p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
9,881 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

389 Commits

Author SHA1 Message Date
Mike Salvatore c74f0ed472 BB: Change scan list order in test_depth_3_a() to decrease runtime 2022-04-14 13:53:04 -04:00
Mike Salvatore a2c3b74d09 BB: Change test order 2022-04-14 13:52:41 -04:00
Mike Salvatore 16e887a94a Merge pull request #1887 from guardicore/agent-refactor 2022-04-14 12:20:43 -04:00
vakarisz 3ebab643bc BB: Small typo fix 2022-04-14 15:12:18 +03:00
Mike Salvatore 03433a8d75 BB: Format depth_3_a.py with Black 2022-04-13 11:48:32 -04:00
vakaris_zilius 43d38d90e0 BB: Extract powershell cred re-use into a separate test 
Credential re-use only applies to windows island, that's why it's separate
 2022-04-13 14:21:23 +00:00
vakaris_zilius b20de39ce0 BB: Split depth_1_b into separate tests, add SMB_PTH 2022-04-13 16:45:14 +03:00
vakaris_zilius 76ba33a750 BB: Fix a WMI bug in configuration 
Depth 3 a should test PTH, because mimikatz is already being tested in depth 1 a.
 2022-04-13 16:45:14 +03:00
vakaris_zilius c498b22610 BB: Improve configuration documentation with IP's 2022-04-13 16:45:14 +03:00
vakaris_zilius 2dee5698f2 BB: Remove performance test template from test_blackbox.py 2022-04-13 16:45:14 +03:00
vakaris_zilius 1d647a0c6b BB: Move ssh keys test to a separate test suite 2022-04-13 16:45:14 +03:00
vakaris_zilius 03e23778dd BB: Add explanation to how 46 powershell machine can be exploited 2022-04-13 16:45:14 +03:00
vakaris_zilius 4df72d08eb BB: Reduce the time for agents to die to 2 minutes 2022-04-13 16:45:14 +03:00
vakaris_zilius 0b4f98c675 BB: Increase default test timeout to 150s 
Timeout needed an increase because one log4shell machine was slow to communicate back
 2022-04-13 16:45:14 +03:00
vakaris_zilius 549eebd55c BB: Rename depth_4_a to depth_3_a 2022-04-13 16:45:14 +03:00
vakarisz 91a431517a BB: Use grouped tests 
Grouping tests will allow us to run more tests at once
 2022-04-13 16:45:14 +03:00
vakarisz 7a3ec16d16 BB: Add powershell empty credential login test to depth_1_a test 2022-04-13 16:45:14 +03:00
vakarisz ceabb99e7c BB: Add time log for monkey killing time 2022-04-13 16:45:14 +03:00
vakarisz 9ca061e23c BB: Add config templates for grouped tests 2022-04-13 16:45:14 +03:00
vakarisz 48469a59a6 BB: Move single test templates into a dedicated folder 2022-04-13 16:45:12 +03:00
Ilija Lazoroski d9c295bed4 BB: Remove WebLogic exploiter 2022-04-11 11:58:24 +02:00
Mike Salvatore 1f5bb7efaf Merge pull request #1876 from guardicore/1869-remove-drupal 
Remove Drupal exploiter
 2022-04-10 09:45:24 -04:00
Shreya Malviya 378b5178c5 BB: Relate references to the Drupal machine in the Zoo 2022-04-08 20:59:38 +05:30
Ilija Lazoroski d3c60af960 BB: Remove Struts2 exploiter 2022-04-08 12:14:38 +02:00
Shreya Malviya 0789869316 BB: Remove Drupal BB test and related code 2022-04-08 14:27:48 +05:30
Mike Salvatore 394088e39d BB: Reduce DELAY_BETWEEN_ANALYSIS 2022-03-29 16:10:20 -04:00
Mike Salvatore 4e489ad62b
Merge pull request #1814 from guardicore/1801-fix-blackbox-tests 
1801 fix blackbox tests
 2022-03-25 07:18:22 -04:00
Mike Salvatore 35923c1eb1 BB: Reduce the timeouts for tunneling tests 2022-03-24 13:43:04 -04:00
vakarisz a92a8af96b BB: Remove smb-20 machine 2022-03-24 13:08:30 -04:00
Shreya Malviya cb51394439 BB: Add relevant TCP ports to PowerShell config template 2022-03-24 18:43:52 +05:30
Mike Salvatore f8b3b378d6 BB: Skip tests for deprecated exploiters 2022-03-23 14:50:38 -04:00
Mike Salvatore 5835a87d3c BB: Reduce the time that tunnels are held open in tunneling test 2022-03-23 14:50:38 -04:00
Mike Salvatore 123606f23d BB: Reduce time to wait for agents to finish 
Since the agents stop and start so much more quickly now, these delays
can be reduced.
 2022-03-23 14:50:38 -04:00
Mike Salvatore ef9c3f4f32 BB: Add ports 5985 and 5986 to PowerShell tests 2022-03-23 14:50:38 -04:00
Mike Salvatore 88422f9764 BB: Fix API call to kill all monkeys 2022-03-23 14:50:38 -04:00
Shreya Malviya ad61236ed0 BB: Fix password for powershell-46 in Zoo machines' docs 2022-03-21 14:10:16 +05:30
Ilija Lazoroski c000ab6cf8 BB: Update documentation for PowerShell machines 2022-03-21 14:06:54 +05:30
Ilija Lazoroski 747365818f BB: Update documentation for PowerShell machines 2022-03-16 14:20:42 +01:00
Mike Salvatore c075fed2da BB: Remove 'PingScanner' from fingerprinters in config templates 2022-02-28 13:18:07 -05:00
Shreya Malviya 7d76d94959 Zoo: Remove Elastic machines from terraform scripts and docs 2022-02-24 15:16:19 +05:30
Shreya Malviya 6c7e630465 BB: Remove ElasticGroovyExploiter references 2022-02-24 15:14:32 +05:30
Ilija Lazoroski ddc77e6d6a Zoo: Remove ShellShock Exploiter 2022-02-23 13:50:12 +01:00
Shreya Malviya 7787984f4a BB: Remove ProcessListCollector from BB config templates 2022-02-16 17:31:40 +05:30
Mike Salvatore e1cf4fa9c2 Merge branch 'release/1.13.0' into agent-refactor 2022-01-25 13:35:49 -05:00
Mike Salvatore 4a7c8fe411 Merge branch 'release/1.13.0' into develop 2022-01-25 13:23:17 -05:00
vakarisz 28cf8b55cf BB: modified performance config template to contain log4shell machines 2022-01-25 15:16:32 +02:00
Shreya Malviya ce8c178297 BB: Add Log4Shell zoo machines to table of contents, grammar fixes 2022-01-20 17:24:11 +05:30
vakarisz 212fb3a653 BB: black format config_generation_script.py 2022-01-18 15:23:59 +02:00
vakarisz e3f9312ff9 BB: change log4j exploit depth to 1 (default) 
This change is necessary to make sure that exploitation is successfull from a particular machine being tested.
 2022-01-18 11:44:47 +02:00
Ilija Lazoroski 311a721880 BB: Fix IP address for Tomcat machines 2022-01-17 16:34:56 +01:00
vakarisz 77eb3ce004 BB: Added log4j configs to the list of manually generatable configs 2022-01-17 11:40:31 +02:00
vakarisz be79f2bcdb BB: add log4j machines to gcp machine list 2022-01-14 14:51:18 +02:00
vakarisz a7b31dd9e4 BB: add log4shell BB tests 2022-01-13 16:11:10 +02:00
vakarisz aef7beedb3 Zoo: add logstash machines that test log4shell 2022-01-13 12:42:03 +02:00
Ilija Lazoroski dcc68914bd BB: Add log4j machines to monkey zoo 2022-01-10 14:17:48 +01:00
vakarisz 6782f806eb Zoo: add log4j solr machines to terraform scripts and docs 2022-01-07 15:27:50 +02:00
Mike Salvatore 3d56d88512 BB: Remove stale TODO from poweshell test 2021-11-30 13:40:13 -05:00
VakarisZ 86f2a0dc78 BB: remove deleted system info collectors from config templates 2021-11-17 12:59:34 +02:00
VakarisZ f5c8db979f Project: remove remaining sambacry exploiter references in performance.py config template, vulture_allowlist.py and monkey_config_standard.json unit test data file 2021-11-10 15:44:05 +02:00
VakarisZ 136a105e56 BB: remove sambacry machines from BB infrastructure and docs 2021-11-10 15:43:51 +02:00
Shreya Malviya b005946d88 BB: Remove VSFTPD exploiter from BB performance test's config template 2021-10-29 18:17:33 +05:30
VakarisZ 1ad74a4bff BB: fix zerologon test to check propagation via SMB as well 
ZeroLogon doesn't propagate to the machine it only steals the credentials. It's best to make sure that propagation is also possible by running SMB exploiter
 2021-10-26 10:21:36 -04:00
Mike Salvatore 8d7a5a410c BB: Remove ".\\m0nk3y" user from Powershell user list 
This user was added to work around issue #1486. Since d4a1c2bda resolves
that issue, this user can be removed from the config for this test.
 2021-10-19 08:23:07 -04:00
Ilija Lazoroski 6787cce1d0 Zoo: Change API registration parameter 2021-10-14 14:52:13 +02:00
VakarisZ 2d28c4e800 Zoo: fix the fullDocs.md by removing the outdated section about monkey configurations, add a sections about what to do with the island if you're a simple user 2021-10-07 16:56:10 +03:00
VakarisZ f7e0b4fef1 Zoo: add missing tunneling-12 image definition to terraform scripts 2021-10-07 13:55:48 +03:00
Ilija Lazoroski a438f3afb0 Zoo: Replace --os with --skip-powershell-reuse 
With this logic the powershell cached will run
if we don't provide the cli param --skip-powershell-reuse.
 2021-09-28 17:31:20 +02:00
Ilija Lazoroski 07c08ac0b6 Zoo: Reformat powershell cached credentials test 2021-09-27 19:02:13 +02:00
Ilija Lazoroski 689e6ac532 Zoo: Add os specific black box test. 
Add new --os flag to the blackbox tests.
If not specified it will skip all os marked tests.
 2021-09-27 13:08:52 +02:00
Ilija Lazoroski b90e9ccf21 Zoo: Add second hop bb test 
Added new powershell-3-48 machine for second hop test.
Explanation why cached are not working after the first hop.
Documentation for the zoo.
 2021-09-24 15:29:11 +02:00
VakarisZ b69916428b Remove T1129 attack technique from the codebase 2021-09-17 14:19:42 +03:00
VakarisZ dec2fc43c2
Merge pull request #1449 from guardicore/powershell-exploiter-ntlm-hashes 
Use LM and NT hashes in powershell exploiter
 2021-09-09 11:56:02 +03:00
Ilija Lazoroski d27194c568 Zoo: Fix powershell bb config for ntlm hash 2021-09-06 13:50:24 +02:00
VakarisZ 57908b94eb
Merge pull request #1452 from guardicore/1418/bb-to-use-credentials 
Zoo: Change island to use credentials
 2021-09-06 10:28:39 +03:00
Ilija Lazoroski 1e5d49024d Zoo: Change island to use credentials 2021-09-06 09:17:15 +02:00
Ilija Lazoroski 18c21513af Zoo: Add new machine for powershell exploiter 2021-09-02 17:06:22 +02:00
Shreya Malviya 13b1904cf7
Merge pull request #1427 from guardicore/1246/powershell-documentation 
Documentation for PowerShell exploiter
 2021-09-01 15:11:39 +05:30
Mike Salvatore d22c7813a5 BB: Switch the scanning order in tunneling tests 
Because the SMB exploiter deploys the 32-bit agent, which will then
upgrade itself to 64-bit, it takes a long time between when exploitation
is successful and the agent calls home. By switching the order that
hosts are scanned in, this test runs approximately 25 seconds quicker
and allows us to reduce the `keep_tunnel_open_time` setting by 30
seconds.
 2021-08-30 13:28:25 -04:00
Shreya Malviya 54f80df1f4 bb: Remove extra line from end of file 2021-08-30 15:12:35 +05:30
Ilija Lazoroski 9a96e6ed39 Zoo: Refactor start and stop gcp machine functions 2021-08-26 10:35:22 +02:00
Ilija Lazoroski e6ca0fd3b6 Zoo: Parallelize start and stop of gcp machines 2021-08-25 10:07:41 +02:00
Ilija Lazoroski 73a3f2057a Docs: Documentation for PowerShell. Update zoo docs 2021-08-24 15:16:10 +02:00
Ilija Lazoroski 5cee9443ff Zoo: Remove GCPHandler class. Powershell-3-47 renamed to 
Powershell-3-46. Powershell-45 moved to different zone
 2021-08-24 15:11:22 +02:00
Ilija Lazoroski 9f2a4cb7e4 Zoo: Update terraform scripts. Update gcp test machine list with new zone 2021-08-24 11:56:09 +02:00
Ilija Lazoroski 305b2cf716 Zoo: Add PowerShell config and bb test 2021-08-24 10:32:54 +02:00
Mike Salvatore 087c8f2cf8 BB: Remove internet_services from BaseTemplate 2021-08-19 14:16:44 -04:00
Ilija Lazoroski e393374ae6 BB: Increase scope depth for Struts2 2021-08-05 10:36:33 +02:00
Mike Salvatore f6b52d9031 BB: Don't wait so long for monkeys to die 
With the propagation depth set to 1 for most tests and the number of
scanned ports limited, we don't need such a large delay when waiting for
monkeys to die.
 2021-08-04 15:06:11 -04:00
Mike Salvatore ee77869357 BB: Limit propagation depth to 1 for most tests 2021-08-04 15:06:03 -04:00
Mike Salvatore c34a303628 BB: Limit scanned ports for SMB PTH test 2021-08-04 13:54:17 -04:00
Mike Salvatore 8d992f41d3 BB: Update config_values with smb_pth settings 2021-08-04 13:54:17 -04:00
Mike Salvatore e946b547c7 BB: Limit scanned ports for WMI PTH test 2021-08-04 13:54:13 -04:00
Mike Salvatore 0c23568756 BB: Limit scanned ports for zerologon test 2021-08-04 13:31:39 -04:00
Mike Salvatore 4d9162d168 BB: Limit scanned ports for weblogic test 2021-08-04 13:28:46 -04:00
Mike Salvatore 5143d03915 BB: Fix "Strtuts2" typo 2021-08-04 13:15:49 -04:00
Mike Salvatore 472c54814a BB: Limit scanned ports for struts exploiter 2021-08-04 13:15:24 -04:00
Mike Salvatore efd512cbad BB: Limit scanned ports for wmi and mimikatz 2021-08-04 12:57:08 -04:00
Mike Salvatore 833ebf9fd0 BB: Limit scanned ports for smb and mimikatz 2021-08-04 12:56:42 -04:00
Mike Salvatore 3136921beb BB: Limit scanned ports for hadoop test 2021-08-04 12:36:23 -04:00
Ilija Lazoroski 862a64b303 BB: Improve Drupal performance 2021-08-04 15:45:02 +02:00
Mike Salvatore f58c9354fc BB: Limit scanned ports for mssql test 2021-08-04 09:59:23 -04:00
Mike Salvatore e36cd72a70 BB: Limit scanned ports for elastic test 2021-08-04 09:30:54 -04:00
Ilija Lazoroski 7ccec16d69 BB: Improve shellshock and ssh. 2021-08-04 13:49:22 +02:00
Mike Salvatore 8ae0d5720b BB: Add utility scripts to start and stop all GCP machines 2021-08-02 07:10:50 -04:00
Mike Salvatore 275dbeccdd BB: Move GCP_TEST_MACHINE_LIST to its own file 
Allows the GCP_TEST_MACHINE_LIST to be reused by other utility scripts
 2021-08-02 07:09:37 -04:00
VakarisZ 568a97e5a5 BB performance tests: update the outdated README.md and other small improvements 2021-07-31 19:40:19 -04:00
Ilija Lazoroski cf0da5dc7d BB: Change internet services default config. 2021-07-30 06:17:46 -04:00
Mike Salvatore abe8fc268b Tests: Fix flakey elastic blackbox test 
Fixes #1117
 2021-07-21 08:39:24 -04:00
Mike Salvatore 61c3efdf83 Tests: Speed up blackbox tests by 1 minute each 
The "keep_tunnel_open_time" option adds an unnecessary 60 second delay
to each test (except the tunneling test, where it is necessary). By
setting the time to 0, each test now runs 60 seconds faster.
 2021-07-21 08:23:02 -04:00
VakarisZ 49e63fcf1b Improve exception message, thrown when trying to establish connection to island in BB tests 2021-05-21 08:41:28 +03:00
VakarisZ af049b468b BB tests: removed island connectivity test. Now the connection is tested in fixture and if anything goes wrong tests are not launched 2021-05-20 16:47:00 +03:00
VakarisZ 488143b1d3 BB tests: added the ability for BB tests to "register". If they need registration to run monkeys, BB tests selects passwordless option 2021-05-20 16:47:00 +03:00
VakarisZ b79ef1680c
Update envs/monkey_zoo/blackbox/README.md 
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
 2021-05-17 14:39:30 +03:00
VakarisZ 2e2fd0a53c Changed blackbox tests to fail and stop if they can't connect to the island. 2021-05-13 09:15:33 +03:00
VakarisZ fbbce0cd99 Small improvements in readme of blackbox tests. 2021-05-13 09:14:50 +03:00
VakarisZ 45f2702403 Reverted back to fetching file directory first when resolving GCP keys. This is to make gcp key file relative to utils directory, not the current file. This will make it less confusing, because people usually navigate directories, not files. 2021-05-12 16:58:46 +03:00
VakarisZ 7a03a9504d Removed the `relative_key_path` parameter from GCPHandler class because it's unused and has a misleading name. 2021-05-12 16:33:52 +03:00
VakarisZ c45de9dae7 Improved readability of gcp_machine_handlers.py 2021-05-12 10:41:52 +03:00
VakarisZ e76d53a2a8 BlackBox test fixes: improved the mechanism of locating gcp keys and improved error handling if tests can't connect to gcp 2021-05-11 10:44:02 +03:00
Mike Salvatore 5b75dc524a zoo: Send password (not hash) to authenticate with Island 
This step was missed in merge e609094a.
 2021-05-06 21:39:50 -04:00
VakarisZ 5f9672c4c4 Changed --no-performance-tests to --run-performance-tests for convenience (skipping performance tests by default) and documented changes in CHANGELOG.md 2021-04-30 09:41:20 +03:00
VakarisZ 9a169629bf Added an option to skip performance during blackbox tests 2021-04-30 09:41:20 +03:00
Shreya 294e8fe56a Fix DU0116 warnings in blackbox tests 
by ignoring them
 2021-04-28 10:47:28 -04:00
Shreya c0fdc9561f Fix DUO123 warnings 2021-04-28 10:46:41 -04:00
Mike Salvatore 7a1588152d zoo: remove requirements.txt 2021-04-22 09:50:30 -04:00
VakarisZ 84ed067f28 Fixed gitignores to exclude some irrelevant files 2021-04-09 14:54:02 +03:00
Mike Salvatore 39843527ae zoo: Remove unused import from zerologon_analyzer.py 2021-04-07 13:51:47 -04:00
Mike Salvatore c9d64ea40c zoo: resolve E501 flake8 warnings in monkey zoo 2021-04-07 13:47:50 -04:00
Mike Salvatore 4466ff44cf Run black to resolve E261 warnings 2021-04-07 13:40:01 -04:00
VakarisZ 03bcfc97af All E501 errors fixed, but formatting screwed up 2021-04-07 13:40:01 -04:00
Mike Salvatore f85e6fc7d0 Sort all imports using isort 5.8.0 2021-04-06 18:01:59 -04:00
Mike Salvatore c40f7bf6c9 Reformat all python with black v20.8b1 2021-04-06 09:20:18 -04:00
VakarisZ e8c03f9bc4 Fixed tunneling test configuration template 2021-03-19 16:53:31 +02:00
VakarisZ 6a7d08c93e Improved README.md of config file generation script 2021-03-09 14:51:56 +02:00
VakarisZ 92d9226edf Bugfixed a couple of config templates. 2021-03-09 14:51:35 +02:00
VakarisZ a4aee364b4 Ran black on config generation script 2021-03-09 10:23:35 +02:00
VakarisZ c234891330 Minor fixes in config file generation script: added island IP param in docs and added Drupal to configs 2021-03-08 17:27:57 +02:00
VakarisZ 6a6dd67113 Refactored config templates to inherit from ConfigTemplate class instead of BaseTemplate 2021-03-08 17:21:59 +02:00
VakarisZ 5f41ce54c6 Added config file generation script, which can generate config files from config templates. 2021-03-08 17:20:32 +02:00
VakarisZ b65524a85d Refactored "island_configs" dir to "config_templates" dir in blackbox 2021-03-08 17:20:21 +02:00
Mike Salvatore 551928369a zoo: update command to run blackbox tests 
Commit 3f687f6ae introduced a dependency on `common/`. Update the
instructions in blackbox/README.md to reflect this change.
 2021-03-08 09:47:16 -05:00
Mike Salvatore 34b0830c77 zoo: add drupal exploiter blackbox test 2021-03-08 09:42:48 -05:00
Mike Salvatore 3164ae77c4 zoo: add drupal-28 to teraform scrips 2021-03-08 08:54:45 -05:00
Mike Salvatore 0fb0c58fd4 zoo: add missing port number in blackbox/README.md 2021-03-08 08:54:15 -05:00
VakarisZ f43d9fe035 ZL BB tests: Renamed "ZeroLogon" to "Zerologon" for cinsistency, extracted relevant credential extortion from island config into a separate method. 2021-03-08 13:58:11 +02:00
VakarisZ 70ec513f51 Added logging to the ZeroLogon analyzer 2021-03-08 13:10:14 +02:00
VakarisZ b43f669081 Bugfix: removed unneeded exploitation test run in ZeroLogon BB test 2021-03-08 12:35:31 +02:00
VakarisZ 44f6ce36b6 Fixed credentials in zerologon exploiter to match. 2021-03-08 12:05:00 +02:00
VakarisZ 263fa53ea5 Added an endpoint on the island for telemetry tests. This allows for tests like blackbox tests to send queries and check whether a certain telemetry is in the database or not 2021-03-08 11:13:31 +02:00
VakarisZ f6b0682297 Added ZeroLogon test to the BlackBox infrastructure. 2021-03-08 11:07:24 +02:00