Skip to content

OASIS Open Repository: Reactor-master is a feedback-driven GUI master/actuator orchestration framework for the OpenC2 language, written in Python; it provides a way to administer multiple reactor-relay deployments


Notifications You must be signed in to change notification settings



Folders and files

Last commit message
Last commit date

Latest commit



8 Commits

Repository files navigation


This GitHub public repository ( ) was created at the request of the OASIS Open Command and Control (OpenC2) TC as an OASIS TC Open Repository to support development of open source resources related to Technical Committee work.

While this TC Open Repository remains associated with the sponsor TC, its development priorities, leadership, intellectual property terms, participation rules, and other matters of governance are separate and distinct from the OASIS TC Process and related policies.

All contributions made to this TC Open Repository are subject to open source license terms expressed in the Apache License v 2.0. That license was selected as the declared "Applicable License" when the TC Open Repository was created.

As documented in "Public Participation Invited", contributions to this OASIS TC Open Repository are invited from all parties, whether affiliated with OASIS or not. Participants must have a GitHub account, but no fees or OASIS membership obligations are required. Participation is expected to be consistent with the OASIS TC Open Repository Guidelines and Procedures, the open source LICENSE designated for this particular repository, and the requirement for an Individual Contributor License Agreement that governs intellectual property.

Statement of Purpose for this OASIS TC Open Repository (openc2-reactor-master) as proposed and approved [bis] by the OpenC2 TC:

The purpose of the openc2-reactor-master GitHub repository is to (a) demonstrate how OpenC2 can be deployed as a means to manage and administer geographically disparate networks, and (b) provision a codebase to enable other prototype efforts.

Openc2-Reactor-master provides an OpenC2 API to send commands to downstream relays, as well as a way for analyst to manually send commands to capable actuators deployed on client's sites that wouldn't be accessible directly from the internet

The associated GitHub repository is: openc2-reactor-relay.

The initial codebase is imported from the OpenC2 Forum's Github repository.

Repository Maintainers may include here any clarifications — any additional sections, subsections, and paragraphs that the Maintainer(s) wish to add as descriptive text, reflecting (sub-) project status, milestones, releases, modifications to statement of purpose, etc. The project Maintainers will create and maintain this content on behalf of the participants.

TC Open Repository Maintainers are responsible for oversight of this project's community development activities, including evaluation of GitHub pull requests and preserving open source principles of openness and fairness. Maintainers are recognized and trusted experts who serve to implement community goals and consensus design preferences.

Initially, the associated TC members have designated one or more persons to serve as Maintainer(s); subsequently, participating community members may select additional or substitute Maintainers, per consensus agreements.

Current Maintainers of this TC Open Repository

Questions or comments about this TC Open Repository's activities should be composed as GitHub issues or comments. If use of an issue/comment is not possible or appropriate, questions may be directed by email to the Maintainer(s) listed above. Please send general questions about TC Open Repository participation to OASIS Staff at [email protected] and any specific CLA-related questions to [email protected].

A Feedback-driven GUI master/actuator orchestration framework for the OpenC2 language, written in Python. Works in remote security management. Loves to travel. Enjoys meeting new people. Good listener.

Reactor Master

A Feedback-driven GUI master / actuator orchestration framework for the OpenC2 language, written in Python


This project is proof of concept code to show how OpenC2 can be deployed on geographically disparate networks. Please report bugs via git issues, pull requests are welcome.


This project is built on top of OrchID's code base:

OrchID is an OpenC2 proxy built in Django 1.10.2. OrchID aims to provide a simple, modular API to begin accepting OpenC2 commands and converting them into Python actions.

OpenC2 OrchID was built by Adam Bradbury (Zepko Architect), so is used extensively in Zepko's response architecture. This document explains the usage for the onboarded profiles for this version of OrchID, for general documentation on how OrchID functions you should refer to the official repository.


This code base provides a way to administrate multiple ReactorRelay deployments. It provides an OpenC2 API to send commands to downstream relays, as well as a way for analyst to manually send commands to capable actuators deployed on client's sites that wouldn't be accessible directly from the internet.

Installation (CentOS 7.3)

1. Install dependencies

yum install -y git wget python-pip python-devel gcc mariadb mariadb-server mariadb-devel MySQL-python libffi-devel

2. Configure the database

systemctl status mariadb.service
systemctl start mariadb.service
systemctl enable mariadb.service


In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):

Press enter for first time installs

Change the root password? [Y/n]

It's recommended that you set a strong password for the root account By default the password for Reactor is correcthorsebatterystaple

Remove anonymous users? [Y/n]

It is recommended that all anonymous remote logins be disabled

Disallow root login remotely? [Y/n]

It is recommended that the root account only login from localhost

Remove test database and access to it? [Y/n]

It is recommended that the test database is removed for security

Reload privilege tables now? [Y/n]

Choose Y to apply the new settings

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

3. Configure the firewall (firewall-cmd on CentOS 7.3)

Reactor Master uses port 9000 by default - set by OPENC2_RESPONSE_URL - which can be changed in main/

35  # OpenC2 Response URL 

Either create port rules for the necessary ports required by Reactor, or disable the firewall altogether (not recommended)

(Optional) Disable firewall
systemctl stop firewall-cmd
systemctl disable firewall-cmd
Enable firewall
firewall-cmd --state
systemctl status firewall-cmd
systemctl start firewall-cmd
systemctl enable firewall-cmd
Create firewall port rules
firewall-cmd --add-port=9000/tcp --zone=public --permanent   # ReactorMaster

firewall-cmd --reload
Create cron task for job polling
echo "*/1 * * * * root /usr/bin/wget --spider -q http://:9000/cron/launch/ > /dev/null" >> /etc/crontab

4. Configure the project environment(s)

git clone https://User:[email protected]/User/ReactorMaster.git


git clone

Enter username and password...
Familiarise yourself with the code base. If you're familiar with Django projects then this will be very familiar.
cd ReactorMaster && ls

LICENSE  main  reactor_master  requirements.txt  samples  static
Upgrade pip
pip install --upgrade pip
Install virtualenv package
pip install virtualenv
Create a new virtual environment

If you are testing both ReactorRelay and ReactorMaster on the same system, you can use one virtual environment for both

virtualenv env/ -p python --prompt="[ReactorMaster]"
Activate virtual environment
source env/bin/activate
Deactivate virtual environment

5. Set up the application (must be in virtual environment)

Install dependencies
pip install -r requirements.txt
Configure Django

For database migrations, you may need to first create the schema specified on line 90 in main/

mysql -uroot -p   # provide password when prompted
MariaDB [(none)]> show schemas;
| Database           |
| information_schema |
| mysql              |
| performance_schema |
3 rows in set (0.00 sec)

create schema reactor_master;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> show schemas;
| Database           |
| information_schema |
| mysql              |
| performance_schema |
| reactor_master     |
4 rows in set (0.00 sec)

Update database to latest schema
python migrate   # configures database according to models and previous migrations

Operations to perform:
  Apply all migrations: admin, auth, contenttypes, reactor_master, sessions
Running migrations:
  Applying contenttypes.0001_initial... OK
  Applying auth.0001_initial... OK
  Applying admin.0001_initial... OK
  Applying admin.0002_logentry_remove_auto_add... OK
  Applying contenttypes.0002_remove_content_type_name... OK
  Applying auth.0002_alter_permission_name_max_length... OK
  Applying auth.0003_alter_user_email_max_length... OK
  Applying auth.0004_alter_user_username_opts... OK
  Applying auth.0005_alter_user_last_login_null... OK
  Applying auth.0006_require_contenttypes_0002... OK
  Applying auth.0007_alter_validators_add_error_messages... OK
  Applying auth.0008_alter_user_username_max_length... OK
  Applying reactor_master.0001_initial... OK
  Applying sessions.0001_initial... OK
Load the starting data into the database
python loaddata reactor_master/fixtures/initial_data.json
Create a superuser to manage the project
python createsuperuser
Launch the server
python runserver   # master

Performing system checks...

2017-07-10 20:40:42,252 INFO Registered response name with signature {'action': 'response', 'target': {'type': 'openc2:Data'}}
2017-07-10 20:40:42,410 INFO Initialising master
2017-07-10 20:40:42,410 INFO Loading profile
2017-07-10 20:40:42,411 INFO Registered response name with signature {'action': 'response', 'target': {'type': 'openc2:Data'}}
System check identified no issues (0 silenced).
July 10, 2017 - 20:40:42
Django version 1.10.2, using settings 'main.settings'
Starting development server at
Quit the server with CONTROL-C.

Now check that you can visit it in the browser, and login as the super-user you created.

The master's web interface is accessible on:


It's OpenC2 API is accessible on:


ReactorMaster fresh dashboard

It is recommended you put this behind an SSL reverse proxy such as NGINX as commands can contain sensitive information, and connections to this box should be IP locked to known and trusted upstream orchestrators.


Relay Link

Follow the documentation for ReactorRelay for each relay being configured, and then return here to link them to the master and synchronise their capabilities.

With the relay(s) created, the first step is to link with the master - This can be done by clicking Create New Relay from the main dashboard view. The URL specified should be the OpenC2 API (usually /openc2/). The username and password should be the password you generated when running createsuperuser on the downstream relay.

ReactorMaster create relay

ReactorMaster relay created ReactorMaster relay details

Sync Capabilities

Once your relay is configured, click Sync Capabilities, this will request a list of all configured capabilities from all downstream relays. This then provides the list of actions that can be taken from the central orchestrator. If the error Sync Failed occurs, ensure that the url have specified is the fully qualified OpenC2 API url e.g. - Note the trailing slash. Make sure this is accessible from the Orchestrator.

If syncing still fails, this could be because you have entered incorrect credentials for the relay, which will require you to delete the relay in the Live Relay section and re-create it with the correct credentials.

ReactorMaster capabilities synced
Target Creation

Targets are a standardised way to express variables to pass to profiles, for example the IP of an attacker you wish to block. In Reactor we are still using CybOX 2.1, however the codebase is expandable to take any kind of JSON object.

ReactorMaster create target
Job Creation

This allows the user to create a job, linking a capability with a target. Once actioned - it will be picked up by the /cron/launcher/ view within 60 seconds (ensure you have created the cron job for the master). Responses, errors and job status can then be tracked by clicking on the job in the GUI.

ReactorMaster create target

ReactorMaster job pending

ReactorMaster job statuses

Job progress can be tracked and the status will transition from Sent to Pending to Success, or Failed if an error occurred.



Adam Bradbury


Reactor and OpenC2 architectural overview

    ┌────────┐              ┌───────┐            ┌──────────┐
    | Master ├─ manages a ─→| Relay ├─ has an ──→| Actuator |
    └─┬────┬─┘              └───────┘            └────┬─────┘
      |    |                                          |
      |    └──── defines                           can use
      |             |                                 |
  specifies         ↓                                 ↓
      |          ┌─────┐                        ┌────────────┐
      |          | Job |←───────── used by  ────┤ Capability │
      |          └──┬──┘                        └────────────┘
      ↓             |
  ┌────────┐      targets
  │ Target |←───────┘

Reactor project deployment file overview

├── main
│   ├──
│   ├──
│   ├──
│   └──
├── reactor_master
│   ├──
│   ├──
│   ├──
│   ├──
│   ├── fixtures
│   │   └── initial_data.json
│   ├──
│   ├── migrations
│   │   ├──
│   │   └──
│   ├──
│   ├── profiles
│   │   ├──
│   │   └──
│   ├──
│   ├── templates
│   │   └── reactor_master
│   ├── templatetags
│   │   ├──
│   │   └──
│   ├──
│   ├──
│   └──
├── requirements.txt
├── samples
│   └── response_ack.json
└── static
    └── theme
        ├── css
        ├── font-awesome
        ├── fonts
        └── js

↥ back to top


OASIS Open Repository: Reactor-master is a feedback-driven GUI master/actuator orchestration framework for the OpenC2 language, written in Python; it provides a way to administer multiple reactor-relay deployments







No releases published


No packages published


  • JavaScript 72.2%
  • Python 14.8%
  • HTML 12.0%
  • CSS 1.0%