def deploy_ability(test_executor, event_loop): ability = AbilitySchema().load(dict(ability_id='123', tactic='persistence', technique_id='auto-generated', technique_name='auto-generated', name='test deploy command', description='test ability', executors=[ExecutorSchema().dump(test_executor)])) event_loop.run_until_complete(BaseService.get_service('data_svc').store(ability)) return ability
def test_ability(test_executor, loop): ability = AbilitySchema().load( dict(ability_id='123', tactic='discovery', technique_id='auto-generated', technique_name='auto-generated', name='Manual Command', description='test ability', executors=[ExecutorSchema().dump(test_executor)])) loop.run_until_complete(BaseService.get_service('data_svc').store(ability)) return ability
class LinkSchema(ma.Schema): class Meta: unknown = ma.EXCLUDE id = ma.fields.String(missing='') paw = ma.fields.String() command = ma.fields.String() status = ma.fields.Integer(missing=-3) score = ma.fields.Integer(missing=0) jitter = ma.fields.Integer(missing=0) decide = ma.fields.DateTime(format='%Y-%m-%d %H:%M:%S') pin = ma.fields.Integer(missing=0) pid = ma.fields.String() facts = ma.fields.List(ma.fields.Nested(FactSchema())) relationships = ma.fields.List(ma.fields.Nested(RelationshipSchema())) used = ma.fields.List(ma.fields.Nested(FactSchema())) unique = ma.fields.String() collect = ma.fields.DateTime(format='%Y-%m-%d %H:%M:%S', default='') finish = ma.fields.String() ability = ma.fields.Nested(AbilitySchema()) executor = ma.fields.Nested(ExecutorSchema()) cleanup = ma.fields.Integer(missing=0) visibility = ma.fields.Nested(VisibilitySchema) host = ma.fields.String(missing=None) output = ma.fields.String() deadman = ma.fields.Boolean() agent_reported_time = ma.fields.DateTime(format='%Y-%m-%d %H:%M:%S', missing=None) @ma.pre_load() def fix_ability(self, link, **_): if 'ability' in link and isinstance(link['ability'], Ability): ability = link.pop('ability') link['ability'] = ability.schema.dump(ability) return link @ma.pre_load() def fix_executor(self, link, **_): if 'executor' in link and isinstance(link['executor'], Executor): executor = link.pop('executor') link['executor'] = executor.schema.dump(executor) return link @ma.post_load() def build_link(self, data, **_): return Link(**data) @ma.post_dump() def prepare_dump(self, data, **_): if data.get('agent_reported_time', None) is None: data.pop('agent_reported_time', None) return data
def build_ability(self, data: dict, executor: Executor): if not data.get('ability_id'): data['ability_id'] = str(uuid.uuid4()) if not data.get('tactic'): data['tactic'] = 'auto-generated' if not data.get('technique_id'): data['technique_id'] = 'auto-generated' if not data.get('technique_name'): data['technique_name'] = 'auto-generated' if not data.get('name'): data['name'] = 'Manual Command' if not data.get('description'): data['description'] = 'Manual command ability' data['executors'] = [ExecutorSchema().dump(executor)] ability = AbilitySchema().load(data) return ability
def replaced_ability_payload(test_ability): ability_data = test_ability.schema.dump(test_ability) test_executor_linux = Executor(name='sh', platform='linux', command='whoami') test_requirement = Requirement( module='plugins.stockpile.app.requirements.paw_provenance', relationship_match=[{ 'source': 'host.user.name' }]) ability_data.update( dict(name='replaced test ability', tactic='collection', technique_name='discovery', technique_id='2', executors=[ExecutorSchema().dump(test_executor_linux)], plugin='', requirements=[RequirementSchema().dump(test_requirement)])) return ability_data
def new_ability_payload(): test_executor_linux = Executor(name='sh', platform='linux', command='whoami') return { 'name': 'new test ability', 'ability_id': '456', 'tactic': 'collection', 'technique_name': 'collection', 'technique_id': '1', 'executors': [ExecutorSchema().dump(test_executor_linux)], 'access': {}, 'additional_info': {}, 'buckets': ['collection'], 'description': '', 'privilege': '', 'repeatable': False, 'requirements': [], 'singleton': False, 'plugin': '' }
def test_executor(test_agent): return ExecutorSchema().load( dict(timeout=60, platform=test_agent.platform, name='linux', command='ls'))
class LinkSchema(ma.Schema): class Meta: unknown = ma.EXCLUDE id = ma.fields.String(missing='') paw = ma.fields.String() command = ma.fields.String() status = ma.fields.Integer(missing=-3) score = ma.fields.Integer(missing=0) jitter = ma.fields.Integer(missing=0) decide = ma.fields.DateTime(format=BaseObject.TIME_FORMAT) pin = ma.fields.Integer(missing=0) pid = ma.fields.String() facts = ma.fields.List(ma.fields.Nested(FactSchema())) relationships = ma.fields.List(ma.fields.Nested(RelationshipSchema())) used = ma.fields.List(ma.fields.Nested(FactSchema())) unique = ma.fields.String() collect = ma.fields.DateTime(format=BaseObject.TIME_FORMAT, default='') finish = ma.fields.String() ability = ma.fields.Nested(AbilitySchema()) executor = ma.fields.Nested(ExecutorSchema()) cleanup = ma.fields.Integer(missing=0) visibility = ma.fields.Nested(VisibilitySchema()) host = ma.fields.String(missing=None) output = ma.fields.String() deadman = ma.fields.Boolean() agent_reported_time = ma.fields.DateTime(format=BaseObject.TIME_FORMAT, missing=None) @ma.pre_load() def fix_ability(self, link, **_): if 'ability' in link and isinstance(link['ability'], Ability): ability = link.pop('ability') link['ability'] = ability.schema.dump(ability) return link @ma.pre_load() def fix_executor(self, link, **_): if 'executor' in link and isinstance(link['executor'], Executor): executor = link.pop('executor') link['executor'] = executor.schema.dump(executor) return link @ma.pre_load() def remove_properties(self, data, **_): data.pop('unique', None) data.pop('decide', None) data.pop('pid', None) data.pop('facts', None) data.pop('collect', None) data.pop('finish', None) data.pop('visibility', None) data.pop('output', None) data.pop('used.unique', None) return data @ma.post_load() def build_link(self, data, **kwargs): return None if kwargs.get('partial') is True else Link(**data) @ma.post_dump() def prepare_dump(self, data, **_): if data.get('agent_reported_time', None) is None: data.pop('agent_reported_time', None) return data
async def load_executors_from_list(self, executors: list): return [ExecutorSchema().load(entry) for entry in executors]
def build_executor(self, data: dict, agent: Agent): if not data.get('timeout'): data['timeout'] = 60 data['platform'] = agent.platform executor = ExecutorSchema().load(data) return executor