From 861750be5bbba2cc75baaac3f26e69a9dae8c02f Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 9 May 2019 12:23:44 +0300 Subject: [PATCH] Struts2 ignores certificate errors, updated schema --- monkey/infection_monkey/exploit/struts2.py | 3 ++- monkey/monkey_island/cc/services/config_schema.py | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/exploit/struts2.py b/monkey/infection_monkey/exploit/struts2.py index 18f3d3a7e..b32ab1e6f 100644 --- a/monkey/infection_monkey/exploit/struts2.py +++ b/monkey/infection_monkey/exploit/struts2.py @@ -7,6 +7,7 @@ import urllib2 import httplib import unicodedata import re +import ssl import logging from infection_monkey.exploit.web_rce import WebRCE @@ -47,7 +48,7 @@ class Struts2Exploiter(WebRCE): headers = {'User-Agent': 'Mozilla/5.0'} request = urllib2.Request(url, headers=headers) try: - return urllib2.urlopen(request).geturl() + return urllib2.urlopen(request, context=ssl._create_unverified_context()).geturl() except urllib2.URLError: LOG.error("Can't reach struts2 server") return False diff --git a/monkey/monkey_island/cc/services/config_schema.py b/monkey/monkey_island/cc/services/config_schema.py index 382b591db..7b6f4f8e5 100644 --- a/monkey/monkey_island/cc/services/config_schema.py +++ b/monkey/monkey_island/cc/services/config_schema.py @@ -250,8 +250,9 @@ SCHEMA = { "default": [ ], "description": - "List of IPs/subnets the monkey should scan." - " Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\"" + "List of IPs/subnets/hosts the monkey should scan." + " Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\"," + " \"printer.example\"" } } },