From 16e2c94037420c6cb9f1f048c17624a78c273797 Mon Sep 17 00:00:00 2001 From: Shreya Date: Tue, 28 Jul 2020 21:06:22 +0530 Subject: [PATCH] Add decorator for checking if technique is disabled --- .../services/attack/technique_reports/T1003.py | 11 ++++++----- .../services/attack/technique_reports/T1016.py | 10 +++++----- .../services/attack/technique_reports/T1018.py | 10 +++++----- .../services/attack/technique_reports/T1021.py | 11 ++++++----- .../services/attack/technique_reports/T1041.py | 10 +++++----- .../services/attack/technique_reports/T1059.py | 10 ++++++---- .../services/attack/technique_reports/T1075.py | 13 +++++++------ .../services/attack/technique_reports/T1082.py | 13 +++++++------ .../services/attack/technique_reports/T1086.py | 10 ++++++---- .../services/attack/technique_reports/T1090.py | 10 +++++----- .../services/attack/technique_reports/T1110.py | 10 +++++----- .../services/attack/technique_reports/T1145.py | 10 +++++----- .../services/attack/technique_reports/T1188.py | 10 +++++----- .../services/attack/technique_reports/T1210.py | 18 +++++++++++------- .../attack/technique_reports/__init__.py | 10 ++++++++-- .../attack/technique_reports/pba_technique.py | 12 ++++++------ 16 files changed, 98 insertions(+), 80 deletions(-) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py index f792a2082..d8ee9de26 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py @@ -18,15 +18,16 @@ class T1003(AttackTechnique): @staticmethod def get_report_data(): - data = {'title': T1003.technique_title()} - - if not T1003.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1003.is_status_disabled + def get_technique_status_and_data(): if mongo.db.telemetry.count_documents(T1003.query): status = ScanStatus.USED.value else: status = ScanStatus.UNSCANNED.value + return (status, []) + + data = {'title': T1003.technique_title()} + status, _ = get_technique_status_and_data() data.update(T1003.get_message_and_status(status)) data.update(T1003.get_mitigation_by_status(status)) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py index 332393b15..a1162b109 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py @@ -27,13 +27,13 @@ class T1016(AttackTechnique): @staticmethod def get_report_data(): - network_info = [] - - if not T1016.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1016.is_status_disabled + def get_technique_status_and_data(): network_info = list(mongo.db.telemetry.aggregate(T1016.query)) status = ScanStatus.USED.value if network_info else ScanStatus.UNSCANNED.value + return (status, network_info) + + status, network_info = get_technique_status_and_data() data = T1016.get_base_data_by_status(status) data.update({'network_info': network_info}) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py index 93c546573..3ea49603c 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py @@ -28,16 +28,16 @@ class T1018(AttackTechnique): @staticmethod def get_report_data(): - scan_info = [] - - if not T1018.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1018.is_status_disabled + def get_technique_status_and_data(): scan_info = list(mongo.db.telemetry.aggregate(T1018.query)) if scan_info: status = ScanStatus.USED.value else: status = ScanStatus.UNSCANNED.value + return (status, scan_info) + + status, scan_info = get_technique_status_and_data() data = T1018.get_base_data_by_status(status) data.update({'scan_info': scan_info}) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py index ac6a7ac0b..a43c76479 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py @@ -33,11 +33,9 @@ class T1021(AttackTechnique): @staticmethod def get_report_data(): - attempts = [] - - if not T1021.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1021.is_status_disabled + def get_technique_status_and_data(): + attempts = [] if mongo.db.telemetry.count_documents(T1021.scanned_query): attempts = list(mongo.db.telemetry.aggregate(T1021.query)) if attempts: @@ -50,6 +48,9 @@ class T1021(AttackTechnique): status = ScanStatus.SCANNED.value else: status = ScanStatus.UNSCANNED.value + return (status, attempts) + + status, attempts = get_technique_status_and_data() data = T1021.get_base_data_by_status(status) data.update({'services': attempts}) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py index 46738a799..b4548dac8 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py @@ -13,11 +13,8 @@ class T1041(AttackTechnique): @staticmethod def get_report_data(): - info = [] - - if not T1041.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1041.is_status_disabled + def get_technique_status_and_data(): monkeys = list(Monkey.objects()) info = [{'src': monkey['command_control_channel']['src'], 'dst': monkey['command_control_channel']['dst']} @@ -26,6 +23,9 @@ class T1041(AttackTechnique): status = ScanStatus.USED.value else: status = ScanStatus.UNSCANNED.value + return (status, info) + + status, info = get_technique_status_and_data() data = T1041.get_base_data_by_status(status) data.update({'command_control_channel': info}) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py index 38d7bb1c3..b702ddd58 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py @@ -23,15 +23,17 @@ class T1059(AttackTechnique): @staticmethod def get_report_data(): - if not T1059.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1059.is_status_disabled + def get_technique_status_and_data(): cmd_data = list(mongo.db.telemetry.aggregate(T1059.query)) - data = {'title': T1059.technique_title(), 'cmds': cmd_data} if cmd_data: status = ScanStatus.USED.value else: status = ScanStatus.UNSCANNED.value + return (status, cmd_data) + + status, cmd_data = get_technique_status_and_data() + data = {'title': T1059.technique_title(), 'cmds': cmd_data} data.update(T1059.get_message_and_status(status)) data.update(T1059.get_mitigation_by_status(status)) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py index 82d297234..5d3f270e7 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py @@ -30,19 +30,20 @@ class T1075(AttackTechnique): @staticmethod def get_report_data(): - data = {'title': T1075.technique_title()} - - if not T1075.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1075.is_status_disabled + def get_technique_status_and_data(): successful_logins = list(mongo.db.telemetry.aggregate(T1075.query)) - data.update({'successful_logins': successful_logins}) if successful_logins: status = ScanStatus.USED.value elif mongo.db.telemetry.count_documents(T1075.login_attempt_query): status = ScanStatus.SCANNED.value else: status = ScanStatus.UNSCANNED.value + return (status, successful_logins) + + status, successful_logins = get_technique_status_and_data() + data = {'title': T1075.technique_title()} + data.update({'successful_logins': successful_logins}) data.update(T1075.get_message_and_status(status)) data.update(T1075.get_mitigation_by_status(status)) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py index 3b75dc10e..1a9ff94f8 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py @@ -38,17 +38,18 @@ class T1082(AttackTechnique): @staticmethod def get_report_data(): - data = {'title': T1082.technique_title()} - - if not T1082.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1082.is_status_disabled + def get_technique_status_and_data(): system_info = list(mongo.db.telemetry.aggregate(T1082.query)) - data.update({'system_info': system_info}) if system_info: status = ScanStatus.USED.value else: status = ScanStatus.UNSCANNED.value + return (status, system_info) + + status, system_info = get_technique_status_and_data() + data = {'title': T1082.technique_title()} + data.update({'system_info': system_info}) data.update(T1082.get_mitigation_by_status(status)) data.update(T1082.get_message_and_status(status)) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py index 8ad104cf9..d6237a3f7 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py @@ -25,15 +25,17 @@ class T1086(AttackTechnique): @staticmethod def get_report_data(): - if not T1086.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1086.is_status_disabled + def get_technique_status_and_data(): cmd_data = list(mongo.db.telemetry.aggregate(T1086.query)) - data = {'title': T1086.technique_title(), 'cmds': cmd_data} if cmd_data: status = ScanStatus.USED.value else: status = ScanStatus.UNSCANNED.value + return (status, cmd_data) + + status, cmd_data = get_technique_status_and_data() + data = {'title': T1086.technique_title(), 'cmds': cmd_data} data.update(T1086.get_mitigation_by_status(status)) data.update(T1086.get_message_and_status(status)) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py index f2490e72e..f68ab1166 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py @@ -13,14 +13,14 @@ class T1090(AttackTechnique): @staticmethod def get_report_data(): - monkeys = [] - - if not T1090.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1090.is_status_disabled + def get_technique_status_and_data(): monkeys = Monkey.get_tunneled_monkeys() monkeys = [monkey.get_network_info() for monkey in monkeys] status = ScanStatus.USED.value if monkeys else ScanStatus.UNSCANNED.value + return (status, monkeys) + + status, monkeys = get_technique_status_and_data() data = T1090.get_base_data_by_status(status) data.update({'proxies': monkeys}) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py index 39eab28e6..c2d6fc8d5 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py @@ -26,11 +26,8 @@ class T1110(AttackTechnique): @staticmethod def get_report_data(): - attempts = [] - - if not T1110.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1110.is_status_disabled + def get_technique_status_and_data(): attempts = list(mongo.db.telemetry.aggregate(T1110.query)) succeeded = False @@ -46,6 +43,9 @@ class T1110(AttackTechnique): status = ScanStatus.SCANNED.value else: status = ScanStatus.UNSCANNED.value + return (status, attempts) + + status, attempts = get_technique_status_and_data() data = T1110.get_base_data_by_status(status) # Remove data with no successful brute force attempts diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1145.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1145.py index 1089e1027..5d96d863e 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1145.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1145.py @@ -20,16 +20,16 @@ class T1145(AttackTechnique): @staticmethod def get_report_data(): - ssh_info = [] - - if not T1145.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1145.is_status_disabled + def get_technique_status_and_data(): ssh_info = list(mongo.db.telemetry.aggregate(T1145.query)) if ssh_info: status = ScanStatus.USED.value else: status = ScanStatus.UNSCANNED.value + return (status, ssh_info) + + status, ssh_info = get_technique_status_and_data() data = T1145.get_base_data_by_status(status) data.update({'ssh_info': ssh_info}) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py index 269fa4148..2dbf87638 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -13,11 +13,8 @@ class T1188(AttackTechnique): @staticmethod def get_report_data(): - hops = [] - - if not T1188.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1188.is_status_disabled + def get_technique_status_and_data(): monkeys = Monkey.get_tunneled_monkeys() hops = [] for monkey in monkeys: @@ -31,6 +28,9 @@ class T1188(AttackTechnique): 'to': proxy.get_network_info(), 'count': proxy_count}) status = ScanStatus.USED.value if hops else ScanStatus.UNSCANNED.value + return (status, hops) + + status, hops = get_technique_status_and_data() data = T1188.get_base_data_by_status(status) data.update({'hops': hops}) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py index 2df22c8ef..baefcba8e 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py @@ -13,13 +13,8 @@ class T1210(AttackTechnique): @staticmethod def get_report_data(): - scanned_services = [] - exploited_services = [] - data = {'title': T1210.technique_title()} - - if not T1210.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @T1210.is_status_disabled + def get_technique_status_and_data(): scanned_services = T1210.get_scanned_services() exploited_services = T1210.get_exploited_services() if exploited_services: @@ -28,6 +23,15 @@ class T1210(AttackTechnique): status = ScanStatus.SCANNED.value else: status = ScanStatus.UNSCANNED.value + return (status, scanned_services, exploited_services) + + status_and_data = get_technique_status_and_data() + status = status_and_data[0] + if status == ScanStatus.DISABLED.value: + scanned_services, exploited_services = [], [] + else: + scanned_services, exploited_services = status_and_data[1], status_and_data[2] + data = {'title': T1210.technique_title()} data.update(T1210.get_message_and_status(status)) data.update(T1210.get_mitigation_by_status(status)) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py b/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py index c380269f5..61c1f89bd 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py @@ -63,7 +63,7 @@ class AttackTechnique(object, metaclass=abc.ABCMeta): Gets the status of a certain attack technique. :return: ScanStatus numeric value """ - if not cls.is_enabled_in_config(): + if not cls._is_enabled_in_config(): return ScanStatus.DISABLED.value elif mongo.db.telemetry.find_one({'telem_category': 'attack', 'data.status': ScanStatus.USED.value, @@ -139,5 +139,11 @@ class AttackTechnique(object, metaclass=abc.ABCMeta): return {} @classmethod - def is_enabled_in_config(cls) -> bool: + def is_status_disabled(cls, get_technique_status_and_data) -> bool: + def check_if_disabled_in_config(): + return (ScanStatus.DISABLED.value, []) if not cls._is_enabled_in_config() else get_technique_status_and_data() + return check_if_disabled_in_config + + @classmethod + def _is_enabled_in_config(cls) -> bool: return AttackConfig.get_technique_values()[cls.tech_id] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py b/monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py index 06c10a627..72188eb4e 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py @@ -38,12 +38,8 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta): """ :return: Technique's report data aggregated from the database """ - data = {'title': cls.technique_title(), 'info': []} - info = [] - - if not cls.is_enabled_in_config(): - status = ScanStatus.DISABLED.value - else: + @cls.is_status_disabled + def get_technique_status_and_data(): info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_names))) status = ScanStatus.UNSCANNED.value if info: @@ -52,6 +48,10 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta): 'data.result.1': True }) status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value + return (status, info) + + data = {'title': cls.technique_title()} + status, info = get_technique_status_and_data() data.update(cls.get_base_data_by_status(status)) data.update({'info': info})