Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
855 changes: 815 additions & 40 deletions v1/entities.yml

Large diffs are not rendered by default.

312 changes: 289 additions & 23 deletions v1/go/entities/entities.go

Large diffs are not rendered by default.

147 changes: 141 additions & 6 deletions v1/go/entities/validators.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,153 @@ func (e *Target) Validate() error {
return Validator.Struct(e)
}

// Validate validates a Port entity
func (e *Port) Validate() error {
// Validate validates a Vulnerability entity
func (e *Vulnerability) Validate() error {
return Validator.Struct(e)
}

// Validate validates a HasPort edge
func (e *HasPort) Validate() error {
// Validate validates a Tool entity
func (e *Tool) Validate() error {
return Validator.Struct(e)
}

// Validate validates a Discovered edge
func (e *Discovered) Validate() error {
// Validate validates a TechnicalFinding entity
func (e *TechnicalFinding) Validate() error {
return Validator.Struct(e)
}

// Validate validates a AttackTechnique entity
func (e *AttackTechnique) Validate() error {
return Validator.Struct(e)
}

// Validate validates a TestPhase entity
func (e *TestPhase) Validate() error {
return Validator.Struct(e)
}

// Validate validates a Credential entity
func (e *Credential) Validate() error {
return Validator.Struct(e)
}

// Validate validates a ExploitCode entity
func (e *ExploitCode) Validate() error {
return Validator.Struct(e)
}

// Validate validates a AuthenticationAttempt entity
func (e *AuthenticationAttempt) Validate() error {
return Validator.Struct(e)
}

// Validate validates a DatabaseMetadata entity
func (e *DatabaseMetadata) Validate() error {
return Validator.Struct(e)
}

// Validate validates a ExploitationAttempt entity
func (e *ExploitationAttempt) Validate() error {
return Validator.Struct(e)
}

// Validate validates a SessionInfo entity
func (e *SessionInfo) Validate() error {
return Validator.Struct(e)
}

// Validate validates a FileSystemAccess entity
func (e *FileSystemAccess) Validate() error {
return Validator.Struct(e)
}

// Validate validates a XMLPayload entity
func (e *XMLPayload) Validate() error {
return Validator.Struct(e)
}

// Validate validates a HasVulnerability edge
func (e *HasVulnerability) Validate() error {
return Validator.Struct(e)
}

// Validate validates a UsedAgainst edge
func (e *UsedAgainst) Validate() error {
return Validator.Struct(e)
}

// Validate validates a Exploits edge
func (e *Exploits) Validate() error {
return Validator.Struct(e)
}

// Validate validates a DiscoveredIn edge
func (e *DiscoveredIn) Validate() error {
return Validator.Struct(e)
}

// Validate validates a LeadsTo edge
func (e *LeadsTo) Validate() error {
return Validator.Struct(e)
}

// Validate validates a Targets edge
func (e *Targets) Validate() error {
return Validator.Struct(e)
}

// Validate validates a ProvidesAccessTo edge
func (e *ProvidesAccessTo) Validate() error {
return Validator.Struct(e)
}

// Validate validates a Yields edge
func (e *Yields) Validate() error {
return Validator.Struct(e)
}

// Validate validates a UsesTool edge
func (e *UsesTool) Validate() error {
return Validator.Struct(e)
}

// Validate validates a AuthenticatedWith edge
func (e *AuthenticatedWith) Validate() error {
return Validator.Struct(e)
}

// Validate validates a ExtractedFrom edge
func (e *ExtractedFrom) Validate() error {
return Validator.Struct(e)
}

// Validate validates a Enumerated edge
func (e *Enumerated) Validate() error {
return Validator.Struct(e)
}

// Validate validates a Establishes edge
func (e *Establishes) Validate() error {
return Validator.Struct(e)
}

// Validate validates a AccessedFile edge
func (e *AccessedFile) Validate() error {
return Validator.Struct(e)
}

// Validate validates a Revealed edge
func (e *Revealed) Validate() error {
return Validator.Struct(e)
}

// Validate validates a UsesPayload edge
func (e *UsesPayload) Validate() error {
return Validator.Struct(e)
}

// Validate validates a OobInteraction edge
func (e *OobInteraction) Validate() error {
return Validator.Struct(e)
}

113 changes: 102 additions & 11 deletions v1/python/pentagi_taxonomy/edges.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,106 @@
from pydantic import BaseModel, Field
from typing import Literal

class HasPort(BaseModel):
"""A target has a port"""
version: int | None = Field(None, description='Taxonomy schema version (auto-injected by Graphiti fork)')
timestamp: float | None = Field(None, description='When association was established')

class Discovered(BaseModel):
"""An action discovered an entity"""
version: int | None = Field(None, description='Taxonomy schema version (auto-injected by Graphiti fork)')
timestamp: float | None = Field(None, description='Discovery timestamp')
confidence: float | None = Field(None, description='Confidence score', ge=0.0, le=1.0)
method: Literal['active', 'passive'] | None = Field(None, description='Discovery method')
class HasVulnerability(BaseModel):
"""A target has or is affected by a vulnerability"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When vulnerability was identified')
confidence: float | None = Field(None, description='Confidence in the vulnerability', ge=0.0, le=1.0)
verified: bool | None = Field(None, description='Whether vulnerability was verified through exploitation')

class UsedAgainst(BaseModel):
"""A tool or technique was used against a target"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When tool was used')
success: bool | None = Field(None, description='Whether the use was successful')
execution_context: str | None = Field(None, description='Context of tool usage (command line, parameters)')

class Exploits(BaseModel):
"""A technique or exploit code exploits a vulnerability"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When exploitation occurred')
success: bool | None = Field(None, description='Whether exploitation was successful')
impact: Literal['full_compromise', 'partial_access', 'information_disclosure', 'denial_of_service', 'none'] | None = Field(None, description='Impact of successful exploitation')

class DiscoveredIn(BaseModel):
"""A finding was discovered during a test phase"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When discovery occurred')
discovery_method: str | None = Field(None, description='How the finding was discovered')

class LeadsTo(BaseModel):
"""One finding, technique, or vulnerability leads to another (attack chain)"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When connection was established')
reasoning: str | None = Field(None, description='How one leads to the other')

class Targets(BaseModel):
"""A vulnerability, technique, or tool targets a specific target"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When targeting occurred')

class ProvidesAccessTo(BaseModel):
"""A credential provides access to a target or service"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When access was verified')
access_level: Literal['read_only', 'read_write', 'administrative', 'root', 'limited'] | None = Field(None, description='Level of access provided')

class Yields(BaseModel):
"""An action, tool use, or technique yields a finding"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When finding was produced')

class UsesTool(BaseModel):
"""A technique or attack uses a specific tool"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When tool was used')

class AuthenticatedWith(BaseModel):
"""A credential was used to authenticate against a target"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When authentication occurred')
success: bool | None = Field(None, description='Whether authentication succeeded')
session_created: str | None = Field(None, description='Session ID created (if applicable)')

class ExtractedFrom(BaseModel):
"""A finding was extracted from a target using a specific technique"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When extraction occurred')
extraction_method: str | None = Field(None, description='Method used for extraction (e.g., error-based SQLi)')

class Enumerated(BaseModel):
"""A tool enumerated database metadata"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When enumeration occurred')
records_found: int | None = Field(None, description='Number of records/items found')

class Establishes(BaseModel):
"""An authentication attempt establishes a session"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When session was established')

class AccessedFile(BaseModel):
"""An attack technique or exploit accessed a file"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When file was accessed')
bytes_read: int | None = Field(None, description='Number of bytes read if applicable')

class Revealed(BaseModel):
"""A file system access revealed information or findings"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When information was revealed')
revelation_type: Literal['credentials', 'configuration', 'system_info', 'vulnerability', 'other'] | None = Field(None, description='Type of information revealed')

class UsesPayload(BaseModel):
"""An exploitation attempt uses a specific XML payload"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When payload was used')
attempt_number: int | None = Field(None, description='Sequential attempt number')

class OobInteraction(BaseModel):
"""An XML payload triggered an out-of-band interaction"""
version: int | None = Field(None, description='Taxonomy schema version')
timestamp: float | None = Field(None, description='When interaction occurred')
interaction_type: Literal['http_callback', 'dns_query', 'ftp_connection', 'other'] | None = Field(None, description='Type of OOB interaction')
data_exfiltrated: str | None = Field(None, description='Data exfiltrated via OOB channel (preview)')

76 changes: 70 additions & 6 deletions v1/python/pentagi_taxonomy/entity_map.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,83 @@
DO NOT EDIT - this file is generated from entities.yml
"""

from .nodes import Target, Port
from .edges import HasPort, Discovered
from .nodes import Target, Vulnerability, Tool, TechnicalFinding, AttackTechnique, TestPhase, Credential, ExploitCode, AuthenticationAttempt, DatabaseMetadata, ExploitationAttempt, SessionInfo, FileSystemAccess, XMLPayload
from .edges import HasVulnerability, UsedAgainst, Exploits, DiscoveredIn, LeadsTo, Targets, ProvidesAccessTo, Yields, UsesTool, AuthenticatedWith, ExtractedFrom, Enumerated, Establishes, AccessedFile, Revealed, UsesPayload, OobInteraction

ENTITY_TYPES = {
'Target': Target,
'Port': Port,
'Vulnerability': Vulnerability,
'Tool': Tool,
'TechnicalFinding': TechnicalFinding,
'AttackTechnique': AttackTechnique,
'TestPhase': TestPhase,
'Credential': Credential,
'ExploitCode': ExploitCode,
'AuthenticationAttempt': AuthenticationAttempt,
'DatabaseMetadata': DatabaseMetadata,
'ExploitationAttempt': ExploitationAttempt,
'SessionInfo': SessionInfo,
'FileSystemAccess': FileSystemAccess,
'XMLPayload': XMLPayload,
}

EDGE_TYPES = {
'HAS_PORT': HasPort,
'DISCOVERED': Discovered,
'HAS_VULNERABILITY': HasVulnerability,
'USED_AGAINST': UsedAgainst,
'EXPLOITS': Exploits,
'DISCOVERED_IN': DiscoveredIn,
'LEADS_TO': LeadsTo,
'TARGETS': Targets,
'PROVIDES_ACCESS_TO': ProvidesAccessTo,
'YIELDS': Yields,
'USES_TOOL': UsesTool,
'AUTHENTICATED_WITH': AuthenticatedWith,
'EXTRACTED_FROM': ExtractedFrom,
'ENUMERATED': Enumerated,
'ESTABLISHES': Establishes,
'ACCESSED_FILE': AccessedFile,
'REVEALED': Revealed,
'USES_PAYLOAD': UsesPayload,
'OOB_INTERACTION': OobInteraction,
}

EDGE_TYPE_MAP = {
('Target', 'Port'): ['HAS_PORT'],
('Target', 'Vulnerability'): ['HAS_VULNERABILITY'],
('Target', 'TechnicalFinding'): ['YIELDS'],
('Target', 'Target'): ['LEADS_TO'],
('Vulnerability', 'Target'): ['TARGETS'],
('Tool', 'Target'): ['USED_AGAINST'],
('Tool', 'TechnicalFinding'): ['YIELDS'],
('Tool', 'Vulnerability'): ['YIELDS'],
('AttackTechnique', 'Target'): ['USED_AGAINST'],
('AttackTechnique', 'Vulnerability'): ['EXPLOITS'],
('AttackTechnique', 'Tool'): ['USES_TOOL'],
('AttackTechnique', 'AttackTechnique'): ['LEADS_TO'],
('TechnicalFinding', 'TestPhase'): ['DISCOVERED_IN'],
('TechnicalFinding', 'Vulnerability'): ['LEADS_TO'],
('TechnicalFinding', 'TechnicalFinding'): ['LEADS_TO'],
('Credential', 'Target'): ['PROVIDES_ACCESS_TO'],
('TechnicalFinding', 'Credential'): ['REVEALED'],
('ExploitCode', 'Vulnerability'): ['EXPLOITS'],
('ExploitCode', 'Target'): ['USED_AGAINST'],
('TestPhase', 'TestPhase'): ['LEADS_TO'],
('AuthenticationAttempt', 'Target'): ['USED_AGAINST'],
('AuthenticationAttempt', 'SessionInfo'): ['ESTABLISHES'],
('DatabaseMetadata', 'Target'): ['EXTRACTED_FROM'],
('Tool', 'DatabaseMetadata'): ['ENUMERATED'],
('ExploitationAttempt', 'Target'): ['USED_AGAINST'],
('ExploitationAttempt', 'Vulnerability'): ['EXPLOITS'],
('ExploitationAttempt', 'TechnicalFinding'): ['YIELDS'],
('SessionInfo', 'Target'): ['PROVIDES_ACCESS_TO'],
('Credential', 'Target'): ['AUTHENTICATED_WITH'],
('FileSystemAccess', 'Target'): ['EXTRACTED_FROM'],
('AttackTechnique', 'FileSystemAccess'): ['ACCESSED_FILE'],
('ExploitationAttempt', 'FileSystemAccess'): ['ACCESSED_FILE'],
('FileSystemAccess', 'TechnicalFinding'): ['REVEALED'],
('FileSystemAccess', 'Credential'): ['REVEALED'],
('XMLPayload', 'Vulnerability'): ['EXPLOITS'],
('ExploitationAttempt', 'XMLPayload'): ['USES_PAYLOAD'],
('XMLPayload', 'Target'): ['USED_AGAINST'],
('XMLPayload', 'FileSystemAccess'): ['ACCESSED_FILE'],
('XMLPayload', 'TechnicalFinding'): ['OOB_INTERACTION'],
}
Loading