p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Added basic HTTP fingering by using banner grabbing

This commit is contained in:
daniel goldberg 2016-08-24 18:31:16 +03:00
parent 85ee6804ee
commit d455a8bb40
5 changed files with 61 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
chaos_monkey/config.py
View File

@ -2,7 +2,7 @@ import os
import sys
from network.range import FixedRange, RelativeRange, ClassCRange
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger,HTTPFinger
from abc import ABCMeta
import uuid
import types
@ -133,7 +133,7 @@ class Configuration(object):
max_iterations = 1
scanner_class = TcpScanner
finger_classes = [SMBFinger, SSHFinger, PingScanner]
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter]
# how many victims to look for in a single scan iteration
@ -157,7 +157,7 @@ class Configuration(object):
# sets whether or not to retry failed hosts on next scan
retry_failed_explotation = True
#addresses of internet servers to ping and check if the monkey has internet acccess.
# addresses of internet servers to ping and check if the monkey has internet acccess.
internet_services = ["monkey.guardicore.com", "www.google.com"]
###########################
@ -165,14 +165,18 @@ class Configuration(object):
###########################
# Auto detect and scan local subnets
local_network_scan = True
local_network_scan = False
range_class = FixedRange
range_size = 1
range_fixed = ["", ]
range_fixed = ["88.198.218.174","212.73.212.91" ]
# TCP Scanner
HTTP_PORTS = [80, 8080, 443,
8008, # HTTP alternate
]
tcp_target_ports = [22, 2222, 445, 135, 3389]
tcp_target_ports.extend(HTTP_PORTS)
tcp_scan_timeout = 3000 # 3000 Milliseconds
tcp_scan_interval = 200
tcp_scan_get_banner = True

6
chaos_monkey/example.conf
View File

@ -80,7 +80,11 @@
22,
445,
135,
3389
3389,
80,
8080,
443,
8008
],
"timeout_between_iterations": 10,
"use_file_logging": true,

1
chaos_monkey/network/__init__.py
View File

@ -22,5 +22,6 @@ from ping_scanner import PingScanner
from tcp_scanner import TcpScanner
from smbfinger import SMBFinger
from sshfinger import SSHFinger
from httpfinger import HTTPFinger
from info import local_ips
from info import get_free_tcp_port

44
chaos_monkey/network/httpfinger.py Normal file
View File

@ -0,0 +1,44 @@
import re
from network import HostFinger
from network.tools import check_port_tcp
from model.host import VictimHost
class HTTPFinger(HostFinger):
'''
Goal is to recognise HTTP servers, where what we currently care about is apache.
'''
def __init__(self):
self._config = __import__('config').WormConfiguration
self.HTTP = [(port,str(port)) for port in self._config.HTTP_PORTS]
@staticmethod
def _banner_match(service, host, banner):
pass
def get_host_fingerprint(self, host):
assert isinstance(host, VictimHost)
from requests import get
from requests.exceptions import Timeout
from contextlib import closing
valid_ports = [port for port in self.HTTP if 'tcp-'+port[1] in host.services]
for port in valid_ports:
# check both http and https
http = "http://"+host.ip_addr+":"+port[1]
https = "https://"+host.ip_addr+":"+port[1]
# try http, we don't optimise for 443
try:
with closing(get(http, timeout=1, stream=True)) as r_http:
server = r_http.headers.get('Server')
host.services['tcp-'+port[1]] = server
except Timeout:
#try https
with closing(get(https, timeout=01, stream=True)) as r_http:
server = r_http.headers.get('Server')
host.services['tcp-'+port[1]] = server
return True

3
chaos_monkey/requirements.txt
View File

@ -11,4 +11,5 @@ paramiko
psutil
PyInstaller
ecdsa
netifaces
netifaces
requests