196 lines
13 KiB
Plaintext
196 lines
13 KiB
Plaintext
{
|
|
"id": "OwcKMnALpn7tuBaJY1US",
|
|
"name": "Add a new System Info Collector",
|
|
"dod": "Add a system info collector that collects the machine hostname.",
|
|
"description": "# What are system info collectors?\n\nWell, the name pretty much explains it. They are Monkey classes which collect various information regarding the victim system, such as Environment, SSH Info, Process List, Netstat and more. \n\n## What should I add? \n\nA system info collector which collects the hostname of the system.\n\n## Test manually\n\nOnce you're done, make sure that your collector:\n* Appears in the Island configuration, and is enabled by default\n* The collector actually runs when executing a Monkey.\n* Results show up in the relevant places:\n * The infection map.\n * The security report.\n * The relevant MITRE techniques.\n\n**There are a lot of hints for this unit - don't be afraid to use them!**",
|
|
"summary": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!",
|
|
"tests": [],
|
|
"hints": [
|
|
"First thing you should do is take a look at a different collector (like EnvironemntCollector) and 100% understand how it runs, how results are relayed back to the server, and how the server processes the data.",
|
|
"Try to run \"socket.getfqdn()\".",
|
|
"Take a look at SystemInfoCollector - that's the base class you'll need to implement",
|
|
"Make sure you add the new collector to the configuration in all relevant places, including making it ON by default!"
|
|
],
|
|
"swimmPatch": {
|
|
"monkey/common/common_consts/system_info_collectors_names.py": {
|
|
"diffType": "MODIFIED",
|
|
"fileDiffHeader": "diff --git a/monkey/common/common_consts/system_info_collectors_names.py b/monkey/common/common_consts/system_info_collectors_names.py\nindex c93cb253..bce6f86e 100644\n--- a/monkey/common/common_consts/system_info_collectors_names.py\n+++ b/monkey/common/common_consts/system_info_collectors_names.py",
|
|
"hunks": [
|
|
{
|
|
"swimmHunkMetadata": {},
|
|
"hunkDiffLines": [
|
|
"@@ -1,5 +1,5 @@",
|
|
" AWS_COLLECTOR = \"AwsCollector\"",
|
|
"-HOSTNAME_COLLECTOR = \"HostnameCollector\"",
|
|
"+# SWIMMER: Collector name goes here.",
|
|
" ENVIRONMENT_COLLECTOR = \"EnvironmentCollector\"",
|
|
" PROCESS_LIST_COLLECTOR = \"ProcessListCollector\"",
|
|
" MIMIKATZ_COLLECTOR = \"MimikatzCollector\""
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"monkey/infection_monkey/system_info/collectors/hostname_collector.py": {
|
|
"diffType": "MODIFIED",
|
|
"fileDiffHeader": "diff --git a/monkey/infection_monkey/system_info/collectors/hostname_collector.py b/monkey/infection_monkey/system_info/collectors/hostname_collector.py\nindex 0aeecd9f..4dc6701a 100644\n--- a/monkey/infection_monkey/system_info/collectors/hostname_collector.py\n+++ b/monkey/infection_monkey/system_info/collectors/hostname_collector.py",
|
|
"hunks": [
|
|
{
|
|
"swimmHunkMetadata": {},
|
|
"hunkDiffLines": [
|
|
"@@ -1,15 +1,5 @@",
|
|
" import logging",
|
|
"-import socket",
|
|
"-",
|
|
"-from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR",
|
|
"-from infection_monkey.system_info.system_info_collector import SystemInfoCollector",
|
|
" ",
|
|
" logger = logging.getLogger(__name__)",
|
|
" ",
|
|
"-",
|
|
"+# SWIMMER: The collector class goes here.",
|
|
"-class HostnameCollector(SystemInfoCollector):",
|
|
"- def __init__(self):",
|
|
"- super().__init__(name=HOSTNAME_COLLECTOR)",
|
|
"-",
|
|
"- def collect(self) -> dict:",
|
|
"- return {\"hostname\": socket.getfqdn()}"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py": {
|
|
"diffType": "MODIFIED",
|
|
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py\nindex 0ea92bea..f4517b90 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
|
|
"hunks": [
|
|
{
|
|
"swimmHunkMetadata": {},
|
|
"hunkDiffLines": [
|
|
"@@ -1,5 +1,5 @@",
|
|
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,",
|
|
"- ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,",
|
|
"+ ENVIRONMENT_COLLECTOR,",
|
|
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)",
|
|
" ",
|
|
" SYSTEM_INFO_COLLECTOR_CLASSES = {"
|
|
]
|
|
},
|
|
{
|
|
"swimmHunkMetadata": {},
|
|
"hunkDiffLines": [
|
|
"@@ -34,15 +34,7 @@",
|
|
" \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",",
|
|
" \"attack_techniques\": [\"T1082\"]",
|
|
" },",
|
|
"- {",
|
|
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
|
|
"- \"type\": \"string\",",
|
|
"- \"enum\": [",
|
|
"- HOSTNAME_COLLECTOR",
|
|
"- ],",
|
|
"- \"title\": \"Hostname collector\",",
|
|
"- \"info\": \"Collects machine's hostname.\",",
|
|
"- \"attack_techniques\": [\"T1082\", \"T1016\"]",
|
|
"- },",
|
|
" {",
|
|
" \"type\": \"string\",",
|
|
" \"enum\": ["
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"monkey/monkey_island/cc/services/config_schema/monkey.py": {
|
|
"diffType": "MODIFIED",
|
|
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py\nindex 01d46367..84cd9123 100644\n--- a/monkey/monkey_island/cc/services/config_schema/monkey.py\n+++ b/monkey/monkey_island/cc/services/config_schema/monkey.py",
|
|
"hunks": [
|
|
{
|
|
"swimmHunkMetadata": {},
|
|
"hunkDiffLines": [
|
|
"@@ -1,5 +1,5 @@",
|
|
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,",
|
|
"- ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,",
|
|
"+ ENVIRONMENT_COLLECTOR,",
|
|
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)",
|
|
" ",
|
|
" MONKEY = {"
|
|
]
|
|
},
|
|
{
|
|
"swimmHunkMetadata": {},
|
|
"hunkDiffLines": [
|
|
"@@ -85,7 +85,6 @@",
|
|
" \"default\": [",
|
|
" ENVIRONMENT_COLLECTOR,",
|
|
" AWS_COLLECTOR,",
|
|
"- HOSTNAME_COLLECTOR,",
|
|
" PROCESS_LIST_COLLECTOR,",
|
|
" MIMIKATZ_COLLECTOR,",
|
|
" AZURE_CRED_COLLECTOR"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py": {
|
|
"diffType": "MODIFIED",
|
|
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py\nindex e2de4519..8764e29d 100644\n--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py\n+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py",
|
|
"hunks": [
|
|
{
|
|
"swimmHunkMetadata": {},
|
|
"hunkDiffLines": [
|
|
"@@ -1,9 +1,9 @@",
|
|
" import logging",
|
|
" ",
|
|
"-from monkey_island.cc.models.monkey import Monkey",
|
|
"+# SWIMMER: This will be useful :) monkey_island.cc.models.monkey.Monkey has the useful",
|
|
"+# \"get_single_monkey_by_guid\" and \"set_hostname\" methods",
|
|
" ",
|
|
" logger = logging.getLogger(__name__)",
|
|
" ",
|
|
" ",
|
|
"-def process_hostname_telemetry(collector_results, monkey_guid):",
|
|
"+# SWIMMER: Processing function goes here.",
|
|
"- Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results[\"hostname\"])"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py": {
|
|
"diffType": "MODIFIED",
|
|
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py\nindex 1d71c89c..edb1aefa 100644\n--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py\n+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
|
"hunks": [
|
|
{
|
|
"swimmHunkMetadata": {},
|
|
"hunkDiffLines": [
|
|
"@@ -2,11 +2,10 @@",
|
|
" import typing",
|
|
" ",
|
|
" from common.common_consts.system_info_collectors_names import (",
|
|
"- AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR, PROCESS_LIST_COLLECTOR, SCOUTSUITE_COLLECTOR)",
|
|
"+ AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, PROCESS_LIST_COLLECTOR, SCOUTSUITE_COLLECTOR)",
|
|
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry",
|
|
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\",
|
|
" process_environment_telemetry",
|
|
"-from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import process_hostname_telemetry",
|
|
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.scoutsuite import \\",
|
|
" process_scout_suite_telemetry",
|
|
" from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import check_antivirus_existence"
|
|
]
|
|
},
|
|
{
|
|
"swimmHunkMetadata": {},
|
|
"hunkDiffLines": [
|
|
"@@ -16,7 +15,6 @@",
|
|
" SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {",
|
|
" AWS_COLLECTOR: [process_aws_telemetry],",
|
|
" ENVIRONMENT_COLLECTOR: [process_environment_telemetry],",
|
|
"- HOSTNAME_COLLECTOR: [process_hostname_telemetry],",
|
|
" PROCESS_LIST_COLLECTOR: [check_antivirus_existence],",
|
|
" SCOUTSUITE_COLLECTOR: [process_scout_suite_telemetry]",
|
|
" }"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"app_version": "0.2.1",
|
|
"file_version": "1.0.3"
|
|
} |