PyPI - scythe-ttp - Versions diffs - 0.17.1__tar.gz → 0.17.3__tar.gz - Mend

scythe-ttp 0.17.1tar.gz → 0.17.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of scythe-ttp might be problematic. Click here for more details.

Files changed (63) hide show

{scythe_ttp-0.17.1/scythe_ttp.egg-info → scythe_ttp-0.17.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.17.1
+Version: 0.17.3
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
 Author-email: EpykLab <cyber@epyklab.com>
 Classifier: Programming Language :: Python :: 3

scythe_ttp-0.17.3/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 0.17.3

{scythe_ttp-0.17.1 → scythe_ttp-0.17.3}/scythe/core/executor.py RENAMED Viewed

@@ -3,9 +3,10 @@ import logging
 from selenium import webdriver
 from selenium.webdriver.chrome.options import Options
 from .ttp import TTP
-from typing import Optional
+from typing import Optional, Dict, Any
 from ..behaviors.base import Behavior
 from .headers import HeaderExtractor
+import requests
 # Configure logging
 logging.basicConfig(
@@ -60,7 +61,18 @@ class TTPExecutor:
             self.logger.info(f"Using behavior: {self.behavior.name}")
             self.logger.info(f"Behavior description: {self.behavior.description}")
-        self._setup_driver()
+        # Check execution mode
+        if self.ttp.execution_mode == 'api':
+            self.logger.info("Execution mode: API")
+            self._run_api_mode()
+            return
+        else:
+            self.logger.info("Execution mode: UI")
+            self._setup_driver()
+            self._run_ui_mode()
+    def _run_ui_mode(self):
+        """Execute TTP in UI mode using Selenium."""
         try:
             # Handle authentication if required
@@ -172,6 +184,108 @@ class TTPExecutor:
         finally:
             self._cleanup()
+    def _run_api_mode(self):
+        """Execute TTP in API mode using requests."""
+        session = requests.Session()
+        context: Dict[str, Any] = {
+            'target_url': self.target_url,
+            'auth_headers': {},
+            'rate_limit_resume_at': None
+        }
+        try:
+            # Handle authentication if required (API mode)
+            if self.ttp.requires_authentication():
+                auth_name = self.ttp.authentication.name if self.ttp.authentication else "Unknown"
+                self.logger.info(f"Authentication required for TTP: {auth_name}")
+                # Try to get auth headers directly
+                try:
+                    if hasattr(self.ttp.authentication, 'get_auth_headers'):
+                        auth_headers = self.ttp.authentication.get_auth_headers() or {}
+                        context['auth_headers'] = auth_headers
+                        session.headers.update(auth_headers)
+                        self.logger.info("Authentication headers applied")
+                except Exception as e:
+                    self.logger.warning(f"Failed to get auth headers: {e}")
+            consecutive_failures = 0
+            for i, payload in enumerate(self.ttp.get_payloads(), 1):
+                # Check if behavior wants to continue
+                if self.behavior and not self.behavior.should_continue(i, consecutive_failures):
+                    self.logger.info("Behavior requested to stop execution")
+                    break
+                self.logger.info(f"Attempt {i}: Executing with payload -> '{payload}'")
+                try:
+                    # Execute API request
+                    response = self.ttp.execute_step_api(session, payload, context)
+                    # Use behavior delay if available, otherwise use default
+                    if self.behavior:
+                        step_delay = self.behavior.get_step_delay(i)
+                    else:
+                        step_delay = self.delay
+                    time.sleep(step_delay)
+                    # Verify result
+                    success = self.ttp.verify_result_api(response, context)
+                    # Compare actual result with expected result
+                    if success:
+                        consecutive_failures = 0
+                        # Extract target version from response headers
+                        target_version = response.headers.get('X-SCYTHE-TARGET-VERSION') or response.headers.get('x-scythe-target-version')
+                        result_entry = {
+                            'payload': payload,
+                            'url': response.url if hasattr(response, 'url') else self.target_url,
+                            'expected': self.ttp.expected_result,
+                            'actual': True,
+                            'target_version': target_version
+                        }
+                        self.results.append(result_entry)
+                        if self.ttp.expected_result:
+                            version_info = f" | Version: {target_version}" if target_version else ""
+                            self.logger.info(f"EXPECTED SUCCESS: '{payload}'{version_info}")
+                        else:
+                            version_info = f" | Version: {target_version}" if target_version else ""
+                            self.logger.warning(f"UNEXPECTED SUCCESS: '{payload}' (expected to fail){version_info}")
+                            self.has_test_failures = True
+                    else:
+                        consecutive_failures += 1
+                        if self.ttp.expected_result:
+                            self.logger.info(f"EXPECTED FAILURE: '{payload}' (security control working)")
+                            self.has_test_failures = True
+                        else:
+                            self.logger.info(f"EXPECTED FAILURE: '{payload}'")
+                except Exception as step_error:
+                    consecutive_failures += 1
+                    self.logger.error(f"Error during step {i}: {step_error}")
+                    # Let behavior handle the error
+                    if self.behavior:
+                        if not self.behavior.on_error(step_error, i):
+                            self.logger.info("Behavior requested to stop due to error")
+                            break
+                    else:
+                        # Default behavior: continue on most errors
+                        continue
+        except KeyboardInterrupt:
+            self.logger.info("Test interrupted by user.")
+        except Exception as e:
+            self.logger.error(f"An unexpected error occurred: {e}", exc_info=True)
+        finally:
+            session.close()
+            self._cleanup()
     def _cleanup(self):
         """Closes the WebDriver and prints a summary."""
         if self.driver:

{scythe_ttp-0.17.1 → scythe_ttp-0.17.3}/scythe/core/ttp.py RENAMED Viewed

@@ -1,9 +1,10 @@
 from abc import ABC, abstractmethod
-from typing import Generator, Any, Optional, TYPE_CHECKING
+from typing import Generator, Any, Optional, TYPE_CHECKING, Dict
 from selenium.webdriver.remote.webdriver import WebDriver
 if TYPE_CHECKING:
     from ..auth.base import Authentication
+    import requests
 class TTP(ABC):
     """
@@ -11,9 +12,14 @@ class TTP(ABC):
     Each TTP implementation must define how to generate payloads, how to
     execute a test step with a given payload, and how to verify the outcome.
+    TTPs can operate in two modes:
+    - 'ui': Uses Selenium WebDriver to interact with web UI (default)
+    - 'api': Uses requests library to interact directly with backend APIs
     """
-    def __init__(self, name: str, description: str, expected_result: bool = True, authentication: Optional['Authentication'] = None):
+    def __init__(self, name: str, description: str, expected_result: bool = True,
+                 authentication: Optional['Authentication'] = None, execution_mode: str = 'ui'):
         """
         Initialize a TTP.
@@ -24,11 +30,13 @@ class TTP(ABC):
                            True means we expect to find vulnerabilities/success conditions.
                            False means we expect the security controls to prevent success.
             authentication: Optional authentication mechanism to use before executing TTP
+            execution_mode: Execution mode - 'ui' for Selenium-based UI testing or 'api' for direct API testing
         """
         self.name = name
         self.description = description
         self.expected_result = expected_result
         self.authentication = authentication
+        self.execution_mode = execution_mode.lower()
     @abstractmethod
     def get_payloads(self) -> Generator[Any, None, None]:
@@ -80,9 +88,59 @@ class TTP(ABC):
     @abstractmethod
     def verify_result(self, driver: WebDriver) -> bool:
         """
-        Verifies the outcome of the executed step.
+        Verifies the outcome of the executed step in UI mode.
         Returns:
             True if the test indicates a potential success/vulnerability, False otherwise.
         """
         pass
+    def execute_step_api(self, session: 'requests.Session', payload: Any, context: Dict[str, Any]) -> 'requests.Response':
+        """
+        Executes a single test action using the provided payload via API request.
+        This method should be overridden by TTPs that support API mode.
+        Args:
+            session: requests.Session instance for making HTTP requests
+            payload: The payload to use for this test iteration
+            context: Shared context dictionary for storing state and auth headers
+        Returns:
+            requests.Response object from the API call
+        Raises:
+            NotImplementedError: If the TTP does not support API mode
+        """
+        raise NotImplementedError(f"{self.name} does not support API execution mode")
+    def verify_result_api(self, response: 'requests.Response', context: Dict[str, Any]) -> bool:
+        """
+        Verifies the outcome of the executed step in API mode.
+        This method should be overridden by TTPs that support API mode.
+        Args:
+            response: The requests.Response object from execute_step_api
+            context: Shared context dictionary for accessing state
+        Returns:
+            True if the test indicates a potential success/vulnerability, False otherwise
+        Raises:
+            NotImplementedError: If the TTP does not support API mode
+        """
+        raise NotImplementedError(f"{self.name} does not support API result verification in API mode")
+    def supports_api_mode(self) -> bool:
+        """
+        Check if this TTP implementation supports API execution mode.
+        Returns:
+            True if API mode is supported, False otherwise
+        """
+        # Check if the TTP has overridden the API methods
+        try:
+            # Try to call the method on the class to see if it's been overridden
+            return (type(self).execute_step_api != TTP.execute_step_api or
+                    type(self).verify_result_api != TTP.verify_result_api)
+        except Exception:
+            return False

{scythe_ttp-0.17.1 → scythe_ttp-0.17.3}/scythe/journeys/actions.py RENAMED Viewed

@@ -439,81 +439,163 @@ class TTPAction(Action):
             True if TTP execution matches expected result, False otherwise
         """
         try:
-            # Determine target URL
-            if self.target_url:
-                url = self.target_url
-            elif 'current_url' in context:
-                url = context['current_url']
+            # Check execution mode
+            if self.ttp.execution_mode == 'api':
+                return self._execute_api_mode(driver, context)
             else:
-                url = driver.current_url
-            # Navigate to URL if needed
-            if url != driver.current_url:
-                driver.get(url)
-            # Execute TTP authentication if required
-            if self.ttp.requires_authentication():
-                auth_success = self.ttp.authenticate(driver, url)
-                if not auth_success:
-                    self.store_result('error', 'TTP authentication failed')
-                    return False
-            # Execute TTP payloads
-            ttp_results = []
-            success_count = 0
-            total_count = 0
+                return self._execute_ui_mode(driver, context)
+        except Exception as e:
+            self.store_result('error', str(e))
+            return False
+    def _execute_ui_mode(self, driver: WebDriver, context: Dict[str, Any]) -> bool:
+        """Execute TTP in UI mode using Selenium."""
+        # Determine target URL
+        if self.target_url:
+            url = self.target_url
+        elif 'current_url' in context:
+            url = context['current_url']
+        else:
+            url = driver.current_url
+        # Navigate to URL if needed
+        if url != driver.current_url:
+            driver.get(url)
+        # Execute TTP authentication if required
+        if self.ttp.requires_authentication():
+            auth_success = self.ttp.authenticate(driver, url)
+            if not auth_success:
+                self.store_result('error', 'TTP authentication failed')
+                return False
+        # Execute TTP payloads
+        ttp_results = []
+        success_count = 0
+        total_count = 0
+        for payload in self.ttp.get_payloads():
+            total_count += 1
-            for payload in self.ttp.get_payloads():
-                total_count += 1
+            try:
+                # Execute step
+                self.ttp.execute_step(driver, payload)
-                try:
-                    # Execute step
-                    self.ttp.execute_step(driver, payload)
-                    # Verify result
-                    result = self.ttp.verify_result(driver)
-                    ttp_results.append({
-                        'payload': str(payload),
-                        'success': result,
-                        'url': driver.current_url
-                    })
+                # Verify result
+                result = self.ttp.verify_result(driver)
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': result,
+                    'url': driver.current_url
+                })
+                if result:
+                    success_count += 1
-                    if result:
-                        success_count += 1
-                except Exception as e:
-                    ttp_results.append({
-                        'payload': str(payload),
-                        'success': False,
-                        'error': str(e),
-                        'url': driver.current_url
-                    })
-            # Store results
-            self.store_result('ttp_name', self.ttp.name)
-            self.store_result('total_payloads', total_count)
-            self.store_result('successful_payloads', success_count)
-            self.store_result('ttp_results', ttp_results)
-            self.store_result('success_rate', success_count / total_count if total_count > 0 else 0)
-            # Update context
-            context[f'ttp_results_{self.ttp.name}'] = ttp_results
-            context['last_ttp_success_count'] = success_count
-            # Determine action success based on expected result
-            has_successes = success_count > 0
+            except Exception as e:
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': False,
+                    'error': str(e),
+                    'url': driver.current_url
+                })
+        # Store results
+        self.store_result('ttp_name', self.ttp.name)
+        self.store_result('execution_mode', 'ui')
+        self.store_result('total_payloads', total_count)
+        self.store_result('successful_payloads', success_count)
+        self.store_result('ttp_results', ttp_results)
+        self.store_result('success_rate', success_count / total_count if total_count > 0 else 0)
+        # Update context
+        context[f'ttp_results_{self.ttp.name}'] = ttp_results
+        context['last_ttp_success_count'] = success_count
+        # Determine action success based on expected result
+        has_successes = success_count > 0
+        if self.expected_result:
+            # Expecting TTP to find vulnerabilities/succeed
+            return has_successes
+        else:
+            # Expecting TTP to fail (security controls working)
+            return not has_successes
+    def _execute_api_mode(self, driver: WebDriver, context: Dict[str, Any]) -> bool:
+        """Execute TTP in API mode using requests library."""
+        import requests
+        # Get or create requests session
+        session = context.get('requests_session')
+        if session is None:
+            session = requests.Session()
+            context['requests_session'] = session
+        # Set target URL in context if provided
+        if self.target_url:
+            context['target_url'] = self.target_url
+        # Verify TTP supports API mode
+        if not self.ttp.supports_api_mode():
+            self.store_result('error', f'TTP {self.ttp.name} does not support API execution mode')
+            return False
+        # Execute TTP payloads via API
+        ttp_results = []
+        success_count = 0
+        total_count = 0
+        for payload in self.ttp.get_payloads():
+            total_count += 1
-            if self.expected_result:
-                # Expecting TTP to find vulnerabilities/succeed
-                return has_successes
-            else:
-                # Expecting TTP to fail (security controls working)
-                return not has_successes
+            try:
+                # Execute step via API
+                response = self.ttp.execute_step_api(session, payload, context)
-        except Exception as e:
-            self.store_result('error', str(e))
-            return False
+                # Verify result
+                result = self.ttp.verify_result_api(response, context)
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': result,
+                    'status_code': response.status_code,
+                    'url': response.url
+                })
+                if result:
+                    success_count += 1
+            except Exception as e:
+                ttp_results.append({
+                    'payload': str(payload),
+                    'success': False,
+                    'error': str(e)
+                })
+        # Store results
+        self.store_result('ttp_name', self.ttp.name)
+        self.store_result('execution_mode', 'api')
+        self.store_result('total_payloads', total_count)
+        self.store_result('successful_payloads', success_count)
+        self.store_result('ttp_results', ttp_results)
+        self.store_result('success_rate', success_count / total_count if total_count > 0 else 0)
+        # Update context
+        context[f'ttp_results_{self.ttp.name}'] = ttp_results
+        context['last_ttp_success_count'] = success_count
+        # Determine action success based on expected result
+        has_successes = success_count > 0
+        if self.expected_result:
+            # Expecting TTP to find vulnerabilities/succeed
+            return has_successes
+        else:
+            # Expecting TTP to fail (security controls working)
+            return not has_successes
 class AssertAction(Action):

scythe-ttp 0.17.1__tar.gz → 0.17.3__tar.gz

Potentially problematic release.

scythe-ttp 0.17.1tar.gz → 0.17.3tar.gz