csle_attacker.emulation package

Subpackages

csle_attacker.emulation.util package

Submodules

csle_attacker.emulation.attacker_stopping_middleware module

class csle_attacker.emulation.attacker_stopping_middleware.AttackerStoppingMiddleware[source]

Bases: object

Class that implements optimal stopping actions for the attacker

static continue_intrusion(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a “continue” action for the attacker (does nothing)

Parameters

s – the current state
a – the action to take

Returns

s_prime, reward, done

static stop_intrusion(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a stopping action for the attacker

Parameters

s – the current state
a – the action to take

Returns

s_prime

csle_attacker.emulation.emulated_attacker module

class csle_attacker.emulation.emulated_attacker.EmulatedAttacker[source]

Bases: object

Represents an emulated attacker agent

static attacker_exploit_action(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Implements transition of an exploit action

Parameters

s – the current state
a – the action

Returns

s’

static attacker_post_exploit_action(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Implements the transition of a post-exploit action

Parameters

s – the current state
a – the action

Returns

s’

static attacker_recon_action(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Implements the transition of a reconnaissance action

Parameters

s – the current state
a – the action

Returns

s’

static attacker_stopping_action(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Implements transition of a stopping action of the attacker

Parameters

s – the current state
a – the action

Returns

s’

static attacker_transition(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, attacker_action: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Implements the transition operator T: (s,a) -> s’

Parameters

s – the current state
attacker_action – the attacker action
emulation_env_config – the emulation environment configuration

Returns

s’

csle_attacker.emulation.exploit_middleware module

class csle_attacker.emulation.exploit_middleware.ExploitMiddleware[source]

Bases: object

Class that implements functionality for executing exploits actions on the emulation

static execute_cassandra_same_user_dictionary(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a Cassandra Dictionary Password Attack action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_cve_2010_0426_exploit(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a CVE-2010-0426 Exploit action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_cve_2015_1427_exploit(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a CVE-2015-1427 Exploit action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_cve_2015_3306_exploit(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a CVE-2015-3306 Exploit action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_cve_2015_5602_exploit(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a CVE-2015-5602 Exploit action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_cve_2016_10033_exploit(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a CVE-2016-10033 Exploit action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_dvwa_sql_injection(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a DVWA SQL Injection Exploit action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_ftp_same_user_dictionary(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a FTP Dictionary Password Attack action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_irc_same_user_dictionary(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a IRC Dictionary Password Attack action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_mongo_same_user_dictionary(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a Mongo Dictionary Password Attack action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_mysql_same_user_dictionary(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a MySQL Dictionary Password Attack action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_postgres_same_user_dictionary(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a Postgres Dictionary Password Attack action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_sambacry(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a Sambacry Exploit action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_shellshock(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a ShellShock Exploit action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_smtp_same_user_dictionary(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a SMTP Dictionary Password Attack action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_ssh_same_user_dictionary(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a SSH Dictionary Password Attack action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_telnet_same_user_dictionary(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a Telnet Dictionary Password Attack action

Parameters

s – the current state
a – the action to take

Returns

s_prime

csle_attacker.emulation.post_exploit_middleware module

class csle_attacker.emulation.post_exploit_middleware.PostExploitMiddleware[source]

Bases: object

Class that implements functionality for executing post-exploits actions on the emulation

static execute_bash_find_flag(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Searches the file system for all servers where the agent is currently logged in to find flags

Parameters

s – the current state
a – the action to take

Returns

s_prime, reward, done

static execute_install_tools(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Uses compromised machines with root access to install tools

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_service_login(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Executes a service login on the emulation using previously found credentials

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_ssh_backdoor(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Uses compromised machines with root access to setup SSH backdoor

Parameters

s – the current state
a – the action to take

Returns

s_prime

csle_attacker.emulation.recon_middleware module

class csle_attacker.emulation.recon_middleware.ReconMiddleware[source]

Bases: object

Class that implements functionality for executing reconnaissance actions on the emulation

static execute_finger(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a finger scan

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_firewalk_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a firewalk scan

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_http_enum(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a http enum scan

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_http_grep(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a http grep scan

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_masscan_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a masscan scan

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_nikto_web_host_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a nikto web host scan

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_nmap_vulners(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a nmap_vulners scan

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_os_detection_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a OS detection scan action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_ping_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a Ping Scan action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_tcp_con_stealth_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a TCP CON Stealth scan action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_tcp_fin_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a TCP FIN scan action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_tcp_null_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a TCP Null scan action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_tcp_syn_stealth_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a TCP SYN Stealth Scan action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_tcp_xmas_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a TCP Xmas scan action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_udp_port_scan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a UDP Port Scan action

Parameters

s – the current state
a – the action to take

Returns

s_prime

static execute_vulscan(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs a vulscan action

Parameters

s – the current state
a – the action to take

Returns

s_prime

csle_attacker.emulation package

Subpackages

Submodules

csle_attacker.emulation.attacker_stopping_middleware module

csle_attacker.emulation.emulated_attacker module

csle_attacker.emulation.exploit_middleware module

csle_attacker.emulation.post_exploit_middleware module

csle_attacker.emulation.recon_middleware module

Module contents