scythe-ttp 0.17.4__py3-none-any.whl → 0.17.6__py3-none-any.whl

scythe/auth/cookie_jwt.py

@@ -49,14 +49,17 @@ class CookieJWTAuth(Authentication):
     
     Behavior:
     - In API mode: JourneyExecutor will call get_auth_cookies(); this class will
-      perform a POST to login_url (if token not cached), parse JSON, extract the
-      token via jwt_json_path, and return {cookie_name: token}.
+      perform a POST to login_url (if token not cached), extract the token, and 
+      return {cookie_name: token}.
     - In UI mode: authenticate() will ensure the browser has the cookie set for
       the target domain.
     
     Parameters:
     - content_type: Either "json" (default) to send payload as JSON, or "form" 
       to send as application/x-www-form-urlencoded form data.
+    - jwt_source: Either "json" (default) to extract JWT from the JSON response body
+      using jwt_json_path, or "cookie" to extract it from the Set-Cookie response header
+      using cookie_name.
     """
 
     def __init__(self,
@@ -69,6 +72,7 @@ class CookieJWTAuth(Authentication):
                  jwt_json_path: str = "token",
                  cookie_name: str = "stellarbridge",
                  content_type: str = "json",
+                 jwt_source: str = "json",
                  session: Optional[requests.Session] = None,
                  description: str = "Authenticate via API and set JWT cookie"):
         super().__init__(
@@ -84,6 +88,7 @@ class CookieJWTAuth(Authentication):
         self.jwt_json_path = jwt_json_path
         self.cookie_name = cookie_name
         self.content_type = content_type
+        self.jwt_source = jwt_source
         # Avoid importing requests in test environments; allow injected session
         self._session = session or (requests.Session() if requests is not None else None)
         self.token: Optional[str] = None
@@ -99,15 +104,32 @@ class CookieJWTAuth(Authentication):
                 resp = self._session.post(self.login_url, json=payload, timeout=15)
             # try json; raise on non-2xx to surface errors
             resp.raise_for_status()
-            data = resp.json()
         except Exception as e:
             raise AuthenticationError(f"Login request failed: {e}", self.name)
-        token = _extract_by_dot_path(data, self.jwt_json_path)
-        if not token or not isinstance(token, str):
-            raise AuthenticationError(
-                f"JWT not found at path '{self.jwt_json_path}' in login response",
-                self.name,
-            )
+        
+        # Extract token from either response cookies or JSON body
+        token = None
+        if self.jwt_source == "cookie":
+            # Extract from response cookies
+            token = resp.cookies.get(self.cookie_name)
+            if not token or not isinstance(token, str):
+                raise AuthenticationError(
+                    f"JWT cookie '{self.cookie_name}' not found in login response",
+                    self.name,
+                )
+        else:
+            # Extract from JSON response body
+            try:
+                data = resp.json()
+            except Exception as e:
+                raise AuthenticationError(f"Failed to parse JSON response: {e}", self.name)
+            token = _extract_by_dot_path(data, self.jwt_json_path)
+            if not token or not isinstance(token, str):
+                raise AuthenticationError(
+                    f"JWT not found at path '{self.jwt_json_path}' in login response",
+                    self.name,
+                )
+        
         self.token = token
         self.store_auth_data('jwt', token)
         self.store_auth_data('login_time', time.time())

scythe/cli/main.py

@@ -71,16 +71,42 @@ def scythe_test_definition(args) -> bool:
     
     # Example usage with TTPExecutor:
     # from scythe.core.executor import TTPExecutor
-    # executor = TTPExecutor(ttp=my_ttp, target_url=args.url)
+    # from scythe.ttps.web.login_bruteforce import LoginBruteforceTTP
+    # 
+    # ttp = LoginBruteforceTTP(
+    #     payloads=['admin', 'root', 'test'],
+    #     expected_result=False  # Expect security controls to block attempts
+    # )
+    # executor = TTPExecutor(ttp=ttp, target_url=args.url)
     # executor.run()
     # return executor.was_successful()  # Returns True if all results matched expectations
     
     # Example usage with JourneyExecutor:
     # from scythe.journeys.executor import JourneyExecutor
-    # executor = JourneyExecutor(journey=my_journey, target_url=args.url)
+    # from scythe.journeys.base import Journey, Step
+    # from scythe.journeys.actions import NavigateAction, FillFormAction, ClickAction
+    # 
+    # journey = Journey(
+    #     name="Login Journey",
+    #     description="Test user login flow",
+    #     expected_result=True  # Expect journey to succeed
+    # )
+    # journey.add_step(Step("Navigate").add_action(NavigateAction(url=args.url)))
+    # executor = JourneyExecutor(journey=journey, target_url=args.url)
     # executor.run()
     # return executor.was_successful()  # Returns True if journey succeeded as expected
     
+    # Example usage with Orchestrators:
+    # from scythe.orchestrators.scale import ScaleOrchestrator
+    # from scythe.orchestrators.base import OrchestrationStrategy
+    # 
+    # orchestrator = ScaleOrchestrator(
+    #     strategy=OrchestrationStrategy.PARALLEL,
+    #     max_workers=10
+    # )
+    # result = orchestrator.orchestrate_ttp(ttp=my_ttp, target_url=args.url, replications=100)
+    # return orchestrator.exit_code(result) == 0  # Returns True if all executions succeeded
+    
     return True
 
 

scythe/core/executor.py

@@ -344,3 +344,12 @@ class TTPExecutor:
             True if all test results matched expectations, False otherwise
         """
         return not self.has_test_failures
+    
+    def exit_code(self) -> int:
+        """
+        Get the exit code for this test execution.
+        
+        Returns:
+            0 if test was successful (results matched expectations), 1 otherwise
+        """
+        return 0 if self.was_successful() else 1

scythe/journeys/executor.py

@@ -463,6 +463,15 @@ class JourneyExecutor:
         actual = self.execution_results.get('overall_success', False)
         expected = self.execution_results.get('expected_result', True)
         return actual == expected
+    
+    def exit_code(self) -> int:
+        """
+        Get the exit code for this journey execution.
+        
+        Returns:
+            0 if journey was successful (results matched expectations), 1 otherwise
+        """
+        return 0 if self.was_successful() else 1
 
 
 class JourneyRunner:

scythe/orchestrators/base.py

@@ -281,6 +281,24 @@ class Orchestrator(ABC):
                 self.logger.warning(f"  ... and {len(result.errors) - 3} more errors")
         
         self.logger.info("="*60)
+    
+    def exit_code(self, result: OrchestrationResult) -> int:
+        """
+        Get the exit code for an orchestration result.
+        
+        An orchestration is considered successful if all executions completed
+        successfully (matching their expected results).
+        
+        Args:
+            result: OrchestrationResult to evaluate
+            
+        Returns:
+            0 if all executions were successful, 1 otherwise
+        """
+        # Check if any executions failed or if there were errors
+        if result.failed_executions > 0 or len(result.errors) > 0:
+            return 1
+        return 0
 
 
 class ExecutionContext:

{scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.17.4
+Version: 0.17.6
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
 Author-email: EpykLab <cyber@epyklab.com>
 Classifier: Programming Language :: Python :: 3

{scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.6.dist-info}/RECORD

@@ -3,7 +3,7 @@ scythe/auth/__init__.py,sha256=InEANqWEIAULFyzH9IyxWDPs_gJd3m_JYmzoaBk_37M,420
 scythe/auth/base.py,sha256=DllKaPGj0MRyRh4PQgQ2TUFgeAXjgXOT2h6zUz2ZAag,3807
 scythe/auth/basic.py,sha256=H4IG9-Y7wFe7ZQCNHmmqhre-Pp9CnBxlT23h2uvOPWo,14354
 scythe/auth/bearer.py,sha256=ngOL-sS6FcfB8XAKMR-CZbpqyySu2MaKxUl10SyBmmI,12687
-scythe/auth/cookie_jwt.py,sha256=YJP40A74hYrKSFXDcMSfmWlouOc_tPI4321UAswvRa4,6652
+scythe/auth/cookie_jwt.py,sha256=A5ysCd6mVPNRj3aGNhk68GyM8A2hNW4BqCLZOQ8sa5U,7610
 scythe/behaviors/__init__.py,sha256=w-WRBGRgna5a1N8oHP2aXSQnkQUHyOXiujpwEVf_ZyM,291
 scythe/behaviors/base.py,sha256=INvIYKVIWzEi5w_4njOwKZ3X9IvySvqiMJnYX7_2Lns,3955
 scythe/behaviors/default.py,sha256=MDx4N-KwC23pPLGu1-ZIkGiTRNUG3Lxjbvo7SJ3UwMc,2117
@@ -11,17 +11,17 @@ scythe/behaviors/human.py,sha256=1PqYvE7cnxlj-KDmDIr3uzfWHvDAbbxQxJ0V0iTl9yo,102
 scythe/behaviors/machine.py,sha256=NDMUq3mDhpCvujzAFxhn2eSVq78-J-LSBhIcvHkzKXo,4624
 scythe/behaviors/stealth.py,sha256=xv7MrPQgRCdCUJyYTcXV2aasWZoAw8rAQWg-AuQVb7U,15278
 scythe/cli/__init__.py,sha256=9EVxmFiWsAoqWJ6br1bc3BxlA71JyOQP28fUHhX2k7E,43
-scythe/cli/main.py,sha256=DFvOB39tX4FeiOxitJwXfq28J13GjewBZ9gOA_0HOjI,26003
+scythe/cli/main.py,sha256=LUaaf8D6barO6IxdV_F-ML6hLyNE0rINGH32NRhryG4,27130
 scythe/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-scythe/core/executor.py,sha256=FTuhvWiNOsN1LZ4scEsVGDXx9D3yF3tiAoDt-HW2QRI,16038
+scythe/core/executor.py,sha256=F8r_t5vSvsxNuUFx-Y0JzSe051cj_w42iyZrS7wocb4,16306
 scythe/core/headers.py,sha256=AokCQ3F5QGUcfoK7iO57hA1HHL4IznZeWV464_MqYcE,16670
 scythe/core/ttp.py,sha256=tEYIhDdr8kcwQrlcfVmdeLFiAfOvc0BhPOVxPh8TiWo,5676
 scythe/journeys/__init__.py,sha256=Odi8NhRg7Hefmo1EJj1guakrCSPhsuus4i-_62uUUjs,654
 scythe/journeys/actions.py,sha256=URr53p1GQxSIBZo0IubchQ1dlfvnPHgCtmkRfLSoi7A,40333
 scythe/journeys/base.py,sha256=vXIgEnSW__iYTriBbuMG4l_XCM96xojJH_fyFScKoBY,24969
-scythe/journeys/executor.py,sha256=uJkjO3PALSLZh3IOSxgX18gRJX_Bck3gW9OClusiQeE,24949
+scythe/journeys/executor.py,sha256=wSAFFU9qwyYA2Q_5TZBUDgafVb1slwvj0VNJ7cR46FE,25223
 scythe/orchestrators/__init__.py,sha256=_vemcXjKbB1jI0F2dPA0F1zNsyUekjcXImLDUDhWDN0,560
-scythe/orchestrators/base.py,sha256=YOZV0ewlzJ49H08P_LKnimutUms8NnDrQprFpSKhOeM,13595
+scythe/orchestrators/base.py,sha256=oZ68VmX18mBITvFUXfHJYvIE20PCfEAKrsikdr6_0Qg,14219
 scythe/orchestrators/batch.py,sha256=FpK501kk-earJzz6v7dcuw2y708rTvt_IMH_5qjKdrc,26635
 scythe/orchestrators/distributed.py,sha256=ts19NZzPfr0ouFbUFrktPO-iL5jBNB57mcOh0eDJDmE,33554
 scythe/orchestrators/scale.py,sha256=l2-4U6ISeBDBZz7CG6ef9W-zyF6LiAM4uXXKlfczLB0,21394
@@ -32,9 +32,9 @@ scythe/ttps/web/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 scythe/ttps/web/login_bruteforce.py,sha256=ybmN2Vl9-p58YbOchirY1193GvlaTmUTW1qlluN_l3I,7816
 scythe/ttps/web/sql_injection.py,sha256=rIRHaRUilSrMA5q5MO1RqR6-TM_fRIiCanPaFz5wKKs,11712
 scythe/ttps/web/uuid_guessing.py,sha256=JwNt_9HVynMWFPPU6UGJFcpxvMVDsvc_wAnJVtcYbps,1235
-scythe_ttp-0.17.4.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
-scythe_ttp-0.17.4.dist-info/METADATA,sha256=GxFEimDo4r_WDY2KHy26MvpRJZJmM07DKV9q2wfioCw,30188
-scythe_ttp-0.17.4.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scythe_ttp-0.17.4.dist-info/entry_points.txt,sha256=rAAsFBcCm0OX3I4uRyclfx4YJGoTuumZKY43HN7R5Ro,48
-scythe_ttp-0.17.4.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
-scythe_ttp-0.17.4.dist-info/RECORD,,
+scythe_ttp-0.17.6.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
+scythe_ttp-0.17.6.dist-info/METADATA,sha256=aDbgWW5k5aPpO5qgiORRyrYbSNLk6J-KQ6qaIGtnTx0,30188
+scythe_ttp-0.17.6.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scythe_ttp-0.17.6.dist-info/entry_points.txt,sha256=rAAsFBcCm0OX3I4uRyclfx4YJGoTuumZKY43HN7R5Ro,48
+scythe_ttp-0.17.6.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
+scythe_ttp-0.17.6.dist-info/RECORD,,