-
Notifications
You must be signed in to change notification settings - Fork 120
Commands
Commands in Counterfit provide the functionality that allow objects to interact. The commands are structured to provides a similar workflow to other offensive security tools, where you typically interact with one target at a time and execute actions against that target. Though, thanks to cmd2, the ability to script actions against multiple targets is there – to drop into a scripting environment run ipy from the terminal.
Counterfit keeps a state that keeps track of all objects available in the session. A command can access these objects by importing CFState from counterfit.core.state and accessing objects by querying the state via CFState.get_instance(). Commands use cmd2 for command categorization and argparse for argument handling. For example, the interact command.
import argparse
import cmd2
from core.state import CFState
parser = argparse.ArgumentParser()
parser.add_argument("target", choices=CFState.get_instance().loaded_targets.keys())
@cmd2.with_argparser(parser)
@cmd2.with_category("Counterfit Commands")
def do_interact(self, args):
"""Sets the active target."""
CFState.get_instance().set_active_target(args.target)Adding a new command is simple. Create a new file in the counterfit/core/commands/ folder. Set up the command structure,
import argparse
import cmd2
from core.state import CFState
parser = argparse.ArgumentParser()
parser.add_argument(…)You could change the category or keep it the same. Changing the category will cause the command to display separately from Counterfit commands. Next, write the function and use the objects to provide information or change the state.
@cmd2.with_argparser(parser)
@cmd2.with_category("Custom Commands")
def do_thing(self, args):
"""Do things with active target."""
active_target = CFState.get_instance().active_target
print(active_target.model_name)While attacking targets is fun, an attack comes after the target has been written by the user. Because this is something of a development process, there are some convenience commands that will make life a little easier when writing new targets.
| Command | Description |
|---|---|
| new | This command will create a new target in the targets folder, and then load it into the session. |
| reload | When editing a target, this command will reload the target to reflect the changes made. |
| predict | Send a single query to the target model. |
| back | Exit the active attack or active target. |
For example, the target creation workflow is as follows, execute new to create a fresh target, open the new target python file in your favorite code editor, make changes to the code and execute reload. Use the predict command to ensure inputs and outputs are as expected. Informational Commands These commands gather and present relevant information about the current session, and relevant information about targets and attacks.
| Command | Description |
|---|---|
| list | This command prints loaded objects in the session |
| show | When editing a target, this command will reload the target to reflect the changes made. |