forked from p15670423/monkey
Release Infection Monkey v1.11.0
This commit is contained in:
commit
07730160d7
|
@ -1,15 +1,17 @@
|
|||
[flake8]
|
||||
## Warn about linter issues.
|
||||
|
||||
exclude = ../monkey/monkey_island/cc/ui,
|
||||
../monkey/common/cloud
|
||||
exclude = monkey/monkey_island/cc/ui,vulture_allowlist.py
|
||||
show-source = True
|
||||
max-complexity = 10
|
||||
max-line-length = 127
|
||||
max-line-length = 100
|
||||
|
||||
### ignore "whitespace before ':'", "line break before binary operator" for
|
||||
### compatibility with black, and cyclomatic complexity (for now).
|
||||
extend-ignore = E203, W503, C901
|
||||
|
||||
### --statistics Count the number of occurrences of each error/warning code and print a report.
|
||||
statistics = True
|
||||
|
||||
### --count will print the total number of errors.
|
||||
count = True
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
monkey/tests/data_for_tests/ransomware_targets/** -text
|
||||
monkey/tests/data_for_tests/test_readme.txt -text
|
||||
monkey/tests/data_for_tests/stable_file.txt -text
|
||||
monkey/infection_monkey/ransomware/ransomware_readme.txt -text
|
|
@ -7,6 +7,7 @@ Add any further explanations here.
|
|||
## PR Checklist
|
||||
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
|
||||
* [ ] Is the TravisCI build passing?
|
||||
* [ ] Was the CHANGELOG.md updated to reflect the changes?
|
||||
* [ ] Was the documentation framework updated to reflect the changes?
|
||||
|
||||
## Testing Checklist
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# Intellij
|
||||
.idea/
|
||||
.run/
|
||||
|
||||
# Byte-compiled / optimized / DLL files
|
||||
__pycache__/
|
||||
|
@ -81,9 +82,10 @@ MonkeyZoo/*
|
|||
!MonkeyZoo/README.MD
|
||||
!MonkeyZoo/config.tf
|
||||
!MonkeyZoo/MonkeyZooDocs.pdf
|
||||
monkey/logs
|
||||
|
||||
# Exported monkey telemetries
|
||||
/monkey/telem_sample/
|
||||
/envs/monkey_zoo/blackbox/tests/performance/telemetry_sample/
|
||||
|
||||
# Profiling logs
|
||||
profiler_logs/
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
default_stages: [commit]
|
||||
repos:
|
||||
- repo: https://github.com/pycqa/isort
|
||||
rev: 5.8.0
|
||||
hooks:
|
||||
- id: isort
|
||||
name: isort (python)
|
||||
- id: isort
|
||||
name: isort (cython)
|
||||
types: [cython]
|
||||
- id: isort
|
||||
name: isort (pyi)
|
||||
types: [pyi]
|
||||
- repo: https://github.com/psf/black
|
||||
rev: 20.8b1
|
||||
hooks:
|
||||
- id: black
|
||||
- repo: https://gitlab.com/pycqa/flake8
|
||||
rev: 3.9.1
|
||||
hooks:
|
||||
- id: flake8
|
||||
additional_dependencies: [dlint]
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v3.4.0
|
||||
hooks:
|
||||
- id: check-added-large-files
|
||||
- id: check-case-conflict
|
||||
- id: check-json
|
||||
- id: check-merge-conflict
|
||||
- id: detect-private-key
|
||||
- id: end-of-file-fixer
|
||||
- id: trailing-whitespace
|
||||
- repo: https://github.com/eslint/eslint
|
||||
rev: v7.24.0
|
||||
hooks:
|
||||
- id: eslint
|
||||
args: ["monkey/monkey_island/cc/ui/src/", "--fix", "--max-warnings=0"]
|
||||
- repo: local
|
||||
hooks:
|
||||
- id: pytest
|
||||
name: pytest
|
||||
entry: bash -c "cd monkey && pytest"
|
||||
language: system
|
||||
files: "monkey/"
|
||||
exclude: "monkey/monkey_island/cc/ui"
|
||||
stages: [push]
|
||||
- repo: https://github.com/swimmio/pre-commit
|
||||
rev: v0.2
|
||||
hooks:
|
||||
- id: swimm-verify
|
||||
- repo: https://github.com/jendrikseipp/vulture
|
||||
rev: v2.3
|
||||
hooks:
|
||||
- id: vulture
|
|
@ -1,92 +1,86 @@
|
|||
{
|
||||
"id": "AzD8XysWg1BBXCjCDkfq",
|
||||
"name": "Add a new configuration setting to the Agent ⚙",
|
||||
"dod": "Make the max victim number that Monkey will find before stopping configurable by the user instead of constant.",
|
||||
"description": "# Make something configurable\n\nIn this unit, you will learn how to add a configuration option to Monkey and how to use it in the Monkey Agent code. \n\n![computer fire](https://media.giphy.com/media/7J4P7cUur2DlErijp3/giphy.gif \"computer fire\")\n\n## Why is this important?\n\nEnabling users to configure the Monkey's behaviour gives them a lot more freedom in how they want to use the Monkey and enables more use cases.\n\n## What is \"Max victims to find\"?\n\nThe Monkey has a function which finds \"victim\" machines on the network for the Monkey to try and exploit. It's called `get_victim_machines`. This function accepts an argument which limits how many machines the Monkey should find.\n\nWe want to make that value editable by the user instead of constant in the code.\n\n## Manual testing\n\n1. After you've performed the required changes, reload the Server and check your value exists in the Internal tab of the config (see image).\n\n![](https://i.imgur.com/e0XAxuV.png)\n\n2. Set the new value to 1, and run Monkey locally (from source). See that the Monkey only scans one machine.",
|
||||
"summary": "* When changing config schema by adding or deleting keys, you need to update the Blackbox Test configurations as well [here](https://github.com/guardicore/monkey/tree/develop/envs/monkey_zoo/blackbox/island_configs).",
|
||||
"hunksOrder": [
|
||||
"monkey/infection_monkey/config.py_0",
|
||||
"monkey/infection_monkey/monkey.py_0",
|
||||
"monkey/monkey_island/cc/services/config_schema/internal.py_0"
|
||||
],
|
||||
"tests": [],
|
||||
"hints": [
|
||||
"Look for `victims_max_exploit` - it's rather similar."
|
||||
],
|
||||
"play_mode": "all",
|
||||
"swimmPatch": {
|
||||
"monkey/infection_monkey/config.py": {
|
||||
"diffType": "MODIFIED",
|
||||
"fileDiffHeader": "diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py\nindex 1fbcb876..67ed19de 100644\n--- a/monkey/infection_monkey/config.py\n+++ b/monkey/infection_monkey/config.py",
|
||||
"hunks": [
|
||||
{
|
||||
"swimmHunkMetadata": {
|
||||
"hunkComments": []
|
||||
},
|
||||
"hunkDiffLines": [
|
||||
"@@ -131,8 +131,6 @@",
|
||||
" exploiter_classes = []\r",
|
||||
" system_info_collector_classes = []\r",
|
||||
" \r",
|
||||
"- # how many victims to look for in a single scan iteration\r",
|
||||
"- victims_max_find = 100\r",
|
||||
" \r",
|
||||
" # how many victims to exploit before stopping\r",
|
||||
" victims_max_exploit = 100\r"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"monkey/infection_monkey/monkey.py": {
|
||||
"diffType": "MODIFIED",
|
||||
"fileDiffHeader": "diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py\nindex 444bde45..ff23f671 100644\n--- a/monkey/infection_monkey/monkey.py\n+++ b/monkey/infection_monkey/monkey.py",
|
||||
"hunks": [
|
||||
{
|
||||
"swimmHunkMetadata": {
|
||||
"hunkComments": []
|
||||
},
|
||||
"hunkDiffLines": [
|
||||
"@@ -159,8 +159,6 @@",
|
||||
" if not self._keep_running or not WormConfiguration.alive:\r",
|
||||
" break\r",
|
||||
" \r",
|
||||
"- machines = self._network.get_victim_machines(max_find=WormConfiguration.victims_max_find,\r",
|
||||
"- stop_callback=ControlClient.check_for_stop)\r",
|
||||
" is_empty = True\r",
|
||||
" for machine in machines:\r",
|
||||
" if ControlClient.check_for_stop():\r"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"monkey/monkey_island/cc/services/config_schema/internal.py": {
|
||||
"diffType": "MODIFIED",
|
||||
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py\nindex bdbae246..d6042d35 100644\n--- a/monkey/monkey_island/cc/services/config_schema/internal.py\n+++ b/monkey/monkey_island/cc/services/config_schema/internal.py",
|
||||
"hunks": [
|
||||
{
|
||||
"swimmHunkMetadata": {
|
||||
"hunkComments": []
|
||||
},
|
||||
"hunkDiffLines": [
|
||||
"@@ -40,12 +40,6 @@",
|
||||
" \"title\": \"Monkey\",\r",
|
||||
" \"type\": \"object\",\r",
|
||||
" \"properties\": {\r",
|
||||
"- \"victims_max_find\": {\r",
|
||||
"- \"title\": \"Max victims to find\",\r",
|
||||
"- \"type\": \"integer\",\r",
|
||||
"- \"default\": 100,\r",
|
||||
"- \"description\": \"Determines the maximum number of machines the monkey is allowed to scan\"\r",
|
||||
"- },\r",
|
||||
" \"victims_max_exploit\": {\r",
|
||||
" \"title\": \"Max victims to exploit\",\r",
|
||||
" \"type\": \"integer\",\r"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
"task": {
|
||||
"dod": "Make the max victim number that Monkey will find before stopping configurable by the user instead of constant.",
|
||||
"tests": [],
|
||||
"hints": [
|
||||
"Look for `victims_max_exploit` - it's rather similar."
|
||||
]
|
||||
},
|
||||
"app_version": "0.3.5-1",
|
||||
"file_version": "1.0.4",
|
||||
"last_commit_sha_for_swimm_patch": "17ee823b086f0b027612e2d1864930d2c5593c3e"
|
||||
"content": [
|
||||
{
|
||||
"type": "text",
|
||||
"text": "# Make something configurable\n\nIn this unit, you will learn how to add a configuration option to Monkey and how to use it in the Monkey Agent code. \n\n![computer fire](https://media.giphy.com/media/7J4P7cUur2DlErijp3/giphy.gif \"computer fire\")\n\n## Why is this important?\n\nEnabling users to configure the Monkey's behaviour gives them a lot more freedom in how they want to use the Monkey and enables more use cases.\n\n## What is \"Max victims to find\"?\n\nThe Monkey has a function which finds \"victim\" machines on the network for the Monkey to try and exploit. It's called `get_victim_machines`. This function accepts an argument which limits how many machines the Monkey should find.\n\nWe want to make that value editable by the user instead of constant in the code.\n\n## Manual testing\n\n1. After you've performed the required changes, reload the Server and check your value exists in the Internal tab of the config (see image).\n\n![](https://i.imgur.com/e0XAxuV.png)\n\n2. Set the new value to 1, and run Monkey locally (from source). See that the Monkey only scans one machine."
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/infection_monkey/config.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 124,
|
||||
"lines": [
|
||||
" exploiter_classes = []",
|
||||
" system_info_collector_classes = []",
|
||||
" ",
|
||||
"* # how many victims to look for in a single scan iteration\r",
|
||||
"* victims_max_find = 100\r",
|
||||
" ",
|
||||
" # how many victims to exploit before stopping",
|
||||
" victims_max_exploit = 100"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/infection_monkey/monkey.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 220,
|
||||
"lines": [
|
||||
" if not self._keep_running or not WormConfiguration.alive:",
|
||||
" break",
|
||||
" ",
|
||||
"* machines = self._network.get_victim_machines(",
|
||||
"* max_find=WormConfiguration.victims_max_find,",
|
||||
"* stop_callback=ControlClient.check_for_stop,",
|
||||
"* )",
|
||||
" is_empty = True",
|
||||
" for machine in machines:",
|
||||
" if ControlClient.check_for_stop():"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/monkey_island/cc/services/config_schema/internal.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 42,
|
||||
"lines": [
|
||||
" \"title\": \"Monkey\",",
|
||||
" \"type\": \"object\",",
|
||||
" \"properties\": {",
|
||||
"* \"victims_max_find\": {",
|
||||
"* \"title\": \"Max victims to find\",",
|
||||
"* \"type\": \"integer\",",
|
||||
"* \"default\": 100,",
|
||||
"* \"description\": \"Determines the maximum number of machines the monkey is \"",
|
||||
"* \"allowed to scan\",",
|
||||
"* },",
|
||||
" \"victims_max_exploit\": {",
|
||||
" \"title\": \"Max victims to exploit\",",
|
||||
" \"type\": \"integer\","
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "text",
|
||||
"text": "* When changing config schema by adding or deleting keys, you need to update the Blackbox Test configurations as well [here](https://github.com/guardicore/monkey/tree/develop/envs/monkey_zoo/blackbox/config_templates)."
|
||||
}
|
||||
],
|
||||
"symbols": {},
|
||||
"file_version": "2.0.1",
|
||||
"meta": {
|
||||
"app_version": "0.4.9-1",
|
||||
"file_blobs": {
|
||||
"monkey/infection_monkey/config.py": "0bede1c57949987f5c8025bd9b8f7aa29d02a6af",
|
||||
"monkey/infection_monkey/monkey.py": "89d2fa8452dee70f6d2985a9bb452f0159ea8219",
|
||||
"monkey/monkey_island/cc/services/config_schema/internal.py": "1ce1c864b1df332b65e16b4ce9ed533affd73f9c"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,54 +1,52 @@
|
|||
{
|
||||
"id": "JFXftJml8DpmuCPBA9rL",
|
||||
"name": "Add details about your new PBA",
|
||||
"dod": "You should add your new PBA's details to the configuration.",
|
||||
"description": "In order to make sure that the new `ScheduleJobs` PBA is shown in the configuration on the Monkey Island, you need to add its details to the configuration file(s). <br><br>\n\nSince this particular PBA is related to the MITRE techniques [T1168](https://attack.mitre.org/techniques/T1168) and [T1053](https://attack.mitre.org/techniques/T1053), make sure to link the PBA with these techniques in the configuration as well. <br><br>\n\nEach part of the configuration has an important role \n- *enum* — contains the relevant PBA's class name(s)\n- *title* — holds the name of the PBA which is displayed in the configuration on the Monkey Island\n- *info* — consists of an elaboration on the PBA's working which is displayed in the configuration on the Monkey Island\n- *attack_techniques* — has the IDs of the MITRE techniques associated with the PBA\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- You should be able to see your new PBA under the \"Monkey\" tab in the configuration, along with its information when you click on it\n- Further, when you enable/disable the associated MITRE techniques under the ATT&CK tab in the configuration, the PBA should also be enabled/disabled\n\n<img src=\"https://i.imgur.com/a5VSkL5.gif\" height=400>",
|
||||
"summary": "- The PBA details in this file are reflected on the Monkey Island in the PBA configuration.\n- PBAs are also linked to the relevant MITRE techniques in this file, whose results can then be seen in the MITRE ATT&CK report on the Monkey Island.",
|
||||
"hunksOrder": [
|
||||
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0"
|
||||
],
|
||||
"tests": [],
|
||||
"hints": [
|
||||
"Have a look at the details of the other techniques."
|
||||
],
|
||||
"play_mode": "all",
|
||||
"swimmPatch": {
|
||||
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": {
|
||||
"diffType": "MODIFIED",
|
||||
"fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\nindex f1fe0f6f..b231f96c 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
|
||||
"hunks": [
|
||||
{
|
||||
"swimmHunkMetadata": {
|
||||
"hunkComments": []
|
||||
},
|
||||
"hunkDiffLines": [
|
||||
"@@ -68,16 +68,7 @@",
|
||||
" \"Removes the file afterwards.\",",
|
||||
" \"attack_techniques\": [\"T1166\"]",
|
||||
" },",
|
||||
"- {",
|
||||
"+ # Swimmer: ADD DETAILS HERE!",
|
||||
"- \"type\": \"string\",",
|
||||
"- \"enum\": [",
|
||||
"- \"ScheduleJobs\"",
|
||||
"- ],",
|
||||
"- \"title\": \"Job scheduling\",",
|
||||
"- \"safe\": True,",
|
||||
"- \"info\": \"Attempts to create a scheduled job on the system and remove it.\",",
|
||||
"- \"attack_techniques\": [\"T1168\", \"T1053\"]",
|
||||
"- },",
|
||||
" {",
|
||||
" \"type\": \"string\",",
|
||||
" \"enum\": ["
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
"task": {
|
||||
"dod": "You should add your new PBA's details to the configuration.",
|
||||
"tests": [],
|
||||
"hints": [
|
||||
"Have a look at the details of the other techniques."
|
||||
]
|
||||
},
|
||||
"app_version": "0.3.5-1",
|
||||
"file_version": "1.0.4",
|
||||
"hunksOrder": [
|
||||
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0"
|
||||
"content": [
|
||||
{
|
||||
"type": "text",
|
||||
"text": "In order to make sure that the new `ScheduleJobs` PBA is shown in the configuration on the Monkey Island, you need to add its details to the configuration file(s). <br><br>\n\nSince this particular PBA is related to the MITRE techniques [T1168](https://attack.mitre.org/techniques/T1168) and [T1053](https://attack.mitre.org/techniques/T1053), make sure to link the PBA with these techniques in the configuration as well. <br><br>\n\nEach part of the configuration has an important role \n- *enum* — contains the relevant PBA's class name(s)\n- *title* — holds the name of the PBA which is displayed in the configuration on the Monkey Island\n- *info* — consists of an elaboration on the PBA's working which is displayed in the configuration on the Monkey Island\n- *attack_techniques* — has the IDs of the MITRE techniques associated with the PBA\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- You should be able to see your new PBA under the \"Monkey\" tab in the configuration, along with its information when you click on it\n- Further, when you enable/disable the associated MITRE techniques under the ATT&CK tab in the configuration, the PBA should also be enabled/disabled\n\n<img src=\"https://i.imgur.com/a5VSkL5.gif\" height=400>"
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 56,
|
||||
"lines": [
|
||||
" \"Removes the file afterwards.\",",
|
||||
" \"attack_techniques\": [\"T1166\"],",
|
||||
" },",
|
||||
"* {",
|
||||
"+ # Swimmer: ADD DETAILS HERE!",
|
||||
"* \"type\": \"string\",",
|
||||
"* \"enum\": [\"ScheduleJobs\"],",
|
||||
"* \"title\": \"Job scheduling\",",
|
||||
"* \"safe\": True,",
|
||||
"* \"info\": \"Attempts to create a scheduled job on the system and remove it.\",",
|
||||
"* \"attack_techniques\": [\"T1168\", \"T1053\"],",
|
||||
"* },",
|
||||
" {",
|
||||
" \"type\": \"string\",",
|
||||
" \"enum\": [\"Timestomping\"],"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "text",
|
||||
"text": "- The PBA details in this file are reflected on the Monkey Island in the PBA configuration.\n- PBAs are also linked to the relevant MITRE techniques in this file, whose results can then be seen in the MITRE ATT&CK report on the Monkey Island."
|
||||
}
|
||||
],
|
||||
"last_commit_sha_for_swimm_patch": "9d9e8168fb2c23367b9947273aa1a041687b3e2e"
|
||||
"symbols": {},
|
||||
"file_version": "2.0.1",
|
||||
"meta": {
|
||||
"app_version": "0.4.1-1",
|
||||
"file_blobs": {
|
||||
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "ea9b18aba7f71da12c9c82ac39d8a0cf2c472a9c"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -37,7 +37,7 @@
|
|||
"firstLineNumber": 1,
|
||||
"lines": [
|
||||
" import logging",
|
||||
"*import socket",
|
||||
" import socket",
|
||||
"*",
|
||||
"*from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR",
|
||||
"*from infection_monkey.system_info.system_info_collector import SystemInfoCollector",
|
||||
|
@ -58,13 +58,13 @@
|
|||
"type": "snippet",
|
||||
"path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 1,
|
||||
"firstLineNumber": 4,
|
||||
"lines": [
|
||||
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,\r",
|
||||
"* ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
|
||||
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)\r",
|
||||
" \r",
|
||||
" SYSTEM_INFO_COLLECTOR_CLASSES = {\r"
|
||||
" ENVIRONMENT_COLLECTOR,",
|
||||
"* HOSTNAME_COLLECTOR,",
|
||||
" MIMIKATZ_COLLECTOR,",
|
||||
" PROCESS_LIST_COLLECTOR,",
|
||||
" )"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -73,23 +73,21 @@
|
|||
"comments": [],
|
||||
"firstLineNumber": 37,
|
||||
"lines": [
|
||||
" \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",",
|
||||
" \"attack_techniques\": [\"T1082\"]",
|
||||
" \"currently running on.\",",
|
||||
" \"attack_techniques\": [\"T1082\"],",
|
||||
" },",
|
||||
"* {",
|
||||
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
|
||||
"* \"type\": \"string\",",
|
||||
"* \"enum\": [",
|
||||
"* HOSTNAME_COLLECTOR",
|
||||
"* ],",
|
||||
"* \"enum\": [HOSTNAME_COLLECTOR],",
|
||||
"* \"title\": \"Hostname collector\",",
|
||||
"* \"safe\": True,",
|
||||
"* \"info\": \"Collects machine's hostname.\",",
|
||||
"* \"attack_techniques\": [\"T1082\", \"T1016\"]",
|
||||
"* \"attack_techniques\": [\"T1082\", \"T1016\"],",
|
||||
"* },",
|
||||
" {",
|
||||
" \"type\": \"string\",",
|
||||
" \"enum\": ["
|
||||
" \"enum\": [PROCESS_LIST_COLLECTOR],"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -98,20 +96,21 @@
|
|||
"comments": [],
|
||||
"firstLineNumber": 1,
|
||||
"lines": [
|
||||
" from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, AZURE_CRED_COLLECTOR,",
|
||||
" ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,",
|
||||
" MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR)",
|
||||
"* HOSTNAME_COLLECTOR,",
|
||||
" MONKEY = {",
|
||||
" \"title\": \"Monkey\",",
|
||||
" \"type\": \"object\","
|
||||
" from common.common_consts.system_info_collectors_names import (",
|
||||
" AWS_COLLECTOR,",
|
||||
" AZURE_CRED_COLLECTOR,",
|
||||
" ENVIRONMENT_COLLECTOR,",
|
||||
"* HOSTNAME_COLLECTOR,",
|
||||
" MIMIKATZ_COLLECTOR,",
|
||||
" PROCESS_LIST_COLLECTOR,",
|
||||
" )"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 85,
|
||||
"firstLineNumber": 92,
|
||||
"lines": [
|
||||
" \"default\": [",
|
||||
" ENVIRONMENT_COLLECTOR,",
|
||||
|
@ -119,7 +118,7 @@
|
|||
"* HOSTNAME_COLLECTOR,",
|
||||
" PROCESS_LIST_COLLECTOR,",
|
||||
" MIMIKATZ_COLLECTOR,",
|
||||
" AZURE_CRED_COLLECTOR"
|
||||
" AZURE_CRED_COLLECTOR,"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -148,26 +147,26 @@
|
|||
"comments": [],
|
||||
"firstLineNumber": 1,
|
||||
"lines": [
|
||||
" import logging\r",
|
||||
" import typing\r",
|
||||
" \r",
|
||||
"*from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR,\r",
|
||||
" PROCESS_LIST_COLLECTOR)\r",
|
||||
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
|
||||
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r"
|
||||
" import logging",
|
||||
" import typing",
|
||||
" ",
|
||||
" from common.common_consts.system_info_collectors_names import (",
|
||||
" AWS_COLLECTOR,",
|
||||
" ENVIRONMENT_COLLECTOR,",
|
||||
"* HOSTNAME_COLLECTOR,"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 14,
|
||||
"firstLineNumber": 25,
|
||||
"lines": [
|
||||
" SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {",
|
||||
" AWS_COLLECTOR: [process_aws_telemetry],",
|
||||
" ENVIRONMENT_COLLECTOR: [process_environment_telemetry],",
|
||||
"* HOSTNAME_COLLECTOR: [process_hostname_telemetry],",
|
||||
" PROCESS_LIST_COLLECTOR: [check_antivirus_existence]",
|
||||
" PROCESS_LIST_COLLECTOR: [check_antivirus_existence],",
|
||||
" }",
|
||||
" "
|
||||
]
|
||||
|
@ -175,15 +174,18 @@
|
|||
{
|
||||
"type": "snippet",
|
||||
"lines": [
|
||||
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry\r",
|
||||
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \\\r",
|
||||
" process_environment_telemetry\r",
|
||||
"*from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import process_hostname_telemetry\r",
|
||||
" from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import check_antivirus_existence\r",
|
||||
" \r",
|
||||
" logger = logging.getLogger(__name__)\r"
|
||||
" )",
|
||||
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import (",
|
||||
" process_environment_telemetry,",
|
||||
" )",
|
||||
"*from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import (",
|
||||
"* process_hostname_telemetry,",
|
||||
"*)",
|
||||
" from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import (",
|
||||
" check_antivirus_existence,",
|
||||
" )"
|
||||
],
|
||||
"firstLineNumber": 6,
|
||||
"firstLineNumber": 12,
|
||||
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
||||
"comments": []
|
||||
},
|
||||
|
@ -192,9 +194,17 @@
|
|||
"text": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!"
|
||||
}
|
||||
],
|
||||
"file_version": "2.0.0",
|
||||
"symbols": {},
|
||||
"file_version": "2.0.1",
|
||||
"meta": {
|
||||
"app_version": "0.3.7-0",
|
||||
"file_blobs": {}
|
||||
"app_version": "0.4.4-0",
|
||||
"file_blobs": {
|
||||
"monkey/common/common_consts/system_info_collectors_names.py": "175a054e1408805a4cebbe27e2f9616db40988cf",
|
||||
"monkey/infection_monkey/system_info/collectors/hostname_collector.py": "0aeecd9fb7bde83cccd4501ec03e0da199ec5fc3",
|
||||
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py": "9a4a39050eb088876df4fa629e14faf820e714a0",
|
||||
"monkey/monkey_island/cc/services/config_schema/monkey.py": "e745da5828c63e975625ac2e9b80ce9626324970",
|
||||
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py": "e2de4519cbd71bba70e81cf3ff61817437d95a21",
|
||||
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py": "7ce4b6fcfbce0d6cd8a60297213c5be1699b22df"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,51 +1,54 @@
|
|||
{
|
||||
"id": "VW4rf3AxRslfT7lwaug7",
|
||||
"name": "Implement a new PBA — `ScheduleJobs`",
|
||||
"dod": "You should implement a new PBA in Monkey which schedules jobs on the machine.",
|
||||
"description": "You need to implement the `ScheduleJobs` PBA which creates scheduled jobs on the machine. <br><br>\n<img src=\"https://media.giphy.com/media/l0K4mVE5b5WZ1sctW/giphy.gif\" height=175><br><br>\nThe commands that add scheduled jobs for Windows and Linux can be retrieved from `get_commands_to_schedule_jobs` — make sure you understand how to use this function correctly.\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- Make sure the \"Job scheduling\" PBA is enabled in the \"Monkey\" tab in the configuration — for this test, disable network scanning, exploiting, and all other PBAs\n- Run the Monkey\n- Make sure you see the PBA with its results in the Security report as well as in the ATT&CK report under the relevant MITRE technique\n\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2Ff0e53e6c-9dbe-41d8-9454-2b5761c3f53a.png?alt=media&token=21aa4bb8-7ebe-4dab-a739-c77e059144dd\" height=400>\n<br><br>\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2F528389a0-35c8-4380-b6e2-353068ed01e4.png?alt=media&token=08767f55-86e2-4f51-8ecf-13fd6cc25ad5\" height=400>",
|
||||
"summary": "Many other PBAs are as simple as this one, using shell commands or scripts — see `Timestomping` and `AccountDiscovery`. <br><br>\n\nHowever, for less straightforward ones, you can override functions and implement new classes depending on what is required — see `SignedScriptProxyExecution` and `ModifyShellStartupFiles`.<br><br>\n\nThis PBA, along with all the other PBAs, will run on a system after it has been breached. The purpose of this code is to test whether target systems allow attackers to schedule jobs, which they could use to run malicious code at some specified date and time.",
|
||||
"hunksOrder": [
|
||||
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py_0"
|
||||
],
|
||||
"tests": [],
|
||||
"hints": [
|
||||
"Check out the `Timestomping` PBA to get an idea about the implementation.",
|
||||
"Don't forget to add code to remove the scheduled jobs!"
|
||||
],
|
||||
"play_mode": "all",
|
||||
"swimmPatch": {
|
||||
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py": {
|
||||
"diffType": "MODIFIED",
|
||||
"fileDiffHeader": "diff --git a/monkey/infection_monkey/post_breach/actions/schedule_jobs.py b/monkey/infection_monkey/post_breach/actions/schedule_jobs.py\nindex f7d8d805..06839463 100644\n--- a/monkey/infection_monkey/post_breach/actions/schedule_jobs.py\n+++ b/monkey/infection_monkey/post_breach/actions/schedule_jobs.py",
|
||||
"hunks": [
|
||||
{
|
||||
"swimmHunkMetadata": {
|
||||
"hunkComments": []
|
||||
},
|
||||
"hunkDiffLines": [
|
||||
"@@ -10,11 +10,5 @@",
|
||||
" \"\"\"",
|
||||
" ",
|
||||
" def __init__(self):",
|
||||
"- linux_cmds, windows_cmds = get_commands_to_schedule_jobs()",
|
||||
"+ pass",
|
||||
"-",
|
||||
"+ # Swimmer: IMPLEMENT HERE!",
|
||||
"- super(ScheduleJobs, self).__init__(name=POST_BREACH_JOB_SCHEDULING,",
|
||||
"- linux_cmd=' '.join(linux_cmds),",
|
||||
"- windows_cmd=windows_cmds)",
|
||||
"- ",
|
||||
"- def run(self):",
|
||||
"- super(ScheduleJobs, self).run()"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
"task": {
|
||||
"dod": "You should implement a new PBA in Monkey which schedules jobs on the machine.",
|
||||
"tests": [],
|
||||
"hints": [
|
||||
"Check out the `Timestomping` PBA to get an idea about the implementation.",
|
||||
"Don't forget to add code to remove the scheduled jobs!"
|
||||
]
|
||||
},
|
||||
"app_version": "0.3.5-1",
|
||||
"file_version": "1.0.4",
|
||||
"hunksOrder": [
|
||||
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py_0"
|
||||
"content": [
|
||||
{
|
||||
"type": "text",
|
||||
"text": "You need to implement the `ScheduleJobs` PBA which creates scheduled jobs on the machine. <br><br>\n<img src=\"https://media.giphy.com/media/l0K4mVE5b5WZ1sctW/giphy.gif\" height=175><br><br>\nThe commands that add scheduled jobs for Windows and Linux can be retrieved from `get_commands_to_schedule_jobs` — make sure you understand how to use this function correctly.\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- Make sure the \"Job scheduling\" PBA is enabled in the \"Monkey\" tab in the configuration — for this test, disable network scanning, exploiting, and all other PBAs\n- Run the Monkey\n- Make sure you see the PBA with its results in the Security report as well as in the ATT&CK report under the relevant MITRE technique\n\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2Ff0e53e6c-9dbe-41d8-9454-2b5761c3f53a.png?alt=media&token=21aa4bb8-7ebe-4dab-a739-c77e059144dd\" height=400>\n<br><br>\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2F528389a0-35c8-4380-b6e2-353068ed01e4.png?alt=media&token=08767f55-86e2-4f51-8ecf-13fd6cc25ad5\" height=400>"
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/infection_monkey/post_breach/actions/schedule_jobs.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 12,
|
||||
"lines": [
|
||||
" \"\"\"",
|
||||
" ",
|
||||
" def __init__(self):",
|
||||
"* linux_cmds, windows_cmds = get_commands_to_schedule_jobs()",
|
||||
"+ pass",
|
||||
"*",
|
||||
"+ # Swimmer: IMPLEMENT HERE!",
|
||||
"* super(ScheduleJobs, self).__init__(",
|
||||
"* name=POST_BREACH_JOB_SCHEDULING,",
|
||||
"* linux_cmd=\" \".join(linux_cmds),",
|
||||
"* windows_cmd=windows_cmds,",
|
||||
"* )",
|
||||
"*",
|
||||
"* def run(self):",
|
||||
"* super(ScheduleJobs, self).run()",
|
||||
"* remove_scheduled_jobs()"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "text",
|
||||
"text": "Many other PBAs are as simple as this one, using shell commands or scripts — see `Timestomping` and `AccountDiscovery`. <br><br>\n\nHowever, for less straightforward ones, you can override functions and implement new classes depending on what is required — see `SignedScriptProxyExecution` and `ModifyShellStartupFiles`.<br><br>\n\nThis PBA, along with all the other PBAs, will run on a system after it has been breached. The purpose of this code is to test whether target systems allow attackers to schedule jobs, which they could use to run malicious code at some specified date and time."
|
||||
}
|
||||
],
|
||||
"last_commit_sha_for_swimm_patch": "44fd1ab69cfbab33cec638dcbbaa8831992a9a9f"
|
||||
"symbols": {},
|
||||
"file_version": "2.0.1",
|
||||
"meta": {
|
||||
"app_version": "0.4.1-1",
|
||||
"file_blobs": {
|
||||
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py": "e7845968a0c27d2eba71a8889645fe88491cb2a8"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -37,20 +37,22 @@
|
|||
"lines": [
|
||||
"*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER",
|
||||
"*from infection_monkey.config import WormConfiguration",
|
||||
" from infection_monkey.post_breach.pba import PBA",
|
||||
" from infection_monkey.utils.users import get_commands_to_add_user",
|
||||
" ",
|
||||
" ",
|
||||
" class BackdoorUser(PBA):",
|
||||
" def __init__(self):",
|
||||
"*from infection_monkey.post_breach.pba import PBA",
|
||||
"*from infection_monkey.utils.random_password_generator import get_random_password",
|
||||
"*from infection_monkey.utils.users import get_commands_to_add_user",
|
||||
"*",
|
||||
"*",
|
||||
"*class BackdoorUser(PBA):",
|
||||
"* def __init__(self):",
|
||||
"* random_password = get_random_password()",
|
||||
"*",
|
||||
"* linux_cmds, windows_cmds = get_commands_to_add_user(",
|
||||
"+ pass # Swimmer: Impl here!",
|
||||
"* WormConfiguration.user_to_add,",
|
||||
"* WormConfiguration.remote_user_pass)",
|
||||
"* WormConfiguration.user_to_add, random_password",
|
||||
"* )",
|
||||
"*",
|
||||
"* super(BackdoorUser, self).__init__(",
|
||||
"* POST_BREACH_BACKDOOR_USER,",
|
||||
"* linux_cmd=' '.join(linux_cmds),",
|
||||
"* windows_cmd=windows_cmds)"
|
||||
"* POST_BREACH_BACKDOOR_USER, linux_cmd=\" \".join(linux_cmds), windows_cmd=windows_cmds",
|
||||
"* )"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -59,17 +61,17 @@
|
|||
"comments": [],
|
||||
"firstLineNumber": 1,
|
||||
"lines": [
|
||||
"*from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER\r",
|
||||
" from monkey_island.cc.services.attack.technique_reports.pba_technique import PostBreachTechnique\r",
|
||||
" \r",
|
||||
" __author__ = \"shreyamalviya\"\r"
|
||||
" from common.common_consts.post_breach_consts import (",
|
||||
"* POST_BREACH_BACKDOOR_USER,",
|
||||
" POST_BREACH_COMMUNICATE_AS_NEW_USER,",
|
||||
" )"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 9,
|
||||
"firstLineNumber": 12,
|
||||
"lines": [
|
||||
" unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"",
|
||||
" scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"",
|
||||
|
@ -82,25 +84,23 @@
|
|||
"type": "snippet",
|
||||
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 4,
|
||||
"firstLineNumber": 5,
|
||||
"lines": [
|
||||
" \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",",
|
||||
" \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",",
|
||||
" \"type\": \"string\",",
|
||||
" \"anyOf\": [",
|
||||
"* {",
|
||||
"+ # Swimmer: Add new PBA here to config!",
|
||||
"* \"type\": \"string\",",
|
||||
"* \"enum\": [",
|
||||
"* \"BackdoorUser\"",
|
||||
"* ],",
|
||||
"* \"enum\": [\"BackdoorUser\"],",
|
||||
"* \"title\": \"Back door user\",",
|
||||
"* \"safe\": True,",
|
||||
"* \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",",
|
||||
"* \"attack_techniques\": [\"T1136\"]",
|
||||
"* \"attack_techniques\": [\"T1136\"],",
|
||||
"* },",
|
||||
" {",
|
||||
" \"type\": \"string\",",
|
||||
" \"enum\": ["
|
||||
" \"enum\": [\"CommunicateAsNewUser\"],"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -108,14 +108,15 @@
|
|||
"text": "Take a look at the configuration of the island again - see the \"command to run after breach\" option we offer the user? It's implemented exactly like you did right now but each user can do it for themselves. \n\nHowever, what if the PBA needs to do stuff which is more complex than just running a few commands? In that case... "
|
||||
}
|
||||
],
|
||||
"file_version": "2.0.0",
|
||||
"symbols": {},
|
||||
"file_version": "2.0.1",
|
||||
"meta": {
|
||||
"app_version": "0.3.7-0",
|
||||
"app_version": "0.4.4-0",
|
||||
"file_blobs": {
|
||||
"monkey/common/common_consts/post_breach_consts.py": "25e6679cb1623aae1a732deb05cc011a452743e3",
|
||||
"monkey/infection_monkey/post_breach/actions/add_user.py": "a85845840d9cb37529ad367e159cd9001929e759",
|
||||
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": "d9d86e08ea4aeb0a6bee3f483e4fea50ee6cd200",
|
||||
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "857e80da477ab31dbc00ed0a3f1cd49b69b505fa"
|
||||
"monkey/infection_monkey/post_breach/actions/add_user.py": "26b048a492fcb6d319fc0c01d2f4a0bd302ecbc8",
|
||||
"monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": "dfc5945a362b88c1135f4476526c6c82977b02ee",
|
||||
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "086dc85693ae02ddfa106099245c0f155139805c"
|
||||
}
|
||||
}
|
||||
}
|
67
.travis.yml
67
.travis.yml
|
@ -6,69 +6,62 @@ group: travis_latest
|
|||
|
||||
language: python
|
||||
|
||||
env:
|
||||
- PIP_CACHE_DIR=$HOME/.cache/pip PIPENV_CACHE_DIR=$HOME/.cache/pipenv
|
||||
|
||||
cache:
|
||||
- pip
|
||||
- directories:
|
||||
- "$HOME/.npm"
|
||||
- $PIP_CACHE_DIR
|
||||
- $PIPENV_CACHE_DIR
|
||||
|
||||
python:
|
||||
- 3.7
|
||||
|
||||
os: linux
|
||||
|
||||
before_install:
|
||||
# Init server_config.json to default
|
||||
- cp monkey/monkey_island/cc/server_config.json.default monkey/monkey_island/cc/server_config.json
|
||||
|
||||
install:
|
||||
# Python
|
||||
- pip freeze
|
||||
- pip install -r monkey/monkey_island/requirements.txt # for unit tests
|
||||
- pip install flake8 pytest pytest-cov dlint isort # for next stages
|
||||
- pip install coverage # for code coverage
|
||||
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
|
||||
- pip install pipdeptree
|
||||
# Fail builds on possible conflicting dependencies.
|
||||
- pipdeptree --warn fail
|
||||
- pip install pipenv
|
||||
# Install island and monkey requirements as they are needed by UT's
|
||||
- pushd monkey/monkey_island
|
||||
- pipenv sync --dev # This installs dependencies from lock
|
||||
- popd
|
||||
- pushd monkey/infection_monkey
|
||||
- pipenv sync --dev # This installs dependencies from lock
|
||||
- popd
|
||||
|
||||
# node + npm + eslint
|
||||
- node --version
|
||||
- npm --version
|
||||
- nvm --version
|
||||
- nvm install node
|
||||
- nvm install 12
|
||||
- nvm use node
|
||||
- npm i -g eslint
|
||||
- node --version
|
||||
- npm --version
|
||||
|
||||
# linuxbrew (for hugo)
|
||||
- git clone https://github.com/Homebrew/brew ~/.linuxbrew/Homebrew
|
||||
- mkdir ~/.linuxbrew/bin
|
||||
- ln -s ~/.linuxbrew/Homebrew/bin/brew ~/.linuxbrew/bin
|
||||
- eval $(~/.linuxbrew/bin/brew shellenv)
|
||||
|
||||
# hugo (for documentation)
|
||||
- brew install hugo
|
||||
- curl -L https://github.com/gohugoio/hugo/releases/download/v0.85.0/hugo_0.85.0_Linux-64bit.tar.gz --output hugo.tar.gz
|
||||
# print hugo version (useful for debugging documentation build errors)
|
||||
- hugo version
|
||||
- tar -zxf hugo.tar.gz
|
||||
- ./hugo version
|
||||
|
||||
script:
|
||||
# Check Python code
|
||||
## Check syntax errors and fail the build if any are found.
|
||||
- flake8 ./monkey --config=./ci_scripts/flake8_syntax_check.ini
|
||||
|
||||
## Warn about linter issues.
|
||||
### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.
|
||||
### The output is redirected to a file.
|
||||
- flake8 ./monkey --exit-zero --config=./ci_scripts/flake8_linter_check.ini > ./ci_scripts/flake8_warnings.txt
|
||||
## Display the linter issues
|
||||
- cat ./ci_scripts/flake8_warnings.txt
|
||||
## Make sure that we haven't increased the amount of warnings.
|
||||
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=80
|
||||
- if [ $(tail -n 1 ./ci_scripts/flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
|
||||
- flake8 .
|
||||
|
||||
## Check import order
|
||||
- python -m isort ./monkey --settings-file ./ci_scripts/isort.cfg
|
||||
- python -m isort ./monkey --check-only
|
||||
|
||||
## Check that all python is properly formatted. Fail otherwise.
|
||||
- python -m black --check .
|
||||
|
||||
## Check that there is no dead python code
|
||||
- python -m vulture .
|
||||
|
||||
## Run unit tests and generate coverage data
|
||||
- cd monkey # This is our source dir
|
||||
|
@ -78,12 +71,18 @@ script:
|
|||
- cd monkey_island/cc/ui
|
||||
- npm ci # See https://docs.npmjs.com/cli/ci.html
|
||||
- eslint ./src --quiet # Test for errors
|
||||
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=7
|
||||
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=0
|
||||
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
|
||||
|
||||
# Build documentation
|
||||
- cd $TRAVIS_BUILD_DIR/docs
|
||||
- hugo --verbose --environment staging
|
||||
- ../hugo --verbose --environment staging
|
||||
|
||||
# verify swimm
|
||||
- cd $TRAVIS_BUILD_DIR
|
||||
- curl -L https://github.com/swimmio/SwimmReleases/releases/download/v0.5.0-0/swimm-cli.js --output swimm_cli
|
||||
- node swimm_cli --version
|
||||
- node swimm_cli verify
|
||||
|
||||
after_success:
|
||||
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
# Changelog
|
||||
All notable changes to this project will be documented in this
|
||||
file.
|
||||
|
||||
The format is based on [Keep a
|
||||
Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
## [1.11.0] - 2021-08-13
|
||||
### Added
|
||||
- A runtime-configurable option to specify a data directory where runtime
|
||||
configuration and other artifacts can be stored. #994
|
||||
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
|
||||
- `log_level` option to server config. #1151
|
||||
- A ransomware simulation payload. #1238
|
||||
- The capability for a user to specify their own SSL certificate. #1208
|
||||
- API endpoint for ransomware report. #1297
|
||||
- A ransomware report. #1240
|
||||
- A script to build a docker image locally. #1140
|
||||
|
||||
### Changed
|
||||
- Select server_config.json at runtime. #963
|
||||
- Select Logger configuration at runtime. #971
|
||||
- Select `mongo_key.bin` file location at runtime. #994
|
||||
- Store Monkey agents in the configurable data_dir when monkey is "run from the
|
||||
island". #997
|
||||
- Reformat all code using black. #1070
|
||||
- Sort all imports using isort. #1081
|
||||
- Address all flake8 issues. #1071
|
||||
- Use pipenv for python dependency management. #1091
|
||||
- Move unit tests to a dedicated `tests/` directory to improve pytest collection
|
||||
time. #1102
|
||||
- Skip BB performance tests by default. Run them if `--run-performance-tests`
|
||||
flag is specified.
|
||||
- Write Zerologon exploiter's runtime artifacts to a secure temporary directory
|
||||
instead of $HOME. #1143
|
||||
- Put environment config options in `server_config.json` into a separate
|
||||
section named "environment". #1161
|
||||
- Automatically register if BlackBox tests are run on a fresh installation.
|
||||
#1180
|
||||
- Limit the ports used for scanning in blackbox tests. #1368
|
||||
- Limit the propagation depth of most blackbox tests. #1400
|
||||
- Wait less time for monkeys to die when running BlackBox tests. #1400
|
||||
- Improve the structure of unit tests by scoping fixtures only to relevant
|
||||
modules instead of having a one huge fixture file. #1178
|
||||
- Improve and rename the directory structure of unit tests and unit test
|
||||
infrastructure. #1178
|
||||
- Launch MongoDB when the Island starts via python. #1148
|
||||
- Create/check data directory on Island initialization. #1170
|
||||
- Format some log messages to make them more readable. #1283
|
||||
- Improve runtime of some unit tests. #1125
|
||||
- Run curl OR wget (not both) when attempting to communicate as a new user on
|
||||
Linux. #1407
|
||||
|
||||
### Removed
|
||||
- Relevant dead code as reported by Vulture. #1149
|
||||
- Island logger config and --logger-config CLI option. #1151
|
||||
|
||||
### Fixed
|
||||
- Attempt to delete a directory when monkey config reset was called. #1054
|
||||
- An errant space in the windows commands to run monkey manually. #1153
|
||||
- Gevent tracebacks in console output. #859
|
||||
- Crash and failure to run PBAs if max depth reached. #1374
|
||||
|
||||
### Security
|
||||
- Address minor issues discovered by Dlint. #1075
|
||||
- Hash passwords on server-side instead of client side. #1139
|
||||
- Generate random passwords when creating a new user (create user PBA, ms08_67
|
||||
exploit). #1174
|
||||
- Implemented configuration encryption/decryption. #1189, #1204
|
||||
- Create local custom PBA directory with secure permissions. #1270
|
||||
- Create encryption key file for MongoDB with secure permissions. #1232
|
|
@ -0,0 +1,46 @@
|
|||
# Infection Monkey Linux Package Builder
|
||||
|
||||
## About
|
||||
|
||||
This directory contains the necessary artifacts for building an Infection
|
||||
Monkey packages for Linux.
|
||||
|
||||
## AppImage
|
||||
|
||||
### Building an AppImage
|
||||
|
||||
1. Create a clean VM or LXC (not docker!) based on Ubuntu 18.04.
|
||||
1. Copy the `build_scipts/` directory to `$HOME/` in the VM.
|
||||
1. On the VM, `cd $HOME/build_scripts`
|
||||
1. Run `sudo -v`.
|
||||
1. Execute `./build_appimage.sh`. This will pull all necessary dependencies
|
||||
and build the AppImage.
|
||||
|
||||
NOTE: This script is intended to be run from a clean VM. You can also manually
|
||||
remove build artifacts by running `appimage/clean.sh`
|
||||
|
||||
### Running the AppImage
|
||||
|
||||
The build script will produce an AppImage executable named
|
||||
`./dist/Infection_Monkey-x86_64.AppImage`. Simply execute this file and you're off to
|
||||
the races.
|
||||
|
||||
A new directory, `$HOME/.monkey_island` will be created to store runtime
|
||||
artifacts.
|
||||
|
||||
## Docker
|
||||
|
||||
### Building a Docker image
|
||||
1. Create a clean Ubuntu 18.04 VM (not WSL).
|
||||
1. Copy the `build_scipts/` directory to `$HOME/` in the VM.
|
||||
1. On the VM, `cd $HOME/build_scripts`
|
||||
1. Run `sudo -v`.
|
||||
1. Execute `./build_docker.sh --package docker`. This will pull all necessary dependencies
|
||||
and build the Docker image.
|
||||
|
||||
NOTE: This script is intended to be run from a clean VM. You can also manually
|
||||
remove build artifacts by running `docker/clean.sh`
|
||||
|
||||
### Running the Docker Image
|
||||
The build script will produce a `.tgz` file in `./dist/`. See
|
||||
`docker/DOCKER_README.md` for instructions on running the docker image.
|
|
@ -0,0 +1 @@
|
|||
*.AppImage
|
|
@ -0,0 +1,29 @@
|
|||
#! /bin/bash
|
||||
|
||||
# Export APPRUN if running from an extracted image
|
||||
self="$(readlink -f -- $0)"
|
||||
here="${self%/*}"
|
||||
APPDIR="${APPDIR:-${here}}"
|
||||
|
||||
# Export TCl/Tk
|
||||
export TCL_LIBRARY="${APPDIR}/usr/share/tcltk/tcl8.4"
|
||||
export TK_LIBRARY="${APPDIR}/usr/share/tcltk/tk8.4"
|
||||
export TKPATH="${TK_LIBRARY}"
|
||||
|
||||
# Export SSL certificate
|
||||
export SSL_CERT_FILE="${APPDIR}/opt/_internal/certs.pem"
|
||||
|
||||
# Call the entry point
|
||||
for opt in "$@"
|
||||
do
|
||||
[ "${opt:0:1}" != "-" ] && break
|
||||
if [[ "${opt}" =~ "I" ]] || [[ "${opt}" =~ "E" ]]; then
|
||||
# Environment variables are disabled ($PYTHONHOME). Let's run in a safe
|
||||
# mode from the raw Python binary inside the AppImage
|
||||
"$APPDIR/opt/python3.7/bin/python3.7" "$@"
|
||||
exit "$?"
|
||||
fi
|
||||
done
|
||||
|
||||
(PYTHONHOME="${APPDIR}/opt/python3.7" exec "${APPDIR}/opt/python3.7/bin/python3.7" "${APPDIR}/usr/src/monkey_island.py" $@)
|
||||
exit "$?"
|
|
@ -0,0 +1,132 @@
|
|||
#!/bin/bash
|
||||
|
||||
LINUXDEPLOY_URL="https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage"
|
||||
PYTHON_VERSION="3.7.11"
|
||||
PYTHON_APPIMAGE_URL="https://github.com/niess/python-appimage/releases/download/python3.7/python${PYTHON_VERSION}-cp37-cp37m-manylinux1_x86_64.AppImage"
|
||||
APPIMAGE_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
||||
APPDIR="$APPIMAGE_DIR/squashfs-root"
|
||||
BUILD_DIR="$APPDIR/usr/src"
|
||||
|
||||
ICON_PATH="$BUILD_DIR/monkey_island/cc/ui/src/images/monkey-icon.svg"
|
||||
MONGO_PATH="$BUILD_DIR/monkey_island/bin/mongodb"
|
||||
|
||||
source "$APPIMAGE_DIR/../common.sh"
|
||||
|
||||
install_package_specific_build_prereqs() {
|
||||
log_message "Installing linuxdeploy"
|
||||
WORKSPACE_BIN_DIR="$1/bin"
|
||||
LINUXDEPLOY_BIN="$WORKSPACE_BIN_DIR/linuxdeploy"
|
||||
|
||||
mkdir -p "$WORKSPACE_BIN_DIR"
|
||||
curl -L -o "$LINUXDEPLOY_BIN" "$LINUXDEPLOY_URL"
|
||||
chmod u+x "$LINUXDEPLOY_BIN"
|
||||
|
||||
PATH=$PATH:$WORKSPACE_BIN_DIR
|
||||
}
|
||||
|
||||
setup_build_dir() {
|
||||
local agent_binary_dir=$1
|
||||
local monkey_repo=$2
|
||||
|
||||
pushd $APPIMAGE_DIR
|
||||
|
||||
setup_python_37_appdir
|
||||
|
||||
mkdir -p "$BUILD_DIR"
|
||||
|
||||
copy_monkey_island_to_build_dir "$monkey_repo/monkey" "$BUILD_DIR"
|
||||
copy_server_config_to_build_dir
|
||||
add_agent_binaries_to_build_dir "$agent_binary_dir" "$BUILD_DIR"
|
||||
|
||||
install_monkey_island_python_dependencies
|
||||
install_mongodb
|
||||
|
||||
generate_ssl_cert "$BUILD_DIR"
|
||||
build_frontend "$BUILD_DIR"
|
||||
|
||||
remove_python_appdir_artifacts
|
||||
|
||||
popd
|
||||
}
|
||||
|
||||
setup_python_37_appdir() {
|
||||
PYTHON_APPIMAGE="python${PYTHON_VERSION}_x86_64.AppImage"
|
||||
|
||||
log_message "downloading Python3.7 Appimage"
|
||||
curl -L -o "$PYTHON_APPIMAGE" "$PYTHON_APPIMAGE_URL"
|
||||
|
||||
chmod u+x "$PYTHON_APPIMAGE"
|
||||
|
||||
"./$PYTHON_APPIMAGE" --appimage-extract
|
||||
rm "$PYTHON_APPIMAGE"
|
||||
}
|
||||
|
||||
copy_server_config_to_build_dir() {
|
||||
cp "$APPIMAGE_DIR"/server_config.json.standard "$BUILD_DIR"/monkey_island/cc/server_config.json
|
||||
}
|
||||
|
||||
install_monkey_island_python_dependencies() {
|
||||
log_message "Installing island requirements"
|
||||
|
||||
log_message "Installing pipenv"
|
||||
"$APPDIR"/AppRun -m pip install pipenv || handle_error
|
||||
|
||||
requirements_island="$BUILD_DIR/monkey_island/requirements.txt"
|
||||
generate_requirements_from_pipenv_lock "$requirements_island"
|
||||
|
||||
log_message "Installing island python requirements"
|
||||
"$APPDIR"/AppRun -m pip install -r "${requirements_island}" --ignore-installed || handle_error
|
||||
}
|
||||
|
||||
generate_requirements_from_pipenv_lock () {
|
||||
local requirements_island=$1
|
||||
|
||||
log_message "Generating a requirements.txt file with 'pipenv lock -r'"
|
||||
pushd "$BUILD_DIR/monkey_island"
|
||||
"$APPDIR"/AppRun -m pipenv --python "$APPDIR/AppRun" lock -r > "$requirements_island" || handle_error
|
||||
popd
|
||||
}
|
||||
|
||||
|
||||
install_mongodb() {
|
||||
log_message "Installing MongoDB"
|
||||
|
||||
mkdir -p "$MONGO_PATH"
|
||||
"$BUILD_DIR/monkey_island/linux/install_mongo.sh" "${MONGO_PATH}" || handle_error
|
||||
}
|
||||
|
||||
remove_python_appdir_artifacts() {
|
||||
rm "$APPDIR"/python.png
|
||||
rm "$APPDIR"/python*.desktop
|
||||
rm "$APPDIR"/AppRun
|
||||
}
|
||||
|
||||
build_package() {
|
||||
local version=$1
|
||||
local dist_dir=$2
|
||||
|
||||
log_message "Building AppImage"
|
||||
pushd "$APPIMAGE_DIR"
|
||||
|
||||
ARCH="x86_64" linuxdeploy \
|
||||
--appdir "$APPIMAGE_DIR/squashfs-root" \
|
||||
--icon-file "$ICON_PATH" \
|
||||
--desktop-file "$APPIMAGE_DIR/infection-monkey.desktop" \
|
||||
--custom-apprun "$APPIMAGE_DIR/AppRun" \
|
||||
--deploy-deps-only="$MONGO_PATH/bin/mongod"\
|
||||
--output appimage
|
||||
|
||||
apply_version_to_appimage "$version"
|
||||
move_package_to_dist_dir $dist_dir
|
||||
|
||||
popd
|
||||
}
|
||||
|
||||
apply_version_to_appimage() {
|
||||
log_message "Renaming Infection_Monkey-x86_64.AppImage -> Infection_Monkey-$1-x86_64.AppImage"
|
||||
mv "Infection_Monkey-x86_64.AppImage" "Infection_Monkey-$1-x86_64.AppImage"
|
||||
}
|
||||
|
||||
move_package_to_dist_dir() {
|
||||
mv Infection_Monkey*.AppImage "$1/"
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
|
||||
# This is a utility script to clean up after a failed or successful AppImage build
|
||||
# in order to speed up development and debugging.
|
||||
|
||||
APPIMAGE_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
||||
|
||||
rm -rf "$HOME/git/monkey"
|
||||
rm -rf "$HOME/.monkey_island"
|
||||
rm -rf "$APPIMAGE_DIR/squashfs-root"
|
||||
rm "$APPIMAGE_DIR"/Infection_Monkey*x86_64.AppImage
|
||||
rm "$APPIMAGE_DIR/../dist/Infection_Monkey*x86_64.AppImage"
|
|
@ -0,0 +1,8 @@
|
|||
[Desktop Entry]
|
||||
Type=Application
|
||||
Name=Infection Monkey
|
||||
Exec=bash
|
||||
Comment=An automated breach and attack simulation platform
|
||||
Icon=monkey-icon
|
||||
Categories=Development;
|
||||
Terminal=true
|
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
"data_dir": "~/.monkey_island",
|
||||
"log_level": "DEBUG",
|
||||
"environment": {
|
||||
"server_config": "password",
|
||||
"deployment": "standard"
|
||||
},
|
||||
"mongodb": {
|
||||
"start_mongodb": true
|
||||
}
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
./build_package.sh --package appimage $@
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
./build_package.sh --package docker $@
|
|
@ -0,0 +1,204 @@
|
|||
WORKSPACE=${WORKSPACE:-$HOME}
|
||||
DEFAULT_REPO_MONKEY_HOME=$WORKSPACE/git/monkey
|
||||
MONKEY_ORIGIN_URL="https://github.com/guardicore/monkey.git"
|
||||
NODE_SRC=https://deb.nodesource.com/setup_12.x
|
||||
BUILD_SCRIPTS_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
||||
DIST_DIR="$BUILD_SCRIPTS_DIR/dist"
|
||||
|
||||
log_message() {
|
||||
echo -e "\n\n"
|
||||
echo -e "MONKEY ISLAND BUILDER: $1"
|
||||
}
|
||||
|
||||
exit_if_missing_argument() {
|
||||
if [ -z "$2" ] || [ "${2:0:1}" == "-" ]; then
|
||||
echo "Error: Argument for $1 is missing" >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
echo_help() {
|
||||
echo "usage: build_package.sh [--help] [--agent-binary-dir <PATH>] [--branch <BRANCH>]"
|
||||
echo " [--monkey-repo <PATH>] [--version <MONKEY_VERSION>]"
|
||||
echo ""
|
||||
echo "Creates a package for Infection Monkey."
|
||||
echo ""
|
||||
echo "--agent-binary-dir A directory containing the agent binaries that"
|
||||
echo " you'd like to include with the package. If this"
|
||||
echo " parameter is unspecified, the latest release"
|
||||
echo " binaries will be downloaded from GitHub."
|
||||
echo ""
|
||||
echo "--as-root Throw caution to the wind and allow this script"
|
||||
echo " to be run as root."
|
||||
echo ""
|
||||
echo "--branch The git branch you'd like the package to be"
|
||||
echo " built from. (Default: develop)"
|
||||
echo ""
|
||||
echo "--monkey-repo A directory containing the Infection Monkey git"
|
||||
echo " repository. If the directory is empty or does"
|
||||
echo " not exist, a new repo will be cloned from GitHub."
|
||||
echo " If the directory is already a valid GitHub repo,"
|
||||
echo " it will be used as-is and the --branch parameter"
|
||||
echo " will have no effect."
|
||||
echo " (Default: $DEFAULT_REPO_MONKEY_HOME)"
|
||||
echo ""
|
||||
echo "--version A version number for the package."
|
||||
echo " (Default: dev)"
|
||||
echo ""
|
||||
echo "--package Which package to build (\"appimage\" or \"docker.\")"
|
||||
|
||||
exit 0
|
||||
}
|
||||
|
||||
is_root() {
|
||||
return "$(id -u)"
|
||||
}
|
||||
|
||||
has_sudo() {
|
||||
# 0 true, 1 false
|
||||
sudo -nv > /dev/null 2>&1
|
||||
return $?
|
||||
}
|
||||
|
||||
handle_error() {
|
||||
echo "Fix the errors above and rerun the script"
|
||||
exit 1
|
||||
}
|
||||
|
||||
install_nodejs() {
|
||||
log_message "Installing nodejs"
|
||||
|
||||
curl -sL $NODE_SRC | sudo -E bash -
|
||||
sudo apt-get install -y nodejs
|
||||
}
|
||||
|
||||
install_common_build_prereqs() {
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade -y
|
||||
|
||||
# monkey island prereqs
|
||||
sudo apt-get install -y curl libcurl4 openssl git build-essential moreutils
|
||||
install_nodejs
|
||||
}
|
||||
|
||||
is_valid_git_repo() {
|
||||
pushd "$1" 2>/dev/null || return 1
|
||||
git status >/dev/null 2>&1
|
||||
success="$?"
|
||||
popd || exit 1
|
||||
|
||||
return $success
|
||||
}
|
||||
|
||||
clone_monkey_repo() {
|
||||
local repo_dir=$1
|
||||
local branch=$2
|
||||
|
||||
if [[ ! -d "$repo_dir" ]]; then
|
||||
mkdir -p "$repo_dir"
|
||||
fi
|
||||
|
||||
log_message "Cloning files from git"
|
||||
git clone -c core.autocrlf=false --single-branch --recurse-submodules -b "$branch" "$MONKEY_ORIGIN_URL" "$repo_dir" 2>&1 || handle_error
|
||||
}
|
||||
|
||||
install_build_prereqs() {
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade -y
|
||||
|
||||
# monkey island prereqs
|
||||
sudo apt-get install -y curl libcurl4 openssl git build-essential moreutils
|
||||
install_nodejs
|
||||
}
|
||||
|
||||
agent_binary_dir=""
|
||||
as_root=false
|
||||
branch="develop"
|
||||
monkey_repo="$DEFAULT_REPO_MONKEY_HOME"
|
||||
monkey_version="dev"
|
||||
package=""
|
||||
|
||||
|
||||
while (( "$#" )); do
|
||||
case "$1" in
|
||||
--agent-binary-dir)
|
||||
exit_if_missing_argument "$1" "$2"
|
||||
|
||||
agent_binary_dir=$2
|
||||
shift 2
|
||||
;;
|
||||
--as-root)
|
||||
as_root=true
|
||||
shift
|
||||
;;
|
||||
--branch)
|
||||
exit_if_missing_argument "$1" "$2"
|
||||
|
||||
branch=$2
|
||||
shift 2
|
||||
;;
|
||||
-h|--help)
|
||||
echo_help
|
||||
;;
|
||||
--monkey-repo)
|
||||
exit_if_missing_argument "$1" "$2"
|
||||
|
||||
monkey_repo=$2
|
||||
shift 2
|
||||
;;
|
||||
--version)
|
||||
exit_if_missing_argument "$1" "$2"
|
||||
|
||||
monkey_version=$2
|
||||
shift 2
|
||||
;;
|
||||
--package)
|
||||
exit_if_missing_argument "$1" "$2"
|
||||
|
||||
package=$2
|
||||
shift 2
|
||||
;;
|
||||
*)
|
||||
echo "Error: Unsupported parameter $1" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if ! [[ $package =~ ^(appimage|docker)$ ]]; then
|
||||
log_message "Invalid package: $package."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! $as_root && is_root; then
|
||||
log_message "Please don't run this script as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! has_sudo; then
|
||||
log_message "You need root permissions for some of this script operations. \
|
||||
Run \`sudo -v\`, enter your password, and then re-run this script."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log_message "Building Monkey Island: $package"
|
||||
|
||||
source "./$package/$package.sh"
|
||||
|
||||
if ! is_valid_git_repo "$monkey_repo"; then
|
||||
clone_monkey_repo "$monkey_repo" "$branch"
|
||||
fi
|
||||
|
||||
if [ ! -d "$DIST_DIR" ]; then
|
||||
mkdir "$DIST_DIR"
|
||||
fi
|
||||
|
||||
install_build_prereqs
|
||||
install_package_specific_build_prereqs "$WORKSPACE"
|
||||
|
||||
|
||||
setup_build_dir "$agent_binary_dir" "$monkey_repo"
|
||||
build_package "$monkey_version" "$DIST_DIR"
|
||||
|
||||
log_message "Finished building package: $package"
|
||||
exit 0
|
|
@ -0,0 +1,88 @@
|
|||
CONFIG_URL="https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/config"
|
||||
|
||||
copy_monkey_island_to_build_dir() {
|
||||
local src=$1
|
||||
local build_dir=$2
|
||||
|
||||
cp "$src"/__init__.py "$build_dir"
|
||||
cp "$src"/monkey_island.py "$build_dir"
|
||||
cp -r "$src"/common "$build_dir/"
|
||||
|
||||
rsync \
|
||||
-ar \
|
||||
--exclude=monkey_island/cc/ui/node_modules \
|
||||
--exclude=monkey_island/cc/ui/.npm \
|
||||
"$src"/monkey_island "$build_dir/"
|
||||
}
|
||||
|
||||
add_agent_binaries_to_build_dir() {
|
||||
local agent_binary_dir=$1
|
||||
local island_binaries_path="$2/monkey_island/cc/binaries/"
|
||||
|
||||
if [ -z "$agent_binary_dir" ]; then
|
||||
download_monkey_agent_binaries $island_binaries_path
|
||||
else
|
||||
copy_agent_binaries_to_build_dir "$agent_binary_dir" "$island_binaries_path"
|
||||
fi
|
||||
|
||||
make_linux_binaries_executable "$island_binaries_path"
|
||||
}
|
||||
|
||||
download_monkey_agent_binaries() {
|
||||
local island_binaries_path=$1
|
||||
log_message "Downloading monkey agent binaries to ${island_binaries_path}"
|
||||
|
||||
load_monkey_binary_config
|
||||
|
||||
mkdir -p "${island_binaries_path}" || handle_error
|
||||
curl -L -o "${island_binaries_path}/${LINUX_32_BINARY_NAME}" "${LINUX_32_BINARY_URL}"
|
||||
curl -L -o "${island_binaries_path}/${LINUX_64_BINARY_NAME}" "${LINUX_64_BINARY_URL}"
|
||||
curl -L -o "${island_binaries_path}/${WINDOWS_32_BINARY_NAME}" "${WINDOWS_32_BINARY_URL}"
|
||||
curl -L -o "${island_binaries_path}/${WINDOWS_64_BINARY_NAME}" "${WINDOWS_64_BINARY_URL}"
|
||||
}
|
||||
|
||||
load_monkey_binary_config() {
|
||||
tmpfile=$(mktemp)
|
||||
|
||||
log_message "Downloading prebuilt binary configuration"
|
||||
curl -L -s -o "$tmpfile" "$CONFIG_URL"
|
||||
|
||||
log_message "Loading configuration"
|
||||
source "$tmpfile"
|
||||
}
|
||||
|
||||
copy_agent_binaries_to_build_dir() {
|
||||
cp "$1"/* "$2/"
|
||||
}
|
||||
|
||||
make_linux_binaries_executable() {
|
||||
chmod a+x "$1"/monkey-linux-*
|
||||
}
|
||||
|
||||
generate_ssl_cert() {
|
||||
local island_path="$1/monkey_island"
|
||||
log_message "Generating certificate"
|
||||
|
||||
chmod u+x "$island_path"/linux/create_certificate.sh
|
||||
"$island_path"/linux/create_certificate.sh "$island_path"/cc
|
||||
}
|
||||
|
||||
build_frontend() {
|
||||
local ui_dir="$1/monkey_island/cc/ui"
|
||||
pushd "$ui_dir" || handle_error
|
||||
|
||||
log_message "Generating front end"
|
||||
npm ci
|
||||
npm run dist
|
||||
|
||||
popd || handle_error
|
||||
|
||||
remove_node_modules "$ui_dir"
|
||||
}
|
||||
|
||||
remove_node_modules() {
|
||||
# Node has served its purpose. We don't need to deliver the node modules with
|
||||
# the package.
|
||||
rm -rf "$1/node_modules"
|
||||
rm -rf "$1/.npm"
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
dk.monkeyisland*.tar
|
||||
infection_monkey_docker_*.tgz
|
||||
tgz/
|
|
@ -0,0 +1,21 @@
|
|||
# Infection Monkey
|
||||
|
||||
How to run Monkey Island from the docker file:
|
||||
|
||||
Note: Ports 5000 and 5001 must be available for the island to work.
|
||||
|
||||
## Setup
|
||||
|
||||
Run the following commands:
|
||||
|
||||
```sh
|
||||
sudo docker load -i dk.monkeyisland.MONKEY_VER_PLACEHOLDER.tar
|
||||
sudo docker pull mongo:4.2
|
||||
sudo mkdir -p /var/monkey-mongo/data/db
|
||||
sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo:4.2
|
||||
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:MONKEY_VER_PLACEHOLDER
|
||||
```
|
||||
|
||||
## Start Infecting
|
||||
|
||||
Open `https://<Server IP>:5000` using Google Chrome and follow the instructions. You can also visit [the Infection Monkey website](https://infectionmonkey.com) and read the in-depth Getting Started guides.
|
|
@ -0,0 +1,27 @@
|
|||
# Install python dependencies using the bitnami/python:3.7 image, which includes
|
||||
# development dependencies.
|
||||
FROM bitnami/python:3.7 as builder
|
||||
COPY ./monkey /monkey
|
||||
WORKDIR /monkey
|
||||
RUN virtualenv .
|
||||
RUN . bin/activate && \
|
||||
cd monkey_island && \
|
||||
pip install pipenv && \
|
||||
pipenv sync
|
||||
|
||||
|
||||
# Build the final application using the bitnami/python:3.7-prod image, which
|
||||
# does not include development dependencies.
|
||||
FROM bitnami/python:3.7-prod
|
||||
RUN apt-get update && apt-get install -y iputils-ping && apt-get clean
|
||||
COPY --from=builder /monkey /monkey
|
||||
WORKDIR /monkey
|
||||
EXPOSE 5000
|
||||
EXPOSE 5001
|
||||
RUN groupadd -r monkey-island && useradd --no-log-init -r -g monkey-island monkey-island
|
||||
RUN chmod 444 /monkey/monkey_island/cc/server.key
|
||||
RUN chmod 444 /monkey/monkey_island/cc/server.csr
|
||||
RUN chmod 444 /monkey/monkey_island/cc/server.crt
|
||||
RUN mkdir /monkey_island_data && chmod 700 /monkey_island_data && chown -R monkey-island:monkey-island /monkey_island_data
|
||||
USER monkey-island
|
||||
ENTRYPOINT ["/monkey/entrypoint.sh"]
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/bash
|
||||
|
||||
# This is a utility script to clean up after a failed or successful Docker
|
||||
# image build in order to speed up development and debugging
|
||||
|
||||
DOCKER_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
||||
|
||||
|
||||
rm -rf "$HOME/git/monkey"
|
||||
rm -rf "$DOCKER_DIR/monkey"
|
||||
rm -rf "$DOCKER_DIR/tgz"
|
||||
rm "$DOCKER_DIR"/dk.monkeyisland.*.tar
|
||||
rm "$DOCKER_DIR"/infection_monkey_docker*.tgz
|
||||
rm "$DOCKER_DIR"/../dist/infection_monkey_docker*.tgz
|
|
@ -0,0 +1,67 @@
|
|||
DOCKER_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
||||
OUTPUT_NAME_TGZ="$DOCKER_DIR/infection_monkey_docker_$(date +%Y%m%d_%H%M%S).tgz"
|
||||
|
||||
source "$DOCKER_DIR/../common.sh"
|
||||
|
||||
install_package_specific_build_prereqs() {
|
||||
sudo apt-get install -y docker.io
|
||||
}
|
||||
|
||||
setup_build_dir() {
|
||||
local agent_binary_dir=$1
|
||||
local monkey_repo=$2
|
||||
local build_dir=$DOCKER_DIR/monkey
|
||||
|
||||
mkdir "$build_dir"
|
||||
|
||||
copy_entrypoint_to_build_dir "$build_dir"
|
||||
|
||||
copy_monkey_island_to_build_dir "$monkey_repo/monkey" "$build_dir"
|
||||
copy_server_config_to_build_dir "$build_dir"
|
||||
add_agent_binaries_to_build_dir "$agent_binary_dir" "$build_dir"
|
||||
|
||||
generate_ssl_cert "$build_dir"
|
||||
|
||||
build_frontend "$build_dir"
|
||||
}
|
||||
|
||||
copy_entrypoint_to_build_dir() {
|
||||
cp "$DOCKER_DIR"/entrypoint.sh "$1"
|
||||
chmod 755 "$1/entrypoint.sh"
|
||||
}
|
||||
|
||||
copy_server_config_to_build_dir() {
|
||||
cp "$DOCKER_DIR"/server_config.json "$1"/monkey_island/cc
|
||||
}
|
||||
|
||||
build_package() {
|
||||
local version=$1
|
||||
local dist_dir=$2
|
||||
pushd ./docker
|
||||
|
||||
docker_image_name="guardicore/monkey-island:$version"
|
||||
tar_name="$DOCKER_DIR/dk.monkeyisland.$version.tar"
|
||||
|
||||
build_docker_image_tar "$docker_image_name" "$tar_name"
|
||||
build_docker_image_tgz "$tar_name" "$version"
|
||||
|
||||
move_package_to_dist_dir $dist_dir
|
||||
|
||||
popd
|
||||
}
|
||||
|
||||
build_docker_image_tar() {
|
||||
sudo docker build . -t "$1"
|
||||
sudo docker save "$1" > "$2"
|
||||
}
|
||||
|
||||
build_docker_image_tgz() {
|
||||
mkdir tgz
|
||||
mv "$1" ./tgz
|
||||
cp ./DOCKER_README.md ./tgz/README.md
|
||||
tar -C ./tgz -cvf "$OUTPUT_NAME_TGZ" --gzip .
|
||||
}
|
||||
|
||||
move_package_to_dist_dir() {
|
||||
mv $OUTPUT_NAME_TGZ "$1/"
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "$@"
|
||||
|
||||
source /monkey/bin/activate
|
||||
python /monkey/monkey_island.py "$@"
|
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
"data_dir": "/monkey_island_data",
|
||||
"log_level": "DEBUG",
|
||||
"environment": {
|
||||
"server_config": "password",
|
||||
"deployment": "docker"
|
||||
},
|
||||
"mongodb": {
|
||||
"start_mongodb": false
|
||||
}
|
||||
}
|
|
@ -1,2 +0,0 @@
|
|||
./validation-env
|
||||
./flake8_warnings.txt
|
|
@ -1,8 +0,0 @@
|
|||
# About
|
||||
|
||||
Run this script to validate your code locally and auto fix/format the problems before pushing.
|
||||
|
||||
# Usage
|
||||
|
||||
You've got to manually download swimm for swimm validation.
|
||||
run from `infection_monkey` directory: `powershell .\ci_scripts\validate.ps1`
|
|
@ -1,15 +0,0 @@
|
|||
[flake8]
|
||||
|
||||
## Check syntax errors and fail the build if any are found.
|
||||
exclude =
|
||||
../monkey/monkey_island/cc/ui,
|
||||
../monkey/common/cloud
|
||||
select =
|
||||
E901,
|
||||
E999,
|
||||
F821,
|
||||
F822,
|
||||
F823
|
||||
count = True
|
||||
show-source = True
|
||||
statistics = True
|
|
@ -1,5 +0,0 @@
|
|||
python -m venv validation-env
|
||||
.\validation-env\Scripts\activate.ps1
|
||||
python -m pip install -r .\requirements.txt
|
||||
npm i -g eslint
|
||||
deactivate
|
|
@ -1,6 +0,0 @@
|
|||
[isort]
|
||||
|
||||
# Possible options: https://pycqa.github.io/isort/docs/configuration/options/
|
||||
|
||||
known_first_party=common,infection_monkey,monkey_island
|
||||
skip=monkey/common/cloud/scoutsuite,monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/rule_path_creators_list.py,monkey/monkey_island/cc/ui,monkey/common/cloud/scoutsuite
|
|
@ -1,6 +0,0 @@
|
|||
flake8
|
||||
pytest
|
||||
dlint
|
||||
isort
|
||||
coverage
|
||||
black
|
|
@ -1,39 +0,0 @@
|
|||
.\ci_scripts\validation-env\Scripts\activate.ps1
|
||||
$ErrorActionPreference = "Stop"
|
||||
python -m pip install -r monkey/monkey_island/requirements.txt
|
||||
python -m pip install -r monkey/infection_monkey/requirements.txt
|
||||
flake8 ./monkey --config ./ci_scripts/flake8_syntax_check.cfg
|
||||
flake8 ./monkey --exit-zero --config ./ci_scripts/flake8_linter_check.cfg | Out-File -FilePath .\ci_scripts\flake8_warnings.txt
|
||||
Get-Content -Path .\ci_scripts\flake8_warnings.txt
|
||||
$PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT = 80
|
||||
if ((Get-Item -Path .\ci_scripts\flake8_warnings.txt | Get-Content -Tail 1) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT){
|
||||
"Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. "
|
||||
exit
|
||||
}
|
||||
python -m isort ./monkey -c --settings-file ./ci_scripts/isort.cfg
|
||||
if (!$?) {
|
||||
$confirmation = Read-Host "Isort found errors. Do you want to attmpt to fix them automatically? (y/n)"
|
||||
if ($confirmation -eq 'y') {
|
||||
python -m isort ./monkey --settings-file ./ci_scripts/isort.cfg
|
||||
}
|
||||
}
|
||||
Push-Location -Path ./monkey
|
||||
python ./monkey_island/cc/environment/set_server_config.py testing
|
||||
python -m pytest
|
||||
$lastCommandSucceeded = $?
|
||||
python ./monkey_island/cc/environment/set_server_config.py restore
|
||||
Pop-Location
|
||||
|
||||
if (!$lastCommandSucceeded) {
|
||||
exit
|
||||
}
|
||||
|
||||
Push-Location -Path .\monkey\monkey_island\cc\ui
|
||||
eslint ./src -c ./.eslintrc
|
||||
Pop-Location
|
||||
|
||||
swimm verify
|
||||
|
||||
Write-Host "Script finished. Press any key to continue"
|
||||
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
|
||||
deactivate
|
|
@ -1,2 +1,5 @@
|
|||
fixes:
|
||||
- "::monkey/"
|
||||
|
||||
github_checks:
|
||||
annotations: false
|
||||
|
|
|
@ -49,9 +49,9 @@ Then execute the resulting script with your shell.
|
|||
After downloading that script, execute it in a shell. The first argument should be an absolute path of an empty directory (the script will create one if doesn't exist, default is ./infection_monkey). The second parameter is the branch you want to clone (develop by default). Some example usages:
|
||||
|
||||
- `./deploy_linux.sh` (deploys under ./infection_monkey)
|
||||
- `./deploy_linux.sh "/home/test/monkey"` (deploys under /home/test/monkey)
|
||||
- `./deploy_linux.sh /home/test/monkey` (deploys under /home/test/monkey)
|
||||
- `./deploy_linux.sh "" "master"` (deploys master branch in script directory)
|
||||
- `./deploy_linux.sh "/home/user/new" "master"` (if directory "new" is not found creates it and clones master branch into it)
|
||||
- `./deploy_linux.sh /home/user/new "master"` (if directory "new" is not found creates it and clones master branch into it)
|
||||
|
||||
You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries.
|
||||
|
||||
|
@ -59,7 +59,35 @@ You may also pass in an optional third `false` parameter to disable downloading
|
|||
|
||||
After the `deploy_linux.sh` script completes, you can start the monkey island.
|
||||
|
||||
Note: You'll need to run the commands below in a new shell in order to ensure
|
||||
your PATH environment variable is up to date.
|
||||
|
||||
```sh
|
||||
cd infection_monkey/monkey
|
||||
./monkey_island/linux/run.sh
|
||||
cd infection_monkey/monkey/monkey_island
|
||||
pipenv run python ../monkey_island.py
|
||||
```
|
||||
|
||||
## Pre-commit hooks
|
||||
|
||||
Both the Linux and Windows deployment scrips will install and configure
|
||||
[pre-commit](https://pre-commit.com/). Pre-commit is a multi-language package
|
||||
manager for pre-commit hooks. It will run a set of checks when you attempt to
|
||||
commit. If your commit does not pass all checks, it will be reformatted and/or
|
||||
you'll be given a list of errors and warnings that need to be fixed before you
|
||||
can commit.
|
||||
|
||||
Our CI system runs the same checks when pull requests are submitted. This
|
||||
system may report that the build has failed if the pre-commit hooks have not
|
||||
been run or all issues have not been resolved.
|
||||
|
||||
### Manually installing pre-commit
|
||||
|
||||
To install and configure pre-commit manually, run `pip install --user
|
||||
pre-commit`. Next, go to the top level directory of this repository and run
|
||||
`pre-commit install -t pre-commit -t pre-push` Now, pre-commit will automatically run whenever you `git commit`.
|
||||
|
||||
## Swimm
|
||||
|
||||
Infection Monkey has development tutorials that use [`swimm.io`](https://swimm.io/) to help teach new developers how to perform common code tasks in the Infection Monkey codebase and accelerate the ramp-up process. The tutorials include adding new configuration values, new system info collectors and more.
|
||||
|
||||
In order to pass the pre-commit checks, you'll have to [install Swimm successfully](https://www.guardicore.com/infectionmonkey/docs/development/swimm/). Both the Linux and Windows deployment scrips will install [Swimm](https://swimm.io/), but you'll have to sign up [here](https://swimm.io/sign-beta) to complete the process.
|
||||
|
|
|
@ -43,3 +43,6 @@ export TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/d
|
|||
|
||||
export SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner64.so"
|
||||
export SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner32.so"
|
||||
|
||||
# Swimm
|
||||
export SWIMM_URL=https://github.com/swimmio/SwimmReleases/releases/download/v0.4.4-0/Swimm_0.4.4-0_Setup.deb
|
||||
|
|
|
@ -46,3 +46,4 @@ $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
|
|||
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
|
||||
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
|
||||
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
|
||||
$SWIMM_URL="https://github.com/swimmio/SwimmReleases/releases/download/v0.4.4-0/Swimm-Setup-0.4.4-0.exe"
|
||||
|
|
|
@ -23,6 +23,13 @@ log_message() {
|
|||
echo -e "DEPLOYMENT SCRIPT: $1"
|
||||
}
|
||||
|
||||
configure_precommit() {
|
||||
$1 -m pip install --user pre-commit
|
||||
pushd "$2"
|
||||
$HOME/.local/bin/pre-commit install -t pre-commit -t pre-push
|
||||
popd
|
||||
}
|
||||
|
||||
if is_root; then
|
||||
log_message "Please don't run this script as root"
|
||||
exit 1
|
||||
|
@ -84,9 +91,9 @@ fi
|
|||
|
||||
log_message "Cloning files from git"
|
||||
branch=${2:-"develop"}
|
||||
log_message "Branch selected: ${branch}"
|
||||
if [[ ! -d "$monkey_home/monkey" ]]; then # If not already cloned
|
||||
git clone --single-branch --recurse-submodules -b "$branch" "${MONKEY_GIT_URL}" "${monkey_home}" 2>&1 || handle_error
|
||||
chmod 774 -R "${monkey_home}"
|
||||
fi
|
||||
|
||||
# Create folders
|
||||
|
@ -110,7 +117,7 @@ if [[ ${python_cmd} == "" ]]; then
|
|||
log_message "Python 3.7 command not found. Installing python 3.7."
|
||||
sudo add-apt-repository ppa:deadsnakes/ppa
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y python3.7 python3.7-dev
|
||||
sudo apt-get install -y python3.7 python3.7-dev python3.7-venv
|
||||
log_message "Python 3.7 is now available with command 'python3.7'."
|
||||
python_cmd="python3.7"
|
||||
fi
|
||||
|
@ -132,14 +139,22 @@ fi
|
|||
${python_cmd} get-pip.py
|
||||
rm get-pip.py
|
||||
|
||||
log_message "Installing pipenv"
|
||||
${python_cmd} -m pip install --user -U pipx
|
||||
${python_cmd} -m pipx ensurepath
|
||||
source ~/.profile
|
||||
pipx install pipenv
|
||||
|
||||
log_message "Installing island requirements"
|
||||
requirements_island="$ISLAND_PATH/requirements.txt"
|
||||
${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error
|
||||
pushd $ISLAND_PATH
|
||||
pipenv install --dev
|
||||
popd
|
||||
|
||||
log_message "Installing monkey requirements"
|
||||
sudo apt-get install -y libffi-dev upx libssl-dev libc++1
|
||||
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
|
||||
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
|
||||
pushd $INFECTION_MONKEY_DIR
|
||||
pipenv install --dev
|
||||
popd
|
||||
|
||||
agents=${3:-true}
|
||||
# Download binaries
|
||||
|
@ -223,7 +238,21 @@ else
|
|||
curl -o ${MONKEY_BIN_DIR}/traceroute32 ${TRACEROUTE_32_BINARY_URL}
|
||||
fi
|
||||
|
||||
# Download Swimm
|
||||
log_message "Downloading swimm"
|
||||
if exists wget; then
|
||||
wget ${SWIMM_URL} -O $HOME/swimm
|
||||
else
|
||||
curl ${SWIMM_URL} -o $HOME/swimm
|
||||
fi
|
||||
|
||||
log_message "Installing swimm"
|
||||
sudo dpkg -i $HOME/swimm || (sudo apt-get update && sudo apt-get -f install)
|
||||
rm $HOME/swimm
|
||||
|
||||
sudo chmod +x "${INFECTION_MONKEY_DIR}/build_linux.sh"
|
||||
|
||||
configure_precommit ${python_cmd} ${monkey_home}
|
||||
|
||||
log_message "Deployment script finished."
|
||||
exit 0
|
||||
|
|
|
@ -9,6 +9,35 @@ param(
|
|||
[Bool]
|
||||
$agents = $true
|
||||
)
|
||||
|
||||
function Configure-precommit([String] $git_repo_dir)
|
||||
{
|
||||
Write-Output "Installing pre-commit and setting up pre-commit hook"
|
||||
Push-Location $git_repo_dir
|
||||
python -m pip install pre-commit
|
||||
if ($LastExitCode) {
|
||||
exit
|
||||
}
|
||||
pre-commit install -t pre-commit -t pre-push
|
||||
if ($LastExitCode) {
|
||||
exit
|
||||
}
|
||||
Pop-Location
|
||||
|
||||
# Set env variable to skip Swimm verification during pre-commit, Windows not supported yet
|
||||
$skipValue = [System.Environment]::GetEnvironmentVariable('SKIP', [System.EnvironmentVariableTarget]::User)
|
||||
if ($skipValue) { # if `SKIP` is not empty
|
||||
if (-Not ($skipValue -split ',' -contains 'swimm-verify')) { # if `SKIP` doesn't already have "swimm-verify"
|
||||
[System.Environment]::SetEnvironmentVariable('SKIP', $env:SKIP + ',swimm-verify', [System.EnvironmentVariableTarget]::User)
|
||||
}
|
||||
}
|
||||
else {
|
||||
[System.Environment]::SetEnvironmentVariable('SKIP', 'swimm-verify', [System.EnvironmentVariableTarget]::User)
|
||||
}
|
||||
|
||||
Write-Output "Pre-commit successfully installed"
|
||||
}
|
||||
|
||||
function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, [String] $branch = "develop")
|
||||
{
|
||||
Write-Output "Downloading to $monkey_home"
|
||||
|
@ -109,15 +138,21 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
return
|
||||
}
|
||||
|
||||
"Installing pipx"
|
||||
pip install --user -U pipx
|
||||
pipx ensurepath
|
||||
pipx install pipenv
|
||||
|
||||
"Installing python packages for island"
|
||||
$islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop
|
||||
& python -m pip install --user -r $islandRequirements
|
||||
Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) -ErrorAction Stop
|
||||
pipenv install --dev
|
||||
Pop-Location
|
||||
"Installing python packages for monkey"
|
||||
$monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements.txt"
|
||||
& python -m pip install --user -r $monkeyRequirements
|
||||
"Installing python packages for ScoutSuite"
|
||||
$scoutsuiteRequirements = Join-Path -Path $monkey_home -ChildPath $SCOUTSUITE_DIR | Join-Path -ChildPath "\requirements.txt"
|
||||
& python -m pip install --user -r $scoutsuiteRequirements
|
||||
Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR) -ErrorAction Stop
|
||||
pipenv install --dev
|
||||
Pop-Location
|
||||
|
||||
Configure-precommit($monkey_home)
|
||||
|
||||
$user_python_dir = cmd.exe /c 'py -m site --user-site'
|
||||
$user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts"
|
||||
|
@ -141,7 +176,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
} | Select-Object -ExpandProperty Name
|
||||
# Move all files from extracted folder to mongodb folder
|
||||
New-Item -ItemType directory -Path (Join-Path -Path $binDir -ChildPath "mongodb")
|
||||
New-Item -ItemType directory -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "db")
|
||||
"Moving extracted files"
|
||||
Move-Item -Path (Join-Path -Path $binDir -ChildPath $mongodb_folder | Join-Path -ChildPath "\bin\*") -Destination (Join-Path -Path $binDir -ChildPath "mongodb\")
|
||||
"Removing zip file"
|
||||
|
@ -244,6 +278,13 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
$webClient.DownloadFile($SAMBA_64_BINARY_URL, $samba64_path)
|
||||
}
|
||||
|
||||
# Get Swimm
|
||||
"Downloading Swimm..."
|
||||
$swimm_filename = Join-Path -Path $HOME -ChildPath "swimm.exe"
|
||||
$webClient.DownloadFile($SWIMM_URL, $swimm_filename)
|
||||
Start-Process $swimm_filename
|
||||
|
||||
|
||||
"Script finished"
|
||||
|
||||
}
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
*.md
|
|
@ -1,24 +0,0 @@
|
|||
FROM debian:stretch-slim
|
||||
|
||||
LABEL MAINTAINER="theonlydoo <theonlydoo@gmail.com>"
|
||||
|
||||
ARG RELEASE=1.8.0
|
||||
ARG DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
EXPOSE 5000
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
ADD https://github.com/guardicore/monkey/releases/download/${RELEASE}/infection_monkey_deb.${RELEASE}.tgz .
|
||||
|
||||
RUN tar xvf infection_monkey_deb.${RELEASE}.tgz \
|
||||
&& apt-get -yqq update \
|
||||
&& apt-get -yqq upgrade \
|
||||
&& apt-get -yqq install python-pip \
|
||||
python-dev \
|
||||
&& dpkg -i *.deb \
|
||||
&& rm -f *.deb *.tgz
|
||||
|
||||
WORKDIR /var/monkey
|
||||
ENTRYPOINT ["/var/monkey/monkey_island/bin/python/bin/python"]
|
||||
CMD ["/var/monkey/monkey_island.py"]
|
|
@ -1,11 +0,0 @@
|
|||
# Improvements needed
|
||||
|
||||
* Remove embedded mongodb from .deb, it forbids installation on a `debian:stretch` distro.
|
||||
* Package monkey for system's python usage.
|
||||
* Fix package number: (I installed the 1.5.2)
|
||||
```
|
||||
ii gc-monkey-island 1.0 amd64 Guardicore Infection Monkey Island installation package
|
||||
```
|
||||
* Use .deb dependencies for mongodb setup?
|
||||
* Use docker-compose for stack construction.
|
||||
* Remove the .sh script from the systemd unit file (`/var/monkey_island/ubuntu/systemd/start_server.sh`) which only does a `cd && localpython run`
|
|
@ -1,22 +0,0 @@
|
|||
version: '3.3'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mongo:4
|
||||
restart: always
|
||||
volumes:
|
||||
- db_data:/data/db
|
||||
environment:
|
||||
MONGO_INITDB_DATABASE: monkeyisland
|
||||
monkey:
|
||||
depends_on:
|
||||
- db
|
||||
build: .
|
||||
image: monkey:latest
|
||||
ports:
|
||||
- "5000:5000"
|
||||
environment:
|
||||
MONGO_URL: mongodb://db:27017/monkeyisland
|
||||
|
||||
volumes:
|
||||
db_data:
|
|
@ -1,2 +1,2 @@
|
|||
baseURL = "https://www.guardicore.com/infectionmonkey/docs"
|
||||
baseURL = "https://www.guardicore.com/infectionmonkey/docs/"
|
||||
canonifyURLs = true
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
|
||||
baseURL = "http://staging-infectionmonkey.temp312.kinsta.cloud/docs/"
|
||||
canonifyURLs = true
|
||||
|
|
|
@ -5,85 +5,123 @@ draft: false
|
|||
pre: "<i class='fas fa-question'></i> "
|
||||
---
|
||||
|
||||
Here are some of the most common questions we receive about the Infection Monkey. If the answer you're looking for isn't here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/join/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
|
||||
Below are some of the most common questions we receive about the Infection Monkey. If the answer you're looking for isn't here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/join/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
|
||||
|
||||
- [Where can I get the latest Monkey version?](#where-can-i-get-the-latest-monkey-version)
|
||||
- [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit)
|
||||
- [How to reset the password?](#how-to-reset-the-password)
|
||||
- [Should I run the Monkey continuously?](#should-i-run-the-monkey-continuously)
|
||||
- [Which queries does Monkey perform to the Internet exactly?](#which-queries-does-monkey-perform-to-the-internet-exactly)
|
||||
- [Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?](#where-can-i-find-the-log-files-of-the-monkey-and-the-monkey-island-and-how-can-i-read-them)
|
||||
- [Monkey Island](#monkey-island)
|
||||
- [Monkey agent](#monkey-agent)
|
||||
- [Running the Monkey in a production environment](#running-the-monkey-in-a-production-environment)
|
||||
- [How much of a footprint does the Monkey leave?](#how-much-of-a-footprint-does-the-monkey-leave)
|
||||
- [What's the Monkey's impact on system resources usage?](#whats-the-monkeys-impact-on-system-resources-usage)
|
||||
- [Is it safe to use real passwords and usernames in the Monkey's configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-monkeys-configuration)
|
||||
- [Where can I get the latest version of the Infection Monkey?](#where-can-i-get-the-latest-version-of-the-infection-monkey)
|
||||
- [How long does a single Infection Monkey agent run? Is there a time limit?](#how-long-does-a-single-infection-monkey-agent-run-is-there-a-time-limit)
|
||||
- [Is the Infection Monkey a malware/virus?](#is-infection-monkey-a-malwarevirus)
|
||||
- [Reset/enable the Monkey Island password](#resetenable-the-monkey-island-password)
|
||||
- [Should I run the Infection Monkey continuously?](#should-i-run-the-infection-monkey-continuously)
|
||||
- [Which queries does the Infection Monkey perform to the internet exactly?](#which-queries-does-the-infection-monkey-perform-to-the-internet-exactly)
|
||||
- [Logging and how to find logs](#logging-and-how-to-find-logs)
|
||||
- [Monkey Island server](#monkey-island-server)
|
||||
- [Infection Monkey agent](#infection-monkey-agent)
|
||||
- [How do I change the log level of the Monkey Island logger?](#how-do-i-change-the-log-level-of-the-monkey-island-logger)
|
||||
- [Running the Infection Monkey in a production environment](#running-the-infection-monkey-in-a-production-environment)
|
||||
- [How much of a footprint does the Infection Monkey leave?](#how-much-of-a-footprint-does-the-infection-monkey-leave)
|
||||
- [What's the Infection Monkey's impact on system resources usage?](#whats-the-infection-monkeys-impact-on-system-resources-usage)
|
||||
- [Is it safe to use real passwords and usernames in the Infection Monkey's configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-infection-monkeys-configuration)
|
||||
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
|
||||
- [How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-monkey-will-the-monkey-crash-my-systems-with-its-exploits)
|
||||
- [After I've set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey)
|
||||
- [How can I make the monkey propagate “deeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network)
|
||||
- [The report returns a blank screen](#the-report-returns-a-blank-screen)
|
||||
- [How stable are the exploitations used by the Infection Monkey? Will the Infection Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-infection-monkey-will-the-infection-monkey-crash-my-systems-with-its-exploits)
|
||||
- [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent)
|
||||
- [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network)
|
||||
- [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen)
|
||||
- [How can I get involved with the project?](#how-can-i-get-involved-with-the-project)
|
||||
|
||||
## Where can I get the latest Monkey version?
|
||||
## Where can I get the latest version of the Infection Monkey?
|
||||
|
||||
For the latest **stable** release for users, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
|
||||
For the latest **stable** release, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
|
||||
|
||||
If you want to see what has changed between versions, refer to the [releases page on GitHub](https://github.com/guardicore/monkey/releases). For the latest development version, visit the [develop version on GitHub](https://github.com/guardicore/monkey/tree/develop).
|
||||
|
||||
## How long does a single Monkey run for? Is there a time limit?
|
||||
## How long does a single Infection Monkey agent run? Is there a time limit?
|
||||
|
||||
The Monkey shuts off either when it can't find new victims, or when it has exceeded the quota of victims as defined in the configuration.
|
||||
The Infection Monkey agent shuts off either when it can't find new victims or it has exceeded the quota of victims as defined in the configuration.
|
||||
|
||||
## How to reset the password?
|
||||
## Is the Infection Monkey a malware/virus?
|
||||
|
||||
On your first access of Monkey Island server, you'll be prompted to create an account. If you forgot the credentials you
|
||||
entered or just want to change them, you need to manually alter the `server_config.json` file. On Linux, this file is
|
||||
located on `/var/monkey/monkey_island/cc/server_config.json`. On windows, it's based on your install directory (typically
|
||||
`C:\Program Files\Guardicore\Monkey Island\monkey_island\cc\server_config.json`). Reset the contents of this file
|
||||
leaving the **deployment option unchanged** (it might be "vmware" or "linux" in your case):
|
||||
The Infection Monkey is not malware, but it uses similar techniques to safely
|
||||
simulate malware on your network.
|
||||
|
||||
Because of this, the Infection Monkey gets flagged as malware by some antivirus
|
||||
solutions during installation. If this happens, [verify the integrity of the
|
||||
downloaded installer](/usage/file-checksums) first. Then, create a new folder
|
||||
and disable antivirus scan for that folder. Lastly, re-install the Infection
|
||||
Monkey in the newly created folder.
|
||||
|
||||
## Reset/enable the Monkey Island password
|
||||
|
||||
When you first access the Monkey Island server, you'll be prompted to create an account.
|
||||
To reset the credentials or enable/disable the authentication,
|
||||
edit the `server_config.json` file manually
|
||||
(located in the [data directory](/reference/data_directory)).
|
||||
|
||||
In order to reset the credentials, the following edits need to be made:
|
||||
1. Delete the `user` field if one exists. It will look like this:
|
||||
```json
|
||||
{
|
||||
"server_config": "password",
|
||||
"deployment": "windows"
|
||||
...
|
||||
"user": "username",
|
||||
...
|
||||
}
|
||||
```
|
||||
Then reset the Island process (`sudo systemctl restart monkey-island.service` for linux, restart program for windows).
|
||||
Finally, go to the Island's URL and create a new account.
|
||||
1. Delete the `password_hash` field if one exists. It will look like this:
|
||||
```json
|
||||
{
|
||||
...
|
||||
"password_hash": "$2b$12$d050I/MsR5.F5E15Sm7EkunmmwMkUKaZE0P0tJXG.M9tF.Kmkd342",
|
||||
...
|
||||
}
|
||||
```
|
||||
1. Set `server_config` to `password`. It should look like this:
|
||||
```json
|
||||
{
|
||||
...
|
||||
"environment": {
|
||||
...
|
||||
"server_config": "password",
|
||||
...
|
||||
},
|
||||
...
|
||||
}
|
||||
```
|
||||
Then, reset the Monkey Island process.
|
||||
On Linux, use `sudo systemctl restart monkey-island.service`.
|
||||
On Windows, restart the program.
|
||||
Finally, go to the Monkey Island's URL and create a new account.
|
||||
|
||||
## Should I run the Monkey continuously?
|
||||
## Should I run the Infection Monkey continuously?
|
||||
|
||||
Yes! This will allow you to verify that no new security issues were identified by the Monkey since the last time you ran it.
|
||||
Yes! This will allow you to verify that the Infection Monkey identified no new security issues since the last time you ran it.
|
||||
|
||||
Does the Infection Monkey require a connection to the Internet?
|
||||
Does the Infection Monkey require a connection to the internet?
|
||||
|
||||
The Infection Monkey does not require internet access to function.
|
||||
|
||||
If internet access is available, the Monkey will use the Internet for two purposes:
|
||||
If internet access is available, the Infection Monkey will use the internet for two purposes:
|
||||
|
||||
- To check for updates.
|
||||
- To check if machines can reach the internet.
|
||||
|
||||
### Which queries does Monkey perform to the Internet exactly?
|
||||
### Exactly what internet queries does the Infection Monkey perform?
|
||||
|
||||
The Monkey performs queries out to the Internet on two separate occasions:
|
||||
|
||||
1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `updates.infectionmonkey.com` and `www.google.com`. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
|
||||
1. After installation of the Monkey Island, the Monkey Island sends a request to check for updates. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g. Windows Server, Debian Package, AWS Marketplace, etc.) and the server's version (e.g. "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However due to the anonymous nature of this data we use this to get an aggregate assumption as to how many deployments we see over a specific time period - no "personal" tracking.
|
||||
1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `monkey.guardicore.com` and `www.google.com`, which can be changed. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
|
||||
1. After installing the Monkey Island, it sends a request to check for updates on `updates.infectionmonkey.com`. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g., Windows Server, Debian Package, AWS Marketplace) and the server's version (e.g., "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However, due to this data's anonymous nature, we use this to get an aggregate assumption of how many deployments we see over a specific time period - it's not used for "personal" tracking.
|
||||
|
||||
## Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?
|
||||
## Logging and how to find logs
|
||||
|
||||
### Monkey Island
|
||||
### Monkey Island server logs
|
||||
|
||||
The Monkey Island's log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal logfile”, like so:
|
||||
You can download the Monkey Island's log file directly from the UI. Click the "log" section and choose **Download Monkey Island internal logfile**, like so:
|
||||
|
||||
![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
|
||||
|
||||
It can also be found as a local file on the Monkey Island server, where the Monkey Island was executed, called `info.log`.
|
||||
It can also be found as a local file on the Monkey Island server system in the specified
|
||||
[data directory](/reference/data_directory).
|
||||
|
||||
The log enables you to see which requests were requested from the server, and extra logs from the backend logic. The log will contain entries like these ones for example:
|
||||
The log enables you to see which requests were requested from the server and extra logs from the backend logic. The log will contain entries like these:
|
||||
|
||||
```log
|
||||
2019-07-23 10:52:23,927 - wsgi.py:374 - _log() - INFO - 200 GET /api/local-monkey (10.15.1.75) 17.54ms
|
||||
|
@ -91,14 +129,14 @@ The log enables you to see which requests were requested from the server, and ex
|
|||
2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting
|
||||
```
|
||||
|
||||
### Monkey agent
|
||||
### Infection Monkey agent logs
|
||||
|
||||
The Monkey log file can be found in the following paths on machines where it was executed:
|
||||
The Infection Monkey agent log file can be found in the following paths on machines where it was executed:
|
||||
|
||||
- Path on Linux: `/tmp/user-1563`
|
||||
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||
|
||||
The logs contain information about the internals of the Monkey's execution. The log will contain entries like these ones for example:
|
||||
The logs contain information about the internals of the Infection Monkey agent's execution. The log will contain entries like these:
|
||||
|
||||
```log
|
||||
2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
|
||||
|
@ -114,67 +152,87 @@ The logs contain information about the internals of the Monkey's execution. The
|
|||
2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
|
||||
```
|
||||
|
||||
## Running the Monkey in a production environment
|
||||
### How do I change the log level of the Monkey Island logger?
|
||||
|
||||
### How much of a footprint does the Monkey leave?
|
||||
The log level of the Monkey Island logger is set in the `log_level` field
|
||||
in the `server_config.json` file (located in the [data directory](/reference/data_directory)).
|
||||
Make sure to leave everything else in `server_config.json` unchanged:
|
||||
|
||||
The Monkey leaves hardly any trace on the target system. It will leave:
|
||||
```json
|
||||
{
|
||||
...
|
||||
"log_level": "DEBUG",
|
||||
...
|
||||
}
|
||||
```
|
||||
|
||||
Logging levels correspond to [the logging level constants in python](https://docs.python.org/3.7/library/logging.html#logging-levels).
|
||||
|
||||
To apply the changes, reset the Monkey Island process.
|
||||
On Linux, use `sudo systemctl restart monkey-island.service`.
|
||||
On Windows, restart the program.
|
||||
|
||||
## Running the Infection Monkey in a production environment
|
||||
|
||||
### How much of a footprint does the Infection Monkey leave?
|
||||
|
||||
The Infection Monkey leaves hardly any trace on the target system. It will leave:
|
||||
|
||||
- Log files in the following locations:
|
||||
- Path on Linux: `/tmp/user-1563`
|
||||
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||
|
||||
### What's the Monkey's impact on system resources usage?
|
||||
### What's the Infection Monkey's impact on system resources usage?
|
||||
|
||||
The Infection Monkey uses less than single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
|
||||
The Infection Monkey uses less than a single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Infection Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
|
||||
|
||||
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or via [opening an issue on GitHub](https://github.com/guardicore/monkey).
|
||||
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or [open an issue on GitHub](https://github.com/guardicore/monkey).
|
||||
|
||||
### Is it safe to use real passwords and usernames in the Monkey's configuration?
|
||||
### Is it safe to use real passwords and usernames in the Infection Monkey's configuration?
|
||||
|
||||
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island.
|
||||
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is accessible only to users that have access to the specific Monkey Island.
|
||||
|
||||
We advise to limit access to the Monkey Island server by following our [password protection guide](../usage/island/password-guide).
|
||||
We advise users to limit access to the Monkey Island server by following our [password protection guide]({{< ref "/setup/accounts-and-security" >}}).
|
||||
|
||||
### How do you store sensitive information on Monkey Island?
|
||||
|
||||
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island's database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines.
|
||||
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island's database in an encrypted fashion. This data is transmitted to the Infection Monkey agents in an encrypted fashion (HTTPS) and is not stored locally on victim machines.
|
||||
|
||||
When you reset the Monkey Island configuration, the Monkey Island wipes the information.
|
||||
|
||||
### How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?
|
||||
### How stable are the exploits used by the Infection Monkey? Will the Infection Monkey crash my systems with its exploits?
|
||||
|
||||
The Monkey does not use any exploits or attacks that may impact the victim system.
|
||||
The Infection Monkey does not use any exploits or attacks that may impact the victim system.
|
||||
|
||||
This means we avoid using some very strong (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we aren't using it.
|
||||
This means we avoid using some powerful (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact, but, because it may crash a production system, we aren't using it.
|
||||
|
||||
## After I've set up Monkey Island, how can I execute the Monkey?
|
||||
## After I've set up Monkey Island, how can I execute the Infection Monkey agent?
|
||||
|
||||
See our detailed [getting started](../content/usage/getting-started) guide.
|
||||
See our detailed [getting started]({{< ref "/usage/getting-started" >}}) guide.
|
||||
|
||||
## How can I make the monkey propagate “deeper” into the network?
|
||||
## How can I make the Infection Monkey agent propagate “deeper” into the network?
|
||||
|
||||
If you wish to simulate a very “deep” attack into your network, you can try to increase the *propagation depth* parameter in the configuration. This parameter tells the Monkey how far to propagate into your network from the “patient zero” machine in which it was launched manually.
|
||||
If you wish to simulate a very “deep” attack into your network, you can increase the *propagation depth* parameter in the configuration. This parameter tells the Infection Monkey how far to propagate into your network from the “patient zero” machine.
|
||||
|
||||
To do this, change the “Distance from Island” parameter in the “Basic - Network” tab of the configuration:
|
||||
To do this, change the *Distance from Island* parameter in the “Basic - Network” tab of the configuration:
|
||||
|
||||
![How to increase propagation depth](/images/faq/prop_depth.png "How to increase propagation depth")
|
||||
|
||||
## The report returns a blank screen
|
||||
## What if the report returns a blank screen?
|
||||
|
||||
This is sometimes caused when Monkey Island is installed with an old version of MongoDB. Make sure your MongoDB version is up to date using the `mongod --version` command on Linux or the `mongod -version` command on Windows. If your version is older than **4.0.10**, this might be the problem. To update your Mongo version:
|
||||
|
||||
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/).
|
||||
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of mongodb using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Island again and everything should work.
|
||||
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/).
|
||||
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of MongoDB using the [official MongoDB manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Monkey Island again and everything should work.
|
||||
|
||||
## How can I get involved with the project?
|
||||
|
||||
The Monkey is an open-source project, and we weclome contributions and contributors. Check out the [contribution documentation](../development) for more information.
|
||||
Infection Monkey is an open-source project, and we welcome contributions and contributors. Check out the [contribution documentation]({{< ref "/development" >}}) for more information.
|
||||
|
||||
## About the project 🐵
|
||||
|
||||
### How did you come up with the Infection Monkey?
|
||||
|
||||
Oddly enough, the idea of proactively breaking the network to test its survival wasn't born in the security industry. In 2011, the streaming giant Netflix released Chaos Monkey, a tool that was designed to randomly disable the company's production servers to verify they could survive network failures without any customer impact. Netflix's Chaos Monkey became a popular network resilience tool, breaking the network in a variety of failure modes, including connectivity issues, invalid SSL certificates and randomly deleting VMs.
|
||||
Oddly enough, the idea of proactively breaking a network to test its survival wasn't born in the security industry. In 2011, the streaming giant Netflix released Chaos Monkey, a tool designed to randomly disable the company's production servers to verify that they could survive network failures without any customer impact. Netflix's Chaos Monkey became a popular network resilience tool, breaking the network in a variety of failure modes, including connectivity issues, invalid SSL certificates and randomly deleting VMs.
|
||||
|
||||
Inspired by this concept, Guardicore Labs developed its own attack simulator - Infection Monkey - to run non-intrusively within existing production environments. The idea was to test the resiliency of modern data centers against attack and give security teams the insights they need to make informed decisions and enforce tighter security policies. Since its launch in 2017 (?) the Infection Monkey has been used by hundreds of information technology teams from across the world to find weaknesses in their on-premises and cloud-based data centers.
|
||||
Inspired by this concept, Guardicore Labs developed its own attack simulator - the Infection Monkey - to run non-intrusively within existing production environments. The idea was to test the resiliency of modern data centers against attacks and give security teams the insights they need to make informed decisions and enforce tighter security policies. Since its launch in 2017, the Infection Monkey has been used by hundreds of information technology teams from across the world to find weaknesses in their on-premises and cloud-based data centers.
|
||||
|
|
|
@ -10,20 +10,37 @@ draft: false
|
|||
|
||||
## What is Guardicore Infection Monkey?
|
||||
|
||||
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island Command and Control server.
|
||||
The Infection Monkey is an open-source breach and attack simulation tool for testing a data center's resiliency to perimeter breaches and internal server infection.
|
||||
Infection Monkey will help you validate existing security solutions and will provide a view of the internal network from an attacker's perspective.
|
||||
|
||||
Infection Monkey is free and can be downloaded from [our homepage](https://infectionmonkey.com/).
|
||||
|
||||
![Infection Monkey Documentation Hub Logo](/images/monkey-teacher.svg?height=400px "Infection Monkey Documentation Hub Logo")
|
||||
|
||||
The Infection Monkey is comprised of two parts:
|
||||
## How it works
|
||||
|
||||
* Monkey - A tool which infects other machines and propagates to them.
|
||||
* Monkey Island - A dedicated UI to visualize the Infection Monkey's progress inside the data center.
|
||||
Architecturally, Infection Monkey is comprised of two components:
|
||||
|
||||
To read more about the Monkey and download it, visit [our homepage](https://infectionmonkey.com/).
|
||||
* Monkey Agent (Monkey for short) - a safe, worm-like binary program which scans, propagates and simulates attack techniques on the **local network**.
|
||||
* Monkey Island Server (Island for short) - a C&C web server which provides a GUI for users and interacts with the Monkey Agents.
|
||||
|
||||
The user can run the Monkey Agent on the Island server machine or distribute Monkey Agent binaries on the network manually. Based on
|
||||
the configuration parameters, Monkey Agents scan, propagate and simulate an attacker's behavior on the local network. All of the
|
||||
information gathered about the network is aggregated in the Island Server and displayed once all Monkey Agents are finished.
|
||||
|
||||
## Results
|
||||
|
||||
The results of running Monkey Agents are:
|
||||
- A map which displays how much of the network an attacker can see, what services are accessible and potential propagation routes.
|
||||
- A security report, which displays security issues that Monkey Agents discovered and/or exploited.
|
||||
- A MITRE ATT&CK report, which displays the information about the ATT&CK techniques that Monkey Agents tried to use.
|
||||
- A Zero Trust report, which displays violations of Zero Trust principles that Monkey Agents found.
|
||||
|
||||
A more in-depth description of reports generated can be found in the [reports documentation page]({{< ref "/reports" >}}).
|
||||
|
||||
## Getting Started
|
||||
|
||||
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides](setup), and read our [getting started guide](usage/getting-started) for a quick-start on Monkey!
|
||||
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides]({{< ref "/setup" >}}), and read our [getting started guide]({{< ref "/usage/getting-started" >}}) for a quick-start on Monkey!
|
||||
|
||||
## Support and community
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ Want to help secure networks? That's great!
|
|||
|
||||
Here are a few short links to help you get started:
|
||||
|
||||
* [Getting up and running](./setup-development-environment) - These instructions will help you get a working development setup.
|
||||
* [Getting up and running]({{< ref "/development/setup-development-environment" >}}) - These instructions will help you get a working development setup.
|
||||
* [Contributing guidelines](https://github.com/guardicore/monkey/blob/master/CONTRIBUTING.md) - These guidelines will help you submit.
|
||||
|
||||
## What are we looking for?
|
||||
|
@ -24,7 +24,7 @@ You can take a look at [our roadmap](https://github.com/guardicore/monkey/projec
|
|||
|
||||
### More exploits! 💥
|
||||
|
||||
The best way to find weak spots in a network is by attacking it. The [exploit template](https://github.com/guardicore/monkey/wiki/Exploit-templates) page will help you add exploits.
|
||||
The best way to find weak spots in a network is by attacking it. The [*Adding Exploits*](./adding-exploits/) page will help you add exploits.
|
||||
|
||||
It's important to note that the Infection Monkey must be absolutely reliable. Otherwise, no one will use it, so avoid memory corruption exploits unless they're rock solid and focus on the logical vulns such as Shellshock.
|
||||
|
||||
|
|
|
@ -1,7 +1,110 @@
|
|||
---
|
||||
title: "Adding Exploits"
|
||||
date: 2020-06-08T19:53:00+03:00
|
||||
draft: true
|
||||
draft: false
|
||||
tags: ["contribute"]
|
||||
weight: 50
|
||||
---
|
||||
|
||||
## What does this guide cover?
|
||||
|
||||
This guide will show you how to add a new _Exploit_ to the Infection Monkey.
|
||||
|
||||
An exploit is a sequence of commands that takes advantage of a security vulnerability to gain unauthorized access to a system on your network. If successful, an Infection Monkey agent is released on the exploited system. The result of an attempted exploit is sent back to the Monkey Island as part of the telemetry.
|
||||
|
||||
### Do I need a new Exploit?
|
||||
|
||||
If all you want to do is execute a shell command, configure the required commands in the Monkey Island's post-breach action (PBA) configuration section or [add a new PBA](../adding-post-breach-actions/). If you would like the Infection Monkey agent to collect specific information, [add a new System Info Collector](../adding-system-info-collectors/).
|
||||
|
||||
However, if you have your eye on an interesting CVE that you would like the Infection Monkey to support, you must add a new exploit. Keep reading to learn how to add a new exploit.
|
||||
|
||||
|
||||
## How to add a new Exploit
|
||||
|
||||
### Modify the Infection Monkey Agent
|
||||
|
||||
The Infection Monkey exploiters are all built in a similar way. Each exploiter class inherits from the [`HostExploiter`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/HostExploiter.py) class, which exposes two interface functions:
|
||||
|
||||
* `is_os_supported` - Returns a boolean value denoting whether the victim machine is supported by the exploiter (for example, returns `False` on Windows victim machines for the `SSHExploiter`). This can be used to thoroughly inspect a potential victim machine and decide whether to attempt the exploit on that particular machine (for example, by checking for open services matching specific versions).
|
||||
* `exploit_host` - Exploits the host and returns a boolean value indicating whether or not the exploit was successful.
|
||||
|
||||
#### Adding a new exploiter
|
||||
|
||||
In the [Infection Monkey's exploit directory](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit), add the **exploit's logic** by defining a new class that inherits from [`HostExploiter`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/HostExploiter.py). If your new exploit is a web RCE (remote code execution) exploit, inherit from [`WebRCE`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/web_rce.py).
|
||||
|
||||
```py
|
||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||
|
||||
class MyNewExploiter(HostExploiter):
|
||||
...
|
||||
```
|
||||
|
||||
A good example of an exploiter class is the [`SSHExploiter`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/sshexec.py). The [Drupal exploiter is a recently added web RCE exploit](https://github.com/guardicore/monkey/pull/808) that is a good reference as well.
|
||||
|
||||
|
||||
### Modify the Monkey Island
|
||||
|
||||
#### Configuration
|
||||
|
||||
1. Add your **exploiter's description** to the [configuration schema](https://github.com/guardicore/monkey/blob/develop/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py).
|
||||
|
||||
```py
|
||||
...
|
||||
{
|
||||
"type": "string",
|
||||
"enum": ["SmbExploiter"],
|
||||
"title": "SMB Exploiter",
|
||||
"safe": True,
|
||||
"attack_techniques": ["T1110", "T1075", "T1035"],
|
||||
"info": "Brute forces using credentials provided by user and hashes gathered by mimikatz.",
|
||||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/smbexec/",
|
||||
},
|
||||
{
|
||||
"type": "string", <=================================
|
||||
"enum": ["MyNewExploiter"], <=================================
|
||||
"title": "My New Exploiter", <=================================
|
||||
"safe": True, <=================================
|
||||
"attack_techniques": [], <=================================
|
||||
"info": "Information about your new exploiter.", <=================================
|
||||
"link": "Link to the documentation page explaining your new exploiter.", <=================================
|
||||
},
|
||||
...
|
||||
```
|
||||
|
||||
2. Update the default **list of exploiters** in the [configuration schema](https://github.com/guardicore/monkey/blob/develop/monkey/monkey_island/cc/services/config_schema/basic.py) by adding your new exploiter's class name.
|
||||
|
||||
```py
|
||||
...
|
||||
"exploiter_classes": {
|
||||
"title": "Exploiters",
|
||||
"type": "array",
|
||||
"uniqueItems": True,
|
||||
"items": {"$ref": "#/definitions/exploiter_classes"},
|
||||
"default": [
|
||||
"SmbExploiter",
|
||||
...
|
||||
"DrupalExploiter",
|
||||
"MyNewExploiter", <=================================
|
||||
],
|
||||
}
|
||||
...
|
||||
```
|
||||
|
||||
#### Reporting
|
||||
|
||||
1. In the [report generation pipeline](https://github.com/guardicore/monkey/blob/develop/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py), define how your **exploiter's data** should be processed and displayed in the report. Use the default `ExploitProcessor` or create a custom exploit processor if needed.
|
||||
|
||||
```py
|
||||
class ExploiterDescriptorEnum(Enum):
|
||||
SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
|
||||
...
|
||||
ZEROLOGON = ExploiterDescriptor("ZerologonExploiter", "Zerologon Exploiter", ZerologonExploitProcessor)
|
||||
MYNEWEXPLOITER = ExploitDescriptor("MyNewExploiter", "My New Eexploiter", ExploitProcessor) <=================================
|
||||
```
|
||||
|
||||
2. Describe how the Monkey Island should **display your exploiter's results** by defining the UI contents in the [security report](https://github.com/guardicore/monkey/blob/develop/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js).
|
||||
|
||||
|
||||
### Documentation
|
||||
|
||||
**Update the documentation** to explain what your exploiter does in the [documentation framework](https://github.com/guardicore/monkey/blob/develop/docs/content/reference/exploiters/).
|
||||
|
|
|
@ -16,7 +16,7 @@ If all you want to do is execute shell commands, then there's no need to add a n
|
|||
|
||||
## How to add a new PBA
|
||||
|
||||
### From the Infection Monkey Side
|
||||
### Modify the Infection Monkey Agent
|
||||
|
||||
#### Framework
|
||||
|
||||
|
@ -43,7 +43,7 @@ If your PBA consists only of simple shell commands, you can reuse the generic PB
|
|||
|
||||
Otherwise, you'll need to override the `run` method with your own implementation. See the `communicate_as_new_user.py` PBA for reference. Make sure to send the relevant PostBreachTelem upon success/failure. You can log during the PBA as well.
|
||||
|
||||
### From the Monkey Island Side
|
||||
### Modify the Monkey Island
|
||||
|
||||
#### Configuration
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ If all you want to do is execute a shell command, then there's no need to add a
|
|||
|
||||
## How to add a new System Info Collector
|
||||
|
||||
### From the Monkey Island Side
|
||||
### Modify the Infection Monkey Agent
|
||||
|
||||
#### Framework
|
||||
|
||||
|
@ -41,7 +41,7 @@ class MyNewCollector(SystemInfoCollector):
|
|||
|
||||
Override the `collect` method with your own implementation. See the `EnvironmentCollector.py` System Info Collector for reference. You can log during collection as well.
|
||||
|
||||
### From the Monkey Island Side
|
||||
### Modify the Monkey Island
|
||||
|
||||
#### Configuration
|
||||
|
||||
|
|
|
@ -68,6 +68,8 @@ These are the build output of `hugo` and should never be `commit`-ed to git.
|
|||
|
||||
You'll have to [install `hugo`](https://gohugo.io/getting-started/installing/), a text editor that's good for markdown (`vscode` and `vim` are good options) and `git`.
|
||||
|
||||
Note: Installing `hugo` via `apt` is not recommended because Hugo is usually few [versions behind](https://github.com/wowchemy/wowchemy-hugo-modules/issues/703) the latest for Debian and Ubuntu package managers. Refer to latest [releases](https://github.com/gohugoio/hugo/releases) of Hugo.
|
||||
|
||||
### Adding and editing content
|
||||
|
||||
#### Add a new page
|
||||
|
|
|
@ -10,7 +10,7 @@ tags: ["contribute"]
|
|||
|
||||
To set up a development environment using scripts, look at the readme under [`/deployment_scripts`](https://github.com/guardicore/monkey/blob/develop/deployment_scripts). If you want to set it up manually or run into problems, keep reading.
|
||||
|
||||
## Agent
|
||||
## The Infection Monkey Agent
|
||||
|
||||
The agent (which we sometimes refer to as the Infection Monkey) is a single Python project under the [`infection_monkey`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey) folder. The Infection Monkey agent was built for Python 3.7. You can get it up and running by setting up a [virtual environment](https://docs.python-guide.org/dev/virtualenvs/) and installing the requirements listed in the [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/requirements.txt) inside it.
|
||||
|
||||
|
@ -23,3 +23,17 @@ This means setting up an environment with Linux 32/64-bit with Python installed
|
|||
The Monkey Island is a Python backend React frontend project. Similar to the agent, the backend's requirements are listed in the matching [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/requirements.txt).
|
||||
|
||||
To setup a working front environment, run the instructions listed in the [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/readme.txt)
|
||||
|
||||
## Pre-commit
|
||||
|
||||
Pre-commit is a multi-language package manager for pre-commit hooks. It will run a set of checks when you attempt to commit. If your commit does not pass all checks, it will be reformatted and/or you'll be given a list of errors and warnings that need to be fixed before you can commit.
|
||||
|
||||
Our CI system runs the same checks when pull requests are submitted. This system may report that the build has failed if the pre-commit hooks have not been run or all issues have not been resolved.
|
||||
|
||||
To install and configure pre-commit, run `pip install --user pre-commit`. Next, go to the top level directory of this repository and run `pre-commit install -t pre-commit -t pre-push`. Pre-commit will now run automatically whenever you `git commit`.
|
||||
|
||||
## Swimm
|
||||
|
||||
Infection Monkey has development tutorials that use [`swimm.io`](https://swimm.io/) to help teach new developers how to perform common code tasks in the Infection Monkey codebase and accelerate the ramp-up process. The tutorials include adding new configuration values, new system info collectors and more.
|
||||
|
||||
In order to pass the pre-commit checks, you'll have to [install Swimm successfully](https://www.guardicore.com/infectionmonkey/docs/development/swimm/). Both the Linux and Windows deployment scrips will install [Swimm](https://swimm.io/), but you'll have to sign up [here](https://swimm.io/sign-beta) to complete the process.
|
||||
|
|
|
@ -9,6 +9,6 @@ tags = ["reference"]
|
|||
|
||||
# Reference
|
||||
|
||||
Find detailed information about Infection Monkey.
|
||||
Find detailed information about the Infection Monkey.
|
||||
|
||||
{{% children %}}
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
title: "Data directory"
|
||||
date: 2021-05-18T08:49:59+03:00
|
||||
draft: false
|
||||
pre: '<i class="fas fa-folder"></i> '
|
||||
weight: 9
|
||||
---
|
||||
|
||||
## What is the data directory?
|
||||
|
||||
The data directory is where the Island server stores runtime artifacts.
|
||||
These include the Island logs, any custom post-breach action files,
|
||||
configuration files, etc.
|
||||
|
||||
## Where is it located?
|
||||
|
||||
On Linux, the default path is `$HOME/.monkey_island`.
|
||||
On Windows, the default path is `%AppData%\monkey_island`.
|
|
@ -18,7 +18,7 @@ This can lead to arbitrary PHP code execution in some cases.
|
|||
|
||||
### Affected Versions
|
||||
|
||||
* Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10.
|
||||
* Drupal 8.5.x (before 8.5.11) and Drupal 8.6.x (before 8.6.10).
|
||||
|
||||
One of the following conditions must hold:
|
||||
* The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH
|
||||
|
|
|
@ -4,9 +4,10 @@ date: 2020-07-14T08:41:40+03:00
|
|||
draft: false
|
||||
tags: ["exploit", "windows", "linux"]
|
||||
---
|
||||
### Description
|
||||
|
||||
CVE-2015-1427.
|
||||
CVE-2015-1427
|
||||
|
||||
> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
|
||||
> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x (before 1.4.3) allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
|
||||
|
||||
Logic is based on [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).
|
||||
The logic is based on the [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).
|
||||
|
|
|
@ -5,4 +5,6 @@ draft: false
|
|||
tags: ["exploit", "linux", "windows"]
|
||||
---
|
||||
|
||||
Remote code execution on HADOOP server with YARN and default settings. Logic based on [this vulhub module](https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn).
|
||||
### Description
|
||||
|
||||
This exploit consists of remote code execution on HADOOP servers with YARN and default settings. The logic is based on [this vulhub module](https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn).
|
||||
|
|
|
@ -5,6 +5,10 @@ draft: false
|
|||
tags: ["exploit", "windows"]
|
||||
---
|
||||
|
||||
### Description
|
||||
|
||||
[MS08-067](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) is a remote code execution vulnerability.
|
||||
|
||||
This exploiter is unsafe. If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If the crash in Svchost.exe occurs, the Server service will be affected. That might cause system crash due to the use of buffer overflow. It's therefore **not** enabled by default.
|
||||
This exploiter is unsafe. It's therefore **not** enabled by default.
|
||||
|
||||
If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If a crash in Svchost.exe occurs, the server service will be affected. This may cause a system crash due to the use of buffer overflow.
|
||||
|
|
|
@ -5,4 +5,6 @@ draft: false
|
|||
tags: ["exploit", "windows"]
|
||||
---
|
||||
|
||||
The Monkey will try to brute force into MsSQL server and uses insecure configuration to execute commands on server.
|
||||
### Description
|
||||
|
||||
For this exploit, the Infection Monkey will try to brute force into a MsSQL server and use an insecure configuration to execute commands on the server.
|
||||
|
|
|
@ -4,5 +4,6 @@ date: 2020-07-14T08:42:16+03:00
|
|||
draft: false
|
||||
tags: ["exploit", "windows"]
|
||||
---
|
||||
### Description
|
||||
|
||||
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by Mimikatz.
|
||||
This exploit brute forces machines using credentials provided by the user (see [configuration]({{< ref "/usage/configuration" >}}) for instructions) and hashes gathered from infected systems by Mimikatz.
|
||||
|
|
|
@ -4,5 +4,6 @@ date: 2020-07-14T08:42:21+03:00
|
|||
draft: false
|
||||
tags: ["exploit", "linux"]
|
||||
---
|
||||
### Description
|
||||
|
||||
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration))and SSH keys gathered from systems.
|
||||
This exploit brute forces machines using credentials provided by the user (see ["configuration"]({{< ref "/usage/configuration" >}}) for instructions) and SSH keys gathered from infected systems.
|
||||
|
|
|
@ -4,5 +4,6 @@ date: 2020-07-14T08:42:02+03:00
|
|||
draft: false
|
||||
tags: ["exploit", "linux"]
|
||||
---
|
||||
### Description
|
||||
|
||||
Bruteforces and searches for anonymous shares. Partially based on [the following implementation](https://github.com/CoreSecurity/impacket/blob/master/examples/sambaPipe.py) by CORE Security Technologies' impacket.
|
||||
This exploit brute forces machines and searches for anonymous shares. It is partially based on [the following implementation](https://github.com/CoreSecurity/impacket/blob/master/examples/sambaPipe.py) by CORE Security Technologies' impacket.
|
||||
|
|
|
@ -4,5 +4,6 @@ date: 2020-07-14T08:42:30+03:00
|
|||
draft: false
|
||||
tags: ["exploit", "linux", "windows"]
|
||||
---
|
||||
### Description
|
||||
|
||||
Exploits struts2 java web framework. CVE-2017-5638. Logic based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).
|
||||
This exploit, CVE-2017-5638, utilizes the Struts 2 Java web framework. The logic is based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).
|
||||
|
|
|
@ -4,5 +4,6 @@ date: 2020-07-14T08:42:39+03:00
|
|||
draft: false
|
||||
tags: ["exploit", "linux"]
|
||||
---
|
||||
### Description
|
||||
|
||||
Exploits a malicious backdoor that was added to the VSFTPD download archive. Logic based on [this MetaSploit module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb).
|
||||
This exploits a malicious backdoor that was added to the VSFTPD download archive. The logic is based on [this MetaSploit module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb).
|
||||
|
|
|
@ -4,5 +4,6 @@ date: 2020-07-14T08:43:12+03:00
|
|||
draft: false
|
||||
tags: ["exploit", "windows"]
|
||||
---
|
||||
### Description
|
||||
|
||||
Brute forces WMI (Windows Management Instrumentation) using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by mimikatz.
|
||||
This exploit brute forces WMI (Windows Management Instrumentation) using credentials provided by the user (see ["configuration"]({{< ref "/usage/configuration" >}}) for instructions) and hashes gathered by mimikatz.
|
||||
|
|
|
@ -4,5 +4,6 @@ date: 2020-07-14T08:42:46+03:00
|
|||
draft: false
|
||||
tags: ["exploit", "linux", "windows"]
|
||||
---
|
||||
### Description
|
||||
|
||||
Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on a vulnerable WebLogic server.
|
||||
This exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on a vulnerable WebLogic server.
|
||||
|
|
|
@ -9,8 +9,8 @@ tags = ["reference", "exploit"]
|
|||
|
||||
# Exploiters
|
||||
|
||||
Infection Monkey uses various RCE exploiters. Most of these, in our knowledge, pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and vulnerabilities used by them.
|
||||
The Infection Monkey uses various remote code execution (RCE) exploiters. To our best knowledge, most of these pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and the vulnerabilities they use.
|
||||
|
||||
{{% children %}}
|
||||
|
||||
You can check out the Exploiters' implementation yourself [in the Monkey's GitHub repository](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit).
|
||||
You can check out the exploiters' implementation yourself [in the Infection Monkey's GitHub repository](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit).
|
||||
|
|
|
@ -4,7 +4,8 @@ date: 2020-07-14T08:41:32+03:00
|
|||
draft: false
|
||||
tags: ["exploit", "linux"]
|
||||
---
|
||||
### Description
|
||||
|
||||
CVE-2014-6271, based on [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
|
||||
This exploit, CVE-2014-6271, is based on the [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
|
||||
|
||||
> GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock."
|
||||
> In GNU Bash (through 4.3), processes trailing strings after function definitions in the values of environment variables allow remote attackers to execute arbitrary code via a crafted environment. This is demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients and other situations in which setting the environment occurs across a privilege boundary from Bash execution, AKA "ShellShock."
|
||||
|
|
|
@ -7,15 +7,12 @@ weight: 10
|
|||
---
|
||||
|
||||
{{% notice info %}}
|
||||
Check out [the documentation for the MITRE ATT&CK report as well](../../usage/reports/mitre).
|
||||
Check out [the documentation for the MITRE ATT&CK report as well]({{< ref "/reports/mitre" >}}).
|
||||
{{% /notice %}}
|
||||
|
||||
The Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base and based on this,
|
||||
provides a report detailing the techniques it used and recommended mitigations.
|
||||
The idea is to help you simulate an APT attack on your network and mitigate real attack paths intelligently.
|
||||
The Infection Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base and, based on this, provides a report detailing the techniques it used along with any recommended mitigations. This helps you simulate an advanced persistent threat (APT) attack on your network and mitigate real attack paths intelligently.
|
||||
|
||||
In the following table we provide the list of all the ATT&CK techniques the Monkey provides info about,
|
||||
categorized by tactic. You can follow any of the links to learn more about a specific technique or tactic.
|
||||
In the following table, we list all the MITRE ATT&CK techniques the Infection Monkey provides info about, categorized by the tactic. You can follow any of the links below to learn more about a specific technique or tactic.
|
||||
|
||||
|
||||
| TACTIC | TECHNIQUES |
|
||||
|
|
|
@ -7,15 +7,15 @@ weight: 10
|
|||
tags: ["setup", "reference", "windows", "linux"]
|
||||
---
|
||||
|
||||
The Infection Monkey project supports many popular OSes (but we can always do more).
|
||||
The Infection Monkey project supports many popular OSes (but we are always interested in supporting more).
|
||||
|
||||
The Monkey itself (the agent) has been tested to run on the following operating systems (on x64 architecture)
|
||||
The Infection Monkey agent has been tested to run on the following operating systems (on the x86_64 architecture):
|
||||
|
||||
### Monkey support
|
||||
### Agent support
|
||||
|
||||
#### Linux
|
||||
|
||||
Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributions are supported:
|
||||
Compatibility depends on GLIBC version (2.14+)[^1]. By default, these distributions are supported:
|
||||
|
||||
- Centos 7+
|
||||
- Debian 7+
|
||||
|
@ -30,9 +30,9 @@ Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributio
|
|||
- Windows 2012+
|
||||
- Windows 2012_R2+
|
||||
- Windows 7/Server 2008_R2 if [KB2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) is installed.
|
||||
- Windows vista/Server 2008 should also work if the same update is installed, but this wasn't tested.
|
||||
- Windows Vista/Server 2008 should also work if the same update is installed, but this wasn't tested.
|
||||
|
||||
### Island support
|
||||
### Server support
|
||||
|
||||
**The Monkey Island (control server)** runs out of the box on:
|
||||
|
||||
|
@ -42,13 +42,13 @@ Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributio
|
|||
- Windows Server 2012 R2
|
||||
- Windows Server 2016
|
||||
|
||||
We provide a dockerfile from our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
|
||||
We also provide a Dockerfile on our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
|
||||
|
||||
### Old machine bootloader
|
||||
|
||||
Some **Older machines** still get a partial compatibility as in they get exploited and reported, but monkey can't run on them. So instead of monkey, old machine bootloader (small c program) is ran, which reports some minor info like network interface configuration, GLIBC version, OS and so on.
|
||||
Some **older machines** still have partial compatibility and will be exploited and reported, but the Infection Monkey agent can't run on them. In these cases, old machine bootloader (a small C program) will be run, which reports some minor info like network interface configuration, GLIBC version, OS, etc.
|
||||
|
||||
**Old machine bootloader** also has a GLIBC 2.14+ requirement for linux, because bootloader is included into pyinstaller bootloader which uses python3.7, which in turn requires GLIBC 2.14+. If you think partial support for older machines is important, don't hesitate to open a new issue about it.
|
||||
**Old machine bootloader** also has a GLIBC 2.14+ requirement for Linux because the bootloader is included in the Pyinstaller bootloader, which uses Python 3.7 that in turn requires GLIBC 2.14+. If you think partial support for older machines is important, don't hesitate to open a new issue about it.
|
||||
|
||||
**Old machine bootloader** runs on machines with:
|
||||
|
||||
|
@ -61,4 +61,4 @@ Some **Older machines** still get a partial compatibility as in they get exploit
|
|||
- Ubuntu 14+
|
||||
- **Windows XP/Server 2003+**
|
||||
|
||||
[^1]: GLIBC >= 2.14 requirement comes from the fact that monkey is built using this GLIBC version and GLIBC is not backwards compatible. We are also limited to the oldest GLIBC version compatible with ptyhon3.7
|
||||
[^1]: The GLIBC >= 2.14 requirement exists because the Infection Monkey was built using this GLIBC version, and GLIBC is not backward compatible. We are also limited to the oldest GLIBC version compatible with Python 3.7.
|
||||
|
|
|
@ -7,38 +7,38 @@ pre: '<i class="fas fa-network-wired"></i> '
|
|||
tags: ["reference"]
|
||||
---
|
||||
|
||||
The Infection Monkey agent has two steps before attempting to exploit a victim, scanning and fingerprinting, it's possible to customize both steps in the configuration files.
|
||||
The Infection Monkey agent takes two steps before attempting to exploit a victim, scanning and fingerprinting. It's possible to customize both steps in the configuration files.
|
||||
|
||||
## Scanning
|
||||
|
||||
Currently there are two scanners, [`PingScanner`][ping-scanner] and [`TcpScanner`][tcp-scanner] both inheriting from [`HostScanner`][host-scanner].
|
||||
Currently there are two scanners, [`PingScanner`][ping-scanner] and [`TcpScanner`][tcp-scanner], both inheriting from [`HostScanner`][host-scanner].
|
||||
|
||||
The sole interface required is the `is_host_alive` interface, which needs to return True/False.
|
||||
|
||||
[`TcpScanner`][tcp-scanner] is the default scanner and it checks for open ports based on the `tcp_target_ports` configuration setting.
|
||||
[`TcpScanner`][tcp-scanner] is the default scanner. It checks for open ports based on the `tcp_target_ports` configuration setting.
|
||||
|
||||
[`PingScanner`][ping-scanner] sends a ping message using the host OS utility `ping`.
|
||||
[`PingScanner`][ping-scanner] sends a ping message using the host OS utility `ping.`
|
||||
|
||||
## Fingerprinting
|
||||
|
||||
Fingerprinters are modules that collect server information from a specific victim. They inherit from the [`HostFinger`][host-finger] class and are listed under `finger_classes` configuration option.
|
||||
Fingerprinters are modules that collect server information from a specific victim. They inherit from the [`HostFinger`][host-finger] class and are listed under the `finger_classes` configuration option.
|
||||
|
||||
Currently implemented Fingerprint modules are:
|
||||
The currently implemented Fingerprint modules are:
|
||||
|
||||
1. [`SMBFinger`][smb-finger] - Fingerprints target machines over SMB. Extracts computer name and OS version.
|
||||
2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22). Extracts the computer version and SSH banner.
|
||||
3. [`PingScanner`][ping-scanner] - Fingerprints using the machines TTL, to differentiate between Linux and Windows hosts.
|
||||
4. [`HTTPFinger`][http-finger] - Fingerprints over HTTP/HTTPS, using the ports listed in `HTTP_PORTS` in the configuration. Returns the server type and if it supports SSL.
|
||||
5. [`MySQLFinger`][mysql-finger] - Fingerprints over MySQL (port 3306). Extracts MySQL banner info - Version, Major/Minor/Build and capabilities.
|
||||
6. [`ElasticFinger`][elastic-finger] - Fingerprints over ElasticSearch (port 9200). Extracts the cluster name, node name and node version.
|
||||
1. [`SMBFinger`][smb-finger] - Fingerprints target machines over SMB and extracts the computer name and OS version.
|
||||
2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22) and extracts the computer version and SSH banner.
|
||||
3. [`PingScanner`][ping-scanner] - Fingerprints target machine's TTL to differentiate between Linux and Windows hosts.
|
||||
4. [`HTTPFinger`][http-finger] - Detects HTTP/HTTPS services, using the ports listed in `HTTP_PORTS` in the configuration, will return the server type and if it supports SSL.
|
||||
5. [`MySQLFinger`][mysql-finger] - Fingerprints MySQL (port 3306) and will extract MySQL banner info - version, major/minor/build and capabilities.
|
||||
6. [`ElasticFinger`][elastic-finger] - Fingerprints ElasticSearch (port 9200) will extract the cluster name, node name and node version.
|
||||
|
||||
## Adding a scanner/fingerprinter
|
||||
|
||||
To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and should be imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
|
||||
To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
|
||||
|
||||
To be used by default, two files need to be changed - [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) and [`infection_monkey/example.conf`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/example.conf) to add references to the new class.
|
||||
To use the new scanner/fingerprinter by default, two files need to be changed - [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) and [`infection_monkey/example.conf`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/example.conf) to add references to the new class.
|
||||
|
||||
At this point, the Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
|
||||
At this point, the Infection Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
|
||||
|
||||
[elastic-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/elasticfinger.py
|
||||
[http-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/httpfinger.py
|
||||
|
|
|
@ -2,11 +2,12 @@
|
|||
title: "MITRE ATT&CK report"
|
||||
description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base"
|
||||
date: 2020-06-24T21:17:18+03:00
|
||||
weight: 3
|
||||
draft: false
|
||||
---
|
||||
|
||||
{{% notice info %}}
|
||||
Check out [the documentation for other reports available in the Infection Monkey](../) and [the documentation for supported ATT&CK techniques](../../../reference/mitre_techniques).
|
||||
Check out [the documentation for other reports available in the Infection Monkey]({{< ref "/reports" >}}) and [the documentation for supported ATT&CK techniques]({{< ref "/reference/mitre_techniques" >}}).
|
||||
{{% /notice %}}
|
||||
|
||||
The Infection Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base. After simulating an advanced persistent threat (APT) attack, it generates a report summarizing the success of the techniques utilized along with recommended mitigation steps, helping you identify and mitigate attack paths in your environment.
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
title: "Ransomware report"
|
||||
date: 2021-08-05T13:23:10+03:00
|
||||
weight: 4
|
||||
draft: false
|
||||
description: "Provides information about ransomware simulation on your network"
|
||||
---
|
||||
|
||||
{{% notice info %}}
|
||||
Check out [the Infection Monkey's ransomware simulation documentation]({{< ref
|
||||
"/usage/scenarios/ransomware-simulation" >}}) and [the documentation for other
|
||||
available reports]({{< ref "/reports" >}}).
|
||||
{{% /notice %}}
|
||||
|
||||
The Infection Monkey can be configured to [simulate a ransomware
|
||||
attack](/usage/scenarios/ransomware-simulation) on your network. After running,
|
||||
it generates a **Ransomware Report** that provides you with insight into how
|
||||
ransomware might behave within your environment.
|
||||
|
||||
The report is split into three sections:
|
||||
|
||||
- [Breach](#breach)
|
||||
- [Lateral Movement](#lateral-movement)
|
||||
- [Attack](#attack)
|
||||
|
||||
## Breach
|
||||
|
||||
The breach section shows when and where the ransomware infection began.
|
||||
|
||||
![Breach](/images/usage/reports/ransomware_report_1_breach.png "Breach")
|
||||
|
||||
|
||||
## Lateral movement
|
||||
|
||||
The lateral movement section provides information about how the simulated
|
||||
ransomware was able to propagate through your network.
|
||||
|
||||
|
||||
![Lateral
|
||||
Movement](/images/usage/reports/ransomware_report_2_lateral_movement.png
|
||||
"Lateral Movement")
|
||||
|
||||
|
||||
## Attack
|
||||
|
||||
The attack section shows the details of what the simulated ransomware
|
||||
successfully encrypted, including a list of specific files.
|
||||
|
||||
![Attack](/images/usage/reports/ransomware_report_3_attack.png "Attack")
|
|
@ -1,12 +1,13 @@
|
|||
---
|
||||
title: "Security report"
|
||||
date: 2020-06-24T21:16:10+03:00
|
||||
weight: 1
|
||||
draft: false
|
||||
description: "Provides actionable recommendations and insight into an attacker's view of your network"
|
||||
---
|
||||
|
||||
{{% notice info %}}
|
||||
Check out [the documentation for other reports available in the Infection Monkey](../).
|
||||
Check out [the documentation for other reports available in the Infection Monkey]({{< ref "/reports" >}}).
|
||||
{{% /notice %}}
|
||||
|
||||
The Infection Monkey's **Security Report** provides you with actionable recommendations and insight into an attacker's view of your network. You can download a PDF of an example report here:
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
title: "Zero Trust report"
|
||||
date: 2020-06-24T21:16:18+03:00
|
||||
weight: 2
|
||||
draft: false
|
||||
description: "Generates a status report with detailed explanations of Zero Trust security gaps and prescriptive instructions on how to rectify them"
|
||||
---
|
||||
|
|
|
@ -15,7 +15,7 @@ Once you've downloaded an installer, follow the relevant guide for your environm
|
|||
|
||||
{{% children %}}
|
||||
|
||||
After setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!
|
||||
After setting the Monkey up, check out our [Getting Started](/usage/getting-started) guide!
|
||||
|
||||
{{% notice tip %}}
|
||||
You can find information about [operating system compatibility and support here](../reference/operating_systems_support).
|
||||
|
|
|
@ -15,15 +15,4 @@ If you want an island to be accessible without credentials, press *I want anyone
|
|||
|
||||
## Resetting your account credentials
|
||||
|
||||
To reset your credentials, edit `monkey_island\cc\server_config.json` by deleting the `user` and `password_hash` variables.
|
||||
|
||||
When you restart the Monkey Island server, you will again be prompted with the registration form.
|
||||
|
||||
Example `server_config.json` for account reset:
|
||||
|
||||
```json
|
||||
{
|
||||
"server_config": "password",
|
||||
"deployment": "develop"
|
||||
}
|
||||
```
|
||||
This procedure is documented in [the FAQ]({{< ref "/faq/#how-do-i-reset-the-monkey-island-password" >}}).
|
||||
|
|
|
@ -1,89 +0,0 @@
|
|||
---
|
||||
title: "Debian"
|
||||
date: 2020-05-26T20:57:19+03:00
|
||||
draft: false
|
||||
pre: '<i class="fab fa-linux"></i> '
|
||||
weight: 1
|
||||
disableToc: false
|
||||
tags: ["setup", "debian", "linux"]
|
||||
---
|
||||
|
||||
|
||||
## Supported Distros
|
||||
|
||||
This Debian package has been tested on Ubuntu Bionic 18.04 LTS and Ubuntu Focal 20.04 LTS.
|
||||
|
||||
## Deployment
|
||||
|
||||
1. Update your package list by running:
|
||||
```sh
|
||||
sudo apt update
|
||||
```
|
||||
1. If you are using Ubuntu Focal 20.04, run the following commands to install
|
||||
Python 3.7:
|
||||
```sh
|
||||
sudo apt install software-properties-common
|
||||
sudo add-apt-repository ppa:deadsnakes/ppa
|
||||
sudo apt install python3.7 python3.7-dev
|
||||
```
|
||||
1. Extract the tarball by running:
|
||||
```sh
|
||||
tar -xvzf monkey-island-debian.tgz
|
||||
```
|
||||
1. Install the Monkey Island Debian package:
|
||||
```sh
|
||||
sudo dpkg -i monkey_island.deb # this might print errors
|
||||
```
|
||||
1. If, at this point, you receive dpkg errors that look like this:
|
||||
|
||||
```sh
|
||||
dpkg: error processing package gc-monkey-island (--install):
|
||||
dependency problems - leaving unconfigured
|
||||
Errors were encountered while processing:
|
||||
gc-monkey-island
|
||||
```
|
||||
|
||||
It just means that not all dependencies were pre-installed on your system.
|
||||
That's no problem! Just run the following command, which will install all
|
||||
dependencies, and then install the Monkey Island:
|
||||
|
||||
```sh
|
||||
sudo apt install -f
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Trying to install on Ubuntu <16.04
|
||||
|
||||
If you're trying to install the Monkey Island on Ubuntu 16.04 or older, you
|
||||
need to install the dependencies yourself, since Python 3.7 is only installable
|
||||
from the `deadsnakes` PPA. To install the Monkey Island on Ubuntu 16.04, follow
|
||||
these steps:
|
||||
|
||||
```sh
|
||||
sudo apt update
|
||||
sudo apt-get install libcurl4-openssl-dev
|
||||
sudo apt-get install software-properties-common
|
||||
sudo add-apt-repository ppa:deadsnakes/ppa
|
||||
sudo apt-get update
|
||||
sudo apt-get install python3.7-dev python3.7-venv python3-venv build-essential
|
||||
sudo dpkg -i monkey_island.deb # this might print errors
|
||||
sudo apt install -f
|
||||
```
|
||||
|
||||
### The Monkey Island interface isn't accessible after installation
|
||||
|
||||
To check the status of the Monkey Island after the installation, run the following command: `sudo service monkey-island status`.
|
||||
|
||||
## Upgrading
|
||||
|
||||
Currently, there's no "upgrade-in-place" option when a new version is released.
|
||||
To get the updated version, download the new `.deb` file and install it. You
|
||||
should see a message like `Unpacking monkey-island (1.8.2) over (1.8.0)`. After
|
||||
which, the installation should complete successfully.
|
||||
|
||||
If you'd like to keep your existing configuration, you can export it to a file
|
||||
using the *Export config* button and then import it to the new Monkey Island.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
||||
|
|
@ -7,19 +7,127 @@ weight: 4
|
|||
tags: ["setup", "docker", "linux", "windows"]
|
||||
---
|
||||
|
||||
## Supported operating systems
|
||||
|
||||
The Infection Monkey Docker container works on Linux only. It is not compatible with Docker for Windows or Docker for Mac.
|
||||
|
||||
## Deployment
|
||||
|
||||
To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
|
||||
### 1. Load the docker images
|
||||
1. Pull the MongoDB v4.2 Docker image:
|
||||
|
||||
Once you've extracted the container from the tar.gz file, run the following commands:
|
||||
```bash
|
||||
sudo docker pull mongo:4.2
|
||||
```
|
||||
|
||||
```sh
|
||||
sudo docker load -i dk.monkeyisland.1.10.0.tar
|
||||
sudo docker pull mongo:4.2
|
||||
sudo mkdir -p /var/monkey-mongo/data/db
|
||||
sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo:4.2
|
||||
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.10.0
|
||||
```
|
||||
1. Extract the Monkey Island Docker tarball:
|
||||
|
||||
```bash
|
||||
tar -xvzf monkey-island-docker.tar.gz
|
||||
```
|
||||
|
||||
1. Load the Monkey Island Docker image:
|
||||
|
||||
```bash
|
||||
sudo docker load -i dk.monkeyisland.VERSION.tar
|
||||
```
|
||||
|
||||
### 2. Start MongoDB
|
||||
|
||||
1. Start a MongoDB Docker container:
|
||||
|
||||
```bash
|
||||
sudo docker run \
|
||||
--name monkey-mongo \
|
||||
--network=host \
|
||||
--volume db:/data/db \
|
||||
--detach \
|
||||
mongo:4.2
|
||||
```
|
||||
|
||||
### 3a. Start Monkey Island with default certificate
|
||||
|
||||
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
|
||||
enterprise or other security-sensitive environments, it is recommended that the
|
||||
user [provide Infection Monkey with a
|
||||
certificate](#3b-start-monkey-island-with-user-provided-certificate) that has
|
||||
been signed by a private certificate authority.
|
||||
|
||||
1. Run the Monkey Island server
|
||||
```bash
|
||||
sudo docker run \
|
||||
--name monkey-island \
|
||||
--network=host \
|
||||
guardicore/monkey-island:VERSION
|
||||
```
|
||||
|
||||
### 3b. Start Monkey Island with user-provided certificate
|
||||
|
||||
1. Create a directory named `monkey_island_data`. This will serve as the
|
||||
location where Infection Monkey stores its configuration and runtime
|
||||
artifacts.
|
||||
|
||||
```bash
|
||||
mkdir ./monkey_island_data
|
||||
chmod 700 ./monkey_island_data
|
||||
```
|
||||
|
||||
1. Run Monkey Island with the `--setup-only` flag to populate the `./monkey_island_data` directory with a default `server_config.json` file.
|
||||
|
||||
```bash
|
||||
sudo docker run \
|
||||
--rm \
|
||||
--name monkey-island \
|
||||
--network=host \
|
||||
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
||||
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
||||
guardicore/monkey-island:VERSION --setup-only
|
||||
```
|
||||
|
||||
1. Move your `.crt` and `.key` files to `./monkey_island_data`.
|
||||
|
||||
1. Make sure that your `.crt` and `.key` files are readable and writeable only by you.
|
||||
|
||||
```bash
|
||||
chmod 600 ./monkey_island_data/<KEY_FILE>
|
||||
chmod 600 ./monkey_island_data/<CRT_FILE>
|
||||
```
|
||||
|
||||
1. Edit `./monkey_island_data/server_config.json` to configure Monkey Island
|
||||
to use your certificate. Your config should look something like this:
|
||||
|
||||
```json {linenos=inline,hl_lines=["11-14"]}
|
||||
{
|
||||
"data_dir": "/monkey_island_data",
|
||||
"log_level": "DEBUG",
|
||||
"environment": {
|
||||
"server_config": "password",
|
||||
"deployment": "docker"
|
||||
},
|
||||
"mongodb": {
|
||||
"start_mongodb": false
|
||||
},
|
||||
"ssl_certificate": {
|
||||
"ssl_certificate_file": "/monkey_island_data/<CRT_FILE>",
|
||||
"ssl_certificate_key_file": "/monkey_island_data/<KEY_FILE>"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
1. Start the Monkey Island server:
|
||||
|
||||
```bash
|
||||
sudo docker run \
|
||||
--name monkey-island \
|
||||
--network=host \
|
||||
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
||||
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
||||
guardicore/monkey-island:VERSION
|
||||
```
|
||||
|
||||
### 4. Accessing Monkey Island
|
||||
|
||||
After the Monkey Island docker container starts, you can access Monkey Island by pointing your browser at `https://localhost:5000`.
|
||||
|
||||
## Upgrading
|
||||
|
||||
|
@ -31,3 +139,31 @@ If you'd like to keep your existing configuration, you can export it to a file
|
|||
using the *Export config* button and then import it to the new Monkey Island.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### The Monkey Island container crashes due to a 'UnicodeDecodeError'
|
||||
|
||||
You will encounter a `UnicodeDecodeError` if the `monkey-island` container is
|
||||
using a different secret key to encrypt sensitive data than was initially used
|
||||
to store data in the `monkey-mongo` container.
|
||||
|
||||
```
|
||||
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte
|
||||
```
|
||||
|
||||
Starting a new container from the `guardicore/monkey-island:VERSION` image
|
||||
generates a new secret key for storing sensitive information in MongoDB. If you
|
||||
have an old database instance running (from a previous instance of Infection
|
||||
Monkey), the data stored in the `monkey-mongo` container has been encrypted
|
||||
with a key that is different from the one that Monkey Island is currently
|
||||
using. When MongoDB attempts to decrypt its data with the new key, decryption
|
||||
fails and you get this error.
|
||||
|
||||
You can fix this in one of three ways:
|
||||
1. Instead of starting a new container for the Monkey Island, you can run `docker container start -a monkey-island` to restart the existing container, which will contain the correct key material.
|
||||
1. Kill and remove the existing MongoDB container, and start a new one. This will remove the old database entirely. Then, start the new Monkey Island container.
|
||||
1. When you start the Monkey Island container, use `--volume
|
||||
monkey_island_data:/monkey_island_data`. This will store all of Monkey
|
||||
Island's runtime artifacts (including the encryption key file) in a docker
|
||||
volume that can be reused by subsequent Monkey Island containers.
|
||||
|
|
|
@ -0,0 +1,103 @@
|
|||
---
|
||||
title: "Linux"
|
||||
date: 2020-05-26T20:57:28+03:00
|
||||
draft: false
|
||||
pre: '<i class="fab fa-linux"></i> '
|
||||
weight: 4
|
||||
tags: ["setup", "AppImage", "linux"]
|
||||
---
|
||||
|
||||
## Supported operating systems
|
||||
|
||||
An [AppImage](https://appimage.org/) is a distribution-agnostic, self-running
|
||||
package that contains an application and everything that it may need to run.
|
||||
|
||||
The Infection Monkey AppImage package should run on most modern Linux distros that have FUSE
|
||||
installed, but the ones that we've tested are:
|
||||
- BlackArch 2020.12.01
|
||||
- Kali 2021.2
|
||||
- Parrot 4.11
|
||||
- Rocky 8
|
||||
- openSUSE Leap 15.3
|
||||
- Ubuntu Bionic 18.04
|
||||
- Ubuntu Focal 20.04
|
||||
- Ubuntu Hirsute 21.04
|
||||
|
||||
## Deployment
|
||||
|
||||
1. Make the AppImage package executable:
|
||||
```bash
|
||||
chmod u+x Infection_Monkey_v1.11.0.AppImage
|
||||
```
|
||||
1. Start Monkey Island by running the Infection Monkey AppImage package:
|
||||
```bash
|
||||
./Infection_Monkey_v1.11.0.AppImage
|
||||
```
|
||||
1. Access the Monkey Island web UI by pointing your browser at
|
||||
`https://localhost:5000`.
|
||||
|
||||
### Start Monkey Island with user-provided certificate
|
||||
|
||||
By default, Infection Monkey comes with a [self-signed SSL
|
||||
certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
|
||||
enterprise or other security-sensitive environments, it is recommended that the
|
||||
user provide Infection Monkey with a certificate that has been signed by a
|
||||
private certificate authority.
|
||||
|
||||
1. Run the Infection Monkey AppImage package with the `--setup-only` flag to
|
||||
populate the `$HOME/.monkey_island` directory with a default
|
||||
`server_config.json` file.
|
||||
|
||||
```bash
|
||||
./Infection_Monkey_v1.11.0.AppImage --setup-only
|
||||
```
|
||||
|
||||
1. (Optional but recommended) Move your `.crt` and `.key` files to
|
||||
`$HOME/.monkey_island`.
|
||||
|
||||
1. Make sure that your `.crt` and `.key` files are readable only by you.
|
||||
|
||||
```bash
|
||||
chmod 600 <PATH_TO_KEY_FILE>
|
||||
chmod 600 <PATH_TO_CRT_FILE>
|
||||
```
|
||||
|
||||
1. Edit `$HOME/.monkey_island/server_config.json` to configure Monkey Island
|
||||
to use your certificate. Your config should look something like this:
|
||||
|
||||
```json {linenos=inline,hl_lines=["11-14"]}
|
||||
{
|
||||
"data_dir": "~/.monkey_island",
|
||||
"log_level": "DEBUG",
|
||||
"environment": {
|
||||
"server_config": "password",
|
||||
"deployment": "linux"
|
||||
},
|
||||
"mongodb": {
|
||||
"start_mongodb": true
|
||||
},
|
||||
"ssl_certificate": {
|
||||
"ssl_certificate_file": "<PATH_TO_CRT_FILE>",
|
||||
"ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
1. Start Monkey Island by running the Infection Monkey AppImage package:
|
||||
```bash
|
||||
./Infection_Monkey_v1.11.0.AppImage
|
||||
```
|
||||
|
||||
1. Access the Monkey Island web UI by pointing your browser at
|
||||
`https://localhost:5000`.
|
||||
|
||||
## Upgrading
|
||||
|
||||
Currently, there's no "upgrade-in-place" option when a new version is released.
|
||||
To get an updated version, download the updated AppImage package and follow the deployment
|
||||
instructions again.
|
||||
|
||||
If you'd like to keep your existing configuration, you can export it to a file
|
||||
using the *Export config* button and then import it to the new Monkey Island.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -1,75 +0,0 @@
|
|||
---
|
||||
title: "VMware"
|
||||
date: 2020-05-26T20:57:14+03:00
|
||||
draft: false
|
||||
pre: '<i class="fas fa-laptop-code"></i> '
|
||||
weight: 3
|
||||
tags: ["setup", "vmware"]
|
||||
---
|
||||
|
||||
## Deployment
|
||||
|
||||
1. Deploy the Infection Monkey OVA by choosing **Deploy OVF Template** and
|
||||
following the wizard instructions. *Note: make sure ports 5000 and 5001 on
|
||||
the machine are accessible for inbound TCP traffic.*
|
||||
1. Turn on the Infection Monkey VM.
|
||||
1. Log in to the machine with the following credentials:
|
||||
1. Username: **monkeyuser**
|
||||
1. Password: **Noon.Earth.Always**
|
||||
1. For security purposes, it's recommended that you change the machine
|
||||
passwords by running the following commands: `sudo passwd monkeyuser`, `sudo
|
||||
passwd root`.
|
||||
|
||||
## OVA network modes
|
||||
|
||||
You can use the OVA in one of two modes:
|
||||
|
||||
1. In a network with the DHCP configured — In this case, the Monkey Island will
|
||||
automatically query and receive an IP address from the network.
|
||||
1. With a static IP address — In this case, you should log in to the VM console
|
||||
with the username `monkeyuser` and the password `Noon.Earth.Always`. After logging
|
||||
in, edit the Netplan configuration by entering the following command in the
|
||||
prompt:
|
||||
|
||||
```sh
|
||||
sudo nano /etc/netplan/00-installer-config.yaml
|
||||
```
|
||||
|
||||
Make the following changes:
|
||||
|
||||
```diff
|
||||
# This is the network config written by 'subiquity'
|
||||
network:
|
||||
ethernets:
|
||||
ens160:
|
||||
- dhcp4: true
|
||||
+ dhcp4: false
|
||||
+ addresses: [XXX.XXX.XXX.XXX/24]
|
||||
+ gateway4: YYY.YYY.YYY.YYY
|
||||
+ nameservers:
|
||||
+ addresses: [1.1.1.1]
|
||||
version: 2
|
||||
```
|
||||
|
||||
Replace `XXX.XXX.XXX.XXX` with the desired IP addess of the VM. Replace
|
||||
`YYY.YYY.YYY.YYY` with the default gateway.
|
||||
|
||||
Save the changes then run the command:
|
||||
|
||||
```sh
|
||||
sudo netplan apply
|
||||
```
|
||||
|
||||
If this configuration does not suit your needs, see
|
||||
https://netplan.io/examples/ for more information about how to configure
|
||||
Netplan.
|
||||
|
||||
## Upgrading
|
||||
|
||||
Currently, there's no "upgrade-in-place" option when a new version is released.
|
||||
To get an updated version, download the updated OVA file.
|
||||
|
||||
If you'd like to keep your existing configuration, you can export it to a file
|
||||
using the *Export config* button and then import it to the new Monkey Island.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -9,6 +9,10 @@ tags: ["setup", "windows"]
|
|||
|
||||
## Deployment
|
||||
|
||||
{{% notice tip %}}
|
||||
Don't get scared if the Infection Monkey gets [flagged as malware during the installation](/faq/#is-infection-monkey-a-malwarevirus).
|
||||
{{% /notice %}}
|
||||
|
||||
After running the installer, the following prompt should appear on the screen:
|
||||
|
||||
![Windows installer screenshot](../../images/setup/windows/installer-screenshot-1.png "Windows installer screenshot")
|
||||
|
@ -16,8 +20,48 @@ After running the installer, the following prompt should appear on the screen:
|
|||
1. Follow the steps to complete the installation.
|
||||
1. Run the Monkey Island by clicking on the desktop shortcut.
|
||||
|
||||
### Start Monkey Island with user-provided certificate
|
||||
|
||||
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
|
||||
enterprise or other security-sensitive environments, it is recommended that the
|
||||
user provide Infection Monkey with a certificate that has been signed by a
|
||||
private certificate authority.
|
||||
|
||||
1. If you haven't already, run the Monkey Island by clicking on the desktop
|
||||
shortcut. This will populate MongoDB, as well as create and populate
|
||||
`%AppData%\monkey_island`.
|
||||
1. Stop the Monkey Island process.
|
||||
1. (Optional but recommended) Move your `.crt` and `.key` files to `%AppData%\monkey_island`.
|
||||
1. Edit `%AppData%\monkey_island\server_config.json` to configure Monkey Island
|
||||
to use your certificate. Your config should look something like this:
|
||||
|
||||
```json {linenos=inline,hl_lines=["11-14"]}
|
||||
{
|
||||
"log_level": "DEBUG",
|
||||
"environment": {
|
||||
"server_config": "password",
|
||||
"deployment": "windows"
|
||||
},
|
||||
"mongodb": {
|
||||
"start_mongodb": true
|
||||
},
|
||||
"ssl_certificate": {
|
||||
"ssl_certificate_file": "<PATH_TO_CRT_FILE>",
|
||||
"ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
|
||||
}
|
||||
}
|
||||
```
|
||||
1. Run the Monkey Island by clicking on the desktop shortcut.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Support
|
||||
|
||||
Only **English** system locale is supported. If your command prompt gives output in a different
|
||||
language, the Infection Monkey is not guaranteed to work.
|
||||
|
||||
For supported Windows versions, take a look at the [OS support page](../../reference/operating_systems_support).
|
||||
|
||||
### Missing Windows update
|
||||
|
||||
The installer requires [Windows update #2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows).
|
||||
|
|
|
@ -37,24 +37,31 @@ $ sha256sum monkey-linux-64
|
|||
|
||||
| Filename | Type | Version | SHA256 |
|
||||
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
||||
| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` |
|
||||
| monkey-windows-32.exe | Windows Agent | 1.10.0 | `8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f` |
|
||||
| monkey-linux-64 | Linux Agent | 1.10.0 | `932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93` |
|
||||
| monkey-linux-32 | Linux Agent | 1.10.0 | `a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5` |
|
||||
| infection_monkey_deb.tgz | Debian Package | 1.10.0 | `534d85c4abc78e2c86a74d8b88759b091b62077dd9e32f02eeb43d716d359ff6` |
|
||||
| infection_monkey_debzt.tgz | Debian Package | 1.10.0 | `bd01d8482f80990e6cc0ed654c07dbd80da71eebe3dd244365e9bc00f86b1c03` |
|
||||
| Monkey Island v1.10.0_3593_windows.exe | Windows Installer | 1.10.0 | `ebd2c5627d21dd8670def02c3a5a995f9e799ba567cf4caacd702654264ddf06` |
|
||||
| Monkey Island v1.10.0_3593_windowszt.exe | Windows Installer | 1.10.0 | `60aaf3b32e5d06c91fe0d4f1b950529517ac33796f67e9ccfef0e8ce1c5372d8` |
|
||||
| infection_monkey_docker_docker_20210326_171631.tgz | Docker | 1.10.0 | `e4f9c7c5aafe7e38b33d2927a9c0cf6a3ac27858d3d0e3f2252c2e91809a78db` |
|
||||
| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
|
||||
| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
|
||||
| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
|
||||
| monkey-windows-64.exe | Windows Agent | 1.11.0 | `12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a` |
|
||||
| monkey-windows-32.exe | Windows Agent | 1.11.0 | `e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849` |
|
||||
| monkey-linux-64 | Linux Agent | 1.11.0 | `fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462` |
|
||||
| monkey-linux-32 | Linux Agent | 1.11.0 | `88d6d717f99047ae6f8ff9527b41ff004217c99b1b027f112d062dd9e66d11ab` |
|
||||
| Infection_Monkey-1.11.0-x86_64.AppImage | Linux Package | 1.11.0 | `6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2` |
|
||||
| infection_monkey_docker_20210811_211212.tgz | Docker | 1.11.0 | `40f203387cadd153f97c6a21dfdddacd4d4eeea334a9300d862bfb4ba528e2e6` |
|
||||
| Monkey Island v1.11.0_3789.exe | Windows Installer | 1.11.0 | `20633c1993ea5f86b57b3a48d6875e8f72881f856f4713d747f07a559da05ccc` |
|
||||
|
||||
|
||||
## Older checksums
|
||||
|
||||
| Filename | Type | Version | SHA256 |
|
||||
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
||||
| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` |
|
||||
| monkey-windows-32.exe | Windows Agent | 1.10.0 | `8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f` |
|
||||
| monkey-linux-64 | Linux Agent | 1.10.0 | `932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93` |
|
||||
| monkey-linux-32 | Linux Agent | 1.10.0 | `a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5` |
|
||||
| infection_monkey_deb.tgz | Debian Package | 1.10.0 | `534d85c4abc78e2c86a74d8b88759b091b62077dd9e32f02eeb43d716d359ff6` |
|
||||
| infection_monkey_debzt.tgz | Debian Package | 1.10.0 | `bd01d8482f80990e6cc0ed654c07dbd80da71eebe3dd244365e9bc00f86b1c03` |
|
||||
| Monkey Island v1.10.0_3593_windows.exe | Windows Installer | 1.10.0 | `ebd2c5627d21dd8670def02c3a5a995f9e799ba567cf4caacd702654264ddf06` |
|
||||
| Monkey Island v1.10.0_3593_windowszt.exe | Windows Installer | 1.10.0 | `60aaf3b32e5d06c91fe0d4f1b950529517ac33796f67e9ccfef0e8ce1c5372d8` |
|
||||
| infection_monkey_docker_docker_20210326_171631.tgz | Docker | 1.10.0 | `e4f9c7c5aafe7e38b33d2927a9c0cf6a3ac27858d3d0e3f2252c2e91809a78db` |
|
||||
| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
|
||||
| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
|
||||
| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
|
||||
| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
|
||||
| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
|
||||
| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
+++
|
||||
title = "Scenarios"
|
||||
date = 2020-08-12T12:52:59+03:00
|
||||
weight = 3
|
||||
chapter = true
|
||||
pre = "<i class='fas fa-map-marked-alt'></i> "
|
||||
+++
|
||||
|
||||
# Scenarios
|
||||
|
||||
This section describes the different attack scenarios that the Infection Monkey can simulate.
|
||||
|
||||
{{% notice note %}}
|
||||
Don't worry! The Infection Monkey uses safe exploiters and does not cause any permanent system modifications that could impact security or operations.
|
||||
{{% /notice %}}
|
||||
|
||||
The Infection Monkey has pre-built scenarios to simulate common types of attacks that take place. These scenarios, when selected, manipulate the configuration to only show you what you need to see for that scenario. This makes it possible for you to quickly run the Monkey on your network in order to accomplish a specific objective.
|
||||
|
||||
Choosing the "Custom" scenario will allow you to fine-tune your simulation and access all available features. [Read more about configuring a custom simulation.](/custom-scenario/_index.md)
|
||||
|
||||
![Choose scenario](/images/usage/scenarios/choose-scenario.png "Choose a scenario")
|
||||
|
||||
To exit a scenario and select another one, click on "Start Over".
|
||||
|
||||
![Start over](/images/usage/scenarios/start-over.png "Start over")
|
||||
|
||||
## Section contents
|
||||
|
||||
{{% children description=True style="p"%}}
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
title: " Custom"
|
||||
date: 2021-07-28T14:36:02+05:30
|
||||
description: "Configure a custom scenario to test your network's defenses."
|
||||
weight: 100
|
||||
pre: "<i class='fas fa-edit'></i>"
|
||||
chapter: true
|
||||
---
|
||||
|
||||
# Custom
|
||||
|
||||
The Infection Monkey is a versatile breach and attack simulation tool. Choosing the "Custom" scenario will allow you to access all of its capabilities and configure the simulation exactly according to your needs. You can enhance, optimize, and fine-tune the Monkey's behavior.
|
||||
|
||||
![Custom scenario](/images/usage/scenarios/custom-scenario.png "Custom scenario")
|
||||
|
||||
Below are some examples with instructions on how to configure them.
|
||||
|
||||
{{% children description=True style="p"%}}
|
|
@ -11,7 +11,7 @@ weight: 1
|
|||
Want to assess your progress in achieving a Zero Trust network? The Infection Monkey can automatically evaluate your readiness across the different
|
||||
[Zero Trust Extended Framework](https://www.forrester.com/report/The+Zero+Trust+eXtended+ZTX+Ecosystem/-/E-RES137210) principles.
|
||||
|
||||
You can additionally scan your cloud infrastructure's compliance to ZeroTrust principles using [ScoutSuite integration.](/usage/integrations/scoutsuite)
|
||||
You can additionally scan your cloud infrastructure's compliance to ZeroTrust principles using [ScoutSuite integration.]({{< ref "/usage/integrations/scoutsuite" >}})
|
||||
|
||||
## Configuration
|
||||
|
||||
|
@ -31,4 +31,3 @@ Run the Infection Monkey on as many machines as you can. You can easily achieve
|
|||
## Assessing results
|
||||
|
||||
You can see your results in the Zero Trust report section. “The Summary” section will give you an idea about which Zero Trust pillars were the Infection Monkey tested, how many tests were performed and test statuses. Specific tests are described in the “Test Results” section. The “Findings” section shows details about the Monkey actions. Click on “Events” of different findings to observe what exactly the Infection Monkey did and when it did it. This should make it easy to cross reference events with your security solutions and alerts/logs.
|
||||
|
|
@ -0,0 +1,161 @@
|
|||
---
|
||||
title: " Ransomware Simulation"
|
||||
date: 2021-06-23T18:13:59+05:30
|
||||
draft: false
|
||||
description: "Simulate a ransomware attack on your network and assess the potential damage."
|
||||
weight: 1
|
||||
pre: "<i class='fa fa-lock'></i>"
|
||||
---
|
||||
|
||||
The Infection Monkey is capable of simulating a ransomware attack on your
|
||||
network using a set of configurable behaviors.
|
||||
|
||||
|
||||
## Encryption
|
||||
|
||||
In order to simulate the behavior of ransomware as accurately as possible,
|
||||
the Infection Monkey can [encrypt user-specified files](#configuring-encryption)
|
||||
using a [fully reversible algorithm](#how-are-the-files-encrypted). A number of
|
||||
mechanisms are in place to ensure that all actions performed by the encryption
|
||||
routine are safe for production environments.
|
||||
|
||||
### Preparing your environment for a ransomware simulation
|
||||
|
||||
The Infection Monkey will only encrypt files that you allow it to. In
|
||||
order to take full advantage of the Infection Monkey's ransomware simulation, you'll
|
||||
need to provide the Infection Monkey with a directory that contains files that
|
||||
are safe for it to encrypt. The recommended approach is to use a remote
|
||||
administration tool, such as
|
||||
[Ansible](https://docs.ansible.com/ansible/latest/user_guide/) or
|
||||
[PsExec](https://theitbros.com/using-psexec-to-run-commands-remotely/) to add a
|
||||
"ransomware target" directory to each machine in your environment. The Infection
|
||||
Monkey can then be configured to encrypt files in this directory.
|
||||
|
||||
### Configuring encryption
|
||||
|
||||
To ensure minimum interference and easy recoverability, the ransomware
|
||||
simulation will only encrypt files contained in a user-specified directory. If
|
||||
no directory is specified, no files will be encrypted.
|
||||
|
||||
![Ransomware configuration](/images/usage/scenarios/ransomware-config.png "Ransomware configuration")
|
||||
|
||||
### How are the files encrypted?
|
||||
|
||||
Files are "encrypted" in place with a simple bit flip. Encrypted files are
|
||||
renamed to have `.m0nk3y` appended to their names. This is a safe way to
|
||||
simulate encryption since it is easy to "decrypt" your files. You can simply
|
||||
perform a bit flip on the files again and rename them to remove the appended
|
||||
`.m0nk3y` extension.
|
||||
|
||||
Flipping a file's bits is sufficient to simulate the encryption behavior of
|
||||
ransomware, as the data in your files has been manipulated (leaving them
|
||||
temporarily unusuable). Files are then renamed with a new extension appended,
|
||||
which is similar to the way that many ransomwares behave. As this is a
|
||||
simulation, your
|
||||
security solutions should be triggered to notify you or prevent these changes
|
||||
from taking place.
|
||||
|
||||
### Which files are encrypted?
|
||||
|
||||
During the ransomware simulation, attempts will be made to encrypt all regular
|
||||
files with [targeted file extensions](#files-targeted-for-encryption) in the
|
||||
configured directory. The simulation is not recursive, i.e. it will not touch
|
||||
any files in sub-directories of the configured directory. The Infection Monkey will
|
||||
not follow any symlinks or shortcuts.
|
||||
|
||||
These precautions are taken to prevent the Infection Monkey from accidentally
|
||||
encrypting files that you didn't intend to encrypt.
|
||||
|
||||
### Files targeted for encryption
|
||||
|
||||
Only regular files with certain extensions are encrypted by the ransomware
|
||||
simulation. This list is based on the [analysis of the Goldeneye ransomware by
|
||||
BitDefender](https://labs.bitdefender.com/2017/07/a-technical-look-into-the-goldeneye-ransomware-attack/).
|
||||
|
||||
- .3ds
|
||||
- .7z
|
||||
- .accdb
|
||||
- .ai
|
||||
- .asp
|
||||
- .aspx
|
||||
- .avhd
|
||||
- .avi
|
||||
- .back
|
||||
- .bak
|
||||
- .c
|
||||
- .cfg
|
||||
- .conf
|
||||
- .cpp
|
||||
- .cs
|
||||
- .ctl
|
||||
- .dbf
|
||||
- .disk
|
||||
- .djvu
|
||||
- .doc
|
||||
- .docx
|
||||
- .dwg
|
||||
- .eml
|
||||
- .fdb
|
||||
- .giff
|
||||
- .gz
|
||||
- .h
|
||||
- .hdd
|
||||
- .jpg
|
||||
- .jpeg
|
||||
- .kdbx
|
||||
- .mail
|
||||
- .mdb
|
||||
- .mpg
|
||||
- .mpeg
|
||||
- .msg
|
||||
- .nrg
|
||||
- .ora
|
||||
- .ost
|
||||
- .ova
|
||||
- .ovf
|
||||
- .pdf
|
||||
- .php
|
||||
- .pmf
|
||||
- .png
|
||||
- .ppt
|
||||
- .pptx
|
||||
- .pst
|
||||
- .pvi
|
||||
- .py
|
||||
- .pyc
|
||||
- .rar
|
||||
- .rtf
|
||||
- .sln
|
||||
- .sql
|
||||
- .tar
|
||||
- .tiff
|
||||
- .txt
|
||||
- .vbox
|
||||
- .vbs
|
||||
- .vcb
|
||||
- .vdi
|
||||
- .vfd
|
||||
- .vmc
|
||||
- .vmdk
|
||||
- .vmsd
|
||||
- .vmx
|
||||
- .vsdx
|
||||
- .vsv
|
||||
- .work
|
||||
- .xls
|
||||
- .xlsx
|
||||
- .xvd
|
||||
- .zip
|
||||
|
||||
|
||||
## Leaving a README.txt file
|
||||
|
||||
Many ransomware packages leave a README.txt file on the victim machine with an
|
||||
explanation of what has occurred and instructions for paying the attacker.
|
||||
The Infection Monkey will also leave a README.txt file in the target directory on
|
||||
the victim machine in order to replicate this behavior.
|
||||
|
||||
The README.txt file informs the user that a ransomware simulation has taken
|
||||
place and that they should contact their administrator. The contents of the
|
||||
file can be found
|
||||
[here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).
|
|
@ -1,20 +0,0 @@
|
|||
+++
|
||||
title = "Use Cases"
|
||||
date = 2020-08-12T12:52:59+03:00
|
||||
weight = 3
|
||||
chapter = true
|
||||
pre = "<i class='fas fa-map-marked-alt'></i> "
|
||||
+++
|
||||
|
||||
# Use cases
|
||||
|
||||
This section describes possible use cases for the Infection Monkey and how you can configure the tool.
|
||||
You can also refer to [our FAQ](../../faq) for more specific questions and answers.
|
||||
|
||||
{{% notice note %}}
|
||||
Don't worry! The Infection Monkey uses safe exploiters and does not cause any permanent system modifications that could impact security or operations.
|
||||
{{% /notice %}}
|
||||
|
||||
## Section contents
|
||||
|
||||
{{% children description=True style="p"%}}
|
|
@ -74,10 +74,10 @@
|
|||
</a>
|
||||
</div>
|
||||
<div class="col-lg-3 col-sm-6 mb-3">
|
||||
<a href="usage/use-cases" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||
<a href="usage/scenarios" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||
<i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i>
|
||||
<h4 class="mb-3 mt-0">Use Cases</h4>
|
||||
<p class="mb-0">Learn about use cases of the Infection Monkey.</p>
|
||||
<h4 class="mb-3 mt-0">Scenarios</h4>
|
||||
<p class="mb-0">Learn about scenarios of the Infection Monkey.</p>
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-3 col-sm-6 mb-3">
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 135 KiB |
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue