feat: add enabled and excluded features lists

Author: toderian

extensions/business/cybersec/red_mesh/pentester_api_01.py

@@ -53,6 +53,7 @@
   # Defines how ports are split across local workers.
   "DISTRIBUTION_STRATEGY": "SLICE", # "SLICE" or "MIRROR"
   "PORT_ORDER": "SHUFFLE",  # "SHUFFLE" or "SEQUENTIAL"
+  "EXCLUDED_FEATURES": [],
 
   'VALIDATION_RULES': {
     **BasePlugin.CONFIG['VALIDATION_RULES'],  
@@ -304,6 +305,7 @@ def _launch_job(
     nr_local_workers=4,
     exceptions=None,
     port_order=None,
+    excluded_features=None,
   ):
     """
     Launch local worker threads for a job by splitting the port range.
@@ -326,6 +328,8 @@ def _launch_job(
       Ports to exclude from scanning.
     port_order : str, optional
       Port scanning order: "SHUFFLE" or "SEQUENTIAL".
+    excluded_features : list[str], optional
+      List of feature names to exclude from scanning.
 
     Returns
     -------
@@ -337,6 +341,8 @@ def _launch_job(
     ValueError
       When no ports are available or batches cannot be allocated.
     """
+    if excluded_features is None:
+      excluded_features = []
     local_jobs = {}
     ports = list(range(start_port, end_port + 1))
     batches = []
@@ -381,6 +387,7 @@ def _launch_job(
           initiator=network_worker_address,
           exceptions=exceptions,
           worker_target_ports=batch,
+          excluded_features=excluded_features,
         )
         batch_job.start()
         local_jobs[batch_job.local_worker_id] = batch_job
@@ -424,6 +431,7 @@ def _maybe_launch_jobs(self, nr_local_workers=None):
         target = job_specs.get("target")
         job_id = job_specs.get("job_id", normalized_key)
         port_order = job_specs.get("port_order", self.cfg_port_order)
+        excluded_features = job_specs.get("excluded_features", self.cfg_excluded_features)
         if job_id is None:
           continue
         worker_entry = self._ensure_worker_entry(job_id, job_specs)
@@ -463,7 +471,8 @@ def _maybe_launch_jobs(self, nr_local_workers=None):
               network_worker_address=launcher,
               nr_local_workers=workers_requested,
               exceptions=exceptions,
-              port_order=port_order
+              port_order=port_order,
+              excluded_features=excluded_features,
             )
           except ValueError as exc:
             self.P(f"Skipping job {job_id}: {exc}", color='r')
@@ -756,6 +765,7 @@ def launch_test(
     exceptions: str = "64297",
     distribution_strategy: str = "",
     port_order: str = "",
+    excluded_features=None,
   ):
     """
     Start a pentest on the specified target.
@@ -778,6 +788,8 @@ def launch_test(
     port_order: str, optional
       Defines port scanning order at worker-thread level:
       "SHUFFLE" to randomize port order; "SEQUENTIAL" for ordered scan.
+    excluded_features: list[str], optional
+      List of feature names to exclude from scanning.
 
     Returns
     -------
@@ -792,6 +804,8 @@ def launch_test(
     # INFO: This method only announces the job to the network. It does not 
     #       execute the job itself - that part is handled by PentestJob
     #       executed after periodical check from plugin process.
+    if excluded_features is None:
+      excluded_features = self.cfg_excluded_features or []
     if not target:
       raise ValueError("No target specified.")
 
@@ -801,13 +815,21 @@ def launch_test(
     if start_port > end_port:
       raise ValueError("start_port must be less than end_port.")
 
-
     if len(exceptions) > 0:
       exceptions = [
         int(x) for x in self.re.findall(r'\d+', exceptions)
         if x.isdigit()
     ]
 
+    # Validate excluded_features against known features and calculate enabled_features for audit
+    all_features = self.__features
+    if excluded_features:
+      invalid = [f for f in excluded_features if f not in all_features]
+      if invalid:
+        self.P(f"Warning: Unknown features in excluded_features (ignored): {self.json_dumps(invalid)}")
+      excluded_features = [f for f in excluded_features if f in all_features]
+    enabled_features = [f for f in all_features if f not in excluded_features]
+
     distribution_strategy = str(distribution_strategy).upper()
 
     if not distribution_strategy or distribution_strategy not in ["MIRROR", "SLICE"]:
@@ -874,6 +896,8 @@ def launch_test(
       "workers" : workers,
       "distribution_strategy": distribution_strategy,
       "port_order": port_order,
+      "excluded_features": excluded_features,
+      "enabled_features": enabled_features,
     }
     self.chainstore_hset(
       hkey=self.cfg_instance_id,

extensions/business/cybersec/red_mesh/redmesh_utils.py

@@ -55,6 +55,7 @@ def __init__(
     local_id_prefix : str,
     worker_target_ports=COMMON_PORTS,
     exceptions=None,
+    excluded_features=None,
   ):
     """
     Initialize a pentest worker with target ports and exclusions.
@@ -75,12 +76,16 @@ def __init__(
       Ports assigned to this worker; defaults to common ports.
     exceptions : list[int], optional
       Ports to exclude from scanning.
+    excluded_features: list[str], optional
+      List of feature method names to exclude.
 
     Raises
     ------
     ValueError
       If no ports remain after applying exceptions.
     """
+    if excluded_features is None:
+      excluded_features = []
     if exceptions is None:
       exceptions = []
     self.target = target
@@ -127,7 +132,9 @@ def __init__(
       "done": False,
       "canceled": False,
     }
-    self.__features = self._get_all_features()
+    self.excluded_features = excluded_features or []
+    self.__all_features = self._get_all_features()
+    self.__enabled_features = [f for f in self.__all_features if f not in self.excluded_features]
     self.P("Initialized worker {} on {} ports [{}-{}]...".format(
       self.local_worker_id,
       len(worker_target_ports),
@@ -197,8 +204,8 @@ def get_status(self, for_aggregations=False):
       Worker status including progress and findings.
     """
     completed_tests = self.state.get("completed_tests", [])
-    max_features = len(self.__features) + 3  # +1 port scan, +1 service_info_completed, +1 web_tests_completed
-    progress = f"{(len(completed_tests) / max_features) * 100 if self.__features else 0:.1f}%"
+    max_features = len(self.__enabled_features) + 3  # +1 port scan, +1 service_info_completed, +1 web_tests_completed
+    progress = f"{(len(completed_tests) / max_features) * 100 if self.__enabled_features else 0:.1f}%"
 
     dct_status = {
       # same data for all workers below
@@ -416,7 +423,7 @@ def _gather_service_info(self):
       return
     self.P(f"Gathering service info for {len(open_ports)} open ports.")
     target = self.target
-    service_info_methods = [method for method in dir(self) if method.startswith("_service_info_")]
+    service_info_methods = [m for m in self.__enabled_features if m.startswith("_service_info_")]
     aggregated_info = []
     for method in service_info_methods:
       func = getattr(self, method)
@@ -463,7 +470,7 @@ def _run_web_tests(self):
       self.state["web_tested"] = True
       return
     result = []
-    web_tests_methods = [method for method in dir(self) if method.startswith("_web_test_")]
+    web_tests_methods = [m for m in self.__enabled_features if m.startswith("_web_test_")]
     for method in web_tests_methods:
       func = getattr(self, method)
       for port in ports_to_test: