Implemented issues and warnings on overview
This commit is contained in:
parent
f2b631745d
commit
434c72f69f
|
@ -25,6 +25,18 @@ class ReportService:
|
||||||
'ShellShockExploiter': 'ShellShock Exploiter',
|
'ShellShockExploiter': 'ShellShock Exploiter',
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class ISSUES_DICT:
|
||||||
|
WEAK_PASSWORD = 0
|
||||||
|
STOLEN_CREDS = 1
|
||||||
|
ELASTIC = 2
|
||||||
|
SAMBACRY = 3
|
||||||
|
SHELLSHOCK = 4
|
||||||
|
CONFICKER = 5
|
||||||
|
|
||||||
|
class WARNINGS_DICT:
|
||||||
|
CROSS_SEGMENT = 0
|
||||||
|
TUNNEL = 1
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_first_monkey_time():
|
def get_first_monkey_time():
|
||||||
return mongo.db.telemetry.find({}, {'timestamp': 1}).sort([('$natural', 1)]).limit(1)[0]['timestamp']
|
return mongo.db.telemetry.find({}, {'timestamp': 1}).sort([('$natural', 1)]).limit(1)[0]['timestamp']
|
||||||
|
@ -139,6 +151,7 @@ class ReportService:
|
||||||
processed_exploit['username'] = attempt['user']
|
processed_exploit['username'] = attempt['user']
|
||||||
if len(attempt['password']) > 0:
|
if len(attempt['password']) > 0:
|
||||||
processed_exploit['type'] = 'password'
|
processed_exploit['type'] = 'password'
|
||||||
|
processed_exploit['password'] = attempt['password']
|
||||||
else:
|
else:
|
||||||
processed_exploit['type'] = 'hash'
|
processed_exploit['type'] = 'hash'
|
||||||
return processed_exploit
|
return processed_exploit
|
||||||
|
@ -232,9 +245,9 @@ class ReportService:
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_monkey_subnets(monkey_guid):
|
def get_monkey_subnets(monkey_guid):
|
||||||
network_info = mongo.db.telemetry.find_one(
|
network_info = mongo.db.telemetry.find_one(
|
||||||
{'telem_type': 'system_info_collection', 'monkey_guid': monkey_guid},
|
{'telem_type': 'system_info_collection', 'monkey_guid': monkey_guid},
|
||||||
{'data.network_info.networks': 1}
|
{'data.network_info.networks': 1}
|
||||||
)
|
)
|
||||||
if network_info is None:
|
if network_info is None:
|
||||||
return []
|
return []
|
||||||
|
|
||||||
|
@ -315,22 +328,61 @@ class ReportService:
|
||||||
def get_config_scan():
|
def get_config_scan():
|
||||||
return ConfigService.get_config_value(['basic_network', 'general', 'local_network_scan'], True)
|
return ConfigService.get_config_value(['basic_network', 'general', 'local_network_scan'], True)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_issues_overview(issues, config_users, config_passwords):
|
||||||
|
issues_byte_array = [False] * 6
|
||||||
|
|
||||||
|
for machine in issues:
|
||||||
|
for issue in issues[machine]:
|
||||||
|
if issue['type'] == 'elastic':
|
||||||
|
issues_byte_array[ReportService.ISSUES_DICT.ELASTIC] = True
|
||||||
|
elif issue['type'] == 'sambacry':
|
||||||
|
issues_byte_array[ReportService.ISSUES_DICT.SAMBACRY] = True
|
||||||
|
elif issue['type'] == 'shellshock':
|
||||||
|
issues_byte_array[ReportService.ISSUES_DICT.SHELLSHOCK] = True
|
||||||
|
elif issue['type'] == 'conficker':
|
||||||
|
issues_byte_array[ReportService.ISSUES_DICT.CONFICKER] = True
|
||||||
|
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
|
||||||
|
issue['username'] in config_users:
|
||||||
|
issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD] = True
|
||||||
|
elif issue['type'].endswith('_pth') or issue['type'].endswith('_password'):
|
||||||
|
issues_byte_array[ReportService.ISSUES_DICT.STOLEN_CREDS] = True
|
||||||
|
|
||||||
|
return issues_byte_array
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_warnings_overview(issues):
|
||||||
|
warnings_byte_array = [False] * 2
|
||||||
|
|
||||||
|
for machine in issues:
|
||||||
|
for issue in issues[machine]:
|
||||||
|
if issue['type'] == 'cross_segment':
|
||||||
|
warnings_byte_array[ReportService.WARNINGS_DICT.CROSS_SEGMENT] = True
|
||||||
|
elif issue['type'] == 'tunnel':
|
||||||
|
warnings_byte_array[ReportService.WARNINGS_DICT.TUNNEL] = True
|
||||||
|
|
||||||
|
return warnings_byte_array
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report():
|
def get_report():
|
||||||
|
issues = ReportService.get_issues()
|
||||||
|
config_users = ReportService.get_config_users()
|
||||||
|
config_passwords = ReportService.get_config_passwords()
|
||||||
|
|
||||||
return \
|
return \
|
||||||
{
|
{
|
||||||
'overview':
|
'overview':
|
||||||
{
|
{
|
||||||
'manual_monkeys': ReportService.get_manual_monkeys(),
|
'manual_monkeys': ReportService.get_manual_monkeys(),
|
||||||
'config_users': ReportService.get_config_users(),
|
'config_users': config_users,
|
||||||
'config_passwords': ReportService.get_config_passwords(),
|
'config_passwords': config_passwords,
|
||||||
'config_exploits': ReportService.get_config_exploits(),
|
'config_exploits': ReportService.get_config_exploits(),
|
||||||
'config_ips': ReportService.get_config_ips(),
|
'config_ips': ReportService.get_config_ips(),
|
||||||
'config_scan': ReportService.get_config_scan(),
|
'config_scan': ReportService.get_config_scan(),
|
||||||
'monkey_start_time': ReportService.get_first_monkey_time().strftime("%d/%m/%Y %H:%M:%S"),
|
'monkey_start_time': ReportService.get_first_monkey_time().strftime("%d/%m/%Y %H:%M:%S"),
|
||||||
'monkey_duration': ReportService.get_monkey_duration(),
|
'monkey_duration': ReportService.get_monkey_duration(),
|
||||||
'issues': [False, True, True, True, False, True],
|
'issues': ReportService.get_issues_overview(issues, config_users, config_passwords),
|
||||||
'warnings': [True, True]
|
'warnings': ReportService.get_warnings_overview(issues)
|
||||||
},
|
},
|
||||||
'glance':
|
'glance':
|
||||||
{
|
{
|
||||||
|
@ -340,7 +392,7 @@ class ReportService:
|
||||||
},
|
},
|
||||||
'recommendations':
|
'recommendations':
|
||||||
{
|
{
|
||||||
'issues': ReportService.get_issues()
|
'issues': issues
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -498,46 +498,70 @@ class ReportPageComponent extends React.Component {
|
||||||
<h3>
|
<h3>
|
||||||
Immediate Threats
|
Immediate Threats
|
||||||
</h3>
|
</h3>
|
||||||
During this simulated attack the Monkey uncovered <span
|
{
|
||||||
className="label label-warning">{this.state.report.overview.issues.filter(function (x) {
|
this.state.report.overview.issues.filter(function (x) {
|
||||||
return x === true;
|
return x === true;
|
||||||
}).length} issues</span>:
|
}).length > 0 ?
|
||||||
<ul>
|
<div>
|
||||||
{this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ?
|
During this simulated attack the Monkey uncovered <span
|
||||||
<li>Users with weak passwords.</li> : null}
|
className="label label-warning">
|
||||||
{this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ?
|
{this.state.report.overview.issues.filter(function (x) {
|
||||||
<li>Stolen credentials were used to exploit other machines.</li> : null}
|
return x === true;
|
||||||
{this.state.report.overview.issues[this.Issue.ELASTIC] ?
|
}).length} issues</span>:
|
||||||
<li>Elastic Search servers not patched for <a
|
<ul>
|
||||||
href="https://www.cvedetails.com/cve/cve-2015-1427">CVE-2015-1427</a>.
|
{this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ?
|
||||||
</li> : null}
|
<li>Users with passwords supplied in config.</li> : null}
|
||||||
{this.state.report.overview.issues[this.Issue.SAMBACRY] ?
|
{this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ?
|
||||||
<li>Samba servers not patched for ‘SambaCry’ (<a
|
<li>Stolen credentials were used to exploit other machines.</li> : null}
|
||||||
href="https://www.samba.org/samba/security/CVE-2017-7494.html"
|
{this.state.report.overview.issues[this.Issue.ELASTIC] ?
|
||||||
>CVE-2017-7494</a>).</li> : null}
|
<li>Elastic Search servers not patched for <a
|
||||||
{this.state.report.overview.issues[this.Issue.SHELLSHOCK] ?
|
href="https://www.cvedetails.com/cve/cve-2015-1427">CVE-2015-1427</a>.
|
||||||
<li>Machines not patched for the ‘Shellshock’ (<a
|
</li> : null}
|
||||||
href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>).
|
{this.state.report.overview.issues[this.Issue.SAMBACRY] ?
|
||||||
</li> : null}
|
<li>Samba servers not patched for ‘SambaCry’ (<a
|
||||||
{this.state.report.overview.issues[this.Issue.CONFICKER] ?
|
href="https://www.samba.org/samba/security/CVE-2017-7494.html"
|
||||||
<li>Machines not patched for the ‘Conficker’ (<a
|
>CVE-2017-7494</a>).</li> : null}
|
||||||
href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067"
|
{this.state.report.overview.issues[this.Issue.SHELLSHOCK] ?
|
||||||
>MS08-067</a>).</li> : null}
|
<li>Machines not patched for the ‘Shellshock’ (<a
|
||||||
</ul>
|
href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>).
|
||||||
|
</li> : null}
|
||||||
|
{this.state.report.overview.issues[this.Issue.CONFICKER] ?
|
||||||
|
<li>Machines not patched for the ‘Conficker’ (<a
|
||||||
|
href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067"
|
||||||
|
>MS08-067</a>).</li> : null}
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
:
|
||||||
|
<div>
|
||||||
|
During this simulated attack the Monkey uncovered <span
|
||||||
|
className="label label-success">0 issues</span>.
|
||||||
|
</div>
|
||||||
|
}
|
||||||
</div>
|
</div>
|
||||||
<div>
|
<div>
|
||||||
<h3>
|
<h3>
|
||||||
Security Issues
|
Security Issues
|
||||||
</h3>
|
</h3>
|
||||||
The monkey uncovered the following possible set of issues:
|
{
|
||||||
<ul>
|
this.state.report.overview.warnings.filter(function (x) {
|
||||||
{this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ?
|
return x === true;
|
||||||
<li>Possible cross segment traffic. Infected machines could communicate with the
|
}).length > 0 ?
|
||||||
Monkey Island despite crossing segment boundaries using unused ports.</li> : null}
|
<div>
|
||||||
{this.state.report.overview.warnings[this.Warning.TUNNEL] ?
|
The monkey uncovered the following possible set of issues:
|
||||||
<li>Lack of Micro-segmentation, machines successfully tunneled monkey activity
|
<ul>
|
||||||
using unused ports.</li> : null}
|
{this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ?
|
||||||
</ul>
|
<li>Possible cross segment traffic. Infected machines could communicate with the
|
||||||
|
Monkey Island despite crossing segment boundaries using unused ports.</li> : null}
|
||||||
|
{this.state.report.overview.warnings[this.Warning.TUNNEL] ?
|
||||||
|
<li>Lack of Micro-segmentation, machines successfully tunneled monkey activity
|
||||||
|
using unused ports.</li> : null}
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
:
|
||||||
|
<div>
|
||||||
|
The monkey did not find any issues.
|
||||||
|
</div>
|
||||||
|
}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div id="recommendations">
|
<div id="recommendations">
|
||||||
|
|
Loading…
Reference in New Issue