RubyGems - threat_agent - Versions diffs - 1.0.0.beta.1 → 1.0.0.beta.2 - Mend

threat_agent 1.0.0.beta.1 → 1.0.0.beta.2

Files changed (13) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/bin/threatagent +21 -16
data/lib/threat_agent.rb +2 -0
data/lib/threat_agent/api_client.rb +14 -3
data/lib/threat_agent/config.rb +33 -0
data/lib/threat_agent/exceptions.rb +10 -0
data/lib/threat_agent/exceptions/invalid_yaml.rb +6 -0
data/lib/threat_agent/exceptions/no_configuration_found.rb +6 -0
data/lib/threat_agent/tasks/pwnxy.rb +29 -6
data/lib/threat_agent/version.rb +1 -1
data/threat_agent.gemspec +5 -1
metadata +80 -39

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a685a1dc402be9ba1ea49872c431e42373fe3918
+  data.tar.gz: ba030b2aef8d8e48766285b728b8b40e755700bc
+SHA512:
+  metadata.gz: 55e0b60b26d6468188c4905b5286f981fa0975d85f0ad89b32b8c7c926f01f17e449cc0c303fb2b371c99c49a22466d0b9caf1c9c4d550c205b144b62638a27e
+  data.tar.gz: 4d585124a9412991cd0a02a5b732bd5e92f9db69bb8cdfeddf89c317a6f4dac9c544f335b329629b7a7b0f75dada4fc1b9519596fcf6a4006cf983054be164ee

data/.gitignore CHANGED Viewed

@@ -15,3 +15,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+cryptic*.pem

data/bin/threatagent CHANGED Viewed

@@ -2,35 +2,40 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
+require 'cryptic'
 require 'threat_agent'
 require 'threat_agent/tasks'
 require 'thor'
 class ThreatAgentCLI < Thor
-  desc 'breachbot [SUBCOMMAND]', 'Monitor website changes'
-  subcommand :breachbot, ThreatAgent::Tasks::Breachbot
+  # desc 'breachbot [SUBCOMMAND]', 'Monitor website changes'
+  # subcommand :breachbot, ThreatAgent::Tasks::Breachbot
-  desc 'drone [SUBCOMMAND]', 'Launch or review Drone security assessments'
-  subcommand :drone, ThreatAgent::Tasks::Drone
+  # desc 'drone [SUBCOMMAND]', 'Launch or review Drone security assessments'
+  # subcommand :drone, ThreatAgent::Tasks::Drone
-  desc 'exfiltrate [SUBCOMMAND]', 'Determine if security devices detect sensitive data'
-  subcommand :exfiltrate, ThreatAgent::Tasks::Exfiltrate
+  # desc 'exfiltrate [SUBCOMMAND]', 'Check if devices can detect sensitive data'
+  # subcommand :exfiltrate, ThreatAgent::Tasks::Exfiltrate
-  desc 'passision [SUBCOMMAND]', 'Create a locale/organization aware wordlists'
-  subcommand :passision, ThreatAgent::Tasks::Passision
+  desc 'keygen [OPTIONS]', 'Generate an RSA keypair'
+  method_option :passphrase, aliases: %w[-P], default: nil, desc: 'The passphrase to give your private key'
+  method_option :path, aliases: %w[-o], default: '.', desc: 'The path to save generated keys to'
+  def keygen
+    keypair = Cryptic::Keypair.generate(options[:passphrase])
+    keypair.save(options[:path])
+  end
-  desc 'phishable [SUBCOMMAND]', 'Launch phishing campaigns'
-  subcommand :phishable, ThreatAgent::Tasks::Phishable
+  # desc 'passision [SUBCOMMAND]', 'Create a locale/organization aware wordlists'
+  # subcommand :passision, ThreatAgent::Tasks::Passision
+  # desc 'phishable [SUBCOMMAND]', 'Launch phishing campaigns'
+  # subcommand :phishable, ThreatAgent::Tasks::Phishable
   desc 'pwnxy [SUBCOMMAND]', 'Create a Pwnxy instance'
   subcommand :pwnxy, ThreatAgent::Tasks::Pwnxy
 end
-# TODO: Is there a better way to globally define an API client?
-# TODO: Support a threat_agent.yml configuration file
-$threat_agent_client = ThreatAgent::APIClient.new(
-                         ENV['THREAT_AGENT_KEY'],
-                         ENV['THREAT_AGENT_SUP']
-                       )
+config = ThreatAgent::Config
+$threat_agent_client = ThreatAgent::APIClient.new(config[:key], config[:sup])
 ThreatAgentCLI.start(ARGV)

data/lib/threat_agent.rb CHANGED Viewed

@@ -1,4 +1,6 @@
 require 'threat_agent/api_client'
+require 'threat_agent/config'
+require 'threat_agent/exceptions'
 require 'threat_agent/version'
 # The primary namespace for the ThreatAgent gem

data/lib/threat_agent/api_client.rb CHANGED Viewed

@@ -1,8 +1,9 @@
 require 'json'
 require 'net/http'
+require 'threat_agent'
 module ThreatAgent
-  # The API Client object handles most of the interactions with the ThreatAgent
+  # The APClient object handles most of the interactions with the ThreatAgent
   # API
   #
   # @author Erran Carey <me@errancarey.com>
@@ -42,12 +43,22 @@ module ThreatAgent
     # @param [Hash] params parameters to send along with the action to
     #   api.threatagent.com
     def request(action, params = {})
-      params.merge!({ key: @key, sup: @sup })
       action = action.to_s.gsub(/-|_/, '/')
+      params.merge!({ key: @key, sup: @sup })
       encoded_params = URI.encode_www_form(params.keys.zip(params.values))
-      uri = URI("https://threatagent.com/api/v1/#{action}?#{encoded_params}")
+      config = ThreatAgent::Config
+      if File.exists?("#{ENV['HOME']}/.threatagent")
+        ThreatAgent::Config.from_file("#{ENV['HOME']}/.threatagent")
+      end
+      api_endpoint = "#{config[:endpoint]}/api/#{config[:api_version]}/"
+      uri = URI("#{api_endpoint}#{action}?#{encoded_params}")
       resp = Net::HTTP.get_response(uri)
       json = resp.body
+      JSON.parse(json)
     end
   end
 end

data/lib/threat_agent/config.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require 'json'
+require 'mixlib/config'
+require 'threat_agent/exceptions'
+require 'yaml'
+module ThreatAgent
+  # A class that load's the user's configuration
+  #
+  # @author Erran Carey <me@errancarey.com>
+  class Config
+    extend Mixlib::Config
+    include ThreatAgent::Exceptions
+    # Sets the default configuration options
+    configure do |config|
+      config[:endpoint] = ENV['THREAT_AGENT_ENDPOINT'] || 'https://www.threatagent.com'
+      config[:key] = ENV['THREAT_AGENT_KEY']
+      config[:sup] = ENV['THREAT_AGENT_SUP']
+      config[:api_version] = 'v1'
+    end
+    # TODO: Add from_json/from_yaml methods to Mixlib::Config or add them here
+=begin
+    def self.from_json(file)
+      hash = File.exists? ? JSON.parse(file) : {}
+    end
+    def self.from_yaml(file)
+      hash = File.exists? ? YAML.parse(file).to_ruby : {}
+    end
+=end
+  end
+end

data/lib/threat_agent/exceptions.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require 'threat_agent/exceptions/invalid_yaml'
+require 'threat_agent/exceptions/no_configuration_found'
+module ThreatAgent
+  # A namespace for ThreatAgent Exceptions
+  #
+  # @author Erran Carey <me@errancarey.com>
+  module Exceptions
+  end
+end

data/lib/threat_agent/exceptions/invalid_yaml.rb ADDED Viewed

@@ -0,0 +1,6 @@
+module ThreatAgent
+  module Exceptions
+    # An exception to display when the YAML specified was invalid
+    InvalidYAML = Class.new(ArgumentError)
+  end
+end

data/lib/threat_agent/exceptions/no_configuration_found.rb ADDED Viewed

@@ -0,0 +1,6 @@
+module ThreatAgent
+  module Exceptions
+    # An exception to display when the YAML specified wasn't found
+    NoConfigurationFound = Class.new(ArgumentError)
+  end
+end

data/lib/threat_agent/tasks/pwnxy.rb CHANGED Viewed

@@ -1,3 +1,7 @@
+require 'base64'
+require 'cryptic'
+require 'colorize'
+require 'json'
 require 'thor'
 require 'threat_agent'
@@ -15,14 +19,33 @@ module ThreatAgent
       end
       desc 'pwnxy logs [INSTANCE] [OPTIONS]', 'Show logs for a Pwnxy instance'
-      # TODO: Add logs(identifier = :last), add support in the TA API
-      #       Support last/first in the TA API. Currently 0 returns first. Use
-      #       -1 for last?
-      # TODO: Add support for dropping all logs?
       def logs(identifier = 0)
-        log = $threat_agent_client.request(:pwnxy_logs, { p: identifier })
+        logs = $threat_agent_client.request(:pwnxy_logs, { p: identifier })
         # TODO: Add a UI class/method.
-        $stdout.puts log
+        # TODO: Return the logs to the user
+        if logs.is_a?(Hash) && logs['error']
+          $stderr.puts "Threat Agent API Error: #{logs['error']}".red
+          exit 255 # This is an API error. Exit with an unspecific code.
+        end
+        $stdout.puts decrypt(logs)
+      end
+      no_commands do
+        def decrypt(logs)
+          keypair = Cryptic::Keypair.new(ThreatAgent::Config[:private_key])
+          private_key = keypair.private_key
+          logs.map do |log|
+            cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+            cipher.decrypt
+            cipher.key = private_key.private_decrypt(Base64.decode64(log['encrypted_key']))
+            cipher.iv =  private_key.private_decrypt(Base64.decode64(log['encrypted_iv']))
+            decrypted_data = cipher.update(Base64.decode64(log['encrypted_data']))
+            decrypted_data << cipher.final
+          end.to_json
+        end
       end
     end
   end

data/lib/threat_agent/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module ThreatAgent
   # The version of the ThreatAgent gem
-  VERSION = '1.0.0.beta.1'
+  VERSION = '1.0.0.beta.2'
 end

data/threat_agent.gemspec CHANGED Viewed

@@ -7,7 +7,7 @@ Gem::Specification.new do |spec|
   spec.name          = 'threat_agent'
   spec.version       = ThreatAgent::VERSION
   spec.authors       = ['Erran Carey']
-  spec.email         = ['me@errancarey.com']
+  spec.email         = ['e@threatagent.com']
   spec.description   = %q{A gem to interface with the Threat Agent API}
   spec.summary       = %q{Interact with apps from the Threat Agent website}
   spec.homepage      = 'http://developer.threatagent.com'
@@ -19,11 +19,15 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
   spec.add_dependency 'colorize'
+  spec.add_dependency 'cryptic'
+  spec.add_dependency 'json'
+  spec.add_dependency 'mixlib-config'
   spec.add_dependency 'redcarpet'
   spec.add_dependency 'thor'
   spec.add_dependency 'yard'
   spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'pry'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
 end

metadata CHANGED Viewed

@@ -1,84 +1,116 @@
 --- !ruby/object:Gem::Specification
 name: threat_agent
 version: !ruby/object:Gem::Version
-  version: 1.0.0.beta.1
-  prerelease: 6
+  version: 1.0.0.beta.2
 platform: ruby
 authors:
 - Erran Carey
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-07-07 00:00:00.000000000 Z
+date: 2013-07-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cryptic
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mixlib-config
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -86,46 +118,55 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: A gem to interface with the Threat Agent API
 email:
-- me@errancarey.com
+- e@threatagent.com
 executables:
 - threatagent
 extensions: []
@@ -140,6 +181,10 @@ files:
 - bin/threatagent
 - lib/threat_agent.rb
 - lib/threat_agent/api_client.rb
+- lib/threat_agent/config.rb
+- lib/threat_agent/exceptions.rb
+- lib/threat_agent/exceptions/invalid_yaml.rb
+- lib/threat_agent/exceptions/no_configuration_found.rb
 - lib/threat_agent/tasks.rb
 - lib/threat_agent/tasks/breachbot.rb
 - lib/threat_agent/tasks/drone.rb
@@ -153,30 +198,26 @@ files:
 homepage: http://developer.threatagent.com
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -3825142359742865107
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>'
+  - - '>'
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.25
+rubygems_version: 2.0.3
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Interact with apps from the Threat Agent website
 test_files:
 - spec/default_spec.rb