diff --git a/monkey_island/cc/services/report.py b/monkey_island/cc/services/report.py index 01205e71a..830197444 100644 --- a/monkey_island/cc/services/report.py +++ b/monkey_island/cc/services/report.py @@ -1,6 +1,7 @@ import ipaddress from cc.database import mongo +from cc.services.config import ConfigService from cc.services.edge import EdgeService from cc.services.node import NodeService from cc.utils import local_ip_addresses, get_subnets @@ -260,12 +261,57 @@ class ReportService: issues_dict[machine].append(issue) return issues_dict + @staticmethod + def get_manual_monkeys(): + return [monkey['hostname'] for monkey in mongo.db.monkey.find({}, {'hostname': 1, 'parent': 1, 'guid': 1}) if + NodeService.get_monkey_manual_run(monkey)] + + @staticmethod + def get_config_users(): + return ConfigService.get_config_value(['basic', 'credentials', 'exploit_user_list']) + + @staticmethod + def get_config_passwords(): + return ConfigService.get_config_value(['basic', 'credentials', 'exploit_password_list']) + + @staticmethod + def get_config_exploits(): + exploit_display_dict = \ + { + 'SmbExploiter': 'SMB Exploiter', + 'WmiExploiter': 'WMI Exploiter', + 'SSHExploiter': 'SSH Exploiter', + 'RdpExploiter': 'RDP Exploiter', + 'SambaCryExploiter': 'SambaCry Exploiter', + 'ElasticGroovyExploiter': 'Elastic Groovy Exploiter', + 'Ms08_067_Exploiter': 'Conficker Exploiter', + 'ShellShockExploiter': 'ShellShock Exploiter', + } + return [exploit_display_dict[exploit] for exploit in + ConfigService.get_config_value(['exploits', 'general', 'exploiter_classes'])] + + @staticmethod + def get_config_ips(): + if ConfigService.get_config_value(['basic_network', 'network_range', 'range_class']) != 'FixedRange': + return [] + return ConfigService.get_config_value(['basic_network', 'network_range', 'range_fixed']) + + @staticmethod + def get_config_scan(): + return ConfigService.get_config_value(['basic_network', 'general', 'local_network_scan']) + @staticmethod def get_report(): return \ { 'overview': { + 'manual_monkeys': ReportService.get_manual_monkeys(), + 'config_users': ReportService.get_config_users(), + 'config_passwords': ReportService.get_config_passwords(), + 'config_exploits': ReportService.get_config_exploits(), + 'config_ips': ReportService.get_config_ips(), + 'config_scan': ReportService.get_config_scan(), 'monkey_start_time': ReportService.get_first_monkey_time().strftime("%d/%m/%Y %H:%M:%S"), 'monkey_duration': ReportService.get_monkey_duration(), 'issues': [False, True, True, True, False, True], diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js index 48a2d1e55..404d2e374 100644 --- a/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -337,127 +337,210 @@ class ReportPageComponent extends React.Component { } else { let exploitPercentage = (100 * this.state.report.glance.exploited.length) / this.state.report.glance.scanned.length; - content = ( -
-
-
- -
-

- Overview -

-

- The first monkey run was started on {this.state.report.overview.monkey_start_time}. After {this.state.report.overview.monkey_duration}, all monkeys finished - propagation attempts. -

-

- A full report of the Monkeys activities follows. -

+
+
+
-
-

- Security Findings -

-
-

- Immediate Threats -

- During this simulated attack the Monkey uncovered {this.state.report.overview.issues.filter(function (x) { - return x === true; - }).length} issues, detailed below. The security issues uncovered include: -
    - {this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ? -
  • Users with weak passwords.
    • : null} - {this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ? -
  • Stolen passwords/hashes were used to exploit other machines.
    • : null} - {this.state.report.overview.issues[this.Issue.ELASTIC] ? -
  • Elastic Search servers not patched for CVE-2015-1427. -
    • : null} - {this.state.report.overview.issues[this.Issue.SAMBACRY] ? -
  • Samba servers not patched for ‘SambaCry’ (CVE-2017-7494).
    • : null} - {this.state.report.overview.issues[this.Issue.SHELLSHOCK] ? -
  • Machines not patched for the ‘Shellshock’ (CVE-2014-6271). -
    • : null} - {this.state.report.overview.issues[this.Issue.CONFICKER] ? -
  • Machines not patched for the ‘Conficker’ (MS08-067).
    • : null} -
-
-
-

- Security Issues -

- The monkey uncovered the following possible set of issues: -
    - {this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ? -
  • Possible cross segment traffic. Infected machines could communicate with the - Monkey Island despite crossing segment boundaries using unused ports.
    • : null} - {this.state.report.overview.warnings[this.Warning.TUNNEL] ? -
  • Lack of Micro-segmentation, machines successfully tunneled monkey activity - using unused ports.
    • : null} -
-
-
-
-

- Recommendations -

-
- {this.generateIssues(this.state.report.recommendations.issues)} -
-
-
-

- The Network from the Monkey's Eyes -

-
-

- The Monkey discovered {this.state.report.glance.scanned.length} machines and - successfully breached {this.state.report.glance.exploited.length} of them. -
- In addition, while attempting to exploit additional hosts , security software installed in the - network should have picked up the attack attempts and logged them. -
- Detailed recommendations in the next part of the report. +

+
+

+ Overview +

+ { + this.state.report.glance.exploited.length > 0 ? + (

+ + Critical security issues found by Infection Monkey! +

) : + (

+ + Infection Monkey did not find any critical security issues. +

) + } +

+ + To improve the monkey's success rate, try adding users and passwords, and enabling the "Local + network scan" config value under "Basic - Network"

-
- - {Math.round(exploitPercentage)}% of scanned machines exploited +

+ The first monkey run was started on {this.state.report.overview.monkey_start_time}. After {this.state.report.overview.monkey_duration}, all monkeys finished + propagation attempts. +

+

+ The monkey started propagating from the following machines where it was manually installed: +

    + {this.state.report.overview.manual_monkeys.map(x =>
  • {x}
    • )} +
+

+

+ The monkeys were run with the following configuration: +

+ { + this.state.report.overview.config_users.length > 0 ? +

+ Users to try: +

    + {this.state.report.overview.config_users.map(x =>
  • {x}
    • )} +
+ Passwords to try: +
    + {this.state.report.overview.config_passwords.map(x =>
  • {x.substr(0, 3) + '******'}
    • )} +
+

+ : +

+ No Users and Passwords were provided for the monkey. +

+ } + { + this.state.report.overview.config_exploits.length > 0 ? +

+ Use the following exploit methods: +

    + {this.state.report.overview.config_exploits.map(x =>
  • {x}
    • )} +
+

+ : +

+ Don't use any exploit. +

+ } + { + this.state.report.overview.config_ips.length > 0 ? +

+ Scan the following IPs: +

    + {this.state.report.overview.config_ips.map(x =>
  • {x}
    • )} +
+

+ : + '' + } + { + this.state.report.overview.config_scan ? + '' + : +

+ Monkeys were configured to not scan local network +

+ } +

+ A full report of the Monkeys activities follows. +

+
+
+

+ Security Findings +

+
+

+ Immediate Threats +

+ During this simulated attack the Monkey uncovered {this.state.report.overview.issues.filter(function (x) { + return x === true; + }).length} issues, detailed below. The security issues uncovered include: +
    + {this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ? +
  • Users with weak passwords.
    • : null} + {this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ? +
  • Stolen passwords/hashes were used to exploit other machines.
    • : null} + {this.state.report.overview.issues[this.Issue.ELASTIC] ? +
  • Elastic Search servers not patched for CVE-2015-1427. +
    • : null} + {this.state.report.overview.issues[this.Issue.SAMBACRY] ? +
  • Samba servers not patched for ‘SambaCry’ (CVE-2017-7494).
    • : null} + {this.state.report.overview.issues[this.Issue.SHELLSHOCK] ? +
  • Machines not patched for the ‘Shellshock’ (CVE-2014-6271). +
    • : null} + {this.state.report.overview.issues[this.Issue.CONFICKER] ? +
  • Machines not patched for the ‘Conficker’ (MS08-067).
    • : null} +
+
+
+

+ Security Issues +

+ The monkey uncovered the following possible set of issues: +
    + {this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ? +
  • Possible cross segment traffic. Infected machines could communicate with the + Monkey Island despite crossing segment boundaries using unused ports.
    • : null} + {this.state.report.overview.warnings[this.Warning.TUNNEL] ? +
  • Lack of Micro-segmentation, machines successfully tunneled monkey activity + using unused ports.
    • : null} +
-

- From the attacker's point of view, the network looks like this: -

-
- +
+

+ Recommendations +

+
+ {this.generateIssues(this.state.report.recommendations.issues)} +
-
- -
-
- -
-
- +
+

+ The Network from the Monkey's Eyes +

+
+

+ The Monkey discovered {this.state.report.glance.scanned.length} machines and + successfully breached {this.state.report.glance.exploited.length} of them. +
+ In addition, while attempting to exploit additional hosts , security software installed in the + network should have picked up the attack attempts and logged them. +
+ Detailed recommendations in the next part of the report. +

+
+ + {Math.round(exploitPercentage)}% of scanned machines exploited +
+
+

+ From the attacker's point of view, the network looks like this: +

+
+ +
+
+ +
+
+ +
+
+ +
+
+ +
); } + return (

4. Security Report