forked from p15670423/monkey
Fixed screwed up formatting with black
This commit is contained in:
VakarisZ
Mike Salvatore
parent
03bcfc97af
commit
3149dcc8ec
|
|
@ -48,8 +48,7 @@ class AwsInstance(CloudInstance):
|
|||
try:
|
||||
self.account_id = self._extract_account_id(
|
||||
requests.get(
|
||||
AWS_LATEST_METADATA_URI_PREFIX + "dynamic/instance-identity/document",
|
||||
timeout=2
|
||||
AWS_LATEST_METADATA_URI_PREFIX + "dynamic/instance-identity/document", timeout=2
|
||||
).text
|
||||
)
|
||||
except (requests.RequestException, json.decoder.JSONDecodeError, IOError) as e:
|
||||
|
|
|
|||
|
|
@ -9,8 +9,7 @@ from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
|
|||
|
||||
LATEST_AZURE_METADATA_API_VERSION = "2019-04-30"
|
||||
AZURE_METADATA_SERVICE_URL = (
|
||||
"http://169.254.169.254/metadata/instance?api-version=%s" %
|
||||
LATEST_AZURE_METADATA_API_VERSION
|
||||
"http://169.254.169.254/metadata/instance?api-version=%s" % LATEST_AZURE_METADATA_API_VERSION
|
||||
)
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
|
|||
|
|
@ -18,8 +18,7 @@ def get_version(build=BUILD):
|
|||
def print_version():
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument(
|
||||
"-b", "--build", default=BUILD, help="Choose the build string for this version.",
|
||||
type=str
|
||||
"-b", "--build", default=BUILD, help="Choose the build string for this version.", type=str
|
||||
)
|
||||
args = parser.parse_args()
|
||||
print(get_version(args.build))
|
||||
|
|
|
|||
|
|
@ -141,8 +141,7 @@ class ControlClient(object):
|
|||
)
|
||||
except Exception as exc:
|
||||
LOG.warning(
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server,
|
||||
exc
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server, exc
|
||||
)
|
||||
return {}
|
||||
|
||||
|
|
@ -167,8 +166,7 @@ class ControlClient(object):
|
|||
)
|
||||
except Exception as exc:
|
||||
LOG.warning(
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server,
|
||||
exc
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server, exc
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
|
|
@ -187,8 +185,7 @@ class ControlClient(object):
|
|||
)
|
||||
except Exception as exc:
|
||||
LOG.warning(
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server,
|
||||
exc
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server, exc
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
|
|
@ -206,8 +203,7 @@ class ControlClient(object):
|
|||
|
||||
except Exception as exc:
|
||||
LOG.warning(
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server,
|
||||
exc
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server, exc
|
||||
)
|
||||
return
|
||||
|
||||
|
|
@ -246,8 +242,7 @@ class ControlClient(object):
|
|||
)
|
||||
except Exception as exc:
|
||||
LOG.warning(
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server,
|
||||
exc
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server, exc
|
||||
)
|
||||
return {}
|
||||
|
||||
|
|
@ -316,8 +311,7 @@ class ControlClient(object):
|
|||
|
||||
except Exception as exc:
|
||||
LOG.warning(
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server,
|
||||
exc
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server, exc
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
|
|
@ -350,8 +344,7 @@ class ControlClient(object):
|
|||
|
||||
except Exception as exc:
|
||||
LOG.warning(
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server,
|
||||
exc
|
||||
"Error connecting to control server %s: %s", WormConfiguration.current_server, exc
|
||||
)
|
||||
|
||||
return None, None
|
||||
|
|
|
|||
|
|
@ -189,8 +189,7 @@ class MonkeyDrops(object):
|
|||
|
||||
try:
|
||||
if (
|
||||
(self._config["source_path"].lower() != self._config[
|
||||
"destination_path"].lower())
|
||||
(self._config["source_path"].lower() != self._config["destination_path"].lower())
|
||||
and os.path.exists(self._config["source_path"])
|
||||
and WormConfiguration.dropper_try_move_first
|
||||
):
|
||||
|
|
|
|||
|
|
@ -64,8 +64,7 @@ class HadoopExploiter(WebRCE):
|
|||
def exploit(self, url, command):
|
||||
# Get the newly created application id
|
||||
resp = requests.post(
|
||||
posixpath.join(url, "ws/v1/cluster/apps/new-application"),
|
||||
timeout=LONG_REQUEST_TIMEOUT
|
||||
posixpath.join(url, "ws/v1/cluster/apps/new-application"), timeout=LONG_REQUEST_TIMEOUT
|
||||
)
|
||||
resp = json.loads(resp.content)
|
||||
app_id = resp["application-id"]
|
||||
|
|
@ -75,8 +74,7 @@ class HadoopExploiter(WebRCE):
|
|||
)
|
||||
payload = self.build_payload(app_id, rand_name, command)
|
||||
resp = requests.post(
|
||||
posixpath.join(url, "ws/v1/cluster/apps/"), json=payload,
|
||||
timeout=LONG_REQUEST_TIMEOUT
|
||||
posixpath.join(url, "ws/v1/cluster/apps/"), json=payload, timeout=LONG_REQUEST_TIMEOUT
|
||||
)
|
||||
return resp.status_code == 202
|
||||
|
||||
|
|
@ -93,8 +91,7 @@ class HadoopExploiter(WebRCE):
|
|||
def build_command(self, path, http_path):
|
||||
# Build command to execute
|
||||
monkey_cmd = build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1,
|
||||
vulnerable_port=HadoopExploiter.HADOOP_PORTS[0][0]
|
||||
self.host, get_monkey_depth() - 1, vulnerable_port=HadoopExploiter.HADOOP_PORTS[0][0]
|
||||
)
|
||||
if "linux" in self.host.os["type"]:
|
||||
base_command = HADOOP_LINUX_COMMAND
|
||||
|
|
|
|||
|
|
@ -200,8 +200,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
)
|
||||
LOG.info(
|
||||
"Successfully connected to host: {0}, using user: {1}, password ("
|
||||
"SHA-512): {2}".format(host, user,
|
||||
self._config.hash_sensitive_data(password))
|
||||
"SHA-512): {2}".format(host, user, self._config.hash_sensitive_data(password))
|
||||
)
|
||||
self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT)
|
||||
self.report_login_attempt(True, user, password)
|
||||
|
|
|
|||
|
|
@ -195,8 +195,7 @@ class SambaCryExploiter(HostExploiter):
|
|||
file_content = None
|
||||
try:
|
||||
file_id = smb_client.openFile(
|
||||
tree_id, "\\%s" % self.SAMBACRY_RUNNER_RESULT_FILENAME,
|
||||
desiredAccess=FILE_READ_DATA
|
||||
tree_id, "\\%s" % self.SAMBACRY_RUNNER_RESULT_FILENAME, desiredAccess=FILE_READ_DATA
|
||||
)
|
||||
file_content = smb_client.readFile(tree_id, file_id)
|
||||
smb_client.closeFile(tree_id, file_id)
|
||||
|
|
@ -406,8 +405,7 @@ class SambaCryExploiter(HostExploiter):
|
|||
return BytesIO(
|
||||
DROPPER_ARG
|
||||
+ build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1, SambaCryExploiter.SAMBA_PORT,
|
||||
str(location)
|
||||
self.host, get_monkey_depth() - 1, SambaCryExploiter.SAMBA_PORT, str(location)
|
||||
)
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -58,8 +58,7 @@ class SSHExploiter(HostExploiter):
|
|||
try:
|
||||
ssh.connect(self.host.ip_addr, username=user, pkey=pkey, port=port)
|
||||
LOG.debug(
|
||||
"Successfully logged in %s using %s users private key", self.host,
|
||||
ssh_string
|
||||
"Successfully logged in %s using %s users private key", self.host, ssh_string
|
||||
)
|
||||
self.report_login_attempt(True, user, ssh_key=ssh_string)
|
||||
return ssh
|
||||
|
|
|
|||
|
|
@ -32,8 +32,7 @@ class TestPayload(TestCase):
|
|||
pld2 = LimitedSizePayload(test_str2, max_length=16, prefix="prefix", suffix="suffix")
|
||||
array2 = pld2.split_into_array_of_smaller_payloads()
|
||||
test2 = bool(
|
||||
array2[0] == "prefix1234suffix" and array2[1] == "prefix5678suffix" and len(
|
||||
array2) == 2
|
||||
array2[0] == "prefix1234suffix" and array2[1] == "prefix5678suffix" and len(array2) == 2
|
||||
)
|
||||
|
||||
assert test1 and test2
|
||||
|
|
|
|||
|
|
@ -128,8 +128,7 @@ class SmbTools(object):
|
|||
smb.connectTree(share_name)
|
||||
except Exception as exc:
|
||||
LOG.debug(
|
||||
"Error connecting tree to share '%s' on victim %r: %s", share_name, host,
|
||||
exc
|
||||
"Error connecting tree to share '%s' on victim %r: %s", share_name, host, exc
|
||||
)
|
||||
continue
|
||||
|
||||
|
|
@ -153,8 +152,7 @@ class SmbTools(object):
|
|||
return remote_full_path
|
||||
|
||||
LOG.debug(
|
||||
"Remote monkey file is found but different, moving along with "
|
||||
"attack"
|
||||
"Remote monkey file is found but different, moving along with " "attack"
|
||||
)
|
||||
except Exception:
|
||||
pass # file isn't found on remote victim, moving on
|
||||
|
|
@ -167,8 +165,7 @@ class SmbTools(object):
|
|||
|
||||
file_uploaded = True
|
||||
T1105Telem(
|
||||
ScanStatus.USED, get_interface_to_target(host.ip_addr), host.ip_addr,
|
||||
dst_path
|
||||
ScanStatus.USED, get_interface_to_target(host.ip_addr), host.ip_addr, dst_path
|
||||
).send()
|
||||
LOG.info(
|
||||
"Copied monkey file '%s' to remote share '%s' [%s] on victim %r",
|
||||
|
|
@ -181,8 +178,7 @@ class SmbTools(object):
|
|||
break
|
||||
except Exception as exc:
|
||||
LOG.debug(
|
||||
"Error uploading monkey to share '%s' on victim %r: %s", share_name, host,
|
||||
exc
|
||||
"Error uploading monkey to share '%s' on victim %r: %s", share_name, host, exc
|
||||
)
|
||||
T1105Telem(
|
||||
ScanStatus.SCANNED,
|
||||
|
|
|
|||
|
|
@ -448,8 +448,7 @@ class WebRCE(HostExploiter):
|
|||
return False
|
||||
elif "No such file or directory" in resp:
|
||||
LOG.error(
|
||||
"Could not change permission because monkey was not found. Check path "
|
||||
"parameter."
|
||||
"Could not change permission because monkey was not found. Check path " "parameter."
|
||||
)
|
||||
return False
|
||||
LOG.info("Permission change finished")
|
||||
|
|
|
|||
|
|
@ -66,9 +66,7 @@ class WmiExploiter(HostExploiter):
|
|||
continue
|
||||
except socket.error:
|
||||
LOG.debug(
|
||||
(
|
||||
"Network error in WMI connection to %r with " % self.host) +
|
||||
creds_for_logging
|
||||
("Network error in WMI connection to %r with " % self.host) + creds_for_logging
|
||||
)
|
||||
return False
|
||||
except Exception as exc:
|
||||
|
|
|
|||
|
|
@ -331,8 +331,7 @@ class ZerologonExploiter(HostExploiter):
|
|||
)
|
||||
|
||||
wmiexec = Wmiexec(
|
||||
ip=self.dc_ip, username=username, hashes=":".join(user_pwd_hashes),
|
||||
domain=self.dc_ip
|
||||
ip=self.dc_ip, username=username, hashes=":".join(user_pwd_hashes), domain=self.dc_ip
|
||||
)
|
||||
|
||||
remote_shell = wmiexec.get_remote_shell()
|
||||
|
|
|
|||
|
|
@ -128,8 +128,7 @@ def main():
|
|||
sys.excepthook = log_uncaught_exceptions
|
||||
|
||||
LOG.info(
|
||||
">>>>>>>>>> Initializing monkey (%s): PID %s <<<<<<<<<<", monkey_cls.__name__,
|
||||
os.getpid()
|
||||
">>>>>>>>>> Initializing monkey (%s): PID %s <<<<<<<<<<", monkey_cls.__name__, os.getpid()
|
||||
)
|
||||
|
||||
LOG.info(f"version: {get_version()}")
|
||||
|
|
|
|||
|
|
@ -100,8 +100,7 @@ class InfectionMonkey(object):
|
|||
WormConfiguration.command_servers.insert(0, self._default_server)
|
||||
else:
|
||||
LOG.debug(
|
||||
"Default server: %s is already in command servers list" %
|
||||
self._default_server
|
||||
"Default server: %s is already in command servers list" % self._default_server
|
||||
)
|
||||
|
||||
def start(self):
|
||||
|
|
@ -252,8 +251,7 @@ class InfectionMonkey(object):
|
|||
if len(self._exploited_machines) > 0:
|
||||
time_to_sleep = WormConfiguration.keep_tunnel_open_time
|
||||
LOG.info(
|
||||
"Sleeping %d seconds for exploited machines to connect to tunnel",
|
||||
time_to_sleep
|
||||
"Sleeping %d seconds for exploited machines to connect to tunnel", time_to_sleep
|
||||
)
|
||||
time.sleep(time_to_sleep)
|
||||
|
||||
|
|
@ -398,8 +396,7 @@ class InfectionMonkey(object):
|
|||
return True
|
||||
else:
|
||||
LOG.info(
|
||||
"Failed exploiting %r with exploiter %s", machine,
|
||||
exploiter.__class__.__name__
|
||||
"Failed exploiting %r with exploiter %s", machine, exploiter.__class__.__name__
|
||||
)
|
||||
except ExploitingVulnerableMachineError as exc:
|
||||
LOG.error(
|
||||
|
|
@ -458,8 +455,7 @@ class InfectionMonkey(object):
|
|||
"""
|
||||
if not ControlClient.find_server(default_tunnel=self._default_tunnel):
|
||||
raise PlannedShutdownException(
|
||||
"Monkey couldn't find server with {} default tunnel.".format(
|
||||
self._default_tunnel)
|
||||
"Monkey couldn't find server with {} default tunnel.".format(self._default_tunnel)
|
||||
)
|
||||
self._default_server = WormConfiguration.current_server
|
||||
LOG.debug("default server set to: %s" % self._default_server)
|
||||
|
|
|
|||
|
|
@ -52,7 +52,6 @@ if is_windows_os():
|
|||
local_hostname = socket.gethostname()
|
||||
return socket.gethostbyname_ex(local_hostname)[2]
|
||||
|
||||
|
||||
def get_routes():
|
||||
raise NotImplementedError()
|
||||
|
||||
|
|
@ -60,12 +59,10 @@ if is_windows_os():
|
|||
else:
|
||||
from fcntl import ioctl
|
||||
|
||||
|
||||
def local_ips():
|
||||
valid_ips = [network["addr"] for network in get_host_subnets()]
|
||||
return valid_ips
|
||||
|
||||
|
||||
def get_routes(): # based on scapy implementation for route parsing
|
||||
try:
|
||||
f = open("/proc/net/route", "r")
|
||||
|
|
|
|||
|
|
@ -81,8 +81,7 @@ class CommunicateAsNewUser(PBA):
|
|||
"""
|
||||
if exit_status == 0:
|
||||
PostBreachTelem(
|
||||
self,
|
||||
(CREATED_PROCESS_AS_USER_SUCCESS_FORMAT.format(commandline, username), True)
|
||||
self, (CREATED_PROCESS_AS_USER_SUCCESS_FORMAT.format(commandline, username), True)
|
||||
).send()
|
||||
else:
|
||||
PostBreachTelem(
|
||||
|
|
|
|||
|
|
@ -9,6 +9,5 @@ class AccountDiscovery(PBA):
|
|||
def __init__(self):
|
||||
linux_cmds, windows_cmds = get_commands_to_discover_accounts()
|
||||
super().__init__(
|
||||
POST_BREACH_ACCOUNT_DISCOVERY, linux_cmd=" ".join(linux_cmds),
|
||||
windows_cmd=windows_cmds
|
||||
POST_BREACH_ACCOUNT_DISCOVERY, linux_cmd=" ".join(linux_cmds), windows_cmd=windows_cmds
|
||||
)
|
||||
|
|
|
|||
|
|
@ -62,8 +62,7 @@ class PBA(Plugin):
|
|||
result = exec_funct()
|
||||
if self.scripts_were_used_successfully(result):
|
||||
T1064Telem(
|
||||
ScanStatus.USED,
|
||||
f"Scripts were used to execute {self.name} post breach action."
|
||||
ScanStatus.USED, f"Scripts were used to execute {self.name} post breach action."
|
||||
).send()
|
||||
PostBreachTelem(self, result).send()
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -1,9 +1,7 @@
|
|||
from infection_monkey.post_breach.shell_startup_files.linux.shell_startup_files_modification\
|
||||
import (
|
||||
from infection_monkey.post_breach.shell_startup_files.linux.shell_startup_files_modification import (
|
||||
get_linux_commands_to_modify_shell_startup_files,
|
||||
)
|
||||
from infection_monkey.post_breach.shell_startup_files.windows.shell_startup_files_modification\
|
||||
import (
|
||||
from infection_monkey.post_breach.shell_startup_files.windows.shell_startup_files_modification import (
|
||||
get_windows_commands_to_modify_shell_startup_files,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,8 +19,7 @@ def get_windows_commands_to_modify_shell_startup_files():
|
|||
|
||||
STARTUP_FILES_PER_USER = [
|
||||
"\\".join(
|
||||
SHELL_STARTUP_FILE_PATH_COMPONENTS[:2] + [
|
||||
user] + SHELL_STARTUP_FILE_PATH_COMPONENTS[3:]
|
||||
SHELL_STARTUP_FILE_PATH_COMPONENTS[:2] + [user] + SHELL_STARTUP_FILE_PATH_COMPONENTS[3:]
|
||||
)
|
||||
for user in USERS
|
||||
]
|
||||
|
|
|
|||
|
|
@ -10,5 +10,6 @@ def get_linux_timestomping_commands():
|
|||
f"rm {TEMP_FILE} -f"
|
||||
]
|
||||
|
||||
|
||||
# Commands' source: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006
|
||||
# /T1070.006.md
|
||||
|
|
|
|||
|
|
@ -4,5 +4,6 @@ TEMP_FILE = "monkey-timestomping-file.txt"
|
|||
def get_windows_timestomping_commands():
|
||||
return "powershell.exe infection_monkey/post_breach/timestomping/windows/timestomping.ps1"
|
||||
|
||||
|
||||
# Commands' source: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006
|
||||
# /T1070.006.md
|
||||
|
|
|
|||
|
|
@ -84,8 +84,7 @@ class SSHCollector(object):
|
|||
info["private_key"] = private_key
|
||||
LOG.info("Found private key in %s" % private)
|
||||
T1005Telem(
|
||||
ScanStatus.USED, "SSH key",
|
||||
"Path: %s" % private
|
||||
ScanStatus.USED, "SSH key", "Path: %s" % private
|
||||
).send()
|
||||
else:
|
||||
continue
|
||||
|
|
|
|||
|
|
@ -56,8 +56,7 @@ class TestPypykatzHandler(TestCase):
|
|||
{
|
||||
"credtype": "dpapi",
|
||||
"key_guid": "9123-123ae123de4-121239-3123-421f",
|
||||
"masterkey":
|
||||
"6e81d0cfd5e9ec083cfbdaf4d25b9cc9cc6b72947f5e80920034d1275d8613532025975e"
|
||||
"masterkey": "6e81d0cfd5e9ec083cfbdaf4d25b9cc9cc6b72947f5e80920034d1275d8613532025975e"
|
||||
"f051e891c30e6e9af6db54500fedfed1c968389bf6262c77fbaa68c9",
|
||||
"sha1_masterkey": "bbdabc3cd2f6bcbe3e2cee6ce4ce4cebcef4c6da",
|
||||
"luid": 123086,
|
||||
|
|
@ -65,8 +64,7 @@ class TestPypykatzHandler(TestCase):
|
|||
{
|
||||
"credtype": "dpapi",
|
||||
"key_guid": "9123-123ae123de4-121239-3123-421f",
|
||||
"masterkey":
|
||||
"6e81d0cfd5e9ec083cfbdaf4d25b9cc9cc6b72947f5e80920034d1275d8613532025975e"
|
||||
"masterkey": "6e81d0cfd5e9ec083cfbdaf4d25b9cc9cc6b72947f5e80920034d1275d8613532025975e"
|
||||
"f051e891c30e6e9af6db54500fedfed1c968389bf6262c77fbaa68c9",
|
||||
"sha1_masterkey": "bbdabc3cd2f6bcbe3e2cee6ce4ce4cebcef4c6da",
|
||||
"luid": 123086,
|
||||
|
|
@ -74,8 +72,7 @@ class TestPypykatzHandler(TestCase):
|
|||
{
|
||||
"credtype": "dpapi",
|
||||
"key_guid": "9123-123ae123de4-121239-3123-421f",
|
||||
"masterkey":
|
||||
"6e81d0cfd5e9ec083cfbdaf4d25b9cc9cc6b72947f5e80920034d1275d8613532025975e"
|
||||
"masterkey": "6e81d0cfd5e9ec083cfbdaf4d25b9cc9cc6b72947f5e80920034d1275d8613532025975e"
|
||||
"f051e891c30e6e9af6db54500fedfed1c968389bf6262c77fbaa68c9",
|
||||
"sha1_masterkey": "bbdabc3cd2f6bcbe3e2cee6ce4ce4cebcef4c6da",
|
||||
"luid": 123086,
|
||||
|
|
@ -83,8 +80,7 @@ class TestPypykatzHandler(TestCase):
|
|||
{
|
||||
"credtype": "dpapi",
|
||||
"key_guid": "9123-123ae123de4-121239-3123-421f",
|
||||
"masterkey":
|
||||
"6e81d0cfd5e9ec083cfbdaf4d25b9cc9cc6b72947f5e80920034d1275d8613532025975e"
|
||||
"masterkey": "6e81d0cfd5e9ec083cfbdaf4d25b9cc9cc6b72947f5e80920034d1275d8613532025975e"
|
||||
"f051e891c30e6e9af6db54500fedfed1c968389bf6262c77fbaa68c9",
|
||||
"sha1_masterkey": "bbdabc3cd2f6bcbe3e2cee6ce4ce4cebcef4c6da",
|
||||
"luid": 123086,
|
||||
|
|
|
|||
|
|
@ -44,8 +44,7 @@ class WindowsSystemSingleton(_SystemSingleton):
|
|||
|
||||
if not handle:
|
||||
LOG.error(
|
||||
"Cannot acquire system singleton %r, unknown error %d", self._mutex_name,
|
||||
last_error
|
||||
"Cannot acquire system singleton %r, unknown error %d", self._mutex_name, last_error
|
||||
)
|
||||
return False
|
||||
if winerror.ERROR_ALREADY_EXISTS == last_error:
|
||||
|
|
|
|||
|
|
@ -82,8 +82,7 @@ class AutoNewWindowsUser(AutoNewUser):
|
|||
thread_handle = proc_info.hThread
|
||||
|
||||
logger.debug(
|
||||
"Waiting for process to finish. Timeout: {}ms".format(
|
||||
WAIT_TIMEOUT_IN_MILLISECONDS)
|
||||
"Waiting for process to finish. Timeout: {}ms".format(WAIT_TIMEOUT_IN_MILLISECONDS)
|
||||
)
|
||||
|
||||
# https://social.msdn.microsoft.com/Forums/vstudio/en-US/b6d6a7ae-71e9-4edb-ac8f
|
||||
|
|
|
|||
|
|
@ -46,8 +46,7 @@ class WindowsUpgrader(object):
|
|||
)
|
||||
|
||||
monkey_cmdline = (
|
||||
MONKEY_CMDLINE_WINDOWS % {
|
||||
"monkey_path":WormConfiguration.dropper_target_path_win_64}
|
||||
MONKEY_CMDLINE_WINDOWS % {"monkey_path": WormConfiguration.dropper_target_path_win_64}
|
||||
+ monkey_options
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,5 @@ class TestEvent:
|
|||
|
||||
# Assert that nothing is raised.
|
||||
_ = Event.create_event(
|
||||
title="skjs", message="bla bla",
|
||||
event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK
|
||||
title="skjs", message="bla bla", event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK
|
||||
)
|
||||
|
|
|
|||
|
|
@ -53,8 +53,7 @@ class TestTelemStore:
|
|||
mkdir(TELEM_SAMPLE_DIR)
|
||||
for test_telem in TestTelem.objects():
|
||||
with open(
|
||||
TestTelemStore.get_unique_file_path_for_test_telem(TELEM_SAMPLE_DIR,
|
||||
test_telem),
|
||||
TestTelemStore.get_unique_file_path_for_test_telem(TELEM_SAMPLE_DIR, test_telem),
|
||||
"w",
|
||||
) as file:
|
||||
file.write(test_telem.to_json(indent=2))
|
||||
|
|
|
|||
|
|
@ -116,8 +116,7 @@ class AttackConfig(object):
|
|||
):
|
||||
AttackConfig.set_bool_conf_val(
|
||||
path,
|
||||
AttackConfig.should_enable_field(value["attack_techniques"],
|
||||
attack_techniques),
|
||||
AttackConfig.should_enable_field(value["attack_techniques"], attack_techniques),
|
||||
monkey_config,
|
||||
)
|
||||
# If 'value' is dict, we go over each of it's fields to search for booleans
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ BASIC_NETWORK = {
|
|||
"will be shown in the reports. \n\n"
|
||||
"Network segments can be IPs, subnets or hosts. Examples:\n"
|
||||
'\tDefine a single-IP segment: "192.168.0.1"\n'
|
||||
'\tDefine a segment using a network range: '
|
||||
"\tDefine a segment using a network range: "
|
||||
'"192.168.0.5-192.168.0.20"\n'
|
||||
'\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n'
|
||||
'\tDefine a single-host segment: "printer.example"',
|
||||
|
|
|
|||
|
|
@ -150,8 +150,7 @@ class AWSExporter(Exporter):
|
|||
description="Use micro-segmentation policies to disable communication other than "
|
||||
"the required.",
|
||||
recommendation="Machines are not locked down at port level. "
|
||||
"Network tunnel was set up from {0} to {1}".format(issue["machine"],
|
||||
issue["dest"]),
|
||||
"Network tunnel was set up from {0} to {1}".format(issue["machine"], issue["dest"]),
|
||||
instance_arn=instance_arn,
|
||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
)
|
||||
|
|
@ -169,8 +168,7 @@ class AWSExporter(Exporter):
|
|||
recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The "
|
||||
"Monkey authenticated over the SMB "
|
||||
"protocol with user {2} and its password, and used the SambaCry "
|
||||
"vulnerability.".format(issue["machine"], issue["ip_address"],
|
||||
issue["username"]),
|
||||
"vulnerability.".format(issue["machine"], issue["ip_address"], issue["username"]),
|
||||
instance_arn=instance_arn,
|
||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
)
|
||||
|
|
@ -207,8 +205,7 @@ class AWSExporter(Exporter):
|
|||
recommendation="The machine {0} ({1}) is vulnerable to a SSH attack. The Monkey "
|
||||
"authenticated over the SSH"
|
||||
" protocol with user {2} and its "
|
||||
"password.".format(issue["machine"], issue["ip_address"],
|
||||
issue["username"]),
|
||||
"password.".format(issue["machine"], issue["ip_address"], issue["username"]),
|
||||
instance_arn=instance_arn,
|
||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
)
|
||||
|
|
@ -226,8 +223,7 @@ class AWSExporter(Exporter):
|
|||
recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH "
|
||||
"attack. The Monkey authenticated "
|
||||
"over the SSH protocol with private key {ssh_key}.".format(
|
||||
machine=issue["machine"], ip_address=issue["ip_address"],
|
||||
ssh_key=issue["ssh_key"]
|
||||
machine=issue["machine"], ip_address=issue["ip_address"], ssh_key=issue["ssh_key"]
|
||||
),
|
||||
instance_arn=instance_arn,
|
||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
|
|
@ -243,8 +239,7 @@ class AWSExporter(Exporter):
|
|||
recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. "
|
||||
"The attack was made "
|
||||
"possible because the Elastic Search server was not patched "
|
||||
"against CVE-2015-1427.".format(issue["machine"],
|
||||
issue["ip_address"]),
|
||||
"against CVE-2015-1427.".format(issue["machine"], issue["ip_address"]),
|
||||
instance_arn=instance_arn,
|
||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
)
|
||||
|
|
@ -332,8 +327,7 @@ class AWSExporter(Exporter):
|
|||
recommendation="The machine {machine} ({ip_address}) is vulnerable to a WMI "
|
||||
"attack. The Monkey authenticated over "
|
||||
"the WMI protocol with user {username} and its password.".format(
|
||||
machine=issue["machine"], ip_address=issue["ip_address"],
|
||||
username=issue["username"]
|
||||
machine=issue["machine"], ip_address=issue["ip_address"], username=issue["username"]
|
||||
),
|
||||
instance_arn=instance_arn,
|
||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
|
|
@ -352,8 +346,7 @@ class AWSExporter(Exporter):
|
|||
recommendation="The machine {machine} ({ip_address}) is vulnerable to a WMI "
|
||||
"attack. The Monkey used a "
|
||||
"pass-the-hash attack over WMI protocol with user {username}".format(
|
||||
machine=issue["machine"], ip_address=issue["ip_address"],
|
||||
username=issue["username"]
|
||||
machine=issue["machine"], ip_address=issue["ip_address"], username=issue["username"]
|
||||
),
|
||||
instance_arn=instance_arn,
|
||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
|
|
|
|||
|
|
@ -2,20 +2,16 @@ from dataclasses import dataclass
|
|||
from enum import Enum
|
||||
from typing import Type
|
||||
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors\
|
||||
.cred_exploit import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.cred_exploit import (
|
||||
CredExploitProcessor,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit \
|
||||
import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import (
|
||||
ExploitProcessor,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors\
|
||||
.shellshock_exploit import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.shellshock_exploit import (
|
||||
ShellShockExploitProcessor,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.zerologon\
|
||||
import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.zerologon import (
|
||||
ZerologonExploitProcessor,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing\
|
||||
.exploiter_report_info import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.exploiter_report_info import (
|
||||
CredentialType,
|
||||
ExploiterReportInfo,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit \
|
||||
import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import (
|
||||
ExploitProcessor,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing\
|
||||
.exploiter_report_info import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.exploiter_report_info import (
|
||||
ExploiterReportInfo,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit \
|
||||
import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import (
|
||||
ExploiterReportInfo,
|
||||
ExploitProcessor,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit \
|
||||
import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import (
|
||||
ExploiterReportInfo,
|
||||
ExploitProcessor,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -22,16 +22,13 @@ from monkey_island.cc.services.configuration.utils import (
|
|||
get_config_network_segments_as_subnet_groups,
|
||||
)
|
||||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing\
|
||||
.exploiter_descriptor_enum import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.exploiter_descriptor_enum import (
|
||||
ExploiterDescriptorEnum,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors\
|
||||
.cred_exploit import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.cred_exploit import (
|
||||
CredentialType,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit \
|
||||
import (
|
||||
from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import (
|
||||
ExploiterReportInfo,
|
||||
)
|
||||
from monkey_island.cc.services.reporting.pth_report import PTHReportService
|
||||
|
|
@ -110,8 +107,7 @@ class ReportService:
|
|||
"type": "azure_password",
|
||||
"machine": machine,
|
||||
"users": set(
|
||||
[instance["username"] for instance in creds if
|
||||
instance["origin"] == machine]
|
||||
[instance["username"] for instance in creds if instance["origin"] == machine]
|
||||
),
|
||||
}
|
||||
for machine in machines
|
||||
|
|
@ -187,8 +183,7 @@ class ReportService:
|
|||
return list(
|
||||
set(
|
||||
[
|
||||
ExploiterDescriptorEnum.get_by_class_name(
|
||||
exploit["exploiter"]).display_name
|
||||
ExploiterDescriptorEnum.get_by_class_name(exploit["exploiter"]).display_name
|
||||
for exploit in node["exploits"]
|
||||
if exploit["result"]
|
||||
]
|
||||
|
|
@ -773,8 +768,7 @@ class ReportService:
|
|||
def did_exploit_type_succeed(exploit_type):
|
||||
return (
|
||||
mongo.db.edge.count(
|
||||
{"exploits":{"$elemMatch":{"exploiter":exploit_type, "result":True}}},
|
||||
limit=1
|
||||
{"exploits": {"$elemMatch": {"exploiter": exploit_type, "result": True}}}, limit=1
|
||||
)
|
||||
> 0
|
||||
)
|
||||
|
|
|
|||
|
|
@ -3,8 +3,7 @@ import logging
|
|||
from monkey_island.cc.server_utils.encryptor import get_encryptor
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors\
|
||||
.system_info_telemetry_dispatcher import (
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import (
|
||||
SystemInfoTelemetryDispatcher,
|
||||
)
|
||||
from monkey_island.cc.services.wmi_handler import WMIHandler
|
||||
|
|
|
|||
|
|
@ -13,6 +13,5 @@ def process_aws_telemetry(collector_results, monkey_guid):
|
|||
relevant_monkey.aws_instance_id = instance_id
|
||||
relevant_monkey.save()
|
||||
logger.debug(
|
||||
"Updated Monkey {} with aws instance id {}".format(str(relevant_monkey),
|
||||
instance_id)
|
||||
"Updated Monkey {} with aws instance id {}".format(str(relevant_monkey), instance_id)
|
||||
)
|
||||
|
|
|
|||
|
|
@ -33,8 +33,7 @@ SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {
|
|||
class SystemInfoTelemetryDispatcher(object):
|
||||
def __init__(
|
||||
self,
|
||||
collector_to_parsing_functions: typing.Mapping[
|
||||
str, typing.List[typing.Callable]] = None,
|
||||
collector_to_parsing_functions: typing.Mapping[str, typing.List[typing.Callable]] = None,
|
||||
):
|
||||
"""
|
||||
:param collector_to_parsing_functions: Map between collector names and a list of functions
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
import uuid
|
||||
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors\
|
||||
.system_info_telemetry_dispatcher import (
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import (
|
||||
SystemInfoTelemetryDispatcher,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -3,8 +3,7 @@ import uuid
|
|||
import pytest
|
||||
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors\
|
||||
.system_info_telemetry_dispatcher import (
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import (
|
||||
SystemInfoTelemetryDispatcher,
|
||||
process_aws_telemetry,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ if sys.platform == "win32":
|
|||
else:
|
||||
import fcntl
|
||||
|
||||
|
||||
def local_ips():
|
||||
result = []
|
||||
try:
|
||||
|
|
|
|||
|
|
@ -141,8 +141,7 @@ class WMIHandler(object):
|
|||
if entity["machine_id"]:
|
||||
# Handling for local entities.
|
||||
mongo.db.groupsandusers.update(
|
||||
{"SID":entity["SID"], "machine_id":entity["machine_id"]}, entity,
|
||||
upsert=True
|
||||
{"SID": entity["SID"], "machine_id": entity["machine_id"]}, entity, upsert=True
|
||||
)
|
||||
else:
|
||||
# Handlings for domain entities.
|
||||
|
|
@ -169,8 +168,7 @@ class WMIHandler(object):
|
|||
if group["admin_on_machines"]:
|
||||
mongo.db.groupsandusers.update_one(
|
||||
{"SID": self.info_for_mongo[profile]["SID"]},
|
||||
{"$addToSet":{
|
||||
"admin_on_machines":{"$each":group["admin_on_machines"]}}},
|
||||
{"$addToSet": {"admin_on_machines": {"$each": group["admin_on_machines"]}}},
|
||||
)
|
||||
|
||||
def add_admin(self, group, machine_id):
|
||||
|
|
|
|||
|
|
@ -2,8 +2,7 @@ from enum import Enum
|
|||
|
||||
from common.utils.code_utils import get_value_from_dict
|
||||
from common.utils.exceptions import RulePathCreatorNotFound
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators_list import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators_list import (
|
||||
RULE_PATH_CREATORS_LIST,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,7 @@ from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudform
|
|||
CloudformationRules,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,7 @@ from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudtrai
|
|||
CloudTrailRules,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,7 @@ from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudwatc
|
|||
CloudWatchRules,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,7 @@ from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.config_ru
|
|||
ConfigRules,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ec2_rules import EC2Rules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elb_rules import ELBRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elbv2_rules import ELBv2Rules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.iam_rules import IAMRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rds_rules import RDSRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,7 @@ from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.redshift_
|
|||
RedshiftRules,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.s3_rules import S3Rules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ses_rules import SESRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.sns_rules import SNSRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.sqs_rules import SQSRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.vpc_rules import VPCRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.abstract_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import (
|
||||
AbstractRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,61 +1,46 @@
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.cloudformation_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.cloudformation_rule_path_creator import (
|
||||
CloudformationRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.cloudtrail_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.cloudtrail_rule_path_creator import (
|
||||
CloudTrailRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.cloudwatch_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.cloudwatch_rule_path_creator import (
|
||||
CloudWatchRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.config_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.config_rule_path_creator import (
|
||||
ConfigRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.ec2_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.ec2_rule_path_creator import (
|
||||
EC2RulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.elb_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.elb_rule_path_creator import (
|
||||
ELBRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.elbv2_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.elbv2_rule_path_creator import (
|
||||
ELBv2RulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.iam_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.iam_rule_path_creator import (
|
||||
IAMRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.rds_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.rds_rule_path_creator import (
|
||||
RDSRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.redshift_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.redshift_rule_path_creator import (
|
||||
RedshiftRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.s3_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.s3_rule_path_creator import (
|
||||
S3RulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.ses_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.ses_rule_path_creator import (
|
||||
SESRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.sns_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.sns_rule_path_creator import (
|
||||
SNSRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.sqs_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.sqs_rule_path_creator import (
|
||||
SQSRulePathCreator,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building\
|
||||
.rule_path_creators.vpc_rule_path_creator import (
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.vpc_rule_path_creator import (
|
||||
VPCRulePathCreator,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -38,18 +38,12 @@ RULES = [
|
|||
ScoutSuiteRule(
|
||||
checked_items=179,
|
||||
compliance=[
|
||||
{"name":"CIS Amazon Web Services Foundations", "version":"1.0.0",
|
||||
"reference":"4.1"},
|
||||
{"name":"CIS Amazon Web Services Foundations", "version":"1.0.0",
|
||||
"reference":"4.2"},
|
||||
{"name":"CIS Amazon Web Services Foundations", "version":"1.1.0",
|
||||
"reference":"4.1"},
|
||||
{"name":"CIS Amazon Web Services Foundations", "version":"1.1.0",
|
||||
"reference":"4.2"},
|
||||
{"name":"CIS Amazon Web Services Foundations", "version":"1.2.0",
|
||||
"reference":"4.1"},
|
||||
{"name":"CIS Amazon Web Services Foundations", "version":"1.2.0",
|
||||
"reference":"4.2"},
|
||||
{"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.1"},
|
||||
{"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.2"},
|
||||
{"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.1"},
|
||||
{"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.2"},
|
||||
{"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.1"},
|
||||
{"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.2"},
|
||||
],
|
||||
dashboard_name="Rules",
|
||||
description="Security Group Opens RDP Port to All",
|
||||
|
|
|
|||
|
|
@ -43,8 +43,7 @@ class FindingService:
|
|||
test_info = zero_trust_consts.TESTS_MAP[finding["test"]]
|
||||
enriched_finding = EnrichedFinding(
|
||||
finding_id=str(finding["_id"]),
|
||||
test=test_info[zero_trust_consts.FINDING_EXPLANATION_BY_STATUS_KEY][
|
||||
finding["status"]],
|
||||
test=test_info[zero_trust_consts.FINDING_EXPLANATION_BY_STATUS_KEY][finding["status"]],
|
||||
test_key=finding["test"],
|
||||
pillars=test_info[zero_trust_consts.PILLARS_KEY],
|
||||
status=finding["status"],
|
||||
|
|
|
|||
|
|
@ -20,14 +20,12 @@ def save_example_findings():
|
|||
)
|
||||
# devices failed = 1
|
||||
_save_finding_with_status(
|
||||
"monkey", zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS,
|
||||
zero_trust_consts.STATUS_FAILED
|
||||
"monkey", zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, zero_trust_consts.STATUS_FAILED
|
||||
)
|
||||
# people verify = 1
|
||||
# networks verify = 1
|
||||
_save_finding_with_status(
|
||||
"scoutsuite", zero_trust_consts.TEST_SCHEDULED_EXECUTION,
|
||||
zero_trust_consts.STATUS_VERIFY
|
||||
"scoutsuite", zero_trust_consts.TEST_SCHEDULED_EXECUTION, zero_trust_consts.STATUS_VERIFY
|
||||
)
|
||||
# people verify = 2
|
||||
# networks verify = 2
|
||||
|
|
|
|||
|
|
@ -13,8 +13,7 @@ from common.common_consts.zero_trust_consts import (
|
|||
WORKLOADS,
|
||||
)
|
||||
from monkey_island.cc.services.zero_trust.zero_trust_report.pillar_service import PillarService
|
||||
from monkey_island.cc.services.zero_trust.zero_trust_report.test_common.example_finding_data \
|
||||
import (
|
||||
from monkey_island.cc.services.zero_trust.zero_trust_report.test_common.example_finding_data import (
|
||||
save_example_findings,
|
||||
)
|
||||
from monkey_island.cc.test_common.fixtures import FixtureEnum
|
||||
|
|
|
|||
Loading…
Reference in New Issue