Merge pull request #243 from guardicore/feature/scan_with_ping

Search for new machines using ICMP and not just port scan
2019-01-26 20:13:46 +02:00 · 2019-01-26 20:13:46 +02:00 · b74965c285
parent 10c88c0a41 53228e8cea
commit b74965c285
6 changed files with 11 additions and 25 deletions
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@ -135,7 +135,6 @@ class Configuration(object):
    # how many scan iterations to perform on each run
    max_iterations = 1

-    scanner_class = None
    finger_classes = []
    exploiter_classes = []

--- a/monkey/infection_monkey/example.conf
+++ b/monkey/infection_monkey/example.conf
@ -65,7 +65,6 @@
    "smb_download_timeout": 300,
    "smb_service_name": "InfectionMonkey",
    "retry_failed_explotation": true,
-    "scanner_class": "TcpScanner",
    "self_delete_in_cleanup": true,
    "serialize_config": false,
    "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@ -133,8 +133,7 @@ class InfectionMonkey(object):
            if not self._keep_running or not WormConfiguration.alive:
                break

-            machines = self._network.get_victim_machines(WormConfiguration.scanner_class,
-                                                         max_find=WormConfiguration.victims_max_find,
+            machines = self._network.get_victim_machines(max_find=WormConfiguration.victims_max_find,
                                                         stop_callback=ControlClient.check_for_stop)
            is_empty = True
            for machine in machines:
@ -148,7 +147,7 @@ class InfectionMonkey(object):
                    finger.get_host_fingerprint(machine)

                ControlClient.send_telemetry('scan', {'machine': machine.as_dict(),
-                                                      'scanner': WormConfiguration.scanner_class.__name__})
+                                                      })

                # skip machines that we've already exploited
                if machine in self._exploited_machines:
--- a/monkey/infection_monkey/network/network_scanner.py
+++ b/monkey/infection_monkey/network/network_scanner.py
@ -6,7 +6,7 @@ from infection_monkey.config import WormConfiguration
 from infection_monkey.network.info import local_ips, get_interfaces_ranges
 from infection_monkey.model import VictimHost
 from infection_monkey.network import HostScanner
-
+from infection_monkey.network import TcpScanner, PingScanner
 __author__ = 'itamar'

 LOG = logging.getLogger(__name__)
@ -62,7 +62,7 @@ class NetworkScanner(object):

        return subnets_to_scan

-    def get_victim_machines(self, scan_type, max_find=5, stop_callback=None):
+    def get_victim_machines(self, max_find=5, stop_callback=None):
        """
        Finds machines according to the ranges specified in the object
        :param scan_type: A hostscanner class, will be instanced and used to scan for new machines
@ -70,10 +70,9 @@ class NetworkScanner(object):
        :param stop_callback: A callback to check at any point if we should stop scanning
        :return: yields a sequence of VictimHost instances
        """
-        if not scan_type:
-            return

-        scanner = scan_type()
+        TCPscan = TcpScanner()
+        Pinger = PingScanner()
        victims_count = 0

        for net_range in self._ranges:
@ -94,9 +93,11 @@ class NetworkScanner(object):
                    continue

                LOG.debug("Scanning %r...", victim)
+                pingAlive = Pinger.is_host_alive(victim)
+                tcpAlive = TCPscan.is_host_alive(victim)

                # if scanner detect machine is up, add it to victims list
-                if scanner.is_host_alive(victim):
+                if pingAlive or tcpAlive:
                    LOG.debug("Found potential victim: %r", victim)
                    victims_count += 1
                    yield victim
--- a/monkey/infection_monkey/network/ping_scanner.py
+++ b/monkey/infection_monkey/network/ping_scanner.py
@ -59,9 +59,9 @@ class PingScanner(HostScanner, HostFinger):
        if regex_result:
            try:
                ttl = int(regex_result.group(0))
-                if LINUX_TTL == ttl:
+                if ttl <= LINUX_TTL:
                    host.os['type'] = 'linux'
-                elif WINDOWS_TTL == ttl:
+                else:  # as far we we know, could also be OSX/BSD but lets handle that when it comes up.
                    host.os['type'] = 'windows'
                return True
            except Exception as exc:
--- a/monkey/monkey_island/cc/services/config_schema.py
+++ b/monkey/monkey_island/cc/services/config_schema.py
@ -431,18 +431,6 @@ SCHEMA = {
                    "title": "Classes",
                    "type": "object",
                    "properties": {
-                        "scanner_class": {
-                            "title": "Scanner class",
-                            "type": "string",
-                            "default": "TcpScanner",
-                            "enum": [
-                                "TcpScanner"
-                            ],
-                            "enumNames": [
-                                "TcpScanner"
-                            ],
-                            "description": "Determines class to scan for machines. (Shouldn't be changed)"
-                        },
                        "finger_classes": {
                            "title": "Fingerprint classes",
                            "type": "array",