p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Release Infection Monkey v1.11.0

This commit is contained in:
Mike Salvatore 2021-08-16 14:41:13 -04:00
parent 2d7919c60c cbd803acae
commit 07730160d7
920 changed files with 32748 additions and 15577 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ci_scripts/flake8_linter_check.ini → .flake8
View File

@ -1,15 +1,17 @@
[flake8]
## Warn about linter issues.
exclude = ../monkey/monkey_island/cc/ui,
../monkey/common/cloud
exclude = monkey/monkey_island/cc/ui,vulture_allowlist.py
show-source = True
max-complexity = 10
max-line-length = 127
max-line-length = 100
### ignore "whitespace before ':'", "line break before binary operator" for
### compatibility with black, and cyclomatic complexity (for now).
extend-ignore = E203, W503, C901
### --statistics Count the number of occurrences of each error/warning code and print a report.
statistics = True
### --count will print the total number of errors.
count = True

4
.gitattributes vendored Normal file
View File

@ -0,0 +1,4 @@
monkey/tests/data_for_tests/ransomware_targets/** -text
monkey/tests/data_for_tests/test_readme.txt -text
monkey/tests/data_for_tests/stable_file.txt -text
monkey/infection_monkey/ransomware/ransomware_readme.txt -text

1
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -7,6 +7,7 @@ Add any further explanations here.
## PR Checklist
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
* [ ] Is the TravisCI build passing?
* [ ] Was the CHANGELOG.md updated to reflect the changes?
* [ ] Was the documentation framework updated to reflect the changes?
## Testing Checklist

4
.gitignore vendored
View File

@ -1,5 +1,6 @@
# Intellij
.idea/
.run/
# Byte-compiled / optimized / DLL files
__pycache__/
@ -81,9 +82,10 @@ MonkeyZoo/*
!MonkeyZoo/README.MD
!MonkeyZoo/config.tf
!MonkeyZoo/MonkeyZooDocs.pdf
monkey/logs
# Exported monkey telemetries
/monkey/telem_sample/
/envs/monkey_zoo/blackbox/tests/performance/telemetry_sample/
# Profiling logs
profiler_logs/

54
.pre-commit-config.yaml Normal file
View File

@ -0,0 +1,54 @@
default_stages: [commit]
repos:
- repo: https://github.com/pycqa/isort
rev: 5.8.0
hooks:
- id: isort
name: isort (python)
- id: isort
name: isort (cython)
types: [cython]
- id: isort
name: isort (pyi)
types: [pyi]
- repo: https://github.com/psf/black
rev: 20.8b1
hooks:
- id: black
- repo: https://gitlab.com/pycqa/flake8
rev: 3.9.1
hooks:
- id: flake8
additional_dependencies: [dlint]
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.4.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
- id: check-json
- id: check-merge-conflict
- id: detect-private-key
- id: end-of-file-fixer
- id: trailing-whitespace
- repo: https://github.com/eslint/eslint
rev: v7.24.0
hooks:
- id: eslint
args: ["monkey/monkey_island/cc/ui/src/", "--fix", "--max-warnings=0"]
- repo: local
hooks:
- id: pytest
name: pytest
entry: bash -c "cd monkey && pytest"
language: system
files: "monkey/"
exclude: "monkey/monkey_island/cc/ui"
stages: [push]
- repo: https://github.com/swimmio/pre-commit
rev: v0.2
hooks:
- id: swimm-verify
- repo: https://github.com/jendrikseipp/vulture
rev: v2.3
hooks:
- id: vulture

156
.swm/AzD8XysWg1BBXCjCDkfq.swm
View File

@ -1,92 +1,86 @@
{
"id": "AzD8XysWg1BBXCjCDkfq",
"name": "Add a new configuration setting to the Agent ⚙",
"task": {
"dod": "Make the max victim number that Monkey will find before stopping configurable by the user instead of constant.",
"description": "# Make something configurable\n\nIn this unit, you will learn how to add a configuration option to Monkey and how to use it in the Monkey Agent code. \n\n![computer fire](https://media.giphy.com/media/7J4P7cUur2DlErijp3/giphy.gif \"computer fire\")\n\n## Why is this important?\n\nEnabling users to configure the Monkey's behaviour gives them a lot more freedom in how they want to use the Monkey and enables more use cases.\n\n## What is \"Max victims to find\"?\n\nThe Monkey has a function which finds \"victim\" machines on the network for the Monkey to try and exploit. It's called `get_victim_machines`. This function accepts an argument which limits how many machines the Monkey should find.\n\nWe want to make that value editable by the user instead of constant in the code.\n\n## Manual testing\n\n1. After you've performed the required changes, reload the Server and check your value exists in the Internal tab of the config (see image).\n\n![](https://i.imgur.com/e0XAxuV.png)\n\n2. Set the new value to 1, and run Monkey locally (from source). See that the Monkey only scans one machine.",
"summary": "* When changing config schema by adding or deleting keys, you need to update the Blackbox Test configurations as well [here](https://github.com/guardicore/monkey/tree/develop/envs/monkey_zoo/blackbox/island_configs).",
"hunksOrder": [
"monkey/infection_monkey/config.py_0",
"monkey/infection_monkey/monkey.py_0",
"monkey/monkey_island/cc/services/config_schema/internal.py_0"
],
"tests": [],
"hints": [
"Look for `victims_max_exploit` - it's rather similar."
]
},
"content": [
{
"type": "text",
"text": "# Make something configurable\n\nIn this unit, you will learn how to add a configuration option to Monkey and how to use it in the Monkey Agent code. \n\n![computer fire](https://media.giphy.com/media/7J4P7cUur2DlErijp3/giphy.gif \"computer fire\")\n\n## Why is this important?\n\nEnabling users to configure the Monkey's behaviour gives them a lot more freedom in how they want to use the Monkey and enables more use cases.\n\n## What is \"Max victims to find\"?\n\nThe Monkey has a function which finds \"victim\" machines on the network for the Monkey to try and exploit. It's called `get_victim_machines`. This function accepts an argument which limits how many machines the Monkey should find.\n\nWe want to make that value editable by the user instead of constant in the code.\n\n## Manual testing\n\n1. After you've performed the required changes, reload the Server and check your value exists in the Internal tab of the config (see image).\n\n![](https://i.imgur.com/e0XAxuV.png)\n\n2. Set the new value to 1, and run Monkey locally (from source). See that the Monkey only scans one machine."
},
{
"type": "snippet",
"path": "monkey/infection_monkey/config.py",
"comments": [],
"firstLineNumber": 124,
"lines": [
" exploiter_classes = []",
" system_info_collector_classes = []",
" ",
"* # how many victims to look for in a single scan iteration\r",
"* victims_max_find = 100\r",
" ",
" # how many victims to exploit before stopping",
" victims_max_exploit = 100"
]
},
{
"type": "snippet",
"path": "monkey/infection_monkey/monkey.py",
"comments": [],
"firstLineNumber": 220,
"lines": [
" if not self._keep_running or not WormConfiguration.alive:",
" break",
" ",
"* machines = self._network.get_victim_machines(",
"* max_find=WormConfiguration.victims_max_find,",
"* stop_callback=ControlClient.check_for_stop,",
"* )",
" is_empty = True",
" for machine in machines:",
" if ControlClient.check_for_stop():"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/internal.py",
"comments": [],
"firstLineNumber": 42,
"lines": [
" \"title\": \"Monkey\",",
" \"type\": \"object\",",
" \"properties\": {",
"* \"victims_max_find\": {",
"* \"title\": \"Max victims to find\",",
"* \"type\": \"integer\",",
"* \"default\": 100,",
"* \"description\": \"Determines the maximum number of machines the monkey is \"",
"* \"allowed to scan\",",
"* },",
" \"victims_max_exploit\": {",
" \"title\": \"Max victims to exploit\",",
" \"type\": \"integer\","
]
},
{
"type": "text",
"text": "* When changing config schema by adding or deleting keys, you need to update the Blackbox Test configurations as well [here](https://github.com/guardicore/monkey/tree/develop/envs/monkey_zoo/blackbox/config_templates)."
}
],
"play_mode": "all",
"swimmPatch": {
"monkey/infection_monkey/config.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py\nindex 1fbcb876..67ed19de 100644\n--- a/monkey/infection_monkey/config.py\n+++ b/monkey/infection_monkey/config.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -131,8 +131,6 @@",
" exploiter_classes = []\r",
" system_info_collector_classes = []\r",
" \r",
"- # how many victims to look for in a single scan iteration\r",
"- victims_max_find = 100\r",
" \r",
" # how many victims to exploit before stopping\r",
" victims_max_exploit = 100\r"
]
"symbols": {},
"file_version": "2.0.1",
"meta": {
"app_version": "0.4.9-1",
"file_blobs": {
"monkey/infection_monkey/config.py": "0bede1c57949987f5c8025bd9b8f7aa29d02a6af",
"monkey/infection_monkey/monkey.py": "89d2fa8452dee70f6d2985a9bb452f0159ea8219",
"monkey/monkey_island/cc/services/config_schema/internal.py": "1ce1c864b1df332b65e16b4ce9ed533affd73f9c"
}
]
},
"monkey/infection_monkey/monkey.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py\nindex 444bde45..ff23f671 100644\n--- a/monkey/infection_monkey/monkey.py\n+++ b/monkey/infection_monkey/monkey.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -159,8 +159,6 @@",
" if not self._keep_running or not WormConfiguration.alive:\r",
" break\r",
" \r",
"- machines = self._network.get_victim_machines(max_find=WormConfiguration.victims_max_find,\r",
"- stop_callback=ControlClient.check_for_stop)\r",
" is_empty = True\r",
" for machine in machines:\r",
" if ControlClient.check_for_stop():\r"
]
}
]
},
"monkey/monkey_island/cc/services/config_schema/internal.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py\nindex bdbae246..d6042d35 100644\n--- a/monkey/monkey_island/cc/services/config_schema/internal.py\n+++ b/monkey/monkey_island/cc/services/config_schema/internal.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
},
"hunkDiffLines": [
"@@ -40,12 +40,6 @@",
" \"title\": \"Monkey\",\r",
" \"type\": \"object\",\r",
" \"properties\": {\r",
"- \"victims_max_find\": {\r",
"- \"title\": \"Max victims to find\",\r",
"- \"type\": \"integer\",\r",
"- \"default\": 100,\r",
"- \"description\": \"Determines the maximum number of machines the monkey is allowed to scan\"\r",
"- },\r",
" \"victims_max_exploit\": {\r",
" \"title\": \"Max victims to exploit\",\r",
" \"type\": \"integer\",\r"
]
}
]
}
},
"app_version": "0.3.5-1",
"file_version": "1.0.4",
"last_commit_sha_for_swimm_patch": "17ee823b086f0b027612e2d1864930d2c5593c3e"
}

74
.swm/JFXftJml8DpmuCPBA9rL.swm
View File

@ -1,54 +1,52 @@
{
"id": "JFXftJml8DpmuCPBA9rL",
"name": "Add details about your new PBA",
"task": {
"dod": "You should add your new PBA's details to the configuration.",
"description": "In order to make sure that the new `ScheduleJobs` PBA is shown in the configuration on the Monkey Island, you need to add its details to the configuration file(s). <br><br>\n\nSince this particular PBA is related to the MITRE techniques [T1168](https://attack.mitre.org/techniques/T1168) and [T1053](https://attack.mitre.org/techniques/T1053), make sure to link the PBA with these techniques in the configuration as well. <br><br>\n\nEach part of the configuration has an important role \n- *enum* — contains the relevant PBA's class name(s)\n- *title* — holds the name of the PBA which is displayed in the configuration on the Monkey Island\n- *info* — consists of an elaboration on the PBA's working which is displayed in the configuration on the Monkey Island\n- *attack_techniques* — has the IDs of the MITRE techniques associated with the PBA\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- You should be able to see your new PBA under the \"Monkey\" tab in the configuration, along with its information when you click on it\n- Further, when you enable/disable the associated MITRE techniques under the ATT&CK tab in the configuration, the PBA should also be enabled/disabled\n\n<img src=\"https://i.imgur.com/a5VSkL5.gif\" height=400>",
"summary": "- The PBA details in this file are reflected on the Monkey Island in the PBA configuration.\n- PBAs are also linked to the relevant MITRE techniques in this file, whose results can then be seen in the MITRE ATT&CK report on the Monkey Island.",
"hunksOrder": [
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0"
],
"tests": [],
"hints": [
"Have a look at the details of the other techniques."
],
"play_mode": "all",
"swimmPatch": {
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\nindex f1fe0f6f..b231f96c 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
]
},
"hunkDiffLines": [
"@@ -68,16 +68,7 @@",
"content": [
{
"type": "text",
"text": "In order to make sure that the new `ScheduleJobs` PBA is shown in the configuration on the Monkey Island, you need to add its details to the configuration file(s). <br><br>\n\nSince this particular PBA is related to the MITRE techniques [T1168](https://attack.mitre.org/techniques/T1168) and [T1053](https://attack.mitre.org/techniques/T1053), make sure to link the PBA with these techniques in the configuration as well. <br><br>\n\nEach part of the configuration has an important role \n- *enum* — contains the relevant PBA's class name(s)\n- *title* — holds the name of the PBA which is displayed in the configuration on the Monkey Island\n- *info* — consists of an elaboration on the PBA's working which is displayed in the configuration on the Monkey Island\n- *attack_techniques* — has the IDs of the MITRE techniques associated with the PBA\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- You should be able to see your new PBA under the \"Monkey\" tab in the configuration, along with its information when you click on it\n- Further, when you enable/disable the associated MITRE techniques under the ATT&CK tab in the configuration, the PBA should also be enabled/disabled\n\n<img src=\"https://i.imgur.com/a5VSkL5.gif\" height=400>"
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"comments": [],
"firstLineNumber": 56,
"lines": [
" \"Removes the file afterwards.\",",
" \"attack_techniques\": [\"T1166\"]",
" \"attack_techniques\": [\"T1166\"],",
" },",
"- {",
"* {",
"+ # Swimmer: ADD DETAILS HERE!",
"- \"type\": \"string\",",
"- \"enum\": [",
"- \"ScheduleJobs\"",
"- ],",
"- \"title\": \"Job scheduling\",",
"- \"safe\": True,",
"- \"info\": \"Attempts to create a scheduled job on the system and remove it.\",",
"- \"attack_techniques\": [\"T1168\", \"T1053\"]",
"- },",
"* \"type\": \"string\",",
"* \"enum\": [\"ScheduleJobs\"],",
"* \"title\": \"Job scheduling\",",
"* \"safe\": True,",
"* \"info\": \"Attempts to create a scheduled job on the system and remove it.\",",
"* \"attack_techniques\": [\"T1168\", \"T1053\"],",
"* },",
" {",
" \"type\": \"string\",",
" \"enum\": ["
" \"enum\": [\"Timestomping\"],"
]
}
]
}
},
"app_version": "0.3.5-1",
"file_version": "1.0.4",
"hunksOrder": [
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0"
],
"last_commit_sha_for_swimm_patch": "9d9e8168fb2c23367b9947273aa1a041687b3e2e"
{
"type": "text",
"text": "- The PBA details in this file are reflected on the Monkey Island in the PBA configuration.\n- PBAs are also linked to the relevant MITRE techniques in this file, whose results can then be seen in the MITRE ATT&CK report on the Monkey Island."
}
],
"symbols": {},
"file_version": "2.0.1",
"meta": {
"app_version": "0.4.1-1",
"file_blobs": {
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "ea9b18aba7f71da12c9c82ac39d8a0cf2c472a9c"
}
}
}

94
.swm/OwcKMnALpn7tuBaJY1US.swm
View File

@ -37,7 +37,7 @@
"firstLineNumber": 1,
"lines": [
" import logging",
"*import socket",
" import socket",
"*",
"*from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR",
"*from infection_monkey.system_info.system_info_collector import SystemInfoCollector",
@ -58,13 +58,13 @@
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
"comments": [],
"firstLineNumber": 1,
"firstLineNumber": 4,
"lines": [
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,\r",
"* ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)\r",
" \r",
" SYSTEM_INFO_COLLECTOR_CLASSES = {\r"
" ENVIRONMENT_COLLECTOR,",
"* HOSTNAME_COLLECTOR,",
" MIMIKATZ_COLLECTOR,",
" PROCESS_LIST_COLLECTOR,",
" )"
]
},
{
@ -73,23 +73,21 @@
"comments": [],
"firstLineNumber": 37,
"lines": [
" \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",",
" \"attack_techniques\": [\"T1082\"]",
" \"currently running on.\",",
" \"attack_techniques\": [\"T1082\"],",
" },",
"* {",
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
"* \"type\": \"string\",",
"* \"enum\": [",
"* HOSTNAME_COLLECTOR",
"* ],",
"* \"enum\": [HOSTNAME_COLLECTOR],",
"* \"title\": \"Hostname collector\",",
"* \"safe\": True,",
"* \"info\": \"Collects machine's hostname.\",",
"* \"attack_techniques\": [\"T1082\", \"T1016\"]",
"* \"attack_techniques\": [\"T1082\", \"T1016\"],",
"* },",
" {",
" \"type\": \"string\",",
" \"enum\": ["
" \"enum\": [PROCESS_LIST_COLLECTOR],"
]
},
{
@ -98,20 +96,21 @@
"comments": [],
"firstLineNumber": 1,
"lines": [
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,",
" ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,",
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)",
" from common.common_consts.system_info_collectors_names import (",
" AWS_COLLECTOR,",
" AZURE_CRED_COLLECTOR,",
" ENVIRONMENT_COLLECTOR,",
"* HOSTNAME_COLLECTOR,",
" MONKEY = {",
" \"title\": \"Monkey\",",
" \"type\": \"object\","
" MIMIKATZ_COLLECTOR,",
" PROCESS_LIST_COLLECTOR,",
" )"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
"comments": [],
"firstLineNumber": 85,
"firstLineNumber": 92,
"lines": [
" \"default\": [",
" ENVIRONMENT_COLLECTOR,",
@ -119,7 +118,7 @@
"* HOSTNAME_COLLECTOR,",
" PROCESS_LIST_COLLECTOR,",
" MIMIKATZ_COLLECTOR,",
" AZURE_CRED_COLLECTOR"
" AZURE_CRED_COLLECTOR,"
]
},
{
@ -148,26 +147,26 @@
"comments": [],
"firstLineNumber": 1,
"lines": [
" import logging\r",
" import typing\r",
" \r",
"*from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
" PROCESS_LIST_COLLECTOR)\r",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r"
" import logging",
" import typing",
" ",
" from common.common_consts.system_info_collectors_names import (",
" AWS_COLLECTOR,",
" ENVIRONMENT_COLLECTOR,",
"* HOSTNAME_COLLECTOR,"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"comments": [],
"firstLineNumber": 14,
"firstLineNumber": 25,
"lines": [
" SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {",
" AWS_COLLECTOR: [process_aws_telemetry],",
" ENVIRONMENT_COLLECTOR: [process_environment_telemetry],",
"* HOSTNAME_COLLECTOR: [process_hostname_telemetry],",
" PROCESS_LIST_COLLECTOR: [check_antivirus_existence]",
" PROCESS_LIST_COLLECTOR: [check_antivirus_existence],",
" }",
" "
]
@ -175,15 +174,18 @@
{
"type": "snippet",
"lines": [
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r",
" process_environment_telemetry\r",
"*from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import process_hostname_telemetry\r",
" from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import check_antivirus_existence\r",
" \r",
" logger = logging.getLogger(__name__)\r"
" )",
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import (",
" process_environment_telemetry,",
" )",
"*from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import (",
"* process_hostname_telemetry,",
"*)",
" from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import (",
" check_antivirus_existence,",
" )"
],
"firstLineNumber": 6,
"firstLineNumber": 12,
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
"comments": []
},
@ -192,9 +194,17 @@
"text": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!"
}
],
"file_version": "2.0.0",
"symbols": {},
"file_version": "2.0.1",
"meta": {
"app_version": "0.3.7-0",
"file_blobs": {}
"app_version": "0.4.4-0",
"file_blobs": {
"monkey/common/common_consts/system_info_collectors_names.py": "175a054e1408805a4cebbe27e2f9616db40988cf",
"monkey/infection_monkey/system_info/collectors/hostname_collector.py": "0aeecd9fb7bde83cccd4501ec03e0da199ec5fc3",
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py": "9a4a39050eb088876df4fa629e14faf820e714a0",
"monkey/monkey_island/cc/services/config_schema/monkey.py": "e745da5828c63e975625ac2e9b80ce9626324970",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py": "e2de4519cbd71bba70e81cf3ff61817437d95a21",
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py": "7ce4b6fcfbce0d6cd8a60297213c5be1699b22df"
}
}
}

71
.swm/VW4rf3AxRslfT7lwaug7.swm
View File

@ -1,51 +1,54 @@
{
"id": "VW4rf3AxRslfT7lwaug7",
"name": "Implement a new PBA — `ScheduleJobs`",
"task": {
"dod": "You should implement a new PBA in Monkey which schedules jobs on the machine.",
"description": "You need to implement the `ScheduleJobs` PBA which creates scheduled jobs on the machine. <br><br>\n<img src=\"https://media.giphy.com/media/l0K4mVE5b5WZ1sctW/giphy.gif\" height=175><br><br>\nThe commands that add scheduled jobs for Windows and Linux can be retrieved from `get_commands_to_schedule_jobs` — make sure you understand how to use this function correctly.\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- Make sure the \"Job scheduling\" PBA is enabled in the \"Monkey\" tab in the configuration — for this test, disable network scanning, exploiting, and all other PBAs\n- Run the Monkey\n- Make sure you see the PBA with its results in the Security report as well as in the ATT&CK report under the relevant MITRE technique\n\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2Ff0e53e6c-9dbe-41d8-9454-2b5761c3f53a.png?alt=media&token=21aa4bb8-7ebe-4dab-a739-c77e059144dd\" height=400>\n<br><br>\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2F528389a0-35c8-4380-b6e2-353068ed01e4.png?alt=media&token=08767f55-86e2-4f51-8ecf-13fd6cc25ad5\" height=400>",
"summary": "Many other PBAs are as simple as this one, using shell commands or scripts — see `Timestomping` and `AccountDiscovery`. <br><br>\n\nHowever, for less straightforward ones, you can override functions and implement new classes depending on what is required — see `SignedScriptProxyExecution` and `ModifyShellStartupFiles`.<br><br>\n\nThis PBA, along with all the other PBAs, will run on a system after it has been breached. The purpose of this code is to test whether target systems allow attackers to schedule jobs, which they could use to run malicious code at some specified date and time.",
"hunksOrder": [
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py_0"
],
"tests": [],
"hints": [
"Check out the `Timestomping` PBA to get an idea about the implementation.",
"Don't forget to add code to remove the scheduled jobs!"
],
"play_mode": "all",
"swimmPatch": {
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py": {
"diffType": "MODIFIED",
"fileDiffHeader": "diff --git a/monkey/infection_monkey/post_breach/actions/schedule_jobs.py b/monkey/infection_monkey/post_breach/actions/schedule_jobs.py\nindex f7d8d805..06839463 100644\n--- a/monkey/infection_monkey/post_breach/actions/schedule_jobs.py\n+++ b/monkey/infection_monkey/post_breach/actions/schedule_jobs.py",
"hunks": [
{
"swimmHunkMetadata": {
"hunkComments": []
]
},
"hunkDiffLines": [
"@@ -10,11 +10,5 @@",
"content": [
{
"type": "text",
"text": "You need to implement the `ScheduleJobs` PBA which creates scheduled jobs on the machine. <br><br>\n<img src=\"https://media.giphy.com/media/l0K4mVE5b5WZ1sctW/giphy.gif\" height=175><br><br>\nThe commands that add scheduled jobs for Windows and Linux can be retrieved from `get_commands_to_schedule_jobs` — make sure you understand how to use this function correctly.\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- Make sure the \"Job scheduling\" PBA is enabled in the \"Monkey\" tab in the configuration — for this test, disable network scanning, exploiting, and all other PBAs\n- Run the Monkey\n- Make sure you see the PBA with its results in the Security report as well as in the ATT&CK report under the relevant MITRE technique\n\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2Ff0e53e6c-9dbe-41d8-9454-2b5761c3f53a.png?alt=media&token=21aa4bb8-7ebe-4dab-a739-c77e059144dd\" height=400>\n<br><br>\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2F528389a0-35c8-4380-b6e2-353068ed01e4.png?alt=media&token=08767f55-86e2-4f51-8ecf-13fd6cc25ad5\" height=400>"
},
{
"type": "snippet",
"path": "monkey/infection_monkey/post_breach/actions/schedule_jobs.py",
"comments": [],
"firstLineNumber": 12,
"lines": [
" \"\"\"",
" ",
" def __init__(self):",
"- linux_cmds, windows_cmds = get_commands_to_schedule_jobs()",
"* linux_cmds, windows_cmds = get_commands_to_schedule_jobs()",
"+ pass",
"-",
"*",
"+ # Swimmer: IMPLEMENT HERE!",
"- super(ScheduleJobs, self).__init__(name=POST_BREACH_JOB_SCHEDULING,",
"- linux_cmd=' '.join(linux_cmds),",
"- windows_cmd=windows_cmds)",
"- ",
"- def run(self):",
"- super(ScheduleJobs, self).run()"
"* super(ScheduleJobs, self).__init__(",
"* name=POST_BREACH_JOB_SCHEDULING,",
"* linux_cmd=\" \".join(linux_cmds),",
"* windows_cmd=windows_cmds,",
"* )",
"*",
"* def run(self):",
"* super(ScheduleJobs, self).run()",
"* remove_scheduled_jobs()"
]
}
]
}
},
"app_version": "0.3.5-1",
"file_version": "1.0.4",
"hunksOrder": [
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py_0"
],
"last_commit_sha_for_swimm_patch": "44fd1ab69cfbab33cec638dcbbaa8831992a9a9f"
{
"type": "text",
"text": "Many other PBAs are as simple as this one, using shell commands or scripts — see `Timestomping` and `AccountDiscovery`. <br><br>\n\nHowever, for less straightforward ones, you can override functions and implement new classes depending on what is required — see `SignedScriptProxyExecution` and `ModifyShellStartupFiles`.<br><br>\n\nThis PBA, along with all the other PBAs, will run on a system after it has been breached. The purpose of this code is to test whether target systems allow attackers to schedule jobs, which they could use to run malicious code at some specified date and time."
}
],
"symbols": {},
"file_version": "2.0.1",
"meta": {
"app_version": "0.4.1-1",
"file_blobs": {
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py": "e7845968a0c27d2eba71a8889645fe88491cb2a8"
}
}
}

57
.swm/tbxb2cGgUiJQ8Btma0fp.swm
View File

@ -37,20 +37,22 @@
"lines": [
"*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER",
"*from infection_monkey.config import WormConfiguration",
" from infection_monkey.post_breach.pba import PBA",
" from infection_monkey.utils.users import get_commands_to_add_user",
" ",
" ",
" class BackdoorUser(PBA):",
" def __init__(self):",
"*from infection_monkey.post_breach.pba import PBA",
"*from infection_monkey.utils.random_password_generator import get_random_password",
"*from infection_monkey.utils.users import get_commands_to_add_user",
"*",
"*",
"*class BackdoorUser(PBA):",
"* def __init__(self):",
"* random_password = get_random_password()",
"*",
"* linux_cmds, windows_cmds = get_commands_to_add_user(",
"+ pass # Swimmer: Impl here!",
"* WormConfiguration.user_to_add,",
"* WormConfiguration.remote_user_pass)",
"* WormConfiguration.user_to_add, random_password",
"* )",
"*",
"* super(BackdoorUser, self).__init__(",
"* POST_BREACH_BACKDOOR_USER,",
"* linux_cmd=' '.join(linux_cmds),",
"* windows_cmd=windows_cmds)"
"* POST_BREACH_BACKDOOR_USER, linux_cmd=\" \".join(linux_cmds), windows_cmd=windows_cmds",
"* )"
]
},
{
@ -59,17 +61,17 @@
"comments": [],
"firstLineNumber": 1,
"lines": [
"*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER\r",
" from monkey_island.cc.services.attack.technique_reports.pba_technique import PostBreachTechnique\r",
" \r",
" __author__ = \"shreyamalviya\"\r"
" from common.common_consts.post_breach_consts import (",
"* POST_BREACH_BACKDOOR_USER,",
" POST_BREACH_COMMUNICATE_AS_NEW_USER,",
" )"
]
},
{
"type": "snippet",
"path": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
"comments": [],
"firstLineNumber": 9,
"firstLineNumber": 12,
"lines": [
" unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"",
" scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"",
@ -82,7 +84,7 @@
"type": "snippet",
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
"comments": [],
"firstLineNumber": 4,
"firstLineNumber": 5,
"lines": [
" \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",",
" \"type\": \"string\",",
@ -90,17 +92,15 @@
"* {",
"+ # Swimmer: Add new PBA here to config!",
"* \"type\": \"string\",",
"* \"enum\": [",
"* \"BackdoorUser\"",
"* ],",
"* \"enum\": [\"BackdoorUser\"],",
"* \"title\": \"Back door user\",",
"* \"safe\": True,",
"* \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",",
"* \"attack_techniques\": [\"T1136\"]",
"* \"attack_techniques\": [\"T1136\"],",
"* },",
" {",
" \"type\": \"string\",",
" \"enum\": ["
" \"enum\": [\"CommunicateAsNewUser\"],"
]
},
{
@ -108,14 +108,15 @@
"text": "Take a look at the configuration of the island again - see the \"command to run after breach\" option we offer the user? It's implemented exactly like you did right now but each user can do it for themselves. \n\nHowever, what if the PBA needs to do stuff which is more complex than just running a few commands? In that case... "
}
],
"file_version": "2.0.0",
"symbols": {},
"file_version": "2.0.1",
"meta": {
"app_version": "0.3.7-0",
"app_version": "0.4.4-0",
"file_blobs": {
"monkey/common/common_consts/post_breach_consts.py": "25e6679cb1623aae1a732deb05cc011a452743e3",
"monkey/infection_monkey/post_breach/actions/add_user.py": "a85845840d9cb37529ad367e159cd9001929e759",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": "d9d86e08ea4aeb0a6bee3f483e4fea50ee6cd200",
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "857e80da477ab31dbc00ed0a3f1cd49b69b505fa"
"monkey/infection_monkey/post_breach/actions/add_user.py": "26b048a492fcb6d319fc0c01d2f4a0bd302ecbc8",
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": "dfc5945a362b88c1135f4476526c6c82977b02ee",
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "086dc85693ae02ddfa106099245c0f155139805c"
}
}
}

67
.travis.yml
View File

@ -6,69 +6,62 @@ group: travis_latest
language: python
env:
- PIP_CACHE_DIR=$HOME/.cache/pip PIPENV_CACHE_DIR=$HOME/.cache/pipenv
cache:
- pip
- directories:
- "$HOME/.npm"
- $PIP_CACHE_DIR
- $PIPENV_CACHE_DIR
python:
- 3.7
os: linux
before_install:
# Init server_config.json to default
- cp monkey/monkey_island/cc/server_config.json.default monkey/monkey_island/cc/server_config.json
install:
# Python
- pip freeze
- pip install -r monkey/monkey_island/requirements.txt # for unit tests
- pip install flake8 pytest pytest-cov dlint isort # for next stages
- pip install coverage # for code coverage
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
- pip install pipdeptree
# Fail builds on possible conflicting dependencies.
- pipdeptree --warn fail
- pip install pipenv
# Install island and monkey requirements as they are needed by UT's
- pushd monkey/monkey_island
- pipenv sync --dev # This installs dependencies from lock
- popd
- pushd monkey/infection_monkey
- pipenv sync --dev # This installs dependencies from lock
- popd
# node + npm + eslint
- node --version
- npm --version
- nvm --version
- nvm install node
- nvm install 12
- nvm use node
- npm i -g eslint
- node --version
- npm --version
# linuxbrew (for hugo)
- git clone https://github.com/Homebrew/brew ~/.linuxbrew/Homebrew
- mkdir ~/.linuxbrew/bin
- ln -s ~/.linuxbrew/Homebrew/bin/brew ~/.linuxbrew/bin
- eval $(~/.linuxbrew/bin/brew shellenv)
# hugo (for documentation)
- brew install hugo
- curl -L https://github.com/gohugoio/hugo/releases/download/v0.85.0/hugo_0.85.0_Linux-64bit.tar.gz --output hugo.tar.gz
# print hugo version (useful for debugging documentation build errors)
- hugo version
- tar -zxf hugo.tar.gz
- ./hugo version
script:
# Check Python code
## Check syntax errors and fail the build if any are found.
- flake8 ./monkey --config=./ci_scripts/flake8_syntax_check.ini
## Warn about linter issues.
### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.
### The output is redirected to a file.
- flake8 ./monkey --exit-zero --config=./ci_scripts/flake8_linter_check.ini > ./ci_scripts/flake8_warnings.txt
## Display the linter issues
- cat ./ci_scripts/flake8_warnings.txt
## Make sure that we haven't increased the amount of warnings.
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=80
- if [ $(tail -n 1 ./ci_scripts/flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
- flake8 .
## Check import order
- python -m isort ./monkey --settings-file ./ci_scripts/isort.cfg
- python -m isort ./monkey --check-only
## Check that all python is properly formatted. Fail otherwise.
- python -m black --check .
## Check that there is no dead python code
- python -m vulture .
## Run unit tests and generate coverage data
- cd monkey # This is our source dir
@ -78,12 +71,18 @@ script:
- cd monkey_island/cc/ui
- npm ci # See https://docs.npmjs.com/cli/ci.html
- eslint ./src --quiet # Test for errors
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=7
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=0
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
# Build documentation
- cd $TRAVIS_BUILD_DIR/docs
- hugo --verbose --environment staging
- ../hugo --verbose --environment staging
# verify swimm
- cd $TRAVIS_BUILD_DIR
- curl -L https://github.com/swimmio/SwimmReleases/releases/download/v0.5.0-0/swimm-cli.js --output swimm_cli
- node swimm_cli --version
- node swimm_cli verify
after_success:
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information

71
CHANGELOG.md Normal file
View File

@ -0,0 +1,71 @@
# Changelog
All notable changes to this project will be documented in this
file.
The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/).
## [1.11.0] - 2021-08-13
### Added
- A runtime-configurable option to specify a data directory where runtime
configuration and other artifacts can be stored. #994
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
- `log_level` option to server config. #1151
- A ransomware simulation payload. #1238
- The capability for a user to specify their own SSL certificate. #1208
- API endpoint for ransomware report. #1297
- A ransomware report. #1240
- A script to build a docker image locally. #1140
### Changed
- Select server_config.json at runtime. #963
- Select Logger configuration at runtime. #971
- Select `mongo_key.bin` file location at runtime. #994
- Store Monkey agents in the configurable data_dir when monkey is "run from the
island". #997
- Reformat all code using black. #1070
- Sort all imports using isort. #1081
- Address all flake8 issues. #1071
- Use pipenv for python dependency management. #1091
- Move unit tests to a dedicated `tests/` directory to improve pytest collection
time. #1102
- Skip BB performance tests by default. Run them if `--run-performance-tests`
flag is specified.
- Write Zerologon exploiter's runtime artifacts to a secure temporary directory
instead of $HOME. #1143
- Put environment config options in `server_config.json` into a separate
section named "environment". #1161
- Automatically register if BlackBox tests are run on a fresh installation.
#1180
- Limit the ports used for scanning in blackbox tests. #1368
- Limit the propagation depth of most blackbox tests. #1400
- Wait less time for monkeys to die when running BlackBox tests. #1400
- Improve the structure of unit tests by scoping fixtures only to relevant
modules instead of having a one huge fixture file. #1178
- Improve and rename the directory structure of unit tests and unit test
infrastructure. #1178
- Launch MongoDB when the Island starts via python. #1148
- Create/check data directory on Island initialization. #1170
- Format some log messages to make them more readable. #1283
- Improve runtime of some unit tests. #1125
- Run curl OR wget (not both) when attempting to communicate as a new user on
Linux. #1407
### Removed
- Relevant dead code as reported by Vulture. #1149
- Island logger config and --logger-config CLI option. #1151
### Fixed
- Attempt to delete a directory when monkey config reset was called. #1054
- An errant space in the windows commands to run monkey manually. #1153
- Gevent tracebacks in console output. #859
- Crash and failure to run PBAs if max depth reached. #1374
### Security
- Address minor issues discovered by Dlint. #1075
- Hash passwords on server-side instead of client side. #1139
- Generate random passwords when creating a new user (create user PBA, ms08_67
exploit). #1174
- Implemented configuration encryption/decryption. #1189, #1204
- Create local custom PBA directory with secure permissions. #1270
- Create encryption key file for MongoDB with secure permissions. #1232

46
build_scripts/README.md Normal file
View File

@ -0,0 +1,46 @@
# Infection Monkey Linux Package Builder
## About
This directory contains the necessary artifacts for building an Infection
Monkey packages for Linux.
## AppImage
### Building an AppImage
1. Create a clean VM or LXC (not docker!) based on Ubuntu 18.04.
1. Copy the `build_scipts/` directory to `$HOME/` in the VM.
1. On the VM, `cd $HOME/build_scripts`
1. Run `sudo -v`.
1. Execute `./build_appimage.sh`. This will pull all necessary dependencies
and build the AppImage.
NOTE: This script is intended to be run from a clean VM. You can also manually
remove build artifacts by running `appimage/clean.sh`
### Running the AppImage
The build script will produce an AppImage executable named
`./dist/Infection_Monkey-x86_64.AppImage`. Simply execute this file and you're off to
the races.
A new directory, `$HOME/.monkey_island` will be created to store runtime
artifacts.
## Docker
### Building a Docker image
1. Create a clean Ubuntu 18.04 VM (not WSL).
1. Copy the `build_scipts/` directory to `$HOME/` in the VM.
1. On the VM, `cd $HOME/build_scripts`
1. Run `sudo -v`.
1. Execute `./build_docker.sh --package docker`. This will pull all necessary dependencies
and build the Docker image.
NOTE: This script is intended to be run from a clean VM. You can also manually
remove build artifacts by running `docker/clean.sh`
### Running the Docker Image
The build script will produce a `.tgz` file in `./dist/`. See
`docker/DOCKER_README.md` for instructions on running the docker image.

1
build_scripts/appimage/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.AppImage

29
build_scripts/appimage/AppRun Executable file
View File

@ -0,0 +1,29 @@
#! /bin/bash
# Export APPRUN if running from an extracted image
self="$(readlink -f -- $0)"
here="${self%/*}"
APPDIR="${APPDIR:-${here}}"
# Export TCl/Tk
export TCL_LIBRARY="${APPDIR}/usr/share/tcltk/tcl8.4"
export TK_LIBRARY="${APPDIR}/usr/share/tcltk/tk8.4"
export TKPATH="${TK_LIBRARY}"
# Export SSL certificate
export SSL_CERT_FILE="${APPDIR}/opt/_internal/certs.pem"
# Call the entry point
for opt in "$@"
do
[ "${opt:0:1}" != "-" ] && break
if [[ "${opt}" =~ "I" ]] || [[ "${opt}" =~ "E" ]]; then
# Environment variables are disabled ($PYTHONHOME). Let's run in a safe
# mode from the raw Python binary inside the AppImage
"$APPDIR/opt/python3.7/bin/python3.7" "$@"
exit "$?"
fi
done
(PYTHONHOME="${APPDIR}/opt/python3.7" exec "${APPDIR}/opt/python3.7/bin/python3.7" "${APPDIR}/usr/src/monkey_island.py" $@)
exit "$?"

132
build_scripts/appimage/appimage.sh Executable file
View File

@ -0,0 +1,132 @@
#!/bin/bash
LINUXDEPLOY_URL="https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage"
PYTHON_VERSION="3.7.11"
PYTHON_APPIMAGE_URL="https://github.com/niess/python-appimage/releases/download/python3.7/python${PYTHON_VERSION}-cp37-cp37m-manylinux1_x86_64.AppImage"
APPIMAGE_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
APPDIR="$APPIMAGE_DIR/squashfs-root"
BUILD_DIR="$APPDIR/usr/src"
ICON_PATH="$BUILD_DIR/monkey_island/cc/ui/src/images/monkey-icon.svg"
MONGO_PATH="$BUILD_DIR/monkey_island/bin/mongodb"
source "$APPIMAGE_DIR/../common.sh"
install_package_specific_build_prereqs() {
log_message "Installing linuxdeploy"
WORKSPACE_BIN_DIR="$1/bin"
LINUXDEPLOY_BIN="$WORKSPACE_BIN_DIR/linuxdeploy"
mkdir -p "$WORKSPACE_BIN_DIR"
curl -L -o "$LINUXDEPLOY_BIN" "$LINUXDEPLOY_URL"
chmod u+x "$LINUXDEPLOY_BIN"
PATH=$PATH:$WORKSPACE_BIN_DIR
}
setup_build_dir() {
local agent_binary_dir=$1
local monkey_repo=$2
pushd $APPIMAGE_DIR
setup_python_37_appdir
mkdir -p "$BUILD_DIR"
copy_monkey_island_to_build_dir "$monkey_repo/monkey" "$BUILD_DIR"
copy_server_config_to_build_dir
add_agent_binaries_to_build_dir "$agent_binary_dir" "$BUILD_DIR"
install_monkey_island_python_dependencies
install_mongodb
generate_ssl_cert "$BUILD_DIR"
build_frontend "$BUILD_DIR"
remove_python_appdir_artifacts
popd
}
setup_python_37_appdir() {
PYTHON_APPIMAGE="python${PYTHON_VERSION}_x86_64.AppImage"
log_message "downloading Python3.7 Appimage"
curl -L -o "$PYTHON_APPIMAGE" "$PYTHON_APPIMAGE_URL"
chmod u+x "$PYTHON_APPIMAGE"
"./$PYTHON_APPIMAGE" --appimage-extract
rm "$PYTHON_APPIMAGE"
}
copy_server_config_to_build_dir() {
cp "$APPIMAGE_DIR"/server_config.json.standard "$BUILD_DIR"/monkey_island/cc/server_config.json
}
install_monkey_island_python_dependencies() {
log_message "Installing island requirements"
log_message "Installing pipenv"
"$APPDIR"/AppRun -m pip install pipenv || handle_error
requirements_island="$BUILD_DIR/monkey_island/requirements.txt"
generate_requirements_from_pipenv_lock "$requirements_island"
log_message "Installing island python requirements"
"$APPDIR"/AppRun -m pip install -r "${requirements_island}" --ignore-installed || handle_error
}
generate_requirements_from_pipenv_lock () {
local requirements_island=$1
log_message "Generating a requirements.txt file with 'pipenv lock -r'"
pushd "$BUILD_DIR/monkey_island"
"$APPDIR"/AppRun -m pipenv --python "$APPDIR/AppRun" lock -r > "$requirements_island" || handle_error
popd
}
install_mongodb() {
log_message "Installing MongoDB"
mkdir -p "$MONGO_PATH"
"$BUILD_DIR/monkey_island/linux/install_mongo.sh" "${MONGO_PATH}" || handle_error
}
remove_python_appdir_artifacts() {
rm "$APPDIR"/python.png
rm "$APPDIR"/python*.desktop
rm "$APPDIR"/AppRun
}
build_package() {
local version=$1
local dist_dir=$2
log_message "Building AppImage"
pushd "$APPIMAGE_DIR"
ARCH="x86_64" linuxdeploy \
--appdir "$APPIMAGE_DIR/squashfs-root" \
--icon-file "$ICON_PATH" \
--desktop-file "$APPIMAGE_DIR/infection-monkey.desktop" \
--custom-apprun "$APPIMAGE_DIR/AppRun" \
--deploy-deps-only="$MONGO_PATH/bin/mongod"\
--output appimage
apply_version_to_appimage "$version"
move_package_to_dist_dir $dist_dir
popd
}
apply_version_to_appimage() {
log_message "Renaming Infection_Monkey-x86_64.AppImage -> Infection_Monkey-$1-x86_64.AppImage"
mv "Infection_Monkey-x86_64.AppImage" "Infection_Monkey-$1-x86_64.AppImage"
}
move_package_to_dist_dir() {
mv Infection_Monkey*.AppImage "$1/"
}

12
build_scripts/appimage/clean.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
# This is a utility script to clean up after a failed or successful AppImage build
# in order to speed up development and debugging.
APPIMAGE_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
rm -rf "$HOME/git/monkey"
rm -rf "$HOME/.monkey_island"
rm -rf "$APPIMAGE_DIR/squashfs-root"
rm "$APPIMAGE_DIR"/Infection_Monkey*x86_64.AppImage
rm "$APPIMAGE_DIR/../dist/Infection_Monkey*x86_64.AppImage"

8
build_scripts/appimage/infection-monkey.desktop Normal file
View File

@ -0,0 +1,8 @@
[Desktop Entry]
Type=Application
Name=Infection Monkey
Exec=bash
Comment=An automated breach and attack simulation platform
Icon=monkey-icon
Categories=Development;
Terminal=true

11
build_scripts/appimage/server_config.json.standard Normal file
View File

@ -0,0 +1,11 @@
{
"data_dir": "~/.monkey_island",
"log_level": "DEBUG",
"environment": {
"server_config": "password",
"deployment": "standard"
},
"mongodb": {
"start_mongodb": true
}
}

3
build_scripts/build_appimage.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
./build_package.sh --package appimage $@

3
build_scripts/build_docker.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
./build_package.sh --package docker $@

204
build_scripts/build_package.sh Executable file
View File

@ -0,0 +1,204 @@
WORKSPACE=${WORKSPACE:-$HOME}
DEFAULT_REPO_MONKEY_HOME=$WORKSPACE/git/monkey
MONKEY_ORIGIN_URL="https://github.com/guardicore/monkey.git"
NODE_SRC=https://deb.nodesource.com/setup_12.x
BUILD_SCRIPTS_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
DIST_DIR="$BUILD_SCRIPTS_DIR/dist"
log_message() {
echo -e "\n\n"
echo -e "MONKEY ISLAND BUILDER: $1"
}
exit_if_missing_argument() {
if [ -z "$2" ] || [ "${2:0:1}" == "-" ]; then
echo "Error: Argument for $1 is missing" >&2
exit 1
fi
}
echo_help() {
echo "usage: build_package.sh [--help] [--agent-binary-dir <PATH>] [--branch <BRANCH>]"
echo " [--monkey-repo <PATH>] [--version <MONKEY_VERSION>]"
echo ""
echo "Creates a package for Infection Monkey."
echo ""
echo "--agent-binary-dir A directory containing the agent binaries that"
echo " you'd like to include with the package. If this"
echo " parameter is unspecified, the latest release"
echo " binaries will be downloaded from GitHub."
echo ""
echo "--as-root Throw caution to the wind and allow this script"
echo " to be run as root."
echo ""
echo "--branch The git branch you'd like the package to be"
echo " built from. (Default: develop)"
echo ""
echo "--monkey-repo A directory containing the Infection Monkey git"
echo " repository. If the directory is empty or does"
echo " not exist, a new repo will be cloned from GitHub."
echo " If the directory is already a valid GitHub repo,"
echo " it will be used as-is and the --branch parameter"
echo " will have no effect."
echo " (Default: $DEFAULT_REPO_MONKEY_HOME)"
echo ""
echo "--version A version number for the package."
echo " (Default: dev)"
echo ""
echo "--package Which package to build (\"appimage\" or \"docker.\")"
exit 0
}
is_root() {
return "$(id -u)"
}
has_sudo() {
# 0 true, 1 false
sudo -nv > /dev/null 2>&1
return $?
}
handle_error() {
echo "Fix the errors above and rerun the script"
exit 1
}
install_nodejs() {
log_message "Installing nodejs"
curl -sL $NODE_SRC | sudo -E bash -
sudo apt-get install -y nodejs
}
install_common_build_prereqs() {
sudo apt-get update
sudo apt-get upgrade -y
# monkey island prereqs
sudo apt-get install -y curl libcurl4 openssl git build-essential moreutils
install_nodejs
}
is_valid_git_repo() {
pushd "$1" 2>/dev/null || return 1
git status >/dev/null 2>&1
success="$?"
popd || exit 1
return $success
}
clone_monkey_repo() {
local repo_dir=$1
local branch=$2
if [[ ! -d "$repo_dir" ]]; then
mkdir -p "$repo_dir"
fi
log_message "Cloning files from git"
git clone -c core.autocrlf=false --single-branch --recurse-submodules -b "$branch" "$MONKEY_ORIGIN_URL" "$repo_dir" 2>&1 || handle_error
}
install_build_prereqs() {
sudo apt-get update
sudo apt-get upgrade -y
# monkey island prereqs
sudo apt-get install -y curl libcurl4 openssl git build-essential moreutils
install_nodejs
}
agent_binary_dir=""
as_root=false
branch="develop"
monkey_repo="$DEFAULT_REPO_MONKEY_HOME"
monkey_version="dev"
package=""
while (( "$#" )); do
case "$1" in
--agent-binary-dir)
exit_if_missing_argument "$1" "$2"
agent_binary_dir=$2
shift 2
;;
--as-root)
as_root=true
shift
;;
--branch)
exit_if_missing_argument "$1" "$2"
branch=$2
shift 2
;;
-h|--help)
echo_help
;;
--monkey-repo)
exit_if_missing_argument "$1" "$2"
monkey_repo=$2
shift 2
;;
--version)
exit_if_missing_argument "$1" "$2"
monkey_version=$2
shift 2
;;
--package)
exit_if_missing_argument "$1" "$2"
package=$2
shift 2
;;
*)
echo "Error: Unsupported parameter $1" >&2
exit 1
;;
esac
done
if ! [[ $package =~ ^(appimage|docker)$ ]]; then
log_message "Invalid package: $package."
exit 1
fi
if ! $as_root && is_root; then
log_message "Please don't run this script as root"
exit 1
fi
if ! has_sudo; then
log_message "You need root permissions for some of this script operations. \
Run \`sudo -v\`, enter your password, and then re-run this script."
exit 1
fi
log_message "Building Monkey Island: $package"
source "./$package/$package.sh"
if ! is_valid_git_repo "$monkey_repo"; then
clone_monkey_repo "$monkey_repo" "$branch"
fi
if [ ! -d "$DIST_DIR" ]; then
mkdir "$DIST_DIR"
fi
install_build_prereqs
install_package_specific_build_prereqs "$WORKSPACE"
setup_build_dir "$agent_binary_dir" "$monkey_repo"
build_package "$monkey_version" "$DIST_DIR"
log_message "Finished building package: $package"
exit 0

88
build_scripts/common.sh Normal file
View File

@ -0,0 +1,88 @@
CONFIG_URL="https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/config"
copy_monkey_island_to_build_dir() {
local src=$1
local build_dir=$2
cp "$src"/__init__.py "$build_dir"
cp "$src"/monkey_island.py "$build_dir"
cp -r "$src"/common "$build_dir/"
rsync \
-ar \
--exclude=monkey_island/cc/ui/node_modules \
--exclude=monkey_island/cc/ui/.npm \
"$src"/monkey_island "$build_dir/"
}
add_agent_binaries_to_build_dir() {
local agent_binary_dir=$1
local island_binaries_path="$2/monkey_island/cc/binaries/"
if [ -z "$agent_binary_dir" ]; then
download_monkey_agent_binaries $island_binaries_path
else
copy_agent_binaries_to_build_dir "$agent_binary_dir" "$island_binaries_path"
fi
make_linux_binaries_executable "$island_binaries_path"
}
download_monkey_agent_binaries() {
local island_binaries_path=$1
log_message "Downloading monkey agent binaries to ${island_binaries_path}"
load_monkey_binary_config
mkdir -p "${island_binaries_path}" || handle_error
curl -L -o "${island_binaries_path}/${LINUX_32_BINARY_NAME}" "${LINUX_32_BINARY_URL}"
curl -L -o "${island_binaries_path}/${LINUX_64_BINARY_NAME}" "${LINUX_64_BINARY_URL}"
curl -L -o "${island_binaries_path}/${WINDOWS_32_BINARY_NAME}" "${WINDOWS_32_BINARY_URL}"
curl -L -o "${island_binaries_path}/${WINDOWS_64_BINARY_NAME}" "${WINDOWS_64_BINARY_URL}"
}
load_monkey_binary_config() {
tmpfile=$(mktemp)
log_message "Downloading prebuilt binary configuration"
curl -L -s -o "$tmpfile" "$CONFIG_URL"
log_message "Loading configuration"
source "$tmpfile"
}
copy_agent_binaries_to_build_dir() {
cp "$1"/* "$2/"
}
make_linux_binaries_executable() {
chmod a+x "$1"/monkey-linux-*
}
generate_ssl_cert() {
local island_path="$1/monkey_island"
log_message "Generating certificate"
chmod u+x "$island_path"/linux/create_certificate.sh
"$island_path"/linux/create_certificate.sh "$island_path"/cc
}
build_frontend() {
local ui_dir="$1/monkey_island/cc/ui"
pushd "$ui_dir" || handle_error
log_message "Generating front end"
npm ci
npm run dist
popd || handle_error
remove_node_modules "$ui_dir"
}
remove_node_modules() {
# Node has served its purpose. We don't need to deliver the node modules with
# the package.
rm -rf "$1/node_modules"
rm -rf "$1/.npm"
}

3
build_scripts/docker/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
dk.monkeyisland*.tar
infection_monkey_docker_*.tgz
tgz/

21
build_scripts/docker/DOCKER_README.md Normal file
View File

@ -0,0 +1,21 @@
# Infection Monkey
How to run Monkey Island from the docker file:
Note: Ports 5000 and 5001 must be available for the island to work.
## Setup
Run the following commands:
```sh
sudo docker load -i dk.monkeyisland.MONKEY_VER_PLACEHOLDER.tar
sudo docker pull mongo:4.2
sudo mkdir -p /var/monkey-mongo/data/db
sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo:4.2
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:MONKEY_VER_PLACEHOLDER
```
## Start Infecting
Open `https://<Server IP>:5000` using Google Chrome and follow the instructions. You can also visit [the Infection Monkey website](https://infectionmonkey.com) and read the in-depth Getting Started guides.

27
build_scripts/docker/Dockerfile Normal file
View File

@ -0,0 +1,27 @@
# Install python dependencies using the bitnami/python:3.7 image, which includes
# development dependencies.
FROM bitnami/python:3.7 as builder
COPY ./monkey /monkey
WORKDIR /monkey
RUN virtualenv .
RUN . bin/activate && \
cd monkey_island && \
pip install pipenv && \
pipenv sync
# Build the final application using the bitnami/python:3.7-prod image, which
# does not include development dependencies.
FROM bitnami/python:3.7-prod
RUN apt-get update && apt-get install -y iputils-ping && apt-get clean
COPY --from=builder /monkey /monkey
WORKDIR /monkey
EXPOSE 5000
EXPOSE 5001
RUN groupadd -r monkey-island && useradd --no-log-init -r -g monkey-island monkey-island
RUN chmod 444 /monkey/monkey_island/cc/server.key
RUN chmod 444 /monkey/monkey_island/cc/server.csr
RUN chmod 444 /monkey/monkey_island/cc/server.crt
RUN mkdir /monkey_island_data && chmod 700 /monkey_island_data && chown -R monkey-island:monkey-island /monkey_island_data
USER monkey-island
ENTRYPOINT ["/monkey/entrypoint.sh"]

14
build_scripts/docker/clean.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
# This is a utility script to clean up after a failed or successful Docker
# image build in order to speed up development and debugging
DOCKER_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
rm -rf "$HOME/git/monkey"
rm -rf "$DOCKER_DIR/monkey"
rm -rf "$DOCKER_DIR/tgz"
rm "$DOCKER_DIR"/dk.monkeyisland.*.tar
rm "$DOCKER_DIR"/infection_monkey_docker*.tgz
rm "$DOCKER_DIR"/../dist/infection_monkey_docker*.tgz

67
build_scripts/docker/docker.sh Executable file
View File

@ -0,0 +1,67 @@
DOCKER_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
OUTPUT_NAME_TGZ="$DOCKER_DIR/infection_monkey_docker_$(date +%Y%m%d_%H%M%S).tgz"
source "$DOCKER_DIR/../common.sh"
install_package_specific_build_prereqs() {
sudo apt-get install -y docker.io
}
setup_build_dir() {
local agent_binary_dir=$1
local monkey_repo=$2
local build_dir=$DOCKER_DIR/monkey
mkdir "$build_dir"
copy_entrypoint_to_build_dir "$build_dir"
copy_monkey_island_to_build_dir "$monkey_repo/monkey" "$build_dir"
copy_server_config_to_build_dir "$build_dir"
add_agent_binaries_to_build_dir "$agent_binary_dir" "$build_dir"
generate_ssl_cert "$build_dir"
build_frontend "$build_dir"
}
copy_entrypoint_to_build_dir() {
cp "$DOCKER_DIR"/entrypoint.sh "$1"
chmod 755 "$1/entrypoint.sh"
}
copy_server_config_to_build_dir() {
cp "$DOCKER_DIR"/server_config.json "$1"/monkey_island/cc
}
build_package() {
local version=$1
local dist_dir=$2
pushd ./docker
docker_image_name="guardicore/monkey-island:$version"
tar_name="$DOCKER_DIR/dk.monkeyisland.$version.tar"
build_docker_image_tar "$docker_image_name" "$tar_name"
build_docker_image_tgz "$tar_name" "$version"
move_package_to_dist_dir $dist_dir
popd
}
build_docker_image_tar() {
sudo docker build . -t "$1"
sudo docker save "$1" > "$2"
}
build_docker_image_tgz() {
mkdir tgz
mv "$1" ./tgz
cp ./DOCKER_README.md ./tgz/README.md
tar -C ./tgz -cvf "$OUTPUT_NAME_TGZ" --gzip .
}
move_package_to_dist_dir() {
mv $OUTPUT_NAME_TGZ "$1/"
}

6
build_scripts/docker/entrypoint.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
echo "$@"
source /monkey/bin/activate
python /monkey/monkey_island.py "$@"

11
build_scripts/docker/server_config.json Normal file
View File

@ -0,0 +1,11 @@
{
"data_dir": "/monkey_island_data",
"log_level": "DEBUG",
"environment": {
"server_config": "password",
"deployment": "docker"
},
"mongodb": {
"start_mongodb": false
}
}

2
ci_scripts/.gitignore vendored
View File

@ -1,2 +0,0 @@
./validation-env
./flake8_warnings.txt

8
ci_scripts/README.md
View File

@ -1,8 +0,0 @@
# About
Run this script to validate your code locally and auto fix/format the problems before pushing.
# Usage
You've got to manually download swimm for swimm validation.
run from `infection_monkey` directory: `powershell .\ci_scripts\validate.ps1`

15
ci_scripts/flake8_syntax_check.ini
View File

@ -1,15 +0,0 @@
[flake8]
## Check syntax errors and fail the build if any are found.
exclude =
../monkey/monkey_island/cc/ui,
../monkey/common/cloud
select =
E901,
E999,
F821,
F822,
F823
count = True
show-source = True
statistics = True

5
ci_scripts/install_requirements.ps1
View File

@ -1,5 +0,0 @@
python -m venv validation-env
.\validation-env\Scripts\activate.ps1
python -m pip install -r .\requirements.txt
npm i -g eslint
deactivate

6
ci_scripts/isort.cfg
View File

@ -1,6 +0,0 @@
[isort]
# Possible options: https://pycqa.github.io/isort/docs/configuration/options/
known_first_party=common,infection_monkey,monkey_island
skip=monkey/common/cloud/scoutsuite,monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/rule_path_creators_list.py,monkey/monkey_island/cc/ui,monkey/common/cloud/scoutsuite

6
ci_scripts/requirements.txt
View File

@ -1,6 +0,0 @@
flake8
pytest
dlint
isort
coverage
black

39
ci_scripts/validate.ps1
View File

@ -1,39 +0,0 @@
.\ci_scripts\validation-env\Scripts\activate.ps1
$ErrorActionPreference = "Stop"
python -m pip install -r monkey/monkey_island/requirements.txt
python -m pip install -r monkey/infection_monkey/requirements.txt
flake8 ./monkey --config ./ci_scripts/flake8_syntax_check.cfg
flake8 ./monkey --exit-zero --config ./ci_scripts/flake8_linter_check.cfg | Out-File -FilePath .\ci_scripts\flake8_warnings.txt
Get-Content -Path .\ci_scripts\flake8_warnings.txt
$PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT = 80
if ((Get-Item -Path .\ci_scripts\flake8_warnings.txt | Get-Content -Tail 1) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT){
"Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. "
exit
}
python -m isort ./monkey -c --settings-file ./ci_scripts/isort.cfg
if (!$?) {
$confirmation = Read-Host "Isort found errors. Do you want to attmpt to fix them automatically? (y/n)"
if ($confirmation -eq 'y') {
python -m isort ./monkey --settings-file ./ci_scripts/isort.cfg
}
}
Push-Location -Path ./monkey
python ./monkey_island/cc/environment/set_server_config.py testing
python -m pytest
$lastCommandSucceeded = $?
python ./monkey_island/cc/environment/set_server_config.py restore
Pop-Location
if (!$lastCommandSucceeded) {
exit
}
Push-Location -Path .\monkey\monkey_island\cc\ui
eslint ./src -c ./.eslintrc
Pop-Location
swimm verify
Write-Host "Script finished. Press any key to continue"
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
deactivate

3
codecov.yml
View File

@ -1,2 +1,5 @@
fixes:
- "::monkey/"
github_checks:
annotations: false

36
deployment_scripts/README.md
View File

@ -49,9 +49,9 @@ Then execute the resulting script with your shell.
After downloading that script, execute it in a shell. The first argument should be an absolute path of an empty directory (the script will create one if doesn't exist, default is ./infection_monkey). The second parameter is the branch you want to clone (develop by default). Some example usages:
- `./deploy_linux.sh` (deploys under ./infection_monkey)
- `./deploy_linux.sh "/home/test/monkey"` (deploys under /home/test/monkey)
- `./deploy_linux.sh /home/test/monkey` (deploys under /home/test/monkey)
- `./deploy_linux.sh "" "master"` (deploys master branch in script directory)
- `./deploy_linux.sh "/home/user/new" "master"` (if directory "new" is not found creates it and clones master branch into it)
- `./deploy_linux.sh /home/user/new "master"` (if directory "new" is not found creates it and clones master branch into it)
You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries.
@ -59,7 +59,35 @@ You may also pass in an optional third `false` parameter to disable downloading
After the `deploy_linux.sh` script completes, you can start the monkey island.
Note: You'll need to run the commands below in a new shell in order to ensure
your PATH environment variable is up to date.
```sh
cd infection_monkey/monkey
./monkey_island/linux/run.sh
cd infection_monkey/monkey/monkey_island
pipenv run python ../monkey_island.py
```
## Pre-commit hooks
Both the Linux and Windows deployment scrips will install and configure
[pre-commit](https://pre-commit.com/). Pre-commit is a multi-language package
manager for pre-commit hooks. It will run a set of checks when you attempt to
commit. If your commit does not pass all checks, it will be reformatted and/or
you'll be given a list of errors and warnings that need to be fixed before you
can commit.
Our CI system runs the same checks when pull requests are submitted. This
system may report that the build has failed if the pre-commit hooks have not
been run or all issues have not been resolved.
### Manually installing pre-commit
To install and configure pre-commit manually, run `pip install --user
pre-commit`. Next, go to the top level directory of this repository and run
`pre-commit install -t pre-commit -t pre-push` Now, pre-commit will automatically run whenever you `git commit`.
## Swimm
Infection Monkey has development tutorials that use [`swimm.io`](https://swimm.io/) to help teach new developers how to perform common code tasks in the Infection Monkey codebase and accelerate the ramp-up process. The tutorials include adding new configuration values, new system info collectors and more.
In order to pass the pre-commit checks, you'll have to [install Swimm successfully](https://www.guardicore.com/infectionmonkey/docs/development/swimm/). Both the Linux and Windows deployment scrips will install [Swimm](https://swimm.io/), but you'll have to sign up [here](https://swimm.io/sign-beta) to complete the process.

3
deployment_scripts/config
View File

@ -43,3 +43,6 @@ export TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/d
export SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner64.so"
export SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner32.so"
# Swimm
export SWIMM_URL=https://github.com/swimmio/SwimmReleases/releases/download/v0.4.4-0/Swimm_0.4.4-0_Setup.deb

1
deployment_scripts/config.ps1
View File

@ -46,3 +46,4 @@ $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
$SWIMM_URL="https://github.com/swimmio/SwimmReleases/releases/download/v0.4.4-0/Swimm-Setup-0.4.4-0.exe"

41
deployment_scripts/deploy_linux.sh
View File

@ -23,6 +23,13 @@ log_message() {
echo -e "DEPLOYMENT SCRIPT: $1"
}
configure_precommit() {
$1 -m pip install --user pre-commit
pushd "$2"
$HOME/.local/bin/pre-commit install -t pre-commit -t pre-push
popd
}
if is_root; then
log_message "Please don't run this script as root"
exit 1
@ -84,9 +91,9 @@ fi
log_message "Cloning files from git"
branch=${2:-"develop"}
log_message "Branch selected: ${branch}"
if [[ ! -d "$monkey_home/monkey" ]]; then # If not already cloned
git clone --single-branch --recurse-submodules -b "$branch" "${MONKEY_GIT_URL}" "${monkey_home}" 2>&1 || handle_error
chmod 774 -R "${monkey_home}"
fi
# Create folders
@ -110,7 +117,7 @@ if [[ ${python_cmd} == "" ]]; then
log_message "Python 3.7 command not found. Installing python 3.7."
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install -y python3.7 python3.7-dev
sudo apt-get install -y python3.7 python3.7-dev python3.7-venv
log_message "Python 3.7 is now available with command 'python3.7'."
python_cmd="python3.7"
fi
@ -132,14 +139,22 @@ fi
${python_cmd} get-pip.py
rm get-pip.py
log_message "Installing pipenv"
${python_cmd} -m pip install --user -U pipx
${python_cmd} -m pipx ensurepath
source ~/.profile
pipx install pipenv
log_message "Installing island requirements"
requirements_island="$ISLAND_PATH/requirements.txt"
${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error
pushd $ISLAND_PATH
pipenv install --dev
popd
log_message "Installing monkey requirements"
sudo apt-get install -y libffi-dev upx libssl-dev libc++1
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
pushd $INFECTION_MONKEY_DIR
pipenv install --dev
popd
agents=${3:-true}
# Download binaries
@ -223,7 +238,21 @@ else
curl -o ${MONKEY_BIN_DIR}/traceroute32 ${TRACEROUTE_32_BINARY_URL}
fi
# Download Swimm
log_message "Downloading swimm"
if exists wget; then
wget ${SWIMM_URL} -O $HOME/swimm
else
curl ${SWIMM_URL} -o $HOME/swimm
fi
log_message "Installing swimm"
sudo dpkg -i $HOME/swimm || (sudo apt-get update && sudo apt-get -f install)
rm $HOME/swimm
sudo chmod +x "${INFECTION_MONKEY_DIR}/build_linux.sh"
configure_precommit ${python_cmd} ${monkey_home}
log_message "Deployment script finished."
exit 0

57
deployment_scripts/deploy_windows.ps1
View File

@ -9,6 +9,35 @@ param(
[Bool]
$agents = $true
)
function Configure-precommit([String] $git_repo_dir)
{
Write-Output "Installing pre-commit and setting up pre-commit hook"
Push-Location $git_repo_dir
python -m pip install pre-commit
if ($LastExitCode) {
exit
}
pre-commit install -t pre-commit -t pre-push
if ($LastExitCode) {
exit
}
Pop-Location
# Set env variable to skip Swimm verification during pre-commit, Windows not supported yet
$skipValue = [System.Environment]::GetEnvironmentVariable('SKIP', [System.EnvironmentVariableTarget]::User)
if ($skipValue) { # if `SKIP` is not empty
if (-Not ($skipValue -split ',' -contains 'swimm-verify')) { # if `SKIP` doesn't already have "swimm-verify"
[System.Environment]::SetEnvironmentVariable('SKIP', $env:SKIP + ',swimm-verify', [System.EnvironmentVariableTarget]::User)
}
}
else {
[System.Environment]::SetEnvironmentVariable('SKIP', 'swimm-verify', [System.EnvironmentVariableTarget]::User)
}
Write-Output "Pre-commit successfully installed"
}
function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, [String] $branch = "develop")
{
Write-Output "Downloading to $monkey_home"
@ -109,15 +138,21 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
return
}
"Installing pipx"
pip install --user -U pipx
pipx ensurepath
pipx install pipenv
"Installing python packages for island"
$islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop
& python -m pip install --user -r $islandRequirements
Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) -ErrorAction Stop
pipenv install --dev
Pop-Location
"Installing python packages for monkey"
$monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements.txt"
& python -m pip install --user -r $monkeyRequirements
"Installing python packages for ScoutSuite"
$scoutsuiteRequirements = Join-Path -Path $monkey_home -ChildPath $SCOUTSUITE_DIR | Join-Path -ChildPath "\requirements.txt"
& python -m pip install --user -r $scoutsuiteRequirements
Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR) -ErrorAction Stop
pipenv install --dev
Pop-Location
Configure-precommit($monkey_home)
$user_python_dir = cmd.exe /c 'py -m site --user-site'
$user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts"
@ -141,7 +176,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
} | Select-Object -ExpandProperty Name
# Move all files from extracted folder to mongodb folder
New-Item -ItemType directory -Path (Join-Path -Path $binDir -ChildPath "mongodb")
New-Item -ItemType directory -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "db")
"Moving extracted files"
Move-Item -Path (Join-Path -Path $binDir -ChildPath $mongodb_folder | Join-Path -ChildPath "\bin\*") -Destination (Join-Path -Path $binDir -ChildPath "mongodb\")
"Removing zip file"
@ -244,6 +278,13 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
$webClient.DownloadFile($SAMBA_64_BINARY_URL, $samba64_path)
}
# Get Swimm
"Downloading Swimm..."
$swimm_filename = Join-Path -Path $HOME -ChildPath "swimm.exe"
$webClient.DownloadFile($SWIMM_URL, $swimm_filename)
Start-Process $swimm_filename
"Script finished"
}

1
docker/.dockerignore
View File

@ -1 +0,0 @@
*.md

24
docker/Dockerfile
View File

@ -1,24 +0,0 @@
FROM debian:stretch-slim
LABEL MAINTAINER="theonlydoo <theonlydoo@gmail.com>"
ARG RELEASE=1.8.0
ARG DEBIAN_FRONTEND=noninteractive
EXPOSE 5000
WORKDIR /app
ADD https://github.com/guardicore/monkey/releases/download/${RELEASE}/infection_monkey_deb.${RELEASE}.tgz .
RUN tar xvf infection_monkey_deb.${RELEASE}.tgz \
&& apt-get -yqq update \
&& apt-get -yqq upgrade \
&& apt-get -yqq install python-pip \
python-dev \
&& dpkg -i *.deb \
&& rm -f *.deb *.tgz
WORKDIR /var/monkey
ENTRYPOINT ["/var/monkey/monkey_island/bin/python/bin/python"]
CMD ["/var/monkey/monkey_island.py"]

11
docker/README.md
View File

@ -1,11 +0,0 @@
# Improvements needed
* Remove embedded mongodb from .deb, it forbids installation on a `debian:stretch` distro.
* Package monkey for system's python usage.
* Fix package number: (I installed the 1.5.2)
```
ii gc-monkey-island 1.0 amd64 Guardicore Infection Monkey Island installation package
```
* Use .deb dependencies for mongodb setup?
* Use docker-compose for stack construction.
* Remove the .sh script from the systemd unit file (`/var/monkey_island/ubuntu/systemd/start_server.sh`) which only does a `cd && localpython run`

22
docker/docker-compose.yml
View File

@ -1,22 +0,0 @@
version: '3.3'
services:
db:
image: mongo:4
restart: always
volumes:
- db_data:/data/db
environment:
MONGO_INITDB_DATABASE: monkeyisland
monkey:
depends_on:
- db
build: .
image: monkey:latest
ports:
- "5000:5000"
environment:
MONGO_URL: mongodb://db:27017/monkeyisland
volumes:
db_data:

2
docs/config/production/config.toml
View File

@ -1,2 +1,2 @@
baseURL = "https://www.guardicore.com/infectionmonkey/docs"
baseURL = "https://www.guardicore.com/infectionmonkey/docs/"
canonifyURLs = true

2
docs/config/staging/config.toml
View File

@ -1,2 +1,2 @@
baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
baseURL = "http://staging-infectionmonkey.temp312.kinsta.cloud/docs/"
canonifyURLs = true

198
docs/content/FAQ/_index.md
View File

@ -5,85 +5,123 @@ draft: false
pre: "<i class='fas fa-question'></i> "
---
Here are some of the most common questions we receive about the Infection Monkey. If the answer you're looking for isn't here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/join/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
Below are some of the most common questions we receive about the Infection Monkey. If the answer you're looking for isn't here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/join/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
- [Where can I get the latest Monkey version?](#where-can-i-get-the-latest-monkey-version)
- [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit)
- [How to reset the password?](#how-to-reset-the-password)
- [Should I run the Monkey continuously?](#should-i-run-the-monkey-continuously)
- [Which queries does Monkey perform to the Internet exactly?](#which-queries-does-monkey-perform-to-the-internet-exactly)
- [Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?](#where-can-i-find-the-log-files-of-the-monkey-and-the-monkey-island-and-how-can-i-read-them)
- [Monkey Island](#monkey-island)
- [Monkey agent](#monkey-agent)
- [Running the Monkey in a production environment](#running-the-monkey-in-a-production-environment)
- [How much of a footprint does the Monkey leave?](#how-much-of-a-footprint-does-the-monkey-leave)
- [What's the Monkey's impact on system resources usage?](#whats-the-monkeys-impact-on-system-resources-usage)
- [Is it safe to use real passwords and usernames in the Monkey's configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-monkeys-configuration)
- [Where can I get the latest version of the Infection Monkey?](#where-can-i-get-the-latest-version-of-the-infection-monkey)
- [How long does a single Infection Monkey agent run? Is there a time limit?](#how-long-does-a-single-infection-monkey-agent-run-is-there-a-time-limit)
- [Is the Infection Monkey a malware/virus?](#is-infection-monkey-a-malwarevirus)
- [Reset/enable the Monkey Island password](#resetenable-the-monkey-island-password)
- [Should I run the Infection Monkey continuously?](#should-i-run-the-infection-monkey-continuously)
- [Which queries does the Infection Monkey perform to the internet exactly?](#which-queries-does-the-infection-monkey-perform-to-the-internet-exactly)
- [Logging and how to find logs](#logging-and-how-to-find-logs)
- [Monkey Island server](#monkey-island-server)
- [Infection Monkey agent](#infection-monkey-agent)
- [How do I change the log level of the Monkey Island logger?](#how-do-i-change-the-log-level-of-the-monkey-island-logger)
- [Running the Infection Monkey in a production environment](#running-the-infection-monkey-in-a-production-environment)
- [How much of a footprint does the Infection Monkey leave?](#how-much-of-a-footprint-does-the-infection-monkey-leave)
- [What's the Infection Monkey's impact on system resources usage?](#whats-the-infection-monkeys-impact-on-system-resources-usage)
- [Is it safe to use real passwords and usernames in the Infection Monkey's configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-infection-monkeys-configuration)
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
- [How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-monkey-will-the-monkey-crash-my-systems-with-its-exploits)
- [After I've set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey)
- [How can I make the monkey propagate “deeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network)
- [The report returns a blank screen](#the-report-returns-a-blank-screen)
- [How stable are the exploitations used by the Infection Monkey? Will the Infection Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-infection-monkey-will-the-infection-monkey-crash-my-systems-with-its-exploits)
- [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent)
- [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network)
- [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen)
- [How can I get involved with the project?](#how-can-i-get-involved-with-the-project)
## Where can I get the latest Monkey version?
## Where can I get the latest version of the Infection Monkey?
For the latest **stable** release for users, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
For the latest **stable** release, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
If you want to see what has changed between versions, refer to the [releases page on GitHub](https://github.com/guardicore/monkey/releases). For the latest development version, visit the [develop version on GitHub](https://github.com/guardicore/monkey/tree/develop).
## How long does a single Monkey run for? Is there a time limit?
## How long does a single Infection Monkey agent run? Is there a time limit?
The Monkey shuts off either when it can't find new victims, or when it has exceeded the quota of victims as defined in the configuration.
The Infection Monkey agent shuts off either when it can't find new victims or it has exceeded the quota of victims as defined in the configuration.
## How to reset the password?
## Is the Infection Monkey a malware/virus?
On your first access of Monkey Island server, you'll be prompted to create an account. If you forgot the credentials you
entered or just want to change them, you need to manually alter the `server_config.json` file. On Linux, this file is
located on `/var/monkey/monkey_island/cc/server_config.json`. On windows, it's based on your install directory (typically
`C:\Program Files\Guardicore\Monkey Island\monkey_island\cc\server_config.json`). Reset the contents of this file
leaving the **deployment option unchanged** (it might be "vmware" or "linux" in your case):
The Infection Monkey is not malware, but it uses similar techniques to safely
simulate malware on your network.
Because of this, the Infection Monkey gets flagged as malware by some antivirus
solutions during installation. If this happens, [verify the integrity of the
downloaded installer](/usage/file-checksums) first. Then, create a new folder
and disable antivirus scan for that folder. Lastly, re-install the Infection
Monkey in the newly created folder.
## Reset/enable the Monkey Island password
When you first access the Monkey Island server, you'll be prompted to create an account.
To reset the credentials or enable/disable the authentication,
edit the `server_config.json` file manually
(located in the [data directory](/reference/data_directory)).
In order to reset the credentials, the following edits need to be made:
1. Delete the `user` field if one exists. It will look like this:
```json
{
"server_config": "password",
"deployment": "windows"
...
"user": "username",
...
}
```
Then reset the Island process (`sudo systemctl restart monkey-island.service` for linux, restart program for windows).
Finally, go to the Island's URL and create a new account.
1. Delete the `password_hash` field if one exists. It will look like this:
```json
{
...
"password_hash": "$2b$12$d050I/MsR5.F5E15Sm7EkunmmwMkUKaZE0P0tJXG.M9tF.Kmkd342",
...
}
```
1. Set `server_config` to `password`. It should look like this:
```json
{
...
"environment": {
...
"server_config": "password",
...
},
...
}
```
Then, reset the Monkey Island process.
On Linux, use `sudo systemctl restart monkey-island.service`.
On Windows, restart the program.
Finally, go to the Monkey Island's URL and create a new account.
## Should I run the Monkey continuously?
## Should I run the Infection Monkey continuously?
Yes! This will allow you to verify that no new security issues were identified by the Monkey since the last time you ran it.
Yes! This will allow you to verify that the Infection Monkey identified no new security issues since the last time you ran it.
Does the Infection Monkey require a connection to the Internet?
Does the Infection Monkey require a connection to the internet?
The Infection Monkey does not require internet access to function.
If internet access is available, the Monkey will use the Internet for two purposes:
If internet access is available, the Infection Monkey will use the internet for two purposes:
- To check for updates.
- To check if machines can reach the internet.
### Which queries does Monkey perform to the Internet exactly?
### Exactly what internet queries does the Infection Monkey perform?
The Monkey performs queries out to the Internet on two separate occasions:
1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `updates.infectionmonkey.com` and `www.google.com`. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
1. After installation of the Monkey Island, the Monkey Island sends a request to check for updates. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g. Windows Server, Debian Package, AWS Marketplace, etc.) and the server's version (e.g. "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However due to the anonymous nature of this data we use this to get an aggregate assumption as to how many deployments we see over a specific time period - no "personal" tracking.
1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `monkey.guardicore.com` and `www.google.com`, which can be changed. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
1. After installing the Monkey Island, it sends a request to check for updates on `updates.infectionmonkey.com`. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g., Windows Server, Debian Package, AWS Marketplace) and the server's version (e.g., "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However, due to this data's anonymous nature, we use this to get an aggregate assumption of how many deployments we see over a specific time period - it's not used for "personal" tracking.
## Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?
## Logging and how to find logs
### Monkey Island
### Monkey Island server logs
The Monkey Island's log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal logfile”, like so:
You can download the Monkey Island's log file directly from the UI. Click the "log" section and choose **Download Monkey Island internal logfile**, like so:
![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
It can also be found as a local file on the Monkey Island server, where the Monkey Island was executed, called `info.log`.
It can also be found as a local file on the Monkey Island server system in the specified
[data directory](/reference/data_directory).
The log enables you to see which requests were requested from the server, and extra logs from the backend logic. The log will contain entries like these ones for example:
The log enables you to see which requests were requested from the server and extra logs from the backend logic. The log will contain entries like these:
```log
2019-07-23 10:52:23,927 - wsgi.py:374 - _log() - INFO - 200 GET /api/local-monkey (10.15.1.75) 17.54ms
@ -91,14 +129,14 @@ The log enables you to see which requests were requested from the server, and ex
2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting
```
### Monkey agent
### Infection Monkey agent logs
The Monkey log file can be found in the following paths on machines where it was executed:
The Infection Monkey agent log file can be found in the following paths on machines where it was executed:
- Path on Linux: `/tmp/user-1563`
- Path on Windows: `%temp%\\~df1563.tmp`
The logs contain information about the internals of the Monkey's execution. The log will contain entries like these ones for example:
The logs contain information about the internals of the Infection Monkey agent's execution. The log will contain entries like these:
```log
2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
@ -114,67 +152,87 @@ The logs contain information about the internals of the Monkey's execution. The
2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
```
## Running the Monkey in a production environment
### How do I change the log level of the Monkey Island logger?
### How much of a footprint does the Monkey leave?
The log level of the Monkey Island logger is set in the `log_level` field
in the `server_config.json` file (located in the [data directory](/reference/data_directory)).
Make sure to leave everything else in `server_config.json` unchanged:
The Monkey leaves hardly any trace on the target system. It will leave:
```json
{
...
"log_level": "DEBUG",
...
}
```
Logging levels correspond to [the logging level constants in python](https://docs.python.org/3.7/library/logging.html#logging-levels).
To apply the changes, reset the Monkey Island process.
On Linux, use `sudo systemctl restart monkey-island.service`.
On Windows, restart the program.
## Running the Infection Monkey in a production environment
### How much of a footprint does the Infection Monkey leave?
The Infection Monkey leaves hardly any trace on the target system. It will leave:
- Log files in the following locations:
- Path on Linux: `/tmp/user-1563`
- Path on Windows: `%temp%\\~df1563.tmp`
### What's the Monkey's impact on system resources usage?
### What's the Infection Monkey's impact on system resources usage?
The Infection Monkey uses less than single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
The Infection Monkey uses less than a single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Infection Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or via [opening an issue on GitHub](https://github.com/guardicore/monkey).
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or [open an issue on GitHub](https://github.com/guardicore/monkey).
### Is it safe to use real passwords and usernames in the Monkey's configuration?
### Is it safe to use real passwords and usernames in the Infection Monkey's configuration?
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island.
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is accessible only to users that have access to the specific Monkey Island.
We advise to limit access to the Monkey Island server by following our [password protection guide](../usage/island/password-guide).
We advise users to limit access to the Monkey Island server by following our [password protection guide]({{< ref "/setup/accounts-and-security" >}}).
### How do you store sensitive information on Monkey Island?
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island's database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines.
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island's database in an encrypted fashion. This data is transmitted to the Infection Monkey agents in an encrypted fashion (HTTPS) and is not stored locally on victim machines.
When you reset the Monkey Island configuration, the Monkey Island wipes the information.
### How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?
### How stable are the exploits used by the Infection Monkey? Will the Infection Monkey crash my systems with its exploits?
The Monkey does not use any exploits or attacks that may impact the victim system.
The Infection Monkey does not use any exploits or attacks that may impact the victim system.
This means we avoid using some very strong (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we aren't using it.
This means we avoid using some powerful (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact, but, because it may crash a production system, we aren't using it.
## After I've set up Monkey Island, how can I execute the Monkey?
## After I've set up Monkey Island, how can I execute the Infection Monkey agent?
See our detailed [getting started](../content/usage/getting-started) guide.
See our detailed [getting started]({{< ref "/usage/getting-started" >}}) guide.
## How can I make the monkey propagate “deeper” into the network?
## How can I make the Infection Monkey agent propagate “deeper” into the network?
If you wish to simulate a very “deep” attack into your network, you can try to increase the *propagation depth* parameter in the configuration. This parameter tells the Monkey how far to propagate into your network from the “patient zero” machine in which it was launched manually.
If you wish to simulate a very “deep” attack into your network, you can increase the *propagation depth* parameter in the configuration. This parameter tells the Infection Monkey how far to propagate into your network from the “patient zero” machine.
To do this, change the “Distance from Island” parameter in the “Basic - Network” tab of the configuration:
To do this, change the *Distance from Island* parameter in the “Basic - Network” tab of the configuration:
![How to increase propagation depth](/images/faq/prop_depth.png "How to increase propagation depth")
## The report returns a blank screen
## What if the report returns a blank screen?
This is sometimes caused when Monkey Island is installed with an old version of MongoDB. Make sure your MongoDB version is up to date using the `mongod --version` command on Linux or the `mongod -version` command on Windows. If your version is older than **4.0.10**, this might be the problem. To update your Mongo version:
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/).
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of mongodb using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Island again and everything should work.
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/).
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work.
## How can I get involved with the project?
The Monkey is an open-source project, and we weclome contributions and contributors. Check out the [contribution documentation](../development) for more information.
Infection Monkey is an open-source project, and we welcome contributions and contributors. Check out the [contribution documentation]({{< ref "/development" >}}) for more information.
## About the project 🐵
### How did you come up with the Infection Monkey?
Oddly enough, the idea of proactively breaking the network to test its survival wasn't born in the security industry. In 2011, the streaming giant Netflix released Chaos Monkey, a tool that was designed to randomly disable the company's production servers to verify they could survive network failures without any customer impact. Netflix's Chaos Monkey became a popular network resilience tool, breaking the network in a variety of failure modes, including connectivity issues, invalid SSL certificates and randomly deleting VMs.
Oddly enough, the idea of proactively breaking a network to test its survival wasn't born in the security industry. In 2011, the streaming giant Netflix released Chaos Monkey, a tool designed to randomly disable the company's production servers to verify that they could survive network failures without any customer impact. Netflix's Chaos Monkey became a popular network resilience tool, breaking the network in a variety of failure modes, including connectivity issues, invalid SSL certificates and randomly deleting VMs.
Inspired by this concept, Guardicore Labs developed its own attack simulator - Infection Monkey - to run non-intrusively within existing production environments. The idea was to test the resiliency of modern data centers against attack and give security teams the insights they need to make informed decisions and enforce tighter security policies. Since its launch in 2017 (?) the Infection Monkey has been used by hundreds of information technology teams from across the world to find weaknesses in their on-premises and cloud-based data centers.
Inspired by this concept, Guardicore Labs developed its own attack simulator - the Infection Monkey - to run non-intrusively within existing production environments. The idea was to test the resiliency of modern data centers against attacks and give security teams the insights they need to make informed decisions and enforce tighter security policies. Since its launch in 2017, the Infection Monkey has been used by hundreds of information technology teams from across the world to find weaknesses in their on-premises and cloud-based data centers.

29
docs/content/_index.md
View File

@ -10,20 +10,37 @@ draft: false
## What is Guardicore Infection Monkey?
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island Command and Control server.
The Infection Monkey is an open-source breach and attack simulation tool for testing a data center's resiliency to perimeter breaches and internal server infection.
Infection Monkey will help you validate existing security solutions and will provide a view of the internal network from an attacker's perspective.
Infection Monkey is free and can be downloaded from [our homepage](https://infectionmonkey.com/).
![Infection Monkey Documentation Hub Logo](/images/monkey-teacher.svg?height=400px "Infection Monkey Documentation Hub Logo")
The Infection Monkey is comprised of two parts:
## How it works
* Monkey - A tool which infects other machines and propagates to them.
* Monkey Island - A dedicated UI to visualize the Infection Monkey's progress inside the data center.
Architecturally, Infection Monkey is comprised of two components:
To read more about the Monkey and download it, visit [our homepage](https://infectionmonkey.com/).
* Monkey Agent (Monkey for short) - a safe, worm-like binary program which scans, propagates and simulates attack techniques on the **local network**.
* Monkey Island Server (Island for short) - a C&C web server which provides a GUI for users and interacts with the Monkey Agents.
The user can run the Monkey Agent on the Island server machine or distribute Monkey Agent binaries on the network manually. Based on
the configuration parameters, Monkey Agents scan, propagate and simulate an attacker's behavior on the local network. All of the
information gathered about the network is aggregated in the Island Server and displayed once all Monkey Agents are finished.
## Results
The results of running Monkey Agents are:
- A map which displays how much of the network an attacker can see, what services are accessible and potential propagation routes.
- A security report, which displays security issues that Monkey Agents discovered and/or exploited.
- A MITRE ATT&CK report, which displays the information about the ATT&CK techniques that Monkey Agents tried to use.
- A Zero Trust report, which displays violations of Zero Trust principles that Monkey Agents found.
A more in-depth description of reports generated can be found in the [reports documentation page]({{< ref "/reports" >}}).
## Getting Started
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides](setup), and read our [getting started guide](usage/getting-started) for a quick-start on Monkey!
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides]({{< ref "/setup" >}}), and read our [getting started guide]({{< ref "/usage/getting-started" >}}) for a quick-start on Monkey!
## Support and community

4
docs/content/development/_index.md
View File

@ -15,7 +15,7 @@ Want to help secure networks? That's great!
Here are a few short links to help you get started:
* [Getting up and running](./setup-development-environment) - These instructions will help you get a working development setup.
* [Getting up and running]({{< ref "/development/setup-development-environment" >}}) - These instructions will help you get a working development setup.
* [Contributing guidelines](https://github.com/guardicore/monkey/blob/master/CONTRIBUTING.md) - These guidelines will help you submit.
## What are we looking for?
@ -24,7 +24,7 @@ You can take a look at [our roadmap](https://github.com/guardicore/monkey/projec
### More exploits! 💥
The best way to find weak spots in a network is by attacking it. The [exploit template](https://github.com/guardicore/monkey/wiki/Exploit-templates) page will help you add exploits.
The best way to find weak spots in a network is by attacking it. The [*Adding Exploits*](./adding-exploits/) page will help you add exploits.
It's important to note that the Infection Monkey must be absolutely reliable. Otherwise, no one will use it, so avoid memory corruption exploits unless they're rock solid and focus on the logical vulns such as Shellshock.

105
docs/content/development/adding-exploits.md
View File

@ -1,7 +1,110 @@
---
title: "Adding Exploits"
date: 2020-06-08T19:53:00+03:00
draft: true
draft: false
tags: ["contribute"]
weight: 50
---
## What does this guide cover?
This guide will show you how to add a new _Exploit_ to the Infection Monkey.
An exploit is a sequence of commands that takes advantage of a security vulnerability to gain unauthorized access to a system on your network. If successful, an Infection Monkey agent is released on the exploited system. The result of an attempted exploit is sent back to the Monkey Island as part of the telemetry.
### Do I need a new Exploit?
If all you want to do is execute a shell command, configure the required commands in the Monkey Island's post-breach action (PBA) configuration section or [add a new PBA](../adding-post-breach-actions/). If you would like the Infection Monkey agent to collect specific information, [add a new System Info Collector](../adding-system-info-collectors/).
However, if you have your eye on an interesting CVE that you would like the Infection Monkey to support, you must add a new exploit. Keep reading to learn how to add a new exploit.
## How to add a new Exploit
### Modify the Infection Monkey Agent
The Infection Monkey exploiters are all built in a similar way. Each exploiter class inherits from the [`HostExploiter`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/HostExploiter.py) class, which exposes two interface functions:
* `is_os_supported` - Returns a boolean value denoting whether the victim machine is supported by the exploiter (for example, returns `False` on Windows victim machines for the `SSHExploiter`). This can be used to thoroughly inspect a potential victim machine and decide whether to attempt the exploit on that particular machine (for example, by checking for open services matching specific versions).
* `exploit_host` - Exploits the host and returns a boolean value indicating whether or not the exploit was successful.
#### Adding a new exploiter
In the [Infection Monkey's exploit directory](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit), add the **exploit's logic** by defining a new class that inherits from [`HostExploiter`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/HostExploiter.py). If your new exploit is a web RCE (remote code execution) exploit, inherit from [`WebRCE`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/web_rce.py).
```py
from infection_monkey.exploit.HostExploiter import HostExploiter
class MyNewExploiter(HostExploiter):
...
```
A good example of an exploiter class is the [`SSHExploiter`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/sshexec.py). The [Drupal exploiter is a recently added web RCE exploit](https://github.com/guardicore/monkey/pull/808) that is a good reference as well.
### Modify the Monkey Island
#### Configuration
1. Add your **exploiter's description** to the [configuration schema](https://github.com/guardicore/monkey/blob/develop/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py).
```py
...
{
"type": "string",
"enum": ["SmbExploiter"],
"title": "SMB Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1075", "T1035"],
"info": "Brute forces using credentials provided by user and hashes gathered by mimikatz.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/smbexec/",
},
{
"type": "string", <=================================
"enum": ["MyNewExploiter"], <=================================
"title": "My New Exploiter", <=================================
"safe": True, <=================================
"attack_techniques": [], <=================================
"info": "Information about your new exploiter.", <=================================
"link": "Link to the documentation page explaining your new exploiter.", <=================================
},
...
```
2. Update the default **list of exploiters** in the [configuration schema](https://github.com/guardicore/monkey/blob/develop/monkey/monkey_island/cc/services/config_schema/basic.py) by adding your new exploiter's class name.
```py
...
"exploiter_classes": {
"title": "Exploiters",
"type": "array",
"uniqueItems": True,
"items": {"$ref": "#/definitions/exploiter_classes"},
"default": [
"SmbExploiter",
...
"DrupalExploiter",
"MyNewExploiter", <=================================
],
}
...
```
#### Reporting
1. In the [report generation pipeline](https://github.com/guardicore/monkey/blob/develop/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py), define how your **exploiter's data** should be processed and displayed in the report. Use the default `ExploitProcessor` or create a custom exploit processor if needed.
```py
class ExploiterDescriptorEnum(Enum):
SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
...
ZEROLOGON = ExploiterDescriptor("ZerologonExploiter", "Zerologon Exploiter", ZerologonExploitProcessor)
MYNEWEXPLOITER = ExploitDescriptor("MyNewExploiter", "My New Eexploiter", ExploitProcessor) <=================================
```
2. Describe how the Monkey Island should **display your exploiter's results** by defining the UI contents in the [security report](https://github.com/guardicore/monkey/blob/develop/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js).
### Documentation
**Update the documentation** to explain what your exploiter does in the [documentation framework](https://github.com/guardicore/monkey/blob/develop/docs/content/reference/exploiters/).

4
docs/content/development/adding-post-breach-actions.md
View File

@ -16,7 +16,7 @@ If all you want to do is execute shell commands, then there's no need to add a n
## How to add a new PBA
### From the Infection Monkey Side
### Modify the Infection Monkey Agent
#### Framework
@ -43,7 +43,7 @@ If your PBA consists only of simple shell commands, you can reuse the generic PB
Otherwise, you'll need to override the `run` method with your own implementation. See the `communicate_as_new_user.py` PBA for reference. Make sure to send the relevant PostBreachTelem upon success/failure. You can log during the PBA as well.
### From the Monkey Island Side
### Modify the Monkey Island
#### Configuration

4
docs/content/development/adding-system-info-collectors.md
View File

@ -16,7 +16,7 @@ If all you want to do is execute a shell command, then there's no need to add a
## How to add a new System Info Collector
### From the Monkey Island Side
### Modify the Infection Monkey Agent
#### Framework
@ -41,7 +41,7 @@ class MyNewCollector(SystemInfoCollector):
Override the `collect` method with your own implementation. See the `EnvironmentCollector.py` System Info Collector for reference. You can log during collection as well.
### From the Monkey Island Side
### Modify the Monkey Island
#### Configuration

2
docs/content/development/contribute-documentation.md
View File

@ -68,6 +68,8 @@ These are the build output of `hugo` and should never be `commit`-ed to git.
You'll have to [install `hugo`](https://gohugo.io/getting-started/installing/), a text editor that's good for markdown (`vscode` and `vim` are good options) and `git`.
Note: Installing `hugo` via `apt` is not recommended because Hugo is usually few [versions behind](https://github.com/wowchemy/wowchemy-hugo-modules/issues/703) the latest for Debian and Ubuntu package managers. Refer to latest [releases](https://github.com/gohugoio/hugo/releases) of Hugo.
### Adding and editing content
#### Add a new page

16
docs/content/development/setup-development-environment.md
View File

@ -10,7 +10,7 @@ tags: ["contribute"]
To set up a development environment using scripts, look at the readme under [`/deployment_scripts`](https://github.com/guardicore/monkey/blob/develop/deployment_scripts). If you want to set it up manually or run into problems, keep reading.
## Agent
## The Infection Monkey Agent
The agent (which we sometimes refer to as the Infection Monkey) is a single Python project under the [`infection_monkey`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey) folder. The Infection Monkey agent was built for Python 3.7. You can get it up and running by setting up a [virtual environment](https://docs.python-guide.org/dev/virtualenvs/) and installing the requirements listed in the [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/requirements.txt) inside it.
@ -23,3 +23,17 @@ This means setting up an environment with Linux 32/64-bit with Python installed
The Monkey Island is a Python backend React frontend project. Similar to the agent, the backend's requirements are listed in the matching [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/requirements.txt).
To setup a working front environment, run the instructions listed in the [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/readme.txt)
## Pre-commit
Pre-commit is a multi-language package manager for pre-commit hooks. It will run a set of checks when you attempt to commit. If your commit does not pass all checks, it will be reformatted and/or you'll be given a list of errors and warnings that need to be fixed before you can commit.
Our CI system runs the same checks when pull requests are submitted. This system may report that the build has failed if the pre-commit hooks have not been run or all issues have not been resolved.
To install and configure pre-commit, run `pip install --user pre-commit`. Next, go to the top level directory of this repository and run `pre-commit install -t pre-commit -t pre-push`. Pre-commit will now run automatically whenever you `git commit`.
## Swimm
Infection Monkey has development tutorials that use [`swimm.io`](https://swimm.io/) to help teach new developers how to perform common code tasks in the Infection Monkey codebase and accelerate the ramp-up process. The tutorials include adding new configuration values, new system info collectors and more.
In order to pass the pre-commit checks, you'll have to [install Swimm successfully](https://www.guardicore.com/infectionmonkey/docs/development/swimm/). Both the Linux and Windows deployment scrips will install [Swimm](https://swimm.io/), but you'll have to sign up [here](https://swimm.io/sign-beta) to complete the process.

2
docs/content/reference/_index.md
View File

@ -9,6 +9,6 @@ tags = ["reference"]
# Reference
Find detailed information about Infection Monkey.
Find detailed information about the Infection Monkey.
{{% children %}}

18
docs/content/reference/data_directory.md Normal file
View File

@ -0,0 +1,18 @@
---
title: "Data directory"
date: 2021-05-18T08:49:59+03:00
draft: false
pre: '<i class="fas fa-folder"></i> '
weight: 9
---
## What is the data directory?
The data directory is where the Island server stores runtime artifacts.
These include the Island logs, any custom post-breach action files,
configuration files, etc.
## Where is it located?
On Linux, the default path is `$HOME/.monkey_island`.
On Windows, the default path is `%AppData%\monkey_island`.

2
docs/content/reference/exploiters/Drupal.md
View File

@ -18,7 +18,7 @@ This can lead to arbitrary PHP code execution in some cases.
### Affected Versions
* Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10.
* Drupal 8.5.x (before 8.5.11) and Drupal 8.6.x (before 8.6.10).
One of the following conditions must hold:
* The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH

7
docs/content/reference/exploiters/ElasticGroovy.md
View File

@ -4,9 +4,10 @@ date: 2020-07-14T08:41:40+03:00
draft: false
tags: ["exploit", "windows", "linux"]
---
### Description
CVE-2015-1427.
CVE-2015-1427
> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x (before 1.4.3) allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
Logic is based on [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).
The logic is based on the [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).

4
docs/content/reference/exploiters/Hadoop.md
View File

@ -5,4 +5,6 @@ draft: false
tags: ["exploit", "linux", "windows"]
---
Remote code execution on HADOOP server with YARN and default settings. Logic based on [this vulhub module](https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn).
### Description
This exploit consists of remote code execution on HADOOP servers with YARN and default settings. The logic is based on [this vulhub module](https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn).

6
docs/content/reference/exploiters/MS08-067.md
View File

@ -5,6 +5,10 @@ draft: false
tags: ["exploit", "windows"]
---
### Description
[MS08-067](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) is a remote code execution vulnerability.
This exploiter is unsafe. If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If the crash in Svchost.exe occurs, the Server service will be affected. That might cause system crash due to the use of buffer overflow. It's therefore **not** enabled by default.
This exploiter is unsafe. It's therefore **not** enabled by default.
If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If a crash in Svchost.exe occurs, the server service will be affected. This may cause a system crash due to the use of buffer overflow.

4
docs/content/reference/exploiters/MsSQL.md
View File

@ -5,4 +5,6 @@ draft: false
tags: ["exploit", "windows"]
---
The Monkey will try to brute force into MsSQL server and uses insecure configuration to execute commands on server.
### Description
For this exploit, the Infection Monkey will try to brute force into a MsSQL server and use an insecure configuration to execute commands on the server.

3
docs/content/reference/exploiters/SMBExec.md
View File

@ -4,5 +4,6 @@ date: 2020-07-14T08:42:16+03:00
draft: false
tags: ["exploit", "windows"]
---
### Description
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by Mimikatz.
This exploit brute forces machines using credentials provided by the user (see [configuration]({{< ref "/usage/configuration" >}}) for instructions) and hashes gathered from infected systems by Mimikatz.

3
docs/content/reference/exploiters/SSHExec.md
View File

@ -4,5 +4,6 @@ date: 2020-07-14T08:42:21+03:00
draft: false
tags: ["exploit", "linux"]
---
### Description
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration))and SSH keys gathered from systems.
This exploit brute forces machines using credentials provided by the user (see ["configuration"]({{< ref "/usage/configuration" >}}) for instructions) and SSH keys gathered from infected systems.

3
docs/content/reference/exploiters/Sambacry.md
View File

@ -4,5 +4,6 @@ date: 2020-07-14T08:42:02+03:00
draft: false
tags: ["exploit", "linux"]
---
### Description
Bruteforces and searches for anonymous shares. Partially based on [the following implementation](https://github.com/CoreSecurity/impacket/blob/master/examples/sambaPipe.py) by CORE Security Technologies' impacket.
This exploit brute forces machines and searches for anonymous shares. It is partially based on [the following implementation](https://github.com/CoreSecurity/impacket/blob/master/examples/sambaPipe.py) by CORE Security Technologies' impacket.

3
docs/content/reference/exploiters/Struts2.md
View File

@ -4,5 +4,6 @@ date: 2020-07-14T08:42:30+03:00
draft: false
tags: ["exploit", "linux", "windows"]
---
### Description
Exploits struts2 java web framework. CVE-2017-5638. Logic based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).
This exploit, CVE-2017-5638, utilizes the Struts 2 Java web framework. The logic is based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).

3
docs/content/reference/exploiters/VSFTPD.md
View File

@ -4,5 +4,6 @@ date: 2020-07-14T08:42:39+03:00
draft: false
tags: ["exploit", "linux"]
---
### Description
Exploits a malicious backdoor that was added to the VSFTPD download archive. Logic based on [this MetaSploit module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb).
This exploits a malicious backdoor that was added to the VSFTPD download archive. The logic is based on [this MetaSploit module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb).

3
docs/content/reference/exploiters/WMIExec.md
View File

@ -4,5 +4,6 @@ date: 2020-07-14T08:43:12+03:00
draft: false
tags: ["exploit", "windows"]
---
### Description
Brute forces WMI (Windows Management Instrumentation) using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by mimikatz.
This exploit brute forces WMI (Windows Management Instrumentation) using credentials provided by the user (see ["configuration"]({{< ref "/usage/configuration" >}}) for instructions) and hashes gathered by mimikatz.

3
docs/content/reference/exploiters/WebLogic.md
View File

@ -4,5 +4,6 @@ date: 2020-07-14T08:42:46+03:00
draft: false
tags: ["exploit", "linux", "windows"]
---
### Description
Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on a vulnerable WebLogic server.
This exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on a vulnerable WebLogic server.

4
docs/content/reference/exploiters/_index.md
View File

@ -9,8 +9,8 @@ tags = ["reference", "exploit"]
# Exploiters
Infection Monkey uses various RCE exploiters. Most of these, in our knowledge, pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and vulnerabilities used by them.
The Infection Monkey uses various remote code execution (RCE) exploiters. To our best knowledge, most of these pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and the vulnerabilities they use.
{{% children %}}
You can check out the Exploiters' implementation yourself [in the Monkey's GitHub repository](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit).
You can check out the exploiters' implementation yourself [in the Infection Monkey's GitHub repository](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit).

5
docs/content/reference/exploiters/shellshock.md
View File

@ -4,7 +4,8 @@ date: 2020-07-14T08:41:32+03:00
draft: false
tags: ["exploit", "linux"]
---
### Description
CVE-2014-6271, based on [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
This exploit, CVE-2014-6271, is based on the [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
> GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock."
> In GNU Bash (through 4.3), processes trailing strings after function definitions in the values of environment variables allow remote attackers to execute arbitrary code via a crafted environment. This is demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients and other situations in which setting the environment occurs across a privilege boundary from Bash execution, AKA "ShellShock."

9
docs/content/reference/mitre_techniques.md
View File

@ -7,15 +7,12 @@ weight: 10
---
{{% notice info %}}
Check out [the documentation for the MITRE ATT&CK report as well](../../usage/reports/mitre).
Check out [the documentation for the MITRE ATT&CK report as well]({{< ref "/reports/mitre" >}}).
{{% /notice %}}
The Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base and based on this,
provides a report detailing the techniques it used and recommended mitigations.
The idea is to help you simulate an APT attack on your network and mitigate real attack paths intelligently.
The Infection Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base and, based on this, provides a report detailing the techniques it used along with any recommended mitigations. This helps you simulate an advanced persistent threat (APT) attack on your network and mitigate real attack paths intelligently.
In the following table we provide the list of all the ATT&CK techniques the Monkey provides info about,
categorized by tactic. You can follow any of the links to learn more about a specific technique or tactic.
In the following table, we list all the MITRE ATT&CK techniques the Infection Monkey provides info about, categorized by the tactic. You can follow any of the links below to learn more about a specific technique or tactic.
| TACTIC | TECHNIQUES |

20
docs/content/reference/operating_systems_support.md
View File

@ -7,15 +7,15 @@ weight: 10
tags: ["setup", "reference", "windows", "linux"]
---
The Infection Monkey project supports many popular OSes (but we can always do more).
The Infection Monkey project supports many popular OSes (but we are always interested in supporting more).
The Monkey itself (the agent) has been tested to run on the following operating systems (on x64 architecture)
The Infection Monkey agent has been tested to run on the following operating systems (on the x86_64 architecture):
### Monkey support
### Agent support
#### Linux
Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributions are supported:
Compatibility depends on GLIBC version (2.14+)[^1]. By default, these distributions are supported:
- Centos 7+
- Debian 7+
@ -30,9 +30,9 @@ Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributio
- Windows 2012+
- Windows 2012_R2+
- Windows 7/Server 2008_R2 if [KB2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) is installed.
- Windows vista/Server 2008 should also work if the same update is installed, but this wasn't tested.
- Windows Vista/Server 2008 should also work if the same update is installed, but this wasn't tested.
### Island support
### Server support
**The Monkey Island (control server)** runs out of the box on:
@ -42,13 +42,13 @@ Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributio
- Windows Server 2012 R2
- Windows Server 2016
We provide a dockerfile from our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
We also provide a Dockerfile on our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
### Old machine bootloader
Some **Older machines** still get a partial compatibility as in they get exploited and reported, but monkey can't run on them. So instead of monkey, old machine bootloader (small c program) is ran, which reports some minor info like network interface configuration, GLIBC version, OS and so on.
Some **older machines** still have partial compatibility and will be exploited and reported, but the Infection Monkey agent can't run on them. In these cases, old machine bootloader (a small C program) will be run, which reports some minor info like network interface configuration, GLIBC version, OS, etc.
**Old machine bootloader** also has a GLIBC 2.14+ requirement for linux, because bootloader is included into pyinstaller bootloader which uses python3.7, which in turn requires GLIBC 2.14+. If you think partial support for older machines is important, don't hesitate to open a new issue about it.
**Old machine bootloader** also has a GLIBC 2.14+ requirement for Linux because the bootloader is included in the Pyinstaller bootloader, which uses Python 3.7 that in turn requires GLIBC 2.14+. If you think partial support for older machines is important, don't hesitate to open a new issue about it.
**Old machine bootloader** runs on machines with:
@ -61,4 +61,4 @@ Some **Older machines** still get a partial compatibility as in they get exploit
- Ubuntu 14+
- **Windows XP/Server 2003+**
[^1]: GLIBC >= 2.14 requirement comes from the fact that monkey is built using this GLIBC version and GLIBC is not backwards compatible. We are also limited to the oldest GLIBC version compatible with ptyhon3.7
[^1]: The GLIBC >= 2.14 requirement exists because the Infection Monkey was built using this GLIBC version, and GLIBC is not backward compatible. We are also limited to the oldest GLIBC version compatible with Python 3.7.

30
docs/content/reference/scanners/_index.md
View File

@ -7,38 +7,38 @@ pre: '<i class="fas fa-network-wired"></i> '
tags: ["reference"]
---
The Infection Monkey agent has two steps before attempting to exploit a victim, scanning and fingerprinting, it's possible to customize both steps in the configuration files.
The Infection Monkey agent takes two steps before attempting to exploit a victim, scanning and fingerprinting. It's possible to customize both steps in the configuration files.
## Scanning
Currently there are two scanners, [`PingScanner`][ping-scanner] and [`TcpScanner`][tcp-scanner] both inheriting from [`HostScanner`][host-scanner].
Currently there are two scanners, [`PingScanner`][ping-scanner] and [`TcpScanner`][tcp-scanner], both inheriting from [`HostScanner`][host-scanner].
The sole interface required is the `is_host_alive` interface, which needs to return True/False.
[`TcpScanner`][tcp-scanner] is the default scanner and it checks for open ports based on the `tcp_target_ports` configuration setting.
[`TcpScanner`][tcp-scanner] is the default scanner. It checks for open ports based on the `tcp_target_ports` configuration setting.
[`PingScanner`][ping-scanner] sends a ping message using the host OS utility `ping`.
[`PingScanner`][ping-scanner] sends a ping message using the host OS utility `ping.`
## Fingerprinting
Fingerprinters are modules that collect server information from a specific victim. They inherit from the [`HostFinger`][host-finger] class and are listed under `finger_classes` configuration option.
Fingerprinters are modules that collect server information from a specific victim. They inherit from the [`HostFinger`][host-finger] class and are listed under the `finger_classes` configuration option.
Currently implemented Fingerprint modules are:
The currently implemented Fingerprint modules are:
1. [`SMBFinger`][smb-finger] - Fingerprints target machines over SMB. Extracts computer name and OS version.
2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22). Extracts the computer version and SSH banner.
3. [`PingScanner`][ping-scanner] - Fingerprints using the machines TTL, to differentiate between Linux and Windows hosts.
4. [`HTTPFinger`][http-finger] - Fingerprints over HTTP/HTTPS, using the ports listed in `HTTP_PORTS` in the configuration. Returns the server type and if it supports SSL.
5. [`MySQLFinger`][mysql-finger] - Fingerprints over MySQL (port 3306). Extracts MySQL banner info - Version, Major/Minor/Build and capabilities.
6. [`ElasticFinger`][elastic-finger] - Fingerprints over ElasticSearch (port 9200). Extracts the cluster name, node name and node version.
1. [`SMBFinger`][smb-finger] - Fingerprints target machines over SMB and extracts the computer name and OS version.
2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22) and extracts the computer version and SSH banner.
3. [`PingScanner`][ping-scanner] - Fingerprints target machine's TTL to differentiate between Linux and Windows hosts.
4. [`HTTPFinger`][http-finger] - Detects HTTP/HTTPS services, using the ports listed in `HTTP_PORTS` in the configuration, will return the server type and if it supports SSL.
5. [`MySQLFinger`][mysql-finger] - Fingerprints MySQL (port 3306) and will extract MySQL banner info - version, major/minor/build and capabilities.
6. [`ElasticFinger`][elastic-finger] - Fingerprints ElasticSearch (port 9200) will extract the cluster name, node name and node version.
## Adding a scanner/fingerprinter
To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and should be imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
To be used by default, two files need to be changed - [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) and [`infection_monkey/example.conf`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/example.conf) to add references to the new class.
To use the new scanner/fingerprinter by default, two files need to be changed - [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) and [`infection_monkey/example.conf`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/example.conf) to add references to the new class.
At this point, the Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
At this point, the Infection Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
[elastic-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/elasticfinger.py
[http-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/httpfinger.py

3
docs/content/reports/mitre.md
View File

@ -2,11 +2,12 @@
title: "MITRE ATT&CK report"
description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base"
date: 2020-06-24T21:17:18+03:00
weight: 3
draft: false
---
{{% notice info %}}
Check out [the documentation for other reports available in the Infection Monkey](../) and [the documentation for supported ATT&CK techniques](../../../reference/mitre_techniques).
Check out [the documentation for other reports available in the Infection Monkey]({{< ref "/reports" >}}) and [the documentation for supported ATT&CK techniques]({{< ref "/reference/mitre_techniques" >}}).
{{% /notice %}}
The Infection Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base. After simulating an advanced persistent threat (APT) attack, it generates a report summarizing the success of the techniques utilized along with recommended mitigation steps, helping you identify and mitigate attack paths in your environment.

49
docs/content/reports/ransomware.md Normal file
View File

@ -0,0 +1,49 @@
---
title: "Ransomware report"
date: 2021-08-05T13:23:10+03:00
weight: 4
draft: false
description: "Provides information about ransomware simulation on your network"
---
{{% notice info %}}
Check out [the Infection Monkey's ransomware simulation documentation]({{< ref
"/usage/scenarios/ransomware-simulation" >}}) and [the documentation for other
available reports]({{< ref "/reports" >}}).
{{% /notice %}}
The Infection Monkey can be configured to [simulate a ransomware
attack](/usage/scenarios/ransomware-simulation) on your network. After running,
it generates a **Ransomware Report** that provides you with insight into how
ransomware might behave within your environment.
The report is split into three sections:
- [Breach](#breach)
- [Lateral Movement](#lateral-movement)
- [Attack](#attack)
## Breach
The breach section shows when and where the ransomware infection began.
![Breach](/images/usage/reports/ransomware_report_1_breach.png "Breach")
## Lateral movement
The lateral movement section provides information about how the simulated
ransomware was able to propagate through your network.
![Lateral
Movement](/images/usage/reports/ransomware_report_2_lateral_movement.png
"Lateral Movement")
## Attack
The attack section shows the details of what the simulated ransomware
successfully encrypted, including a list of specific files.
![Attack](/images/usage/reports/ransomware_report_3_attack.png "Attack")

3
docs/content/reports/security.md
View File

@ -1,12 +1,13 @@
---
title: "Security report"
date: 2020-06-24T21:16:10+03:00
weight: 1
draft: false
description: "Provides actionable recommendations and insight into an attacker's view of your network"
---
{{% notice info %}}
Check out [the documentation for other reports available in the Infection Monkey](../).
Check out [the documentation for other reports available in the Infection Monkey]({{< ref "/reports" >}}).
{{% /notice %}}
The Infection Monkey's **Security Report** provides you with actionable recommendations and insight into an attacker's view of your network. You can download a PDF of an example report here:

1
docs/content/reports/zero-trust.md
View File

@ -1,6 +1,7 @@
---
title: "Zero Trust report"
date: 2020-06-24T21:16:18+03:00
weight: 2
draft: false
description: "Generates a status report with detailed explanations of Zero Trust security gaps and prescriptive instructions on how to rectify them"
---

2
docs/content/setup/_index.md
View File

@ -15,7 +15,7 @@ Once you've downloaded an installer, follow the relevant guide for your environm
{{% children %}}
After setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!
After setting the Monkey up, check out our [Getting Started](/usage/getting-started) guide!
{{% notice tip %}}
You can find information about [operating system compatibility and support here](../reference/operating_systems_support).

13
docs/content/setup/accounts-and-security.md
View File

@ -15,15 +15,4 @@ If you want an island to be accessible without credentials, press *I want anyone
## Resetting your account credentials
To reset your credentials, edit `monkey_island\cc\server_config.json` by deleting the `user` and `password_hash` variables.
When you restart the Monkey Island server, you will again be prompted with the registration form.
Example `server_config.json` for account reset:
```json
{
"server_config": "password",
"deployment": "develop"
}
```
This procedure is documented in [the FAQ]({{< ref "/faq/#how-do-i-reset-the-monkey-island-password" >}}).

89
docs/content/setup/debian.md
View File

@ -1,89 +0,0 @@
---
title: "Debian"
date: 2020-05-26T20:57:19+03:00
draft: false
pre: '<i class="fab fa-linux"></i> '
weight: 1
disableToc: false
tags: ["setup", "debian", "linux"]
---
## Supported Distros
This Debian package has been tested on Ubuntu Bionic 18.04 LTS and Ubuntu Focal 20.04 LTS.
## Deployment
1. Update your package list by running:
```sh
sudo apt update
```
1. If you are using Ubuntu Focal 20.04, run the following commands to install
Python 3.7:
```sh
sudo apt install software-properties-common
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt install python3.7 python3.7-dev
```
1. Extract the tarball by running:
```sh
tar -xvzf monkey-island-debian.tgz
```
1. Install the Monkey Island Debian package:
```sh
sudo dpkg -i monkey_island.deb # this might print errors
```
1. If, at this point, you receive dpkg errors that look like this:
```sh
dpkg: error processing package gc-monkey-island (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
gc-monkey-island
```
It just means that not all dependencies were pre-installed on your system.
That's no problem! Just run the following command, which will install all
dependencies, and then install the Monkey Island:
```sh
sudo apt install -f
```
## Troubleshooting
### Trying to install on Ubuntu <16.04
If you're trying to install the Monkey Island on Ubuntu 16.04 or older, you
need to install the dependencies yourself, since Python 3.7 is only installable
from the `deadsnakes` PPA. To install the Monkey Island on Ubuntu 16.04, follow
these steps:
```sh
sudo apt update
sudo apt-get install libcurl4-openssl-dev
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install python3.7-dev python3.7-venv python3-venv build-essential
sudo dpkg -i monkey_island.deb # this might print errors
sudo apt install -f
```
### The Monkey Island interface isn't accessible after installation
To check the status of the Monkey Island after the installation, run the following command: `sudo service monkey-island status`.
## Upgrading
Currently, there's no "upgrade-in-place" option when a new version is released.
To get the updated version, download the new `.deb` file and install it. You
should see a message like `Unpacking monkey-island (1.8.2) over (1.8.0)`. After
which, the installation should complete successfully.
If you'd like to keep your existing configuration, you can export it to a file
using the *Export config* button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

152
docs/content/setup/docker.md
View File

@ -7,20 +7,128 @@ weight: 4
tags: ["setup", "docker", "linux", "windows"]
---
## Supported operating systems
The Infection Monkey Docker container works on Linux only. It is not compatible with Docker for Windows or Docker for Mac.
## Deployment
To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
### 1. Load the docker images
1. Pull the MongoDB v4.2 Docker image:
Once you've extracted the container from the tar.gz file, run the following commands:
```sh
sudo docker load -i dk.monkeyisland.1.10.0.tar
```bash
sudo docker pull mongo:4.2
sudo mkdir -p /var/monkey-mongo/data/db
sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo:4.2
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.10.0
```
1. Extract the Monkey Island Docker tarball:
```bash
tar -xvzf monkey-island-docker.tar.gz
```
1. Load the Monkey Island Docker image:
```bash
sudo docker load -i dk.monkeyisland.VERSION.tar
```
### 2. Start MongoDB
1. Start a MongoDB Docker container:
```bash
sudo docker run \
--name monkey-mongo \
--network=host \
--volume db:/data/db \
--detach \
mongo:4.2
```
### 3a. Start Monkey Island with default certificate
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
enterprise or other security-sensitive environments, it is recommended that the
user [provide Infection Monkey with a
certificate](#3b-start-monkey-island-with-user-provided-certificate) that has
been signed by a private certificate authority.
1. Run the Monkey Island server
```bash
sudo docker run \
--name monkey-island \
--network=host \
guardicore/monkey-island:VERSION
```
### 3b. Start Monkey Island with user-provided certificate
1. Create a directory named `monkey_island_data`. This will serve as the
location where Infection Monkey stores its configuration and runtime
artifacts.
```bash
mkdir ./monkey_island_data
chmod 700 ./monkey_island_data
```
1. Run Monkey Island with the `--setup-only` flag to populate the `./monkey_island_data` directory with a default `server_config.json` file.
```bash
sudo docker run \
--rm \
--name monkey-island \
--network=host \
--user "$(id -u ${USER}):$(id -g ${USER})" \
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
guardicore/monkey-island:VERSION --setup-only
```
1. Move your `.crt` and `.key` files to `./monkey_island_data`.
1. Make sure that your `.crt` and `.key` files are readable and writeable only by you.
```bash
chmod 600 ./monkey_island_data/<KEY_FILE>
chmod 600 ./monkey_island_data/<CRT_FILE>
```
1. Edit `./monkey_island_data/server_config.json` to configure Monkey Island
to use your certificate. Your config should look something like this:
```json {linenos=inline,hl_lines=["11-14"]}
{
"data_dir": "/monkey_island_data",
"log_level": "DEBUG",
"environment": {
"server_config": "password",
"deployment": "docker"
},
"mongodb": {
"start_mongodb": false
},
"ssl_certificate": {
"ssl_certificate_file": "/monkey_island_data/<CRT_FILE>",
"ssl_certificate_key_file": "/monkey_island_data/<KEY_FILE>"
}
}
```
1. Start the Monkey Island server:
```bash
sudo docker run \
--name monkey-island \
--network=host \
--user "$(id -u ${USER}):$(id -g ${USER})" \
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
guardicore/monkey-island:VERSION
```
### 4. Accessing Monkey Island
After the Monkey Island docker container starts, you can access Monkey Island by pointing your browser at `https://localhost:5000`.
## Upgrading
Currently, there's no "upgrade-in-place" option when a new version is released.
@ -31,3 +139,31 @@ If you'd like to keep your existing configuration, you can export it to a file
using the *Export config* button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
## Troubleshooting
### The Monkey Island container crashes due to a 'UnicodeDecodeError'
You will encounter a `UnicodeDecodeError` if the `monkey-island` container is
using a different secret key to encrypt sensitive data than was initially used
to store data in the `monkey-mongo` container.
```
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte
```
Starting a new container from the `guardicore/monkey-island:VERSION` image
generates a new secret key for storing sensitive information in MongoDB. If you
have an old database instance running (from a previous instance of Infection
Monkey), the data stored in the `monkey-mongo` container has been encrypted
with a key that is different from the one that Monkey Island is currently
using. When MongoDB attempts to decrypt its data with the new key, decryption
fails and you get this error.
You can fix this in one of three ways:
1. Instead of starting a new container for the Monkey Island, you can run `docker container start -a monkey-island` to restart the existing container, which will contain the correct key material.
1. Kill and remove the existing MongoDB container, and start a new one. This will remove the old database entirely. Then, start the new Monkey Island container.
1. When you start the Monkey Island container, use `--volume
monkey_island_data:/monkey_island_data`. This will store all of Monkey
Island's runtime artifacts (including the encryption key file) in a docker
volume that can be reused by subsequent Monkey Island containers.

103
docs/content/setup/linux.md Normal file
View File

@ -0,0 +1,103 @@
---
title: "Linux"
date: 2020-05-26T20:57:28+03:00
draft: false
pre: '<i class="fab fa-linux"></i> '
weight: 4
tags: ["setup", "AppImage", "linux"]
---
## Supported operating systems
An [AppImage](https://appimage.org/) is a distribution-agnostic, self-running
package that contains an application and everything that it may need to run.
The Infection Monkey AppImage package should run on most modern Linux distros that have FUSE
installed, but the ones that we've tested are:
- BlackArch 2020.12.01
- Kali 2021.2
- Parrot 4.11
- Rocky 8
- openSUSE Leap 15.3
- Ubuntu Bionic 18.04
- Ubuntu Focal 20.04
- Ubuntu Hirsute 21.04
## Deployment
1. Make the AppImage package executable:
```bash
chmod u+x Infection_Monkey_v1.11.0.AppImage
```
1. Start Monkey Island by running the Infection Monkey AppImage package:
```bash
./Infection_Monkey_v1.11.0.AppImage
```
1. Access the Monkey Island web UI by pointing your browser at
`https://localhost:5000`.
### Start Monkey Island with user-provided certificate
By default, Infection Monkey comes with a [self-signed SSL
certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
enterprise or other security-sensitive environments, it is recommended that the
user provide Infection Monkey with a certificate that has been signed by a
private certificate authority.
1. Run the Infection Monkey AppImage package with the `--setup-only` flag to
populate the `$HOME/.monkey_island` directory with a default
`server_config.json` file.
```bash
./Infection_Monkey_v1.11.0.AppImage --setup-only
```
1. (Optional but recommended) Move your `.crt` and `.key` files to
`$HOME/.monkey_island`.
1. Make sure that your `.crt` and `.key` files are readable only by you.
```bash
chmod 600 <PATH_TO_KEY_FILE>
chmod 600 <PATH_TO_CRT_FILE>
```
1. Edit `$HOME/.monkey_island/server_config.json` to configure Monkey Island
to use your certificate. Your config should look something like this:
```json {linenos=inline,hl_lines=["11-14"]}
{
"data_dir": "~/.monkey_island",
"log_level": "DEBUG",
"environment": {
"server_config": "password",
"deployment": "linux"
},
"mongodb": {
"start_mongodb": true
},
"ssl_certificate": {
"ssl_certificate_file": "<PATH_TO_CRT_FILE>",
"ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
}
}
```
1. Start Monkey Island by running the Infection Monkey AppImage package:
```bash
./Infection_Monkey_v1.11.0.AppImage
```
1. Access the Monkey Island web UI by pointing your browser at
`https://localhost:5000`.
## Upgrading
Currently, there's no "upgrade-in-place" option when a new version is released.
To get an updated version, download the updated AppImage package and follow the deployment
instructions again.
If you'd like to keep your existing configuration, you can export it to a file
using the *Export config* button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

75
docs/content/setup/vmware.md
View File

@ -1,75 +0,0 @@
---
title: "VMware"
date: 2020-05-26T20:57:14+03:00
draft: false
pre: '<i class="fas fa-laptop-code"></i> '
weight: 3
tags: ["setup", "vmware"]
---
## Deployment
1. Deploy the Infection Monkey OVA by choosing **Deploy OVF Template** and
following the wizard instructions. *Note: make sure ports 5000 and 5001 on
the machine are accessible for inbound TCP traffic.*
1. Turn on the Infection Monkey VM.
1. Log in to the machine with the following credentials:
1. Username: **monkeyuser**
1. Password: **Noon.Earth.Always**
1. For security purposes, it's recommended that you change the machine
passwords by running the following commands: `sudo passwd monkeyuser`, `sudo
passwd root`.
## OVA network modes
You can use the OVA in one of two modes:
1. In a network with the DHCP configured — In this case, the Monkey Island will
automatically query and receive an IP address from the network.
1. With a static IP address — In this case, you should log in to the VM console
with the username `monkeyuser` and the password `Noon.Earth.Always`. After logging
in, edit the Netplan configuration by entering the following command in the
prompt:
```sh
sudo nano /etc/netplan/00-installer-config.yaml
```
Make the following changes:
```diff
# This is the network config written by 'subiquity'
network:
ethernets:
ens160:
- dhcp4: true
+ dhcp4: false
+ addresses: [XXX.XXX.XXX.XXX/24]
+ gateway4: YYY.YYY.YYY.YYY
+ nameservers:
+ addresses: [1.1.1.1]
version: 2
```
Replace `XXX.XXX.XXX.XXX` with the desired IP addess of the VM. Replace
`YYY.YYY.YYY.YYY` with the default gateway.
Save the changes then run the command:
```sh
sudo netplan apply
```
If this configuration does not suit your needs, see
https://netplan.io/examples/ for more information about how to configure
Netplan.
## Upgrading
Currently, there's no "upgrade-in-place" option when a new version is released.
To get an updated version, download the updated OVA file.
If you'd like to keep your existing configuration, you can export it to a file
using the *Export config* button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

44
docs/content/setup/windows.md
View File

@ -9,6 +9,10 @@ tags: ["setup", "windows"]
## Deployment
{{% notice tip %}}
Don't get scared if the Infection Monkey gets [flagged as malware during the installation](/faq/#is-infection-monkey-a-malwarevirus).
{{% /notice %}}
After running the installer, the following prompt should appear on the screen:
![Windows installer screenshot](../../images/setup/windows/installer-screenshot-1.png "Windows installer screenshot")
@ -16,8 +20,48 @@ After running the installer, the following prompt should appear on the screen:
1. Follow the steps to complete the installation.
1. Run the Monkey Island by clicking on the desktop shortcut.
### Start Monkey Island with user-provided certificate
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
enterprise or other security-sensitive environments, it is recommended that the
user provide Infection Monkey with a certificate that has been signed by a
private certificate authority.
1. If you haven't already, run the Monkey Island by clicking on the desktop
shortcut. This will populate MongoDB, as well as create and populate
`%AppData%\monkey_island`.
1. Stop the Monkey Island process.
1. (Optional but recommended) Move your `.crt` and `.key` files to `%AppData%\monkey_island`.
1. Edit `%AppData%\monkey_island\server_config.json` to configure Monkey Island
to use your certificate. Your config should look something like this:
```json {linenos=inline,hl_lines=["11-14"]}
{
"log_level": "DEBUG",
"environment": {
"server_config": "password",
"deployment": "windows"
},
"mongodb": {
"start_mongodb": true
},
"ssl_certificate": {
"ssl_certificate_file": "<PATH_TO_CRT_FILE>",
"ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
}
}
```
1. Run the Monkey Island by clicking on the desktop shortcut.
## Troubleshooting
### Support
Only **English** system locale is supported. If your command prompt gives output in a different
language, the Infection Monkey is not guaranteed to work.
For supported Windows versions, take a look at the [OS support page](../../reference/operating_systems_support).
### Missing Windows update
The installer requires [Windows update #2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows).

19
docs/content/usage/file-checksums.md
View File

@ -35,6 +35,19 @@ $ sha256sum monkey-linux-64
## Latest version checksums
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.11.0 | `12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a` |
| monkey-windows-32.exe | Windows Agent | 1.11.0 | `e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849` |
| monkey-linux-64 | Linux Agent | 1.11.0 | `fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462` |
| monkey-linux-32 | Linux Agent | 1.11.0 | `88d6d717f99047ae6f8ff9527b41ff004217c99b1b027f112d062dd9e66d11ab` |
| Infection_Monkey-1.11.0-x86_64.AppImage | Linux Package | 1.11.0 | `6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2` |
| infection_monkey_docker_20210811_211212.tgz | Docker | 1.11.0 | `40f203387cadd153f97c6a21dfdddacd4d4eeea334a9300d862bfb4ba528e2e6` |
| Monkey Island v1.11.0_3789.exe | Windows Installer | 1.11.0 | `20633c1993ea5f86b57b3a48d6875e8f72881f856f4713d747f07a559da05ccc` |
## Older checksums
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` |
@ -49,12 +62,6 @@ $ sha256sum monkey-linux-64
| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
## Older checksums
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |

29
docs/content/usage/scenarios/_index.md Normal file
View File

@ -0,0 +1,29 @@
+++
title = "Scenarios"
date = 2020-08-12T12:52:59+03:00
weight = 3
chapter = true
pre = "<i class='fas fa-map-marked-alt'></i> "
+++
# Scenarios
This section describes the different attack scenarios that the Infection Monkey can simulate.
{{% notice note %}}
Don't worry! The Infection Monkey uses safe exploiters and does not cause any permanent system modifications that could impact security or operations.
{{% /notice %}}
The Infection Monkey has pre-built scenarios to simulate common types of attacks that take place. These scenarios, when selected, manipulate the configuration to only show you what you need to see for that scenario. This makes it possible for you to quickly run the Monkey on your network in order to accomplish a specific objective.
Choosing the "Custom" scenario will allow you to fine-tune your simulation and access all available features. [Read more about configuring a custom simulation.](/custom-scenario/_index.md)
![Choose scenario](/images/usage/scenarios/choose-scenario.png "Choose a scenario")
To exit a scenario and select another one, click on "Start Over".
![Start over](/images/usage/scenarios/start-over.png "Start over")
## Section contents
{{% children description=True style="p"%}}

18
docs/content/usage/scenarios/custom-scenario/_index.md Normal file
View File

@ -0,0 +1,18 @@
---
title: " Custom"
date: 2021-07-28T14:36:02+05:30
description: "Configure a custom scenario to test your network's defenses."
weight: 100
pre: "<i class='fas fa-edit'></i>"
chapter: true
---
# Custom
The Infection Monkey is a versatile breach and attack simulation tool. Choosing the "Custom" scenario will allow you to access all of its capabilities and configure the simulation exactly according to your needs. You can enhance, optimize, and fine-tune the Monkey's behavior.
![Custom scenario](/images/usage/scenarios/custom-scenario.png "Custom scenario")
Below are some examples with instructions on how to configure them.
{{% children description=True style="p"%}}

0
docs/content/usage/use-cases/attack.md → docs/content/usage/scenarios/custom-scenario/attack.md
View File

0
docs/content/usage/use-cases/credential-leak.md → docs/content/usage/scenarios/custom-scenario/credential-leak.md
View File

0
docs/content/usage/use-cases/network-breach.md → docs/content/usage/scenarios/custom-scenario/network-breach.md
View File

0
docs/content/usage/use-cases/network-segmentation.md → docs/content/usage/scenarios/custom-scenario/network-segmentation.md
View File

0
docs/content/usage/use-cases/other.md → docs/content/usage/scenarios/custom-scenario/other.md
View File

3
docs/content/usage/use-cases/zero-trust.md → docs/content/usage/scenarios/custom-scenario/zero-trust.md
View File

@ -11,7 +11,7 @@ weight: 1
Want to assess your progress in achieving a Zero Trust network? The Infection Monkey can automatically evaluate your readiness across the different
[Zero Trust Extended Framework](https://www.forrester.com/report/The+Zero+Trust+eXtended+ZTX+Ecosystem/-/E-RES137210) principles.
You can additionally scan your cloud infrastructure's compliance to ZeroTrust principles using [ScoutSuite integration.](/usage/integrations/scoutsuite)
You can additionally scan your cloud infrastructure's compliance to ZeroTrust principles using [ScoutSuite integration.]({{< ref "/usage/integrations/scoutsuite" >}})
## Configuration
@ -31,4 +31,3 @@ Run the Infection Monkey on as many machines as you can. You can easily achieve
## Assessing results
You can see your results in the Zero Trust report section. “The Summary” section will give you an idea about which Zero Trust pillars were the Infection Monkey tested, how many tests were performed and test statuses. Specific tests are described in the “Test Results” section. The “Findings” section shows details about the Monkey actions. Click on “Events” of different findings to observe what exactly the Infection Monkey did and when it did it. This should make it easy to cross reference events with your security solutions and alerts/logs.

161
docs/content/usage/scenarios/ransomware-simulation.md Normal file
View File

@ -0,0 +1,161 @@
---
title: " Ransomware Simulation"
date: 2021-06-23T18:13:59+05:30
draft: false
description: "Simulate a ransomware attack on your network and assess the potential damage."
weight: 1
pre: "<i class='fa fa-lock'></i>"
---
The Infection Monkey is capable of simulating a ransomware attack on your
network using a set of configurable behaviors.
## Encryption
In order to simulate the behavior of ransomware as accurately as possible,
the Infection Monkey can [encrypt user-specified files](#configuring-encryption)
using a [fully reversible algorithm](#how-are-the-files-encrypted). A number of
mechanisms are in place to ensure that all actions performed by the encryption
routine are safe for production environments.
### Preparing your environment for a ransomware simulation
The Infection Monkey will only encrypt files that you allow it to. In
order to take full advantage of the Infection Monkey's ransomware simulation, you'll
need to provide the Infection Monkey with a directory that contains files that
are safe for it to encrypt. The recommended approach is to use a remote
administration tool, such as
[Ansible](https://docs.ansible.com/ansible/latest/user_guide/) or
[PsExec](https://theitbros.com/using-psexec-to-run-commands-remotely/) to add a
"ransomware target" directory to each machine in your environment. The Infection
Monkey can then be configured to encrypt files in this directory.
### Configuring encryption
To ensure minimum interference and easy recoverability, the ransomware
simulation will only encrypt files contained in a user-specified directory. If
no directory is specified, no files will be encrypted.
![Ransomware configuration](/images/usage/scenarios/ransomware-config.png "Ransomware configuration")
### How are the files encrypted?
Files are "encrypted" in place with a simple bit flip. Encrypted files are
renamed to have `.m0nk3y` appended to their names. This is a safe way to
simulate encryption since it is easy to "decrypt" your files. You can simply
perform a bit flip on the files again and rename them to remove the appended
`.m0nk3y` extension.
Flipping a file's bits is sufficient to simulate the encryption behavior of
ransomware, as the data in your files has been manipulated (leaving them
temporarily unusuable). Files are then renamed with a new extension appended,
which is similar to the way that many ransomwares behave. As this is a
simulation, your
security solutions should be triggered to notify you or prevent these changes
from taking place.
### Which files are encrypted?
During the ransomware simulation, attempts will be made to encrypt all regular
files with [targeted file extensions](#files-targeted-for-encryption) in the
configured directory. The simulation is not recursive, i.e. it will not touch
any files in sub-directories of the configured directory. The Infection Monkey will
not follow any symlinks or shortcuts.
These precautions are taken to prevent the Infection Monkey from accidentally
encrypting files that you didn't intend to encrypt.
### Files targeted for encryption
Only regular files with certain extensions are encrypted by the ransomware
simulation. This list is based on the [analysis of the Goldeneye ransomware by
BitDefender](https://labs.bitdefender.com/2017/07/a-technical-look-into-the-goldeneye-ransomware-attack/).
- .3ds
- .7z
- .accdb
- .ai
- .asp
- .aspx
- .avhd
- .avi
- .back
- .bak
- .c
- .cfg
- .conf
- .cpp
- .cs
- .ctl
- .dbf
- .disk
- .djvu
- .doc
- .docx
- .dwg
- .eml
- .fdb
- .giff
- .gz
- .h
- .hdd
- .jpg
- .jpeg
- .kdbx
- .mail
- .mdb
- .mpg
- .mpeg
- .msg
- .nrg
- .ora
- .ost
- .ova
- .ovf
- .pdf
- .php
- .pmf
- .png
- .ppt
- .pptx
- .pst
- .pvi
- .py
- .pyc
- .rar
- .rtf
- .sln
- .sql
- .tar
- .tiff
- .txt
- .vbox
- .vbs
- .vcb
- .vdi
- .vfd
- .vmc
- .vmdk
- .vmsd
- .vmx
- .vsdx
- .vsv
- .work
- .xls
- .xlsx
- .xvd
- .zip
## Leaving a README.txt file
Many ransomware packages leave a README.txt file on the victim machine with an
explanation of what has occurred and instructions for paying the attacker.
The Infection Monkey will also leave a README.txt file in the target directory on
the victim machine in order to replicate this behavior.
The README.txt file informs the user that a ransomware simulation has taken
place and that they should contact their administrator. The contents of the
file can be found
[here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).

20
docs/content/usage/use-cases/_index.md
View File

@ -1,20 +0,0 @@
+++
title = "Use Cases"
date = 2020-08-12T12:52:59+03:00
weight = 3
chapter = true
pre = "<i class='fas fa-map-marked-alt'></i> "
+++
# Use cases
This section describes possible use cases for the Infection Monkey and how you can configure the tool.
You can also refer to [our FAQ](../../faq) for more specific questions and answers.
{{% notice note %}}
Don't worry! The Infection Monkey uses safe exploiters and does not cause any permanent system modifications that could impact security or operations.
{{% /notice %}}
## Section contents
{{% children description=True style="p"%}}

6
docs/layouts/shortcodes/homepage_shortcuts.html
View File

@ -74,10 +74,10 @@
</a>
</div>
<div class="col-lg-3 col-sm-6 mb-3">
<a href="usage/use-cases" class="px-4 py-5 bg-white shadow text-center d-block">
<a href="usage/scenarios" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Use Cases</h4>
<p class="mb-0">Learn about use cases of the Infection Monkey.</p>
<h4 class="mb-3 mt-0">Scenarios</h4>
<p class="mb-0">Learn about scenarios of the Infection Monkey.</p>
</a>
</div>
<div class="col-lg-3 col-sm-6 mb-3">

BIN
docs/static/images/usage/reports/ransomware_report_1_breach.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 135 KiB

Some files were not shown because too many files have changed in this diff Show More