backend/app/services/c2/mythic.py

# Contract pinned from MythicMeta/Mythic_Scripting master @ 2026-06-10 (raw.githubusercontent.com/MythicMeta/Mythic_Scripting/master/mythic/mythic.py)
"""Mythic 3.x C2 adapter.

M1 implements test_connection() only.
All other methods raise NotImplementedError("M2") — they land in milestone M2/M3.

Transport: POST https://<host>:7443/graphql
Header: apitoken: <token>
Backend: Hasura-proxied Postgres behind nginx.
"""
from __future__ import annotations

import requests

from backend.app.services.c2.adapter import (
    C2Adapter,
    C2Callback,
    C2Health,
    C2TaskPage,
    C2TaskStatus,
)

_HEALTH_QUERY = '{ __typename }'


class MythicAdapter(C2Adapter):
    """Real Mythic 3.x adapter using GraphQL over HTTP."""

    def __init__(self, url: str, api_token: str, verify_tls: bool = True) -> None:
        self._url = url.rstrip("/") + "/graphql"
        self._token = api_token
        self._verify = verify_tls

    def _headers(self) -> dict[str, str]:
        return {
            "Content-Type": "application/json",
            "apitoken": self._token,
        }

    def test_connection(self) -> C2Health:
        """POST a trivial introspection query to verify reachability and token validity."""
        try:
            resp = requests.post(
                self._url,
                json={"query": _HEALTH_QUERY},
                headers=self._headers(),
                verify=self._verify,
                timeout=10,
            )
            if resp.status_code == 200:
                return C2Health(ok=True)
            return C2Health(ok=False, error=f"HTTP {resp.status_code}")
        except requests.RequestException as exc:
            return C2Health(ok=False, error=str(exc))

    def list_callbacks(self) -> list[C2Callback]:
        raise NotImplementedError("M2")

    def create_task(
        self,
        callback_display_id: int,
        command: str,
        params: str | None = None,
    ) -> int:
        raise NotImplementedError("M2")

    def get_task(self, task_display_id: int) -> C2TaskStatus:
        raise NotImplementedError("M2")

    def get_task_output(self, task_display_id: int) -> str:
        raise NotImplementedError("M3")

    def list_callback_tasks(
        self,
        callback_display_id: int,
        page: int = 1,
        page_size: int = 25,
    ) -> C2TaskPage:
        raise NotImplementedError("M4")
feat(backend): c2 crypto + config CRUD + adapter scaffolding (sprint 8 M1) - Add Fernet crypto service (MIMIC_ENCRYPTION_KEY env, C2Disabled on absent key) - Add Alembic migration 0006: c2_config + c2_task tables with cascade FKs - Add C2Config and C2Task SQLAlchemy models - Add C2Adapter ABC with dataclasses (C2Health, C2Callback, C2TaskStatus, C2TaskPage) - Add FakeAdapter (deterministic in-memory, MIMIC_C2_ADAPTER=fake) - Add MythicAdapter scaffold: test_connection() live, M2+ raise NotImplementedError - Add decode_response_text() helper for base64/binary Mythic responses - Add GET/PUT/DELETE/POST-test /api/engagements/<id>/c2-config endpoints - RBAC: admin+redteam OK, SOC 403; 503 guard when encryption key absent - Token never returned in API responses; stored Fernet-encrypted only - 42 new tests (300 total, 258 baseline preserved green) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-10 19:20:52 +02:00			`# Contract pinned from MythicMeta/Mythic_Scripting master @ 2026-06-10 (raw.githubusercontent.com/MythicMeta/Mythic_Scripting/master/mythic/mythic.py)`
			`"""Mythic 3.x C2 adapter.`

			`M1 implements test_connection() only.`
			`All other methods raise NotImplementedError("M2") — they land in milestone M2/M3.`

			`Transport: POST https://<host>:7443/graphql`
			`Header: apitoken: <token>`
			`Backend: Hasura-proxied Postgres behind nginx.`
			`"""`
			`from __future__ import annotations`

			`import requests`

			`from backend.app.services.c2.adapter import (`
			`C2Adapter,`
			`C2Callback,`
			`C2Health,`
			`C2TaskPage,`
			`C2TaskStatus,`
			`)`

			`_HEALTH_QUERY = '{ __typename }'`


			`class MythicAdapter(C2Adapter):`
			`"""Real Mythic 3.x adapter using GraphQL over HTTP."""`

			`def __init__(self, url: str, api_token: str, verify_tls: bool = True) -> None:`
			`self._url = url.rstrip("/") + "/graphql"`
			`self._token = api_token`
			`self._verify = verify_tls`

			`def _headers(self) -> dict[str, str]:`
			`return {`
			`"Content-Type": "application/json",`
			`"apitoken": self._token,`
			`}`

			`def test_connection(self) -> C2Health:`
			`"""POST a trivial introspection query to verify reachability and token validity."""`
			`try:`
			`resp = requests.post(`
			`self._url,`
			`json={"query": _HEALTH_QUERY},`
			`headers=self._headers(),`
			`verify=self._verify,`
			`timeout=10,`
			`)`
			`if resp.status_code == 200:`
			`return C2Health(ok=True)`
			`return C2Health(ok=False, error=f"HTTP {resp.status_code}")`
			`except requests.RequestException as exc:`
			`return C2Health(ok=False, error=str(exc))`

			`def list_callbacks(self) -> list[C2Callback]:`
			`raise NotImplementedError("M2")`

			`def create_task(`
			`self,`
			`callback_display_id: int,`
			`command: str,`
			`params: str \| None = None,`
			`) -> int:`
			`raise NotImplementedError("M2")`

			`def get_task(self, task_display_id: int) -> C2TaskStatus:`
			`raise NotImplementedError("M2")`

			`def get_task_output(self, task_display_id: int) -> str:`
			`raise NotImplementedError("M3")`

			`def list_callback_tasks(`
			`self,`
			`callback_display_id: int,`
			`page: int = 1,`
			`page_size: int = 25,`
			`) -> C2TaskPage:`
			`raise NotImplementedError("M4")`