Injectors
Introduction
Injectors list
You are looking for the available injectors? The list is in the OpenBAS Ecosystem.
Injectors are one of the cornerstones of the OpenBAS platform, they are responsible for pushing simulation actions to third party systems. According to their functionality and use case, they are categorized in the following classes.
📡 Endpoint payloads execution
Those injectors are special as they required an executor (neutral agent) to be launched on endpoints. When they register to the platform, they inform available executors on how to spawn them on the 3 currently supported platforms: Windows, Linux and MacOS.
🌐 Communication & social medias
Those injectors are used to push information to human assets (aka players) such as emails, SMS, phone calls, instant messaging etc.
🧯 Incident Response & Case Management
Those injectors are used to inject real or fake information into case management, ticketing and incident response systems.
💉 Others
All other system OpenBAS can inject, as part of breach and attack simulation campaigns.
Injectors installation
Built-in injectors
Some injectors such as email, SMS, media pressure, etc. are directly embedded into the application. To configure them, just add the proper configuration parameters in your platform configuration.
External (Python) injectors
Configuration
All external injectors have to be able to access the OpenBAS API. To allow this connection, they have 2 mandatory configuration parameters, the OPENBAS_URL
and the OPENBAS_TOKEN
. In addition to these 2 parameters, injectors have other mandatory parameters that need to be set in order to get them work.
Injector tokens
You can use your administrator token or create another administrator service account to put in your injectors. It is not necessary to have one dedicated user for each injector.
Here is an example of a injector docker-compose.yml
file:
- OPENBAS_URL=http://localhost
- OPENBAS_TOKEN=ChangeMe
- INJECTOR_ID=ChangeMe # Valid UUIDv4
- "INJECTOR_NAME=HTTP query"
- INJECTOR_LOG_LEVEL=error
Here is an example in a injector config.yml
file:
openbas:
url: 'http://localhost:3001'
token: 'ChangeMe'
injector:
id: 'ChangeMe'
name: 'HTTP query'
log_level: 'info'
Networking
Be aware that all injectors are reaching RabbitMQ based the RabbitMQ configuration provided by the OpenBAS platform. The injector must be able to reach RabbitMQ on the specified hostname and port. If you have a specific Docker network configuration, please be sure to adapt your docker-compose.yml
file in such way that the injector container gets attached to the OpenBAS Network, e.g.:
Docker activation
You can either directly run the Docker image of injectors or add them to your current docker-compose.yml
file.
Add an injector to your deployment
For instance, to enable the HTTP query injector, you can add a new service to your docker-compose.yml
file:
injector-http-query:
image: openbas/injector-http-query:latest
environment:
- OPENBAS_URL=http://localhost
- OPENBAS_TOKEN=ChangeMe
- INJECTOR_ID=ChangeMe
- "INJECTOR_NAME=HTTP query"
- INJECTOR_LOG_LEVEL=error
restart: always
Launch a standalone injector
To launch standalone injector, you can use the docker-compose.yml
file of the injector itself. Just download the latest release and start the injector:
$ wget https://github.com/OpenBAS-Platform/injectors/archive/{RELEASE_VERSION}.zip
$ unzip {RELEASE_VERSION}.zip
$ cd injectors-{RELEASE_VERSION}/http-query/
Change the configuration in the docker-compose.yml
according to the parameters of the platform and of the targeted service. Then launch the injector:
Manual activation
If you want to manually launch injector, you just have to install Python 3 and pip3 for dependencies:
Download the release of the injectors:
$ wget <https://github.com/OpenBAS-Platform/injectors/archive/{RELEASE_VERSION}.zip>
$ unzip {RELEASE_VERSION}.zip
$ cd injectors-{RELEASE_VERSION}/http-query/src/
Install dependencies and initialize the configuration:
Change the config.yml
content according to the parameters of the platform and of the targeted service and launch the injector:
Injectors status
The injector status can be displayed in the dedicated section of the platform available in Integration > injectors. You will be able to see the statistics of the RabbitMQ queue of the injector:
Problem
If you encounter problems deploying OpenBAS or injectors, you can consult the troubleshooting page page.