scythe-ttp 0.15.10__tar.gz → 0.17.0__tar.gz

{scythe_ttp-0.15.10/scythe_ttp.egg-info → scythe_ttp-0.17.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.15.10
+Version: 0.17.0
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
 Author-email: EpykLab <cyber@epyklab.com>
 Classifier: Programming Language :: Python :: 3
@@ -35,6 +35,7 @@ Requires-Dist: urllib3==2.4.0
 Requires-Dist: websocket-client==1.8.0
 Requires-Dist: wsproto==1.2.0
 Requires-Dist: typer
+Requires-Dist: shellingham
 Dynamic: license-file
 
 <h1 align="center">Scythe</h1>

scythe_ttp-0.17.0/VERSION

@@ -0,0 +1 @@
+0.17.0

{scythe_ttp-0.15.10 → scythe_ttp-0.17.0}/pyproject.toml

@@ -40,7 +40,8 @@ dependencies = [
     "urllib3==2.4.0",
     "websocket-client==1.8.0",
     "wsproto==1.2.0",
-    "typer"
+    "typer",
+    "shellingham"
 ]
 # Remove the static version line entirely
 
@@ -52,4 +53,4 @@ packages = {find = {exclude = ["tests*", "examples*"]}}
 
 [tool.setuptools.dynamic]
 version = {file = "VERSION"}  # Fix this to point to your actual VERSION file
-dependencies = {file = "requirements.txt"}  # Keep if using; otherwise remove if sticking with static deps list
+dependencies = {file = "requirements.txt"}  # Keep if using; otherwise remove if sticking with static deps list

{scythe_ttp-0.15.10 → scythe_ttp-0.17.0}/scythe/cli/main.py

@@ -83,6 +83,138 @@ def main():
         dest='gate_versions',
         help='Gate versions to test against')
 
+    # Core Application Parameters
+    parser.add_argument(
+        '--protocol',
+        default='https',
+        choices=['http', 'https'],
+        help='Protocol to use (http/https, default: https)')
+    parser.add_argument(
+        '--port',
+        type=int,
+        help='Port number for the target application')
+
+    # Authentication Parameters
+    parser.add_argument(
+        '--username',
+        help='Username for authentication')
+    parser.add_argument(
+        '--password',
+        help='Password for authentication')
+    parser.add_argument(
+        '--token',
+        help='Bearer token or API key')
+    parser.add_argument(
+        '--auth-type',
+        choices=['basic', 'bearer', 'form'],
+        help='Authentication method (basic, bearer, form, etc.)')
+    parser.add_argument(
+        '--credentials-file',
+        help='Path to file containing multiple user credentials')
+
+    # Test Data Parameters
+    parser.add_argument(
+        '--users-file',
+        help='Path to CSV file containing user data')
+    parser.add_argument(
+        '--emails-file',
+        help='Path to text file containing email addresses')
+    parser.add_argument(
+        '--payload-file',
+        help='Path to file containing test payloads')
+    parser.add_argument(
+        '--data-file',
+        help='Generic path to test data file')
+
+    # Execution Control Parameters
+    parser.add_argument(
+        '--batch-size',
+        type=int,
+        default=10,
+        help='Number of operations per batch (default: 10)')
+    parser.add_argument(
+        '--max-batches',
+        type=int,
+        help='Maximum number of batches to run')
+    parser.add_argument(
+        '--workers',
+        type=int,
+        help='Number of concurrent workers/threads')
+    parser.add_argument(
+        '--replications',
+        type=int,
+        help='Number of test replications for load testing')
+    parser.add_argument(
+        '--timeout',
+        type=int,
+        help='Request timeout in seconds')
+    parser.add_argument(
+        '--delay',
+        type=float,
+        help='Delay between requests in seconds')
+
+    # Browser/Execution Parameters
+    parser.add_argument(
+        '--headless',
+        action='store_true',
+        help='Run browser in headless mode (flag)')
+    parser.add_argument(
+        '--browser',
+        choices=['chrome', 'firefox', 'safari', 'edge'],
+        help='Browser type (chrome, firefox, etc.)')
+    parser.add_argument(
+        '--user-agent',
+        help='Custom user agent string')
+    parser.add_argument(
+        '--proxy',
+        help='Proxy server URL')
+    parser.add_argument(
+        '--proxy-file',
+        help='Path to file containing proxy list')
+
+    # Output and Reporting Parameters
+    parser.add_argument(
+        '--output-dir',
+        help='Directory for output files')
+    parser.add_argument(
+        '--report-format',
+        choices=['json', 'csv', 'html'],
+        help='Report format (json, csv, html)')
+    parser.add_argument(
+        '--log-level',
+        choices=['debug', 'info', 'warning', 'error'],
+        help='Logging level (debug, info, warning, error)')
+    parser.add_argument(
+        '--verbose',
+        action='store_true',
+        help='Enable verbose output (flag)')
+    parser.add_argument(
+        '--silent',
+        action='store_true',
+        help='Suppress output except errors (flag)')
+
+    # Test Control Parameters
+    parser.add_argument(
+        '--fail-fast',
+        action='store_true',
+        help='Stop immediately on first failure (flag)')
+    parser.add_argument(
+        '--dry-run',
+        action='store_true',
+        help='Validate configuration without executing tests (flag)')
+    parser.add_argument(
+        '--test-type',
+        choices=['load', 'security', 'functional'],
+        help='Type of test to run (load, security, functional)')
+    parser.add_argument(
+        '--iterations',
+        type=int,
+        help='Number of test iterations')
+    parser.add_argument(
+        '--duration',
+        type=int,
+        help='Test duration in seconds')
+
     args = parser.parse_args()
 
     if check_url_available(args.url):
@@ -226,10 +358,8 @@ def _create_test(project_root: str, name: str) -> str:
 
     return filepath
 
-
-_VERSION_RE = re.compile(r"X-SCYTHE-TARGET-VERSION\s*[:=]\s*([\w\.-]+)")
-_DETECTED_LIST_RE = re.compile(r"Detected target versions: \[?([^\]]*)\]?")
-
+_VERSION_RE = re.compile(r"['\"]?X-Scythe-Target-Version['\"]?\s*:\s*['\"]?([\w.-]+)['\"]?")
+_DETECTED_LIST_RE = re.compile(r"Target versions detected:\s*\[?([^]]*)\]?")
 
 def _parse_version_from_output(output: str) -> Optional[str]:
     m = _VERSION_RE.search(output)
@@ -240,7 +370,7 @@ def _parse_version_from_output(output: str) -> Optional[str]:
     if m:
         inner = m.group(1)
         # extract first version-like token
-        mv = re.search(r"[\d]+(?:\.[\w\-]+)+", inner)
+        mv = re.search(r"\d+(?:\.[\w\-]+)+", inner)
         if mv:
             return mv.group(0)
     return None

{scythe_ttp-0.15.10 → scythe_ttp-0.17.0}/scythe/journeys/actions.py

@@ -659,6 +659,7 @@ class ApiRequestAction(Action):
     def __init__(self,
                  method: str,
                  url: str,
+                 flush: bool = False,
                  params: Optional[Dict[str, Any]] = None,
                  body_json: Optional[Dict[str, Any]] = None,
                  data: Optional[Dict[str, Any]] = None,
@@ -673,6 +674,7 @@ class ApiRequestAction(Action):
                  fail_on_validation_error: bool = False):
         self.method = method.upper()
         self.url = url
+        self.flush = flush
         self.params = params or {}
         self.body_json = body_json
         self.data = data
@@ -692,15 +694,15 @@ class ApiRequestAction(Action):
         if session is None:
             session = requests.Session()
             context['requests_session'] = session
-        
-        # Build headers: auth headers from context + action headers (action overrides)
+
+        # Build headers: auth headers from context and action headers (action overrides)
         final_headers = {}
         auth_headers = context.get('auth_headers', {}) or {}
         if auth_headers:
             final_headers.update(auth_headers)
         if self.headers:
             final_headers.update(self.headers)
-        
+
         # Simple masking for sensitive headers
         def _mask_headers(headers: Dict[str, Any]) -> Dict[str, Any]:
             masked = {}
@@ -713,7 +715,7 @@ class ApiRequestAction(Action):
                 else:
                     masked[k] = v
             return masked
-        
+
         # Resolve URL: absolute or join with target_url from context
         from urllib.parse import urljoin
         from ..core.headers import HeaderExtractor
@@ -725,7 +727,7 @@ class ApiRequestAction(Action):
             resolved_url = self.url
         else:
             resolved_url = urljoin(base_url, self.url)
-        
+
         # Store request details early
         self.store_result('request_method', self.method)
         self.store_result('url', resolved_url)
@@ -736,7 +738,7 @@ class ApiRequestAction(Action):
         if self.data is not None:
             self.store_result('request_data', self.data)
         self.store_result('request_headers', _mask_headers(final_headers))
-        
+
         logger = logging.getLogger("Journey.ApiRequestAction")
         # Honor any pending rate-limit resume time set by previous actions/steps
         try:
@@ -861,14 +863,25 @@ class ApiRequestAction(Action):
 
                 # Determine success (status-based by default)
                 if self.expected_status is not None:
-                    http_ok = (getattr(response, 'status_code', None) == self.expected_status)
+                    http_ok = (status_code == self.expected_status)
+                    if not http_ok:
+                        self.store_result('status_mismatch', f"Expected status {self.expected_status}, got {status_code}")
+                        logger.warning(f"API request status mismatch: expected {self.expected_status}, got {status_code}")
                 else:
                     http_ok = bool(getattr(response, 'ok', False))
 
+                # Store the final status check result
+                self.store_result('http_status_ok', http_ok)
+
                 # Optionally fail on validation error
                 if self.response_model is not None and self.fail_on_validation_error and self.get_result('response_validation_error'):
                     return False
 
+                if self.flush:
+                    clear_requests_session(context)
+
+                # Return False if status doesn't match expected, regardless of expected_result
+                # The framework will then compare this with expected_result to determine test outcome
                 return http_ok
             except Exception as e:
                 last_exception = e
@@ -878,3 +891,12 @@ class ApiRequestAction(Action):
 
         # If we got here and had an exception or no return, fail
         return False
+
+def clear_requests_session(context: Dict[str, Any]):
+    """Clear the request session from the context."""
+    logger = logging.getLogger("Journey.ApiRequestAction")
+    session = context.get('requests_session')
+    if session is not None:
+        session.close()
+        context['requests_session'] = None
+        logger.info("Cleared requests session from context")

{scythe_ttp-0.15.10 → scythe_ttp-0.17.0/scythe_ttp.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.15.10
+Version: 0.17.0
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
 Author-email: EpykLab <cyber@epyklab.com>
 Classifier: Programming Language :: Python :: 3
@@ -35,6 +35,7 @@ Requires-Dist: urllib3==2.4.0
 Requires-Dist: websocket-client==1.8.0
 Requires-Dist: wsproto==1.2.0
 Requires-Dist: typer
+Requires-Dist: shellingham
 Dynamic: license-file
 
 <h1 align="center">Scythe</h1>

{scythe_ttp-0.15.10 → scythe_ttp-0.17.0}/scythe_ttp.egg-info/requires.txt

@@ -19,3 +19,4 @@ urllib3==2.4.0
 websocket-client==1.8.0
 wsproto==1.2.0
 typer
+shellingham

scythe_ttp-0.15.10/VERSION

@@ -1 +0,0 @@
-0.15.10