feat(module): consolidate module commands under parent and add unload

Refactor flat module commands (list_module, load_module, refresh_module,
clear) into a unified `module` parent with subcommands: list, load,
unload, refresh, clear.

Add `module unload` to unload a plugin bundle by name. Add bundle_map
to Modules proto for module-to-bundle mapping in `module list` output.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: M09Ic

client/command/modules/commands.go

@@ -16,76 +16,84 @@ import (
 )
 
 func Commands(con *core.Console) []*cobra.Command {
-	listModuleCmd := &cobra.Command{
-		Use:   consts.ModuleListModule,
+	moduleCmd := &cobra.Command{
+		Use:   consts.CommandModule,
+		Short: "Module management",
+	}
+
+	listCmd := &cobra.Command{
+		Use:   "list",
 		Short: "List modules",
-		// Long:  help.FormatLongHelp(consts.ModuleListModule),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return ListModulesCmd(cmd, con)
 		},
 	}
 
-	loadModuleCmd := &cobra.Command{
-		Use:   consts.ModuleLoadModule + " [module_file]",
+	loadCmd := &cobra.Command{
+		Use:   "load [module_file]",
 		Short: "Load module",
-		// Long:  help.FormatLongHelp(consts.ModuleLoadModule),duan
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return LoadModuleCmd(cmd, con)
 		},
 		Example: `load module from malefic-modules
-before loading, you can list the current modules: 
+before loading, you can list the current modules:
 ~~~
-execute_addon,exec ...
+module list
 ~~~
 then you can load module
 ~~~
-load_module --path <module_file.dll>
+module load --path <module_file.dll>
 ~~~
-you can see more modules loaded by list_module
+you can see more modules loaded by module list
 ~~~
 execute_addon,clear,ps,powershell...
 ~~~
-`}
-
-	common.BindFlag(loadModuleCmd, func(f *pflag.FlagSet) {
+`,
+	}
+	common.BindFlag(loadCmd, func(f *pflag.FlagSet) {
 		f.String("path", "", "module path")
 		f.String("modules", "", "modules list,eg: basic,extend")
 		f.StringP("bundle", "", "", "bundle name")
 		f.String("3rd", "", "build 3rd-party modules")
 		f.String("artifact", "", "exist module artifact")
 	})
-	common.BindFlagCompletions(loadModuleCmd, func(comp carapace.ActionMap) {
+	common.BindFlagCompletions(loadCmd, func(comp carapace.ActionMap) {
 		comp["path"] = carapace.ActionFiles()
 		comp["modules"] = common.ModulesCompleter()
 		comp["artifact"] = common.ModuleArtifactsCompleter(con)
 	})
-	common.BindArgCompletions(loadModuleCmd, nil,
+	common.BindArgCompletions(loadCmd, nil,
 		carapace.ActionFiles().Usage("path to the module file"))
 
-	refreshModuleCmd := &cobra.Command{
-		Use:   consts.ModuleRefreshModule,
+	unloadCmd := &cobra.Command{
+		Use:   "unload [bundle_name]",
+		Short: "Unload a module bundle by name",
+		Args:  cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return UnloadModuleCmd(cmd, con)
+		},
+	}
+	common.BindArgCompletions(unloadCmd, nil,
+		common.SessionModuleCompleter(con).Usage("bundle name to unload"))
+
+	refreshCmd := &cobra.Command{
+		Use:   "refresh",
 		Short: "Refresh module",
-		// Long:  help.FormatLongHelp(consts.ModuleRefreshModule),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return RefreshModuleCmd(cmd, con)
 		},
 	}
 
 	clearCmd := &cobra.Command{
-		Use:   consts.ModuleClear,
-		Short: "Clear modules",
-		// Long:  help.FormatLongHelp(consts.ModuleClear),
+		Use:   "clear",
+		Short: "Clear all modules",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return ClearCmd(cmd, con)
 		},
 	}
 
-	return []*cobra.Command{
-		listModuleCmd,
-		loadModuleCmd,
-		refreshModuleCmd,
-		clearCmd,
-	}
+	moduleCmd.AddCommand(listCmd, loadCmd, unloadCmd, refreshCmd, clearCmd)
+	return []*cobra.Command{moduleCmd}
 }
 
 func Register(con *core.Console) {
@@ -108,17 +116,21 @@ func Register(con *core.Console) {
 			var rowEntries []table.Row
 			var row table.Row
 			tableModel := tui.NewTable([]table.Column{
-				table.NewFlexColumn("Module", "Module", 1),
-				table.NewFlexColumn("Help", "Help", 2),
+				table.NewFlexColumn("Module", "Module", 2),
+				table.NewFlexColumn("Bundle", "Bundle", 1),
+				table.NewFlexColumn("Help", "Help", 3),
 			}, true)
+			bundleMap := modules.GetBundleMap()
 			for _, module := range modules.GetModules() {
 				var short string
 				if cmd := con.CMDs[module]; cmd != nil {
 					short = cmd.Short
 				}
+				bundle := bundleMap[module]
 				row = table.NewRow(
 					table.RowData{
 						"Module": module,
+						"Bundle": bundle,
 						"Help":   short,
 					})
 				rowEntries = append(rowEntries, row)
@@ -152,6 +164,61 @@ func Register(con *core.Console) {
 		},
 		[]string{"task"})
 
+	con.RegisterImplantFunc(
+		consts.ModuleUnloadModule,
+		unloadModule,
+		"",
+		nil,
+		func(ctx *clientpb.TaskContext) (interface{}, error) {
+			resp := ctx.Spite.GetModules()
+			ctx.Session.Modules = resp.Modules
+			con.RefreshCmd(con.AddSession(ctx.Session))
+			return resp.Modules, nil
+		},
+		func(content *clientpb.TaskContext) (string, error) {
+			modules := content.Spite.GetModules()
+			remaining := modules.GetModules()
+			if len(remaining) == 0 {
+				return "All modules unloaded.", nil
+			}
+
+			var rowEntries []table.Row
+			var row table.Row
+			tableModel := tui.NewTable([]table.Column{
+				table.NewFlexColumn("Module", "Module", 2),
+				table.NewFlexColumn("Bundle", "Bundle", 1),
+				table.NewFlexColumn("Help", "Help", 3),
+			}, true)
+			bundleMap := modules.GetBundleMap()
+			for _, module := range remaining {
+				var short string
+				if cmd := con.CMDs[module]; cmd != nil {
+					short = cmd.Short
+				}
+				bundle := bundleMap[module]
+				row = table.NewRow(
+					table.RowData{
+						"Module": module,
+						"Bundle": bundle,
+						"Help":   short,
+					})
+				rowEntries = append(rowEntries, row)
+			}
+			tableModel.SetMultiline()
+			tableModel.SetRows(rowEntries)
+			return "Unloaded successfully. Remaining modules:\n" + tableModel.View(), nil
+		})
+
+	con.AddCommandFuncHelper(
+		consts.ModuleUnloadModule,
+		consts.ModuleUnloadModule,
+		consts.ModuleUnloadModule+"(active(),\"bundle_name\")",
+		[]string{
+			"session: special session",
+			"bundle: bundle name to unload",
+		},
+		[]string{"task"})
+
 	con.RegisterImplantFunc(
 		consts.ModuleRefreshModule,
 		refreshModule,
@@ -173,7 +240,7 @@ func Register(con *core.Console) {
 		},
 		[]string{"task"})
 
-	//clear
+	// clear
 	con.RegisterImplantFunc(
 		consts.ModuleClear,
 		clearAll,

client/command/modules/modules_test.go

@@ -20,7 +20,7 @@ func TestLoadModuleFromPath(t *testing.T) {
 		t.Fatalf("WriteFile failed: %v", err)
 	}
 
-	if err := h.Execute(consts.ModuleLoadModule, "--path", path); err != nil {
+	if err := h.Execute(consts.CommandModule, "load", "--path", path); err != nil {
 		t.Fatalf("Execute failed: %v", err)
 	}
 
@@ -45,7 +45,7 @@ func TestLoadModuleFromArtifactDownloadsThenLoads(t *testing.T) {
 		}, nil
 	})
 
-	if err := h.Execute(consts.ModuleLoadModule, "--artifact", "artifact-module.dll"); err != nil {
+	if err := h.Execute(consts.CommandModule, "load", "--artifact", "artifact-module.dll"); err != nil {
 		t.Fatalf("Execute failed: %v", err)
 	}
 
@@ -87,7 +87,7 @@ func TestLoadModuleBuildUsesSelectedModules(t *testing.T) {
 		}, nil
 	})
 
-	if err := h.Execute(consts.ModuleLoadModule, "--modules", "nano, execute_dll"); err != nil {
+	if err := h.Execute(consts.CommandModule, "load", "--modules", "nano, execute_dll"); err != nil {
 		t.Fatalf("Execute failed: %v", err)
 	}
 
@@ -139,7 +139,7 @@ func TestLoadModuleBuildUsesSelectedModules(t *testing.T) {
 func TestLoadModuleBuildUsesThirdPartySelection(t *testing.T) {
 	h := testsupport.NewHarness(t)
 
-	if err := h.Execute(consts.ModuleLoadModule, "--3rd", "rem"); err != nil {
+	if err := h.Execute(consts.CommandModule, "load", "--3rd", "rem"); err != nil {
 		t.Fatalf("Execute failed: %v", err)
 	}
 
@@ -174,7 +174,7 @@ func TestLoadModuleBuildErrorsPropagate(t *testing.T) {
 		return nil, context.DeadlineExceeded
 	})
 
-	err := h.Execute(consts.ModuleLoadModule, "--modules", "nano")
+	err := h.Execute(consts.CommandModule, "load", "--modules", "nano")
 	if err == nil || err != context.DeadlineExceeded {
 		t.Fatalf("Execute error = %v, want %v", err, context.DeadlineExceeded)
 	}
@@ -192,7 +192,7 @@ func TestLoadModuleBuildErrorsPropagate(t *testing.T) {
 func TestLoadModuleRejectsMutuallyExclusiveSelectors(t *testing.T) {
 	h := testsupport.NewHarness(t)
 
-	err := h.Execute(consts.ModuleLoadModule, "--modules", "nano", "--3rd", "rem")
+	err := h.Execute(consts.CommandModule, "load", "--modules", "nano", "--3rd", "rem")
 	if err == nil {
 		t.Fatal("expected mutually exclusive selector error")
 	}
@@ -207,7 +207,7 @@ func TestLoadModuleRejectsMutuallyExclusiveSelectors(t *testing.T) {
 func TestLoadModuleRejectsMultipleInputSources(t *testing.T) {
 	h := testsupport.NewHarness(t)
 
-	err := h.Execute(consts.ModuleLoadModule, "--artifact", "module.dll", "--modules", "nano")
+	err := h.Execute(consts.CommandModule, "load", "--artifact", "module.dll", "--modules", "nano")
 	if err == nil {
 		t.Fatal("expected multiple input source error")
 	}
@@ -222,7 +222,7 @@ func TestLoadModuleRejectsMultipleInputSources(t *testing.T) {
 func TestLoadModuleRequiresOneSource(t *testing.T) {
 	h := testsupport.NewHarness(t)
 
-	err := h.Execute(consts.ModuleLoadModule)
+	err := h.Execute(consts.CommandModule, "load")
 	if err == nil {
 		t.Fatal("expected missing source error")
 	}
@@ -234,6 +234,25 @@ func TestLoadModuleRequiresOneSource(t *testing.T) {
 	testsupport.RequireNoSessionEvents(t, h)
 }
 
+func TestUnloadModule(t *testing.T) {
+	h := testsupport.NewHarness(t)
+
+	if err := h.Execute(consts.CommandModule, "unload", "execute_dll"); err != nil {
+		t.Fatalf("Execute failed: %v", err)
+	}
+
+	req, md := testsupport.MustSingleCall[*implantpb.Request](t, h, "UnloadModule")
+	if req.Name != consts.ModuleUnloadModule {
+		t.Fatalf("request name = %q, want %q", req.Name, consts.ModuleUnloadModule)
+	}
+	if req.Input != "execute_dll" {
+		t.Fatalf("request input = %q, want execute_dll", req.Input)
+	}
+	testsupport.RequireSessionID(t, md, h.Session.SessionId)
+	testsupport.RequireCallee(t, md, consts.CalleeCMD)
+	assertSingleTaskEvent(t, h, consts.ModuleUnloadModule)
+}
+
 func assertSingleTaskEvent(t testing.TB, h *testsupport.Harness, wantType string) {
 	t.Helper()
 

client/command/modules/unload.go

@@ -0,0 +1,29 @@
+package modules
+
+import (
+	"github.com/chainreactors/IoM-go/client"
+	"github.com/chainreactors/IoM-go/consts"
+	"github.com/chainreactors/IoM-go/proto/client/clientpb"
+	"github.com/chainreactors/IoM-go/proto/implant/implantpb"
+	"github.com/chainreactors/IoM-go/proto/services/clientrpc"
+	"github.com/chainreactors/malice-network/client/core"
+	"github.com/spf13/cobra"
+)
+
+func UnloadModuleCmd(cmd *cobra.Command, con *core.Console) error {
+	bundleName := cmd.Flags().Args()[0]
+	session := con.GetInteractive()
+	task, err := unloadModule(con.Rpc, session, bundleName)
+	if err != nil {
+		return err
+	}
+	session.Console(task, string(*con.App.Shell().Line()))
+	return nil
+}
+
+func unloadModule(rpc clientrpc.MaliceRPCClient, session *client.Session, bundle string) (*clientpb.Task, error) {
+	return rpc.UnloadModule(session.Context(), &implantpb.Request{
+		Name:  consts.ModuleUnloadModule,
+		Input: bundle,
+	})
+}

external/IoM-go

@@ -54,6 +54,15 @@ func (rpc *Server) RefreshModule(ctx context.Context, req *implantpb.Request) (*
 	})
 }
 
+func (rpc *Server) UnloadModule(ctx context.Context, req *implantpb.Request) (*clientpb.Task, error) {
+	if req == nil {
+		return nil, types.ErrMissingRequestField
+	}
+	return rpc.AssertAndHandleWithSession(ctx, req, consts.ModuleUnloadModule, types.MsgListModule, func(greq *GenericRequest, spite *implantpb.Spite) {
+		applyModulesResponse(greq.Session, spite, false)
+	})
+}
+
 func (rpc *Server) Clear(ctx context.Context, req *implantpb.Request) (*clientpb.Task, error) {
 	return rpc.AssertAndHandle(ctx, req, consts.ModuleClear, types.MsgEmpty)
 }