PyPI - scythe-ttp - Versions diffs - 0.17.1__tar.gz → 0.17.2__tar.gz - Mend

scythe-ttp 0.17.1tar.gz → 0.17.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of scythe-ttp might be problematic. Click here for more details.

Files changed (62) hide show

{scythe_ttp-0.17.1/scythe_ttp.egg-info → scythe_ttp-0.17.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.17.1
+Version: 0.17.2
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
 Author-email: EpykLab <cyber@epyklab.com>
 Classifier: Programming Language :: Python :: 3

scythe_ttp-0.17.2/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 0.17.2

{scythe_ttp-0.17.1 → scythe_ttp-0.17.2}/scythe/core/ttp.py RENAMED Viewed

@@ -1,9 +1,10 @@
 from abc import ABC, abstractmethod
-from typing import Generator, Any, Optional, TYPE_CHECKING
+from typing import Generator, Any, Optional, TYPE_CHECKING, Dict
 from selenium.webdriver.remote.webdriver import WebDriver
 if TYPE_CHECKING:
     from ..auth.base import Authentication
+    import requests
 class TTP(ABC):
     """
@@ -11,9 +12,14 @@ class TTP(ABC):
     Each TTP implementation must define how to generate payloads, how to
     execute a test step with a given payload, and how to verify the outcome.
+    TTPs can operate in two modes:
+    - 'ui': Uses Selenium WebDriver to interact with web UI (default)
+    - 'api': Uses requests library to interact directly with backend APIs
     """
-    def __init__(self, name: str, description: str, expected_result: bool = True, authentication: Optional['Authentication'] = None):
+    def __init__(self, name: str, description: str, expected_result: bool = True,
+                 authentication: Optional['Authentication'] = None, execution_mode: str = 'ui'):
         """
         Initialize a TTP.
@@ -24,11 +30,13 @@ class TTP(ABC):
                            True means we expect to find vulnerabilities/success conditions.
                            False means we expect the security controls to prevent success.
             authentication: Optional authentication mechanism to use before executing TTP
+            execution_mode: Execution mode - 'ui' for Selenium-based UI testing or 'api' for direct API testing
         """
         self.name = name
         self.description = description
         self.expected_result = expected_result
         self.authentication = authentication
+        self.execution_mode = execution_mode.lower()
     @abstractmethod
     def get_payloads(self) -> Generator[Any, None, None]:
@@ -80,9 +88,59 @@ class TTP(ABC):
     @abstractmethod
     def verify_result(self, driver: WebDriver) -> bool:
         """
-        Verifies the outcome of the executed step.
+        Verifies the outcome of the executed step in UI mode.
         Returns:
             True if the test indicates a potential success/vulnerability, False otherwise.
         """
         pass
+    def execute_step_api(self, session: 'requests.Session', payload: Any, context: Dict[str, Any]) -> 'requests.Response':
+        """
+        Executes a single test action using the provided payload via API request.
+        This method should be overridden by TTPs that support API mode.
+        Args:
+            session: requests.Session instance for making HTTP requests
+            payload: The payload to use for this test iteration
+            context: Shared context dictionary for storing state and auth headers
+        Returns:
+            requests.Response object from the API call
+        Raises:
+            NotImplementedError: If the TTP does not support API mode
+        """
+        raise NotImplementedError(f"{self.name} does not support API execution mode")
+    def verify_result_api(self, response: 'requests.Response', context: Dict[str, Any]) -> bool:
+        """
+        Verifies the outcome of the executed step in API mode.
+        This method should be overridden by TTPs that support API mode.
+        Args:
+            response: The requests.Response object from execute_step_api
+            context: Shared context dictionary for accessing state
+        Returns:
+            True if the test indicates a potential success/vulnerability, False otherwise
+        Raises:
+            NotImplementedError: If the TTP does not support API mode
+        """
+        raise NotImplementedError(f"{self.name} does not support API result verification in API mode")
+    def supports_api_mode(self) -> bool:
+        """
+        Check if this TTP implementation supports API execution mode.
+        Returns:
+            True if API mode is supported, False otherwise
+        """
+        # Check if the TTP has overridden the API methods
+        try:
+            # Try to call the method on the class to see if it's been overridden
+            return (type(self).execute_step_api != TTP.execute_step_api or
+                    type(self).verify_result_api != TTP.verify_result_api)
+        except Exception:
+            return False

{scythe_ttp-0.17.1 → scythe_ttp-0.17.2}/scythe/journeys/actions.py RENAMED Viewed

@@ -439,81 +439,163 @@ class TTPAction(Action):
             True if TTP execution matches expected result, False otherwise
         """
         try:
-            # Determine target URL
-            if self.target_url:
-                url = self.target_url
-            elif 'current_url' in context:
-                url = context['current_url']
+            # Check execution mode
+            if self.ttp.execution_mode == 'api':
+                return self._execute_api_mode(driver, context)
             else:
-                url = driver.current_url
-            # Navigate to URL if needed
-            if url != driver.current_url:
-                driver.get(url)
-            # Execute TTP authentication if required
-            if self.ttp.requires_authentication():
-                auth_success = self.ttp.authenticate(driver, url)
-                if not auth_success:
-                    self.store_result('error', 'TTP authentication failed')
-                    return False
-            # Execute TTP payloads
-            ttp_results = []
-            success_count = 0
-            total_count = 0
+                return self._execute_ui_mode(driver, context)
+        except Exception as e:
+            self.store_result('error', str(e))
+            return False
+    def _execute_ui_mode(self, driver: WebDriver, context: Dict[str, Any]) -> bool:
+        """Execute TTP in UI mode using Selenium."""
+        # Determine target URL
+        if self.target_url:
+            url = self.target_url
+        elif 'current_url' in context:
+            url = context['current_url']
+        else:
+            url = driver.current_url
+        # Navigate to URL if needed
+        if url != driver.current_url:
+            driver.get(url)
+        # Execute TTP authentication if required
+        if self.ttp.requires_authentication():
+            auth_success = self.ttp.authenticate(driver, url)
+            if not auth_success:
+                self.store_result('error', 'TTP authentication failed')
+                return False
+        # Execute TTP payloads
+        ttp_results = []
+        success_count = 0
+        total_count = 0
+        for payload in self.ttp.get_payloads():
+            total_count += 1
-            for payload in self.ttp.get_payloads():
-                total_count += 1
+            try:
+                # Execute step
+                self.ttp.execute_step(driver, payload)
-                try:
-                    # Execute step
-                    self.ttp.execute_step(driver, payload)
-                    # Verify result
-                    result = self.ttp.verify_result(driver)
-                    ttp_results.append({
-                        'payload': str(payload),
-                        'success': result,
-                        'url': driver.current_url
-                    })
+                # Verify result
+                result = self.ttp.verify_result(driver)
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': result,
+                    'url': driver.current_url
+                })
+                if result:
+                    success_count += 1
-                    if result:
-                        success_count += 1
-                except Exception as e:
-                    ttp_results.append({
-                        'payload': str(payload),
-                        'success': False,
-                        'error': str(e),
-                        'url': driver.current_url
-                    })
-            # Store results
-            self.store_result('ttp_name', self.ttp.name)
-            self.store_result('total_payloads', total_count)
-            self.store_result('successful_payloads', success_count)
-            self.store_result('ttp_results', ttp_results)
-            self.store_result('success_rate', success_count / total_count if total_count > 0 else 0)
-            # Update context
-            context[f'ttp_results_{self.ttp.name}'] = ttp_results
-            context['last_ttp_success_count'] = success_count
-            # Determine action success based on expected result
-            has_successes = success_count > 0
+            except Exception as e:
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': False,
+                    'error': str(e),
+                    'url': driver.current_url
+                })
+        # Store results
+        self.store_result('ttp_name', self.ttp.name)
+        self.store_result('execution_mode', 'ui')
+        self.store_result('total_payloads', total_count)
+        self.store_result('successful_payloads', success_count)
+        self.store_result('ttp_results', ttp_results)
+        self.store_result('success_rate', success_count / total_count if total_count > 0 else 0)
+        # Update context
+        context[f'ttp_results_{self.ttp.name}'] = ttp_results
+        context['last_ttp_success_count'] = success_count
+        # Determine action success based on expected result
+        has_successes = success_count > 0
+        if self.expected_result:
+            # Expecting TTP to find vulnerabilities/succeed
+            return has_successes
+        else:
+            # Expecting TTP to fail (security controls working)
+            return not has_successes
+    def _execute_api_mode(self, driver: WebDriver, context: Dict[str, Any]) -> bool:
+        """Execute TTP in API mode using requests library."""
+        import requests
+        # Get or create requests session
+        session = context.get('requests_session')
+        if session is None:
+            session = requests.Session()
+            context['requests_session'] = session
+        # Set target URL in context if provided
+        if self.target_url:
+            context['target_url'] = self.target_url
+        # Verify TTP supports API mode
+        if not self.ttp.supports_api_mode():
+            self.store_result('error', f'TTP {self.ttp.name} does not support API execution mode')
+            return False
+        # Execute TTP payloads via API
+        ttp_results = []
+        success_count = 0
+        total_count = 0
+        for payload in self.ttp.get_payloads():
+            total_count += 1
-            if self.expected_result:
-                # Expecting TTP to find vulnerabilities/succeed
-                return has_successes
-            else:
-                # Expecting TTP to fail (security controls working)
-                return not has_successes
+            try:
+                # Execute step via API
+                response = self.ttp.execute_step_api(session, payload, context)
-        except Exception as e:
-            self.store_result('error', str(e))
-            return False
+                # Verify result
+                result = self.ttp.verify_result_api(response, context)
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': result,
+                    'status_code': response.status_code,
+                    'url': response.url
+                })
+                if result:
+                    success_count += 1
+            except Exception as e:
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': False,
+                    'error': str(e)
+                })
+        # Store results
+        self.store_result('ttp_name', self.ttp.name)
+        self.store_result('execution_mode', 'api')
+        self.store_result('total_payloads', total_count)
+        self.store_result('successful_payloads', success_count)
+        self.store_result('ttp_results', ttp_results)
+        self.store_result('success_rate', success_count / total_count if total_count > 0 else 0)
+        # Update context
+        context[f'ttp_results_{self.ttp.name}'] = ttp_results
+        context['last_ttp_success_count'] = success_count
+        # Determine action success based on expected result
+        has_successes = success_count > 0
+        if self.expected_result:
+            # Expecting TTP to find vulnerabilities/succeed
+            return has_successes
+        else:
+            # Expecting TTP to fail (security controls working)
+            return not has_successes
 class AssertAction(Action):

scythe_ttp-0.17.2/scythe/ttps/web/login_bruteforce.py ADDED Viewed

@@ -0,0 +1,195 @@
+from selenium.webdriver.common.by import By
+from selenium.webdriver.remote.webdriver import WebDriver
+from selenium.common.exceptions import NoSuchElementException
+from typing import Dict, Any, Optional
+import requests
+from ...core.ttp import TTP
+from ...payloads.generators import PayloadGenerator
+class LoginBruteforceTTP(TTP):
+    """
+    A TTP that emulates a login bruteforce attack.
+    Supports two execution modes:
+    - UI mode: Uses Selenium to fill login forms
+    - API mode: Makes direct HTTP POST requests to login endpoints
+    """
+    def __init__(self,
+                 payload_generator: PayloadGenerator,
+                 username: str,
+                 username_selector: str = None,
+                 password_selector: str = None,
+                 submit_selector: str = None,
+                 expected_result: bool = True,
+                 authentication=None,
+                 execution_mode: str = 'ui',
+                 api_endpoint: Optional[str] = None,
+                 username_field: str = 'username',
+                 password_field: str = 'password',
+                 success_indicators: Optional[Dict[str, Any]] = None):
+        """
+        Initialize the Login Bruteforce TTP.
+        Args:
+            payload_generator: Generator that yields password payloads
+            username: Username to attempt login with
+            username_selector: CSS selector for username field (UI mode)
+            password_selector: CSS selector for password field (UI mode)
+            submit_selector: CSS selector for submit button (UI mode)
+            expected_result: Whether we expect to find a valid password
+            authentication: Optional authentication to perform before testing
+            execution_mode: 'ui' or 'api'
+            api_endpoint: API endpoint path for login (API mode, e.g., '/api/auth/login')
+            username_field: Field name for username in API request body (API mode)
+            password_field: Field name for password in API request body (API mode)
+            success_indicators: Dict with keys 'status_code' (int), 'response_contains' (str),
+                              'response_not_contains' (str) to determine successful login in API mode
+        """
+        super().__init__(
+            name="Login Bruteforce",
+            description="Attempts to guess a user's password using a list of payloads.",
+            expected_result=expected_result,
+            authentication=authentication,
+            execution_mode=execution_mode
+        )
+        self.payload_generator = payload_generator
+        self.username = username
+        # UI mode fields
+        self.username_selector = username_selector
+        self.password_selector = password_selector
+        self.submit_selector = submit_selector
+        # API mode fields
+        self.api_endpoint = api_endpoint
+        self.username_field = username_field
+        self.password_field = password_field
+        self.success_indicators = success_indicators or {
+            'status_code': 200,
+            'response_not_contains': 'invalid'
+        }
+    def get_payloads(self):
+        """Yields passwords from the configured generator."""
+        yield from self.payload_generator()
+    def execute_step(self, driver: WebDriver, payload: str):
+        """Fills the login form and submits it."""
+        try:
+            username_field = driver.find_element(By.CSS_SELECTOR, self.username_selector)
+            password_field = driver.find_element(By.CSS_SELECTOR, self.password_selector)
+            username_field.clear()
+            username_field.send_keys(self.username)
+            password_field.clear()
+            password_field.send_keys(payload) # Payload is the password
+            # Use submit button if available, otherwise press Enter on the password field
+            try:
+                submit_button = driver.find_element(By.CSS_SELECTOR, self.submit_selector)
+                submit_button.click()
+            except NoSuchElementException:
+                password_field.send_keys("\n")
+        except NoSuchElementException as e:
+            raise Exception(f"Could not find a login element on the page: {e}")
+    def verify_result(self, driver: WebDriver) -> bool:
+        """
+        Checks for indicators of a successful login in UI mode.
+        A simple check is if the URL no longer contains 'login'.
+        """
+        return "login" not in driver.current_url.lower()
+    def execute_step_api(self, session: requests.Session, payload: str, context: Dict[str, Any]) -> requests.Response:
+        """
+        Executes a login attempt via API request.
+        Args:
+            session: requests.Session for making HTTP requests
+            payload: The password to attempt
+            context: Shared context dictionary
+        Returns:
+            requests.Response from the login attempt
+        """
+        from urllib.parse import urljoin
+        # Build the full URL
+        base_url = context.get('target_url', '')
+        if not base_url:
+            raise ValueError("target_url must be set in context for API mode")
+        url = urljoin(base_url, self.api_endpoint or '/login')
+        # Build request body
+        body = {
+            self.username_field: self.username,
+            self.password_field: payload
+        }
+        # Merge auth headers from context
+        headers = {}
+        auth_headers = context.get('auth_headers', {})
+        if auth_headers:
+            headers.update(auth_headers)
+        # Honor rate limiting
+        import time
+        resume_at = context.get('rate_limit_resume_at')
+        now = time.time()
+        if isinstance(resume_at, (int, float)) and resume_at > now:
+            wait_s = min(resume_at - now, 30)
+            if wait_s > 0:
+                time.sleep(wait_s)
+        # Make the request
+        response = session.post(url, json=body, headers=headers or None, timeout=10.0)
+        # Handle rate limiting
+        if response.status_code == 429:
+            retry_after = response.headers.get('Retry-After', '1')
+            try:
+                wait_s = int(retry_after)
+            except (ValueError, TypeError):
+                wait_s = 1
+            context['rate_limit_resume_at'] = time.time() + min(wait_s, 30)
+        return response
+    def verify_result_api(self, response: requests.Response, context: Dict[str, Any]) -> bool:
+        """
+        Verifies if the login attempt was successful based on the API response.
+        Args:
+            response: The response from execute_step_api
+            context: Shared context dictionary
+        Returns:
+            True if login appears successful, False otherwise
+        """
+        # Check status code
+        expected_status = self.success_indicators.get('status_code')
+        if expected_status is not None and response.status_code != expected_status:
+            return False
+        # Check response body contains/not contains strings
+        try:
+            response_text = response.text.lower()
+            # Check if response should contain certain text
+            contains = self.success_indicators.get('response_contains')
+            if contains and contains.lower() not in response_text:
+                return False
+            # Check if response should NOT contain certain text
+            not_contains = self.success_indicators.get('response_not_contains')
+            if not_contains and not_contains.lower() in response_text:
+                return False
+            return True
+        except Exception:
+            # If we can't read the response, consider it a failure
+            return False

scythe-ttp 0.17.1__tar.gz → 0.17.2__tar.gz

Potentially problematic release.

scythe-ttp 0.17.1tar.gz → 0.17.2tar.gz