forked from p15670423/monkey
Ran 2to3 on changes merged from develop
This commit is contained in:
parent
1eac005563
commit
9bcaf8b512
|
@ -1,2 +1,2 @@
|
||||||
from zero_trust_consts import populate_mappings
|
from .zero_trust_consts import populate_mappings
|
||||||
populate_mappings()
|
populate_mappings()
|
||||||
|
|
|
@ -6,31 +6,31 @@ This file contains static mappings between zero trust components such as: pillar
|
||||||
Some of the mappings are computed when this module is loaded.
|
Some of the mappings are computed when this module is loaded.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
AUTOMATION_ORCHESTRATION = u"Automation & Orchestration"
|
AUTOMATION_ORCHESTRATION = "Automation & Orchestration"
|
||||||
VISIBILITY_ANALYTICS = u"Visibility & Analytics"
|
VISIBILITY_ANALYTICS = "Visibility & Analytics"
|
||||||
WORKLOADS = u"Workloads"
|
WORKLOADS = "Workloads"
|
||||||
DEVICES = u"Devices"
|
DEVICES = "Devices"
|
||||||
NETWORKS = u"Networks"
|
NETWORKS = "Networks"
|
||||||
PEOPLE = u"People"
|
PEOPLE = "People"
|
||||||
DATA = u"Data"
|
DATA = "Data"
|
||||||
PILLARS = (DATA, PEOPLE, NETWORKS, DEVICES, WORKLOADS, VISIBILITY_ANALYTICS, AUTOMATION_ORCHESTRATION)
|
PILLARS = (DATA, PEOPLE, NETWORKS, DEVICES, WORKLOADS, VISIBILITY_ANALYTICS, AUTOMATION_ORCHESTRATION)
|
||||||
|
|
||||||
STATUS_UNEXECUTED = u"Unexecuted"
|
STATUS_UNEXECUTED = "Unexecuted"
|
||||||
STATUS_PASSED = u"Passed"
|
STATUS_PASSED = "Passed"
|
||||||
STATUS_VERIFY = u"Verify"
|
STATUS_VERIFY = "Verify"
|
||||||
STATUS_FAILED = u"Failed"
|
STATUS_FAILED = "Failed"
|
||||||
# Don't change order! The statuses are ordered by importance/severity.
|
# Don't change order! The statuses are ordered by importance/severity.
|
||||||
ORDERED_TEST_STATUSES = [STATUS_FAILED, STATUS_VERIFY, STATUS_PASSED, STATUS_UNEXECUTED]
|
ORDERED_TEST_STATUSES = [STATUS_FAILED, STATUS_VERIFY, STATUS_PASSED, STATUS_UNEXECUTED]
|
||||||
|
|
||||||
TEST_DATA_ENDPOINT_ELASTIC = u"unencrypted_data_endpoint_elastic"
|
TEST_DATA_ENDPOINT_ELASTIC = "unencrypted_data_endpoint_elastic"
|
||||||
TEST_DATA_ENDPOINT_HTTP = u"unencrypted_data_endpoint_http"
|
TEST_DATA_ENDPOINT_HTTP = "unencrypted_data_endpoint_http"
|
||||||
TEST_MACHINE_EXPLOITED = u"machine_exploited"
|
TEST_MACHINE_EXPLOITED = "machine_exploited"
|
||||||
TEST_ENDPOINT_SECURITY_EXISTS = u"endpoint_security_exists"
|
TEST_ENDPOINT_SECURITY_EXISTS = "endpoint_security_exists"
|
||||||
TEST_SCHEDULED_EXECUTION = u"scheduled_execution"
|
TEST_SCHEDULED_EXECUTION = "scheduled_execution"
|
||||||
TEST_MALICIOUS_ACTIVITY_TIMELINE = u"malicious_activity_timeline"
|
TEST_MALICIOUS_ACTIVITY_TIMELINE = "malicious_activity_timeline"
|
||||||
TEST_SEGMENTATION = u"segmentation"
|
TEST_SEGMENTATION = "segmentation"
|
||||||
TEST_TUNNELING = u"tunneling"
|
TEST_TUNNELING = "tunneling"
|
||||||
TEST_COMMUNICATE_AS_NEW_USER = u"communicate_as_new_user"
|
TEST_COMMUNICATE_AS_NEW_USER = "communicate_as_new_user"
|
||||||
TESTS = (
|
TESTS = (
|
||||||
TEST_SEGMENTATION,
|
TEST_SEGMENTATION,
|
||||||
TEST_MALICIOUS_ACTIVITY_TIMELINE,
|
TEST_MALICIOUS_ACTIVITY_TIMELINE,
|
||||||
|
@ -43,32 +43,32 @@ TESTS = (
|
||||||
TEST_COMMUNICATE_AS_NEW_USER
|
TEST_COMMUNICATE_AS_NEW_USER
|
||||||
)
|
)
|
||||||
|
|
||||||
PRINCIPLE_DATA_TRANSIT = u"data_transit"
|
PRINCIPLE_DATA_TRANSIT = "data_transit"
|
||||||
PRINCIPLE_ENDPOINT_SECURITY = u"endpoint_security"
|
PRINCIPLE_ENDPOINT_SECURITY = "endpoint_security"
|
||||||
PRINCIPLE_USER_BEHAVIOUR = u"user_behaviour"
|
PRINCIPLE_USER_BEHAVIOUR = "user_behaviour"
|
||||||
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic"
|
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = "analyze_network_traffic"
|
||||||
PRINCIPLE_SEGMENTATION = u"segmentation"
|
PRINCIPLE_SEGMENTATION = "segmentation"
|
||||||
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = u"network_policies"
|
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = "network_policies"
|
||||||
PRINCIPLE_USERS_MAC_POLICIES = u"users_mac_policies"
|
PRINCIPLE_USERS_MAC_POLICIES = "users_mac_policies"
|
||||||
PRINCIPLES = {
|
PRINCIPLES = {
|
||||||
PRINCIPLE_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.",
|
PRINCIPLE_SEGMENTATION: "Apply segmentation and micro-segmentation inside your network.",
|
||||||
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.",
|
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: "Analyze network traffic for malicious activity.",
|
||||||
PRINCIPLE_USER_BEHAVIOUR: u"Adopt security user behavior analytics.",
|
PRINCIPLE_USER_BEHAVIOUR: "Adopt security user behavior analytics.",
|
||||||
PRINCIPLE_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.",
|
PRINCIPLE_ENDPOINT_SECURITY: "Use anti-virus and other traditional endpoint security solutions.",
|
||||||
PRINCIPLE_DATA_TRANSIT: u"Secure data at transit by encrypting it.",
|
PRINCIPLE_DATA_TRANSIT: "Secure data at transit by encrypting it.",
|
||||||
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: u"Configure network policies to be as restrictive as possible.",
|
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.",
|
||||||
PRINCIPLE_USERS_MAC_POLICIES: u"Users' permissions to the network and to resources should be MAC (Mandetory "
|
PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandetory "
|
||||||
u"Access Control) only.",
|
"Access Control) only.",
|
||||||
}
|
}
|
||||||
|
|
||||||
POSSIBLE_STATUSES_KEY = u"possible_statuses"
|
POSSIBLE_STATUSES_KEY = "possible_statuses"
|
||||||
PILLARS_KEY = u"pillars"
|
PILLARS_KEY = "pillars"
|
||||||
PRINCIPLE_KEY = u"principle_key"
|
PRINCIPLE_KEY = "principle_key"
|
||||||
FINDING_EXPLANATION_BY_STATUS_KEY = u"finding_explanation"
|
FINDING_EXPLANATION_BY_STATUS_KEY = "finding_explanation"
|
||||||
TEST_EXPLANATION_KEY = u"explanation"
|
TEST_EXPLANATION_KEY = "explanation"
|
||||||
TESTS_MAP = {
|
TESTS_MAP = {
|
||||||
TEST_SEGMENTATION: {
|
TEST_SEGMENTATION: {
|
||||||
TEST_EXPLANATION_KEY: u"The Monkey tried to scan and find machines that it can communicate with from the machine it's running on, that belong to different network segments.",
|
TEST_EXPLANATION_KEY: "The Monkey tried to scan and find machines that it can communicate with from the machine it's running on, that belong to different network segments.",
|
||||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
STATUS_FAILED: "Monkey performed cross-segment communication. Check firewall rules and logs.",
|
STATUS_FAILED: "Monkey performed cross-segment communication. Check firewall rules and logs.",
|
||||||
STATUS_PASSED: "Monkey couldn't perform cross-segment communication. If relevant, check firewall logs."
|
STATUS_PASSED: "Monkey couldn't perform cross-segment communication. If relevant, check firewall logs."
|
||||||
|
@ -78,7 +78,7 @@ TESTS_MAP = {
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_PASSED, STATUS_FAILED]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_PASSED, STATUS_FAILED]
|
||||||
},
|
},
|
||||||
TEST_MALICIOUS_ACTIVITY_TIMELINE: {
|
TEST_MALICIOUS_ACTIVITY_TIMELINE: {
|
||||||
TEST_EXPLANATION_KEY: u"The Monkeys in the network performed malicious-looking actions, like scanning and attempting exploitation.",
|
TEST_EXPLANATION_KEY: "The Monkeys in the network performed malicious-looking actions, like scanning and attempting exploitation.",
|
||||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
STATUS_VERIFY: "Monkey performed malicious actions in the network. Check SOC logs and alerts."
|
STATUS_VERIFY: "Monkey performed malicious actions in the network. Check SOC logs and alerts."
|
||||||
},
|
},
|
||||||
|
@ -87,7 +87,7 @@ TESTS_MAP = {
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_VERIFY]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_VERIFY]
|
||||||
},
|
},
|
||||||
TEST_ENDPOINT_SECURITY_EXISTS: {
|
TEST_ENDPOINT_SECURITY_EXISTS: {
|
||||||
TEST_EXPLANATION_KEY: u"The Monkey checked if there is an active process of an endpoint security software.",
|
TEST_EXPLANATION_KEY: "The Monkey checked if there is an active process of an endpoint security software.",
|
||||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
STATUS_FAILED: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus software on endpoints.",
|
STATUS_FAILED: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus software on endpoints.",
|
||||||
STATUS_PASSED: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a security concern."
|
STATUS_PASSED: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a security concern."
|
||||||
|
@ -97,7 +97,7 @@ TESTS_MAP = {
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
},
|
},
|
||||||
TEST_MACHINE_EXPLOITED: {
|
TEST_MACHINE_EXPLOITED: {
|
||||||
TEST_EXPLANATION_KEY: u"The Monkey tries to exploit machines in order to breach them and propagate in the network.",
|
TEST_EXPLANATION_KEY: "The Monkey tries to exploit machines in order to breach them and propagate in the network.",
|
||||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
STATUS_FAILED: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see which endpoints were compromised.",
|
STATUS_FAILED: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see which endpoints were compromised.",
|
||||||
STATUS_PASSED: "Monkey didn't manage to exploit an endpoint."
|
STATUS_PASSED: "Monkey didn't manage to exploit an endpoint."
|
||||||
|
@ -117,7 +117,7 @@ TESTS_MAP = {
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_VERIFY]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_VERIFY]
|
||||||
},
|
},
|
||||||
TEST_DATA_ENDPOINT_ELASTIC: {
|
TEST_DATA_ENDPOINT_ELASTIC: {
|
||||||
TEST_EXPLANATION_KEY: u"The Monkey scanned for unencrypted access to ElasticSearch instances.",
|
TEST_EXPLANATION_KEY: "The Monkey scanned for unencrypted access to ElasticSearch instances.",
|
||||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
STATUS_FAILED: "Monkey accessed ElasticSearch instances. Limit access to data by encrypting it in in-transit.",
|
STATUS_FAILED: "Monkey accessed ElasticSearch instances. Limit access to data by encrypting it in in-transit.",
|
||||||
STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts that indicate attempts to access them."
|
STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts that indicate attempts to access them."
|
||||||
|
@ -127,7 +127,7 @@ TESTS_MAP = {
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
},
|
},
|
||||||
TEST_DATA_ENDPOINT_HTTP: {
|
TEST_DATA_ENDPOINT_HTTP: {
|
||||||
TEST_EXPLANATION_KEY: u"The Monkey scanned for unencrypted access to HTTP servers.",
|
TEST_EXPLANATION_KEY: "The Monkey scanned for unencrypted access to HTTP servers.",
|
||||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
STATUS_FAILED: "Monkey accessed HTTP servers. Limit access to data by encrypting it in in-transit.",
|
STATUS_FAILED: "Monkey accessed HTTP servers. Limit access to data by encrypting it in in-transit.",
|
||||||
STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate attempts to access them."
|
STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate attempts to access them."
|
||||||
|
@ -137,7 +137,7 @@ TESTS_MAP = {
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||||
},
|
},
|
||||||
TEST_TUNNELING: {
|
TEST_TUNNELING: {
|
||||||
TEST_EXPLANATION_KEY: u"The Monkey tried to tunnel traffic using other monkeys.",
|
TEST_EXPLANATION_KEY: "The Monkey tried to tunnel traffic using other monkeys.",
|
||||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
STATUS_FAILED: "Monkey tunneled its traffic using other monkeys. Your network policies are too permissive - restrict them."
|
STATUS_FAILED: "Monkey tunneled its traffic using other monkeys. Your network policies are too permissive - restrict them."
|
||||||
},
|
},
|
||||||
|
@ -146,7 +146,7 @@ TESTS_MAP = {
|
||||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED]
|
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED]
|
||||||
},
|
},
|
||||||
TEST_COMMUNICATE_AS_NEW_USER: {
|
TEST_COMMUNICATE_AS_NEW_USER: {
|
||||||
TEST_EXPLANATION_KEY: u"The Monkey tried to create a new user and communicate with the internet from it.",
|
TEST_EXPLANATION_KEY: "The Monkey tried to create a new user and communicate with the internet from it.",
|
||||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||||
STATUS_FAILED: "Monkey caused a new user to access the network. Your network policies are too permissive - restrict them to MAC only.",
|
STATUS_FAILED: "Monkey caused a new user to access the network. Your network policies are too permissive - restrict them to MAC only.",
|
||||||
STATUS_PASSED: "Monkey wasn't able to cause a new user to access the network."
|
STATUS_PASSED: "Monkey wasn't able to cause a new user to access the network."
|
||||||
|
@ -184,7 +184,7 @@ def populate_mappings():
|
||||||
|
|
||||||
def populate_pillars_to_tests():
|
def populate_pillars_to_tests():
|
||||||
for pillar in PILLARS:
|
for pillar in PILLARS:
|
||||||
for test, test_info in TESTS_MAP.items():
|
for test, test_info in list(TESTS_MAP.items()):
|
||||||
if pillar in test_info[PILLARS_KEY]:
|
if pillar in test_info[PILLARS_KEY]:
|
||||||
PILLARS_TO_TESTS[pillar].append(test)
|
PILLARS_TO_TESTS[pillar].append(test)
|
||||||
|
|
||||||
|
@ -192,12 +192,12 @@ def populate_pillars_to_tests():
|
||||||
def populate_principles_to_tests():
|
def populate_principles_to_tests():
|
||||||
for single_principle in PRINCIPLES:
|
for single_principle in PRINCIPLES:
|
||||||
PRINCIPLES_TO_TESTS[single_principle] = []
|
PRINCIPLES_TO_TESTS[single_principle] = []
|
||||||
for test, test_info in TESTS_MAP.items():
|
for test, test_info in list(TESTS_MAP.items()):
|
||||||
PRINCIPLES_TO_TESTS[test_info[PRINCIPLE_KEY]].append(test)
|
PRINCIPLES_TO_TESTS[test_info[PRINCIPLE_KEY]].append(test)
|
||||||
|
|
||||||
|
|
||||||
def populate_principles_to_pillars():
|
def populate_principles_to_pillars():
|
||||||
for principle, principle_tests in PRINCIPLES_TO_TESTS.items():
|
for principle, principle_tests in list(PRINCIPLES_TO_TESTS.items()):
|
||||||
principles_pillars = set()
|
principles_pillars = set()
|
||||||
for test in principle_tests:
|
for test in principle_tests:
|
||||||
for pillar in TESTS_MAP[test][PILLARS_KEY]:
|
for pillar in TESTS_MAP[test][PILLARS_KEY]:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
from infection_monkey.main import main
|
from .infection_monkey.main import main
|
||||||
|
|
||||||
if "__main__" == __name__:
|
if "__main__" == __name__:
|
||||||
main()
|
main()
|
||||||
|
|
|
@ -73,7 +73,7 @@ class MSSQLExploiter(HostExploiter):
|
||||||
|
|
||||||
self.remove_temp_dir()
|
self.remove_temp_dir()
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
raise ExploitingVulnerableMachineError, e.args, sys.exc_info()[2]
|
raise ExploitingVulnerableMachineError(e.args).with_traceback(sys.exc_info()[2])
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
|
@ -179,7 +179,7 @@ class ShellShockExploiter(HostExploiter):
|
||||||
LOG.debug("Attack Flag is: %s" % self.success_flag)
|
LOG.debug("Attack Flag is: %s" % self.success_flag)
|
||||||
|
|
||||||
LOG.debug("Trying exploit for %s" % url)
|
LOG.debug("Trying exploit for %s" % url)
|
||||||
for header, exploit in attacks.items():
|
for header, exploit in list(attacks.items()):
|
||||||
attack = exploit + ' echo ' + self.success_flag + "; " + TEST_COMMAND
|
attack = exploit + ' echo ' + self.success_flag + "; " + TEST_COMMAND
|
||||||
result = self.attack_page(url, header, attack)
|
result = self.attack_page(url, header, attack)
|
||||||
if self.success_flag in result:
|
if self.success_flag in result:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
import StringIO
|
import io
|
||||||
import logging
|
import logging
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ class SSHExploiter(HostExploiter):
|
||||||
|
|
||||||
for user, ssh_key_pair in user_ssh_key_pairs:
|
for user, ssh_key_pair in user_ssh_key_pairs:
|
||||||
# Creating file-like private key for paramiko
|
# Creating file-like private key for paramiko
|
||||||
pkey = StringIO.StringIO(ssh_key_pair['private_key'])
|
pkey = io.StringIO(ssh_key_pair['private_key'])
|
||||||
ssh_string = "%s@%s" % (ssh_key_pair['user'], ssh_key_pair['ip'])
|
ssh_string = "%s@%s" % (ssh_key_pair['user'], ssh_key_pair['ip'])
|
||||||
try:
|
try:
|
||||||
pkey = paramiko.RSAKey.from_private_key(pkey)
|
pkey = paramiko.RSAKey.from_private_key(pkey)
|
||||||
|
@ -104,7 +104,7 @@ class SSHExploiter(HostExploiter):
|
||||||
|
|
||||||
port = SSH_PORT
|
port = SSH_PORT
|
||||||
# if ssh banner found on different port, use that port.
|
# if ssh banner found on different port, use that port.
|
||||||
for servkey, servdata in self.host.services.items():
|
for servkey, servdata in list(self.host.services.items()):
|
||||||
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
|
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
|
||||||
port = int(servkey.replace('tcp-', ''))
|
port = int(servkey.replace('tcp-', ''))
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
import urllib
|
import urllib.request, urllib.parse, urllib.error
|
||||||
from threading import Lock
|
from threading import Lock
|
||||||
|
|
||||||
from infection_monkey.network.firewall import app as firewall
|
from infection_monkey.network.firewall import app as firewall
|
||||||
|
@ -32,7 +32,7 @@ class HTTPTools(object):
|
||||||
httpd.daemon = True
|
httpd.daemon = True
|
||||||
httpd.start()
|
httpd.start()
|
||||||
|
|
||||||
return "http://%s:%s/%s" % (local_ip, local_port, urllib.quote(os.path.basename(src_path))), httpd
|
return "http://%s:%s/%s" % (local_ip, local_port, urllib.parse.quote(os.path.basename(src_path))), httpd
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def try_create_locked_transfer(host, src_path, local_ip=None, local_port=None):
|
def try_create_locked_transfer(host, src_path, local_ip=None, local_port=None):
|
||||||
|
@ -68,7 +68,7 @@ class HTTPTools(object):
|
||||||
httpd = LockedHTTPServer(local_ip, local_port, src_path, lock)
|
httpd = LockedHTTPServer(local_ip, local_port, src_path, lock)
|
||||||
httpd.start()
|
httpd.start()
|
||||||
lock.acquire()
|
lock.acquire()
|
||||||
return "http://%s:%s/%s" % (local_ip, local_port, urllib.quote(os.path.basename(src_path))), httpd
|
return "http://%s:%s/%s" % (local_ip, local_port, urllib.parse.quote(os.path.basename(src_path))), httpd
|
||||||
|
|
||||||
|
|
||||||
class MonkeyHTTPServer(HTTPTools):
|
class MonkeyHTTPServer(HTTPTools):
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
from unittest import TestCase
|
from unittest import TestCase
|
||||||
from payload_parsing import Payload, LimitedSizePayload
|
from .payload_parsing import Payload, LimitedSizePayload
|
||||||
|
|
||||||
|
|
||||||
class TestPayload(TestCase):
|
class TestPayload(TestCase):
|
||||||
|
|
|
@ -86,9 +86,9 @@ class WmiTools(object):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def dcom_cleanup():
|
def dcom_cleanup():
|
||||||
for port_map in DCOMConnection.PORTMAPS.keys():
|
for port_map in list(DCOMConnection.PORTMAPS.keys()):
|
||||||
del DCOMConnection.PORTMAPS[port_map]
|
del DCOMConnection.PORTMAPS[port_map]
|
||||||
for oid_set in DCOMConnection.OID_SET.keys():
|
for oid_set in list(DCOMConnection.OID_SET.keys()):
|
||||||
del DCOMConnection.OID_SET[port_map]
|
del DCOMConnection.OID_SET[port_map]
|
||||||
|
|
||||||
DCOMConnection.OID_SET = {}
|
DCOMConnection.OID_SET = {}
|
||||||
|
@ -132,7 +132,7 @@ class WmiTools(object):
|
||||||
record = next_item.getProperties()
|
record = next_item.getProperties()
|
||||||
|
|
||||||
if not fields:
|
if not fields:
|
||||||
fields = record.keys()
|
fields = list(record.keys())
|
||||||
|
|
||||||
query_record = {}
|
query_record = {}
|
||||||
for key in fields:
|
for key in fields:
|
||||||
|
|
|
@ -11,7 +11,7 @@ from infection_monkey.exploit.web_rce import WebRCE
|
||||||
from infection_monkey.exploit import HostExploiter
|
from infection_monkey.exploit import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||||
from infection_monkey.network.info import get_free_tcp_port
|
from infection_monkey.network.info import get_free_tcp_port
|
||||||
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
|
from http.server import BaseHTTPRequestHandler, HTTPServer
|
||||||
|
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
|
|
@ -58,17 +58,17 @@ def main():
|
||||||
config_file = opts.config
|
config_file = opts.config
|
||||||
if os.path.isfile(config_file):
|
if os.path.isfile(config_file):
|
||||||
# using print because config can also change log locations
|
# using print because config can also change log locations
|
||||||
print("Loading config from %s." % config_file)
|
print(("Loading config from %s." % config_file))
|
||||||
try:
|
try:
|
||||||
with open(config_file) as config_fo:
|
with open(config_file) as config_fo:
|
||||||
json_dict = json.load(config_fo)
|
json_dict = json.load(config_fo)
|
||||||
WormConfiguration.from_kv(json_dict)
|
WormConfiguration.from_kv(json_dict)
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
print("Error loading config: %s, using default" % (e,))
|
print(("Error loading config: %s, using default" % (e,)))
|
||||||
else:
|
else:
|
||||||
print("Config file wasn't supplied and default path: %s wasn't found, using internal default" % (config_file,))
|
print(("Config file wasn't supplied and default path: %s wasn't found, using internal default" % (config_file,)))
|
||||||
|
|
||||||
print("Loaded Configuration: %r" % WormConfiguration.hide_sensitive_info(WormConfiguration.as_dict()))
|
print(("Loaded Configuration: %r" % WormConfiguration.hide_sensitive_info(WormConfiguration.as_dict())))
|
||||||
|
|
||||||
# Make sure we're not in a machine that has the kill file
|
# Make sure we're not in a machine that has the kill file
|
||||||
kill_path = os.path.expandvars(
|
kill_path = os.path.expandvars(
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
import BaseHTTPServer
|
import http.server
|
||||||
import os.path
|
import os.path
|
||||||
import select
|
import select
|
||||||
import socket
|
import socket
|
||||||
import threading
|
import threading
|
||||||
import urllib
|
import urllib.request, urllib.parse, urllib.error
|
||||||
from logging import getLogger
|
from logging import getLogger
|
||||||
from urlparse import urlsplit
|
from urllib.parse import urlsplit
|
||||||
|
|
||||||
import infection_monkey.monkeyfs as monkeyfs
|
import infection_monkey.monkeyfs as monkeyfs
|
||||||
from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
|
from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
|
||||||
|
@ -16,7 +16,7 @@ __author__ = 'hoffer'
|
||||||
LOG = getLogger(__name__)
|
LOG = getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class FileServHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
class FileServHTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
||||||
protocol_version = "HTTP/1.1"
|
protocol_version = "HTTP/1.1"
|
||||||
filename = ""
|
filename = ""
|
||||||
|
|
||||||
|
@ -61,7 +61,7 @@ class FileServHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||||
f.close()
|
f.close()
|
||||||
|
|
||||||
def send_head(self):
|
def send_head(self):
|
||||||
if self.path != '/' + urllib.quote(os.path.basename(self.filename)):
|
if self.path != '/' + urllib.parse.quote(os.path.basename(self.filename)):
|
||||||
self.send_error(500, "")
|
self.send_error(500, "")
|
||||||
return None, 0, 0
|
return None, 0, 0
|
||||||
f = None
|
f = None
|
||||||
|
@ -106,7 +106,7 @@ class FileServHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||||
format % args))
|
format % args))
|
||||||
|
|
||||||
|
|
||||||
class HTTPConnectProxyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler):
|
||||||
timeout = 30 # timeout with clients, set to None not to make persistent connection
|
timeout = 30 # timeout with clients, set to None not to make persistent connection
|
||||||
proxy_via = None # pseudonym of the proxy in Via header, set to None not to modify original Via header
|
proxy_via = None # pseudonym of the proxy in Via header, set to None not to modify original Via header
|
||||||
protocol_version = "HTTP/1.1"
|
protocol_version = "HTTP/1.1"
|
||||||
|
@ -182,7 +182,7 @@ class HTTPServer(threading.Thread):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
|
httpd = http.server.HTTPServer((self._local_ip, self._local_port), TempHandler)
|
||||||
httpd.timeout = 0.5 # this is irrelevant?
|
httpd.timeout = 0.5 # this is irrelevant?
|
||||||
|
|
||||||
while not self._stopped and self.downloads < self.max_downloads:
|
while not self._stopped and self.downloads < self.max_downloads:
|
||||||
|
@ -235,7 +235,7 @@ class LockedHTTPServer(threading.Thread):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
|
httpd = http.server.HTTPServer((self._local_ip, self._local_port), TempHandler)
|
||||||
self.lock.release()
|
self.lock.release()
|
||||||
while not self._stopped and self.downloads < self.max_downloads:
|
while not self._stopped and self.downloads < self.max_downloads:
|
||||||
httpd.handle_request()
|
httpd.handle_request()
|
||||||
|
@ -249,7 +249,7 @@ class LockedHTTPServer(threading.Thread):
|
||||||
|
|
||||||
class HTTPConnectProxy(TransportProxyBase):
|
class HTTPConnectProxy(TransportProxyBase):
|
||||||
def run(self):
|
def run(self):
|
||||||
httpd = BaseHTTPServer.HTTPServer((self.local_host, self.local_port), HTTPConnectProxyHandler)
|
httpd = http.server.HTTPServer((self.local_host, self.local_port), HTTPConnectProxyHandler)
|
||||||
httpd.timeout = 30
|
httpd.timeout = 30
|
||||||
while not self._stopped:
|
while not self._stopped:
|
||||||
httpd.handle_request()
|
httpd.handle_request()
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
from monkey_island.cc.main import main
|
from .monkey_island.cc.main import main
|
||||||
|
|
||||||
if "__main__" == __name__:
|
if "__main__" == __name__:
|
||||||
main()
|
main()
|
||||||
|
|
|
@ -12,9 +12,9 @@ else:
|
||||||
connect(db=env.mongo_db_name, host=env.mongo_db_host, port=env.mongo_db_port)
|
connect(db=env.mongo_db_name, host=env.mongo_db_host, port=env.mongo_db_port)
|
||||||
|
|
||||||
# Order of importing matters here, for registering the embedded and referenced documents before using them.
|
# Order of importing matters here, for registering the embedded and referenced documents before using them.
|
||||||
from config import Config
|
from .config import Config
|
||||||
from creds import Creds
|
from .creds import Creds
|
||||||
from monkey_ttl import MonkeyTtl
|
from .monkey_ttl import MonkeyTtl
|
||||||
from pba_results import PbaResults
|
from .pba_results import PbaResults
|
||||||
from command_control_channel import CommandControlChannel
|
from .command_control_channel import CommandControlChannel
|
||||||
from monkey import Monkey
|
from .monkey import Monkey
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
import uuid
|
import uuid
|
||||||
from time import sleep
|
from time import sleep
|
||||||
|
|
||||||
from monkey import Monkey
|
from .monkey import Monkey
|
||||||
from monkey_island.cc.models.monkey import MonkeyNotFoundError
|
from monkey_island.cc.models.monkey import MonkeyNotFoundError
|
||||||
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
||||||
from monkey_ttl import MonkeyTtl
|
from .monkey_ttl import MonkeyTtl
|
||||||
|
|
||||||
|
|
||||||
class TestMonkey(IslandTestCase):
|
class TestMonkey(IslandTestCase):
|
||||||
|
@ -87,9 +87,9 @@ class TestMonkey(IslandTestCase):
|
||||||
windows_monkey.save()
|
windows_monkey.save()
|
||||||
unknown_monkey.save()
|
unknown_monkey.save()
|
||||||
|
|
||||||
self.assertEquals(1, len(filter(lambda m: m.get_os() == "windows", Monkey.objects())))
|
self.assertEqual(1, len([m for m in Monkey.objects() if m.get_os() == "windows"]))
|
||||||
self.assertEquals(1, len(filter(lambda m: m.get_os() == "linux", Monkey.objects())))
|
self.assertEqual(1, len([m for m in Monkey.objects() if m.get_os() == "linux"]))
|
||||||
self.assertEquals(1, len(filter(lambda m: m.get_os() == "unknown", Monkey.objects())))
|
self.assertEqual(1, len([m for m in Monkey.objects() if m.get_os() == "unknown"]))
|
||||||
|
|
||||||
def test_get_tunneled_monkeys(self):
|
def test_get_tunneled_monkeys(self):
|
||||||
self.fail_if_not_testing_env()
|
self.fail_if_not_testing_env()
|
||||||
|
|
|
@ -13,17 +13,17 @@ class TestAggregateFinding(IslandTestCase):
|
||||||
test = TEST_MALICIOUS_ACTIVITY_TIMELINE
|
test = TEST_MALICIOUS_ACTIVITY_TIMELINE
|
||||||
status = STATUS_VERIFY
|
status = STATUS_VERIFY
|
||||||
events = [Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK)]
|
events = [Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK)]
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)), 0)
|
self.assertEqual(len(Finding.objects(test=test, status=status)), 0)
|
||||||
|
|
||||||
AggregateFinding.create_or_add_to_existing(test, status, events)
|
AggregateFinding.create_or_add_to_existing(test, status, events)
|
||||||
|
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)), 1)
|
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)[0].events), 1)
|
self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 1)
|
||||||
|
|
||||||
AggregateFinding.create_or_add_to_existing(test, status, events)
|
AggregateFinding.create_or_add_to_existing(test, status, events)
|
||||||
|
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)), 1)
|
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)[0].events), 2)
|
self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 2)
|
||||||
|
|
||||||
def test_create_or_add_to_existing_2_tests_already_exist(self):
|
def test_create_or_add_to_existing_2_tests_already_exist(self):
|
||||||
self.fail_if_not_testing_env()
|
self.fail_if_not_testing_env()
|
||||||
|
@ -33,21 +33,21 @@ class TestAggregateFinding(IslandTestCase):
|
||||||
status = STATUS_VERIFY
|
status = STATUS_VERIFY
|
||||||
event = Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK)
|
event = Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK)
|
||||||
events = [event]
|
events = [event]
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)), 0)
|
self.assertEqual(len(Finding.objects(test=test, status=status)), 0)
|
||||||
|
|
||||||
Finding.save_finding(test, status, events)
|
Finding.save_finding(test, status, events)
|
||||||
|
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)), 1)
|
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)[0].events), 1)
|
self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 1)
|
||||||
|
|
||||||
AggregateFinding.create_or_add_to_existing(test, status, events)
|
AggregateFinding.create_or_add_to_existing(test, status, events)
|
||||||
|
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)), 1)
|
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)[0].events), 2)
|
self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 2)
|
||||||
|
|
||||||
Finding.save_finding(test, status, events)
|
Finding.save_finding(test, status, events)
|
||||||
|
|
||||||
self.assertEquals(len(Finding.objects(test=test, status=status)), 2)
|
self.assertEqual(len(Finding.objects(test=test, status=status)), 2)
|
||||||
|
|
||||||
with self.assertRaises(AssertionError):
|
with self.assertRaises(AssertionError):
|
||||||
AggregateFinding.create_or_add_to_existing(test, status, events)
|
AggregateFinding.create_or_add_to_existing(test, status, events)
|
||||||
|
|
|
@ -28,11 +28,11 @@ class TestFinding(IslandTestCase):
|
||||||
self.fail_if_not_testing_env()
|
self.fail_if_not_testing_env()
|
||||||
self.clean_finding_db()
|
self.clean_finding_db()
|
||||||
|
|
||||||
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 0)
|
self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 0)
|
||||||
|
|
||||||
event_example = Event.create_event(
|
event_example = Event.create_event(
|
||||||
title="Event Title", message="event message", event_type=EVENT_TYPE_MONKEY_NETWORK)
|
title="Event Title", message="event message", event_type=EVENT_TYPE_MONKEY_NETWORK)
|
||||||
Finding.save_finding(test=TEST_SEGMENTATION, status=STATUS_FAILED, events=[event_example])
|
Finding.save_finding(test=TEST_SEGMENTATION, status=STATUS_FAILED, events=[event_example])
|
||||||
|
|
||||||
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 1)
|
self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 1)
|
||||||
self.assertEquals(len(Finding.objects(status=STATUS_FAILED)), 1)
|
self.assertEqual(len(Finding.objects(status=STATUS_FAILED)), 1)
|
||||||
|
|
|
@ -20,8 +20,8 @@ class TestSegmentationFinding(IslandTestCase):
|
||||||
segmentation_event=event
|
segmentation_event=event
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEquals(len(SegmentationFinding.objects()), 1)
|
self.assertEqual(len(SegmentationFinding.objects()), 1)
|
||||||
self.assertEquals(len(SegmentationFinding.objects()[0].events), 1)
|
self.assertEqual(len(SegmentationFinding.objects()[0].events), 1)
|
||||||
|
|
||||||
SegmentationFinding.create_or_add_to_existing_finding(
|
SegmentationFinding.create_or_add_to_existing_finding(
|
||||||
# !!! REVERSE ORDER
|
# !!! REVERSE ORDER
|
||||||
|
@ -30,8 +30,8 @@ class TestSegmentationFinding(IslandTestCase):
|
||||||
segmentation_event=event
|
segmentation_event=event
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEquals(len(SegmentationFinding.objects()), 1)
|
self.assertEqual(len(SegmentationFinding.objects()), 1)
|
||||||
self.assertEquals(len(SegmentationFinding.objects()[0].events), 2)
|
self.assertEqual(len(SegmentationFinding.objects()[0].events), 2)
|
||||||
|
|
||||||
SegmentationFinding.create_or_add_to_existing_finding(
|
SegmentationFinding.create_or_add_to_existing_finding(
|
||||||
# !!! REVERSE ORDER
|
# !!! REVERSE ORDER
|
||||||
|
@ -40,7 +40,7 @@ class TestSegmentationFinding(IslandTestCase):
|
||||||
segmentation_event=event
|
segmentation_event=event
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEquals(len(SegmentationFinding.objects()), 2)
|
self.assertEqual(len(SegmentationFinding.objects()), 2)
|
||||||
|
|
||||||
SegmentationFinding.create_or_add_to_existing_finding(
|
SegmentationFinding.create_or_add_to_existing_finding(
|
||||||
# !!! REVERSE ORDER
|
# !!! REVERSE ORDER
|
||||||
|
@ -49,4 +49,4 @@ class TestSegmentationFinding(IslandTestCase):
|
||||||
segmentation_event=event
|
segmentation_event=event
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEquals(len(SegmentationFinding.objects()), 3)
|
self.assertEqual(len(SegmentationFinding.objects()), 3)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
import httplib
|
import http.client
|
||||||
|
|
||||||
|
|
||||||
import flask_restful
|
import flask_restful
|
||||||
|
@ -38,4 +38,4 @@ class Report(flask_restful.Resource):
|
||||||
elif report_data == REPORT_DATA_FINDINGS:
|
elif report_data == REPORT_DATA_FINDINGS:
|
||||||
return jsonify(ZeroTrustService.get_all_findings())
|
return jsonify(ZeroTrustService.get_all_findings())
|
||||||
|
|
||||||
flask_restful.abort(httplib.NOT_FOUND)
|
flask_restful.abort(http.client.NOT_FOUND)
|
||||||
|
|
|
@ -12,7 +12,7 @@ def parse_creds(attempt):
|
||||||
'ntlm_hash': {'type': 'NTLM hash', 'output': censor_hash(attempt['ntlm_hash'], 20)},
|
'ntlm_hash': {'type': 'NTLM hash', 'output': censor_hash(attempt['ntlm_hash'], 20)},
|
||||||
'ssh_key': {'type': 'SSH key', 'output': attempt['ssh_key']},
|
'ssh_key': {'type': 'SSH key', 'output': attempt['ssh_key']},
|
||||||
'password': {'type': 'Plaintext password', 'output': censor_password(attempt['password'])}}
|
'password': {'type': 'Plaintext password', 'output': censor_password(attempt['password'])}}
|
||||||
for key, cred in creds.items():
|
for key, cred in list(creds.items()):
|
||||||
if attempt[key]:
|
if attempt[key]:
|
||||||
return '%s ; %s : %s' % (username,
|
return '%s ; %s : %s' % (username,
|
||||||
cred['type'],
|
cred['type'],
|
||||||
|
|
|
@ -5,9 +5,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique,
|
||||||
from common.utils.attack_utils import UsageEnum
|
from common.utils.attack_utils import UsageEnum
|
||||||
|
|
||||||
|
|
||||||
class UsageTechnique(AttackTechnique):
|
class UsageTechnique(AttackTechnique, metaclass=abc.ABCMeta):
|
||||||
__metaclass__ = abc.ABCMeta
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def parse_usages(usage):
|
def parse_usages(usage):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -203,11 +203,11 @@ class ConfigService:
|
||||||
# Do it only for root.
|
# Do it only for root.
|
||||||
if instance != {}:
|
if instance != {}:
|
||||||
return
|
return
|
||||||
for property, subschema in properties.items():
|
for property, subschema in list(properties.items()):
|
||||||
main_dict = {}
|
main_dict = {}
|
||||||
for property2, subschema2 in subschema["properties"].items():
|
for property2, subschema2 in list(subschema["properties"].items()):
|
||||||
sub_dict = {}
|
sub_dict = {}
|
||||||
for property3, subschema3 in subschema2["properties"].items():
|
for property3, subschema3 in list(subschema2["properties"].items()):
|
||||||
if "default" in subschema3:
|
if "default" in subschema3:
|
||||||
sub_dict[property3] = subschema3["default"]
|
sub_dict[property3] = subschema3["default"]
|
||||||
main_dict[property2] = sub_dict
|
main_dict[property2] = sub_dict
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
WARNING_SIGN = " \u26A0"
|
WARNING_SIGN = " \\u26A0"
|
||||||
|
|
||||||
SCHEMA = {
|
SCHEMA = {
|
||||||
"title": "Monkey",
|
"title": "Monkey",
|
||||||
|
|
|
@ -151,7 +151,7 @@ class EdgeService:
|
||||||
else:
|
else:
|
||||||
to_label = NodeService.get_monkey_label(to_id)
|
to_label = NodeService.get_monkey_label(to_id)
|
||||||
|
|
||||||
RIGHT_ARROW = "\u2192"
|
RIGHT_ARROW = "\\u2192"
|
||||||
return "%s %s %s" % (from_label, RIGHT_ARROW, to_label)
|
return "%s %s %s" % (from_label, RIGHT_ARROW, to_label)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -96,7 +96,7 @@ class TestZeroTrustService(IslandTestCase):
|
||||||
|
|
||||||
result = ZeroTrustService.get_pillars_grades()
|
result = ZeroTrustService.get_pillars_grades()
|
||||||
|
|
||||||
self.assertEquals(result, expected)
|
self.assertEqual(result, expected)
|
||||||
|
|
||||||
def test_get_principles_status(self):
|
def test_get_principles_status(self):
|
||||||
self.fail_if_not_testing_env()
|
self.fail_if_not_testing_env()
|
||||||
|
@ -250,7 +250,7 @@ class TestZeroTrustService(IslandTestCase):
|
||||||
}
|
}
|
||||||
|
|
||||||
result = ZeroTrustService.get_principles_status()
|
result = ZeroTrustService.get_principles_status()
|
||||||
self.assertEquals(result, expected)
|
self.assertEqual(result, expected)
|
||||||
|
|
||||||
def test_get_pillars_to_statuses(self):
|
def test_get_pillars_to_statuses(self):
|
||||||
self.fail_if_not_testing_env()
|
self.fail_if_not_testing_env()
|
||||||
|
@ -268,7 +268,7 @@ class TestZeroTrustService(IslandTestCase):
|
||||||
DATA: STATUS_UNEXECUTED
|
DATA: STATUS_UNEXECUTED
|
||||||
}
|
}
|
||||||
|
|
||||||
self.assertEquals(ZeroTrustService.get_pillars_to_statuses(), expected)
|
self.assertEqual(ZeroTrustService.get_pillars_to_statuses(), expected)
|
||||||
|
|
||||||
save_example_findings()
|
save_example_findings()
|
||||||
|
|
||||||
|
@ -282,4 +282,4 @@ class TestZeroTrustService(IslandTestCase):
|
||||||
DATA: STATUS_FAILED
|
DATA: STATUS_FAILED
|
||||||
}
|
}
|
||||||
|
|
||||||
self.assertEquals(ZeroTrustService.get_pillars_to_statuses(), expected)
|
self.assertEqual(ZeroTrustService.get_pillars_to_statuses(), expected)
|
||||||
|
|
|
@ -34,7 +34,7 @@ class ZeroTrustService(object):
|
||||||
if pillar in test_info[PILLARS_KEY]:
|
if pillar in test_info[PILLARS_KEY]:
|
||||||
pillar_grade[finding.status] += 1
|
pillar_grade[finding.status] += 1
|
||||||
|
|
||||||
pillar_grade[STATUS_UNEXECUTED] = sum(1 for condition in test_unexecuted.values() if condition)
|
pillar_grade[STATUS_UNEXECUTED] = sum(1 for condition in list(test_unexecuted.values()) if condition)
|
||||||
|
|
||||||
return pillar_grade
|
return pillar_grade
|
||||||
|
|
||||||
|
@ -46,7 +46,7 @@ class ZeroTrustService(object):
|
||||||
for pillar in PILLARS:
|
for pillar in PILLARS:
|
||||||
all_principles_statuses[pillar] = []
|
all_principles_statuses[pillar] = []
|
||||||
|
|
||||||
for principle, principle_tests in PRINCIPLES_TO_TESTS.items():
|
for principle, principle_tests in list(PRINCIPLES_TO_TESTS.items()):
|
||||||
for pillar in PRINCIPLES_TO_PILLARS[principle]:
|
for pillar in PRINCIPLES_TO_PILLARS[principle]:
|
||||||
all_principles_statuses[pillar].append(
|
all_principles_statuses[pillar].append(
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# import all implemented hooks, for brevity of hooks.py file
|
# import all implemented hooks, for brevity of hooks.py file
|
||||||
from tunnel import process_tunnel_telemetry
|
from .tunnel import process_tunnel_telemetry
|
||||||
from state import process_state_telemetry
|
from .state import process_state_telemetry
|
||||||
from exploit import process_exploit_telemetry
|
from .exploit import process_exploit_telemetry
|
||||||
from scan import process_scan_telemetry
|
from .scan import process_scan_telemetry
|
||||||
from system_info import process_system_info_telemetry
|
from .system_info import process_system_info_telemetry
|
||||||
from post_breach import process_post_breach_telemetry
|
from .post_breach import process_post_breach_telemetry
|
||||||
|
|
|
@ -37,7 +37,7 @@ def test_antivirus_existence(telemetry_json):
|
||||||
|
|
||||||
|
|
||||||
def filter_av_processes(telemetry_json):
|
def filter_av_processes(telemetry_json):
|
||||||
all_processes = telemetry_json['data']['process_list'].items()
|
all_processes = list(telemetry_json['data']['process_list'].items())
|
||||||
av_processes = []
|
av_processes = []
|
||||||
for process in all_processes:
|
for process in all_processes:
|
||||||
process_name = process[1]['name']
|
process_name = process[1]['name']
|
||||||
|
|
|
@ -26,7 +26,7 @@ def test_open_data_endpoints(telemetry_json):
|
||||||
)
|
)
|
||||||
]
|
]
|
||||||
|
|
||||||
for service_name, service_data in services.items():
|
for service_name, service_data in list(services.items()):
|
||||||
events.append(Event.create_event(
|
events.append(Event.create_event(
|
||||||
title="Scan telemetry analysis",
|
title="Scan telemetry analysis",
|
||||||
message="Scanned service: {}.".format(service_name),
|
message="Scanned service: {}.".format(service_name),
|
||||||
|
|
|
@ -1,87 +1,87 @@
|
||||||
ANTI_VIRUS_KNOWN_PROCESS_NAMES = [
|
ANTI_VIRUS_KNOWN_PROCESS_NAMES = [
|
||||||
u"AvastSvc.exe",
|
"AvastSvc.exe",
|
||||||
u"AvastUI.exe",
|
"AvastUI.exe",
|
||||||
u"avcenter.exe",
|
"avcenter.exe",
|
||||||
u"avconfig.exe",
|
"avconfig.exe",
|
||||||
u"avgcsrvx.exe",
|
"avgcsrvx.exe",
|
||||||
u"avgidsagent.exe",
|
"avgidsagent.exe",
|
||||||
u"avgnt.exe",
|
"avgnt.exe",
|
||||||
u"avgrsx.exe",
|
"avgrsx.exe",
|
||||||
u"avguard.exe",
|
"avguard.exe",
|
||||||
u"avgui.exe",
|
"avgui.exe",
|
||||||
u"avgwdsvc.exe",
|
"avgwdsvc.exe",
|
||||||
u"avp.exe",
|
"avp.exe",
|
||||||
u"avscan.exe",
|
"avscan.exe",
|
||||||
u"bdagent.exe",
|
"bdagent.exe",
|
||||||
u"ccuac.exe",
|
"ccuac.exe",
|
||||||
u"egui.exe",
|
"egui.exe",
|
||||||
u"hijackthis.exe",
|
"hijackthis.exe",
|
||||||
u"instup.exe",
|
"instup.exe",
|
||||||
u"keyscrambler.exe",
|
"keyscrambler.exe",
|
||||||
u"mbam.exe",
|
"mbam.exe",
|
||||||
u"mbamgui.exe",
|
"mbamgui.exe",
|
||||||
u"mbampt.exe",
|
"mbampt.exe",
|
||||||
u"mbamscheduler.exe",
|
"mbamscheduler.exe",
|
||||||
u"mbamservice.exe",
|
"mbamservice.exe",
|
||||||
u"MpCmdRun.exe",
|
"MpCmdRun.exe",
|
||||||
u"MSASCui.exe",
|
"MSASCui.exe",
|
||||||
u"MsMpEng.exe",
|
"MsMpEng.exe",
|
||||||
u"rstrui.exe",
|
"rstrui.exe",
|
||||||
u"spybotsd.exe",
|
"spybotsd.exe",
|
||||||
u"zlclient.exe",
|
"zlclient.exe",
|
||||||
u"SymCorpUI.exe",
|
"SymCorpUI.exe",
|
||||||
u"ccSvcHst.exe",
|
"ccSvcHst.exe",
|
||||||
u"ccApp.exe",
|
"ccApp.exe",
|
||||||
u"LUALL.exe",
|
"LUALL.exe",
|
||||||
u"SMC.exe",
|
"SMC.exe",
|
||||||
u"SMCgui.exe",
|
"SMCgui.exe",
|
||||||
u"Rtvscan.exe",
|
"Rtvscan.exe",
|
||||||
u"LuComServer.exe",
|
"LuComServer.exe",
|
||||||
u"ProtectionUtilSurrogate.exe",
|
"ProtectionUtilSurrogate.exe",
|
||||||
u"ClientRemote.exe",
|
"ClientRemote.exe",
|
||||||
u"SemSvc.exe",
|
"SemSvc.exe",
|
||||||
u"SemLaunchSvc.exe",
|
"SemLaunchSvc.exe",
|
||||||
u"sesmcontinst.exe",
|
"sesmcontinst.exe",
|
||||||
u"LuCatalog.exe",
|
"LuCatalog.exe",
|
||||||
u"LUALL.exe",
|
"LUALL.exe",
|
||||||
u"LuCallbackProxy.exe",
|
"LuCallbackProxy.exe",
|
||||||
u"LuComServer_3_3.exe",
|
"LuComServer_3_3.exe",
|
||||||
u"httpd.exe",
|
"httpd.exe",
|
||||||
u"dbisqlc.exe",
|
"dbisqlc.exe",
|
||||||
u"dbsrv16.exe",
|
"dbsrv16.exe",
|
||||||
u"semapisrv.exe",
|
"semapisrv.exe",
|
||||||
u"snac64.exe",
|
"snac64.exe",
|
||||||
u"AutoExcl.exe",
|
"AutoExcl.exe",
|
||||||
u"DoScan.exe",
|
"DoScan.exe",
|
||||||
u"nlnhook.exe",
|
"nlnhook.exe",
|
||||||
u"SavUI.exe",
|
"SavUI.exe",
|
||||||
u"SepLiveUpdate.exe",
|
"SepLiveUpdate.exe",
|
||||||
u"Smc.exe",
|
"Smc.exe",
|
||||||
u"SmcGui.exe",
|
"SmcGui.exe",
|
||||||
u"SymCorpUI.exe",
|
"SymCorpUI.exe",
|
||||||
u"symerr.exe",
|
"symerr.exe",
|
||||||
u"ccSvcHst.exe",
|
"ccSvcHst.exe",
|
||||||
u"DevViewer.exe",
|
"DevViewer.exe",
|
||||||
u"DWHWizrd.exe",
|
"DWHWizrd.exe",
|
||||||
u"RtvStart.exe",
|
"RtvStart.exe",
|
||||||
u"roru.exe",
|
"roru.exe",
|
||||||
u"WSCSAvNotifier",
|
"WSCSAvNotifier",
|
||||||
# Guardicore Centra
|
# Guardicore Centra
|
||||||
# Linux
|
# Linux
|
||||||
u"gc-agents-service",
|
"gc-agents-service",
|
||||||
u"gc-guest-agent",
|
"gc-guest-agent",
|
||||||
u"gc-guardig",
|
"gc-guardig",
|
||||||
u"gc-digger",
|
"gc-digger",
|
||||||
u"gc-fastpath",
|
"gc-fastpath",
|
||||||
u"gc-enforcement-agent",
|
"gc-enforcement-agent",
|
||||||
u"gc-enforcement-channel",
|
"gc-enforcement-channel",
|
||||||
u"gc-detection-agent",
|
"gc-detection-agent",
|
||||||
# Windows
|
# Windows
|
||||||
u"gc-guest-agent.exe",
|
"gc-guest-agent.exe",
|
||||||
u"gc-windig.exe",
|
"gc-windig.exe",
|
||||||
u"gc-digger.exe",
|
"gc-digger.exe",
|
||||||
u"gc-fastpath.exe",
|
"gc-fastpath.exe",
|
||||||
u"gc-enforcement-channel.exe",
|
"gc-enforcement-channel.exe",
|
||||||
u"gc-enforcement-agent.exe",
|
"gc-enforcement-agent.exe",
|
||||||
u"gc-agent-ui.exe"
|
"gc-agent-ui.exe"
|
||||||
]
|
]
|
||||||
|
|
|
@ -26,13 +26,13 @@ class TestSegmentationTests(IslandTestCase):
|
||||||
ip_addresses=[FIRST_SUBNET])
|
ip_addresses=[FIRST_SUBNET])
|
||||||
|
|
||||||
# no findings
|
# no findings
|
||||||
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 0)
|
self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 0)
|
||||||
|
|
||||||
# This is like the monkey is done and sent done telem
|
# This is like the monkey is done and sent done telem
|
||||||
create_or_add_findings_for_all_pairs(all_subnets, monkey)
|
create_or_add_findings_for_all_pairs(all_subnets, monkey)
|
||||||
|
|
||||||
# There are 2 subnets in which the monkey is NOT
|
# There are 2 subnets in which the monkey is NOT
|
||||||
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 2)
|
self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 2)
|
||||||
|
|
||||||
# This is a monkey from 2nd subnet communicated with 1st subnet.
|
# This is a monkey from 2nd subnet communicated with 1st subnet.
|
||||||
SegmentationFinding.create_or_add_to_existing_finding(
|
SegmentationFinding.create_or_add_to_existing_finding(
|
||||||
|
@ -41,6 +41,6 @@ class TestSegmentationTests(IslandTestCase):
|
||||||
Event.create_event(title="sdf", message="asd", event_type=EVENT_TYPE_MONKEY_NETWORK)
|
Event.create_event(title="sdf", message="asd", event_type=EVENT_TYPE_MONKEY_NETWORK)
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 1)
|
self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 1)
|
||||||
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_FAILED)), 1)
|
self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_FAILED)), 1)
|
||||||
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 2)
|
self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 2)
|
||||||
|
|
|
@ -16,7 +16,7 @@ def main():
|
||||||
|
|
||||||
h = SHA3_512.new()
|
h = SHA3_512.new()
|
||||||
h.update(args.string_to_sha)
|
h.update(args.string_to_sha)
|
||||||
print(h.hexdigest())
|
print((h.hexdigest()))
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
|
Loading…
Reference in New Issue