def setup_rest_svc_test(loop, data_svc):
BaseWorld.apply_config(name='default',
config={
'app.contact.http': '0.0.0.0',
'plugins': ['sandcat', 'stockpile'],
'crypt_salt': 'BLAH',
'api_key': 'ADMIN123',
'encryption_key': 'ADMIN123',
'exfil_dir': '/tmp'
})
loop.run_until_complete(
data_svc.store(
Ability(ability_id='123',
test=BaseWorld.encode_string('curl #{app.contact.http}'),
variations=[])))
loop.run_until_complete(
data_svc.store(
Adversary(adversary_id='123',
name='test',
description='test',
phases=[])))
loop.run_until_complete(
data_svc.store(Agent(paw='123', sleep_min=2, sleep_max=8, watchdog=0)))
loop.run_until_complete(
data_svc.store(
Planner(planner_id='123',
name='test',
module='test',
params=dict())))
loop.run_until_complete(
data_svc.store(Source(identifier='123', name='test', facts=[])))
def setup_planning_test(loop, ability, agent, operation, data_svc,
init_base_world):
tability = ability(ability_id='123',
executor='sh',
platform='darwin',
test=BaseWorld.encode_string('mkdir test'),
cleanup=BaseWorld.encode_string('rm -rf test'),
variations=[])
tagent = agent(sleep_min=1,
sleep_max=2,
watchdog=0,
executors=['sh'],
platform='darwin')
tsource = Source(id='123', name='test', facts=[], adjustments=[])
toperation = operation(name='test1',
agents=tagent,
adversary='hunter',
source=tsource)
loop.run_until_complete(data_svc.store(tability))
loop.run_until_complete(
data_svc.store(
Obfuscator(
name='plain-text',
description=
'Does no obfuscation to any command, instead running it in plain text',
module='plugins.stockpile.app.obfuscators.plain_text')))
yield (tability, tagent, toperation)
async def create_source(self, report):
def add_fact(fact_list, trait, value):
fact_list.append(Fact(trait, value, collected_by='pathfinder'))
return fact_list[-1:][0]
if not report:
return None
facts = []
relationships = []
for host in report.hosts.values():
ip_fact = add_fact(facts, 'scan.host.ip', host.ip)
if host.hostname:
relationships.append(
Relationship(
ip_fact,
'has_hostname',
add_fact(facts, 'scan.host.hostname', host.hostname),
)
)
for num, port in host.ports.items():
port_fact = add_fact(facts, 'scan.host.port', num)
for cve_ in port.cves:
cve_fact = add_fact(facts, 'scan.found.cve', cve_)
relationships.append(
Relationship(ip_fact, 'has_vulnerability', cve_fact)
)
relationships.append(
Relationship(port_fact, 'has_vulnerability', cve_fact)
)
source = Source(report.id, report.name, facts, relationships)
source.access = BaseWorld.Access.RED
await self.data_svc.store(source)
return source
def setup_planning_test(loop, executor, ability, agent, operation, data_svc, event_svc, init_base_world):
texecutor = executor(name='sh', platform='darwin', command='mkdir test', cleanup='rm -rf test')
tability = ability(ability_id='123', executors=[texecutor], repeatable=True, buckets=['test'], name='test1')
tagent = agent(sleep_min=1, sleep_max=2, watchdog=0, executors=['sh'], platform='darwin',
server='http://127.0.0.1:8000')
tsource = Source(id='123', name='test', facts=[], adjustments=[])
toperation = operation(name='test1', agents=[tagent],
adversary=Adversary(name='test', description='test',
atomic_ordering=[],
adversary_id='XYZ'),
source=tsource)
cexecutor = executor(name='sh', platform='darwin', command=test_string, cleanup='whoami')
cability = ability(ability_id='321', executors=[cexecutor], singleton=True, name='test2')
loop.run_until_complete(data_svc.store(tability))
loop.run_until_complete(data_svc.store(cability))
loop.run_until_complete(data_svc.store(
Obfuscator(name='plain-text',
description='Does no obfuscation to any command, instead running it in plain text',
module='plugins.stockpile.app.obfuscators.plain_text')
))
yield tability, tagent, toperation, cability
def test_save_discover_seeded_fact_not_in_command(self, event_loop,
ability, executor,
operation,
knowledge_svc):
test_executor = executor(name='psh', platform='windows')
test_ability = ability(ability_id='123', executors=[test_executor])
fact1 = Fact(trait='remote.host.fqdn', value='dc')
fact2 = Fact(trait='domain.user.name', value='Bob')
relationship = Relationship(source=fact1,
edge='has_user',
target=fact2)
link = Link(command='net user',
paw='123456',
ability=test_ability,
id='111111',
executor=test_executor)
operation = operation(name='test-op',
agents=[],
adversary=Adversary(name='sample',
adversary_id='XYZ',
atomic_ordering=[],
description='test'),
source=Source(id='test-source',
facts=[fact1, fact2]))
event_loop.run_until_complete(operation._init_source())
event_loop.run_until_complete(
link.save_fact(operation, fact2, 1, relationship))
assert fact2.origin_type == OriginType.SEEDED
assert '123456' in fact2.collected_by
async def _load_sources(self, directory):
for filename in glob.iglob('%s/*.yml' % directory, recursive=False):
for src in self.strip_yml(filename):
source = Source(
name=src['name'],
facts=[Fact(trait=f['trait'], value=str(f['value'])) for f in src.get('facts')]
)
await self.store(source)
def test_source(event_loop):
test_fact = Fact(trait='remote.host.fqdn', value='dc')
test_source = Source(id='123',
name='test',
facts=[test_fact],
adjustments=[])
event_loop.run_until_complete(
BaseService.get_service('data_svc').store(test_source))
return test_source
def setup_rest_svc_test(loop, data_svc):
BaseWorld.apply_config(name='main',
config={
'app.contact.http': '0.0.0.0',
'plugins': ['sandcat', 'stockpile'],
'crypt_salt': 'BLAH',
'api_key': 'ADMIN123',
'encryption_key': 'ADMIN123',
'exfil_dir': '/tmp'
})
loop.run_until_complete(
data_svc.store(
Ability(ability_id='123',
test=BaseWorld.encode_string('curl #{app.contact.http}'),
variations=[],
executor='psh',
platform='windows')))
adversary = Adversary(adversary_id='123',
name='test',
description='test',
atomic_ordering=[])
loop.run_until_complete(data_svc.store(adversary))
agent = Agent(paw='123',
sleep_min=2,
sleep_max=8,
watchdog=0,
executors=['pwsh', 'psh'],
platform='windows')
loop.run_until_complete(data_svc.store(agent))
loop.run_until_complete(
data_svc.store(
Planner(planner_id='123',
name='test',
module='test',
params=dict())))
source = Source(id='123', name='test', facts=[], adjustments=[])
loop.run_until_complete(data_svc.store(source))
loop.run_until_complete(
data_svc.store(
Operation(name='test',
agents=[agent],
adversary=adversary,
id='123',
source=source)))
loop.run_until_complete(
data_svc.store(
Obfuscator(
name='plain-text',
description=
'Does no obfuscation to any command, instead running it in plain text',
module='plugins.stockpile.app.obfuscators.plain_text')))
async def _load_sources(self, plugin):
for filename in glob.iglob('%s/sources/*.yml' % plugin.data_dir, recursive=False):
for src in self.strip_yml(filename):
source = Source(
identifier=src['id'],
name=src['name'],
facts=[Fact(trait=f['trait'], value=str(f['value'])) for f in src.get('facts')],
adjustments=await self._create_adjustments(src.get('adjustments')),
rules=[Rule(**r) for r in src.get('rules', [])]
)
source.access = plugin.access
await self.store(source)
def test_source_existing_relationships(event_loop):
test_fact_1 = Fact(trait='test_1', value='1')
test_fact_2 = Fact(trait='test_2', value='2')
test_relationship = Relationship(source=test_fact_1,
edge='test_edge',
target=test_fact_2)
test_source = Source(id='123',
name='test',
facts=[test_fact_1, test_fact_2],
adjustments=[],
relationships=[test_relationship])
event_loop.run_until_complete(
BaseService.get_service('data_svc').store(test_source))
return test_source
def setup_rest_svc_test(loop, data_svc):
BaseWorld.apply_config(name='main', config={'app.contact.http': '0.0.0.0',
'plugins': ['sandcat', 'stockpile'],
'crypt_salt': 'BLAH',
'api_key': 'ADMIN123',
'encryption_key': 'ADMIN123',
'exfil_dir': '/tmp'})
loop.run_until_complete(data_svc.store(
Ability(ability_id='123', name='testA', executors=[
Executor(name='psh', platform='windows', command='curl #{app.contact.http}')
])
))
loop.run_until_complete(data_svc.store(
Ability(ability_id='456', name='testB', executors=[
Executor(name='sh', platform='linux', command='whoami')
])
))
loop.run_until_complete(data_svc.store(
Ability(ability_id='789', name='testC', executors=[
Executor(name='sh', platform='linux', command='hostname')
])
))
adversary = Adversary(adversary_id='123', name='test', description='test', atomic_ordering=[])
loop.run_until_complete(data_svc.store(adversary))
agent = Agent(paw='123', sleep_min=2, sleep_max=8, watchdog=0, executors=['pwsh', 'psh'], platform='windows')
loop.run_until_complete(data_svc.store(agent))
loop.run_until_complete(data_svc.store(
Objective(id='495a9828-cab1-44dd-a0ca-66e58177d8cc', name='default', goals=[Goal()])
))
loop.run_until_complete(data_svc.store(
Planner(planner_id='123', name='test', module='test', params=dict())
))
source = Source(id='123', name='test', facts=[], adjustments=[])
loop.run_until_complete(data_svc.store(source))
loop.run_until_complete(data_svc.store(
Operation(name='test', agents=[agent], adversary=adversary, id='123', source=source)
))
loop.run_until_complete(data_svc.store(
Obfuscator(name='plain-text',
description='Does no obfuscation to any command, instead running it in plain text',
module='plugins.stockpile.app.obfuscators.plain_text')
))
def test_source(loop, mocker, mock_time):
with mocker.patch(
'app.objects.secondclass.c_fact.datetime') as mock_datetime:
mock_datetime.return_value = mock_datetime
mock_datetime.now.return_value = mock_time
fact = Fact(trait='test_fact', value=1)
rule = Rule(RuleAction.ALLOW, trait='test_rule')
relationship = Relationship(source=fact,
edge="alpha",
origin="test_operation")
source = Source(id='123',
name='Test Source',
facts=[fact],
rules=[rule],
adjustments=[],
relationships=[relationship])
loop.run_until_complete(
BaseService.get_service('data_svc').store(source))
return source
def test_create_relationship_source_fact(self, event_loop, ability,
executor, operation,
knowledge_svc):
test_executor = executor(name='psh', platform='windows')
test_ability = ability(ability_id='123', executors=[test_executor])
fact1 = Fact(trait='remote.host.fqdn', value='dc')
fact2 = Fact(trait='domain.user.name', value='Bob')
relationship = Relationship(source=fact1,
edge='has_admin',
target=fact2)
link1 = Link(command='echo "Bob"',
paw='123456',
ability=test_ability,
id='111111',
executor=test_executor)
operation = operation(name='test-op',
agents=[],
adversary=Adversary(name='sample',
adversary_id='XYZ',
atomic_ordering=[],
description='test'),
source=Source(id='test-source', facts=[fact1]))
event_loop.run_until_complete(operation._init_source())
event_loop.run_until_complete(
link1.create_relationships([relationship], operation))
link2 = Link(command='echo "Bob"',
paw='789100',
ability=test_ability,
id='222222',
executor=test_executor)
event_loop.run_until_complete(
link2.create_relationships([relationship], operation))
fact_store_operation_source = event_loop.run_until_complete(
knowledge_svc.get_facts(dict(source=operation.source.id)))
fact_store_operation = event_loop.run_until_complete(
knowledge_svc.get_facts(dict(source=operation.id)))
assert len(fact_store_operation_source) == 1
assert len(fact_store_operation) == 1
assert len(fact_store_operation_source[0].collected_by) == 2
def op_with_learning_and_seeded(ability, adversary, operation_agent,
parse_datestring):
sc = Source(id='3124',
name='test',
facts=[Fact(trait='domain.user.name', value='bob')])
op = Operation(id='6789',
name='testC',
agents=[],
adversary=adversary,
source=sc,
use_learning_parsers=True)
# patch operation to make it 'realistic'
op.start = parse_datestring(OP_START_TIME)
op.adversary = op.adversary()
op.planner = Planner(planner_id='12345',
name='test_planner',
module='not.an.actual.planner',
params=None)
op.objective = Objective(id='6428', name='not_an_objective')
t_operation_agent = operation_agent
t_operation_agent.paw = '123456'
op.agents = [t_operation_agent]
return op
async def create_fact_source():
source_id = str(uuid.uuid4())
source_name = 'blue-pid-{}'.format(source_id)
return Source(id=source_id, name=source_name, facts=[])
async def _create_analytic_source():
source_id = str(uuid.uuid4())
source_name = 'analytic-{}'.format(source_id)
facts = [Fact(trait='test', value='test')]
return Source(id=source_id, name=source_name, facts=facts)