praetorian-cli 2.3.4__tar.gz → 2.4.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {praetorian_cli-2.3.4/praetorian_cli.egg-info → praetorian_cli-2.4.0}/PKG-INFO +191 -14
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/README.md +190 -13
- praetorian_cli-2.4.0/praetorian_cli/handlers/agent.py +319 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/cli_decorators.py +1 -1
- praetorian_cli-2.4.0/praetorian_cli/handlers/critfinder.py +155 -0
- praetorian_cli-2.4.0/praetorian_cli/handlers/engagement.py +66 -0
- praetorian_cli-2.4.0/praetorian_cli/handlers/export.py +102 -0
- praetorian_cli-2.4.0/praetorian_cli/handlers/find.py +51 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/get.py +7 -2
- praetorian_cli-2.4.0/praetorian_cli/handlers/report.py +88 -0
- praetorian_cli-2.4.0/praetorian_cli/handlers/run.py +379 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/main.py +6 -0
- praetorian_cli-2.4.0/praetorian_cli/runners/__init__.py +1 -0
- praetorian_cli-2.4.0/praetorian_cli/runners/local.py +296 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/chariot.py +2 -0
- praetorian_cli-2.4.0/praetorian_cli/sdk/entities/agents.py +220 -0
- praetorian_cli-2.4.0/praetorian_cli/sdk/entities/reports.py +194 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/risks.py +113 -6
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/search.py +41 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/webhook.py +1 -1
- praetorian_cli-2.4.0/praetorian_cli/sdk/test/test_report.py +242 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_risk.py +2 -2
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_z_cli.py +33 -12
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/job_helpers.py +4 -1
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/theme.py +1 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/__init__.py +1 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/commands/__init__.py +6 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/commands/accounts.py +260 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/commands/context.py +327 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/commands/marcus.py +408 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/commands/reporting.py +69 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/commands/search.py +130 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/commands/tools.py +420 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/console.py +414 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/context.py +45 -0
- praetorian_cli-2.4.0/praetorian_cli/ui/console/renderer.py +261 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0/praetorian_cli.egg-info}/PKG-INFO +191 -14
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli.egg-info/SOURCES.txt +21 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/setup.cfg +1 -1
- praetorian_cli-2.3.4/praetorian_cli/handlers/agent.py +0 -100
- praetorian_cli-2.3.4/praetorian_cli/sdk/entities/agents.py +0 -45
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/LICENSE +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/MANIFEST.in +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/add.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/aegis.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/chariot.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/configure.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/delete.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/enrich.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/imports.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/link.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/list.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/script.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/search.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/ssh_utils.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/test.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/unlink.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/update.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/handlers/utils.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/scripts/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/scripts/commands/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/scripts/commands/nmap-example.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/scripts/utils.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/accounts.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/ad.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/aegis.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/assets.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/attributes.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/capabilities.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/configurations.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/credentials.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/definitions.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/files.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/integrations.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/jobs.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/keys.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/preseeds.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/scanners.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/schedules.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/schema.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/seeds.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/settings.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/statistics.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/entities/webpage.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/guard.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/keychain.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/mcp_server.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/model/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/model/aegis.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/model/globals.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/model/query.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/model/utils.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/pytest.ini +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_account.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_agent.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_asset.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_attribute.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_capabilities.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_configuration.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_conversation.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_definition.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_extend.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_file.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_job.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_key.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_mcp.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_preseed.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_search.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_seed.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_setting.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_webhook.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/test_webpage.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/ui_mocks.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/sdk/test/utils.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/cp.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/help.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/info.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/job.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/list.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/proxy.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/schedule.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/schedule_helpers.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/set.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/commands/ssh.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/constants.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/menu.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/aegis/utils.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/conversation/__init__.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli/ui/conversation/textual_chat.py +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli.egg-info/dependency_links.txt +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli.egg-info/entry_points.txt +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli.egg-info/requires.txt +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/praetorian_cli.egg-info/top_level.txt +0 -0
- {praetorian_cli-2.3.4 → praetorian_cli-2.4.0}/pyproject.toml +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: praetorian-cli
|
|
3
|
-
Version: 2.
|
|
3
|
+
Version: 2.4.0
|
|
4
4
|
Summary: For interacting with the Guard API
|
|
5
5
|
Home-page: https://github.com/praetorian-inc/praetorian-cli
|
|
6
6
|
Author: Praetorian
|
|
@@ -38,16 +38,23 @@ Dynamic: license-file
|
|
|
38
38
|
# Table of Contents
|
|
39
39
|
|
|
40
40
|
- [Description](#description)
|
|
41
|
-
- [Getting
|
|
41
|
+
- [Getting Started](#getting-started)
|
|
42
42
|
- [Prerequisites](#prerequisites)
|
|
43
43
|
- [Installation](#installation)
|
|
44
|
-
- [Signing up](#signing-up
|
|
44
|
+
- [Signing up](#signing-up)
|
|
45
|
+
- [Authentication](#authentication)
|
|
45
46
|
- [Using the CLI](#using-the-cli)
|
|
46
|
-
- [
|
|
47
|
+
- [Operators](#operators)
|
|
48
|
+
- [Interactive Console](#interactive-console)
|
|
49
|
+
- [Install local security tools (optional)](#install-local-security-tools-optional)
|
|
50
|
+
- [Marcus Aurelius AI](#marcus-aurelius-ai)
|
|
51
|
+
- [Security Tools](#security-tools)
|
|
47
52
|
- [Developers](#developers)
|
|
48
|
-
- [
|
|
49
|
-
- [
|
|
50
|
-
- [
|
|
53
|
+
- [SDK](#sdk)
|
|
54
|
+
- [Developing external scripts](#developing-external-scripts)
|
|
55
|
+
- [Contributing](#contributing)
|
|
56
|
+
- [Support](#support)
|
|
57
|
+
- [License](#license)
|
|
51
58
|
- [Backwards Compatibility](#backwards-compatibility)
|
|
52
59
|
|
|
53
60
|
# Description
|
|
@@ -67,12 +74,32 @@ offensive security platform.
|
|
|
67
74
|
|
|
68
75
|
## Installation
|
|
69
76
|
|
|
70
|
-
Install the Python package
|
|
77
|
+
Install the Python package:
|
|
71
78
|
|
|
72
79
|
```zsh
|
|
73
80
|
pip install praetorian-cli
|
|
74
81
|
```
|
|
75
82
|
|
|
83
|
+
### Install from source (for console branch features)
|
|
84
|
+
|
|
85
|
+
```zsh
|
|
86
|
+
git clone https://github.com/praetorian-inc/praetorian-cli.git
|
|
87
|
+
cd praetorian-cli
|
|
88
|
+
pip install -e .
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
### Configure authentication
|
|
92
|
+
|
|
93
|
+
```zsh
|
|
94
|
+
guard configure
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
Or set environment variables:
|
|
98
|
+
```zsh
|
|
99
|
+
export PRAETORIAN_CLI_API_KEY_ID=your-api-key-id
|
|
100
|
+
export PRAETORIAN_CLI_API_KEY_SECRET=your-api-key-secret
|
|
101
|
+
```
|
|
102
|
+
|
|
76
103
|
## Signing up
|
|
77
104
|
|
|
78
105
|
Register for an account for [Guard](https://guard.praetorian.com) using the instructions
|
|
@@ -80,13 +107,13 @@ in [our documentation](https://docs.praetorian.com/hc/en-us/articles/38048335323
|
|
|
80
107
|
|
|
81
108
|
## Authentication
|
|
82
109
|
|
|
83
|
-
Once you can properly access Guard through the UI, you can obtain API credentials by clicking the
|
|
84
|
-
Praetorian icon in the top right corner -> User Profile -> API Keys. Be sure to carefully copy the
|
|
85
|
-
API credentials you created as you will need to provide them to the CLI for interacting with Guard.
|
|
110
|
+
Once you can properly access Guard through the UI, you can obtain API credentials by clicking the
|
|
111
|
+
Praetorian icon in the top right corner -> User Profile -> API Keys. Be sure to carefully copy the
|
|
112
|
+
API credentials you created as you will need to provide them to the CLI for interacting with Guard.
|
|
86
113
|
|
|
87
114
|
**Note**: SSO Organizations should provision access through API Keys as well.
|
|
88
115
|
|
|
89
|
-
### Using API Keys
|
|
116
|
+
### Using API Keys
|
|
90
117
|
|
|
91
118
|
This is the authentication method for CLI. You can authenticate using either a keychain file or environment variables.
|
|
92
119
|
|
|
@@ -94,11 +121,11 @@ This is the authentication method for CLI. You can authenticate using either a k
|
|
|
94
121
|
|
|
95
122
|
This method stores your API key in a keychain file.
|
|
96
123
|
|
|
97
|
-
1. Run `guard configure` and follow the prompts to set up authentication.
|
|
124
|
+
1. Run `guard configure` and follow the prompts to set up authentication.
|
|
98
125
|
Use the default values for `profile name`, `URL of backend API`, and `client ID`.
|
|
99
126
|
2. It creates `~/.praetorian/keychain.ini`, which should read like this:
|
|
100
127
|
|
|
101
|
-
```
|
|
128
|
+
```text
|
|
102
129
|
[United States]
|
|
103
130
|
name = guard
|
|
104
131
|
client_id = 795dnnr45so7m17cppta0b295o
|
|
@@ -147,6 +174,156 @@ To get detailed information about a specific asset, run:
|
|
|
147
174
|
guard --account guard+example@praetorian.com get asset <ASSET_KEY>
|
|
148
175
|
```
|
|
149
176
|
|
|
177
|
+
# Operators
|
|
178
|
+
|
|
179
|
+
## Interactive Console
|
|
180
|
+
|
|
181
|
+
The Guard CLI includes a Metasploit-style interactive console for operator-focused engagement workflows.
|
|
182
|
+
|
|
183
|
+
```zsh
|
|
184
|
+
guard console
|
|
185
|
+
guard console --account client@example.com
|
|
186
|
+
```
|
|
187
|
+
|
|
188
|
+
The console provides:
|
|
189
|
+
|
|
190
|
+
- **Engagement management** — switch between accounts, view stats (seeds/assets/risks), create customers, manage vaults
|
|
191
|
+
- **Metasploit-style tool selection** — `use <tool>`, `show targets`, `set target`, `execute`
|
|
192
|
+
- **All 141 backend capabilities** — any capability can be selected via `use <name>` or `use <#>`
|
|
193
|
+
- **Marcus Aurelius AI** — inline queries (`ask`) and multi-turn conversation (`marcus`)
|
|
194
|
+
- **Fulltext search** — `find` for Neo4j graph search across all entity types
|
|
195
|
+
- **Evidence hydration** — `evidence <risk>` fetches all scattered evidence in one view
|
|
196
|
+
- **Report generation** — `report generate` / `report validate`
|
|
197
|
+
- **Local tool execution** — run installed Praetorian binaries locally, upload results to Guard
|
|
198
|
+
- **Live job tracking** — `status`, `jobs`, real-time tool output from Marcus
|
|
199
|
+
|
|
200
|
+
### Example session
|
|
201
|
+
|
|
202
|
+
```
|
|
203
|
+
guard > accounts # list engagements
|
|
204
|
+
guard > use 5 # switch to engagement #5
|
|
205
|
+
guard > assets # list assets (scoped to engagement)
|
|
206
|
+
guard > risks # list risks
|
|
207
|
+
guard > show 1 # drill into risk #1
|
|
208
|
+
|
|
209
|
+
guard > use brutus # select credential tester
|
|
210
|
+
guard (brutus) > show targets # show valid port targets
|
|
211
|
+
guard (brutus) > set target 3 # pick target #3
|
|
212
|
+
guard (brutus) > run # execute (local if installed, remote otherwise)
|
|
213
|
+
guard (brutus) > status # check job results
|
|
214
|
+
guard (brutus) > exit # back to main prompt
|
|
215
|
+
|
|
216
|
+
guard > ask "summarize critical risks" # one-shot Marcus query
|
|
217
|
+
guard > marcus # enter multi-turn conversation
|
|
218
|
+
marcus > @aurelius scan cloud infra # delegate to specialist agent
|
|
219
|
+
marcus > back
|
|
220
|
+
|
|
221
|
+
guard > marcus read "vault/sow.pdf" # have Marcus analyze a file
|
|
222
|
+
guard > marcus do "add example.com as seed" # direct instruction
|
|
223
|
+
guard > download proofs # download all proof files locally
|
|
224
|
+
guard > home # return to your own account
|
|
225
|
+
```
|
|
226
|
+
|
|
227
|
+
## Install local security tools (optional)
|
|
228
|
+
|
|
229
|
+
Requires the [GitHub CLI](https://cli.github.com/) (`gh`) to be installed and authenticated:
|
|
230
|
+
|
|
231
|
+
```zsh
|
|
232
|
+
guard run install brutus # install a specific tool
|
|
233
|
+
guard run install all # install all Praetorian tools
|
|
234
|
+
guard run installed # check what's installed
|
|
235
|
+
```
|
|
236
|
+
|
|
237
|
+
Binaries are downloaded from `praetorian-inc` GitHub releases to `~/.praetorian/bin/`.
|
|
238
|
+
|
|
239
|
+
## Marcus Aurelius AI
|
|
240
|
+
|
|
241
|
+
Marcus is Guard's AI operator, accessible from both the CLI and the interactive console.
|
|
242
|
+
|
|
243
|
+
```zsh
|
|
244
|
+
# One-shot queries
|
|
245
|
+
guard ask "how many critical risks are there?"
|
|
246
|
+
guard ask "show me all assets with port 22 open" --mode query
|
|
247
|
+
|
|
248
|
+
# File analysis and ingestion
|
|
249
|
+
guard marcus read "vault/engagement/sow.pdf"
|
|
250
|
+
guard marcus ingest "vault/nessus-export.csv" --findings
|
|
251
|
+
guard marcus do "generate an executive summary"
|
|
252
|
+
```
|
|
253
|
+
|
|
254
|
+
In the console, Marcus shows live tool execution:
|
|
255
|
+
```
|
|
256
|
+
guard > ask "analyze the top risks"
|
|
257
|
+
Thinking...
|
|
258
|
+
→ query — 14 risks done
|
|
259
|
+
→ query — 5 assets done
|
|
260
|
+
Found 14 risks across 5 assets...
|
|
261
|
+
```
|
|
262
|
+
|
|
263
|
+
## Security Tools
|
|
264
|
+
|
|
265
|
+
All 141 Guard capabilities are available through the CLI. Named tools include:
|
|
266
|
+
|
|
267
|
+
| Agent | Description |
|
|
268
|
+
|-------|-------------|
|
|
269
|
+
| `asset-analyzer` | Deep-dive reconnaissance & risk mapping |
|
|
270
|
+
| `brutus` | Credential attacks (SSH, RDP, FTP, SMB) |
|
|
271
|
+
| `julius` | LLM/AI service fingerprinting |
|
|
272
|
+
| `augustus` | LLM jailbreak & prompt injection attacks |
|
|
273
|
+
| `aurelius` | Cloud infrastructure discovery (AWS/Azure/GCP) |
|
|
274
|
+
| `trajan` | CI/CD pipeline security scanning |
|
|
275
|
+
| `priscus` | Remediation retesting |
|
|
276
|
+
| `seneca` | CVE research & exploit intelligence |
|
|
277
|
+
| `titus` | Secret scanning & credential leak detection |
|
|
278
|
+
|
|
279
|
+
### Local execution
|
|
280
|
+
|
|
281
|
+
Tools can run locally if the binary is installed, with results uploaded to Guard:
|
|
282
|
+
|
|
283
|
+
```zsh
|
|
284
|
+
guard run install brutus # download from praetorian-inc GitHub
|
|
285
|
+
guard run install all # install everything
|
|
286
|
+
guard run tool brutus 10.0.1.5 # runs locally (default if installed)
|
|
287
|
+
guard run tool brutus 10.0.1.5 --remote # force remote execution
|
|
288
|
+
guard run installed # show what's installed locally
|
|
289
|
+
```
|
|
290
|
+
|
|
291
|
+
### Additional CLI Commands
|
|
292
|
+
|
|
293
|
+
Beyond the standard CRUD commands, the CLI includes:
|
|
294
|
+
|
|
295
|
+
```zsh
|
|
296
|
+
# Fulltext search (Neo4j graph queries)
|
|
297
|
+
guard find "example.com"
|
|
298
|
+
guard find "CVE-2024" --type risk
|
|
299
|
+
|
|
300
|
+
# Evidence hydration
|
|
301
|
+
guard get risk "#risk#example.com#CVE-2024-1234" --evidence
|
|
302
|
+
|
|
303
|
+
# Reports
|
|
304
|
+
guard report generate --title "Q1 Pentest" --client "Acme Corp" --risks "status:OH"
|
|
305
|
+
guard report validate --risks "status:OH"
|
|
306
|
+
|
|
307
|
+
# One-shot Marcus AI query
|
|
308
|
+
guard ask "what assets have port 22 open?"
|
|
309
|
+
|
|
310
|
+
# Marcus subcommands
|
|
311
|
+
guard marcus read "vault/sow.pdf"
|
|
312
|
+
guard marcus ingest "vault/scope.md" --scope --findings
|
|
313
|
+
guard marcus do "add example.com as a seed and start discovery"
|
|
314
|
+
|
|
315
|
+
# Security tools (local or remote)
|
|
316
|
+
guard run tool brutus 10.0.1.5
|
|
317
|
+
guard run tool nuclei example.com --remote
|
|
318
|
+
guard run install brutus
|
|
319
|
+
guard run installed
|
|
320
|
+
|
|
321
|
+
# Engagement management
|
|
322
|
+
guard engagement list
|
|
323
|
+
guard engagement create-customer --email ops@acme.com --name "ACME Corp"
|
|
324
|
+
guard engagement create-vault --client acme --sow SOW-1234 --sku WAPT --github-user jdoe
|
|
325
|
+
```
|
|
326
|
+
|
|
150
327
|
# Developers
|
|
151
328
|
|
|
152
329
|
Both CLI and SDK is open-source in this repository. The SDK is installed along with the `praetorian-cli`
|
|
@@ -14,16 +14,23 @@
|
|
|
14
14
|
# Table of Contents
|
|
15
15
|
|
|
16
16
|
- [Description](#description)
|
|
17
|
-
- [Getting
|
|
17
|
+
- [Getting Started](#getting-started)
|
|
18
18
|
- [Prerequisites](#prerequisites)
|
|
19
19
|
- [Installation](#installation)
|
|
20
|
-
- [Signing up](#signing-up
|
|
20
|
+
- [Signing up](#signing-up)
|
|
21
|
+
- [Authentication](#authentication)
|
|
21
22
|
- [Using the CLI](#using-the-cli)
|
|
22
|
-
- [
|
|
23
|
+
- [Operators](#operators)
|
|
24
|
+
- [Interactive Console](#interactive-console)
|
|
25
|
+
- [Install local security tools (optional)](#install-local-security-tools-optional)
|
|
26
|
+
- [Marcus Aurelius AI](#marcus-aurelius-ai)
|
|
27
|
+
- [Security Tools](#security-tools)
|
|
23
28
|
- [Developers](#developers)
|
|
24
|
-
- [
|
|
25
|
-
- [
|
|
26
|
-
- [
|
|
29
|
+
- [SDK](#sdk)
|
|
30
|
+
- [Developing external scripts](#developing-external-scripts)
|
|
31
|
+
- [Contributing](#contributing)
|
|
32
|
+
- [Support](#support)
|
|
33
|
+
- [License](#license)
|
|
27
34
|
- [Backwards Compatibility](#backwards-compatibility)
|
|
28
35
|
|
|
29
36
|
# Description
|
|
@@ -43,12 +50,32 @@ offensive security platform.
|
|
|
43
50
|
|
|
44
51
|
## Installation
|
|
45
52
|
|
|
46
|
-
Install the Python package
|
|
53
|
+
Install the Python package:
|
|
47
54
|
|
|
48
55
|
```zsh
|
|
49
56
|
pip install praetorian-cli
|
|
50
57
|
```
|
|
51
58
|
|
|
59
|
+
### Install from source (for console branch features)
|
|
60
|
+
|
|
61
|
+
```zsh
|
|
62
|
+
git clone https://github.com/praetorian-inc/praetorian-cli.git
|
|
63
|
+
cd praetorian-cli
|
|
64
|
+
pip install -e .
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
### Configure authentication
|
|
68
|
+
|
|
69
|
+
```zsh
|
|
70
|
+
guard configure
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
Or set environment variables:
|
|
74
|
+
```zsh
|
|
75
|
+
export PRAETORIAN_CLI_API_KEY_ID=your-api-key-id
|
|
76
|
+
export PRAETORIAN_CLI_API_KEY_SECRET=your-api-key-secret
|
|
77
|
+
```
|
|
78
|
+
|
|
52
79
|
## Signing up
|
|
53
80
|
|
|
54
81
|
Register for an account for [Guard](https://guard.praetorian.com) using the instructions
|
|
@@ -56,13 +83,13 @@ in [our documentation](https://docs.praetorian.com/hc/en-us/articles/38048335323
|
|
|
56
83
|
|
|
57
84
|
## Authentication
|
|
58
85
|
|
|
59
|
-
Once you can properly access Guard through the UI, you can obtain API credentials by clicking the
|
|
60
|
-
Praetorian icon in the top right corner -> User Profile -> API Keys. Be sure to carefully copy the
|
|
61
|
-
API credentials you created as you will need to provide them to the CLI for interacting with Guard.
|
|
86
|
+
Once you can properly access Guard through the UI, you can obtain API credentials by clicking the
|
|
87
|
+
Praetorian icon in the top right corner -> User Profile -> API Keys. Be sure to carefully copy the
|
|
88
|
+
API credentials you created as you will need to provide them to the CLI for interacting with Guard.
|
|
62
89
|
|
|
63
90
|
**Note**: SSO Organizations should provision access through API Keys as well.
|
|
64
91
|
|
|
65
|
-
### Using API Keys
|
|
92
|
+
### Using API Keys
|
|
66
93
|
|
|
67
94
|
This is the authentication method for CLI. You can authenticate using either a keychain file or environment variables.
|
|
68
95
|
|
|
@@ -70,11 +97,11 @@ This is the authentication method for CLI. You can authenticate using either a k
|
|
|
70
97
|
|
|
71
98
|
This method stores your API key in a keychain file.
|
|
72
99
|
|
|
73
|
-
1. Run `guard configure` and follow the prompts to set up authentication.
|
|
100
|
+
1. Run `guard configure` and follow the prompts to set up authentication.
|
|
74
101
|
Use the default values for `profile name`, `URL of backend API`, and `client ID`.
|
|
75
102
|
2. It creates `~/.praetorian/keychain.ini`, which should read like this:
|
|
76
103
|
|
|
77
|
-
```
|
|
104
|
+
```text
|
|
78
105
|
[United States]
|
|
79
106
|
name = guard
|
|
80
107
|
client_id = 795dnnr45so7m17cppta0b295o
|
|
@@ -123,6 +150,156 @@ To get detailed information about a specific asset, run:
|
|
|
123
150
|
guard --account guard+example@praetorian.com get asset <ASSET_KEY>
|
|
124
151
|
```
|
|
125
152
|
|
|
153
|
+
# Operators
|
|
154
|
+
|
|
155
|
+
## Interactive Console
|
|
156
|
+
|
|
157
|
+
The Guard CLI includes a Metasploit-style interactive console for operator-focused engagement workflows.
|
|
158
|
+
|
|
159
|
+
```zsh
|
|
160
|
+
guard console
|
|
161
|
+
guard console --account client@example.com
|
|
162
|
+
```
|
|
163
|
+
|
|
164
|
+
The console provides:
|
|
165
|
+
|
|
166
|
+
- **Engagement management** — switch between accounts, view stats (seeds/assets/risks), create customers, manage vaults
|
|
167
|
+
- **Metasploit-style tool selection** — `use <tool>`, `show targets`, `set target`, `execute`
|
|
168
|
+
- **All 141 backend capabilities** — any capability can be selected via `use <name>` or `use <#>`
|
|
169
|
+
- **Marcus Aurelius AI** — inline queries (`ask`) and multi-turn conversation (`marcus`)
|
|
170
|
+
- **Fulltext search** — `find` for Neo4j graph search across all entity types
|
|
171
|
+
- **Evidence hydration** — `evidence <risk>` fetches all scattered evidence in one view
|
|
172
|
+
- **Report generation** — `report generate` / `report validate`
|
|
173
|
+
- **Local tool execution** — run installed Praetorian binaries locally, upload results to Guard
|
|
174
|
+
- **Live job tracking** — `status`, `jobs`, real-time tool output from Marcus
|
|
175
|
+
|
|
176
|
+
### Example session
|
|
177
|
+
|
|
178
|
+
```
|
|
179
|
+
guard > accounts # list engagements
|
|
180
|
+
guard > use 5 # switch to engagement #5
|
|
181
|
+
guard > assets # list assets (scoped to engagement)
|
|
182
|
+
guard > risks # list risks
|
|
183
|
+
guard > show 1 # drill into risk #1
|
|
184
|
+
|
|
185
|
+
guard > use brutus # select credential tester
|
|
186
|
+
guard (brutus) > show targets # show valid port targets
|
|
187
|
+
guard (brutus) > set target 3 # pick target #3
|
|
188
|
+
guard (brutus) > run # execute (local if installed, remote otherwise)
|
|
189
|
+
guard (brutus) > status # check job results
|
|
190
|
+
guard (brutus) > exit # back to main prompt
|
|
191
|
+
|
|
192
|
+
guard > ask "summarize critical risks" # one-shot Marcus query
|
|
193
|
+
guard > marcus # enter multi-turn conversation
|
|
194
|
+
marcus > @aurelius scan cloud infra # delegate to specialist agent
|
|
195
|
+
marcus > back
|
|
196
|
+
|
|
197
|
+
guard > marcus read "vault/sow.pdf" # have Marcus analyze a file
|
|
198
|
+
guard > marcus do "add example.com as seed" # direct instruction
|
|
199
|
+
guard > download proofs # download all proof files locally
|
|
200
|
+
guard > home # return to your own account
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
## Install local security tools (optional)
|
|
204
|
+
|
|
205
|
+
Requires the [GitHub CLI](https://cli.github.com/) (`gh`) to be installed and authenticated:
|
|
206
|
+
|
|
207
|
+
```zsh
|
|
208
|
+
guard run install brutus # install a specific tool
|
|
209
|
+
guard run install all # install all Praetorian tools
|
|
210
|
+
guard run installed # check what's installed
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
Binaries are downloaded from `praetorian-inc` GitHub releases to `~/.praetorian/bin/`.
|
|
214
|
+
|
|
215
|
+
## Marcus Aurelius AI
|
|
216
|
+
|
|
217
|
+
Marcus is Guard's AI operator, accessible from both the CLI and the interactive console.
|
|
218
|
+
|
|
219
|
+
```zsh
|
|
220
|
+
# One-shot queries
|
|
221
|
+
guard ask "how many critical risks are there?"
|
|
222
|
+
guard ask "show me all assets with port 22 open" --mode query
|
|
223
|
+
|
|
224
|
+
# File analysis and ingestion
|
|
225
|
+
guard marcus read "vault/engagement/sow.pdf"
|
|
226
|
+
guard marcus ingest "vault/nessus-export.csv" --findings
|
|
227
|
+
guard marcus do "generate an executive summary"
|
|
228
|
+
```
|
|
229
|
+
|
|
230
|
+
In the console, Marcus shows live tool execution:
|
|
231
|
+
```
|
|
232
|
+
guard > ask "analyze the top risks"
|
|
233
|
+
Thinking...
|
|
234
|
+
→ query — 14 risks done
|
|
235
|
+
→ query — 5 assets done
|
|
236
|
+
Found 14 risks across 5 assets...
|
|
237
|
+
```
|
|
238
|
+
|
|
239
|
+
## Security Tools
|
|
240
|
+
|
|
241
|
+
All 141 Guard capabilities are available through the CLI. Named tools include:
|
|
242
|
+
|
|
243
|
+
| Agent | Description |
|
|
244
|
+
|-------|-------------|
|
|
245
|
+
| `asset-analyzer` | Deep-dive reconnaissance & risk mapping |
|
|
246
|
+
| `brutus` | Credential attacks (SSH, RDP, FTP, SMB) |
|
|
247
|
+
| `julius` | LLM/AI service fingerprinting |
|
|
248
|
+
| `augustus` | LLM jailbreak & prompt injection attacks |
|
|
249
|
+
| `aurelius` | Cloud infrastructure discovery (AWS/Azure/GCP) |
|
|
250
|
+
| `trajan` | CI/CD pipeline security scanning |
|
|
251
|
+
| `priscus` | Remediation retesting |
|
|
252
|
+
| `seneca` | CVE research & exploit intelligence |
|
|
253
|
+
| `titus` | Secret scanning & credential leak detection |
|
|
254
|
+
|
|
255
|
+
### Local execution
|
|
256
|
+
|
|
257
|
+
Tools can run locally if the binary is installed, with results uploaded to Guard:
|
|
258
|
+
|
|
259
|
+
```zsh
|
|
260
|
+
guard run install brutus # download from praetorian-inc GitHub
|
|
261
|
+
guard run install all # install everything
|
|
262
|
+
guard run tool brutus 10.0.1.5 # runs locally (default if installed)
|
|
263
|
+
guard run tool brutus 10.0.1.5 --remote # force remote execution
|
|
264
|
+
guard run installed # show what's installed locally
|
|
265
|
+
```
|
|
266
|
+
|
|
267
|
+
### Additional CLI Commands
|
|
268
|
+
|
|
269
|
+
Beyond the standard CRUD commands, the CLI includes:
|
|
270
|
+
|
|
271
|
+
```zsh
|
|
272
|
+
# Fulltext search (Neo4j graph queries)
|
|
273
|
+
guard find "example.com"
|
|
274
|
+
guard find "CVE-2024" --type risk
|
|
275
|
+
|
|
276
|
+
# Evidence hydration
|
|
277
|
+
guard get risk "#risk#example.com#CVE-2024-1234" --evidence
|
|
278
|
+
|
|
279
|
+
# Reports
|
|
280
|
+
guard report generate --title "Q1 Pentest" --client "Acme Corp" --risks "status:OH"
|
|
281
|
+
guard report validate --risks "status:OH"
|
|
282
|
+
|
|
283
|
+
# One-shot Marcus AI query
|
|
284
|
+
guard ask "what assets have port 22 open?"
|
|
285
|
+
|
|
286
|
+
# Marcus subcommands
|
|
287
|
+
guard marcus read "vault/sow.pdf"
|
|
288
|
+
guard marcus ingest "vault/scope.md" --scope --findings
|
|
289
|
+
guard marcus do "add example.com as a seed and start discovery"
|
|
290
|
+
|
|
291
|
+
# Security tools (local or remote)
|
|
292
|
+
guard run tool brutus 10.0.1.5
|
|
293
|
+
guard run tool nuclei example.com --remote
|
|
294
|
+
guard run install brutus
|
|
295
|
+
guard run installed
|
|
296
|
+
|
|
297
|
+
# Engagement management
|
|
298
|
+
guard engagement list
|
|
299
|
+
guard engagement create-customer --email ops@acme.com --name "ACME Corp"
|
|
300
|
+
guard engagement create-vault --client acme --sow SOW-1234 --sku WAPT --github-user jdoe
|
|
301
|
+
```
|
|
302
|
+
|
|
126
303
|
# Developers
|
|
127
304
|
|
|
128
305
|
Both CLI and SDK is open-source in this repository. The SDK is installed along with the `praetorian-cli`
|