p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Merge pull request #243 from guardicore/feature/scan_with_ping 

Search for new machines using ICMP and not just port scan
This commit is contained in:
Daniel Goldberg 2019-01-26 20:13:46 +02:00 committed by GitHub
parent 10c88c0a41 53228e8cea
commit b74965c285
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 11 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
monkey/infection_monkey/config.py
View File

@ -135,7 +135,6 @@ class Configuration(object):
# how many scan iterations to perform on each run # how many scan iterations to perform on each run
max_iterations = 1 max_iterations = 1
scanner_class = None
finger_classes = [] finger_classes = []
exploiter_classes = [] exploiter_classes = []

1
monkey/infection_monkey/example.conf
View File

@ -65,7 +65,6 @@
"smb_download_timeout": 300, "smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey", "smb_service_name": "InfectionMonkey",
"retry_failed_explotation": true, "retry_failed_explotation": true,
"scanner_class": "TcpScanner",
"self_delete_in_cleanup": true, "self_delete_in_cleanup": true,
"serialize_config": false, "serialize_config": false,
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",

5
monkey/infection_monkey/monkey.py
View File

@ -133,8 +133,7 @@ class InfectionMonkey(object):
if not self._keep_running or not WormConfiguration.alive: if not self._keep_running or not WormConfiguration.alive:
break break
machines = self._network.get_victim_machines(WormConfiguration.scanner_class, machines = self._network.get_victim_machines(max_find=WormConfiguration.victims_max_find,
max_find=WormConfiguration.victims_max_find,
stop_callback=ControlClient.check_for_stop) stop_callback=ControlClient.check_for_stop)
is_empty = True is_empty = True
for machine in machines: for machine in machines:
@ -148,7 +147,7 @@ class InfectionMonkey(object):
finger.get_host_fingerprint(machine) finger.get_host_fingerprint(machine)
ControlClient.send_telemetry('scan', {'machine': machine.as_dict(), ControlClient.send_telemetry('scan', {'machine': machine.as_dict(),
'scanner': WormConfiguration.scanner_class.__name__}) })
# skip machines that we've already exploited # skip machines that we've already exploited
if machine in self._exploited_machines: if machine in self._exploited_machines:

13
monkey/infection_monkey/network/network_scanner.py
View File

@ -6,7 +6,7 @@ from infection_monkey.config import WormConfiguration
from infection_monkey.network.info import local_ips, get_interfaces_ranges from infection_monkey.network.info import local_ips, get_interfaces_ranges
from infection_monkey.model import VictimHost from infection_monkey.model import VictimHost
from infection_monkey.network import HostScanner from infection_monkey.network import HostScanner
from infection_monkey.network import TcpScanner, PingScanner
__author__ = 'itamar' __author__ = 'itamar'
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -62,7 +62,7 @@ class NetworkScanner(object):
return subnets_to_scan return subnets_to_scan
def get_victim_machines(self, scan_type, max_find=5, stop_callback=None): def get_victim_machines(self, max_find=5, stop_callback=None):
""" """
Finds machines according to the ranges specified in the object Finds machines according to the ranges specified in the object
:param scan_type: A hostscanner class, will be instanced and used to scan for new machines :param scan_type: A hostscanner class, will be instanced and used to scan for new machines
@ -70,10 +70,9 @@ class NetworkScanner(object):
:param stop_callback: A callback to check at any point if we should stop scanning :param stop_callback: A callback to check at any point if we should stop scanning
:return: yields a sequence of VictimHost instances :return: yields a sequence of VictimHost instances
""" """
if not scan_type:
return
scanner = scan_type() TCPscan = TcpScanner()
Pinger = PingScanner()
victims_count = 0 victims_count = 0
for net_range in self._ranges: for net_range in self._ranges:
@ -94,9 +93,11 @@ class NetworkScanner(object):
continue continue
LOG.debug("Scanning %r...", victim) LOG.debug("Scanning %r...", victim)
pingAlive = Pinger.is_host_alive(victim)
tcpAlive = TCPscan.is_host_alive(victim)
# if scanner detect machine is up, add it to victims list # if scanner detect machine is up, add it to victims list
if scanner.is_host_alive(victim): if pingAlive or tcpAlive:
LOG.debug("Found potential victim: %r", victim) LOG.debug("Found potential victim: %r", victim)
victims_count += 1 victims_count += 1
yield victim yield victim

4
monkey/infection_monkey/network/ping_scanner.py
View File

@ -59,9 +59,9 @@ class PingScanner(HostScanner, HostFinger):
if regex_result: if regex_result:
try: try:
ttl = int(regex_result.group(0)) ttl = int(regex_result.group(0))
if LINUX_TTL == ttl: if ttl <= LINUX_TTL:
host.os['type'] = 'linux' host.os['type'] = 'linux'
elif WINDOWS_TTL == ttl: else: # as far we we know, could also be OSX/BSD but lets handle that when it comes up.
host.os['type'] = 'windows' host.os['type'] = 'windows'
return True return True
except Exception as exc: except Exception as exc:

12
monkey/monkey_island/cc/services/config_schema.py
View File

@ -431,18 +431,6 @@ SCHEMA = {
"title": "Classes", "title": "Classes",
"type": "object", "type": "object",
"properties": { "properties": {
"scanner_class": {
"title": "Scanner class",
"type": "string",
"default": "TcpScanner",
"enum": [
"TcpScanner"
],
"enumNames": [
"TcpScanner"
],
"description": "Determines class to scan for machines. (Shouldn't be changed)"
},
"finger_classes": { "finger_classes": {
"title": "Fingerprint classes", "title": "Fingerprint classes",
"type": "array", "type": "array",