Island: Reformat "exploiter" config options before sending to Agent

This commit is contained in:
Mike Salvatore 2021-12-13 20:04:26 -05:00
parent 93d0bb6cd2
commit 09305bca4c
3 changed files with 64 additions and 1 deletions

View File

@ -475,6 +475,9 @@ class ConfigService:
formatted_propagation_config["targets"] = ConfigService._format_targets_from_flat_config( formatted_propagation_config["targets"] = ConfigService._format_targets_from_flat_config(
config config
) )
formatted_propagation_config[
"exploiters"
] = ConfigService._format_exploiters_from_flat_config(config)
config["propagation"] = formatted_propagation_config config["propagation"] = formatted_propagation_config
@ -567,3 +570,33 @@ class ConfigService:
config.pop(flat_subnet_scan_list_field, None) config.pop(flat_subnet_scan_list_field, None)
return formatted_scan_targets_config return formatted_scan_targets_config
@staticmethod
def _format_exploiters_from_flat_config(config: Dict):
flat_config_exploiter_classes_field = "exploiter_classes"
brute_force_category = "brute_force"
vulnerability_category = "vulnerability"
brute_force_exploiters = {
"MSSQLExploiter",
"PowerShellExploiter",
"SSHExploiter",
"SmbExploiter",
"WmiExploiter",
}
formatted_exploiters_config = {"brute_force": [], "vulnerability": []}
for exploiter in sorted(config[flat_config_exploiter_classes_field]):
category = (
brute_force_category
if exploiter in brute_force_exploiters
else vulnerability_category
)
formatted_exploiters_config[category].append(
{"name": exploiter, "propagator": (exploiter != "ZerologonExploiter")}
)
config.pop(flat_config_exploiter_classes_field, None)
return formatted_exploiters_config

View File

@ -55,6 +55,7 @@
"ShellShockExploiter", "ShellShockExploiter",
"ElasticGroovyExploiter", "ElasticGroovyExploiter",
"Struts2Exploiter", "Struts2Exploiter",
"ZerologonExploiter",
"WebLogicExploiter", "WebLogicExploiter",
"HadoopExploiter", "HadoopExploiter",
"MSSQLExploiter", "MSSQLExploiter",

View File

@ -101,8 +101,9 @@ def test_format_config_for_agent__propagation(flat_monkey_config):
ConfigService.format_flat_config_for_agent(flat_monkey_config) ConfigService.format_flat_config_for_agent(flat_monkey_config)
assert "propagation" in flat_monkey_config assert "propagation" in flat_monkey_config
assert "network_scan" in flat_monkey_config["propagation"]
assert "targets" in flat_monkey_config["propagation"] assert "targets" in flat_monkey_config["propagation"]
assert "network_scan" in flat_monkey_config["propagation"]
assert "exploiters" in flat_monkey_config["propagation"]
def test_format_config_for_agent__propagation_targets(flat_monkey_config): def test_format_config_for_agent__propagation_targets(flat_monkey_config):
@ -163,3 +164,31 @@ def test_format_config_for_agent__network_scan(flat_monkey_config):
assert "tcp_target_ports" not in flat_monkey_config assert "tcp_target_ports" not in flat_monkey_config
assert "ping_scan_timeout" not in flat_monkey_config assert "ping_scan_timeout" not in flat_monkey_config
assert "finger_classes" not in flat_monkey_config assert "finger_classes" not in flat_monkey_config
def test_format_config_for_agent__exploiters(flat_monkey_config):
expected_exploiters_config = {
"brute_force": [
{"name": "MSSQLExploiter", "propagator": True},
{"name": "PowerShellExploiter", "propagator": True},
{"name": "SSHExploiter", "propagator": True},
{"name": "SmbExploiter", "propagator": True},
{"name": "WmiExploiter", "propagator": True},
],
"vulnerability": [
{"name": "DrupalExploiter", "propagator": True},
{"name": "ElasticGroovyExploiter", "propagator": True},
{"name": "HadoopExploiter", "propagator": True},
{"name": "ShellShockExploiter", "propagator": True},
{"name": "Struts2Exploiter", "propagator": True},
{"name": "WebLogicExploiter", "propagator": True},
{"name": "ZerologonExploiter", "propagator": False},
],
}
ConfigService.format_flat_config_for_agent(flat_monkey_config)
assert "propagation" in flat_monkey_config
assert "exploiters" in flat_monkey_config["propagation"]
assert flat_monkey_config["propagation"]["exploiters"] == expected_exploiters_config
assert "exploiter_classes" not in flat_monkey_config