In this blog, we are going to review a small example of Amazon Echo (Alexa) skill to connect with Faraday API
The idea is to implement the following actions:
1) Get a list of all the workspaces available in your Faraday with an information summary
2) Get a list of all the available users
3) Get the last vulnerabilities and actions added in a given workspace
4) Bonus track: Get the last news of netsec and hackernews :)
For this we are going to use the following tools/libs/etc:
Amazon Echo (Alexa) - https://developer.amazon.com
ngrok - https://ngrok.com
Faraday API - https://github.com/infobyte/faraday/wiki/API-Server
Let's start with a small video demo using Alexa with Faraday Skill activated:
Steps for running your own skill:
1) First of all, you have to clone the GitHub of the Faraday Skill code:
The reposity have the following files:
etc/config.txt #Faraday API Server configuration
__init__.py #Skill Webserver API
faradayapi.py #Faraday API connector
hackernewsapi.py #Hackernews API
netsecapi.py #netsec API
In order to start our skill, we need to run webserver
$ python2 __init__.py #this going to start a webserver in loopback http://localhost:5000
Then we have to run ngrok to create a public address for our localserver
$ ngrok http 5000
You have to remember that every time that you run ngrok your URL will be changing and this new URL have to be configured in Amazon endpoint
Working in the Amazon Developer Console:
Navigate over to https://developer.amazon.com/alexa and sign in/sign up using your credentials of choice.
Then you have to select from the menu, Alexa, "Alexa Skill Kit"
We’ll select “Create Skill” on the upper right, then select the Skill Name "Faraday" and "Custom" model
We’ll fill in our initial skills data, as pictured below. Note: pay special attention to the invocation name. This is what will start your application. If you want it be “Alexa, start Faraday” put it here.
Now we are going to build what’s called an intent schema. The intent schema tells Alexa what “intents” are possible. It’s formatted as a JSON, drop this into the “JSON Editor” box you will find the intents in the file "intents.txt" from the Github
Remember to "Save Model" and "Build the model" when you finish it, check it out if you have any error
If everything is ok you can start with the testing or directly asking your Alexa:
You can try with, help to get the list of all available commands:
I hope you like it and extend it for better uses! Keep in mind this is a testing skill we do not recommend for productions Faraday servers.
Credit where credits due!
Flask - http://flask.pocoo.org/docs/0.12/
Flask-Ask - https://github.com/johnwheeler/flask-ask
Great Python for integration Echo + Vmware vShare: https://www.thehumblelab.com/integrating-echo-vmware/