Skip to content
This repository has been archived by the owner on Apr 14, 2023. It is now read-only.

Ability to return multiple outputs per app #236

Open
peterclemenko opened this issue Aug 21, 2019 · 4 comments
Open

Ability to return multiple outputs per app #236

peterclemenko opened this issue Aug 21, 2019 · 4 comments

Comments

@peterclemenko
Copy link

peterclemenko commented Aug 21, 2019
edited

The ability to return different data as different pipes, which can then be used as input would be useful for workflow automation. IE you can get an IP from an nmap scan and use that as RHost in MSF in the same workflow. I know you have the ability to do output as input, however I'm referring to the ability to have multiple outputs based on the data involved.
@peterclemenko peterclemenko changed the title Ability to return different data as different pipes, which can then be used as input Ability to return different data as different outputs, which can then be used as input Aug 21, 2019
@peterclemenko peterclemenko changed the title Ability to return different data as different outputs, which can then be used as input Ability to return multiple outputs per app Aug 21, 2019
@adpham95
Copy link
Contributor

adpham95 commented Aug 21, 2019
edited

This can be accomplished by using multiple transforms directly connected to the desired action.

For example, if you have an action named "foo" that returns the following JSON:

{
  "a": 1,
  "b": 2
}

You can connect foo directly to two transforms as:

# In transform_1
result = foo.result.get("a")

transform_1 result is 1

# In transform_2
result = foo.result.get("b")

transform_2 result is 2

Transforms use asteval to evaluate a limited subset of Python and are intended for things like pulling values out of larger objects, key remapping, list operations, etc.

The result of all the transform's immediate predecessors are provided as node_label.result (if Node Label has uppercase characters or spaces, it will be normalized to lowercase with underscores). You then assign the final desired value to result, which will be the value that the transform node returns.

We're hoping to add a more friendly UI for this at some point as well as bundle preset transforms with apps, but we haven't gotten around to it. I also realize this could result in an inordinate number of transforms if you wanted to pull out a lot of different keys, for example. I have a few ideas to handle that but they'll need to wait until we implement type checking for action outputs first.

@peterclemenko
Copy link
Author

Can you send multiple transforms like that to/from the same actions. IE if I have a single action that does an nmap scan, and the next action launches an exploit, can I tie them together with that method?

@adpham95
Copy link
Contributor

Yeah, let's just say the exploit action has three parameters for hosts, OSes, and open ports. You could extract each of those individually with an transform (one for list of hosts, one for list of OSes, etc.) after the nmap scan.

Then those three transforms can point to the exploit action, and the exploit action's parameters can reference the respective transforms using the "Action Output" parameter type.

@peterclemenko
Copy link
Author

peterclemenko commented Aug 21, 2019
edited

Thanks, this makes sense. I'd appreciate it if this were added to the documentation.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peterclemenko @adpham95