust targets, Docker image for obfuscation). + - **Key controls:** + - **`HTTP Server URL`** (`server_url` input): the URL used by modules/C2/daemon features for callbacks (default visible fallback is `http://localhost:8080`). + - **Dependency Installation group:** Buttons to install or bootstrap runtimes: + - `Install Nim` — triggers `install_nim_tool_requested` + - `Install Rust` — triggers `install_rust_tool_requested` + - `Install Python Packages` — triggers `install_python_requested` + - `Install Nimble Packages` — triggers `install_nimble_requested` + - `Install Rust Targets` — triggers `install_rust_targets_requested` + - `Pull Docker Image` — triggers `install_docker_requested` (used for the optional obfuscator image) + - **Save Settings button:** emits `save_requested` so the main app can persist settings. + - **Signals / API:** Exposes `get_settings()` (returns a dict like `{'server_url': ...}`) and `load_settings(settings)` to populate the UI. + +**Configuration Persistence** +- **Where settings are stored:** The application reads and writes JSON to `rabids_config.json` in the project root. Widgets provide `get_settings()` and `load_settings()` helper methods which the main app calls when saving or loading settings. +- **Builder module options:** The Builder reads a `module_options` mapping from the application config (presented to `BuilderWidget` during initialization). Typical option keys observed in UI code include: + - `nimFile`, `embedFiles`, `dumpsterFile`, `inputDir`, `outputDir`, `targetDir` (file/directory paths) + - `persistence`, `defenderExclusion` (boolean flags represented as checkboxes) + - Arbitrary module-specific values (the Builder collects these and passes them to the build step under `option_values`) + +**How the Build Flow Works (high-level, non-actionable)** +- The Builder tab collects the selected module chain and option values and emits a `build_requested` event with a dict that includes `selected_modules`, build options, and `option_values`. +- The main application (`main.py`) receives this event and constructs a command line that invokes `compiler.py` with flags (e.g., `--module=...`, `--exe_name=...`) and runs it in a background thread so the UI remains responsive. + +**Signals & Integration Points (for maintainers)** +- `BuilderWidget.build_requested` → handled in `main.py` by `handle_build()` which starts `BuildThread`. +- `OutputWidget.log_message` → used by other widgets to append messages to the central log area. +- `SettingsWidget` emits install signals (e.g., `install_nim_tool_requested`) which `main.py` maps to `get_install_cmd()` and runs in `DependencyInstallerThread`. + +**Safety & Review Notes (for maintainers and reviewers)** +- Several modules perform low-level or privileged operations (file system enumeration/modification, network callbacks, process invocation). Treat these areas as high-risk and review them closely before building or running on any system. +- The repository includes cross-language code (Nim, Rust wrappers, and assembly). Ensure toolchains are isolated and sandboxed when compiling or testing. +- The `WHISPERS` tab starts an external Node process (`whatsapp_bridge.js`) and expects streaming JSON output. Be mindful of dependencies (Node, `qrcode`, `matplotlib`) when testing. + +**Quick file pointers** +- Main entry: `main.py` — application bootstrap, tab wiring, config load/save, and install/build orchestration. +- Config file: `rabids_config.json` — JSON persisted settings. +- Builder UI: `TABS/builder/builder.py` — module selection, option collection, build config. +- Output UI: `TABS/output/output.py` — build logs, LOOT folder view. +- C2 UI: `TABS/c2/c2.py` — connect/send interface for reverse shell module. +- Krash UI: `TABS/krash/krash.py` — decryptor builder and live device view. +- Garbage UI: `TABS/garbage/garbage.py` — restore from dumpster archives. +- Whispers UI + bridge: `TABS/whispers/whispers.py`, `TABS/whispers/whatsapp_bridge.js`, `TABS/whispers/package.json`. +- Modules: `MODULE/*.nim`, `MODULE/shaihulud.asm` — core payload sources and native utilities. + +If you want, I can: +- Generate a more structured developer reference (table of functions / classes and their method signatures), or +- Produce a separate “secure review checklist” that highlights exactly which files and functions to audit before running builds. + +--- +Generated by local repository inspection on the developer machine. This document intentionally focuses on design, configuration, and code structure (non-actionable descriptions only). """ self.docs_text.setMarkdown(DOC_CONTENT)