csle_common.dao.emulation_action.attacker package

Submodules

csle_common.dao.emulation_action.attacker.emulation_attacker_action module

class csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction(id: csle_common.dao.emulation_action.attacker.emulation_attacker_action_id.EmulationAttackerActionId, name: str, cmds: List[str], type: csle_common.dao.emulation_action.attacker.emulation_attacker_action_type.EmulationAttackerActionType, descr: str, ips: List[str], index: int, action_outcome: csle_common.dao.emulation_action.attacker.emulation_attacker_action_outcome.EmulationAttackerActionOutcome = EmulationAttackerActionOutcome.INFORMATION_GATHERING, vulnerability: Optional[str] = None, alt_cmds: Union[None, List[str]] = None, backdoor: bool = False, execution_time: float = 0.0, ts: Optional[float] = None)[source]

Bases: csle_base.json_serializable.JSONSerializable

Class representing an action of the attacker in the emulation

copy() → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Returns: a copy of the DTO

create_execution_config(ip_first_octet: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Creates a new config for an execution

Parameters: ip_first_octet – the first octet of the IP of the new execution
Returns: the new config

static from_dict(d: Dict[str, Any]) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Converts a dict representation to an instance

Parameters: d – the dict to convert
Returns: the created instance

static from_json_file(json_file_path: str) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Reads a json file and converts it to a DTO

Parameters: json_file_path – the json file path
Returns: the converted DTO

static from_kafka_record(record: str) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Converts a kafka record into an instance

Parameters: record – the record to convert
Returns: the created instance

ips_match(ips: List[str]) → bool[source]

Checks if a list of ips overlap with the ips of this host

Parameters: ips – the list of ips to check
Returns: True if they match, False otherwise

masscan_cmds() → Tuple[List[str], List[str]][source]

Augments the original command of the action with extra flags for massscan

Returns: the new command

nikto_cmds() → Tuple[List[str], List[str]][source]

Augments the original command of the action with extra flags for Nikto

Returns: the new command

nmap_cmds(machine_ips: Union[None, List[str]] = None) → Tuple[List[str], List[str]][source]

Augments the original command of the action with extra flags for NMAP

Parameters: machine_ips – list of ips
Returns: the new command

num_attributes() → int[source]

Returns: The number of attributes of the DTO

static schema() → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Returns: get the schema of the DTO

to_dict() → Dict[str, Any][source]

Converts the object to a dict representation

Returns: a dict representation of the object

to_kafka_record() → str[source]

Converts the instance into a kafka record format

Parameters: total_time – the total time of execution
Returns: the kafka record

csle_common.dao.emulation_action.attacker.emulation_attacker_action_config module

Bases: csle_base.json_serializable.JSONSerializable

Configuration of the action space for the attacker in the emulation

static all_actions_config(num_nodes: int, subnet_masks: List[str], hacker_ip: str) → csle_common.dao.emulation_action.attacker.emulation_attacker_action_config.EmulationAttackerActionConfig[source]

Gets the default action config for a given environment, which includes all actions

Parameters

num_nodes – the number of nodes in the environment
subnet_masks – the subnet masks of the environment
hacker_ip – the hacker ip

Returns

static dict_brute_same_user_ids()[source]

Returns: list of brute-force attack ids for teh attacker

static from_dict(d: Dict[str, Any]) → csle_common.dao.emulation_action.attacker.emulation_attacker_action_config.EmulationAttackerActionConfig[source]

Converts a dict representation to an instance

Parameters: d – the dict to convert
Returns: the created instance

static from_json_file(json_file_path: str) → csle_common.dao.emulation_action.attacker.emulation_attacker_action_config.EmulationAttackerActionConfig[source]

Reads a json file and converts it to a DTO

Parameters: json_file_path – the json file path
Returns: the converted DTO

get_action_by_id(action_id: csle_common.dao.emulation_action.attacker.emulation_attacker_action_id.EmulationAttackerActionId) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Gets the action of a given id

Parameters: action_id – the action id
Returns: the action of the id

get_continue_action_idx() → int[source]

Returns: the id of the continue-action

print_actions() → None[source]

Utility function for printing the list of actions

Returns: None

to_dict() → Dict[str, Any][source]

Converts the object to a dict representation

Returns: a dict representation of the object

csle_common.dao.emulation_action.attacker.emulation_attacker_action_id module

class csle_common.dao.emulation_action.attacker.emulation_attacker_action_id.EmulationAttackerActionId(value)[source]

Bases: enum.IntEnum

Enum representing the different attacks in the emulation

CASSANDRA_SAME_USER_PASS_DICTIONARY_ALL = 32

CASSANDRA_SAME_USER_PASS_DICTIONARY_HOST = 13

CONTINUE = 62

CVE_2010_0426_PRIV_ESC = 59

CVE_2015_1427_EXPLOIT = 57

CVE_2015_3306_EXPLOIT = 56

CVE_2015_5602_PRIV_ESC = 60

CVE_2016_10033_EXPLOIT = 58

DVWA_SQL_INJECTION = 55

FIND_FLAG = 39

FINGER_ALL = 50

FINGER_HOST = 49

FIREWALK_ALL = 44

FIREWALK_HOST = 43

FTP_SAME_USER_PASS_DICTIONARY_ALL = 31

FTP_SAME_USER_PASS_DICTIONARY_HOST = 12

HTTP_ENUM_ALL = 46

HTTP_ENUM_HOST = 45

HTTP_GREP_ALL = 48

HTTP_GREP_HOST = 47

INSTALL_TOOLS = 51

IRC_SAME_USER_PASS_DICTIONARY_ALL = 33

IRC_SAME_USER_PASS_DICTIONARY_HOST = 14

MASSCAN_ALL_SCAN = 42

MASSCAN_HOST_SCAN = 41

MONGO_SAME_USER_PASS_DICTIONARY_ALL = 34

MONGO_SAME_USER_PASS_DICTIONARY_HOST = 15

MYSQL_SAME_USER_PASS_DICTIONARY_ALL = 35

MYSQL_SAME_USER_PASS_DICTIONARY_HOST = 16

NETWORK_SERVICE_LOGIN = 38

NIKTO_WEB_HOST_SCAN = 40

NMAP_VULNERS_ALL = 28

NMAP_VULNERS_HOST = 9

OS_DETECTION_SCAN_ALL = 26

OS_DETECTION_SCAN_HOST = 7

PING_SCAN_ALL = 20

PING_SCAN_HOST = 1

POSTGRES_SAME_USER_PASS_DICTIONARY_ALL = 37

POSTGRES_SAME_USER_PASS_DICTIONARY_HOST = 18

SAMBACRY_EXPLOIT = 53

SHELLSHOCK_EXPLOIT = 54

SMTP_SAME_USER_PASS_DICTIONARY_ALL = 36

SMTP_SAME_USER_PASS_DICTIONARY_HOST = 17

SSH_BACKDOOR = 52

SSH_SAME_USER_PASS_DICTIONARY_ALL = 30

SSH_SAME_USER_PASS_DICTIONARY_HOST = 11

STOP = 61

TCP_CON_NON_STEALTH_SCAN_ALL = 22

TCP_CON_NON_STEALTH_SCAN_HOST = 3

TCP_FIN_SCAN_ALL = 23

TCP_FIN_SCAN_HOST = 4

TCP_NULL_SCAN_ALL = 24

TCP_NULL_SCAN_HOST = 5

TCP_SYN_STEALTH_SCAN_ALL = 19

TCP_SYN_STEALTH_SCAN_HOST = 0

TCP_XMAS_TREE_SCAN_ALL = 25

TCP_XMAS_TREE_SCAN_HOST = 6

TELNET_SAME_USER_PASS_DICTIONARY_ALL = 29

TELNET_SAME_USER_PASS_DICTIONARY_HOST = 10

UDP_PORT_SCAN_ALL = 21

UDP_PORT_SCAN_HOST = 2

VULSCAN_ALL = 27

VULSCAN_HOST = 8

csle_common.dao.emulation_action.attacker.emulation_attacker_action_outcome module

Type of attack action outcomes

class csle_common.dao.emulation_action.attacker.emulation_attacker_action_outcome.EmulationAttackerActionOutcome(value)[source]

Bases: enum.IntEnum

Enum representing the different attack outcomes in the emulation.

CONTINUE = 7

FLAG = 3

GAME_END = 6

INFORMATION_GATHERING = 1

LOGIN = 2

PIVOTING = 4

PRIVILEGE_ESCALATION_ROOT = 5

SHELL_ACCESS = 0

csle_common.dao.emulation_action.attacker.emulation_attacker_action_type module

Type of attack actions

class csle_common.dao.emulation_action.attacker.emulation_attacker_action_type.EmulationAttackerActionType(value)[source]

Bases: enum.IntEnum

Enum representing the different attack types in the emulation.

CONTINUE = 5

EXPLOIT = 1

POST_EXPLOIT = 2

PRIVILEGE_ESCALATION = 3

RECON = 0

STOP = 4

csle_common.dao.emulation_action.attacker.emulation_attacker_masscan_actions module

class csle_common.dao.emulation_action.attacker.emulation_attacker_masscan_actions.EmulationAttackerMasscanActions[source]

Bases: object

Class containing attacker Massscan actions in the emulation

static MASSCAN_HOST_SCAN(index: int, ips: Union[None, List[str]] = None, host_ip: str = '') → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Action for running a MASSCAN network scan

Parameters

index – the index of the action
ips – ips of the machines or subnets to apply the action to
host_ip – the host ip

Returns

The created action

csle_common.dao.emulation_action.attacker.emulation_attacker_network_service_actions module

class csle_common.dao.emulation_action.attacker.emulation_attacker_network_service_actions.EmulationAttackerNetworkServiceActions[source]

Bases: object

Class that implements network-service actions for the attacker in the emulation

static SERVICE_LOGIN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Action for using known credentials to login to a server

Parameters

index – index of the machine to apply the action to
ips – ip of the machine to apply the action to

Returns

the action

csle_common.dao.emulation_action.attacker.emulation_attacker_nikto_actions module

class csle_common.dao.emulation_action.attacker.emulation_attacker_nikto_actions.EmulationAttackerNIKTOActions[source]

Bases: object

Class implementing NIKTO scan actions for the attacker in the emulation

static NIKTO_WEB_HOST_SCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Action for running a nikto web scan on a given host

Parameters

index – index of the machine to apply the action to
ips – ip of the machine to apply the action to

Returns

the action

csle_common.dao.emulation_action.attacker.emulation_attacker_nmap_actions module

class csle_common.dao.emulation_action.attacker.emulation_attacker_nmap_actions.EmulationAttackerNMAPActions[source]

Bases: object

Class containing Attacker NMAP actions in the emulation

static CASSANDRA_SAME_USER_PASS_DICTIONARY(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a dictionary attack trying combinations with same user+pw against cassandra

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static FINGER(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a fingerprint scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static FIREWALK(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a firewalk scan to try to identify and bypass firewalls

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static FTP_SAME_USER_PASS_DICTIONARY(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a dictionary attack trying combinations with same user+pw against ftp

Parameters

index – index of the machine to apply the action to
ips – ip of the machine or subnet to apply the action to

Returns

the action

static HTTP_ENUM(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a HTTP enumeration scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static HTTP_GREP(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a HTTP grep scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static IRC_SAME_USER_PASS_DICTIONARY(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a dictionary attack trying combinations with same user+pw against irc

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static MONGO_SAME_USER_PASS_DICTIONARY(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a dictionary attack trying combinations with same user+pw against mongo

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static MYSQL_SAME_USER_PASS_DICTIONARY(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a dictionary attack trying combinations with same user+pw against mysql

Parameters

index – index of the machine to apply the action to
ips – ip of the machines or subnets to apply the action to

Returns

the action

static NMAP_VULNERS(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a vulnerability scan using the Vulners script

Parameters

index – index of the machine to apply the action to
ips – ip of the machine or subnet to apply the action to

Returns

the action

static OS_DETECTION_SCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a OS detection scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static PING_SCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a Ping scan

Parameters

index – index of the machine to apply the action to
ips – ip of the machine or subnet to apply the action to

Returns

the action

static POSTGRES_SAME_USER_PASS_DICTIONARY(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a dictionary attack trying combinations with same user+pw against postgres

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static SMTP_SAME_USER_PASS_DICTIONARY(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a dictionary attack trying combinations with same user+pw against smtp

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static SSH_SAME_USER_PASS_DICTIONARY(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a dictionary attack trying combinations with same user+pw against ssh

Parameters

index – index of the machine to apply the action to
ips – ip of the machine or subnet to apply the action to

Returns

the action

static TCP_CON_NON_STEALTH_SCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a TCP CON (non-stealthy) scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static TCP_FIN_SCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a TCP FIN scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static TCP_NULL_SCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a TCP Null scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static TCP_SYN_STEALTH_SCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a TCP SYN scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static TCP_XMAS_TREE_SCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a TCP XMAS TREE scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static TELNET_SAME_USER_PASS_DICTIONARY(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a dictionary attack trying combinations with same user+pw against telnet

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static UDP_PORT_SCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a UDP port scan

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

static VULSCAN(index: int, ips: Union[None, List[str]] = None) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Runs a vulnerability scan using the VULSCAN script

Parameters

index – index of the machine to apply the action to
ips – ips of the machines or subnets to apply the action to

Returns

the action

csle_common.dao.emulation_action.attacker.emulation_attacker_shell_actions module

class csle_common.dao.emulation_action.attacker.emulation_attacker_shell_actions.EmulationAttackerShellActions[source]

Bases: object

Class implementing regular Bash actions for the attacker (e.g. interacting with filesystem or OS) in the emulation

static CVE_2010_0426_PRIV_ESC(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Launches the CVE-2010-0426 exploit

Parameters: index – index of the machine to apply the action to
Returns: the action

static CVE_2015_1427_EXPLOIT(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Launches the CVE-2015-1427 exploit

Parameters: index – index of the machine to apply the action to
Returns: the action

static CVE_2015_3306_EXPLOIT(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Launches the CVE-2015-3306 exploit

Parameters: index – index of the machine to apply the action to
Returns: the action

static CVE_2015_5602_PRIV_ESC(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Launches the CVE-2015-5602 exploit

Parameters: index – index of the machine to apply the action to
Returns: the action

static CVE_2016_10033_EXPLOIT(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Launches the CVE-2016-10033 exploit

Parameters: index – index of the machine to apply the action to
Returns: the action

static DVWA_SQL_INJECTION(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Launches the DVWA SQL Injection exploit

Parameters: index – index of the machine to apply the action to
Returns: the action

static FIND_FLAG(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Searches through the file systems that have been compromised to find a flag

Parameters: index – index of the machine to apply the action to
Returns: the action

static INSTALL_TOOLS(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Installs tools on compromised machines

Parameters: index – index of the machine to apply the action to
Returns: the created action

static SAMBACRY_EXPLOIT(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Launches the sambacry exploit

Parameters: index – index of the machine to apply the action to
Returns: the action

static SHELLSHOCK_EXPLOIT(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Launches the shellshock exploit

Parameters: index – index of the machine to apply the action to
Returns: the action

static SSH_BACKDOOR(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Installs a SSH backdoor on a compromised machine

Parameters: index – index of the machine to apply the action to
Returns: the action

csle_common.dao.emulation_action.attacker.emulation_attacker_stopping_actions module

class csle_common.dao.emulation_action.attacker.emulation_attacker_stopping_actions.EmulationAttackerStoppingActions[source]

Bases: object

Class implementing stopping actions for the attacker in the emulation

static CONTINUE(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

A “continue” action, the attacker chooses to not make any action

Parameters: index – index of the machine to apply the action to
Returns: the action

static STOP(index: int) → csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction[source]

Reports a detected intrusion and stops

Parameters: index – index of the machine to apply the action to
Returns: the action

csle_common.dao.emulation_action.attacker package

Submodules

csle_common.dao.emulation_action.attacker.emulation_attacker_action module

csle_common.dao.emulation_action.attacker.emulation_attacker_action_config module

csle_common.dao.emulation_action.attacker.emulation_attacker_action_id module

csle_common.dao.emulation_action.attacker.emulation_attacker_action_outcome module

csle_common.dao.emulation_action.attacker.emulation_attacker_action_type module

csle_common.dao.emulation_action.attacker.emulation_attacker_masscan_actions module

csle_common.dao.emulation_action.attacker.emulation_attacker_network_service_actions module

csle_common.dao.emulation_action.attacker.emulation_attacker_nikto_actions module

csle_common.dao.emulation_action.attacker.emulation_attacker_nmap_actions module

csle_common.dao.emulation_action.attacker.emulation_attacker_shell_actions module

csle_common.dao.emulation_action.attacker.emulation_attacker_stopping_actions module

Module contents