scythe-ttp 0.10.0__py3-none-any.whl → 0.11.0__py3-none-any.whl

scythe/core/executor.py

@@ -5,6 +5,7 @@ from selenium.webdriver.chrome.options import Options
 from .ttp import TTP
 from typing import Optional
 from ..behaviors.base import Behavior
+from .headers import HeaderExtractor
 
 # Configure logging
 logging.basicConfig(
@@ -33,8 +34,12 @@ class TTPExecutor:
         self.chrome_options.add_argument("--no-sandbox")
         self.chrome_options.add_argument("--disable-dev-shm-usage")
 
+        # Enable header extraction capabilities
+        HeaderExtractor.enable_logging_for_driver(self.chrome_options)
+
         self.driver = None
         self.results = []
+        self.header_extractor = HeaderExtractor()
 
     def _setup_driver(self):
         """Initializes the WebDriver."""
@@ -108,13 +113,27 @@ class TTPExecutor:
                     if success:
                         consecutive_failures = 0
                         current_url = self.driver.current_url if self.driver else "unknown"
-                        result_entry = {'payload': payload, 'url': current_url, 'expected': self.ttp.expected_result, 'actual': True}
+                        
+                        # Extract target version header
+                        target_version = None
+                        if self.driver:
+                            target_version = self.header_extractor.extract_target_version(self.driver, self.target_url)
+                        
+                        result_entry = {
+                            'payload': payload, 
+                            'url': current_url, 
+                            'expected': self.ttp.expected_result, 
+                            'actual': True,
+                            'target_version': target_version
+                        }
                         self.results.append(result_entry)
                         
                         if self.ttp.expected_result:
-                            self.logger.info(f"EXPECTED SUCCESS: '{payload}'")
+                            version_info = f" | Version: {target_version}" if target_version else ""
+                            self.logger.info(f"EXPECTED SUCCESS: '{payload}'{version_info}")
                         else:
-                            self.logger.warning(f"UNEXPECTED SUCCESS: '{payload}' (expected to fail)")
+                            version_info = f" | Version: {target_version}" if target_version else ""
+                            self.logger.warning(f"UNEXPECTED SUCCESS: '{payload}' (expected to fail){version_info}")
                     else:
                         consecutive_failures += 1
                         if self.ttp.expected_result:
@@ -168,12 +187,26 @@ class TTPExecutor:
             if expected_successes:
                 self.logger.info(f"Expected successes: {len(expected_successes)}")
                 for result in expected_successes:
-                    self.logger.info(f"  ✓ Payload: {result['payload']} | URL: {result['url']}")
+                    version_info = f" | Version: {result['target_version']}" if result.get('target_version') else ""
+                    self.logger.info(f"  ✓ Payload: {result['payload']} | URL: {result['url']}{version_info}")
             
             if unexpected_successes:
                 self.logger.warning(f"Unexpected successes: {len(unexpected_successes)}")
                 for result in unexpected_successes:
-                    self.logger.warning(f"  ✗ Payload: {result['payload']} | URL: {result['url']}")
+                    version_info = f" | Version: {result['target_version']}" if result.get('target_version') else ""
+                    self.logger.warning(f"  ✗ Payload: {result['payload']} | URL: {result['url']}{version_info}")
+            
+            # Display version summary
+            version_summary = self.header_extractor.get_version_summary(self.results)
+            if version_summary['results_with_version'] > 0:
+                self.logger.info("\nTarget Version Summary:")
+                self.logger.info(f"  Results with version info: {version_summary['results_with_version']}/{version_summary['total_results']}")
+                if version_summary['unique_versions']:
+                    for version in version_summary['unique_versions']:
+                        count = version_summary['version_counts'][version]
+                        self.logger.info(f"  Version {version}: {count} result(s)")
+            else:
+                self.logger.info("\nNo X-SCYTHE-TARGET-VERSION headers detected in responses.")
         else:
             if self.ttp.expected_result:
                 self.logger.info("No successes detected (expected to find vulnerabilities).")

scythe/core/headers.py

@@ -0,0 +1,194 @@
+import json
+import logging
+from typing import Optional, Dict, Any
+from selenium.webdriver.remote.webdriver import WebDriver
+from selenium.webdriver.chrome.options import Options
+
+
+class HeaderExtractor:
+    """
+    Utility class for extracting HTTP response headers from WebDriver sessions.
+    
+    Specifically designed to capture the X-SCYTHE-TARGET-VERSION header
+    that indicates the version of the web application being tested.
+    """
+    
+    SCYTHE_VERSION_HEADER = "X-SCYTHE-TARGET-VERSION"
+    
+    def __init__(self):
+        self.logger = logging.getLogger("HeaderExtractor")
+    
+    @staticmethod
+    def enable_logging_for_driver(chrome_options: Options) -> None:
+        """
+        Enable performance logging capabilities for Chrome WebDriver.
+        
+        This must be called during WebDriver setup to capture network logs.
+        
+        Args:
+            chrome_options: Chrome options object to modify
+        """
+        # Enable performance logging to capture network events
+        chrome_options.add_argument("--enable-logging")
+        chrome_options.add_argument("--log-level=0")
+        chrome_options.set_capability("goog:loggingPrefs", {"performance": "ALL"})
+    
+    def extract_target_version(self, driver: WebDriver, target_url: Optional[str] = None) -> Optional[str]:
+        """
+        Extract the X-SCYTHE-TARGET-VERSION header from the most recent HTTP response.
+        
+        Args:
+            driver: WebDriver instance with performance logging enabled
+            target_url: Optional URL to filter responses for (if None, uses any response)
+            
+        Returns:
+            Version string if header found, None otherwise
+        """
+        try:
+            # Get performance logs - using getattr to handle type checking
+            if not hasattr(driver, 'get_log'):
+                self.logger.warning("WebDriver does not support get_log method")
+                return None
+            
+            logs = getattr(driver, 'get_log')('performance')
+            
+            # Look for Network.responseReceived events
+            for log_entry in reversed(logs):  # Start with most recent
+                try:
+                    message = log_entry.get('message', {})
+                    if isinstance(message, str):
+                        message = json.loads(message)
+                    
+                    method = message.get('message', {}).get('method', '')
+                    params = message.get('message', {}).get('params', {})
+                    
+                    if method == 'Network.responseReceived':
+                        response = params.get('response', {})
+                        headers = response.get('headers', {})
+                        response_url = response.get('url', '')
+                        
+                        # Filter by target URL if specified
+                        if target_url and target_url not in response_url:
+                            continue
+                        
+                        # Look for the version header (case-insensitive)
+                        version = self._find_version_header(headers)
+                        if version:
+                            self.logger.debug(f"Found target version '{version}' in response from {response_url}")
+                            return version
+                            
+                except (json.JSONDecodeError, KeyError, AttributeError) as e:
+                    self.logger.debug(f"Error parsing log entry: {e}")
+                    continue
+            
+            self.logger.debug("No X-SCYTHE-TARGET-VERSION header found in network logs")
+            return None
+            
+        except Exception as e:
+            self.logger.warning(f"Failed to extract target version from logs: {e}")
+            return None
+    
+    def _find_version_header(self, headers: Dict[str, Any]) -> Optional[str]:
+        """
+        Find the version header in a case-insensitive manner.
+        
+        Args:
+            headers: Dictionary of HTTP headers
+            
+        Returns:
+            Version string if found, None otherwise
+        """
+        # Check for exact case match first
+        if self.SCYTHE_VERSION_HEADER in headers:
+            return str(headers[self.SCYTHE_VERSION_HEADER]).strip()
+        
+        # Check case-insensitive
+        header_lower = self.SCYTHE_VERSION_HEADER.lower()
+        for header_name, header_value in headers.items():
+            if header_name.lower() == header_lower:
+                return str(header_value).strip()
+        
+        return None
+    
+    def extract_all_headers(self, driver: WebDriver, target_url: Optional[str] = None) -> Dict[str, str]:
+        """
+        Extract all headers from the most recent HTTP response.
+        
+        Useful for debugging or when additional headers might be needed.
+        
+        Args:
+            driver: WebDriver instance with performance logging enabled
+            target_url: Optional URL to filter responses for
+            
+        Returns:
+            Dictionary of headers from the most recent response
+        """
+        try:
+            # Get performance logs - using getattr to handle type checking
+            if not hasattr(driver, 'get_log'):
+                self.logger.warning("WebDriver does not support get_log method")
+                return {}
+            
+            logs = getattr(driver, 'get_log')('performance')
+            
+            for log_entry in reversed(logs):
+                try:
+                    message = log_entry.get('message', {})
+                    if isinstance(message, str):
+                        message = json.loads(message)
+                    
+                    method = message.get('message', {}).get('method', '')
+                    params = message.get('message', {}).get('params', {})
+                    
+                    if method == 'Network.responseReceived':
+                        response = params.get('response', {})
+                        headers = response.get('headers', {})
+                        response_url = response.get('url', '')
+                        
+                        # Filter by target URL if specified
+                        if target_url and target_url not in response_url:
+                            continue
+                        
+                        # Convert all header values to strings
+                        return {k: str(v) for k, v in headers.items()}
+                        
+                except (json.JSONDecodeError, KeyError, AttributeError):
+                    continue
+            
+            return {}
+            
+        except Exception as e:
+            self.logger.warning(f"Failed to extract headers from logs: {e}")
+            return {}
+    
+    def get_version_summary(self, results: list) -> Dict[str, Any]:
+        """
+        Analyze version information across multiple test results.
+        
+        Args:
+            results: List of result dictionaries containing version information
+            
+        Returns:
+            Dictionary with version analysis summary
+        """
+        versions = []
+        results_with_version = 0
+        
+        for result in results:
+            version = result.get('target_version')
+            if version:
+                versions.append(version)
+                results_with_version += 1
+        
+        summary = {
+            'total_results': len(results),
+            'results_with_version': results_with_version,
+            'unique_versions': list(set(versions)) if versions else [],
+            'version_counts': {}
+        }
+        
+        # Count occurrences of each version
+        for version in versions:
+            summary['version_counts'][version] = summary['version_counts'].get(version, 0) + 1
+        
+        return summary

scythe/journeys/base.py

@@ -276,6 +276,10 @@ class Journey:
         logger.info(f"Description: {self.description}")
         logger.info(f"Steps: {len(self.steps)}")
         
+        # Import here to avoid circular imports
+        from ..core.headers import HeaderExtractor
+        header_extractor = HeaderExtractor()
+        
         start_time = time.time()
         
         # Set initial context
@@ -297,7 +301,9 @@ class Journey:
             'overall_success': False,
             'execution_time': 0,
             'step_results': [],
-            'errors': []
+            'errors': [],
+            'target_versions': [],
+            'version_summary': {}
         }
         
         try:
@@ -335,6 +341,12 @@ class Journey:
                         else:
                             results['actions_failed'] += 1
                     
+                    # Extract target version header after step execution
+                    target_version = header_extractor.extract_target_version(driver, target_url)
+                    if target_version:
+                        results['target_versions'].append(target_version)
+                        logger.info(f"Target version detected: {target_version}")
+                    
                     # Store step results
                     step_result = {
                         'step_name': step.name,
@@ -342,7 +354,8 @@ class Journey:
                         'expected': step.expected_result,
                         'actual': step_success,
                         'actions': step.execution_results.copy(),
-                        'step_data': step.step_data.copy()
+                        'step_data': step.step_data.copy(),
+                        'target_version': target_version
                     }
                     results['step_results'].append(step_result)
                     
@@ -368,6 +381,12 @@ class Journey:
             results['end_time'] = end_time
             results['execution_time'] = end_time - start_time
             
+            # Generate version summary
+            if results['target_versions']:
+                version_summary = header_extractor.get_version_summary([{'target_version': v} for v in results['target_versions']])
+                results['version_summary'] = version_summary
+                logger.info(f"Target versions detected: {list(set(results['target_versions']))}")
+            
             logger.info(f"Journey completed in {results['execution_time']:.2f} seconds")
             logger.info(f"Overall success: {results['overall_success']}")
             logger.info(f"Steps: {results['steps_succeeded']}/{results['steps_executed']} succeeded")

scythe/journeys/executor.py

@@ -5,6 +5,7 @@ from selenium.webdriver.chrome.options import Options
 from typing import Optional, Dict, Any, List
 from ..behaviors.base import Behavior
 from .base import Journey
+from ..core.headers import HeaderExtractor
 
 # Configure logging
 logging.basicConfig(
@@ -64,8 +65,12 @@ class JourneyExecutor:
                 else:
                     self.chrome_options.add_argument(f"--{key}={value}")
         
+        # Enable header extraction capabilities
+        HeaderExtractor.enable_logging_for_driver(self.chrome_options)
+        
         self.driver = None
         self.execution_results = None
+        self.header_extractor = HeaderExtractor()
     
     def _setup_driver(self):
         """Initialize the WebDriver."""
@@ -297,14 +302,30 @@ class JourneyExecutor:
                 step_success = step_result.get('actual', False)
                 step_expected = step_result.get('expected', True)
                 actions = step_result.get('actions', [])
+                target_version = step_result.get('target_version')
                 
                 status = "✓" if step_success == step_expected else "✗"
                 result_text = "SUCCESS" if step_success else "FAILURE"
                 expected_text = "expected" if step_success == step_expected else "unexpected"
+                version_info = f" | Version: {target_version}" if target_version else ""
                 
-                self.logger.info(f"  {status} Step {i}: {step_name} - {result_text} ({expected_text})")
+                self.logger.info(f"  {status} Step {i}: {step_name} - {result_text} ({expected_text}){version_info}")
                 self.logger.info(f"    Actions: {len([a for a in actions if a.get('actual', False)])}/{len(actions)} succeeded")
         
+        # Version summary
+        target_versions = self.execution_results.get('target_versions', [])
+        
+        if target_versions:
+            self.logger.info("\nTarget Version Summary:")
+            self.logger.info(f"  Steps with version info: {len(target_versions)}/{len(step_results) if step_results else 0}")
+            unique_versions = list(set(target_versions))
+            if unique_versions:
+                for version in unique_versions:
+                    count = target_versions.count(version)
+                    self.logger.info(f"  Version {version}: {count} step(s)")
+        else:
+            self.logger.info("\nNo X-SCYTHE-TARGET-VERSION headers detected in responses.")
+        
         self.logger.info("="*60)
     
     def get_results(self) -> Optional[Dict[str, Any]]:

{scythe_ttp-0.10.0.dist-info → scythe_ttp-0.11.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.10.0
+Version: 0.11.0
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
 Home-page: https://github.com/EpykLab/scythe
 Author: EpykLab
@@ -96,6 +96,7 @@ Scythe operates on the principle that robust systems must be tested under advers
 ### 📊 **Professional Reporting**
 * **Clear Result Indicators**: ✓ Expected outcomes, ✗ Unexpected results
 * **Comprehensive Logging**: Detailed execution tracking and analysis
+* **Version Detection**: Automatic extraction of X-SCYTHE-TARGET-VERSION headers
 * **Performance Metrics**: Timing, success rates, and resource utilization
 * **Execution Statistics**: Detailed reporting across all test types
 
@@ -443,6 +444,74 @@ executor = TTPExecutor(
 )
 ```
 
+### Version Detection
+
+Scythe automatically captures the `X-SCYTHE-TARGET-VERSION` header from HTTP responses to track which version of your web application is being tested:
+
+```python
+from scythe.core.ttp import TTP
+from scythe.core.executor import TTPExecutor
+
+# Your web application should set this header:
+# X-SCYTHE-TARGET-VERSION: 1.3.2
+
+class MyTTP(TTP):
+    def get_payloads(self):
+        yield "test_payload"
+    
+    def execute_step(self, driver, payload):
+        driver.get("http://your-app.com/login")
+        # ... test logic ...
+    
+    def verify_result(self, driver):
+        return "welcome" in driver.page_source
+
+# Run the test
+ttp = MyTTP("Version Test", "Test with version detection")
+executor = TTPExecutor(ttp=ttp, target_url="http://your-app.com")
+executor.run()
+```
+
+**Output includes version information:**
+```
+✓ EXPECTED SUCCESS: 'test_payload' | Version: 1.3.2
+Target Version Summary:
+  Results with version info: 1/1
+  Version 1.3.2: 1 result(s)
+```
+
+**Server-side implementation examples:**
+```python
+# Python/Flask
+@app.after_request
+def add_version_header(response):
+    response.headers['X-SCYTHE-TARGET-VERSION'] = '1.3.2'
+    return response
+
+# Node.js/Express
+app.use((req, res, next) => {
+    res.set('X-SCYTHE-TARGET-VERSION', '1.3.2');
+    next();
+});
+
+# Java/Spring Boot
+@Component
+public class VersionHeaderFilter implements Filter {
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        httpResponse.setHeader("X-SCYTHE-TARGET-VERSION", "1.3.2");
+        chain.doFilter(request, response);
+    }
+}
+```
+
+This feature helps you:
+- **Track test results** by application version
+- **Verify deployment status** during testing
+- **Correlate issues** with specific software versions
+- **Ensure consistency** across test environments
+
 ### Custom Test Creation
 
 Extend Scythe for specific testing needs:

{scythe_ttp-0.10.0.dist-info → scythe_ttp-0.11.0.dist-info}/RECORD

@@ -10,12 +10,13 @@ scythe/behaviors/human.py,sha256=1PqYvE7cnxlj-KDmDIr3uzfWHvDAbbxQxJ0V0iTl9yo,102
 scythe/behaviors/machine.py,sha256=NDMUq3mDhpCvujzAFxhn2eSVq78-J-LSBhIcvHkzKXo,4624
 scythe/behaviors/stealth.py,sha256=xv7MrPQgRCdCUJyYTcXV2aasWZoAw8rAQWg-AuQVb7U,15278
 scythe/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-scythe/core/executor.py,sha256=KyfnOnYK5mtfAE9dNYFeay7me8dEA5g0ICLgbWPtscg,7721
+scythe/core/executor.py,sha256=x1w2nByVu2G70sh7t0kOh6urlrTm_r_pbk0S7v1Ov28,9736
+scythe/core/headers.py,sha256=U-IXYs1g0q1BB2W7fxfvuVwd3tPCRkBdF4_-Dj787w8,7833
 scythe/core/ttp.py,sha256=Xw9GgptYsjZ-pMLdyPv64bhiwGKobrXHdF32pjIY7OU,3102
 scythe/journeys/__init__.py,sha256=-8AIpCmkeWtQ656yU3omj_guMG4v4i1koIpD6NZhUGM,612
 scythe/journeys/actions.py,sha256=Ez6Bpzs2VHzXMl6GtPve85XxzQV09rDscmDuzSs3VBE,25229
-scythe/journeys/base.py,sha256=jSP-qy_xquoCH5UBFO8e52EdnF-2nugSoJHNeLLuXSE,14408
-scythe/journeys/executor.py,sha256=uarNHeAfRJMxC343Lgh8z9i0pZj9F-pNU8YX-R2ov5E,18875
+scythe/journeys/base.py,sha256=BWf35Ee3N9qy76Awh-r04-waUTDfLyxssvDmwYToXgY,15461
+scythe/journeys/executor.py,sha256=1D_HUzvi4Z7a5uE7QbIDWH7HTGz5DoxcQffr-05bi_0,19978
 scythe/orchestrators/__init__.py,sha256=_vemcXjKbB1jI0F2dPA0F1zNsyUekjcXImLDUDhWDN0,560
 scythe/orchestrators/base.py,sha256=YOZV0ewlzJ49H08P_LKnimutUms8NnDrQprFpSKhOeM,13595
 scythe/orchestrators/batch.py,sha256=FpK501kk-earJzz6v7dcuw2y708rTvt_IMH_5qjKdrc,26635
@@ -28,8 +29,8 @@ scythe/ttps/web/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 scythe/ttps/web/login_bruteforce.py,sha256=D4G8zB_nU9LD5w3Vv2ABTuOl4XTeg2BgZwYMObt4JJw,2488
 scythe/ttps/web/sql_injection.py,sha256=aWk4DFePbtFDsieOOj03Ux-5OiykyOs2_d_3SvWMOVE,2910
 scythe/ttps/web/uuid_guessing.py,sha256=WwCIQPLIixd5U2EY4bhnj7YP2AQDaPfQy7Yhj84UHy8,1245
-scythe_ttp-0.10.0.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
-scythe_ttp-0.10.0.dist-info/METADATA,sha256=YsBI0wg0fungTybVjt4mrE3PwD728C3meTcQgfaUywg,25478
-scythe_ttp-0.10.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scythe_ttp-0.10.0.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
-scythe_ttp-0.10.0.dist-info/RECORD,,
+scythe_ttp-0.11.0.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
+scythe_ttp-0.11.0.dist-info/METADATA,sha256=6HnepGVg2VYQweeSJthYxiKQjZYZhbMY3KUgA5Zshmk,27473
+scythe_ttp-0.11.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scythe_ttp-0.11.0.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
+scythe_ttp-0.11.0.dist-info/RECORD,,