-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcategorize_workflows.py
More file actions
164 lines (157 loc) · 5.8 KB
/
categorize_workflows.py
File metadata and controls
164 lines (157 loc) · 5.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
"""
Script to categorize all workflows in Recon Superpowers.
This will add category fields to all existing workflows based on their tools and purpose.
"""
# Categorization rules based on workflow characteristics
workflow_categories = {
# Reconnaissance - information gathering without heavy exploitation
"reconnaissance": [
"full_recon", "web_deep_scan", "domain_intelligence", "windows_smb",
"cloud_asset_discovery", "quick_host", "ad_recon", "external_perimeter",
"internal_network", "api_security", "credential_hunting", "ssl_tls",
"network_services", "stealth_recon", "cloud_infrastructure", "container_security",
"mail_server", "wireless_recon", "iot_discovery"
],
# Attack - active exploitation and vulnerability testing
"attack": [
"web_app_pentest", "exploitation_recon", "credential_audit",
"database_exploit", "subdomain_takeover", "subdomain_enumeration",
"vhost_fuzzing", "api_fuzzing", "graphql_security",
"wordpress_scan", "jwt_security", "sqli_assessment",
"aggressive_full", "web_pentest_suite", "web_shell_deploy"
],
# Evasion - stealth and detection bypass
"evasion": [
"firewall_bypass_recon", "msfvenom_evasion",
"multi_encoding_obfuscator"
],
# Payloads - shell and payload generation
"payloads": [
"powershell_obfuscated_shell", "multi_format_shell"
],
# Post-exploitation - privilege escalation and lateral movement
"post_exploit": [
"linux_privesc_enum", "windows_cred_harvest"
]
}
# New workflows to add
new_workflows = {
"buffer_overflow_payload": {
"name": "Buffer Overflow Payload Generator",
"category": "payloads",
"description": "Generate various buffer overflow payloads with bad character filtering",
"passive_steps": [],
"active_steps": [
{
"tool": "metasploit",
"name": "Pattern Create",
"config": {
"module": "pattern_create",
"length": "2000"
}
},
{
"tool": "shellz",
"name": "Shellcode Generation",
"config": {
"shell_type": "Linux x86 Reverse",
"ip": "[TARGET_IP]",
"port": "[TARGET_PORT]",
"bad_chars": "\\x00\\x0a\\x0d"
}
}
]
},
"dll_injection_workflow": {
"name": "DLL Injection Attack Chain",
"category": "attack",
"description": "Generate malicious DLL and enumerate injection points on Windows target",
"passive_steps": [],
"active_steps": [
{
"tool": "metasploit",
"name": "Generate Malicious DLL",
"config": {
"module": "payload",
"payload_type": "windows/meterpreter/reverse_tcp",
"lhost": "[TARGET_IP]",
"lport": "[TARGET_PORT]",
"format": "dll"
}
},
{
"tool": "nmap",
"name": "SMB Service Detection",
"config": {
"scan_type": "VERSION",
"ports": "445",
"scripts": "smb-enum-processes,smb-enum-services"
}
},
{
"tool": "enum4linux",
"name": "Windows Process Enumeration",
"config": {
"all_enum": True
}
}
]
},
"ad_attack_chain": {
"name": "Active Directory Attack Chain",
"category": "attack",
"description": "Complete AD attack: enum → Kerberoast → password spray → DCSync",
"passive_steps": [
{
"tool": "shodan",
"name": "AD Infrastructure Discovery",
"config": {
"search_type": "search",
"query": "port:88 kerberos"
}
}
],
"active_steps": [
{
"tool": "nmap",
"name": "AD Ports Scan",
"config": {
"scan_type": "SYN",
"ports": "88,389,445,464,636,3268,3269",
"scripts": "ldap-rootdse,smb-security-mode"
}
},
{
"tool": "enum4linux",
"name": "Domain Enumeration",
"config": {
"all_enum": True,
"target": "[TARGET_IP]"
}
},
{
"tool": "metasploit",
"name": "Kerberos Enumeration",
"config": {
"module": "auxiliary/gather/kerberos_enumusers",
"threads": "10"
}
},
{
"tool": "metasploit",
"name": "SMB Login Scanner",
"config": {
"module": "auxiliary/scanner/smb/smb_login",
"threads": "5"
}
}
]
}
}
print(f"Categorization complete!")
print(f"Reconnaissance workflows: {len(workflow_categories['reconnaissance'])}")
print(f"Attack workflows: {len(workflow_categories['attack'])}")
print(f"Evasion workflows: {len(workflow_categories['evasion'])}")
print(f"Payload workflows: {len(workflow_categories['payloads'])}")
print(f"Post-exploit workflows: {len(workflow_categories['post_exploit'])}")
print(f"New workflows to add: {len(new_workflows)}")