archive
/
PurpleDome
mirror of https://github.com/avast/PurpleDome
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
develop
polishing2
presentation_gpn_2022
more_unit_tests
extending_page
main
caldera_4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c0598c577b'
${ noResults }
PurpleDome/doc/source/extending/kali_plugins.rst

63 lines
2.2 KiB
ReStructuredText
Raw Blame History

************
Kali plugins
************
Kali attacks can be extended using a plugin system. An example plugin is in the file *hydra_plugin.py*. It contains a plugin class that **MUST** be based on the *KaliPlugin* class.
::
Important: We want to improve defense in this project. Adding any attack must be done with this goal. To guarantee that:
* Only add attacks that are already ITW
* Link to blog posts describing this attack
* Maybe already drop some ideas how to detect and block
* Or even add code to detect and block it
Usage
=====
To create a new plugin, start a sub-folder in plugins. The python file in there must contain a class that inherits from *KaliPlugin*.
There is an example plugin *hydra.py* that you can use as template.
Boilerplate
-----------
The boilerplate contains some basics:
* name: a unique name, also used in the config yaml file to reference this plugin
* description: A human readable description for this plugin.
* ttp: The TTP number of this kali attack. See https://attack.mitre.org/
* references. A list of urls to blog posts or similar describing the attack
* required_files: A list. If you ship files with your plugin, listing them here will cause them to be installed on plugin init.
Method: process_config
----------------------
This class processes the plugin specific configuration. The *config* parameter will contain the plugin specific part of the yaml config file. You job will be to parse it, offer sane defaults and store the parsed config in *self.conf[]*.
Method: command
---------------
Creates a command that can be run on the kali machine as command. Parameters and configs you can use:
* targets: a list of ip addresses of potential targets
* config: special config for this call
* self.sysconf: global plugin configuration. Like the path to the kali share (internal or external)
* self.conf: The configuration you created in the *process_config* method
Method: run
-----------
This will run the command line created by the method *command* on the kali attacker.
Configuration
-------------
If you are using the plugin, you **must** have a config section for this kali plugin in the configuration. Even if it is empty.
The plugin class
================
.. autoclass:: plugins.base.kali.KaliPlugin
:members:
Reference in New Issue View Git Blame Copy Permalink