diff --git a/artifacts/definitions/Server/Utils/CreateCollector.yaml b/artifacts/definitions/Server/Utils/CreateCollector.yaml index 291882900d..6d0b5c743e 100644 --- a/artifacts/definitions/Server/Utils/CreateCollector.yaml +++ b/artifacts/definitions/Server/Utils/CreateCollector.yaml @@ -54,6 +54,7 @@ parameters: - SFTP - Azure - SMBShare + - WebDAV - name: target_args description: Type Dependent args @@ -239,6 +240,18 @@ parameters: endpoint=TargetArgs.endpoint, hostkey = TargetArgs.hostkey) + - name: WebDAVCollection + type: hidden + default : | + LET upload_file(filename, name, accessor) = upload_webdav( + file=filename, + accessor=accessor, + name=name, + url=TargetArgs.url, + basic_auth_user=TargetArgs.basic_auth_user, + basic_auth_password=TargetArgs.basic_auth_password, + user_agent=TargetArgs.user_agent) + - name: CommonCollections type: hidden default: | @@ -437,7 +450,7 @@ export: | }, "Target": { "description": "The type of collector to use", - "enum": ["ZIP", "GCS", "S3", "Azure", "SMBShare", "SFTP"] + "enum": ["ZIP", "GCS", "S3", "Azure", "SMBShare", "SFTP", "WebDAV"] }, "EncryptionScheme": { "enum": ["None", "X509", "Password", "PGP"], @@ -601,6 +614,26 @@ export: | } } }, + { "description": "Target Args for WebDAVCollection", + "if": { + "properties": { "Target": { "const": "WebDAV" } } + }, + "then": { + "properties": { + "TargetArgs": { + "type": "object", + "properties": { + "url": {"type": "string"}, + "basic_auth_user": {"type": "string"}, + "basic_auth_password": {"type": "string"}, + "user_agent": {"type": "string"} + }, + "additionalProperties": false, + "required": ["url"] + } + } + } + }, { "description": "Target Args for ZIP", "if": { "properties": { "Target": { "const": "ZIP" } } @@ -682,6 +715,9 @@ sources: f = { SELECT SMBCollection + CommonCollections + CloudCollection AS Value FROM scope() WHERE target = "SMBShare" }, + g = { SELECT WebDAVCollection + CommonCollections + CloudCollection AS Value + FROM scope() + WHERE target = "WebDAV" }, z = { SELECT "" AS Value FROM scope() WHERE log(message="Unknown collection type " + target) } ) diff --git a/bin/offline.go b/bin/offline.go index a632d01af7..501aa3de53 100644 --- a/bin/offline.go +++ b/bin/offline.go @@ -44,7 +44,7 @@ Artifacts: Windows.Sysinternals.Autoruns: All: "Y" -# Can be ZIP, GCS, S3, Azure, SMBShare, SFTP +# Can be ZIP, GCS, S3, Azure, SMBShare, SFTP, WebDAV Target: ZIP # When the Target is GCS: @@ -83,6 +83,13 @@ Target: ZIP # endpoint: "" # hostkey: "" +# When the Target is WebDAV +#TargetArgs: +# url: "" +# basic_auth_user: "" +# basic_auth_password: "" +# user_agent: "" + # Can be None, X509 # NOTE: You can unzip the encrypted zip using # velociraptor --config server.config.yaml unzip --dump_dir output file.zip diff --git a/vql/tools/webdav_upload.go b/vql/tools/webdav_upload.go index 1cfe4507b2..97147a1dbc 100644 --- a/vql/tools/webdav_upload.go +++ b/vql/tools/webdav_upload.go @@ -111,7 +111,7 @@ func (self *WebDAVUploadFunction) Call(ctx context.Context, func upload_webdav(ctx context.Context, scope vfilter.Scope, reader io.Reader, - contentLength int64, + size int64, name string, webdavUrl string, basicAuthUser string, @@ -157,7 +157,6 @@ func upload_webdav(ctx context.Context, scope vfilter.Scope, } req.Header.Set("User-Agent", userAgent) - req.ContentLength = contentLength req.SetBasicAuth(basicAuthUser, basicAuthPassword) resp, err := client.Do(req) @@ -175,7 +174,7 @@ func upload_webdav(ctx context.Context, scope vfilter.Scope, return &uploads.UploadResponse{ Path: name, - Size: uint64(contentLength), + Size: uint64(size), }, nil }