app.service namespace¶
Subpackages¶
- app.service.interfaces namespace
- Submodules
- app.service.interfaces.i_app_svc module
- app.service.interfaces.i_auth_svc module
- app.service.interfaces.i_contact_svc module
- app.service.interfaces.i_data_svc module
- app.service.interfaces.i_event_svc module
- app.service.interfaces.i_file_svc module
- app.service.interfaces.i_learning_svc module
- app.service.interfaces.i_planning_svc module
- app.service.interfaces.i_rest_svc module
Submodules¶
app.service.app_svc module¶
-
class
app.service.app_svc.
AppService
(application)¶ Bases:
app.service.interfaces.i_app_svc.AppServiceInterface
,app.utility.base_service.BaseService
-
property
errors
¶
-
async
find_link
(unique)¶ Locate a given link by its unique property :param unique: :return:
-
async
find_op_with_link
(link_id)¶ Locate an operation with the given link ID :param link_id: :return: Operation or None
-
async
load_plugin_expansions
(plugins=())¶
-
async
load_plugins
(plugins)¶ Store all plugins in the data store :return:
-
async
register_contacts
()¶
-
async
resume_operations
()¶ Resume all unfinished operations :return: None
-
async
retrieve_compiled_file
(name, platform)¶
-
async
run_scheduler
()¶ Kick off all scheduled jobs, as their schedule determines :return:
-
async
start_sniffer_untrusted_agents
()¶ Cyclic function that repeatedly checks if there are agents to be marked as untrusted :return: None
-
async
teardown
(main_config_file='default')¶
-
async
validate_requirement
(requirement, params)¶
-
async
validate_requirements
()¶
-
property
app.service.auth_svc module¶
-
class
app.service.auth_svc.
AuthService
¶ Bases:
app.service.interfaces.i_auth_svc.AuthServiceInterface
,app.utility.base_service.BaseService
-
class
User
(username, password, permissions)¶ Bases:
tuple
-
property
password
¶ Alias for field number 1
-
property
permissions
¶ Alias for field number 2
-
property
username
¶ Alias for field number 0
-
property
-
async
apply
(app, users)¶ Set up security on server boot :param app: :param users: :return: None
-
async
check_permissions
(group, request)¶ Check if a request is allowed based on the user permissions :param group: :param request: :return: None
-
async
get_permissions
(request)¶
-
async
login_user
(request)¶ Log a user in and save the session :param request: :return: the response/location of where the user is trying to navigate
-
async static
logout_user
(request)¶ Log the user out :param request: :return: None
-
class
-
class
app.service.auth_svc.
DictionaryAuthorizationPolicy
(user_map)¶ Bases:
aiohttp_security.abc.AbstractAuthorizationPolicy
Retrieve authorized user id. Return the user_id of the user identified by the identity or ‘None’ if no user exists related to the identity.
-
async
permits
(identity, permission, context=None)¶ Check user permissions. Return True if the identity is allowed the permission in the current context, else return False.
Authorization Decorator This requires that the calling class have self.auth_svc set to the authentication service.
-
app.service.auth_svc.
for_all_public_methods
(decorator)¶ class decorator – adds decorator to all public methods
app.service.contact_svc module¶
-
class
app.service.contact_svc.
ContactService
¶ Bases:
app.service.interfaces.i_contact_svc.ContactServiceInterface
,app.utility.base_service.BaseService
-
async
build_filename
()¶
-
async
get_contact
(name)¶
-
async
handle_heartbeat
(**kwargs)¶
-
async
register
(contact)¶ Register a virtual subclass of an ABC.
Returns the subclass, to allow usage as a class decorator.
-
async
-
app.service.contact_svc.
report
(func)¶
app.service.data_svc module¶
-
class
app.service.data_svc.
DataService
¶ Bases:
app.service.interfaces.i_data_svc.DataServiceInterface
,app.utility.base_service.BaseService
-
async
apply
(collection)¶ Add a new collection to RAM :param collection: :return:
-
async static
destroy
()¶ Clear out all data :return:
-
async
load_data
(plugins=())¶ Non-blocking read all the data sources to populate the object store :return: None
-
async
locate
(object_name, match=None)¶ Find all c_objects which match a search. Return all c_objects if no match. :param object_name: :param match: dict() :return: a list of c_object types
-
async
reload_data
(plugins=())¶ Blocking read all the data sources to populate the object store :return: None
-
async
remove
(object_name, match)¶ Remove any c_objects which match a search :param object_name: :param match: dict() :return:
-
async
restore_state
()¶ Restore the object database
- Returns
-
async
save_state
()¶ Accept all components of an agent profile and save a new agent or register an updated heartbeat. :return: the agent object, instructions to execute
-
async
store
(c_object)¶ Accept any c_object type and store it (create/update) in RAM :param c_object: :return: a single c_object
-
async
app.service.event_svc module¶
-
class
app.service.event_svc.
EventService
¶ Bases:
app.service.interfaces.i_event_svc.EventServiceInterface
,app.utility.base_service.BaseService
-
async
fire_event
(event, **callback_kwargs)¶ Fire an event :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback_kwargs: Any additional parameters to pass to the event handler :return: None
-
async
handle_exceptions
(awaitable)¶
-
async
observe_event
(event, callback)¶ Register an event handler :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback: The function that will handle the event :return: None
-
async
app.service.file_svc module¶
-
class
app.service.file_svc.
FileSvc
¶ Bases:
app.service.interfaces.i_file_svc.FileServiceInterface
,app.utility.base_service.BaseService
-
async
add_special_payload
(name, func)¶ Call a special function when specific payloads are downloaded
- Parameters
name –
func –
- Returns
-
async
compile_go
(platform, output, src_fle, arch='amd64', ldflags='-s -w', cflags='', buildmode='', build_dir='.', loop=None)¶ Dynamically compile a go file :param platform: :param output: :param src_fle: :param arch: Compile architecture selection (defaults to AMD64) :param ldflags: A string of ldflags to use when building the go executable :param cflags: A string of CFLAGS to pass to the go compiler :param buildmode: GO compiler buildmode flag :param build_dir: The path to build should take place in :return:
-
async
create_exfil_sub_directory
(dir_name)¶
-
async
find_file_path
(name, location='')¶ Find the location on disk of a file by name. :param name: :param location: :return: a tuple: the plugin the file is found in & the relative file path
-
async
get_file
(headers)¶ Retrieve file :param headers: headers dictionary. The file key is REQUIRED. :type headers: dict or dict-equivalent :return: File contents and optionally a display_name if the payload is a special payload :raises: KeyError if file key is not provided, FileNotFoundError if file cannot be found
-
get_payload_name_from_uuid
(payload)¶
-
async
read_file
(name, location='payloads')¶ Open a file and read the contents :param name: :param location: :return: a tuple (file_path, contents)
-
read_result_file
(link_id, location='data/results')¶ Read a result file. If file encryption is enabled, this method will return the plaintext content. :param link_id: The id of the link to return results from. :param location: The path to results directory. :return:
-
async
save_file
(filename, payload, target_dir)¶
-
async
save_multipart_file_upload
(request, target_dir)¶ Accept a multipart file via HTTP and save it to the server :param request: :param target_dir: The path of the directory to save the uploaded file to.
-
write_result_file
(link_id, output, location='data/results')¶ Writes the results of a link execution to disk. If file encryption is enabled, the results file will contain ciphertext. :param link_id: The link id of the result being written. :param output: The content of the link’s output. :param location: The path to the results directory. :return:
-
async
app.service.learning_svc module¶
-
class
app.service.learning_svc.
LearningService
¶ Bases:
app.service.interfaces.i_learning_svc.LearningServiceInterface
,app.utility.base_service.BaseService
-
static
add_parsers
(directory)¶
-
async
build_model
()¶ The model is a static set of all variables used inside all ability commands This can be used to determine which facts - when found together - are more likely to be used together :return:
-
async
learn
(facts, link, blob)¶
-
static
app.service.planning_svc module¶
-
class
app.service.planning_svc.
PlanningService
¶ Bases:
app.service.interfaces.i_planning_svc.PlanningServiceInterface
,app.utility.base_planning_svc.BasePlanningService
-
async
add_ability_to_bucket
(ability, bucket)¶ Adds bucket tag to ability
-
async
check_stopping_conditions
(stopping_conditions, operation)¶ Checks whether an operation has collected the proper facts to trigger this planner’s stopping conditions
- Returns
True if all stopping conditions have been met, False if all stopping conditions have not
been met
-
async
default_next_bucket
(current_bucket, state_machine)¶ Returns next bucket as specified in planner’s defined bucket state machine. Loops from last bucket to first.
-
async
execute_planner
(planner)¶ Default planner execution flow. Progress from bucket to bucket. Will stop execution for these conditions:
All buckets have been executed.
Planner stopping conditions have been met.
Operation was halted from external/UI input.
NOTE: Do NOT call wait-for-link-completion functions here. Let the planner decide to do that within its bucket functions, and/or there are other planning_svc utilities for the bucket functions to use to do so.
-
async
exhaust_bucket
(planner, bucket, operation, agent=None, batch=False, condition_stop=True)¶ Apply all links for specified bucket. Blocks until all links are completed, either after batch push, or seperately for every pushed link.
- Parameters
planner –
bucket –
operation –
agent –
batch – (bool) ‘True’ - push all bucket links immediately. Will check if operation has been stopped(by user) after all bucket links complete. ‘False’ will push links one at a time, and wait for each to complete. Will check if operation has been stopped(by user) after each single link is completed.
condition_stop – (bool) check and respect stopping conditions
- Returns
-
async
generate_and_trim_links
(agent, operation, abilities, trim=True)¶
-
async
get_cleanup_links
(operation, agent=None)¶ For a given operation, create all cleanup links. If agent is supplied, only return cleanup links for that agent. :param operation: :param agent: :return: None
-
async
get_links
(operation, buckets=None, agent=None, trim=True, planner=None)¶ For an operation and agent combination, create links (that can be executed). When no agent is supplied, links for all agents are returned
- Parameters
operation –
bucket – ‘None’ - no buckets, get all links for given operation, agent, trim setting ‘<bucket>’ - get links for specified bucket for given trim setting
agent –
trim – call trim_links() on list of links before returning
planner –
- Returns
a list of links
-
async static
sort_links
(links)¶ Sort links by their score then by the order they are defined in an adversary profile
-
async
update_stopping_condition_met
(planner, operation)¶
-
async
app.service.rest_svc module¶
-
class
app.service.rest_svc.
RestService
¶ Bases:
app.service.interfaces.i_rest_svc.RestServiceInterface
,app.utility.base_service.BaseService
-
async
apply_potential_link
(link)¶
-
async
construct_agents_for_group
(group)¶
-
async
create_operation
(access, data)¶
-
async
create_schedule
(access, data)¶
-
async
delete_ability
(data)¶
-
async
delete_adversary
(data)¶
-
async
delete_agent
(data)¶
-
async
delete_operation
(data)¶
-
async
display_objects
(object_name, data)¶
-
async
display_operation_report
(data)¶
-
async
display_result
(data)¶
-
async
download_contact_report
(contact)¶
-
async
find_abilities
(paw)¶
-
async
get_link_pin
(json_data)¶
-
async
get_potential_links
(op_id, paw=None)¶
-
async
list_payloads
()¶
-
async
persist_ability
(data)¶
-
async
persist_adversary
(data)¶ Save a new adversary from either the GUI or REST API. This writes a new YML file into the core data/ directory. :param data: :return: the ID of the created adversary
-
async
persist_source
(data)¶
-
async
task_agent_with_ability
(paw, ability_id, facts=())¶
-
async
update_agent_data
(data)¶
-
async
update_chain_data
(data)¶
-
async
update_config
(data)¶
-
async
update_operation
(op_id, state=None, autonomous=None, obfuscator=None)¶
-
async
update_planner
(data)¶ Update a new planner from either the GUI or REST API with new stopping conditions. This overwrites the existing YML file. :param data: :return: the ID of the created adversary
-
async