From f49089aed306f1ee155f922110f08fc93c5b804d Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 27 Jan 2020 14:46:39 +0200 Subject: [PATCH] Added basic framework for running scoutsuite --- .travis.yml | 1 + .../collectors/scoutsuite_collector.py | 8 ++++++-- monkey/monkey_island/cc/services/config_schema.py | 15 ++++++++++++--- .../system_info_collectors/scoutsuite.py | 9 +++++++++ .../system_info_telemetry_dispatcher.py | 6 ++++-- 5 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/scoutsuite.py diff --git a/.travis.yml b/.travis.yml index cb51083e4..b83e12eb4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,6 +16,7 @@ install: - pip install -r monkey/monkey_island/requirements.txt # for unit tests - pip install flake8 pytest dlint # for next stages - pip install -r monkey/infection_monkey/requirements.txt # for unit tests +- pip install -r monkey/infection_monkey/system_info/collectors/scoutsuite/requirements.txt before_script: # Set the server config to `testing`. This is required for for the UTs to pass. diff --git a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector.py b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector.py index fdf7ce6fa..38c6d7c0f 100644 --- a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector.py +++ b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector.py @@ -17,7 +17,11 @@ class ScoutSuiteCollector(SystemInfoCollector): env = get_monkey_environment() if env == Environment.ON_PREMISE.value: logger.info("Monkey is not on cloud; not running ScoutSuite") + return {} else: logger.info(f"Attempting to execute ScoutSuite with {env.lower()}") - run(env.lower(), debug=True, quiet=False) - return {} + scout_suite_results = run(env.lower(), debug=True, quiet=False) + return { + "Environment": env, + "Results": scout_suite_results + } diff --git a/monkey/monkey_island/cc/services/config_schema.py b/monkey/monkey_island/cc/services/config_schema.py index 3d0220ee2..59cd97686 100644 --- a/monkey/monkey_island/cc/services/config_schema.py +++ b/monkey/monkey_island/cc/services/config_schema.py @@ -1,5 +1,5 @@ from common.data.system_info_collectors_names \ - import AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR, PROCESS_LIST_COLLECTOR + import AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR, PROCESS_LIST_COLLECTOR, SCOUTSUITE_COLLECTOR WARNING_SIGN = " \u26A0" @@ -130,7 +130,7 @@ SCHEMA = { "title": "Collect the machine's hostname", "attack_techniques": [] }, -{ + { "type": "string", "enum": [ PROCESS_LIST_COLLECTOR @@ -138,6 +138,14 @@ SCHEMA = { "title": "Collect running processes on the machine", "attack_techniques": [] }, + { + "type": "string", + "enum": [ + SCOUTSUITE_COLLECTOR + ], + "title": "If on cloud, execute ScoutSuite and collect its results", + "attack_techniques": [] + }, ], }, "post_breach_acts": { @@ -485,7 +493,8 @@ SCHEMA = { ENVIRONMENT_COLLECTOR, AWS_COLLECTOR, HOSTNAME_COLLECTOR, - PROCESS_LIST_COLLECTOR + PROCESS_LIST_COLLECTOR, + SCOUTSUITE_COLLECTOR ], "description": "Determines which system information collectors will collect information." }, diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/scoutsuite.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/scoutsuite.py new file mode 100644 index 000000000..85d053e47 --- /dev/null +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/scoutsuite.py @@ -0,0 +1,9 @@ +import logging +import json + +logger = logging.getLogger(__name__) + + +def process_scout_suite_telemetry(collector_results, monkey_guid): + # Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results["hostname"]) + logger.info(f"\n\n{json.dumps(collector_results, indent=2)}\n{monkey_guid}") diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py index b5f2d24ea..1c651501d 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py @@ -2,10 +2,11 @@ import logging import typing from common.data.system_info_collectors_names \ - import AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR, PROCESS_LIST_COLLECTOR + import AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR, PROCESS_LIST_COLLECTOR, SCOUTSUITE_COLLECTOR from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import process_environment_telemetry from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import process_hostname_telemetry +from monkey_island.cc.services.telemetry.processing.system_info_collectors.scoutsuite import process_scout_suite_telemetry from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import test_antivirus_existence logger = logging.getLogger(__name__) @@ -14,7 +15,8 @@ SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = { AWS_COLLECTOR: [process_aws_telemetry], ENVIRONMENT_COLLECTOR: [process_environment_telemetry], HOSTNAME_COLLECTOR: [process_hostname_telemetry], - PROCESS_LIST_COLLECTOR: [test_antivirus_existence] + PROCESS_LIST_COLLECTOR: [test_antivirus_existence], + SCOUTSUITE_COLLECTOR: [process_scout_suite_telemetry] }