PyPI - scythe-ttp - Versions diffs - 0.12.4__py3-none-any.whl → 0.14.0__py3-none-any.whl - Mend

scythe-ttp 0.12.4py3-none-any.whl → 0.14.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of scythe-ttp might be problematic. Click here for more details.

Files changed (17) hide show

scythe/auth/__init__.py +3 -1
scythe/auth/base.py +9 -0
scythe/auth/cookie_jwt.py +172 -0
scythe/cli/__init__.py +3 -0
scythe/cli/main.py +601 -0
scythe/core/headers.py +69 -9
scythe/journeys/__init__.py +2 -1
scythe/journeys/actions.py +235 -1
scythe/journeys/base.py +161 -12
scythe/journeys/executor.py +102 -22
scythe/ttps/web/uuid_guessing.py +3 -2
{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/METADATA +84 -16
{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/RECORD +17 -13
scythe_ttp-0.14.0.dist-info/entry_points.txt +2 -0
{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/WHEEL +0 -0
{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/licenses/LICENSE +0 -0
{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/top_level.txt +0 -0

scythe/journeys/executor.py CHANGED Viewed

@@ -3,6 +3,7 @@ import logging
 from selenium import webdriver
 from selenium.webdriver.chrome.options import Options
 from typing import Optional, Dict, Any, List
+import requests
 from ..behaviors.base import Behavior
 from .base import Journey
 from ..core.headers import HeaderExtractor
@@ -24,6 +25,10 @@ class JourneyExecutor:
     Similar to TTPExecutor but designed for complex multi-step scenarios
     involving journeys composed of steps and actions.
+    Supports two interaction modes:
+      - UI: browser-driven via Selenium (default, backward-compatible)
+      - API: REST-driven via requests without starting a browser
     """
     def __init__(self,
@@ -31,7 +36,8 @@ class JourneyExecutor:
                  target_url: str,
                  headless: bool = True,
                  behavior: Optional[Behavior] = None,
-                 driver_options: Optional[Dict[str, Any]] = None):
+                 driver_options: Optional[Dict[str, Any]] = None,
+                 mode: str = "UI"):
         """
         Initialize the Journey executor.
@@ -45,6 +51,7 @@ class JourneyExecutor:
         self.journey = journey
         self.target_url = target_url
         self.behavior = behavior
+        self.mode = (mode or "UI").upper()
         self.logger = logging.getLogger(f"Journey.{self.journey.name}")
         # Setup Chrome options
@@ -108,29 +115,62 @@ class JourneyExecutor:
             self.logger.info(f"Using behavior: {self.behavior.name}")
             self.logger.info(f"Behavior description: {self.behavior.description}")
-        self._setup_driver()
         try:
-            # Pre-execution behavior setup
-            if self.behavior and self.driver:
-                self.behavior.pre_execution(self.driver, self.target_url)
-            # Execute the journey
-            if self.driver:
-                self.execution_results = self.journey.execute(self.driver, self.target_url)
+            if self.mode == 'API':
+                # API mode: no WebDriver, prepare requests session and context
+                session = requests.Session()
+                auth_headers = {}
+                auth_cookies = {}
+                if getattr(self.journey, 'authentication', None):
+                    # Try to obtain headers/cookies directly (no browser flow)
+                    try:
+                        auth_headers = self.journey.authentication.get_auth_headers() or {}
+                    except Exception as e:
+                        self.logger.warning(f"Failed to get auth headers from authentication: {e}")
+                    try:
+                        if hasattr(self.journey.authentication, 'get_auth_cookies'):
+                            auth_cookies = self.journey.authentication.get_auth_cookies() or {}
+                    except Exception as e:
+                        self.logger.warning(f"Failed to get auth cookies from authentication: {e}")
+                if auth_headers:
+                    session.headers.update(auth_headers)
+                if auth_cookies:
+                    for ck, cv in auth_cookies.items():
+                        try:
+                            session.cookies.set(ck, cv)
+                        except Exception:
+                            pass
+                # Seed journey context for API actions
+                self.journey.set_context('mode', 'API')
+                self.journey.set_context('requests_session', session)
+                self.journey.set_context('auth_headers', auth_headers)
+                self.journey.set_context('auth_cookies', auth_cookies)
+                # Execute a journey with a None driver (API actions ignore a driver)
+                self.execution_results = self.journey.execute(None, self.target_url)
             else:
-                raise RuntimeError("WebDriver not initialized")
-            # Apply behavior timing between steps if configured
-            if self.behavior:
-                # Let behavior influence the journey execution
-                self._apply_behavior_to_journey()
-            # Post-execution behavior cleanup
-            if self.behavior and self.driver:
-                # Convert journey results to format expected by behavior
-                behavior_results = self._convert_results_for_behavior()
-                self.behavior.post_execution(self.driver, behavior_results)
+                # UI mode (default)
+                self._setup_driver()
+                # Pre-execution behavior setup
+                if self.behavior and self.driver:
+                    self.behavior.pre_execution(self.driver, self.target_url)
+                # Execute the journey
+                if self.driver:
+                    self.execution_results = self.journey.execute(self.driver, self.target_url)
+                else:
+                    raise RuntimeError("WebDriver not initialized")
+                # Apply behavior timing between steps if configured
+                if self.behavior:
+                    self._apply_behavior_to_journey()
+                # Post-execution behavior cleanup
+                if self.behavior and self.driver:
+                    behavior_results = self._convert_results_for_behavior()
+                    self.behavior.post_execution(self.driver, behavior_results)
         except KeyboardInterrupt:
             self.logger.info("Journey interrupted by user.")
@@ -143,6 +183,7 @@ class JourneyExecutor:
                 self.execution_results = self._create_error_results(str(e))
         finally:
+            # Cleanup and print summary (driver quit only if initialized)
             self._cleanup()
         return self.execution_results
@@ -311,6 +352,45 @@ class JourneyExecutor:
                 self.logger.info(f"  {status} Step {i}: {step_name} - {result_text} ({expected_text}){version_info}")
                 self.logger.info(f"    Actions: {len([a for a in actions if a.get('actual', False)])}/{len(actions)} succeeded")
+                # Print diagnostic details only for unexpected outcomes
+                for a in actions:
+                    actual = a.get('actual', False)
+                    expected = a.get('expected', True)
+                    if actual != expected:
+                        prefix = "✗ Action failed" if expected else "✗ Action unexpectedly succeeded"
+                        self.logger.error(f"    {prefix}: {a.get('action_name')}")
+                        ad = a.get('details', {}) or {}
+                        method = ad.get('request_method')
+                        url = ad.get('url')
+                        status_code = ad.get('status_code')
+                        dur = ad.get('duration_ms')
+                        parts = []
+                        if method:
+                            parts.append(f"method={method}")
+                        if url:
+                            parts.append(f"url={url}")
+                        if status_code is not None:
+                            parts.append(f"status={status_code}")
+                        if dur is not None:
+                            parts.append(f"duration_ms={dur}")
+                        if parts:
+                            self.logger.error("      Details: " + ", ".join(parts))
+                        if ad.get('request_headers'):
+                            self.logger.error(f"      Request headers: {ad.get('request_headers')}")
+                        if ad.get('request_params'):
+                            self.logger.error(f"      Request params: {ad.get('request_params')}")
+                        if ad.get('request_json') is not None:
+                            self.logger.error(f"      Request JSON: {ad.get('request_json')}")
+                        if ad.get('request_data') is not None:
+                            self.logger.error(f"      Request data: {ad.get('request_data')}")
+                        if ad.get('response_headers'):
+                            self.logger.error(f"      Response headers: {ad.get('response_headers')}")
+                        if 'response_json' in ad:
+                            self.logger.error(f"      Response JSON: {ad.get('response_json')}")
+                        elif 'response_text' in ad:
+                            self.logger.error(f"      Response text: {ad.get('response_text')}")
+                        if ad.get('error'):
+                            self.logger.error(f"      Error: {ad.get('error')}")
         # Version summary
         target_versions = self.execution_results.get('target_versions', [])

scythe/ttps/web/uuid_guessing.py CHANGED Viewed

@@ -5,6 +5,7 @@ from ...payloads.generators import PayloadGenerator
 import requests
 from uuid import UUID
 class GuessUUIDInURL(TTP):
     def __init__(self,
                  target_url: str,
@@ -18,10 +19,10 @@ class GuessUUIDInURL(TTP):
             description="simulate bruteforcing UUID's in the URL path",
             expected_result=expected_result,
             authentication=authentication)
         self.target_url = target_url
         self.uri_root_path = uri_root_path
-        self.payload_generator = payload_generator
+        self.payload_generator = payload_generator
     def get_payloads(self):
         yield from self.payload_generator()

{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/METADATA RENAMED Viewed

@@ -1,10 +1,8 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.12.4
+Version: 0.14.0
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
-Home-page: https://github.com/EpykLab/scythe
-Author: EpykLab
-Author-email: cyber@epyklab.com
+Author-email: EpykLab <cyber@epyklab.com>
 Classifier: Programming Language :: Python :: 3
 Classifier: License :: OSI Approved :: MIT License
 Classifier: Operating System :: OS Independent
@@ -13,37 +11,31 @@ Classifier: Intended Audience :: Developers
 Classifier: Intended Audience :: Information Technology
 Classifier: Topic :: Security
 Classifier: Framework :: Pytest
-Requires-Python: >=3.8
+Requires-Python: <=3.13,>=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
+Requires-Dist: PySocks==1.7.1
 Requires-Dist: attrs==25.3.0
 Requires-Dist: certifi==2025.6.15
 Requires-Dist: charset-normalizer==3.4.2
 Requires-Dist: h11==0.16.0
 Requires-Dist: idna==3.10
 Requires-Dist: outcome==1.3.0.post0
-Requires-Dist: PySocks==1.7.1
+Requires-Dist: pydantic-core==2.18.2
+Requires-Dist: pydantic==2.7.1
 Requires-Dist: requests==2.32.4
 Requires-Dist: selenium==4.34.0
 Requires-Dist: setuptools==80.9.0
 Requires-Dist: sniffio==1.3.1
 Requires-Dist: sortedcontainers==2.4.0
-Requires-Dist: trio==0.30.0
 Requires-Dist: trio-websocket==0.12.2
+Requires-Dist: trio==0.30.0
 Requires-Dist: typing_extensions==4.14.0
 Requires-Dist: urllib3==2.4.0
 Requires-Dist: websocket-client==1.8.0
 Requires-Dist: wsproto==1.2.0
-Dynamic: author
-Dynamic: author-email
-Dynamic: classifier
-Dynamic: description
-Dynamic: description-content-type
-Dynamic: home-page
+Requires-Dist: typer
 Dynamic: license-file
-Dynamic: requires-dist
-Dynamic: requires-python
-Dynamic: summary
 <h1 align="center">Scythe</h1>
@@ -792,3 +784,79 @@ This architecture supports testing scenarios from simple security checks to comp
 ---
 **Scythe**: Comprehensive adverse conditions testing for robust, reliable systems.
+## Scythe CLI (embedded)
+Scythe now ships with a lightweight CLI that helps you bootstrap and manage your local Scythe testing workspace. After installing the package (pipx recommended), a `scythe` command is available.
+Note: The CLI is implemented with Typer, so `scythe --help` and per-command help (e.g., `scythe run --help`) are available. Command names and options remain the same as before.
+- Install with pipx:
+  - pipx install scythe-ttp
+- Or install locally in editable mode for development:
+  - pip install -e .
+### Commands
+- scythe init [--path PATH]
+  - Initializes a Scythe project at PATH (default: current directory).
+  - Creates:
+    - ./.scythe/scythe.db (SQLite DB with tests and runs tables)
+    - ./.scythe/scythe_tests/ (where your test scripts live)
+- scythe new <name>
+  - Creates a new test template at ./.scythe/scythe_tests/<name>.py and registers it in the DB (tests table).
+- scythe run <name or name.py>
+  - Runs the specified test from ./.scythe/scythe_tests and records the run into the DB (runs table). Exit code reflects success (0) or failure (non-zero).
+- scythe db dump
+  - Prints a JSON dump of the tests and runs tables from ./.scythe/scythe.db.
+- scythe db sync-compat <name>
+  - Reads COMPATIBLE_VERSIONS from ./.scythe/scythe_tests/<name>.py (if present) and updates the `tests.compatible_versions` field in the DB. If the variable is missing, the DB entry is set to empty and the command exits successfully.
+### Test template
+Created tests use a minimal template so you can start quickly:
+```python
+#!/usr/bin/env python3
+# scythe test initial template
+import argparse
+import os
+import sys
+import time
+from typing import List, Tuple
+# Scythe framework imports
+from scythe.core.executor import TTPExecutor
+from scythe.behaviors import HumanBehavior
+def scythe_test_definition(args):
+    # TODO: implement your test using Scythe primitives.
+    return True
+def main():
+    parser = argparse.ArgumentParser(description="Scythe test script")
+    parser.add_argument('--url', help='Target URL (overridden by localhost unless FORCE_USE_CLI_URL=1)')
+    args = parser.parse_args()
+    ok = scythe_test_definition(args)
+    sys.exit(0 if ok else 1)
+if __name__ == "__main__":
+    main()
+```
+Notes:
+- The CLI looks for tests in ./.scythe/scythe_tests.
+- Each `run` creates a record in the `runs` table with datetime, name_of_test, x_scythe_target_version (best-effort parsed from output), result, raw_output.
+- Each `new` creates a record in the `tests` table with name, path, created_date, compatible_versions.

{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/RECORD RENAMED Viewed

@@ -1,22 +1,25 @@
 scythe/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-scythe/auth/__init__.py,sha256=OoAzMnvkTHYG3RRptt_Z79Dsi0sz6lhR6M1W9bF950k,360
-scythe/auth/base.py,sha256=qNQgue4Jeu4U5r6RKYVTYi4BktlIp0IvdKbVyB-vVUE,3552
+scythe/auth/__init__.py,sha256=InEANqWEIAULFyzH9IyxWDPs_gJd3m_JYmzoaBk_37M,420
+scythe/auth/base.py,sha256=DllKaPGj0MRyRh4PQgQ2TUFgeAXjgXOT2h6zUz2ZAag,3807
 scythe/auth/basic.py,sha256=H4IG9-Y7wFe7ZQCNHmmqhre-Pp9CnBxlT23h2uvOPWo,14354
 scythe/auth/bearer.py,sha256=ngOL-sS6FcfB8XAKMR-CZbpqyySu2MaKxUl10SyBmmI,12687
+scythe/auth/cookie_jwt.py,sha256=z5Q-c594_m-dmh2Rv_4Xfeu0fXSQdlZ12Q-emtyj63g,6337
 scythe/behaviors/__init__.py,sha256=w-WRBGRgna5a1N8oHP2aXSQnkQUHyOXiujpwEVf_ZyM,291
 scythe/behaviors/base.py,sha256=INvIYKVIWzEi5w_4njOwKZ3X9IvySvqiMJnYX7_2Lns,3955
 scythe/behaviors/default.py,sha256=MDx4N-KwC23pPLGu1-ZIkGiTRNUG3Lxjbvo7SJ3UwMc,2117
 scythe/behaviors/human.py,sha256=1PqYvE7cnxlj-KDmDIr3uzfWHvDAbbxQxJ0V0iTl9yo,10291
 scythe/behaviors/machine.py,sha256=NDMUq3mDhpCvujzAFxhn2eSVq78-J-LSBhIcvHkzKXo,4624
 scythe/behaviors/stealth.py,sha256=xv7MrPQgRCdCUJyYTcXV2aasWZoAw8rAQWg-AuQVb7U,15278
+scythe/cli/__init__.py,sha256=9EVxmFiWsAoqWJ6br1bc3BxlA71JyOQP28fUHhX2k7E,43
+scythe/cli/main.py,sha256=ZqkTn2DKro68ODd3jr35QORgglo2RqA9Bw7GZSsY1Y0,21328
 scythe/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 scythe/core/executor.py,sha256=x1w2nByVu2G70sh7t0kOh6urlrTm_r_pbk0S7v1Ov28,9736
-scythe/core/headers.py,sha256=lHlxAwV4xOoR9A0rHDM5k48HmLp1y03uOkXXq68vcAU,13867
+scythe/core/headers.py,sha256=AokCQ3F5QGUcfoK7iO57hA1HHL4IznZeWV464_MqYcE,16670
 scythe/core/ttp.py,sha256=Xw9GgptYsjZ-pMLdyPv64bhiwGKobrXHdF32pjIY7OU,3102
-scythe/journeys/__init__.py,sha256=-8AIpCmkeWtQ656yU3omj_guMG4v4i1koIpD6NZhUGM,612
-scythe/journeys/actions.py,sha256=Ez6Bpzs2VHzXMl6GtPve85XxzQV09rDscmDuzSs3VBE,25229
-scythe/journeys/base.py,sha256=BWf35Ee3N9qy76Awh-r04-waUTDfLyxssvDmwYToXgY,15461
-scythe/journeys/executor.py,sha256=1D_HUzvi4Z7a5uE7QbIDWH7HTGz5DoxcQffr-05bi_0,19978
+scythe/journeys/__init__.py,sha256=Odi8NhRg7Hefmo1EJj1guakrCSPhsuus4i-_62uUUjs,654
+scythe/journeys/actions.py,sha256=cDBYdhY5pCXKG-57-op8gH8z9u3_wbIOhwqSZ2Z_jDs,36432
+scythe/journeys/base.py,sha256=vXIgEnSW__iYTriBbuMG4l_XCM96xojJH_fyFScKoBY,24969
+scythe/journeys/executor.py,sha256=_q2hzl4G9iv07I6NVMtNaK3O8QGLDwLNMiaxIle-nsY,24654
 scythe/orchestrators/__init__.py,sha256=_vemcXjKbB1jI0F2dPA0F1zNsyUekjcXImLDUDhWDN0,560
 scythe/orchestrators/base.py,sha256=YOZV0ewlzJ49H08P_LKnimutUms8NnDrQprFpSKhOeM,13595
 scythe/orchestrators/batch.py,sha256=FpK501kk-earJzz6v7dcuw2y708rTvt_IMH_5qjKdrc,26635
@@ -28,9 +31,10 @@ scythe/ttps/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 scythe/ttps/web/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 scythe/ttps/web/login_bruteforce.py,sha256=D4G8zB_nU9LD5w3Vv2ABTuOl4XTeg2BgZwYMObt4JJw,2488
 scythe/ttps/web/sql_injection.py,sha256=aWk4DFePbtFDsieOOj03Ux-5OiykyOs2_d_3SvWMOVE,2910
-scythe/ttps/web/uuid_guessing.py,sha256=WwCIQPLIixd5U2EY4bhnj7YP2AQDaPfQy7Yhj84UHy8,1245
-scythe_ttp-0.12.4.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
-scythe_ttp-0.12.4.dist-info/METADATA,sha256=KeT_tzQrCnJZQtfOFpaMKJCRqdSKbOSZ6xouzqQa3fw,27741
-scythe_ttp-0.12.4.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scythe_ttp-0.12.4.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
-scythe_ttp-0.12.4.dist-info/RECORD,,
+scythe/ttps/web/uuid_guessing.py,sha256=JwNt_9HVynMWFPPU6UGJFcpxvMVDsvc_wAnJVtcYbps,1235
+scythe_ttp-0.14.0.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
+scythe_ttp-0.14.0.dist-info/METADATA,sha256=mfwhEqF4PYFk7TYCvqHwvqBV90vb9rItOoFa5qLTobU,30161
+scythe_ttp-0.14.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scythe_ttp-0.14.0.dist-info/entry_points.txt,sha256=rAAsFBcCm0OX3I4uRyclfx4YJGoTuumZKY43HN7R5Ro,48
+scythe_ttp-0.14.0.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
+scythe_ttp-0.14.0.dist-info/RECORD,,

scythe_ttp-0.14.0.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ scythe = scythe.cli.main:main

{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{scythe_ttp-0.12.4.dist-info → scythe_ttp-0.14.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

scythe-ttp 0.12.4__py3-none-any.whl → 0.14.0__py3-none-any.whl

Potentially problematic release.

scythe-ttp 0.12.4py3-none-any.whl → 0.14.0py3-none-any.whl