app.service namespace


app.service.app_svc module

class app.service.app_svc.AppService(application)

Bases: app.service.interfaces.i_app_svc.AppServiceInterface, app.utility.base_service.BaseService

property errors

Locate a given link by its unique property :param unique: :return:

Locate an operation with the given link ID :param link_id: :return: Operation or None

async load_plugin_expansions(plugins=())
async load_plugins(plugins)

Store all plugins in the data store :return:

async register_contacts()
async resume_operations()

Resume all unfinished operations :return: None

async retrieve_compiled_file(name, platform)
async run_scheduler()

Kick off all scheduled jobs, as their schedule determines :return:

async start_sniffer_untrusted_agents()

Cyclic function that repeatedly checks if there are agents to be marked as untrusted :return: None

async teardown(main_config_file='default')
async validate_requirement(requirement, params)
async validate_requirements()
class app.service.app_svc.Error(name, msg)

Bases: tuple

property msg

Alias for field number 1

property name

Alias for field number 0

app.service.auth_svc module

class app.service.auth_svc.AuthService

Bases: app.service.interfaces.i_auth_svc.AuthServiceInterface, app.utility.base_service.BaseService

class User(username, password, permissions)

Bases: tuple

property password

Alias for field number 1

property permissions

Alias for field number 2

property username

Alias for field number 0

async apply(app, users)

Set up security on server boot :param app: :param users: :return: None

async check_permissions(group, request)

Check if a request is allowed based on the user permissions :param group: :param request: :return: None

async get_permissions(request)
async login_user(request)

Log a user in and save the session :param request: :return: the response/location of where the user is trying to navigate

async static logout_user(request)

Log the user out :param request: :return: None

class app.service.auth_svc.DictionaryAuthorizationPolicy(user_map)


async authorized_userid(identity)

Retrieve authorized user id. Return the user_id of the user identified by the identity or ‘None’ if no user exists related to the identity.

async permits(identity, permission, context=None)

Check user permissions. Return True if the identity is allowed the permission in the current context, else return False.


Authorization Decorator This requires that the calling class have self.auth_svc set to the authentication service.


class decorator – adds decorator to all public methods

app.service.contact_svc module

class app.service.contact_svc.ContactService

Bases: app.service.interfaces.i_contact_svc.ContactServiceInterface, app.utility.base_service.BaseService

async build_filename()
async get_contact(name)
async handle_heartbeat(**kwargs)
async register(contact)

Register a virtual subclass of an ABC.

Returns the subclass, to allow usage as a class decorator.

app.service.data_svc module

class app.service.data_svc.DataService

Bases: app.service.interfaces.i_data_svc.DataServiceInterface, app.utility.base_service.BaseService

async apply(collection)

Add a new collection to RAM :param collection: :return:

async static destroy()

Clear out all data :return:

async load_data(plugins=())

Non-blocking read all the data sources to populate the object store :return: None

async locate(object_name, match=None)

Find all c_objects which match a search. Return all c_objects if no match. :param object_name: :param match: dict() :return: a list of c_object types

async reload_data(plugins=())

Blocking read all the data sources to populate the object store :return: None

async remove(object_name, match)

Remove any c_objects which match a search :param object_name: :param match: dict() :return:

async restore_state()

Restore the object database


async save_state()

Accept all components of an agent profile and save a new agent or register an updated heartbeat. :return: the agent object, instructions to execute

async store(c_object)

Accept any c_object type and store it (create/update) in RAM :param c_object: :return: a single c_object

app.service.event_svc module

class app.service.event_svc.EventService

Bases: app.service.interfaces.i_event_svc.EventServiceInterface, app.utility.base_service.BaseService

async fire_event(event, **callback_kwargs)

Fire an event :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback_kwargs: Any additional parameters to pass to the event handler :return: None

async handle_exceptions(awaitable)
async observe_event(event, callback)

Register an event handler :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback: The function that will handle the event :return: None

app.service.file_svc module

class app.service.file_svc.FileSvc

Bases: app.service.interfaces.i_file_svc.FileServiceInterface, app.utility.base_service.BaseService

async add_special_payload(name, func)

Call a special function when specific payloads are downloaded

  • name

  • func


async compile_go(platform, output, src_fle, arch='amd64', ldflags='-s -w', cflags='', buildmode='', build_dir='.', loop=None)

Dynamically compile a go file :param platform: :param output: :param src_fle: :param arch: Compile architecture selection (defaults to AMD64) :param ldflags: A string of ldflags to use when building the go executable :param cflags: A string of CFLAGS to pass to the go compiler :param buildmode: GO compiler buildmode flag :param build_dir: The path to build should take place in :return:

async create_exfil_sub_directory(dir_name)
async find_file_path(name, location='')

Find the location on disk of a file by name. :param name: :param location: :return: a tuple: the plugin the file is found in & the relative file path

async get_file(headers)

Retrieve file :param headers: headers dictionary. The file key is REQUIRED. :type headers: dict or dict-equivalent :return: File contents and optionally a display_name if the payload is a special payload :raises: KeyError if file key is not provided, FileNotFoundError if file cannot be found

async read_file(name, location='payloads')

Open a file and read the contents :param name: :param location: :return: a tuple (file_path, contents)

read_result_file(link_id, location='data/results')

Read a result file. If file encryption is enabled, this method will return the plaintext content. :param link_id: The id of the link to return results from. :param location: The path to results directory. :return:

async save_file(filename, payload, target_dir)
async save_multipart_file_upload(request, target_dir)

Accept a multipart file via HTTP and save it to the server :param request: :param target_dir: The path of the directory to save the uploaded file to.

write_result_file(link_id, output, location='data/results')

Writes the results of a link execution to disk. If file encryption is enabled, the results file will contain ciphertext. :param link_id: The link id of the result being written. :param output: The content of the link’s output. :param location: The path to the results directory. :return:

app.service.learning_svc module

class app.service.learning_svc.LearningService

Bases: app.service.interfaces.i_learning_svc.LearningServiceInterface, app.utility.base_service.BaseService

static add_parsers(directory)
async build_model()

The model is a static set of all variables used inside all ability commands This can be used to determine which facts - when found together - are more likely to be used together :return:

async learn(facts, link, blob)

app.service.planning_svc module

class app.service.planning_svc.PlanningService

Bases: app.service.interfaces.i_planning_svc.PlanningServiceInterface, app.utility.base_planning_svc.BasePlanningService

async add_ability_to_bucket(ability, bucket)

Adds bucket tag to ability

async check_stopping_conditions(stopping_conditions, operation)

Checks whether an operation has collected the proper facts to trigger this planner’s stopping conditions


True if all stopping conditions have been met, False if all stopping conditions have not

been met

async default_next_bucket(current_bucket, state_machine)

Returns next bucket as specified in planner’s defined bucket state machine. Loops from last bucket to first.

async execute_planner(planner)

Default planner execution flow. Progress from bucket to bucket. Will stop execution for these conditions:

  • All buckets have been executed.

  • Planner stopping conditions have been met.

  • Operation was halted from external/UI input.

NOTE: Do NOT call wait-for-link-completion functions here. Let the planner decide to do that within its bucket functions, and/or there are other planning_svc utilities for the bucket functions to use to do so.

async exhaust_bucket(planner, bucket, operation, agent=None, batch=False, condition_stop=True)

Apply all links for specified bucket. Blocks until all links are completed, either after batch push, or seperately for every pushed link.

  • planner

  • bucket

  • operation

  • agent

  • batch – (bool) ‘True’ - push all bucket links immediately. Will check if operation has been stopped(by user) after all bucket links complete. ‘False’ will push links one at a time, and wait for each to complete. Will check if operation has been stopped(by user) after each single link is completed.

  • condition_stop – (bool) check and respect stopping conditions


For a given operation, create all cleanup links. If agent is supplied, only return cleanup links for that agent. :param operation: :param agent: :return: None

For an operation and agent combination, create links (that can be executed). When no agent is supplied, links for all agents are returned

  • operation

  • bucket – ‘None’ - no buckets, get all links for given operation, agent, trim setting ‘<bucket>’ - get links for specified bucket for given trim setting

  • agent

  • trim – call trim_links() on list of links before returning

  • planner


a list of links

Sort links by their score then by the order they are defined in an adversary profile

async update_stopping_condition_met(planner, operation)

app.service.rest_svc module

class app.service.rest_svc.RestService

Bases: app.service.interfaces.i_rest_svc.RestServiceInterface, app.utility.base_service.BaseService

async construct_agents_for_group(group)
async create_operation(access, data)
async create_schedule(access, data)
async delete_ability(data)
async delete_adversary(data)
async delete_agent(data)
async delete_operation(data)
async display_objects(object_name, data)
async display_operation_report(data)
async display_result(data)
async download_contact_report(contact)
async find_abilities(paw)
async list_payloads()
async persist_ability(data)
async persist_adversary(data)

Save a new adversary from either the GUI or REST API. This writes a new YML file into the core data/ directory. :param data: :return: the ID of the created adversary

async persist_source(data)
async task_agent_with_ability(paw, ability_id, facts=())
async update_agent_data(data)
async update_chain_data(data)
async update_config(data)
async update_operation(op_id, state=None, autonomous=None, obfuscator=None)
async update_planner(data)

Update a new planner from either the GUI or REST API with new stopping conditions. This overwrites the existing YML file. :param data: :return: the ID of the created adversary