archive
/
PurpleDome
mirror of https://github.com/avast/PurpleDome
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
develop
polishing2
presentation_gpn_2022
more_unit_tests
extending_page
main
caldera_4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b2fc4c81d4'
${ noResults }
PurpleDome/doc/source/extending/attack_plugins.rst

55 lines
1.8 KiB
ReStructuredText
Raw Blame History

**************
Attack plugins
**************
Attack features of PurpleDome can be extended using a plugin system. Those attack plugins can start Caldera attacks, run Kali command line tools or use Metasploit.
An example plugin is in the file *hydra_plugin.py*. It contains a plugin class that **MUST** be based on the *AttackPlugin* class.
.. attention::
This projects goal is to improve defense. Adding any attack must be done with this goal in mind. To guarantee that:
* Only add attacks that are already used by malware and attackers
* Link to blog posts describing this attack
* Maybe already drop some ideas how to detect and block
* Or even add code to detect and block it
Usage
=====
To create a new plugin, start a sub-folder in *plugins*. The python file in there must contain a class that inherits from *AttackPlugin*.
Boilerplate
-----------
The boilerplate contains some basics:
* name: a unique name, also used in the config yaml file to reference this plugin
* description: A human readable description for this plugin.
* ttp: The TTP number of this kali attack. See https://attack.mitre.org/ "???" if it is unknown "multiple" if it covers several TTPs
* references. A list of urls to blog posts or similar describing the attack
* required_files: A list. If you ship files with your plugin, listing them here will cause them to be installed on plugin init.
Better than using required_files is to use:
* required_files_attacker: required files to send to the attacker
* required_files_target: required files to send to the target
Method: run
-----------
This will run the attack.
* targets: a list of target machines. If you need the network address, use target[0].get_ip()
The plugin class
================
.. autoclass:: plugins.base.attack.AttackPlugin
:members:
:member-order: bysource
:show-inheritance:
Reference in New Issue View Git Blame Copy Permalink