scythe-ttp 0.10.0__tar.gz → 0.12.1__tar.gz

{scythe_ttp-0.10.0/scythe_ttp.egg-info → scythe_ttp-0.12.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.10.0
+Version: 0.12.1
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
 Home-page: https://github.com/EpykLab/scythe
 Author: EpykLab
@@ -96,6 +96,7 @@ Scythe operates on the principle that robust systems must be tested under advers
 ### 📊 **Professional Reporting**
 * **Clear Result Indicators**: ✓ Expected outcomes, ✗ Unexpected results
 * **Comprehensive Logging**: Detailed execution tracking and analysis
+* **Version Detection**: Automatic extraction of X-SCYTHE-TARGET-VERSION headers
 * **Performance Metrics**: Timing, success rates, and resource utilization
 * **Execution Statistics**: Detailed reporting across all test types
 
@@ -168,6 +169,26 @@ file_upload_ttp = FileUploadTTP(
 
 ### Installation
 
+#### If you would like to use as a library:
+
+setup the virtual environment
+```bash
+python3 -m venv venv
+
+# source the venv
+# bash,zsh: source venv/bin/activate
+# fish: source venv/bin/activate.fish
+```
+
+install the package
+```bash
+# in an activated venv
+
+pip3 install scythe-ttp
+```
+
+#### If you would like like to contribute:
+
 1. Clone the repository:
    ```bash
    git clone https://github.com/EpykLab/scythe.git
@@ -443,6 +464,74 @@ executor = TTPExecutor(
 )
 ```
 
+### Version Detection
+
+Scythe automatically captures the `X-SCYTHE-TARGET-VERSION` header from HTTP responses to track which version of your web application is being tested:
+
+```python
+from scythe.core.ttp import TTP
+from scythe.core.executor import TTPExecutor
+
+# Your web application should set this header:
+# X-SCYTHE-TARGET-VERSION: 1.3.2
+
+class MyTTP(TTP):
+    def get_payloads(self):
+        yield "test_payload"
+
+    def execute_step(self, driver, payload):
+        driver.get("http://your-app.com/login")
+        # ... test logic ...
+
+    def verify_result(self, driver):
+        return "welcome" in driver.page_source
+
+# Run the test
+ttp = MyTTP("Version Test", "Test with version detection")
+executor = TTPExecutor(ttp=ttp, target_url="http://your-app.com")
+executor.run()
+```
+
+**Output includes version information:**
+```
+✓ EXPECTED SUCCESS: 'test_payload' | Version: 1.3.2
+Target Version Summary:
+  Results with version info: 1/1
+  Version 1.3.2: 1 result(s)
+```
+
+**Server-side implementation examples:**
+```python
+# Python/Flask
+@app.after_request
+def add_version_header(response):
+    response.headers['X-SCYTHE-TARGET-VERSION'] = '1.3.2'
+    return response
+
+# Node.js/Express
+app.use((req, res, next) => {
+    res.set('X-SCYTHE-TARGET-VERSION', '1.3.2');
+    next();
+});
+
+# Java/Spring Boot
+@Component
+public class VersionHeaderFilter implements Filter {
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        httpResponse.setHeader("X-SCYTHE-TARGET-VERSION", "1.3.2");
+        chain.doFilter(request, response);
+    }
+}
+```
+
+This feature helps you:
+- **Track test results** by application version
+- **Verify deployment status** during testing
+- **Correlate issues** with specific software versions
+- **Ensure consistency** across test environments
+
 ### Custom Test Creation
 
 Extend Scythe for specific testing needs:
@@ -454,7 +543,7 @@ from typing import Generator, Any
 
 class CustomBusinessLogicTTP(TTP):
     """Test specific business logic under adverse conditions."""
-    
+
     def __init__(self, business_scenarios: list, expected_result: bool = True):
         super().__init__(
             name="Business Logic Test",
@@ -462,28 +551,28 @@ class CustomBusinessLogicTTP(TTP):
             expected_result=expected_result
         )
         self.scenarios = business_scenarios
-    
+
     def get_payloads(self) -> Generator[Any, None, None]:
         for scenario in self.scenarios:
             yield scenario
-    
+
     def execute_step(self, driver, payload):
         # Implement your specific business logic testing
         # This could involve API calls, database interactions, etc.
         pass
-    
+
     def verify_result(self, driver) -> bool:
         # Verify the business logic behaved correctly
         return self.check_business_rules(driver)
 
 class CustomWorkflowAction(Action):
     """Custom action for specific workflow steps."""
-    
+
     def __init__(self, workflow_step: str, parameters: dict):
         super().__init__(f"Custom {workflow_step}", f"Execute {workflow_step}")
         self.workflow_step = workflow_step
         self.parameters = parameters
-    
+
     def execute(self, driver, context):
         # Implement custom workflow logic
         return self.perform_workflow_step(driver, context)
@@ -500,12 +589,12 @@ ecommerce_suite = [
     payment_security_test,      # Test payment form security
     user_data_protection_test,  # Test PII protection
     session_management_test,    # Test session security
-    
+
     # Load testing
     product_catalog_load_test,  # High-traffic product browsing
     checkout_process_load_test, # Concurrent checkout processes
     search_functionality_test,  # Search under load
-    
+
     # Workflow testing
     complete_purchase_journey,  # End-to-end purchase flow
     return_process_journey,     # Product return workflow
@@ -578,30 +667,30 @@ def analyze_test_results(orchestration_result):
     print("="*60)
     print("COMPREHENSIVE TEST ANALYSIS")
     print("="*60)
-    
+
     print(f"Total Executions: {orchestration_result.total_executions}")
     print(f"Success Rate: {orchestration_result.success_rate:.1f}%")
     print(f"Average Execution Time: {orchestration_result.average_execution_time:.2f}s")
-    
+
     # Performance metrics
     if orchestration_result.metadata.get('performance_stats'):
         stats = orchestration_result.metadata['performance_stats']
         print(f"Peak Response Time: {stats.get('peak_response_time', 'N/A')}")
         print(f"95th Percentile: {stats.get('p95_response_time', 'N/A')}")
-    
+
     # Geographic distribution (if applicable)
     if orchestration_result.metadata.get('distribution_stats'):
         dist = orchestration_result.metadata['distribution_stats']
         print("Geographic Distribution:")
         for location, count in dist.get('location_usage', {}).items():
             print(f"  {location}: {count} executions")
-    
+
     # Error analysis
     if orchestration_result.errors:
         print(f"\nErrors Encountered: {len(orchestration_result.errors)}")
         for i, error in enumerate(orchestration_result.errors[:5], 1):
             print(f"  {i}. {error}")
-    
+
     print("="*60)
 
 # Use with any orchestration result

{scythe_ttp-0.10.0 → scythe_ttp-0.12.1}/README.md

@@ -49,6 +49,7 @@ Scythe operates on the principle that robust systems must be tested under advers
 ### 📊 **Professional Reporting**
 * **Clear Result Indicators**: ✓ Expected outcomes, ✗ Unexpected results
 * **Comprehensive Logging**: Detailed execution tracking and analysis
+* **Version Detection**: Automatic extraction of X-SCYTHE-TARGET-VERSION headers
 * **Performance Metrics**: Timing, success rates, and resource utilization
 * **Execution Statistics**: Detailed reporting across all test types
 
@@ -121,6 +122,26 @@ file_upload_ttp = FileUploadTTP(
 
 ### Installation
 
+#### If you would like to use as a library:
+
+setup the virtual environment
+```bash
+python3 -m venv venv
+
+# source the venv
+# bash,zsh: source venv/bin/activate
+# fish: source venv/bin/activate.fish
+```
+
+install the package
+```bash
+# in an activated venv
+
+pip3 install scythe-ttp
+```
+
+#### If you would like like to contribute:
+
 1. Clone the repository:
    ```bash
    git clone https://github.com/EpykLab/scythe.git
@@ -396,6 +417,74 @@ executor = TTPExecutor(
 )
 ```
 
+### Version Detection
+
+Scythe automatically captures the `X-SCYTHE-TARGET-VERSION` header from HTTP responses to track which version of your web application is being tested:
+
+```python
+from scythe.core.ttp import TTP
+from scythe.core.executor import TTPExecutor
+
+# Your web application should set this header:
+# X-SCYTHE-TARGET-VERSION: 1.3.2
+
+class MyTTP(TTP):
+    def get_payloads(self):
+        yield "test_payload"
+
+    def execute_step(self, driver, payload):
+        driver.get("http://your-app.com/login")
+        # ... test logic ...
+
+    def verify_result(self, driver):
+        return "welcome" in driver.page_source
+
+# Run the test
+ttp = MyTTP("Version Test", "Test with version detection")
+executor = TTPExecutor(ttp=ttp, target_url="http://your-app.com")
+executor.run()
+```
+
+**Output includes version information:**
+```
+✓ EXPECTED SUCCESS: 'test_payload' | Version: 1.3.2
+Target Version Summary:
+  Results with version info: 1/1
+  Version 1.3.2: 1 result(s)
+```
+
+**Server-side implementation examples:**
+```python
+# Python/Flask
+@app.after_request
+def add_version_header(response):
+    response.headers['X-SCYTHE-TARGET-VERSION'] = '1.3.2'
+    return response
+
+# Node.js/Express
+app.use((req, res, next) => {
+    res.set('X-SCYTHE-TARGET-VERSION', '1.3.2');
+    next();
+});
+
+# Java/Spring Boot
+@Component
+public class VersionHeaderFilter implements Filter {
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        httpResponse.setHeader("X-SCYTHE-TARGET-VERSION", "1.3.2");
+        chain.doFilter(request, response);
+    }
+}
+```
+
+This feature helps you:
+- **Track test results** by application version
+- **Verify deployment status** during testing
+- **Correlate issues** with specific software versions
+- **Ensure consistency** across test environments
+
 ### Custom Test Creation
 
 Extend Scythe for specific testing needs:
@@ -407,7 +496,7 @@ from typing import Generator, Any
 
 class CustomBusinessLogicTTP(TTP):
     """Test specific business logic under adverse conditions."""
-    
+
     def __init__(self, business_scenarios: list, expected_result: bool = True):
         super().__init__(
             name="Business Logic Test",
@@ -415,28 +504,28 @@ class CustomBusinessLogicTTP(TTP):
             expected_result=expected_result
         )
         self.scenarios = business_scenarios
-    
+
     def get_payloads(self) -> Generator[Any, None, None]:
         for scenario in self.scenarios:
             yield scenario
-    
+
     def execute_step(self, driver, payload):
         # Implement your specific business logic testing
         # This could involve API calls, database interactions, etc.
         pass
-    
+
     def verify_result(self, driver) -> bool:
         # Verify the business logic behaved correctly
         return self.check_business_rules(driver)
 
 class CustomWorkflowAction(Action):
     """Custom action for specific workflow steps."""
-    
+
     def __init__(self, workflow_step: str, parameters: dict):
         super().__init__(f"Custom {workflow_step}", f"Execute {workflow_step}")
         self.workflow_step = workflow_step
         self.parameters = parameters
-    
+
     def execute(self, driver, context):
         # Implement custom workflow logic
         return self.perform_workflow_step(driver, context)
@@ -453,12 +542,12 @@ ecommerce_suite = [
     payment_security_test,      # Test payment form security
     user_data_protection_test,  # Test PII protection
     session_management_test,    # Test session security
-    
+
     # Load testing
     product_catalog_load_test,  # High-traffic product browsing
     checkout_process_load_test, # Concurrent checkout processes
     search_functionality_test,  # Search under load
-    
+
     # Workflow testing
     complete_purchase_journey,  # End-to-end purchase flow
     return_process_journey,     # Product return workflow
@@ -531,30 +620,30 @@ def analyze_test_results(orchestration_result):
     print("="*60)
     print("COMPREHENSIVE TEST ANALYSIS")
     print("="*60)
-    
+
     print(f"Total Executions: {orchestration_result.total_executions}")
     print(f"Success Rate: {orchestration_result.success_rate:.1f}%")
     print(f"Average Execution Time: {orchestration_result.average_execution_time:.2f}s")
-    
+
     # Performance metrics
     if orchestration_result.metadata.get('performance_stats'):
         stats = orchestration_result.metadata['performance_stats']
         print(f"Peak Response Time: {stats.get('peak_response_time', 'N/A')}")
         print(f"95th Percentile: {stats.get('p95_response_time', 'N/A')}")
-    
+
     # Geographic distribution (if applicable)
     if orchestration_result.metadata.get('distribution_stats'):
         dist = orchestration_result.metadata['distribution_stats']
         print("Geographic Distribution:")
         for location, count in dist.get('location_usage', {}).items():
             print(f"  {location}: {count} executions")
-    
+
     # Error analysis
     if orchestration_result.errors:
         print(f"\nErrors Encountered: {len(orchestration_result.errors)}")
         for i, error in enumerate(orchestration_result.errors[:5], 1):
             print(f"  {i}. {error}")
-    
+
     print("="*60)
 
 # Use with any orchestration result
@@ -655,4 +744,4 @@ This architecture supports testing scenarios from simple security checks to comp
 
 ---
 
-**Scythe**: Comprehensive adverse conditions testing for robust, reliable systems.
+**Scythe**: Comprehensive adverse conditions testing for robust, reliable systems.

scythe_ttp-0.12.1/VERSION

@@ -0,0 +1 @@
+0.12.2

{scythe_ttp-0.10.0 → scythe_ttp-0.12.1}/scythe/core/executor.py

@@ -5,6 +5,7 @@ from selenium.webdriver.chrome.options import Options
 from .ttp import TTP
 from typing import Optional
 from ..behaviors.base import Behavior
+from .headers import HeaderExtractor
 
 # Configure logging
 logging.basicConfig(
@@ -33,8 +34,12 @@ class TTPExecutor:
         self.chrome_options.add_argument("--no-sandbox")
         self.chrome_options.add_argument("--disable-dev-shm-usage")
 
+        # Enable header extraction capabilities
+        HeaderExtractor.enable_logging_for_driver(self.chrome_options)
+
         self.driver = None
         self.results = []
+        self.header_extractor = HeaderExtractor()
 
     def _setup_driver(self):
         """Initializes the WebDriver."""
@@ -108,13 +113,27 @@ class TTPExecutor:
                     if success:
                         consecutive_failures = 0
                         current_url = self.driver.current_url if self.driver else "unknown"
-                        result_entry = {'payload': payload, 'url': current_url, 'expected': self.ttp.expected_result, 'actual': True}
+                        
+                        # Extract target version header
+                        target_version = None
+                        if self.driver:
+                            target_version = self.header_extractor.extract_target_version(self.driver, self.target_url)
+                        
+                        result_entry = {
+                            'payload': payload, 
+                            'url': current_url, 
+                            'expected': self.ttp.expected_result, 
+                            'actual': True,
+                            'target_version': target_version
+                        }
                         self.results.append(result_entry)
                         
                         if self.ttp.expected_result:
-                            self.logger.info(f"EXPECTED SUCCESS: '{payload}'")
+                            version_info = f" | Version: {target_version}" if target_version else ""
+                            self.logger.info(f"EXPECTED SUCCESS: '{payload}'{version_info}")
                         else:
-                            self.logger.warning(f"UNEXPECTED SUCCESS: '{payload}' (expected to fail)")
+                            version_info = f" | Version: {target_version}" if target_version else ""
+                            self.logger.warning(f"UNEXPECTED SUCCESS: '{payload}' (expected to fail){version_info}")
                     else:
                         consecutive_failures += 1
                         if self.ttp.expected_result:
@@ -168,12 +187,26 @@ class TTPExecutor:
             if expected_successes:
                 self.logger.info(f"Expected successes: {len(expected_successes)}")
                 for result in expected_successes:
-                    self.logger.info(f"  ✓ Payload: {result['payload']} | URL: {result['url']}")
+                    version_info = f" | Version: {result['target_version']}" if result.get('target_version') else ""
+                    self.logger.info(f"  ✓ Payload: {result['payload']} | URL: {result['url']}{version_info}")
             
             if unexpected_successes:
                 self.logger.warning(f"Unexpected successes: {len(unexpected_successes)}")
                 for result in unexpected_successes:
-                    self.logger.warning(f"  ✗ Payload: {result['payload']} | URL: {result['url']}")
+                    version_info = f" | Version: {result['target_version']}" if result.get('target_version') else ""
+                    self.logger.warning(f"  ✗ Payload: {result['payload']} | URL: {result['url']}{version_info}")
+            
+            # Display version summary
+            version_summary = self.header_extractor.get_version_summary(self.results)
+            if version_summary['results_with_version'] > 0:
+                self.logger.info("\nTarget Version Summary:")
+                self.logger.info(f"  Results with version info: {version_summary['results_with_version']}/{version_summary['total_results']}")
+                if version_summary['unique_versions']:
+                    for version in version_summary['unique_versions']:
+                        count = version_summary['version_counts'][version]
+                        self.logger.info(f"  Version {version}: {count} result(s)")
+            else:
+                self.logger.info("\nNo X-SCYTHE-TARGET-VERSION headers detected in responses.")
         else:
             if self.ttp.expected_result:
                 self.logger.info("No successes detected (expected to find vulnerabilities).")