main
1package mythic
2
3// This file contains GraphQL queries and mutations for the Mythic C2 framework.
4// It's a 1:1 port of contrib/Mythic_Scripting/mythic/graphql_queries.py
5// to maintain compatibility and ease upstream synchronization.
6//
7// To sync with upstream changes:
8// 1. Check contrib/Mythic_Scripting/mythic/graphql_queries.py for updates
9// 2. Update the corresponding Go constants in this file
10// 3. Test that the client functions still work with the updated queries
11//
12// The naming convention:
13// - Python snake_case variables become Go PascalCase constants
14// - gql(...) wrappers are removed (just the string content)
15// - f-string formatting is converted to Go constants with concatenation
16
17// Mutations
18
19const CreateAPIToken = `
20mutation createAPITokenMutation{
21 createAPIToken(token_type: "User"){
22 id
23 token_value
24 status
25 error
26 operator_id
27 }
28}`
29
30const GetAPITokens = `
31query GetAPITokens($username: String!) {
32 apitokens(where: {active: {_eq: true}, operator: {username: {_eq: $username}}, deleted: {_eq: false}}) {
33 token_value
34 active
35 id
36 }
37}`
38
39const CreateTask = `
40mutation createTasking($callback_id: Int!, $command: String!, $params: String!, $files: [String], $token_id: Int, $tasking_location: String, $original_params: String, $parameter_group_name: String, $is_interactive_task: Boolean, $interactive_task_type: Int, $parent_task_id: Int, $payload_type: String) {
41 createTask(callback_id: $callback_id, command: $command, params: $params, files: $files, token_id: $token_id, tasking_location: $tasking_location, original_params: $original_params, parameter_group_name: $parameter_group_name, is_interactive_task: $is_interactive_task, interactive_task_type: $interactive_task_type, parent_task_id: $parent_task_id, payload_type: $payload_type) {
42 status
43 id
44 display_id
45 error
46 }
47}`
48
49const UpdateCallback = `
50mutation updateCallbackInformation ($callback_display_id: Int!, $active: Boolean, $locked: Boolean, $description: String, $ips: [String], $user: String, $host: String, $os: String, $architecture: String, $extra_info: String, $sleep_info: String, $pid: Int, $process_name: String, $integrity_level: Int, $domain: String){
51 updateCallback(input: {callback_display_id: $callback_display_id, active: $active, locked: $locked, description: $description, ips: $ips, user: $user, host: $host, os: $os, architecture: $architecture, extra_info: $extra_info, sleep_info: $sleep_info, pid: $pid, process_name: $process_name, integrity_level: $integrity_level, domain: $domain}) {
52 status
53 error
54 }
55}`
56
57const CreatePayload = `
58mutation createPayloadMutation($payload: String!) {
59 createPayload(payloadDefinition: $payload) {
60 error
61 status
62 uuid
63 }
64}`
65
66const CreateOperator = `
67mutation NewOperator($username: String!, $password: String!, $email: String, $bot: Boolean) {
68 createOperator(input: {password: $password, username: $username, email: $email, bot: $bot}) {
69 ...create_operator_fragment
70 }
71}
72` + CreateOperatorFragment
73
74const GetOperationAndOperatorByName = `
75query getOperationAndOperator($operation_name: String!, $operator_username: String!){
76 operation(where: {name: {_eq: $operation_name}}){
77 id
78 operatoroperations(where: {operator: {username: {_eq: $operator_username}}}) {
79 view_mode
80 id
81 }
82 }
83 operator(where: {username: {_eq: $operator_username}}){
84 id
85 }
86}`
87
88// Fragments
89
90const TaskFragment = `
91fragment task_fragment on task {
92 callback {
93 id
94 display_id
95 }
96 id
97 display_id
98 operator{
99 username
100 }
101 status
102 completed
103 original_params
104 display_params
105 timestamp
106 command_name
107 tasks {
108 id
109 }
110 token {
111 token_id
112 }
113}`
114
115const MythictreeFragment = `
116fragment mythictree_fragment on mythictree {
117 task_id
118 timestamp
119 host
120 comment
121 success
122 deleted
123 tree_type
124 os
125 can_have_children
126 name_text
127 parent_path_text
128 full_path_text
129 metadata
130}`
131
132const OperatorFragment = `
133fragment operator_fragment on operator {
134 id
135 username
136 admin
137 active
138 last_login
139 current_operation_id
140 deleted
141}`
142
143const CallbackFragment = `
144fragment callback_fragment on callback {
145 architecture
146 description
147 domain
148 external_ip
149 host
150 id
151 display_id
152 integrity_level
153 ip
154 extra_info
155 sleep_info
156 pid
157 os
158 user
159 agent_callback_id
160 operation_id
161 process_name
162 payload {
163 os
164 payloadtype {
165 name
166 }
167 description
168 uuid
169 }
170}`
171
172const PayloadBuildFragment = `
173fragment payload_build_fragment on payload {
174 build_phase
175 uuid
176 build_stdout
177 build_stderr
178 build_message
179 id
180}`
181
182const CreateOperatorFragment = `
183fragment create_operator_fragment on OperatorOutput {
184 active
185 creation_time
186 deleted
187 error
188 id
189 last_login
190 status
191 username
192 view_utc_time
193 account_type
194 email
195}`
196
197const GetOperationsFragment = `
198fragment get_operations_fragment on operation {
199 complete
200 name
201 id
202 admin {
203 username
204 id
205 }
206 operatoroperations {
207 view_mode
208 operator {
209 username
210 id
211 }
212 id
213 }
214}`
215
216const AddOperatorToOperationFragment = `
217fragment add_operator_to_operation_fragment on updateOperatorOperation{
218 status
219 error
220}`
221
222const RemoveOperatorFromOperationFragment = `
223fragment remove_operator_from_operation_fragment on updateOperatorOperation{
224 status
225 error
226}`
227
228const UpdateOperatorInOperationFragment = `
229fragment update_operator_in_operation_fragment on updateOperatorOperation{
230 status
231 error
232}`
233
234const CreateOperationFragment = `
235fragment create_operation_fragment on createOperationOutput {
236 status
237 error
238 operation{
239 name
240 id
241 admin {
242 id
243 username
244 }
245 }
246}`
247
248const UserOutputFragment = `
249fragment user_output_fragment on response {
250 response_text
251 timestamp
252}`
253
254const TaskOutputFragment = `
255fragment task_output_fragment on response {
256 id
257 timestamp
258 response_text
259 task {
260 id
261 display_id
262 status
263 completed
264 agent_task_id
265 command_name
266 }
267}`
268
269const PayloadDataFragment = `
270fragment payload_data_fragment on payload {
271 build_message
272 build_phase
273 build_stderr
274 callback_alert
275 creation_time
276 id
277 operator {
278 id
279 username
280 }
281 uuid
282 description
283 deleted
284 auto_generated
285 payloadtype {
286 id
287 name
288 }
289 filemetum {
290 agent_file_id
291 filename_utf8
292 id
293 }
294 payloadc2profiles {
295 c2profile {
296 running
297 name
298 is_p2p
299 container_running
300 }
301 }
302}`
303
304const FileDataFragment = `
305fragment file_data_fragment on filemeta{
306 agent_file_id
307 chunk_size
308 chunks_received
309 complete
310 deleted
311 filename_utf8
312 full_remote_path_utf8
313 host
314 id
315 is_download_from_agent
316 is_payload
317 is_screenshot
318 md5
319 operator {
320 id
321 username
322 }
323 comment
324 sha1
325 timestamp
326 total_chunks
327 task {
328 id
329 comment
330 command {
331 cmd
332 id
333 }
334 }
335}`
336
337const CommandFragment = `
338fragment command_fragment on command {
339 id
340 cmd
341 attributes
342}`
343
344// Query builders for common operations
345
346const GetCallbacks = `
347query GetCallbacks {
348 callback {
349 id
350 display_id
351 user
352 host
353 process_name
354 pid
355 description
356 last_checkin
357 active
358 payload {
359 payloadtype {
360 name
361 }
362 }
363 }
364}`
365
366const GetDetailedCallback = `
367query GetDetailedCallback($callback_id: Int!) {
368 callback_by_pk(id: $callback_id) {
369 id
370 display_id
371 user
372 host
373 process_name
374 pid
375 description
376 last_checkin
377 active
378 architecture
379 os
380 domain
381 integrity_level
382 ip
383 external_ip
384 sleep_info
385 extra_info
386 registered_payload_id
387 agent_callback_id
388 crypto_type
389 init_callback
390 payload {
391 id
392 uuid
393 description
394 payloadtype {
395 name
396 author
397 note
398 }
399 }
400 operator {
401 username
402 }
403 loadedcommands {
404 id
405 version
406 timestamp
407 command {
408 cmd
409 description
410 help_cmd
411 author
412 needs_admin
413 attributes
414 }
415 }
416 }
417}`
418
419const GetTask = `
420query GetTask($id: Int!) {
421 task_by_pk(id: $id) {
422 id
423 display_id
424 command_name
425 params
426 original_params
427 display_params
428 status
429 completed
430 timestamp
431 agent_task_id
432 parameter_group_name
433 tasking_location
434 is_interactive_task
435 interactive_task_type
436 parent_task_id
437 operator {
438 username
439 }
440 token {
441 token_id
442 }
443 callback {
444 id
445 display_id
446 }
447 }
448}`
449
450const GetTasksWithResponsesByIDs = `
451query GetTasksWithResponsesByIDs($task_ids: [Int!]!) {
452 task(where: {id: {_in: $task_ids}}) {
453 id
454 display_id
455 command_name
456 original_params
457 display_params
458 status
459 completed
460 timestamp
461 callback {
462 id
463 display_id
464 host
465 user
466 }
467 responses(order_by: {id: asc}) {
468 response_text
469 timestamp
470 }
471 }
472}`
473
474const GetTaskResponses = `
475query GetTaskResponses($task_display_id: Int!) {
476 response(where: {task: {display_id: {_eq: $task_display_id}}}, order_by: {id: asc}) {
477 response_text
478 timestamp
479 }
480}`
481
482const GetCallbackTasks = `
483query GetCallbackTasks($callback_id: Int!) {
484 task(where: {callback_id: {_eq: $callback_id}}, order_by: {id: asc}) {
485 id
486 display_id
487 command_name
488 original_params
489 display_params
490 status
491 completed
492 timestamp
493 callback {
494 id
495 display_id
496 }
497 }
498}`
499
500const GetDownloadedFiles = `
501query GetDownloadedFiles {
502 filemeta(where: {is_download_from_agent: {_eq: true}, deleted: {_eq: false}}, order_by: {id: desc}) {
503 agent_file_id
504 filename_utf8
505 full_remote_path_utf8
506 host
507 id
508 complete
509 chunks_received
510 total_chunks
511 timestamp
512 md5
513 sha1
514 operator {
515 username
516 }
517 task {
518 id
519 display_id
520 callback {
521 id
522 display_id
523 host
524 user
525 }
526 }
527 }
528}`
529
530const GetAllTasksWithResponses = `
531query GetAllTasksWithResponses($limit: Int) {
532 task(where: {status: {_in: ["completed", "error"]}}, order_by: {id: desc}, limit: $limit) {
533 id
534 display_id
535 command_name
536 original_params
537 display_params
538 status
539 completed
540 timestamp
541 callback {
542 id
543 display_id
544 host
545 user
546 }
547 }
548}`
549
550const GetPayloads = `
551query GetPayloads {
552 payload(where: {deleted: {_eq: false}}, order_by: {id: desc}) {
553 build_message
554 build_phase
555 build_stderr
556 callback_alert
557 creation_time
558 id
559 operator {
560 id
561 username
562 }
563 uuid
564 description
565 deleted
566 auto_generated
567 payloadtype {
568 id
569 name
570 }
571 filemetum {
572 agent_file_id
573 filename_utf8
574 id
575 }
576 payloadc2profiles {
577 c2profile {
578 running
579 name
580 is_p2p
581 container_running
582 }
583 }
584 }
585}`
586
587const GetAllFiles = `
588query GetAllFiles {
589 filemeta(where: {deleted: {_eq: false}}, order_by: {id: desc}) {
590 agent_file_id
591 filename_utf8
592 full_remote_path_utf8
593 host
594 id
595 complete
596 chunks_received
597 total_chunks
598 timestamp
599 md5
600 sha1
601 is_download_from_agent
602 is_payload
603 is_screenshot
604 operator {
605 username
606 }
607 task {
608 id
609 display_id
610 callback {
611 id
612 display_id
613 host
614 user
615 }
616 }
617 }
618}`
619
620const GetTasksWithResponses = `
621query GetTasksWithResponses($callback_id: Int, $limit: Int) {
622 task(where: {callback_id: {_eq: $callback_id}}, order_by: {id: desc}, limit: $limit) {
623 id
624 display_id
625 command_name
626 original_params
627 display_params
628 status
629 completed
630 timestamp
631 callback {
632 id
633 display_id
634 host
635 user
636 }
637 responses(order_by: {id: asc}) {
638 response_text
639 timestamp
640 }
641 }
642}`
643
644const GetAllTasks = `
645query GetAllTasks($limit: Int) {
646 task(order_by: {id: desc}, limit: $limit) {
647 id
648 display_id
649 command_name
650 original_params
651 display_params
652 status
653 completed
654 timestamp
655 callback {
656 id
657 display_id
658 host
659 user
660 }
661 }
662}`
663
664const GetAllTasksWithResponsesFromAllCallbacks = `
665query GetAllTasksWithResponsesFromAllCallbacks($limit: Int) {
666 task(order_by: {id: desc}, limit: $limit) {
667 id
668 display_id
669 command_name
670 original_params
671 display_params
672 status
673 completed
674 timestamp
675 callback {
676 id
677 display_id
678 host
679 user
680 }
681 responses(order_by: {id: asc}) {
682 response_text
683 timestamp
684 }
685 }
686}`