AMOSSYS Cyber Range client API
Project description
AMOSSYS Cyber Range client API
Installation
Note: it is recommanded to install the package in a virtualenv in order to avoid conflicts with version dependencies of other packages.
python3 setup.py install
Configuration
Access to the Cyber Range is possible with either of the following configuration methods.
Configuration through configuration file (CLI only)
It is possible to configure access to the Cyber Range through a configuration file, specified with the --config
command line parameter:
$ cyber_range --help
(...)
--config CONFIG Configuration file
(...)
Configuration file content should be of the form --key = value
(without quotes in values), as in the following exemple:
[DEFAULT]
--core-url = https://[CORE-URL-API]
--user_activity-url = https://[USER-ACTIVITY-URL-API]
--provisioning-url = https://[PROVISIONING-URL-API]
--redteam-url = https://[REDTEAM-URL-API]
--cacert = <PATH TO CA CERT>
--cert = <PATH TO CLIENT CERT>
--key = <PATH TO CLIENT PRIVATE KEY>
Configuration through command line arguments (CLI only)
It is possible to configure access to the Cyber Range through command line arguments. See cyber_range --help
command line output for available parameters:
$ cyber_range
(...)
--core-url CORE_API_URL
Set core API URL (default: 'http://127.0.0.1:5000')
--user_activity-url USER_ACTIVITY_API_URL
Set user activity API URL (default: 'http://127.0.0.1:5002')
--provisioning-url PROVISIONING_API_URL
Set provisioning API URL (default: 'http://127.0.0.1:5003')
--redteam-url REDTEAM_API_URL
Set redteam API URL (default: 'http://127.0.0.1:5004')
--cacert CACERT Set path to CA certs (default: None)
--cert CERT Set path to client cert (default: None)
--key KEY Set path to client key (default: None)
Configuration through programmatic means
It is possible to configure access to the Cyber Range programmatically in Python:
import cr_api_client.config import cr_api_client_config
# Set URL API
cr_api_client_config.core_api_url = "https://[CORE-URL-API]"
cr_api_client_config.user_activity_api_url = "https://[USER-ACTIVITY-URL-API]"
cr_api_client_config.provisioning_api_url = "https://[PROVISIONING-URL-API]"
cr_api_client_config.publish_api_url = "https://[PUBLISH-URL-API]"
cr_api_client_config.redteam_api_url = "https://[REDTEAM-URL-API]"
# Set server and client certificates for Core API
cr_api_client_config.cacert = "<PATH TO CA CERT>"
cr_api_client_config.cert = "<PATH TO CLIENT CERT>"
cr_api_client_config.key = "<PATH TO CLIENT PRIVATE KEY>"
Or by using environment variable before calling a script depending on
cr_api_client
python library:
export CORE_API_URL="https://[CORE-URL-API]"
export USER_ACTIVITY_API_URL="https://[USER-ACTIVITY-URL-API]"
export PROVISIONING_API_URL="https://[PROVISIONING-URL-API]"
export PUBLISH_API_URL="https://[PUBLISH-URL-API]"
export REDTEAM_API_URL="https://[REDTEAM-URL-API]"
./my_custom_client
CLI usage
See cyber_range --help
command line output for available parameters:
$ cyber_range --help
(...)
Programmatic usage
Platform initialization API
Before starting a new simulation, the platform has to be initialized:
core_api.reset()
redteam_api.reset_redteam()
Simulation API
# Create a simulation from a topology
core_api.create_simulation_from_topology(topology_file: str)
# Create a simulation from a basebox ID
core_api.create_simulation_from_basebox(basebox_id: str)
# Start the simulation, with current time (by default) or time where the VM was created (use_vm_time=True)
core_api.start_simulation(id_simulation: int, use_vm_time: bool)
# Pause a simulation (calls libvirt suspend API)
core_api.pause_simulation(id_simulation: int)
# Unpause a simulation (calls libvirt resume API)
core_api.unpause_simulation(id_simulation: int)
# Properly stop a simulation, by sending a shutdown signal to the operating systems
core_api.halt_simulation(id_simulation: int)
# Stop a simulation through a hard reset
core_api.destroy_simulation(id_simulation: int)
# Clone a simulation and create a new simulation, and return the new ID
core_api.clone_simulation(id_simulation: int) -> int
# Delete a simulation in database
core_api.delete_simulation(id_simulation: int)
Provisioning API
# Apply provisioning configuration defined in YAML file on simulation defined in argument ID OR on machines defined in file
# ``wait`` parameter defines if the function wait for task to complete or not.
provisioning_execute(id_simulation: int = None,
machines_file: str = None,
provisioning_file: str,
debug: bool = False,
wait: bool = True,
) -> Tuple[bool, str]:
# Apply ansible playbooks on specified target(s):
# ``wait`` parameter defines if the function wait for task to complete or not.
def provisioning_ansible(id_simulation: int = None,
machines_file: str = None,
playbook_path: str = None,
target_roles: List[str] = [],
target_system_types: List[str] = [],
target_operating_systems: List[str] = [],
target_names: List[str] = [],
extra_vars: str = None,
debug: bool = False,
wait: bool = True,
) -> Tuple[bool, str]:
# Get status on targeted simulation
provisioning_api.provisioning_status(id_simulation: int)
# Get provisioning result on targeted simulation
provisioning_api.provisioning_result(id_simulation: int)
User activity API
user_activity_api.user_activity_play(id_simulation: int, user_activity_path: str,
debug_mode: str = 'off', speed: str = 'normal',
user_activity_file_results: str = None)
This method makes it possible to play user activities defined in user activity path
on simulation defined in id_simulation
.
These parameters are mandatory.
The following parameters are optional:
-
debug_mode
: This parameter has to be used for debug only. It corresponds to the level of verbosity of the debug traces generated during the execution of user actions:'off'
: no debug traces,'on'
: with debug traces,'full'
: with maximum debug traces.
The default is
'off'
. Debug traces are generated on the server side only. -
speed
: This parameter affects the speed of typing keys on the keyboard and the speed of mouse movement:'slow'
: slow speed,'normal'
: normal speed,'fast'
: fast speed.
The default is
'normal'
. -
user_activity_file_results
: This parameter makes it possible to get the user activity results (of user actions) in a file. Results are stored using a json format. The file name should be absolute ('/tmp/results.json'
for example).Here an example:
{ "success": true, "scenario_results": [ { "name": "user_activity.py", "success": true, "target": { "name": "CLIENT1", "role": "client", "basebox_id": 70, "ip_address": "localhost", "vnc_port": 5901 }, "action_packs": { "operating_system": "operating_system/windows7" }, "action_list": [ { "name": "open_session", "parameters": { "password": "7h7JMc67", "password_error": "false", "login": "John" }, "start_time": "2021-03-01 12:39:25.119", "end_time": "2021-03-01 12:39:57.325", "success": true, "implemented": true }, { "name": "close_session", "parameters": {}, "start_time": "2021-03-01 12:40:02.330", "end_time": "2021-03-01 12:40:09.303", "success": true, "implemented": true } ] } ] }
Here are some examples of calling this method:
user_activity_api.user_activity_play(1, './user_activity/my_scenario') # this is the common way
user_activity_api.user_activity_play(1, './user_activity/my_scenario', scenario_file_results='/tmp/results.json')
user_activity_api.user_activity_play(1, './user_activity/my_scenario', debug_mode='full', speed='fast')
Redteam API
redteam_api.execute_scenario(attack_list: str)
This method executes sequentially each attack in list. For each attack this method displays started time and ending time (last_update).
redteam_api.execute_attack_name(attack_name: str, waiting_worker: bool = True)
This method execute one attack, selected by name.
def init_knowledge(data: List[dict])
Load data into knowledge database.
Example :
[
{"software":
{"host_ip": "192.168.33.11",
"software": {"category": "os"},
"credentials":[{"username": "Administrateur", "password": "123pass"}]
}
}
]
def attack_infos(id_attack: str)
Get status and output for attack.
Example :
status = "success",
output = [
{
"attack_session": {
"idAttackSession": 1,
"source": "vffxlcationgreedinessb.com",
"type": "powershell",
"identifier": "d67672cb-8f64-420a-a7ba-1d33d7b7fd45",
"privilege_level": 1,
"idHost": 1
}
}
]
redteam_api.list_workers()
This method list all workers availabe in platform. List of attributes :
- stability
- reliability
- side_effect
- killchain_step : step in MITRE ATT&CK killchain
{
"worker_id":"1548_002_001",
"name":"uac_bypass",
"description":"Use Metasploit uac bypass",
"stability":"CRASH_SAFE",
"reliability":"ALWAYS",
"side_effect":"NETWORK_CONNECTION",
"killchain_step":"privilege_escalation",
"repeatable":false
}
redteam_api.list_attacks()
This method return all attack (available, successed or failed) with time information and origin. List of attributes :
- idAttack : Identifier for attack action
- status : Attack status (failed, success or runnable)
- created_date
- started_date
- last_update : End time
- values : Values send to the worker
- output : Data generated by this attack
- source: idAttack that created it
Here an example :
{
"idAttack":13,
"worker":
{
"worker_id":"1548_002_001",
"name":"uac_bypass",
"description":"Use Metasploit uac bypass",
"stability":"FIRST_ATTEMPT_FAIL",
"reliability":"ALWAYS",
"side_effect":"NETWORK_CONNECTION",
"killchain_step":"privilege_escalation",
"repeatable":false
},
"status":"success",
"created_date":"2021-04-21 10:33:00",
"started_date":"2021-04-21 10:37:04",
"last_update":"2021-04-21 10:37:06",
"values":"{\"Host.ip\": \"192.168.2.101\", \"AttackSession.type\": \"windows/x64/meterpreter/reverse_tcp\", \"AttackSession.source\": \"192.168.2.66\", \"AttackSession.identifier\": \"1\"}",
"output": "",
"source":1}
In progress
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for cr_api_client-4.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 829a9da571e7d4426c94903d03dcd0347319bc80ca3eb64928e3fbc458790448 |
|
MD5 | 609eb2b2e8a8e063bbdbd538f590317b |
|
BLAKE2b-256 | 81116dd63fa366b2d7f40bc7faf3530994b84f0b3c55f3105fd1368b8f8f16f8 |