app.objects namespace

Subpackages

app.objects.interfaces namespace
- Submodules
- app.objects.interfaces.i_object module
  - FirstClassObjectInterface
    - FirstClassObjectInterface.store()
    - FirstClassObjectInterface.unique
app.objects.secondclass namespace

Submodules

app.objects.c_ability module

class app.objects.c_ability.Ability(ability_id='', name=None, description=None, tactic=None, technique_id=None, technique_name=None, executors=(), requirements=None, privilege=None, repeatable=False, buckets=None, access=None, additional_info=None, tags=None, singleton=False, plugin='', delete_payload=True, **kwargs)

Bases: FirstClassObjectInterface, BaseObject

HOOKS = {}

async add_bucket(bucket)

add_executor(executor)

Add executor to map

If the executor exists, delete the current entry and add the: new executor to the bottom for FIFO

add_executors(executors): Create executor map from list of executor objects

display_schema = <AbilitySchema(many=False)>

property executors

find_executor(name, platform)

find_executors(names, platform)

Find executors for matching platform/executor names

Only the first instance of a matching executor will be returned,: as there should not be multiple executors matching a single platform/executor name pair.

Parameters:

names (list(str)) – Executors to search. ex: [‘psh’, ‘cmd’]
platform (str) – Platform to search. ex: windows

Returns:

List of executors ordered based on ordering of names

Return type:

list(Executor)

remove_all_executors()

schema = <AbilitySchema(many=False)>

store(ram)

property unique

async which_plugin()

Bases: Schema

class Meta

Bases: object

unknown = 'exclude'

build_ability(data, **kwargs)

fix_id(data, **_)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_adversary module

class app.objects.c_adversary.Adversary(name='', adversary_id='', description='', atomic_ordering=(), objective='', tags=None, plugin='')

Bases: FirstClassObjectInterface, BaseObject

check_repeatable_abilities(ability_list)

has_ability(ability)

schema = <AdversarySchema(many=False)>

store(ram)

property unique

verify(log, abilities, objectives)

async which_plugin()

Bases: Schema

class Meta

Bases: object

unknown = 'exclude'

build_adversary(data, **kwargs)

fix_id(adversary, **_)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

phase_to_atomic_ordering(adversary, **_): Convert legacy adversary phases to atomic ordering

remove_properties(data, **_)

app.objects.c_agent module

class app.objects.c_agent.Agent(sleep_min=30, sleep_max=60, watchdog=0, platform='unknown', server='unknown', host='unknown', username='unknown', architecture='unknown', group='red', location='unknown', pid=0, ppid=0, trusted=True, executors=(), privilege='User', exe_name='unknown', contact='unknown', paw=None, proxy_receivers=None, proxy_chain=None, origin_link_id='', deadman_enabled=False, available_contacts=None, host_ip_addrs=None, upstream_dest=None, pending_contact=None)

Bases: FirstClassObjectInterface, BaseObject

RESERVED = {'agent_paw': '#{paw}', 'exe_name': '#{exe_name}', 'group': '#{group}', 'location': '#{location}', 'payload': re.compile('#{payload:(.*?)}', re.DOTALL), 'server': '#{server}', 'upstream_dest': '#{upstream_dest}'}

async all_facts()

assign_pending_executor_change(): Return the executor change dict and remove pending change to assign. :return: Dict representing the executor change that is assigned. :rtype: dict(str, str)

async bootstrap(data_svc)

async calculate_sleep()

async capabilities(abilities): Get abilities that the agent is capable of running :param abilities: List of abilities to check agent capability :type abilities: List[Ability] :return: List of abilities the agents is capable of running :rtype: List[Ability]

async deadman(data_svc)

property display_name

property executor_change_to_assign

async get_preferred_executor(ability): Get preferred executor for ability Will return None if the agent is not capable of running any executors in the given ability. :param ability: Ability to get preferred executor for :type ability: Ability :return: Preferred executor or None :rtype: Union[Executor, None]

async gui_modification(**kwargs)

async heartbeat_modification(**kwargs)

classmethod is_global_variable(variable)

async kill()

load_schema = <AgentSchema(many=False)>

privileged_to_run(ability)

replace(encoded_cmd, file_svc)

schema = <AgentSchema(many=False)>

set_pending_executor_path_update(executor_name, new_binary_path): Mark specified executor to update its binary path to the new path. :param executor_name: name of executor for agent to update binary path :type executor_name: str :param new_binary_path: new binary path for executor to reference :type new_binary_path: str

set_pending_executor_removal(executor_name): Mark specified executor to remove. :param executor_name: name of executor for agent to remove :type executor_name: str

store(ram)

async task(abilities, obfuscator, facts=(), deadman=False)

property unique

Bases: Schema

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

remove_nulls(in_data, **_)

remove_properties(data, **_)

Bases: AgentFieldsSchema

build_agent(data, **kwargs)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_data_encoder module

class app.objects.c_data_encoder.DataEncoder(name, description)

Bases: FirstClassObjectInterface, BaseObject

abstract decode(data, **_)

display_schema = <DataEncoderSchema(many=False)>

abstract encode(data, **_)

schema = <DataEncoderSchema(many=False)>

store(ram)

property unique

Bases: Schema

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_obfuscator module

class app.objects.c_obfuscator.Obfuscator(name, description, module)

Bases: FirstClassObjectInterface, BaseObject

display_schema = <ObfuscatorSchema(many=False)>

load(agent)

schema = <ObfuscatorSchema(many=False)>

store(ram)

property unique

Bases: Schema

build_obfuscator(data, **kwargs)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_objective module

class app.objects.c_objective.Objective(id='', name='', description='', goals=None)

Bases: FirstClassObjectInterface, BaseObject

completed(facts=None)

property percentage

schema = <ObjectiveSchema(many=False)>

store(ram)

property unique

Bases: Schema

class Meta

Bases: object

unknown = 'exclude'

build_objective(data, **kwargs)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

remove_properties(data, **_)

app.objects.c_operation module

Bases: Schema

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

exception app.objects.c_operation.InvalidOperationStateError: Bases: Exception

class app.objects.c_operation.Operation(name, adversary=None, agents=None, id='', jitter='2/8', source=None, planner=None, state='running', autonomous=True, obfuscator='plain-text', group=None, auto_close=True, visibility=50, access=None, use_learning_parsers=True)

Bases: FirstClassObjectInterface, BaseObject

EVENT_EXCHANGE = 'operation'

EVENT_QUEUE_COMPLETED = 'completed'

EVENT_QUEUE_STATE_CHANGED = 'state_changed'

class Reason(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

EXECUTOR = 1

FACT_DEPENDENCY = 3

LINK_IGNORED = 4

OP_RUNNING = 6

OTHER = 7

PLATFORM = 0

PRIVILEGE = 2

UNTRUSTED = 5

class States(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

CLEANUP = 'cleanup'

FINISHED = 'finished'

OUT_OF_TIME = 'out_of_time'

PAUSED = 'paused'

RUNNING = 'running'

RUN_ONE_LINK = 'run_one_link'

async active_agents()

add_ignored_link(link_id)

add_link(link)

async all_facts()

async all_relationships()

async apply(link)

async cede_control_to_planner(services)

async close(services)

async event_logs(file_svc, data_svc, output=False)

async get_active_agent_by_paw(paw)

classmethod get_finished_states()

async get_skipped_abilities_by_agent(data_svc)

classmethod get_states()

async has_fact(trait, value)

has_link(link_id)

async is_closeable()

async is_finished()

link_status()

ran_ability_id(ability_id)

async report(file_svc, data_svc, output=False)

async run(services)

schema = <OperationSchema(many=False)>

set_start_details()

property state

property states

store(ram)

property unique

async update_operation_agents(services)

update_untrusted_agents(agent)

async wait_for_completion()

async wait_for_links_completion(link_ids): Wait for started links to be completed :param link_ids: :return: None

async write_event_logs_to_disk(file_svc, data_svc, output=False)

Bases: Schema

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

Bases: Schema

class Meta

Bases: object

unknown = 'exclude'

build_operation(data, **kwargs)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

remove_properties(data, **_)

Bases: OperationSchema

property chain

property host_group

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

property source

property visibility

app.objects.c_planner module

class app.objects.c_planner.Planner(name='', planner_id='', module='', params=None, stopping_conditions=None, description=None, ignore_enforcement_modules=(), allow_repeatable_abilities=False, plugin='')

Bases: FirstClassObjectInterface, BaseObject

display_schema = <PlannerSchema(many=False)>

schema = <PlannerSchema(many=False)>

store(ram)

property unique

async which_plugin()

Bases: Schema

build_planner(data, **kwargs)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_plugin module

class app.objects.c_plugin.Plugin(name='virtual', description=None, address=None, enabled=False, data_dir=None, access=None)

Bases: FirstClassObjectInterface, BaseObject

async destroy(services)

display_schema = <PluginSchema(many=False)>

async enable(services)

async expand(services)

load_plugin()

schema = <PluginSchema(many=False)>

store(ram)

property unique

Bases: Schema

build_plugin(data, **kwargs)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_schedule module

class app.objects.c_schedule.Schedule(schedule, task, id='')

Bases: FirstClassObjectInterface, BaseObject

schema = <ScheduleSchema(many=False)>

store(ram)

property unique

Bases: Schema

class Meta

Bases: object

unknown = 'exclude'

build_schedule(data, **kwargs)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_source module

class app.objects.c_source.Adjustment(ability_id, trait, value, offset)

Bases: tuple

ability_id: Alias for field number 0

offset: Alias for field number 3

trait: Alias for field number 1

value: Alias for field number 2

Bases: Schema

build_adjustment(data, **_)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

class app.objects.c_source.Source(name='', id='', facts=(), relationships=(), rules=(), adjustments=(), plugin='')

Bases: FirstClassObjectInterface, BaseObject

display_schema = <SourceSchema(many=False)>

schema = <SourceSchema(many=False)>

store(ram)

property unique

Bases: Schema

build_source(data, **kwargs)

fix_adjustments(in_data, **_)

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>