,-. _,---._ __ / \
/ ) .-' `./ / \
( ( ,' `/ /|
\ `-" \'\ / |
`. , \ \ / |
/`. ,'-`----Y |
( ; | '
| ,-. ,-' | /
| | ( | LNKat | /
) | \ `.___________|/
`--' `--'
The goal to develop LNKat is to get a versatil tool which can be used for :
- Malware triage : read and analyse LNK files
- Offensive tactics : generate malicious
.lnkpayloads
And it would be create to provide an API to be integred with other tools.
Couldn't find any viable tool on Linux to generate malicious LNK files.
And I wanna play with the construct library and the rye tooling.
The generator capability would be useful to build any kind of LNK-related attacks.
The recommanded way is to use pipx :
pipx install git+https://github.com/hacklab-esgi/LNKatOnce installed on your system, use the following command to analyse:
lnkat <file_path>Test with our samples :
lnkat samples/calc.exe.lnkFirst milestone for parsing ability :
- Read
SHELL_LINK_HEADER - Read
LINKTARGET_IDLIST- Documented structures
- Undocumented structures
- Read
LINKINFO - Read
STRING_DATA - Read
EXTRA_DATA - Provide an initial clean output
Second milestone for generation ability:
- Generate a file with "default" values
- Custom target path
- Custom icon path
- More to come
Third milestone for QoL :
- Python API to use LNKat as a library
- Generate HTML reports
- Modify existing file as
cat input.lnk | lnkat.py > output.lnk - Configuration files
- More to come
This project is using rye for project and package management.
All the parsing logic must be written inside Construct's structs, mostly using the Adapter class.
Please review the contribution guide CONTRIBUTING.md.
Distributed under the MIT License. See LICENSE for more information.
- https://github.com/strayge/pylnk : For inspiration and undocumented structures