monkey/monkey_island/cc/main.py

307 lines
11 KiB
Python
Raw Normal View History

2015-09-29 22:01:09 +08:00
import os
from flask import Flask, request, abort, send_from_directory
from flask.ext import restful
from flask.ext.pymongo import PyMongo
from flask import make_response
import bson.json_util
import json
from datetime import datetime, timedelta
2015-09-29 22:01:09 +08:00
import dateutil.parser
MONKEY_DOWNLOADS = [
2015-12-02 17:18:27 +08:00
{
'type': 'linux',
'machine': 'x86_64',
'filename': 'monkey-linux-64',
},
{
'type': 'linux',
'machine': 'i686',
'filename': 'monkey-linux-32',
},
{
'type': 'linux',
'filename': 'monkey-linux-32',
},
{
'type': 'windows',
'machine': 'x86',
'filename': 'monkey-windows-32.exe',
2015-12-02 17:18:27 +08:00
},
{
'type': 'windows',
'machine': 'amd64',
'filename': 'monkey-windows-64.exe',
},
{
'type': 'windows',
'filename': 'monkey-windows-32.exe',
},
]
2015-09-29 22:01:09 +08:00
MONGO_URL = os.environ.get('MONGO_URL')
if not MONGO_URL:
2015-12-02 17:18:27 +08:00
MONGO_URL = "mongodb://localhost:27017/monkeyisland"
2015-09-29 22:01:09 +08:00
app = Flask(__name__)
app.config['MONGO_URI'] = MONGO_URL
mongo = PyMongo(app)
class Monkey(restful.Resource):
def get(self, guid=None, **kw):
update_dead_monkeys() # refresh monkeys status
if not guid:
guid = request.args.get('guid')
2015-09-29 22:01:09 +08:00
timestamp = request.args.get('timestamp')
2015-12-02 17:18:27 +08:00
if guid:
2015-09-29 22:01:09 +08:00
return mongo.db.monkey.find_one_or_404({"guid": guid})
else:
result = {'timestamp': datetime.now().isoformat()}
find_filter = {}
if timestamp is not None:
2015-09-29 22:01:09 +08:00
find_filter['modifytime'] = {'$gt': dateutil.parser.parse(timestamp)}
result['objects'] = [x for x in mongo.db.monkey.find(find_filter)]
return result
def patch(self, guid):
2015-12-02 17:18:27 +08:00
monkey_json = json.loads(request.data)
update = {"$set": {'modifytime': datetime.now()}}
2015-10-08 18:37:38 +08:00
if monkey_json.has_key('keepalive'):
update['$set']['keepalive'] = dateutil.parser.parse(monkey_json['keepalive'])
else:
update['$set']['keepalive'] = datetime.now()
2015-09-29 22:01:09 +08:00
if monkey_json.has_key('config'):
update['$set']['config'] = monkey_json['config']
2015-10-08 18:37:38 +08:00
if monkey_json.has_key('tunnel'):
update['$set']['tunnel'] = monkey_json['tunnel']
return mongo.db.monkey.update({"guid": guid}, update, upsert=False)
2015-09-29 22:01:09 +08:00
def post(self, **kw):
monkey_json = json.loads(request.data)
if monkey_json.has_key('keepalive'):
monkey_json['keepalive'] = dateutil.parser.parse(monkey_json['keepalive'])
else:
monkey_json['keepalive'] = datetime.now()
monkey_json['modifytime'] = datetime.now()
# if new monkey telem, change config according to "new monkeys" config.
2015-09-29 22:01:09 +08:00
db_monkey = mongo.db.monkey.find_one({"guid": monkey_json["guid"]})
if not db_monkey:
2015-12-02 17:18:27 +08:00
new_config = mongo.db.config.find_one({'name': 'newconfig'}) or {}
2015-10-08 18:37:38 +08:00
monkey_json['config'] = monkey_json.get('config', {})
2015-10-14 22:20:01 +08:00
monkey_json['config'].update(new_config)
2015-09-29 22:01:09 +08:00
else:
2015-10-08 18:37:38 +08:00
db_config = db_monkey.get('config', {})
if db_config.has_key('current_server'):
del db_config['current_server']
monkey_json.get('config', {}).update(db_config)
# try to find new monkey parent
parent = monkey_json.get('parent')
parent_to_add = (monkey_json.get('guid'), None) # default values in case of manual run
if parent and parent != monkey_json.get('guid'): # current parent is known
exploit_telem = [x for x in
mongo.db.telemetry.find({'telem_type': {'$eq': 'exploit'}, 'data.result': {'$eq': True},
'data.machine.ip_addr': {'$in': monkey_json['ip_addresses']},
'monkey_guid': {'$eq': parent}})]
if 1 == len(exploit_telem):
parent_to_add = (exploit_telem[0].get('monkey_guid'), exploit_telem[0].get('data').get('exploiter'))
else:
parent_to_add = (parent, None)
elif (not parent or parent == monkey_json.get('guid')) and monkey_json.has_key('ip_addresses'):
2015-12-02 17:18:27 +08:00
exploit_telem = [x for x in
mongo.db.telemetry.find({'telem_type': {'$eq': 'exploit'}, 'data.result': {'$eq': True},
'data.machine.ip_addr': {'$in': monkey_json['ip_addresses']}})]
2015-10-08 18:37:38 +08:00
if 1 == len(exploit_telem):
parent_to_add = (exploit_telem[0].get('monkey_guid'), exploit_telem[0].get('data').get('exploiter'))
if not db_monkey:
monkey_json['parent'] = [parent_to_add]
else:
monkey_json['parent'] = db_monkey.get('parent') + [parent_to_add]
2015-09-29 22:01:09 +08:00
2015-10-08 18:37:38 +08:00
return mongo.db.monkey.update({"guid": monkey_json["guid"]},
2015-12-02 17:18:27 +08:00
{"$set": monkey_json},
2015-10-08 18:37:38 +08:00
upsert=True)
2015-09-29 22:01:09 +08:00
2015-09-29 22:01:09 +08:00
class Telemetry(restful.Resource):
def get(self, **kw):
2016-06-14 19:39:58 +08:00
monkey_guid = request.args.get('monkey_guid')
telem_type = request.args.get('telem_type')
2015-09-29 22:01:09 +08:00
timestamp = request.args.get('timestamp')
if "null" == timestamp: # special case to avoid ugly JS code...
2016-06-14 19:39:58 +08:00
timestamp = None
2015-09-29 22:01:09 +08:00
result = {'timestamp': datetime.now().isoformat()}
find_filter = {}
2015-12-02 17:18:27 +08:00
if monkey_guid:
2015-09-29 22:01:09 +08:00
find_filter["monkey_guid"] = {'$eq': monkey_guid}
2016-06-14 19:39:58 +08:00
if telem_type:
find_filter["telem_type"] = {'$eq': telem_type}
2015-12-02 17:18:27 +08:00
if timestamp:
2015-09-29 22:01:09 +08:00
find_filter['timestamp'] = {'$gt': dateutil.parser.parse(timestamp)}
result['objects'] = [x for x in mongo.db.telemetry.find(find_filter)]
return result
def post(self):
telemetry_json = json.loads(request.data)
telemetry_json['timestamp'] = datetime.now()
telem_id = mongo.db.telemetry.insert(telemetry_json)
# update exploited monkeys parent
try:
if telemetry_json.get('telem_type') == 'tunnel':
if telemetry_json['data']:
host = telemetry_json['data'].split(":")[-2].replace("//", "")
tunnel_host = mongo.db.monkey.find_one({"ip_addresses": host})
mongo.db.monkey.update({"guid": telemetry_json['monkey_guid']},
{'$set': {'tunnel_guid': tunnel_host.get('guid'), 'modifytime': datetime.now()}},
upsert=False)
else:
mongo.db.monkey.update({"guid": telemetry_json['monkey_guid']},
{'$unset': {'tunnel_guid': ''}, 'modifytime': datetime.now()},
upsert=False)
2016-07-04 15:44:57 +08:00
elif telemetry_json.get('telem_type') == 'state':
if telemetry_json['data']['done']:
mongo.db.monkey.update({"guid": telemetry_json['monkey_guid']},
{'$set': {'dead': True, 'modifytime': datetime.now()}},
upsert=False)
2016-07-04 15:44:57 +08:00
else:
mongo.db.monkey.update({"guid": telemetry_json['monkey_guid']},
{'$set': {'dead': False, 'modifytime': datetime.now()}},
upsert=False)
2015-09-29 22:01:09 +08:00
except:
pass
return mongo.db.telemetry.find_one_or_404({"_id": telem_id})
2015-10-14 22:20:01 +08:00
class NewConfig(restful.Resource):
2015-09-29 22:01:09 +08:00
def get(self):
2015-12-02 17:18:27 +08:00
config = mongo.db.config.find_one({'name': 'newconfig'}) or {}
2015-09-29 22:01:09 +08:00
if config.has_key('name'):
del config['name']
return config
def post(self):
config_json = json.loads(request.data)
2015-12-02 17:18:27 +08:00
return mongo.db.config.update({'name': 'newconfig'}, {"$set": config_json}, upsert=True)
2015-09-29 22:01:09 +08:00
class MonkeyDownload(restful.Resource):
def get(self, path):
return send_from_directory('binaries', path)
def post(self):
host_json = json.loads(request.data)
host_os = host_json.get('os')
if host_os:
2015-12-02 17:18:27 +08:00
result = None
2015-09-29 22:01:09 +08:00
for download in MONKEY_DOWNLOADS:
if host_os.get('type') == download.get('type') and \
host_os.get('machine') == download.get('machine'):
2015-09-29 22:01:09 +08:00
result = download
break
if result:
real_path = os.path.join('binaries', result['filename'])
if os.path.isfile(real_path):
result['size'] = os.path.getsize(real_path)
return result
return {}
2015-09-29 22:01:09 +08:00
class Root(restful.Resource):
2016-07-24 21:27:56 +08:00
def get(self, action=None):
if not action:
action = request.args.get('action')
if not action:
return {
'status': 'OK',
'mongo': str(mongo.db),
}
elif action=="reset":
mongo.db.config.drop()
mongo.db.monkey.drop()
mongo.db.telemetry.drop()
return {
'status': 'OK',
}
2016-07-27 03:32:46 +08:00
elif action=="killall":
mongo.db.monkey.update({}, {'$set': {'config.alive': False, 'modifytime': datetime.now()}}, upsert=False, multi=True)
return {
'status': 'OK',
}
2016-07-24 21:27:56 +08:00
else:
return {'status': 'BAD',
'reason': 'unknown action'}
2015-09-29 22:01:09 +08:00
2015-09-29 22:01:09 +08:00
def normalize_obj(obj):
if obj.has_key('_id') and not obj.has_key('id'):
obj['id'] = obj['_id']
del obj['_id']
for key, value in obj.items():
2015-09-29 22:01:09 +08:00
if type(value) is bson.objectid.ObjectId:
obj[key] = str(value)
if type(value) is datetime:
obj[key] = str(value)
2015-09-29 22:01:09 +08:00
if type(value) is dict:
obj[key] = normalize_obj(value)
if type(value) is list:
for i in range(0, len(value)):
2015-09-29 22:01:09 +08:00
if type(value[i]) is dict:
value[i] = normalize_obj(value[i])
return obj
2015-09-29 22:01:09 +08:00
def output_json(obj, code, headers=None):
obj = normalize_obj(obj)
resp = make_response(bson.json_util.dumps(obj), code)
resp.headers.extend(headers or {})
return resp
def update_dead_monkeys():
mongo.db.monkey.update(
{'keepalive': {'$lte': datetime.now() - timedelta(minutes=10)}, 'dead': {'$ne': True}},
{'$set': {'dead': True, 'modifytime': datetime.now()}}, upsert=False, multi=True)
2015-09-29 22:01:09 +08:00
@app.route('/admin/<path:path>')
def send_admin(path):
return send_from_directory('admin/ui', path)
2015-09-29 22:01:09 +08:00
DEFAULT_REPRESENTATIONS = {'application/json': output_json}
api = restful.Api(app)
api.representations = DEFAULT_REPRESENTATIONS
api.add_resource(Root, '/api')
api.add_resource(Monkey, '/api/monkey', '/api/monkey/', '/api/monkey/<string:guid>')
api.add_resource(Telemetry, '/api/telemetry', '/api/telemetry/', '/api/telemetry/<string:monkey_guid>')
2015-10-14 22:20:01 +08:00
api.add_resource(NewConfig, '/api/config/new')
2015-09-29 22:01:09 +08:00
api.add_resource(MonkeyDownload, '/api/monkey/download', '/api/monkey/download/', '/api/monkey/download/<string:path>')
if __name__ == '__main__':
2016-08-01 01:40:05 +08:00
from tornado.wsgi import WSGIContainer
from tornado.httpserver import HTTPServer
from tornado.ioloop import IOLoop
http_server = HTTPServer(WSGIContainer(app), ssl_options={'certfile': 'server.crt', 'keyfile': 'server.key'})
http_server.listen(5000)
IOLoop.instance().start()
#app.run(host='0.0.0.0', debug=False, ssl_context=('server.crt', 'server.key'))