Merge pull request #848 from guardicore/519/scoutsuite-integration

519/scoutsuite integration
This commit is contained in:
VakarisZ 2021-02-19 08:08:40 +02:00 committed by GitHub
commit c698e0ab66
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
348 changed files with 4940 additions and 2317 deletions

4
.gitmodules vendored
View File

@ -1,7 +1,9 @@
[submodule "monkey/monkey_island/cc/services/attack/attack_data"] [submodule "monkey/monkey_island/cc/services/attack/attack_data"]
path = monkey/monkey_island/cc/services/attack/attack_data path = monkey/monkey_island/cc/services/attack/attack_data
url = https://github.com/guardicore/cti url = https://github.com/guardicore/cti
[submodule "docs/themes/learn"] [submodule "docs/themes/learn"]
path = docs/themes/learn path = docs/themes/learn
url = https://github.com/guardicode/hugo-theme-learn.git url = https://github.com/guardicode/hugo-theme-learn.git
[submodule "monkey/infection_monkey/system_info/collectors/scoutsuite"]
path = monkey/common/cloud/scoutsuite
url = https://github.com/guardicode/ScoutSuite.git

View File

@ -1,232 +1,200 @@
{ {
"id": "OwcKMnALpn7tuBaJY1US", "id": "OwcKMnALpn7tuBaJY1US",
"name": "Add a new System Info Collector", "name": "Add a new System Info Collector",
"task": {
"dod": "Add a system info collector that collects the machine hostname.", "dod": "Add a system info collector that collects the machine hostname.",
"description": "# What are system info collectors?\n\nWell, the name pretty much explains it. They are Monkey classes which collect various information regarding the victim system, such as Environment, SSH Info, Process List, Netstat and more. \n\n## What should I add? \n\nA system info collector which collects the hostname of the system.\n\n## Test manually\n\nOnce you're done, make sure that your collector:\n* Appears in the Island configuration, and is enabled by default\n* The collector actually runs when executing a Monkey.\n* Results show up in the relevant places:\n * The infection map.\n * The security report.\n * The relevant MITRE techniques.\n\n**There are a lot of hints for this unit - don't be afraid to use them!**",
"summary": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!",
"hunksOrder": [
"monkey/common/data/system_info_collectors_names.py_0",
"monkey/infection_monkey/system_info/collectors/hostname_collector.py_0",
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py_0",
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py_1",
"monkey/monkey_island/cc/services/config_schema/monkey.py_0",
"monkey/monkey_island/cc/services/config_schema/monkey.py_1",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py_0",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py_0",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py_1"
],
"tests": [], "tests": [],
"hints": [ "hints": [
"First thing you should do is take a look at a different collector (like EnvironmentCollector) and 100% understand how it runs, how results are relayed back to the server, and how the server processes the data.", "First thing you should do is take a look at a different collector (like EnvironmentCollector) and 100% understand how it runs, how results are relayed back to the server, and how the server processes the data.",
"Try to run \"socket.getfqdn()\".", "Try to run \"socket.getfqdn()\".",
"Take a look at SystemInfoCollector - that's the base class you'll need to implement.", "Take a look at SystemInfoCollector - that's the base class you'll need to implement.",
"Make sure you add the new collector to the configuration in all relevant places, including making it ON by default!" "Make sure you add the new collector to the configuration in all relevant places, including making it ON by default!"
], ]
"play_mode": "all",
"swimmPatch": {
"monkey/common/data/system_info_collectors_names.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/common/data/system_info_collectors_names.py b/monkey/common/data/system_info_collectors_names.py\nindex 175a054e..3b478dc9 100644\n--- a/monkey/common/data/system_info_collectors_names.py\n+++ b/monkey/common/data/system_info_collectors_names.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
}, },
"hunkDiffLines": [ "content": [
"@@ -1,5 +1,5 @@", {
"type": "text",
"text": "# What are system info collectors?\n\nWell, the name pretty much explains it. They are Monkey classes which collect various information regarding the victim system, such as Environment, SSH Info, Process List, Netstat and more. \n\n## What should I add? \n\nA system info collector which collects the hostname of the system.\n\n## Test manually\n\nOnce you're done, make sure that your collector:\n* Appears in the Island configuration, and is enabled by default\n* The collector actually runs when executing a Monkey.\n* Results show up in the relevant places:\n * The infection map.\n * The security report.\n * The relevant MITRE techniques.\n\n**There are a lot of hints for this unit - don't be afraid to use them!**"
},
{
"type": "snippet",
"path": "monkey/common/common_consts/system_info_collectors_names.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" AWS_COLLECTOR = \"AwsCollector\"", " AWS_COLLECTOR = \"AwsCollector\"",
"-HOSTNAME_COLLECTOR = \"HostnameCollector\"", "*HOSTNAME_COLLECTOR = \"HostnameCollector\"",
"+# SWIMMER: Collector name goes here.", "+# SWIMMER: Collector name goes here.",
" ENVIRONMENT_COLLECTOR = \"EnvironmentCollector\"", " ENVIRONMENT_COLLECTOR = \"EnvironmentCollector\"",
" PROCESS_LIST_COLLECTOR = \"ProcessListCollector\"", " PROCESS_LIST_COLLECTOR = \"ProcessListCollector\"",
" MIMIKATZ_COLLECTOR = \"MimikatzCollector\"" " MIMIKATZ_COLLECTOR = \"MimikatzCollector\""
] ]
}
]
}, },
"monkey/infection_monkey/system_info/collectors/hostname_collector.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/infection_monkey/system_info/collectors/hostname_collector.py b/monkey/infection_monkey/system_info/collectors/hostname_collector.py\nindex ae956081..bdeb5033 100644\n--- a/monkey/infection_monkey/system_info/collectors/hostname_collector.py\n+++ b/monkey/infection_monkey/system_info/collectors/hostname_collector.py",
"hunks": [
{ {
"swimmHunkMetadata": { "type": "snippet",
"hunkComments": [] "path": "monkey/infection_monkey/system_info/collectors/hostname_collector.py",
}, "comments": [],
"hunkDiffLines": [ "firstLineNumber": 1,
"@@ -1,16 +1,5 @@", "lines": [
" import logging", " import logging",
"-import socket", "*import socket",
"-", "*",
"-from common.data.system_info_collectors_names import HOSTNAME_COLLECTOR", "*from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR",
"-from infection_monkey.system_info.system_info_collector import \\", "*from infection_monkey.system_info.system_info_collector import SystemInfoCollector",
"- SystemInfoCollector",
" ", " ",
" logger = logging.getLogger(__name__)", " logger = logging.getLogger(__name__)",
" ", " ",
"-", "*",
"+# SWIMMER: The collector class goes here.", "+# SWIMMER: The collector class goes here.",
"-class HostnameCollector(SystemInfoCollector):", "*class HostnameCollector(SystemInfoCollector):",
"- def __init__(self):", "* def __init__(self):",
"- super().__init__(name=HOSTNAME_COLLECTOR)", "* super().__init__(name=HOSTNAME_COLLECTOR)",
"-", "*",
"- def collect(self) -> dict:", "* def collect(self) -> dict:",
"- return {\"hostname\": socket.getfqdn()}" "* return {\"hostname\": socket.getfqdn()}"
]
}
]
},
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py\nindex 174133f4..de961fbd 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,7 +1,6 @@",
" from common.data.system_info_collectors_names import (AWS_COLLECTOR,",
" AZURE_CRED_COLLECTOR,",
" ENVIRONMENT_COLLECTOR,",
"- HOSTNAME_COLLECTOR,",
" MIMIKATZ_COLLECTOR,",
" PROCESS_LIST_COLLECTOR)",
" "
] ]
}, },
{ {
"swimmHunkMetadata": { "type": "snippet",
"hunkComments": [] "path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,\r",
"* ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)\r",
" \r",
" SYSTEM_INFO_COLLECTOR_CLASSES = {\r"
]
}, },
"hunkDiffLines": [ {
"@@ -40,16 +39,7 @@", "type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
"comments": [],
"firstLineNumber": 37,
"lines": [
" \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",", " \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",",
" \"attack_techniques\": [\"T1082\"]", " \"attack_techniques\": [\"T1082\"]",
" },", " },",
"- {", "* {",
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.", "+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
"- \"type\": \"string\",", "* \"type\": \"string\",",
"- \"enum\": [", "* \"enum\": [",
"- HOSTNAME_COLLECTOR", "* HOSTNAME_COLLECTOR",
"- ],", "* ],",
"- \"title\": \"Hostname collector\",", "* \"title\": \"Hostname collector\",",
"- \"safe\": True,", "* \"safe\": True,",
"- \"info\": \"Collects machine's hostname.\",", "* \"info\": \"Collects machine's hostname.\",",
"- \"attack_techniques\": [\"T1082\", \"T1016\"]", "* \"attack_techniques\": [\"T1082\", \"T1016\"]",
"- },", "* },",
" {", " {",
" \"type\": \"string\",", " \"type\": \"string\",",
" \"enum\": [" " \"enum\": ["
] ]
}
]
}, },
"monkey/monkey_island/cc/services/config_schema/monkey.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py\nindex b47d6a15..1b1962a4 100644\n--- a/monkey/monkey_island/cc/services/config_schema/monkey.py\n+++ b/monkey/monkey_island/cc/services/config_schema/monkey.py",
"hunks": [
{ {
"swimmHunkMetadata": { "type": "snippet",
"hunkComments": [] "path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
}, "comments": [],
"hunkDiffLines": [ "firstLineNumber": 1,
"@@ -1,7 +1,6 @@", "lines": [
" from common.data.system_info_collectors_names import (AWS_COLLECTOR,", " from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,",
" AZURE_CRED_COLLECTOR,", " ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,",
" ENVIRONMENT_COLLECTOR,", " MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)",
"- HOSTNAME_COLLECTOR,", "* HOSTNAME_COLLECTOR,",
" MIMIKATZ_COLLECTOR,", " MONKEY = {",
" PROCESS_LIST_COLLECTOR)", " \"title\": \"Monkey\",",
" " " \"type\": \"object\","
] ]
}, },
{ {
"swimmHunkMetadata": { "type": "snippet",
"hunkComments": [] "path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
}, "comments": [],
"hunkDiffLines": [ "firstLineNumber": 85,
"@@ -88,7 +87,6 @@", "lines": [
" \"default\": [", " \"default\": [",
" ENVIRONMENT_COLLECTOR,", " ENVIRONMENT_COLLECTOR,",
" AWS_COLLECTOR,", " AWS_COLLECTOR,",
"- HOSTNAME_COLLECTOR,", "* HOSTNAME_COLLECTOR,",
" PROCESS_LIST_COLLECTOR,", " PROCESS_LIST_COLLECTOR,",
" MIMIKATZ_COLLECTOR,", " MIMIKATZ_COLLECTOR,",
" AZURE_CRED_COLLECTOR" " AZURE_CRED_COLLECTOR"
] ]
}
]
}, },
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py\nindex e2de4519..04bc3556 100644\n--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py\n+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py",
"hunks": [
{ {
"swimmHunkMetadata": { "type": "snippet",
"hunkComments": [] "path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py",
}, "comments": [],
"hunkDiffLines": [ "firstLineNumber": 1,
"@@ -1,9 +1,9 @@", "lines": [
" import logging", " import logging",
" ", " ",
"-from monkey_island.cc.models.monkey import Monkey", "*from monkey_island.cc.models.monkey import Monkey",
"+# SWIMMER: This will be useful :) monkey_island.cc.models.monkey.Monkey has the useful", "+# SWIMMER: This will be useful :) monkey_island.cc.models.monkey.Monkey has the useful",
"+# \"get_single_monkey_by_guid\" and \"set_hostname\" methods.", "+# \"get_single_monkey_by_guid\" and \"set_hostname\" methods.",
" ", " ",
" logger = logging.getLogger(__name__)", " logger = logging.getLogger(__name__)",
" ", " ",
" ", " ",
"-def process_hostname_telemetry(collector_results, monkey_guid):", "*def process_hostname_telemetry(collector_results, monkey_guid):",
"+# SWIMMER: Processing function goes here.", "+# SWIMMER: Processing function goes here.",
"- Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results[\"hostname\"])" "* Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results[\"hostname\"])"
]
}
]
},
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py\nindex 639a392c..7aa6d3a6 100644\n--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py\n+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -3,14 +3,11 @@",
" ",
" from common.data.system_info_collectors_names import (AWS_COLLECTOR,",
" ENVIRONMENT_COLLECTOR,",
"- HOSTNAME_COLLECTOR,",
" PROCESS_LIST_COLLECTOR)",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import \\",
" process_aws_telemetry",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\",
" process_environment_telemetry",
"-from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import \\",
"- process_hostname_telemetry",
" from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import \\",
" test_antivirus_existence",
" "
] ]
}, },
{ {
"swimmHunkMetadata": { "type": "snippet",
"hunkComments": [] "path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" import logging\r",
" import typing\r",
" \r",
"*from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
" PROCESS_LIST_COLLECTOR)\r",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r"
]
}, },
"hunkDiffLines": [ {
"@@ -19,7 +16,6 @@", "type": "snippet",
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"comments": [],
"firstLineNumber": 14,
"lines": [
" SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {", " SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {",
" AWS_COLLECTOR: [process_aws_telemetry],", " AWS_COLLECTOR: [process_aws_telemetry],",
" ENVIRONMENT_COLLECTOR: [process_environment_telemetry],", " ENVIRONMENT_COLLECTOR: [process_environment_telemetry],",
"- HOSTNAME_COLLECTOR: [process_hostname_telemetry],", "* HOSTNAME_COLLECTOR: [process_hostname_telemetry],",
" PROCESS_LIST_COLLECTOR: [test_antivirus_existence]", " PROCESS_LIST_COLLECTOR: [check_antivirus_existence]",
" }", " }",
" " " "
] ]
}
]
}
}, },
"app_version": "0.3.5-1", {
"file_version": "1.0.4" "type": "snippet",
"lines": [
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r",
" process_environment_telemetry\r",
"*from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import process_hostname_telemetry\r",
" from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import check_antivirus_existence\r",
" \r",
" logger = logging.getLogger(__name__)\r"
],
"firstLineNumber": 6,
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"comments": []
},
{
"type": "text",
"text": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!"
}
],
"file_version": "2.0.0",
"meta": {
"app_version": "0.3.7-0",
"file_blobs": {}
}
} }

View File

@ -1,147 +1,121 @@
{ {
"id": "tbxb2cGgUiJQ8Btma0fp", "id": "tbxb2cGgUiJQ8Btma0fp",
"name": "Add a simple Post Breach action", "name": "Add a simple Post Breach action",
"task": {
"dod": "You should add a new PBA to the Monkey which creates a new user on the machine.", "dod": "You should add a new PBA to the Monkey which creates a new user on the machine.",
"description": "Read [our documentation about adding a new PBA](https://www.guardicore.com/infectionmonkey/docs/development/adding-post-breach-actions/).\n\nAfter that we want you to add the BackdoorUser PBA. The commands that add users for Win and Linux can be retrieved from `get_commands_to_add_user` - make sure you see how to use this function correctly. \n\nNote that the PBA should impact the T1136 MITRE technique as well! \n\n# Manual test to confirm\n\n1. Run the Monkey Island\n2. Make sure your new PBA is enabled by default in the config - for this test, disable network scanning, exploiting, and all other PBAs\n3. Run Monkey\n4. See the PBA in the security report\n5, See the PBA in the MITRE report in the relevant technique\n",
"summary": "Take a look at the configuration of the island again - see the \"command to run after breach\" option we offer the user? It's implemented exactly like you did right now but each user can do it for themselves. \n\nHowever, what if the PBA needs to do stuff which is more complex than just running a few commands? In that case... ",
"hunksOrder": [
"monkey/common/data/post_breach_consts.py_0",
"monkey/infection_monkey/post_breach/actions/add_user.py_0",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_0",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_1",
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0"
],
"tests": [], "tests": [],
"hints": [ "hints": [
"See `ScheduleJobs` PBA for an example of a PBA which only uses shell commands.", "See `ScheduleJobs` PBA for an example of a PBA which only uses shell commands.",
"Make sure to add the PBA to the configuration as well.", "Make sure to add the PBA to the configuration as well.",
"MITRE ATT&CK technique T1136 articulates that adversaries may create an account to maintain access to victim systems, therefore, the BackdoorUser PBA is relevant to it. Make sure to map this PBA to the MITRE ATT&CK configuration and report." "MITRE ATT&CK technique T1136 articulates that adversaries may create an account to maintain access to victim systems, therefore, the BackdoorUser PBA is relevant to it. Make sure to map this PBA to the MITRE ATT&CK configuration and report."
], ]
"play_mode": "all",
"swimmPatch": {
"monkey/common/data/post_breach_consts.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/common/data/post_breach_consts.py b/monkey/common/data/post_breach_consts.py\nindex 25e6679c..05980288 100644\n--- a/monkey/common/data/post_breach_consts.py\n+++ b/monkey/common/data/post_breach_consts.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
}, },
"hunkDiffLines": [ "content": [
"@@ -1,5 +1,5 @@", {
"type": "text",
"text": "Read [our documentation about adding a new PBA](https://www.guardicore.com/infectionmonkey/docs/development/adding-post-breach-actions/).\n\nAfter that we want you to add the BackdoorUser PBA. The commands that add users for Win and Linux can be retrieved from `get_commands_to_add_user` - make sure you see how to use this function correctly. \n\nNote that the PBA should impact the T1136 MITRE technique as well! \n\n# Manual test to confirm\n\n1. Run the Monkey Island\n2. Make sure your new PBA is enabled by default in the config - for this test, disable network scanning, exploiting, and all other PBAs\n3. Run Monkey\n4. See the PBA in the security report\n5, See the PBA in the MITRE report in the relevant technique\n"
},
{
"type": "snippet",
"path": "monkey/common/common_consts/post_breach_consts.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
" POST_BREACH_COMMUNICATE_AS_NEW_USER = \"Communicate as new user\"", " POST_BREACH_COMMUNICATE_AS_NEW_USER = \"Communicate as new user\"",
"-POST_BREACH_BACKDOOR_USER = \"Backdoor user\"", "*POST_BREACH_BACKDOOR_USER = \"Backdoor user\"",
"+# Swimmer: PUT THE NEW CONST HERE!", "+# Swimmer: PUT THE NEW CONST HERE!",
" POST_BREACH_FILE_EXECUTION = \"File execution\"", " POST_BREACH_FILE_EXECUTION = \"File execution\"",
" POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = \"Modify shell startup file\"", " POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = \"Modify shell startup file\"",
" POST_BREACH_HIDDEN_FILES = \"Hide files and directories\"" " POST_BREACH_HIDDEN_FILES = \"Hide files and directories\""
] ]
}
]
}, },
"monkey/infection_monkey/post_breach/actions/add_user.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py\nindex 58be89a1..d8476a97 100644\n--- a/monkey/infection_monkey/post_breach/actions/add_user.py\n+++ b/monkey/infection_monkey/post_breach/actions/add_user.py",
"hunks": [
{ {
"swimmHunkMetadata": { "type": "snippet",
"hunkComments": [] "path": "monkey/infection_monkey/post_breach/actions/add_user.py",
}, "comments": [],
"hunkDiffLines": [ "firstLineNumber": 1,
"@@ -1,15 +1,7 @@", "lines": [
"-from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER", "*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER",
"-from infection_monkey.config import WormConfiguration", "*from infection_monkey.config import WormConfiguration",
" from infection_monkey.post_breach.pba import PBA", " from infection_monkey.post_breach.pba import PBA",
" from infection_monkey.utils.users import get_commands_to_add_user", " from infection_monkey.utils.users import get_commands_to_add_user",
" ", " ",
" ", " ",
" class BackdoorUser(PBA):", " class BackdoorUser(PBA):",
" def __init__(self):", " def __init__(self):",
"- linux_cmds, windows_cmds = get_commands_to_add_user(", "* linux_cmds, windows_cmds = get_commands_to_add_user(",
"+ pass # Swimmer: Impl here!", "+ pass # Swimmer: Impl here!",
"- WormConfiguration.user_to_add,", "* WormConfiguration.user_to_add,",
"- WormConfiguration.remote_user_pass)", "* WormConfiguration.remote_user_pass)",
"- super(BackdoorUser, self).__init__(", "* super(BackdoorUser, self).__init__(",
"- POST_BREACH_BACKDOOR_USER,", "* POST_BREACH_BACKDOOR_USER,",
"- linux_cmd=' '.join(linux_cmds),", "* linux_cmd=' '.join(linux_cmds),",
"- windows_cmd=windows_cmds)" "* windows_cmd=windows_cmds)"
]
}
]
},
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\nindex 086a1c13..9f23bb8d 100644\n--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\n+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -1,5 +1,5 @@",
" from common.data.post_breach_consts import (",
"- POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER)",
"+ POST_BREACH_COMMUNICATE_AS_NEW_USER)",
" from monkey_island.cc.services.attack.technique_reports.pba_technique import \\",
" PostBreachTechnique",
" "
] ]
}, },
{ {
"swimmHunkMetadata": { "type": "snippet",
"hunkComments": [] "path": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
"comments": [],
"firstLineNumber": 1,
"lines": [
"*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER\r",
" from monkey_island.cc.services.attack.technique_reports.pba_technique import PostBreachTechnique\r",
" \r",
" __author__ = \"shreyamalviya\"\r"
]
}, },
"hunkDiffLines": [ {
"@@ -11,4 +11,4 @@", "type": "snippet",
"path": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
"comments": [],
"firstLineNumber": 9,
"lines": [
" unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"", " unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"",
" scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"", " scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"",
" used_msg = \"Monkey created a new user on the network's systems.\"", " used_msg = \"Monkey created a new user on the network's systems.\"",
"- pba_names = [POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER]", "* pba_names = [POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER]",
"+ pba_names = [POST_BREACH_COMMUNICATE_AS_NEW_USER]" "+ pba_names = [POST_BREACH_COMMUNICATE_AS_NEW_USER]"
] ]
}
]
}, },
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\nindex f1fe0f6f..39ebd33a 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"hunks": [
{ {
"swimmHunkMetadata": { "type": "snippet",
"hunkComments": [] "path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
}, "comments": [],
"hunkDiffLines": [ "firstLineNumber": 4,
"@@ -4,16 +4,7 @@", "lines": [
" \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",", " \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",",
" \"type\": \"string\",", " \"type\": \"string\",",
" \"anyOf\": [", " \"anyOf\": [",
"- {", "* {",
"+ # Swimmer: Add new PBA here to config!", "+ # Swimmer: Add new PBA here to config!",
"- \"type\": \"string\",", "* \"type\": \"string\",",
"- \"enum\": [", "* \"enum\": [",
"- \"BackdoorUser\"", "* \"BackdoorUser\"",
"- ],", "* ],",
"- \"title\": \"Back door user\",", "* \"title\": \"Back door user\",",
"- \"safe\": True,", "* \"safe\": True,",
"- \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",", "* \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",",
"- \"attack_techniques\": [\"T1136\"]", "* \"attack_techniques\": [\"T1136\"]",
"- },", "* },",
" {", " {",
" \"type\": \"string\",", " \"type\": \"string\",",
" \"enum\": [" " \"enum\": ["
] ]
}
]
}
}, },
"app_version": "0.3.5-1", {
"file_version": "1.0.4", "type": "text",
"hunksOrder": [ "text": "Take a look at the configuration of the island again - see the \"command to run after breach\" option we offer the user? It's implemented exactly like you did right now but each user can do it for themselves. \n\nHowever, what if the PBA needs to do stuff which is more complex than just running a few commands? In that case... "
"monkey/common/data/post_breach_consts.py_0", }
"monkey/infection_monkey/post_breach/actions/add_user.py_0", ],
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_0", "file_version": "2.0.0",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_1", "meta": {
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0" "app_version": "0.3.7-0",
], "file_blobs": {
"last_commit_sha_for_swimm_patch": "9d9e8168fb2c23367b9947273aa1a041687b3e2e" "monkey/common/common_consts/post_breach_consts.py": "25e6679cb1623aae1a732deb05cc011a452743e3",
"monkey/infection_monkey/post_breach/actions/add_user.py": "a85845840d9cb37529ad367e159cd9001929e759",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": "d9d86e08ea4aeb0a6bee3f483e4fea50ee6cd200",
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "857e80da477ab31dbc00ed0a3f1cd49b69b505fa"
}
}
} }

View File

@ -1,30 +1,44 @@
{ {
"id": "xYkxB76pK0peJj2tSxBJ", "id": "xYkxB76pK0peJj2tSxBJ",
"name": "Define what your new PBA does", "name": "Define what your new PBA does",
"dod": "WW91JTIwc2hvdWxkJTIwYWRkJTIwYSUyMG5ldyUyMFBCQSUyMGNvbnN0JTIwdGhhdCUyMGRlZmluZXMlMjB3aGF0JTIwdGhlJTIwUEJBJTIwZG9lcy4=", "task": {
"description": "VGhlJTIwbmFtZSUyMG9mJTIweW91ciUyMG5ldyUyMFBCQSUyMCh3aGljaCUyMGNyZWF0ZXMlMjBzY2hlZHVsZWQlMjBqb2JzJTIwb24lMjB0aGUlMjBtYWNoaW5lKSUyMHdpbGwlMjBiZSUyMHVzZWQlMjBpbiUyMGElMjBmZXclMjBwbGFjZXMlMkMlMjBpbmNsdWRpbmclMjB0aGUlMjByZXBvcnQuJTIwJTNDYnIlM0UlM0NiciUzRSUwQVlvdSUyMHNob3VsZCUyMGJyaWVmbHklMjBkZWZpbmUlMjB3aGF0JTIweW91ciUyMFBCQSUyMGRvZXMlMjBpbiUyMGElMjBjb25zdGFudCUyMHZhcmlhYmxlJTJDJTIwc3VjaCUyMHRoYXQlMjBpdCUyMGNhbiUyMGJlJTIwdXNlZCUyMGJ5JTIwYm90aCUyMHRoZSUyME1vbmtleSUyMGFuZCUyMHRoZSUyME1vbmtleSUyMElzbGFuZC4lMEElMEElMjMlMjMlMjBNYW51YWwlMjB0ZXN0JTIwJTIwJTBBT25jZSUyMHlvdSUyMHRoaW5rJTIweW91J3JlJTIwZG9uZS4uLiUwQS0lMjBSdW4lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMEEtJTIwTWFrZSUyMHN1cmUlMjB0aGUlMjAlMjJKb2IlMjBzY2hlZHVsaW5nJTIyJTIwUEJBJTIwaXMlMjBlbmFibGVkJTIwaW4lMjB0aGUlMjAlMjJNb25rZXklMjIlMjB0YWIlMjBpbiUyMHRoZSUyMGNvbmZpZ3VyYXRpb24lMjAlRTIlODAlOTQlMjBmb3IlMjB0aGlzJTIwdGVzdCUyQyUyMGRpc2FibGUlMjBuZXR3b3JrJTIwc2Nhbm5pbmclMkMlMjBleHBsb2l0aW5nJTJDJTIwYW5kJTIwYWxsJTIwb3RoZXIlMjBQQkFzJTBBLSUyMFJ1biUyMHRoZSUyME1vbmtleSUwQS0lMjBDaGVjayUyMHRoZSUyMFBCQSUyMHNlY3Rpb24lMjBpbiUyMHRoZSUyMFNlY3VyaXR5JTIwcmVwb3J0JTIwZm9yJTIwdGhlJTIwbmFtZSUyMHlvdSUyMGdhdmUlMjB0byUyMHRoZSUyMG5ldyUyMFBCQSUyMCUyMCUwQSUwQSUzQ2ltZyUyMHNyYyUzRCUyMmh0dHBzJTNBJTJGJTJGZmlyZWJhc2VzdG9yYWdlLmdvb2dsZWFwaXMuY29tJTJGdjAlMkZiJTJGc3dpbW1pby1jb250ZW50JTJGbyUyRnJlcG9zaXRvcmllcyUyNTJGNk5sYjk5TnRZNUZjM2JTZDhzdUglMjUyRmltZyUyNTJGZjBlNTNlNmMtOWRiZS00MWQ4LTk0NTQtMmI1NzYxYzNmNTNhLnBuZyUzRmFsdCUzRG1lZGlhJTI2dG9rZW4lM0QyMWFhNGJiOC03ZWJlLTRkYWItYTczOS1jNzdlMDU5MTQ0ZGQlMjIlMjBoZWlnaHQlM0Q0MDAlM0U=", "dod": "You should add a new PBA const that defines what the PBA does.",
"summary": "LSUyMFRoZSUyMG5hbWUlMjBkZWZpbmVkJTIwaGVyZSUyMGZvciUyMHlvdXIlMjBQQkElMjBjYW4lMjBiZSUyMHNlZW4lMjBvbiUyMHRoZSUyME1vbmtleSUyMElzbGFuZCUyMGluJTIwdGhlJTIwUEJBJTIwc2VjdGlvbiUyMGluJTIwdGhlJTIwU2VjdXJpdHklMjByZXBvcnQuJTBBLSUyMFRoZSUyMHJlc3VsdHMlMjBvZiUyMGVhY2glMjBQQkElMjBzdG9yZWQlMjBpbiUyMHRoZSUyMHRlbGVtZXRyeSUyMGFyZSUyMGFsc28lMjBpZGVudGlmaWVkJTIwYnklMjB0aGUlMjBzdHJpbmclMjBkZWZpbmVkJTIwaGVyZSUyMGZvciUyMHRoYXQlMjBQQkEu",
"diff": "ZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQWluZGV4JTIwMjVlNjY3OWMuLjQ2ZDgwMmRlJTIwMTAwNjQ0JTBBLS0tJTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQSU0MCU0MCUyMC01JTJDNyUyMCUyQjUlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfU0hFTExfU1RBUlRVUF9GSUxFX01PRElGSUNBVElPTiUyMCUzRCUyMCUyMk1vZGlmeSUyMHNoZWxsJTIwc3RhcnR1cCUyMGZpbGUlMjIlMEElMjBQT1NUX0JSRUFDSF9ISURERU5fRklMRVMlMjAlM0QlMjAlMjJIaWRlJTIwZmlsZXMlMjBhbmQlMjBkaXJlY3RvcmllcyUyMiUwQSUyMFBPU1RfQlJFQUNIX1RSQVBfQ09NTUFORCUyMCUzRCUyMCUyMkV4ZWN1dGUlMjBjb21tYW5kJTIwd2hlbiUyMGElMjBwYXJ0aWN1bGFyJTIwc2lnbmFsJTIwaXMlMjByZWNlaXZlZCUyMiUwQSUyMFBPU1RfQlJFQUNIX1NFVFVJRF9TRVRHSUQlMjAlM0QlMjAlMjJTZXR1aWQlMjBhbmQlMjBTZXRnaWQlMjIlMEEtUE9TVF9CUkVBQ0hfSk9CX1NDSEVEVUxJTkclMjAlM0QlMjAlMjJTY2hlZHVsZSUyMGpvYnMlMjIlMEElMkIlMjMlMjBTd2ltbWVyJTNBJTIwUFVUJTIwVEhFJTIwTkVXJTIwQ09OU1QlMjBIRVJFISUwQSUyMFBPU1RfQlJFQUNIX1RJTUVTVE9NUElORyUyMCUzRCUyMCUyMk1vZGlmeSUyMGZpbGVzJyUyMHRpbWVzdGFtcHMlMjIlMEElMjBQT1NUX0JSRUFDSF9TSUdORURfU0NSSVBUX1BST1hZX0VYRUMlMjAlM0QlMjAlMjJTaWduZWQlMjBzY3JpcHQlMjBwcm94eSUyMGV4ZWN1dGlvbiUyMiUwQSUyMFBPU1RfQlJFQUNIX0FDQ09VTlRfRElTQ09WRVJZJTIwJTNEJTIwJTIyQWNjb3VudCUyMGRpc2NvdmVyeSUyMiUwQQ==",
"tests": [], "tests": [],
"hints": [ "hints": [
"See the `Timestomping` PBA. How is the name of the PBA set?" "See the `Timestomping` PBA. How is the name of the PBA set?"
],
"files": {
"monkey/common/data/post_breach_consts.py": {
"index": [
"25e6679c..46d802de",
"100644"
],
"fileA": "monkey/common/data/post_breach_consts.py",
"fileB": "monkey/common/data/post_breach_consts.py",
"status": "MODIFIED",
"numLineDeletions": 1,
"numLineAdditions": 1,
"hunkContainers": [
"JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC01JTJDNyUyMCUyQjUlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfU0hFTExfU1RBUlRVUF9GSUxFX01PRElGSUNBVElPTiUyMCUzRCUyMCU1QyUyMk1vZGlmeSUyMHNoZWxsJTIwc3RhcnR1cCUyMGZpbGUlNUMlMjIlMjIlMkMlMjJjaGFuZ2VzJTIyJTNBJTVCJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwUE9TVF9CUkVBQ0hfSElEREVOX0ZJTEVTJTIwJTNEJTIwJTVDJTIySGlkZSUyMGZpbGVzJTIwYW5kJTIwZGlyZWN0b3JpZXMlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E1JTJDJTIyYiUyMiUzQTUlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9UUkFQX0NPTU1BTkQlMjAlM0QlMjAlNUMlMjJFeGVjdXRlJTIwY29tbWFuZCUyMHdoZW4lMjBhJTIwcGFydGljdWxhciUyMHNpZ25hbCUyMGlzJTIwcmVjZWl2ZWQlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E2JTJDJTIyYiUyMiUzQTYlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9TRVRVSURfU0VUR0lEJTIwJTNEJTIwJTVDJTIyU2V0dWlkJTIwYW5kJTIwU2V0Z2lkJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNyUyQyUyMmIlMjIlM0E3JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMlBPU1RfQlJFQUNIX0pPQl9TQ0hFRFVMSU5HJTIwJTNEJTIwJTVDJTIyU2NoZWR1bGUlMjBqb2JzJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBOCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJhZGQlMjIlMkMlMjJtYXJrJTIyJTNBJTIyJTJCJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMyUyMFN3aW1tZXIlM0ElMjBQVVQlMjBUSEUlMjBORVclMjBDT05TVCUyMEhFUkUhJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBOCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMFBPU1RfQlJFQUNIX1RJTUVTVE9NUElORyUyMCUzRCUyMCU1QyUyMk1vZGlmeSUyMGZpbGVzJyUyMHRpbWVzdGFtcHMlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E5JTJDJTIyYiUyMiUzQTklN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9TSUdORURfU0NSSVBUX1BST1hZX0VYRUMlMjAlM0QlMjAlNUMlMjJTaWduZWQlMjBzY3JpcHQlMjBwcm94eSUyMGV4ZWN1dGlvbiU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTEwJTJDJTIyYiUyMiUzQTEwJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwUE9TVF9CUkVBQ0hfQUNDT1VOVF9ESVNDT1ZFUlklMjAlM0QlMjAlNUMlMjJBY2NvdW50JTIwZGlzY292ZXJ5JTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMTElMkMlMjJiJTIyJTNBMTElN0QlN0QlNUQlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ElN0IlMjJzdGFydExpbmUlMjIlM0E1JTJDJTIybGluZXNDb3VudCUyMiUzQTclN0QlMkMlMjJiJTIyJTNBJTdCJTIyc3RhcnRMaW5lJTIyJTNBNSUyQyUyMmxpbmVzQ291bnQlMjIlM0E3JTdEJTdEJTdEJTdE"
] ]
}
}, },
"app_version": "0.1.90", "content": [
"file_version": "1.0.2" {
"type": "text",
"text": "The name of your new PBA (which creates scheduled jobs on the machine) will be used in a few places, including the report. <br><br>\nYou should briefly define what your PBA does in a constant variable, such that it can be used by both the Monkey and the Monkey Island.\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- Make sure the \"Job scheduling\" PBA is enabled in the \"Monkey\" tab in the configuration — for this test, disable network scanning, exploiting, and all other PBAs\n- Run the Monkey\n- Check the PBA section in the Security report for the name you gave to the new PBA \n\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2Ff0e53e6c-9dbe-41d8-9454-2b5761c3f53a.png?alt=media&token=21aa4bb8-7ebe-4dab-a739-c77e059144dd\" height=400>"
},
{
"firstLineNumber": 5,
"path": "monkey/common/common_consts/post_breach_consts.py",
"type": "snippet",
"lines": [
" POST_BREACH_HIDDEN_FILES = \"Hide files and directories\"",
" POST_BREACH_TRAP_COMMAND = \"Execute command when a particular signal is received\"",
" POST_BREACH_SETUID_SETGID = \"Setuid and Setgid\"",
"*POST_BREACH_JOB_SCHEDULING = \"Schedule jobs\"",
"+# Swimmer: PUT THE NEW CONST HERE!",
" POST_BREACH_TIMESTOMPING = \"Modify files' timestamps\"",
" POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC = \"Signed script proxy execution\"",
" POST_BREACH_ACCOUNT_DISCOVERY = \"Account discovery\""
],
"comments": []
},
{
"type": "text",
"text": "- The name defined here for your PBA can be seen on the Monkey Island in the PBA section in the Security report.\n- The results of each PBA stored in the telemetry are also identified by the string defined here for that PBA."
}
],
"file_version": "2.0.0",
"meta": {
"app_version": "0.3.7-0",
"file_blobs": {
"monkey/common/common_consts/post_breach_consts.py": "25e6679cb1623aae1a732deb05cc011a452743e3"
}
}
} }

View File

@ -27,6 +27,7 @@ install:
- pip install flake8 pytest pytest-cov dlint isort # for next stages - pip install flake8 pytest pytest-cov dlint isort # for next stages
- pip install coverage # for code coverage - pip install coverage # for code coverage
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests - pip install -r monkey/infection_monkey/requirements.txt # for unit tests
- pip install -r monkey/common/cloud/scoutsuite/requirements.txt
- pip install pipdeptree - pip install pipdeptree
# Fail builds on possible conflicting dependencies. # Fail builds on possible conflicting dependencies.
- pipdeptree --warn fail - pipdeptree --warn fail
@ -52,15 +53,10 @@ install:
# print hugo version (useful for debugging documentation build errors) # print hugo version (useful for debugging documentation build errors)
- hugo version - hugo version
before_script:
# Set the server config to `testing`. This is required for for the UTs to pass.
- pushd /home/travis/build/guardicore/monkey/monkey
- python monkey_island/cc/environment/set_server_config.py testing
- popd
script: script:
# Check Python code # Check Python code
- flake8 ./monkey --config=./ci_scripts/flake8_syntax_check.ini ## Check syntax errors and fail the build if any are found.
- flake8 ./monkey --exclude=monkey/common/cloud/scoutsuite --config=./ci_scripts/flake8_syntax_check.ini
## Warn about linter issues. ## Warn about linter issues.
### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build. ### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.

View File

@ -30,6 +30,7 @@ $TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32"
# Other directories and paths ( most likely you dont need to configure) # Other directories and paths ( most likely you dont need to configure)
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island" $MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey" $MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
$SCOUTSUITE_DIR = Join-Path "\monkey" "common" "cloud" "scoutsuite"
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin" $SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
$TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_PYTHON_INSTALLER = ".\python.exe"
$TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_MONGODB_ZIP = ".\mongodb.zip"

View File

@ -66,6 +66,7 @@ MONGO_PATH="$ISLAND_PATH/bin/mongodb"
ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries" ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey" INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin" MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
SCOUTSUITE_DIR="$monkey_home/monkey/common/cloud/scoutsuite"
if ! has_sudo; then if ! has_sudo; then
log_message "You need root permissions for some of this script operations. \ log_message "You need root permissions for some of this script operations. \
@ -141,6 +142,9 @@ sudo apt-get install -y libffi-dev upx libssl-dev libc++1
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt" requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error ${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
log_message "Installing ScoutSuite requirements"
requirements_scoutsuite="$SCOUTSUITE_DIR/requirements.txt"
${python_cmd} -m pip install -r "${requirements_scoutsuite}" --user --upgrade || handle_error
agents=${3:-true} agents=${3:-true}
# Download binaries # Download binaries

View File

@ -115,6 +115,9 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
"Installing python packages for monkey" "Installing python packages for monkey"
$monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements.txt" $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements.txt"
& python -m pip install --user -r $monkeyRequirements & python -m pip install --user -r $monkeyRequirements
"Installing python packages for ScoutSuite"
$scoutsuiteRequirements = Join-Path -Path $monkey_home -ChildPath $SCOUTSUITE_DIR | Join-Path -ChildPath "\requirements.txt"
& python -m pip install --user -r $scoutsuiteRequirements
$user_python_dir = cmd.exe /c 'py -m site --user-site' $user_python_dir = cmd.exe /c 'py -m site --user-site'
$user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts" $user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts"

View File

@ -3,8 +3,7 @@ from datetime import timedelta
from typing import Dict from typing import Dict
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
PerformanceTestConfig
LOGGER = logging.getLogger(__name__) LOGGER = logging.getLogger(__name__)

View File

@ -4,8 +4,7 @@ from time import sleep
from bson import json_util from bson import json_util
from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import \ from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import MonkeyIslandRequests
MonkeyIslandRequests
SLEEP_BETWEEN_REQUESTS_SECONDS = 0.5 SLEEP_BETWEEN_REQUESTS_SECONDS = 0.5
MONKEY_TEST_ENDPOINT = 'api/test/monkey' MONKEY_TEST_ENDPOINT = 'api/test/monkey'

View File

@ -5,8 +5,7 @@ from typing import Dict
import requests import requests
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \ from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
SupportedRequestMethod
# SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()' # SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \ NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \

View File

@ -2,10 +2,8 @@ import logging
import os import os
import shutil import shutil
from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import \ from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import MonkeyLogParser
MonkeyLogParser from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import MonkeyLogsDownloader
from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import \
MonkeyLogsDownloader
LOG_DIR_NAME = 'logs' LOG_DIR_NAME = 'logs'
LOGGER = logging.getLogger(__name__) LOGGER = logging.getLogger(__name__)

View File

@ -4,25 +4,17 @@ from time import sleep
import pytest import pytest
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \ from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import CommunicationAnalyzer
CommunicationAnalyzer from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser
from envs.monkey_zoo.blackbox.island_client.island_config_parser import \ from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
IslandConfigParser from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHandler
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
MonkeyIslandClient
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \
TestLogsHandler
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation import \ from envs.monkey_zoo.blackbox.tests.performance.map_generation import MapGenerationTest
MapGenerationTest from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import MapGenerationFromTelemetryTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import \ from envs.monkey_zoo.blackbox.tests.performance.report_generation import ReportGenerationTest
MapGenerationFromTelemetryTest
from envs.monkey_zoo.blackbox.tests.performance.report_generation import \
ReportGenerationTest
from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import \ from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import \
ReportGenerationFromTelemetryTest ReportGenerationFromTelemetryTest
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \ from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
TelemetryPerformanceTest
from envs.monkey_zoo.blackbox.utils import gcp_machine_handlers from envs.monkey_zoo.blackbox.utils import gcp_machine_handlers
DEFAULT_TIMEOUT_SECONDS = 5*60 DEFAULT_TIMEOUT_SECONDS = 5*60

View File

@ -1,14 +1,10 @@
import logging import logging
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \ from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer
PerformanceAnalyzer from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
SupportedRequestMethod
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
PerformanceTestConfig
LOGGER = logging.getLogger(__name__) LOGGER = logging.getLogger(__name__)

View File

@ -1,12 +1,9 @@
from datetime import timedelta from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \ from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
PerformanceTest from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \
PerformanceTestWorkflow
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2) MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5) MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)

View File

@ -1,9 +1,7 @@
from datetime import timedelta from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \ from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
PerformanceTest from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \ from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
TelemetryPerformanceTestWorkflow TelemetryPerformanceTestWorkflow

View File

@ -1,9 +1,7 @@
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \ from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest
EndpointPerformanceTest from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
class PerformanceTestWorkflow(BasicTest): class PerformanceTestWorkflow(BasicTest):

View File

@ -1,12 +1,9 @@
from datetime import timedelta from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \ from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
PerformanceTest from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \
PerformanceTestWorkflow
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2) MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5) MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)

View File

@ -1,9 +1,7 @@
from datetime import timedelta from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \ from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
PerformanceTest from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \ from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
TelemetryPerformanceTestWorkflow TelemetryPerformanceTestWorkflow

View File

@ -6,12 +6,10 @@ from typing import Dict, List
from tqdm import tqdm from tqdm import tqdm
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \ from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser
SampleFileParser
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \ from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \
FakeIpGenerator FakeIpGenerator
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import \ from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import FakeMonkey
FakeMonkey
TELEM_DIR_PATH = './tests/performance/telemetry_sample' TELEM_DIR_PATH = './tests/performance/telemetry_sample'
LOGGER = logging.getLogger(__name__) LOGGER = logging.getLogger(__name__)

View File

@ -4,16 +4,11 @@ from datetime import timedelta
from tqdm import tqdm from tqdm import tqdm
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \ from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer
PerformanceAnalyzer from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
MonkeyIslandClient from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \ from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser
SupportedRequestMethod
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \
SampleFileParser
LOGGER = logging.getLogger(__name__) LOGGER = logging.getLogger(__name__)

View File

@ -1,10 +1,7 @@
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \ from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest
EndpointPerformanceTest from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \ from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \
TelemetryPerformanceTest
class TelemetryPerformanceTestWorkflow(BasicTest): class TelemetryPerformanceTestWorkflow(BasicTest):

View File

@ -1,7 +1,6 @@
import pytest import pytest
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
MonkeyIslandClient
machine_list = { machine_list = {
"10.0.0.36": "centos_6", "10.0.0.36": "centos_6",

@ -0,0 +1 @@
Subproject commit e5dd01dab08ed8d887736cfcee068c1b8895d4a1

View File

@ -0,0 +1,9 @@
from enum import Enum
class CloudProviders(Enum):
AWS = 'aws'
AZURE = 'azure'
GCP = 'gcp'
ALIBABA = 'aliyun'
ORACLE = 'oci'

View File

@ -4,3 +4,4 @@ ENVIRONMENT_COLLECTOR = "EnvironmentCollector"
PROCESS_LIST_COLLECTOR = "ProcessListCollector" PROCESS_LIST_COLLECTOR = "ProcessListCollector"
MIMIKATZ_COLLECTOR = "MimikatzCollector" MIMIKATZ_COLLECTOR = "MimikatzCollector"
AZURE_CRED_COLLECTOR = "AzureCollector" AZURE_CRED_COLLECTOR = "AzureCollector"
SCOUTSUITE_COLLECTOR = "ScoutSuiteCollector"

View File

@ -0,0 +1,10 @@
class TelemCategoryEnum:
EXPLOIT = 'exploit'
POST_BREACH = 'post_breach'
SCAN = 'scan'
SCOUTSUITE = 'scoutsuite'
STATE = 'state'
SYSTEM_INFO = 'system_info'
TRACE = 'trace'
TUNNEL = 'tunnel'
ATTACK = 'attack'

View File

@ -31,6 +31,14 @@ TEST_MALICIOUS_ACTIVITY_TIMELINE = "malicious_activity_timeline"
TEST_SEGMENTATION = "segmentation" TEST_SEGMENTATION = "segmentation"
TEST_TUNNELING = "tunneling" TEST_TUNNELING = "tunneling"
TEST_COMMUNICATE_AS_NEW_USER = "communicate_as_new_user" TEST_COMMUNICATE_AS_NEW_USER = "communicate_as_new_user"
TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES = "scoutsuite_permissive_firewall_rules"
TEST_SCOUTSUITE_UNENCRYPTED_DATA = "scoutsuite_unencrypted_data"
TEST_SCOUTSUITE_DATA_LOSS_PREVENTION = "scoutsuite_data_loss_prevention"
TEST_SCOUTSUITE_SECURE_AUTHENTICATION = "scoutsuite_secure_authentication"
TEST_SCOUTSUITE_RESTRICTIVE_POLICIES = "scoutsuite_unrestrictive_policies"
TEST_SCOUTSUITE_LOGGING = "scoutsuite_logging"
TEST_SCOUTSUITE_SERVICE_SECURITY = "scoutsuite_service_security"
TESTS = ( TESTS = (
TEST_SEGMENTATION, TEST_SEGMENTATION,
TEST_MALICIOUS_ACTIVITY_TIMELINE, TEST_MALICIOUS_ACTIVITY_TIMELINE,
@ -40,25 +48,38 @@ TESTS = (
TEST_DATA_ENDPOINT_HTTP, TEST_DATA_ENDPOINT_HTTP,
TEST_DATA_ENDPOINT_ELASTIC, TEST_DATA_ENDPOINT_ELASTIC,
TEST_TUNNELING, TEST_TUNNELING,
TEST_COMMUNICATE_AS_NEW_USER TEST_COMMUNICATE_AS_NEW_USER,
TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES,
TEST_SCOUTSUITE_UNENCRYPTED_DATA,
TEST_SCOUTSUITE_DATA_LOSS_PREVENTION,
TEST_SCOUTSUITE_SECURE_AUTHENTICATION,
TEST_SCOUTSUITE_RESTRICTIVE_POLICIES,
TEST_SCOUTSUITE_LOGGING,
TEST_SCOUTSUITE_SERVICE_SECURITY
) )
PRINCIPLE_DATA_TRANSIT = "data_transit" PRINCIPLE_DATA_CONFIDENTIALITY = "data_transit"
PRINCIPLE_ENDPOINT_SECURITY = "endpoint_security" PRINCIPLE_ENDPOINT_SECURITY = "endpoint_security"
PRINCIPLE_USER_BEHAVIOUR = "user_behaviour" PRINCIPLE_USER_BEHAVIOUR = "user_behaviour"
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = "analyze_network_traffic" PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = "analyze_network_traffic"
PRINCIPLE_SEGMENTATION = "segmentation" PRINCIPLE_SEGMENTATION = "segmentation"
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = "network_policies" PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = "network_policies"
PRINCIPLE_USERS_MAC_POLICIES = "users_mac_policies" PRINCIPLE_USERS_MAC_POLICIES = "users_mac_policies"
PRINCIPLE_DISASTER_RECOVERY = "data_backup"
PRINCIPLE_SECURE_AUTHENTICATION = "secure_authentication"
PRINCIPLE_MONITORING_AND_LOGGING = "monitoring_and_logging"
PRINCIPLES = { PRINCIPLES = {
PRINCIPLE_SEGMENTATION: "Apply segmentation and micro-segmentation inside your network.", PRINCIPLE_SEGMENTATION: "Apply segmentation and micro-segmentation inside your network.",
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: "Analyze network traffic for malicious activity.", PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: "Analyze network traffic for malicious activity.",
PRINCIPLE_USER_BEHAVIOUR: "Adopt security user behavior analytics.", PRINCIPLE_USER_BEHAVIOUR: "Adopt security user behavior analytics.",
PRINCIPLE_ENDPOINT_SECURITY: "Use anti-virus and other traditional endpoint security solutions.", PRINCIPLE_ENDPOINT_SECURITY: "Use anti-virus and other traditional endpoint security solutions.",
PRINCIPLE_DATA_TRANSIT: "Secure data at transit by encrypting it.", PRINCIPLE_DATA_CONFIDENTIALITY: "Ensure data's confidentiality by encrypting it.",
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.", PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.",
PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandatory " PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandatory "
"Access Control) only.", "Access Control) only.",
PRINCIPLE_DISASTER_RECOVERY: "Ensure data and infrastructure backups for disaster recovery scenarios.",
PRINCIPLE_SECURE_AUTHENTICATION: "Ensure secure authentication process's.",
PRINCIPLE_MONITORING_AND_LOGGING: "Ensure monitoring and logging in network resources."
} }
POSSIBLE_STATUSES_KEY = "possible_statuses" POSSIBLE_STATUSES_KEY = "possible_statuses"
@ -129,7 +150,7 @@ TESTS_MAP = {
STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts " STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts "
"that indicate attempts to access them. " "that indicate attempts to access them. "
}, },
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT, PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
PILLARS_KEY: [DATA], PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED] POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
}, },
@ -140,7 +161,7 @@ TESTS_MAP = {
STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate " STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate "
"attempts to access them. " "attempts to access them. "
}, },
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT, PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
PILLARS_KEY: [DATA], PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED] POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
}, },
@ -165,6 +186,76 @@ TESTS_MAP = {
PILLARS_KEY: [PEOPLE, NETWORKS, VISIBILITY_ANALYTICS], PILLARS_KEY: [PEOPLE, NETWORKS, VISIBILITY_ANALYTICS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED] POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
}, },
TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES: {
TEST_EXPLANATION_KEY: "ScoutSuite assessed cloud firewall rules and settings.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found overly permissive firewall rules.",
STATUS_PASSED: "ScoutSuite found no problems with cloud firewall rules."
},
PRINCIPLE_KEY: PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES,
PILLARS_KEY: [NETWORKS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_UNENCRYPTED_DATA: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for resources containing unencrypted data.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found resources with unencrypted data.",
STATUS_PASSED: "ScoutSuite found no resources with unencrypted data."
},
PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_DATA_LOSS_PREVENTION: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for resources which are not protected against data loss.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found resources not protected against data loss.",
STATUS_PASSED: "ScoutSuite found that all resources are secured against data loss."
},
PRINCIPLE_KEY: PRINCIPLE_DISASTER_RECOVERY,
PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_SECURE_AUTHENTICATION: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for issues related to users' authentication.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found issues related to users' authentication.",
STATUS_PASSED: "ScoutSuite found no issues related to users' authentication."
},
PRINCIPLE_KEY: PRINCIPLE_SECURE_AUTHENTICATION,
PILLARS_KEY: [PEOPLE, WORKLOADS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_RESTRICTIVE_POLICIES: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for permissive user access policies.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found permissive user access policies.",
STATUS_PASSED: "ScoutSuite found no issues related to user access policies."
},
PRINCIPLE_KEY: PRINCIPLE_USERS_MAC_POLICIES,
PILLARS_KEY: [PEOPLE, WORKLOADS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_LOGGING: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for issues, related to logging.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found logging issues.",
STATUS_PASSED: "ScoutSuite found no logging issues."
},
PRINCIPLE_KEY: PRINCIPLE_MONITORING_AND_LOGGING,
PILLARS_KEY: [AUTOMATION_ORCHESTRATION, VISIBILITY_ANALYTICS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
TEST_SCOUTSUITE_SERVICE_SECURITY: {
TEST_EXPLANATION_KEY: "ScoutSuite searched for service security issues.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "ScoutSuite found service security issues.",
STATUS_PASSED: "ScoutSuite found no service security issues."
},
PRINCIPLE_KEY: PRINCIPLE_MONITORING_AND_LOGGING,
PILLARS_KEY: [DEVICES, NETWORKS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
}
} }
EVENT_TYPE_MONKEY_NETWORK = "monkey_network" EVENT_TYPE_MONKEY_NETWORK = "monkey_network"

View File

@ -1,7 +1,6 @@
from unittest import TestCase from unittest import TestCase
from common.network.network_utils import (get_host_from_network_location, from common.network.network_utils import get_host_from_network_location, remove_port
remove_port)
class TestNetworkUtils(TestCase): class TestNetworkUtils(TestCase):

View File

@ -1,30 +1,28 @@
from common.network.network_range import CidrRange from common.network.network_range import CidrRange
from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
class TestSegmentationUtils(IslandTestCase): class TestSegmentationUtils:
def test_get_ip_in_src_and_not_in_dst(self): def test_get_ip_in_src_and_not_in_dst(self):
self.fail_if_not_testing_env()
source = CidrRange("1.1.1.0/24") source = CidrRange("1.1.1.0/24")
target = CidrRange("2.2.2.0/24") target = CidrRange("2.2.2.0/24")
# IP not in both # IP not in both
self.assertIsNone(get_ip_in_src_and_not_in_dst( assert get_ip_in_src_and_not_in_dst(
["3.3.3.3", "4.4.4.4"], source, target ["3.3.3.3", "4.4.4.4"], source, target
)) ) is None
# IP not in source, in target # IP not in source, in target
self.assertIsNone(get_ip_in_src_and_not_in_dst( assert (get_ip_in_src_and_not_in_dst(
["2.2.2.2"], source, target ["2.2.2.2"], source, target
)) )) is None
# IP in source, not in target # IP in source, not in target
self.assertIsNotNone(get_ip_in_src_and_not_in_dst( assert (get_ip_in_src_and_not_in_dst(
["8.8.8.8", "1.1.1.1"], source, target ["8.8.8.8", "1.1.1.1"], source, target
)) ))
# IP in both subnets # IP in both subnets
self.assertIsNone(get_ip_in_src_and_not_in_dst( assert (get_ip_in_src_and_not_in_dst(
["8.8.8.8", "1.1.1.1"], source, source ["8.8.8.8", "1.1.1.1"], source, source
)) )) is None

View File

@ -22,5 +22,29 @@ class AlreadyRegisteredError(RegistrationNotNeededError):
""" Raise to indicate the reason why registration is not required """ """ Raise to indicate the reason why registration is not required """
class RulePathCreatorNotFound(Exception):
""" Raise to indicate that ScoutSuite rule doesn't have a path creator"""
class InvalidAWSKeys(Exception):
""" Raise to indicate that AWS API keys are invalid"""
class NoInternetError(Exception):
""" Raise to indicate problems caused when no internet connection is present"""
class ScoutSuiteScanError(Exception):
""" Raise to indicate problems ScoutSuite encountered during scanning"""
class UnknownFindingError(Exception):
""" Raise when provided finding is of unknown type"""
class VersionServerConnectionError(Exception): class VersionServerConnectionError(Exception):
""" Raise to indicate that connection to version update server failed """ """ Raise to indicate that connection to version update server failed """
class FindingWithoutDetailsError(Exception):
""" Raise when pulling events for a finding, but get none """

View File

@ -1,5 +1,4 @@
import hashlib import hashlib
import json
import os import os
import sys import sys
import uuid import uuid
@ -12,7 +11,8 @@ GUID = str(uuid.getnode())
EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin') EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
SENSITIVE_FIELDS = ["exploit_password_list", "exploit_user_list", "exploit_ssh_keys"] SENSITIVE_FIELDS = ["exploit_password_list", "exploit_user_list", "exploit_ssh_keys", "aws_secret_access_key",
"aws_session_token"]
LOCAL_CONFIG_VARS = ["name", "id", "current_server", "max_depth"] LOCAL_CONFIG_VARS = ["name", "id", "current_server", "max_depth"]
HIDDEN_FIELD_REPLACEMENT_CONTENT = "hidden" HIDDEN_FIELD_REPLACEMENT_CONTENT = "hidden"
@ -36,16 +36,6 @@ class Configuration(object):
self.max_depth = self.depth self.max_depth = self.depth
return unknown_items return unknown_items
def from_json(self, json_data):
"""
Gets a json data object, parses it and applies it to the configuration
:param json_data:
:return:
"""
formatted_data = json.loads(json_data)
result = self.from_kv(formatted_data)
return result
@staticmethod @staticmethod
def hide_sensitive_info(config_dict): def hide_sensitive_info(config_dict):
for field in SENSITIVE_FIELDS: for field in SENSITIVE_FIELDS:
@ -256,6 +246,10 @@ class Configuration(object):
exploit_ntlm_hash_list = [] exploit_ntlm_hash_list = []
exploit_ssh_keys = [] exploit_ssh_keys = []
aws_access_key_id = ''
aws_secret_access_key = ''
aws_session_token = ''
# smb/wmi exploiter # smb/wmi exploiter
smb_download_timeout = 300 # timeout in seconds smb_download_timeout = 300 # timeout in seconds
smb_service_name = "InfectionMonkey" smb_service_name = "InfectionMonkey"

View File

@ -12,13 +12,12 @@ import infection_monkey.tunnel as tunnel
from common.common_consts.timeouts import (LONG_REQUEST_TIMEOUT, from common.common_consts.timeouts import (LONG_REQUEST_TIMEOUT,
MEDIUM_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT,
SHORT_REQUEST_TIMEOUT) SHORT_REQUEST_TIMEOUT)
from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH from common.common_consts.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
from infection_monkey.config import GUID, WormConfiguration from infection_monkey.config import GUID, WormConfiguration
from infection_monkey.network.info import check_internet_access, local_ips from infection_monkey.network.info import check_internet_access, local_ips
from infection_monkey.transport.http import HTTPConnectProxy from infection_monkey.transport.http import HTTPConnectProxy
from infection_monkey.transport.tcp import TcpProxy from infection_monkey.transport.tcp import TcpProxy
from infection_monkey.utils.exceptions.planned_shutdown_exception import \ from infection_monkey.utils.exceptions.planned_shutdown_exception import PlannedShutdownException
PlannedShutdownException
__author__ = 'hoffer' __author__ = 'hoffer'
@ -132,12 +131,12 @@ class ControlClient(object):
return {} return {}
@staticmethod @staticmethod
def send_telemetry(telem_category, data): def send_telemetry(telem_category, json_data: str):
if not WormConfiguration.current_server: if not WormConfiguration.current_server:
LOG.error("Trying to send %s telemetry before current server is established, aborting." % telem_category) LOG.error("Trying to send %s telemetry before current server is established, aborting." % telem_category)
return return
try: try:
telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': data} telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': json_data}
requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), # noqa: DUO123 requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), # noqa: DUO123
data=json.dumps(telemetry), data=json.dumps(telemetry),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},

View File

@ -12,11 +12,8 @@ from ctypes import c_char_p
from common.utils.attack_utils import ScanStatus, UsageEnum from common.utils.attack_utils import ScanStatus, UsageEnum
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration
from infection_monkey.exploit.tools.helpers import \ from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
build_monkey_commandline_explicitly from infection_monkey.model import GENERAL_CMDLINE_LINUX, MONKEY_CMDLINE_LINUX, MONKEY_CMDLINE_WINDOWS
from infection_monkey.model import (GENERAL_CMDLINE_LINUX,
MONKEY_CMDLINE_LINUX,
MONKEY_CMDLINE_WINDOWS)
from infection_monkey.system_info import OperatingSystem, SystemInfoCollector from infection_monkey.system_info import OperatingSystem, SystemInfoCollector
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem from infection_monkey.telemetry.attack.t1106_telem import T1106Telem

View File

@ -3,6 +3,7 @@ from abc import abstractmethod
from datetime import datetime from datetime import datetime
import infection_monkey.exploit import infection_monkey.exploit
from common.utils.exceptions import FailedExploitationError
from common.utils.exploit_enum import ExploitType from common.utils.exploit_enum import ExploitType
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration
from infection_monkey.utils.plugins.plugin import Plugin from infection_monkey.utils.plugins.plugin import Plugin
@ -73,8 +74,10 @@ class HostExploiter(Plugin):
result = None result = None
try: try:
result = self._exploit_host() result = self._exploit_host()
except Exception as _: except FailedExploitationError:
logger.error(f'Exception in exploit_host', exc_info=True) logger.debug('Exploiter failed.', exc_info=True)
except Exception:
logger.error('Exception in exploit_host', exc_info=True)
finally: finally:
self.post_exploit() self.post_exploit()
return result return result

View File

@ -10,11 +10,10 @@ import re
import requests import requests
from common.data.network_consts import ES_SERVICE from common.common_consts.network_consts import ES_SERVICE
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, CMD_PREFIX, DOWNLOAD_TIMEOUT, ID_STRING,
CMD_PREFIX, DOWNLOAD_TIMEOUT, ID_STRING,
WGET_HTTP_UPLOAD) WGET_HTTP_UPLOAD)
from infection_monkey.network.elasticfinger import ES_PORT from infection_monkey.network.elasticfinger import ES_PORT
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem from infection_monkey.telemetry.attack.t1197_telem import T1197Telem

View File

@ -11,14 +11,11 @@ import string
import requests import requests
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
get_monkey_depth)
from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.exploit.tools.http_tools import HTTPTools
from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.model import (HADOOP_LINUX_COMMAND, from infection_monkey.model import HADOOP_LINUX_COMMAND, HADOOP_WINDOWS_COMMAND, ID_STRING, MONKEY_ARG
HADOOP_WINDOWS_COMMAND, ID_STRING,
MONKEY_ARG)
__author__ = 'VakarisZ' __author__ = 'VakarisZ'

View File

@ -5,13 +5,10 @@ from time import sleep
import pymssql import pymssql
from common.utils.exceptions import (ExploitingVulnerableMachineError, from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
FailedExploitationError)
from common.utils.exploit_enum import ExploitType from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_monkey_dest_path
get_monkey_depth,
get_monkey_dest_path)
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
from infection_monkey.model import DROPPER_ARG from infection_monkey.model import DROPPER_ARG

View File

@ -8,23 +8,17 @@ from io import BytesIO
import impacket.smbconnection import impacket.smbconnection
from impacket.nmb import NetBIOSError from impacket.nmb import NetBIOSError
from impacket.nt_errors import STATUS_SUCCESS from impacket.nt_errors import STATUS_SUCCESS
from impacket.smb import (FILE_DIRECTORY_FILE, FILE_NON_DIRECTORY_FILE, from impacket.smb import (FILE_DIRECTORY_FILE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, FILE_READ_DATA, FILE_SHARE_READ,
FILE_OPEN, FILE_READ_DATA, FILE_SHARE_READ, FILE_WRITE_DATA, SMB, SMB_DIALECT, SessionError, SMBCommand, SMBNtCreateAndX_Data,
FILE_WRITE_DATA, SMB, SMB_DIALECT, SessionError,
SMBCommand, SMBNtCreateAndX_Data,
SMBNtCreateAndX_Parameters) SMBNtCreateAndX_Parameters)
from impacket.smb3structs import (SMB2_CREATE, SMB2_FLAGS_DFS_OPERATIONS, from impacket.smb3structs import (SMB2_CREATE, SMB2_FLAGS_DFS_OPERATIONS, SMB2_IL_IMPERSONATION, SMB2_OPLOCK_LEVEL_NONE,
SMB2_IL_IMPERSONATION, SMB2Create, SMB2Create_Response, SMB2Packet)
SMB2_OPLOCK_LEVEL_NONE, SMB2Create,
SMB2Create_Response, SMB2Packet)
from impacket.smbconnection import SMBConnection from impacket.smbconnection import SMBConnection
import infection_monkey.monkeyfs as monkeyfs import infection_monkey.monkeyfs as monkeyfs
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey_by_os
get_monkey_depth,
get_target_monkey_by_os)
from infection_monkey.model import DROPPER_ARG from infection_monkey.model import DROPPER_ARG
from infection_monkey.network.smbfinger import SMB_SERVICE from infection_monkey.network.smbfinger import SMB_SERVICE
from infection_monkey.network.tools import get_interface_to_target from infection_monkey.network.tools import get_interface_to_target

View File

@ -9,9 +9,7 @@ import requests
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.shellshock_resources import CGI_FILES from infection_monkey.exploit.shellshock_resources import CGI_FILES
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.exploit.tools.http_tools import HTTPTools
from infection_monkey.model import DROPPER_ARG from infection_monkey.model import DROPPER_ARG
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem from infection_monkey.telemetry.attack.t1222_telem import T1222Telem

View File

@ -5,13 +5,9 @@ from impacket.dcerpc.v5 import scmr, transport
from common.utils.attack_utils import ScanStatus, UsageEnum from common.utils.attack_utils import ScanStatus, UsageEnum
from common.utils.exploit_enum import ExploitType from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.smb_tools import SmbTools from infection_monkey.exploit.tools.smb_tools import SmbTools
from infection_monkey.model import (DROPPER_CMDLINE_DETACHED_WINDOWS, from infection_monkey.model import DROPPER_CMDLINE_DETACHED_WINDOWS, MONKEY_CMDLINE_DETACHED_WINDOWS, VictimHost
MONKEY_CMDLINE_DETACHED_WINDOWS,
VictimHost)
from infection_monkey.network.smbfinger import SMBFinger from infection_monkey.network.smbfinger import SMBFinger
from infection_monkey.network.tools import check_tcp_port from infection_monkey.network.tools import check_tcp_port
from infection_monkey.telemetry.attack.t1035_telem import T1035Telem from infection_monkey.telemetry.attack.t1035_telem import T1035Telem

View File

@ -9,12 +9,9 @@ from common.utils.attack_utils import ScanStatus
from common.utils.exceptions import FailedExploitationError from common.utils.exceptions import FailedExploitationError
from common.utils.exploit_enum import ExploitType from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
get_monkey_depth,
get_target_monkey)
from infection_monkey.model import MONKEY_ARG from infection_monkey.model import MONKEY_ARG
from infection_monkey.network.tools import (check_tcp_port, from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
get_interface_to_target)
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem from infection_monkey.telemetry.attack.t1222_telem import T1222Telem

View File

@ -1,7 +1,6 @@
import unittest import unittest
from infection_monkey.exploit.tools.helpers import \ from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
build_monkey_commandline_explicitly
class TestHelpers(unittest.TestCase): class TestHelpers(unittest.TestCase):

View File

@ -10,12 +10,9 @@ from logging import getLogger
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.exploit.tools.http_tools import HTTPTools
from infection_monkey.model import (CHMOD_MONKEY, DOWNLOAD_TIMEOUT, MONKEY_ARG, from infection_monkey.model import CHMOD_MONKEY, DOWNLOAD_TIMEOUT, MONKEY_ARG, RUN_MONKEY, WGET_HTTP_UPLOAD
RUN_MONKEY, WGET_HTTP_UPLOAD)
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
LOG = getLogger(__name__) LOG = getLogger(__name__)

View File

@ -5,16 +5,11 @@ from posixpath import join
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.exploit.tools.http_tools import HTTPTools
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, CHMOD_MONKEY, DOWNLOAD_TIMEOUT, DROPPER_ARG,
CHMOD_MONKEY, DOWNLOAD_TIMEOUT, GET_ARCH_LINUX, GET_ARCH_WINDOWS, ID_STRING, MONKEY_ARG, POWERSHELL_HTTP_UPLOAD,
DROPPER_ARG, GET_ARCH_LINUX, RUN_MONKEY, WGET_HTTP_UPLOAD)
GET_ARCH_WINDOWS, ID_STRING, MONKEY_ARG,
POWERSHELL_HTTP_UPLOAD, RUN_MONKEY,
WGET_HTTP_UPLOAD)
from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem from infection_monkey.telemetry.attack.t1222_telem import T1222Telem

View File

@ -16,12 +16,9 @@ from impacket.dcerpc.v5 import transport
from common.utils.shellcode_obfuscator import clarify from common.utils.shellcode_obfuscator import clarify
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.smb_tools import SmbTools from infection_monkey.exploit.tools.smb_tools import SmbTools
from infection_monkey.model import (DROPPER_CMDLINE_WINDOWS, from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
MONKEY_CMDLINE_WINDOWS)
from infection_monkey.network.smbfinger import SMBFinger from infection_monkey.network.smbfinger import SMBFinger
from infection_monkey.network.tools import check_tcp_port from infection_monkey.network.tools import check_tcp_port

View File

@ -7,14 +7,10 @@ from impacket.dcerpc.v5.rpcrt import DCERPCException
from common.utils.exploit_enum import ExploitType from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline, from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
get_monkey_depth,
get_target_monkey)
from infection_monkey.exploit.tools.smb_tools import SmbTools from infection_monkey.exploit.tools.smb_tools import SmbTools
from infection_monkey.exploit.tools.wmi_tools import (AccessDeniedException, from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
WmiTools) from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
from infection_monkey.model import (DROPPER_CMDLINE_WINDOWS,
MONKEY_CMDLINE_WINDOWS)
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)

View File

@ -15,8 +15,7 @@ from infection_monkey.config import EXTERNAL_CONFIG_FILE, WormConfiguration
from infection_monkey.dropper import MonkeyDrops from infection_monkey.dropper import MonkeyDrops
from infection_monkey.model import DROPPER_ARG, MONKEY_ARG from infection_monkey.model import DROPPER_ARG, MONKEY_ARG
from infection_monkey.monkey import InfectionMonkey from infection_monkey.monkey import InfectionMonkey
from infection_monkey.utils.monkey_log_path import (get_dropper_log_path, from infection_monkey.utils.monkey_log_path import get_dropper_log_path, get_monkey_log_path
get_monkey_log_path)
__author__ = 'itamar' __author__ = 'itamar'

View File

@ -7,10 +7,9 @@ import time
from threading import Thread from threading import Thread
import infection_monkey.tunnel as tunnel import infection_monkey.tunnel as tunnel
from common.network.network_utils import get_host_from_network_location from infection_monkey.network.tools import is_running_on_island
from common.utils.attack_utils import ScanStatus, UsageEnum from common.utils.attack_utils import ScanStatus, UsageEnum
from common.utils.exceptions import (ExploitingVulnerableMachineError, from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
FailedExploitationError)
from common.version import get_version from common.version import get_version
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration
from infection_monkey.control import ControlClient from infection_monkey.control import ControlClient
@ -19,8 +18,7 @@ from infection_monkey.model import DELAY_DELETE_CMD
from infection_monkey.network.firewall import app as firewall from infection_monkey.network.firewall import app as firewall
from infection_monkey.network.HostFinger import HostFinger from infection_monkey.network.HostFinger import HostFinger
from infection_monkey.network.network_scanner import NetworkScanner from infection_monkey.network.network_scanner import NetworkScanner
from infection_monkey.network.tools import (get_interface_to_target, from infection_monkey.network.tools import get_interface_to_target
is_running_on_server)
from infection_monkey.post_breach.post_breach_handler import PostBreach from infection_monkey.post_breach.post_breach_handler import PostBreach
from infection_monkey.system_info import SystemInfoCollector from infection_monkey.system_info import SystemInfoCollector
from infection_monkey.system_singleton import SystemSingleton from infection_monkey.system_singleton import SystemSingleton
@ -33,11 +31,8 @@ from infection_monkey.telemetry.system_info_telem import SystemInfoTelem
from infection_monkey.telemetry.trace_telem import TraceTelem from infection_monkey.telemetry.trace_telem import TraceTelem
from infection_monkey.telemetry.tunnel_telem import TunnelTelem from infection_monkey.telemetry.tunnel_telem import TunnelTelem
from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.environment import is_windows_os
from infection_monkey.utils.exceptions.planned_shutdown_exception import \ from infection_monkey.utils.exceptions.planned_shutdown_exception import PlannedShutdownException
PlannedShutdownException from infection_monkey.utils.monkey_dir import create_monkey_dir, get_monkey_dir_path, remove_monkey_dir
from infection_monkey.utils.monkey_dir import (create_monkey_dir,
get_monkey_dir_path,
remove_monkey_dir)
from infection_monkey.utils.monkey_log_path import get_monkey_log_path from infection_monkey.utils.monkey_log_path import get_monkey_log_path
from infection_monkey.windows_upgrader import WindowsUpgrader from infection_monkey.windows_upgrader import WindowsUpgrader
@ -125,7 +120,8 @@ class InfectionMonkey(object):
self.shutdown_by_not_alive_config() self.shutdown_by_not_alive_config()
if self.is_started_on_island(): if is_running_on_island():
WormConfiguration.started_on_island = True
ControlClient.report_start_on_island() ControlClient.report_start_on_island()
ControlClient.should_monkey_run(self._opts.vulnerable_port) ControlClient.should_monkey_run(self._opts.vulnerable_port)
@ -195,8 +191,8 @@ class InfectionMonkey(object):
if self._default_server: if self._default_server:
if self._network.on_island(self._default_server): if self._network.on_island(self._default_server):
machine.set_default_server(get_interface_to_target(machine.ip_addr) + machine.set_default_server(get_interface_to_target(machine.ip_addr) +
( (':' + self._default_server_port
':' + self._default_server_port if self._default_server_port else '')) if self._default_server_port else ''))
else: else:
machine.set_default_server(self._default_server) machine.set_default_server(self._default_server)
LOG.debug("Default server for machine: %r set to %s" % (machine, machine.default_server)) LOG.debug("Default server for machine: %r set to %s" % (machine, machine.default_server))
@ -254,7 +250,7 @@ class InfectionMonkey(object):
LOG.debug("Running with depth: %d" % WormConfiguration.depth) LOG.debug("Running with depth: %d" % WormConfiguration.depth)
def collect_system_info_if_configured(self): def collect_system_info_if_configured(self):
LOG.debug("Calling system info collection") LOG.debug("Calling for system info collection")
system_info_collector = SystemInfoCollector() system_info_collector = SystemInfoCollector()
system_info = system_info_collector.get_info() system_info = system_info_collector.get_info()
SystemInfoTelem(system_info).send() SystemInfoTelem(system_info).send()
@ -306,8 +302,7 @@ class InfectionMonkey(object):
try: try:
status = None status = None
if "win32" == sys.platform: if "win32" == sys.platform:
from subprocess import (CREATE_NEW_CONSOLE, from subprocess import CREATE_NEW_CONSOLE, STARTF_USESHOWWINDOW, SW_HIDE
STARTF_USESHOWWINDOW, SW_HIDE)
startupinfo = subprocess.STARTUPINFO() startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags = CREATE_NEW_CONSOLE | STARTF_USESHOWWINDOW startupinfo.dwFlags = CREATE_NEW_CONSOLE | STARTF_USESHOWWINDOW
startupinfo.wShowWindow = SW_HIDE startupinfo.wShowWindow = SW_HIDE
@ -403,10 +398,6 @@ class InfectionMonkey(object):
self._default_server = WormConfiguration.current_server self._default_server = WormConfiguration.current_server
LOG.debug("default server set to: %s" % self._default_server) LOG.debug("default server set to: %s" % self._default_server)
def is_started_on_island(self):
island_ip = get_host_from_network_location(self._default_server)
return is_running_on_server(island_ip) and WormConfiguration.depth == WormConfiguration.max_depth
def log_arguments(self): def log_arguments(self):
arg_string = " ".join([f"{key}: {value}" for key, value in vars(self._opts).items()]) arg_string = " ".join([f"{key}: {value}" for key, value in vars(self._opts).items()])
LOG.info(f"Monkey started with arguments: {arg_string}") LOG.info(f"Monkey started with arguments: {arg_string}")

View File

@ -6,7 +6,7 @@ import requests
from requests.exceptions import ConnectionError, Timeout from requests.exceptions import ConnectionError, Timeout
import infection_monkey.config import infection_monkey.config
from common.data.network_consts import ES_SERVICE from common.common_consts.network_consts import ES_SERVICE
from infection_monkey.network.HostFinger import HostFinger from infection_monkey.network.HostFinger import HostFinger
ES_PORT = 9200 ES_PORT = 9200

View File

@ -3,8 +3,7 @@ import socket
import infection_monkey.config import infection_monkey.config
from infection_monkey.network.HostFinger import HostFinger from infection_monkey.network.HostFinger import HostFinger
from infection_monkey.network.tools import (struct_unpack_tracker, from infection_monkey.network.tools import struct_unpack_tracker, struct_unpack_tracker_string
struct_unpack_tracker_string)
MYSQL_PORT = 3306 MYSQL_PORT = 3306
SQL_SERVICE = 'mysqld-3306' SQL_SERVICE = 'mysqld-3306'

View File

@ -7,6 +7,8 @@ import subprocess
import sys import sys
import time import time
from common.network.network_utils import get_host_from_network_location
from infection_monkey.config import WormConfiguration
from infection_monkey.network.info import get_routes, local_ips from infection_monkey.network.info import get_routes, local_ips
from infection_monkey.pyinstaller_utils import get_binary_file_path from infection_monkey.pyinstaller_utils import get_binary_file_path
from infection_monkey.utils.environment import is_64bit_python from infection_monkey.utils.environment import is_64bit_python
@ -311,5 +313,11 @@ def get_interface_to_target(dst):
return ret[1] return ret[1]
def is_running_on_island():
current_server_without_port = get_host_from_network_location(WormConfiguration.current_server)
running_on_island = is_running_on_server(current_server_without_port)
return running_on_island and WormConfiguration.depth == WormConfiguration.max_depth
def is_running_on_server(ip: str) -> bool: def is_running_on_server(ip: str) -> bool:
return ip in local_ips() return ip in local_ips()

View File

@ -1,4 +1,4 @@
from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.utils.users import get_commands_to_add_user from infection_monkey.utils.users import get_commands_to_add_user

View File

@ -1,7 +1,6 @@
from common.data.post_breach_consts import POST_BREACH_SETUID_SETGID from common.common_consts.post_breach_consts import POST_BREACH_SETUID_SETGID
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.setuid_setgid.setuid_setgid import \ from infection_monkey.post_breach.setuid_setgid.setuid_setgid import get_commands_to_change_setuid_setgid
get_commands_to_change_setuid_setgid
class ChangeSetuidSetgid(PBA): class ChangeSetuidSetgid(PBA):

View File

@ -1,6 +1,6 @@
import subprocess import subprocess
from common.data.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY from common.common_consts.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY
from infection_monkey.post_breach.clear_command_history.clear_command_history import \ from infection_monkey.post_breach.clear_command_history.clear_command_history import \
get_commands_to_clear_command_history get_commands_to_clear_command_history
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA

View File

@ -3,7 +3,7 @@ import random
import string import string
import subprocess import subprocess
from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
from infection_monkey.utils.auto_new_user_factory import create_auto_new_user from infection_monkey.utils.auto_new_user_factory import create_auto_new_user

View File

@ -1,6 +1,5 @@
from common.data.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY from common.common_consts.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY
from infection_monkey.post_breach.account_discovery.account_discovery import \ from infection_monkey.post_breach.account_discovery.account_discovery import get_commands_to_discover_accounts
get_commands_to_discover_accounts
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA

View File

@ -1,12 +1,10 @@
from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES from common.common_consts.post_breach_consts import POST_BREACH_HIDDEN_FILES
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.environment import is_windows_os
from infection_monkey.utils.hidden_files import (cleanup_hidden_files, from infection_monkey.utils.hidden_files import (cleanup_hidden_files, get_commands_to_hide_files,
get_commands_to_hide_files,
get_commands_to_hide_folders) get_commands_to_hide_folders)
from infection_monkey.utils.windows.hidden_files import \ from infection_monkey.utils.windows.hidden_files import get_winAPI_to_hide_files
get_winAPI_to_hide_files
HIDDEN_FSO_CREATION_COMMANDS = [get_commands_to_hide_files, HIDDEN_FSO_CREATION_COMMANDS = [get_commands_to_hide_files,
get_commands_to_hide_folders] get_commands_to_hide_folders]

View File

@ -1,7 +1,6 @@
import subprocess import subprocess
from common.data.post_breach_consts import \ from common.common_consts.post_breach_consts import POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import \ from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import \
get_commands_to_modify_shell_startup_files get_commands_to_modify_shell_startup_files

View File

@ -1,6 +1,6 @@
from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING from common.common_consts.post_breach_consts import POST_BREACH_JOB_SCHEDULING
from infection_monkey.post_breach.job_scheduling.job_scheduling import ( from infection_monkey.post_breach.job_scheduling.job_scheduling import (get_commands_to_schedule_jobs,
get_commands_to_schedule_jobs, remove_scheduled_jobs) remove_scheduled_jobs)
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA

View File

@ -1,7 +1,6 @@
from common.data.post_breach_consts import POST_BREACH_TIMESTOMPING from common.common_consts.post_breach_consts import POST_BREACH_TIMESTOMPING
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.timestomping.timestomping import \ from infection_monkey.post_breach.timestomping.timestomping import get_timestomping_commands
get_timestomping_commands
class Timestomping(PBA): class Timestomping(PBA):

View File

@ -1,7 +1,7 @@
import logging import logging
import subprocess import subprocess
from common.data.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC from common.common_consts.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.signed_script_proxy.signed_script_proxy import ( from infection_monkey.post_breach.signed_script_proxy.signed_script_proxy import (
cleanup_changes, get_commands_to_proxy_execution_using_signed_script) cleanup_changes, get_commands_to_proxy_execution_using_signed_script)

View File

@ -1,7 +1,6 @@
from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND from common.common_consts.post_breach_consts import POST_BREACH_TRAP_COMMAND
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.trap_command.trap_command import \ from infection_monkey.post_breach.trap_command.trap_command import get_trap_commands
get_trap_commands
class TrapCommand(PBA): class TrapCommand(PBA):

View File

@ -1,7 +1,7 @@
import logging import logging
import os import os
from common.data.post_breach_consts import POST_BREACH_FILE_EXECUTION from common.common_consts.post_breach_consts import POST_BREACH_FILE_EXECUTION
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration
from infection_monkey.control import ControlClient from infection_monkey.control import ControlClient

View File

@ -1,6 +1,5 @@
from infection_monkey.post_breach.clear_command_history.linux_clear_command_history import ( from infection_monkey.post_breach.clear_command_history.linux_clear_command_history import (
get_linux_command_history_files, get_linux_command_history_files, get_linux_commands_to_clear_command_history, get_linux_usernames)
get_linux_commands_to_clear_command_history, get_linux_usernames)
def get_commands_to_clear_command_history(): def get_commands_to_clear_command_history():

View File

@ -1,10 +1,8 @@
import subprocess import subprocess
from infection_monkey.post_breach.job_scheduling.linux_job_scheduling import \ from infection_monkey.post_breach.job_scheduling.linux_job_scheduling import get_linux_commands_to_schedule_jobs
get_linux_commands_to_schedule_jobs
from infection_monkey.post_breach.job_scheduling.windows_job_scheduling import ( from infection_monkey.post_breach.job_scheduling.windows_job_scheduling import (
get_windows_commands_to_remove_scheduled_jobs, get_windows_commands_to_remove_scheduled_jobs, get_windows_commands_to_schedule_jobs)
get_windows_commands_to_schedule_jobs)
from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.environment import is_windows_os

View File

@ -1,5 +1,4 @@
from infection_monkey.post_breach.setuid_setgid.linux_setuid_setgid import \ from infection_monkey.post_breach.setuid_setgid.linux_setuid_setgid import get_linux_commands_to_setuid_setgid
get_linux_commands_to_setuid_setgid
def get_commands_to_change_setuid_setgid(): def get_commands_to_change_setuid_setgid():

View File

@ -1,8 +1,7 @@
import subprocess import subprocess
from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_proxy import ( from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_proxy import (
get_windows_commands_to_delete_temp_comspec, get_windows_commands_to_delete_temp_comspec, get_windows_commands_to_proxy_execution_using_signed_script,
get_windows_commands_to_proxy_execution_using_signed_script,
get_windows_commands_to_reset_comspec) get_windows_commands_to_reset_comspec)
from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.environment import is_windows_os

View File

@ -1,7 +1,5 @@
from infection_monkey.post_breach.timestomping.linux.timestomping import \ from infection_monkey.post_breach.timestomping.linux.timestomping import get_linux_timestomping_commands
get_linux_timestomping_commands from infection_monkey.post_breach.timestomping.windows.timestomping import get_windows_timestomping_commands
from infection_monkey.post_breach.timestomping.windows.timestomping import \
get_windows_timestomping_commands
def get_timestomping_commands(): def get_timestomping_commands():

View File

@ -1,5 +1,4 @@
from infection_monkey.post_breach.trap_command.linux_trap_command import \ from infection_monkey.post_breach.trap_command.linux_trap_command import get_linux_trap_commands
get_linux_trap_commands
def get_trap_commands(): def get_trap_commands():

View File

@ -4,12 +4,11 @@ from enum import IntEnum
import psutil import psutil
from common.data.system_info_collectors_names import AZURE_CRED_COLLECTOR from common.common_consts.system_info_collectors_names import AZURE_CRED_COLLECTOR
from infection_monkey.network.info import get_host_subnets from infection_monkey.network.info import get_host_subnets
from infection_monkey.system_info.azure_cred_collector import AzureCollector from infection_monkey.system_info.azure_cred_collector import AzureCollector
from infection_monkey.system_info.netstat_collector import NetstatCollector from infection_monkey.system_info.netstat_collector import NetstatCollector
from infection_monkey.system_info.system_info_collectors_handler import \ from infection_monkey.system_info.system_info_collectors_handler import SystemInfoCollectorsHandler
SystemInfoCollectorsHandler
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)

View File

@ -1,9 +1,11 @@
import logging import logging
from common.cloud.aws.aws_instance import AwsInstance from common.cloud.aws.aws_instance import AwsInstance
from common.data.system_info_collectors_names import AWS_COLLECTOR from common.cloud.scoutsuite_consts import CloudProviders
from infection_monkey.system_info.system_info_collector import \ from common.common_consts.system_info_collectors_names import AWS_COLLECTOR
SystemInfoCollector from infection_monkey.network.tools import is_running_on_island
from infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_collector import scan_cloud_security
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -17,6 +19,11 @@ class AwsCollector(SystemInfoCollector):
def collect(self) -> dict: def collect(self) -> dict:
logger.info("Collecting AWS info") logger.info("Collecting AWS info")
if is_running_on_island():
logger.info("Attempting to scan AWS security with ScoutSuite.")
scan_cloud_security(cloud_type=CloudProviders.AWS)
else:
logger.info("Didn't scan AWS security with ScoutSuite, because not on island.")
aws = AwsInstance() aws = AwsInstance()
info = {} info = {}
if aws.is_instance(): if aws.is_instance():

View File

@ -1,8 +1,7 @@
from common.cloud.all_instances import get_all_cloud_instances from common.cloud.all_instances import get_all_cloud_instances
from common.cloud.environment_names import Environment from common.cloud.environment_names import Environment
from common.data.system_info_collectors_names import ENVIRONMENT_COLLECTOR from common.common_consts.system_info_collectors_names import ENVIRONMENT_COLLECTOR
from infection_monkey.system_info.system_info_collector import \ from infection_monkey.system_info.system_info_collector import SystemInfoCollector
SystemInfoCollector
def get_monkey_environment() -> str: def get_monkey_environment() -> str:

View File

@ -1,9 +1,8 @@
import logging import logging
import socket import socket
from common.data.system_info_collectors_names import HOSTNAME_COLLECTOR from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR
from infection_monkey.system_info.system_info_collector import \ from infection_monkey.system_info.system_info_collector import SystemInfoCollector
SystemInfoCollector
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)

View File

@ -2,9 +2,8 @@ import logging
import psutil import psutil
from common.data.system_info_collectors_names import PROCESS_LIST_COLLECTOR from common.common_consts.system_info_collectors_names import PROCESS_LIST_COLLECTOR
from infection_monkey.system_info.system_info_collector import \ from infection_monkey.system_info.system_info_collector import SystemInfoCollector
SystemInfoCollector
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)

View File

@ -0,0 +1,15 @@
import pkgutil
import sys
from pathlib import PurePath
_scoutsuite_api_package = pkgutil.get_loader('common.cloud.scoutsuite.ScoutSuite.__main__')
def _add_scoutsuite_to_python_path():
scoutsuite_path = PurePath(_scoutsuite_api_package.path).parent.parent.__str__()
sys.path.append(scoutsuite_path)
# Add ScoutSuite to python path because this way
# we don't need to change any imports in ScoutSuite code
_add_scoutsuite_to_python_path()

View File

@ -0,0 +1,5 @@
import common.cloud.scoutsuite.ScoutSuite.api_run as scoutsuite_api
def run(*args, **kwargs):
return scoutsuite_api.run(*args, **kwargs)

View File

@ -0,0 +1,32 @@
import logging
from typing import Union
import infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_api as scoutsuite_api
from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider
from common.cloud.scoutsuite_consts import CloudProviders
from common.utils.exceptions import ScoutSuiteScanError
from infection_monkey.config import WormConfiguration
from infection_monkey.telemetry.scoutsuite_telem import ScoutSuiteTelem
logger = logging.getLogger(__name__)
def scan_cloud_security(cloud_type: CloudProviders):
try:
results = run_scoutsuite(cloud_type.value)
if isinstance(results, dict) and 'error' in results and results['error']:
raise ScoutSuiteScanError(results['error'])
send_scoutsuite_run_results(results)
except (Exception, ScoutSuiteScanError) as e:
logger.error(f"ScoutSuite didn't scan {cloud_type.value} security because: {e}")
def run_scoutsuite(cloud_type: str) -> Union[BaseProvider, dict]:
return scoutsuite_api.run(provider=cloud_type,
aws_access_key_id=WormConfiguration.aws_access_key_id,
aws_secret_access_key=WormConfiguration.aws_secret_access_key,
aws_session_token=WormConfiguration.aws_session_token)
def send_scoutsuite_run_results(run_results: BaseProvider):
ScoutSuiteTelem(run_results).send()

View File

@ -1,8 +1,7 @@
import logging import logging
from typing import Sequence from typing import Sequence
from infection_monkey.system_info.system_info_collector import \ from infection_monkey.system_info.system_info_collector import SystemInfoCollector
SystemInfoCollector
from infection_monkey.telemetry.system_info_telem import SystemInfoTelem from infection_monkey.telemetry.system_info_telem import SystemInfoTelem
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)

View File

@ -1,10 +1,8 @@
import logging import logging
from typing import List from typing import List
from infection_monkey.system_info.windows_cred_collector import \ from infection_monkey.system_info.windows_cred_collector import pypykatz_handler
pypykatz_handler from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials
from infection_monkey.system_info.windows_cred_collector.windows_credentials import \
WindowsCredentials
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)

View File

@ -3,8 +3,7 @@ from typing import Any, Dict, List, NewType
from pypykatz.pypykatz import pypykatz from pypykatz.pypykatz import pypykatz
from infection_monkey.system_info.windows_cred_collector.windows_credentials import \ from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials
WindowsCredentials
CREDENTIAL_TYPES = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'dpapi_creds', CREDENTIAL_TYPES = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'dpapi_creds',
'kerberos_creds', 'credman_creds', 'tspkg_creds'] 'kerberos_creds', 'credman_creds', 'tspkg_creds']

View File

@ -1,7 +1,6 @@
from unittest import TestCase from unittest import TestCase
from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import \ from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import _get_creds_from_pypykatz_session
_get_creds_from_pypykatz_session
class TestPypykatzHandler(TestCase): class TestPypykatzHandler(TestCase):

View File

@ -2,9 +2,8 @@ import logging
import os import os
import sys import sys
from common.data.system_info_collectors_names import MIMIKATZ_COLLECTOR from common.common_consts.system_info_collectors_names import MIMIKATZ_COLLECTOR
from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import \ from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import MimikatzCredentialCollector
MimikatzCredentialCollector
sys.coinit_flags = 0 # needed for proper destruction of the wmi python module sys.coinit_flags = 0 # needed for proper destruction of the wmi python module
import infection_monkey.config # noqa: E402 import infection_monkey.config # noqa: E402

View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "VakarisZ" __author__ = "VakarisZ"
@ -15,7 +16,7 @@ class AttackTelem(BaseTelem):
self.technique = technique self.technique = technique
self.status = status self.status = status
telem_category = 'attack' telem_category = TelemCategoryEnum.ATTACK
def get_data(self): def get_data(self):
return { return {

View File

@ -5,6 +5,7 @@ import logging
from infection_monkey.control import ControlClient from infection_monkey.control import ControlClient
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
LOGGED_DATA_LENGTH = 300 # How many characters of telemetry data will be logged
__author__ = 'itay.mizeretz' __author__ = 'itay.mizeretz'
@ -22,12 +23,25 @@ class BaseTelem(object, metaclass=abc.ABCMeta):
Sends telemetry to island Sends telemetry to island
""" """
data = self.get_data() data = self.get_data()
serialized_data = json.dumps(data, cls=self.json_encoder)
self._log_telem_sending(serialized_data, log_data)
ControlClient.send_telemetry(self.telem_category, serialized_data)
@abc.abstractmethod
def get_data(self) -> dict:
"""
:return: Data of telemetry (should be dict)
"""
pass
@property
def json_encoder(self):
return json.JSONEncoder
def _log_telem_sending(self, serialized_data: str, log_data=True):
logger.debug(f"Sending {self.telem_category} telemetry.")
if log_data: if log_data:
data_to_log = json.dumps(data) logger.debug(f"Telemetry contents: {BaseTelem._truncate_data(serialized_data)}")
else:
data_to_log = 'redacted'
logger.debug("Sending {} telemetry. Data: {}".format(self.telem_category, data_to_log))
ControlClient.send_telemetry(self.telem_category, data)
@property @property
@abc.abstractmethod @abc.abstractmethod
@ -37,9 +51,9 @@ class BaseTelem(object, metaclass=abc.ABCMeta):
""" """
pass pass
@abc.abstractmethod @staticmethod
def get_data(self) -> dict: def _truncate_data(data: str):
""" if len(data) <= LOGGED_DATA_LENGTH:
:return: Data of telemetry (should be dict) return data
""" else:
pass return f"{data[:LOGGED_DATA_LENGTH]}..."

View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz" __author__ = "itay.mizeretz"
@ -15,7 +16,7 @@ class ExploitTelem(BaseTelem):
self.exploiter = exploiter self.exploiter = exploiter
self.result = result self.result = result
telem_category = 'exploit' telem_category = TelemCategoryEnum.EXPLOIT
def get_data(self): def get_data(self):
return { return {

View File

@ -1,5 +1,6 @@
import socket import socket
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz" __author__ = "itay.mizeretz"
@ -18,7 +19,7 @@ class PostBreachTelem(BaseTelem):
self.result = result self.result = result
self.hostname, self.ip = PostBreachTelem._get_hostname_and_ip() self.hostname, self.ip = PostBreachTelem._get_hostname_and_ip()
telem_category = 'post_breach' telem_category = TelemCategoryEnum.POST_BREACH
def get_data(self): def get_data(self):
return { return {

View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz" __author__ = "itay.mizeretz"
@ -13,7 +14,7 @@ class ScanTelem(BaseTelem):
super(ScanTelem, self).__init__() super(ScanTelem, self).__init__()
self.machine = machine self.machine = machine
telem_category = 'scan' telem_category = TelemCategoryEnum.SCAN
def get_data(self): def get_data(self):
return { return {

View File

@ -0,0 +1,19 @@
from common.cloud.scoutsuite.ScoutSuite.output.result_encoder import ScoutJsonEncoder
from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem
class ScoutSuiteTelem(BaseTelem):
def __init__(self, provider: BaseProvider):
super().__init__()
self.provider_data = provider
json_encoder = ScoutJsonEncoder
telem_category = TelemCategoryEnum.SCOUTSUITE
def get_data(self):
return {
'data': self.provider_data
}

View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz" __author__ = "itay.mizeretz"
@ -14,7 +15,7 @@ class StateTelem(BaseTelem):
self.is_done = is_done self.is_done = is_done
self.version = version self.version = version
telem_category = 'state' telem_category = TelemCategoryEnum.STATE
def get_data(self): def get_data(self):
return { return {

View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz" __author__ = "itay.mizeretz"
@ -13,7 +14,7 @@ class SystemInfoTelem(BaseTelem):
super(SystemInfoTelem, self).__init__() super(SystemInfoTelem, self).__init__()
self.system_info = system_info self.system_info = system_info
telem_category = 'system_info' telem_category = TelemCategoryEnum.SYSTEM_INFO
def get_data(self): def get_data(self):
return self.system_info return self.system_info

View File

@ -1,5 +1,6 @@
import logging import logging
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.telemetry.base_telem import BaseTelem from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz" __author__ = "itay.mizeretz"
@ -18,7 +19,7 @@ class TraceTelem(BaseTelem):
self.msg = msg self.msg = msg
LOG.debug("Trace: %s" % msg) LOG.debug("Trace: %s" % msg)
telem_category = 'trace' telem_category = TelemCategoryEnum.TRACE
def get_data(self): def get_data(self):
return { return {

View File

@ -1,3 +1,4 @@
from common.common_consts.telem_categories import TelemCategoryEnum
from infection_monkey.control import ControlClient from infection_monkey.control import ControlClient
from infection_monkey.telemetry.base_telem import BaseTelem from infection_monkey.telemetry.base_telem import BaseTelem
@ -13,7 +14,7 @@ class TunnelTelem(BaseTelem):
super(TunnelTelem, self).__init__() super(TunnelTelem, self).__init__()
self.proxy = ControlClient.proxies.get('https') self.proxy = ControlClient.proxies.get('https')
telem_category = 'tunnel' telem_category = TelemCategoryEnum.TUNNEL
def get_data(self): def get_data(self):
return {'proxy': self.proxy} return {'proxy': self.proxy}

View File

@ -13,8 +13,7 @@ import infection_monkey.control
import infection_monkey.monkeyfs as monkeyfs import infection_monkey.monkeyfs as monkeyfs
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
from infection_monkey.network.tools import get_interface_to_target from infection_monkey.network.tools import get_interface_to_target
from infection_monkey.transport.base import (TransportProxyBase, from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
update_last_serve_time)
__author__ = 'hoffer' __author__ = 'hoffer'
@ -193,8 +192,7 @@ class HTTPServer(threading.Thread):
def run(self): def run(self):
class TempHandler(FileServHTTPRequestHandler): class TempHandler(FileServHTTPRequestHandler):
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from infection_monkey.telemetry.attack.t1105_telem import \ from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
T1105Telem
filename = self._filename filename = self._filename
@ -248,8 +246,7 @@ class LockedHTTPServer(threading.Thread):
def run(self): def run(self):
class TempHandler(FileServHTTPRequestHandler): class TempHandler(FileServHTTPRequestHandler):
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from infection_monkey.telemetry.attack.t1105_telem import \ from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
T1105Telem
filename = self._filename filename = self._filename
@staticmethod @staticmethod

View File

@ -3,8 +3,7 @@ import socket
from logging import getLogger from logging import getLogger
from threading import Thread from threading import Thread
from infection_monkey.transport.base import (TransportProxyBase, from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
update_last_serve_time)
READ_BUFFER_SIZE = 8192 READ_BUFFER_SIZE = 8192
DEFAULT_TIMEOUT = 30 DEFAULT_TIMEOUT = 30

Some files were not shown because too many files have changed in this diff Show More