Comitted for life

.config/etc/satellite/config.yml

@@ -0,0 +1,12 @@
+server_root: /var/www/html
+listen: :443
+index: /index.html
+log_level: debug
+
+server_header: Apache/2.4.1 (Unix)
+
+geoip_path: /var/lib/satellite/GeoLite2-Country.mmdb
+
+ssl:
+  key: /etc/satellite/keys/key.pem
+  cert: /etc/satellite/keys/cert.pem

.config/lib/systemd/system/satellite.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Satellite
+After=network.target remote-fs.target nss-lookup.target
+Documentation=https://github.com/t94j0/satellite/wiki
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/satellite
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

.config/scripts/postinstall.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+mkdir -p /etc/satellite/keys
+openssl req -nodes -new -x509 -subj "/C=US/ST=SC/L=Charleston/O=Hacker/CN=satellite" -keyout /etc/satellite/keys/key.pem -out /etc/satellite/keys/cert.pem -days 365

.gitignore

@@ -0,0 +1,2 @@
+dist/
+.DS_Store

.goreleaser.yml

@@ -0,0 +1,58 @@
+before:
+  hooks:
+    - go mod tidy
+
+builds:
+- env:
+    - CGO_ENABLED=0
+  main: ./satellite/
+
+checksum:
+  name_template: 'checksums.txt'
+
+snapshot:
+  name_template: "{{ .Tag }}-next"
+
+nfpms:
+  - id: satellite
+    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    homepage: https://github.com/t94j0/satellite
+    maintainer: Max Harley <[email protected]>
+    description: easy-to-use payload hosting
+    license: MIT
+    dependencies:
+      - openssl
+    scripts:
+      postinstall: ".config/scripts/postinstall.sh"
+    formats:
+      - deb
+      - rpm
+    empty_folders:
+      - /var/www/html
+    files:
+      ".config/etc/satellite/config.yml": "/etc/satellite/config.yml"
+      ".config/lib/systemd/system/satellite.service": "/lib/systemd/system/satellite.service"
+      ".config/var/lib/satellite/GeoLite2-Country.mmdb": "/var/lib/satellite/GeoLite2-Country.mmdb"
+
+brews:
+  - name: satellite
+    skip_upload: true
+    github:
+      owner: t94j0
+      name: homebrew-security
+    url_template: "https://github.com/t94j0/satellite/releases/{{ .Tag }}/{{ .ArtifactName }}"
+    commit_author:
+      name: Max Harley
+      email: [email protected]
+    folder: Formula
+    homepage: "https://github.com/t94j0/satellite"
+    description: "easy-to-use payload hosting"
+    install: |
+      bin.install "satellite"
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+    - '^docs:'
+    - '^test:'

Dockerfile

@@ -0,0 +1,22 @@
+FROM golang:1.13.1 as builder
+WORKDIR /go/src/github.com/t94j0/satellite
+COPY . .
+RUN cd satellite && CGO_ENABLED=0 GOOS=linux go build -a  -o /root/satellite .
+
+
+FROM alpine:latest  
+RUN apk --no-cache add ca-certificates openssl
+# Configure satellite
+## Run postinstall.sh
+COPY ./.config/scripts/postinstall.sh /
+RUN sh /postinstall.sh
+## Merge .config with filesystem
+RUN mkdir -p /etc/satellite /var/lib/satellite
+COPY ./.config/etc/satellite/config.yml /etc/satellite/
+COPY ./.config/var/lib/satellite/GeoLite2-Country.mmdb /var/lib/satellite/
+
+WORKDIR /root/
+COPY --from=builder /root/satellite .
+RUN ls -la /root
+EXPOSE 443
+CMD ["/root/satellite"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Maxwell Harley
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,55 @@
+# satellite
+
+Satellite is an web payload hosting service which filters requests to ensure the correct target is getting a payload. This can also be a useful service for hosting files that should be only accessed in very specific circumstances.
+
+
+## Quickstart Guide
+
+1. [Install satellite](https://github.com/t94j0/satellite/wiki/Installation) on Ubuntu using the .deb file
+
+`dpkg -i satellite_X.X.X_linux_amd64.tar.gz`
+
+2. Create file to serve
+
+`echo "<h1>It worked!</h1>" > /var/www/html/index.html`
+
+3. Create filtering file for index.html
+
+`echo -e "authorized_useragents:\n- ayyylmao" > /var/www/html/index.html.info`
+
+4. Run satellite
+
+`systemctl start satellite`
+
+5. Test satellite
+
+This will return **It worked!**
+
+`curl -k -A ayyylmao https://localhost/`
+
+This will not
+
+`curl -k https://localhost`
+
+
+## Example Usage
+
+To get hands-on experience with the options, check out the [examples](https://github.com/t94j0/satellite/tree/master/examples) folder. Replace your `server_root` with the sub-folder and try out the options.
+
+
+## Wiki
+
+For a more detailed explaination of how to use satellite, check out the [wiki](https://github.com/t94j0/satellite/wiki)
+
+
+## Projects Used:
+
+* [JA3 Server][ja3server]
+* [MaxMind](https://www.maxmind.com/en/geoip2-databases)
+
+[go]: https://golang.org/dl/
+[ja3]: https://github.com/salesforce/ja3
+[ja3server]: https://github.com/CapacitorSet/ja3-server
+[server header]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server
+[contenttype]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type
+[issue]: https://golang.org/src/net/http/httputil/reverseproxy.go?s=3330:3391#307

crypto/internal/cipherhw/asm_amd64.s

@@ -0,0 +1,17 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+#include "textflag.h"
+
+// func hasAESNI() bool
+TEXT ·hasAESNI(SB),NOSPLIT,$0
+	XORQ AX, AX
+	INCL AX
+	CPUID
+	SHRQ $25, CX
+	ANDQ $1, CX
+	MOVB CX, ret+0(FP)
+	RET

crypto/internal/cipherhw/asm_s390x.s

@@ -0,0 +1,44 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,!gccgo,!appengine
+
+#include "textflag.h"
+
+// func hasHWSupport() bool
+TEXT ·hasHWSupport(SB),NOSPLIT,$16-1
+	XOR	R0, R0          // set function code to 0 (query)
+	LA	mask-16(SP), R1 // 16-byte stack variable for mask
+	MOVD	$(0x38<<40), R3 // mask for bits 18-20 (big endian)
+
+	// check for KM AES functions
+	WORD	$0xB92E0024 // cipher message (KM)
+	MOVD	mask-16(SP), R2
+	AND	R3, R2
+	CMPBNE	R2, R3, notfound
+
+	// check for KMC AES functions
+	WORD	$0xB92F0024 // cipher message with chaining (KMC)
+	MOVD	mask-16(SP), R2
+	AND	R3, R2
+	CMPBNE	R2, R3, notfound
+
+	// check for KMCTR AES functions
+	WORD	$0xB92D4024 // cipher message with counter (KMCTR)
+	MOVD	mask-16(SP), R2
+	AND	R3, R2
+	CMPBNE	R2, R3, notfound
+
+	// check for KIMD GHASH function
+	WORD	$0xB93E0024    // compute intermediate message digest (KIMD)
+	MOVD	mask-8(SP), R2 // bits 64-127
+	MOVD	$(1<<62), R5
+	AND	R5, R2
+	CMPBNE	R2, R5, notfound
+
+	MOVB	$1, ret+0(FP)
+	RET
+notfound:
+	MOVB	$0, ret+0(FP)
+	RET

crypto/internal/cipherhw/cipherhw_amd64.go

@@ -0,0 +1,16 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+package cipherhw
+
+// defined in asm_amd64.s
+func hasAESNI() bool
+
+// AESGCMSupport returns true if the Go standard library supports AES-GCM in
+// hardware.
+func AESGCMSupport() bool {
+	return hasAESNI()
+}

crypto/internal/cipherhw/cipherhw_s390x.go

@@ -0,0 +1,18 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,!gccgo,!appengine
+
+package cipherhw
+
+// hasHWSupport reports whether the AES-128, AES-192 and AES-256 cipher message
+// (KM) function codes are supported. Note that this function is expensive.
+// defined in asm_s390x.s
+func hasHWSupport() bool
+
+var hwSupport = hasHWSupport()
+
+func AESGCMSupport() bool {
+	return hwSupport
+}

crypto/internal/cipherhw/doc.go

@@ -0,0 +1,7 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cipherhw exposes common functions for detecting whether hardware
+// support for certain ciphers and authenticators is present.
+package cipherhw

crypto/internal/cipherhw/generic.go

@@ -0,0 +1,11 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64,!s390x gccgo appengine
+
+package cipherhw
+
+func AESGCMSupport() bool {
+	return false
+}