async def setup_planning_test(executor, ability, agent, operation, data_svc,
event_svc, init_base_world):
texecutor = executor(name='sh',
platform='darwin',
command='mkdir test',
cleanup='rm -rf test')
tability = ability(ability_id='123',
executors=[texecutor],
repeatable=True,
buckets=['test'],
name='test1')
tagent = agent(sleep_min=1,
sleep_max=2,
watchdog=0,
executors=['sh'],
platform='darwin',
server='http://127.0.0.1:8000')
tsource = Source(id='123', name='test', facts=[], adjustments=[])
toperation = operation(name='test1',
agents=[tagent],
adversary=Adversary(name='test',
description='test',
atomic_ordering=[],
adversary_id='XYZ'),
source=tsource)
cexecutor = executor(name='sh',
platform='darwin',
command=test_string,
cleanup='whoami')
cability = ability(ability_id='321',
executors=[cexecutor],
singleton=True,
name='test2')
await data_svc.store(tability)
await data_svc.store(cability)
await data_svc.store(
Obfuscator(
name='plain-text',
description=
'Does no obfuscation to any command, instead running it in plain text',
module='plugins.stockpile.app.obfuscators.plain_text'))
yield tability, tagent, toperation, cability
def setup_rest_svc_test(loop, data_svc):
BaseWorld.apply_config(name='main', config={'app.contact.http': '0.0.0.0',
'plugins': ['sandcat', 'stockpile'],
'crypt_salt': 'BLAH',
'api_key': 'ADMIN123',
'encryption_key': 'ADMIN123',
'exfil_dir': '/tmp'})
loop.run_until_complete(data_svc.store(
Ability(ability_id='123', test=BaseWorld.encode_string('curl #{app.contact.http}'), variations=[],
executor='psh', platform='windows'))
)
loop.run_until_complete(data_svc.store(
Ability(ability_id='456', test=BaseWorld.encode_string('whoami'), variations=[],
executor='sh', platform='linux'))
)
loop.run_until_complete(data_svc.store(
Ability(ability_id='789', test=BaseWorld.encode_string('hostname'), variations=[],
executor='sh', platform='linux'))
)
adversary = Adversary(adversary_id='123', name='test', description='test', atomic_ordering=[])
loop.run_until_complete(data_svc.store(adversary))
agent = Agent(paw='123', sleep_min=2, sleep_max=8, watchdog=0, executors=['pwsh', 'psh'], platform='windows')
loop.run_until_complete(data_svc.store(agent))
loop.run_until_complete(data_svc.store(
Objective(id='495a9828-cab1-44dd-a0ca-66e58177d8cc', name='default', goals=[Goal()])
))
loop.run_until_complete(data_svc.store(
Planner(planner_id='123', name='test', module='test', params=dict())
))
source = Source(id='123', name='test', facts=[], adjustments=[])
loop.run_until_complete(data_svc.store(source))
loop.run_until_complete(data_svc.store(
Operation(name='test', agents=[agent], adversary=adversary, id='123', source=source)
))
loop.run_until_complete(data_svc.store(
Obfuscator(name='plain-text',
description='Does no obfuscation to any command, instead running it in plain text',
module='plugins.stockpile.app.obfuscators.plain_text')
))
def setup_planning_test(loop, ability, agent, operation, data_svc, init_base_world):
tability = ability(ability_id='123', executor='sh', platform='darwin', test=BaseWorld.encode_string('mkdir test'),
cleanup=BaseWorld.encode_string('rm -rf test'), variations=[])
tagent = agent(sleep_min=1, sleep_max=2, watchdog=0, executors=['sh'], platform='darwin')
tsource = Source(id='123', name='test', facts=[], adjustments=[])
toperation = operation(name='test1', agents=tagent, adversary=Adversary(name='test', description='test',
atomic_ordering=[], adversary_id='XYZ'),
source=tsource)
loop.run_until_complete(data_svc.store(tability))
loop.run_until_complete(data_svc.store(
Obfuscator(name='plain-text',
description='Does no obfuscation to any command, instead running it in plain text',
module='plugins.stockpile.app.obfuscators.plain_text')
))
yield tability, tagent, toperation
def test_source(loop, mocker, mock_time):
with mocker.patch(
'app.objects.secondclass.c_fact.datetime') as mock_datetime:
mock_datetime.return_value = mock_datetime
mock_datetime.now.return_value = mock_time
fact = Fact(trait='test_fact', value=1)
rule = Rule(RuleAction.ALLOW, trait='test_rule')
relationship = Relationship(source=fact,
edge="alpha",
origin="test_operation")
source = Source(id='123',
name='Test Source',
facts=[fact],
rules=[rule],
adjustments=[],
relationships=[relationship])
loop.run_until_complete(
BaseService.get_service('data_svc').store(source))
return source
def test_create_relationship_source_fact(self, event_loop, ability,
executor, operation,
knowledge_svc):
test_executor = executor(name='psh', platform='windows')
test_ability = ability(ability_id='123', executors=[test_executor])
fact1 = Fact(trait='remote.host.fqdn', value='dc')
fact2 = Fact(trait='domain.user.name', value='Bob')
relationship = Relationship(source=fact1,
edge='has_admin',
target=fact2)
link1 = Link(command='echo "Bob"',
paw='123456',
ability=test_ability,
id='111111',
executor=test_executor)
operation = operation(name='test-op',
agents=[],
adversary=Adversary(name='sample',
adversary_id='XYZ',
atomic_ordering=[],
description='test'),
source=Source(id='test-source', facts=[fact1]))
event_loop.run_until_complete(operation._init_source())
event_loop.run_until_complete(
link1.create_relationships([relationship], operation))
link2 = Link(command='echo "Bob"',
paw='789100',
ability=test_ability,
id='222222',
executor=test_executor)
event_loop.run_until_complete(
link2.create_relationships([relationship], operation))
fact_store_operation_source = event_loop.run_until_complete(
knowledge_svc.get_facts(dict(source=operation.source.id)))
fact_store_operation = event_loop.run_until_complete(
knowledge_svc.get_facts(dict(source=operation.id)))
assert len(fact_store_operation_source) == 1
assert len(fact_store_operation) == 1
assert len(fact_store_operation_source[0].collected_by) == 2
def setup_rest_svc_test(loop, data_svc):
BaseWorld.apply_config(name='default', config={'app.contact.http': '0.0.0.0',
'plugins': ['sandcat', 'stockpile'],
'crypt_salt': 'BLAH',
'api_key': 'ADMIN123',
'encryption_key': 'ADMIN123',
'exfil_dir': '/tmp'})
loop.run_until_complete(data_svc.store(
Ability(ability_id='123', test=BaseWorld.encode_string('curl #{app.contact.http}'), variations=[]))
)
loop.run_until_complete(data_svc.store(
Adversary(adversary_id='123', name='test', description='test', phases=[]))
)
loop.run_until_complete(data_svc.store(
Agent(paw='123', sleep_min=2, sleep_max=8, watchdog=0)
))
loop.run_until_complete(data_svc.store(
Planner(planner_id='123', name='test', module='test', params=dict())
))
loop.run_until_complete(data_svc.store(
Source(identifier='123', name='test', facts=[])
))
def op_with_learning_and_seeded(ability, adversary, operation_agent,
parse_datestring):
sc = Source(id='3124',
name='test',
facts=[Fact(trait='domain.user.name', value='bob')])
op = Operation(id='6789',
name='testC',
agents=[],
adversary=adversary,
source=sc,
use_learning_parsers=True)
# patch operation to make it 'realistic'
op.start = parse_datestring(OP_START_TIME)
op.adversary = op.adversary()
op.planner = Planner(planner_id='12345',
name='test_planner',
module='not.an.actual.planner',
params=None)
op.objective = Objective(id='6428', name='not_an_objective')
t_operation_agent = operation_agent
t_operation_agent.paw = '123456'
op.agents = [t_operation_agent]
return op
async def create_fact_source():
source_id = str(uuid.uuid4())
source_name = 'blue-pid-{}'.format(source_id)
return Source(id=source_id, name=source_name, facts=[])
async def load_source_file(self, filename, access):
for src in self.strip_yml(filename):
source = Source.load(src)
source.access = access
await self.store(source)
async def _create_analytic_source():
source_id = str(uuid.uuid4())
source_name = 'analytic-{}'.format(source_id)
facts = [Fact(trait='test', value='test')]
return Source(id=source_id, name=source_name, facts=facts)
async def _load_sources(self, plugin):
for filename in glob.iglob('%s/sources/*.yml' % plugin.data_dir, recursive=False):
for src in self.strip_yml(filename):
source = Source.load(src)
source.access = plugin.access
await self.store(source)
