2021-03-30 00:18:47 +08:00
|
|
|
# Changelog
|
2021-08-05 23:23:14 +08:00
|
|
|
All notable changes to this project will be documented in this
|
|
|
|
file.
|
2021-03-30 00:18:47 +08:00
|
|
|
|
2021-08-05 23:23:14 +08:00
|
|
|
The format is based on [Keep a
|
|
|
|
Changelog](https://keepachangelog.com/en/1.0.0/).
|
2021-03-30 00:18:47 +08:00
|
|
|
|
2021-10-28 21:31:18 +08:00
|
|
|
## [Unreleased]
|
|
|
|
### Added
|
2021-11-19 03:10:55 +08:00
|
|
|
- credentials.json file for storing Monkey Island user login information. #1206
|
2021-12-08 00:59:40 +08:00
|
|
|
- "GET /api/propagation-credentials/<string:guid>" endpoint for agents to
|
|
|
|
retrieve updated credentials from the Island. #1538
|
2022-06-16 21:19:19 +08:00
|
|
|
- "GET /api/island/ip-addresses" endpoint to get IP addresses of the Island server
|
2022-06-16 21:52:05 +08:00
|
|
|
network interfaces. #1996
|
2022-02-17 04:17:13 +08:00
|
|
|
- SSHCollector as a configurable System info Collector. #1606
|
2022-04-11 02:55:42 +08:00
|
|
|
- deployment_scrips/install-infection-monkey-service.sh to install an AppImage
|
|
|
|
as a service. #1552
|
2022-01-31 21:50:24 +08:00
|
|
|
- The ability to download the Monkey Island logs from the Infection Map page. #1640
|
2022-07-01 02:48:48 +08:00
|
|
|
- `/api/reset-agent-configuration` endpoint. #2036
|
|
|
|
- `/api/clear-simulation-data` endpoint. #2036
|
2022-08-02 16:48:26 +08:00
|
|
|
- `/api/registration-status` endpoint. #2149
|
2022-08-04 17:59:07 +08:00
|
|
|
- authentication to `/api/island/version`. #2109
|
2022-08-11 22:23:54 +08:00
|
|
|
- `/api/events` endpoint. #2155
|
2022-08-19 21:08:16 +08:00
|
|
|
- The ability to customize the file extension used by ransomware when
|
2022-08-19 21:47:10 +08:00
|
|
|
encrypting files. #1242
|
2022-08-23 01:23:08 +08:00
|
|
|
- `/api/agents` endpoint.
|
2021-10-28 21:31:18 +08:00
|
|
|
|
|
|
|
### Changed
|
2022-04-22 00:40:22 +08:00
|
|
|
- Reset workflow. Now it's possible to delete data gathered by agents without
|
|
|
|
resetting the configuration and reset procedure requires fewer clicks. #957
|
2021-11-11 21:56:47 +08:00
|
|
|
- "Communicate as Backdoor User" PBA's HTTP requests to request headers only and
|
|
|
|
include a timeout. #1577
|
2021-12-01 20:40:30 +08:00
|
|
|
- The setup procedure for custom server_config.json files to be simpler. #1576
|
2022-01-27 00:53:06 +08:00
|
|
|
- The order and content of Monkey Island's initialization logging to give
|
|
|
|
clearer instructions to the user and avoid confusion. #1684
|
2022-02-16 19:15:22 +08:00
|
|
|
- The process list collection system info collector to now be a post-breach action. #1697
|
2022-03-02 19:50:15 +08:00
|
|
|
- The "/api/monkey/download" endpoint to accept an OS and return a file. #1675
|
2022-03-09 23:04:45 +08:00
|
|
|
- Log messages to contain human-readable thread names. #1766
|
2022-03-19 01:00:48 +08:00
|
|
|
- The log file name to `infection-monkey-agent-<TIMESTAMP>-<RANDOM_STRING>.log`. #1761
|
2022-01-31 21:50:24 +08:00
|
|
|
- "Logs" page renamed to "Telemetries". #1640
|
2022-04-15 21:54:42 +08:00
|
|
|
- The "/api/fileUpload" endpoint to "/api/file-upload". #1888
|
|
|
|
- The "/api/test/clear_caches" endpoint to "/api/test/clear-caches". #1888
|
|
|
|
- The "/api/netmap/nodeStates" endpoint to "/api/netmap/node-states". #1888
|
|
|
|
- All "/api/monkey_control" endpoints to "/api/monkey-control". #1888
|
2022-04-18 19:50:51 +08:00
|
|
|
- All "/api/monkey" endpoints to "/api/agent". #1888
|
2022-08-11 22:27:01 +08:00
|
|
|
- Analytics and version update queries are sent separately instead of just one query. #2165
|
2022-05-12 20:17:10 +08:00
|
|
|
- Update MongoDB version to 4.4.x. #1924
|
2022-06-02 20:24:45 +08:00
|
|
|
- Endpoint to get agent binaries from "/api/agent/download/<string:os>" to
|
|
|
|
"/api/agent-binaries/<string:os>". #1978
|
2022-06-20 21:00:53 +08:00
|
|
|
- Depth flag (-d) on the agent now acts the way you would expect(it represents
|
|
|
|
the current depth of the agent, not hops remaining). #2033
|
2022-06-17 00:35:04 +08:00
|
|
|
- Agent configuration structure. #1996, #1998, #1961, #1997, #1994, #1741,
|
2022-07-08 19:33:45 +08:00
|
|
|
#1761, #1695, #1605, #2028, #2003
|
2022-07-01 02:48:48 +08:00
|
|
|
- `/api/island-mode` to accept and return new "unset" mode. #2036
|
2022-08-01 21:30:41 +08:00
|
|
|
- `/api/version-update` to `api/island/version`. #2109
|
2022-08-04 07:18:40 +08:00
|
|
|
- `/api/island-mode` to `/api/island/mode`. #2106
|
|
|
|
- `/api/log/island/download` endpoint to `/api/island/log`. #2107
|
|
|
|
- `/api/auth` endpoint to `/api/authenticate`. #2105
|
|
|
|
- `/api/registration` endpoint to `/api/register`. #2105
|
2022-08-05 15:45:12 +08:00
|
|
|
- `/api/file-upload` endpoit to `/api/pba/upload`. #2154
|
2022-08-17 03:27:56 +08:00
|
|
|
- Improved the speed of ransomware encryption by 2-3x. #2123
|
2022-09-02 21:26:51 +08:00
|
|
|
- "-s/--server" to "-s/--servers". #2216
|
2022-09-02 17:47:56 +08:00
|
|
|
- "-s/--servers" accepts list of servers separated by comma. #2216
|
2021-10-28 21:31:18 +08:00
|
|
|
|
|
|
|
### Removed
|
2022-01-31 21:15:43 +08:00
|
|
|
- VSFTPD exploiter. #1533
|
2022-04-22 01:06:12 +08:00
|
|
|
- Manual agent run command for CMD. #1556
|
2022-02-04 21:06:48 +08:00
|
|
|
- Sambacry exploiter. #1567, #1693
|
2021-11-10 21:19:41 +08:00
|
|
|
- "Kill file" option in the config. #1536
|
2021-11-12 20:09:07 +08:00
|
|
|
- Netstat collector, because network connection information wasn't used anywhere. #1535
|
2021-11-12 20:17:49 +08:00
|
|
|
- Checkbox to disable/enable sending log to server. #1537
|
2021-11-12 20:53:00 +08:00
|
|
|
- Checkbox for self deleting a monkey agent on cleanup. #1537
|
2021-11-12 22:35:58 +08:00
|
|
|
- Checkbox for file logging. #1537
|
2021-11-12 23:12:53 +08:00
|
|
|
- Remove serialization of config. #1537
|
2021-11-15 18:31:32 +08:00
|
|
|
- Checkbox that gave the option to not try to first move the dropper file. #1537
|
2021-11-15 19:05:07 +08:00
|
|
|
- Custom singleton mutex name config option. #1589
|
2021-11-16 18:28:40 +08:00
|
|
|
- Removed environment system info collector #1535
|
2021-11-15 18:50:19 +08:00
|
|
|
- Azure credential collector, because it was broken (not gathering credentials). #1535
|
2021-11-15 23:46:22 +08:00
|
|
|
- Custom monkey directory name config option. #1537
|
2021-11-17 18:00:55 +08:00
|
|
|
- Hostname system info collector. #1535
|
2021-11-16 15:31:51 +08:00
|
|
|
- Max iterations and timeout between iterations config options. #1600
|
2021-11-18 21:32:55 +08:00
|
|
|
- MITRE ATT&CK configuration screen. #1532
|
2021-12-03 10:03:45 +08:00
|
|
|
- Propagation credentials from "GET /api/monkey/<string:guid>" endpoint. #1538
|
2021-12-08 02:25:16 +08:00
|
|
|
- "GET /api/monkey_control/check_remote_port/<string:port>" endpoint. #1635
|
2021-12-14 21:03:37 +08:00
|
|
|
- Max victims to find/exploit, TCP scan interval and TCP scan get banner internal options. #1597
|
2021-12-14 21:54:45 +08:00
|
|
|
- MySQL fingerprinter. #1648
|
2022-01-31 21:15:43 +08:00
|
|
|
- MS08-067 (Conficker) exploiter. #1677
|
2022-02-01 22:40:48 +08:00
|
|
|
- Agent bootloader. #1676
|
2022-02-07 22:30:57 +08:00
|
|
|
- Zero Trust integration with ScoutSuite. #1669
|
2022-02-23 23:19:27 +08:00
|
|
|
- ShellShock exploiter. #1733
|
2022-02-24 21:44:20 +08:00
|
|
|
- ElasticGroovy exploiter. #1732
|
2022-04-22 01:06:12 +08:00
|
|
|
- T1082 attack technique report. #1695
|
2022-03-02 19:50:15 +08:00
|
|
|
- 32-bit agents. #1675
|
2022-03-10 22:11:06 +08:00
|
|
|
- Log path config options. #1761
|
2022-03-18 20:40:12 +08:00
|
|
|
- "smb_service_name" option. #1741
|
2022-04-08 18:19:34 +08:00
|
|
|
- Struts2 exploiter. #1869
|
2022-04-08 23:32:13 +08:00
|
|
|
- Drupal exploiter. #1869
|
2022-04-08 20:40:24 +08:00
|
|
|
- WebLogic exploiter. #1869
|
2022-04-08 00:11:47 +08:00
|
|
|
- The /api/t1216-pba/download endpoint. #1864
|
2022-01-31 21:50:24 +08:00
|
|
|
- Island log download button from "Telemetries"(previously called "Logs") page. #1640
|
2022-04-18 20:50:57 +08:00
|
|
|
- "/api/client-monkey" endpoint. #1889
|
2022-04-27 23:18:26 +08:00
|
|
|
- "+dev" from version numbers. #1553
|
2022-05-30 19:26:39 +08:00
|
|
|
- agent's "--config" argument. #906
|
2022-06-11 03:09:10 +08:00
|
|
|
- Option to export monkey telemetries. #1998
|
2022-06-28 22:35:09 +08:00
|
|
|
- "/api/configuration/import" endpoint. #2002
|
|
|
|
- "/api/configuration/export" endpoint. #2002
|
2022-07-08 19:33:45 +08:00
|
|
|
- "/api/island-configuration" endpoint. #2003
|
2022-09-02 17:42:21 +08:00
|
|
|
- "-t/--tunnel" from agent command line arguments. #2216
|
2021-10-28 21:31:18 +08:00
|
|
|
|
|
|
|
### Fixed
|
|
|
|
- A bug in network map page that caused delay of telemetry log loading. #1545
|
2022-04-22 01:06:12 +08:00
|
|
|
- Windows "run as a user" powershell command for manual agent runs. #1556
|
2021-11-12 20:58:04 +08:00
|
|
|
- A bug in the "Signed Script Proxy Execution" PBA that downloaded the exe on Linux
|
|
|
|
systems as well. #1557
|
2022-04-07 23:59:21 +08:00
|
|
|
- A bug where T1216_random_executable.exe was copied to disk even if the signed
|
|
|
|
script proxy execution PBA was disabled. #1864
|
2022-04-19 19:30:19 +08:00
|
|
|
- Unnecessary collection of kerberos credentials. #1771
|
2022-04-20 21:14:14 +08:00
|
|
|
- A bug where bogus users were collected by Mimikatz and added to the config. #1860
|
2022-04-20 15:52:20 +08:00
|
|
|
- A bug where windows executable was not self deleting. #1763
|
2022-04-22 01:06:12 +08:00
|
|
|
- Incorrect line number in the telemetry overview window on the Map page. #1850
|
2022-04-21 20:45:35 +08:00
|
|
|
- Automatic jumping to the bottom in the telemetry overview windows. #1850
|
2022-04-28 14:26:06 +08:00
|
|
|
- 2-second delay when the Island server starts, and it's not running on AWS. #1636
|
2022-06-15 02:49:35 +08:00
|
|
|
- Malformed MSSQL agent launch command. #2018
|
2021-10-28 21:31:18 +08:00
|
|
|
|
|
|
|
### Security
|
2022-03-01 00:51:34 +08:00
|
|
|
- Change SSH exploiter so that it does not set the permissions of the agent
|
|
|
|
binary in /tmp on the target system to 777, as this could allow a malicious
|
|
|
|
actor with local access to escalate their privileges. #1750
|
2021-10-28 21:31:18 +08:00
|
|
|
|
2022-01-25 22:54:12 +08:00
|
|
|
## [1.13.0] - 2022-01-25
|
2022-01-21 20:39:12 +08:00
|
|
|
### Added
|
|
|
|
- A new exploiter that allows propagation via the Log4Shell vulnerability
|
|
|
|
(CVE-2021-44228). #1663
|
|
|
|
|
|
|
|
### Fixed
|
|
|
|
- Exploiters attempting to start servers listening on privileged ports,
|
|
|
|
resulting in failed propagation. 8f53a5c
|
|
|
|
|
2021-10-28 21:31:18 +08:00
|
|
|
|
2021-10-27 22:14:36 +08:00
|
|
|
## [1.12.0] - 2021-10-27
|
2021-09-15 00:30:43 +08:00
|
|
|
### Added
|
|
|
|
- A new exploiter that allows propagation via PowerShell Remoting. #1246
|
|
|
|
- A warning regarding antivirus when agent binaries are missing. #1450
|
|
|
|
- A deployment.json file to store the deployment type. #1205
|
|
|
|
|
2021-08-30 21:46:24 +08:00
|
|
|
### Changed
|
|
|
|
- The name of the "Communicate as new user" post-breach action to "Communicate
|
2021-10-26 02:40:28 +08:00
|
|
|
as backdoor user". #1410
|
2021-09-29 17:18:57 +08:00
|
|
|
- Resetting login credentials also cleans the contents of the database. #1495
|
2021-09-24 20:02:17 +08:00
|
|
|
- ATT&CK report messages (more accurate now). #1483
|
2021-10-11 20:10:52 +08:00
|
|
|
- T1086 (PowerShell) now also reports if ps1 scripts were run by PBAs. #1513
|
2021-10-26 02:40:28 +08:00
|
|
|
- ATT&CK report messages to include internal config options as reasons
|
|
|
|
for unscanned attack techniques. #1518
|
2021-08-30 21:46:24 +08:00
|
|
|
|
2021-08-20 21:27:11 +08:00
|
|
|
### Removed
|
|
|
|
- Internet access check on agent start. #1402
|
|
|
|
- The "internal.monkey.internet_services" configuration option that enabled
|
|
|
|
internet access checks. #1402
|
2021-08-20 22:59:23 +08:00
|
|
|
- Disused traceroute binaries. #1397
|
2021-08-30 21:46:24 +08:00
|
|
|
- "Back door user" post-breach action. #1410
|
2021-08-30 21:56:34 +08:00
|
|
|
- Stale code in the Windows system info collector that collected installed
|
|
|
|
packages and WMI info. #1389
|
2021-09-15 00:30:43 +08:00
|
|
|
- Insecure access feature in the Monkey Island. #1418
|
2021-10-26 02:56:29 +08:00
|
|
|
- The "deployment" field from the server_config.json. #1205
|
2021-09-17 19:21:06 +08:00
|
|
|
- The "Execution through module load" ATT&CK technique,
|
2021-10-20 19:21:10 +08:00
|
|
|
since it can no longer be exercise with current code. #1416
|
2021-10-26 02:40:28 +08:00
|
|
|
- Browser window pop-up when Monkey Island starts on Windows. #1428
|
2021-08-05 19:29:08 +08:00
|
|
|
|
|
|
|
### Fixed
|
|
|
|
- Misaligned buttons and input fields on exploiter and network configuration
|
|
|
|
pages. #1353
|
2021-08-20 19:46:02 +08:00
|
|
|
- Credentials shown in plain text on configuration screens. #1183
|
2021-08-13 20:41:11 +08:00
|
|
|
- Crash when unexpected character encoding is used by ping command on German
|
|
|
|
language systems. #1175
|
2021-08-23 23:44:29 +08:00
|
|
|
- Malfunctioning timestomping PBA. #1405
|
|
|
|
- Malfunctioning shell startup script PBA. #1419
|
2021-09-02 00:22:17 +08:00
|
|
|
- Trap command produced no output. #1406
|
2021-09-06 21:03:23 +08:00
|
|
|
- Overlapping Guardicore logo in the landing page. #1441
|
|
|
|
- PBA table collapse in security report on data change. #1423
|
2021-09-15 00:30:43 +08:00
|
|
|
- Unsigned Windows agent binaries in Linux packages are now signed. #1444
|
2021-10-26 02:40:28 +08:00
|
|
|
- Some of the gathered credentials no longer appear in plaintext in the
|
|
|
|
database. #1454
|
|
|
|
- Encryptor breaking with UTF-8 characters. (Passwords in different languages
|
|
|
|
can be submitted in the config successfully now.) #1490
|
|
|
|
- Mimikatz collector no longer fails if Azure credential collector is disabled.
|
|
|
|
#1512, #1493
|
|
|
|
- Unhandled error when "modify shell startup files PBA" is unable to find
|
|
|
|
regular users. #1507
|
|
|
|
- ATT&CK report bug that showed different techniques' results under a technique
|
|
|
|
if the PBA behind them was the same. #1514
|
|
|
|
- ATT&CK report bug that said that the technique "`.bash_profile` and
|
|
|
|
`.bashrc`" was not attempted when it actually was attempted but failed. #1511
|
2021-10-13 20:50:14 +08:00
|
|
|
- Bug that periodically cleared the telemetry table's filter. #1392
|
2021-10-26 02:40:28 +08:00
|
|
|
- Crashes, stack traces, and other malfunctions when data from older versions
|
|
|
|
of Infection Monkey is present in the data directory. #1114
|
2021-10-21 22:43:12 +08:00
|
|
|
- Broken update links. #1524
|
2021-08-05 19:29:08 +08:00
|
|
|
|
2021-08-30 17:24:09 +08:00
|
|
|
### Security
|
2021-09-02 00:22:17 +08:00
|
|
|
- Generate a random password when creating a new user for CommunicateAsNewUser
|
|
|
|
PBA. #1434
|
2021-10-26 02:40:28 +08:00
|
|
|
- Credentials gathered from victim machines are no longer stored plaintext in
|
|
|
|
the database. #1454
|
2021-10-01 17:48:08 +08:00
|
|
|
- Encrypt the database key with user's credentials. #1463
|
2021-09-28 15:59:04 +08:00
|
|
|
|
2021-08-30 17:24:09 +08:00
|
|
|
|
2021-08-13 20:38:05 +08:00
|
|
|
## [1.11.0] - 2021-08-13
|
2021-04-01 01:51:31 +08:00
|
|
|
### Added
|
2021-04-01 00:07:20 +08:00
|
|
|
- A runtime-configurable option to specify a data directory where runtime
|
|
|
|
configuration and other artifacts can be stored. #994
|
2021-08-01 07:22:42 +08:00
|
|
|
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
|
2021-05-12 03:03:18 +08:00
|
|
|
- `log_level` option to server config. #1151
|
2021-06-29 23:48:07 +08:00
|
|
|
- A ransomware simulation payload. #1238
|
2021-07-05 20:18:00 +08:00
|
|
|
- The capability for a user to specify their own SSL certificate. #1208
|
2021-07-06 18:46:35 +08:00
|
|
|
- API endpoint for ransomware report. #1297
|
2021-08-05 23:23:14 +08:00
|
|
|
- A ransomware report. #1240
|
2021-07-27 01:23:38 +08:00
|
|
|
- A script to build a docker image locally. #1140
|
2021-04-01 00:07:20 +08:00
|
|
|
|
|
|
|
### Changed
|
2021-08-05 23:23:14 +08:00
|
|
|
- Select server_config.json at runtime. #963
|
|
|
|
- Select Logger configuration at runtime. #971
|
|
|
|
- Select `mongo_key.bin` file location at runtime. #994
|
|
|
|
- Store Monkey agents in the configurable data_dir when monkey is "run from the
|
2021-08-30 21:44:20 +08:00
|
|
|
- island". #997
|
2021-08-05 23:23:14 +08:00
|
|
|
- Reformat all code using black. #1070
|
2021-08-05 23:42:13 +08:00
|
|
|
- Sort all imports using isort. #1081
|
2021-08-05 23:23:14 +08:00
|
|
|
- Address all flake8 issues. #1071
|
2021-04-26 23:59:17 +08:00
|
|
|
- Use pipenv for python dependency management. #1091
|
2021-08-05 23:42:13 +08:00
|
|
|
- Move unit tests to a dedicated `tests/` directory to improve pytest collection
|
2021-08-05 23:23:14 +08:00
|
|
|
time. #1102
|
|
|
|
- Skip BB performance tests by default. Run them if `--run-performance-tests`
|
|
|
|
flag is specified.
|
|
|
|
- Write Zerologon exploiter's runtime artifacts to a secure temporary directory
|
2021-05-04 20:36:22 +08:00
|
|
|
instead of $HOME. #1143
|
2021-08-05 23:23:14 +08:00
|
|
|
- Put environment config options in `server_config.json` into a separate
|
|
|
|
section named "environment". #1161
|
2021-09-02 00:22:17 +08:00
|
|
|
- Automatically register if BlackBox tests are run on a fresh
|
|
|
|
installation. #1180
|
2021-08-05 03:20:34 +08:00
|
|
|
- Limit the ports used for scanning in blackbox tests. #1368
|
|
|
|
- Limit the propagation depth of most blackbox tests. #1400
|
2021-08-05 23:23:14 +08:00
|
|
|
- Wait less time for monkeys to die when running BlackBox tests. #1400
|
|
|
|
- Improve the structure of unit tests by scoping fixtures only to relevant
|
|
|
|
modules instead of having a one huge fixture file. #1178
|
|
|
|
- Improve and rename the directory structure of unit tests and unit test
|
|
|
|
infrastructure. #1178
|
|
|
|
- Launch MongoDB when the Island starts via python. #1148
|
|
|
|
- Create/check data directory on Island initialization. #1170
|
|
|
|
- Format some log messages to make them more readable. #1283
|
|
|
|
- Improve runtime of some unit tests. #1125
|
2021-08-10 00:18:47 +08:00
|
|
|
- Run curl OR wget (not both) when attempting to communicate as a new user on
|
|
|
|
Linux. #1407
|
2021-05-12 03:03:18 +08:00
|
|
|
|
|
|
|
### Removed
|
|
|
|
- Relevant dead code as reported by Vulture. #1149
|
|
|
|
- Island logger config and --logger-config CLI option. #1151
|
2021-04-27 00:01:19 +08:00
|
|
|
|
|
|
|
### Fixed
|
2021-08-05 23:23:14 +08:00
|
|
|
- Attempt to delete a directory when monkey config reset was called. #1054
|
2021-05-10 23:32:45 +08:00
|
|
|
- An errant space in the windows commands to run monkey manually. #1153
|
2021-08-05 23:23:14 +08:00
|
|
|
- Gevent tracebacks in console output. #859
|
2021-07-30 17:49:24 +08:00
|
|
|
- Crash and failure to run PBAs if max depth reached. #1374
|
2021-04-27 00:03:16 +08:00
|
|
|
|
|
|
|
### Security
|
|
|
|
- Address minor issues discovered by Dlint. #1075
|
2021-08-05 23:23:14 +08:00
|
|
|
- Hash passwords on server-side instead of client side. #1139
|
|
|
|
- Generate random passwords when creating a new user (create user PBA, ms08_67
|
|
|
|
exploit). #1174
|
2021-06-09 22:02:44 +08:00
|
|
|
- Implemented configuration encryption/decryption. #1189, #1204
|
2021-07-05 20:18:00 +08:00
|
|
|
- Create local custom PBA directory with secure permissions. #1270
|
|
|
|
- Create encryption key file for MongoDB with secure permissions. #1232
|