forked from splunk/attack_range_local
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathattack_range_local.py
131 lines (104 loc) · 4.56 KB
/
attack_range_local.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
import os
import sys
import argparse
from modules import logger
from pathlib import Path
from modules.CustomConfigParser import CustomConfigParser
from modules.VagrantController import VagrantController
# need to set this ENV var due to a OSX High Sierra forking bug
# see this discussion for more details: https://github.com/ansible/ansible/issues/34056#issuecomment-352862252
os.environ['OBJC_DISABLE_INITIALIZE_FORK_SAFETY'] = 'YES'
VERSION = 1
if __name__ == "__main__":
# grab arguments
parser = argparse.ArgumentParser(description="starts a attack range ready to collect attack data into splunk")
parser.add_argument("-a", "--action", required=False, choices=['build', 'destroy', 'simulate', 'stop', 'resume', 'dump'],
help="action to take on the range, defaults to \"build\", build/destroy/simulate/stop/resume allowed")
parser.add_argument("-t", "--target", required=False,
help="target for attack simulation. For mode vagrant use name of the vbox")
parser.add_argument("-st", "--simulation_technique", required=False, type=str, default="",
help="comma delimited list of MITRE ATT&CK technique ID to simulate in the attack_range, example: T1117, T1118, requires --simulation flag")
parser.add_argument("-sa", "--simulation_atomics", required=False, type=str, default="",
help="specify dedicated Atomic Red Team atomics to simulate in the attack_range, example: Regsvr32 remote COM scriptlet execution for T1117")
parser.add_argument("-c", "--config", required=False, default="attack_range_local.conf",
help="path to the configuration file of the attack range")
parser.add_argument("-lm", "--list_machines", required=False, default=False, action="store_true", help="prints out all available machines")
parser.add_argument("-dn", "--dump_name", required=False, help="define the dump name")
parser.add_argument("-v", "--version", default=False, action="store_true", required=False,
help="shows current attack_range version")
# parse them
args = parser.parse_args()
ARG_VERSION = args.version
action = args.action
target = args.target
config = args.config
simulation_techniques = args.simulation_technique
simulation_atomics = args.simulation_atomics
list_machines = args.list_machines
dump_name = args.dump_name
print("""
starting program loaded for B1 battle droid
||/__'`.
|//()'-.:
|-.||
|o(o)
|||\\\ .==._
|||(o)==::'
`|T ""
()
|\\
||\\
()()
||//
|//
.'=`=.
""")
# parse config
attack_range_config = Path(config)
if attack_range_config.is_file():
print("attack_range is using config at path {0}".format(attack_range_config))
configpath = str(attack_range_config)
else:
print("ERROR: attack_range failed to find a config file at {0} or {1}..exiting".format(attack_range_config))
sys.exit(1)
# Parse config
parser = CustomConfigParser()
config = parser.load_conf(configpath)
log = logger.setup_logging(config['log_path'], config['log_level'])
log.info("INIT - attack_range v" + str(VERSION))
if ARG_VERSION:
log.info("version: {0}".format(VERSION))
sys.exit(0)
if not action and not list_machines:
log.error('ERROR: Use -a to perform an action or -lm to list available machines')
sys.exit(1)
if action == 'simulate' and not target:
log.error('ERROR: Specify target for attack simulation')
sys.exit(1)
if action == 'dump' and not dump_name:
log.error('ERROR: Specify --dump_name for dump command')
sys.exit(1)
# lets give CLI priority over config file for pre-configured techniques
if simulation_techniques:
pass
else:
simulation_techniques = config['art_run_techniques']
if not simulation_atomics:
simulation_atomics = 'no'
controller = VagrantController(config, log)
if list_machines:
controller.list_machines()
sys.exit(0)
if action == 'build':
controller.build()
if action == 'destroy':
controller.destroy()
if action == 'stop':
controller.stop()
if action == 'resume':
controller.resume()
if action == 'simulate':
controller.simulate(target, simulation_techniques, simulation_atomics)
if action == 'dump':
controller.dump(dump_name)
# rnfgre rtt ol C4G12VPX