p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Fixed CR Comment - exported sensitive fields

This commit is contained in:
Shay Nehmad 2019-07-29 10:15:27 +03:00
parent 8d5c90faa4
commit bb8e9f5192
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
monkey/infection_monkey/config.py
View File

@ -13,9 +13,11 @@ GUID = str(uuid.getnode())
EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin') EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
SENSITIVE_FIELDS = ["exploit_password_list", "exploit_user_list"]
HIDDEN_FIELD_REPLACEMENT_CONTENT = "hidden"
class Configuration(object): class Configuration(object):
def from_kv(self, formatted_data): def from_kv(self, formatted_data):
# now we won't work at <2.7 for sure # now we won't work at <2.7 for sure
network_import = importlib.import_module('infection_monkey.network') network_import = importlib.import_module('infection_monkey.network')
@ -54,9 +56,9 @@ class Configuration(object):
return result return result
@staticmethod @staticmethod
def filter_sensitive_info(config_dict): def hide_sensitive_info(config_dict):
config_dict["exploit_password_list"] = ["~REDACTED~"] for field in SENSITIVE_FIELDS:
config_dict["exploit_user_list"] = ["~REDACTED~"] config_dict[field] = HIDDEN_FIELD_REPLACEMENT_CONTENT
return config_dict return config_dict
def as_dict(self): def as_dict(self):
@ -180,7 +182,7 @@ class Configuration(object):
# TCP Scanner # TCP Scanner
HTTP_PORTS = [80, 8080, 443, HTTP_PORTS = [80, 8080, 443,
8008, # HTTP alternate 8008, # HTTP alternate
7001 # Oracle Weblogic default server port 7001 # Oracle Weblogic default server port
] ]
tcp_target_ports = [22, tcp_target_ports = [22,

2
monkey/infection_monkey/control.py
View File

@ -169,7 +169,7 @@ class ControlClient(object):
try: try:
unknown_variables = WormConfiguration.from_kv(reply.json().get('config')) unknown_variables = WormConfiguration.from_kv(reply.json().get('config'))
LOG.info("New configuration was loaded from server: %r" % LOG.info("New configuration was loaded from server: %r" %
(WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()),)) (WormConfiguration.hide_sensitive_info(WormConfiguration.as_dict()),))
except Exception as exc: except Exception as exc:
# we don't continue with default conf here because it might be dangerous # we don't continue with default conf here because it might be dangerous
LOG.error("Error parsing JSON reply from control server %s (%s): %s", LOG.error("Error parsing JSON reply from control server %s (%s): %s",

2
monkey/infection_monkey/main.py
View File

@ -68,7 +68,7 @@ def main():
else: else:
print("Config file wasn't supplied and default path: %s wasn't found, using internal default" % (config_file,)) print("Config file wasn't supplied and default path: %s wasn't found, using internal default" % (config_file,))
print("Loaded Configuration: %r" % WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict())) print("Loaded Configuration: %r" % WormConfiguration.hide_sensitive_info(WormConfiguration.as_dict()))
# Make sure we're not in a machine that has the kill file # Make sure we're not in a machine that has the kill file
kill_path = os.path.expandvars( kill_path = os.path.expandvars(