Merge pull request #848 from guardicore/519/scoutsuite-integration
519/scoutsuite integration
This commit is contained in:
commit
c698e0ab66
|
@ -1,7 +1,9 @@
|
||||||
|
|
||||||
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
|
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
|
||||||
path = monkey/monkey_island/cc/services/attack/attack_data
|
path = monkey/monkey_island/cc/services/attack/attack_data
|
||||||
url = https://github.com/guardicore/cti
|
url = https://github.com/guardicore/cti
|
||||||
[submodule "docs/themes/learn"]
|
[submodule "docs/themes/learn"]
|
||||||
path = docs/themes/learn
|
path = docs/themes/learn
|
||||||
url = https://github.com/guardicode/hugo-theme-learn.git
|
url = https://github.com/guardicode/hugo-theme-learn.git
|
||||||
|
[submodule "monkey/infection_monkey/system_info/collectors/scoutsuite"]
|
||||||
|
path = monkey/common/cloud/scoutsuite
|
||||||
|
url = https://github.com/guardicode/ScoutSuite.git
|
||||||
|
|
|
@ -1,232 +1,200 @@
|
||||||
{
|
{
|
||||||
"id": "OwcKMnALpn7tuBaJY1US",
|
"id": "OwcKMnALpn7tuBaJY1US",
|
||||||
"name": "Add a new System Info Collector",
|
"name": "Add a new System Info Collector",
|
||||||
"dod": "Add a system info collector that collects the machine hostname.",
|
"task": {
|
||||||
"description": "# What are system info collectors?\n\nWell, the name pretty much explains it. They are Monkey classes which collect various information regarding the victim system, such as Environment, SSH Info, Process List, Netstat and more. \n\n## What should I add? \n\nA system info collector which collects the hostname of the system.\n\n## Test manually\n\nOnce you're done, make sure that your collector:\n* Appears in the Island configuration, and is enabled by default\n* The collector actually runs when executing a Monkey.\n* Results show up in the relevant places:\n * The infection map.\n * The security report.\n * The relevant MITRE techniques.\n\n**There are a lot of hints for this unit - don't be afraid to use them!**",
|
"dod": "Add a system info collector that collects the machine hostname.",
|
||||||
"summary": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!",
|
"tests": [],
|
||||||
"hunksOrder": [
|
"hints": [
|
||||||
"monkey/common/data/system_info_collectors_names.py_0",
|
"First thing you should do is take a look at a different collector (like EnvironmentCollector) and 100% understand how it runs, how results are relayed back to the server, and how the server processes the data.",
|
||||||
"monkey/infection_monkey/system_info/collectors/hostname_collector.py_0",
|
"Try to run \"socket.getfqdn()\".",
|
||||||
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py_0",
|
"Take a look at SystemInfoCollector - that's the base class you'll need to implement.",
|
||||||
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py_1",
|
"Make sure you add the new collector to the configuration in all relevant places, including making it ON by default!"
|
||||||
"monkey/monkey_island/cc/services/config_schema/monkey.py_0",
|
]
|
||||||
"monkey/monkey_island/cc/services/config_schema/monkey.py_1",
|
|
||||||
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py_0",
|
|
||||||
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py_0",
|
|
||||||
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py_1"
|
|
||||||
],
|
|
||||||
"tests": [],
|
|
||||||
"hints": [
|
|
||||||
"First thing you should do is take a look at a different collector (like EnvironmentCollector) and 100% understand how it runs, how results are relayed back to the server, and how the server processes the data.",
|
|
||||||
"Try to run \"socket.getfqdn()\".",
|
|
||||||
"Take a look at SystemInfoCollector - that's the base class you'll need to implement.",
|
|
||||||
"Make sure you add the new collector to the configuration in all relevant places, including making it ON by default!"
|
|
||||||
],
|
|
||||||
"play_mode": "all",
|
|
||||||
"swimmPatch": {
|
|
||||||
"monkey/common/data/system_info_collectors_names.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/common/data/system_info_collectors_names.py b/monkey/common/data/system_info_collectors_names.py\nindex 175a054e..3b478dc9 100644\n--- a/monkey/common/data/system_info_collectors_names.py\n+++ b/monkey/common/data/system_info_collectors_names.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -1,5 +1,5 @@",
|
|
||||||
" AWS_COLLECTOR = \"AwsCollector\"",
|
|
||||||
"-HOSTNAME_COLLECTOR = \"HostnameCollector\"",
|
|
||||||
"+# SWIMMER: Collector name goes here.",
|
|
||||||
" ENVIRONMENT_COLLECTOR = \"EnvironmentCollector\"",
|
|
||||||
" PROCESS_LIST_COLLECTOR = \"ProcessListCollector\"",
|
|
||||||
" MIMIKATZ_COLLECTOR = \"MimikatzCollector\""
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"monkey/infection_monkey/system_info/collectors/hostname_collector.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/infection_monkey/system_info/collectors/hostname_collector.py b/monkey/infection_monkey/system_info/collectors/hostname_collector.py\nindex ae956081..bdeb5033 100644\n--- a/monkey/infection_monkey/system_info/collectors/hostname_collector.py\n+++ b/monkey/infection_monkey/system_info/collectors/hostname_collector.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -1,16 +1,5 @@",
|
|
||||||
" import logging",
|
|
||||||
"-import socket",
|
|
||||||
"-",
|
|
||||||
"-from common.data.system_info_collectors_names import HOSTNAME_COLLECTOR",
|
|
||||||
"-from infection_monkey.system_info.system_info_collector import \\",
|
|
||||||
"- SystemInfoCollector",
|
|
||||||
" ",
|
|
||||||
" logger = logging.getLogger(__name__)",
|
|
||||||
" ",
|
|
||||||
"-",
|
|
||||||
"+# SWIMMER: The collector class goes here.",
|
|
||||||
"-class HostnameCollector(SystemInfoCollector):",
|
|
||||||
"- def __init__(self):",
|
|
||||||
"- super().__init__(name=HOSTNAME_COLLECTOR)",
|
|
||||||
"-",
|
|
||||||
"- def collect(self) -> dict:",
|
|
||||||
"- return {\"hostname\": socket.getfqdn()}"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py\nindex 174133f4..de961fbd 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -1,7 +1,6 @@",
|
|
||||||
" from common.data.system_info_collectors_names import (AWS_COLLECTOR,",
|
|
||||||
" AZURE_CRED_COLLECTOR,",
|
|
||||||
" ENVIRONMENT_COLLECTOR,",
|
|
||||||
"- HOSTNAME_COLLECTOR,",
|
|
||||||
" MIMIKATZ_COLLECTOR,",
|
|
||||||
" PROCESS_LIST_COLLECTOR)",
|
|
||||||
" "
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -40,16 +39,7 @@",
|
|
||||||
" \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",",
|
|
||||||
" \"attack_techniques\": [\"T1082\"]",
|
|
||||||
" },",
|
|
||||||
"- {",
|
|
||||||
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
|
|
||||||
"- \"type\": \"string\",",
|
|
||||||
"- \"enum\": [",
|
|
||||||
"- HOSTNAME_COLLECTOR",
|
|
||||||
"- ],",
|
|
||||||
"- \"title\": \"Hostname collector\",",
|
|
||||||
"- \"safe\": True,",
|
|
||||||
"- \"info\": \"Collects machine's hostname.\",",
|
|
||||||
"- \"attack_techniques\": [\"T1082\", \"T1016\"]",
|
|
||||||
"- },",
|
|
||||||
" {",
|
|
||||||
" \"type\": \"string\",",
|
|
||||||
" \"enum\": ["
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"monkey/monkey_island/cc/services/config_schema/monkey.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py\nindex b47d6a15..1b1962a4 100644\n--- a/monkey/monkey_island/cc/services/config_schema/monkey.py\n+++ b/monkey/monkey_island/cc/services/config_schema/monkey.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -1,7 +1,6 @@",
|
|
||||||
" from common.data.system_info_collectors_names import (AWS_COLLECTOR,",
|
|
||||||
" AZURE_CRED_COLLECTOR,",
|
|
||||||
" ENVIRONMENT_COLLECTOR,",
|
|
||||||
"- HOSTNAME_COLLECTOR,",
|
|
||||||
" MIMIKATZ_COLLECTOR,",
|
|
||||||
" PROCESS_LIST_COLLECTOR)",
|
|
||||||
" "
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -88,7 +87,6 @@",
|
|
||||||
" \"default\": [",
|
|
||||||
" ENVIRONMENT_COLLECTOR,",
|
|
||||||
" AWS_COLLECTOR,",
|
|
||||||
"- HOSTNAME_COLLECTOR,",
|
|
||||||
" PROCESS_LIST_COLLECTOR,",
|
|
||||||
" MIMIKATZ_COLLECTOR,",
|
|
||||||
" AZURE_CRED_COLLECTOR"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py\nindex e2de4519..04bc3556 100644\n--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py\n+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -1,9 +1,9 @@",
|
|
||||||
" import logging",
|
|
||||||
" ",
|
|
||||||
"-from monkey_island.cc.models.monkey import Monkey",
|
|
||||||
"+# SWIMMER: This will be useful :) monkey_island.cc.models.monkey.Monkey has the useful",
|
|
||||||
"+# \"get_single_monkey_by_guid\" and \"set_hostname\" methods.",
|
|
||||||
" ",
|
|
||||||
" logger = logging.getLogger(__name__)",
|
|
||||||
" ",
|
|
||||||
" ",
|
|
||||||
"-def process_hostname_telemetry(collector_results, monkey_guid):",
|
|
||||||
"+# SWIMMER: Processing function goes here.",
|
|
||||||
"- Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results[\"hostname\"])"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py\nindex 639a392c..7aa6d3a6 100644\n--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py\n+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -3,14 +3,11 @@",
|
|
||||||
" ",
|
|
||||||
" from common.data.system_info_collectors_names import (AWS_COLLECTOR,",
|
|
||||||
" ENVIRONMENT_COLLECTOR,",
|
|
||||||
"- HOSTNAME_COLLECTOR,",
|
|
||||||
" PROCESS_LIST_COLLECTOR)",
|
|
||||||
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import \\",
|
|
||||||
" process_aws_telemetry",
|
|
||||||
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\",
|
|
||||||
" process_environment_telemetry",
|
|
||||||
"-from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import \\",
|
|
||||||
"- process_hostname_telemetry",
|
|
||||||
" from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import \\",
|
|
||||||
" test_antivirus_existence",
|
|
||||||
" "
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -19,7 +16,6 @@",
|
|
||||||
" SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {",
|
|
||||||
" AWS_COLLECTOR: [process_aws_telemetry],",
|
|
||||||
" ENVIRONMENT_COLLECTOR: [process_environment_telemetry],",
|
|
||||||
"- HOSTNAME_COLLECTOR: [process_hostname_telemetry],",
|
|
||||||
" PROCESS_LIST_COLLECTOR: [test_antivirus_existence]",
|
|
||||||
" }",
|
|
||||||
" "
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
"app_version": "0.3.5-1",
|
"content": [
|
||||||
"file_version": "1.0.4"
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "# What are system info collectors?\n\nWell, the name pretty much explains it. They are Monkey classes which collect various information regarding the victim system, such as Environment, SSH Info, Process List, Netstat and more. \n\n## What should I add? \n\nA system info collector which collects the hostname of the system.\n\n## Test manually\n\nOnce you're done, make sure that your collector:\n* Appears in the Island configuration, and is enabled by default\n* The collector actually runs when executing a Monkey.\n* Results show up in the relevant places:\n * The infection map.\n * The security report.\n * The relevant MITRE techniques.\n\n**There are a lot of hints for this unit - don't be afraid to use them!**"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/common/common_consts/system_info_collectors_names.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 1,
|
||||||
|
"lines": [
|
||||||
|
" AWS_COLLECTOR = \"AwsCollector\"",
|
||||||
|
"*HOSTNAME_COLLECTOR = \"HostnameCollector\"",
|
||||||
|
"+# SWIMMER: Collector name goes here.",
|
||||||
|
" ENVIRONMENT_COLLECTOR = \"EnvironmentCollector\"",
|
||||||
|
" PROCESS_LIST_COLLECTOR = \"ProcessListCollector\"",
|
||||||
|
" MIMIKATZ_COLLECTOR = \"MimikatzCollector\""
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/infection_monkey/system_info/collectors/hostname_collector.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 1,
|
||||||
|
"lines": [
|
||||||
|
" import logging",
|
||||||
|
"*import socket",
|
||||||
|
"*",
|
||||||
|
"*from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR",
|
||||||
|
"*from infection_monkey.system_info.system_info_collector import SystemInfoCollector",
|
||||||
|
" ",
|
||||||
|
" logger = logging.getLogger(__name__)",
|
||||||
|
" ",
|
||||||
|
"*",
|
||||||
|
"+# SWIMMER: The collector class goes here.",
|
||||||
|
"*class HostnameCollector(SystemInfoCollector):",
|
||||||
|
"* def __init__(self):",
|
||||||
|
"* super().__init__(name=HOSTNAME_COLLECTOR)",
|
||||||
|
"*",
|
||||||
|
"* def collect(self) -> dict:",
|
||||||
|
"* return {\"hostname\": socket.getfqdn()}"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 1,
|
||||||
|
"lines": [
|
||||||
|
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,\r",
|
||||||
|
"* ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
|
||||||
|
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)\r",
|
||||||
|
" \r",
|
||||||
|
" SYSTEM_INFO_COLLECTOR_CLASSES = {\r"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 37,
|
||||||
|
"lines": [
|
||||||
|
" \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",",
|
||||||
|
" \"attack_techniques\": [\"T1082\"]",
|
||||||
|
" },",
|
||||||
|
"* {",
|
||||||
|
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
|
||||||
|
"* \"type\": \"string\",",
|
||||||
|
"* \"enum\": [",
|
||||||
|
"* HOSTNAME_COLLECTOR",
|
||||||
|
"* ],",
|
||||||
|
"* \"title\": \"Hostname collector\",",
|
||||||
|
"* \"safe\": True,",
|
||||||
|
"* \"info\": \"Collects machine's hostname.\",",
|
||||||
|
"* \"attack_techniques\": [\"T1082\", \"T1016\"]",
|
||||||
|
"* },",
|
||||||
|
" {",
|
||||||
|
" \"type\": \"string\",",
|
||||||
|
" \"enum\": ["
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 1,
|
||||||
|
"lines": [
|
||||||
|
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,",
|
||||||
|
" ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,",
|
||||||
|
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)",
|
||||||
|
"* HOSTNAME_COLLECTOR,",
|
||||||
|
" MONKEY = {",
|
||||||
|
" \"title\": \"Monkey\",",
|
||||||
|
" \"type\": \"object\","
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 85,
|
||||||
|
"lines": [
|
||||||
|
" \"default\": [",
|
||||||
|
" ENVIRONMENT_COLLECTOR,",
|
||||||
|
" AWS_COLLECTOR,",
|
||||||
|
"* HOSTNAME_COLLECTOR,",
|
||||||
|
" PROCESS_LIST_COLLECTOR,",
|
||||||
|
" MIMIKATZ_COLLECTOR,",
|
||||||
|
" AZURE_CRED_COLLECTOR"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 1,
|
||||||
|
"lines": [
|
||||||
|
" import logging",
|
||||||
|
" ",
|
||||||
|
"*from monkey_island.cc.models.monkey import Monkey",
|
||||||
|
"+# SWIMMER: This will be useful :) monkey_island.cc.models.monkey.Monkey has the useful",
|
||||||
|
"+# \"get_single_monkey_by_guid\" and \"set_hostname\" methods.",
|
||||||
|
" ",
|
||||||
|
" logger = logging.getLogger(__name__)",
|
||||||
|
" ",
|
||||||
|
" ",
|
||||||
|
"*def process_hostname_telemetry(collector_results, monkey_guid):",
|
||||||
|
"+# SWIMMER: Processing function goes here.",
|
||||||
|
"* Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results[\"hostname\"])"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 1,
|
||||||
|
"lines": [
|
||||||
|
" import logging\r",
|
||||||
|
" import typing\r",
|
||||||
|
" \r",
|
||||||
|
"*from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
|
||||||
|
" PROCESS_LIST_COLLECTOR)\r",
|
||||||
|
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
|
||||||
|
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 14,
|
||||||
|
"lines": [
|
||||||
|
" SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {",
|
||||||
|
" AWS_COLLECTOR: [process_aws_telemetry],",
|
||||||
|
" ENVIRONMENT_COLLECTOR: [process_environment_telemetry],",
|
||||||
|
"* HOSTNAME_COLLECTOR: [process_hostname_telemetry],",
|
||||||
|
" PROCESS_LIST_COLLECTOR: [check_antivirus_existence]",
|
||||||
|
" }",
|
||||||
|
" "
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"lines": [
|
||||||
|
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
|
||||||
|
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r",
|
||||||
|
" process_environment_telemetry\r",
|
||||||
|
"*from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import process_hostname_telemetry\r",
|
||||||
|
" from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import check_antivirus_existence\r",
|
||||||
|
" \r",
|
||||||
|
" logger = logging.getLogger(__name__)\r"
|
||||||
|
],
|
||||||
|
"firstLineNumber": 6,
|
||||||
|
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
||||||
|
"comments": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"file_version": "2.0.0",
|
||||||
|
"meta": {
|
||||||
|
"app_version": "0.3.7-0",
|
||||||
|
"file_blobs": {}
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -1,147 +1,121 @@
|
||||||
{
|
{
|
||||||
"id": "tbxb2cGgUiJQ8Btma0fp",
|
"id": "tbxb2cGgUiJQ8Btma0fp",
|
||||||
"name": "Add a simple Post Breach action",
|
"name": "Add a simple Post Breach action",
|
||||||
"dod": "You should add a new PBA to the Monkey which creates a new user on the machine.",
|
"task": {
|
||||||
"description": "Read [our documentation about adding a new PBA](https://www.guardicore.com/infectionmonkey/docs/development/adding-post-breach-actions/).\n\nAfter that we want you to add the BackdoorUser PBA. The commands that add users for Win and Linux can be retrieved from `get_commands_to_add_user` - make sure you see how to use this function correctly. \n\nNote that the PBA should impact the T1136 MITRE technique as well! \n\n# Manual test to confirm\n\n1. Run the Monkey Island\n2. Make sure your new PBA is enabled by default in the config - for this test, disable network scanning, exploiting, and all other PBAs\n3. Run Monkey\n4. See the PBA in the security report\n5, See the PBA in the MITRE report in the relevant technique\n",
|
"dod": "You should add a new PBA to the Monkey which creates a new user on the machine.",
|
||||||
"summary": "Take a look at the configuration of the island again - see the \"command to run after breach\" option we offer the user? It's implemented exactly like you did right now but each user can do it for themselves. \n\nHowever, what if the PBA needs to do stuff which is more complex than just running a few commands? In that case... ",
|
"tests": [],
|
||||||
"hunksOrder": [
|
"hints": [
|
||||||
"monkey/common/data/post_breach_consts.py_0",
|
"See `ScheduleJobs` PBA for an example of a PBA which only uses shell commands.",
|
||||||
"monkey/infection_monkey/post_breach/actions/add_user.py_0",
|
"Make sure to add the PBA to the configuration as well.",
|
||||||
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_0",
|
"MITRE ATT&CK technique T1136 articulates that adversaries may create an account to maintain access to victim systems, therefore, the BackdoorUser PBA is relevant to it. Make sure to map this PBA to the MITRE ATT&CK configuration and report."
|
||||||
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_1",
|
]
|
||||||
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0"
|
|
||||||
],
|
|
||||||
"tests": [],
|
|
||||||
"hints": [
|
|
||||||
"See `ScheduleJobs` PBA for an example of a PBA which only uses shell commands.",
|
|
||||||
"Make sure to add the PBA to the configuration as well.",
|
|
||||||
"MITRE ATT&CK technique T1136 articulates that adversaries may create an account to maintain access to victim systems, therefore, the BackdoorUser PBA is relevant to it. Make sure to map this PBA to the MITRE ATT&CK configuration and report."
|
|
||||||
],
|
|
||||||
"play_mode": "all",
|
|
||||||
"swimmPatch": {
|
|
||||||
"monkey/common/data/post_breach_consts.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/common/data/post_breach_consts.py b/monkey/common/data/post_breach_consts.py\nindex 25e6679c..05980288 100644\n--- a/monkey/common/data/post_breach_consts.py\n+++ b/monkey/common/data/post_breach_consts.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -1,5 +1,5 @@",
|
|
||||||
" POST_BREACH_COMMUNICATE_AS_NEW_USER = \"Communicate as new user\"",
|
|
||||||
"-POST_BREACH_BACKDOOR_USER = \"Backdoor user\"",
|
|
||||||
"+# Swimmer: PUT THE NEW CONST HERE!",
|
|
||||||
" POST_BREACH_FILE_EXECUTION = \"File execution\"",
|
|
||||||
" POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = \"Modify shell startup file\"",
|
|
||||||
" POST_BREACH_HIDDEN_FILES = \"Hide files and directories\""
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"monkey/infection_monkey/post_breach/actions/add_user.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py\nindex 58be89a1..d8476a97 100644\n--- a/monkey/infection_monkey/post_breach/actions/add_user.py\n+++ b/monkey/infection_monkey/post_breach/actions/add_user.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -1,15 +1,7 @@",
|
|
||||||
"-from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER",
|
|
||||||
"-from infection_monkey.config import WormConfiguration",
|
|
||||||
" from infection_monkey.post_breach.pba import PBA",
|
|
||||||
" from infection_monkey.utils.users import get_commands_to_add_user",
|
|
||||||
" ",
|
|
||||||
" ",
|
|
||||||
" class BackdoorUser(PBA):",
|
|
||||||
" def __init__(self):",
|
|
||||||
"- linux_cmds, windows_cmds = get_commands_to_add_user(",
|
|
||||||
"+ pass # Swimmer: Impl here!",
|
|
||||||
"- WormConfiguration.user_to_add,",
|
|
||||||
"- WormConfiguration.remote_user_pass)",
|
|
||||||
"- super(BackdoorUser, self).__init__(",
|
|
||||||
"- POST_BREACH_BACKDOOR_USER,",
|
|
||||||
"- linux_cmd=' '.join(linux_cmds),",
|
|
||||||
"- windows_cmd=windows_cmds)"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\nindex 086a1c13..9f23bb8d 100644\n--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\n+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -1,5 +1,5 @@",
|
|
||||||
" from common.data.post_breach_consts import (",
|
|
||||||
"- POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER)",
|
|
||||||
"+ POST_BREACH_COMMUNICATE_AS_NEW_USER)",
|
|
||||||
" from monkey_island.cc.services.attack.technique_reports.pba_technique import \\",
|
|
||||||
" PostBreachTechnique",
|
|
||||||
" "
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -11,4 +11,4 @@",
|
|
||||||
" unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"",
|
|
||||||
" scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"",
|
|
||||||
" used_msg = \"Monkey created a new user on the network's systems.\"",
|
|
||||||
"- pba_names = [POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER]",
|
|
||||||
"+ pba_names = [POST_BREACH_COMMUNICATE_AS_NEW_USER]"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": {
|
|
||||||
"diffType": "MODIFIED",
|
|
||||||
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\nindex f1fe0f6f..39ebd33a 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
|
|
||||||
"hunks": [
|
|
||||||
{
|
|
||||||
"swimmHunkMetadata": {
|
|
||||||
"hunkComments": []
|
|
||||||
},
|
|
||||||
"hunkDiffLines": [
|
|
||||||
"@@ -4,16 +4,7 @@",
|
|
||||||
" \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",",
|
|
||||||
" \"type\": \"string\",",
|
|
||||||
" \"anyOf\": [",
|
|
||||||
"- {",
|
|
||||||
"+ # Swimmer: Add new PBA here to config!",
|
|
||||||
"- \"type\": \"string\",",
|
|
||||||
"- \"enum\": [",
|
|
||||||
"- \"BackdoorUser\"",
|
|
||||||
"- ],",
|
|
||||||
"- \"title\": \"Back door user\",",
|
|
||||||
"- \"safe\": True,",
|
|
||||||
"- \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",",
|
|
||||||
"- \"attack_techniques\": [\"T1136\"]",
|
|
||||||
"- },",
|
|
||||||
" {",
|
|
||||||
" \"type\": \"string\",",
|
|
||||||
" \"enum\": ["
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
"app_version": "0.3.5-1",
|
"content": [
|
||||||
"file_version": "1.0.4",
|
{
|
||||||
"hunksOrder": [
|
"type": "text",
|
||||||
"monkey/common/data/post_breach_consts.py_0",
|
"text": "Read [our documentation about adding a new PBA](https://www.guardicore.com/infectionmonkey/docs/development/adding-post-breach-actions/).\n\nAfter that we want you to add the BackdoorUser PBA. The commands that add users for Win and Linux can be retrieved from `get_commands_to_add_user` - make sure you see how to use this function correctly. \n\nNote that the PBA should impact the T1136 MITRE technique as well! \n\n# Manual test to confirm\n\n1. Run the Monkey Island\n2. Make sure your new PBA is enabled by default in the config - for this test, disable network scanning, exploiting, and all other PBAs\n3. Run Monkey\n4. See the PBA in the security report\n5, See the PBA in the MITRE report in the relevant technique\n"
|
||||||
"monkey/infection_monkey/post_breach/actions/add_user.py_0",
|
},
|
||||||
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_0",
|
{
|
||||||
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_1",
|
"type": "snippet",
|
||||||
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0"
|
"path": "monkey/common/common_consts/post_breach_consts.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 1,
|
||||||
|
"lines": [
|
||||||
|
" POST_BREACH_COMMUNICATE_AS_NEW_USER = \"Communicate as new user\"",
|
||||||
|
"*POST_BREACH_BACKDOOR_USER = \"Backdoor user\"",
|
||||||
|
"+# Swimmer: PUT THE NEW CONST HERE!",
|
||||||
|
" POST_BREACH_FILE_EXECUTION = \"File execution\"",
|
||||||
|
" POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = \"Modify shell startup file\"",
|
||||||
|
" POST_BREACH_HIDDEN_FILES = \"Hide files and directories\""
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/infection_monkey/post_breach/actions/add_user.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 1,
|
||||||
|
"lines": [
|
||||||
|
"*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER",
|
||||||
|
"*from infection_monkey.config import WormConfiguration",
|
||||||
|
" from infection_monkey.post_breach.pba import PBA",
|
||||||
|
" from infection_monkey.utils.users import get_commands_to_add_user",
|
||||||
|
" ",
|
||||||
|
" ",
|
||||||
|
" class BackdoorUser(PBA):",
|
||||||
|
" def __init__(self):",
|
||||||
|
"* linux_cmds, windows_cmds = get_commands_to_add_user(",
|
||||||
|
"+ pass # Swimmer: Impl here!",
|
||||||
|
"* WormConfiguration.user_to_add,",
|
||||||
|
"* WormConfiguration.remote_user_pass)",
|
||||||
|
"* super(BackdoorUser, self).__init__(",
|
||||||
|
"* POST_BREACH_BACKDOOR_USER,",
|
||||||
|
"* linux_cmd=' '.join(linux_cmds),",
|
||||||
|
"* windows_cmd=windows_cmds)"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 1,
|
||||||
|
"lines": [
|
||||||
|
"*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER\r",
|
||||||
|
" from monkey_island.cc.services.attack.technique_reports.pba_technique import PostBreachTechnique\r",
|
||||||
|
" \r",
|
||||||
|
" __author__ = \"shreyamalviya\"\r"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 9,
|
||||||
|
"lines": [
|
||||||
|
" unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"",
|
||||||
|
" scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"",
|
||||||
|
" used_msg = \"Monkey created a new user on the network's systems.\"",
|
||||||
|
"* pba_names = [POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER]",
|
||||||
|
"+ pba_names = [POST_BREACH_COMMUNICATE_AS_NEW_USER]"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 4,
|
||||||
|
"lines": [
|
||||||
|
" \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",",
|
||||||
|
" \"type\": \"string\",",
|
||||||
|
" \"anyOf\": [",
|
||||||
|
"* {",
|
||||||
|
"+ # Swimmer: Add new PBA here to config!",
|
||||||
|
"* \"type\": \"string\",",
|
||||||
|
"* \"enum\": [",
|
||||||
|
"* \"BackdoorUser\"",
|
||||||
|
"* ],",
|
||||||
|
"* \"title\": \"Back door user\",",
|
||||||
|
"* \"safe\": True,",
|
||||||
|
"* \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",",
|
||||||
|
"* \"attack_techniques\": [\"T1136\"]",
|
||||||
|
"* },",
|
||||||
|
" {",
|
||||||
|
" \"type\": \"string\",",
|
||||||
|
" \"enum\": ["
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "Take a look at the configuration of the island again - see the \"command to run after breach\" option we offer the user? It's implemented exactly like you did right now but each user can do it for themselves. \n\nHowever, what if the PBA needs to do stuff which is more complex than just running a few commands? In that case... "
|
||||||
|
}
|
||||||
],
|
],
|
||||||
"last_commit_sha_for_swimm_patch": "9d9e8168fb2c23367b9947273aa1a041687b3e2e"
|
"file_version": "2.0.0",
|
||||||
|
"meta": {
|
||||||
|
"app_version": "0.3.7-0",
|
||||||
|
"file_blobs": {
|
||||||
|
"monkey/common/common_consts/post_breach_consts.py": "25e6679cb1623aae1a732deb05cc011a452743e3",
|
||||||
|
"monkey/infection_monkey/post_breach/actions/add_user.py": "a85845840d9cb37529ad367e159cd9001929e759",
|
||||||
|
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": "d9d86e08ea4aeb0a6bee3f483e4fea50ee6cd200",
|
||||||
|
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "857e80da477ab31dbc00ed0a3f1cd49b69b505fa"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -1,30 +1,44 @@
|
||||||
{
|
{
|
||||||
"id": "xYkxB76pK0peJj2tSxBJ",
|
"id": "xYkxB76pK0peJj2tSxBJ",
|
||||||
"name": "Define what your new PBA does",
|
"name": "Define what your new PBA does",
|
||||||
"dod": "WW91JTIwc2hvdWxkJTIwYWRkJTIwYSUyMG5ldyUyMFBCQSUyMGNvbnN0JTIwdGhhdCUyMGRlZmluZXMlMjB3aGF0JTIwdGhlJTIwUEJBJTIwZG9lcy4=",
|
"task": {
|
||||||
"description": "VGhlJTIwbmFtZSUyMG9mJTIweW91ciUyMG5ldyUyMFBCQSUyMCh3aGljaCUyMGNyZWF0ZXMlMjBzY2hlZHVsZWQlMjBqb2JzJTIwb24lMjB0aGUlMjBtYWNoaW5lKSUyMHdpbGwlMjBiZSUyMHVzZWQlMjBpbiUyMGElMjBmZXclMjBwbGFjZXMlMkMlMjBpbmNsdWRpbmclMjB0aGUlMjByZXBvcnQuJTIwJTNDYnIlM0UlM0NiciUzRSUwQVlvdSUyMHNob3VsZCUyMGJyaWVmbHklMjBkZWZpbmUlMjB3aGF0JTIweW91ciUyMFBCQSUyMGRvZXMlMjBpbiUyMGElMjBjb25zdGFudCUyMHZhcmlhYmxlJTJDJTIwc3VjaCUyMHRoYXQlMjBpdCUyMGNhbiUyMGJlJTIwdXNlZCUyMGJ5JTIwYm90aCUyMHRoZSUyME1vbmtleSUyMGFuZCUyMHRoZSUyME1vbmtleSUyMElzbGFuZC4lMEElMEElMjMlMjMlMjBNYW51YWwlMjB0ZXN0JTIwJTIwJTBBT25jZSUyMHlvdSUyMHRoaW5rJTIweW91J3JlJTIwZG9uZS4uLiUwQS0lMjBSdW4lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMEEtJTIwTWFrZSUyMHN1cmUlMjB0aGUlMjAlMjJKb2IlMjBzY2hlZHVsaW5nJTIyJTIwUEJBJTIwaXMlMjBlbmFibGVkJTIwaW4lMjB0aGUlMjAlMjJNb25rZXklMjIlMjB0YWIlMjBpbiUyMHRoZSUyMGNvbmZpZ3VyYXRpb24lMjAlRTIlODAlOTQlMjBmb3IlMjB0aGlzJTIwdGVzdCUyQyUyMGRpc2FibGUlMjBuZXR3b3JrJTIwc2Nhbm5pbmclMkMlMjBleHBsb2l0aW5nJTJDJTIwYW5kJTIwYWxsJTIwb3RoZXIlMjBQQkFzJTBBLSUyMFJ1biUyMHRoZSUyME1vbmtleSUwQS0lMjBDaGVjayUyMHRoZSUyMFBCQSUyMHNlY3Rpb24lMjBpbiUyMHRoZSUyMFNlY3VyaXR5JTIwcmVwb3J0JTIwZm9yJTIwdGhlJTIwbmFtZSUyMHlvdSUyMGdhdmUlMjB0byUyMHRoZSUyMG5ldyUyMFBCQSUyMCUyMCUwQSUwQSUzQ2ltZyUyMHNyYyUzRCUyMmh0dHBzJTNBJTJGJTJGZmlyZWJhc2VzdG9yYWdlLmdvb2dsZWFwaXMuY29tJTJGdjAlMkZiJTJGc3dpbW1pby1jb250ZW50JTJGbyUyRnJlcG9zaXRvcmllcyUyNTJGNk5sYjk5TnRZNUZjM2JTZDhzdUglMjUyRmltZyUyNTJGZjBlNTNlNmMtOWRiZS00MWQ4LTk0NTQtMmI1NzYxYzNmNTNhLnBuZyUzRmFsdCUzRG1lZGlhJTI2dG9rZW4lM0QyMWFhNGJiOC03ZWJlLTRkYWItYTczOS1jNzdlMDU5MTQ0ZGQlMjIlMjBoZWlnaHQlM0Q0MDAlM0U=",
|
"dod": "You should add a new PBA const that defines what the PBA does.",
|
||||||
"summary": "LSUyMFRoZSUyMG5hbWUlMjBkZWZpbmVkJTIwaGVyZSUyMGZvciUyMHlvdXIlMjBQQkElMjBjYW4lMjBiZSUyMHNlZW4lMjBvbiUyMHRoZSUyME1vbmtleSUyMElzbGFuZCUyMGluJTIwdGhlJTIwUEJBJTIwc2VjdGlvbiUyMGluJTIwdGhlJTIwU2VjdXJpdHklMjByZXBvcnQuJTBBLSUyMFRoZSUyMHJlc3VsdHMlMjBvZiUyMGVhY2glMjBQQkElMjBzdG9yZWQlMjBpbiUyMHRoZSUyMHRlbGVtZXRyeSUyMGFyZSUyMGFsc28lMjBpZGVudGlmaWVkJTIwYnklMjB0aGUlMjBzdHJpbmclMjBkZWZpbmVkJTIwaGVyZSUyMGZvciUyMHRoYXQlMjBQQkEu",
|
"tests": [],
|
||||||
"diff": "ZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQWluZGV4JTIwMjVlNjY3OWMuLjQ2ZDgwMmRlJTIwMTAwNjQ0JTBBLS0tJTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQSU0MCU0MCUyMC01JTJDNyUyMCUyQjUlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfU0hFTExfU1RBUlRVUF9GSUxFX01PRElGSUNBVElPTiUyMCUzRCUyMCUyMk1vZGlmeSUyMHNoZWxsJTIwc3RhcnR1cCUyMGZpbGUlMjIlMEElMjBQT1NUX0JSRUFDSF9ISURERU5fRklMRVMlMjAlM0QlMjAlMjJIaWRlJTIwZmlsZXMlMjBhbmQlMjBkaXJlY3RvcmllcyUyMiUwQSUyMFBPU1RfQlJFQUNIX1RSQVBfQ09NTUFORCUyMCUzRCUyMCUyMkV4ZWN1dGUlMjBjb21tYW5kJTIwd2hlbiUyMGElMjBwYXJ0aWN1bGFyJTIwc2lnbmFsJTIwaXMlMjByZWNlaXZlZCUyMiUwQSUyMFBPU1RfQlJFQUNIX1NFVFVJRF9TRVRHSUQlMjAlM0QlMjAlMjJTZXR1aWQlMjBhbmQlMjBTZXRnaWQlMjIlMEEtUE9TVF9CUkVBQ0hfSk9CX1NDSEVEVUxJTkclMjAlM0QlMjAlMjJTY2hlZHVsZSUyMGpvYnMlMjIlMEElMkIlMjMlMjBTd2ltbWVyJTNBJTIwUFVUJTIwVEhFJTIwTkVXJTIwQ09OU1QlMjBIRVJFISUwQSUyMFBPU1RfQlJFQUNIX1RJTUVTVE9NUElORyUyMCUzRCUyMCUyMk1vZGlmeSUyMGZpbGVzJyUyMHRpbWVzdGFtcHMlMjIlMEElMjBQT1NUX0JSRUFDSF9TSUdORURfU0NSSVBUX1BST1hZX0VYRUMlMjAlM0QlMjAlMjJTaWduZWQlMjBzY3JpcHQlMjBwcm94eSUyMGV4ZWN1dGlvbiUyMiUwQSUyMFBPU1RfQlJFQUNIX0FDQ09VTlRfRElTQ09WRVJZJTIwJTNEJTIwJTIyQWNjb3VudCUyMGRpc2NvdmVyeSUyMiUwQQ==",
|
"hints": [
|
||||||
"tests": [],
|
"See the `Timestomping` PBA. How is the name of the PBA set?"
|
||||||
"hints": [
|
]
|
||||||
"See the `Timestomping` PBA. How is the name of the PBA set?"
|
|
||||||
],
|
|
||||||
"files": {
|
|
||||||
"monkey/common/data/post_breach_consts.py": {
|
|
||||||
"index": [
|
|
||||||
"25e6679c..46d802de",
|
|
||||||
"100644"
|
|
||||||
],
|
|
||||||
"fileA": "monkey/common/data/post_breach_consts.py",
|
|
||||||
"fileB": "monkey/common/data/post_breach_consts.py",
|
|
||||||
"status": "MODIFIED",
|
|
||||||
"numLineDeletions": 1,
|
|
||||||
"numLineAdditions": 1,
|
|
||||||
"hunkContainers": [
|
|
||||||
"JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC01JTJDNyUyMCUyQjUlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfU0hFTExfU1RBUlRVUF9GSUxFX01PRElGSUNBVElPTiUyMCUzRCUyMCU1QyUyMk1vZGlmeSUyMHNoZWxsJTIwc3RhcnR1cCUyMGZpbGUlNUMlMjIlMjIlMkMlMjJjaGFuZ2VzJTIyJTNBJTVCJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwUE9TVF9CUkVBQ0hfSElEREVOX0ZJTEVTJTIwJTNEJTIwJTVDJTIySGlkZSUyMGZpbGVzJTIwYW5kJTIwZGlyZWN0b3JpZXMlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E1JTJDJTIyYiUyMiUzQTUlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9UUkFQX0NPTU1BTkQlMjAlM0QlMjAlNUMlMjJFeGVjdXRlJTIwY29tbWFuZCUyMHdoZW4lMjBhJTIwcGFydGljdWxhciUyMHNpZ25hbCUyMGlzJTIwcmVjZWl2ZWQlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E2JTJDJTIyYiUyMiUzQTYlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9TRVRVSURfU0VUR0lEJTIwJTNEJTIwJTVDJTIyU2V0dWlkJTIwYW5kJTIwU2V0Z2lkJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNyUyQyUyMmIlMjIlM0E3JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMlBPU1RfQlJFQUNIX0pPQl9TQ0hFRFVMSU5HJTIwJTNEJTIwJTVDJTIyU2NoZWR1bGUlMjBqb2JzJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBOCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJhZGQlMjIlMkMlMjJtYXJrJTIyJTNBJTIyJTJCJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMyUyMFN3aW1tZXIlM0ElMjBQVVQlMjBUSEUlMjBORVclMjBDT05TVCUyMEhFUkUhJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBOCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMFBPU1RfQlJFQUNIX1RJTUVTVE9NUElORyUyMCUzRCUyMCU1QyUyMk1vZGlmeSUyMGZpbGVzJyUyMHRpbWVzdGFtcHMlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E5JTJDJTIyYiUyMiUzQTklN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9TSUdORURfU0NSSVBUX1BST1hZX0VYRUMlMjAlM0QlMjAlNUMlMjJTaWduZWQlMjBzY3JpcHQlMjBwcm94eSUyMGV4ZWN1dGlvbiU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTEwJTJDJTIyYiUyMiUzQTEwJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwUE9TVF9CUkVBQ0hfQUNDT1VOVF9ESVNDT1ZFUlklMjAlM0QlMjAlNUMlMjJBY2NvdW50JTIwZGlzY292ZXJ5JTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMTElMkMlMjJiJTIyJTNBMTElN0QlN0QlNUQlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ElN0IlMjJzdGFydExpbmUlMjIlM0E1JTJDJTIybGluZXNDb3VudCUyMiUzQTclN0QlMkMlMjJiJTIyJTNBJTdCJTIyc3RhcnRMaW5lJTIyJTNBNSUyQyUyMmxpbmVzQ291bnQlMjIlM0E3JTdEJTdEJTdEJTdE"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
"app_version": "0.1.90",
|
"content": [
|
||||||
"file_version": "1.0.2"
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "The name of your new PBA (which creates scheduled jobs on the machine) will be used in a few places, including the report. <br><br>\nYou should briefly define what your PBA does in a constant variable, such that it can be used by both the Monkey and the Monkey Island.\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- Make sure the \"Job scheduling\" PBA is enabled in the \"Monkey\" tab in the configuration — for this test, disable network scanning, exploiting, and all other PBAs\n- Run the Monkey\n- Check the PBA section in the Security report for the name you gave to the new PBA \n\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2Ff0e53e6c-9dbe-41d8-9454-2b5761c3f53a.png?alt=media&token=21aa4bb8-7ebe-4dab-a739-c77e059144dd\" height=400>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"firstLineNumber": 5,
|
||||||
|
"path": "monkey/common/common_consts/post_breach_consts.py",
|
||||||
|
"type": "snippet",
|
||||||
|
"lines": [
|
||||||
|
" POST_BREACH_HIDDEN_FILES = \"Hide files and directories\"",
|
||||||
|
" POST_BREACH_TRAP_COMMAND = \"Execute command when a particular signal is received\"",
|
||||||
|
" POST_BREACH_SETUID_SETGID = \"Setuid and Setgid\"",
|
||||||
|
"*POST_BREACH_JOB_SCHEDULING = \"Schedule jobs\"",
|
||||||
|
"+# Swimmer: PUT THE NEW CONST HERE!",
|
||||||
|
" POST_BREACH_TIMESTOMPING = \"Modify files' timestamps\"",
|
||||||
|
" POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC = \"Signed script proxy execution\"",
|
||||||
|
" POST_BREACH_ACCOUNT_DISCOVERY = \"Account discovery\""
|
||||||
|
],
|
||||||
|
"comments": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "- The name defined here for your PBA can be seen on the Monkey Island in the PBA section in the Security report.\n- The results of each PBA stored in the telemetry are also identified by the string defined here for that PBA."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"file_version": "2.0.0",
|
||||||
|
"meta": {
|
||||||
|
"app_version": "0.3.7-0",
|
||||||
|
"file_blobs": {
|
||||||
|
"monkey/common/common_consts/post_breach_consts.py": "25e6679cb1623aae1a732deb05cc011a452743e3"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
10
.travis.yml
10
.travis.yml
|
@ -27,6 +27,7 @@ install:
|
||||||
- pip install flake8 pytest pytest-cov dlint isort # for next stages
|
- pip install flake8 pytest pytest-cov dlint isort # for next stages
|
||||||
- pip install coverage # for code coverage
|
- pip install coverage # for code coverage
|
||||||
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
|
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
|
||||||
|
- pip install -r monkey/common/cloud/scoutsuite/requirements.txt
|
||||||
- pip install pipdeptree
|
- pip install pipdeptree
|
||||||
# Fail builds on possible conflicting dependencies.
|
# Fail builds on possible conflicting dependencies.
|
||||||
- pipdeptree --warn fail
|
- pipdeptree --warn fail
|
||||||
|
@ -52,15 +53,10 @@ install:
|
||||||
# print hugo version (useful for debugging documentation build errors)
|
# print hugo version (useful for debugging documentation build errors)
|
||||||
- hugo version
|
- hugo version
|
||||||
|
|
||||||
before_script:
|
|
||||||
# Set the server config to `testing`. This is required for for the UTs to pass.
|
|
||||||
- pushd /home/travis/build/guardicore/monkey/monkey
|
|
||||||
- python monkey_island/cc/environment/set_server_config.py testing
|
|
||||||
- popd
|
|
||||||
|
|
||||||
script:
|
script:
|
||||||
# Check Python code
|
# Check Python code
|
||||||
- flake8 ./monkey --config=./ci_scripts/flake8_syntax_check.ini
|
## Check syntax errors and fail the build if any are found.
|
||||||
|
- flake8 ./monkey --exclude=monkey/common/cloud/scoutsuite --config=./ci_scripts/flake8_syntax_check.ini
|
||||||
|
|
||||||
## Warn about linter issues.
|
## Warn about linter issues.
|
||||||
### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.
|
### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.
|
||||||
|
|
|
@ -30,6 +30,7 @@ $TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32"
|
||||||
# Other directories and paths ( most likely you dont need to configure)
|
# Other directories and paths ( most likely you dont need to configure)
|
||||||
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
|
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
|
||||||
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
|
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
|
||||||
|
$SCOUTSUITE_DIR = Join-Path "\monkey" "common" "cloud" "scoutsuite"
|
||||||
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
|
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
|
||||||
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
||||||
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
|
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
|
||||||
|
|
|
@ -66,6 +66,7 @@ MONGO_PATH="$ISLAND_PATH/bin/mongodb"
|
||||||
ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
|
ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
|
||||||
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
|
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
|
||||||
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
|
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
|
||||||
|
SCOUTSUITE_DIR="$monkey_home/monkey/common/cloud/scoutsuite"
|
||||||
|
|
||||||
if ! has_sudo; then
|
if ! has_sudo; then
|
||||||
log_message "You need root permissions for some of this script operations. \
|
log_message "You need root permissions for some of this script operations. \
|
||||||
|
@ -141,6 +142,9 @@ sudo apt-get install -y libffi-dev upx libssl-dev libc++1
|
||||||
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
|
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
|
||||||
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
|
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
|
||||||
|
|
||||||
|
log_message "Installing ScoutSuite requirements"
|
||||||
|
requirements_scoutsuite="$SCOUTSUITE_DIR/requirements.txt"
|
||||||
|
${python_cmd} -m pip install -r "${requirements_scoutsuite}" --user --upgrade || handle_error
|
||||||
|
|
||||||
agents=${3:-true}
|
agents=${3:-true}
|
||||||
# Download binaries
|
# Download binaries
|
||||||
|
|
|
@ -115,6 +115,9 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||||
"Installing python packages for monkey"
|
"Installing python packages for monkey"
|
||||||
$monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements.txt"
|
$monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements.txt"
|
||||||
& python -m pip install --user -r $monkeyRequirements
|
& python -m pip install --user -r $monkeyRequirements
|
||||||
|
"Installing python packages for ScoutSuite"
|
||||||
|
$scoutsuiteRequirements = Join-Path -Path $monkey_home -ChildPath $SCOUTSUITE_DIR | Join-Path -ChildPath "\requirements.txt"
|
||||||
|
& python -m pip install --user -r $scoutsuiteRequirements
|
||||||
|
|
||||||
$user_python_dir = cmd.exe /c 'py -m site --user-site'
|
$user_python_dir = cmd.exe /c 'py -m site --user-site'
|
||||||
$user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts"
|
$user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts"
|
||||||
|
|
|
@ -3,8 +3,7 @@ from datetime import timedelta
|
||||||
from typing import Dict
|
from typing import Dict
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
|
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
PerformanceTestConfig
|
|
||||||
|
|
||||||
LOGGER = logging.getLogger(__name__)
|
LOGGER = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -4,8 +4,7 @@ from time import sleep
|
||||||
|
|
||||||
from bson import json_util
|
from bson import json_util
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import \
|
from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import MonkeyIslandRequests
|
||||||
MonkeyIslandRequests
|
|
||||||
|
|
||||||
SLEEP_BETWEEN_REQUESTS_SECONDS = 0.5
|
SLEEP_BETWEEN_REQUESTS_SECONDS = 0.5
|
||||||
MONKEY_TEST_ENDPOINT = 'api/test/monkey'
|
MONKEY_TEST_ENDPOINT = 'api/test/monkey'
|
||||||
|
|
|
@ -5,8 +5,7 @@ from typing import Dict
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
|
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
|
||||||
SupportedRequestMethod
|
|
||||||
|
|
||||||
# SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
|
# SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
|
||||||
NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \
|
NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \
|
||||||
|
|
|
@ -2,10 +2,8 @@ import logging
|
||||||
import os
|
import os
|
||||||
import shutil
|
import shutil
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import \
|
from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import MonkeyLogParser
|
||||||
MonkeyLogParser
|
from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import MonkeyLogsDownloader
|
||||||
from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import \
|
|
||||||
MonkeyLogsDownloader
|
|
||||||
|
|
||||||
LOG_DIR_NAME = 'logs'
|
LOG_DIR_NAME = 'logs'
|
||||||
LOGGER = logging.getLogger(__name__)
|
LOGGER = logging.getLogger(__name__)
|
||||||
|
|
|
@ -4,25 +4,17 @@ from time import sleep
|
||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \
|
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import CommunicationAnalyzer
|
||||||
CommunicationAnalyzer
|
from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser
|
||||||
from envs.monkey_zoo.blackbox.island_client.island_config_parser import \
|
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
|
||||||
IslandConfigParser
|
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHandler
|
||||||
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
|
|
||||||
MonkeyIslandClient
|
|
||||||
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \
|
|
||||||
TestLogsHandler
|
|
||||||
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.map_generation import \
|
from envs.monkey_zoo.blackbox.tests.performance.map_generation import MapGenerationTest
|
||||||
MapGenerationTest
|
from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import MapGenerationFromTelemetryTest
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import \
|
from envs.monkey_zoo.blackbox.tests.performance.report_generation import ReportGenerationTest
|
||||||
MapGenerationFromTelemetryTest
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.report_generation import \
|
|
||||||
ReportGenerationTest
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import \
|
from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import \
|
||||||
ReportGenerationFromTelemetryTest
|
ReportGenerationFromTelemetryTest
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \
|
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
|
||||||
TelemetryPerformanceTest
|
|
||||||
from envs.monkey_zoo.blackbox.utils import gcp_machine_handlers
|
from envs.monkey_zoo.blackbox.utils import gcp_machine_handlers
|
||||||
|
|
||||||
DEFAULT_TIMEOUT_SECONDS = 5*60
|
DEFAULT_TIMEOUT_SECONDS = 5*60
|
||||||
|
|
|
@ -1,14 +1,10 @@
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \
|
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer
|
||||||
PerformanceAnalyzer
|
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
|
||||||
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
|
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
|
||||||
MonkeyIslandClient
|
|
||||||
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
|
|
||||||
SupportedRequestMethod
|
|
||||||
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
|
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
PerformanceTestConfig
|
|
||||||
|
|
||||||
LOGGER = logging.getLogger(__name__)
|
LOGGER = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,9 @@
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
|
||||||
PerformanceTest
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow
|
||||||
PerformanceTestConfig
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \
|
|
||||||
PerformanceTestWorkflow
|
|
||||||
|
|
||||||
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
|
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
|
||||||
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)
|
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
|
||||||
PerformanceTest
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
|
|
||||||
PerformanceTestConfig
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
|
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
|
||||||
TelemetryPerformanceTestWorkflow
|
TelemetryPerformanceTestWorkflow
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
|
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
|
||||||
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \
|
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest
|
||||||
EndpointPerformanceTest
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
|
|
||||||
PerformanceTestConfig
|
|
||||||
|
|
||||||
|
|
||||||
class PerformanceTestWorkflow(BasicTest):
|
class PerformanceTestWorkflow(BasicTest):
|
||||||
|
|
|
@ -1,12 +1,9 @@
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
|
||||||
PerformanceTest
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow
|
||||||
PerformanceTestConfig
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \
|
|
||||||
PerformanceTestWorkflow
|
|
||||||
|
|
||||||
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
|
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
|
||||||
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)
|
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
|
||||||
PerformanceTest
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
|
|
||||||
PerformanceTestConfig
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
|
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
|
||||||
TelemetryPerformanceTestWorkflow
|
TelemetryPerformanceTestWorkflow
|
||||||
|
|
||||||
|
|
|
@ -6,12 +6,10 @@ from typing import Dict, List
|
||||||
|
|
||||||
from tqdm import tqdm
|
from tqdm import tqdm
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \
|
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser
|
||||||
SampleFileParser
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \
|
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \
|
||||||
FakeIpGenerator
|
FakeIpGenerator
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import \
|
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import FakeMonkey
|
||||||
FakeMonkey
|
|
||||||
|
|
||||||
TELEM_DIR_PATH = './tests/performance/telemetry_sample'
|
TELEM_DIR_PATH = './tests/performance/telemetry_sample'
|
||||||
LOGGER = logging.getLogger(__name__)
|
LOGGER = logging.getLogger(__name__)
|
||||||
|
|
|
@ -4,16 +4,11 @@ from datetime import timedelta
|
||||||
|
|
||||||
from tqdm import tqdm
|
from tqdm import tqdm
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \
|
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer
|
||||||
PerformanceAnalyzer
|
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
|
||||||
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
|
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
|
||||||
MonkeyIslandClient
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
|
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser
|
||||||
SupportedRequestMethod
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
|
|
||||||
PerformanceTestConfig
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \
|
|
||||||
SampleFileParser
|
|
||||||
|
|
||||||
LOGGER = logging.getLogger(__name__)
|
LOGGER = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,7 @@
|
||||||
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
|
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \
|
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest
|
||||||
EndpointPerformanceTest
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
|
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
|
||||||
PerformanceTestConfig
|
|
||||||
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \
|
|
||||||
TelemetryPerformanceTest
|
|
||||||
|
|
||||||
|
|
||||||
class TelemetryPerformanceTestWorkflow(BasicTest):
|
class TelemetryPerformanceTestWorkflow(BasicTest):
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
|
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
|
||||||
MonkeyIslandClient
|
|
||||||
|
|
||||||
machine_list = {
|
machine_list = {
|
||||||
"10.0.0.36": "centos_6",
|
"10.0.0.36": "centos_6",
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit e5dd01dab08ed8d887736cfcee068c1b8895d4a1
|
|
@ -0,0 +1,9 @@
|
||||||
|
from enum import Enum
|
||||||
|
|
||||||
|
|
||||||
|
class CloudProviders(Enum):
|
||||||
|
AWS = 'aws'
|
||||||
|
AZURE = 'azure'
|
||||||
|
GCP = 'gcp'
|
||||||
|
ALIBABA = 'aliyun'
|
||||||
|
ORACLE = 'oci'
|
|
@ -4,3 +4,4 @@ ENVIRONMENT_COLLECTOR = "EnvironmentCollector"
|
||||||
PROCESS_LIST_COLLECTOR = "ProcessListCollector"
|
PROCESS_LIST_COLLECTOR = "ProcessListCollector"
|
||||||
MIMIKATZ_COLLECTOR = "MimikatzCollector"
|
MIMIKATZ_COLLECTOR = "MimikatzCollector"
|
||||||
AZURE_CRED_COLLECTOR = "AzureCollector"
|
AZURE_CRED_COLLECTOR = "AzureCollector"
|
||||||
|
SCOUTSUITE_COLLECTOR = "ScoutSuiteCollector"
|
|
@ -0,0 +1,10 @@
|
||||||
|
class TelemCategoryEnum:
|
||||||
|
EXPLOIT = 'exploit'
|
||||||
|
POST_BREACH = 'post_breach'
|
||||||
|
SCAN = 'scan'
|
||||||
|
SCOUTSUITE = 'scoutsuite'
|
||||||
|
STATE = 'state'
|
||||||
|
SYSTEM_INFO = 'system_info'
|
||||||
|
TRACE = 'trace'
|
||||||
|
TUNNEL = 'tunnel'
|
||||||
|
ATTACK = 'attack'
|
|
@ -31,6 +31,14 @@ TEST_MALICIOUS_ACTIVITY_TIMELINE = "malicious_activity_timeline"
|
||||||
TEST_SEGMENTATION = "segmentation"
|
TEST_SEGMENTATION = "segmentation"
|
||||||
TEST_TUNNELING = "tunneling"
|
TEST_TUNNELING = "tunneling"
|
||||||
TEST_COMMUNICATE_AS_NEW_USER = "communicate_as_new_user"
|
TEST_COMMUNICATE_AS_NEW_USER = "communicate_as_new_user"
|
||||||
|
TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES = "scoutsuite_permissive_firewall_rules"
|
||||||
|
TEST_SCOUTSUITE_UNENCRYPTED_DATA = "scoutsuite_unencrypted_data"
|
||||||
|
TEST_SCOUTSUITE_DATA_LOSS_PREVENTION = "scoutsuite_data_loss_prevention"
|
||||||
|
TEST_SCOUTSUITE_SECURE_AUTHENTICATION = "scoutsuite_secure_authentication"
|
||||||
|
TEST_SCOUTSUITE_RESTRICTIVE_POLICIES = "scoutsuite_unrestrictive_policies"
|
||||||
|
TEST_SCOUTSUITE_LOGGING = "scoutsuite_logging"
|
||||||
|
TEST_SCOUTSUITE_SERVICE_SECURITY = "scoutsuite_service_security"
|
||||||
|
|
||||||
TESTS = (
|
TESTS = (
|
||||||
TEST_SEGMENTATION,
|
TEST_SEGMENTATION,
|
||||||
TEST_MALICIOUS_ACTIVITY_TIMELINE,
|
TEST_MALICIOUS_ACTIVITY_TIMELINE,
|
||||||
|
@ -40,25 +48,38 @@ TESTS = (
|
||||||
TEST_DATA_ENDPOINT_HTTP,
|
TEST_DATA_ENDPOINT_HTTP,
|
||||||
TEST_DATA_ENDPOINT_ELASTIC,
|
TEST_DATA_ENDPOINT_ELASTIC,
|
||||||
TEST_TUNNELING,
|
TEST_TUNNELING,
|
||||||
TEST_COMMUNICATE_AS_NEW_USER
|
TEST_COMMUNICATE_AS_NEW_USER,
|
||||||
|
TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES,
|
||||||
|
TEST_SCOUTSUITE_UNENCRYPTED_DATA,
|
||||||
|
TEST_SCOUTSUITE_DATA_LOSS_PREVENTION,
|
||||||
|
TEST_SCOUTSUITE_SECURE_AUTHENTICATION,
|
||||||
|
TEST_SCOUTSUITE_RESTRICTIVE_POLICIES,
|
||||||
|
TEST_SCOUTSUITE_LOGGING,
|
||||||
|
TEST_SCOUTSUITE_SERVICE_SECURITY
|
||||||
)
|
)
|
||||||
|
|
||||||
PRINCIPLE_DATA_TRANSIT = "data_transit"
|
PRINCIPLE_DATA_CONFIDENTIALITY = "data_transit"
|
||||||
PRINCIPLE_ENDPOINT_SECURITY = "endpoint_security"
|
PRINCIPLE_ENDPOINT_SECURITY = "endpoint_security"
|
||||||
PRINCIPLE_USER_BEHAVIOUR = "user_behaviour"
|
PRINCIPLE_USER_BEHAVIOUR = "user_behaviour"
|
||||||
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = "analyze_network_traffic"
|
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = "analyze_network_traffic"
|
||||||
PRINCIPLE_SEGMENTATION = "segmentation"
|
PRINCIPLE_SEGMENTATION = "segmentation"
|
||||||
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = "network_policies"
|
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = "network_policies"
|
||||||
PRINCIPLE_USERS_MAC_POLICIES = "users_mac_policies"
|
PRINCIPLE_USERS_MAC_POLICIES = "users_mac_policies"
|
||||||
|
PRINCIPLE_DISASTER_RECOVERY = "data_backup"
|
||||||
|
PRINCIPLE_SECURE_AUTHENTICATION = "secure_authentication"
|
||||||
|
PRINCIPLE_MONITORING_AND_LOGGING = "monitoring_and_logging"
|
||||||
PRINCIPLES = {
|
PRINCIPLES = {
|
||||||
PRINCIPLE_SEGMENTATION: "Apply segmentation and micro-segmentation inside your network.",
|
PRINCIPLE_SEGMENTATION: "Apply segmentation and micro-segmentation inside your network.",
|
||||||
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: "Analyze network traffic for malicious activity.",
|
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: "Analyze network traffic for malicious activity.",
|
||||||
PRINCIPLE_USER_BEHAVIOUR: "Adopt security user behavior analytics.",
|
PRINCIPLE_USER_BEHAVIOUR: "Adopt security user behavior analytics.",
|
||||||
PRINCIPLE_ENDPOINT_SECURITY: "Use anti-virus and other traditional endpoint security solutions.",
|
PRINCIPLE_ENDPOINT_SECURITY: "Use anti-virus and other traditional endpoint security solutions.",
|
||||||
PRINCIPLE_DATA_TRANSIT: "Secure data at transit by encrypting it.",
|
PRINCIPLE_DATA_CONFIDENTIALITY: "Ensure data's confidentiality by encrypting it.",
|
||||||
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.",
|
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.",
|
||||||
PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandatory "
|
PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandatory "
|
||||||
"Access Control) only.",
|
"Access Control) only.",
|
||||||
|
PRINCIPLE_DISASTER_RECOVERY: "Ensure data and infrastructure backups for disaster recovery scenarios.",
|
||||||
|
PRINCIPLE_SECURE_AUTHENTICATION: "Ensure secure authentication process's.",
|
||||||
|
PRINCIPLE_MONITORING_AND_LOGGING: "Ensure monitoring and logging in network resources."
|
||||||
}
|
}
|
||||||
|
|
||||||
POSSIBLE_STATUSES_KEY = "possible_statuses"
|
POSSIBLE_STATUSES_KEY = "possible_statuses"
|
||||||
|
@ -129,7 +150,7 @@ TESTS_MAP = {
|
||||||
STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts "
|
STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts "
|
||||||
"that indicate attempts to access them. "
|
"that indicate attempts to access them. "
|
||||||
},
|
},
|
||||||
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT,
|
PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
|
||||||
PILLARS_KEY: [DATA],
|
PILLARS_KEY: [DATA],
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
},
|
},
|
||||||
|
@ -140,7 +161,7 @@ TESTS_MAP = {
|
||||||
STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate "
|
STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate "
|
||||||
"attempts to access them. "
|
"attempts to access them. "
|
||||||
},
|
},
|
||||||
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT,
|
PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
|
||||||
PILLARS_KEY: [DATA],
|
PILLARS_KEY: [DATA],
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
},
|
},
|
||||||
|
@ -165,6 +186,76 @@ TESTS_MAP = {
|
||||||
PILLARS_KEY: [PEOPLE, NETWORKS, VISIBILITY_ANALYTICS],
|
PILLARS_KEY: [PEOPLE, NETWORKS, VISIBILITY_ANALYTICS],
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
},
|
},
|
||||||
|
TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES: {
|
||||||
|
TEST_EXPLANATION_KEY: "ScoutSuite assessed cloud firewall rules and settings.",
|
||||||
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
|
STATUS_FAILED: "ScoutSuite found overly permissive firewall rules.",
|
||||||
|
STATUS_PASSED: "ScoutSuite found no problems with cloud firewall rules."
|
||||||
|
},
|
||||||
|
PRINCIPLE_KEY: PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES,
|
||||||
|
PILLARS_KEY: [NETWORKS],
|
||||||
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
|
},
|
||||||
|
TEST_SCOUTSUITE_UNENCRYPTED_DATA: {
|
||||||
|
TEST_EXPLANATION_KEY: "ScoutSuite searched for resources containing unencrypted data.",
|
||||||
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
|
STATUS_FAILED: "ScoutSuite found resources with unencrypted data.",
|
||||||
|
STATUS_PASSED: "ScoutSuite found no resources with unencrypted data."
|
||||||
|
},
|
||||||
|
PRINCIPLE_KEY: PRINCIPLE_DATA_CONFIDENTIALITY,
|
||||||
|
PILLARS_KEY: [DATA],
|
||||||
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
|
},
|
||||||
|
TEST_SCOUTSUITE_DATA_LOSS_PREVENTION: {
|
||||||
|
TEST_EXPLANATION_KEY: "ScoutSuite searched for resources which are not protected against data loss.",
|
||||||
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
|
STATUS_FAILED: "ScoutSuite found resources not protected against data loss.",
|
||||||
|
STATUS_PASSED: "ScoutSuite found that all resources are secured against data loss."
|
||||||
|
},
|
||||||
|
PRINCIPLE_KEY: PRINCIPLE_DISASTER_RECOVERY,
|
||||||
|
PILLARS_KEY: [DATA],
|
||||||
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
|
},
|
||||||
|
TEST_SCOUTSUITE_SECURE_AUTHENTICATION: {
|
||||||
|
TEST_EXPLANATION_KEY: "ScoutSuite searched for issues related to users' authentication.",
|
||||||
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
|
STATUS_FAILED: "ScoutSuite found issues related to users' authentication.",
|
||||||
|
STATUS_PASSED: "ScoutSuite found no issues related to users' authentication."
|
||||||
|
},
|
||||||
|
PRINCIPLE_KEY: PRINCIPLE_SECURE_AUTHENTICATION,
|
||||||
|
PILLARS_KEY: [PEOPLE, WORKLOADS],
|
||||||
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
|
},
|
||||||
|
TEST_SCOUTSUITE_RESTRICTIVE_POLICIES: {
|
||||||
|
TEST_EXPLANATION_KEY: "ScoutSuite searched for permissive user access policies.",
|
||||||
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
|
STATUS_FAILED: "ScoutSuite found permissive user access policies.",
|
||||||
|
STATUS_PASSED: "ScoutSuite found no issues related to user access policies."
|
||||||
|
},
|
||||||
|
PRINCIPLE_KEY: PRINCIPLE_USERS_MAC_POLICIES,
|
||||||
|
PILLARS_KEY: [PEOPLE, WORKLOADS],
|
||||||
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
|
},
|
||||||
|
TEST_SCOUTSUITE_LOGGING: {
|
||||||
|
TEST_EXPLANATION_KEY: "ScoutSuite searched for issues, related to logging.",
|
||||||
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
|
STATUS_FAILED: "ScoutSuite found logging issues.",
|
||||||
|
STATUS_PASSED: "ScoutSuite found no logging issues."
|
||||||
|
},
|
||||||
|
PRINCIPLE_KEY: PRINCIPLE_MONITORING_AND_LOGGING,
|
||||||
|
PILLARS_KEY: [AUTOMATION_ORCHESTRATION, VISIBILITY_ANALYTICS],
|
||||||
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
|
},
|
||||||
|
TEST_SCOUTSUITE_SERVICE_SECURITY: {
|
||||||
|
TEST_EXPLANATION_KEY: "ScoutSuite searched for service security issues.",
|
||||||
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
|
STATUS_FAILED: "ScoutSuite found service security issues.",
|
||||||
|
STATUS_PASSED: "ScoutSuite found no service security issues."
|
||||||
|
},
|
||||||
|
PRINCIPLE_KEY: PRINCIPLE_MONITORING_AND_LOGGING,
|
||||||
|
PILLARS_KEY: [DEVICES, NETWORKS],
|
||||||
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
EVENT_TYPE_MONKEY_NETWORK = "monkey_network"
|
EVENT_TYPE_MONKEY_NETWORK = "monkey_network"
|
|
@ -1,7 +1,6 @@
|
||||||
from unittest import TestCase
|
from unittest import TestCase
|
||||||
|
|
||||||
from common.network.network_utils import (get_host_from_network_location,
|
from common.network.network_utils import get_host_from_network_location, remove_port
|
||||||
remove_port)
|
|
||||||
|
|
||||||
|
|
||||||
class TestNetworkUtils(TestCase):
|
class TestNetworkUtils(TestCase):
|
||||||
|
@ -11,7 +10,7 @@ class TestNetworkUtils(TestCase):
|
||||||
assert get_host_from_network_location("127.0.0.1") == "127.0.0.1"
|
assert get_host_from_network_location("127.0.0.1") == "127.0.0.1"
|
||||||
assert get_host_from_network_location("www.google.com:8080") == "www.google.com"
|
assert get_host_from_network_location("www.google.com:8080") == "www.google.com"
|
||||||
assert get_host_from_network_location("user:password@host:8080") == "host"
|
assert get_host_from_network_location("user:password@host:8080") == "host"
|
||||||
|
|
||||||
def test_remove_port_from_url(self):
|
def test_remove_port_from_url(self):
|
||||||
assert remove_port('https://google.com:80') == 'https://google.com'
|
assert remove_port('https://google.com:80') == 'https://google.com'
|
||||||
assert remove_port('https://8.8.8.8:65336') == 'https://8.8.8.8'
|
assert remove_port('https://8.8.8.8:65336') == 'https://8.8.8.8'
|
||||||
|
|
|
@ -1,30 +1,28 @@
|
||||||
from common.network.network_range import CidrRange
|
from common.network.network_range import CidrRange
|
||||||
from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst
|
from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst
|
||||||
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
|
||||||
|
|
||||||
|
|
||||||
class TestSegmentationUtils(IslandTestCase):
|
class TestSegmentationUtils:
|
||||||
def test_get_ip_in_src_and_not_in_dst(self):
|
def test_get_ip_in_src_and_not_in_dst(self):
|
||||||
self.fail_if_not_testing_env()
|
|
||||||
source = CidrRange("1.1.1.0/24")
|
source = CidrRange("1.1.1.0/24")
|
||||||
target = CidrRange("2.2.2.0/24")
|
target = CidrRange("2.2.2.0/24")
|
||||||
|
|
||||||
# IP not in both
|
# IP not in both
|
||||||
self.assertIsNone(get_ip_in_src_and_not_in_dst(
|
assert get_ip_in_src_and_not_in_dst(
|
||||||
["3.3.3.3", "4.4.4.4"], source, target
|
["3.3.3.3", "4.4.4.4"], source, target
|
||||||
))
|
) is None
|
||||||
|
|
||||||
# IP not in source, in target
|
# IP not in source, in target
|
||||||
self.assertIsNone(get_ip_in_src_and_not_in_dst(
|
assert (get_ip_in_src_and_not_in_dst(
|
||||||
["2.2.2.2"], source, target
|
["2.2.2.2"], source, target
|
||||||
))
|
)) is None
|
||||||
|
|
||||||
# IP in source, not in target
|
# IP in source, not in target
|
||||||
self.assertIsNotNone(get_ip_in_src_and_not_in_dst(
|
assert (get_ip_in_src_and_not_in_dst(
|
||||||
["8.8.8.8", "1.1.1.1"], source, target
|
["8.8.8.8", "1.1.1.1"], source, target
|
||||||
))
|
))
|
||||||
|
|
||||||
# IP in both subnets
|
# IP in both subnets
|
||||||
self.assertIsNone(get_ip_in_src_and_not_in_dst(
|
assert (get_ip_in_src_and_not_in_dst(
|
||||||
["8.8.8.8", "1.1.1.1"], source, source
|
["8.8.8.8", "1.1.1.1"], source, source
|
||||||
))
|
)) is None
|
||||||
|
|
|
@ -22,5 +22,29 @@ class AlreadyRegisteredError(RegistrationNotNeededError):
|
||||||
""" Raise to indicate the reason why registration is not required """
|
""" Raise to indicate the reason why registration is not required """
|
||||||
|
|
||||||
|
|
||||||
|
class RulePathCreatorNotFound(Exception):
|
||||||
|
""" Raise to indicate that ScoutSuite rule doesn't have a path creator"""
|
||||||
|
|
||||||
|
|
||||||
|
class InvalidAWSKeys(Exception):
|
||||||
|
""" Raise to indicate that AWS API keys are invalid"""
|
||||||
|
|
||||||
|
|
||||||
|
class NoInternetError(Exception):
|
||||||
|
""" Raise to indicate problems caused when no internet connection is present"""
|
||||||
|
|
||||||
|
|
||||||
|
class ScoutSuiteScanError(Exception):
|
||||||
|
""" Raise to indicate problems ScoutSuite encountered during scanning"""
|
||||||
|
|
||||||
|
|
||||||
|
class UnknownFindingError(Exception):
|
||||||
|
""" Raise when provided finding is of unknown type"""
|
||||||
|
|
||||||
|
|
||||||
class VersionServerConnectionError(Exception):
|
class VersionServerConnectionError(Exception):
|
||||||
""" Raise to indicate that connection to version update server failed """
|
""" Raise to indicate that connection to version update server failed """
|
||||||
|
|
||||||
|
|
||||||
|
class FindingWithoutDetailsError(Exception):
|
||||||
|
""" Raise when pulling events for a finding, but get none """
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
import hashlib
|
import hashlib
|
||||||
import json
|
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import uuid
|
import uuid
|
||||||
|
@ -12,7 +11,8 @@ GUID = str(uuid.getnode())
|
||||||
|
|
||||||
EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
|
EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
|
||||||
|
|
||||||
SENSITIVE_FIELDS = ["exploit_password_list", "exploit_user_list", "exploit_ssh_keys"]
|
SENSITIVE_FIELDS = ["exploit_password_list", "exploit_user_list", "exploit_ssh_keys", "aws_secret_access_key",
|
||||||
|
"aws_session_token"]
|
||||||
LOCAL_CONFIG_VARS = ["name", "id", "current_server", "max_depth"]
|
LOCAL_CONFIG_VARS = ["name", "id", "current_server", "max_depth"]
|
||||||
HIDDEN_FIELD_REPLACEMENT_CONTENT = "hidden"
|
HIDDEN_FIELD_REPLACEMENT_CONTENT = "hidden"
|
||||||
|
|
||||||
|
@ -36,16 +36,6 @@ class Configuration(object):
|
||||||
self.max_depth = self.depth
|
self.max_depth = self.depth
|
||||||
return unknown_items
|
return unknown_items
|
||||||
|
|
||||||
def from_json(self, json_data):
|
|
||||||
"""
|
|
||||||
Gets a json data object, parses it and applies it to the configuration
|
|
||||||
:param json_data:
|
|
||||||
:return:
|
|
||||||
"""
|
|
||||||
formatted_data = json.loads(json_data)
|
|
||||||
result = self.from_kv(formatted_data)
|
|
||||||
return result
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def hide_sensitive_info(config_dict):
|
def hide_sensitive_info(config_dict):
|
||||||
for field in SENSITIVE_FIELDS:
|
for field in SENSITIVE_FIELDS:
|
||||||
|
@ -256,6 +246,10 @@ class Configuration(object):
|
||||||
exploit_ntlm_hash_list = []
|
exploit_ntlm_hash_list = []
|
||||||
exploit_ssh_keys = []
|
exploit_ssh_keys = []
|
||||||
|
|
||||||
|
aws_access_key_id = ''
|
||||||
|
aws_secret_access_key = ''
|
||||||
|
aws_session_token = ''
|
||||||
|
|
||||||
# smb/wmi exploiter
|
# smb/wmi exploiter
|
||||||
smb_download_timeout = 300 # timeout in seconds
|
smb_download_timeout = 300 # timeout in seconds
|
||||||
smb_service_name = "InfectionMonkey"
|
smb_service_name = "InfectionMonkey"
|
||||||
|
|
|
@ -12,13 +12,12 @@ import infection_monkey.tunnel as tunnel
|
||||||
from common.common_consts.timeouts import (LONG_REQUEST_TIMEOUT,
|
from common.common_consts.timeouts import (LONG_REQUEST_TIMEOUT,
|
||||||
MEDIUM_REQUEST_TIMEOUT,
|
MEDIUM_REQUEST_TIMEOUT,
|
||||||
SHORT_REQUEST_TIMEOUT)
|
SHORT_REQUEST_TIMEOUT)
|
||||||
from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
|
from common.common_consts.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
|
||||||
from infection_monkey.config import GUID, WormConfiguration
|
from infection_monkey.config import GUID, WormConfiguration
|
||||||
from infection_monkey.network.info import check_internet_access, local_ips
|
from infection_monkey.network.info import check_internet_access, local_ips
|
||||||
from infection_monkey.transport.http import HTTPConnectProxy
|
from infection_monkey.transport.http import HTTPConnectProxy
|
||||||
from infection_monkey.transport.tcp import TcpProxy
|
from infection_monkey.transport.tcp import TcpProxy
|
||||||
from infection_monkey.utils.exceptions.planned_shutdown_exception import \
|
from infection_monkey.utils.exceptions.planned_shutdown_exception import PlannedShutdownException
|
||||||
PlannedShutdownException
|
|
||||||
|
|
||||||
__author__ = 'hoffer'
|
__author__ = 'hoffer'
|
||||||
|
|
||||||
|
@ -132,12 +131,12 @@ class ControlClient(object):
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def send_telemetry(telem_category, data):
|
def send_telemetry(telem_category, json_data: str):
|
||||||
if not WormConfiguration.current_server:
|
if not WormConfiguration.current_server:
|
||||||
LOG.error("Trying to send %s telemetry before current server is established, aborting." % telem_category)
|
LOG.error("Trying to send %s telemetry before current server is established, aborting." % telem_category)
|
||||||
return
|
return
|
||||||
try:
|
try:
|
||||||
telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': data}
|
telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': json_data}
|
||||||
requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), # noqa: DUO123
|
requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), # noqa: DUO123
|
||||||
data=json.dumps(telemetry),
|
data=json.dumps(telemetry),
|
||||||
headers={'content-type': 'application/json'},
|
headers={'content-type': 'application/json'},
|
||||||
|
|
|
@ -12,11 +12,8 @@ from ctypes import c_char_p
|
||||||
|
|
||||||
from common.utils.attack_utils import ScanStatus, UsageEnum
|
from common.utils.attack_utils import ScanStatus, UsageEnum
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.exploit.tools.helpers import \
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
|
||||||
build_monkey_commandline_explicitly
|
from infection_monkey.model import GENERAL_CMDLINE_LINUX, MONKEY_CMDLINE_LINUX, MONKEY_CMDLINE_WINDOWS
|
||||||
from infection_monkey.model import (GENERAL_CMDLINE_LINUX,
|
|
||||||
MONKEY_CMDLINE_LINUX,
|
|
||||||
MONKEY_CMDLINE_WINDOWS)
|
|
||||||
from infection_monkey.system_info import OperatingSystem, SystemInfoCollector
|
from infection_monkey.system_info import OperatingSystem, SystemInfoCollector
|
||||||
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ from abc import abstractmethod
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
import infection_monkey.exploit
|
import infection_monkey.exploit
|
||||||
|
from common.utils.exceptions import FailedExploitationError
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.utils.plugins.plugin import Plugin
|
from infection_monkey.utils.plugins.plugin import Plugin
|
||||||
|
@ -73,8 +74,10 @@ class HostExploiter(Plugin):
|
||||||
result = None
|
result = None
|
||||||
try:
|
try:
|
||||||
result = self._exploit_host()
|
result = self._exploit_host()
|
||||||
except Exception as _:
|
except FailedExploitationError:
|
||||||
logger.error(f'Exception in exploit_host', exc_info=True)
|
logger.debug('Exploiter failed.', exc_info=True)
|
||||||
|
except Exception:
|
||||||
|
logger.error('Exception in exploit_host', exc_info=True)
|
||||||
finally:
|
finally:
|
||||||
self.post_exploit()
|
self.post_exploit()
|
||||||
return result
|
return result
|
||||||
|
|
|
@ -10,11 +10,10 @@ import re
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
from common.data.network_consts import ES_SERVICE
|
from common.common_consts.network_consts import ES_SERVICE
|
||||||
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
||||||
from infection_monkey.exploit.web_rce import WebRCE
|
from infection_monkey.exploit.web_rce import WebRCE
|
||||||
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND,
|
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, CMD_PREFIX, DOWNLOAD_TIMEOUT, ID_STRING,
|
||||||
CMD_PREFIX, DOWNLOAD_TIMEOUT, ID_STRING,
|
|
||||||
WGET_HTTP_UPLOAD)
|
WGET_HTTP_UPLOAD)
|
||||||
from infection_monkey.network.elasticfinger import ES_PORT
|
from infection_monkey.network.elasticfinger import ES_PORT
|
||||||
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||||
|
|
|
@ -11,14 +11,11 @@ import string
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth
|
||||||
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
|
||||||
get_monkey_depth)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.exploit.web_rce import WebRCE
|
from infection_monkey.exploit.web_rce import WebRCE
|
||||||
from infection_monkey.model import (HADOOP_LINUX_COMMAND,
|
from infection_monkey.model import HADOOP_LINUX_COMMAND, HADOOP_WINDOWS_COMMAND, ID_STRING, MONKEY_ARG
|
||||||
HADOOP_WINDOWS_COMMAND, ID_STRING,
|
|
||||||
MONKEY_ARG)
|
|
||||||
|
|
||||||
__author__ = 'VakarisZ'
|
__author__ = 'VakarisZ'
|
||||||
|
|
||||||
|
|
|
@ -5,13 +5,10 @@ from time import sleep
|
||||||
|
|
||||||
import pymssql
|
import pymssql
|
||||||
|
|
||||||
from common.utils.exceptions import (ExploitingVulnerableMachineError,
|
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
||||||
FailedExploitationError)
|
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_monkey_dest_path
|
||||||
get_monkey_depth,
|
|
||||||
get_monkey_dest_path)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
|
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
|
||||||
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
||||||
from infection_monkey.model import DROPPER_ARG
|
from infection_monkey.model import DROPPER_ARG
|
||||||
|
|
|
@ -8,23 +8,17 @@ from io import BytesIO
|
||||||
import impacket.smbconnection
|
import impacket.smbconnection
|
||||||
from impacket.nmb import NetBIOSError
|
from impacket.nmb import NetBIOSError
|
||||||
from impacket.nt_errors import STATUS_SUCCESS
|
from impacket.nt_errors import STATUS_SUCCESS
|
||||||
from impacket.smb import (FILE_DIRECTORY_FILE, FILE_NON_DIRECTORY_FILE,
|
from impacket.smb import (FILE_DIRECTORY_FILE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, FILE_READ_DATA, FILE_SHARE_READ,
|
||||||
FILE_OPEN, FILE_READ_DATA, FILE_SHARE_READ,
|
FILE_WRITE_DATA, SMB, SMB_DIALECT, SessionError, SMBCommand, SMBNtCreateAndX_Data,
|
||||||
FILE_WRITE_DATA, SMB, SMB_DIALECT, SessionError,
|
|
||||||
SMBCommand, SMBNtCreateAndX_Data,
|
|
||||||
SMBNtCreateAndX_Parameters)
|
SMBNtCreateAndX_Parameters)
|
||||||
from impacket.smb3structs import (SMB2_CREATE, SMB2_FLAGS_DFS_OPERATIONS,
|
from impacket.smb3structs import (SMB2_CREATE, SMB2_FLAGS_DFS_OPERATIONS, SMB2_IL_IMPERSONATION, SMB2_OPLOCK_LEVEL_NONE,
|
||||||
SMB2_IL_IMPERSONATION,
|
SMB2Create, SMB2Create_Response, SMB2Packet)
|
||||||
SMB2_OPLOCK_LEVEL_NONE, SMB2Create,
|
|
||||||
SMB2Create_Response, SMB2Packet)
|
|
||||||
from impacket.smbconnection import SMBConnection
|
from impacket.smbconnection import SMBConnection
|
||||||
|
|
||||||
import infection_monkey.monkeyfs as monkeyfs
|
import infection_monkey.monkeyfs as monkeyfs
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey_by_os
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey_by_os)
|
|
||||||
from infection_monkey.model import DROPPER_ARG
|
from infection_monkey.model import DROPPER_ARG
|
||||||
from infection_monkey.network.smbfinger import SMB_SERVICE
|
from infection_monkey.network.smbfinger import SMB_SERVICE
|
||||||
from infection_monkey.network.tools import get_interface_to_target
|
from infection_monkey.network.tools import get_interface_to_target
|
||||||
|
|
|
@ -9,9 +9,7 @@ import requests
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.shellshock_resources import CGI_FILES
|
from infection_monkey.exploit.shellshock_resources import CGI_FILES
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.model import DROPPER_ARG
|
from infection_monkey.model import DROPPER_ARG
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
|
|
@ -5,13 +5,9 @@ from impacket.dcerpc.v5 import scmr, transport
|
||||||
from common.utils.attack_utils import ScanStatus, UsageEnum
|
from common.utils.attack_utils import ScanStatus, UsageEnum
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey)
|
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.model import (DROPPER_CMDLINE_DETACHED_WINDOWS,
|
from infection_monkey.model import DROPPER_CMDLINE_DETACHED_WINDOWS, MONKEY_CMDLINE_DETACHED_WINDOWS, VictimHost
|
||||||
MONKEY_CMDLINE_DETACHED_WINDOWS,
|
|
||||||
VictimHost)
|
|
||||||
from infection_monkey.network.smbfinger import SMBFinger
|
from infection_monkey.network.smbfinger import SMBFinger
|
||||||
from infection_monkey.network.tools import check_tcp_port
|
from infection_monkey.network.tools import check_tcp_port
|
||||||
from infection_monkey.telemetry.attack.t1035_telem import T1035Telem
|
from infection_monkey.telemetry.attack.t1035_telem import T1035Telem
|
||||||
|
|
|
@ -9,12 +9,9 @@ from common.utils.attack_utils import ScanStatus
|
||||||
from common.utils.exceptions import FailedExploitationError
|
from common.utils.exceptions import FailedExploitationError
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey)
|
|
||||||
from infection_monkey.model import MONKEY_ARG
|
from infection_monkey.model import MONKEY_ARG
|
||||||
from infection_monkey.network.tools import (check_tcp_port,
|
from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
|
||||||
get_interface_to_target)
|
|
||||||
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
import unittest
|
import unittest
|
||||||
|
|
||||||
from infection_monkey.exploit.tools.helpers import \
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
|
||||||
build_monkey_commandline_explicitly
|
|
||||||
|
|
||||||
|
|
||||||
class TestHelpers(unittest.TestCase):
|
class TestHelpers(unittest.TestCase):
|
||||||
|
|
|
@ -10,12 +10,9 @@ from logging import getLogger
|
||||||
|
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.model import (CHMOD_MONKEY, DOWNLOAD_TIMEOUT, MONKEY_ARG,
|
from infection_monkey.model import CHMOD_MONKEY, DOWNLOAD_TIMEOUT, MONKEY_ARG, RUN_MONKEY, WGET_HTTP_UPLOAD
|
||||||
RUN_MONKEY, WGET_HTTP_UPLOAD)
|
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
|
||||||
LOG = getLogger(__name__)
|
LOG = getLogger(__name__)
|
||||||
|
|
|
@ -5,16 +5,11 @@ from posixpath import join
|
||||||
|
|
||||||
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND,
|
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, CHMOD_MONKEY, DOWNLOAD_TIMEOUT, DROPPER_ARG,
|
||||||
CHMOD_MONKEY, DOWNLOAD_TIMEOUT,
|
GET_ARCH_LINUX, GET_ARCH_WINDOWS, ID_STRING, MONKEY_ARG, POWERSHELL_HTTP_UPLOAD,
|
||||||
DROPPER_ARG, GET_ARCH_LINUX,
|
RUN_MONKEY, WGET_HTTP_UPLOAD)
|
||||||
GET_ARCH_WINDOWS, ID_STRING, MONKEY_ARG,
|
|
||||||
POWERSHELL_HTTP_UPLOAD, RUN_MONKEY,
|
|
||||||
WGET_HTTP_UPLOAD)
|
|
||||||
from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service
|
from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service
|
||||||
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
|
|
@ -16,12 +16,9 @@ from impacket.dcerpc.v5 import transport
|
||||||
|
|
||||||
from common.utils.shellcode_obfuscator import clarify
|
from common.utils.shellcode_obfuscator import clarify
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey)
|
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.model import (DROPPER_CMDLINE_WINDOWS,
|
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
||||||
MONKEY_CMDLINE_WINDOWS)
|
|
||||||
from infection_monkey.network.smbfinger import SMBFinger
|
from infection_monkey.network.smbfinger import SMBFinger
|
||||||
from infection_monkey.network.tools import check_tcp_port
|
from infection_monkey.network.tools import check_tcp_port
|
||||||
|
|
||||||
|
|
|
@ -7,14 +7,10 @@ from impacket.dcerpc.v5.rpcrt import DCERPCException
|
||||||
|
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth, get_target_monkey
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey)
|
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.exploit.tools.wmi_tools import (AccessDeniedException,
|
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
|
||||||
WmiTools)
|
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
||||||
from infection_monkey.model import (DROPPER_CMDLINE_WINDOWS,
|
|
||||||
MONKEY_CMDLINE_WINDOWS)
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -15,8 +15,7 @@ from infection_monkey.config import EXTERNAL_CONFIG_FILE, WormConfiguration
|
||||||
from infection_monkey.dropper import MonkeyDrops
|
from infection_monkey.dropper import MonkeyDrops
|
||||||
from infection_monkey.model import DROPPER_ARG, MONKEY_ARG
|
from infection_monkey.model import DROPPER_ARG, MONKEY_ARG
|
||||||
from infection_monkey.monkey import InfectionMonkey
|
from infection_monkey.monkey import InfectionMonkey
|
||||||
from infection_monkey.utils.monkey_log_path import (get_dropper_log_path,
|
from infection_monkey.utils.monkey_log_path import get_dropper_log_path, get_monkey_log_path
|
||||||
get_monkey_log_path)
|
|
||||||
|
|
||||||
__author__ = 'itamar'
|
__author__ = 'itamar'
|
||||||
|
|
||||||
|
|
|
@ -7,10 +7,9 @@ import time
|
||||||
from threading import Thread
|
from threading import Thread
|
||||||
|
|
||||||
import infection_monkey.tunnel as tunnel
|
import infection_monkey.tunnel as tunnel
|
||||||
from common.network.network_utils import get_host_from_network_location
|
from infection_monkey.network.tools import is_running_on_island
|
||||||
from common.utils.attack_utils import ScanStatus, UsageEnum
|
from common.utils.attack_utils import ScanStatus, UsageEnum
|
||||||
from common.utils.exceptions import (ExploitingVulnerableMachineError,
|
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
||||||
FailedExploitationError)
|
|
||||||
from common.version import get_version
|
from common.version import get_version
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
|
@ -19,8 +18,7 @@ from infection_monkey.model import DELAY_DELETE_CMD
|
||||||
from infection_monkey.network.firewall import app as firewall
|
from infection_monkey.network.firewall import app as firewall
|
||||||
from infection_monkey.network.HostFinger import HostFinger
|
from infection_monkey.network.HostFinger import HostFinger
|
||||||
from infection_monkey.network.network_scanner import NetworkScanner
|
from infection_monkey.network.network_scanner import NetworkScanner
|
||||||
from infection_monkey.network.tools import (get_interface_to_target,
|
from infection_monkey.network.tools import get_interface_to_target
|
||||||
is_running_on_server)
|
|
||||||
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
||||||
from infection_monkey.system_info import SystemInfoCollector
|
from infection_monkey.system_info import SystemInfoCollector
|
||||||
from infection_monkey.system_singleton import SystemSingleton
|
from infection_monkey.system_singleton import SystemSingleton
|
||||||
|
@ -33,11 +31,8 @@ from infection_monkey.telemetry.system_info_telem import SystemInfoTelem
|
||||||
from infection_monkey.telemetry.trace_telem import TraceTelem
|
from infection_monkey.telemetry.trace_telem import TraceTelem
|
||||||
from infection_monkey.telemetry.tunnel_telem import TunnelTelem
|
from infection_monkey.telemetry.tunnel_telem import TunnelTelem
|
||||||
from infection_monkey.utils.environment import is_windows_os
|
from infection_monkey.utils.environment import is_windows_os
|
||||||
from infection_monkey.utils.exceptions.planned_shutdown_exception import \
|
from infection_monkey.utils.exceptions.planned_shutdown_exception import PlannedShutdownException
|
||||||
PlannedShutdownException
|
from infection_monkey.utils.monkey_dir import create_monkey_dir, get_monkey_dir_path, remove_monkey_dir
|
||||||
from infection_monkey.utils.monkey_dir import (create_monkey_dir,
|
|
||||||
get_monkey_dir_path,
|
|
||||||
remove_monkey_dir)
|
|
||||||
from infection_monkey.utils.monkey_log_path import get_monkey_log_path
|
from infection_monkey.utils.monkey_log_path import get_monkey_log_path
|
||||||
from infection_monkey.windows_upgrader import WindowsUpgrader
|
from infection_monkey.windows_upgrader import WindowsUpgrader
|
||||||
|
|
||||||
|
@ -125,7 +120,8 @@ class InfectionMonkey(object):
|
||||||
|
|
||||||
self.shutdown_by_not_alive_config()
|
self.shutdown_by_not_alive_config()
|
||||||
|
|
||||||
if self.is_started_on_island():
|
if is_running_on_island():
|
||||||
|
WormConfiguration.started_on_island = True
|
||||||
ControlClient.report_start_on_island()
|
ControlClient.report_start_on_island()
|
||||||
ControlClient.should_monkey_run(self._opts.vulnerable_port)
|
ControlClient.should_monkey_run(self._opts.vulnerable_port)
|
||||||
|
|
||||||
|
@ -195,8 +191,8 @@ class InfectionMonkey(object):
|
||||||
if self._default_server:
|
if self._default_server:
|
||||||
if self._network.on_island(self._default_server):
|
if self._network.on_island(self._default_server):
|
||||||
machine.set_default_server(get_interface_to_target(machine.ip_addr) +
|
machine.set_default_server(get_interface_to_target(machine.ip_addr) +
|
||||||
(
|
(':' + self._default_server_port
|
||||||
':' + self._default_server_port if self._default_server_port else ''))
|
if self._default_server_port else ''))
|
||||||
else:
|
else:
|
||||||
machine.set_default_server(self._default_server)
|
machine.set_default_server(self._default_server)
|
||||||
LOG.debug("Default server for machine: %r set to %s" % (machine, machine.default_server))
|
LOG.debug("Default server for machine: %r set to %s" % (machine, machine.default_server))
|
||||||
|
@ -254,7 +250,7 @@ class InfectionMonkey(object):
|
||||||
LOG.debug("Running with depth: %d" % WormConfiguration.depth)
|
LOG.debug("Running with depth: %d" % WormConfiguration.depth)
|
||||||
|
|
||||||
def collect_system_info_if_configured(self):
|
def collect_system_info_if_configured(self):
|
||||||
LOG.debug("Calling system info collection")
|
LOG.debug("Calling for system info collection")
|
||||||
system_info_collector = SystemInfoCollector()
|
system_info_collector = SystemInfoCollector()
|
||||||
system_info = system_info_collector.get_info()
|
system_info = system_info_collector.get_info()
|
||||||
SystemInfoTelem(system_info).send()
|
SystemInfoTelem(system_info).send()
|
||||||
|
@ -306,8 +302,7 @@ class InfectionMonkey(object):
|
||||||
try:
|
try:
|
||||||
status = None
|
status = None
|
||||||
if "win32" == sys.platform:
|
if "win32" == sys.platform:
|
||||||
from subprocess import (CREATE_NEW_CONSOLE,
|
from subprocess import CREATE_NEW_CONSOLE, STARTF_USESHOWWINDOW, SW_HIDE
|
||||||
STARTF_USESHOWWINDOW, SW_HIDE)
|
|
||||||
startupinfo = subprocess.STARTUPINFO()
|
startupinfo = subprocess.STARTUPINFO()
|
||||||
startupinfo.dwFlags = CREATE_NEW_CONSOLE | STARTF_USESHOWWINDOW
|
startupinfo.dwFlags = CREATE_NEW_CONSOLE | STARTF_USESHOWWINDOW
|
||||||
startupinfo.wShowWindow = SW_HIDE
|
startupinfo.wShowWindow = SW_HIDE
|
||||||
|
@ -403,10 +398,6 @@ class InfectionMonkey(object):
|
||||||
self._default_server = WormConfiguration.current_server
|
self._default_server = WormConfiguration.current_server
|
||||||
LOG.debug("default server set to: %s" % self._default_server)
|
LOG.debug("default server set to: %s" % self._default_server)
|
||||||
|
|
||||||
def is_started_on_island(self):
|
|
||||||
island_ip = get_host_from_network_location(self._default_server)
|
|
||||||
return is_running_on_server(island_ip) and WormConfiguration.depth == WormConfiguration.max_depth
|
|
||||||
|
|
||||||
def log_arguments(self):
|
def log_arguments(self):
|
||||||
arg_string = " ".join([f"{key}: {value}" for key, value in vars(self._opts).items()])
|
arg_string = " ".join([f"{key}: {value}" for key, value in vars(self._opts).items()])
|
||||||
LOG.info(f"Monkey started with arguments: {arg_string}")
|
LOG.info(f"Monkey started with arguments: {arg_string}")
|
||||||
|
|
|
@ -6,7 +6,7 @@ import requests
|
||||||
from requests.exceptions import ConnectionError, Timeout
|
from requests.exceptions import ConnectionError, Timeout
|
||||||
|
|
||||||
import infection_monkey.config
|
import infection_monkey.config
|
||||||
from common.data.network_consts import ES_SERVICE
|
from common.common_consts.network_consts import ES_SERVICE
|
||||||
from infection_monkey.network.HostFinger import HostFinger
|
from infection_monkey.network.HostFinger import HostFinger
|
||||||
|
|
||||||
ES_PORT = 9200
|
ES_PORT = 9200
|
||||||
|
|
|
@ -3,8 +3,7 @@ import socket
|
||||||
|
|
||||||
import infection_monkey.config
|
import infection_monkey.config
|
||||||
from infection_monkey.network.HostFinger import HostFinger
|
from infection_monkey.network.HostFinger import HostFinger
|
||||||
from infection_monkey.network.tools import (struct_unpack_tracker,
|
from infection_monkey.network.tools import struct_unpack_tracker, struct_unpack_tracker_string
|
||||||
struct_unpack_tracker_string)
|
|
||||||
|
|
||||||
MYSQL_PORT = 3306
|
MYSQL_PORT = 3306
|
||||||
SQL_SERVICE = 'mysqld-3306'
|
SQL_SERVICE = 'mysqld-3306'
|
||||||
|
|
|
@ -7,6 +7,8 @@ import subprocess
|
||||||
import sys
|
import sys
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
from common.network.network_utils import get_host_from_network_location
|
||||||
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.network.info import get_routes, local_ips
|
from infection_monkey.network.info import get_routes, local_ips
|
||||||
from infection_monkey.pyinstaller_utils import get_binary_file_path
|
from infection_monkey.pyinstaller_utils import get_binary_file_path
|
||||||
from infection_monkey.utils.environment import is_64bit_python
|
from infection_monkey.utils.environment import is_64bit_python
|
||||||
|
@ -311,5 +313,11 @@ def get_interface_to_target(dst):
|
||||||
return ret[1]
|
return ret[1]
|
||||||
|
|
||||||
|
|
||||||
|
def is_running_on_island():
|
||||||
|
current_server_without_port = get_host_from_network_location(WormConfiguration.current_server)
|
||||||
|
running_on_island = is_running_on_server(current_server_without_port)
|
||||||
|
return running_on_island and WormConfiguration.depth == WormConfiguration.max_depth
|
||||||
|
|
||||||
|
|
||||||
def is_running_on_server(ip: str) -> bool:
|
def is_running_on_server(ip: str) -> bool:
|
||||||
return ip in local_ips()
|
return ip in local_ips()
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER
|
from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.utils.users import get_commands_to_add_user
|
from infection_monkey.utils.users import get_commands_to_add_user
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
from common.data.post_breach_consts import POST_BREACH_SETUID_SETGID
|
from common.common_consts.post_breach_consts import POST_BREACH_SETUID_SETGID
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.post_breach.setuid_setgid.setuid_setgid import \
|
from infection_monkey.post_breach.setuid_setgid.setuid_setgid import get_commands_to_change_setuid_setgid
|
||||||
get_commands_to_change_setuid_setgid
|
|
||||||
|
|
||||||
|
|
||||||
class ChangeSetuidSetgid(PBA):
|
class ChangeSetuidSetgid(PBA):
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
from common.data.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY
|
from common.common_consts.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY
|
||||||
from infection_monkey.post_breach.clear_command_history.clear_command_history import \
|
from infection_monkey.post_breach.clear_command_history.clear_command_history import \
|
||||||
get_commands_to_clear_command_history
|
get_commands_to_clear_command_history
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
|
|
|
@ -3,7 +3,7 @@ import random
|
||||||
import string
|
import string
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
|
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
||||||
from infection_monkey.utils.auto_new_user_factory import create_auto_new_user
|
from infection_monkey.utils.auto_new_user_factory import create_auto_new_user
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
from common.data.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY
|
from common.common_consts.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY
|
||||||
from infection_monkey.post_breach.account_discovery.account_discovery import \
|
from infection_monkey.post_breach.account_discovery.account_discovery import get_commands_to_discover_accounts
|
||||||
get_commands_to_discover_accounts
|
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
|
from common.common_consts.post_breach_consts import POST_BREACH_HIDDEN_FILES
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
||||||
from infection_monkey.utils.environment import is_windows_os
|
from infection_monkey.utils.environment import is_windows_os
|
||||||
from infection_monkey.utils.hidden_files import (cleanup_hidden_files,
|
from infection_monkey.utils.hidden_files import (cleanup_hidden_files, get_commands_to_hide_files,
|
||||||
get_commands_to_hide_files,
|
|
||||||
get_commands_to_hide_folders)
|
get_commands_to_hide_folders)
|
||||||
from infection_monkey.utils.windows.hidden_files import \
|
from infection_monkey.utils.windows.hidden_files import get_winAPI_to_hide_files
|
||||||
get_winAPI_to_hide_files
|
|
||||||
|
|
||||||
HIDDEN_FSO_CREATION_COMMANDS = [get_commands_to_hide_files,
|
HIDDEN_FSO_CREATION_COMMANDS = [get_commands_to_hide_files,
|
||||||
get_commands_to_hide_folders]
|
get_commands_to_hide_folders]
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
from common.data.post_breach_consts import \
|
from common.common_consts.post_breach_consts import POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
||||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import \
|
from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import \
|
||||||
get_commands_to_modify_shell_startup_files
|
get_commands_to_modify_shell_startup_files
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING
|
from common.common_consts.post_breach_consts import POST_BREACH_JOB_SCHEDULING
|
||||||
from infection_monkey.post_breach.job_scheduling.job_scheduling import (
|
from infection_monkey.post_breach.job_scheduling.job_scheduling import (get_commands_to_schedule_jobs,
|
||||||
get_commands_to_schedule_jobs, remove_scheduled_jobs)
|
remove_scheduled_jobs)
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
from common.data.post_breach_consts import POST_BREACH_TIMESTOMPING
|
from common.common_consts.post_breach_consts import POST_BREACH_TIMESTOMPING
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.post_breach.timestomping.timestomping import \
|
from infection_monkey.post_breach.timestomping.timestomping import get_timestomping_commands
|
||||||
get_timestomping_commands
|
|
||||||
|
|
||||||
|
|
||||||
class Timestomping(PBA):
|
class Timestomping(PBA):
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import logging
|
import logging
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
from common.data.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
|
from common.common_consts.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.post_breach.signed_script_proxy.signed_script_proxy import (
|
from infection_monkey.post_breach.signed_script_proxy.signed_script_proxy import (
|
||||||
cleanup_changes, get_commands_to_proxy_execution_using_signed_script)
|
cleanup_changes, get_commands_to_proxy_execution_using_signed_script)
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND
|
from common.common_consts.post_breach_consts import POST_BREACH_TRAP_COMMAND
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.post_breach.trap_command.trap_command import \
|
from infection_monkey.post_breach.trap_command.trap_command import get_trap_commands
|
||||||
get_trap_commands
|
|
||||||
|
|
||||||
|
|
||||||
class TrapCommand(PBA):
|
class TrapCommand(PBA):
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from common.data.post_breach_consts import POST_BREACH_FILE_EXECUTION
|
from common.common_consts.post_breach_consts import POST_BREACH_FILE_EXECUTION
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
from infection_monkey.post_breach.clear_command_history.linux_clear_command_history import (
|
from infection_monkey.post_breach.clear_command_history.linux_clear_command_history import (
|
||||||
get_linux_command_history_files,
|
get_linux_command_history_files, get_linux_commands_to_clear_command_history, get_linux_usernames)
|
||||||
get_linux_commands_to_clear_command_history, get_linux_usernames)
|
|
||||||
|
|
||||||
|
|
||||||
def get_commands_to_clear_command_history():
|
def get_commands_to_clear_command_history():
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
from infection_monkey.post_breach.job_scheduling.linux_job_scheduling import \
|
from infection_monkey.post_breach.job_scheduling.linux_job_scheduling import get_linux_commands_to_schedule_jobs
|
||||||
get_linux_commands_to_schedule_jobs
|
|
||||||
from infection_monkey.post_breach.job_scheduling.windows_job_scheduling import (
|
from infection_monkey.post_breach.job_scheduling.windows_job_scheduling import (
|
||||||
get_windows_commands_to_remove_scheduled_jobs,
|
get_windows_commands_to_remove_scheduled_jobs, get_windows_commands_to_schedule_jobs)
|
||||||
get_windows_commands_to_schedule_jobs)
|
|
||||||
from infection_monkey.utils.environment import is_windows_os
|
from infection_monkey.utils.environment import is_windows_os
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
from infection_monkey.post_breach.setuid_setgid.linux_setuid_setgid import \
|
from infection_monkey.post_breach.setuid_setgid.linux_setuid_setgid import get_linux_commands_to_setuid_setgid
|
||||||
get_linux_commands_to_setuid_setgid
|
|
||||||
|
|
||||||
|
|
||||||
def get_commands_to_change_setuid_setgid():
|
def get_commands_to_change_setuid_setgid():
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_proxy import (
|
from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_proxy import (
|
||||||
get_windows_commands_to_delete_temp_comspec,
|
get_windows_commands_to_delete_temp_comspec, get_windows_commands_to_proxy_execution_using_signed_script,
|
||||||
get_windows_commands_to_proxy_execution_using_signed_script,
|
|
||||||
get_windows_commands_to_reset_comspec)
|
get_windows_commands_to_reset_comspec)
|
||||||
from infection_monkey.utils.environment import is_windows_os
|
from infection_monkey.utils.environment import is_windows_os
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
from infection_monkey.post_breach.timestomping.linux.timestomping import \
|
from infection_monkey.post_breach.timestomping.linux.timestomping import get_linux_timestomping_commands
|
||||||
get_linux_timestomping_commands
|
from infection_monkey.post_breach.timestomping.windows.timestomping import get_windows_timestomping_commands
|
||||||
from infection_monkey.post_breach.timestomping.windows.timestomping import \
|
|
||||||
get_windows_timestomping_commands
|
|
||||||
|
|
||||||
|
|
||||||
def get_timestomping_commands():
|
def get_timestomping_commands():
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
from infection_monkey.post_breach.trap_command.linux_trap_command import \
|
from infection_monkey.post_breach.trap_command.linux_trap_command import get_linux_trap_commands
|
||||||
get_linux_trap_commands
|
|
||||||
|
|
||||||
|
|
||||||
def get_trap_commands():
|
def get_trap_commands():
|
||||||
|
|
|
@ -4,12 +4,11 @@ from enum import IntEnum
|
||||||
|
|
||||||
import psutil
|
import psutil
|
||||||
|
|
||||||
from common.data.system_info_collectors_names import AZURE_CRED_COLLECTOR
|
from common.common_consts.system_info_collectors_names import AZURE_CRED_COLLECTOR
|
||||||
from infection_monkey.network.info import get_host_subnets
|
from infection_monkey.network.info import get_host_subnets
|
||||||
from infection_monkey.system_info.azure_cred_collector import AzureCollector
|
from infection_monkey.system_info.azure_cred_collector import AzureCollector
|
||||||
from infection_monkey.system_info.netstat_collector import NetstatCollector
|
from infection_monkey.system_info.netstat_collector import NetstatCollector
|
||||||
from infection_monkey.system_info.system_info_collectors_handler import \
|
from infection_monkey.system_info.system_info_collectors_handler import SystemInfoCollectorsHandler
|
||||||
SystemInfoCollectorsHandler
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from common.cloud.aws.aws_instance import AwsInstance
|
from common.cloud.aws.aws_instance import AwsInstance
|
||||||
from common.data.system_info_collectors_names import AWS_COLLECTOR
|
from common.cloud.scoutsuite_consts import CloudProviders
|
||||||
from infection_monkey.system_info.system_info_collector import \
|
from common.common_consts.system_info_collectors_names import AWS_COLLECTOR
|
||||||
SystemInfoCollector
|
from infection_monkey.network.tools import is_running_on_island
|
||||||
|
from infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_collector import scan_cloud_security
|
||||||
|
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -17,6 +19,11 @@ class AwsCollector(SystemInfoCollector):
|
||||||
|
|
||||||
def collect(self) -> dict:
|
def collect(self) -> dict:
|
||||||
logger.info("Collecting AWS info")
|
logger.info("Collecting AWS info")
|
||||||
|
if is_running_on_island():
|
||||||
|
logger.info("Attempting to scan AWS security with ScoutSuite.")
|
||||||
|
scan_cloud_security(cloud_type=CloudProviders.AWS)
|
||||||
|
else:
|
||||||
|
logger.info("Didn't scan AWS security with ScoutSuite, because not on island.")
|
||||||
aws = AwsInstance()
|
aws = AwsInstance()
|
||||||
info = {}
|
info = {}
|
||||||
if aws.is_instance():
|
if aws.is_instance():
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
from common.cloud.all_instances import get_all_cloud_instances
|
from common.cloud.all_instances import get_all_cloud_instances
|
||||||
from common.cloud.environment_names import Environment
|
from common.cloud.environment_names import Environment
|
||||||
from common.data.system_info_collectors_names import ENVIRONMENT_COLLECTOR
|
from common.common_consts.system_info_collectors_names import ENVIRONMENT_COLLECTOR
|
||||||
from infection_monkey.system_info.system_info_collector import \
|
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
|
||||||
SystemInfoCollector
|
|
||||||
|
|
||||||
|
|
||||||
def get_monkey_environment() -> str:
|
def get_monkey_environment() -> str:
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
import logging
|
import logging
|
||||||
import socket
|
import socket
|
||||||
|
|
||||||
from common.data.system_info_collectors_names import HOSTNAME_COLLECTOR
|
from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR
|
||||||
from infection_monkey.system_info.system_info_collector import \
|
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
|
||||||
SystemInfoCollector
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -2,9 +2,8 @@ import logging
|
||||||
|
|
||||||
import psutil
|
import psutil
|
||||||
|
|
||||||
from common.data.system_info_collectors_names import PROCESS_LIST_COLLECTOR
|
from common.common_consts.system_info_collectors_names import PROCESS_LIST_COLLECTOR
|
||||||
from infection_monkey.system_info.system_info_collector import \
|
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
|
||||||
SystemInfoCollector
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
import pkgutil
|
||||||
|
import sys
|
||||||
|
from pathlib import PurePath
|
||||||
|
|
||||||
|
_scoutsuite_api_package = pkgutil.get_loader('common.cloud.scoutsuite.ScoutSuite.__main__')
|
||||||
|
|
||||||
|
|
||||||
|
def _add_scoutsuite_to_python_path():
|
||||||
|
scoutsuite_path = PurePath(_scoutsuite_api_package.path).parent.parent.__str__()
|
||||||
|
sys.path.append(scoutsuite_path)
|
||||||
|
|
||||||
|
|
||||||
|
# Add ScoutSuite to python path because this way
|
||||||
|
# we don't need to change any imports in ScoutSuite code
|
||||||
|
_add_scoutsuite_to_python_path()
|
|
@ -0,0 +1,5 @@
|
||||||
|
import common.cloud.scoutsuite.ScoutSuite.api_run as scoutsuite_api
|
||||||
|
|
||||||
|
|
||||||
|
def run(*args, **kwargs):
|
||||||
|
return scoutsuite_api.run(*args, **kwargs)
|
|
@ -0,0 +1,32 @@
|
||||||
|
import logging
|
||||||
|
from typing import Union
|
||||||
|
|
||||||
|
import infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_api as scoutsuite_api
|
||||||
|
from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider
|
||||||
|
from common.cloud.scoutsuite_consts import CloudProviders
|
||||||
|
from common.utils.exceptions import ScoutSuiteScanError
|
||||||
|
from infection_monkey.config import WormConfiguration
|
||||||
|
from infection_monkey.telemetry.scoutsuite_telem import ScoutSuiteTelem
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
def scan_cloud_security(cloud_type: CloudProviders):
|
||||||
|
try:
|
||||||
|
results = run_scoutsuite(cloud_type.value)
|
||||||
|
if isinstance(results, dict) and 'error' in results and results['error']:
|
||||||
|
raise ScoutSuiteScanError(results['error'])
|
||||||
|
send_scoutsuite_run_results(results)
|
||||||
|
except (Exception, ScoutSuiteScanError) as e:
|
||||||
|
logger.error(f"ScoutSuite didn't scan {cloud_type.value} security because: {e}")
|
||||||
|
|
||||||
|
|
||||||
|
def run_scoutsuite(cloud_type: str) -> Union[BaseProvider, dict]:
|
||||||
|
return scoutsuite_api.run(provider=cloud_type,
|
||||||
|
aws_access_key_id=WormConfiguration.aws_access_key_id,
|
||||||
|
aws_secret_access_key=WormConfiguration.aws_secret_access_key,
|
||||||
|
aws_session_token=WormConfiguration.aws_session_token)
|
||||||
|
|
||||||
|
|
||||||
|
def send_scoutsuite_run_results(run_results: BaseProvider):
|
||||||
|
ScoutSuiteTelem(run_results).send()
|
|
@ -1,8 +1,7 @@
|
||||||
import logging
|
import logging
|
||||||
from typing import Sequence
|
from typing import Sequence
|
||||||
|
|
||||||
from infection_monkey.system_info.system_info_collector import \
|
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
|
||||||
SystemInfoCollector
|
|
||||||
from infection_monkey.telemetry.system_info_telem import SystemInfoTelem
|
from infection_monkey.telemetry.system_info_telem import SystemInfoTelem
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
import logging
|
import logging
|
||||||
from typing import List
|
from typing import List
|
||||||
|
|
||||||
from infection_monkey.system_info.windows_cred_collector import \
|
from infection_monkey.system_info.windows_cred_collector import pypykatz_handler
|
||||||
pypykatz_handler
|
from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials
|
||||||
from infection_monkey.system_info.windows_cred_collector.windows_credentials import \
|
|
||||||
WindowsCredentials
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,7 @@ from typing import Any, Dict, List, NewType
|
||||||
|
|
||||||
from pypykatz.pypykatz import pypykatz
|
from pypykatz.pypykatz import pypykatz
|
||||||
|
|
||||||
from infection_monkey.system_info.windows_cred_collector.windows_credentials import \
|
from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials
|
||||||
WindowsCredentials
|
|
||||||
|
|
||||||
CREDENTIAL_TYPES = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'dpapi_creds',
|
CREDENTIAL_TYPES = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'dpapi_creds',
|
||||||
'kerberos_creds', 'credman_creds', 'tspkg_creds']
|
'kerberos_creds', 'credman_creds', 'tspkg_creds']
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
from unittest import TestCase
|
from unittest import TestCase
|
||||||
|
|
||||||
from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import \
|
from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import _get_creds_from_pypykatz_session
|
||||||
_get_creds_from_pypykatz_session
|
|
||||||
|
|
||||||
|
|
||||||
class TestPypykatzHandler(TestCase):
|
class TestPypykatzHandler(TestCase):
|
||||||
|
|
|
@ -2,9 +2,8 @@ import logging
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from common.data.system_info_collectors_names import MIMIKATZ_COLLECTOR
|
from common.common_consts.system_info_collectors_names import MIMIKATZ_COLLECTOR
|
||||||
from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import \
|
from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import MimikatzCredentialCollector
|
||||||
MimikatzCredentialCollector
|
|
||||||
|
|
||||||
sys.coinit_flags = 0 # needed for proper destruction of the wmi python module
|
sys.coinit_flags = 0 # needed for proper destruction of the wmi python module
|
||||||
import infection_monkey.config # noqa: E402
|
import infection_monkey.config # noqa: E402
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
@ -15,7 +16,7 @@ class AttackTelem(BaseTelem):
|
||||||
self.technique = technique
|
self.technique = technique
|
||||||
self.status = status
|
self.status = status
|
||||||
|
|
||||||
telem_category = 'attack'
|
telem_category = TelemCategoryEnum.ATTACK
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -5,6 +5,7 @@ import logging
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
LOGGED_DATA_LENGTH = 300 # How many characters of telemetry data will be logged
|
||||||
|
|
||||||
__author__ = 'itay.mizeretz'
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
@ -22,12 +23,25 @@ class BaseTelem(object, metaclass=abc.ABCMeta):
|
||||||
Sends telemetry to island
|
Sends telemetry to island
|
||||||
"""
|
"""
|
||||||
data = self.get_data()
|
data = self.get_data()
|
||||||
|
serialized_data = json.dumps(data, cls=self.json_encoder)
|
||||||
|
self._log_telem_sending(serialized_data, log_data)
|
||||||
|
ControlClient.send_telemetry(self.telem_category, serialized_data)
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_data(self) -> dict:
|
||||||
|
"""
|
||||||
|
:return: Data of telemetry (should be dict)
|
||||||
|
"""
|
||||||
|
pass
|
||||||
|
|
||||||
|
@property
|
||||||
|
def json_encoder(self):
|
||||||
|
return json.JSONEncoder
|
||||||
|
|
||||||
|
def _log_telem_sending(self, serialized_data: str, log_data=True):
|
||||||
|
logger.debug(f"Sending {self.telem_category} telemetry.")
|
||||||
if log_data:
|
if log_data:
|
||||||
data_to_log = json.dumps(data)
|
logger.debug(f"Telemetry contents: {BaseTelem._truncate_data(serialized_data)}")
|
||||||
else:
|
|
||||||
data_to_log = 'redacted'
|
|
||||||
logger.debug("Sending {} telemetry. Data: {}".format(self.telem_category, data_to_log))
|
|
||||||
ControlClient.send_telemetry(self.telem_category, data)
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
|
@ -37,9 +51,9 @@ class BaseTelem(object, metaclass=abc.ABCMeta):
|
||||||
"""
|
"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@abc.abstractmethod
|
@staticmethod
|
||||||
def get_data(self) -> dict:
|
def _truncate_data(data: str):
|
||||||
"""
|
if len(data) <= LOGGED_DATA_LENGTH:
|
||||||
:return: Data of telemetry (should be dict)
|
return data
|
||||||
"""
|
else:
|
||||||
pass
|
return f"{data[:LOGGED_DATA_LENGTH]}..."
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
@ -15,7 +16,7 @@ class ExploitTelem(BaseTelem):
|
||||||
self.exploiter = exploiter
|
self.exploiter = exploiter
|
||||||
self.result = result
|
self.result = result
|
||||||
|
|
||||||
telem_category = 'exploit'
|
telem_category = TelemCategoryEnum.EXPLOIT
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import socket
|
import socket
|
||||||
|
|
||||||
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
@ -18,7 +19,7 @@ class PostBreachTelem(BaseTelem):
|
||||||
self.result = result
|
self.result = result
|
||||||
self.hostname, self.ip = PostBreachTelem._get_hostname_and_ip()
|
self.hostname, self.ip = PostBreachTelem._get_hostname_and_ip()
|
||||||
|
|
||||||
telem_category = 'post_breach'
|
telem_category = TelemCategoryEnum.POST_BREACH
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
@ -13,7 +14,7 @@ class ScanTelem(BaseTelem):
|
||||||
super(ScanTelem, self).__init__()
|
super(ScanTelem, self).__init__()
|
||||||
self.machine = machine
|
self.machine = machine
|
||||||
|
|
||||||
telem_category = 'scan'
|
telem_category = TelemCategoryEnum.SCAN
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
from common.cloud.scoutsuite.ScoutSuite.output.result_encoder import ScoutJsonEncoder
|
||||||
|
from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider
|
||||||
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
|
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||||
|
|
||||||
|
|
||||||
|
class ScoutSuiteTelem(BaseTelem):
|
||||||
|
|
||||||
|
def __init__(self, provider: BaseProvider):
|
||||||
|
super().__init__()
|
||||||
|
self.provider_data = provider
|
||||||
|
|
||||||
|
json_encoder = ScoutJsonEncoder
|
||||||
|
telem_category = TelemCategoryEnum.SCOUTSUITE
|
||||||
|
|
||||||
|
def get_data(self):
|
||||||
|
return {
|
||||||
|
'data': self.provider_data
|
||||||
|
}
|
|
@ -1,3 +1,4 @@
|
||||||
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
@ -14,7 +15,7 @@ class StateTelem(BaseTelem):
|
||||||
self.is_done = is_done
|
self.is_done = is_done
|
||||||
self.version = version
|
self.version = version
|
||||||
|
|
||||||
telem_category = 'state'
|
telem_category = TelemCategoryEnum.STATE
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
@ -13,7 +14,7 @@ class SystemInfoTelem(BaseTelem):
|
||||||
super(SystemInfoTelem, self).__init__()
|
super(SystemInfoTelem, self).__init__()
|
||||||
self.system_info = system_info
|
self.system_info = system_info
|
||||||
|
|
||||||
telem_category = 'system_info'
|
telem_category = TelemCategoryEnum.SYSTEM_INFO
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return self.system_info
|
return self.system_info
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
@ -18,7 +19,7 @@ class TraceTelem(BaseTelem):
|
||||||
self.msg = msg
|
self.msg = msg
|
||||||
LOG.debug("Trace: %s" % msg)
|
LOG.debug("Trace: %s" % msg)
|
||||||
|
|
||||||
telem_category = 'trace'
|
telem_category = TelemCategoryEnum.TRACE
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||||
|
|
||||||
|
@ -13,7 +14,7 @@ class TunnelTelem(BaseTelem):
|
||||||
super(TunnelTelem, self).__init__()
|
super(TunnelTelem, self).__init__()
|
||||||
self.proxy = ControlClient.proxies.get('https')
|
self.proxy = ControlClient.proxies.get('https')
|
||||||
|
|
||||||
telem_category = 'tunnel'
|
telem_category = TelemCategoryEnum.TUNNEL
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return {'proxy': self.proxy}
|
return {'proxy': self.proxy}
|
||||||
|
|
|
@ -13,8 +13,7 @@ import infection_monkey.control
|
||||||
import infection_monkey.monkeyfs as monkeyfs
|
import infection_monkey.monkeyfs as monkeyfs
|
||||||
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
|
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
|
||||||
from infection_monkey.network.tools import get_interface_to_target
|
from infection_monkey.network.tools import get_interface_to_target
|
||||||
from infection_monkey.transport.base import (TransportProxyBase,
|
from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
|
||||||
update_last_serve_time)
|
|
||||||
|
|
||||||
__author__ = 'hoffer'
|
__author__ = 'hoffer'
|
||||||
|
|
||||||
|
@ -193,8 +192,7 @@ class HTTPServer(threading.Thread):
|
||||||
def run(self):
|
def run(self):
|
||||||
class TempHandler(FileServHTTPRequestHandler):
|
class TempHandler(FileServHTTPRequestHandler):
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.telemetry.attack.t1105_telem import \
|
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||||
T1105Telem
|
|
||||||
|
|
||||||
filename = self._filename
|
filename = self._filename
|
||||||
|
|
||||||
|
@ -248,8 +246,7 @@ class LockedHTTPServer(threading.Thread):
|
||||||
def run(self):
|
def run(self):
|
||||||
class TempHandler(FileServHTTPRequestHandler):
|
class TempHandler(FileServHTTPRequestHandler):
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.telemetry.attack.t1105_telem import \
|
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||||
T1105Telem
|
|
||||||
filename = self._filename
|
filename = self._filename
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
|
|
@ -3,8 +3,7 @@ import socket
|
||||||
from logging import getLogger
|
from logging import getLogger
|
||||||
from threading import Thread
|
from threading import Thread
|
||||||
|
|
||||||
from infection_monkey.transport.base import (TransportProxyBase,
|
from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
|
||||||
update_last_serve_time)
|
|
||||||
|
|
||||||
READ_BUFFER_SIZE = 8192
|
READ_BUFFER_SIZE = 8192
|
||||||
DEFAULT_TIMEOUT = 30
|
DEFAULT_TIMEOUT = 30
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue