Metadata-Version: 2.4
Name: plockchain
Version: 1.1
Summary: plockchain support for send request flow by write yaml config file
Home-page: https://github.com/nquangit/plockchain
Author: nquangit
Author-email: nquang.it.04@gmail.com
License: MIT
Keywords: nquangit,plockchain
Classifier: Programming Language :: Python :: 3
Description-Content-Type: text/markdown
Requires-Dist: jq
Requires-Dist: pystache
Requires-Dist: PyYAML
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: license
Dynamic: requires-dist
Dynamic: summary

## Overview

Plockchain is a lightweight, configurable automation tool designed to help web pentesters streamline their HTTP-based testing workflows. With Plockchain, you can define a sequence of HTTP requests (a "chain"), leverage proxy settings, extract and manipulate data in-flight, and easily integrate dynamic variables into subsequent requests. Whether you need to automate a login flow to fetch a token, or orchestrate a multi-step sequence to probe various endpoints, Plockchain has you covered.

## Key Features

* **Configurable Flow**: Define multi-step HTTP chains in a simple YAML file.
* **Proxy Support**: Route requests through an HTTP/SOCKS proxy for traffic inspection or access.
* **Data Extraction & Injection**: Extract fields from responses (e.g., JSON bodies via `jq`-style selectors) and inject them into later requests.
* **TLS & Timeout Controls**: Customize TLS on/off per request and set individual timeouts.
* **Templating**: Use Mustache-style placeholders (`{{variable}}`) to render headers, URLs, and bodies dynamically.
* **Lightweight & Extensible**: Built in Python with minimal dependencies, easy to extend for custom extractors or request types.

## Prerequisites

* Python 3.8 or higher
* `pip` for installing dependencies

## Installation

1. Clone the repository:

   ```bash
   git clone https://github.com/nquangit/plockchain.git
   cd plockchain
   ```

2. Install required packages:

   ```bash
   pip install -r requirements.txt
   ```

## Configuration

Plockchain is driven by a YAML configuration file. Below is a sample configuration showing global variables, proxy settings, and a request chain:

```yaml
# File: config.yaml

---
global_vars:
  key: value

proxy:
  host: 127.0.0.1
  port: 8080

chain:
  - req:
      # name must be the file name contains the raw request
      name: raw1
      # Default is true
      use_tls: true
      host: api.taskspace.com.vn
      port: 443
      # Default is 5.0
      timeout: 5.0
      export:
        response:
          body:
            var:
              name: token
              # Key access with jq for json response with unique key
              key: ".data"
  - req:
      name: raw2
      use_tls: true
      # Auto mode will get the host from the Host header
      host: auto
      # Auto mode will get the port base-on use_tls value (80 or 443)
      port: auto

      import:
        headers:
          # Write as pystache template
          Authorization: "Bearer {{token}}"
```

### Configuration Fields

* `global_vars`: Define key/value pairs available throughout the chain.
* `proxy`: Optional proxy settings (`host`, `port`).
* `chain`: An ordered list of steps; each step can be a `req` (HTTP request).

  * `name`: Identifier for the step; used when exporting variables.
  * `use_tls`: `true` for HTTPS, `false` for HTTP.
  * `host`/`port`: Target host and port (support `auto`).
  * `timeout`: Request timeout in seconds.
  * `export`: Extract data from response. Currently supports `body` JSON extraction with a `key` selector.
  * `import`: Inject variables into headers, query parameters, or body.

## Usage

Run Plockchain by pointing it to your YAML config file:

```bash
# Future
python plockchain.py --config config.yaml
```

* Use `--verbose` for detailed logging.
* Add `--no-proxy` to bypass proxy settings.

### Example Workflow

1. **Login** capturing a JWT token.
2. **Fetch** protected resource using the extracted token.
3. **Process** or **save** the final output as needed.

```bash
python plockchain.py -c config.yaml -v
```

## Extending Plockchain

* **Custom Extractors**: Add support for XML, regex, or HTML parsing by extending the `exporters` module.
* **Additional Steps**: Implement new step types (e.g., file uploads, GraphQL requests) in the `steps` directory.

## Contributing

1. Fork the repository.
2. Create a feature branch (`git checkout -b feature/your-feature`).
3. Commit your changes and push to your branch.
4. Open a Pull Request detailing your improvements.

Please adhere to the existing code style and include unit tests for new features.

## License

This project is licensed under the MIT License. See [LICENSE](LICENSE) for details.

---

*Happy pentesting!*
