Commit Graph

144 Commits

Author SHA1 Message Date
Ilija Lazoroski db8e1e50da Agent: Add add_credentials_from_event_to_propagation_credentials_repository
Callable class that adds credentials to the propagation credentials
repository
2022-08-15 09:30:04 +02:00
Mike Salvatore dc0f865f9b
Merge pull request #2192 from guardicore/2176-initialize-event-queue
Initialize IEventQueue
2022-08-12 10:14:20 -04:00
Ilija Lazoroski 21c9ea9d44 Agent: Initialize IEventQueue 2022-08-12 15:31:55 +02:00
Ilija Lazoroski 743d40abab Common: Rename StolenCredentialsEvent to CredentialsStolenEvent 2022-08-12 09:39:04 +02:00
Ilija Lazoroski 889863bb93 Common: Define StolenCredentialsEvent 2022-08-11 19:36:52 +02:00
Mike Salvatore 87cbdd9fb8 Common: Rename subscribe_all() -> subscribe_all_events() 2022-08-10 09:17:13 -04:00
Shreya Malviya 3938e2f377 Project: Add subscribe_all_event_types to Vulture allowlist 2022-08-09 19:00:05 +05:30
Shreya Malviya 7a77fd82df Project: Add event queue's entries to Vulture allowlist 2022-08-09 17:12:48 +05:30
Ilija Lazoroski 8586d89062 Island: Implement Version object 2022-08-03 16:43:04 +02:00
Mike Salvatore c7be5f6c68 Project: Add AbstractEvent to vulture_allowlist.py 2022-08-02 20:38:08 -04:00
Shreya Malviya 9c7b69dd7b Project: Add 'validate_windows_filename_not_reserved' to Vulture's allowlist 2022-07-27 12:32:07 +05:30
vakarisz 91e8ce62db Common: Freeze lists to tuples in agent configuration 2022-07-26 17:25:06 +03:00
vakarisz 43387dc1a5 Common: Use IJSONSerializable interface for credentials 2022-07-12 13:48:20 +03:00
Mike Salvatore 59a9aa8a53 Project: Ignore decorated Schema methods in credentials.py 2022-07-07 07:37:15 -04:00
Mike Salvatore 0be43157cf Common: Add PasswordSchema 2022-07-06 10:46:05 -04:00
Mike Salvatore 035734992c Island: Change parameter names in ICredentialsRepository.save_*() 2022-07-05 10:50:28 -04:00
Ilija Lazoroski 6695e5b4ac Island: Modify IStolenCredentialsRepository
* Rename to ICredentialsRepository
* Add {get/remove/save}_{stolen/configured}_credentials
2022-07-05 16:25:39 +02:00
Mike Salvatore a84220f343 Project: Remove nonexistant _make_agent_configuration from vulture 2022-07-01 13:10:01 -04:00
Mike Salvatore 0137c89158 Island: Add preliminary Simulation class
Includes just the island's mode for now.
2022-07-01 13:10:01 -04:00
Mike Salvatore d4c7b97229 Island: Add UNSET to IslandModeEnum 2022-06-30 13:12:26 -04:00
Mike Salvatore 13a7e4ea31 Project: Remove OperatingSystems enums from vulture allowlist 2022-06-27 09:37:20 -04:00
Mike Salvatore f25a81635c
Merge pull request #2030 from guardicore/1960-configuration-schema
1960 configuration schema
2022-06-17 10:31:56 -04:00
Mike Salvatore e0ae109368 Common: Add AgentConfiguration 2022-06-17 09:27:51 -04:00
Mike Salvatore a41b2e3ea4 Common: Add PropagationConfiguration 2022-06-17 09:04:00 -04:00
Mike Salvatore 9bbf5c8ae7 Common: Add NetworkScanConfiguration 2022-06-17 08:50:48 -04:00
Mike Salvatore 2c4069ae1b Project: Remove Meta, unknown from vulture_allowlist.py
These are no longer needed after db9d57a526.
2022-06-17 08:31:04 -04:00
Mike Salvatore 3c879f444d Common: Add ScanTargetConfigurationSchema 2022-06-17 08:30:42 -04:00
Mike Salvatore 7e9c481992 Common: Rename marshmallow post_load methods to be protected 2022-06-17 08:22:31 -04:00
Mike Salvatore 0b810f5d56 Common: Add TCPScanConfigurationSchema 2022-06-17 08:14:35 -04:00
Mike Salvatore afd3160c2f Common: Add ExploitationOptionsConfiguration 2022-06-16 20:20:35 -04:00
Mike Salvatore 70e8bca1ea Common: Use OperatingSystems enum in ExploiterConfigurationSchema 2022-06-16 20:20:35 -04:00
Mike Salvatore 9d73252ff5 Common: Add ExploiterConfiguration 2022-06-16 20:20:35 -04:00
Mike Salvatore bdad41057c Common: Add CustomPBAConfiguration 2022-06-16 20:20:35 -04:00
Mike Salvatore c79f62e682 Common: Add PluginConfiguration 2022-06-16 20:20:35 -04:00
Mike Salvatore c53864cdd7 Common: Add release_convention() 2022-06-16 09:26:04 -04:00
Shreya Malviya f989fdff06 Project: Remove `export_monkey_telems` from Vulture's allowlist 2022-06-10 12:10:52 -07:00
vakarisz faf2259c59 Island: Rename repository file names to snake case 2022-05-31 12:59:38 +03:00
vakarisz 1077a84623 Project: Ignore unused classes created for dal layer 2022-05-24 10:27:07 +03:00
Mike Salvatore 2804ba9b07 Island: Return AWSCommandResults from start_infection_monkey_agent() 2022-05-10 13:09:56 -04:00
Ilija Lazoroski 7baccefae1 Project: Remove WebLogic references 2022-04-11 11:58:24 +02:00
Mike Salvatore 1f5bb7efaf Merge pull request #1876 from guardicore/1869-remove-drupal
Remove Drupal exploiter
2022-04-10 09:45:24 -04:00
Ilija Lazoroski 3ecaff0686 Project: Remove Struts2 entry from vulture 2022-04-08 12:19:04 +02:00
Shreya Malviya 22e4e9c0ab Project: Remove constant DRUPAL from Vulture's allowlist 2022-04-08 13:49:22 +05:30
Mike Salvatore 9738430333 Project: Remove temporary agent-refactor vulture exceptions 2022-03-30 07:31:29 -04:00
Mike Salvatore 2c32c354ae Agent: Remove MockMaster
This mock has outlived its usefulness and can now be removed.
2022-03-30 07:20:37 -04:00
Shreya Malviya 99b621f2c8 Project: Add config's post_breach_actions to Vulture's allowlist 2022-03-30 12:29:27 +05:30
Shreya Malviya 1f2867a70a Project: Add ProcessListCollection to Vulture's allowlist 2022-03-29 14:20:29 +03:00
Mike Salvatore 4316329384 Project: Add strict_slashes to vulture_allowlist 2022-03-25 07:57:54 -04:00
Mike Salvatore a1d08abe19 Project: Rename EXPLOITED_* to PROPAGATED_*
These states were renamed in 5e3829aab and 2c8aef6d8
2022-03-25 07:57:54 -04:00
Mike Salvatore bfd9084ce1 Project: Add architecture parameter to vulture_allowlist 2022-03-16 13:39:39 -04:00
Mike Salvatore cd3f5e7f16 Project: Add get_file_sha256_hash() to vulture_allowlist.py 2022-03-16 13:38:33 -04:00
vakarisz 1d15288b64 Agent, Island: remove/rename system info collection infrastructure
System info collectors got replaced with credential collectors. Infrastructure in the code needs to be renamed accordingly
2022-03-01 14:54:20 +02:00
vakarisz afc98667c4 Island: remove unused "creds" properties from monkey model 2022-02-25 15:38:36 +02:00
Shreya Malviya a599edec15 Project: Remove ELASTIC exploiter descriptor enum from Vulture's allowlist 2022-02-24 15:12:00 +05:30
Ilija Lazoroski d8e203dd50 Project: Change readme and remove shellshock from vulture 2022-02-23 13:50:12 +01:00
Shreya Malviya fcfa01223d Project: Remove ProcessListCollector from Vulture allowlist 2022-02-16 17:06:17 +05:30
Ilija Lazoroski 7f6496b330 Island, UT: Remove system info AWS Collector 2022-02-14 12:00:08 +01:00
Shreya Malviya 9dc0a6ed6f Project: Remove removed Scoutsuite constants from Vulture allowlist 2022-02-09 14:27:20 +05:30
Shreya Malviya 2c88d6053c Project: Remove deleted constants from Vulture's allowlist 2022-02-01 16:40:06 +01:00
Ilija Lazoroski b5c51bedc1 Island, UT: Remove Bootloader endpoint 2022-02-01 15:32:13 +01:00
Ilija Lazoroski ff87252a24 Agent, Island: Remove MS08_67 exploiter 2022-01-31 11:11:33 +01:00
Mike Salvatore e1cf4fa9c2 Merge branch 'release/1.13.0' into agent-refactor 2022-01-25 13:35:49 -05:00
vakarisz a5a4957c29 Agent: small readability and style improvements 2022-01-18 15:01:47 +02:00
vakarisz 9d5ea0f41f Island: add log4shell issue processing and reporting 2022-01-06 12:26:00 +02:00
vakarisz c382987430 Project: vulture allow LDAPServerFactory.buildProtocol 2022-01-05 15:18:12 +02:00
Ilija Lazoroski c129e2f4b0 Project: Remove mysqlfinger references in Vulture 2021-12-14 14:54:20 +01:00
VakarisZ 4fdd3370ca Island, UI: implement the endpoint for stopping all monkeys, change the UI to call this endpoint and send a timestamp of button press 2021-12-08 14:48:57 +02:00
Mike Salvatore 137afa6473 Agent: Don't register new signal handler in monkey.py (for now)
The signal handler is not quite ready for prime time. Issue #1595 and
issue #1597 will need to be resolved before the signal handler can be
fully ready. For now, don't register the signal handler.
2021-11-24 13:46:18 -05:00
Shreya Malviya 7b0f08ee54 Agent: Finish implementing MockMaster
Also modified ExploitTelem and PostBreachTelem internals, and
MockPuppet.
2021-11-24 13:54:46 +05:30
Ilija Lazoroski 839024f243 Island: Fix formatting in config 2021-11-23 15:20:19 +01:00
Mike Salvatore 4fc484cd8d Agent: Add a preliminary MockPuppet implementation 2021-11-22 13:05:30 -05:00
VakarisZ a8d6f936f1 Agent, Island: remove hostname collector 2021-11-17 11:30:12 +02:00
VakarisZ 0175199540 Island, Agent: remove environment collector 2021-11-16 17:49:38 +02:00
VakarisZ f5c8db979f Project: remove remaining sambacry exploiter references in performance.py config template, vulture_allowlist.py and monkey_config_standard.json unit test data file 2021-11-10 15:44:05 +02:00
Shreya Malviya ee79ea0a9d Project: Remove variable 'VSFTPD' from Vulture's allowlist 2021-10-29 18:15:38 +05:30
VakarisZ 8b9ddb0c4b Removed unnecessary vulture ignores from whitelist 2021-09-28 11:04:42 +03:00
VakarisZ e6ad125be9 Change the telemetry model to have a method for fetching the telemetries based on queries.
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
VakarisZ c7e91c5784 Add report model and a unit test for it's encryption 2021-09-21 10:39:39 +03:00
Mike Salvatore 805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
Mike Salvatore 8aedc2c391 Agent: Add pyinstaller hooks for pypsrp 2021-08-25 14:44:31 -04:00
Ilija Lazoroski 5cee9443ff Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00
Shreya Malviya b6c3623e74 agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting') 2021-08-24 13:15:47 +05:30
VakarisZ 2b71fb80c7 Fixed missing powershell exploiter report components. 2021-08-24 11:40:39 +05:30
VakarisZ 9966c54fe2 Added powershell remoting exploiter. 2021-08-24 11:40:39 +05:30
VakarisZ 91ca828c72 Monkey: add launch time to the monkey collection
Launch time is needed if we want to tell the user when exactly the exploit occurred/monkey got run
2021-07-26 11:28:40 +03:00
Ilija Lazoroski 81a8ccf673 Island: Return empty post status for island mode 2021-07-13 10:25:48 -04:00
Mike Salvatore 96fc33025e Island: Redirect gevent tracebacks to file and log exceptions
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.

Fixes #859
2021-07-06 08:39:30 -04:00
Mike Salvatore 01b9c41c6e Remove mock_home_env() from vulture_allowlist.py 2021-07-02 18:59:24 -04:00
Mike Salvatore 6307606010 Remove get_files_to_encrypt from Vulture's allow list 2021-06-23 07:14:57 -04:00
Shreya 5b64ea5151 agent: ransomware: Iterate through files in directory and get list of files to encrypt 2021-06-22 19:30:44 +05:30
VakarisZ fc1f12c24d Implemented safety check on import. 2021-06-03 17:02:12 +03:00
VakarisZ 9fcfaac781 Improved exceptions thrown in configuration decryption and unit tests. 2021-06-03 17:01:56 +03:00
Shreya 52b57a7166 Have Vulture skip tests/ instead of tests/unit_tests/ 2021-06-03 11:57:44 +05:30
Shreya b69c1c531a Rename vulture_whitelist.py -> vultue_allowlist.py 2021-06-02 13:08:37 +05:30