scythe-ttp 0.12.1__py3-none-any.whl → 0.13.0__py3-none-any.whl

scythe/auth/__init__.py

@@ -8,9 +8,11 @@ authenticate before executing their main functionality.
 from .base import Authentication
 from .bearer import BearerTokenAuth
 from .basic import BasicAuth
+from .cookie_jwt import CookieJWTAuth
 
 __all__ = [
     'Authentication',
     'BearerTokenAuth', 
-    'BasicAuth'
+    'BasicAuth',
+    'CookieJWTAuth',
 ]

scythe/auth/base.py

@@ -80,6 +80,15 @@ class Authentication(ABC):
         """
         return {}
     
+    def get_auth_cookies(self) -> Dict[str, str]:
+        """
+        Get authentication cookies that should be set for API requests.
+        
+        Returns:
+            Dictionary mapping cookie name to cookie value.
+        """
+        return {}
+    
     def store_auth_data(self, key: str, value: Any) -> None:
         """
         Store authentication-related data.

scythe/auth/cookie_jwt.py

@@ -0,0 +1,172 @@
+from __future__ import annotations
+
+import time
+from typing import Dict, Optional, Any
+from urllib.parse import urlparse
+
+try:
+    import requests  # type: ignore
+except Exception:  # pragma: no cover - tests may run without requests installed
+    requests = None  # type: ignore
+from selenium.webdriver.remote.webdriver import WebDriver
+
+from .base import Authentication, AuthenticationError
+
+
+def _extract_by_dot_path(data: Any, path: str) -> Optional[Any]:
+    """
+    Extract a value from a nested dict/list structure using a simple dot path.
+    Supports numeric indices for lists, e.g., "data.items.0.token".
+    """
+    if not path:
+        return None
+    parts = path.split(".")
+    current: Any = data
+    for part in parts:
+        if isinstance(current, dict):
+            if part in current:
+                current = current[part]
+            else:
+                return None
+        elif isinstance(current, list):
+            try:
+                idx = int(part)
+            except ValueError:
+                return None
+            if idx < 0 or idx >= len(current):
+                return None
+            current = current[idx]
+        else:
+            return None
+    return current
+
+
+class CookieJWTAuth(Authentication):
+    """
+    Hybrid authentication where a JWT is acquired from an API login response and
+    then used as a cookie for subsequent requests. Useful when the target server
+    expects a cookie (e.g., "stellarbridge") instead of Authorization headers.
+    
+    Behavior:
+    - In API mode: JourneyExecutor will call get_auth_cookies(); this class will
+      perform a POST to login_url (if token not cached), parse JSON, extract the
+      token via jwt_json_path, and return {cookie_name: token}.
+    - In UI mode: authenticate() will ensure the browser has the cookie set for
+      the target domain.
+    """
+
+    def __init__(self,
+                 login_url: str,
+                 username: Optional[str] = None,
+                 password: Optional[str] = None,
+                 username_field: str = "email",
+                 password_field: str = "password",
+                 extra_fields: Optional[Dict[str, Any]] = None,
+                 jwt_json_path: str = "token",
+                 cookie_name: str = "stellarbridge",
+                 session: Optional[requests.Session] = None,
+                 description: str = "Authenticate via API and set JWT cookie"):
+        super().__init__(
+            name="Cookie JWT Authentication",
+            description=description
+        )
+        self.login_url = login_url
+        self.username = username
+        self.password = password
+        self.username_field = username_field
+        self.password_field = password_field
+        self.extra_fields = extra_fields or {}
+        self.jwt_json_path = jwt_json_path
+        self.cookie_name = cookie_name
+        # Avoid importing requests in test environments; allow injected session
+        self._session = session or (requests.Session() if requests is not None else None)
+        self.token: Optional[str] = None
+
+    def _login_and_get_token(self) -> str:
+        payload: Dict[str, Any] = dict(self.extra_fields)
+        if self.username is not None:
+            payload[self.username_field] = self.username
+        if self.password is not None:
+            payload[self.password_field] = self.password
+        try:
+            resp = self._session.post(self.login_url, json=payload, timeout=15)
+            # try json; raise on non-2xx to surface errors
+            resp.raise_for_status()
+            data = resp.json()
+        except Exception as e:
+            raise AuthenticationError(f"Login request failed: {e}", self.name)
+        token = _extract_by_dot_path(data, self.jwt_json_path)
+        if not token or not isinstance(token, str):
+            raise AuthenticationError(
+                f"JWT not found at path '{self.jwt_json_path}' in login response",
+                self.name,
+            )
+        self.token = token
+        self.store_auth_data('jwt', token)
+        self.store_auth_data('login_time', time.time())
+        return token
+
+    def get_auth_cookies(self) -> Dict[str, str]:
+        """
+        Return cookie mapping for API mode. Will perform login if token absent.
+        """
+        if not self.token:
+            self._login_and_get_token()
+        if not self.token:
+            return {}
+        return {self.cookie_name: self.token}
+
+    def get_auth_headers(self) -> Dict[str, str]:
+        """
+        For this hybrid approach, we typically do not use auth headers.
+        """
+        return {}
+
+    def authenticate(self, driver: WebDriver, target_url: str) -> bool:
+        """
+        UI path: ensure the cookie exists on the browser for the target domain.
+        Will perform the API login if token not yet acquired.
+        """
+        try:
+            if not self.token:
+                self._login_and_get_token()
+            if not self.token:
+                return False
+            # Navigate to the target domain base so cookie domain matches
+            parsed = urlparse(target_url)
+            base = f"{parsed.scheme}://{parsed.netloc}"
+            try:
+                driver.get(base)
+            except Exception:
+                pass
+            cookie_dict = {
+                'name': self.cookie_name,
+                'value': self.token,
+                'path': '/',
+            }
+            # If domain available, set explicitly to be safe
+            if parsed.netloc:
+                cookie_dict['domain'] = parsed.hostname or parsed.netloc
+            driver.add_cookie(cookie_dict)
+            self.authenticated = True
+            return True
+        except Exception as e:
+            raise AuthenticationError(f"Cookie auth failed: {e}", self.name)
+
+    def is_authenticated(self, driver: WebDriver) -> bool:
+        return self.authenticated and self.token is not None
+
+    def logout(self, driver: WebDriver) -> bool:
+        try:
+            self.token = None
+            self.authenticated = False
+            self.clear_auth_data()
+            # Best-effort cookie removal
+            try:
+                driver.delete_cookie(self.cookie_name)
+            except Exception:
+                pass
+            super().logout(driver)
+            return True
+        except Exception:
+            return False

scythe/core/headers.py

@@ -1,5 +1,6 @@
 import json
 import logging
+import requests
 from typing import Optional, Dict, Any
 from selenium.webdriver.remote.webdriver import WebDriver
 from selenium.webdriver.chrome.options import Options
@@ -33,6 +34,157 @@ class HeaderExtractor:
         chrome_options.add_argument("--log-level=0")
         chrome_options.set_capability("goog:loggingPrefs", {"performance": "ALL"})
 
+    def banner_grab(self, url: str, timeout: int = 10, method: str = "HEAD") -> Optional[str]:
+        """
+        Perform a simple HTTP request to extract the X-SCYTHE-TARGET-VERSION header.
+        
+        This is a more reliable alternative to Selenium's performance logging
+        for cases where you just need to grab headers.
+        
+        Args:
+            url: URL to make the request to
+            timeout: Request timeout in seconds
+            method: HTTP method to use ("HEAD" or "GET")
+            
+        Returns:
+            Version string if header found, None otherwise
+        """
+        try:
+            self.logger.debug(f"Making {method} request to {url} for header extraction")
+            
+            # Use HEAD by default for efficiency, fallback to GET if needed
+            if method.upper() == "HEAD":
+                response = requests.head(url, timeout=timeout, allow_redirects=True)
+            else:
+                response = requests.get(url, timeout=timeout, allow_redirects=True)
+            
+            # Check if request was successful
+            response.raise_for_status()
+            
+            # Look for the version header (case-insensitive)
+            version = self._find_version_header(dict(response.headers))
+            if version:
+                self.logger.debug(f"Found target version '{version}' via {method} request to {url}")
+                return version
+            else:
+                self.logger.debug(f"No X-SCYTHE-TARGET-VERSION header found in response from {url}")
+                return None
+                
+        except requests.exceptions.RequestException as e:
+            self.logger.warning(f"Failed to make {method} request to {url}: {e}")
+            return None
+        except Exception as e:
+            self.logger.warning(f"Unexpected error during banner grab: {e}")
+            return None
+
+    def get_all_headers_via_request(self, url: str, timeout: int = 10, method: str = "HEAD") -> Dict[str, str]:
+        """
+        Get all headers from a simple HTTP request.
+        
+        Args:
+            url: URL to make the request to
+            timeout: Request timeout in seconds
+            method: HTTP method to use ("HEAD" or "GET")
+            
+        Returns:
+            Dictionary of all response headers
+        """
+        try:
+            self.logger.debug(f"Making {method} request to {url} for all headers")
+            
+            if method.upper() == "HEAD":
+                response = requests.head(url, timeout=timeout, allow_redirects=True)
+            else:
+                response = requests.get(url, timeout=timeout, allow_redirects=True)
+                
+            response.raise_for_status()
+            
+            # Convert headers to regular dict with string values
+            return {k: str(v) for k, v in response.headers.items()}
+            
+        except requests.exceptions.RequestException as e:
+            self.logger.warning(f"Failed to get headers from {url}: {e}")
+            return {}
+        except Exception as e:
+            self.logger.warning(f"Unexpected error getting headers: {e}")
+            return {}
+
+    def debug_headers(self, url: str, timeout: int = 10) -> None:
+        """
+        Debug method to print all headers received from a URL.
+        
+        This is useful for troubleshooting when headers aren't being detected properly.
+        It will show you exactly what headers the server is sending.
+        
+        Args:
+            url: URL to make the request to
+            timeout: Request timeout in seconds
+        """
+        print(f"\n{'='*60}")
+        print(f"DEBUG: Header dump for {url}")
+        print(f"{'='*60}")
+        
+        try:
+            # Try HEAD request first
+            print("\n--- HEAD Request ---")
+            response = requests.head(url, timeout=timeout, allow_redirects=True)
+            print(f"Status Code: {response.status_code}")
+            print(f"Headers ({len(response.headers)} total):")
+            
+            for name, value in response.headers.items():
+                print(f"  {name}: {value}")
+                if "scythe" in name.lower() or "version" in name.lower():
+                    print("    *** POTENTIAL VERSION HEADER ***")
+            
+            # Try GET request
+            print("\n--- GET Request ---")
+            response = requests.get(url, timeout=timeout, allow_redirects=True)
+            print(f"Status Code: {response.status_code}")
+            print(f"Headers ({len(response.headers)} total):")
+            
+            for name, value in response.headers.items():
+                print(f"  {name}: {value}")
+                if "scythe" in name.lower() or "version" in name.lower():
+                    print("    *** POTENTIAL VERSION HEADER ***")
+            
+            # Check specifically for the target header
+            version = self._find_version_header(dict(response.headers))
+            print(f"\nTarget version extraction result: {version}")
+            
+        except Exception as e:
+            print(f"ERROR: Failed to debug headers: {e}")
+        
+        print(f"{'='*60}\n")
+
+    def extract_target_version_hybrid(self, driver: WebDriver, target_url: Optional[str] = None) -> Optional[str]:
+        """
+        Hybrid approach: Try banner grab first, then fall back to Selenium performance logs.
+        
+        This method attempts to get the version header using a simple HTTP request first,
+        which is more reliable than Selenium's performance logging. If that fails or no
+        target_url is provided, it falls back to the Selenium-based extraction.
+        
+        Args:
+            driver: WebDriver instance
+            target_url: URL to check (required for banner grab method)
+            
+        Returns:
+            Version string if header found, None otherwise
+        """
+        # Try banner grab first if we have a target URL
+        if target_url:
+            self.logger.debug("Attempting banner grab method first")
+            version = self.banner_grab(target_url)
+            if version:
+                self.logger.debug(f"Successfully extracted version '{version}' via banner grab")
+                return version
+            else:
+                self.logger.debug("Banner grab failed, falling back to Selenium performance logs")
+        
+        # Fall back to Selenium performance logs
+        self.logger.debug("Using Selenium performance logs method")
+        return self.extract_target_version(driver, target_url)
+
     def extract_target_version(self, driver: WebDriver, target_url: Optional[str] = None) -> Optional[str]:
         """
         Extract the X-SCYTHE-TARGET-VERSION header from the most recent HTTP response.

scythe/journeys/__init__.py

@@ -7,7 +7,7 @@ or other custom actions like navigation, form filling, etc.
 """
 
 from .base import Journey, Step, Action
-from .actions import NavigateAction, ClickAction, FillFormAction, WaitAction, TTPAction
+from .actions import NavigateAction, ClickAction, FillFormAction, WaitAction, TTPAction, ApiRequestAction
 from .executor import JourneyExecutor
 
 __all__ = [
@@ -19,5 +19,6 @@ __all__ = [
     'FillFormAction', 
     'WaitAction',
     'TTPAction',
+    'ApiRequestAction',
     'JourneyExecutor'
 ]

scythe/journeys/actions.py

@@ -5,6 +5,7 @@ from selenium.webdriver.common.by import By
 from selenium.webdriver.support.ui import WebDriverWait
 from selenium.webdriver.support import expected_conditions as EC
 from selenium.common.exceptions import TimeoutException, NoSuchElementException
+import requests
 
 from .base import Action
 from ..core.ttp import TTP
@@ -643,4 +644,126 @@ class AssertAction(Action):
         by_method = selector_map.get(self.selector_type)
         if by_method is None:
             raise ValueError(f"Unsupported selector type: {self.selector_type}")
-        return by_method
+        return by_method
+
+class ApiRequestAction(Action):
+    """Action to perform a REST API request in Journey API mode.
+    
+    This action ignores the WebDriver and uses a requests.Session provided
+    in the journey context under the key 'requests_session'. It merges any
+    'auth_headers' from the context into the request headers.
+    Optionally, it can validate and parse the JSON response using a Pydantic
+    model class when provided.
+    """
+    def __init__(self,
+                 method: str,
+                 url: str,
+                 params: Optional[Dict[str, Any]] = None,
+                 body_json: Optional[Dict[str, Any]] = None,
+                 data: Optional[Dict[str, Any]] = None,
+                 headers: Optional[Dict[str, str]] = None,
+                 expected_status: Optional[int] = 200,
+                 timeout: float = 10.0,
+                 name: Optional[str] = None,
+                 description: Optional[str] = None,
+                 expected_result: bool = True,
+                 response_model: Optional[Any] = None,
+                 response_model_context_key: Optional[str] = None,
+                 fail_on_validation_error: bool = False):
+        self.method = method.upper()
+        self.url = url
+        self.params = params or {}
+        self.body_json = body_json
+        self.data = data
+        self.headers = headers or {}
+        self.expected_status = expected_status
+        self.timeout = timeout
+        self.response_model = response_model
+        self.response_model_context_key = response_model_context_key
+        self.fail_on_validation_error = fail_on_validation_error
+        name = name or f"API {self.method} {url}"
+        description = description or f"Perform {self.method} request to {url}"
+        super().__init__(name, description, expected_result)
+
+    def execute(self, driver: WebDriver, context: Dict[str, Any]) -> bool:
+        # Resolve session
+        session = context.get('requests_session')
+        if session is None:
+            session = requests.Session()
+            context['requests_session'] = session
+        
+        # Build headers: auth headers from context + action headers (action overrides)
+        final_headers = {}
+        auth_headers = context.get('auth_headers', {}) or {}
+        if auth_headers:
+            final_headers.update(auth_headers)
+        if self.headers:
+            final_headers.update(self.headers)
+        
+        # Resolve URL: absolute or join with target_url from context
+        from urllib.parse import urljoin
+        base_url = context.get('target_url') or ''
+        resolved_url = self.url if self.url.lower().startswith('http') else urljoin(base_url, self.url)
+        
+        try:
+            response = session.request(
+                self.method,
+                resolved_url,
+                params=self.params or None,
+                json=self.body_json,
+                data=self.data,
+                headers=final_headers or None,
+                timeout=self.timeout,
+            )
+            
+            # Store details
+            self.store_result('url', resolved_url)
+            self.store_result('request_headers', final_headers)
+            self.store_result('status_code', getattr(response, 'status_code', None))
+            response_headers = dict(getattr(response, 'headers', {}) or {})
+            self.store_result('response_headers', response_headers)
+            # Publish to context for downstream version extraction
+            context['last_response_headers'] = response_headers
+            context['last_response_url'] = resolved_url
+            # Try JSON, fallback to text
+            body = None
+            parsed_model = None
+            validation_error = None
+            try:
+                body = response.json()
+                self.store_result('response_json', body)
+                # If a response_model is provided, attempt validation/parsing
+                if self.response_model is not None:
+                    try:
+                        # Pydantic v2 preferred: model_validate
+                        if hasattr(self.response_model, 'model_validate'):
+                            parsed_model = self.response_model.model_validate(body)
+                        else:
+                            # Pydantic v1 fallback
+                            parsed_model = self.response_model.parse_obj(body)
+                        self.store_result('response_model_instance', parsed_model)
+                        # Save into context for downstream actions
+                        key = self.response_model_context_key or 'last_response_model'
+                        context[key] = parsed_model
+                    except Exception as ve:
+                        validation_error = str(ve)
+                        self.store_result('response_validation_error', validation_error)
+            except Exception:
+                text = getattr(response, 'text', '')
+                # Limit stored text to keep logs light
+                self.store_result('response_text', text if text is None or len(text) <= 2000 else text[:2000])
+            
+            # Determine success (status-based by default)
+            if self.expected_status is not None:
+                http_ok = (getattr(response, 'status_code', None) == self.expected_status)
+            else:
+                http_ok = bool(getattr(response, 'ok', False))
+            
+            # Optionally fail on validation error
+            if self.response_model is not None and self.fail_on_validation_error and self.get_result('response_validation_error'):
+                return False if http_ok else False
+            
+            return http_ok
+        except Exception as e:
+            self.store_result('error', str(e))
+            return False

scythe/journeys/base.py

@@ -311,12 +311,45 @@ class Journey:
             if self.requires_authentication():
                 auth_name = self.authentication.name if self.authentication else "Unknown"
                 logger.info(f"Authentication required: {auth_name}")
-                auth_success = self.authenticate(driver, target_url)
-                if not auth_success:
-                    logger.error("Authentication failed - aborting journey")
-                    results['errors'].append("Authentication failed")
-                    return results
-                logger.info("Authentication successful")
+                if driver is None:
+                    # API mode: use header-based authentication if available
+                    headers = {}
+                    try:
+                        if self.authentication and hasattr(self.authentication, 'get_auth_headers'):
+                            headers = self.authentication.get_auth_headers() or {}
+                    except Exception as e:
+                        logger.error(f"Failed to get authentication headers: {e}")
+                        headers = {}
+                    cookies = {}
+                    if headers:
+                        # Merge into existing context headers
+                        existing = self.get_context('auth_headers', {})
+                        merged = {**existing, **headers}
+                        self.set_context('auth_headers', merged)
+                        logger.info("Authentication headers prepared for API mode")
+                    # Try to merge cookies as well (hybrid auth)
+                    try:
+                        if self.authentication and hasattr(self.authentication, 'get_auth_cookies'):
+                            cookies = self.authentication.get_auth_cookies() or {}
+                    except Exception as e:
+                        logger.error(f"Failed to get authentication cookies: {e}")
+                        cookies = {}
+                    if cookies:
+                        existing_cookies = self.get_context('auth_cookies', {})
+                        merged_cookies = {**existing_cookies, **cookies}
+                        self.set_context('auth_cookies', merged_cookies)
+                        logger.info("Authentication cookies prepared for API mode")
+                    if not headers and not cookies:
+                        logger.error("Authentication required but no headers/cookies available in API mode")
+                        results['errors'].append("Authentication failed (no API auth data)")
+                        return results
+                else:
+                    auth_success = self.authenticate(driver, target_url)
+                    if not auth_success:
+                        logger.error("Authentication failed - aborting journey")
+                        results['errors'].append("Authentication failed")
+                        return results
+                    logger.info("Authentication successful")
             
             # Execute each step
             for i, step in enumerate(self.steps, 1):
@@ -342,7 +375,7 @@ class Journey:
                             results['actions_failed'] += 1
                     
                     # Extract target version header after step execution
-                    target_version = header_extractor.extract_target_version(driver, target_url)
+                    target_version = header_extractor.extract_target_version_hybrid(driver, target_url)
                     if target_version:
                         results['target_versions'].append(target_version)
                         logger.info(f"Target version detected: {target_version}")

scythe/journeys/executor.py

@@ -3,6 +3,7 @@ import logging
 from selenium import webdriver
 from selenium.webdriver.chrome.options import Options
 from typing import Optional, Dict, Any, List
+import requests
 from ..behaviors.base import Behavior
 from .base import Journey
 from ..core.headers import HeaderExtractor
@@ -24,6 +25,10 @@ class JourneyExecutor:
     
     Similar to TTPExecutor but designed for complex multi-step scenarios
     involving journeys composed of steps and actions.
+    
+    Supports two interaction modes:
+      - UI: browser-driven via Selenium (default, backward-compatible)
+      - API: REST-driven via requests without starting a browser
     """
     
     def __init__(self, 
@@ -31,7 +36,8 @@ class JourneyExecutor:
                  target_url: str, 
                  headless: bool = True, 
                  behavior: Optional[Behavior] = None,
-                 driver_options: Optional[Dict[str, Any]] = None):
+                 driver_options: Optional[Dict[str, Any]] = None,
+                 mode: str = "UI"):
         """
         Initialize the Journey executor.
         
@@ -45,6 +51,7 @@ class JourneyExecutor:
         self.journey = journey
         self.target_url = target_url
         self.behavior = behavior
+        self.mode = (mode or "UI").upper()
         self.logger = logging.getLogger(f"Journey.{self.journey.name}")
         
         # Setup Chrome options
@@ -108,29 +115,62 @@ class JourneyExecutor:
             self.logger.info(f"Using behavior: {self.behavior.name}")
             self.logger.info(f"Behavior description: {self.behavior.description}")
         
-        self._setup_driver()
-        
         try:
-            # Pre-execution behavior setup
-            if self.behavior and self.driver:
-                self.behavior.pre_execution(self.driver, self.target_url)
-            
-            # Execute the journey
-            if self.driver:
-                self.execution_results = self.journey.execute(self.driver, self.target_url)
+            if self.mode == 'API':
+                # API mode: no WebDriver, prepare requests session and context
+                session = requests.Session()
+                auth_headers = {}
+                auth_cookies = {}
+                if getattr(self.journey, 'authentication', None):
+                    # Try to obtain headers/cookies directly (no browser flow)
+                    try:
+                        auth_headers = self.journey.authentication.get_auth_headers() or {}
+                    except Exception as e:
+                        self.logger.warning(f"Failed to get auth headers from authentication: {e}")
+                    try:
+                        if hasattr(self.journey.authentication, 'get_auth_cookies'):
+                            auth_cookies = self.journey.authentication.get_auth_cookies() or {}
+                    except Exception as e:
+                        self.logger.warning(f"Failed to get auth cookies from authentication: {e}")
+                if auth_headers:
+                    session.headers.update(auth_headers)
+                if auth_cookies:
+                    for ck, cv in auth_cookies.items():
+                        try:
+                            session.cookies.set(ck, cv)
+                        except Exception:
+                            pass
+                
+                # Seed journey context for API actions
+                self.journey.set_context('mode', 'API')
+                self.journey.set_context('requests_session', session)
+                self.journey.set_context('auth_headers', auth_headers)
+                self.journey.set_context('auth_cookies', auth_cookies)
+                
+                # Execute journey with a None driver (API actions ignore driver)
+                self.execution_results = self.journey.execute(None, self.target_url)
             else:
-                raise RuntimeError("WebDriver not initialized")
-            
-            # Apply behavior timing between steps if configured
-            if self.behavior:
-                # Let behavior influence the journey execution
-                self._apply_behavior_to_journey()
-            
-            # Post-execution behavior cleanup
-            if self.behavior and self.driver:
-                # Convert journey results to format expected by behavior
-                behavior_results = self._convert_results_for_behavior()
-                self.behavior.post_execution(self.driver, behavior_results)
+                # UI mode (default)
+                self._setup_driver()
+                
+                # Pre-execution behavior setup
+                if self.behavior and self.driver:
+                    self.behavior.pre_execution(self.driver, self.target_url)
+                
+                # Execute the journey
+                if self.driver:
+                    self.execution_results = self.journey.execute(self.driver, self.target_url)
+                else:
+                    raise RuntimeError("WebDriver not initialized")
+                
+                # Apply behavior timing between steps if configured
+                if self.behavior:
+                    self._apply_behavior_to_journey()
+                
+                # Post-execution behavior cleanup
+                if self.behavior and self.driver:
+                    behavior_results = self._convert_results_for_behavior()
+                    self.behavior.post_execution(self.driver, behavior_results)
         
         except KeyboardInterrupt:
             self.logger.info("Journey interrupted by user.")
@@ -143,6 +183,7 @@ class JourneyExecutor:
                 self.execution_results = self._create_error_results(str(e))
         
         finally:
+            # Cleanup and print summary (driver quit only if initialized)
             self._cleanup()
         
         return self.execution_results

scythe/ttps/web/uuid_guessing.py

@@ -5,6 +5,7 @@ from ...payloads.generators import PayloadGenerator
 import requests
 from uuid import UUID
 
+
 class GuessUUIDInURL(TTP):
     def __init__(self,
                  target_url: str,
@@ -18,10 +19,10 @@ class GuessUUIDInURL(TTP):
             description="simulate bruteforcing UUID's in the URL path",
             expected_result=expected_result,
             authentication=authentication)
-        
+
         self.target_url = target_url
         self.uri_root_path = uri_root_path
-        self.payload_generator = payload_generator   
+        self.payload_generator = payload_generator
 
     def get_payloads(self):
         yield from self.payload_generator()

{scythe_ttp-0.12.1.dist-info → scythe_ttp-0.13.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.12.1
+Version: 0.13.0
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
 Home-page: https://github.com/EpykLab/scythe
 Author: EpykLab
@@ -23,6 +23,8 @@ Requires-Dist: h11==0.16.0
 Requires-Dist: idna==3.10
 Requires-Dist: outcome==1.3.0.post0
 Requires-Dist: PySocks==1.7.1
+Requires-Dist: pydantic==2.7.1
+Requires-Dist: pydantic-core==2.18.2
 Requires-Dist: requests==2.32.4
 Requires-Dist: selenium==4.34.0
 Requires-Dist: setuptools==80.9.0

{scythe_ttp-0.12.1.dist-info → scythe_ttp-0.13.0.dist-info}/RECORD

@@ -1,8 +1,9 @@
 scythe/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-scythe/auth/__init__.py,sha256=OoAzMnvkTHYG3RRptt_Z79Dsi0sz6lhR6M1W9bF950k,360
-scythe/auth/base.py,sha256=qNQgue4Jeu4U5r6RKYVTYi4BktlIp0IvdKbVyB-vVUE,3552
+scythe/auth/__init__.py,sha256=InEANqWEIAULFyzH9IyxWDPs_gJd3m_JYmzoaBk_37M,420
+scythe/auth/base.py,sha256=DllKaPGj0MRyRh4PQgQ2TUFgeAXjgXOT2h6zUz2ZAag,3807
 scythe/auth/basic.py,sha256=H4IG9-Y7wFe7ZQCNHmmqhre-Pp9CnBxlT23h2uvOPWo,14354
 scythe/auth/bearer.py,sha256=ngOL-sS6FcfB8XAKMR-CZbpqyySu2MaKxUl10SyBmmI,12687
+scythe/auth/cookie_jwt.py,sha256=z5Q-c594_m-dmh2Rv_4Xfeu0fXSQdlZ12Q-emtyj63g,6337
 scythe/behaviors/__init__.py,sha256=w-WRBGRgna5a1N8oHP2aXSQnkQUHyOXiujpwEVf_ZyM,291
 scythe/behaviors/base.py,sha256=INvIYKVIWzEi5w_4njOwKZ3X9IvySvqiMJnYX7_2Lns,3955
 scythe/behaviors/default.py,sha256=MDx4N-KwC23pPLGu1-ZIkGiTRNUG3Lxjbvo7SJ3UwMc,2117
@@ -11,12 +12,12 @@ scythe/behaviors/machine.py,sha256=NDMUq3mDhpCvujzAFxhn2eSVq78-J-LSBhIcvHkzKXo,4
 scythe/behaviors/stealth.py,sha256=xv7MrPQgRCdCUJyYTcXV2aasWZoAw8rAQWg-AuQVb7U,15278
 scythe/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 scythe/core/executor.py,sha256=x1w2nByVu2G70sh7t0kOh6urlrTm_r_pbk0S7v1Ov28,9736
-scythe/core/headers.py,sha256=1LznVigcyLepho4EL_Z5_EWjEcn9sJRSdHmROpf6_90,7326
+scythe/core/headers.py,sha256=lHlxAwV4xOoR9A0rHDM5k48HmLp1y03uOkXXq68vcAU,13867
 scythe/core/ttp.py,sha256=Xw9GgptYsjZ-pMLdyPv64bhiwGKobrXHdF32pjIY7OU,3102
-scythe/journeys/__init__.py,sha256=-8AIpCmkeWtQ656yU3omj_guMG4v4i1koIpD6NZhUGM,612
-scythe/journeys/actions.py,sha256=Ez6Bpzs2VHzXMl6GtPve85XxzQV09rDscmDuzSs3VBE,25229
-scythe/journeys/base.py,sha256=BWf35Ee3N9qy76Awh-r04-waUTDfLyxssvDmwYToXgY,15461
-scythe/journeys/executor.py,sha256=1D_HUzvi4Z7a5uE7QbIDWH7HTGz5DoxcQffr-05bi_0,19978
+scythe/journeys/__init__.py,sha256=Odi8NhRg7Hefmo1EJj1guakrCSPhsuus4i-_62uUUjs,654
+scythe/journeys/actions.py,sha256=seUZFlqda5QbaokoZF2CDgjKnpuL_PasQyK9eLPXwwY,31013
+scythe/journeys/base.py,sha256=K8pzIbNqI_KX5jjsr6xQIxDWY3fD4dBmR5CxvR-9Cp4,17508
+scythe/journeys/executor.py,sha256=Spv4JtHUWgJ8nZX__gSkC-cQthWvj5wrfR9Yqbr2XTA,22172
 scythe/orchestrators/__init__.py,sha256=_vemcXjKbB1jI0F2dPA0F1zNsyUekjcXImLDUDhWDN0,560
 scythe/orchestrators/base.py,sha256=YOZV0ewlzJ49H08P_LKnimutUms8NnDrQprFpSKhOeM,13595
 scythe/orchestrators/batch.py,sha256=FpK501kk-earJzz6v7dcuw2y708rTvt_IMH_5qjKdrc,26635
@@ -28,9 +29,9 @@ scythe/ttps/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 scythe/ttps/web/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 scythe/ttps/web/login_bruteforce.py,sha256=D4G8zB_nU9LD5w3Vv2ABTuOl4XTeg2BgZwYMObt4JJw,2488
 scythe/ttps/web/sql_injection.py,sha256=aWk4DFePbtFDsieOOj03Ux-5OiykyOs2_d_3SvWMOVE,2910
-scythe/ttps/web/uuid_guessing.py,sha256=WwCIQPLIixd5U2EY4bhnj7YP2AQDaPfQy7Yhj84UHy8,1245
-scythe_ttp-0.12.1.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
-scythe_ttp-0.12.1.dist-info/METADATA,sha256=hU3I4EUC7C1MdaPbNY6tSiDUSke2CXOmAMoZPVmLFfI,27741
-scythe_ttp-0.12.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scythe_ttp-0.12.1.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
-scythe_ttp-0.12.1.dist-info/RECORD,,
+scythe/ttps/web/uuid_guessing.py,sha256=JwNt_9HVynMWFPPU6UGJFcpxvMVDsvc_wAnJVtcYbps,1235
+scythe_ttp-0.13.0.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
+scythe_ttp-0.13.0.dist-info/METADATA,sha256=BWH_KWCnInk0y8PNmJPN2fxJ_7RavvhSppmoG8BtA3M,27809
+scythe_ttp-0.13.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scythe_ttp-0.13.0.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
+scythe_ttp-0.13.0.dist-info/RECORD,,