async def _create_ability(self, ability_id, tactic, technique_name, technique_id, name, test, description, executor, platform, cleanup=None, payload=None, parsers=None, requirements=None, privilege=None): ps = [] for module in parsers: relation = [Relationship(source=r['source'], edge=r.get('edge'), target=r.get('target')) for r in parsers[module]] ps.append(Parser(module=module, relationships=relation)) rs = [] for module in requirements: relation = [Relationship(source=r['source'], edge=r.get('edge'), target=r.get('target')) for r in requirements[module]] rs.append(Requirement(module=module, relationships=relation)) await self.store(Ability(ability_id=ability_id, name=name, test=test, tactic=tactic, technique_id=technique_id, technique=technique_name, executor=executor, platform=platform, description=description, cleanup=cleanup, payload=payload, parsers=ps, requirements=rs, privilege=privilege))
def parse(self, blob): relationships = [] vm_names = self._get_vm_names(blob) for name in vm_names: for mp in self.mappers: relationships.append( Relationship(source=(mp.source, name), edge=mp.edge, target=(mp.target, None))) return relationships
def parse(self, blob): relationships = [] for match in self.filename(blob): for mp in self.mappers: source = self.set_value(mp.source, match, self.used_facts) target = self.set_value(mp.target, match, self.used_facts) relationships.append( Relationship(source=(mp.source, source), edge=mp.edge, target=(mp.target, target))) return relationships
def parse(self, blob): relationships = [] for match in self.line(blob): values = match.split(':') for mp in self.mappers: relationships.append( Relationship(source=(mp.source, values[0]), edge=mp.edge, target=(mp.target, values[1])) ) return relationships
def parse(self, blob): relationships = [] try: parse_data = self.nbt_parser(blob) for match in parse_data: for mp in self.mappers: relationships.append( Relationship(source=(mp.source, match), edge=mp.edge, target=(mp.target, None))) except Exception: pass return relationships
def parse(self, blob): relationships = [] for match in self.line(blob.lower()): for uniform_match in [av for av in self.ANTIVIRUS if av in match]: for mp in self.mappers: source = self.set_value(mp.source, uniform_match, self.used_facts) target = self.set_value(mp.target, uniform_match, self.used_facts) relationships.append( Relationship(source=(mp.source, source), edge=mp.edge, target=(mp.target, target)) ) return relationships
def parse(self, blob): relationships = [] for match in self.line(blob): port = self._locate_port(match) if port: for mp in self.mappers: source = self.set_value(mp.source, port, self.used_facts) target = self.set_value(mp.target, port, self.used_facts) relationships.append( Relationship(source=(mp.source, source), edge=mp.edge, target=(mp.target, target))) return relationships
def parse(self, blob): relationships = [] try: parse_data = self.gd_parser(blob) for match in parse_data: for mp in self.mappers: relationships.append( Relationship(source=(mp.source, match), edge=mp.edge, target=(mp.target, None))) except Exception as error: self.log.warning('Get-Domain parser encountered an error - {}. Continuing...'.format(error)) return relationships
def parse(self, blob): relationships = [] for match in self.line(blob): if 'The command completed successfully.' in match: for mp in self.mappers: relationships.append( Relationship(source=(mp.source, self._get_remote_host(mp.source, self.used_facts)), edge=mp.edge, target=(mp.target, None)) ) # we can only have one resulting relationship in this parser type. return immediately return relationships return relationships
def _recurse(self, block, relationships, mapper, score=1): for child in block: if child.get('children'): self._recurse(child.get('children'), relationships, mapper, score) elif child.get('url'): source = self.set_value(mapper.source, child.get('name'), self.used_facts) target = self.set_value(mapper.target, child.get('url'), self.used_facts) if child.get('meta_info', dict()).get('last_visited_desktop'): if int(child['meta_info']['last_visited_desktop']) > score: score += 1 relationships.append(Relationship(source=(mapper.source, source), edge=mapper.edge, target=(mapper.target, target), score=score))
def parse(self, blob): relationships = [] for match in self.line(blob): if self.ABILITY_SUCCESS_FLAG in match: for mp in self.mappers: relationships.append( Relationship(source=(mp.source, self._get_remote_host( mp.source, self.used_facts)), edge=mp.edge, target=(mp.target, None))) # we can only have one resulting relationship in this parser type. return immediately return relationships return relationships
def parse(self, blob): relationships = [] for ip in self.ip(blob): ip_is_valid = self._is_valid_ip(ip) if ip_is_valid: for mp in self.mappers: if 'whitelist' in dir(mp): ip = self._whitelist_ip(ip, mp.whitelist) if ip: source = self.set_value(mp.source, ip, self.used_facts) target = self.set_value(mp.target, ip, self.used_facts) relationships.append( Relationship(source=(mp.source, source), edge=mp.edge, target=(mp.target, target)) ) return relationships
def parse(self, blob): relationships = [] try: parse_data = self.parse_katz(blob) for match in parse_data: if self.parse_mode in match.packages: hash_pass = re.match(self.hash_check, match.packages[self.parse_mode][0]['Password']) if not hash_pass: for mp in self.mappers: relationships.append( Relationship(source=(mp.source, match.packages[self.parse_mode][0]['Username']), edge=mp.edge, target=(mp.target, match.packages[self.parse_mode][0]['Password'])) ) except Exception as error: self.log.warning('Mimikatz parser encountered an error - {}. Continuing...'.format(error)) return relationships
def parse(self, blob): relationships = [] json_output = self._load_json(blob) if json_output is not None: for mp in self.mappers: if 'json_key' not in dir(mp): self.log.warning( 'JSON Parser not given a json_key, not parsing') continue json_type = mp.json_type if 'json_type' in dir(mp) else None for match in self._get_vals_from_json(json_output, mp.json_key, json_type): source = self.set_value(mp.source, match, self.used_facts) target = self.set_value(mp.target, match, self.used_facts) relationships.append( Relationship(source=(mp.source, source), edge=mp.edge, target=(mp.target, target))) return relationships
def from_json(cls, json): relationships = [ Relationship.from_json(r) for r in json['relationships'] ] return cls(module=json['module'], relationships=relationships)