Skip to content

armory shell

Depth Security edited this page Jan 29, 2019 · 2 revisions

Interactive Use

Armory comes with an interactive shell, which you can use for dealing with the database ORM directly.

To launch it, type:

armory-shell

This will load up the current ORM for the current database as well as provide a couple of helper functions.

ORM

A Table object is already created for the following tables:

  • Domains
  • BaseDomains
  • IPAddresses
  • CIDRs
  • Users
  • Creds
  • Vulns
  • Ports
  • Urls
  • ScopeCIDRs

To get records from the database, use the .all() function. This will return a list of records that match that table.

domains = Domains.all()
len(domains)
print(domains[0].domain)

With this, you can do basic filtering for exact matches.

ips = IPAddresses.all(ipaddress='127.0.0.1')

Since Armory uses SQLAlchemy on the backend, you can also get access to the "query" object directly.

qry, model = IPAddresses.get_query()
qry.filter(model.ipaddress.like('127.%'))

The objects themselves are using SQLAlchemy and inherit all of the object methods (save, update, etc, etc).

Helper functions

A couple of helper functions have been created so far. The best bet is to look in shell.py to see what is there, or just type dir() to get a fully up to date list of the functions available.

get_domains(ip_addr)

Takes an IP address string, and will return a list of domain names with that IP.

get_ips(domain)

Takes a domain string, and will return a list of IPs that have that domain name.

rescope_base_and_children(, active=False, passive=False)

Takes a list of BaseDomains. Iterates through and rescopes the base domains, subdomains and ip addresses. Example:

qry, model = BaseDomains.get_query()
bad_domains = qry.filter(model.domain.like('outofscopedomain.%')) # gets .com, .biz, and .org
rescope_base_and_children(bad_domains, active=False, passive=False)

rescope_cidr_and_children(, active=False, passive=False)

Takes a list of CIDRs. Iterates through and rescopes child ip addresses and domains. Example:

cidrs = CIDRs.all(org_name='GoDaddy LLC')
rescope_cidr_and_children(active=False, passive=True)