- Notifications
You must be signed in to change notification settings - Fork0
Windows Shortcut parser and generator (WIP)
License
hacklab-esgi/LNKat
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
,-. _,---._ __ / \ / ) .-' `./ / \( ( ,' `/ /| \ `-" \'\ / | `. , \ \ / | /`. ,'-`----Y | ( ; | ' | ,-. ,-' | / | | ( | LNKat | / ) | \ `.___________|/ `--' `--'The goal to develop LNKat is to get a versatil tool which can be used for :
- Malware triage : read and analyse LNK files
- Offensive tactics : generate malicious
.lnkpayloads
And it would be create to provide an API to be integred with other tools.
Couldn't find any viable tool on Linux to generate malicious LNK files.
And I wanna play with theconstruct library and therye tooling.
The generator capability would be useful to build any kind of LNK-related attacks.
The recommanded way is to usepipx :
pipx install git+https://github.com/hacklab-esgi/LNKat
Once installed on your system, use the following command to analyse:
lnkat<file_path>
Test with our samples :
lnkat samples/calc.exe.lnk
First milestone for parsing ability :
- Read
SHELL_LINK_HEADER - Read
LINKTARGET_IDLIST- Documented structures
- Undocumented structures
- Read
LINKINFO - Read
STRING_DATA - Read
EXTRA_DATA - Provide an initial clean output
Second milestone for generation ability:
- Generate a file with "default" values
- Custom target path
- Custom icon path
- More to come
Third milestone for QoL :
- Python API to use LNKat as a library
- Generate HTML reports
- Modify existing file as
cat input.lnk | lnkat.py > output.lnk - Configuration files
- More to come
This project is usingrye for project and package management.
All the parsing logicmust be written insideConstruct's structs, mostly using theAdapter class.
Please review the contribution guideCONTRIBUTING.md.
Distributed under the MIT License. SeeLICENSE for more information.
- https://github.com/strayge/pylnk : For inspiration and undocumented structures