From 0795e848d3ddd66f42a4ca23697e8802d5f77d35 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 08:17:43 -0500
Subject: [PATCH 01/19] feat: zscan example
---
.../web-exploitation/zscan.Dockerfile | 35 ++++++++++++
.../offensive/web-exploitation/zscan.yml | 57 +++++++++++++++++++
2 files changed, 92 insertions(+)
create mode 100644 cybersecurity/offensive/web-exploitation/zscan.Dockerfile
create mode 100644 cybersecurity/offensive/web-exploitation/zscan.yml
diff --git a/cybersecurity/offensive/web-exploitation/zscan.Dockerfile b/cybersecurity/offensive/web-exploitation/zscan.Dockerfile
new file mode 100644
index 0000000..c276ece
--- /dev/null
+++ b/cybersecurity/offensive/web-exploitation/zscan.Dockerfile
@@ -0,0 +1,35 @@
+# Git clone stage
+FROM alpine:latest AS source
+RUN apk add --no-cache git
+WORKDIR /src
+RUN git clone https://github.com/zcyberseclab/zscan.git . || exit 1
+
+# Build stage - update Go version
+FROM golang:1.23.2-alpine AS builder
+WORKDIR /build
+COPY --from=source /src .
+
+# Set Go build flags
+ENV CGO_ENABLED=0 \
+ GOOS=linux \
+ GOARCH=amd64 \
+ GO111MODULE=on
+
+# Build optimized binary
+RUN go mod download && \
+ go build -ldflags="-w -s" -o zscan cmd/main.go
+
+# Final stage
+FROM gcr.io/distroless/static-debian12:nonroot
+WORKDIR /app
+
+# Copy only necessary artifacts
+COPY --from=builder /build/zscan /app/
+COPY --from=builder /build/config /app/config
+COPY --from=builder /build/templates /app/templates
+
+# Container configuration
+USER nonroot:nonroot
+EXPOSE 8080
+
+ENTRYPOINT ["/app/zscan"]
\ No newline at end of file
diff --git a/cybersecurity/offensive/web-exploitation/zscan.yml b/cybersecurity/offensive/web-exploitation/zscan.yml
new file mode 100644
index 0000000..435ff37
--- /dev/null
+++ b/cybersecurity/offensive/web-exploitation/zscan.yml
@@ -0,0 +1,57 @@
+description: >
+ Zscan is a security scanning tool built in Go that provides network exploration
+ and vulnerability assessment capabilities. It combines multiple security tools
+ and techniques into a single interface for comprehensive security testing.
+
+functions:
+ zscan_default_scan:
+ description: Perform a default security scan against specified targets
+ parameters:
+ target:
+ type: string
+ description: The target IP address or CIDR range to scan
+ examples:
+ - 192.168.1.1
+ - 10.0.0.0/24
+ - 127.0.0.1
+
+ container:
+ build:
+ path: ${cwd}/zscan.Dockerfile
+ name: zscan_local
+ args:
+ - --net=host
+ volumes:
+ - ${cwd}:/data
+
+ cmdline:
+ - /app/zscan
+ - -target
+ - ${target}
+
+ zscan_full_scan:
+ description: Perform a comprehensive security scan
+ parameters:
+ target:
+ type: string
+ description: The target IP address or CIDR range to scan
+ threads:
+ type: integer
+ description: Number of concurrent scanning threads
+ default: 10
+
+ container:
+ build:
+ path: ${cwd}/zscan.Dockerfile
+ name: zscan_local
+ args:
+ - --net=host
+ volumes:
+ - ${cwd}:/data
+
+ cmdline:
+ - /app/zscan
+ - -target
+ - ${target}
+ - -threads
+ - ${threads}
From 13dcefba18f2af2040c82837c8f5470ed50bf02b Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 08:29:52 -0500
Subject: [PATCH 02/19] fix: try skip categories in workflow
---
.github/workflows/validate_robopages.yml | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml
index b379e82..7fae42f 100644
--- a/.github/workflows/validate_robopages.yml
+++ b/.github/workflows/validate_robopages.yml
@@ -44,15 +44,14 @@ jobs:
docker pull dreadnode/robopages:latest
- # Run validation with Docker socket mounted
+ # Run validation with Docker socket mounted and skip categories validation
docker run --rm \
-v $(pwd):/workspace \
-v /var/run/docker.sock:/var/run/docker.sock \
-w /workspace \
--privileged \
- dreadnode/robopages:latest validate --path "$(printf '%q' "$file")" --skip-docker
+ dreadnode/robopages:latest validate --path "$(printf '%q' "$file")" --skip-docker --skip-categories
}
-
# Get changed files using GitHub's provided variables
changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | \
grep '\.yml$' | grep -v '^.github/' || true)
@@ -91,4 +90,4 @@ jobs:
pull_number: context.issue.number,
body: body,
event: 'COMMENT'
- });
\ No newline at end of file
+ });
From e27d28b34d27d7c436da2396fa4ed9c3079b51bc Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 08:38:56 -0500
Subject: [PATCH 03/19] fix: remove invalid param and add categories for now
---
.github/workflows/validate_robopages.yml | 2 +-
cybersecurity/offensive/web-exploitation/zscan.yml | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml
index 7fae42f..8f3b637 100644
--- a/.github/workflows/validate_robopages.yml
+++ b/.github/workflows/validate_robopages.yml
@@ -50,7 +50,7 @@ jobs:
-v /var/run/docker.sock:/var/run/docker.sock \
-w /workspace \
--privileged \
- dreadnode/robopages:latest validate --path "$(printf '%q' "$file")" --skip-docker --skip-categories
+ dreadnode/robopages:latest validate --path "$(printf '%q' "$file")" --skip-docker
}
# Get changed files using GitHub's provided variables
changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | \
diff --git a/cybersecurity/offensive/web-exploitation/zscan.yml b/cybersecurity/offensive/web-exploitation/zscan.yml
index 435ff37..8f6100c 100644
--- a/cybersecurity/offensive/web-exploitation/zscan.yml
+++ b/cybersecurity/offensive/web-exploitation/zscan.yml
@@ -3,6 +3,11 @@ description: >
and vulnerability assessment capabilities. It combines multiple security tools
and techniques into a single interface for comprehensive security testing.
+categories:
+ - cybersecurity
+ - offensive
+ - web-expliotation
+
functions:
zscan_default_scan:
description: Perform a default security scan against specified targets
From 6c80369b8318610aa141ed0156c7fa3886791ab8 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 09:46:16 -0500
Subject: [PATCH 04/19] fix: try fix the workflow validation with shell
---
.github/workflows/validate_robopages.yml | 17 +++++++++++++++--
utilities/test.yml | 17 +++++++++++++++++
2 files changed, 32 insertions(+), 2 deletions(-)
create mode 100644 utilities/test.yml
diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml
index b379e82..bede1e0 100644
--- a/.github/workflows/validate_robopages.yml
+++ b/.github/workflows/validate_robopages.yml
@@ -31,6 +31,7 @@ jobs:
run: |
validate_file() {
local file="$1"
+ local tmp_file="/tmp/$(basename $file)"
if [[ ! "$file" =~ ^([a-zA-Z0-9_\-]+/)*[a-zA-Z0-9_\-]+\.yml$ ]]; then
echo "Invalid file path characters: $file"
@@ -40,17 +41,29 @@ jobs:
if [[ "$file" == *"../"* ]]; then
echo "Directory traversal attempt detected: $file"
return 1
+ }
+
+ # Create copy and inject categories if missing
+ cp "$file" "$tmp_file"
+ if ! grep -q "categories:" "$tmp_file"; then
+ # Extract categories from path
+ categories=$(dirname "$file" | tr '/' '\n' | awk 'NF' | sed 's/^/ - /')
+ # Inject categories into YAML
+ echo -e "\ncategories:\n$categories" >> "$tmp_file"
fi
docker pull dreadnode/robopages:latest
- # Run validation with Docker socket mounted
+ # Run validation with Docker socket mounted using temp file
docker run --rm \
-v $(pwd):/workspace \
-v /var/run/docker.sock:/var/run/docker.sock \
+ -v "$tmp_file:/workspace/$(basename $file)" \
-w /workspace \
--privileged \
- dreadnode/robopages:latest validate --path "$(printf '%q' "$file")" --skip-docker
+ dreadnode/robopages:latest validate --path "$(basename $file)" --skip-docker
+
+ rm "$tmp_file"
}
# Get changed files using GitHub's provided variables
diff --git a/utilities/test.yml b/utilities/test.yml
new file mode 100644
index 0000000..db935c3
--- /dev/null
+++ b/utilities/test.yml
@@ -0,0 +1,17 @@
+description: Test robopage for validation
+
+functions:
+ test_function:
+ description: A simple test function
+ parameters:
+ input:
+ type: string
+ description: Test input parameter
+ examples:
+ - "test value"
+ container:
+ force: true
+ image: alpine:latest
+ cmdline:
+ - echo
+ - ${input}
From 1f8a11dc3a70b23ce73472c8ee3bfa187cf21cc8 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 10:05:32 -0500
Subject: [PATCH 05/19] fix: syntax err
---
.github/workflows/validate_robopages.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml
index bede1e0..c38e59f 100644
--- a/.github/workflows/validate_robopages.yml
+++ b/.github/workflows/validate_robopages.yml
@@ -41,7 +41,7 @@ jobs:
if [[ "$file" == *"../"* ]]; then
echo "Directory traversal attempt detected: $file"
return 1
- }
+ fi
# Create copy and inject categories if missing
cp "$file" "$tmp_file"
From 0579d8f5873f802f28b37920e6a688386a2e80d0 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 10:09:09 -0500
Subject: [PATCH 06/19] chore: rm test file
---
utilities/test.yml | 17 -----------------
1 file changed, 17 deletions(-)
delete mode 100644 utilities/test.yml
diff --git a/utilities/test.yml b/utilities/test.yml
deleted file mode 100644
index db935c3..0000000
--- a/utilities/test.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-description: Test robopage for validation
-
-functions:
- test_function:
- description: A simple test function
- parameters:
- input:
- type: string
- description: Test input parameter
- examples:
- - "test value"
- container:
- force: true
- image: alpine:latest
- cmdline:
- - echo
- - ${input}
From a0ba2a7a9e9fe3293457ea03ef2b5e52ee65bb29 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 13:52:04 -0500
Subject: [PATCH 07/19] feat: rigging pr decorator for robopage prs
---
.github/scripts/rigging_pr_decorator.py | 145 +++++++++++++++++++
.github/workflows/rigging_pr_description.yml | 64 ++++++++
2 files changed, 209 insertions(+)
create mode 100644 .github/scripts/rigging_pr_decorator.py
create mode 100644 .github/workflows/rigging_pr_description.yml
diff --git a/.github/scripts/rigging_pr_decorator.py b/.github/scripts/rigging_pr_decorator.py
new file mode 100644
index 0000000..fb41af0
--- /dev/null
+++ b/.github/scripts/rigging_pr_decorator.py
@@ -0,0 +1,145 @@
+import asyncio
+import base64
+import os
+import typing as t
+
+from pydantic import ConfigDict, StringConstraints
+
+import rigging as rg
+from rigging import logger
+from rigging.generator import GenerateParams, Generator, register_generator
+
+logger.enable("rigging")
+
+MAX_TOKENS = 8000
+TRUNCATION_WARNING = "\n\n**Note**: Due to the large size of this diff, some content has been truncated."
+str_strip = t.Annotated[str, StringConstraints(strip_whitespace=True)]
+
+
+class PRDiffData(rg.Model):
+ """XML model for PR diff data"""
+
+ content: str_strip = rg.element()
+
+ @classmethod
+ def xml_example(cls) -> str:
+ return """example diff content"""
+
+
+class PRDecorator(Generator):
+ """Generator for creating PR descriptions"""
+
+ model_config = ConfigDict(arbitrary_types_allowed=True, validate_assignment=True)
+
+ api_key: str = ""
+ max_tokens: int = MAX_TOKENS
+
+ def __init__(self, model: str, params: rg.GenerateParams) -> None:
+ api_key = params.extra.get("api_key")
+ if not api_key:
+ raise ValueError("api_key is required in params.extra")
+
+ super().__init__(model=model, params=params, api_key=api_key)
+ self.api_key = api_key
+ self.max_tokens = params.max_tokens or MAX_TOKENS
+
+ async def generate_messages(
+ self,
+ messages: t.Sequence[t.Sequence[rg.Message]],
+ params: t.Sequence[GenerateParams],
+ ) -> t.Sequence[rg.GeneratedMessage]:
+ responses = []
+ for message_seq, p in zip(messages, params):
+ base_generator = rg.get_generator(self.model, params=p)
+ llm_response = await base_generator.generate_messages([message_seq], [p])
+ responses.extend(llm_response)
+ return responses
+
+
+register_generator("pr_decorator", PRDecorator)
+
+
+async def generate_pr_description(diff_text: str) -> str:
+ """Generate a PR description from the diff text"""
+ diff_tokens = len(diff_text) // 4
+ if diff_tokens >= MAX_TOKENS:
+ char_limit = (MAX_TOKENS * 4) - len(TRUNCATION_WARNING)
+ diff_text = diff_text[:char_limit] + TRUNCATION_WARNING
+
+ diff_data = PRDiffData(content=diff_text)
+ params = rg.GenerateParams(
+ extra={
+ "api_key": os.environ["OPENAI_API_KEY"],
+ "diff_text": diff_text,
+ },
+ temperature=0.7,
+ max_tokens=500,
+ )
+
+ generator = rg.get_generator("pr_decorator!gpt-4-turbo-preview", params=params)
+ prompt = f"""You are a helpful AI that generates clear and concise PR descriptions.
+ Analyze the provided diff between {PRDiffData.xml_example()} tags and create a summary using exactly this format:
+
+ ### PR Summary
+
+ #### Overview of Changes
+
+
+ #### Key Modifications
+ 1. ****:
+ 2. ****:
+ 3. ****:
+ (continue as needed)
+
+ #### Potential Impact
+ -
+ -
+ -
+ (continue as needed)
+
+ Here is the PR diff to analyze:
+ {diff_data.to_xml()}"""
+
+ chat = await generator.chat(prompt).run()
+ return chat.last.content.strip()
+
+
+async def main():
+ """Main function for CI environment"""
+ if not os.environ.get("OPENAI_API_KEY"):
+ raise ValueError("OPENAI_API_KEY environment variable must be set")
+
+ try:
+ diff_text = os.environ.get("GIT_DIFF", "")
+ if not diff_text:
+ raise ValueError("No diff found in GIT_DIFF environment variable")
+
+ try:
+ diff_text = base64.b64decode(diff_text).decode("utf-8")
+ except Exception:
+ padding = 4 - (len(diff_text) % 4)
+ if padding != 4:
+ diff_text += "=" * padding
+ diff_text = base64.b64decode(diff_text).decode("utf-8")
+
+ logger.debug(f"Processing diff of length: {len(diff_text)}")
+ description = await generate_pr_description(diff_text)
+
+ with open(os.environ["GITHUB_OUTPUT"], "a") as f:
+ f.write("content<> $GITHUB_OUTPUT
+
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.0.3
+ with:
+ python-version: "3.11"
+
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip cache purge
+ pip install rigging[all]
+
+ # Generate the description using the diff
+ - name: Generate PR Description
+ id: description
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+ PR_NUMBER: ${{ github.event.pull_request.number }}
+ GIT_DIFF: ${{ steps.diff.outputs.diff }}
+ run: |
+ python .github/scripts/rigging_pr_decorator.py
+
+ # Update the PR description
+ - name: Update PR Description
+ uses: nefrob/pr-description@4dcc9f3ad5ec06b2a197c5f8f93db5e69d2fdca7 #v1.2.0
+ with:
+ content: |
+ ## AI-Generated Summary
+
+ ${{ steps.description.outputs.content }}
+
+ ---
+
+ This summary was generated with ❤️ by [rigging](https://rigging.dreadnode.io/)
+ regex: ".*"
+ regexFlags: s
+ token: ${{ secrets.GITHUB_TOKEN }}
From f4d9b8abe408ebc9c6565a33f965195db6c175ee Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 13:56:53 -0500
Subject: [PATCH 08/19] fix: pin pydantic
---
.github/workflows/rigging_pr_description.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/rigging_pr_description.yml b/.github/workflows/rigging_pr_description.yml
index 779a58d..b86a94c 100644
--- a/.github/workflows/rigging_pr_description.yml
+++ b/.github/workflows/rigging_pr_description.yml
@@ -34,6 +34,7 @@ jobs:
run: |
python -m pip install --upgrade pip
pip cache purge
+ pip install pydantic==2.9.1
pip install rigging[all]
# Generate the description using the diff
From f4874ffe88a53156b43c6cb06a371ec098b2c932 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 14:25:33 -0500
Subject: [PATCH 09/19] chore: add pr template
---
.github/PULL_REQUEST_TEMPLATE.md | 5 +++++
1 file changed, 5 insertions(+)
create mode 100644 .github/PULL_REQUEST_TEMPLATE.md
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000..6e926f3
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,5 @@
+# robopages
+
+## Welcome
+
+Hello and welcome to robopages, thanks for contributing! You can leave the PR description blank and let [rigging](https://github.com/dreadnode/rigging) perform some magic here.
\ No newline at end of file
From 9736b1fea162213fa269d7214368f85887b28067 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 17:06:58 -0500
Subject: [PATCH 10/19] feat: squealer example cicd go package
---
cybersecurity/cicd/squealer.Dockerfile | 21 ++++++++++++++++
cybersecurity/cicd/squealer.yml | 33 ++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
create mode 100644 cybersecurity/cicd/squealer.Dockerfile
create mode 100644 cybersecurity/cicd/squealer.yml
diff --git a/cybersecurity/cicd/squealer.Dockerfile b/cybersecurity/cicd/squealer.Dockerfile
new file mode 100644
index 0000000..c29f378
--- /dev/null
+++ b/cybersecurity/cicd/squealer.Dockerfile
@@ -0,0 +1,21 @@
+# Git clone stage
+FROM alpine:latest AS source
+RUN apk add --no-cache git
+WORKDIR /src
+RUN git clone https://github.com/owenrumney/squealer.git . && \
+ ls -la # Debug: verify files
+
+# Build stage
+FROM golang:1.21-alpine AS builder
+WORKDIR /build
+COPY --from=source /src/ ./
+RUN ls -la && \
+ go mod vendor && \
+ go build -mod=vendor -ldflags="-w -s" -o squealer ./cmd/squealer
+
+# Final stage
+FROM gcr.io/distroless/static-debian12:nonroot
+WORKDIR /app
+COPY --from=builder /build/squealer /app/
+USER nonroot:nonroot
+ENTRYPOINT ["/app/squealer"]
\ No newline at end of file
diff --git a/cybersecurity/cicd/squealer.yml b/cybersecurity/cicd/squealer.yml
new file mode 100644
index 0000000..caa748d
--- /dev/null
+++ b/cybersecurity/cicd/squealer.yml
@@ -0,0 +1,33 @@
+description: Squealer is a tool that finds secrets like keys, tokens and passwords in your code. It scans remote Git repositories for potential credential leaks.
+
+functions:
+ squealer_scan_git_repo:
+ description: Scan a remote git repository for secrets and credentials
+ parameters:
+ repository:
+ type: string
+ description: Git repository URL (SSH format)
+ examples:
+ - "git@github.com:username/repo.git"
+ - "git@github.com:owenrumney/woopsie.git"
+ container:
+ force: true
+ image: squealer:latest
+ cmdline:
+ - ${repository}
+
+ squealer_scan_everything_git_repo:
+ description: Scan a remote git repository and history for secrets and credentials with everything flag
+ parameters:
+ repository:
+ type: string
+ description: Git repository URL (SSH format)
+ examples:
+ - "git@github.com:username/repo.git"
+ - "git@github.com:owenrumney/woopsie.git"
+ container:
+ force: true
+ image: squealer:latest
+ cmdline:
+ - ${repository}
+ - --everything
From 333db9e654369014ad9ff29860dc7b2d13dd088b Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Mon, 25 Nov 2024 17:17:10 -0500
Subject: [PATCH 11/19] fix: add categories while we wait for other prs to fix
workflow
---
cybersecurity/cicd/squealer.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/cybersecurity/cicd/squealer.yml b/cybersecurity/cicd/squealer.yml
index caa748d..61247ea 100644
--- a/cybersecurity/cicd/squealer.yml
+++ b/cybersecurity/cicd/squealer.yml
@@ -1,5 +1,9 @@
description: Squealer is a tool that finds secrets like keys, tokens and passwords in your code. It scans remote Git repositories for potential credential leaks.
+categories:
+ - cybersecurity
+ - cicd
+
functions:
squealer_scan_git_repo:
description: Scan a remote git repository for secrets and credentials
From ab2f33f6adc4a239798f0cddd4741b92cade0310 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:30:01 -0500
Subject: [PATCH 12/19] fix: fix regression in continue on error
---
.github/workflows/validate_robopages.yml | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml
index c38e59f..7ac2286 100644
--- a/.github/workflows/validate_robopages.yml
+++ b/.github/workflows/validate_robopages.yml
@@ -27,11 +27,11 @@ jobs:
- name: Validate Contribution Files
id: robopages-validation
- continue-on-error: true
run: |
validate_file() {
local file="$1"
local tmp_file="/tmp/$(basename $file)"
+ local validation_status=0
if [[ ! "$file" =~ ^([a-zA-Z0-9_\-]+/)*[a-zA-Z0-9_\-]+\.yml$ ]]; then
echo "Invalid file path characters: $file"
@@ -54,18 +54,22 @@ jobs:
docker pull dreadnode/robopages:latest
- # Run validation with Docker socket mounted using temp file
+ # Run validation and capture the exit status
docker run --rm \
-v $(pwd):/workspace \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$tmp_file:/workspace/$(basename $file)" \
-w /workspace \
--privileged \
- dreadnode/robopages:latest validate --path "$(basename $file)" --skip-docker
+ dreadnode/robopages:latest validate --path "$(basename $file)" --skip-docker || validation_status=$?
rm "$tmp_file"
+ return $validation_status
}
+ # Initialize overall status
+ overall_status=0
+
# Get changed files using GitHub's provided variables
changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | \
grep '\.yml$' | grep -v '^.github/' || true)
@@ -73,9 +77,14 @@ jobs:
# Validate each changed file
for file in $changed_files; do
echo "Validating $file..."
- validate_file "$file" || exit 1
+ if ! validate_file "$file"; then
+ overall_status=1
+ echo "::error::Validation failed for $file"
+ fi
done
+ exit $overall_status
+
- name: Post validation status
if: always()
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #7.0.1
From 22664ffc40ef8553981f81ff66047d77a188a7ce Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:31:13 -0500
Subject: [PATCH 13/19] chore: test use case
---
.github/workflows/validate_robopages.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml
index 7ac2286..465f143 100644
--- a/.github/workflows/validate_robopages.yml
+++ b/.github/workflows/validate_robopages.yml
@@ -7,6 +7,7 @@ on:
- '!.github/**'
branches:
- main
+ - will/feature-mythic-apollo
jobs:
validate:
From 5e9ab63965484871735bddff069bc06ab1755567 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:31:43 -0500
Subject: [PATCH 14/19] chore: revert test branch
---
.github/workflows/validate_robopages.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml
index 465f143..7ac2286 100644
--- a/.github/workflows/validate_robopages.yml
+++ b/.github/workflows/validate_robopages.yml
@@ -7,7 +7,6 @@ on:
- '!.github/**'
branches:
- main
- - will/feature-mythic-apollo
jobs:
validate:
From 5812224e5cbef54cc6fd065620258d0ba5ea4506 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:39:28 -0500
Subject: [PATCH 15/19] chore: update the post validation step
---
.github/workflows/validate_robopages.yml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml
index 7ac2286..10bbeeb 100644
--- a/.github/workflows/validate_robopages.yml
+++ b/.github/workflows/validate_robopages.yml
@@ -90,7 +90,9 @@ jobs:
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #7.0.1
with:
script: |
- const validation_status = '${{ steps.robopages-validation.outcome }}' === 'success' ? '✅ Validation successful' : '❌ Validation failed';
+ const validation_status = process.env.STATE_validation === '0'
+ ? '✅ Validation successful'
+ : '❌ Validation failed';
const runUrl = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`;
const timestamp = new Date().toISOString();
const body = [
@@ -113,4 +115,4 @@ jobs:
pull_number: context.issue.number,
body: body,
event: 'COMMENT'
- });
\ No newline at end of file
+ });�
\ No newline at end of file
From 8208201d279e02619a54527182d9bde2710acc86 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:40:35 -0500
Subject: [PATCH 16/19] chore: test with apollo from 27
---
cybersecurity/offensive/c2 /apollo.yml | 746 +++++++++++++++++++++++++
1 file changed, 746 insertions(+)
create mode 100644 cybersecurity/offensive/c2 /apollo.yml
diff --git a/cybersecurity/offensive/c2 /apollo.yml b/cybersecurity/offensive/c2 /apollo.yml
new file mode 100644
index 0000000..57d85d3
--- /dev/null
+++ b/cybersecurity/offensive/c2 /apollo.yml
@@ -0,0 +1,746 @@
+description: Apollo is a Windows agent written in C# using the 4.0 .NET Framework designed to be used in SpecterOps training offerings. The agent is designed to be used with the Mythic C2 server.
+
+functions:
+ assembly_inject:
+ description: Execute .NET assembly in remote process.
+ parameters:
+ pid:
+ type: integer
+ description: The process ID to inject into.
+ assembly:
+ type: string
+ description: The assembly to inject.
+ args:
+ type: string
+ description: Arguments to pass to the assembly.
+ cmdline:
+ - assembly_inject
+ - -PID
+ - ${pid}
+ - -Assembly
+ - ${assembly}
+ - -Arguments
+ - ${args}
+ blockdlls:
+ description: Block non-Microsoft signed DLLs from loading into post-ex jobs.
+ parameters:
+ enable:
+ type: boolean
+ description: Enable or disable blockdlls.
+ cmdline:
+ - blockdlls
+ - -EnableBlock
+ - ${enable}
+
+ cat:
+ description: Retrieve the output of a file.
+ parameters:
+ file:
+ type: string
+ description: The file to retrieve.
+ cmdline:
+ - cat
+ - -Path
+ - ${file}
+ cd:
+ description: Change working directory.
+ parameters:
+ dir:
+ type: string
+ description: The directory to change to.
+ cmdline:
+ - cd
+ - -Path
+ - ${dir}
+ cp:
+ description: Copy a file from path to destination.
+ parameters:
+ source:
+ type: string
+ description: The source file to copy.
+ destination:
+ type: string
+ description: The destination to copy the file to.
+ cmdline:
+ - cp
+ - -Path
+ - ${source}
+ - -Destination
+ - ${destination}
+ dcsync:
+ description: DCSync one or more user credentials.
+ parameters:
+ domain:
+ type: string
+ description: The domain to DCSync.
+ user:
+ type: string
+ description: The user to DCSync.
+ dc:
+ type: string
+ description: The domain controller to DCSync.
+ cmdline:
+ - dcsync
+ - -Domain
+ - ${domain}
+ - -User
+ - ${user}
+ - -DC
+ - ${dc}
+ download:
+ description: Download a file off the target system.
+ parameters:
+ Path:
+ type: string
+ description: The path to download the file to.
+ Host:
+ type: string
+ description: The hostname to download the file from.
+ cmdline:
+ - download
+ - -Path
+ - ${Path}
+ - -Host
+ - ${Host}
+ execute_assembly:
+ description: Execute a .NET assembly registered with register_file.
+ parameters:
+ assembly:
+ type: string
+ description: The assembly to execute.
+ args:
+ type: string
+ description: Arguments to pass to the assembly.
+ cmdline:
+ - execute_assembly
+ - -Assembly
+ - ${assembly}
+ - -Arguments
+ - ${args}
+ execute_coff:
+ description: Execute a object file (BOF) that's been registered with register_file.
+ parameters:
+ object:
+ type: string
+ description: The object file to execute.
+ function:
+ type: string
+ description: The function to execute.
+ timeout:
+ type: integer
+ description: The timeout for the execution.
+ args:
+ type: string
+ description: Arguments to pass to the object file.
+ cmdline:
+ - execute_coff
+ - -Coff
+ - ${object}
+ - -Function
+ - ${function}
+ - -Timeout
+ - ${timeout}
+ - -Arguments
+ - ${args}
+ execute_pe:
+ description: Execute a statically compiled executable that's been registered with register_file.
+ parameters:
+ binary:
+ type: string
+ description: The binary to execute.
+ args:
+ type: string
+ description: Arguments to pass to the binary.
+ cmdline:
+ - execute_pe
+ - -PE
+ - ${binary}
+ - -Arguments
+ - ${args}
+ exit:
+ description: Task agent to exit.
+ cmdline:
+ - exit
+ get_injection_techniques:
+ description: Show currently registered injection techniques as well as the current technique.
+ cmdline:
+ - get_injection_techniques
+ get_privs:
+ description: Enable as many privileges as possible for the current access token.
+ cmdline:
+ - getprivs
+ ifconfig:
+ description: Get Network Adapters and Interfaces
+ cmdline:
+ - ifconfig
+ inject:
+ description: Inject a new payload into a remote process.
+ parameters:
+ pid:
+ type: integer
+ description: The process ID to inject into.
+ payload:
+ type: string
+ description: The payload to inject.
+ cmdline:
+ - inject
+ - -PID
+ - ${pid}
+ - -Payload
+ - ${payload}
+ inline_assembly:
+ description: Execute a .NET assembly in the currently executing process that's been registered with register_file.
+ parameters:
+ Assembly:
+ type: string
+ description: The assembly to execute.
+ Arguments:
+ type: string
+ description: Additional arguments to pass to the assembly.
+ cmdline:
+ - inline_assembly
+ - -Assembly
+ - ${Assembly}
+ - -Arguments
+ - ${Arguments}
+ jobkill:
+ description: Kill a running job in the agent.
+ parameters:
+ jid:
+ type: integer
+ description: The job ID to kill.
+ cmdline:
+ - jobkill
+ - ${jid}
+ jobs:
+ description: List all running jobs.
+ cmdline:
+ - jobs
+ keylog_inject:
+ description: Inject a keylogger into a remote process.
+ parameters:
+ pid:
+ type: integer
+ description: The process ID to inject into.
+ cmdline:
+ - keylog_inject
+ - -PID
+ - ${pid}
+ kill:
+ description: Attempt to kill the process specified by [pid].
+ parameters:
+ pid:
+ type: integer
+ description: The process ID to kill.
+ cmdline:
+ - kill
+ - -PID
+ - ${pid}
+ link:
+ description: Link to a P2P agent via SMB or TCP.
+ cmdline:
+ - link
+ load:
+ description: Load new commands into the agent.
+ parameters:
+ commands:
+ type: string
+ description: The commands to load.
+ cmdline:
+ - load
+ - ${commands}
+ ls:
+ description: List files and folders in [path]. Defaults to current working directory.
+ parameters:
+ path:
+ type: string
+ description: The path to list files and folders in.
+ cmdline:
+ - ls
+ - -Path
+ - ${path}
+
+ make_token:
+ description: Impersonate a user using plaintext credentials.
+ cmdline:
+ - make_token
+ mimikatz:
+ description: Execute Mimikatz with the specified arguments.
+ parameters:
+ Command:
+ type: string
+ description: The command to execute
+ cmdline:
+ - mimikatz
+ - -Command
+ - ${Command}
+ mkdir:
+ description: Create a directory.
+ parameters:
+ dir:
+ type: string
+ description: The directory to create.
+ cmdline:
+ - mkdir
+ - -Path
+ - ${dir}
+ mv:
+ description: Move a file from source to destination.
+ parameters:
+ source:
+ type: string
+ description: The source file to move.
+ destination:
+ type: string
+ description: The destination to move the file to.
+ cmdline:
+ - mv
+ - -Path
+ - ${source}
+ - -Destination
+ - ${destination}
+ net_dclist:
+ description: List all domain controllers for the current or specified domain.
+ parameters:
+ domain:
+ type: string
+ description: The domain to list domain controllers for.
+ cmdline:
+ - net_dclist
+ - ${domain}
+ net_localgroup_member:
+ description: Retrieve membership information from a specified group on a given computer.
+ parameters:
+ Group:
+ type: string
+ description: The group to retrieve membership information from.
+ Computer:
+ type: string
+ description: The computer to retrieve membership information from.
+ cmdline:
+ - net_localgroup_member
+ - -Group
+ - ${Group}
+ - -Computer
+ - ${Computer}
+ net_localgroup:
+ description: Retrieve local groups known by a computer. Default to localhost.
+ parameters:
+ computer:
+ type: string
+ description: The computer to retrieve local groups from.
+ cmdline:
+ - net_localgroup
+ - ${computer}
+ net_shares:
+ description: Show shares of a remote PC.
+ parameters:
+ computer:
+ type: string
+ description: The computer to show shares from.
+ cmdline:
+ - net_shares
+ - -Computer
+ - ${computer}
+ netstat:
+ description: Get TCP and UDP connections.
+ parameters:
+ Tcp:
+ type: boolean
+ description: Get TCP connections.
+ Udp:
+ type: boolean
+ description: Get UDP connections.
+ Established:
+ type: boolean
+ description: Get established connections.
+ Listen:
+ type: boolean
+ description: Get listening connections.
+ cmdline:
+ - netstat
+ - -Tcp
+ - ${Tcp}
+ - -Udp
+ - ${Udp}
+ - -Established
+ - ${Established}
+ - -Listen
+ - ${Listen}
+ powerpick:
+ description: Executes PowerShell in a sacrificial process.
+ parameters:
+ command:
+ type: string
+ description: The command to execute.
+ cmdline:
+ - powerpick
+ - -Command
+ - ${command}
+ powershell:
+ description: Executes PowerShell in your currently running process.
+ parameters:
+ command:
+ type: string
+ description: The command to execute.
+ cmdline:
+ - powershell
+ - -Command
+ - ${command}
+ powershell_import:
+ description: Register a new .ps1 file to be used in other PowerShell jobs.
+ cmdline:
+ - powershell_import
+ ppid:
+ description: Set the PPID of sacrificial jobs to the specified PID.
+ parameters:
+ pid:
+ type: integer
+ description: The PID to set the PPID to.
+ cmdline:
+ - ppid
+ - -PID
+ - ${pid}
+ printspoofer:
+ description: Execute a command in SYSTEM integrity so long as you have SeImpersonate privileges.
+ parameters:
+ command:
+ type: string
+ description: The command to execute
+ cmdline:
+ - printspoofer
+ - -Command
+ - ${command}
+ ps:
+ description: List process information.
+ cmdline:
+ - ps
+ psinject:
+ description: Executes PowerShell in the process specified by [pid]. Currently stdout is not captured of child processes if not explicitly captured into a variable or via inline execution (such as $(whoami)).
+ parameters:
+ pid:
+ type: integer
+ description: The process ID to inject into.
+ command:
+ type: string
+ description: The command to execute
+ cmdline:
+ - psinject
+ - -PID
+ - ${pid}
+ - -Command
+ - ${command}
+ pth:
+ description: Use mimikatz's pth module to spawn a process with alternate credentials.
+ parameters:
+ domain:
+ type: string
+ description: The domain to use.
+ username:
+ type: string
+ description: The username to use.
+ ntlm_hash:
+ type: string
+ description: The NTLM hash to use.
+ aes128_key:
+ type: string
+ description: The AES128 key to use.
+ aes256_key:
+ type: string
+ description: The AES256 key to use.
+ program:
+ type: string
+ description: The program to run.
+ cmdline:
+ - pth
+ - -Domain
+ - ${domain}
+ - -User
+ - ${username}
+ - -NTLM
+ - ${ntlm_hash}
+ - -AES128
+ - ${aes128_key}
+ - -AES256
+ - ${aes256_key}
+ - -Run
+ - ${program}
+ pwd:
+ description: Print working directory.
+ cmdline:
+ - pwd
+ reg_query:
+ description: Query all subkeys of the specified registry path. Needs to be of the format HKCU:\, HKLM:\, or HKCR:\.
+ parameters:
+ Hive:
+ type: string
+ description: The registry hive to query.
+ Key:
+ type: string
+ description: The registry key to query.
+ cmdline:
+ - reg_query
+ - -Hive
+ - ${Hive}
+ - -Key
+ - ${Key}
+ reg_read_value:
+ description: Read specified values from the registry keys.
+ parameters:
+ Hive:
+ type: string
+ description: The registry hive to read from.
+ Key:
+ type: string
+ description: The registry key to read from.
+ Name:
+ type: string
+ description: The value name to read.
+ cmdline:
+ - reg_read_value
+ - -Hive
+ - ${Hive}
+ - -Key
+ - ${Key}
+ - -Name
+ - ${Name}
+ register_assembly:
+ description: Register a .NET assembly with the agent to be used in .NET post-exploitation activities
+ cmdline:
+ - register_assembly
+
+ register_file:
+ description: Register a file to the agent's file cache. Used to store assemblies, executables, and PowerShell scripts.
+ cmdline:
+ - register_file
+ rev2self:
+ description: Revert the access token to the original access token.
+ cmdline:
+ - rev2self
+ rm:
+ description: Remove a file specified by [path]. Alternatively, if -File is provided, -Path will be used as the directory, and -File will be the filename.
+ parameters:
+ path:
+ type: string
+ description: The path to remove the file from.
+ Host:
+ type: string
+ description: The hostname to remove the file from.
+ File:
+ type: string
+ description: The file to remove.
+ cmdline:
+ - rm
+ - -Path
+ - ${path}
+ - -Host
+ - ${Host}
+ - -File
+ - ${File}
+ run:
+ description: Run the binary specified by [binary.exe] with passed arguments (if any).
+ parameters:
+ binary:
+ type: string
+ description: The binary to run.
+ args:
+ type: string
+ description: The arguments to pass to the binary.
+ cmdline:
+ - run
+ - -Executable
+ - ${binary}
+ - -Arguments
+ - ${args}
+ sc:
+ description: .NET implementation of the Service Control Manager.
+ parameters:
+ Query:
+ type: boolean
+ description: Query a service.
+ Start:
+ type: boolean
+ description: Start a service.
+ Stop:
+ type: boolean
+ description: Stop a service.
+ Create:
+ type: boolean
+ description: Create a service.
+ Delete:
+ type: boolean
+ description: Delete a service.
+ Computer:
+ type: string
+ description: The computer to perform the action on.
+ DisplayName:
+ type: string
+ description: The display name of the service.
+ ServiceName:
+ type: string
+ description: The service name.
+ BinPath:
+ type: string
+ description: The binary path of the service.
+ cmdline:
+ - sc
+ - -Query
+ - ${Query}
+ - -Start
+ - ${Start}
+ - -Stop
+ - ${Stop}
+ - -Create
+ - ${Create}
+ - -Delete
+ - ${Delete}
+ - -Computer
+ - ${Computer}
+ - -DisplayName
+ - ${DisplayName}
+ - -ServiceName
+ - ${ServiceName}
+ - -BinPath
+ - ${BinPath}
+ screenshot_inject:
+ description: Get a screenshot of the desktop session associated with PID every Interval seconds for Count screenshots.
+ parameters:
+ pid:
+ type: integer
+ description: The process ID to inject into.
+ Interval:
+ type: integer
+ description: The interval to take screenshots.
+ Count:
+ type: integer
+ description: The number of screenshots to take.
+ cmdline:
+ - screenshot_inject
+ - -PID
+ - ${pid}
+ - -Interval
+ - ${Interval}
+ - -Count
+ - ${Count}
+ screenshot:
+ description: Get a screenshot of the current screen.
+ cmdline:
+ - screenshot
+ set_injection_technique:
+ description: Set the injection technique used in post-ex jobs that require injection.
+ parameters:
+ technique:
+ type: string
+ description: The injection technique to use.
+ cmdline:
+ - set_injection_technique
+ - ${technique}
+ shell:
+ description: Run a shell command which will translate to a process being spawned with command line (cmd.exe /S /c [command])
+ parameters:
+ command:
+ type: string
+ description: The command to execute
+ cmdline:
+ - shell
+ - ${command}
+ shinject:
+ description: Inject given shellcode into a specified pid.
+ parameters:
+ pid:
+ type: integer
+ description: The process ID to inject into.
+ shellcode:
+ type: string
+ description: The shellcode to inject.
+ cmdline:
+ - shinject
+ - -PID
+ - ${pid}
+ - -Shellcode
+ - ${shellcode}
+ sleep:
+ description: Set the callback interval of the agent in seconds.
+ parameters:
+ seconds:
+ type: integer
+ description: The number of seconds to sleep.
+ cmdline:
+ - sleep
+ - ${seconds}
+ socks:
+ description: Standup the socks server to proxy network traffic, routable via Mythic on [port].
+ parameters:
+ port:
+ type: integer
+ description: The port to standup the socks server on.
+ cmdline:
+ - socks
+ - -Port
+ - ${port}
+ spawn:
+ description: Spawn a new callback in the postex process specified by spawnto_*.
+ cmdline:
+ - spawn
+ spawnto_x64:
+ description: Sets the process used in jobs requiring sacrificial processes to the specified [path] with arguments [args].
+ parameters:
+ Application:
+ type: string
+ description: The path to the application.
+ Arguments:
+ type: string
+ description: The arguments to pass to the application.
+ cmdline:
+ - spawnto_x64
+ - -Application
+ - ${Application}
+ - -Arguments
+ - ${Arguments}
+ spawnto_x86:
+ description: Sets the process used in jobs requiring sacrificial processes to the specified [path] with arguments [args].
+ parameters:
+ Application:
+ type: string
+ description: The path to the application.
+ Arguments:
+ type: string
+ description: The arguments to pass to the application.
+ cmdline:
+ - spawnto_x86
+ - -Application
+ - ${Application}
+ - -Arguments
+ - ${Arguments}
+ steal_token:
+ description: Attempts to steal the process's primary token specified by [pid] and apply it to our own session.
+ parameters:
+ pid:
+ type: integer
+ description: The process ID to steal the token from.
+ cmdline:
+ - steal_token
+ - ${pid}
+ unlink:
+ description: Unlink a callback linked to via the link command. Modal popup only.
+ cmdline:
+ - unlink
+ upload:
+ description: Upload a file to a remote path on the machine. Modal popup only.
+ parameters:
+ file:
+ type: string
+ description: The file to upload.
+ path:
+ type: string
+ description: The path to upload the file to.
+ cmdline:
+ - upload
+ - -File
+ - ${file}
+ - -Path
+ - ${path}
+ whoami:
+ description: Report access token for local and remote operations.
+ cmdline:
+ - whoami
\ No newline at end of file
From f850dbad944da2e67ec5a7001dfd1ac7ac488cb2 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:43:37 -0500
Subject: [PATCH 17/19] chore: mooor tests
---
cybersecurity/offensive/{c2 => c2}/apollo.yml | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename cybersecurity/offensive/{c2 => c2}/apollo.yml (100%)
diff --git a/cybersecurity/offensive/c2 /apollo.yml b/cybersecurity/offensive/c2/apollo.yml
similarity index 100%
rename from cybersecurity/offensive/c2 /apollo.yml
rename to cybersecurity/offensive/c2/apollo.yml
From 56a4fa542d1341f1218306f084a9054246473c4f Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:48:16 -0500
Subject: [PATCH 18/19] fix: fix the pr comment last step
---
.github/workflows/validate_robopages.yml | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml
index 10bbeeb..fc70294 100644
--- a/.github/workflows/validate_robopages.yml
+++ b/.github/workflows/validate_robopages.yml
@@ -102,17 +102,16 @@ jobs:
'',
'Please ensure your contribution follows the required format.',
'',
- `🔍 [View Full Validation Details](${runUrl})`,
+ `[View Full Validation Details](${runUrl})`,
'',
'---',
`Run ID: \`${process.env.GITHUB_RUN_ID}\``,
`Workflow: ${process.env.GITHUB_WORKFLOW}`
].join('\n');
- github.rest.pulls.createReview({
+ github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
- pull_number: context.issue.number,
- body: body,
- event: 'COMMENT'
- });�
\ No newline at end of file
+ issue_number: context.issue.number,
+ body: body
+ });
\ No newline at end of file
From 2e01869087e25aa5d3bca1c06a067262f8dca8d6 Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:49:27 -0500
Subject: [PATCH 19/19] chore: rm test
---
cybersecurity/offensive/c2/apollo.yml | 746 --------------------------
1 file changed, 746 deletions(-)
delete mode 100644 cybersecurity/offensive/c2/apollo.yml
diff --git a/cybersecurity/offensive/c2/apollo.yml b/cybersecurity/offensive/c2/apollo.yml
deleted file mode 100644
index 57d85d3..0000000
--- a/cybersecurity/offensive/c2/apollo.yml
+++ /dev/null
@@ -1,746 +0,0 @@
-description: Apollo is a Windows agent written in C# using the 4.0 .NET Framework designed to be used in SpecterOps training offerings. The agent is designed to be used with the Mythic C2 server.
-
-functions:
- assembly_inject:
- description: Execute .NET assembly in remote process.
- parameters:
- pid:
- type: integer
- description: The process ID to inject into.
- assembly:
- type: string
- description: The assembly to inject.
- args:
- type: string
- description: Arguments to pass to the assembly.
- cmdline:
- - assembly_inject
- - -PID
- - ${pid}
- - -Assembly
- - ${assembly}
- - -Arguments
- - ${args}
- blockdlls:
- description: Block non-Microsoft signed DLLs from loading into post-ex jobs.
- parameters:
- enable:
- type: boolean
- description: Enable or disable blockdlls.
- cmdline:
- - blockdlls
- - -EnableBlock
- - ${enable}
-
- cat:
- description: Retrieve the output of a file.
- parameters:
- file:
- type: string
- description: The file to retrieve.
- cmdline:
- - cat
- - -Path
- - ${file}
- cd:
- description: Change working directory.
- parameters:
- dir:
- type: string
- description: The directory to change to.
- cmdline:
- - cd
- - -Path
- - ${dir}
- cp:
- description: Copy a file from path to destination.
- parameters:
- source:
- type: string
- description: The source file to copy.
- destination:
- type: string
- description: The destination to copy the file to.
- cmdline:
- - cp
- - -Path
- - ${source}
- - -Destination
- - ${destination}
- dcsync:
- description: DCSync one or more user credentials.
- parameters:
- domain:
- type: string
- description: The domain to DCSync.
- user:
- type: string
- description: The user to DCSync.
- dc:
- type: string
- description: The domain controller to DCSync.
- cmdline:
- - dcsync
- - -Domain
- - ${domain}
- - -User
- - ${user}
- - -DC
- - ${dc}
- download:
- description: Download a file off the target system.
- parameters:
- Path:
- type: string
- description: The path to download the file to.
- Host:
- type: string
- description: The hostname to download the file from.
- cmdline:
- - download
- - -Path
- - ${Path}
- - -Host
- - ${Host}
- execute_assembly:
- description: Execute a .NET assembly registered with register_file.
- parameters:
- assembly:
- type: string
- description: The assembly to execute.
- args:
- type: string
- description: Arguments to pass to the assembly.
- cmdline:
- - execute_assembly
- - -Assembly
- - ${assembly}
- - -Arguments
- - ${args}
- execute_coff:
- description: Execute a object file (BOF) that's been registered with register_file.
- parameters:
- object:
- type: string
- description: The object file to execute.
- function:
- type: string
- description: The function to execute.
- timeout:
- type: integer
- description: The timeout for the execution.
- args:
- type: string
- description: Arguments to pass to the object file.
- cmdline:
- - execute_coff
- - -Coff
- - ${object}
- - -Function
- - ${function}
- - -Timeout
- - ${timeout}
- - -Arguments
- - ${args}
- execute_pe:
- description: Execute a statically compiled executable that's been registered with register_file.
- parameters:
- binary:
- type: string
- description: The binary to execute.
- args:
- type: string
- description: Arguments to pass to the binary.
- cmdline:
- - execute_pe
- - -PE
- - ${binary}
- - -Arguments
- - ${args}
- exit:
- description: Task agent to exit.
- cmdline:
- - exit
- get_injection_techniques:
- description: Show currently registered injection techniques as well as the current technique.
- cmdline:
- - get_injection_techniques
- get_privs:
- description: Enable as many privileges as possible for the current access token.
- cmdline:
- - getprivs
- ifconfig:
- description: Get Network Adapters and Interfaces
- cmdline:
- - ifconfig
- inject:
- description: Inject a new payload into a remote process.
- parameters:
- pid:
- type: integer
- description: The process ID to inject into.
- payload:
- type: string
- description: The payload to inject.
- cmdline:
- - inject
- - -PID
- - ${pid}
- - -Payload
- - ${payload}
- inline_assembly:
- description: Execute a .NET assembly in the currently executing process that's been registered with register_file.
- parameters:
- Assembly:
- type: string
- description: The assembly to execute.
- Arguments:
- type: string
- description: Additional arguments to pass to the assembly.
- cmdline:
- - inline_assembly
- - -Assembly
- - ${Assembly}
- - -Arguments
- - ${Arguments}
- jobkill:
- description: Kill a running job in the agent.
- parameters:
- jid:
- type: integer
- description: The job ID to kill.
- cmdline:
- - jobkill
- - ${jid}
- jobs:
- description: List all running jobs.
- cmdline:
- - jobs
- keylog_inject:
- description: Inject a keylogger into a remote process.
- parameters:
- pid:
- type: integer
- description: The process ID to inject into.
- cmdline:
- - keylog_inject
- - -PID
- - ${pid}
- kill:
- description: Attempt to kill the process specified by [pid].
- parameters:
- pid:
- type: integer
- description: The process ID to kill.
- cmdline:
- - kill
- - -PID
- - ${pid}
- link:
- description: Link to a P2P agent via SMB or TCP.
- cmdline:
- - link
- load:
- description: Load new commands into the agent.
- parameters:
- commands:
- type: string
- description: The commands to load.
- cmdline:
- - load
- - ${commands}
- ls:
- description: List files and folders in [path]. Defaults to current working directory.
- parameters:
- path:
- type: string
- description: The path to list files and folders in.
- cmdline:
- - ls
- - -Path
- - ${path}
-
- make_token:
- description: Impersonate a user using plaintext credentials.
- cmdline:
- - make_token
- mimikatz:
- description: Execute Mimikatz with the specified arguments.
- parameters:
- Command:
- type: string
- description: The command to execute
- cmdline:
- - mimikatz
- - -Command
- - ${Command}
- mkdir:
- description: Create a directory.
- parameters:
- dir:
- type: string
- description: The directory to create.
- cmdline:
- - mkdir
- - -Path
- - ${dir}
- mv:
- description: Move a file from source to destination.
- parameters:
- source:
- type: string
- description: The source file to move.
- destination:
- type: string
- description: The destination to move the file to.
- cmdline:
- - mv
- - -Path
- - ${source}
- - -Destination
- - ${destination}
- net_dclist:
- description: List all domain controllers for the current or specified domain.
- parameters:
- domain:
- type: string
- description: The domain to list domain controllers for.
- cmdline:
- - net_dclist
- - ${domain}
- net_localgroup_member:
- description: Retrieve membership information from a specified group on a given computer.
- parameters:
- Group:
- type: string
- description: The group to retrieve membership information from.
- Computer:
- type: string
- description: The computer to retrieve membership information from.
- cmdline:
- - net_localgroup_member
- - -Group
- - ${Group}
- - -Computer
- - ${Computer}
- net_localgroup:
- description: Retrieve local groups known by a computer. Default to localhost.
- parameters:
- computer:
- type: string
- description: The computer to retrieve local groups from.
- cmdline:
- - net_localgroup
- - ${computer}
- net_shares:
- description: Show shares of a remote PC.
- parameters:
- computer:
- type: string
- description: The computer to show shares from.
- cmdline:
- - net_shares
- - -Computer
- - ${computer}
- netstat:
- description: Get TCP and UDP connections.
- parameters:
- Tcp:
- type: boolean
- description: Get TCP connections.
- Udp:
- type: boolean
- description: Get UDP connections.
- Established:
- type: boolean
- description: Get established connections.
- Listen:
- type: boolean
- description: Get listening connections.
- cmdline:
- - netstat
- - -Tcp
- - ${Tcp}
- - -Udp
- - ${Udp}
- - -Established
- - ${Established}
- - -Listen
- - ${Listen}
- powerpick:
- description: Executes PowerShell in a sacrificial process.
- parameters:
- command:
- type: string
- description: The command to execute.
- cmdline:
- - powerpick
- - -Command
- - ${command}
- powershell:
- description: Executes PowerShell in your currently running process.
- parameters:
- command:
- type: string
- description: The command to execute.
- cmdline:
- - powershell
- - -Command
- - ${command}
- powershell_import:
- description: Register a new .ps1 file to be used in other PowerShell jobs.
- cmdline:
- - powershell_import
- ppid:
- description: Set the PPID of sacrificial jobs to the specified PID.
- parameters:
- pid:
- type: integer
- description: The PID to set the PPID to.
- cmdline:
- - ppid
- - -PID
- - ${pid}
- printspoofer:
- description: Execute a command in SYSTEM integrity so long as you have SeImpersonate privileges.
- parameters:
- command:
- type: string
- description: The command to execute
- cmdline:
- - printspoofer
- - -Command
- - ${command}
- ps:
- description: List process information.
- cmdline:
- - ps
- psinject:
- description: Executes PowerShell in the process specified by [pid]. Currently stdout is not captured of child processes if not explicitly captured into a variable or via inline execution (such as $(whoami)).
- parameters:
- pid:
- type: integer
- description: The process ID to inject into.
- command:
- type: string
- description: The command to execute
- cmdline:
- - psinject
- - -PID
- - ${pid}
- - -Command
- - ${command}
- pth:
- description: Use mimikatz's pth module to spawn a process with alternate credentials.
- parameters:
- domain:
- type: string
- description: The domain to use.
- username:
- type: string
- description: The username to use.
- ntlm_hash:
- type: string
- description: The NTLM hash to use.
- aes128_key:
- type: string
- description: The AES128 key to use.
- aes256_key:
- type: string
- description: The AES256 key to use.
- program:
- type: string
- description: The program to run.
- cmdline:
- - pth
- - -Domain
- - ${domain}
- - -User
- - ${username}
- - -NTLM
- - ${ntlm_hash}
- - -AES128
- - ${aes128_key}
- - -AES256
- - ${aes256_key}
- - -Run
- - ${program}
- pwd:
- description: Print working directory.
- cmdline:
- - pwd
- reg_query:
- description: Query all subkeys of the specified registry path. Needs to be of the format HKCU:\, HKLM:\, or HKCR:\.
- parameters:
- Hive:
- type: string
- description: The registry hive to query.
- Key:
- type: string
- description: The registry key to query.
- cmdline:
- - reg_query
- - -Hive
- - ${Hive}
- - -Key
- - ${Key}
- reg_read_value:
- description: Read specified values from the registry keys.
- parameters:
- Hive:
- type: string
- description: The registry hive to read from.
- Key:
- type: string
- description: The registry key to read from.
- Name:
- type: string
- description: The value name to read.
- cmdline:
- - reg_read_value
- - -Hive
- - ${Hive}
- - -Key
- - ${Key}
- - -Name
- - ${Name}
- register_assembly:
- description: Register a .NET assembly with the agent to be used in .NET post-exploitation activities
- cmdline:
- - register_assembly
-
- register_file:
- description: Register a file to the agent's file cache. Used to store assemblies, executables, and PowerShell scripts.
- cmdline:
- - register_file
- rev2self:
- description: Revert the access token to the original access token.
- cmdline:
- - rev2self
- rm:
- description: Remove a file specified by [path]. Alternatively, if -File is provided, -Path will be used as the directory, and -File will be the filename.
- parameters:
- path:
- type: string
- description: The path to remove the file from.
- Host:
- type: string
- description: The hostname to remove the file from.
- File:
- type: string
- description: The file to remove.
- cmdline:
- - rm
- - -Path
- - ${path}
- - -Host
- - ${Host}
- - -File
- - ${File}
- run:
- description: Run the binary specified by [binary.exe] with passed arguments (if any).
- parameters:
- binary:
- type: string
- description: The binary to run.
- args:
- type: string
- description: The arguments to pass to the binary.
- cmdline:
- - run
- - -Executable
- - ${binary}
- - -Arguments
- - ${args}
- sc:
- description: .NET implementation of the Service Control Manager.
- parameters:
- Query:
- type: boolean
- description: Query a service.
- Start:
- type: boolean
- description: Start a service.
- Stop:
- type: boolean
- description: Stop a service.
- Create:
- type: boolean
- description: Create a service.
- Delete:
- type: boolean
- description: Delete a service.
- Computer:
- type: string
- description: The computer to perform the action on.
- DisplayName:
- type: string
- description: The display name of the service.
- ServiceName:
- type: string
- description: The service name.
- BinPath:
- type: string
- description: The binary path of the service.
- cmdline:
- - sc
- - -Query
- - ${Query}
- - -Start
- - ${Start}
- - -Stop
- - ${Stop}
- - -Create
- - ${Create}
- - -Delete
- - ${Delete}
- - -Computer
- - ${Computer}
- - -DisplayName
- - ${DisplayName}
- - -ServiceName
- - ${ServiceName}
- - -BinPath
- - ${BinPath}
- screenshot_inject:
- description: Get a screenshot of the desktop session associated with PID every Interval seconds for Count screenshots.
- parameters:
- pid:
- type: integer
- description: The process ID to inject into.
- Interval:
- type: integer
- description: The interval to take screenshots.
- Count:
- type: integer
- description: The number of screenshots to take.
- cmdline:
- - screenshot_inject
- - -PID
- - ${pid}
- - -Interval
- - ${Interval}
- - -Count
- - ${Count}
- screenshot:
- description: Get a screenshot of the current screen.
- cmdline:
- - screenshot
- set_injection_technique:
- description: Set the injection technique used in post-ex jobs that require injection.
- parameters:
- technique:
- type: string
- description: The injection technique to use.
- cmdline:
- - set_injection_technique
- - ${technique}
- shell:
- description: Run a shell command which will translate to a process being spawned with command line (cmd.exe /S /c [command])
- parameters:
- command:
- type: string
- description: The command to execute
- cmdline:
- - shell
- - ${command}
- shinject:
- description: Inject given shellcode into a specified pid.
- parameters:
- pid:
- type: integer
- description: The process ID to inject into.
- shellcode:
- type: string
- description: The shellcode to inject.
- cmdline:
- - shinject
- - -PID
- - ${pid}
- - -Shellcode
- - ${shellcode}
- sleep:
- description: Set the callback interval of the agent in seconds.
- parameters:
- seconds:
- type: integer
- description: The number of seconds to sleep.
- cmdline:
- - sleep
- - ${seconds}
- socks:
- description: Standup the socks server to proxy network traffic, routable via Mythic on [port].
- parameters:
- port:
- type: integer
- description: The port to standup the socks server on.
- cmdline:
- - socks
- - -Port
- - ${port}
- spawn:
- description: Spawn a new callback in the postex process specified by spawnto_*.
- cmdline:
- - spawn
- spawnto_x64:
- description: Sets the process used in jobs requiring sacrificial processes to the specified [path] with arguments [args].
- parameters:
- Application:
- type: string
- description: The path to the application.
- Arguments:
- type: string
- description: The arguments to pass to the application.
- cmdline:
- - spawnto_x64
- - -Application
- - ${Application}
- - -Arguments
- - ${Arguments}
- spawnto_x86:
- description: Sets the process used in jobs requiring sacrificial processes to the specified [path] with arguments [args].
- parameters:
- Application:
- type: string
- description: The path to the application.
- Arguments:
- type: string
- description: The arguments to pass to the application.
- cmdline:
- - spawnto_x86
- - -Application
- - ${Application}
- - -Arguments
- - ${Arguments}
- steal_token:
- description: Attempts to steal the process's primary token specified by [pid] and apply it to our own session.
- parameters:
- pid:
- type: integer
- description: The process ID to steal the token from.
- cmdline:
- - steal_token
- - ${pid}
- unlink:
- description: Unlink a callback linked to via the link command. Modal popup only.
- cmdline:
- - unlink
- upload:
- description: Upload a file to a remote path on the machine. Modal popup only.
- parameters:
- file:
- type: string
- description: The file to upload.
- path:
- type: string
- description: The path to upload the file to.
- cmdline:
- - upload
- - -File
- - ${file}
- - -Path
- - ${path}
- whoami:
- description: Report access token for local and remote operations.
- cmdline:
- - whoami
\ No newline at end of file