app.utility namespace

Submodules

app.utility.base_obfuscator module

class app.utility.base_obfuscator.BaseObfuscator(agent)

Bases: app.utility.base_world.BaseWorld

run(link, **kwargs)

app.utility.base_object module

class app.utility.base_object.BaseObject

Bases: app.utility.base_world.BaseWorld

property access
static clean(d)
property created
property display
display_schema = None
static hash(s)
classmethod load(dict_obj)
load_schema = None
match(criteria)
replace_app_props(encoded_string)
static retrieve(collection, unique)
schema = None
search_tags(value)
update(field, value)

app.utility.base_parser module

class app.utility.base_parser.BaseParser(parser_info)

Bases: object

static broadcastip(blob)
static email(blob)

Parse out email addresses :param blob: :return:

static filename(blob)

Parse out filenames :param blob: :return:

static ip(blob)
static line(blob)

Split a blob by line :param blob: :return:

static load_json(blob)
static set_value(search, match, used_facts)

Determine the value of a source/target for a Relationship :param search: a fact property to look for; either a source or target fact :param match: a parsing match :param used_facts: a list of facts that were used in a command :return: either None, the value of a matched used_fact, or the parsing match

app.utility.base_planning_svc module

class app.utility.base_planning_svc.BasePlanningService

Bases: app.utility.base_service.BaseService

async add_test_variants(links, agent, facts=(), rules=())

Create a list of all possible links for a given set of templates

Parameters
  • links

  • agent

  • facts

  • rules

Returns

updated list of links

async obfuscate_commands(agent, obfuscator, links)
re_index = re.compile('(?<=\\[filters\\().+?(?=\\)\\])')
re_limited = re.compile('#{.*\\[*\\]}')
re_trait = re.compile('(?<=\\{).+?(?=\\[)')
re_variable = re.compile('#{(.*?)}', re.DOTALL)

Remove any links that have already been completed by the operation for the agent

Parameters
  • operation

  • links

  • agent

Returns

updated list of links

Remove any links that did not have facts encoded into command

Parameters

links

Returns

updated list of links

Trim links in supplied list. Where ‘trim’ entails:
  • adding all possible test variants

  • removing completed links (i.e. agent has already completed)

  • removing links that did not have template fact variables replaced by fact values

Parameters
  • operation

  • links

  • agent

Returns

trimmed list of links

app.utility.base_service module

class app.utility.base_service.BaseService

Bases: app.utility.base_world.BaseWorld

add_service(name, svc)
classmethod get_service(name)
classmethod get_services()

app.utility.base_world module

class app.utility.base_world.AccessSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: marshmallow.schema.Schema

opts = <marshmallow.schema.SchemaOpts object>
class app.utility.base_world.BaseWorld

Bases: object

A collection of base static functions for service & object module usage

class Access

Bases: enum.Enum

An enumeration.

APP = 0
BLUE = 2
HIDDEN = 3
RED = 1
class Privileges

Bases: enum.Enum

An enumeration.

Elevated = 1
User = 0
static apply_config(name, config)
static check_requirement(params)
static create_logger(name)
static decode_bytes(s)
static encode_string(s)
static generate_name(size=16)
static generate_number(size=6)
static get_config(prop=None, name=None)
static get_current_timestamp(date_format='%Y-%m-%d %H:%M:%S')
static get_version(path='.')
static is_base64(s)
static is_uuid4(s)
static jitter(fraction)
async static load_module(module_type, module_info)
static prepend_to_file(filename, line)
re_base64 = re.compile('[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}', re.DOTALL)
static set_config(name, prop, value)
static strip_yml(path)
async static walk_file_path(path, target)
class app.utility.base_world.PrivilegesSchema(*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

Bases: marshmallow.schema.Schema

opts = <marshmallow.schema.SchemaOpts object>

app.utility.config_generator module

app.utility.config_generator.ensure_local_config()

Checks if a local.yml config file exists. If not, generates a new local.yml file using secure random values.

app.utility.config_generator.log_config_message(config_path)
app.utility.config_generator.make_secure_config()

app.utility.file_decryptor module

app.utility.file_decryptor.decrypt(filename, configuration, output_file=None, b64decode=False)
app.utility.file_decryptor.get_encryptor(salt, key)
app.utility.file_decryptor.read(filename, encryptor)

app.utility.payload_encoder module

This module contains helper functions for encoding and decoding payload files.

If AV is running on the server host, then it may sometimes flag, quarantine, or delete CALDERA payloads. To help prevent this, encoded payloads can be used to prevent AV from breaking the server. The convention expected by the server is that encoded payloads will be XOR’ed with the DEFAULT_KEY contained in the payload_encoder.py module.

Additionally, payload_encoder.py can be used from the command-line to add a new encoded payload.

` python /path/to/payload_encoder.py input_file output_file `

NOTE: In order for the server to detect the availability of an encoded payload, the payload file’s name must end in the .xored extension.

app.utility.payload_encoder.xor_bytes(in_bytes, key=None)
app.utility.payload_encoder.xor_file(input_file, output_file=None, key=None)

app.utility.rule_set module

class app.utility.rule_set.RuleAction

Bases: enum.Enum

An enumeration.

ALLOW = 1
DENY = 0
class app.utility.rule_set.RuleSet(rules)

Bases: object

async apply_rules(facts)
async is_fact_allowed(fact)