Merge pull request #214 from guardicore/feature/collect-aws-instanceid

Add AWS instance id collector
This commit is contained in:
Daniel Goldberg 2018-11-27 04:12:45 -08:00 committed by GitHub
commit fdeeed40f4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 3580 additions and 3447 deletions

View File

@ -0,0 +1 @@
__author__ = 'itay.mizeretz'

View File

@ -0,0 +1,17 @@
import urllib2
__author__ = 'itay.mizeretz'
class AWS(object):
def __init__(self):
try:
self.instance_id = urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read()
except urllib2.URLError:
self.instance_id = None
def get_instance_id(self):
return self.instance_id
def is_aws_instance(self):
return self.instance_id is not None

View File

@ -6,6 +6,7 @@ import psutil
from enum import IntEnum from enum import IntEnum
from infection_monkey.network.info import get_host_subnets from infection_monkey.network.info import get_host_subnets
from infection_monkey.system_info.aws_collector import AwsCollector
from infection_monkey.system_info.azure_cred_collector import AzureCollector from infection_monkey.system_info.azure_cred_collector import AzureCollector
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -57,6 +58,13 @@ class InfoCollector(object):
def __init__(self): def __init__(self):
self.info = {} self.info = {}
def get_info(self):
self.get_hostname()
self.get_process_list()
self.get_network_info()
self.get_azure_info()
self.get_aws_info()
def get_hostname(self): def get_hostname(self):
""" """
Adds the fully qualified computer hostname to the system information. Adds the fully qualified computer hostname to the system information.
@ -131,3 +139,6 @@ class InfoCollector(object):
if len(azure_creds) != 0: if len(azure_creds) != 0:
self.info["Azure"] = {} self.info["Azure"] = {}
self.info["Azure"]['usernames'] = [cred[0] for cred in azure_creds] self.info["Azure"]['usernames'] = [cred[0] for cred in azure_creds]
def get_aws_info(self):
self.info['aws'] = AwsCollector().get_aws_info()

View File

@ -0,0 +1,29 @@
import logging
from common.cloud.aws import AWS
__author__ = 'itay.mizeretz'
LOG = logging.getLogger(__name__)
class AwsCollector(object):
"""
Extract info from AWS machines
"""
@staticmethod
def get_aws_info():
LOG.info("Collecting AWS info")
aws = AWS()
info = {}
if aws.is_aws_instance():
LOG.info("Machine is an AWS instance")
info = \
{
'instance_id': aws.get_instance_id()
}
else:
LOG.info("Machine is NOT an AWS instance")
return info

View File

@ -23,10 +23,7 @@ class LinuxInfoCollector(InfoCollector):
:return: Dict of system information :return: Dict of system information
""" """
LOG.debug("Running Linux collector") LOG.debug("Running Linux collector")
self.get_hostname() super(LinuxInfoCollector, self).get_info()
self.get_process_list()
self.get_network_info()
self.get_azure_info()
self.info['ssh_info'] = SSHCollector.get_info() self.info['ssh_info'] = SSHCollector.get_info()
return self.info return self.info

View File

@ -35,16 +35,26 @@ class WindowsInfoCollector(InfoCollector):
:return: Dict of system information :return: Dict of system information
""" """
LOG.debug("Running Windows collector") LOG.debug("Running Windows collector")
self.get_hostname() super(WindowsInfoCollector, self).get_info()
self.get_process_list()
self.get_network_info()
self.get_azure_info()
self.get_wmi_info() self.get_wmi_info()
LOG.debug('finished get_wmi_info')
self.get_installed_packages() self.get_installed_packages()
self.get_mimikatz_info()
return self.info
def get_installed_packages(self):
LOG.info('getting installed packages')
self.info["installed_packages"] = os.popen("dism /online /get-packages").read()
self.info["installed_features"] = os.popen("dism /online /get-features").read()
LOG.debug('Got installed packages') LOG.debug('Got installed packages')
def get_wmi_info(self):
LOG.info('getting wmi info')
for wmi_class_name in WMI_CLASSES:
self.info['wmi'][wmi_class_name] = WMIUtils.get_wmi_class(wmi_class_name)
LOG.debug('finished get_wmi_info')
def get_mimikatz_info(self):
mimikatz_collector = MimikatzCollector() mimikatz_collector = MimikatzCollector()
mimikatz_info = mimikatz_collector.get_logon_info() mimikatz_info = mimikatz_collector.get_logon_info()
if mimikatz_info: if mimikatz_info:
@ -53,15 +63,3 @@ class WindowsInfoCollector(InfoCollector):
self.info["mimikatz"] = mimikatz_collector.get_mimikatz_text() self.info["mimikatz"] = mimikatz_collector.get_mimikatz_text()
else: else:
LOG.info('No mimikatz info was gathered') LOG.info('No mimikatz info was gathered')
return self.info
def get_installed_packages(self):
LOG.info('getting installed packages')
self.info["installed_packages"] = os.popen("dism /online /get-packages").read()
self.info["installed_features"] = os.popen("dism /online /get-features").read()
def get_wmi_info(self):
LOG.info('getting wmi info')
for wmi_class_name in WMI_CLASSES:
self.info['wmi'][wmi_class_name] = WMIUtils.get_wmi_class(wmi_class_name)

View File

@ -1,7 +1,6 @@
import urllib2
import cc.auth import cc.auth
from cc.environment import Environment from cc.environment import Environment
from common.cloud.aws import AWS
__author__ = 'itay.mizeretz' __author__ = 'itay.mizeretz'
@ -13,7 +12,7 @@ class AwsEnvironment(Environment):
@staticmethod @staticmethod
def _get_instance_id(): def _get_instance_id():
return urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read() return AWS.get_instance_id()
def is_auth_enabled(self): def is_auth_enabled(self):
return True return True

File diff suppressed because it is too large Load Diff

View File

@ -86,7 +86,7 @@
"react-graph-vis": "^1.0.2", "react-graph-vis": "^1.0.2",
"react-json-tree": "^0.11.0", "react-json-tree": "^0.11.0",
"react-jsonschema-form": "^1.0.5", "react-jsonschema-form": "^1.0.5",
"react-redux": "^5.0.7", "react-redux": "^5.1.1",
"react-router-dom": "^4.3.1", "react-router-dom": "^4.3.1",
"react-table": "^6.8.6", "react-table": "^6.8.6",
"react-toggle": "^4.0.1", "react-toggle": "^4.0.1",