p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Agent, Island: Rename scan_local_interfaces to scan_my_networks 

"scan_my_networks" is the shortest way to convey that networks the machine belongs to will get scanned
This commit is contained in:
vakarisz 2022-09-26 16:14:47 +03:00
parent 8ff817eed2
commit 9728d22250
11 changed files with 46 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey/common/agent_configuration/agent_sub_configurations.py
View File

@ -79,7 +79,7 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel):
Example: ("1.1.1.1", "2.2.2.2")
:param inaccessible_subnets: Subnet ranges that shouldn't be accessible for the agent
Example: ("1.1.1.1", "2.2.2.2/24", "myserver")
:param scan_local_interfaces: Whether or not the agent should scan the machine's
:param scan_my_networks: Whether or not the agent should scan the machine's
network interfaces in addition to the provided subnet ranges
:param subnets: Subnet ranges to scan
Example: ("192.168.1.1-192.168.2.255", "3.3.3.3", "2.2.2.2/24",
@ -88,7 +88,7 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel):
blocked_ips: Tuple[str, ...]
inaccessible_subnets: Tuple[str, ...]
scan_local_interfaces: bool
scan_my_networks: bool
subnets: Tuple[str, ...]
@validator("blocked_ips", each_item=True)

2
monkey/common/agent_configuration/default_agent_configuration.py
View File

@ -78,7 +78,7 @@ FINGERPRINTERS = (
)
SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration(
blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_local_interfaces=True, subnets=tuple()
blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=True, subnets=tuple()
)
NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration(
tcp=TCP_SCAN_CONFIGURATION,

4
monkey/infection_monkey/master/propagator.py
View File

@ -121,14 +121,14 @@ class Propagator:
ranges_to_scan = target_config.subnets
inaccessible_subnets = target_config.inaccessible_subnets
blocklisted_ips = target_config.blocked_ips
scan_local_interfaces = target_config.scan_local_interfaces
scan_my_networks = target_config.scan_my_networks
return compile_scan_target_list(
self._local_network_interfaces,
ranges_to_scan,
inaccessible_subnets,
blocklisted_ips,
scan_local_interfaces,
scan_my_networks,
)
def _process_scan_results(self, address: NetworkAddress, scan_results: IPScanResults):

6
monkey/infection_monkey/network_scanning/scan_target_generator.py
View File

@ -18,12 +18,12 @@ def compile_scan_target_list(
ranges_to_scan: Sequence[str],
inaccessible_subnets: Sequence[str],
blocklisted_ips: Sequence[str],
scan_local_interfaces: bool,
scan_my_networks: bool,
) -> List[NetworkAddress]:
scan_targets = _get_ips_from_subnets_to_scan(ranges_to_scan)
if scan_local_interfaces:
scan_targets.extend(_get_ips_to_scan_from_local_interface(local_network_interfaces))
if scan_my_networks:
scan_targets.extend(_get_ips_to_scan_from_interface(network_interfaces))
if inaccessible_subnets:
inaccessible_subnets = _get_segmentation_check_targets(

2
monkey/monkey_island/cc/services/reporting/report.py
View File

@ -398,7 +398,7 @@ class ReportService:
@classmethod
def get_config_scan(cls):
agent_configuration = cls._agent_configuration_repository.get_configuration()
return agent_configuration.propagation.network_scan.targets.scan_local_interfaces
return agent_configuration.propagation.network_scan.targets.scan_my_networks
@staticmethod
def get_issue_set(issues):

2
monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js
View File

@ -18,7 +18,7 @@ const PROPAGATION_CONFIGURATION_SCHEMA = {
' \u26A0' +
' Note that setting this value too high may result in the ' +
'Monkey propagating too far, ' +
'if "Scan local interfaces" is enabled.\n' +
'if "Scan Agent\'s networks" is enabled.\n' +
'Setting this to 0 will disable all scanning and exploitation.'
},
'network_scan': NETWORK_SCAN_CONFIGURATION_SCHEMA

17
monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js
View File

@ -4,7 +4,7 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = {
'properties': {
'info_box': {
'info': 'The Monkey scans for machines on each of the network interfaces of the ' +
'machine it is running on if "Scan local interfaces" is checked. ' +
'machine it is running on if "Scan Agent\'s networks" is checked. ' +
'Additionally, the Monkey scans machines according to "Scan target list". '
},
'blocked_ips': {
@ -41,16 +41,15 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = {
'\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' +
'\tDefine a single-host segment: "printer.example"'
},
'scan_local_interaces': {
'title': 'Scan local interfaces',
'scan_my_networks': {
'title': 'Scan Agent\'s networks',
'type': 'boolean',
'default': false,
'description': 'Determines whether the Monkey will scan for machines on each the ' +
'network interfaces of every machines it runs on, in addition to the IPs that ' +
'are configured manually in the "Scan target list". ' +
'Note: If a machine has a network interface that is connected to a public ' +
'network, this setting will cause the Monkey to scan and attempt to exploit ' +
'machines on the public network.'
'description': 'If enabled, the Agent will go over all network interfaces and ' +
'will scan their networks,' +
' in addition to the IPs that are configured manually in the "Scan target list". ' +
'Note: If the Agent runs on a machine within a public network,' +
' this setting will cause scanning and exploitation attempts on that network.'
},
'subnets': {
'title': 'Scan target list',

4
monkey/tests/common/example_agent_configuration.py
View File

@ -15,12 +15,12 @@ CUSTOM_PBA_CONFIGURATION = {
BLOCKED_IPS = ["10.0.0.1", "192.168.1.1"]
INACCESSIBLE_SUBNETS = ["172.0.0.0/24", "172.2.2.0/24", "192.168.56.0/24"]
SCAN_LOCAL_INTERFACES = True
SCAN_MY_NETWORKS = True
SUBNETS = ["10.0.0.2", "10.0.0.2/16"]
SCAN_TARGET_CONFIGURATION = {
"blocked_ips": BLOCKED_IPS,
"inaccessible_subnets": INACCESSIBLE_SUBNETS,
"scan_local_interfaces": SCAN_LOCAL_INTERFACES,
"scan_my_networks": SCAN_MY_NETWORKS,
"subnets": SUBNETS,
}

6
monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py
View File

@ -15,7 +15,7 @@ from tests.common.example_agent_configuration import (
PLUGIN_OPTIONS,
PORTS,
PROPAGATION_CONFIGURATION,
SCAN_LOCAL_INTERFACES,
SCAN_MY_NETWORKS,
SCAN_TARGET_CONFIGURATION,
SUBNETS,
TCP_SCAN_CONFIGURATION,
@ -93,7 +93,7 @@ def test_scan_target_configuration():
assert config.blocked_ips == tuple(BLOCKED_IPS)
assert config.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS)
assert config.scan_local_interfaces == SCAN_LOCAL_INTERFACES
assert config.scan_my_networks == SCAN_MY_NETWORKS
assert config.subnets == tuple(SUBNETS)
@ -174,7 +174,7 @@ def test_network_scan_configuration():
assert config.fingerprinters[0].options == FINGERPRINTERS[0]["options"]
assert config.targets.blocked_ips == tuple(BLOCKED_IPS)
assert config.targets.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS)
assert config.targets.scan_local_interfaces == SCAN_LOCAL_INTERFACES
assert config.targets.scan_my_networks == SCAN_MY_NETWORKS
assert config.targets.subnets == tuple(SUBNETS)

6
monkey/tests/unit_tests/infection_monkey/master/test_propagator.py
View File

@ -170,7 +170,7 @@ def test_scan_result_processing(
targets = ScanTargetConfiguration(
blocked_ips=[],
inaccessible_subnets=[],
scan_local_interfaces=False,
scan_my_networks=False,
subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"],
)
propagation_config = get_propagation_config(default_agent_configuration, targets)
@ -269,7 +269,7 @@ def test_exploiter_result_processing(
targets = ScanTargetConfiguration(
blocked_ips=[],
inaccessible_subnets=[],
scan_local_interfaces=False,
scan_my_networks=False,
subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"],
)
propagation_config = get_propagation_config(default_agent_configuration, targets)
@ -310,7 +310,7 @@ def test_scan_target_generation(
targets = ScanTargetConfiguration(
blocked_ips=["10.0.0.3"],
inaccessible_subnets=["10.0.0.128/30", "10.0.0.8/29"],
scan_local_interfaces=True,
scan_my_networks=True,
subnets=["10.0.0.0/29", "172.10.20.30"],
)
propagation_config = get_propagation_config(default_agent_configuration, targets)

40
monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py
View File

@ -14,7 +14,7 @@ def compile_ranges_only(ranges):
ranges_to_scan=ranges,
inaccessible_subnets=[],
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
@ -88,7 +88,7 @@ def test_blocklisted_ips():
ranges_to_scan=["10.0.0.0/24"],
inaccessible_subnets=[],
blocklisted_ips=blocklisted_ips,
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 252
@ -105,7 +105,7 @@ def test_only_ip_blocklisted(ranges_to_scan):
ranges_to_scan=ranges_to_scan,
inaccessible_subnets=[],
blocklisted_ips=blocklisted_ips,
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 0
@ -124,7 +124,7 @@ def test_local_network_interface_ips_removed_from_targets():
ranges_to_scan=["10.0.0.0/24"],
inaccessible_subnets=[],
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 252
@ -142,7 +142,7 @@ def test_no_redundant_targets():
ranges_to_scan=["127.0.0.0", "127.0.0.1", "localhost"],
inaccessible_subnets=[],
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 2
@ -164,7 +164,7 @@ def test_only_scan_ip_is_local(ranges_to_scan):
ranges_to_scan=ranges_to_scan,
inaccessible_subnets=[],
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 0
@ -184,7 +184,7 @@ def test_local_network_interface_ips_and_blocked_ips_removed_from_targets():
ranges_to_scan=["10.0.0.0/24", "192.168.1.0/24"],
inaccessible_subnets=[],
blocklisted_ips=blocked_ips,
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == (2 * (256 - 1)) - len(local_network_interfaces) - (
@ -206,7 +206,7 @@ def test_local_subnet_added():
ranges_to_scan=[],
inaccessible_subnets=[],
blocklisted_ips=[],
scan_local_interfaces=True,
scan_my_networks=True,
)
assert len(scan_targets) == 254
@ -226,7 +226,7 @@ def test_multiple_local_subnets_added():
ranges_to_scan=[],
inaccessible_subnets=[],
blocklisted_ips=[],
scan_local_interfaces=True,
scan_my_networks=True,
)
assert len(scan_targets) == 2 * (255 - 1)
@ -250,7 +250,7 @@ def test_blocklisted_ips_missing_from_local_subnets():
ranges_to_scan=[],
inaccessible_subnets=[],
blocklisted_ips=blocklisted_ips,
scan_local_interfaces=True,
scan_my_networks=True,
)
assert len(scan_targets) == 2 * (255 - 1) - len(blocklisted_ips)
@ -267,7 +267,7 @@ def test_local_subnets_and_ranges_added():
ranges_to_scan=["172.33.66.40/30"],
inaccessible_subnets=[],
blocklisted_ips=[],
scan_local_interfaces=True,
scan_my_networks=True,
)
assert len(scan_targets) == 254 + 3
@ -289,7 +289,7 @@ def test_local_network_interfaces_specified_but_disabled():
ranges_to_scan=["172.33.66.40/30"],
inaccessible_subnets=[],
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 3
@ -309,7 +309,7 @@ def test_local_network_interfaces_subnet_masks():
ranges_to_scan=[],
inaccessible_subnets=[],
blocklisted_ips=[],
scan_local_interfaces=True,
scan_my_networks=True,
)
assert len(scan_targets) == 4
@ -328,7 +328,7 @@ def test_segmentation_targets():
ranges_to_scan=[],
inaccessible_subnets=inaccessible_subnets,
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 3
@ -351,7 +351,7 @@ def test_segmentation_clash_with_blocked():
ranges_to_scan=[],
inaccessible_subnets=inaccessible_subnets,
blocklisted_ips=blocked,
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 0
@ -371,7 +371,7 @@ def test_segmentation_clash_with_targets():
ranges_to_scan=targets,
inaccessible_subnets=inaccessible_subnets,
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 3
@ -394,7 +394,7 @@ def test_segmentation_one_network():
ranges_to_scan=targets,
inaccessible_subnets=inaccessible_subnets,
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 3
@ -413,7 +413,7 @@ def test_segmentation_inaccessible_networks():
ranges_to_scan=[],
inaccessible_subnets=inaccessible_subnets,
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 0
@ -437,7 +437,7 @@ def test_invalid_inputs():
ranges_to_scan=targets,
inaccessible_subnets=inaccessible_subnets,
blocklisted_ips=[],
scan_local_interfaces=False,
scan_my_networks=False,
)
assert len(scan_targets) == 3
@ -461,7 +461,7 @@ def test_invalid_blocklisted_ip():
ranges_to_scan=targets,
inaccessible_subnets=inaccessible_subnets,
blocklisted_ips=blocklisted,
scan_local_interfaces=False,
scan_my_networks=False,
)