forked from splunk/attack_range
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathattack_range.py
More file actions
149 lines (122 loc) · 5.55 KB
/
attack_range.py
File metadata and controls
149 lines (122 loc) · 5.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
import os
import sys
import argparse
from modules import logger
from pathlib import Path
from modules.CustomConfigParser import CustomConfigParser
from modules.TerraformController import TerraformController
from modules.VagrantController import VagrantController
from modules.PackerController import PackerController
# need to set this ENV var due to a OSX High Sierra forking bug
# see this discussion for more details: https://github.com/ansible/ansible/issues/34056#issuecomment-352862252
os.environ['OBJC_DISABLE_INITIALIZE_FORK_SAFETY'] = 'YES'
VERSION = 1
if __name__ == "__main__":
# grab arguments
parser = argparse.ArgumentParser(description="starts a attack range ready to collect attack data into splunk")
parser.add_argument("-m", "--mode", required=False, choices=['vagrant', 'terraform', 'packer'],
help="mode of operation, terraform/vagrant/packer, please see configuration for each at: https://github.com/splunk/attack_range")
parser.add_argument("-a", "--action", required=False, choices=['build', 'destroy', 'simulate', 'stop', 'resume', 'search'],
help="action to take on the range, defaults to \"build\", build/destroy/simulate/stop/resume/search allowed")
parser.add_argument("-t", "--target", required=False,
help="target for attack simulation. For mode vagrant use name of the vbox. For mode terraform use the name of the aws EC2 name")
parser.add_argument("-st", "--simulation_technique", required=False, type=str, default="",
help="comma delimited list of MITRE ATT&CK technique ID to simulate in the attack_range, example: T1117, T1118, requires --simulation flag")
parser.add_argument("-sn", "--search_name", required=False, type=str, default="",
help="name of savedsearch, which you want to run")
parser.add_argument("-c", "--config", required=False, default="attack_range.conf",
help="path to the configuration file of the attack range")
parser.add_argument("-lm", "--list_machines", required=False, default=False, action="store_true", help="prints out all available machines")
parser.add_argument("-ls", "--list_searches", required=False, default=False, action="store_true", help="prints out all available savedsearches")
parser.add_argument("-f", "--force", required=False, default=False, action="store_true", help="forces a regeneration of amis (mode packer only)")
parser.add_argument("-v", "--version", default=False, action="store_true", required=False,
help="shows current attack_range version")
# parse them
args = parser.parse_args()
ARG_VERSION = args.version
mode = args.mode
action = args.action
target = args.target
config = args.config
simulation_techniques = args.simulation_technique
list_machines = args.list_machines
list_searches = args.list_searches
search_name = args.search_name
force = args.force
print("""
starting program loaded for B1 battle droid
||/__'`.
|//()'-.:
|-.||
|o(o)
|||\\\ .==._
|||(o)==::'
`|T ""
()
|\\
||\\
()()
||//
|//
.'=`=.
""")
# parse config
attack_range_config = Path(config)
if attack_range_config.is_file():
print("attack_range is using config at path {0}".format(attack_range_config))
configpath = str(attack_range_config)
else:
print("ERROR: attack_range failed to find a config file at {0} or {1}..exiting".format(attack_range_config))
sys.exit(1)
# Parse config
parser = CustomConfigParser()
config = parser.load_conf(configpath)
log = logger.setup_logging(config['log_path'], config['log_level'])
log.info("INIT - attack_range v" + str(VERSION))
if ARG_VERSION:
log.info("version: {0}".format(VERSION))
sys.exit(0)
if not mode:
log.error('ERROR: Specify Attack Range Mode with -m ')
sys.exit(1)
if mode and not action and not list_machines and not list_searches:
log.error('ERROR: Use -a to perform an action or -lm to list available machines')
sys.exit(1)
if mode and action == 'simulate' and not target:
log.error('ERROR: Specify target for attack simulation')
sys.exit(1)
if mode and action == 'search' and not search_name:
log.error('ERROR: Specify search name to execute.')
sys.exit(1)
if mode != 'packer' and force:
log.error('ERROR: Force can only be used with mode packer.')
sys.exit(1)
# lets give CLI priority over config file for pre-configured techniques
if simulation_techniques:
pass
else:
simulation_techniques = config['art_run_techniques']
if mode == 'terraform':
controller = TerraformController(config, log)
elif mode == 'vagrant':
controller = VagrantController(config, log)
elif mode == 'packer':
controller = PackerController(config, log, force)
if list_machines:
controller.list_machines()
sys.exit(0)
if list_searches:
controller.list_searches()
sys.exit(0)
if action == 'build':
controller.build()
if action == 'destroy':
controller.destroy()
if action == 'stop':
controller.stop()
if action == 'resume':
controller.resume()
if action == 'simulate':
controller.simulate(target, simulation_techniques)
if action == 'search':
controller.search(search_name)