Skip to content

Commit

Permalink
Adds documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@dustinupdyke
dustinupdyke committed Aug 2, 2023
1 parent 36ceec3 commit c83fa04
Show file tree
Hide file tree
Showing 16 changed files with 894 additions and 5 deletions.
89 changes: 89 additions & 0 deletions docs/core/handlers/blog_helper.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# Blog Helper Configuration

???+ info "Sample Configuration"
The sample configuration below is also available in the [GHOSTS GitHub repository](<https://github.com/cmu-sei/GHOSTS/blob/master/src/Ghosts.Client/Sample%20Timelines/clicks>

The 'blog' command for a browser handler allows browse/deletion/upload/reply from a blog site.

The handlerArgs for the blog command are:

- "blog-credentials-file": `json credentials file path`, required, credentials file, see SSh.json sample handler for format
- "blog-deletion-probability": <0-100 integer>, default 0, probability to delete a blog post
- "blog-upload-probability": <0-100 integer>, default 0 , probability to upload a blog post
- "blog-reply-probability": <0-100 integer>, default 0 , probability to reply to a random blog post
- "blog-browse-probability": <0-100 integer>, default 0, probability to browse to a random blog post
- "blog-version": "drupal", -- version, required, only drupal is currrently supported, tested with version 7

Sum of browse+deletion+upload+reply <= 100

The CommandArgs are strings of the form "key:value", supported args are:

- site:`blog site` -- required
- credentialKey:`credential key contained in the credential file`

A handler can only browse a single blog site. The username, password specified by the credentialKey are used to login into the site.

Under drupal, it assumed that all users have the capabilty to delete all blogs, even other user's blogs.

Default content in config directory is blog-content.csv, default reply content is blog-reply.csv

This content can be overridden in application.json by the 'BlogContent', 'BlogReply' fields.

```json
"Content": {
"EmailContent": "",
"EmailReply": "",
"EmailDomain": "",
"EmailOutside": "",
"BlogContent": "",
"BlogReply": "",
"FileNames": "",
"Dictionary": ""
},
```

The timeline configuration looks like this:

```json
{
"Status": "Run",
"TimeLineHandlers": [
{
"HandlerType": "BrowserChrome",
"HandlerArgs": {
"isheadless": "false",
"blockimages": "true",
"blockstyles": "true",
"blockflash": "true",
"blockscripts": "true",
"stickiness": 75,
"stickiness-depth-min": 5,
"stickiness-depth-max": 10000,
"incognito": "true",
"blog-credentials-file": "c:\\ghosts_data\\blog_creds.json",
"blog-deletion-probability": 0,
"blog-upload-probability": 0,
"blog-browse-probability": 0,
"blog-reply-probability": 100,
"blog-version": "drupal"

},
"Initial": "about:blank",
"UtcTimeOn": "00:00:00",
"UtcTimeOff": "24:00:00",
"Loop": "True",
"TimeLineEvents": [
{
"Command": "blog",
"CommandArgs": [
"site:http://www.netexhsv.com:8080",
"credentialKey:credkey1"
],
"DelayAfter": 10000,
"DelayBefore": 0
}
]
}
]
}
```
17 changes: 12 additions & 5 deletions docs/core/handlers/excel.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,15 @@

Some of the key-value pairs are self-explanatory, but let's review a few important ones:

| Key | Value |
| --------------- | --------------------------------------- |
| `workingset` | For the documents Excel creates, how many should we create (max) and how old can they be before we start creating new ones (max-age-in-hours). |
| `Command` | (create) Create new documents. This is currently the only setting, but there is space for new commands to be built in the future |
| `CommandArgs` | [0] The path to the folder where the documents should be created. [1] Also periodically export documents as PDFs as well as saving them natively. [2] if creating PDFs, vary their name from the original document. [3] Randomly save documents in an array of locations. |
| Key | Value |
| ---------------------- | --------------------------------------- |
| `workingset` | For the documents Excel creates, how many should we create (max) and how old can they be before we start creating new ones (max-age-in-hours). |
| `Command` | (create) Create new documents. This is currently the only setting, but there is space for new commands to be built in the future |
| `CommandArgs`&nbsp; | See below |

For CommandArgs, we began with positional arguments, but this quickly became unwieldy. We are now using named arguments, which are easier to read and maintain, but the mix remains for now. The following arguments are available:

- [0] The path to the folder where the documents should be created. (old style)
- [1] Also periodically export documents as PDFs as well as saving them natively. (middle style)
- [2] if creating PDFs, vary their name from the original document. (new style)
- [3] Randomly save documents in an array of locations. (new style)
61 changes: 61 additions & 0 deletions docs/core/handlers/notepad.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# Notepad Configuration

???+ info "Sample Configuration"
The sample configuration below is also available in the [GHOSTS GitHub repository](<https://github.com/cmu-sei/GHOSTS/blob/master/src/Ghosts.Client/Sample%20Timelines/clicks>

There is currently only one supported command (random) which uses probabilities to write text.

During each activity cycle the handler will:

- Choose action as either delete, create, modify, or view
- if delete, then delete random file from output-directory
- if create, open notepad, add random text, save as random new file to output-directory
- if view, open notepad with existing file from input-directory
- if modify, open notepad with existing file from output-directory, add random text, save
- if create or modify, roll against pdf-probability and do a print to pdf if roll succeeds

For this to work, the default printer must be print to pdf - there is curently no checking is done if the correct printer is not selected.

At end of activity cycle, Notepad is closed.

CommandArgs from Timeline events is not used.


```json
{
"Status": "Run",
"TimeLineHandlers": [
{
"HandlerType": "Notepad",
"HandlerArgs": {
"execution-probability": 100,
"deletion-probability": 0,
"view-probability": 0,
"creation-probability": 0,
"modification-probability": 100,
"pdf-probability": 100,
"input-directory": "C:\\ghosts_data\\uploads",
"output-directory": "C:\\ghosts_data\\uploads",
"text-generation": "random",
"min-paragraphs": 4,
"max-paragraphs": 15,
"delay-jitter": 50
},
"Initial": "",
"UtcTimeOn": "00:00:00",
"UtcTimeOff": "24:00:00",
"Loop": "True",
"TimeLineEvents": [
{
"Command": "random",
"CommandArgs": [
],
"DelayAfter": 20000,
"DelayBefore": 0
}
]
}

]
}
```
44 changes: 44 additions & 0 deletions docs/core/handlers/npc_system.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# NPC System Configuration

???+ info "Sample Configuration"
The sample configuration below is also available in the [GHOSTS GitHub repository](<https://github.com/cmu-sei/GHOSTS/blob/master/src/Ghosts.Client/Sample%20Timelines/clicks>

This is currently only used to turn the client on and off (where the client binary still runs, but does nothing). It is not used to control the client's behavior as other handlers might do.

```json
{
"TimeLineHandlers": [
{
"HandlerType": "NpcSystem",
"Initial": "",
"UtcTimeOn": "00:00:00",
"UtcTimeOff": "24:00:00",
"Loop": false,
"TimeLineEvents": [
{
"Command": "Stop",
"CommandArgs": [],
"DelayAfter": 0,
"DelayBefore": 0
}
]
},
{
"HandlerType": "NpcSystem",
"Initial": "",
"UtcTimeOn": "00:00:00",
"UtcTimeOff": "24:00:00",
"Loop": false,
"TimeLineEvents": [
{
"Command": "Start",
"CommandArgs": [],
"DelayAfter": 0,
"DelayBefore": 0
}
]
}
]
}

```
130 changes: 130 additions & 0 deletions docs/core/handlers/outlook.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
# Outlook Configuration

???+ info "Sample Configuration"
The sample configuration below is also available in the [GHOSTS GitHub repository](<https://github.com/cmu-sei/GHOSTS/blob/master/src/Ghosts.Client/Sample%20Timelines/clicks>

```json
{
"TimeLineHandlers": [
{
"HandlerType": "Outlook",
"Initial": "",
"UtcTimeOn": "00:00:00",
"UtcTimeOff": "24:00:00",
"Loop": "True",
"TimeLineEvents": [
{
"Command": "create",
"CommandArgs": [
"CurrentUser",
"Random|Other:string ToEmailAddress - comma separate multiples",
"Random|Other:string CcEmailAddress - comma separate multiples",
"Random|Other:string BccEmailAddress - comma separate multiples",
"Random|Other:string Subject",
"Random|Other:string Body",
"PlainText|RTF|HTML enum BodyType",
"string Attachments - comma separate multiples"
],
"DelayAfter": 900000,
"DelayBefore": 0
},
{
"Command": "reply",
"CommandArgs": [
"CurrentUser",
"All - reply to all",
"All",
"All",
"Parent - format is 'RE: <original message/>'",
"Random+Parent - format is reply then original message",
"Parent - format of original message",
""
],
"DelayAfter": 900000,
"DelayBefore": 0
},
{
"Command": "clickrandomlink",
"CommandArgs": [],
"DelayAfter": 900000,
"DelayBefore": 0
}
]
},
{
"HandlerType": "Outlook",
"Initial": "",
"UtcTimeOn": "00:00:00",
"UtcTimeOff": "24:00:00",
"Loop": "True",
"TimeLineEvents": [
{
"Command": "create",
"CommandArgs": [
"CurrentUser",
"random",
"random",
"random",
"Random",
"Random",
"PlainText",
""
],
"DelayAfter": 900000,
"DelayBefore": 0
},
{
"Command": "reply",
"CommandArgs": [
"CurrentUser",
"All",
"All",
"All",
"Parent",
"Parent+Random",
"Parent",
""
],
"DelayAfter": 900000,
"DelayBefore": 0
},
{
"Command": "clickrandomlink",
"CommandArgs": [],
"DelayAfter": 900000,
"DelayBefore": 0
}
]
}
]
}
```

Some of the key-value pairs are self-explanatory, but let's review a few important ones:

| Key | Value |
| ---------------------- | --------------------------------------- |
| `Command` | (create) Create new emails. (reply) Reply to emails in the current inbox at random (clickrandomlink) Click a link at random in the current inbox |
| `CommandArgs`&nbsp; | See below |

For CommandArgs, we began with positional arguments, but this quickly became unwieldy. We are now using named arguments, which are easier to read and maintain, but the mix remains for now. The following arguments are available for creating new emails (create):

- [0] "CurrentUser": The current user's email address, or indicate the email address you want to use here. Note that if Outlook is not configured to use this email address, email may not be sent.
- [1] "Random|Other": This configures the TO address in an email where "Random" picks email addresses from the configuration directory. If you want to specify particular addresses, this field can also be comma-separated email addresses.
- [2] "Random|Other": This configures the CC address in an email where "Random" picks email addresses from the configuration directory. If you want to specify particular addresses, this field can also be comma-separated email addresses.
- [3] "Random|Other": This configures the BCC address in an email where "Random" picks email addresses from the configuration directory. If you want to specify particular addresses, this field can also be comma-separated email addresses.
- [4] "Random|Other:string Subject",
- [5] "Random|Other:string Body",
- [6] "PlainText|RTF|HTML enum BodyType",
- [7] "string Attachments - comma separate multiples"

For replying to emails (reply):

- [0] "CurrentUser": The current user's email address, or indicate the email address you want to use here. Note that if Outlook is not configured to use this email address, email may not be sent.
- [1] "All": Reply to all on the original thread, or reply to a specific user on the original email thread. If you want to reply to a specific user, indicate the email address here.
- [2] "All": Reply to all the addresses in the original email thread CC field. If you want to reply to a specific user, indicate the email address here.
- [3] "All": Reply to all the addresses in the original email thread BCC field. If you want to reply to a specific user, indicate the email address here.
- [4] "Parent": Subject line of the reply. "Parent" format is 'RE: $original_message$'
- [5] "Random+Parent": Body of the reply. "Random+Parent" format is the reply then the original message below - as is typically seen in email threads.
- [6] "Parent": HTML or plain text. "Parent" uses the format of the original message.
- [7] "": Not used in replies.
Loading

0 comments on commit c83fa04

Please sign in to comment.