diff --git a/monkey/common/agent_configuration/agent_sub_configurations.py b/monkey/common/agent_configuration/agent_sub_configurations.py index a2c74ef90..691dd1936 100644 --- a/monkey/common/agent_configuration/agent_sub_configurations.py +++ b/monkey/common/agent_configuration/agent_sub_configurations.py @@ -79,7 +79,7 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel): Example: ("1.1.1.1", "2.2.2.2") :param inaccessible_subnets: Subnet ranges that shouldn't be accessible for the agent Example: ("1.1.1.1", "2.2.2.2/24", "myserver") - :param scan_local_interfaces: Whether or not the agent should scan the machine's + :param scan_my_networks: Whether or not the agent should scan the machine's network interfaces in addition to the provided subnet ranges :param subnets: Subnet ranges to scan Example: ("192.168.1.1-192.168.2.255", "3.3.3.3", "2.2.2.2/24", @@ -88,7 +88,7 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel): blocked_ips: Tuple[str, ...] inaccessible_subnets: Tuple[str, ...] - scan_local_interfaces: bool + scan_my_networks: bool subnets: Tuple[str, ...] @validator("blocked_ips", each_item=True) diff --git a/monkey/common/agent_configuration/default_agent_configuration.py b/monkey/common/agent_configuration/default_agent_configuration.py index 3f22f9f83..3c90ce914 100644 --- a/monkey/common/agent_configuration/default_agent_configuration.py +++ b/monkey/common/agent_configuration/default_agent_configuration.py @@ -78,7 +78,7 @@ FINGERPRINTERS = ( ) SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration( - blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_local_interfaces=True, subnets=tuple() + blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=True, subnets=tuple() ) NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration( tcp=TCP_SCAN_CONFIGURATION, diff --git a/monkey/infection_monkey/master/propagator.py b/monkey/infection_monkey/master/propagator.py index 822cb6b83..b592ac130 100644 --- a/monkey/infection_monkey/master/propagator.py +++ b/monkey/infection_monkey/master/propagator.py @@ -121,14 +121,14 @@ class Propagator: ranges_to_scan = target_config.subnets inaccessible_subnets = target_config.inaccessible_subnets blocklisted_ips = target_config.blocked_ips - scan_local_interfaces = target_config.scan_local_interfaces + scan_my_networks = target_config.scan_my_networks return compile_scan_target_list( self._local_network_interfaces, ranges_to_scan, inaccessible_subnets, blocklisted_ips, - scan_local_interfaces, + scan_my_networks, ) def _process_scan_results(self, address: NetworkAddress, scan_results: IPScanResults): diff --git a/monkey/infection_monkey/network_scanning/scan_target_generator.py b/monkey/infection_monkey/network_scanning/scan_target_generator.py index 169075bb8..aef2cad30 100644 --- a/monkey/infection_monkey/network_scanning/scan_target_generator.py +++ b/monkey/infection_monkey/network_scanning/scan_target_generator.py @@ -18,12 +18,12 @@ def compile_scan_target_list( ranges_to_scan: Sequence[str], inaccessible_subnets: Sequence[str], blocklisted_ips: Sequence[str], - scan_local_interfaces: bool, + scan_my_networks: bool, ) -> List[NetworkAddress]: scan_targets = _get_ips_from_subnets_to_scan(ranges_to_scan) - if scan_local_interfaces: - scan_targets.extend(_get_ips_to_scan_from_local_interface(local_network_interfaces)) + if scan_my_networks: + scan_targets.extend(_get_ips_to_scan_from_interface(network_interfaces)) if inaccessible_subnets: inaccessible_subnets = _get_segmentation_check_targets( diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index cf7988cf3..52ed04df9 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -398,7 +398,7 @@ class ReportService: @classmethod def get_config_scan(cls): agent_configuration = cls._agent_configuration_repository.get_configuration() - return agent_configuration.propagation.network_scan.targets.scan_local_interfaces + return agent_configuration.propagation.network_scan.targets.scan_my_networks @staticmethod def get_issue_set(issues): diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js index 108e0c45b..94c5f86c2 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js @@ -18,7 +18,7 @@ const PROPAGATION_CONFIGURATION_SCHEMA = { ' \u26A0' + ' Note that setting this value too high may result in the ' + 'Monkey propagating too far, ' + - 'if "Scan local interfaces" is enabled.\n' + + 'if "Scan Agent\'s networks" is enabled.\n' + 'Setting this to 0 will disable all scanning and exploitation.' }, 'network_scan': NETWORK_SCAN_CONFIGURATION_SCHEMA diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index 8045ec99f..9b7aad256 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -4,7 +4,7 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'properties': { 'info_box': { 'info': 'The Monkey scans for machines on each of the network interfaces of the ' + - 'machine it is running on if "Scan local interfaces" is checked. ' + + 'machine it is running on if "Scan Agent\'s networks" is checked. ' + 'Additionally, the Monkey scans machines according to "Scan target list". ' }, 'blocked_ips': { @@ -41,16 +41,15 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' + '\tDefine a single-host segment: "printer.example"' }, - 'scan_local_interaces': { - 'title': 'Scan local interfaces', + 'scan_my_networks': { + 'title': 'Scan Agent\'s networks', 'type': 'boolean', 'default': false, - 'description': 'Determines whether the Monkey will scan for machines on each the ' + - 'network interfaces of every machines it runs on, in addition to the IPs that ' + - 'are configured manually in the "Scan target list". ' + - 'Note: If a machine has a network interface that is connected to a public ' + - 'network, this setting will cause the Monkey to scan and attempt to exploit ' + - 'machines on the public network.' + 'description': 'If enabled, the Agent will go over all network interfaces and ' + + 'will scan their networks,' + + ' in addition to the IPs that are configured manually in the "Scan target list". ' + + 'Note: If the Agent runs on a machine within a public network,' + + ' this setting will cause scanning and exploitation attempts on that network.' }, 'subnets': { 'title': 'Scan target list', diff --git a/monkey/tests/common/example_agent_configuration.py b/monkey/tests/common/example_agent_configuration.py index a54980c9f..304e85cee 100644 --- a/monkey/tests/common/example_agent_configuration.py +++ b/monkey/tests/common/example_agent_configuration.py @@ -15,12 +15,12 @@ CUSTOM_PBA_CONFIGURATION = { BLOCKED_IPS = ["10.0.0.1", "192.168.1.1"] INACCESSIBLE_SUBNETS = ["172.0.0.0/24", "172.2.2.0/24", "192.168.56.0/24"] -SCAN_LOCAL_INTERFACES = True +SCAN_MY_NETWORKS = True SUBNETS = ["10.0.0.2", "10.0.0.2/16"] SCAN_TARGET_CONFIGURATION = { "blocked_ips": BLOCKED_IPS, "inaccessible_subnets": INACCESSIBLE_SUBNETS, - "scan_local_interfaces": SCAN_LOCAL_INTERFACES, + "scan_my_networks": SCAN_MY_NETWORKS, "subnets": SUBNETS, } diff --git a/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py b/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py index 6464b1c30..82a870792 100644 --- a/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py +++ b/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py @@ -15,7 +15,7 @@ from tests.common.example_agent_configuration import ( PLUGIN_OPTIONS, PORTS, PROPAGATION_CONFIGURATION, - SCAN_LOCAL_INTERFACES, + SCAN_MY_NETWORKS, SCAN_TARGET_CONFIGURATION, SUBNETS, TCP_SCAN_CONFIGURATION, @@ -93,7 +93,7 @@ def test_scan_target_configuration(): assert config.blocked_ips == tuple(BLOCKED_IPS) assert config.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS) - assert config.scan_local_interfaces == SCAN_LOCAL_INTERFACES + assert config.scan_my_networks == SCAN_MY_NETWORKS assert config.subnets == tuple(SUBNETS) @@ -174,7 +174,7 @@ def test_network_scan_configuration(): assert config.fingerprinters[0].options == FINGERPRINTERS[0]["options"] assert config.targets.blocked_ips == tuple(BLOCKED_IPS) assert config.targets.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS) - assert config.targets.scan_local_interfaces == SCAN_LOCAL_INTERFACES + assert config.targets.scan_my_networks == SCAN_MY_NETWORKS assert config.targets.subnets == tuple(SUBNETS) diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py index b07f08ac4..bf3c0003c 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py @@ -170,7 +170,7 @@ def test_scan_result_processing( targets = ScanTargetConfiguration( blocked_ips=[], inaccessible_subnets=[], - scan_local_interfaces=False, + scan_my_networks=False, subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"], ) propagation_config = get_propagation_config(default_agent_configuration, targets) @@ -269,7 +269,7 @@ def test_exploiter_result_processing( targets = ScanTargetConfiguration( blocked_ips=[], inaccessible_subnets=[], - scan_local_interfaces=False, + scan_my_networks=False, subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"], ) propagation_config = get_propagation_config(default_agent_configuration, targets) @@ -310,7 +310,7 @@ def test_scan_target_generation( targets = ScanTargetConfiguration( blocked_ips=["10.0.0.3"], inaccessible_subnets=["10.0.0.128/30", "10.0.0.8/29"], - scan_local_interfaces=True, + scan_my_networks=True, subnets=["10.0.0.0/29", "172.10.20.30"], ) propagation_config = get_propagation_config(default_agent_configuration, targets) diff --git a/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py b/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py index 8cd3dc8ff..7aa0b52ab 100644 --- a/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py +++ b/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py @@ -14,7 +14,7 @@ def compile_ranges_only(ranges): ranges_to_scan=ranges, inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) @@ -88,7 +88,7 @@ def test_blocklisted_ips(): ranges_to_scan=["10.0.0.0/24"], inaccessible_subnets=[], blocklisted_ips=blocklisted_ips, - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 252 @@ -105,7 +105,7 @@ def test_only_ip_blocklisted(ranges_to_scan): ranges_to_scan=ranges_to_scan, inaccessible_subnets=[], blocklisted_ips=blocklisted_ips, - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 0 @@ -124,7 +124,7 @@ def test_local_network_interface_ips_removed_from_targets(): ranges_to_scan=["10.0.0.0/24"], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 252 @@ -142,7 +142,7 @@ def test_no_redundant_targets(): ranges_to_scan=["127.0.0.0", "127.0.0.1", "localhost"], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 2 @@ -164,7 +164,7 @@ def test_only_scan_ip_is_local(ranges_to_scan): ranges_to_scan=ranges_to_scan, inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 0 @@ -184,7 +184,7 @@ def test_local_network_interface_ips_and_blocked_ips_removed_from_targets(): ranges_to_scan=["10.0.0.0/24", "192.168.1.0/24"], inaccessible_subnets=[], blocklisted_ips=blocked_ips, - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == (2 * (256 - 1)) - len(local_network_interfaces) - ( @@ -206,7 +206,7 @@ def test_local_subnet_added(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 254 @@ -226,7 +226,7 @@ def test_multiple_local_subnets_added(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 2 * (255 - 1) @@ -250,7 +250,7 @@ def test_blocklisted_ips_missing_from_local_subnets(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=blocklisted_ips, - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 2 * (255 - 1) - len(blocklisted_ips) @@ -267,7 +267,7 @@ def test_local_subnets_and_ranges_added(): ranges_to_scan=["172.33.66.40/30"], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 254 + 3 @@ -289,7 +289,7 @@ def test_local_network_interfaces_specified_but_disabled(): ranges_to_scan=["172.33.66.40/30"], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -309,7 +309,7 @@ def test_local_network_interfaces_subnet_masks(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 4 @@ -328,7 +328,7 @@ def test_segmentation_targets(): ranges_to_scan=[], inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -351,7 +351,7 @@ def test_segmentation_clash_with_blocked(): ranges_to_scan=[], inaccessible_subnets=inaccessible_subnets, blocklisted_ips=blocked, - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 0 @@ -371,7 +371,7 @@ def test_segmentation_clash_with_targets(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -394,7 +394,7 @@ def test_segmentation_one_network(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -413,7 +413,7 @@ def test_segmentation_inaccessible_networks(): ranges_to_scan=[], inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 0 @@ -437,7 +437,7 @@ def test_invalid_inputs(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -461,7 +461,7 @@ def test_invalid_blocklisted_ip(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=blocklisted, - scan_local_interfaces=False, + scan_my_networks=False, )