Rework: Moved hello_world to messages. Changed write_fact to output_type. Updated PATH constants to DIR. Changed string generators to more specific message_generator in strings_to_leak.

This commit is contained in:
thomashaw
2016-12-05 17:15:55 +00:00
parent 733c871072
commit 7d7d2e2677
45 changed files with 81 additions and 89 deletions

View File

@@ -16,7 +16,7 @@ task :yard do
t.options = [
"--title=SecGen #{VERSION_NUMBER} Documentation",
"--readme=#{ROOT_DIR}/README.md",
"--output-dir #{DOCUMENTATION_PATH}"
"--output-dir #{DOCUMENTATION_DIR}"
] # optional
t.stats_options = ['--list-undoc'] # optional
end
@@ -28,5 +28,5 @@ task :yard_clean do
# NEED TO FIND A BETTER WAY TO CLEAN FILES AS VULNERABILITIES IN 'rm_rf'
# Remove the documentation directory and all files in it
rm_rf(DOCUMENTATION_PATH)
rm_rf(DOCUMENTATION_DIR)
end

View File

@@ -1,4 +1,4 @@
## FILE / PATH CONSTANTS ##
## FILE / DIR CONSTANTS ##
# Root directory of SecGen file structure
ROOT_DIR = File.expand_path('../../../',__FILE__)
@@ -21,25 +21,25 @@ BUILDS_SCHEMA_FILE = "#{ROOT_DIR}/lib/schemas/build_metadata_schema.xsd"
PROJECTS_DIR = "#{ROOT_DIR}/projects"
# Path to environments directory
ENVIRONMENTS_PATH = "#{ROOT_DIR}/modules/build/environments"
ENVIRONMENTS_DIR = "#{ROOT_DIR}/modules/build/environments"
# Path to modules directories
MODULES_PATH = "#{ROOT_DIR}/modules/"
VULNERABILITIES_PATH = "#{MODULES_PATH}vulnerabilities/"
SERVICES_PATH = "#{MODULES_PATH}services/"
UTILITIES_PATH = "#{MODULES_PATH}utilities/"
GENERATORS_PATH = "#{MODULES_PATH}generators/"
ENCODERS_PATH = "#{MODULES_PATH}encoders/"
NETWORKS_PATH = "#{MODULES_PATH}networks/"
BASES_PATH = "#{MODULES_PATH}bases/"
BUILDS_PATH = "#{MODULES_PATH}build/"
MODULE_LOCAL_CALC_PATH = '/secgen_local/local.rb'
MODULES_DIR = "#{ROOT_DIR}/modules/"
VULNERABILITIES_DIR = "#{MODULES_DIR}vulnerabilities/"
SERVICES_DIR = "#{MODULES_DIR}services/"
UTILITIES_DIR = "#{MODULES_DIR}utilities/"
GENERATORS_DIR = "#{MODULES_DIR}generators/"
ENCODERS_DIR = "#{MODULES_DIR}encoders/"
NETWORKS_DIR = "#{MODULES_DIR}networks/"
BASES_DIR = "#{MODULES_DIR}bases/"
BUILDS_DIR = "#{MODULES_DIR}build/"
MODULE_LOCAL_CALC_DIR = '/secgen_local/local.rb'
# Path to documentation (Make sure documentation directory is already deleted with rake yard_clean before changing this)
DOCUMENTATION_PATH = "#{ROOT_DIR}/documentation/yard/doc"
DOCUMENTATION_DIR = "#{ROOT_DIR}/documentation/yard/doc"
# Path to resources
WORDLISTS_PATH = "#{ROOT_DIR}/lib/resources/wordlists"
WORDLISTS_DIR = "#{ROOT_DIR}/lib/resources/wordlists"
## VAGRANT FILE CONSTANTS ##
@@ -47,7 +47,7 @@ WORDLISTS_PATH = "#{ROOT_DIR}/lib/resources/wordlists"
ARRAY_STRINGIFY_SEPARATOR = '_~:~_'
# Path to cleanup directory
PATH_TO_CLEANUP = "#{ROOT_DIR}/modules/build/puppet/"
CLEANUP_DIR = "#{ROOT_DIR}/modules/build/puppet/"
# Path to Vagrantfile.erb file
VAGRANT_TEMPLATE_FILE = "#{ROOT_DIR}/lib/templates/Vagrantfile.erb"

View File

@@ -8,42 +8,42 @@ class ModuleReader
# reads in all bases
def self.read_bases
return read_modules('base', BASES_PATH, BASE_SCHEMA_FILE, false)
return read_modules('base', BASES_DIR, BASE_SCHEMA_FILE, false)
end
# reads in all build modules
def self.read_builds
return read_modules('build', BUILDS_PATH, BUILDS_SCHEMA_FILE, false) #Continue this tomorrow
return read_modules('build', BUILDS_DIR, BUILDS_SCHEMA_FILE, false) #Continue this tomorrow
end
# reads in all vulnerability modules
def self.read_vulnerabilities
return read_modules('vulnerability', VULNERABILITIES_PATH, VULNERABILITY_SCHEMA_FILE, true)
return read_modules('vulnerability', VULNERABILITIES_DIR, VULNERABILITY_SCHEMA_FILE, true)
end
# reads in all services
def self.read_services
return read_modules('service', SERVICES_PATH, SERVICE_SCHEMA_FILE, true)
return read_modules('service', SERVICES_DIR, SERVICE_SCHEMA_FILE, true)
end
# reads in all utilities
def self.read_utilities
return read_modules('utility', UTILITIES_PATH, UTILITY_SCHEMA_FILE, true)
return read_modules('utility', UTILITIES_DIR, UTILITY_SCHEMA_FILE, true)
end
# reads in all utilities
def self.read_generators
return read_modules('generator', GENERATORS_PATH, GENERATOR_SCHEMA_FILE, true)
return read_modules('generator', GENERATORS_DIR, GENERATOR_SCHEMA_FILE, true)
end
# reads in all utilities
def self.read_encoders
return read_modules('encoder', ENCODERS_PATH, ENCODER_SCHEMA_FILE, true)
return read_modules('encoder', ENCODERS_DIR, ENCODER_SCHEMA_FILE, true)
end
# reads in all networks
def self.read_networks
return read_modules('network', NETWORKS_PATH, NETWORK_SCHEMA_FILE, false)
return read_modules('network', NETWORKS_DIR, NETWORK_SCHEMA_FILE, false)
end
# reads in xml files to create modules
@@ -99,7 +99,7 @@ class ModuleReader
new_module.puppet_other_path = "#{ROOT_DIR}/#{module_path}/manifests"
# save executable path of any pre-calculation for outputs
local = "#{module_path}#{MODULE_LOCAL_CALC_PATH}"
local = "#{module_path}#{MODULE_LOCAL_CALC_DIR}"
if File.file?(local)
new_module.local_calc_file = local
end

View File

@@ -38,7 +38,7 @@
<!--I/O: an encoder writes it's output to one fact, and reads from one or more-->
<xs:element name="read_fact" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
<xs:element name="write_fact" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="output_type" type="xs:string" minOccurs="1" maxOccurs="1"/>
<!-- cannot co-exist with a system matching ALL of the optionally specified values (can be repeated for OR)-->
<xs:element name="conflict" minOccurs="0" maxOccurs="unbounded">

View File

@@ -37,7 +37,7 @@
<xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<!--I/O: a generator writes it's output to one fact-->
<xs:element name="write_fact" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="output_type" type="xs:string" minOccurs="1" maxOccurs="1"/>
<!-- cannot co-exist with a system matching ALL of the optionally specified values (can be repeated for OR)-->
<xs:element name="conflict" minOccurs="0" maxOccurs="unbounded">

View File

@@ -57,7 +57,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
}
<% end -%>
<%=module_name%>.module_path = "<%="puppet/#{system.name}/modules"%>"
<%=module_name%>.environment_path = "<%="#{ENVIRONMENTS_PATH}"%>"
<%=module_name%>.environment_path = "<%="#{ENVIRONMENTS_DIR}"%>"
<%=module_name%>.environment = "production"
<%=module_name%>.manifests_path = "<%="#{ROOT_DIR}/#{selected_module.module_path}/"%>"
<%=module_name%>.manifest_file = "<%="#{selected_module.module_path_end}.pp"%>"
@@ -69,7 +69,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# # clean up script which clears history from the VMs and clobs files together
# <%= system.name %>.vm.provision "puppet" do |cleanup|
# cleanup.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>"
# cleanup.environment_path = "<%="#{ENVIRONMENTS_PATH}"%>"
# cleanup.environment_path = "<%="#{ENVIRONMENTS_DIR}"%>"
# cleanup.environment = "production"
# cleanup.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>"
# cleanup.manifest_file = "cleanup.pp"

View File

@@ -21,5 +21,5 @@
<!-- TODO: This encoder should have default values so that we can omit a default input -->
<write_fact>account</write_fact>
<output_type>account</output_type>
</encoder>

View File

@@ -15,5 +15,5 @@
<read_fact>strings_to_encode</read_fact>
<write_fact>selected_string</write_fact>
<output_type>selected_string</output_type>
</encoder>

View File

@@ -14,6 +14,6 @@
<read_fact>strings_to_encode</read_fact>
<write_fact>encoded_strings</write_fact>
<output_type>encoded_strings</output_type>
</encoder>

View File

@@ -32,14 +32,8 @@
<!--valid_match="retain_caps|lower|upper" default_value="retain_caps"-->
<read_fact>base64_options</read_fact>
<write_fact>encoded_strings</write_fact>
<output_type>encoded_strings</output_type>
<!-- ensure a module has prepared input -->
<!-- <require>
<write_fact>strings_to_encode</write_fact>
</require>-->
<!--Cannot co-exist with other installations-->
<!-- <conflict>
<software_name>proftpd</software_name>

View File

@@ -33,14 +33,8 @@
<!--valid_match="retain_caps|lower|upper" default_value="retain_caps"-->
<read_fact>rot13_options</read_fact>
<write_fact>encoded_strings</write_fact>
<output_type>encoded_strings</output_type>
<!-- ensure a module has prepared input -->
<!-- <require>
<write_fact>strings_to_encode</write_fact>
</require>-->
<!--Cannot co-exist with other installations-->
<!-- <conflict>
<software_name>proftpd</software_name>

View File

@@ -14,5 +14,5 @@
<platform>linux</platform>
<platform>windows</platform>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -14,5 +14,5 @@
<platform>linux</platform>
<platform>windows</platform>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -15,6 +15,6 @@
<reference>http://ruby-doc.org/stdlib-2.2.2/libdoc/securerandom/rdoc/SecureRandom.html#method-c-base64</reference>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -15,6 +15,6 @@
<reference>http://ruby-doc.org/stdlib-2.2.2/libdoc/securerandom/rdoc/SecureRandom.html#method-c-hex</reference>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -16,6 +16,6 @@
<reference>https://github.com/sophsec/wordlist</reference>
<reference>http://wordlist.sourceforge.net/</reference>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -1,5 +1,5 @@
#!/usr/bin/ruby
require_relative '../../../../lib/objects/local_string_generator.rb'
require_relative '../../../../../lib/objects/local_string_generator.rb'
class HelloWorldGenerator < StringGenerator
def initialize
super

View File

@@ -14,6 +14,6 @@
<platform>linux</platform>
<platform>windows</platform>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -14,5 +14,5 @@
<platform>linux</platform>
<platform>windows</platform>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -15,6 +15,6 @@
<reference>http://ruby-doc.org/stdlib-2.2.2/libdoc/securerandom/rdoc/SecureRandom.html#method-c-base64</reference>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -13,6 +13,6 @@
<platform>linux</platform>
<platform>windows</platform>
<write_fact>generated_boolean</write_fact>
<output_type>generated_boolean</output_type>
</generator>

View File

@@ -8,7 +8,7 @@ class CommonPasswordGenerator < StringGenerator
end
def generate
self.outputs << File.readlines("#{WORDLISTS_PATH}/10_million_password_list_top_100").sample.chomp
self.outputs << File.readlines("#{WORDLISTS_DIR}/10_million_password_list_top_100").sample.chomp
end
end

View File

@@ -17,6 +17,6 @@
<reference>https://github.com/danielmiessler/SecLists</reference>
<write_fact>generated_passwords</write_fact>
<output_type>generated_passwords</output_type>
</generator>

View File

@@ -15,6 +15,6 @@
<reference>http://ruby-doc.org/stdlib-2.2.2/libdoc/securerandom/rdoc/SecureRandom.html#method-c-hex</reference>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -8,10 +8,10 @@ class MediumPasswordGenerator < StringGenerator
end
def generate
nouns = File.readlines("#{WORDLISTS_PATH}/nouns")
adjectives = File.readlines("#{WORDLISTS_PATH}/adjectives")
male_names = File.readlines("#{WORDLISTS_PATH}/top_usa_male_names")
female_names = File.readlines("#{WORDLISTS_PATH}/top_usa_female_names")
nouns = File.readlines("#{WORDLISTS_DIR}/nouns")
adjectives = File.readlines("#{WORDLISTS_DIR}/adjectives")
male_names = File.readlines("#{WORDLISTS_DIR}/top_usa_male_names")
female_names = File.readlines("#{WORDLISTS_DIR}/top_usa_female_names")
all_words = adjectives + nouns + male_names + female_names

View File

@@ -15,6 +15,6 @@
<reference>https://github.com/danielmiessler/SecLists</reference>
<write_fact>generated_passwords</write_fact>
<output_type>generated_passwords</output_type>
</generator>

View File

@@ -13,6 +13,6 @@
<platform>linux</platform>
<platform>windows</platform>
<write_fact>generated_passwords</write_fact>
<output_type>generated_passwords</output_type>
</generator>

View File

@@ -10,8 +10,8 @@ class WordGenerator < StringGenerator
# Generate a username based on a random adjective and a random noun
def generate
# Load adjectives + nouns
adjectives = File.readlines("#{WORDLISTS_PATH}/adjectives")
nouns = File.readlines("#{WORDLISTS_PATH}/nouns")
adjectives = File.readlines("#{WORDLISTS_DIR}/adjectives")
nouns = File.readlines("#{WORDLISTS_DIR}/nouns")
# Maximum length username: 20 characters
max_username_length = 20

View File

@@ -16,6 +16,6 @@
<reference>https://github.com/aaronbassett/Pass-phrase/adjectives.txt</reference>
<reference>https://github.com/aaronbassett/Pass-phrase/nouns.txt</reference>
<write_fact>generated_username</write_fact>
<output_type>generated_username</output_type>
</generator>

View File

@@ -8,9 +8,9 @@ class WeakPasswordGenerator < StringGenerator
end
def generate
nouns = File.readlines("#{WORDLISTS_PATH}/nouns")
male_names = File.readlines("#{WORDLISTS_PATH}/top_usa_male_names")
female_names = File.readlines("#{WORDLISTS_PATH}/top_usa_female_names")
nouns = File.readlines("#{WORDLISTS_DIR}/nouns")
male_names = File.readlines("#{WORDLISTS_DIR}/top_usa_male_names")
female_names = File.readlines("#{WORDLISTS_DIR}/top_usa_female_names")
all_words = nouns + male_names + female_names

View File

@@ -15,6 +15,6 @@
<reference>https://github.com/danielmiessler/SecLists</reference>
<write_fact>generated_passwords</write_fact>
<output_type>generated_passwords</output_type>
</generator>

View File

@@ -8,7 +8,7 @@ class WordGenerator < StringGenerator
end
def generate
self.outputs << File.readlines("#{WORDLISTS_PATH}/wordlist").sample.chomp
self.outputs << File.readlines("#{WORDLISTS_DIR}/wordlist").sample.chomp
end
end

View File

@@ -16,6 +16,6 @@
<reference>https://github.com/sophsec/wordlist</reference>
<reference>http://wordlist.sourceforge.net/</reference>
<write_fact>generated_strings</write_fact>
<output_type>generated_strings</output_type>
</generator>

View File

@@ -25,8 +25,8 @@
</default_input>
<default_input into="strings_to_leak">
<generator type="string_generator"/>
<generator type="string_generator"/>
<generator type="message_generator"/>
<generator type="message_generator"/>
</default_input>
<default_input into="welcome_msg">

View File

@@ -26,8 +26,8 @@
<read_fact>motd</read_fact>
<default_input into="strings_to_leak">
<generator type="string_generator"/>
<generator type="string_generator"/>
<generator type="message_generator"/>
<generator type="message_generator"/>
</default_input>
<default_input into="leaked_filename">

View File

@@ -23,4 +23,8 @@
<hint>An access control misconfiguration</hint>
<solution>Edit the shadow file to set a password for root</solution>
<conflict>
<name>Writeable Shadow File</name>
<author>Lewis Ardern</author>
</conflict>
</vulnerability>

View File

@@ -17,8 +17,8 @@
<read_fact>leaked_filename</read_fact>
<default_input into="strings_to_leak">
<generator type="string_generator"/>
<generator type="string_generator"/>
<generator type="message_generator"/>
<generator type="message_generator"/>
</default_input>
<default_input into="leaked_filename">

View File

@@ -5,8 +5,8 @@
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
<%=$storage_directory %> 172.0.0.0/8(rw,sync,no_subtree_check)
<%=$storage_directory %> 192.0.0.0/8(rw,sync,no_subtree_check)
<%=$storage_directory %> 0.0.0.0/8(rw,sync,no_subtree_check)
#TODO: DO NOT MERGE :: Test this first :)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)

View File

@@ -29,8 +29,8 @@
<generator type="boolean_generator"/>
</input>
<input into="strings_to_leak">
<generator type="string_generator"/>
<generator type="string_generator"/>
<generator type="message_generator"/>
<generator type="message_generator"/>
</input>
<input into="leaked_filename">
<generator module_path="generators/filenames/leaked_filename"/>

View File

@@ -22,8 +22,8 @@
<read_fact>github_repository</read_fact>
<default_input into="strings_to_leak">
<generator type="string_generator"/>
<generator type="string_generator"/>
<generator type="message_generator"/>
<generator type="message_generator"/>
</default_input>
<default_input into="leaked_filename">

View File

@@ -23,7 +23,7 @@
<default_input into="strings_to_leak">
<value>This is some leaked data.</value>
<generator type="string_generator"/>
<generator type="message_generator"/>
</default_input>
<default_input into="site_name">

View File

@@ -22,7 +22,7 @@
<generator type="boolean_generator"/>
</input>
<input into="strings_to_leak">
<generator type="string_generator"/>
<generator type="message_generator"/>
</input>
<input into="leaked_filename">
<generator module_path="generators/filenames/leaked_filename"/>