mirror of https://github.com/avast/PurpleDome
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
2.1 KiB
ReStructuredText
48 lines
2.1 KiB
ReStructuredText
*********************
|
|
Vulnerability plugins
|
|
*********************
|
|
|
|
For an attack leave attack traces on a machine it should be vulnerable. Services should run. Old application be installed, users with weak passwords added to the system. You get the idea.
|
|
|
|
For you as a user to be flexible there is a vulnerability plugin type that (surprise !) adds vulnerabilities to targets.
|
|
|
|
This plugin type allows you to punch some holes into the protection of a machine. Which vulnerability plugins are loaded for a specific target is defined in the configuration file. Feel free to weaken the defenses.
|
|
|
|
Usage
|
|
=====
|
|
|
|
To create a new plugin, start a sub-folder in plugins. The python file in there must contain a class that inherits from *VulnerabilityPlugin*.
|
|
|
|
There is an example plugin *linux_sshd_config_issues.py* that you can use as template.
|
|
|
|
Boilerplate
|
|
-----------
|
|
|
|
The boilerplate contains some basics:
|
|
|
|
* name: a unique name, also used in the config yaml file to reference this plugin
|
|
* description: A human readable description for this plugin.
|
|
* ttp: The TTP number linked to this vulnerability. See https://attack.mitre.org/ as a hint which TTP this vulnerability could be related to. If you do not know the TTP, use "???"
|
|
* references: A list of urls to blog posts or similar describing the vulnerability
|
|
* required_files: If you ship files with your plugin, listing them here will cause them to be installed on plugin init.
|
|
|
|
Method: install (optional)
|
|
--------------------------
|
|
|
|
*start* starts the vulnerability on the target. *install* is called before that. If you have to setup anything in the plugin space (and not on the target) do it here.
|
|
|
|
Method: start
|
|
-------------
|
|
|
|
Starts the vulnerability on the machine. The most important method you can use here is "self.run_cmd" and execute a shell command.
|
|
|
|
Method: stop
|
|
------------
|
|
|
|
Undo the changes after the attacks ran. If the machine is re-used (and not re-built or run from a snapshot) this will make it simpler for the user to run more experiments on slightly modified systems.
|
|
|
|
The plugin class
|
|
================
|
|
|
|
.. autoclass:: plugins.base.vulnerability_plugin.VulnerabilityPlugin
|
|
:members: |