Skip to content

Docs: Fix Discrepancies #1521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
google-labs-jules wants to merge 1 commit into from
Closed

Docs: Fix Discrepancies #1521

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 56 additions & 18 deletions docs/_docs/user-guide/eldritch.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,38 @@ The <b>crypto.aes_encrypt_file</b> method encrypts the given src file, encrypts

Key must be 16 Bytes (Characters)

### crypto.aes_decrypt

`crypto.aes_decrypt(key: List<int>, iv: List<int>, data: List<int>) -> List<int>`

The <b>crypto.aes_decrypt</b> method decrypts the given data using AES-CBC mode.
Key must be 16, 24, or 32 bytes. IV must be 16 bytes.

### crypto.aes_encrypt

`crypto.aes_encrypt(key: List<int>, iv: List<int>, data: List<int>) -> List<int>`

The <b>crypto.aes_encrypt</b> method encrypts the given data using AES-CBC mode.
Key must be 16, 24, or 32 bytes. IV must be 16 bytes.

### crypto.md5

`crypto.md5(data: List<int>) -> str`

The <b>crypto.md5</b> method calculates the MD5 hash of the provided bytes.

### crypto.sha1

`crypto.sha1(data: List<int>) -> str`

The <b>crypto.sha1</b> method calculates the SHA1 hash of the provided bytes.

### crypto.sha256

`crypto.sha256(data: List<int>) -> str`

The <b>crypto.sha256</b> method calculates the SHA256 hash of the provided bytes.

### crypto.encode_b64

`crypto.encode_b64(content: str, encode_type: Optional<str>) -> str`
Expand Down Expand Up @@ -443,11 +475,11 @@ Here is an example of the Dict layout:

The <b>file.mkdir</b> method will make a new directory at `path`. If the parent directory does not exist or the directory cannot be created, it will error; unless the `parent` parameter is passed as `True`.

### file.moveto
### file.move

`file.moveto(src: str, dst: str) -> None`
`file.move(src: str, dst: str) -> None`

The <b>file.moveto</b> method moves a file or directory from `src` to `dst`. If the `dst` directory or file exists it will be deleted before being replaced to ensure consistency across systems.
The <b>file.move</b> method moves a file or directory from `src` to `dst`. If the `dst` directory or file exists it will be deleted before being replaced to ensure consistency across systems.

### file.parent_dir

Expand Down Expand Up @@ -604,12 +636,6 @@ $> pivot.arp_scan(["192.168.1.1/32"])
[]
```

### pivot.bind_proxy

`pivot.bind_proxy(listen_address: str, listen_port: int, username: str, password: str ) -> None`

The <b>pivot.bind_proxy</b> method is being proposed to provide users another option when trying to connect and pivot within an environment. This function will start a SOCKS5 proxy on the specified port and interface, with the specified username and password (if provided).

### pivot.ncat

`pivot.ncat(address: str, port: int, data: str, protocol: str ) -> str`
Expand All @@ -618,12 +644,6 @@ The <b>pivot.ncat</b> method allows a user to send arbitrary data over TCP/UDP t

`protocol` must be `tcp`, or `udp` anything else will return an error `Protocol not supported please use: udp or tcp.`.

### pivot.port_forward

`pivot.port_forward(listen_address: str, listen_port: int, forward_address: str, forward_port: int, str: protocol ) -> None`

The <b>pivot.port_forward</b> method is being proposed to provide socat like functionality by forwarding traffic from a port on a local machine to a port on a different machine allowing traffic to be relayed.

### pivot.port_scan

`pivot.port_scan(target_cidrs: List<str>, ports: List<int>, protocol: str, timeout: int) -> List<str>`
Expand Down Expand Up @@ -667,11 +687,17 @@ NOTE: Windows scans against `localhost`/`127.0.0.1` can behave unexpectedly or e

The **pivot.reverse_shell_pty** method spawns the provided command in a cross-platform PTY and opens a reverse shell over the agent's current transport (e.g. gRPC). If no command is provided, Windows will use `cmd.exe`. On other platforms, `/bin/bash` is used as a default, but if it does not exist then `/bin/sh` is used.

### pivot.smb_exec
### pivot.reverse_shell_repl

`pivot.reverse_shell_repl() -> None`

The <b>pivot.reverse_shell_repl</b> method spawns a basic REPL-style reverse shell with an Eldritch interpreter. This is useful if a PTY is not available.

`pivot.smb_exec(target: str, port: int, username: str, password: str, hash: str, command: str) -> str`
### pivot.create_portal

The <b>pivot.smb_exec</b> method is being proposed to allow users a way to move between hosts running smb.
`pivot.create_portal() -> None`

The <b>pivot.create_portal</b> method opens a bi-directional stream (portal) for traffic tunneling.

### pivot.ssh_copy

Expand Down Expand Up @@ -820,11 +846,23 @@ The <b>random.bool</b> method returns a randomly sourced boolean value.

The <b>random.int</b> method returns randomly generated integer value between a specified range. The range is inclusive on the minimum and exclusive on the maximum.

### random.bytes

`random.bytes(len: int) -> List<int>`

The <b>random.bytes</b> method returns a list of randomly generated bytes of the specified length.

### random.string

`random.string(length: uint, charset: Optional<str>) -> str`
The <b>random.string</b> method returns a randomly generated string of the specified length. If `charset` is not provided defaults to [Alphanumeric](https://docs.rs/rand_distr/latest/rand_distr/struct.Alphanumeric.html). Warning, the string is stored entirely in memory so exceptionally large files (multiple megabytes) can lead to performance issues.

### random.uuid

`random.uuid() -> str`

The <b>random.uuid</b> method returns a randomly generated UUID (v4).

---

## Regex
Expand Down
63 changes: 63 additions & 0 deletions docs/_docs/user-guide/tavern.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,66 @@ The `TAVERN_API_TOKEN` is a separate token used for authenticating CLI tools and
You typically need to use the `TAVERN_API_TOKEN` in scenarios where you are running tools on a remote machine (like a Kali VM via SSH) and cannot perform the standard local browser-based authentication flow due to networking restrictions (e.g., you cannot define the auth redirection port for SSH port forwarding).

In a standard local setup, CLI tools might pop open a browser window to authenticate. However, when you are SSH'd into a remote box, this isn't possible. The `TAVERN_API_TOKEN` provides a way to bypass this limitation.

## Configuration

Tavern is configured via environment variables.

| Variable | Description | Default |
| :--- | :--- | :--- |
| `ENABLE_TEST_DATA` | If set, populates the database with test data. | `false` |
| `ENABLE_TEST_RUN_AND_EXIT` | Starts the application but exits immediately after (for testing). | `false` |
| `DISABLE_DEFAULT_TOMES` | Prevents default tomes from being imported on startup. | `false` |
| `ENABLE_DEBUG_LOGGING` | Emits verbose debug logs. | `false` |
| `ENABLE_JSON_LOGGING` | Emits logs in JSON format. | `false` |
| `ENABLE_INSTANCE_ID_LOGGING` | Includes the tavern instance ID in log messages. | `false` |
| `ENABLE_GRAPHQL_RAW_QUERY_LOGGING` | Includes raw GraphQL queries in logs. | `false` |
| `HTTP_LISTEN_ADDR` | Address for Tavern's HTTP server to bind to. | `0.0.0.0:8000` |
| `HTTP_METRICS_LISTEN_ADDR` | Address for the HTTP metrics server. | `127.0.0.1:8080` |
| `OAUTH_CLIENT_ID` | OAuth Client ID. | `""` |
| `OAUTH_CLIENT_SECRET` | OAuth Client Secret. | `""` |
| `OAUTH_DOMAIN` | OAuth domain for consent flow. | `""` |
| `MYSQL_ADDR` | MySQL address to connect to. If unset, SQLite is used. | `""` |
| `MYSQL_NET` | Network used to connect to MySQL (e.g. tcp). | `tcp` |
| `MYSQL_USER` | MySQL user. | `root` |
| `MYSQL_PASSWD` | MySQL password. | `""` |
| `MYSQL_DB` | MySQL database name. | `tavern` |
| `DB_MAX_IDLE_CONNS` | Max idle DB connections. | `10` |
| `DB_MAX_OPEN_CONNS` | Max open DB connections. | `100` |
| `DB_MAX_CONN_LIFETIME` | Max lifetime of a DB connection (seconds). | `3600` |
| `GCP_PROJECT_ID` | GCP Project ID for Google Cloud Platform deployments. | `""` |
| `GCP_PUBSUB_KEEP_ALIVE_INTERVAL_MS` | Interval to publish no-op pubsub messages (ms). | `1000` |
| `PUBSUB_TOPIC_SHELL_INPUT` | PubSub topic for shell input. | `mem://shell_input` |
| `PUBSUB_SUBSCRIPTION_SHELL_INPUT` | PubSub subscription for shell input. | `mem://shell_input` |
| `PUBSUB_TOPIC_SHELL_OUTPUT` | PubSub topic for shell output. | `mem://shell_output` |
| `PUBSUB_SUBSCRIPTION_SHELL_OUTPUT` | PubSub subscription for shell output. | `mem://shell_output` |
| `ENABLE_PPROF` | Enables performance profiling. | `false` |
| `ENABLE_METRICS` | Enables the /metrics endpoint. | `false` |
| `SECRETS_FILE_PATH` | Path to secrets file (if not using GCP Secrets Manager). | `""` |

## CLI

Tavern includes a built-in CLI for managing redirectors.

### Redirectors

To run a redirector:

```bash
tavern redirector [flags] <upstream_address>
```

**Flags:**
- `--listen`: Address to listen on (default: `:8080`)
- `--transport`: Transport protocol to use (default: `grpc`)

**Example:**
```bash
tavern redirector --listen :8080 --transport grpc 127.0.0.1:8000
```

To list available redirector types:

```bash
tavern redirector list
```
Loading