{"id":13844475,"url":"https://github.com/jymcheong/aptc","last_synced_at":"2025-07-11T23:33:30.460Z","repository":{"id":141509908,"uuid":"86408013","full_name":"jymcheong/aptc","owner":"jymcheong","description":"Automated Payload Test Controller","archived":false,"fork":false,"pushed_at":"2017-06-29T07:33:00.000Z","size":16149,"stargazers_count":9,"open_issues_count":0,"forks_count":4,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-21T17:41:21.335Z","etag":null,"topics":["lnk","malware","misp","testing"],"latest_commit_sha":null,"homepage":"https://jymcheong.github.io/aptc/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jymcheong.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-03-28T02:54:43.000Z","updated_at":"2024-09-14T08:58:01.000Z","dependencies_parsed_at":"2024-02-16T16:28:50.781Z","dependency_job_id":null,"html_url":"https://github.com/jymcheong/aptc","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jymcheong/aptc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jymcheong%2Faptc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jymcheong%2Faptc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jymcheong%2Faptc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jymcheong%2Faptc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jymcheong","download_url":"https://codeload.github.com/jymcheong/aptc/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jymcheong%2Faptc/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264914412,"owners_count":23682824,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["lnk","malware","misp","testing"],"created_at":"2024-08-04T17:02:43.308Z","updated_at":"2025-07-11T23:33:28.837Z","avatar_url":"https://github.com/jymcheong.png","language":"Python","funding_links":[],"categories":["Python (1887)","Python"],"sub_categories":[],"readme":"## Synopsis\n\nA set of scripts using [PyMISP](https://github.com/MISP/PyMISP) to extend [MISP](https://github.com/MISP/MISP) for automated payload testing.\n\n[User Documentation](https://jymcheong.github.io/aptc/), click on the mind-map topics/nodes to explore further.\n\n[Demo of CVE2017-0199 payload youtube link](https://www.youtube.com/watch?v=mASJv_2HZbM)\n\n## Sh0ut 0utz\nBig thank you to the awesome folks @ https://gitter.im/MISP/MISP \u0026 Harvard-IT-security\n\n## Under-the-hood (TL;DR)\n![APTC overview](https://cdn-images-1.medium.com/max/2000/1*G6LukbBiZRgo2Nz9vPvV7w.png)\n\n- Assuming (test-case \u0026 targets) events are setup properly, tagging a test-case event with test-start tag will launch getpayloads.py\n- getpayloads.py in turn launches getresults.py to query graylog with pre-defined query statement to find indicator of success\n- It is up to you to decide what you mean by success/hit, typically a Product-under-Test will emit logs when it catches a payload. When the query can't find the indicators after a certain amount of time, it will deemed as 'miss'\n\n## Installation steps for MISP host\n1. git clone https://github.com/jymcheong/aptc.git\n2. Edit \u003cpath to misp app\u003e/Controller/EventsController.php\n3. Find Tag added, you should locate \"return new CakeResponse(array('body'=\u003e json_encode(array('saved' =\u003e true, 'success' =\u003e 'Tag added...\"\n\nAdd the line below above the return statement\n```\nif ($tag['Tag']['name']==\"aptc:test-start\") shell_exec(\"python3 /var/www/MISP/tools/aptc/getpayloads.py -id \".$id.\" \u003e /dev/null 2\u003e/dev/null \u0026\");\n```\n4. Create aptc folder under MISP tools directory \n5. Copy all the aptc scripts to that folder \u0026 adjust permission accordingly (eg. readable for www-data, chmod +x *.py)\n6. Create aptc folder under /var/www/MISP/app/files/taxonomies/ (or equivalent) \n7. Copy machinetag.json into that folder, update your tags \u0026 enable all of them\n8. Edit key.py to set misp_url \u0026 key\n9. Create target paths (samba mount point) to write payloads to (give appropriate permissions for read/write)\n10. Install Samba \u0026 setup share for targets to mount (by default APTC writes to /opt/aptc/targets/HOSTNAME, ie. share /opt/aptc/targets. You can change it by editing aptc.py. Refer to https://jymcheong.github.io/aptc/ to understand how this whole thing works)\n\n## Installation steps for Windows target(s)\n1. Mount the samba shared folder in your Windoze\n2. Copy filemonitor.vbs to the target(s), make it auto-run upon login (target should [auto-login](https://technet.microsoft.com/en-us/library/ee872306.aspx))\n\n## Useful links\nMost convenient way to setup the latest MISP: https://github.com/harvard-itsecurity/docker-misp\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjymcheong%2Faptc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjymcheong%2Faptc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjymcheong%2Faptc/lists"}