Commands

The ‘commands-section’ holds a list of AttackMate-commands that are executed sequentially from top to bottom.

Every command, regardless of the type has the following general options:

cmd

cmd defines the command that should be executed. The purpose of this option varies depending on the type of command.

Type:

str

save

Save the output of the command to a file.

Type:

str

commands:
  - type: shell
    cmd: nmap localhost
    save: /tmp/nmap_localhost.txt
exit_on_error

If this option is true, attackmate will exit with an error if the command returns with a return code that is not zero.

Type:

bool

Default:

True

error_if

If this option is set, an error will be raised if the string was found in the output of the command.

Type:

str(regex)

commands:
  # throw an error
  - type: http-client
    cmd: get
    url: https://www.google.com
    error_if: ".*bing.*"
error_if_not

If this option is set, an error will be raised if the string was not found in the output of the command.

Type:

str(regex)

commands:
  # throw an error
  - type: http-client
    cmd: get
    url: https://www.google.com
    error_if_not: ".*bing.*"
loop_if

If this option is set, the command will be executed again if the string was found in the output of the command.

Type:

str(regex)

commands:
  # loop until max-loop-count reached:
  - type: http-client
    cmd: get
    url: https://www.google.com
    loop_if_not: ".*google.*"
loop_if_not

If this option is set, the command will be executed again if the string was not found in the output of the command.

Type:

str(regex)

commands:
  # loop until max-loop-count reached:
  - type: http-client
    cmd: get
    url: https://www.google.com
    loop_if_not: ".*bing.*"
loop_count

Number of Repetitions if loop_if or loop_if_not matches.

Type:

ini

Default:

3

only_if

Execute this command only if the condition is true. The following operators are supported:

  • var1 == var2

  • var1 != var2

  • var1 is var2

  • var1 is not var2

  • var1 < var2

  • var1 <= var2

  • var1 > var2

  • var1 >= var2

  • string !~ pattern

  • string =~ pattern

  • not var

  • var

  • None

Type:

str(condition)

The =~ operator is used to check if a string matches a regular expression pattern. The !~ operator is used to check if a string does not match a regular expression pattern.

commands:
  - type: shell
    cmd: pgrep mysqld

  - type: regex
    mode: split
    cmd: "\n"
    output:
      KILLPID: $MATCH_0

  # Execute this command only
  # if it is not the init-process
  - type: shell
    cmd: kill $KILLPID
    only_if: $KILLPID > 1

  # Execute this command only if the regex pattern is found
  - type: shell
    cmd: echo "regex match found"
    only_if: some_string =~ some[_]?string
background

Execute the command as a subprocess in background. If set to True, the functionality for error_if and error_if_not as well as printing the output is disabled.

Background-Mode is currently not implemented for the following commands:

  • SSHCommand

  • SFTPCommand

  • MsfModuleCommand

  • IncludeCommand

Type:

bool

Default:

False

Note

The command in background-mode will not change global variables like RESULT_STDOUT or RESULT_CODE.

kill_on_exit

If this command runs in background-mode, the option kill_on_exit controls if the main process will wait for this subprocess before exitting or if the main process will simply kill the subprocess.

Type:

bool

Default:

True

metadata

The option metadata can be used to pass a dictionary of key value pairs. These are not used in command execution but are logged together with the command.

Type:

Dict

Default:

None

commands:
  - type: debug
    cmd: Come on, Cat
    metadata:
      version: 1
      author: Ellen Ripley

The next pages will describe all possible commands in detail.