app.service.interfaces namespace¶
Submodules¶
app.service.interfaces.i_app_svc module¶
-
class
app.service.interfaces.i_app_svc.
AppServiceInterface
¶ Bases:
abc.ABC
-
abstract
find_link
(unique)¶ Locate a given link by its unique property :param unique: :return:
-
abstract
find_op_with_link
(link_id)¶ Locate an operation with the given link ID :param link_id: :return: Operation or None
-
abstract
load_plugin_expansions
(plugins)¶
-
abstract
load_plugins
(plugins)¶ Store all plugins in the data store :return:
-
abstract
register_contacts
()¶
-
abstract
resume_operations
()¶ Resume all unfinished operations :return: None
-
abstract
retrieve_compiled_file
(name, platform, location='')¶
-
abstract
run_scheduler
()¶ Kick off all scheduled jobs, as their schedule determines :return:
-
abstract
start_sniffer_untrusted_agents
()¶ Cyclic function that repeatedly checks if there are agents to be marked as untrusted :return: None
-
abstract
teardown
()¶
-
abstract
app.service.interfaces.i_auth_svc module¶
-
class
app.service.interfaces.i_auth_svc.
AuthServiceInterface
¶ Bases:
abc.ABC
-
abstract
apply
(app, users)¶ Set up security on server boot :param app: :param users: :return: None
-
abstract
check_permissions
(group, request)¶ Check if a request is allowed based on the user permissions :param group: :param request: :return: None
-
abstract
get_permissions
(request)¶
-
abstract
login_user
(request)¶ Kick off all scheduled jobs, as their schedule determines :return:
-
abstract static
logout_user
(request)¶ Log the user out :param request: :return: None
-
abstract
app.service.interfaces.i_contact_svc module¶
-
class
app.service.interfaces.i_contact_svc.
ContactServiceInterface
¶ Bases:
abc.ABC
-
abstract
build_filename
()¶
-
abstract
handle_heartbeat
()¶ Accept all components of an agent profile and save a new agent or register an updated heartbeat. :return: the agent object, instructions to execute
-
abstract
register_contact
(contact)¶
-
abstract
register_tunnel
(tunnel)¶
-
abstract
app.service.interfaces.i_data_svc module¶
-
class
app.service.interfaces.i_data_svc.
DataServiceInterface
¶ Bases:
app.service.interfaces.i_object_svc.ObjectServiceInterface
-
abstract
apply
(collection)¶ Add a new collection to RAM
- Parameters
collection –
- Returns
-
abstract
load_data
(plugins)¶ Non-blocking read all the data sources to populate the object store
- Returns
None
-
abstract
locate
(object_name, match)¶ Find all c_objects which match a search. Return all c_objects if no match.
- Parameters
object_name –
match – dict()
- Returns
a list of c_object types
-
abstract
reload_data
(plugins)¶ Blocking read all the data sources to populate the object store
- Returns
None
-
abstract
remove
(object_name, match)¶ Remove any c_objects which match a search
- Parameters
object_name –
match – dict()
- Returns
-
abstract
store
(c_object)¶ Accept any c_object type and store it (create/update) in RAM
- Parameters
c_object –
- Returns
a single c_object
-
abstract
app.service.interfaces.i_event_svc module¶
-
class
app.service.interfaces.i_event_svc.
EventServiceInterface
¶ Bases:
abc.ABC
-
abstract
fire_event
(event, **callback_kwargs)¶ Fire an event :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback_kwargs: Any additional parameters to pass to the event handler :return: None
-
abstract
observe_event
(event, callback)¶ Register an event handler :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback: The function that will handle the event :return: None
-
abstract
app.service.interfaces.i_file_svc module¶
-
class
app.service.interfaces.i_file_svc.
FileServiceInterface
¶ Bases:
abc.ABC
-
abstract
add_special_payload
(name, func)¶ Call a special function when specific payloads are downloaded :param name: :param func: :return:
-
abstract
compile_go
(platform, output, src_fle, arch, ldflags, cflags, buildmode, build_dir, loop)¶ Dynamically compile a go file :param platform: :param output: :param src_fle: :param arch: Compile architecture selection (defaults to AMD64) :param ldflags: A string of ldflags to use when building the go executable :param cflags: A string of CFLAGS to pass to the go compiler :param buildmode: GO compiler buildmode flag :param build_dir: The path to build should take place in :return:
-
abstract
create_exfil_sub_directory
(dir_name)¶
-
abstract
find_file_path
(name, location)¶ Find the location on disk of a file by name. :param name: :param location: :return: a tuple: the plugin the file is found in & the relative file path
-
abstract
get_file
(headers)¶ Retrieve file :param headers: headers dictionary. The file key is REQUIRED. :type headers: dict or dict-equivalent :return: File contents and optionally a display_name if the payload is a special payload :raises: KeyError if file key is not provided, FileNotFoundError if file cannot be found
-
abstract
get_payload_name_from_uuid
(payload)¶
-
abstract
read_file
(name, location)¶ Open a file and read the contents :param name: :param location: :return: a tuple (file_path, contents)
-
abstract
read_result_file
(link_id, location)¶ Read a result file. If file encryption is enabled, this method will return the plaintext content. :param link_id: The id of the link to return results from. :param location: The path to results directory. :return:
-
abstract
save_file
(filename, payload, target_dir)¶
-
abstract
save_multipart_file_upload
(request, target_dir)¶ Accept a multipart file via HTTP and save it to the server :param request: :param target_dir: The path of the directory to save the uploaded file to.
-
abstract
write_result_file
(link_id, output, location)¶ Writes the results of a link execution to disk. If file encryption is enabled, the results file will contain ciphertext. :param link_id: The link id of the result being written. :param output: The content of the link’s output. :param location: The path to the results directory. :return:
-
abstract
app.service.interfaces.i_knowledge_svc module¶
-
class
app.service.interfaces.i_knowledge_svc.
KnowledgeServiceInterface
¶ Bases:
app.service.interfaces.i_object_svc.ObjectServiceInterface
-
abstract async
add_fact
(fact, constraints=None)¶ Add a fact to the internal store
- Parameters
fact – Fact to add
constraints – any potential constraints
-
abstract async
add_relationship
(relationship, constraints=None)¶ Add a relationship to the internal store
- Parameters
relationship – Relationship object to add
constraints – optional constraints on the use of the relationship
-
abstract async
add_rule
(rule, constraints=None)¶ Add a rule to the internal store
- Parameters
rule – Rule object to add
constraints – dictionary containing fields to match on
-
abstract async
check_fact_exists
(fact, listing=None)¶ Check to see if a fact already exists in the knowledge store, or if a listing is provided, in said listing
- Parameters
fact – The fact to check for
listing – Optional specific listing to examine
- Returns
Bool indicating whether or not the fact is already present
-
abstract async
delete_fact
(criteria)¶ Delete a fact from the internal store
- Parameters
criteria – dictionary containing fields to match on
-
abstract async
delete_relationship
(criteria)¶ Remove a relationship from the internal store
- Parameters
criteria – dictionary containing fields to match on
-
abstract async
delete_rule
(criteria)¶ Remove a rule from the internal store
- Parameters
criteria – dictionary containing fields to match on
-
abstract async
get_fact_origin
(fact)¶ Identify the place where a fact originated, either the source that loaded it or its original link
- Parameters
fact – Fact to get origin for (can be either a trait string or a full blown fact)
- Returns
tuple - (String of either origin source id or origin link id, fact origin type)
-
abstract async
get_facts
(criteria, restrictions=None)¶ Retrieve a fact from the internal store
- Parameters
criteria – dictionary containing fields to match on
- Returns
list of facts matching the criteria
-
abstract async
get_meta_facts
(meta_fact=None, agent=None, group=None)¶ Returns the complete set of facts associated with a meta-fact construct [In Development]
-
abstract async
get_relationships
(criteria, restrictions=None)¶ Retrieve relationships from the internal store
- Parameters
criteria – dictionary containing fields to match on
- Returns
list of matching relationships
-
abstract async
get_rules
(criteria, restrictions=None)¶ Retrieve rules from the internal store
- Parameters
criteria – dictionary containing fields to match on
- Returns
list of matching rules
-
abstract async
update_fact
(criteria, updates)¶ Update a fact in the internal store
- Parameters
criteria – dictionary containing fields to match on
updates – dictionary containing fields to replace
-
abstract async
update_relationship
(criteria, updates)¶ Update a relationship in the internal store
- Parameters
criteria – dictionary containing fields to match on
updates – dictionary containing fields to modify
-
abstract async
app.service.interfaces.i_learning_svc module¶
-
class
app.service.interfaces.i_learning_svc.
LearningServiceInterface
¶ Bases:
abc.ABC
-
abstract static
add_parsers
(directory)¶
-
abstract
build_model
()¶ The model is a static set of all variables used inside all ability commands This can be used to determine which facts - when found together - are more likely to be used together :return:
-
abstract
learn
(facts, link, blob)¶
-
abstract static
app.service.interfaces.i_login_handler module¶
-
class
app.service.interfaces.i_login_handler.
LoginHandlerInterface
(services, name)¶ Bases:
abc.ABC
,app.utility.base_object.BaseObject
-
abstract async
handle_login
(request, **kwargs)¶ Handle login request
- Parameters
request –
- Returns
the response/location of where the user is trying to navigate
- Raises
HTTP exception, such as HTTPFound for redirect, or HTTPUnauthorized
-
abstract async
handle_login_redirect
(request, **kwargs)¶ Handle redirect to login
- Parameters
request –
- Returns
the response/location of where the user is trying to navigate
- Raises
HTTP exception, such as HTTPFound for redirect, or HTTPUnauthorized
-
property
name
¶
-
abstract async
app.service.interfaces.i_object_svc module¶
app.service.interfaces.i_planning_svc module¶
-
class
app.service.interfaces.i_planning_svc.
PlanningServiceInterface
¶ Bases:
abc.ABC
-
abstract
generate_and_trim_links
(agent, operation, abilities, trim)¶
-
abstract
get_cleanup_links
(operation, agent)¶ For a given operation, create all cleanup links. If agent is supplied, only return cleanup links for that agent. :param operation: :param agent: :return: None
-
abstract
get_links
(operation, buckets, agent, trim)¶ For an operation and agent combination, create links (that can be executed). When no agent is supplied, links for all agents are returned :param operation: :param buckets: :param agent: :param trim: call trim_links() on list of links before returning :return: a list of links
-
abstract static
sort_links
(self, links)¶ Sort links by their score then by the order they are defined in an adversary profile
-
abstract
app.service.interfaces.i_rest_svc module¶
-
class
app.service.interfaces.i_rest_svc.
RestServiceInterface
¶ Bases:
abc.ABC
-
abstract
apply_potential_link
(link)¶
-
abstract
construct_agents_for_group
(group)¶
-
abstract
create_operation
(access, data)¶
-
abstract
create_schedule
(access, data)¶
-
abstract
delete_ability
(data)¶
-
abstract
delete_adversary
(data)¶
-
abstract
delete_agent
(data)¶
-
abstract
delete_operation
(data)¶
-
abstract
display_objects
(object_name, data)¶
-
abstract
display_operation_report
(data)¶
-
abstract
display_result
(data)¶
-
abstract
download_contact_report
(contact)¶
-
abstract
find_abilities
(paw)¶
-
abstract
get_link_pin
(json_data)¶
-
abstract
get_potential_links
(op_id, paw)¶
-
abstract
list_payloads
()¶
-
abstract
persist_ability
(access, data)¶
-
abstract
persist_adversary
(access, data)¶ Save a new adversary from either the GUI or REST API. This writes a new YML file into the core data/ directory. :param access :param data: :return: the ID of the created adversary
-
abstract
persist_source
(access, data)¶
-
abstract
task_agent_with_ability
(paw, ability_id, obfuscator, facts)¶
-
abstract
update_agent_data
(data)¶
-
abstract
update_chain_data
(data)¶
-
abstract
update_config
(data)¶
-
abstract
update_operation
(op_id, state, autonomous)¶
-
abstract
update_planner
(data)¶ Update a new planner from either the GUI or REST API with new stopping conditions. This overwrites the existing YML file. :param data: :return: the ID of the created adversary
-
abstract