monkey/monkey_island/cc/services/report.py

from cc.database import mongo
from cc.services.config import ConfigService
from cc.services.edge import EdgeService
from cc.services.node import NodeService

__author__ = "itay.mizeretz"


class ReportService:
    def __init__(self):
        pass

    @staticmethod
    def get_first_monkey_time():
        return mongo.db.telemetry.find({}, {'timestamp': 1}).sort([('$natural', 1)]).limit(1)[0]['timestamp']

    @staticmethod
    def get_last_monkey_dead_time():
        return mongo.db.telemetry.find({}, {'timestamp': 1}).sort([('$natural', -1)]).limit(1)[0]['timestamp']

    @staticmethod
    def get_breach_count():
        return mongo.db.edge.count({'exploits.result': True})

    @staticmethod
    def get_successful_exploit_types():
        exploit_types = mongo.db.command({'distinct': 'edge', 'key': 'exploits.exploiter'})['values']
        return [exploit for exploit in exploit_types if ReportService.did_exploit_type_succeed(exploit)]

    @staticmethod
    def get_tunnels():
        return [
            (NodeService.get_monkey_label_by_id(tunnel['_id']), NodeService.get_monkey_label_by_id(tunnel['tunnel']))
            for tunnel in mongo.db.monkey.find({'tunnel': {'$exists': True}}, {'tunnel': 1})]

    @staticmethod
    def get_scanned():
        nodes =\
            [NodeService.get_displayed_node_by_id(node['_id']) for node in mongo.db.node.find({}, {'_id': 1})]\
            + [NodeService.get_displayed_node_by_id(monkey['_id']) for monkey in mongo.db.monkey.find({}, {'_id': 1})]
        nodes = [
            {
                'label':
                    node['hostname'] if 'hostname' in node else NodeService.get_node_by_id(node['id'])['os']['version'],
                'ip_addresses': node['ip_addresses'],
                'accessible_from_nodes':
                    (x['hostname'] for x in
                     (NodeService.get_displayed_node_by_id(edge['from'])
                      for edge in EdgeService.get_displayed_edges_by_to(node['id']))),
                'services': node['services']
            }
            for node in nodes]

        return nodes

    @staticmethod
    def get_reused_passwords():
        password_dict = {}
        password_list = ConfigService.get_config_value(['basic', 'credentials', 'exploit_password_list'])
        for password in password_list:
            machines_with_password =\
                [
                    NodeService.get_monkey_label_by_id(node['_id'])
                    for node in mongo.db.monkey.find({'creds.password': password}, {'_id': 1})
                ]
            if len(machines_with_password) >= 2:
                password_dict[password] = machines_with_password

        return password_dict

    @staticmethod
    def get_exploited():
        exploited =\
            [NodeService.get_displayed_node_by_id(monkey['_id']) for monkey in mongo.db.monkey.find({}, {'_id': 1})
             if not NodeService.get_monkey_manual_run(NodeService.get_monkey_by_id(monkey['_id']))]\
            + [NodeService.get_displayed_node_by_id(node['_id'])
               for node in mongo.db.node.find({'exploited': True}, {'_id': 1})]

        exploited = [
            {
                'label': monkey['hostname'] if 'hostname' in monkey else monkey['os']['version'],
                'ip_addresses': monkey['ip_addresses'],
                'exploits': [exploit['exploiter'] for exploit in monkey['exploits'] if exploit['result']]
            }
            for monkey in exploited]

        return exploited

    @staticmethod
    def get_report():
        return \
            {
                'first_monkey_time': ReportService.get_first_monkey_time(),
                'last_monkey_dead_time': ReportService.get_last_monkey_dead_time(),
                'breach_count': ReportService.get_breach_count(),
                'successful_exploit_types': ReportService.get_successful_exploit_types(),
                'tunnels': ReportService.get_tunnels(),
                'scanned': ReportService.get_scanned(),
                'exploited': ReportService.get_exploited(),
                'reused_passwords': ReportService.get_reused_passwords()
            }

    @staticmethod
    def did_exploit_type_succeed(exploit_type):
        return mongo.db.edge.count(
            {'exploits': {'$elemMatch': {'exploiter': exploit_type, 'result': True}}},
            limit=1) > 0
Add basic report logic 2017-10-16 01:06:26 +08:00			`from cc.database import mongo`
Add reused passwords 2017-11-12 22:13:40 +08:00			`from cc.services.config import ConfigService`
Change machine name to be hostname when possible, and os['version'] otherwise 2017-11-21 19:50:29 +08:00			`from cc.services.edge import EdgeService`
Add tunnel info to report 2017-11-07 19:17:02 +08:00			`from cc.services.node import NodeService`
Add basic report logic 2017-10-16 01:06:26 +08:00
			`__author__ = "itay.mizeretz"`


			`class ReportService:`
			`def __init__(self):`
			`pass`

			`@staticmethod`
			`def get_first_monkey_time():`
			`return mongo.db.telemetry.find({}, {'timestamp': 1}).sort([('$natural', 1)]).limit(1)[0]['timestamp']`

			`@staticmethod`
			`def get_last_monkey_dead_time():`
			`return mongo.db.telemetry.find({}, {'timestamp': 1}).sort([('$natural', -1)]).limit(1)[0]['timestamp']`

			`@staticmethod`
			`def get_breach_count():`
			`return mongo.db.edge.count({'exploits.result': True})`

			`@staticmethod`
			`def get_successful_exploit_types():`
			`exploit_types = mongo.db.command({'distinct': 'edge', 'key': 'exploits.exploiter'})['values']`
			`return [exploit for exploit in exploit_types if ReportService.did_exploit_type_succeed(exploit)]`

Add tunnel info to report 2017-11-07 19:17:02 +08:00			`@staticmethod`
			`def get_tunnels():`
			`return [`
			`(NodeService.get_monkey_label_by_id(tunnel['_id']), NodeService.get_monkey_label_by_id(tunnel['tunnel']))`
			`for tunnel in mongo.db.monkey.find({'tunnel': {'$exists': True}}, {'tunnel': 1})]`

Add scanned and exploited to report 2017-11-07 22:33:26 +08:00			`@staticmethod`
			`def get_scanned():`
			`nodes =\`
			`[NodeService.get_displayed_node_by_id(node['_id']) for node in mongo.db.node.find({}, {'_id': 1})]\`
			`+ [NodeService.get_displayed_node_by_id(monkey['_id']) for monkey in mongo.db.monkey.find({}, {'_id': 1})]`
			`nodes = [`
			`{`
Change machine name to be hostname when possible, and os['version'] otherwise 2017-11-21 19:50:29 +08:00			`'label':`
			`node['hostname'] if 'hostname' in node else NodeService.get_node_by_id(node['id'])['os']['version'],`
Add scanned and exploited to report 2017-11-07 22:33:26 +08:00			`'ip_addresses': node['ip_addresses'],`
Change machine name to be hostname when possible, and os['version'] otherwise 2017-11-21 19:50:29 +08:00			`'accessible_from_nodes':`
			`(x['hostname'] for x in`
			`(NodeService.get_displayed_node_by_id(edge['from'])`
			`for edge in EdgeService.get_displayed_edges_by_to(node['id']))),`
Add scanned and exploited to report 2017-11-07 22:33:26 +08:00			`'services': node['services']`
			`}`
			`for node in nodes]`

			`return nodes`

Add reused passwords 2017-11-12 22:13:40 +08:00			`@staticmethod`
			`def get_reused_passwords():`
			`password_dict = {}`
			`password_list = ConfigService.get_config_value(['basic', 'credentials', 'exploit_password_list'])`
			`for password in password_list:`
Change machine name to be hostname when possible, and os['version'] otherwise 2017-11-21 19:50:29 +08:00			`machines_with_password =\`
			`[`
			`NodeService.get_monkey_label_by_id(node['_id'])`
			`for node in mongo.db.monkey.find({'creds.password': password}, {'_id': 1})`
			`]`
Add reused passwords 2017-11-12 22:13:40 +08:00			`if len(machines_with_password) >= 2:`
			`password_dict[password] = machines_with_password`

			`return password_dict`

Add scanned and exploited to report 2017-11-07 22:33:26 +08:00			`@staticmethod`
			`def get_exploited():`
			`exploited =\`
			`[NodeService.get_displayed_node_by_id(monkey['_id']) for monkey in mongo.db.monkey.find({}, {'_id': 1})`
			`if not NodeService.get_monkey_manual_run(NodeService.get_monkey_by_id(monkey['_id']))]\`
			`+ [NodeService.get_displayed_node_by_id(node['_id'])`
			`for node in mongo.db.node.find({'exploited': True}, {'_id': 1})]`

			`exploited = [`
			`{`
Change machine name to be hostname when possible, and os['version'] otherwise 2017-11-21 19:50:29 +08:00			`'label': monkey['hostname'] if 'hostname' in monkey else monkey['os']['version'],`
Add scanned and exploited to report 2017-11-07 22:33:26 +08:00			`'ip_addresses': monkey['ip_addresses'],`
			`'exploits': [exploit['exploiter'] for exploit in monkey['exploits'] if exploit['result']]`
			`}`
			`for monkey in exploited]`

			`return exploited`

Add basic report logic 2017-10-16 01:06:26 +08:00			`@staticmethod`
			`def get_report():`
			`return \`
			`{`
			`'first_monkey_time': ReportService.get_first_monkey_time(),`
			`'last_monkey_dead_time': ReportService.get_last_monkey_dead_time(),`
			`'breach_count': ReportService.get_breach_count(),`
			`'successful_exploit_types': ReportService.get_successful_exploit_types(),`
Add scanned and exploited to report 2017-11-07 22:33:26 +08:00			`'tunnels': ReportService.get_tunnels(),`
			`'scanned': ReportService.get_scanned(),`
Add reused passwords 2017-11-12 22:13:40 +08:00			`'exploited': ReportService.get_exploited(),`
			`'reused_passwords': ReportService.get_reused_passwords()`
Add basic report logic 2017-10-16 01:06:26 +08:00			`}`

			`@staticmethod`
			`def did_exploit_type_succeed(exploit_type):`
			`return mongo.db.edge.count(`
			`{'exploits': {'$elemMatch': {'exploiter': exploit_type, 'result': True}}},`
			`limit=1) > 0`