Exploiter Library

The Python library (exploiter/python/cookiefarm) provides the runtime used by exploit templates.

@exploit_manager decorator

• parses runtime CLI args (-s -t -T -p -n -x)
• fetches shared config from server
• starts test or run executor
• captures per-thread stdout using thread-local buffer

File: exploiter_manager.py.

Main executors

ExploitExecutor

• concurrent execution over all target teams
• fetches flag_ids per service
• extracts flags with shared regex
• emits JSON events (success, error, stats)

File: exploit_executor.py.

TestExploitExecutor

• executes only against NOP team
• used for fast exploit validation

File: test_executor.py.

Utility functions

random_string

Import:

from cookiefarm import random_string

Signature:

random_string(length: int = 16, with_space: bool = False, chars: str = printable[:-5]) -> str

Behavior:

• generates a random string from Python chars (default: all printable except whitespace)
• default excludes all whitespace characters
• with_space=True allows the space character while still excluding other whitespace

Typical use in A/D exploits:

username = random_string(8)
password = random_string(20, with_space=False)

JSON logging contract

The library uses log_status / log_stats for structured output.

Main statuses:

• success
• failed
• error
• fatal
• info
• debug
• stats
• exploit_info

This format is required by Go client parser.

Best practices

• avoid noisy output in loops
• prefer one clean output line per captured flag
• always handle network/socket exceptions
• keep exploit behavior idempotent between rounds