async def refresh(self, request):
with self.api_logic.dao as con:
op = None
exploder = Explode(con)
data = await request.post()
if data.get('id'):
op = exploder.operation(data.get('id'))[0]
hosts = exploder.host()
networks = con.get_networks()
adversaries = con.get_adversaries()
steps = exploder.step()
domains = con.get_domains()
return web.json_response(dict(chosen=op, hosts=hosts, networks=networks, adversaries=adversaries, steps=steps,
domains=domains))
async def planner(self, request):
await self.auth_svc.check_permissions(request)
with self.api_logic.dao as con:
if request.method == 'PUT':
data = dict(await request.json())
index = data.pop('index')
if index == 'network':
return web.json_response(self.api_logic.save_network(data))
elif index == 'adversary':
return web.json_response(
self.api_logic.save_adversary(data))
elif request.method == 'POST':
# only the operations form uses the POST method
data = dict(await request.post())
index = data.pop('index')
new_id = con.create(index, data)
return web.json_response(
dict(id=str(new_id),
msg='successfully created %s' % index))
elif request.method == 'DELETE':
data = await request.post()
index = data.get('index')
if index == 'adversary':
return web.json_response(
self.api_logic.delete_adversary(data))
elif index == 'operation':
return web.json_response(
self.api_logic.delete_operation(data))
con.delete(index, data.get('id'))
return web.json_response('deleted successfully')
# return GET results for GUI
exploder = Explode(con)
return dict(active=dict(),
techniques=con.get_techniques(),
tactics=con.get_tactics(),
hosts=con.get_hosts(),
steps=exploder.step(),
networks=exploder.network(),
artifact_lists=con.get_artifact_lists(),
settings=con.get_settings()[0],
groups=con.get_attack_groups(),
adversaries=con.get_adversaries(),
operations=con.get_operations(),
domains=con.get_domains(),
rats=con.get_rats(),
errors=self.api_logic.build_errors())
async def download_operation(self, request):
await self.auth_svc.check_permissions(request)
op_id = request.rel_url.query['id']
with self.api_logic.dao as con:
full_op = Explode(con).operation(id=op_id)[0]
headers = dict([('CONTENT-DISPOSITION',
'attachment; filename="op-%s.json"' % op_id)])
return web.Response(body=json.dumps(full_op),
content_type='application/json',
headers=headers)
async def start_sim_environment(self, nap=30):
"""
Start simulation environment
"""
while True:
with self.api_logic.dao as con:
agents = Explode(con).agent()
sim_agents = [
a for domain in get_simulated_domain_data() for a in agents
if a['host']['domain']['windows_domain'] == domain['name']
]
for agent in sim_agents:
jobs = await self.api_logic.get_api_jobs(
'created', agent.get('id'), False)
for job in jobs:
stdout = base64.b64encode(
'simulation hosts have no responses'.encode())
x = dict(action=dict(result=dict(stdout=stdout)),
status='success',
create_time=datetime.now(timezone.utc))
await self.api_logic.put_job_details(x, job)
await asyncio.sleep(nap)