Adding line numbers and file names to metasploit attacks

pull/14/head
Thorsten Sick 3 years ago
parent 9a24f09a15
commit de71244776

@ -2,6 +2,7 @@
""" Logger for the attack side. Output must be flexible, because we want to be able to feed it into many different processes. From ML to analysts """ """ Logger for the attack side. Output must be flexible, because we want to be able to feed it into many different processes. From ML to analysts """
from inspect import currentframe, getsourcefile
import json import json
import datetime import datetime
from random import randint from random import randint
@ -84,7 +85,11 @@ class AttackLog():
"697e8a432031075e47cccba24417013d": "Persistence"} "697e8a432031075e47cccba24417013d": "Persistence"}
ttp_data = {"t1547": "Persistence", ttp_data = {"t1547": "Persistence",
"t1547.001": "Persistence"} "t1547.001": "Persistence",
"t1547.004": "Persistence",
"t1547.005": "Persistence",
"t1547.009": "Persistence",
"t1547.010": "Persistence"}
if ability_id in data: if ability_id in data:
return data[ability_id] return data[ability_id]
@ -108,7 +113,11 @@ class AttackLog():
"697e8a432031075e47cccba24417013d": "TA0003"} "697e8a432031075e47cccba24417013d": "TA0003"}
ttp_data = {"t1547": "TA0003", ttp_data = {"t1547": "TA0003",
"t1547.001": "TA0003"} "t1547.001": "TA0003",
"t1547.004": "TA0003",
"t1547.005": "TA0003",
"t1547.009": "TA0003",
"t1547.010": "TA0003"}
if ability_id in data: if ability_id in data:
return data[ability_id] return data[ability_id]
@ -519,7 +528,9 @@ class AttackLog():
"description": kwargs.get("description", None), # Generic description for this attack. Set by the attack "description": kwargs.get("description", None), # Generic description for this attack. Set by the attack
"situation_description": kwargs.get("situation_description", None), # Description for the situation this attack was run in. Set by the plugin or attacker emulation "situation_description": kwargs.get("situation_description", None), # Description for the situation this attack was run in. Set by the plugin or attacker emulation
"countermeasure": kwargs.get("countermeasure", None), # Set by the attack "countermeasure": kwargs.get("countermeasure", None), # Set by the attack
"result": None "result": None,
"sourcefile": kwargs.get("sourcefile", getsourcefile(currentframe().f_back)),
"sourceline": kwargs.get("sourceline", currentframe().f_back.f_lineno)
} }
self.__add_to_log__(data) self.__add_to_log__(data)

@ -1,6 +1,7 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
""" Base class for all plugin types """ """ Base class for all plugin types """
from inspect import currentframe
import os import os
from typing import Optional from typing import Optional
import yaml import yaml
@ -26,6 +27,16 @@ class BasePlugin():
self.default_config_name = "default_config.yaml" self.default_config_name = "default_config.yaml"
def get_filename(self):
""" Returns the current filename. """
cf = currentframe()
return cf.f_back.filename
def get_linenumber(self):
""" Returns the current linenumber. """
cf = currentframe()
return cf.f_back.f_lineno
def get_playground(self): def get_playground(self):
""" Returns the machine specific playground """ Returns the machine specific playground

@ -75,6 +75,7 @@ Metasploit attack {{ e.name }}
+ Hunting Tag: {{ e.hunting_tag}} + Hunting Tag: {{ e.hunting_tag}}
+ At {{ e.timestamp }} a Metasploit command {{ e.name }} was used to attack {{ e.target }} from {{ e.source }}. + At {{ e.timestamp }} a Metasploit command {{ e.name }} was used to attack {{ e.target }} from {{ e.source }}.
+ Description: {{ e.description }} + Description: {{ e.description }}
+ Code in {{ e.sourcefile }} / {{ e.sourceline }}
{% if e.metasploit_command is string() %} {% if e.metasploit_command is string() %}
+ Metasploit command: {{ e.metasploit_command }} + Metasploit command: {{ e.metasploit_command }}
{% endif %} {% endif %}

Loading…
Cancel
Save