app.service.interfaces namespace

Submodules

app.service.interfaces.i_app_svc module

class app.service.interfaces.i_app_svc.AppServiceInterface

Bases: ABC

Locate a given link by its unique property :param unique: :return:

Locate an operation with the given link ID :param link_id: :return: Operation or None

abstract load_plugin_expansions(plugins)
abstract load_plugins(plugins)

Store all plugins in the data store :return:

abstract register_contacts()
abstract resume_operations()

Resume all unfinished operations :return: None

abstract retrieve_compiled_file(name, platform, location='')
abstract run_scheduler()

Kick off all scheduled jobs, as their schedule determines :return:

abstract start_sniffer_untrusted_agents()

Cyclic function that repeatedly checks if there are agents to be marked as untrusted :return: None

abstract teardown()

app.service.interfaces.i_auth_svc module

class app.service.interfaces.i_auth_svc.AuthServiceInterface

Bases: ABC

abstract apply(app, users)

Set up security on server boot :param app: :param users: :return: None

abstract check_permissions(group, request)

Check if a request is allowed based on the user permissions :param group: :param request: :return: None

abstract get_permissions(request)
abstract login_user(request)

Kick off all scheduled jobs, as their schedule determines :return:

abstract static logout_user(request)

Log the user out :param request: :return: None

app.service.interfaces.i_contact_svc module

class app.service.interfaces.i_contact_svc.ContactServiceInterface

Bases: ABC

abstract build_filename()
abstract handle_heartbeat()

Accept all components of an agent profile and save a new agent or register an updated heartbeat. :return: the agent object, instructions to execute

abstract register_contact(contact)
abstract register_tunnel(tunnel)

app.service.interfaces.i_data_svc module

class app.service.interfaces.i_data_svc.DataServiceInterface

Bases: ObjectServiceInterface

abstract apply(collection)

Add a new collection to RAM

Parameters:

collection

Returns:

abstract load_data(plugins)

Non-blocking read all the data sources to populate the object store

Returns:

None

abstract locate(object_name, match)

Find all c_objects which match a search. Return all c_objects if no match.

Parameters:

  • object_name

  • match – dict()

Returns:

a list of c_object types

abstract reload_data(plugins)

Blocking read all the data sources to populate the object store

Returns:

None

abstract remove(object_name, match)

Remove any c_objects which match a search

Parameters:

  • object_name

  • match – dict()

Returns:

abstract store(c_object)

Accept any c_object type and store it (create/update) in RAM

Parameters:

c_object

Returns:

a single c_object

app.service.interfaces.i_event_svc module

class app.service.interfaces.i_event_svc.EventServiceInterface

Bases: ABC

abstract fire_event(event, **callback_kwargs)

Fire an event :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback_kwargs: Any additional parameters to pass to the event handler :return: None

abstract observe_event(event, callback)

Register an event handler :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback: The function that will handle the event :return: None

app.service.interfaces.i_file_svc module

class app.service.interfaces.i_file_svc.FileServiceInterface

Bases: ABC

abstract add_special_payload(name, func)

Call a special function when specific payloads are downloaded :param name: :param func: :return:

abstract compile_go(platform, output, src_fle, arch, ldflags, cflags, buildmode, build_dir, loop)

Dynamically compile a go file :param platform: :param output: :param src_fle: :param arch: Compile architecture selection (defaults to AMD64) :param ldflags: A string of ldflags to use when building the go executable :param cflags: A string of CFLAGS to pass to the go compiler :param buildmode: GO compiler buildmode flag :param build_dir: The path to build should take place in :return:

abstract create_exfil_sub_directory(dir_name)
abstract find_file_path(name, location)

Find the location on disk of a file by name. :param name: :param location: :return: a tuple: the plugin the file is found in & the relative file path

abstract get_file(headers)

Retrieve file :param headers: headers dictionary. The file key is REQUIRED. :type headers: dict or dict-equivalent :return: File contents and optionally a display_name if the payload is a special payload :raises: KeyError if file key is not provided, FileNotFoundError if file cannot be found

abstract get_payload_name_from_uuid(payload)
abstract read_file(name, location)

Open a file and read the contents :param name: :param location: :return: a tuple (file_path, contents)

abstract read_result_file(link_id, location)

Read a result file. If file encryption is enabled, this method will return the plaintext content. Returns contents as a base64 encoded dictionary. :param link_id: The id of the link to return results from. :param location: The path to results directory. :return:

abstract save_file(filename, payload, target_dir)
abstract save_multipart_file_upload(request, target_dir)

Accept a multipart file via HTTP and save it to the server :param request: :param target_dir: The path of the directory to save the uploaded file to.

abstract write_result_file(link_id, output, location)

Writes the results of a link execution to disk. If file encryption is enabled, the results file will contain ciphertext. :param link_id: The link id of the result being written. :param output: The content of the link’s output. :param location: The path to the results directory. :return:

app.service.interfaces.i_knowledge_svc module

class app.service.interfaces.i_knowledge_svc.KnowledgeServiceInterface

Bases: ObjectServiceInterface

abstract async add_fact(fact, constraints=None)

Add a fact to the internal store

Parameters:

  • fact – Fact to add

  • constraints – any potential constraints

abstract async add_relationship(relationship, constraints=None)

Add a relationship to the internal store

Parameters:

  • relationship – Relationship object to add

  • constraints – optional constraints on the use of the relationship

abstract async add_rule(rule, constraints=None)

Add a rule to the internal store

Parameters:

  • rule – Rule object to add

  • constraints – dictionary containing fields to match on

abstract async check_fact_exists(fact, listing=None)

Check to see if a fact already exists in the knowledge store, or if a listing is provided, in said listing

Parameters:

  • fact – The fact to check for

  • listing – Optional specific listing to examine

Returns:

Bool indicating whether or not the fact is already present

abstract async delete_fact(criteria)

Delete a fact from the internal store

Parameters:

criteria – dictionary containing fields to match on

abstract async delete_relationship(criteria)

Remove a relationship from the internal store

Parameters:

criteria – dictionary containing fields to match on

abstract async delete_rule(criteria)

Remove a rule from the internal store

Parameters:

criteria – dictionary containing fields to match on

abstract async get_fact_origin(fact)

Identify the place where a fact originated, either the source that loaded it or its original link

Parameters:

fact – Fact to get origin for (can be either a trait string or a full blown fact)

Returns:

tuple - (String of either origin source id or origin link id, fact origin type)

abstract async get_facts(criteria, restrictions=None)

Retrieve a fact from the internal store

Parameters:

criteria – dictionary containing fields to match on

Returns:

list of facts matching the criteria

abstract async get_meta_facts(meta_fact=None, agent=None, group=None)

Returns the complete set of facts associated with a meta-fact construct [In Development]

abstract async get_relationships(criteria, restrictions=None)

Retrieve relationships from the internal store

Parameters:

criteria – dictionary containing fields to match on

Returns:

list of matching relationships

abstract async get_rules(criteria, restrictions=None)

Retrieve rules from the internal store

Parameters:

criteria – dictionary containing fields to match on

Returns:

list of matching rules

abstract async update_fact(criteria, updates)

Update a fact in the internal store

Parameters:

  • criteria – dictionary containing fields to match on

  • updates – dictionary containing fields to replace

abstract async update_relationship(criteria, updates)

Update a relationship in the internal store

Parameters:

  • criteria – dictionary containing fields to match on

  • updates – dictionary containing fields to modify

app.service.interfaces.i_learning_svc module

class app.service.interfaces.i_learning_svc.LearningServiceInterface

Bases: ABC

abstract static add_parsers(directory)
abstract build_model()

The model is a static set of all variables used inside all ability commands This can be used to determine which facts - when found together - are more likely to be used together :return:

abstract learn(facts, link, blob)

app.service.interfaces.i_login_handler module

class app.service.interfaces.i_login_handler.LoginHandlerInterface(services, name)

Bases: ABC, BaseObject

abstract async handle_login(request, **kwargs)

Handle login request

Parameters:

request

Returns:

the response/location of where the user is trying to navigate

Raises:

HTTP exception, such as HTTPFound for redirect, or HTTPUnauthorized

abstract async handle_login_redirect(request, **kwargs)

Handle redirect to login

Parameters:

request

Returns:

the response/location of where the user is trying to navigate

Raises:

HTTP exception, such as HTTPFound for redirect, or HTTPUnauthorized

property name

app.service.interfaces.i_object_svc module

class app.service.interfaces.i_object_svc.ObjectServiceInterface

Bases: ABC

abstract static destroy()

Clear out all data :return:

abstract restore_state()

Load data from disk :return:

abstract save_state()

Save stored data to disk :return:

app.service.interfaces.i_planning_svc module

class app.service.interfaces.i_planning_svc.PlanningServiceInterface

Bases: ABC

For a given operation, create all cleanup links. If agent is supplied, only return cleanup links for that agent. :param operation: :param agent: :return: None

For an operation and agent combination, create links (that can be executed). When no agent is supplied, links for all agents are returned :param operation: :param buckets: :param agent: :param trim: call trim_links() on list of links before returning :return: a list of links

Sort links by their score then by the order they are defined in an adversary profile

app.service.interfaces.i_rest_svc module

class app.service.interfaces.i_rest_svc.RestServiceInterface

Bases: ABC

abstract construct_agents_for_group(group)
abstract create_operation(access, data)
abstract create_schedule(access, data)
abstract delete_ability(data)
abstract delete_adversary(data)
abstract delete_agent(data)
abstract delete_operation(data)
abstract display_objects(object_name, data)
abstract display_operation_report(data)
abstract display_result(data)
abstract download_contact_report(contact)
abstract find_abilities(paw)
abstract list_payloads()
abstract persist_ability(access, data)
abstract persist_adversary(access, data)

Save a new adversary from either the GUI or REST API. This writes a new YML file into the core data/ directory. :param access :param data: :return: the ID of the created adversary

abstract persist_source(access, data)
abstract task_agent_with_ability(paw, ability_id, obfuscator, facts)
abstract update_agent_data(data)
abstract update_chain_data(data)
abstract update_config(data)
abstract update_operation(op_id, state, autonomous)
abstract update_planner(data)

Update a new planner from either the GUI or REST API with new stopping conditions. This overwrites the existing YML file. :param data: :return: the ID of the created adversary