app.objects namespace


app.objects.c_ability module

class app.objects.c_ability.Ability(ability_id='', name=None, description=None, tactic=None, technique_id=None, technique_name=None, executors=(), requirements=None, privilege=None, repeatable=False, buckets=None, access=None, additional_info=None, tags=None, singleton=False, plugin='', delete_payload=True, **kwargs)

Bases: FirstClassObjectInterface, BaseObject

HOOKS = {}
async add_bucket(bucket)

Add executor to map

If the executor exists, delete the current entry and add the

new executor to the bottom for FIFO


Create executor map from list of executor objects

display_schema = <AbilitySchema(many=False)>
property executors
find_executor(name, platform)
find_executors(names, platform)

Find executors for matching platform/executor names

Only the first instance of a matching executor will be returned,

as there should not be multiple executors matching a single platform/executor name pair.

  • names (list(str)) – Executors to search. ex: [‘psh’, ‘cmd’]

  • platform (str) – Platform to search. ex: windows


List of executors ordered based on ordering of names

Return type


schema = <AbilitySchema(many=False)>
property unique
async which_plugin()
class app.objects.c_ability.AbilitySchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_ability(data, **kwargs)
fix_id(data, **_)
opts = <marshmallow.schema.SchemaOpts object>

app.objects.c_adversary module

class app.objects.c_adversary.Adversary(name='', adversary_id='', description='', atomic_ordering=(), objective='', tags=None, plugin='')

Bases: FirstClassObjectInterface, BaseObject

schema = <AdversarySchema(many=False)>
property unique
verify(log, abilities, objectives)
async which_plugin()
class app.objects.c_adversary.AdversarySchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_adversary(data, **kwargs)
fix_id(adversary, **_)
opts = <marshmallow.schema.SchemaOpts object>
phase_to_atomic_ordering(adversary, **_)

Convert legacy adversary phases to atomic ordering

remove_properties(data, **_)

app.objects.c_agent module

class app.objects.c_agent.Agent(sleep_min=30, sleep_max=60, watchdog=0, platform='unknown', server='unknown', host='unknown', username='unknown', architecture='unknown', group='red', location='unknown', pid=0, ppid=0, trusted=True, executors=(), privilege='User', exe_name='unknown', contact='unknown', paw=None, proxy_receivers=None, proxy_chain=None, origin_link_id='', deadman_enabled=False, available_contacts=None, host_ip_addrs=None, upstream_dest=None, pending_contact=None)

Bases: FirstClassObjectInterface, BaseObject

RESERVED = {'agent_paw': '#{paw}', 'exe_name': '#{exe_name}', 'group': '#{group}', 'location': '#{location}', 'payload': re.compile('#{payload:(.*?)}', re.DOTALL), 'server': '#{server}', 'upstream_dest': '#{upstream_dest}'}
async all_facts()

Return the executor change dict and remove pending change to assign. :return: Dict representing the executor change that is assigned. :rtype: dict(str, str)

async bootstrap(data_svc)
async calculate_sleep()
async capabilities(abilities)

Get abilities that the agent is capable of running :param abilities: List of abilities to check agent capability :type abilities: List[Ability] :return: List of abilities the agents is capable of running :rtype: List[Ability]

async deadman(data_svc)
property display_name
property executor_change_to_assign
async get_preferred_executor(ability)

Get preferred executor for ability Will return None if the agent is not capable of running any executors in the given ability. :param ability: Ability to get preferred executor for :type ability: Ability :return: Preferred executor or None :rtype: Union[Executor, None]

async gui_modification(**kwargs)
async heartbeat_modification(**kwargs)
classmethod is_global_variable(variable)
async kill()
load_schema = <AgentSchema(many=False)>
replace(encoded_cmd, file_svc)
schema = <AgentSchema(many=False)>
set_pending_executor_path_update(executor_name, new_binary_path)

Mark specified executor to update its binary path to the new path. :param executor_name: name of executor for agent to update binary path :type executor_name: str :param new_binary_path: new binary path for executor to reference :type new_binary_path: str


Mark specified executor to remove. :param executor_name: name of executor for agent to remove :type executor_name: str

async task(abilities, obfuscator, facts=(), deadman=False)
property unique
class app.objects.c_agent.AgentFieldsSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

opts = <marshmallow.schema.SchemaOpts object>
remove_nulls(in_data, **_)
remove_properties(data, **_)
class app.objects.c_agent.AgentSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: AgentFieldsSchema

build_agent(data, **kwargs)
opts = <marshmallow.schema.SchemaOpts object>

app.objects.c_data_encoder module

class app.objects.c_data_encoder.DataEncoder(name, description)

Bases: FirstClassObjectInterface, BaseObject

abstract decode(data, **_)
display_schema = <DataEncoderSchema(many=False)>
abstract encode(data, **_)
schema = <DataEncoderSchema(many=False)>
property unique
class app.objects.c_data_encoder.DataEncoderSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

opts = <marshmallow.schema.SchemaOpts object>

app.objects.c_obfuscator module

class app.objects.c_obfuscator.Obfuscator(name, description, module)

Bases: FirstClassObjectInterface, BaseObject

display_schema = <ObfuscatorSchema(many=False)>
schema = <ObfuscatorSchema(many=False)>
property unique
class app.objects.c_obfuscator.ObfuscatorSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_obfuscator(data, **kwargs)
opts = <marshmallow.schema.SchemaOpts object>

app.objects.c_objective module

class app.objects.c_objective.Objective(id='', name='', description='', goals=None)

Bases: FirstClassObjectInterface, BaseObject

property percentage
schema = <ObjectiveSchema(many=False)>
property unique
class app.objects.c_objective.ObjectiveSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_objective(data, **kwargs)
opts = <marshmallow.schema.SchemaOpts object>
remove_properties(data, **_)

app.objects.c_operation module

exception app.objects.c_operation.InvalidOperationStateError

Bases: Exception

class app.objects.c_operation.Operation(name, adversary=None, agents=None, id='', jitter='2/8', source=None, planner=None, state='running', autonomous=True, obfuscator='plain-text', group=None, auto_close=True, visibility=50, access=None, use_learning_parsers=True)

Bases: FirstClassObjectInterface, BaseObject

EVENT_EXCHANGE = 'operation'
class Reason(value)

Bases: Enum

An enumeration.

class States(value)

Bases: Enum

An enumeration.

CLEANUP = 'cleanup'
FINISHED = 'finished'
OUT_OF_TIME = 'out_of_time'
PAUSED = 'paused'
RUNNING = 'running'
async active_agents()
async all_facts()
async all_relationships()
async apply(link)
async cede_control_to_planner(services)
async close(services)
async event_logs(file_svc, data_svc, output=False)
async get_active_agent_by_paw(paw)
classmethod get_finished_states()
async get_skipped_abilities_by_agent(data_svc)
classmethod get_states()
async has_fact(trait, value)
async is_closeable()
async is_finished()
async report(file_svc, data_svc, output=False)
async run(services)
schema = <OperationSchema(many=False)>
property state
property states
property unique
async update_operation_agents(services)
async wait_for_completion()

Wait for started links to be completed :param link_ids: :return: None

async write_event_logs_to_disk(file_svc, data_svc, output=False)
class app.objects.c_operation.OperationOutputRequestSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

opts = <marshmallow.schema.SchemaOpts object>
class app.objects.c_operation.OperationSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_operation(data, **kwargs)
opts = <marshmallow.schema.SchemaOpts object>
remove_properties(data, **_)

app.objects.c_planner module

class app.objects.c_planner.Planner(name='', planner_id='', module='', params=None, stopping_conditions=None, description=None, ignore_enforcement_modules=(), allow_repeatable_abilities=False, plugin='')

Bases: FirstClassObjectInterface, BaseObject

display_schema = <PlannerSchema(many=False)>
schema = <PlannerSchema(many=False)>
property unique
async which_plugin()
class app.objects.c_planner.PlannerSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_planner(data, **kwargs)
opts = <marshmallow.schema.SchemaOpts object>

app.objects.c_plugin module

class app.objects.c_plugin.Plugin(name='virtual', description=None, address=None, enabled=False, data_dir=None, access=None)

Bases: FirstClassObjectInterface, BaseObject

async destroy(services)
display_schema = <PluginSchema(many=False)>
async enable(services)
async expand(services)
schema = <PluginSchema(many=False)>
property unique
class app.objects.c_plugin.PluginSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_plugin(data, **kwargs)
opts = <marshmallow.schema.SchemaOpts object>

app.objects.c_schedule module

class app.objects.c_schedule.Schedule(schedule, task, id='')

Bases: FirstClassObjectInterface, BaseObject

schema = <ScheduleSchema(many=False)>
property unique
class app.objects.c_schedule.ScheduleSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_schedule(data, **kwargs)
opts = <marshmallow.schema.SchemaOpts object>

app.objects.c_source module

class app.objects.c_source.Adjustment(ability_id, trait, value, offset)

Bases: tuple

property ability_id

Alias for field number 0

property offset

Alias for field number 3

property trait

Alias for field number 1

property value

Alias for field number 2

class app.objects.c_source.AdjustmentSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_adjustment(data, **_)
opts = <marshmallow.schema.SchemaOpts object>
class app.objects.c_source.Source(name='', id='', facts=(), relationships=(), rules=(), adjustments=(), plugin='')

Bases: FirstClassObjectInterface, BaseObject

display_schema = <SourceSchema(many=False)>
schema = <SourceSchema(many=False)>
property unique
class app.objects.c_source.SourceSchema(*, only: Optional[Union[Sequence[str], Set[str]]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: Schema

build_source(data, **kwargs)
fix_adjustments(in_data, **_)
opts = <marshmallow.schema.SchemaOpts object>