PyPI - scythe-ttp - Versions diffs - 0.15.2__py3-none-any.whl → 0.18.1__py3-none-any.whl - Mend

scythe-ttp 0.15.2py3-none-any.whl → 0.18.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

scythe/auth/cookie_jwt.py +43 -14
scythe/cli/main.py +195 -14
scythe/core/executor.py +143 -2
scythe/core/ttp.py +61 -3
scythe/journeys/actions.py +180 -76
scythe/journeys/executor.py +15 -0
scythe/orchestrators/base.py +18 -0
scythe/ttps/web/__init__.py +12 -0
scythe/ttps/web/login_bruteforce.py +138 -7
scythe/ttps/web/request_flooding.py +503 -0
scythe/ttps/web/sql_injection.py +232 -15
{scythe_ttp-0.15.2.dist-info → scythe_ttp-0.18.1.dist-info}/METADATA +2 -1
{scythe_ttp-0.15.2.dist-info → scythe_ttp-0.18.1.dist-info}/RECORD +17 -16
{scythe_ttp-0.15.2.dist-info → scythe_ttp-0.18.1.dist-info}/WHEEL +0 -0
{scythe_ttp-0.15.2.dist-info → scythe_ttp-0.18.1.dist-info}/entry_points.txt +0 -0
{scythe_ttp-0.15.2.dist-info → scythe_ttp-0.18.1.dist-info}/licenses/LICENSE +0 -0
{scythe_ttp-0.15.2.dist-info → scythe_ttp-0.18.1.dist-info}/top_level.txt +0 -0

scythe/journeys/actions.py CHANGED Viewed

@@ -439,81 +439,163 @@ class TTPAction(Action):
             True if TTP execution matches expected result, False otherwise
         """
         try:
-            # Determine target URL
-            if self.target_url:
-                url = self.target_url
-            elif 'current_url' in context:
-                url = context['current_url']
+            # Check execution mode
+            if self.ttp.execution_mode == 'api':
+                return self._execute_api_mode(driver, context)
             else:
-                url = driver.current_url
-            # Navigate to URL if needed
-            if url != driver.current_url:
-                driver.get(url)
-            # Execute TTP authentication if required
-            if self.ttp.requires_authentication():
-                auth_success = self.ttp.authenticate(driver, url)
-                if not auth_success:
-                    self.store_result('error', 'TTP authentication failed')
-                    return False
-            # Execute TTP payloads
-            ttp_results = []
-            success_count = 0
-            total_count = 0
+                return self._execute_ui_mode(driver, context)
+        except Exception as e:
+            self.store_result('error', str(e))
+            return False
+    def _execute_ui_mode(self, driver: WebDriver, context: Dict[str, Any]) -> bool:
+        """Execute TTP in UI mode using Selenium."""
+        # Determine target URL
+        if self.target_url:
+            url = self.target_url
+        elif 'current_url' in context:
+            url = context['current_url']
+        else:
+            url = driver.current_url
+        # Navigate to URL if needed
+        if url != driver.current_url:
+            driver.get(url)
+        # Execute TTP authentication if required
+        if self.ttp.requires_authentication():
+            auth_success = self.ttp.authenticate(driver, url)
+            if not auth_success:
+                self.store_result('error', 'TTP authentication failed')
+                return False
+        # Execute TTP payloads
+        ttp_results = []
+        success_count = 0
+        total_count = 0
+        for payload in self.ttp.get_payloads():
+            total_count += 1
-            for payload in self.ttp.get_payloads():
-                total_count += 1
+            try:
+                # Execute step
+                self.ttp.execute_step(driver, payload)
-                try:
-                    # Execute step
-                    self.ttp.execute_step(driver, payload)
-                    # Verify result
-                    result = self.ttp.verify_result(driver)
-                    ttp_results.append({
-                        'payload': str(payload),
-                        'success': result,
-                        'url': driver.current_url
-                    })
+                # Verify result
+                result = self.ttp.verify_result(driver)
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': result,
+                    'url': driver.current_url
+                })
+                if result:
+                    success_count += 1
-                    if result:
-                        success_count += 1
-                except Exception as e:
-                    ttp_results.append({
-                        'payload': str(payload),
-                        'success': False,
-                        'error': str(e),
-                        'url': driver.current_url
-                    })
-            # Store results
-            self.store_result('ttp_name', self.ttp.name)
-            self.store_result('total_payloads', total_count)
-            self.store_result('successful_payloads', success_count)
-            self.store_result('ttp_results', ttp_results)
-            self.store_result('success_rate', success_count / total_count if total_count > 0 else 0)
-            # Update context
-            context[f'ttp_results_{self.ttp.name}'] = ttp_results
-            context['last_ttp_success_count'] = success_count
-            # Determine action success based on expected result
-            has_successes = success_count > 0
+            except Exception as e:
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': False,
+                    'error': str(e),
+                    'url': driver.current_url
+                })
+        # Store results
+        self.store_result('ttp_name', self.ttp.name)
+        self.store_result('execution_mode', 'ui')
+        self.store_result('total_payloads', total_count)
+        self.store_result('successful_payloads', success_count)
+        self.store_result('ttp_results', ttp_results)
+        self.store_result('success_rate', success_count / total_count if total_count > 0 else 0)
+        # Update context
+        context[f'ttp_results_{self.ttp.name}'] = ttp_results
+        context['last_ttp_success_count'] = success_count
+        # Determine action success based on expected result
+        has_successes = success_count > 0
+        if self.expected_result:
+            # Expecting TTP to find vulnerabilities/succeed
+            return has_successes
+        else:
+            # Expecting TTP to fail (security controls working)
+            return not has_successes
+    def _execute_api_mode(self, driver: WebDriver, context: Dict[str, Any]) -> bool:
+        """Execute TTP in API mode using requests library."""
+        import requests
+        # Get or create requests session
+        session = context.get('requests_session')
+        if session is None:
+            session = requests.Session()
+            context['requests_session'] = session
+        # Set target URL in context if provided
+        if self.target_url:
+            context['target_url'] = self.target_url
+        # Verify TTP supports API mode
+        if not self.ttp.supports_api_mode():
+            self.store_result('error', f'TTP {self.ttp.name} does not support API execution mode')
+            return False
+        # Execute TTP payloads via API
+        ttp_results = []
+        success_count = 0
+        total_count = 0
+        for payload in self.ttp.get_payloads():
+            total_count += 1
-            if self.expected_result:
-                # Expecting TTP to find vulnerabilities/succeed
-                return has_successes
-            else:
-                # Expecting TTP to fail (security controls working)
-                return not has_successes
+            try:
+                # Execute step via API
+                response = self.ttp.execute_step_api(session, payload, context)
-        except Exception as e:
-            self.store_result('error', str(e))
-            return False
+                # Verify result
+                result = self.ttp.verify_result_api(response, context)
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': result,
+                    'status_code': response.status_code,
+                    'url': response.url
+                })
+                if result:
+                    success_count += 1
+            except Exception as e:
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': False,
+                    'error': str(e)
+                })
+        # Store results
+        self.store_result('ttp_name', self.ttp.name)
+        self.store_result('execution_mode', 'api')
+        self.store_result('total_payloads', total_count)
+        self.store_result('successful_payloads', success_count)
+        self.store_result('ttp_results', ttp_results)
+        self.store_result('success_rate', success_count / total_count if total_count > 0 else 0)
+        # Update context
+        context[f'ttp_results_{self.ttp.name}'] = ttp_results
+        context['last_ttp_success_count'] = success_count
+        # Determine action success based on expected result
+        has_successes = success_count > 0
+        if self.expected_result:
+            # Expecting TTP to find vulnerabilities/succeed
+            return has_successes
+        else:
+            # Expecting TTP to fail (security controls working)
+            return not has_successes
 class AssertAction(Action):
@@ -659,6 +741,7 @@ class ApiRequestAction(Action):
     def __init__(self,
                  method: str,
                  url: str,
+                 flush: bool = False,
                  params: Optional[Dict[str, Any]] = None,
                  body_json: Optional[Dict[str, Any]] = None,
                  data: Optional[Dict[str, Any]] = None,
@@ -673,6 +756,7 @@ class ApiRequestAction(Action):
                  fail_on_validation_error: bool = False):
         self.method = method.upper()
         self.url = url
+        self.flush = flush
         self.params = params or {}
         self.body_json = body_json
         self.data = data
@@ -692,15 +776,15 @@ class ApiRequestAction(Action):
         if session is None:
             session = requests.Session()
             context['requests_session'] = session
-        # Build headers: auth headers from context + action headers (action overrides)
+        # Build headers: auth headers from context and action headers (action overrides)
         final_headers = {}
         auth_headers = context.get('auth_headers', {}) or {}
         if auth_headers:
             final_headers.update(auth_headers)
         if self.headers:
             final_headers.update(self.headers)
         # Simple masking for sensitive headers
         def _mask_headers(headers: Dict[str, Any]) -> Dict[str, Any]:
             masked = {}
@@ -713,7 +797,7 @@ class ApiRequestAction(Action):
                 else:
                     masked[k] = v
             return masked
         # Resolve URL: absolute or join with target_url from context
         from urllib.parse import urljoin
         from ..core.headers import HeaderExtractor
@@ -725,7 +809,7 @@ class ApiRequestAction(Action):
             resolved_url = self.url
         else:
             resolved_url = urljoin(base_url, self.url)
         # Store request details early
         self.store_result('request_method', self.method)
         self.store_result('url', resolved_url)
@@ -736,7 +820,7 @@ class ApiRequestAction(Action):
         if self.data is not None:
             self.store_result('request_data', self.data)
         self.store_result('request_headers', _mask_headers(final_headers))
         logger = logging.getLogger("Journey.ApiRequestAction")
         # Honor any pending rate-limit resume time set by previous actions/steps
         try:
@@ -861,14 +945,25 @@ class ApiRequestAction(Action):
                 # Determine success (status-based by default)
                 if self.expected_status is not None:
-                    http_ok = (getattr(response, 'status_code', None) == self.expected_status)
+                    http_ok = (status_code == self.expected_status)
+                    if not http_ok:
+                        self.store_result('status_mismatch', f"Expected status {self.expected_status}, got {status_code}")
+                        logger.warning(f"API request status mismatch: expected {self.expected_status}, got {status_code}")
                 else:
                     http_ok = bool(getattr(response, 'ok', False))
+                # Store the final status check result
+                self.store_result('http_status_ok', http_ok)
                 # Optionally fail on validation error
                 if self.response_model is not None and self.fail_on_validation_error and self.get_result('response_validation_error'):
                     return False
+                if self.flush:
+                    clear_requests_session(context)
+                # Return False if status doesn't match expected, regardless of expected_result
+                # The framework will then compare this with expected_result to determine test outcome
                 return http_ok
             except Exception as e:
                 last_exception = e
@@ -878,3 +973,12 @@ class ApiRequestAction(Action):
         # If we got here and had an exception or no return, fail
         return False
+def clear_requests_session(context: Dict[str, Any]):
+    """Clear the request session from the context."""
+    logger = logging.getLogger("Journey.ApiRequestAction")
+    session = context.get('requests_session')
+    if session is not None:
+        session.close()
+        context['requests_session'] = None
+        logger.info("Cleared requests session from context")

scythe/journeys/executor.py CHANGED Viewed

@@ -406,6 +406,12 @@ class JourneyExecutor:
         else:
             self.logger.info("\nNo X-SCYTHE-TARGET-VERSION headers detected in responses.")
+        # Log overall test status (similar to TTPExecutor)
+        if self.was_successful():
+            self.logger.info("\n✓ TEST PASSED: Journey results matched expectations")
+        else:
+            self.logger.error("\n✗ TEST FAILED: Journey results differed from expected")
         self.logger.info("="*60)
     def get_results(self) -> Optional[Dict[str, Any]]:
@@ -457,6 +463,15 @@ class JourneyExecutor:
         actual = self.execution_results.get('overall_success', False)
         expected = self.execution_results.get('expected_result', True)
         return actual == expected
+    def exit_code(self) -> int:
+        """
+        Get the exit code for this journey execution.
+        Returns:
+            0 if journey was successful (results matched expectations), 1 otherwise
+        """
+        return 0 if self.was_successful() else 1
 class JourneyRunner:

scythe/orchestrators/base.py CHANGED Viewed

@@ -281,6 +281,24 @@ class Orchestrator(ABC):
                 self.logger.warning(f"  ... and {len(result.errors) - 3} more errors")
         self.logger.info("="*60)
+    def exit_code(self, result: OrchestrationResult) -> int:
+        """
+        Get the exit code for an orchestration result.
+        An orchestration is considered successful if all executions completed
+        successfully (matching their expected results).
+        Args:
+            result: OrchestrationResult to evaluate
+        Returns:
+            0 if all executions were successful, 1 otherwise
+        """
+        # Check if any executions failed or if there were errors
+        if result.failed_executions > 0 or len(result.errors) > 0:
+            return 1
+        return 0
 class ExecutionContext:

scythe/ttps/web/__init__.py CHANGED Viewed

@@ -0,0 +1,12 @@
+from .login_bruteforce import LoginBruteforceTTP
+from .sql_injection import InputFieldInjector, URLManipulation
+from .uuid_guessing import GuessUUIDInURL
+from .request_flooding import RequestFloodingTTP
+__all__ = [
+    'LoginBruteforceTTP',
+    'InputFieldInjector',
+    'URLManipulation',
+    'GuessUUIDInURL',
+    'RequestFloodingTTP'
+]

scythe/ttps/web/login_bruteforce.py CHANGED Viewed

@@ -1,6 +1,8 @@
 from selenium.webdriver.common.by import By
 from selenium.webdriver.remote.webdriver import WebDriver
 from selenium.common.exceptions import NoSuchElementException
+from typing import Dict, Any, Optional
+import requests
 from ...core.ttp import TTP
 from ...payloads.generators import PayloadGenerator
@@ -8,27 +10,65 @@ from ...payloads.generators import PayloadGenerator
 class LoginBruteforceTTP(TTP):
     """
     A TTP that emulates a login bruteforce attack.
+    Supports two execution modes:
+    - UI mode: Uses Selenium to fill login forms
+    - API mode: Makes direct HTTP POST requests to login endpoints
     """
     def __init__(self,
                  payload_generator: PayloadGenerator,
                  username: str,
-                 username_selector: str,
-                 password_selector: str,
-                 submit_selector: str,
+                 username_selector: str = None,
+                 password_selector: str = None,
+                 submit_selector: str = None,
                  expected_result: bool = True,
-                 authentication=None):
+                 authentication=None,
+                 execution_mode: str = 'ui',
+                 api_endpoint: Optional[str] = None,
+                 username_field: str = 'username',
+                 password_field: str = 'password',
+                 success_indicators: Optional[Dict[str, Any]] = None):
+        """
+        Initialize the Login Bruteforce TTP.
+        Args:
+            payload_generator: Generator that yields password payloads
+            username: Username to attempt login with
+            username_selector: CSS selector for username field (UI mode)
+            password_selector: CSS selector for password field (UI mode)
+            submit_selector: CSS selector for submit button (UI mode)
+            expected_result: Whether we expect to find a valid password
+            authentication: Optional authentication to perform before testing
+            execution_mode: 'ui' or 'api'
+            api_endpoint: API endpoint path for login (API mode, e.g., '/api/auth/login')
+            username_field: Field name for username in API request body (API mode)
+            password_field: Field name for password in API request body (API mode)
+            success_indicators: Dict with keys 'status_code' (int), 'response_contains' (str),
+                              'response_not_contains' (str) to determine successful login in API mode
+        """
         super().__init__(
             name="Login Bruteforce",
             description="Attempts to guess a user's password using a list of payloads.",
             expected_result=expected_result,
-            authentication=authentication
+            authentication=authentication,
+            execution_mode=execution_mode
         )
         self.payload_generator = payload_generator
         self.username = username
+        # UI mode fields
         self.username_selector = username_selector
         self.password_selector = password_selector
         self.submit_selector = submit_selector
+        # API mode fields
+        self.api_endpoint = api_endpoint
+        self.username_field = username_field
+        self.password_field = password_field
+        self.success_indicators = success_indicators or {
+            'status_code': 200,
+            'response_not_contains': 'invalid'
+        }
     def get_payloads(self):
         """Yields passwords from the configured generator."""
@@ -58,7 +98,98 @@ class LoginBruteforceTTP(TTP):
     def verify_result(self, driver: WebDriver) -> bool:
         """
-        Checks for indicators of a successful login.
+        Checks for indicators of a successful login in UI mode.
         A simple check is if the URL no longer contains 'login'.
         """
         return "login" not in driver.current_url.lower()
+    def execute_step_api(self, session: requests.Session, payload: str, context: Dict[str, Any]) -> requests.Response:
+        """
+        Executes a login attempt via API request.
+        Args:
+            session: requests.Session for making HTTP requests
+            payload: The password to attempt
+            context: Shared context dictionary
+        Returns:
+            requests.Response from the login attempt
+        """
+        from urllib.parse import urljoin
+        # Build the full URL
+        base_url = context.get('target_url', '')
+        if not base_url:
+            raise ValueError("target_url must be set in context for API mode")
+        url = urljoin(base_url, self.api_endpoint or '/login')
+        # Build request body
+        body = {
+            self.username_field: self.username,
+            self.password_field: payload
+        }
+        # Merge auth headers from context
+        headers = {}
+        auth_headers = context.get('auth_headers', {})
+        if auth_headers:
+            headers.update(auth_headers)
+        # Honor rate limiting
+        import time
+        resume_at = context.get('rate_limit_resume_at')
+        now = time.time()
+        if isinstance(resume_at, (int, float)) and resume_at > now:
+            wait_s = min(resume_at - now, 30)
+            if wait_s > 0:
+                time.sleep(wait_s)
+        # Make the request
+        response = session.post(url, json=body, headers=headers or None, timeout=10.0)
+        # Handle rate limiting
+        if response.status_code == 429:
+            retry_after = response.headers.get('Retry-After', '1')
+            try:
+                wait_s = int(retry_after)
+            except (ValueError, TypeError):
+                wait_s = 1
+            context['rate_limit_resume_at'] = time.time() + min(wait_s, 30)
+        return response
+    def verify_result_api(self, response: requests.Response, context: Dict[str, Any]) -> bool:
+        """
+        Verifies if the login attempt was successful based on the API response.
+        Args:
+            response: The response from execute_step_api
+            context: Shared context dictionary
+        Returns:
+            True if login appears successful, False otherwise
+        """
+        # Check status code
+        expected_status = self.success_indicators.get('status_code')
+        if expected_status is not None and response.status_code != expected_status:
+            return False
+        # Check response body contains/not contains strings
+        try:
+            response_text = response.text.lower()
+            # Check if response should contain certain text
+            contains = self.success_indicators.get('response_contains')
+            if contains and contains.lower() not in response_text:
+                return False
+            # Check if response should NOT contain certain text
+            not_contains = self.success_indicators.get('response_not_contains')
+            if not_contains and not_contains.lower() in response_text:
+                return False
+            return True
+        except Exception:
+            # If we can't read the response, consider it a failure
+            return False

scythe-ttp 0.15.2__py3-none-any.whl → 0.18.1__py3-none-any.whl

scythe-ttp 0.15.2py3-none-any.whl → 0.18.1py3-none-any.whl