app.service.interfaces namespace
Submodules
app.service.interfaces.i_app_svc module
- class app.service.interfaces.i_app_svc.AppServiceInterface
Bases:
ABC
- abstract find_link(unique)
Locate a given link by its unique property :param unique: :return:
- abstract find_op_with_link(link_id)
Locate an operation with the given link ID :param link_id: :return: Operation or None
- abstract load_plugin_expansions(plugins)
- abstract load_plugins(plugins)
Store all plugins in the data store :return:
- abstract register_contacts()
- abstract resume_operations()
Resume all unfinished operations :return: None
- abstract retrieve_compiled_file(name, platform, location='')
- abstract run_scheduler()
Kick off all scheduled jobs, as their schedule determines :return:
- abstract start_sniffer_untrusted_agents()
Cyclic function that repeatedly checks if there are agents to be marked as untrusted :return: None
- abstract teardown()
app.service.interfaces.i_auth_svc module
- class app.service.interfaces.i_auth_svc.AuthServiceInterface
Bases:
ABC
- abstract apply(app, users)
Set up security on server boot :param app: :param users: :return: None
- abstract check_permissions(group, request)
Check if a request is allowed based on the user permissions :param group: :param request: :return: None
- abstract get_permissions(request)
- abstract login_user(request)
Kick off all scheduled jobs, as their schedule determines :return:
- abstract static logout_user(request)
Log the user out :param request: :return: None
app.service.interfaces.i_contact_svc module
- class app.service.interfaces.i_contact_svc.ContactServiceInterface
Bases:
ABC
- abstract build_filename()
- abstract handle_heartbeat()
Accept all components of an agent profile and save a new agent or register an updated heartbeat. :return: the agent object, instructions to execute
- abstract register_contact(contact)
- abstract register_tunnel(tunnel)
app.service.interfaces.i_data_svc module
- class app.service.interfaces.i_data_svc.DataServiceInterface
Bases:
ObjectServiceInterface
- abstract apply(collection)
Add a new collection to RAM
- Parameters:
collection –
- Returns:
- abstract load_data(plugins)
Non-blocking read all the data sources to populate the object store
- Returns:
None
- abstract locate(object_name, match)
Find all c_objects which match a search. Return all c_objects if no match.
- Parameters:
object_name –
match – dict()
- Returns:
a list of c_object types
- abstract reload_data(plugins)
Blocking read all the data sources to populate the object store
- Returns:
None
- abstract remove(object_name, match)
Remove any c_objects which match a search
- Parameters:
object_name –
match – dict()
- Returns:
- abstract store(c_object)
Accept any c_object type and store it (create/update) in RAM
- Parameters:
c_object –
- Returns:
a single c_object
app.service.interfaces.i_event_svc module
- class app.service.interfaces.i_event_svc.EventServiceInterface
Bases:
ABC
- abstract fire_event(event, **callback_kwargs)
Fire an event :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback_kwargs: Any additional parameters to pass to the event handler :return: None
- abstract observe_event(event, callback)
Register an event handler :param event: The event topic and (optional) subtopic, separated by a ‘/’ :param callback: The function that will handle the event :return: None
app.service.interfaces.i_file_svc module
- class app.service.interfaces.i_file_svc.FileServiceInterface
Bases:
ABC
- abstract add_special_payload(name, func)
Call a special function when specific payloads are downloaded :param name: :param func: :return:
- abstract compile_go(platform, output, src_fle, arch, ldflags, cflags, buildmode, build_dir, loop)
Dynamically compile a go file :param platform: :param output: :param src_fle: :param arch: Compile architecture selection (defaults to AMD64) :param ldflags: A string of ldflags to use when building the go executable :param cflags: A string of CFLAGS to pass to the go compiler :param buildmode: GO compiler buildmode flag :param build_dir: The path to build should take place in :return:
- abstract create_exfil_sub_directory(dir_name)
- abstract find_file_path(name, location)
Find the location on disk of a file by name. :param name: :param location: :return: a tuple: the plugin the file is found in & the relative file path
- abstract get_file(headers)
Retrieve file :param headers: headers dictionary. The file key is REQUIRED. :type headers: dict or dict-equivalent :return: File contents and optionally a display_name if the payload is a special payload :raises: KeyError if file key is not provided, FileNotFoundError if file cannot be found
- abstract get_payload_name_from_uuid(payload)
- abstract read_file(name, location)
Open a file and read the contents :param name: :param location: :return: a tuple (file_path, contents)
- abstract read_result_file(link_id, location)
Read a result file. If file encryption is enabled, this method will return the plaintext content. Returns contents as a base64 encoded dictionary. :param link_id: The id of the link to return results from. :param location: The path to results directory. :return:
- abstract save_file(filename, payload, target_dir)
- abstract save_multipart_file_upload(request, target_dir)
Accept a multipart file via HTTP and save it to the server :param request: :param target_dir: The path of the directory to save the uploaded file to.
- abstract write_result_file(link_id, output, location)
Writes the results of a link execution to disk. If file encryption is enabled, the results file will contain ciphertext. :param link_id: The link id of the result being written. :param output: The content of the link’s output. :param location: The path to the results directory. :return:
app.service.interfaces.i_knowledge_svc module
- class app.service.interfaces.i_knowledge_svc.KnowledgeServiceInterface
Bases:
ObjectServiceInterface
- abstract async add_fact(fact, constraints=None)
Add a fact to the internal store
- Parameters:
fact – Fact to add
constraints – any potential constraints
- abstract async add_relationship(relationship, constraints=None)
Add a relationship to the internal store
- Parameters:
relationship – Relationship object to add
constraints – optional constraints on the use of the relationship
- abstract async add_rule(rule, constraints=None)
Add a rule to the internal store
- Parameters:
rule – Rule object to add
constraints – dictionary containing fields to match on
- abstract async check_fact_exists(fact, listing=None)
Check to see if a fact already exists in the knowledge store, or if a listing is provided, in said listing
- Parameters:
fact – The fact to check for
listing – Optional specific listing to examine
- Returns:
Bool indicating whether or not the fact is already present
- abstract async delete_fact(criteria)
Delete a fact from the internal store
- Parameters:
criteria – dictionary containing fields to match on
- abstract async delete_relationship(criteria)
Remove a relationship from the internal store
- Parameters:
criteria – dictionary containing fields to match on
- abstract async delete_rule(criteria)
Remove a rule from the internal store
- Parameters:
criteria – dictionary containing fields to match on
- abstract async get_fact_origin(fact)
Identify the place where a fact originated, either the source that loaded it or its original link
- Parameters:
fact – Fact to get origin for (can be either a trait string or a full blown fact)
- Returns:
tuple - (String of either origin source id or origin link id, fact origin type)
- abstract async get_facts(criteria, restrictions=None)
Retrieve a fact from the internal store
- Parameters:
criteria – dictionary containing fields to match on
- Returns:
list of facts matching the criteria
- abstract async get_meta_facts(meta_fact=None, agent=None, group=None)
Returns the complete set of facts associated with a meta-fact construct [In Development]
- abstract async get_relationships(criteria, restrictions=None)
Retrieve relationships from the internal store
- Parameters:
criteria – dictionary containing fields to match on
- Returns:
list of matching relationships
- abstract async get_rules(criteria, restrictions=None)
Retrieve rules from the internal store
- Parameters:
criteria – dictionary containing fields to match on
- Returns:
list of matching rules
- abstract async update_fact(criteria, updates)
Update a fact in the internal store
- Parameters:
criteria – dictionary containing fields to match on
updates – dictionary containing fields to replace
- abstract async update_relationship(criteria, updates)
Update a relationship in the internal store
- Parameters:
criteria – dictionary containing fields to match on
updates – dictionary containing fields to modify
app.service.interfaces.i_learning_svc module
- class app.service.interfaces.i_learning_svc.LearningServiceInterface
Bases:
ABC
- abstract static add_parsers(directory)
- abstract build_model()
The model is a static set of all variables used inside all ability commands This can be used to determine which facts - when found together - are more likely to be used together :return:
- abstract learn(facts, link, blob)
app.service.interfaces.i_login_handler module
- class app.service.interfaces.i_login_handler.LoginHandlerInterface(services, name)
Bases:
ABC
,BaseObject
- abstract async handle_login(request, **kwargs)
Handle login request
- Parameters:
request –
- Returns:
the response/location of where the user is trying to navigate
- Raises:
HTTP exception, such as HTTPFound for redirect, or HTTPUnauthorized
- abstract async handle_login_redirect(request, **kwargs)
Handle redirect to login
- Parameters:
request –
- Returns:
the response/location of where the user is trying to navigate
- Raises:
HTTP exception, such as HTTPFound for redirect, or HTTPUnauthorized
- property name
app.service.interfaces.i_object_svc module
app.service.interfaces.i_planning_svc module
- class app.service.interfaces.i_planning_svc.PlanningServiceInterface
Bases:
ABC
- abstract generate_and_trim_links(agent, operation, abilities, trim)
- abstract get_cleanup_links(operation, agent)
For a given operation, create all cleanup links. If agent is supplied, only return cleanup links for that agent. :param operation: :param agent: :return: None
- abstract get_links(operation, buckets, agent, trim)
For an operation and agent combination, create links (that can be executed). When no agent is supplied, links for all agents are returned :param operation: :param buckets: :param agent: :param trim: call trim_links() on list of links before returning :return: a list of links
- abstract static sort_links(self, links)
Sort links by their score then by the order they are defined in an adversary profile
app.service.interfaces.i_rest_svc module
- class app.service.interfaces.i_rest_svc.RestServiceInterface
Bases:
ABC
- abstract apply_potential_link(link)
- abstract construct_agents_for_group(group)
- abstract create_operation(access, data)
- abstract create_schedule(access, data)
- abstract delete_ability(data)
- abstract delete_adversary(data)
- abstract delete_agent(data)
- abstract delete_operation(data)
- abstract display_objects(object_name, data)
- abstract display_operation_report(data)
- abstract display_result(data)
- abstract download_contact_report(contact)
- abstract find_abilities(paw)
- abstract get_link_pin(json_data)
- abstract get_potential_links(op_id, paw)
- abstract list_payloads()
- abstract persist_ability(access, data)
- abstract persist_adversary(access, data)
Save a new adversary from either the GUI or REST API. This writes a new YML file into the core data/ directory. :param access :param data: :return: the ID of the created adversary
- abstract persist_source(access, data)
- abstract task_agent_with_ability(paw, ability_id, obfuscator, facts)
- abstract update_agent_data(data)
- abstract update_chain_data(data)
- abstract update_config(data)
- abstract update_operation(op_id, state, autonomous)
- abstract update_planner(data)
Update a new planner from either the GUI or REST API with new stopping conditions. This overwrites the existing YML file. :param data: :return: the ID of the created adversary