Examples
Here are some examples of task collection structures to illustrate different use cases. Note that this is the YAML representation of how developers would define these task collections. The MRPF API will convert these definitions in a slightly different JSON internal representation to allow for the various features like task generators, data aggregations, conditionals and loops.
- name: Example Task Collection
description: An example task collection demonstrating various features.
tasks:
- sequential:
- kind: get_target
target_id: "victim"
output: target
- parallel:
- kind: tcp_syn_scanner
ipv4_address_ranges: "$[target.ip_ranges]"
ports: "80,443,8080-8089"
output: open_ports
- kind: dns_lookup
domains: "$[domains[*].fqdn]"
record_types: A
output: domains
- if:
- when:
contains: { var: "$[open_ports]", value: "443" }
then:
- kind: http_fuzz
method: GET
host: "$[target.domain]"
sni: "$[target.domain]"
tls: true
content: |
GET $[paths] HTTP/1.1
Host: $[target.domain]
output: http_responses
- when:
contains: { var: "$[open_ports]", value: "80" }
then:
- kind: http_fuzz
method: GET
host: "$[target.domain]"
tls: false
content: |
GET $[paths] HTTP/1.1
Host: $[target.domain]
output: http_responses
- else:
- kind: notification
message: "No HTTP ports open on $[target.domain], skipping HTTP fuzzing."
- if:
- when:
non_empty: "$[http_responses]"
then:
- loop:
condition: "$[http_responses[*].status_code]"
do:
- kind: notification
message: "Received status code $[item] from $[target.domain]"
- else:
- kind: notification
message: "No HTTP responses for $[target.domain]"
- loop:
condition: "$[http_responses[*].status_code]"
do:
- kind: notification
message: "Received status code $[item] from $[target.domain]"