Exemplo n.º 1
0
 def initialize(self):
     self.app_svc = AppService(None)
     self.data_svc = DataService()
     self.rest_svc = RestService()
     self.planning_svc = PlanningService()
     self.learning_svc = LearningService()
     self.services = [self.app_svc.get_services()]
Exemplo n.º 2
0
    async def initialize():
        with open(Path(__file__).parents[2] / 'conf' / 'default.yml',
                  'r') as fle:
            BaseWorld.apply_config('main', yaml.safe_load(fle))
        with open(Path(__file__).parents[2] / 'conf' / 'payloads.yml',
                  'r') as fle:
            BaseWorld.apply_config('payloads', yaml.safe_load(fle))

        app_svc = AppService(web.Application())
        _ = DataService()
        _ = RestService()
        _ = PlanningService()
        _ = LearningService()
        auth_svc = AuthService()
        _ = ContactService()
        _ = FileSvc()
        services = app_svc.get_services()
        os.chdir(str(Path(__file__).parents[2]))

        await app_svc.register_contacts()
        await app_svc.load_plugins(['sandcat', 'ssl'])
        _ = await RestApi(services).enable()
        await auth_svc.apply(app_svc.application, auth_svc.get_config('users'))
        await auth_svc.set_login_handlers(services)
        return app_svc.application
Exemplo n.º 3
0
def knowledge_webapp(event_loop, app_svc, base_world, data_svc):
    app_svc.add_service('auth_svc', AuthService())
    app_svc.add_service('knowledge_svc', KnowledgeService())
    app_svc.add_service('data_svc', DataService())
    app_svc.add_service('event_svc', EventService())
    app_svc.add_service('file_svc', FileSvc(
    ))  # This needs to be done this way, or it we won't have a valid BaseWorld
    services = app_svc.get_services()
    app = web.Application(middlewares=[
        authentication_required_middleware_factory(services['auth_svc']),
        json_request_validation_middleware
    ])

    FactApi(services).add_routes(app)

    return app
Exemplo n.º 4
0
    async def initialize():
        with open(Path(__file__).parents[1] / 'conf' / 'default.yml',
                  'r') as fle:
            BaseWorld.apply_config('main', yaml.safe_load(fle))
        with open(Path(__file__).parents[1] / 'conf' / 'payloads.yml',
                  'r') as fle:
            BaseWorld.apply_config('payloads', yaml.safe_load(fle))

        app_svc = AppService(web.Application(client_max_size=5120**2))
        _ = DataService()
        _ = RestService()
        _ = PlanningService()
        _ = LearningService()
        auth_svc = AuthService()
        _ = FileSvc()
        _ = EventService()
        services = app_svc.get_services()
        os.chdir(str(Path(__file__).parents[1]))

        _ = await RestApi(services).enable()
        await app_svc.register_contacts()
        await auth_svc.apply(app_svc.application, auth_svc.get_config('users'))
        await auth_svc.set_login_handlers(services)

        app_svc.register_subapp('/api/v2', make_app(svcs=services))
        aiohttp_apispec.setup_aiohttp_apispec(app=app_svc.application,
                                              title='CALDERA',
                                              version=version.get_version(),
                                              swagger_path='/api/docs',
                                              url='/api/docs/swagger.json',
                                              static_path='/static/swagger')
        app_svc.application.middlewares.append(
            apispec_request_validation_middleware)
        app_svc.application.middlewares.append(validation_middleware)

        return app_svc
Exemplo n.º 5
0
    parser.add_argument('-E',
                        '--environment',
                        required=True,
                        default='local',
                        help='Select an env. file to use')
    args = parser.parse_args()
    with open('conf/%s.yml' % args.environment) as c:
        config = yaml.load(c)
        logging.getLogger('aiohttp.access').setLevel(logging.WARNING)
        logging.getLogger('asyncio').setLevel(logging.FATAL)
        logging.getLogger().setLevel(config['debug_level'])
        sys.path.append('')

        plugin_modules = build_plugins(config['plugins'])
        utility_svc = UtilityService()
        data_svc = DataService(CoreDao('core.db'))
        operation_svc = OperationService(data_svc=data_svc,
                                         utility_svc=utility_svc,
                                         planner=config['planner'])
        auth_svc = AuthService(data_svc=data_svc, ssl_cert=SSL_CERT)
        file_svc = FileSvc(config['stores'])
        services = dict(data_svc=data_svc,
                        auth_svc=auth_svc,
                        utility_svc=utility_svc,
                        operation_svc=operation_svc,
                        file_svc=file_svc,
                        logger=Logger('plugin'),
                        plugins=plugin_modules)
        main(services=services,
             host=config['host'],
             port=config['port'],
Exemplo n.º 6
0
    app.router.add_static('/webapp/', 'webapp/static/')

    aiohttp_jinja2.setup(app, loader=jinja2.FileSystemLoader('webapp/html'))

    runner = web.AppRunner(app)
    await runner.setup()
    await web.TCPSite(runner, host, port).start()


def main(host, port):
    loop = asyncio.get_event_loop()
    loop.create_task(background_tasks())
    loop.run_until_complete(init(host, port))
    try:
        loop.run_forever()
    except KeyboardInterrupt:
        pass


if __name__ == '__main__':
    logging.getLogger().setLevel('DEBUG')
    logging.info('Welcome to Joystick')
    with open('conf/config.yml') as c:
        config = yaml.safe_load(c)
        host = config['host']
        port = config['port']
        results_svc = ResultsService()
        data_svc = DataService()
        rest_api = RestAPI(services=dict(results_svc=results_svc, data_svc=data_svc))
        main(host, port)
Exemplo n.º 7
0
if __name__ == '__main__':
    parser = argparse.ArgumentParser('Welcome to the system')
    parser.add_argument('-E',
                        '--environment',
                        required=False,
                        default='local',
                        help='Select an env. file to use')
    args = parser.parse_args()
    with open('conf/%s.yml' % args.environment) as c:
        cfg = yaml.load(c, Loader=yaml.FullLoader)
        set_logging_state()
        sys.path.append('')

        plugin_modules = build_plugins(cfg['plugins'])
        plugin_svc = PluginService(plugin_modules)
        data_svc = DataService(CoreDao('core.db', memory=cfg['memory']))
        logging.debug('Using an in-memory database: %s' % cfg['memory'])
        planning_svc = PlanningService()
        parsing_svc = ParsingService()
        operation_svc = OperationService()
        auth_svc = AuthService(cfg['api_key'])

        logging.debug('Uploaded files will be put in %s' % cfg['exfil_dir'])
        file_svc = FileSvc([p.name.lower() for p in plugin_modules],
                           cfg['exfil_dir'])
        agent_svc = AgentService(untrusted_timer=cfg['untrusted_timer'])
        logging.debug(
            'Agents will be considered untrusted after %s seconds of silence' %
            cfg['untrusted_timer'])

        logging.debug('Serving at http://%s:%s' % (cfg['host'], cfg['port']))
Exemplo n.º 8
0
def data_svc():
    return DataService()
Exemplo n.º 9
0
    parser = argparse.ArgumentParser('Welcome to the system')
    parser.add_argument('-E',
                        '--environment',
                        required=False,
                        default='local',
                        help='Select an env. file to use')
    args = parser.parse_args()
    config = args.environment if pathlib.Path(
        'conf/%s.yml' % args.environment).exists() else 'default'
    with open('conf/%s.yml' % config) as c:
        cfg = yaml.load(c, Loader=yaml.FullLoader)
        set_logging_state()
        sys.path.append('')

        plugin_modules = build_plugins(cfg['plugins'])
        data_svc = DataService()
        planning_svc = PlanningService()
        auth_svc = AuthService(cfg['api_key'])
        file_svc = FileSvc([p.name.lower() for p in plugin_modules],
                           cfg['exfil_dir'])
        agent_svc = AgentService()
        application = AppService(config=cfg, plugins=plugin_modules)

        logging.debug(
            'Agents will be considered untrusted after %s seconds of silence' %
            cfg['untrusted_timer'])
        logging.debug('Uploaded files will be put in %s' % cfg['exfil_dir'])
        logging.debug('Serving at http://%s:%s' % (cfg['host'], cfg['port']))
        main(services=data_svc.get_services(),
             host=cfg['host'],
             port=cfg['port'],
Exemplo n.º 10
0
    loop.run_until_complete(init(host, port, services, users))
    try:
        loop.run_forever()
    except KeyboardInterrupt:
        loop.run_until_complete(data_svc.save_state())
        logging.debug('[!] shutting down server...good-bye')


if __name__ == '__main__':
    parser = argparse.ArgumentParser('Welcome to the system')
    parser.add_argument('-E', '--environment', required=False, default='local', help='Select an env. file to use')
    args = parser.parse_args()
    config = args.environment if pathlib.Path('conf/%s.yml' % args.environment).exists() else 'default'
    with open('conf/%s.yml' % config) as c:
        cfg = yaml.load(c, Loader=yaml.FullLoader)
        set_logging_state()
        sys.path.append('')

        plugin_modules = build_plugins(cfg['plugins'])
        data_svc = DataService()
        planning_svc = PlanningService()
        auth_svc = AuthService(cfg['api_key'])
        file_svc = FileSvc([p.name.lower() for p in plugin_modules], cfg['exfil_dir'])
        agent_svc = AgentService()
        application = AppService(config=cfg, plugins=plugin_modules)

        logging.debug('Agents will be considered untrusted after %s seconds of silence' % cfg['untrusted_timer'])
        logging.debug('Uploaded files will be put in %s' % cfg['exfil_dir'])
        logging.debug('Serving at http://%s:%s' % (cfg['host'], cfg['port']))
        main(services=data_svc.get_services(), host=cfg['host'], port=cfg['port'], users=cfg['users'])
Exemplo n.º 11
0
 def setUp(self):
     self.data_svc = DataService()
     self.agent_svc = AgentService()
Exemplo n.º 12
0
 def setUp(self):
     self.data_svc = DataService()
Exemplo n.º 13
0
class TestData(TestBase):
    def setUp(self):
        self.data_svc = DataService()

    def test_adversary(self):
        self.run_async(
            self.data_svc.store(
                Adversary(adversary_id='123',
                          name='test',
                          description='test adversary',
                          phases=dict())))
        self.run_async(
            self.data_svc.store(
                Adversary(adversary_id='123',
                          name='test',
                          description='test adversary',
                          phases=dict())))
        adversaries = self.run_async(self.data_svc.locate('adversaries'))

        self.assertEqual(1, len(adversaries))
        for x in adversaries:
            json.dumps(x.display)

    def test_planner(self):
        self.run_async(
            self.data_svc.store(
                Planner(name='test',
                        planner_id='some_id',
                        module='some.path.here',
                        params=None,
                        description='description')))
        self.run_async(
            self.data_svc.store(
                Planner(name='test',
                        planner_id='some_id',
                        module='some.path.here',
                        params=None,
                        description='description')))
        planners = self.run_async(self.data_svc.locate('planners'))

        self.assertEqual(1, len(planners))
        for x in planners:
            json.dumps(x.display)

    def test_agent(self):
        self.run_async(self.data_svc.store(Agent(paw='123$abc')))
        self.run_async(self.data_svc.store(Agent(paw='123$abc')))
        agents = self.run_async(self.data_svc.locate('agents'))

        self.assertEqual(1, len(agents))
        for x in agents:
            json.dumps(x.display)

    def test_ability(self):
        self.run_async(
            self.data_svc.store(
                Ability(ability_id='123',
                        tactic='discovery',
                        technique_id='1',
                        technique='T1033',
                        name='test',
                        test='whoami',
                        description='find active user',
                        cleanup='',
                        executor='sh',
                        platform='darwin',
                        payload='wifi.sh',
                        parsers=[],
                        requirements=[],
                        privilege=None)))
        self.run_async(
            self.data_svc.store(
                Ability(ability_id='123',
                        tactic='discovery',
                        technique_id='1',
                        technique='T1033',
                        name='test',
                        test='whoami',
                        description='find active user',
                        cleanup='',
                        executor='sh',
                        platform='darwin',
                        payload='wifi.sh',
                        parsers=[],
                        requirements=[],
                        privilege=None)))
        abilities = self.run_async(self.data_svc.locate('abilities'))

        self.assertEqual(1, len(abilities))
        for x in abilities:
            json.dumps(x.display)

    def test_operation(self):
        adversary = self.run_async(
            self.data_svc.store(
                Adversary(adversary_id='123',
                          name='test',
                          description='test adversary',
                          phases=dict())))
        self.run_async(
            self.data_svc.store(
                Operation(name='my first op', agents=[], adversary=adversary)))

        operations = self.run_async(self.data_svc.locate('operations'))
        self.assertEqual(1, len(operations))
        for x in operations:
            json.dumps(x.display)

    def test_executor(self):
        x = Executor(name='sh', preferred=1)
        self.assertRaises(Exception, self.run_async(self.data_svc.store(x)))

    def test_remove(self):
        self.run_async(self.data_svc.store(Agent(paw='new$test')))
        agents = self.run_async(
            self.data_svc.locate('agents', match=dict(paw='new$test')))
        self.assertEqual(1, len(agents))
        self.run_async(
            self.data_svc.remove('agents', match=dict(paw='new$test')))
        agents = self.run_async(
            self.data_svc.locate('agents', match=dict(paw='new$test')))
        self.assertEqual(0, len(agents))
Exemplo n.º 14
0
                        required=False,
                        default='local',
                        help='Select an env. file to use')
    args = parser.parse_args()
    with open('conf/%s.yml' % args.environment) as c:
        cfg = yaml.load(c)
        logging.getLogger('aiohttp.access').setLevel(logging.FATAL)
        logging.getLogger('aiohttp_session').setLevel(logging.FATAL)
        logging.getLogger('aiohttp.server').setLevel(logging.FATAL)
        logging.getLogger('asyncio').setLevel(logging.FATAL)
        logging.getLogger().setLevel(logging.DEBUG)
        sys.path.append('')

        plugin_modules = build_plugins(cfg['plugins'])
        utility_svc = UtilityService()
        data_svc = DataService(CoreDao('core.db'), utility_svc)
        planning_svc = PlanningService(data_svc, utility_svc)
        operation_svc = OperationService(data_svc=data_svc,
                                         utility_svc=utility_svc,
                                         planning_svc=planning_svc,
                                         planner=cfg['planner'])
        auth_svc = AuthService(utility_svc=utility_svc)
        logging.debug('Uploaded files will be put in %s' % cfg['exfil_dir'])
        logging.debug('Downloaded payloads will come from %s' %
                      cfg['payloads'])
        file_svc = FileSvc(cfg['payloads'], cfg['exfil_dir'])
        services = dict(data_svc=data_svc,
                        auth_svc=auth_svc,
                        utility_svc=utility_svc,
                        operation_svc=operation_svc,
                        file_svc=file_svc,
Exemplo n.º 15
0
                        required=False,
                        default='local',
                        help='Select an env. file to use')
    args = parser.parse_args()
    with open('conf/%s.yml' % args.environment) as c:
        cfg = yaml.load(c)
        logging.getLogger('aiohttp.access').setLevel(logging.FATAL)
        logging.getLogger('aiohttp_session').setLevel(logging.FATAL)
        logging.getLogger('aiohttp.server').setLevel(logging.FATAL)
        logging.getLogger('asyncio').setLevel(logging.FATAL)
        logging.getLogger().setLevel(logging.DEBUG)
        sys.path.append('')

        plugin_modules = build_plugins(cfg['plugins'])
        utility_svc = UtilityService()
        data_svc = DataService(CoreDao('core.db', memory=cfg['memory']),
                               utility_svc)
        logging.debug('Using an in-memory database: %s' % cfg['memory'])
        planning_svc = PlanningService(data_svc, utility_svc)
        parsing_svc = ParsingService(data_svc)
        operation_svc = OperationService(data_svc=data_svc,
                                         utility_svc=utility_svc,
                                         planning_svc=planning_svc,
                                         parsing_svc=parsing_svc)
        auth_svc = AuthService(utility_svc=utility_svc)
        logging.debug('Uploaded files will be put in %s' % cfg['exfil_dir'])
        file_svc = FileSvc(
            ['plugins/%s/payloads' % p.name.lower() for p in plugin_modules],
            cfg['exfil_dir'])
        services = dict(data_svc=data_svc,
                        auth_svc=auth_svc,
                        utility_svc=utility_svc,
Exemplo n.º 16
0
    parser = argparse.ArgumentParser('Welcome to the system')
    parser.add_argument('-E',
                        '--environment',
                        required=False,
                        default='local',
                        help='Select an env. file to use')
    parser.add_argument('--fresh',
                        action='store_true',
                        required=False,
                        default=False,
                        help='remove object_store on start')
    args = parser.parse_args()
    config = args.environment if pathlib.Path(
        'conf/%s.yml' % args.environment).exists() else 'default'
    with open('conf/%s.yml' % config) as c:
        BaseWorld.apply_config(yaml.load(c, Loader=yaml.FullLoader))
        data_svc = DataService()
        contact_svc = ContactService(
            BaseWorld.strip_yml('conf/agents.yml')[0]['agent_config'])
        planning_svc = PlanningService()
        rest_svc = RestService()
        auth_svc = AuthService()
        file_svc = FileSvc(
            BaseWorld.strip_yml('conf/payloads.yml')[0]['payload_config'])
        learning_svc = LearningService()
        app_svc = AppService(application=web.Application())

        if args.fresh:
            asyncio.get_event_loop().run_until_complete(data_svc.destroy())
        run_tasks(services=app_svc.get_services())
Exemplo n.º 17
0
if __name__ == '__main__':
    parser = argparse.ArgumentParser('Welcome to the system')
    parser.add_argument('-E', '--environment', required=False, default='local', help='Select an env. file to use')
    args = parser.parse_args()
    with open('conf/%s.yml' % args.environment) as c:
        cfg = yaml.load(c)
        state = logging.FATAL
        if cfg['debug']:
            state = logging.ERROR
        logging.getLogger('aiohttp.access').setLevel(state)
        logging.getLogger('aiohttp_session').setLevel(state)
        logging.getLogger('aiohttp.server').setLevel(state)
        logging.getLogger('asyncio').setLevel(state)
        logging.getLogger().setLevel(logging.DEBUG)
        sys.path.append('')

        plugin_modules = build_plugins(cfg['plugins'])
        plugin_svc = PluginService(plugin_modules)
        data_svc = DataService(CoreDao('core.db', memory=cfg['memory']))
        logging.debug('Using an in-memory database: %s' % cfg['memory'])
        planning_svc = PlanningService()
        parsing_svc = ParsingService()
        operation_svc = OperationService()
        auth_svc = AuthService()
        logging.debug('Uploaded files will be put in %s' % cfg['exfil_dir'])
        file_svc = FileSvc([p.name.lower() for p in plugin_modules], cfg['exfil_dir'])
        agent_svc = AgentService(untrusted_timer=cfg['untrusted_timer'])
        logging.debug('Agents will be considered untrusted after %s seconds of silence' % cfg['untrusted_timer'])
        logging.debug('Serving at http://%s:%s' % (cfg['host'], cfg['port']))
        main(services=data_svc.get_services(), host=cfg['host'], port=cfg['port'], users=cfg['users'])