Files

 main

/

test_renderer.py

Blame

Blame

Latest commit

 

History

History

123 lines (106 loc) · 3.1 KB

 main

/

test_renderer.py

Top

File metadata and controls

• Code
• Blame

123 lines (106 loc) · 3.1 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

from attacktree.models import (

Action,

Block,

Detect,

Discovery,

Edge,

Node,

Root,

Goal,

mitreAttack,

rules,

)

from attacktree.renderer import Renderer

from attacktree.brain import Brain

import pytest

import logging

import inspect

def basicTree():

root = Root("Root")

goal = Goal("Systems Access")

# Create three top tier actions

networkRecon = root.add(

Action(

label="Network Recon",

chain=mitreAttack["recon"],

cost=0,

time=24,

objective="Find network attack surface",

pSuccess=100,

detections=None,

)

)

dnsEnumeration = root.add(

Action(

label="DNS Enumeration",

chain=mitreAttack["recon"],

cost=0,

time=4,

objective="Identify all subdomains",

pSuccess=100,

)

)

linkedInResearch = root.add(

Action(

label="LinkedIn Research",

chain=mitreAttack["recon"],

cost=0,

time=6,

objective="Identify names and email addresses of current employees and customers",

pSuccess=100,

)

)

# Stuff learned from those activities

vpnEndpoint = networkRecon.discovery("VPN Endpoints")

sshEndpoint = networkRecon.discovery("SSH Endpoints")

subdomains = dnsEnumeration.discovery("subdomains")

employeeNames = linkedInResearch.discovery("Employee Names")

keyCustomerNames = linkedInResearch.discovery("Key Customer Details")

# Actions taken based on those discoveries

credentialStuffing = Action(

label="Credential Stuffing",

chain=mitreAttack["credStuffing"],

cost=500,

time=12,

objective="Try known username/password",

pSuccess=100,

)

_ = sshEndpoint.add(credentialStuffing)

_ = vpnEndpoint.add(credentialStuffing)

_ = employeeNames.add(credentialStuffing)

sqlmap = subdomains.add(

Action(

label="sqlmap", chain=mitreAttack["execution"], cost=0, time=2, pSuccess=75

)

)

nikto = subdomains.action("nikto")

phishing = employeeNames.action("SET Phishing")

keyCustomerNames.connectTo(phishing)

# Action Results

sqli = sqlmap.add(

Discovery(

label="Blind injection, viable RCE",

description="",

sensitivity=10,

value=1000,

)

)

dbExploit = sqli.add(

Action(

label="Craft & Deploy RCE",

chain=mitreAttack["execution"],

cost=0,

time=2,

pSuccess=75,

)

)

# Action Results that get to the goal

credentialStuffing.connectTo(goal, label="Passwords Reused")

phishing.connectTo(goal, label="Credentials Stolen")

dbExploit.connectTo(goal)

return root

def test_contextManager(render=False):

with Renderer(root="Reality", goal="Attacker gets data from bucket") as graph:

pwd = graph.root.action("Use password")

block = pwd.block("Block", implemented=False)

block.connectTo(graph.goal)