forked from p15670423/monkey
island: Change config schema definitions' titles to title case and so
they make more sense
This commit is contained in:
Shreya Malviya
parent
26b0793331
commit
836069ab11
|
|
@ -1,7 +1,7 @@
|
|||
from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN
|
||||
|
||||
EXPLOITER_CLASSES = {
|
||||
"title": "Exploit class",
|
||||
"title": "Exploiters",
|
||||
"description": "Click on exploiter to get more information about it."
|
||||
+ WARNING_SIGN
|
||||
+ " Note that using unsafe exploits may cause crashes of the exploited "
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
FINGER_CLASSES = {
|
||||
"title": "Fingerprint class",
|
||||
"title": "Fingerprinters",
|
||||
"description": "Fingerprint modules collect info about external services "
|
||||
"Infection Monkey scans.",
|
||||
"type": "string",
|
||||
|
|
@ -7,7 +7,7 @@ FINGER_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["SMBFinger"],
|
||||
"title": "SMBFinger",
|
||||
"title": "SMB Fingerprinter",
|
||||
"safe": True,
|
||||
"info": "Figures out if SMB is running and what's the version of it.",
|
||||
"attack_techniques": ["T1210"],
|
||||
|
|
@ -15,7 +15,7 @@ FINGER_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["SSHFinger"],
|
||||
"title": "SSHFinger",
|
||||
"title": "SSH Fingerprinter",
|
||||
"safe": True,
|
||||
"info": "Figures out if SSH is running.",
|
||||
"attack_techniques": ["T1210"],
|
||||
|
|
@ -23,21 +23,21 @@ FINGER_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["PingScanner"],
|
||||
"title": "PingScanner",
|
||||
"title": "Ping Scanner",
|
||||
"safe": True,
|
||||
"info": "Tries to identify if host is alive and which OS it's running by ping scan.",
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"enum": ["HTTPFinger"],
|
||||
"title": "HTTPFinger",
|
||||
"title": "HTTP Fingerprinter",
|
||||
"safe": True,
|
||||
"info": "Checks if host has HTTP/HTTPS ports open.",
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"enum": ["MySQLFinger"],
|
||||
"title": "MySQLFinger",
|
||||
"title": "MySQL Fingerprinter",
|
||||
"safe": True,
|
||||
"info": "Checks if MySQL server is running and tries to get it's version.",
|
||||
"attack_techniques": ["T1210"],
|
||||
|
|
@ -45,7 +45,7 @@ FINGER_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["MSSQLFinger"],
|
||||
"title": "MSSQLFinger",
|
||||
"title": "MSSQL Fingerprinter",
|
||||
"safe": True,
|
||||
"info": "Checks if Microsoft SQL service is running and tries to gather "
|
||||
"information about it.",
|
||||
|
|
@ -54,7 +54,7 @@ FINGER_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["ElasticFinger"],
|
||||
"title": "ElasticFinger",
|
||||
"title": "Elastic Fingerprinter",
|
||||
"safe": True,
|
||||
"info": "Checks if ElasticSearch is running and attempts to find it's " "version.",
|
||||
"attack_techniques": ["T1210"],
|
||||
|
|
|
|||
|
|
@ -1,14 +1,13 @@
|
|||
POST_BREACH_ACTIONS = {
|
||||
"title": "Post breach actions",
|
||||
"title": "Post-Breach Actions",
|
||||
"description": "Runs scripts/commands on infected machines. These actions safely simulate what "
|
||||
"an adversary"
|
||||
"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.",
|
||||
"an adversary might do after breaching a new machine. Used in ATT&CK and Zero trust reports.",
|
||||
"type": "string",
|
||||
"anyOf": [
|
||||
{
|
||||
"type": "string",
|
||||
"enum": ["CommunicateAsBackdoorUser"],
|
||||
"title": "Communicate as backdoor user",
|
||||
"title": "Communicate as Backdoor User",
|
||||
"safe": True,
|
||||
"info": "Attempts to create a new user, create HTTPS requests as that "
|
||||
"user and delete the user "
|
||||
|
|
@ -18,7 +17,7 @@ POST_BREACH_ACTIONS = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["ModifyShellStartupFiles"],
|
||||
"title": "Modify shell startup files",
|
||||
"title": "Modify Shell Startup Files",
|
||||
"safe": True,
|
||||
"info": "Attempts to modify shell startup files, like ~/.profile, "
|
||||
"~/.bashrc, ~/.bash_profile "
|
||||
|
|
@ -29,7 +28,7 @@ POST_BREACH_ACTIONS = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["HiddenFiles"],
|
||||
"title": "Hidden files and directories",
|
||||
"title": "Hidden Files and Directories",
|
||||
"safe": True,
|
||||
"info": "Attempts to create a hidden file and remove it afterward.",
|
||||
"attack_techniques": ["T1158"],
|
||||
|
|
@ -37,11 +36,10 @@ POST_BREACH_ACTIONS = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["TrapCommand"],
|
||||
"title": "Trap",
|
||||
"title": "Trap Command",
|
||||
"safe": True,
|
||||
"info": "On Linux systems, attempts to trap a terminate signal in order "
|
||||
"to execute a command "
|
||||
"upon receiving that signal. Removes the trap afterwards.",
|
||||
"to execute a command upon receiving that signal. Removes the trap afterwards.",
|
||||
"attack_techniques": ["T1154"],
|
||||
},
|
||||
{
|
||||
|
|
@ -57,7 +55,7 @@ POST_BREACH_ACTIONS = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["ScheduleJobs"],
|
||||
"title": "Job scheduling",
|
||||
"title": "Job Scheduling",
|
||||
"safe": True,
|
||||
"info": "Attempts to create a scheduled job on the system and remove it.",
|
||||
"attack_techniques": ["T1168", "T1053"],
|
||||
|
|
@ -74,7 +72,7 @@ POST_BREACH_ACTIONS = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["SignedScriptProxyExecution"],
|
||||
"title": "Signed script proxy execution",
|
||||
"title": "Signed Script Proxy Execution",
|
||||
"safe": False,
|
||||
"info": "On Windows systems, attempts to execute an arbitrary file "
|
||||
"with the help of a pre-existing signed script.",
|
||||
|
|
@ -91,7 +89,7 @@ POST_BREACH_ACTIONS = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": ["ClearCommandHistory"],
|
||||
"title": "Clear command history",
|
||||
"title": "Clear Command History",
|
||||
"safe": False,
|
||||
"info": "Attempts to clear the command history.",
|
||||
"attack_techniques": ["T1146"],
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": [ENVIRONMENT_COLLECTOR],
|
||||
"title": "Environment collector",
|
||||
"title": "Environment Collector",
|
||||
"safe": True,
|
||||
"info": "Collects information about machine's environment (on " "premise/GCP/AWS).",
|
||||
"attack_techniques": ["T1082"],
|
||||
|
|
@ -23,7 +23,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": [MIMIKATZ_COLLECTOR],
|
||||
"title": "Mimikatz collector",
|
||||
"title": "Mimikatz Collector",
|
||||
"safe": True,
|
||||
"info": "Collects credentials from Windows credential manager.",
|
||||
"attack_techniques": ["T1003", "T1005"],
|
||||
|
|
@ -31,7 +31,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": [AWS_COLLECTOR],
|
||||
"title": "AWS collector",
|
||||
"title": "AWS Collector",
|
||||
"safe": True,
|
||||
"info": "If on AWS, collects more information about the AWS instance "
|
||||
"currently running on.",
|
||||
|
|
@ -40,7 +40,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": [HOSTNAME_COLLECTOR],
|
||||
"title": "Hostname collector",
|
||||
"title": "Hostname Collector",
|
||||
"safe": True,
|
||||
"info": "Collects machine's hostname.",
|
||||
"attack_techniques": ["T1082", "T1016"],
|
||||
|
|
@ -48,7 +48,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": [PROCESS_LIST_COLLECTOR],
|
||||
"title": "Process list collector",
|
||||
"title": "Process List Collector",
|
||||
"safe": True,
|
||||
"info": "Collects a list of running processes on the machine.",
|
||||
"attack_techniques": ["T1082"],
|
||||
|
|
@ -56,7 +56,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
|
|||
{
|
||||
"type": "string",
|
||||
"enum": [AZURE_CRED_COLLECTOR],
|
||||
"title": "Azure credential collector",
|
||||
"title": "Azure Credential Collector",
|
||||
"safe": True,
|
||||
"info": "Collects password credentials from Azure VMs",
|
||||
"attack_techniques": ["T1003", "T1005"],
|
||||
|
|
|
|||
Loading…
Reference in New Issue