app.utility namespace¶
Submodules¶
app.utility.base_obfuscator module¶
-
class
app.utility.base_obfuscator.
BaseObfuscator
(agent)¶ Bases:
app.utility.base_world.BaseWorld
-
run
(link, **kwargs)¶
-
app.utility.base_object module¶
app.utility.base_parser module¶
-
class
app.utility.base_parser.
BaseParser
(parser_info)¶ Bases:
object
-
static
broadcastip
(blob)¶
-
static
email
(blob)¶ Parse out email addresses :param blob: :return:
-
static
filename
(blob)¶ Parse out filenames :param blob: :return:
-
static
ip
(blob)¶
-
static
line
(blob)¶ Split a blob by line :param blob: :return:
-
static
load_json
(blob)¶
-
static
set_value
(search, match, used_facts)¶ Determine the value of a source/target for a Relationship :param search: a fact property to look for; either a source or target fact :param match: a parsing match :param used_facts: a list of facts that were used in a command :return: either None, the value of a matched used_fact, or the parsing match
-
static
app.utility.base_planning_svc module¶
-
class
app.utility.base_planning_svc.
BasePlanningService
¶ Bases:
app.utility.base_service.BaseService
-
add_test_variants
(links, agent, facts=(), rules=())¶ Create a list of all possible links for a given set of templates
Parameters: - links –
- agent –
- facts –
- rules –
Returns: updated list of links
-
obfuscate_commands
(agent, obfuscator, links)¶
-
re_index
= re.compile('(?<=\\[filters\\().+?(?=\\)\\])')¶
-
re_limited
= re.compile('#{.*\\[*\\]}')¶
-
re_trait
= re.compile('(?<=\\{).+?(?=\\[)')¶
-
re_variable
= re.compile('#{(.*?)}', re.DOTALL)¶
-
static
remove_completed_links
(operation, agent, links)¶ Remove any links that have already been completed by the operation for the agent
Parameters: - operation –
- links –
- agent –
Returns: updated list of links
-
static
remove_links_above_visibility
(links, operation)¶
-
static
remove_links_missing_facts
(links)¶ Remove any links that did not have facts encoded into command
Parameters: links – Returns: updated list of links
-
remove_links_missing_requirements
(links, operation)¶
-
trim_links
(operation, links, agent)¶ - Trim links in supplied list. Where ‘trim’ entails:
- adding all possible test variants
- removing completed links (i.e. agent has already completed)
- removing links that did not have template fact variables replaced by fact values
Parameters: - operation –
- links –
- agent –
Returns: trimmed list of links
-
app.utility.base_service module¶
-
class
app.utility.base_service.
BaseService
¶ Bases:
app.utility.base_world.BaseWorld
-
add_service
(name, svc)¶
-
classmethod
get_service
(name)¶
-
classmethod
get_services
()¶
-
app.utility.base_world module¶
-
class
app.utility.base_world.
BaseWorld
¶ Bases:
object
A collection of base static functions for service & object module usage
-
static
apply_config
(name, config)¶
-
static
create_logger
(name)¶
-
static
decode_bytes
(s)¶
-
static
encode_string
(s)¶
-
static
generate_name
(size=16)¶
-
static
generate_number
(size=6)¶
-
static
get_config
(prop=None, name=None)¶
-
static
get_current_timestamp
(date_format='%Y-%m-%d %H:%M:%S')¶
-
static
get_version
(path='.')¶
-
static
is_base64
(s)¶
-
static
is_uuid4
(s)¶
-
static
jitter
(fraction)¶
-
static
load_module
(module_type, module_info)¶
-
static
prepend_to_file
(filename, line)¶
-
re_base64
= re.compile('[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}', re.DOTALL)¶
-
static
set_config
(name, prop, value)¶
-
static
strip_yml
(path)¶
-
static
walk_file_path
(path, target)¶
-
static
app.utility.file_decryptor module¶
-
app.utility.file_decryptor.
decrypt
(filename, configuration, output_file=None, b64decode=False)¶
-
app.utility.file_decryptor.
get_encryptor
(salt, key)¶
-
app.utility.file_decryptor.
read
(filename, encryptor)¶
app.utility.payload_encoder module¶
This module contains helper functions for encoding and decoding payload files.
If AV is running on the server host, then it may sometimes flag, quarantine, or delete CALDERA payloads. To help prevent this, encoded payloads can be used to prevent AV from breaking the server. The convention expected by the server is that encoded payloads will be XOR’ed with the DEFAULT_KEY contained in the payload_encoder.py module.
Additionally, payload_encoder.py can be used from the command-line to add a new encoded payload.
`
python /path/to/payload_encoder.py input_file output_file
`
NOTE: In order for the server to detect the availability of an encoded payload, the payload file’s name must end in the .xored extension.
-
app.utility.payload_encoder.
xor_bytes
(in_bytes, key=None)¶
-
app.utility.payload_encoder.
xor_file
(input_file, output_file=None, key=None)¶