feat: extend attack api endpoints (#162)

joshlarsen · web-flow · commit f30143a8eebd · 2024-12-19T15:44:23.000-05:00
* attack api endpoints

* update tailwind config
diff --git a/cmd/reaper/main.go b/cmd/reaper/main.go
@@ -96,8 +96,9 @@ func main() {
 	api.Get("/endpoints", h.GetEndpoints)
 	api.Get("/endpoints/:id", h.GetEndpoint)
 	api.Post("/attack", h.CreateAttack)
-	// api.Get("/attacks", h.GetAttacks)
-	// api.Get("/attacks/:id", h.GetAttack)
+	api.Get("/attacks", h.GetAttacks)
+	api.Get("/attacks/:id", h.GetAttack)
+	api.Get("/attacks/:id/results", h.GetAttackResults)
 	api.Delete("/attack/:id/results", h.DeleteAttackResults)
 	// fuzz
 	// automate
diff --git a/internal/database/config.go b/internal/database/config.go
@@ -50,6 +50,7 @@ func Migrate() {
 		&models.Endpoint{},
 		&models.Request{},
 		&models.Response{},
+		&models.FuzzAttack{},
 		&models.FuzzResult{},
 		&models.Report{},
 		&models.AgentSession{},
diff --git a/internal/database/models/model.go b/internal/database/models/model.go
@@ -108,51 +108,32 @@ type Response struct {
 
 // TODO: clean up this mess
 type FuzzAttack struct {
-	ID        uint               `json:"id" gorm:"primaryKey"`
-	Type      string             `json:"type"` // header, body, param
-	Headers   []FuzzAttackHeader `json:"headers"`
-	Keys      []FuzzAttackKey    `json:"keys"`
-	Params    []FuzzAttackParam  `json:"params"`
-	CreatedAt time.Time          `json:"created_at"`
-	UpdatedAt time.Time          `json:"updated_at"`
-}
-
-type FuzzAttackHeader struct {
-	ID           uint      `json:"id" gorm:"primaryKey"`
-	FuzzAttackID uint      `json:"fuzz_attack_id" gorm:"foreignKey:ID"`
-	CreatedAt    time.Time `json:"created_at"`
-	UpdatedAt    time.Time `json:"updated_at"`
-}
-
-type FuzzAttackKey struct {
-	ID           uint      `json:"id" gorm:"primaryKey"`
-	FuzzAttackID uint      `json:"fuzz_attack_id" gorm:"foreignKey:ID"`
-	CreatedAt    time.Time `json:"created_at"`
-	UpdatedAt    time.Time `json:"updated_at"`
+	ID        uint      `json:"id" gorm:"primaryKey"`
+	Type      string    `json:"type"` // header, body, param
+	Headers   string    `json:"headers"`
+	Keys      string    `json:"keys"`
+	Params    string    `json:"params"`
+	Status    string    `json:"status"`
+	CreatedAt time.Time `json:"created_at"`
+	UpdatedAt time.Time `json:"updated_at"`
 }
 
-type FuzzAttackParam struct {
+type FuzzResult struct {
 	ID           uint      `json:"id" gorm:"primaryKey"`
 	FuzzAttackID uint      `json:"fuzz_attack_id" gorm:"foreignKey:ID"`
+	Hostname     string    `json:"hostname"`
+	IpAddress    string    `json:"ip_address"`
+	Port         string    `json:"port"`
+	Scheme       string    `json:"scheme"`
+	URL          string    `json:"url"`
+	Endpoint     string    `json:"endpoint"`
+	Request      string    `json:"request"`
+	Response     string    `json:"response"`
+	StatusCode   int       `json:"status_code"`
 	CreatedAt    time.Time `json:"created_at"`
 	UpdatedAt    time.Time `json:"updated_at"`
 }
 
-type FuzzResult struct {
-	ID uint `json:"id" gorm:"primaryKey"`
-	// FuzzAttackID uint      `json:"fuzz_attack_id" gorm:"foreignKey:ID"`
-	Hostname  string    `json:"hostname"`
-	IpAddress string    `json:"ip_address"`
-	Port      string    `json:"port"`
-	Scheme    string    `json:"scheme"`
-	URL       string    `json:"url"`
-	Endpoint  string    `json:"endpoint"`
-	Request   string    `json:"request"`
-	Response  string    `json:"response"`
-	CreatedAt time.Time `json:"created_at"`
-	UpdatedAt time.Time `json:"updated_at"`
-}
-
 type Report struct {
 	ID        uint               `json:"id" gorm:"primaryKey"`
 	Domain    string             `json:"domain"`
diff --git a/internal/handlers/endpoint.go b/internal/handlers/endpoint.go
@@ -3,6 +3,7 @@ package handlers
 import (
 	"log/slog"
 	"strconv"
+	"strings"
 
 	"github.com/gofiber/fiber/v2"
 
@@ -71,14 +72,56 @@ func (h *Handler) CreateAttack(c *fiber.Ctx) error {
 		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "endpoint not found"})
 	}
 
+	attack := &models.FuzzAttack{
+		Type:   "param",
+		Params: strings.Join(atk.Params, ","),
+	}
+	h.db.Create(attack)
+
 	go func() {
-		err := fuzz.CreateAttack(endpoint.Hostname, atk.Params, h.pool, h.db, 100, 1000, 10)
+		err := fuzz.CreateAttack(attack.ID, endpoint.Hostname, atk.Params, h.pool, h.db, 100, 1000, 10)
 		if err != nil {
 			slog.Error("[create attack]", "msg", "error creating attack", "error", err)
 		}
 	}()
 
-	return c.JSON(fiber.Map{"status": "ok"})
+	return c.JSON(attack)
+}
+
+func (h *Handler) GetAttacks(c *fiber.Ctx) error {
+	attacks := []models.FuzzAttack{}
+	h.db.Find(&attacks)
+
+	return c.JSON(attacks)
+}
+
+func (h *Handler) GetAttack(c *fiber.Ctx) error {
+	id, err := strconv.Atoi(c.Params("id"))
+	if err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	attack := models.FuzzAttack{}
+	h.db.First(&attack, id)
+
+	return c.JSON(attack)
+}
+
+func (h *Handler) GetAttackResults(c *fiber.Ctx) error {
+	id, err := strconv.Atoi(c.Params("id"))
+	if err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	limit, err := strconv.Atoi(c.Query("limit", "50"))
+	if err != nil {
+		limit = 50
+	}
+
+	results := []models.FuzzResult{}
+	h.db.Where("fuzz_attack_id = ?", id).Limit(limit).Find(&results)
+
+	return c.JSON(results)
 }
 
 func (h *Handler) DeleteAttackResults(c *fiber.Ctx) error {
diff --git a/internal/tools/agent/agent.go b/internal/tools/agent/agent.go
@@ -303,7 +303,8 @@ func (manager *AgentManager) runAgent() {
 
 		// Run the BOLA attack
 		manager.sendAgentMessage("Running the attack...")
-		err := fuzz.CreateAttack(function_model.Domain, excludedKeys, manager.Pool, manager.DB, 0, 0, 0)
+		// TODO: get the attack id
+		err := fuzz.CreateAttack(0, function_model.Domain, excludedKeys, manager.Pool, manager.DB, 0, 0, 0)
 		if err != nil {
 			slog.Error("Failed to create fuzz attack", "error", err)
 		}
diff --git a/internal/tools/fuzz/simple_fuzzer_example.go b/internal/tools/fuzz/simple_fuzzer_example.go
@@ -35,7 +35,7 @@ const (
 	// TODO: add rate limit
 )
 
-func CreateAttack(hostname string, params []string, ws *websocket.Pool, db *gorm.DB, min, max, maxSuccess int) error {
+func CreateAttack(attackID uint, hostname string, params []string, ws *websocket.Pool, db *gorm.DB, min, max, maxSuccess int) error {
 	slog.Info("Creating fuzz attack")
 
 	// Defaults
@@ -94,7 +94,7 @@ func CreateAttack(hostname string, params []string, ws *websocket.Pool, db *gorm
 		defer func() { <-semaphore }()
 
 		fuzzedReq := createFuzzedRequest(&req, key, value)
-		status, err := sendRequest(fuzzedReq, ws, db)
+		status, err := sendRequest(fuzzedReq, ws, db, attackID)
 		if err != nil {
 			slog.Error("Failed to send fuzzed request", "error", err)
 		} else {
@@ -133,6 +133,15 @@ workerLoop:
 	// Wait for active workers to complete
 	wg.Wait()
 
+	attack := models.FuzzAttack{}
+	db.First(&attack, attackID)
+	if successCount > 0 {
+		attack.Status = "success"
+	} else {
+		attack.Status = "completed"
+	}
+	db.Save(&attack)
+
 	msg := &types.AttackCompleteMessage{
 		Type: types.MessageTypeAttackComplete,
 	}
@@ -178,7 +187,7 @@ func createFuzzedRequest(originalReq *models.Request, key string, value int) *ht
 	return req
 }
 
-func sendRequest(req *http.Request, ws *websocket.Pool, db *gorm.DB) (status int, err error) {
+func sendRequest(req *http.Request, ws *websocket.Pool, db *gorm.DB, attackID uint) (status int, err error) {
 	client := &http.Client{}
 	resp, err := client.Do(req)
 	if err != nil {
@@ -216,14 +225,16 @@ func sendRequest(req *http.Request, ws *websocket.Pool, db *gorm.DB) (status int
 
 	// Create a FuzzResult and save it to the database
 	fuzzResult := &models.FuzzResult{
-		Hostname:  req.URL.Hostname(),
-		IpAddress: req.RemoteAddr,
-		Port:      req.URL.Port(),
-		Scheme:    req.URL.Scheme,
-		URL:       req.URL.String(),
-		Endpoint:  req.URL.Path,
-		Request:   string(requestHeaders) + "\n" + string(requestBody),
-		Response:  string(responseBody),
+		FuzzAttackID: attackID,
+		Hostname:     req.URL.Hostname(),
+		IpAddress:    req.RemoteAddr,
+		Port:         req.URL.Port(),
+		Scheme:       req.URL.Scheme,
+		URL:          req.URL.String(),
+		Endpoint:     req.URL.Path,
+		Request:      string(requestHeaders) + "\n" + string(requestBody),
+		Response:     string(responseBody),
+		StatusCode:   resp.StatusCode,
 	}
 	res := db.Create(fuzzResult)
 	if res.Error != nil {
diff --git a/ui/tailwind.config.js b/ui/tailwind.config.js
@@ -1,7 +1,7 @@
-const animate = require("tailwindcss-animate")
+import animate from "tailwindcss-animate";
 
 /** @type {import('tailwindcss').Config} */
-module.exports = {
+export default {
   darkMode: ["class"],
   safelist: ["dark"],
   prefix: "",
@@ -92,4 +92,4 @@ module.exports = {
     },
   },
   plugins: [animate],
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -303,7 +303,8 @@ func (manager *AgentManager) runAgent() {`
`303`	`303`
`304`	`304`	`// Run the BOLA attack`
`305`	`305`	`manager.sendAgentMessage("Running the attack...")`
`306`		`- err := fuzz.CreateAttack(function_model.Domain, excludedKeys, manager.Pool, manager.DB, 0, 0, 0)`
	`306`	`+ // TODO: get the attack id`
	`307`	`+ err := fuzz.CreateAttack(0, function_model.Domain, excludedKeys, manager.Pool, manager.DB, 0, 0, 0)`
`307`	`308`	`if err != nil {`
`308`	`309`	`slog.Error("Failed to create fuzz attack", "error", err)`
`309`	`310`	`}`