parameterisation

Gemfile

@@ -3,6 +3,7 @@ source 'https://rubygems.org'
 gem 'nokogiri'
 gem 'puppet'
 gem 'librarian-puppet'
+gem 'wordlist'
 
 #development only gems go here
 group :test, :development do

lib/helpers/constants.rb

@@ -39,6 +39,9 @@ DOCUMENTATION_PATH = "#{ROOT_DIR}/documentation/yard/doc"
 
 ## VAGRANT FILE CONSTANTS ##
 
+#
+ARRAY_STRINGIFY_SEPARATOR = '_~:~_'
+
 # Path to cleanup directory
 PATH_TO_CLEANUP = "#{ROOT_DIR}/modules/build/puppet/"
 

lib/helpers/print.rb

@@ -35,7 +35,7 @@ class Print
 
   # local encoders/generators write messages to stderr (stdout used to return values)
   def self.local(msg)
-    $stderr.puts blue(msg)
+    $stderr.puts cyan(msg)
   end
   def self.local_verbose(msg)
     $stderr.puts cyan(' ' + msg)

lib/objects/local_string_encoder.rb

@@ -1,26 +1,37 @@
 require 'getoptlong'
+require_relative '../helpers/constants'
+require 'json'
 
 # Inherited by local string encoders
 # stdout used to return value
 # use Print.local to print status messages (formatted to stdout)
 
+# A nice side-effect is that each of these modules is also an executable script
+
 class StringEncoder
   require_relative '../helpers/print.rb'
 
   attr_accessor :module_name
   attr_accessor :strings_to_encode
-  attr_accessor :output
+  attr_accessor :outputs
 
   # override this
   def initialize
     # default values
-    self.strings_to_encode = 'Nothing to see here, move along'
+    self.strings_to_encode = []
     self.module_name = 'Null encoder'
+    self.outputs = []
   end
 
   # override this
-  def encode
-    self.output = strings_to_encode.tr!('A-Za-z', 'N-ZA-Mn-za-m')
+  def encode (str)
+    str.tr!('A-Za-z', 'N-ZA-Mn-za-m')
+  end
+
+  def encode_all
+    self.strings_to_encode.each do |value|
+      self.outputs << encode(value)
+    end
   end
 
   def read_arguments
@@ -36,7 +47,7 @@ class StringEncoder
         when '--help'
           usage
         when '--strings_to_encode'
-          self.strings_to_encode = arg;
+          self.strings_to_encode << arg;
         else
           Print.err "Argument not valid: #{arg}"
           usage
@@ -60,10 +71,10 @@ class StringEncoder
 
     read_arguments
 
-    Print.local_verbose "Encoding '#{self.strings_to_encode}'"
-    encode
-    Print.local_verbose "Encoded: #{self.output}"
-    puts self.output
+    Print.local_verbose "Encoding '#{self.strings_to_encode.to_s}'"
+    encode_all
+    Print.local_verbose "Encoded: #{self.outputs.to_s}"
+    puts JSON.generate self.outputs
   end
 end
 

lib/objects/local_string_generator.rb

@@ -0,0 +1,69 @@
+require 'getoptlong'
+require_relative '../helpers/constants'
+require 'json'
+
+# Inherited by local string generators
+# stdout used to return value
+# use Print.local to print status messages (formatted to stdout)
+
+# A nice side-effect is that each of these modules is also an executable script
+
+class StringGenerator
+  require_relative '../helpers/print.rb'
+
+  attr_accessor :module_name
+  attr_accessor :outputs
+
+  # override this
+  def initialize
+    # default values
+    self.module_name = 'Null generator'
+    self.outputs = []
+  end
+
+  # override this
+  def generate
+    self.outputs << ''
+  end
+
+  def read_arguments
+    # Get command line arguments
+    opts = GetoptLong.new(
+        [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
+    )
+
+    # process option arguments
+    opts.each do |opt, arg|
+      case opt
+        when '--help'
+          usage
+        else
+          Print.err "Argument not valid: #{arg}"
+          usage
+          exit
+      end
+    end
+  end
+
+  def usage
+    Print.err "Usage:
+   #{$0} [--options]
+
+   OPTIONS:
+     --strings_to_encode [string]
+"
+    exit
+  end
+
+  def run
+    Print.local module_name
+
+    read_arguments
+
+    Print.local_verbose "Generating..."
+    generate
+    Print.local_verbose "Generated: #{self.outputs.to_s}"
+    puts JSON.generate self.outputs
+  end
+end
+

lib/objects/module.rb

@@ -16,7 +16,6 @@ class Module
   attr_accessor :output # the result of local processing
   attr_accessor :unique_id # the unique id for this module *instance*
   attr_accessor :received_inputs # any locally calculated inputs fed into this module instance
-  # (if not calculated at VM run time using puppet)
 
   attr_accessor :conflicts
   attr_accessor :requires
@@ -30,7 +29,7 @@ class Module
     self.conflicts = []
     self.requires = []
     self.attributes = {}
-    self.output = "dynamic"
+    self.output = []
     self.write_to_module_with_id = write_output_variable = ''
     self.received_inputs = {}
 
@@ -51,11 +50,19 @@ class Module
 
   # @return [Object] a string for Vagrant/Ruby file comments
   def to_s_comment
+    out = input = ''
+    if received_inputs != {}
+      input = "\n    #   received_inputs: #{self.received_inputs}"
+    end
+    if write_to_module_with_id != ''
+      out = "\n    #   writes out ('#{self.output}') to #{self.write_to_module_with_id} -> #{self.write_output_variable}"
+    end
+
     (<<-END)
     # #{module_type}: #{module_path}
     #   attributes: #{attributes.inspect}
     #   conflicts: #{conflicts.inspect}
-    #   requires: #{requires.inspect}
+    #   requires: #{requires.inspect}#{input}#{out}
     END
   end
 
@@ -71,15 +78,6 @@ class Module
     module_path_name.gsub!('/','_')
   end
 
-  # # pre-calculate any secgen_local/local.rb outputs
-  # def local_processing
-  #   if self.local_calc_file
-  #     self.output = `#{self.local_calc_file}`.chomp
-  #   else
-  #     self.output = 'dynamic'
-  #   end
-  # end
-
   # @return [Object] a list of attributes that can be used to re-select the same modules
   def attributes_for_scenario_output
     attr_flattened = {}
@@ -94,62 +92,6 @@ class Module
     attr_flattened
   end
 
-  # # resolve randomisation of inputs
-  # def select_inputs
-  #   inputs.each do |input|
-  #   #   TODO TODO
-  #     Print.verbose "Input #{input["name"][0]}"
-  #     Print.verbose "Rand type: #{input["randomisation_type"][0]}"
-  #     case input["randomisation_type"][0]
-  #       when "one_from_list"
-  #         if input["value"].size == 0
-  #           Print.err "Randomisation not possible for #{module_path} (one_from_list with no values)"
-  #           exit
-  #         end
-  #         one_value = [input["value"].shuffle![0]]
-  #         input["value"] = one_value
-  #       when "flag_value"
-  #         # if no value suppied, generate one
-  #         unless input["value"]
-  #           input["value"] = ["THE_FLAG_IS:#{SecureRandom.hex}"]
-  #         else
-  #           input["value"] = ["THE_FLAG_IS:#{input["value"][0]}"]
-  #         end
-  #       when "none"
-  #         # nothing...
-  #
-  #     end
-  #
-  #     # if an encoding is specified
-  #     if input["encoding"]
-  #       if input["encoding"].size > 1
-  #         input["encoding"] = [input["encoding"].shuffle![0]]
-  #       else
-  #         enc = input["encoding"][0]
-  #       end
-  #       #
-  #       # TODO?? case enc
-  #       #   when "base64_encode"
-  #       #     require "base64"
-  #       #     unless input["value"]
-  #       #       input["value"] = [Base64.encode64(SecureRandom.hex)]
-  #       #     else
-  #       #       input["value"] = [Base64.encode64(input["value"][0])]
-  #       #     end
-  #       #   when "MD5_calc_hash"
-  #       #     unless input["value"]
-  #       #       input["value"] = [Digest::MD5.hexdigest(SecureRandom.hex)]
-  #       #     else
-  #       #       input["value"] = [Digest::MD5.hexdigest(input["value"][0])]
-  #       #     end
-  #       # end
-  #     end
-  #
-  #   end
-  #
-  #   Print.err inputs.inspect
-  # end
-
   # A one directional test for conflicts
   # Returns whether this module specifies it conflicts with the other_module.
   # Each conflict can have multiple conditions which must all be met for this

lib/objects/system.rb

@@ -1,3 +1,5 @@
+require 'json'
+
 class System
 
   attr_accessor :name
@@ -30,7 +32,7 @@ class System
 
       # for each module specified in the scenario
       module_selectors.each do |module_filter|
-        selected_modules += select_modules(module_filter.module_type, module_filter.attributes, available_modules, selected_modules, module_filter.unique_id, module_filter.write_output_variable, module_filter.write_to_module_with_id)
+        selected_modules += select_modules(module_filter.module_type, module_filter.attributes, available_modules, selected_modules, module_filter.unique_id, module_filter.write_output_variable, module_filter.write_to_module_with_id, module_filter.received_inputs)
       end
       selected_modules
 
@@ -62,7 +64,7 @@ class System
   # returns a list containing a module (plus dependencies recursively) of the module type with the required attributes
   # modules are selected from the list of available modules and will be checked against previously selected modules for conflicts
   # raises an exception when unable to resolve and the retry limit has not been reached
-  def select_modules(module_type, required_attributes, available_modules, previously_selected_modules, unique_id, write_outputs_to, write_to_module_with_id)
+  def select_modules(module_type, required_attributes, available_modules, previously_selected_modules, unique_id, write_outputs_to, write_to_module_with_id, received_inputs)
     # select based on selected type, access, cve...
 
     search_list = available_modules.clone
@@ -99,31 +101,31 @@ class System
       selected.write_output_variable = write_outputs_to
       selected.write_to_module_with_id = write_to_module_with_id
       selected.unique_id = unique_id
+      # propagate any literal values passed in via the scenario
+      selected.received_inputs = received_inputs
+
+      # feed through the input from any previous module's output
+      previously_selected_modules.each do |previous_module|
+        if previous_module.write_to_module_with_id == unique_id && previous_module.write_output_variable
+          (selected.received_inputs[previous_module.write_output_variable] ||=[]).push(*previous_module.output)
+        end
+      end
+
       # pre-calculate any secgen_local/local.rb outputs
       if selected.local_calc_file
         Print.verbose 'Module includes local calculation of output. Processing...'
-
-        # feed through the input from any previous module's output
-        # TODO TODO -- out of this if statement?
-        previously_selected_modules.each do |previous_module|
-          Print.err "#{previous_module.write_to_module_with_id} vs #{unique_id}"
-          if previous_module.write_to_module_with_id == unique_id
-            Print.err "FOUND!!!!!!!!"
-            Print.err "receiving #{previous_module.write_output_variable} - #{previous_module.output}"
-            selected.received_inputs[previous_module.write_output_variable] = previous_module.output
+        # build arguments
+        args_string = ''
+        selected.received_inputs.each do |input_key, input_values|
+          puts input_values.inspect
+          input_values.each do |input_element|
+            args_string += "'--#{input_key}=#{input_element}' "
           end
         end
 
-        # build arguments
-        args_string = ''
-        selected.received_inputs.each do |input_key, input_value|
-          args_string += "'--#{input_key}=#{input_value}'"
-        end
-
-        Print.err( "#{selected.local_calc_file} #{args_string}" )
-        selected.output = `#{selected.local_calc_file} #{args_string}`.chomp
+        Print.debug "#{selected.local_calc_file} #{args_string}"
+        selected.output = JSON.parse(`ruby #{selected.local_calc_file} #{args_string}`.chomp)
         Print.verbose "Output: #{selected.output}"
-
       end
 
       # add any modules that the selected module requires
@@ -135,7 +137,6 @@ class System
     Print.std "Module added: #{selected.printable_name}"
 
     selected_modules
-
   end
 
   def check_conflicts_with_list(module_for_possible_exclusion, selected_modules)
@@ -180,7 +181,7 @@ class System
         Print.verbose "Dependency satisfied by previously selected module: #{existing.printable_name}"
       else
         Print.verbose 'Adding required modules...'
-        modules_to_add += select_modules('any', required, available_modules, modules_to_add + selected_modules, '', '', '')
+        modules_to_add += select_modules('any', required, available_modules, modules_to_add + selected_modules, '', '', '', {})
       end
     end
     modules_to_add

lib/output/xml_report_generator.rb

@@ -31,32 +31,63 @@ class XMLReportGenerator
           xml.system {
             xml.system_name system.name
             system.module_selections.each { |selected_module|
-              case selected_module.module_type
-                when 'vulnerability'
-                  xml.vulnerability(selected_module.attributes_for_scenario_output)
-                when 'base'
-                  xml.base(selected_module.attributes_for_scenario_output)
-                when 'service'
-                  xml.service(selected_module.attributes_for_scenario_output)
-                when 'utility'
-                  xml.utility(selected_module.attributes_for_scenario_output)
-                when 'encoder'
-                  xml.encoder(selected_module.attributes_for_scenario_output)
-                when 'generator'
-                  xml.generator(selected_module.attributes_for_scenario_output)
-                when 'network'
-                  xml.network(selected_module.attributes_for_scenario_output)
-                else
-                  puts "Unexpected module type: #{selected_module.attributes_for_scenario_output}"
-                  exit
-              end
+              module_element(selected_module, xml)
             }
           }
         }
-
       }
     end
     builder.to_xml
 
   end
+
+  def module_element(selected_module, xml)
+    # don't include modules that write to others
+    # (we just output the end result in terms of literal values)
+    if selected_module.write_to_module_with_id != ''
+      xml.comment "Used to calculate values: #{selected_module.module_path}"
+      xml.comment "  (inputs: #{selected_module.received_inputs.inspect}, outputs: #{selected_module.output.inspect})"
+      return
+    end
+    case selected_module.module_type
+      # FIXME: repetition of logic :-(
+      when 'vulnerability'
+        xml.vulnerability(selected_module.attributes_for_scenario_output) {
+          selected_module.received_inputs.each do |key,value|
+            xml.input({"into" => key}) {
+              xml.value value
+            }
+          end
+        }
+      when 'base'
+        xml.base(selected_module.attributes_for_scenario_output) {
+          selected_module.received_inputs.each do |key,value|
+            xml.input({"into" => key}) {
+              xml.value value
+            }
+          end
+        }
+      when 'service'
+        xml.service(selected_module.attributes_for_scenario_output) {
+          selected_module.received_inputs.each do |key,value|
+            xml.input({"into" => key}) {
+              xml.value value
+            }
+          end
+        }
+      when 'utility'
+        xml.utility(selected_module.attributes_for_scenario_output) {
+          selected_module.received_inputs.each do |key,value|
+            xml.input({"into" => key}) {
+              xml.value value
+            }
+          end
+        }
+      when 'network'
+        xml.network(selected_module.attributes_for_scenario_output)
+      else
+        puts "Unexpected module type: #{selected_module.attributes_for_scenario_output}"
+        exit
+    end
+  end
 end

lib/readers/system_reader.rb

@@ -59,15 +59,22 @@ class SystemReader
         module_selector.unique_id = module_node.path.gsub(/[^a-zA-Z0-9]/, '')
         # check if we need to be sending the module output to another module
         module_node.xpath('parent::input').each do |input|
-          Print.err 'parent::input'
           # Parent is input -- track that we need to send write value somewhere
           input.xpath('..').each do |input_parent|
             module_selector.write_output_variable = input.xpath('@into').to_s
             module_selector.write_to_module_with_id = input_parent.path.gsub(/[^a-zA-Z0-9]/, '')
-            Print.err "module_selector.write_output_variable #{module_selector.write_output_variable} - module_selector.write_to_module_with_id #{module_selector.write_to_module_with_id}"
           end
         end
 
+        # check if we are being passed an input *literal value*
+        module_node.xpath('input/value').each do |input_value|
+          variable = input_value.xpath('../@into').to_s
+          value = input_value.text
+          Print.verbose "  -- literal value: #{variable} = #{value}"
+          (module_selector.received_inputs[variable] ||= []).push(value)
+        end
+
+
         module_node.xpath('@*').each do |attr|
           module_selector.attributes["#{attr.name}"] = [attr.text] unless attr.text.nil? || attr.text == ''
         end

lib/resources/wordlists/buzzwords_business

@@ -0,0 +1,33 @@
+Action
+Alignment
+Buzzword
+ClearGoal
+Disruptive
+Innovation
+Empower
+Strategy
+FaceTime
+Generation
+Global
+Globalization
+GoingForward
+Holistic
+Impact
+Millennial
+MovingForward
+OrganicGrowth
+OutsideTheBox
+Paradigm
+ParadigmShift
+Proactive
+PushTheEnvelope
+ReachOut
+SeaChange
+Sisterhood
+SpinUp
+Stratcom
+Streamline
+Sustainability
+Synergy
+Wheelhouse
+WinWin

lib/schemas/encoder_metadata_schema.xsd

@@ -0,0 +1,88 @@
+<?xml version="1.0"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+           targetNamespace="http://www.github/cliffe/SecGen/encoder"
+           xmlns="http://www.github/cliffe/SecGen/encoder"
+           elementFormDefault="qualified">
+
+  <xs:simpleType name="platformOptions">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="linux"/>
+      <xs:enumeration value="unix"/>
+      <xs:enumeration value="windows"/>
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:element name="encoder">
+    <xs:complexType>
+      <xs:sequence>
+        <!--required SecGen module details-->
+        <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+        <xs:element name="author" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+        <xs:element name="module_license" minOccurs="1" maxOccurs="unbounded">
+          <xs:simpleType>
+            <xs:restriction base="xs:string">
+              <xs:enumeration value="MIT"/>
+              <xs:enumeration value="Apache v2"/>
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="description" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+        <xs:element name="type" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+        <xs:element name="platform" type="platformOptions" minOccurs="1" maxOccurs="unbounded"/>
+
+        <!--optional details-->
+        <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+
+        <!--I/O: an encoder writes it's output to one fact, and reads from one or more-->
+        <xs:element name="read_fact" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+        <xs:element name="write_fact" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+        <!-- cannot co-exist with a system matching ALL of the optionally specified values (can be repeated for OR)-->
+        <xs:element name="conflict" minOccurs="0" maxOccurs="unbounded">
+          <xs:complexType>
+            <xs:sequence>
+              <xs:element name="module_path" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="author" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="module_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+
+              <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="platform" type="platformOptions" minOccurs="0" maxOccurs="unbounded"/>
+
+              <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+            </xs:sequence>
+          </xs:complexType>
+        </xs:element>
+
+        <!-- must co-exist with a system matching ALL of the optionally specified values (can be repeated for OR)-->
+        <!-- if a scenario does not include one already, the first match (randomly) found will be added before this module-->
+        <xs:element name="requires" minOccurs="0" maxOccurs="unbounded">
+          <xs:complexType>
+            <xs:sequence>
+              <xs:element name="module_path" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="author" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="module_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+
+              <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="platform" type="platformOptions" minOccurs="0" maxOccurs="unbounded"/>
+
+              <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+            </xs:sequence>
+          </xs:complexType>
+        </xs:element>
+
+      </xs:sequence>
+    </xs:complexType>
+  </xs:element>
+
+</xs:schema>

lib/schemas/generator_metadata_schema.xsd

@@ -0,0 +1,87 @@
+<?xml version="1.0"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+           targetNamespace="http://www.github/cliffe/SecGen/generator"
+           xmlns="http://www.github/cliffe/SecGen/generator"
+           elementFormDefault="qualified">
+
+  <xs:simpleType name="platformOptions">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="linux"/>
+      <xs:enumeration value="unix"/>
+      <xs:enumeration value="windows"/>
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:element name="generator">
+    <xs:complexType>
+      <xs:sequence>
+        <!--required SecGen module details-->
+        <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+        <xs:element name="author" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+        <xs:element name="module_license" minOccurs="1" maxOccurs="unbounded">
+          <xs:simpleType>
+            <xs:restriction base="xs:string">
+              <xs:enumeration value="MIT"/>
+              <xs:enumeration value="Apache v2"/>
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="description" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+        <xs:element name="type" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+        <xs:element name="platform" type="platformOptions" minOccurs="1" maxOccurs="unbounded"/>
+
+        <!--optional details-->
+        <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+
+        <!--I/O: a generator writes it's output to one fact-->
+        <xs:element name="write_fact" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+        <!-- cannot co-exist with a system matching ALL of the optionally specified values (can be repeated for OR)-->
+        <xs:element name="conflict" minOccurs="0" maxOccurs="unbounded">
+          <xs:complexType>
+            <xs:sequence>
+              <xs:element name="module_path" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="author" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="module_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+
+              <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="platform" type="platformOptions" minOccurs="0" maxOccurs="unbounded"/>
+
+              <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+            </xs:sequence>
+          </xs:complexType>
+        </xs:element>
+
+        <!-- must co-exist with a system matching ALL of the optionally specified values (can be repeated for OR)-->
+        <!-- if a scenario does not include one already, the first match (randomly) found will be added before this module-->
+        <xs:element name="requires" minOccurs="0" maxOccurs="unbounded">
+          <xs:complexType>
+            <xs:sequence>
+              <xs:element name="module_path" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="author" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="module_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+
+              <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="platform" type="platformOptions" minOccurs="0" maxOccurs="unbounded"/>
+
+              <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+            </xs:sequence>
+          </xs:complexType>
+        </xs:element>
+
+      </xs:sequence>
+    </xs:complexType>
+  </xs:element>
+
+</xs:schema>

lib/schemas/scenario_schema.xsd

@@ -20,6 +20,7 @@
         <xs:element name='network' type='NetworkType' minOccurs='0' maxOccurs='unbounded' />
         <xs:element name='generator' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
         <xs:element name='encoder' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
+        <xs:element name='value' type='xs:string' minOccurs='0' maxOccurs='unbounded' />
       </xs:choice>
     </xs:sequence>
     <xs:attribute name='into' type='xs:string'/>

lib/templates/Vagrantfile.erb

@@ -4,6 +4,7 @@
 # This file was generated by SecGen
 # <%= @time %>
 # Based on <%= @scenario %>
+<% require 'json' %>
 
 VAGRANTFILE_API_VERSION = "2"
 
@@ -38,6 +39,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
         end
       %>
     end
+
     # SecGen modules
 <% system.module_selections.each do |selected_module| -%>
 
@@ -56,19 +58,11 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 <%     module_name = selected_module.module_path_name -%>
     <%= system.name %>.vm.provision "puppet" do | <%=module_name%> |
 <%     # if there are facter variables to define
-       if selected_module.write_to_module_with_id != '' && selected_module.attributes['read_fact'] != nil -%>
+      if selected_module.received_inputs != {} -%>
       <%=module_name%>.facter = {
-<%       if selected_module.write_to_module_with_id != '' -%>
-        "write_to" => "<%=selected_module.write_to_module_with_id%>_<%=selected_module.write_output_variable%>",
-        "<%=selected_module.write_to_module_with_id%>_<%=selected_module.write_output_variable%>" => "<%=selected_module.output%>",
-<%       end -%>
-<%       if selected_module.attributes['read_fact'] != nil
-           selected_module.attributes['read_fact'].each do |fact| -%>
-        "<%=fact%>_location" => "<%=selected_module.unique_id + "_" + fact%>",
-<%         end
-         end  -%>
+        "json_inputs" => '<%=JSON.generate(selected_module.received_inputs)%>'
       }
-<%     end -%>
+<%    end -%>
       <%=module_name%>.module_path = "<%="puppet/#{system.name}/modules"%>"
       <%=module_name%>.environment_path = "<%="#{ENVIRONMENTS_PATH}"%>"
       <%=module_name%>.environment = "production"

modules/encoders/.directory

@@ -0,0 +1,4 @@
+[Dolphin]
+Timestamp=2016,8,13,12,17,57
+Version=3
+ViewMode=1

modules/encoders/string/base64/secgen_local/local.rb

@@ -7,8 +7,8 @@ class BASE64Encoder < StringEncoder
     self.module_name = 'BASE64 Encoder'
   end
 
-  def encode
-    self.output = Base64.strict_encode64(strings_to_encode)
+  def encode(str)
+    Base64.strict_encode64(str)
   end
 end
 

modules/encoders/string/l337/secgen_local/local.rb

@@ -0,0 +1,14 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_encoder.rb'
+class L337Encoder < StringEncoder
+  def initialize
+    super
+    self.module_name = 'L337 Encoder'
+  end
+
+  def encode(str)
+    str.tr!('A-Za-z', '4b-d3f6h1j-n0p-r57u-z4B-D3F6H1J-N0P-R57U-Z')
+  end
+end
+
+L337Encoder.new.run

modules/encoders/string/l337/secgen_metadata.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+
+<encoder xmlns="http://www.github/cliffe/SecGen/encoder"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/encoder">
+  <name>L337 Encoder</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>MIT</module_license>
+  <description>Basic substitution.</description>
+
+  <type>string_encoder</type>
+  <platform>linux</platform>
+  <platform>windows</platform>
+
+  <read_fact>strings_to_encode</read_fact>
+
+  <write_fact>encoded_strings</write_fact>
+  
+</encoder>

modules/encoders/string/rot13/secgen_local/local.rb

@@ -6,8 +6,8 @@ class ROT13Encoder < StringEncoder
     self.module_name = 'ROT13 Encoder'
   end
 
-  def encode
-    self.output = strings_to_encode.tr!('A-Za-z', 'N-ZA-Mn-za-m')
+  def encode(str)
+    str.tr!('A-Za-z', 'N-ZA-Mn-za-m')
   end
 end
 

modules/generators/flag/flag_base64/secgen_local/local.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+class Base64FlagGenerator < StringGenerator
+  def initialize
+    super
+    self.module_name = 'Base64 Flag Generator'
+  end
+
+  def generate
+    require 'securerandom'
+    self.outputs << "flag:#{SecureRandom.base64}"
+  end
+end
+
+Base64FlagGenerator.new.run

modules/generators/flag/flag_base64/secgen_metadata.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+  <name>Base64 Flag Generator</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>MIT</module_license>
+  <description>Uses Ruby's SecureRandom to generate a flag made up of "flag:" + base64 digits (A-Z, a-z, 0-9, +, / and =).</description>
+
+  <type>flag_generator</type>
+  <type>local_calculation</type>
+  <platform>linux</platform>
+  <platform>windows</platform>
+
+  <reference>http://ruby-doc.org/stdlib-2.2.2/libdoc/securerandom/rdoc/SecureRandom.html#method-c-base64</reference>
+
+  <write_fact>generated_strings</write_fact>
+  
+</generator>

modules/generators/flag/flag_hex/secgen_local/local.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+class HexGenerator < StringGenerator
+  def initialize
+    super
+    self.module_name = 'Random Hex Generator'
+  end
+
+  def generate
+    require 'securerandom'
+    self.outputs << SecureRandom.hex
+  end
+end
+
+HexGenerator.new.run

modules/generators/flag/flag_words/secgen_local/local.rb

@@ -0,0 +1,16 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+
+class WordGenerator < StringGenerator
+  def initialize
+    super
+    self.module_name = 'Random Word Generator'
+  end
+
+  def generate
+    self.outputs << "flag:" + File.readlines("#{ROOT_DIR}/lib/resources/wordlists/wordlist").sample.chomp
+
+  end
+end
+
+WordGenerator.new.run

modules/generators/flag/flag_words/secgen_metadata.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+  <name>Random Word Generator</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>MIT</module_license>
+  <description>Uses a wordlist (Ruby gem + a wordlist) to generate a random (mostly English) dictionary word. May include punctuation.</description>
+
+  <type>string_generator</type>
+  <type>local_calculation</type>
+  <platform>linux</platform>
+  <platform>windows</platform>
+
+  <reference>https://github.com/sophsec/wordlist</reference>
+  <reference>http://wordlist.sourceforge.net/</reference>
+
+  <write_fact>generated_strings</write_fact>
+  
+</generator>

modules/generators/hello_world/secgen_local/local.rb

@@ -1,3 +1,14 @@
 #!/usr/bin/ruby
+require_relative '../../../../lib/objects/local_string_generator.rb'
+class HelloWorldGenerator < StringGenerator
+  def initialize
+    super
+    self.module_name = 'Hello, World! Generator'
+  end
 
-puts "Hello, world!"
+  def generate
+    self.outputs << 'Hello, world!'
+  end
+end
+
+HelloWorldGenerator.new.run

modules/generators/random/random_base64/secgen_local/local.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+class Base64Generator < StringGenerator
+  def initialize
+    super
+    self.module_name = 'Random Base64 Generator'
+  end
+
+  def generate
+    require 'securerandom'
+    self.outputs << SecureRandom.base64
+  end
+end
+
+Base64Generator.new.run

modules/generators/random/random_hex/secgen_local/local.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+class HexGenerator < StringGenerator
+  def initialize
+    super
+    self.module_name = 'Random Hex Generator'
+  end
+
+  def generate
+    require 'securerandom'
+    self.outputs << SecureRandom.hex
+  end
+end
+
+HexGenerator.new.run

modules/generators/random/random_hex/secgen_metadata.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+  <name>Random Hex Generator</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>MIT</module_license>
+  <description>Uses Ruby's SecureRandom to generate a message made up of hex digits (a-f0-9).</description>
+
+  <type>string_generator</type>
+  <type>local_calculation</type>
+  <platform>linux</platform>
+  <platform>windows</platform>
+
+  <reference>http://ruby-doc.org/stdlib-2.2.2/libdoc/securerandom/rdoc/SecureRandom.html#method-c-hex</reference>
+
+  <write_fact>generated_strings</write_fact>
+  
+</generator>

modules/generators/random/random_word/secgen_local/local.rb

@@ -0,0 +1,24 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+
+class WordGenerator < StringGenerator
+  def initialize
+    super
+    self.module_name = 'Random Word Generator'
+  end
+
+  def generate
+    # require 'wordlist'
+    #
+    # list = Wordlist::FlatFile.new("#{ROOT_DIR}/lib/resources/wordlists/wordlist")
+    # list.each_unique do |word|
+    #   outputs << word
+    #   break
+    # end
+
+    self.outputs << File.readlines("#{ROOT_DIR}/lib/resources/wordlists/wordlist").sample.chomp
+
+  end
+end
+
+WordGenerator.new.run

modules/generators/random/random_word/secgen_metadata.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+  <name>Random Word Generator</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>MIT</module_license>
+  <description>Uses a wordlist (Ruby gem + a wordlist) to generate a random (mostly English) dictionary word. May include punctuation.</description>
+
+  <type>string_generator</type>
+  <type>local_calculation</type>
+  <platform>linux</platform>
+  <platform>windows</platform>
+
+  <reference>https://github.com/sophsec/wordlist</reference>
+  <reference>http://wordlist.sourceforge.net/</reference>
+
+  <write_fact>generated_strings</write_fact>
+  
+</generator>

modules/generators/random_base64/secgen_local/local.rb

@@ -1,3 +0,0 @@
-#!/usr/bin/ruby
-require 'securerandom'
-puts SecureRandom.base64

modules/generators/random_hex/secgen_local/local.rb

@@ -1,3 +0,0 @@
-#!/usr/bin/ruby
-require 'securerandom'
-puts SecureRandom.hex

modules/services/unix/nfs/nfs_share/manifests/config.pp

@@ -0,0 +1,32 @@
+class nfs_share::config {
+
+  package { ['nfs-kernel-server', 'nfs-common', 'portmap']:
+      ensure => installed
+  }
+
+
+  file { '/export_nfs':
+    ensure => 'directory',
+    owner  => 'root',
+    group  => 'wheel',
+    mode   => '0754',
+  }
+  
+  file { '/etc/exports':
+    require => Package['nfs-common'],
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0777',
+    content  => template('nfs_share/exports.erb')
+  }
+
+  exec { "exportfs":
+      require => Package['nfs-common'],
+      command => "exportfs -a",
+      path    => "/usr/sbin",
+      # path    => [ "/usr/local/bin/", "/bin/" ],  # alternative syntax
+  }
+}
+
+

modules/services/unix/nfs/nfs_share/nfs_share.pp

@@ -0,0 +1 @@
+include nfs_share::config

modules/services/unix/nfs/nfs_share/secgen_metadata.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+
+<service xmlns="http://www.github/cliffe/SecGen/service"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/service">
+  <name>NFS Share</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>MIT</module_license>
+  <description>NFS (Network File System) sharing a directory</description>
+
+  <type>nfs</type>
+
+  <platform>unix</platform>
+
+  <!--optional details-->
+  <reference>https://en.wikipedia.org/wiki/Network_File_System</reference>
+  <reference>http://nfs.sourceforge.net/#section_c</reference>
+
+  <software_name>nfs-common</software_name>
+  <software_license>GPLv2</software_license>
+
+</service>

modules/services/unix/nfs/nfs_share/templates/exports.erb

@@ -0,0 +1,11 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#               to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+ /export_nfs       172.0.0.0/8(ro,sync,no_subtree_check)
+ /export_nfs       192.0.0.0/8(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#

modules/vulnerabilities/unix/misc/distcc_exec/templates/distcc.erb

@@ -6,8 +6,6 @@
 #
  STARTDISTCC="true"
 
-#STARTDISTCC="false"
-
 #
 # Which networks/hosts should be allowed to connect to the daemon?
 # You can list multiple hosts/networks separated by spaces.
@@ -16,8 +14,8 @@
 #
 # ALLOWEDNETS="127.0.0.1"
 
-
 ALLOWEDNETS="0.0.0.0/0"
+
 #
 # Which interface should distccd listen on?
 

modules/vulnerabilities/unix/nfs/nfs_overshare/manifests/config.pp

@@ -1,6 +1,34 @@
 class nfs_overshare::config {
 
-  file { '/export_nfs/something':
+  package { ['nfs-kernel-server', 'nfs-common', 'portmap']:
+    ensure => installed
+  }
+
+
+  file { '/etc/exports':
+    require => Package['nfs-common'],
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0777',
+    content  => template('nfs_overshare/exports.erb')
+  }
+
+  file { '/exports':
+    require => Package['nfs-common'],
+    ensure => 'directory',
+    owner   => 'root',
+    group   => 'root'
+  }
+
+  exec { "exportfs":
+    require => Package['nfs-common'],
+    command => "exportfs -a",
+    path    => "/usr/sbin",
+    # path    => [ "/usr/local/bin/", "/bin/" ],  # alternative syntax
+  }
+
+  file { '/exports/something':
     require => Package['nfs-common'],
     ensure  => present,
     owner   => 'root',
@@ -9,4 +37,10 @@ class nfs_overshare::config {
     content  => template('nfs_overshare/overshare.erb')
   }
 
+  # file { '/tmp/file02':
+  #   ensure  => file,
+  #   content => 'Yeah, I am file02, so what?',
+  # }
+  # strings_to_leak_location
+
 }

modules/vulnerabilities/unix/nfs/nfs_overshare/secgen_metadata.xml

@@ -33,4 +33,8 @@
   <hint>A filesharing misconfiguration</hint>
   <solution>NFS can be mounted to access files</solution>
 
+  <conflict>
+    <type>nfs</type>
+  </conflict>
+
 </vulnerability>

modules/vulnerabilities/unix/nfs/nfs_overshare/templates/exports.erb

@@ -0,0 +1,11 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#               to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+ /exports       172.0.0.0/8(rw,sync,no_subtree_check)
+ /exports       192.0.0.0/8(rw,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#

modules/vulnerabilities/unix/nfs/nfs_overshare/templates/overshare.erb

@@ -0,0 +1,2 @@
+<% require 'json' -%>
+<%= JSON.parse(@json_inputs)["strings_to_leak"].join("\n----\n") %>

modules/vulnerabilities/unix/nfs/nfs_rootshare/manifests/config.pp

@@ -0,0 +1,25 @@
+class nfs_rootshare::config {
+
+  package { ['nfs-kernel-server', 'nfs-common', 'portmap']:
+      ensure => installed
+  }
+
+
+  file { '/etc/exports':
+    require => Package['nfs-common'],
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0777',
+    content  => template('nfs_overshare/exports.erb')
+  }
+
+  exec { "exportfs":
+      require => Package['nfs-common'],
+      command => "exportfs -a",
+      path    => "/usr/sbin",
+      # path    => [ "/usr/local/bin/", "/bin/" ],  # alternative syntax
+  }
+}
+
+

modules/vulnerabilities/unix/nfs/nfs_rootshare/nfs_rootshare.pp

@@ -0,0 +1 @@
+include nfs_rootshare::config

modules/vulnerabilities/unix/nfs/nfs_rootshare/secgen_metadata.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0"?>
+
+<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
+  <name>NFS Read-write Access to FS</name>
+  <author>Lewis Ardern</author>
+  <module_license>MIT</module_license>
+  <description>NFS misconfigured to be mountable from anyone that can interact with it, with full read write access to /.</description>
+
+  <type>nfs</type>
+  <privilege>root</privilege>
+  <access>remote</access>
+  <platform>linux</platform>
+
+  <!--optional vulnerability details-->
+  <difficulty>low</difficulty>
+  <!--<cve></cve>-->
+  <cvss_base_score>9.3</cvss_base_score>
+  <cvss_vector>AV:N/AC:M/Au:N/C:C/I:C/A:C</cvss_vector>
+  <reference>http://nfs.sourceforge.net/#section_c</reference>
+  <software_name>nfsd</software_name>
+  <software_license>GPLv2</software_license>
+
+  <!--optional breadcrumb (info that is leaked and required to exploit)-->
+  <!--<breadcrumb></breadcrumb>-->
+
+  <!--optional hints-->
+  <!--<msf_module></msf_module>-->
+  <hint>A filesharing misconfiguration</hint>
+  <solution>NFS can be mounted to access files</solution>
+
+  <conflict>
+    <type>nfs</type>
+  </conflict>
+
+</vulnerability>

modules/vulnerabilities/unix/nfs/nfs_rootshare/templates/exports.erb

@@ -0,0 +1,11 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#               to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+ /       172.0.0.0/8(rw,sync,no_subtree_check)
+ /       192.0.0.0/8(rw,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#

scenarios/parameterised_examples/encode_and_leak_multiple_values.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!-- encode and leak multiple values -->
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<!--and select an encoder to encode some other strings to leak-->
+				<encoder>
+					<input into="strings_to_encode">
+						<!--encode the following strings-->
+						<value>Nothing to see here move along...</value>
+						<value>Still nothing to see here move along...</value>
+					</input>
+				</encoder>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/encoder_examples/1337.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<encoder module_path="modules/encoders/string/1337">
+					<input into="strings_to_encode">
+						<value>Nothing to see here move along...</value>
+					</input>
+				</encoder>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/encoder_examples/base64.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<encoder module_path="modules/encoders/string/base64">
+					<input into="strings_to_encode">
+						<value>Nothing to see here move along...</value>
+					</input>
+				</encoder>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/encoder_examples/rot13.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<encoder module_path="modules/encoders/string/rot13">
+					<input into="strings_to_encode">
+						<value>Nothing to see here move along...</value>
+					</input>
+				</encoder>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/generate_and_leak_multiple_values.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!-- generate and leak multiple values -->
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<!--generate some random input-->
+				<generator/>
+				<!--and some more random input-->
+				<generator/>
+				<!--and also leak the following string-->
+				<value>Nothing to see here move along...</value>
+			</input>
+		</vulnerability>
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/generate_encode_and_leak_multiple_values.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!-- generate encode and leak multiple values -->
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<!--leak a plain text string-->
+				<value>Hello there</value>
+				<!--and select an encoder to encode some other strings to leak-->
+				<encoder>
+					<input into="strings_to_encode">
+						<!--generate some random input-->
+						<generator/>
+						<!--and some more random input-->
+						<generator/>
+						<!--and also encode the following string-->
+						<value>Nothing to see here move along...</value>
+					</input>
+				</encoder>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/generator_examples/hello_world.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<generator module_path="modules/generators/hello_world"/>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/generator_examples/random_base64.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<generator module_path="modules/generators/random/random_base64"/>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/generator_examples/random_hex.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<generator module_path="modules/generators/random/random_word"/>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/generator_examples/random_word.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<generator module_path="modules/generators/random/random_hex"/>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/parameterised_examples/leak_multiple_values.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!-- leak multiple values -->
+
+		<!--select a vulnerability that leaks strings-->
+		<vulnerability read_fact="strings_to_leak">
+			<!--direct the output from below into strings_to_leak-->
+			<input into="strings_to_leak">
+				<value>Nothing to see here move along...</value>
+				<value>Still nothing to see here move along...</value>
+			</input>
+		</vulnerability>
+
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>

scenarios/simple_examples/any_locally_exploitable_vulnerability.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>random_server</system_name>
+		<base module_path="modules/bases/debian_puppet_32"/>
+		<vulnerability access="local"/>
+	</system>
+</scenario>

scenarios/simple_examples/any_remotely_exploitable_root_vulnerability.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>random_server</system_name>
+		<base module_path="modules/bases/debian_puppet_32"/>
+		<vulnerability access="remote" privilege="root"/>
+	</system>
+</scenario>

scenarios/simple_examples/any_remotely_exploitable_user_vulnerability.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>random_server</system_name>
+		<base module_path="modules/bases/debian_puppet_32"/>
+		<vulnerability access="remote" privilege="user"/>
+	</system>
+</scenario>

scenarios/simple_examples/any_remotely_exploitable_vulnerability.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>random_server</system_name>
+		<base module_path="modules/bases/debian_puppet_32"/>
+		<vulnerability access="remote"/>
+	</system>
+</scenario>