def test_cmd_file(): gen = """{ "action": "delete", "target": { "file": { "name": "File name", "path": "File path", "hashes": { "sha1": "1234567890ABCDEF1234567890ABCDEF12345678", "sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1", "md5": "1234567890ABCDEF1234567890ABCDEF" } } } }""" foo = openc2.parse(gen) assert foo.action == "delete" assert isinstance(foo.target, openc2.v10.File) assert foo.target.name == "File name" assert foo.target.path == "File path" assert foo.target.hashes bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def test_cmd_device(): gen = """{ "action": "allow", "target": { "device": { "hostname": "device hostname", "idn_hostname": "device idn hostname", "device_id": "Device id" } } } """ foo = openc2.parse(gen) assert foo.action == "allow" assert isinstance(foo.target, openc2.v10.Device) assert foo.target.hostname == "device hostname" assert foo.target.idn_hostname == "device idn hostname" assert foo.target.device_id == "Device id" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def test_cmd_features(): gen = """{ "action": "create", "target": { "features": [ "versions", "profiles", "pairs", "rate_limit" ] } }""" foo = openc2.parse(gen) assert foo.action == "create" assert isinstance(foo.target, openc2.v10.Features) assert foo.target.features == [ "versions", "profiles", "pairs", "rate_limit" ] bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def test_readme(): import openc2 import stix2 # encode cmd = openc2.v10.Command( action="deny", target=openc2.v10.IPv4Address(ipv4_net="1.2.3.4"), args=openc2.v10.Args(response_requested="complete"), ) msg = cmd.serialize() # decode cmd = openc2.parse(msg) if cmd.action == "deny" and cmd.target.type == "ipv4_net": if cmd.args.response_requested == "complete": resp = openc2.v10.Response(status=200) msg = resp.serialize() # custom actuator @openc2.v10.CustomActuator( "x-acme-widget", [ ("name", openc2.properties.StringProperty(required=True)), ("version", stix2.properties.FloatProperty()), ], ) class AcmeWidgetActuator(object): def __init__(self, version=None, **kwargs): if version and version < 1.0: raise ValueError("'%f' is not a supported version." % version) widget = AcmeWidgetActuator(name="foo", version=1.1) assert widget.serialize() == '{"x-acme-widget": {"name": "foo", "version": 1.1}}'
def test_cmd_custom_actuator(): @openc2.v10.CustomActuator( "x-acme-widget", [ ("name", openc2.properties.StringProperty(required=True)), ("version", openc2.properties.FloatProperty()), ], ) class AcmeWidgetActuator(object): def __init__(self, version=None, **kwargs): if version and version < 1.0: raise ValueError("'%f' is not a supported version." % version) widget = AcmeWidgetActuator(name="foo", version=1.1) foo = openc2.v10.Command(action="query", target=openc2.v10.Features(), actuator=widget) assert foo assert foo.action == "query" assert foo.actuator.name == "foo" assert foo.actuator.version == 1.1 bar = openc2.v10.Command(**json.loads(foo.serialize())) assert bar == foo bar = openc2.parse(foo.serialize()) assert foo == bar
def test_cmd_create(): with pytest.raises(openc2.exceptions.MissingPropertiesError): openc2.v10.Command() with pytest.raises(openc2.exceptions.MissingPropertiesError): openc2.v10.Command(action="query") with pytest.raises(openc2.exceptions.MissingPropertiesError): openc2.v10.Command(target=openc2.v10.Features()) foo = openc2.v10.Command(action="query", target=openc2.v10.Features()) assert foo assert foo.action == "query" assert foo.target.features == [] assert '"action": "query"' in foo.serialize() assert '"target": {"features": []}' in foo.serialize() bar = openc2.v10.Command(**json.loads(foo.serialize())) assert bar == foo bar = openc2.parse(foo.serialize()) assert foo == bar d = json.loads(foo.serialize()) foo = openc2.utils.dict_to_openc2(d) d["invalid"] = {"bad": "value"} with pytest.raises(openc2.exceptions.ExtraPropertiesError): openc2.utils.dict_to_openc2(d) with pytest.raises(openc2.exceptions.InvalidValueError): openc2.v10.Command(action="invalid", target=openc2.v10.Features()) with pytest.raises(openc2.exceptions.InvalidValueError): openc2.v10.Command(action="query", target=openc2.v10.Args())
def test_cmd_custom(): @openc2.properties.CustomProperty( "x-thing", [ ("uid", openc2.properties.StringProperty()), ("name", openc2.properties.StringProperty()), ("version", openc2.properties.StringProperty()), ], ) class CustomTargetProperty(object): pass @openc2.v10.CustomTarget("x-thing:id", [("id", CustomTargetProperty())]) class CustomTarget(object): pass @openc2.v10.CustomArgs("whatever-who-cares", [("custom_args", CustomTargetProperty())]) class CustomArgs(object): pass @openc2.v10.CustomActuator( "x-acme-widget", [ ("name", openc2.properties.StringProperty(required=True)), ("version", CustomTargetProperty()), ], ) class AcmeWidgetActuator(object): pass tp = CustomTargetProperty(name="target") t = CustomTarget(id=tp) args = CustomArgs(custom_args=CustomTargetProperty(name="args")) act = AcmeWidgetActuator(name="hello", version=CustomTargetProperty(name="actuator")) cmd = openc2.v10.Command(action="query", target=t, args=args, actuator=act) bar = openc2.parse(cmd.serialize()) assert cmd == bar bar = openc2.parse(json.loads(cmd.serialize())) assert cmd == bar bar = openc2.v10.Command(**json.loads(cmd.serialize())) assert cmd == bar
def test_cmd_domain(): gen = """{ "action": "cancel", "target": { "domain_name": "Domain name" } }""" foo = openc2.parse(gen) assert foo.action == "cancel" assert isinstance(foo.target, openc2.v10.DomainName) assert foo.target.domain_name == "Domain name" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def test_cmd_email(): gen = """{ "action": "copy", "target": { "email_addr": "Email address" } }""" foo = openc2.parse(gen) assert foo.action == "copy" assert isinstance(foo.target, openc2.v10.EmailAddress) assert foo.target.email_addr == "Email address" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def test_cmd_uri(): gen = """{ "action": "set", "target": { "uri": "www.myuri.com" } }""" foo = openc2.parse(gen) assert foo.action == "set" assert isinstance(foo.target, openc2.v10.URI) assert foo.target.uri == "www.myuri.com" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def test_cmd_iri(): gen = """{ "action": "remediate", "target": { "iri": "My IRI identifier" } } """ foo = openc2.parse(gen) assert foo.action == "remediate" assert isinstance(foo.target, openc2.v10.IRI) assert foo.target.iri == "My IRI identifier" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def test_cmd_mac(): gen = """{ "action": "restart", "target": { "mac_addr": "VGhpcyBpcyBteSBtYWMgYWRkcmVzcw==" } } """ foo = openc2.parse(gen) assert foo.action == "restart" assert isinstance(foo.target, openc2.v10.MACAddress) assert foo.target.mac_addr == "VGhpcyBpcyBteSBtYWMgYWRkcmVzcw==" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def test_cmd_process(): gen = """{ "action": "restore", "target": { "process": { "pid": 12354, "name": "Process name", "cwd": "Process CWD", "executable": { "name": "File name", "path": "File path", "hashes": { "sha1": "1234567890ABCDEF1234567890ABCDEF12345678", "sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1", "md5": "1234567890ABCDEF1234567890ABCDEF" } }, "parent": { "pid": 43521, "name": "Process parent name", "cwd": "Process parent CWD" }, "command_line": "Process command line statement" } } } """ foo = openc2.parse(gen) assert foo.action == "restore" assert isinstance(foo.target, openc2.v10.Process) assert foo.target.pid == 12354 assert foo.target.name == "Process name" assert foo.target.cwd == "Process CWD" assert foo.target.executable assert foo.target.parent assert foo.target.command_line == "Process command line statement" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def openc2_aws_sg(): if request.headers['Content-Type'] == 'application/json': cmd = parse(request.get_json()) try: naclap = AWSNACL(**cmd) except Exception as e: resp = Response( status=400, status_text="Invalid command format/arguments (%s)" % str(e)) return resp.serialize() session = boto3.Session(profile_name=naclap.actuator.aws_account_id) ec2 = session.client('ec2', region_name=naclap.actuator.aws_region) try: if naclap.action == 'delete': data = ec2.delete_network_acl_entry( NetworkAclId=naclap.actuator.aws_nacl_id, RuleNumber=naclap.target.splf.rule_id, Egress=naclap.clean(naclap.args.slpf.direction, { 'ingress': False, 'egress': True }), RuleNumber=naclap.target.slpf.rule_number) else: data = ec2.create_network_acl_entry( NetworkAclId=naclap.actuator.aws_nacl_id, CidrBlock=naclap.target.src_addr, Egress=naclap.clean(naclap.args.slpf.direction, { 'ingress': False, 'egress': True }), PortRange={ 'From': naclap.target.dst_port, 'To': naclap.target.dst_port }, Protocol=naclap.clean(naclap.target.protocol, { 'tcp': 6, 'udp': 17, 'icmp': 1 }), RuleAction=naclap.action, RuleNumber=naclap.args.slpf.insert_rule) except Exception as e: #todo: parse boto3 for http code and resp resp = Response(status=400, status_text=str(e)) return resp.serialize() else: resp = Response(status=200, results={"x-aws-nacl": data}) return resp.serialize() else: resp = Response(status=425, status_text="Unsupported Media Type") return resp.serialize()
def test_response_create(): with pytest.raises(openc2.exceptions.MissingPropertiesError): openc2.v10.Response() with pytest.raises(openc2.exceptions.MissingPropertiesError): openc2.v10.Response(results={}) with pytest.raises(openc2.exceptions.MissingPropertiesError): openc2.v10.Response(status_text="Ok.") foo = openc2.v10.Response(status=200) assert foo assert foo.status == 200 assert foo.serialize() == '{"status": 200}' bar = openc2.v10.Response(**json.loads(foo.serialize())) assert bar == foo bar = openc2.parse({"status": 200}) assert foo == bar bar = openc2.parse(foo.serialize()) assert foo == bar
def test_cmd_properties(): gen = """{ "action": "scan", "target": { "properties": [ "Tag1", "Tag2", "Tag3", "Tag4" ] } } """ foo = openc2.parse(gen) assert foo.action == "scan" assert isinstance(foo.target, openc2.v10.Properties) assert foo.target.properties == ["Tag1", "Tag2", "Tag3", "Tag4"] bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def main(): ms = sys.stdin msg = json.load(ms) openc2_cmd = openc2.parse(msg) openc2_cmd.check_object_constraints() try: msg["target"]["db:db_name"] target = "172.30.0.3" except: target = "172.30.0.6" msg = openc2_cmd.serialize() headers = {'content-type': 'application/json'} response = requests.post('https://' + target + ':443/openc2.php', data=msg, headers=headers, verify=False) print(response.json)
def test_cmd_slpf_actuator(): widget = openc2.v10.SLPFActuator(hostname="localhost") foo = openc2.v10.Command(action="query", target=openc2.v10.Features(), actuator=widget) assert foo assert foo.action == "query" assert foo.actuator.hostname == "localhost" assert '"action": "query"' in foo.serialize() assert '"target": {"features": []}' in foo.serialize() assert '"actuator": {"slpf": {"hostname": "localhost"}}' in foo.serialize() bar = openc2.v10.Command(**json.loads(foo.serialize())) assert bar == foo bar = openc2.parse(foo.serialize()) assert foo == bar
def main(): ms = sys.stdin msg = json.load(ms) openc2_cmd = openc2.parse(msg) openc2_cmd.check_object_constraints() action = openc2_cmd["action"] db_name = msg["target"]["db:db_name"] try : db_date = msg["args"]["date"] except : db_date = date.today().strftime("%d%m%Y") if action == "copy" : mysql_cmd = "mysqldump -u root --password=toor --databases " + db_name + " > " + "/var/www/backups/" + date.today().strftime("%d%m%Y") + "-" + db_name + ".sql" elif action == "restore" : mysql_cmd = "mysql -u root --password=toor < " + "/var/www/backups/" + db_date + "-" + db_name + ".sql" elif action == "delete" : mysql_cmd = "rm " + "/var/www/backups/" + db_date + "-" + db_name + ".sql" os.system(mysql_cmd)
def openc2_aws_sg(): if request.headers['Content-Type'] == 'application/json': cmd = parse(request.get_json()) try: sgap = AWSSecurityGroup(**cmd) except Exception as e: resp = Response(status=400, status_text="Invalid command format/arguments (%s)"%str(e)) return resp.serialize() session = boto3.Session(profile_name=sgap.actuator.aws_account_id) ec2 = session.client('ec2',region_name=sgap.actuator.aws_region) if sgap.action == "allow": try: data = ec2.authorize_security_group_ingress( GroupId=sgap.actuator.aws_resource_id, IpProtocol=sgap.target.protocol, FromPort=sg.target.dst_port, ToPort=sg.target.dst_port, CidrIp=sg.target.src_addr) except Exception as e: #todo: parse boto3 for http code and resp resp = Response(status=400, status_text=str(e)) return resp.serialize() else: resp = Response(status=200, results = {"x-aws-sg":data}) return resp.serialize() elif sgap.action == "delete": try: data = ec2.revoke_security_group_ingress( GroupId=sgap.actuator.aws_sg_id, IpProtocol=sgap.target.protocol, FromPort=sgap.target.dst_port, ToPort=sgap.target.dst_port, CidrIp=sgap.target.src_addr ) except Exception as e: #todo: parse boto3 for http code and resp resp = Response(status=400, status_text=str(e)) return resp.serialize() else: resp = Response(status=200, results = {"x-aws-sg":data}) return resp.serialize() else: resp = Response(status=425, status_text="Unsupported Media Type") return resp.serialize()
def test_cmd_idn(): gen = """{ "action": "deny", "target": { "idn_domain_name": "IDN Domain name" } }""" foo = openc2.parse(gen) assert foo.action == "deny" assert isinstance(foo.target, openc2.v10.InternationalizedDomainName) assert foo.target.idn_domain_name == "IDN Domain name" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar gen = """{ "action": "detonate", "target": { "idn_email_addr": "IDN Email address" } }""" foo = openc2.parse(gen) assert foo.action == "detonate" assert isinstance(foo.target, openc2.v10.InternationalizedEmailAddress) assert foo.target.idn_email_addr == "IDN Email address" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
import sys, json from openc2 import parse # read in json file and attempt to parse with open(sys.argv[1], "r") as IN: msg = json.load(IN) cmd = parse(msg) print(cmd)
def test_cmd_generated(): generated = [] generated.append("""{ "action": "contain", "target": { "artifact": { "payload": { "url": "www.testurl.com" }, "hashes": { "sha1": "1234567890ABCDEF1234567890ABCDEF12345678", "sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1", "md5": "1234567890ABCDEF1234567890ABCDEF" }, "mime_type": "My MIME Type" } } } """) generated.append("""{ "action": "start", "target": { "artifact": { "payload": { "url": "www.testurl.com" }, "hashes": { "sha1": "1234567890ABCDEF1234567890ABCDEF12345678", "sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1", "md5": "1234567890ABCDEF1234567890ABCDEF" }, "mime_type": "My MIME Type" } }, "args": { "start_time": 1568209029693, "stop_time": 1568209059693, "response_requested": "complete" } } """) generated.append("""{ "action": "start", "target": { "artifact": { "payload": { "url": "www.testurl.com" }, "hashes": { "sha1": "1234567890ABCDEF1234567890ABCDEF12345678", "sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1", "md5": "1234567890ABCDEF1234567890ABCDEF" }, "mime_type": "My MIME Type" } }, "args": { "duration": 30000, "start_time": 1568209029693, "response_requested": "complete" } } """) generated.append("""{ "action": "stop", "target": { "artifact": { "payload": { "bin": "YmluIGRhdGE=" }, "hashes": { "sha1": "1234567890ABCDEF1234567890ABCDEF12345678", "sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1", "md5": "1234567890ABCDEF1234567890ABCDEF" }, "mime_type": "My MIME Type" } } } """) generated.append("""{ "action": "update", "target": { "artifact": { "payload": { "url": "www.testurl.com" }, "hashes": { "sha1": "1234567890ABCDEF1234567890ABCDEF12345678", "sha256": "1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABDEF1", "md5": "1234567890ABCDEF1234567890ABCDEF" }, "mime_type": "My MIME Type" } } } """) for gen in generated: foo = openc2.parse(gen) bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def test_custom_target(): @openc2.v10.CustomTarget("x-thing:id", [("id", stix2.properties.StringProperty())]) class CustomTarget(object): pass one = CustomTarget() assert one != None # for some reason `assert one` fails with pytest.raises(openc2.exceptions.ExtraPropertiesError): CustomTarget(bad="id") one = CustomTarget(id="uuid") assert one assert one.id == "uuid" two = CustomTarget(id=(json.loads(one.serialize())["x-thing:id"])) assert one == two with pytest.raises(openc2.exceptions.ParseError): openc2.parse(one.serialize()) with pytest.raises(ValueError): @openc2.v10.CustomTarget( "x-invalid", [("id", stix2.properties.StringProperty())] ) class CustomTargetInvalid(object): pass with pytest.raises(ValueError): @openc2.v10.CustomTarget( "invalid_target", [("id", stix2.properties.StringProperty())] ) class CustomTargetInvalid(object): pass with pytest.raises(ValueError): @openc2.v10.CustomTarget( "over_16_chars_long_aaaaaaaaaaaaaaaaaaaa123", [("id", openc2.properties.StringProperty())], ) class CustomTargetInvalid(object): pass with pytest.raises(TypeError): @openc2.v10.CustomTarget( "x-custom:id", ("id", stix2.properties.StringProperty()), ) class CustomTargetInvalid(object): pass with pytest.raises(TypeError): @openc2.v10.CustomTarget("x-custom:id") class CustomTargetInvalid(object): pass with pytest.raises(ValueError): @openc2.v10.CustomTarget( "x-over_16_chars_long_aaaaaaaaaaaaaaaaaaaa:id", [("id", openc2.properties.StringProperty())], ) class CustomTargetInvalid(object): pass with pytest.raises(ValueError): @openc2.v10.CustomTarget("x-thing:noprops", []) class CustomTargetInvalid(object): pass with pytest.raises(openc2.exceptions.InvalidValueError): v = """{ "target": {"x-custom": "value"}, "action":"query"}""" openc2.utils.parse(v) with pytest.raises(openc2.exceptions.InvalidValueError): v = """{ "target": {"x-custom:id": "value"}, "action":"query"}""" openc2.utils.parse(v) with pytest.raises(openc2.exceptions.InvalidValueError): v = """{ "target": {}, "action":"query"}""" openc2.utils.parse(v)
def main(): ms = sys.stdin msg = json.load(ms) openc2_cmd = openc2.parse(msg) openc2_cmd.check_object_constraints() action = openc2_cmd["action"] addr1 = msg["target"]["ipsec_targets"]["addr1"] addr2 = msg["target"]["ipsec_targets"]["addr2"] try: socket.inet_aton(addr1) except socket.error: print("Error: addr1 is invalid") sys.exit(1) try: socket.inet_aton(addr2) except socket.error: print("Error: addr2 is invalid") sys.exit(1) gateway = subprocess.Popen( "ip route | grep default | cut -f3 -d' '", shell=True, stdout=subprocess.PIPE).communicate()[0].strip().decode('ascii') if addr1 == gateway: addr1, addr2 = addr2, addr1 try: ike_encryption = msg["args"]["ike_encryption"] except: ike_encryption = "aes128" try: ike_hash = msg["args"]["ike_hash"] except: ike_hash = "sha1" try: esp_encryption = msg["args"]["esp_encryption"] except: esp_encryption = "aes128" try: esp_hash = msg["args"]["esp_hash"] except: esp_hash = "sha1" try: shared_secret = msg["args"]["shared_secret"] except: shared_secret = "secret" if action == "start": cmd1 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/start_ipsec.sh" cmd2 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/start_ipsec.sh" os.system(cmd1) os.system(cmd2) elif action == "stop": cmd1 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/stop_ipsec.sh" cmd2 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/stop_ipsec.sh" os.system(cmd1) os.system(cmd2) elif action == "create": cmd1 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/create_ipsec.sh " + shared_secret + " " + ike_hash + " " + ike_encryption + " " + esp_hash + " " + esp_encryption cmd2 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/create_ipsec.sh " + shared_secret + " " + ike_hash + " " + ike_encryption + " " + esp_hash + " " + esp_encryption cmd3 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/save_config.sh" cmd4 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/save_config.sh" os.system(cmd1) os.system(cmd2) os.system(cmd3) os.system(cmd4) elif action == "set": cmd1 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/set_ipsec.sh " + shared_secret + " " + ike_hash + " " + ike_encryption + " " + esp_hash + " " + esp_encryption cmd2 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/set_ipsec.sh " + shared_secret + " " + ike_hash + " " + ike_encryption + " " + esp_hash + " " + esp_encryption cmd3 = "ssh -o StrictHostKeyChecking=no vyos@" + addr1 + " 'bash -s' < /etc/openc2-proxy/src/save_config.sh" cmd4 = "ssh -o StrictHostKeyChecking=no vyos@" + addr2 + " 'bash -s' < /etc/openc2-proxy/src/save_config.sh" os.system(cmd1) os.system(cmd2) os.system(cmd3) os.system(cmd4)
def test_cmd_ip(): gen = """{ "action": "investigate", "target": { "ipv4_connection": { "src_addr": "10.0.0.0/24", "src_port": 8443, "dst_addr": "10.0.0.0/24", "dst_port": 9443, "protocol": "tcp" } } } """ foo = openc2.parse(gen) assert foo.action == "investigate" assert isinstance(foo.target, openc2.v10.IPv4Connection) assert foo.target.src_addr == "10.0.0.0/24" assert foo.target.src_port == 8443 assert foo.target.dst_addr == "10.0.0.0/24" assert foo.target.dst_port == 9443 assert foo.target.protocol == "tcp" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar gen = """{ "action": "locate", "target": { "ipv4_net": "10.0.0.0/24" } } """ foo = openc2.parse(gen) assert foo.action == "locate" assert isinstance(foo.target, openc2.v10.IPv4Address) assert foo.target.ipv4_net == "10.0.0.0/24" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar gen = """{ "action": "query", "target": { "ipv6_connection": { "src_addr": "AE:00:E4:F1:04:65/24", "src_port": 8443, "dst_addr": "AE:00:E4:F1:04:65/24", "dst_port": 9443, "protocol": "tcp" } } } """ foo = openc2.parse(gen) assert foo.action == "query" assert isinstance(foo.target, openc2.v10.IPv6Connection) assert foo.target.src_addr == "AE:00:E4:F1:04:65/24" assert foo.target.src_port == 8443 assert foo.target.dst_addr == "AE:00:E4:F1:04:65/24" assert foo.target.dst_port == 9443 assert foo.target.protocol == "tcp" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar gen = """{ "action": "locate", "target": { "ipv6_net": "AE:00:E4:F1:04:65/24" } } """ foo = openc2.parse(gen) assert foo.action == "locate" assert isinstance(foo.target, openc2.v10.IPv6Address) assert foo.target.ipv6_net == "AE:00:E4:F1:04:65/24" bar = openc2.parse(foo.serialize()) assert foo == bar bar = openc2.parse(json.loads(foo.serialize())) assert foo == bar bar = openc2.v10.Command(**json.loads(foo.serialize())) assert foo == bar
def _deseropenc2(msg): return openc2.parse(msg)
import openc2 import stix2 cmd = openc2.v10.ROUTER( action="create", target=openc2.v10.ROUTERTarget(addr1="aaa", addr2="aaa"), args=openc2.v10.ROUTERArgs(shared_secret="", ike_hash="", esp_hash="", esp_encryption="", ike_encryption=""), ) msg = cmd.serialize() print(cmd) cmd = openc2.parse(msg) print(cmd)