├── static
    └── .gitkeep
├── .gitignore
├── VERSION.txt
├── data
    ├── payloads
    │   ├── scanner.sh
    │   └── msf_extract.rb
    ├── payload
    │   └── 90ef8eaa-01b7-4e98-9070-105eca3bac39.yml
    └── abilities
    │   ├── reconnaissance
    │       └── 567eaaba-94cc-4a27-83f8-768e5638f4e1.yml
    │   └── resource-development
    │       └── bed8f28e-c0ed-463e-9e31-d5607e5473df.yml
├── README.md
├── .github
    ├── ISSUE_TEMPLATE
    │   ├── config.yml
    │   ├── question.md
    │   ├── bug_report.md
    │   └── feature_request.md
    └── pull_request_template.md
├── hook.py
├── stores
    └── accessStore.js
├── app
    └── access_api.py
├── gui
    └── views
    │   └── access.vue
└── templates
    └── access.html


/static/.gitkeep:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | .idea/*
3 | **/__pycache__
4 | 


--------------------------------------------------------------------------------
/VERSION.txt:
--------------------------------------------------------------------------------
1 | 2.9.0-d1394c1508a1c89fc5b59651fce7abec
2 | 


--------------------------------------------------------------------------------
/data/payloads/scanner.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | echo '[+] Starting basic NMAP scan'
4 | nmap -Pn $1
5 | echo '[+] Complete with module'


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # MITRE Caldera Plugin: Access
2 | 
3 | Plugin supplying Caldera with red-team tools and functions, as applied to initial access.
4 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | contact_links:
2 |   - name: Documentation
3 |     url: https://caldera.readthedocs.io/en/latest/
4 |     about: Your question may be answered in the documentation
5 | 


--------------------------------------------------------------------------------
/data/payload/90ef8eaa-01b7-4e98-9070-105eca3bac39.yml:
--------------------------------------------------------------------------------
 1 | 
 2 | ---
 3 | 
 4 | id: 90ef8eaa-01b7-4e98-9070-105eca3bac39
 5 | name: Access Payloads
 6 | standard_payloads:
 7 |   msf_extract.py:
 8 |     description: GET METASPLOIT EXPLOITS
 9 |     id: 169b74a7-e31b-4dd6-b6ff-721f3a615cc7
10 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/question.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: "\U00002753 Question"
 3 | about: Support questions
 4 | title: ''
 5 | labels: question
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | 
11 | 
12 | 
13 | <!--
14 | Please see our documentation here: https://caldera.readthedocs.io/en/latest/
15 | 
16 | If you'd like to help us improve our documentation please open a pull request here: https://github.com/mitre/fieldmanual
17 | -->
18 | 


--------------------------------------------------------------------------------
/data/abilities/reconnaissance/567eaaba-94cc-4a27-83f8-768e5638f4e1.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - id: 567eaaba-94cc-4a27-83f8-768e5638f4e1
 3 |   name: NMAP scan
 4 |   description: Scan an external host for open ports and services
 5 |   tactic: reconnaissance
 6 |   technique:
 7 |     name: Active Scanning
 8 |     attack_id: T1595
 9 |   platforms:
10 |     darwin,linux:
11 |       sh:
12 |         command: |
13 |           ./scanner.sh #{target.ip}
14 |         timeout: 300
15 |         payloads:
16 |           - scanner.sh
17 | 


--------------------------------------------------------------------------------
/data/abilities/resource-development/bed8f28e-c0ed-463e-9e31-d5607e5473df.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - id: bed8f28e-c0ed-463e-9e31-d5607e5473df
 3 |   name: Load Metasploit Abilities
 4 |   description: Load Metasploit Abilities
 5 |   tactic: resource-development
 6 |   technique:
 7 |     name: "Obtain Capabilities: Exploits"
 8 |     attack_id: T1588.005
 9 |   platforms:
10 |     darwin,linux:
11 |       sh:
12 |         command: |
13 |           msfconsole -r msf_extract.rb #{app.contact.http} #{app.api_key.red}
14 |         timeout: 1000
15 |         payloads:
16 |           - msf_extract.rb
17 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: "\U0001F41E  Bug report"
 3 | about: Create a report to help us improve
 4 | title: ''
 5 | labels: bug
 6 | assignees: wbooth
 7 | 
 8 | ---
 9 | 
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 | 
13 | **To Reproduce**
14 | Steps to reproduce the behavior:
15 | 1. 
16 | 
17 | **Expected behavior**
18 | A clear and concise description of what you expected to happen.
19 | 
20 | **Screenshots**
21 | If applicable, add screenshots to help explain your problem.
22 | 
23 | **Desktop (please complete the following information):**
24 |  - OS: [e.g. Mac, Windows, Kali]
25 |  - Browser [e.g. chrome, safari]
26 |  - Version [e.g. 2.8.0]
27 | 
28 | **Additional context**
29 | Add any other context about the problem here.
30 | 


--------------------------------------------------------------------------------
/hook.py:
--------------------------------------------------------------------------------
 1 | from app.utility.base_world import BaseWorld
 2 | from plugins.access.app.access_api import AccessApi
 3 | 
 4 | name = 'Access'
 5 | description = 'A toolkit containing initial access throwing modules'
 6 | address = '/plugin/access/gui'
 7 | access = BaseWorld.Access.RED
 8 | 
 9 | 
10 | async def enable(services):
11 |     access_api = AccessApi(services=services)
12 |     app = services.get('app_svc').application
13 |     app.router.add_static('/access', 'plugins/access/static', append_version=True)
14 |     app.router.add_route('GET', '/plugin/access/gui', access_api.landing)
15 |     app.router.add_route('POST', '/plugin/access/exploit', access_api.exploit)
16 |     app.router.add_route('POST', '/plugin/access/abilities', access_api.abilities)
17 |     app.router.add_route('POST', '/plugin/access/executor', access_api.executor)
18 | 


--------------------------------------------------------------------------------
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
 1 | ## Description
 2 | 
 3 | (insert summary)
 4 | 
 5 | ## Type of change
 6 | 
 7 | Please delete options that are not relevant.
 8 | 
 9 | - [ ] Bug fix (non-breaking change which fixes an issue)
10 | - [ ] New feature (non-breaking change which adds functionality)
11 | - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
12 | - [ ] This change requires a documentation update
13 | 
14 | ## How Has This Been Tested?
15 | 
16 | Please describe the tests that you ran to verify your changes.
17 | 
18 | 
19 | ## Checklist:
20 | 
21 | - [ ] My code follows the style guidelines of this project
22 | - [ ] I have performed a self-review of my own code
23 | - [ ] I have made corresponding changes to the documentation
24 | - [ ] I have added tests that prove my fix is effective or that my feature works
25 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: "\U0001F680 New Feature Request"
 3 | about: Propose a new feature
 4 | title: ''
 5 | labels: feature
 6 | assignees: 'wbooth'
 7 | 
 8 | ---
 9 | 
10 | **What problem are you trying to solve? Please describe.**
11 | > Eg. I'm always frustrated when [...]
12 | 
13 | 
14 | **The ideal solution: What should the feature should do?**
15 | > a clear and concise description
16 | 
17 | 
18 | **What category of feature is this?**
19 | 
20 | - [ ] UI/UX
21 | - [ ] API
22 | - [ ] Other
23 | 
24 | **If you have code or pseudo-code please provide:**
25 | 
26 | <!-- Put your code examples here -->
27 | ```python
28 | 
29 | ```
30 | 
31 | - [ ] Willing to submit a pull request to implement this feature?
32 | 
33 | **Additional context**
34 | Add any other context or screenshots about the feature request here.
35 | 
36 | Thank you for your contribution!
37 | 


--------------------------------------------------------------------------------
/stores/accessStore.js:
--------------------------------------------------------------------------------
 1 | import { defineStore } from "pinia";
 2 | 
 3 | export const useAccessStore = defineStore("accessStore", {
 4 |     state: () => {
 5 |         return {};
 6 |     },
 7 |     getters: {
 8 |         enabledPlugins: (state) => (state.mainConfig ? state.mainConfig.plugins : [])  
 9 |     },
10 |     actions: {
11 |         async restRequest(requestType, data, callback = (r) => {
12 |             console.log('Fetch Success', r);
13 |         }, endpoint = '/api/rest') {
14 |             const requestData = requestType === 'GET' ?
15 |                 {method: requestType, headers: {'Content-Type': 'application/json'}} :
16 |                 {method: requestType, headers: {'Content-Type': 'application/json'}, body: JSON.stringify(data)}
17 | 
18 |             fetch(endpoint, requestData)
19 |                 .then((response) => {
20 |                     if (!response.ok) {
21 |                         throw (response.statusText);
22 |                     }
23 |                     return response.text();
24 |                 })
25 |                 .then((text) => {
26 |                     try {
27 |                         callback(JSON.parse(text));
28 |                     } catch {
29 |                         callback(text);
30 |                     }
31 |                 })
32 |                 .catch((error) => console.error(error));
33 |         },
34 | 
35 |         async apiV2(requestType, endpoint, body = null, jsonRequest = true) {
36 |             let requestBody = { method: requestType };
37 |             if (jsonRequest) {
38 |                 requestBody.headers = { 'Content-Type': 'application/json' };
39 |                 if (body) {
40 |                     requestBody.body = JSON.stringify(body);
41 |                 }
42 |             } else {
43 |                 if (body) {
44 |                     requestBody.body = body;
45 |                 }
46 |             }
47 | 
48 |             return new Promise((resolve, reject) => {
49 |                 fetch(endpoint, requestBody)
50 |                     .then((response) => {
51 |                         if (!response.ok) {
52 |                             reject(response.statusText);
53 |                         }
54 |                         return response.text();
55 |                     })
56 |                     .then((text) => {
57 |                         try {
58 |                             resolve(JSON.parse(text));
59 |                         } catch {
60 |                             resolve(text);
61 |                         }
62 |                     });
63 |             });
64 |         }
65 |     },
66 | });
67 | 


--------------------------------------------------------------------------------
/app/access_api.py:
--------------------------------------------------------------------------------
 1 | import copy
 2 | 
 3 | from aiohttp import web
 4 | from aiohttp_jinja2 import template
 5 | 
 6 | from app.objects.secondclass.c_fact import Fact
 7 | from app.service.auth_svc import for_all_public_methods, check_authorization
 8 | 
 9 | 
10 | @for_all_public_methods(check_authorization)
11 | class AccessApi:
12 | 
13 |     def __init__(self, services):
14 |         self.data_svc = services.get('data_svc')
15 |         self.rest_svc = services.get('rest_svc')
16 |         self.auth_svc = services.get('auth_svc')
17 | 
18 |     @template('access.html')
19 |     async def landing(self, request):
20 |         search = dict(access=tuple(await self.auth_svc.get_permissions(request)))
21 |         abilities = await self.data_svc.locate('abilities', match=search)
22 |         tactics = sorted(list(set(a.tactic.lower() for a in abilities)))
23 |         obfuscators = [o.display for o in await self.data_svc.locate('obfuscators')]
24 |         return dict(agents=[a.display for a in await self.data_svc.locate('agents', match=search)],
25 |                     abilities=[a.display for a in abilities], tactics=tactics, obfuscators=obfuscators)
26 | 
27 |     async def exploit(self, request):
28 |         data = await request.json()
29 |         converted_facts = [Fact(trait=f['trait'], value=f['value']) for f in data.get('facts', [])]
30 |         await self.rest_svc.task_agent_with_ability(data['paw'], data['ability_id'], data['obfuscator'], converted_facts)
31 |         return web.json_response('complete')
32 | 
33 |     async def abilities(self, request):
34 |         data = await request.json()
35 |         agent_search = dict(access=tuple(await self.auth_svc.get_permissions(request)), paw=data['paw'])
36 |         agent = (await self.data_svc.locate('agents', match=agent_search))[0]
37 |         ability_search = dict(access=tuple(await self.auth_svc.get_permissions(request)))
38 |         abilities = await self.data_svc.locate('abilities', match=ability_search)
39 |         capable_abilities = await agent.capabilities(list(abilities))
40 |         return web.json_response([a.display for a in capable_abilities])
41 | 
42 |     async def executor(self, request):
43 |         data = await request.json()
44 |         agent_search = dict(access=tuple(await self.auth_svc.get_permissions(request)), paw=data['paw'])
45 |         agent = (await self.data_svc.locate('agents', match=agent_search))[0]
46 |         ability_search = dict(access=tuple(await self.auth_svc.get_permissions(request)), ability_id=data['ability_id'])
47 |         ability = (await self.data_svc.locate('abilities', match=ability_search))[0]
48 |         executor = await agent.get_preferred_executor(ability)
49 |         if not executor:
50 |             return web.json_response(dict(error='Executor not found for ability'))
51 |         trimmed_ability = copy.deepcopy(ability)
52 |         trimmed_ability.remove_all_executors()
53 |         trimmed_ability.add_executor(executor)
54 |         return web.json_response(trimmed_ability.display)
55 | 


--------------------------------------------------------------------------------
/data/payloads/msf_extract.rb:
--------------------------------------------------------------------------------
  1 | <ruby>
  2 | 
  3 | require 'json'
  4 | require 'net/http'
  5 | require 'securerandom'
  6 | require 'uri'
  7 | 
  8 | def get_exploit_info(exploit_name)
  9 |     exploit = self.framework.modules.create(exploit_name)
 10 |     description = get_exploit_description(exploit)
 11 |     privileged = exploit.privileged ? "Elevated" : ""
 12 |     platforms = exploit.target_platform.platforms.map {|plat| plat.realname }
 13 | 
 14 |     params = []
 15 |     for name, option in exploit.options
 16 |         if option.required && option.default.nil?
 17 |             params.push(name)
 18 |         end
 19 |     end
 20 | 
 21 |     data = {
 22 |         "name" => exploit.name,
 23 |         "description" => description,
 24 |         "platform" => platforms,
 25 |         "privilege" => exploit.privileged ? "Elevated" : "",
 26 |         "module" => exploit.realname,
 27 |         "params" => params
 28 |     }
 29 | end
 30 | 
 31 | def get_exploit_description(exploit)
 32 |     description = Rex::Text.compress(exploit.description)
 33 |     description << "\n\n"
 34 | 
 35 |     if (exploit.options.has_options?)
 36 |       description << "Basic options:\n\n"
 37 |       description << ::Msf::Serializer::ReadableText.dump_options(exploit, "  ")
 38 |     end
 39 | 
 40 |     adv_opts = ::Msf::Serializer::ReadableText.dump_advanced_options(exploit, "   ")
 41 |     description << "\nAdvanced options:\n\n"
 42 |     description << "#{adv_opts}\n" if (adv_opts and adv_opts.length > 0)
 43 | 
 44 |     description << ::Msf::Serializer::ReadableText.dump_references(exploit, "  ")
 45 | 
 46 |     return description
 47 | end
 48 | 
 49 | def convert_to_ability(exploit)
 50 |     command = 'msfconsole -x "use ' + exploit['module'] + '; '
 51 |     for param in exploit['params']
 52 |         command += 'set ' + param + ' ' + '#{msf.' + param + '}; '
 53 |     end
 54 |     command += 'run"'
 55 | 
 56 |     os = get_os
 57 |     executor = (os == "windows" ? "cmd" : "sh")
 58 | 
 59 |     ability = {
 60 |         "ability_id" => SecureRandom.uuid,
 61 |         "tactic" => "metasploit",
 62 |         "technique_name" => "metasploit",
 63 |         "technique_id" => "T1349",
 64 |         "name" => exploit['name'],
 65 |         "description" => exploit['description'],
 66 |         "privilege" => exploit['privilege'],
 67 |         "executors" => [{
 68 |             "command" => command,
 69 |             "timeout" => 60,
 70 |             "platform" => os
 71 |         }]
 72 |     }
 73 |     return ability
 74 | end
 75 | 
 76 | def get_os
 77 |     if (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM) != nil
 78 |         return "windows"
 79 |     elsif (/darwin/ =~ RUBY_PLATFORM) != nil
 80 |         return "darwin"
 81 |     else
 82 |         return "linux"
 83 |     end
 84 | end
 85 | 
 86 | def save_ability(ability, c2_uri, c2_key)
 87 |     uri = URI.parse(c2_uri + '/api/v2/abilities')
 88 |     header = {
 89 |         'Content-Type' => 'text/json',
 90 |         'KEY' => c2_key
 91 |     }
 92 |     http = Net::HTTP.new(uri.host, uri.port)
 93 |     request = Net::HTTP::Post.new(uri, header)
 94 |     request.body = ability.to_json
 95 |     response = http.request(request)
 96 | end
 97 | 
 98 | c2_uri = ARGV.shift || 'http://0.0.0.0:8888'
 99 | c2_key = ARGV.shift || 'ADMIN123'
100 | 
101 | for exploit_name in self.framework.exploits.keys
102 |     exploit = get_exploit_info(exploit_name)
103 |     ability = convert_to_ability(exploit)
104 |     response = save_ability(ability, c2_uri, c2_key)
105 | end
106 | 
107 | exit(true)
108 | 
109 | </ruby>
110 | 
111 | quit
112 | 


--------------------------------------------------------------------------------
/gui/views/access.vue:
--------------------------------------------------------------------------------
  1 | <script>
  2 | import { b64DecodeUnicode } from "@/utils/utils";
  3 |     export default {
  4 |       inject: ["$api"],
  5 |       data() {
  6 |         return {
  7 |           // Core variables
  8 |           agents: [],
  9 |           links: [],
 10 |           obfuscators: [
 11 |                 {
 12 |                     "description": "Obfuscates commands in base64",
 13 |                     "name": "base64"
 14 |                 },
 15 |                 {
 16 |                     "description": "Obfuscates commands in base64, then adds characters to evade base64 detection. Disclaimer: this may cause duplicate links to run.",
 17 |                     "name": "base64jumble"
 18 |                 },
 19 |                 {
 20 |                     "description": "Obfuscates commands in base64, then removes padding",
 21 |                     "name": "base64noPadding"
 22 |                 },
 23 |                 {
 24 |                     "description": "Obfuscates commands through a caesar cipher algorithm, which uses a randomly selected shift value.",
 25 |                     "name": "caesar cipher"
 26 |                 },
 27 |                 {
 28 |                     "description": "Does no obfuscation to any command, instead running it in plain text",
 29 |                     "name": "plain-text"
 30 |                 },
 31 |                 {
 32 |                     "description": "Obfuscates commands through image-based steganography",
 33 |                     "name": "steganography"
 34 |                 }
 35 |             ],
 36 |           selectedObfuscator: 'base64',
 37 |           selectedAgent: {},
 38 |           selectedAgentPaw: '',
 39 |           abilities: [],
 40 |           filteredAbilities: [],
 41 |           selectedAbility: {},
 42 |           selectedAbilityId: '',
 43 |           tactics: [],
 44 |           selectedTactic: '',
 45 |           techniques: [],
 46 |           selectedTechnique: '',
 47 |           searchQuery: '',
 48 |           searchResults: [],
 49 |           // Modals
 50 |           showOutputModal: false,
 51 |           outputCommand: '',
 52 |           outputResult: '',
 53 |           showRunModal: false,
 54 |           facts: []
 55 |         };
 56 |       },
 57 |       created() {
 58 |         this.initPage();
 59 |       },
 60 |       methods: {
 61 |         async initPage() {
 62 |           try {
 63 |             const agentsRes = await this.$api.get('/api/v2/agents');
 64 |             this.agents = agentsRes.data;
 65 |             const abilityRes = await this.$api.get('/api/v2/abilities');
 66 |             this.abilities = abilityRes.data;
 67 |             const obfuscatorsRes = await this.$api.get('/api/v2/obfuscators');
 68 |             this.obfuscators = obfuscatorsRes.data;
 69 |             while (this.$refs.headerAccess) {
 70 |               await this.sleep(3000);
 71 |               this.refreshAgents();
 72 |             }
 73 |           } catch (error) {
 74 |             this.toast('There was an error initializing the page', false);
 75 |             console.error(error);
 76 |           }
 77 |         },
 78 | 
 79 |         selectAgent() {
 80 |           this.selectedAgent = this.agents.find((agent) => agent.paw === this.selectedAgentPaw);
 81 |           this.links = this.selectedAgent.links;
 82 |           this.filterAbilitiesByPlatform();
 83 |         },
 84 | 
 85 |         filterAbilitiesByPlatform() {
 86 |           let platform = this.selectedAgent.platform;
 87 |           this.filteredAbilities = [];
 88 |           this.abilities.forEach((ability) => {
 89 |             let execPlatforms = ability.executors.map((exec) => exec.platform);
 90 |             if (execPlatforms.includes(platform)) {
 91 |               this.filteredAbilities.push(ability);
 92 |             }
 93 |           });
 94 |         },
 95 | 
 96 |         async refreshAgents() {
 97 |           try {
 98 |             const res = await this.$api.get('/api/v2/agents');
 99 |             this.agents = res.data;
100 |             if (this.selectedAgentPaw) {
101 |               this.selectAgent();
102 |             }
103 |           } catch (error) {
104 |             this.toast('There was an error refreshing the page', false);
105 |             console.error(error);
106 |           }
107 |         },
108 | 
109 |         getLinkStatus(link) {
110 |           if (link.status === 0) {
111 |             return 'success';
112 |           } else if (link.status > 0) {
113 |             return 'failed';
114 |           } else {
115 |             return 'in progress';
116 |           }
117 |         },
118 | 
119 |         showOutput(link) {
120 |           this.$api.post('/api/rest', {'index': 'result', 'link_id': link.unique}).then((data) => {
121 |             this.outputCommand = b64DecodeUnicode(link.command);
122 |             try {
123 |               this.outputResult = JSON.parse(b64DecodeUnicode(data.data.output));
124 |             } catch (SyntaxError) {
125 |               this.outputResult = ""
126 |             }
127 |             this.showOutputModal = true;
128 |           });
129 |         },
130 | 
131 |         searchForAbility() {
132 |           this.searchResults = [];
133 |           if (!this.searchQuery) return;
134 |           this.filteredAbilities.forEach((ability) => {
135 |             if (ability.name.toLowerCase().indexOf(this.searchQuery.toLowerCase()) > -1) {
136 |               this.searchResults.push({
137 |                 ability_id: ability.ability_id,
138 |                 name: ability.name
139 |               });
140 |             }
141 |           });
142 |         },
143 | 
144 |         selectAbility(id) {
145 |           this.searchQuery = [];
146 |           this.searchResults = [];
147 |           this.selectedAbility = this.abilities.find((ability) => ability.ability_id === id);
148 |           this.selectedTactic = this.selectedAbility.tactic;
149 |           this.selectedTechnique = this.selectedAbility.technique_id;
150 |           this.selectedAbilityId = id;
151 |           this.findFacts();
152 |         },
153 | 
154 |         findFacts() {
155 |           let rxp = /#{([^}]+)}/g;
156 |           let match;
157 |           let matches = [];
158 |           let commands = this.selectedAbility.executors.map((exec) => exec.command);
159 |           commands.forEach((command) => {
160 |             while (match = rxp.exec(command)) {
161 |               matches.push(match[1]);
162 |             }
163 |           });
164 |           this.facts = [...new Set(matches)].map((fact) => { 
165 |             return { trait: fact, value: '' };
166 |           });
167 |         },
168 | 
169 |         async execute() {
170 |           if (this.facts.length && this.facts.filter((fact) => !fact.value).length) {
171 |             this.toast('Fact values cannot be empty!', false);
172 |             return;
173 |           }
174 | 
175 |           let requestBody = {
176 |             paw: this.selectedAgentPaw,
177 |             ability_id: this.selectedAbilityId,
178 |             facts: this.facts,
179 |             obfuscator: this.selectedObfuscator
180 |           };
181 | 
182 |           try {
183 |             await this.$api.post('/plugin/access/exploit', requestBody);
184 |             this.showRunModal = false;
185 |             this.refreshAgents();
186 |             this.toast('Executed ability', true);
187 |           } catch (error) {
188 |             console.error(error);
189 |           }
190 |         },
191 | 
192 |         sleep(ms) {
193 |           return new Promise(resolve => setTimeout(resolve, ms));
194 |         },
195 | 
196 |         toast(message, type) {
197 |           // Your toast implementation here
198 |         }
199 |       }
200 |     };
201 | </script>
202 | 
203 | <template lang="pug">
204 | div(ref="headerAccess")
205 |     h2 Access
206 |     p Here you can task any agent with any ability from the database - outside the scope of an operation. This is especially useful for conducting initial access attacks. To do this, deploy an agent locally and task it with either pre-ATT&CK or initial access tactics, pointed at any target. You can even deploy an agent remotely and use it as a proxy to conduct your initial access attacks. To the right, you'll see every ability directly tasked to an agent.
207 |     hr
208 | // AGENT SELECTION
209 | 
210 | div.mb-6
211 |     form
212 |         #select-agent.field.has-addons
213 |             label.label.mr-5 Select an agent
214 |             .control.is-expanded
215 |                 .select.is-small.is-fullwidth
216 |                     select(v-on:change="selectAgent()" v-model="selectedAgentPaw")
217 |                         option(value="" disabled selected) Select an agent
218 |                         template(v-for="agent of agents" :key="agent.paw")
219 |                             option(v-bind:value="agent.paw" v-text="`${agent.host} - ${agent.paw}`")
220 | 
221 | div.has-text-centered.content(v-show="!selectedAgentPaw")
222 |     p Select an agent to get started
223 | 
224 | div.mb-3(v-show="selectedAgentPaw")
225 |     .is-flex(v-show="selectedAgentPaw")
226 |         button.button.is-primary.is-small.mr-6(@click="showRunModal = true")
227 |             span.icon
228 |                 i.fas.fa-running
229 |             span Run an Ability
230 |         span.mr-6
231 |             strong.mr-4 Agent Platform
232 |             span(v-text="selectedAgent.platform")
233 |         span
234 |             strong.mr-4 Compatible Abilities
235 |             span(v-text="filteredAbilities.length")
236 |     p.has-text-centered.content(v-show="!links.length") No links to show
237 | 
238 | div(v-show="selectedAgentPaw && links.length")
239 |     table.table.is-striped.is-fullwidth
240 |         thead
241 |             tr
242 |                 th order
243 |                 th name
244 |                 th tactic
245 |                 th status
246 |                 th
247 |         tbody
248 |             tr.pointer(v-for="(link, index) in links", :key="link.unique")
249 |                 td(v-text="index + 1")
250 |                 td(v-text="link.ability.name")
251 |                 td(v-text="link.ability.tactic")
252 |                 td(v-text="getLinkStatus(link)" v-bind:class="{ 'has-text-danger': getLinkStatus(link) === 'failed', 'has-text-success': getLinkStatus(link) === 'success' }")
253 |                 td
254 |                     button.button.is-small.is-primary(@click="showOutput(link)") Output
255 | 
256 | // MODALS
257 | 
258 | div.modal(v-bind:class="{ 'is-active': showOutputModal }")
259 |     .modal-background(@click="showOutputModal = false")
260 |     .modal-card.wide
261 |         header.modal-card-head
262 |             p.modal-card-title Link Output
263 |         section.modal-card-body
264 |             label.label Command
265 |             pre(v-text="outputCommand")
266 |             label.label Standard Output
267 |             pre(v-text="outputResult.stdout || '[ no output to show ]'")
268 |         footer.modal-card-foot
269 |             nav.level
270 |                 .level-left
271 |                 .level-right
272 |                     .level-item
273 |                         button.button.is-small(@click="showOutputModal = false") Close
274 | 
275 | div.modal(v-bind:class="{ 'is-active': showRunModal }")
276 |     .modal-background(@click="showRunModal = false")
277 |     .modal-card
278 |         header.modal-card-head
279 |             p.modal-card-title Run an Ability
280 |         section.modal-card-body
281 |             p.has-text-centered Select an Ability
282 |             form
283 |                 .field.is-horizontal
284 |                     .field-label.is-small
285 |                         label.label
286 |                             span.icon.is-small
287 |                                 i.fas.fa-search
288 |                     .field-body
289 |                         .field
290 |                             .control
291 |                                 input.input.is-small(v-model="searchQuery" placeholder="Search for an ability..." v-on:keyup="searchForAbility()")
292 |                                 .search-results
293 |                                     template(v-for="result in searchResults", :key="result.ability_id")
294 |                                         p(@click="selectAbility(result.ability_id)" v-text="result.name")
295 |             form
296 |                 .field.is-horizontal
297 |                     .field-label.is-small
298 |                         label.label Tactic
299 |                     .field-body
300 |                         .field
301 |                             .control
302 |                                 div.select.is-small.is-fullwidth
303 |                                     select(v-model="selectedTactic" v-on:change="selectedAbilityId = ''")
304 |                                         option(disabled selected value="") Choose a tactic 
305 |                                         option(v-for="tactic of [...new Set(filteredAbilities.map((e) => e.tactic))]", :key="tactic" :value="tactic") {{ tactic }}
306 |                 .field.is-horizontal
307 |                     .field-label.is-small
308 |                         label.label Technique
309 |                     .field-body
310 |                         .field
311 |                             .control
312 |                                 div.select.is-small.is-fullwidth
313 |                                     select(v-model="selectedTechnique" v-bind:disabled="!selectedTactic" v-on:change="selectedAbilityId = ''")
314 |                                         option(disabled selected value="") Choose a technique 
315 |                                         template(:key="exploit.technique_id" v-for="exploit of [...new Set(filteredAbilities.filter((e) => selectedTactic === e.tactic).map((e) => e.technique_id))].map((t) => filteredAbilities.find((e) => e.technique_id === t))")
316 |                                             option(v-bind:value="exploit.technique_id" v-text="exploit.technique_id")
317 |                 .field.is-horizontal
318 |                     .field-label.is-small
319 |                         label.label Ability
320 |                     .field-body
321 |                         .field
322 |                             .control
323 |                                 div.select.is-small.is-fullwidth
324 |                                     select(v-model="selectedAbilityId", v-bind:disabled="!selectedTechnique" v-on:change="selectAbility(selectedAbilityId)")
325 |                                         option(disabled selected value="") Choose an ability 
326 |                                         template(v-for="ability of filteredAbilities.filter((e) => selectedTechnique === e.technique_id)", :key="ability.ability_id")
327 |                                             option(v-bind:value="ability.ability_id" v-text="ability.name")
328 |             template(v-if="selectedAbilityId")
329 |                 .content
330 |                     hr
331 |                     h3 {{ selectedAbility.name }}
332 |                     p {{ selectedAbility.description }}
333 | 
334 |                     form.mb-4
335 |                         .field.is-horizontal
336 |                             .field-label.is-small
337 |                                 label.label Obfuscator
338 | 
339 |                             .field-body
340 |                                 .field.is-narrow
341 |                                     .control.is-expanded
342 |                                         .select.is-fullwidth.is-small
343 |                                             select(v-model="selectedObfuscator")
344 |                                                 template(v-for="obf in obfuscators" :key="obf.name")
345 |                                                     option(v-bind:value="obf.name" v-text="obf.name")
346 | 
347 |                         template(v-for="fact in facts" :key="fact.trait")
348 |                             .field.is-horizontal
349 |                                 .field-label.is-small
350 |                                     label.label {{ fact.trait }}
351 | 
352 |                                 .field-body
353 |                                     .field
354 |                                         .control
355 |                                             input.input.is-small.is-fullwidth(v-model="fact.value" placeholder="Enter a value...")
356 | 
357 |                     button.button.is-small.is-primary.is-fullwidth(@click="execute()") Execute
358 | 
359 |         footer.modal-card-foot
360 |             nav.level
361 |                 .level-left
362 |                 .level-right
363 |                     .level-item
364 |                         button.button.is-small(@click="showRunModal = false") Close
365 | 
366 | </template>
367 | 
368 | <style scoped>
369 | #select-agent {
370 |     max-width: 800px;
371 |     margin: 0 auto;
372 | }
373 | 
374 | .search-results {
375 |     overflow-y: scroll;
376 |     max-height: 200px;
377 |     background-color: #010101;
378 |     border-radius: 0 4px;
379 | }
380 | .search-results p {
381 |     margin-bottom: 0 !important;
382 |     padding: 5px;
383 |     cursor: pointer;
384 | }
385 | .search-results p:hover {
386 |     background-color: #484848;
387 | }
388 | </style>
389 | 


--------------------------------------------------------------------------------
/templates/access.html:
--------------------------------------------------------------------------------
  1 | <div x-data="alpineAccess()" x-init="initPage()">
  2 | 
  3 |     <!-- PAGE HEADER -->
  4 | 
  5 |     <div x-ref="headerAccess">
  6 |         <h2>Access</h2>
  7 |         <p>
  8 |             Here you can task any agent with any ability from the database - outside the scope of an operation. 
  9 |             This is especially useful for conducting initial access attacks. To do this, deploy an agent locally 
 10 |             and task it with either pre-ATT&CK or initial access tactics, pointed at any target. You can even deploy 
 11 |             an agent remotely and use it as a proxy to conduct your initial access attacks. To the right, you'll 
 12 |             see every ability directly tasked to an agent.
 13 |         </p>
 14 |     </div>
 15 |     <hr>
 16 | 
 17 |     <!-- AGENT SELECTION -->
 18 |     
 19 |     <div>
 20 |         <form>
 21 |             <div id="select-agent" class="field has-addons">
 22 |                 <label class="label">Select an agent &nbsp;&nbsp;&nbsp;</label>
 23 |                 <div class="control is-expanded">
 24 |                     <div class="select is-small is-fullwidth">
 25 |                         <select x-on:change="selectAgent()" x-model="selectedAgentPaw">
 26 |                             <option value="" disabled selected>Select an agent</option>
 27 |                             <template x-for="agent of agents" :key="agent.paw">
 28 |                                 <option x-bind:value="agent.paw" x-text="`${agent.host} - ${agent.paw}`"></option>
 29 |                             </template>
 30 |                         </select>
 31 |                     </div>
 32 |                 </div>
 33 |             </div>
 34 |         </form>
 35 |     </div>
 36 | 
 37 |     <div class="has-text-centered content" x-show="!selectedAgentPaw">
 38 |         <p>Select an agent to get started</p> 
 39 |     </div>
 40 |     
 41 |     <div x-show="selectedAgentPaw">
 42 |         <div class="is-flex" x-show="selectedAgentPaw">
 43 |             <button class="button is-primary is-small mr-4" @click="showRunModal = true">
 44 |                 <span class="icon"><i class="fas fa-running"></i></span>
 45 |                 <span>Run an Ability</span>
 46 |             </button>
 47 |             <span class="mr-4"><strong>Agent Platform</strong>: <span x-text="selectedAgent.platform"></span></span>
 48 |             <span><strong>Compatible Abilities</strong>: <span x-text="filteredAbilities.length"></span></span>
 49 |         </div>
 50 |        <p class="has-text-centered content" x-show="!links.length">No links to show</p> 
 51 |     </div>
 52 | 
 53 |     <div x-show="selectedAgentPaw && links.length">
 54 |         <table class="table is-striped is-fullwidth">
 55 |             <thead>
 56 |                 <tr>
 57 |                     <th>order</th>
 58 |                     <th>name</th>
 59 |                     <th>tactic</th>
 60 |                     <th>status</th>
 61 |                     <th></th>
 62 |                 </tr>
 63 |             </thead>
 64 |             <tbody>
 65 |                 <template x-for="(link, index) of links" :key="link.unique">
 66 |                     <tr class="pointer">
 67 |                         <td x-text="index + 1"></td>
 68 |                         <td x-text="link.ability.name"></td>
 69 |                         <td x-text="link.ability.tactic"></td>
 70 |                         <td x-text="getLinkStatus(link)" x-bind:class="{ 'has-text-danger': getLinkStatus(link) === 'failed', 'has-text-success': getLinkStatus(link) === 'success' }"></td>
 71 |                         <td>
 72 |                             <button class="button is-small is-primary" @click="showOutput(link)">Output</button>
 73 |                         </td>
 74 |                     </tr>
 75 |                 </template>
 76 |             </tbody>
 77 |         </table>  
 78 |     </div>
 79 | 
 80 |     <!-- MODALS -->
 81 | 
 82 |     <div class="modal" x-bind:class="{ 'is-active': showOutputModal }">
 83 |         <div class="modal-background" @click="showOutputModal = false"></div>
 84 |         <div class="modal-card wide">
 85 |             <header class="modal-card-head">
 86 |                 <p class="modal-card-title">Link Output</p>
 87 |             </header>
 88 |             <section class="modal-card-body">
 89 |                 <label class="label">Command</label>
 90 |                 <pre x-text="outputCommand"></pre>
 91 |                 <label class="label">Standard Output</label>
 92 |                 <pre x-text="outputResult.stdout || '[ no output to show ]'"></pre>
 93 |                 <label class="label">Standard Error</label>
 94 |                 <pre x-text="outputResult.stderr || '[ no errors to show ]'"></pre>
 95 |             </section>
 96 |             <footer class="modal-card-foot">
 97 |                 <nav class="level">
 98 |                     <div class="level-left"></div>
 99 |                     <div class="level-right">
100 |                         <div class="level-item">
101 |                             <button class="button is-small" @click="showOutputModal = false">Close</button>
102 |                         </div>
103 |                     </div>
104 |                 </nav>
105 |             </footer>
106 |         </div>
107 |     </div>
108 | 
109 |     <div class="modal" x-bind:class="{ 'is-active': showRunModal }">
110 |         <div class="modal-background" @click="showRunModal = false"></div>
111 |         <div class="modal-card">
112 |             <header class="modal-card-head">
113 |                 <p class="modal-card-title">Run an Ability</p>
114 |             </header>
115 |             <section class="modal-card-body">
116 |                 <p class="has-text-centered">Select an Ability</p>
117 |                 <form>
118 |                     <div class="field is-horizontal">
119 |                         <div class="field-label is-small">
120 |                             <label class="label"><span class="icon is-small"><i class="fas fa-search"></i></span></label>
121 |                         </div>
122 |                         <div class="field-body">
123 |                             <div class="field">
124 |                                 <div class="control">
125 |                                     <input class="input is-small" x-model="searchQuery" placeholder="Search for an ability..." x-on:keyup="searchForAbility()">
126 |                                     <div class="search-results">
127 |                                         <template x-for="result of searchResults" :key="result.ability_id">
128 |                                             <p @click="selectAbility(result.ability_id)" x-text="result.name"></p>
129 |                                         </template>
130 |                                     </div>
131 |                                 </div>
132 |                             </div>
133 |                         </div>
134 |                     </div>
135 |                 </form>
136 |                 <form>
137 |                     <div class="field is-horizontal">
138 |                         <div class="field-label is-small">
139 |                             <label class="label">Tactic</label>
140 |                         </div>
141 |                         <div class="field-body">
142 |                             <div class="field">
143 |                                 <div class="control">
144 |                                     <div class="select is-small is-fullwidth">
145 |                                         <select x-model="selectedTactic" x-on:change="selectedAbilityId = ''">
146 |                                             <option default>Choose a tactic</option>
147 |                                             <template x-for="tactic of [...new Set(filteredAbilities.map((e) => e.tactic))]" :key="tactic">
148 |                                                 <option x-bind:value="tactic" x-text="tactic"></option>
149 |                                             </template>
150 |                                         </select>
151 |                                     </div>
152 |                                 </div>
153 |                             </div>
154 |                         </div>
155 |                     </div>
156 |                     <div class="field is-horizontal">
157 |                         <div class="field-label is-small">
158 |                             <label class="label">Technique</label>
159 |                         </div>
160 |                         <div class="field-body">
161 |                             <div class="field">
162 |                                 <div class="control">
163 |                                     <div class="select is-small is-fullwidth">
164 |                                         <select x-model="selectedTechnique" x-bind:disabled="!selectedTactic" x-on:change="selectedAbilityId = ''">
165 |                                             <option default>Choose a technique</option>
166 |                                             <template :key="exploit.technique_id" x-for="exploit of [...new Set(filteredAbilities.filter((e) => selectedTactic === e.tactic).map((e) => e.technique_id))].map((t) => filteredAbilities.find((e) => e.technique_id === t))">
167 |                                                 <option x-bind:value="exploit.technique_id" x-text="`${exploit.technique_id} | ${exploit.technique_name}`"></option>
168 |                                             </template>
169 |                                         </select>
170 |                                     </div>
171 |                                 </div>
172 |                             </div>
173 |                         </div>
174 |                     </div>
175 |                     <div class="field is-horizontal is-fullwidth">
176 |                         <div class="field-label is-small">
177 |                             <label class="label">Ability</label>
178 |                         </div>
179 |                         <div class="field-body">
180 |                             <div class="field">
181 |                                 <div class="control">
182 |                                     <div class="select is-small is-fullwidth">
183 |                                         <select x-model="selectedAbilityId" x-bind:disabled="!selectedTechnique" x-on:change="selectAbility(selectedAbilityId)">
184 |                                             <option default>Choose an ability</option>
185 |                                             <template :key="ability.ability_id" x-for="ability of filteredAbilities.filter((e) => selectedTactic === e.tactic && selectedTechnique === e.technique_id)">
186 |                                                 <option x-bind:value="ability.ability_id" x-text="ability.name"></option>
187 |                                             </template>
188 |                                         </select>
189 |                                     </div>
190 |                                 </div>
191 |                             </div>
192 |                         </div>
193 |                     </div>
194 |                 </form>
195 |                 <template x-if="selectedAbilityId">
196 |                     <div class="content">
197 |                         <hr>
198 |                         <h3 x-text="selectedAbility.name"></h3>
199 |                         <p x-text="selectedAbility.description"></p>
200 | 
201 |                         <form>
202 |                             <div class="field is-horizontal">
203 |                                 <div class="field-label is-small">
204 |                                     <label class="label">Obfuscator</label>
205 |                                 </div>
206 |                                 <div class="field-body">
207 |                                     <div class="field is-narrow">
208 |                                         <div class="control is-expanded">
209 |                                             <div class="select is-fullwidth is-small">
210 |                                                 <select x-model="selectedObfuscator">
211 |                                                     <template x-for="obf of obfuscators" :key="obf.name">
212 |                                                         <option x-bind:value="obf.name" x-text="obf.name"></option>
213 |                                                     </template>
214 |                                                 </select>
215 |                                             </div>
216 |                                         </div>
217 |                                     </div>
218 |                                 </div>
219 |                             </div>
220 |                             <template x-for="fact of facts" :key="fact.trait">
221 |                                 <div class="field is-horizontal">
222 |                                     <div class="field-label is-small">
223 |                                         <label class="label" x-text="fact.trait"></label>
224 |                                     </div>
225 |                                     <div class="field-body">
226 |                                         <div class="field">
227 |                                             <div class="control">
228 |                                                 <input class="input is-small is-fullwidth" x-model="fact.value" placeholder="Enter a value...">
229 |                                             </div>
230 |                                         </div>
231 |                                     </div>
232 |                                 </div>
233 |                             </template>
234 |                         </form>
235 |                         
236 |                         <button class="button is-small is-primary is-fullwidth" @click="execute()">Execute</button>
237 |                     </div>
238 |                 </template>
239 |             </section>
240 |             <footer class="modal-card-foot">
241 |                 <nav class="level">
242 |                     <div class="level-left"></div>
243 |                     <div class="level-right">
244 |                         <div class="level-item">
245 |                             <button class="button is-small" @click="showRunModal = false">Close</button>
246 |                         </div>
247 |                     </div>
248 |                 </nav>
249 |             </footer>
250 |         </div>
251 |     </div>
252 | 
253 | </div>
254 | 
255 | <script>
256 |     function alpineAccess() {
257 |         return {
258 |             // Core variables
259 |             agents: [],
260 |             links: [],
261 |             obfuscators: [],
262 |             selectedObfuscator: 'base64',
263 |             selectedAgent: {},
264 |             selectedAgentPaw: '',
265 | 
266 |             abilities: [],
267 |             filteredAbilities: [],
268 |             selectedAbility: {},
269 |             selectedAbilityId: '',
270 | 
271 |             tactics: [],
272 |             selectedTactic: '',
273 |             techniques: [],
274 |             selectedTechnique: '',
275 |             searchQuery: '',
276 |             searchResults: [],
277 | 
278 |             // Modals
279 |             showOutputModal: false,
280 |             outputCommand: '',
281 |             outputResult: '',
282 | 
283 |             showRunModal: false,
284 |             facts: [],
285 | 
286 |             initPage() {
287 |                 apiV2('GET', '/api/v2/agents').then((agents) => {
288 |                     this.agents = agents;
289 |                     return apiV2('GET', '/api/v2/abilities');
290 |                 }).then((abilities) => {
291 |                     this.abilities = abilities;
292 |                     return apiV2('GET', '/api/v2/obfuscators');
293 |                 }).then(async (obfuscators) => {
294 |                     this.obfuscators = obfuscators;
295 | 
296 |                     while (this.$refs.headerAccess) {
297 |                         await sleep(3000);
298 |                         this.refreshAgents();
299 |                     }
300 |                 }).catch((error) => {
301 |                     toast('There was an error initializing the page', false);
302 |                     console.error(error);
303 |                 });
304 |             },
305 | 
306 |             selectAgent() {
307 |                 this.selectedAgent = this.agents.find((agent) => agent.paw === this.selectedAgentPaw);
308 |                 this.links = this.selectedAgent.links;
309 |                 this.filterAbilitiesByPlatform();
310 |             },
311 | 
312 |             filterAbilitiesByPlatform() {
313 |                 let platform = this.selectedAgent.platform;
314 |                 this.filteredAbilities = [];
315 |                 this.abilities.forEach((ability) => {
316 |                     let execPlatforms = ability.executors.map((exec) => exec.platform);
317 |                     if (execPlatforms.includes(platform)) {
318 |                         this.filteredAbilities.push(ability);
319 |                     }
320 |                 });
321 |             },
322 | 
323 |             refreshAgents() {
324 |                 apiV2('GET', '/api/v2/agents').then((agents) => {
325 |                     this.agents = agents;
326 |                     if (this.selectedAgentPaw) {
327 |                         this.selectAgent();
328 |                     }
329 |                 }).catch((error) => {
330 |                     toast('There was an error refreshing the page', false);
331 |                     console.error(error);
332 |                 });
333 |             },
334 | 
335 |             getLinkStatus(link) {
336 |                 if (link.status === 0) {
337 |                     return 'success';
338 |                 } else if (link.status > 0) {
339 |                     return 'failed';
340 |                 } else {
341 |                     return 'in progress';
342 |                 }
343 |             },
344 | 
345 |             showOutput(link) {
346 |                 restRequest('POST', { 'index': 'result', 'link_id': link.unique }, (data) => {
347 |                     this.outputCommand = b64DecodeUnicode(link.command);
348 |                     try {
349 |                         this.outputResult = JSON.parse(b64DecodeUnicode(data.output));
350 |                     } catch (SyntaxError) {
351 |                         this.outputResult = ""
352 |                     }
353 |                     this.showOutputModal = true;
354 |                 });
355 |             },
356 | 
357 |             searchForAbility() {
358 |                 this.searchResults = [];
359 |                 if (!this.searchQuery) return;
360 |                 this.filteredAbilities.forEach((ability) => {
361 |                     if (ability.name.toLowerCase().indexOf(this.searchQuery.toLowerCase()) > -1) {
362 |                         this.searchResults.push({
363 |                             ability_id: ability.ability_id,
364 |                             name: ability.name
365 |                         });
366 |                     }
367 |                 });
368 |             },
369 | 
370 |             selectAbility(id) {
371 |                 this.searchQuery = [];
372 |                 this.searchResults = [];
373 |                 this.selectedAbility = this.abilities.find((ability) => ability.ability_id === id);
374 |                 this.selectedTactic = this.selectedAbility.tactic;
375 |                 this.selectedTechnique = this.selectedAbility.technique_id;
376 |                 this.selectedAbilityId = id;
377 |                 
378 |                 this.findFacts();
379 |             },
380 | 
381 |             findFacts() {
382 |                 let rxp = /#{([^}]+)}/g;
383 |                 let match;
384 |                 let matches = [];
385 | 
386 |                 let commands = this.selectedAbility.executors.map((exec) => exec.command);
387 |                 commands.forEach((command) => {
388 |                     while (match = rxp.exec(command)) {
389 |                         matches.push(match[1]);
390 |                     }
391 |                 });
392 |                 this.facts = [...new Set(matches)].map((fact) => { 
393 |                     return { trait: fact, value: '' };
394 |                 });
395 |             },
396 |             
397 |             execute() {
398 |                 if (this.facts.length && this.facts.filter((fact) => !fact.value).length) {
399 |                     toast('Fact values cannot be empty!', false);
400 |                     return;
401 |                 }
402 | 
403 |                 let requestBody = {
404 |                     paw: this.selectedAgentPaw,
405 |                     ability_id: this.selectedAbilityId,
406 |                     facts: this.facts,
407 |                     obfuscator: this.selectedObfuscator
408 |                 };
409 | 
410 |                 apiV2('POST', '/plugin/access/exploit', requestBody).then((data) => {
411 |                     this.showRunModal = false;
412 |                     this.refreshAgents();
413 |                     toast('Executed ability', true);
414 |                 }).catch((error) => {
415 |                     console.error(error);
416 |                 })
417 |             }
418 | 
419 |         };
420 |     }
421 | 
422 |     // # sourceURL=access.js
423 | </script>
424 | 
425 | <style scoped>
426 | #select-agent {
427 |     max-width: 800px;
428 |     margin: 0 auto;
429 | }
430 | 
431 | .search-results {
432 |     overflow-y: scroll;
433 |     max-height: 200px;
434 |     background-color: #010101;
435 |     border-radius: 0 4px;
436 | }
437 | .search-results p {
438 |     margin-bottom: 0 !important;
439 |     padding: 5px;
440 |     cursor: pointer;
441 | }
442 | .search-results p:hover {
443 |     background-color: #484848;
444 | }
445 | </style>
446 | 


--------------------------------------------------------------------------------