PurpleDome/doc/source/extending/vulnerability_plugins.rst

*********************
Vulnerability plugins
*********************

For an attack leave attack traces on a machine it should be vulnerable. Services should run. Old application be installed, users with weak passwords added to the system. You get the idea.

For you as a user to be flexible there is a vulnerability plugin type that (surprise !) adds vulnerabilities to targets.

This plugin type allows you to punch some holes into the protection of a machine. Which vulnerability plugins are loaded for a specific target is defined in the configuration file. Feel free to weaken the defenses.

Usage
=====

To create a new plugin, start a sub-folder in plugins. The python file in there must contain a class that inherits from *VulnerabilityPlugin*.

There is an example plugin *linux_sshd_config_issues.py* that you can use as template.

Boilerplate
-----------

The boilerplate contains some basics:

* name: a unique name, also used in the config yaml file to reference this plugin
* description: A human readable description for this plugin.
* ttp: The TTP number linked to this vulnerability. See https://attack.mitre.org/ as a hint which TTP this vulnerability could be related to. If you do not know the TTP, use "???"
* references: A list of urls to blog posts or similar describing the vulnerability
* required_files: If you ship files with your plugin, listing them here will cause them to be installed on plugin init.

Method: install (optional)
--------------------------

*start* starts the vulnerability on the target. *install* is called before that. If you have to setup anything in the plugin space (and not on the target) do it here.

Method: start
-------------

Starts the vulnerability on the machine. The most important method you can use here is "self.run_cmd" and execute a shell command.

Method: stop
------------

Undo the changes after the attacks ran. If the machine is re-used (and not re-built or run from a snapshot) this will make it simpler for the user to run more experiments on slightly modified systems.

The plugin class
================

.. autoclass:: plugins.base.vulnerability_plugin.VulnerabilityPlugin
   :members:
Initial update Started documentation Added documentation Fixed README Autor: Thorsten Sick <thorsten.sick@avast.com> Datum: Fri Apr 16 11:16:03 2021 +0200 Initial commit 3 years ago			`*********************`
			`Vulnerability plugins`
			`*********************`

Updated documentation 3 years ago			`For an attack leave attack traces on a machine it should be vulnerable. Services should run. Old application be installed, users with weak passwords added to the system. You get the idea.`

			`For you as a user to be flexible there is a vulnerability plugin type that (surprise !) adds vulnerabilities to targets.`
Initial update Started documentation Added documentation Fixed README Autor: Thorsten Sick <thorsten.sick@avast.com> Datum: Fri Apr 16 11:16:03 2021 +0200 Initial commit 3 years ago
Updated core documentation rst files 3 years ago			`This plugin type allows you to punch some holes into the protection of a machine. Which vulnerability plugins are loaded for a specific target is defined in the configuration file. Feel free to weaken the defenses.`
Initial update Started documentation Added documentation Fixed README Autor: Thorsten Sick <thorsten.sick@avast.com> Datum: Fri Apr 16 11:16:03 2021 +0200 Initial commit 3 years ago
			`Usage`
			`=====`

			`To create a new plugin, start a sub-folder in plugins. The python file in there must contain a class that inherits from VulnerabilityPlugin.`

			`There is an example plugin linux_sshd_config_issues.py that you can use as template.`

			`Boilerplate`
			`-----------`

			`The boilerplate contains some basics:`

			`* name: a unique name, also used in the config yaml file to reference this plugin`
			`* description: A human readable description for this plugin.`
Updated documentation 3 years ago			`* ttp: The TTP number linked to this vulnerability. See https://attack.mitre.org/ as a hint which TTP this vulnerability could be related to. If you do not know the TTP, use "???"`
			`* references: A list of urls to blog posts or similar describing the vulnerability`
			`* required_files: If you ship files with your plugin, listing them here will cause them to be installed on plugin init.`
Initial update Started documentation Added documentation Fixed README Autor: Thorsten Sick <thorsten.sick@avast.com> Datum: Fri Apr 16 11:16:03 2021 +0200 Initial commit 3 years ago
Updated core documentation rst files 3 years ago			`Method: install (optional)`
			`--------------------------`

Updated documentation 3 years ago			`start starts the vulnerability on the target. install is called before that. If you have to setup anything in the plugin space (and not on the target) do it here.`
Updated core documentation rst files 3 years ago
Initial update Started documentation Added documentation Fixed README Autor: Thorsten Sick <thorsten.sick@avast.com> Datum: Fri Apr 16 11:16:03 2021 +0200 Initial commit 3 years ago			`Method: start`
			`-------------`

Updated documentation 3 years ago			`Starts the vulnerability on the machine. The most important method you can use here is "self.run_cmd" and execute a shell command.`
Initial update Started documentation Added documentation Fixed README Autor: Thorsten Sick <thorsten.sick@avast.com> Datum: Fri Apr 16 11:16:03 2021 +0200 Initial commit 3 years ago
			`Method: stop`
			`------------`

			`Undo the changes after the attacks ran. If the machine is re-used (and not re-built or run from a snapshot) this will make it simpler for the user to run more experiments on slightly modified systems.`

			`The plugin class`
			`================`

			`.. autoclass:: plugins.base.vulnerability_plugin.VulnerabilityPlugin`
			`:members:`