app.objects namespace

Submodules

app.objects.c_ability module

class app.objects.c_ability.Ability(ability_id='', name=None, description=None, tactic=None, technique_id=None, technique_name=None, executors=(), requirements=None, privilege=None, repeatable=False, buckets=None, access=None, additional_info=None, tags=None, singleton=False, plugin='', delete_payload=True, **kwargs)

Bases: FirstClassObjectInterface, BaseObject

HOOKS = {}
async add_bucket(bucket)
add_executor(executor)

Add executor to map

If the executor exists, delete the current entry and add the

new executor to the bottom for FIFO

add_executors(executors)

Create executor map from list of executor objects

display_schema = <AbilitySchema(many=False)>
property executors
find_executor(name, platform)
find_executors(names, platform)

Find executors for matching platform/executor names

Only the first instance of a matching executor will be returned,

as there should not be multiple executors matching a single platform/executor name pair.

Parameters

  • names (list(str)) – Executors to search. ex: [‘psh’, ‘cmd’]

  • platform (str) – Platform to search. ex: windows

Returns

List of executors ordered based on ordering of names

Return type

list(Executor)

remove_all_executors()
schema = <AbilitySchema(many=False)>
store(ram)
property unique
async which_plugin()
class app.objects.c_ability.AbilitySchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_ability(data, **kwargs)
fix_id(data, **_)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_adversary module

class app.objects.c_adversary.Adversary(name='', adversary_id='', description='', atomic_ordering=(), objective='', tags=None, plugin='')

Bases: FirstClassObjectInterface, BaseObject

check_repeatable_abilities(ability_list)
has_ability(ability)
schema = <AdversarySchema(many=False)>
store(ram)
property unique
verify(log, abilities, objectives)
async which_plugin()
class app.objects.c_adversary.AdversarySchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_adversary(data, **kwargs)
fix_id(adversary, **_)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>
phase_to_atomic_ordering(adversary, **_)

Convert legacy adversary phases to atomic ordering

remove_properties(data, **_)

app.objects.c_agent module

class app.objects.c_agent.Agent(sleep_min=30, sleep_max=60, watchdog=0, platform='unknown', server='unknown', host='unknown', username='unknown', architecture='unknown', group='red', location='unknown', pid=0, ppid=0, trusted=True, executors=(), privilege='User', exe_name='unknown', contact='unknown', paw=None, proxy_receivers=None, proxy_chain=None, origin_link_id='', deadman_enabled=False, available_contacts=None, host_ip_addrs=None, upstream_dest=None, pending_contact=None)

Bases: FirstClassObjectInterface, BaseObject

RESERVED = {'agent_paw': '#{paw}', 'exe_name': '#{exe_name}', 'group': '#{group}', 'location': '#{location}', 'payload': re.compile('#{payload:(.*?)}', re.DOTALL), 'server': '#{server}', 'upstream_dest': '#{upstream_dest}'}
async all_facts()
assign_pending_executor_change()

Return the executor change dict and remove pending change to assign. :return: Dict representing the executor change that is assigned. :rtype: dict(str, str)

async bootstrap(data_svc)
async calculate_sleep()
async capabilities(abilities)

Get abilities that the agent is capable of running :param abilities: List of abilities to check agent capability :type abilities: List[Ability] :return: List of abilities the agents is capable of running :rtype: List[Ability]

async deadman(data_svc)
property display_name
property executor_change_to_assign
async get_preferred_executor(ability)

Get preferred executor for ability Will return None if the agent is not capable of running any executors in the given ability. :param ability: Ability to get preferred executor for :type ability: Ability :return: Preferred executor or None :rtype: Union[Executor, None]

async gui_modification(**kwargs)
async heartbeat_modification(**kwargs)
classmethod is_global_variable(variable)
async kill()
load_schema = <AgentSchema(many=False)>
privileged_to_run(ability)
replace(encoded_cmd, file_svc)
schema = <AgentSchema(many=False)>
set_pending_executor_path_update(executor_name, new_binary_path)

Mark specified executor to update its binary path to the new path. :param executor_name: name of executor for agent to update binary path :type executor_name: str :param new_binary_path: new binary path for executor to reference :type new_binary_path: str

set_pending_executor_removal(executor_name)

Mark specified executor to remove. :param executor_name: name of executor for agent to remove :type executor_name: str

store(ram)
async task(abilities, obfuscator, facts=(), deadman=False)
property unique
class app.objects.c_agent.AgentFieldsSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>
remove_nulls(in_data, **_)
remove_properties(data, **_)
class app.objects.c_agent.AgentSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: AgentFieldsSchema

build_agent(data, **kwargs)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_data_encoder module

class app.objects.c_data_encoder.DataEncoder(name, description)

Bases: FirstClassObjectInterface, BaseObject

abstract decode(data, **_)
display_schema = <DataEncoderSchema(many=False)>
abstract encode(data, **_)
schema = <DataEncoderSchema(many=False)>
store(ram)
property unique
class app.objects.c_data_encoder.DataEncoderSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_obfuscator module

class app.objects.c_obfuscator.Obfuscator(name, description, module)

Bases: FirstClassObjectInterface, BaseObject

display_schema = <ObfuscatorSchema(many=False)>
load(agent)
schema = <ObfuscatorSchema(many=False)>
store(ram)
property unique
class app.objects.c_obfuscator.ObfuscatorSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_obfuscator(data, **kwargs)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_objective module

class app.objects.c_objective.Objective(id='', name='', description='', goals=None)

Bases: FirstClassObjectInterface, BaseObject

completed(facts=None)
property percentage
schema = <ObjectiveSchema(many=False)>
store(ram)
property unique
class app.objects.c_objective.ObjectiveSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_objective(data, **kwargs)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>
remove_properties(data, **_)

app.objects.c_operation module

exception app.objects.c_operation.InvalidOperationStateError

Bases: Exception

class app.objects.c_operation.Operation(name, adversary=None, agents=None, id='', jitter='2/8', source=None, planner=None, state='running', autonomous=True, obfuscator='plain-text', group=None, auto_close=True, visibility=50, access=None, use_learning_parsers=True)

Bases: FirstClassObjectInterface, BaseObject

EVENT_EXCHANGE = 'operation'
EVENT_QUEUE_COMPLETED = 'completed'
EVENT_QUEUE_STATE_CHANGED = 'state_changed'
class Reason(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

EXECUTOR = 1
FACT_DEPENDENCY = 3
OP_RUNNING = 6
OTHER = 7
PLATFORM = 0
PRIVILEGE = 2
UNTRUSTED = 5
class States(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

CLEANUP = 'cleanup'
FINISHED = 'finished'
OUT_OF_TIME = 'out_of_time'
PAUSED = 'paused'
RUNNING = 'running'
async active_agents()
async all_facts()
async all_relationships()
async apply(link)
async cede_control_to_planner(services)
async close(services)
async event_logs(file_svc, data_svc, output=False)
async get_active_agent_by_paw(paw)
classmethod get_finished_states()
async get_skipped_abilities_by_agent(data_svc)
classmethod get_states()
async has_fact(trait, value)
async is_closeable()
async is_finished()
ran_ability_id(ability_id)
async report(file_svc, data_svc, output=False)
async run(services)
schema = <OperationSchema(many=False)>
set_start_details()
property state
property states
store(ram)
property unique
async update_operation_agents(services)
update_untrusted_agents(agent)
async wait_for_completion()

Wait for started links to be completed :param link_ids: :return: None

async write_event_logs_to_disk(file_svc, data_svc, output=False)
class app.objects.c_operation.OperationOutputRequestSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>
class app.objects.c_operation.OperationSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_operation(data, **kwargs)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>
remove_properties(data, **_)

app.objects.c_planner module

class app.objects.c_planner.Planner(name='', planner_id='', module='', params=None, stopping_conditions=None, description=None, ignore_enforcement_modules=(), allow_repeatable_abilities=False, plugin='')

Bases: FirstClassObjectInterface, BaseObject

display_schema = <PlannerSchema(many=False)>
schema = <PlannerSchema(many=False)>
store(ram)
property unique
async which_plugin()
class app.objects.c_planner.PlannerSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_planner(data, **kwargs)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_plugin module

class app.objects.c_plugin.Plugin(name='virtual', description=None, address=None, enabled=False, data_dir=None, access=None)

Bases: FirstClassObjectInterface, BaseObject

async destroy(services)
display_schema = <PluginSchema(many=False)>
async enable(services)
async expand(services)
load_plugin()
schema = <PluginSchema(many=False)>
store(ram)
property unique
class app.objects.c_plugin.PluginSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_plugin(data, **kwargs)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_schedule module

class app.objects.c_schedule.Schedule(schedule, task, id='')

Bases: FirstClassObjectInterface, BaseObject

schema = <ScheduleSchema(many=False)>
store(ram)
property unique
class app.objects.c_schedule.ScheduleSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_schedule(data, **kwargs)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>

app.objects.c_source module

class app.objects.c_source.Adjustment(ability_id, trait, value, offset)

Bases: tuple

ability_id

Alias for field number 0

offset

Alias for field number 3

trait

Alias for field number 1

value

Alias for field number 2

class app.objects.c_source.AdjustmentSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_adjustment(data, **_)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>
class app.objects.c_source.Source(name='', id='', facts=(), relationships=(), rules=(), adjustments=(), plugin='')

Bases: FirstClassObjectInterface, BaseObject

display_schema = <SourceSchema(many=False)>
schema = <SourceSchema(many=False)>
store(ram)
property unique
class app.objects.c_source.SourceSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: Schema

build_source(data, **kwargs)
fix_adjustments(in_data, **_)
opts: SchemaOpts = <marshmallow.schema.SchemaOpts object>