island: Change config schema definitions' titles to title case and so

they make more sense
This commit is contained in:
Shreya Malviya 2021-09-22 16:10:13 +05:30
parent 26b0793331
commit 836069ab11
4 changed files with 25 additions and 27 deletions

View File

@ -1,7 +1,7 @@
from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN
EXPLOITER_CLASSES = { EXPLOITER_CLASSES = {
"title": "Exploit class", "title": "Exploiters",
"description": "Click on exploiter to get more information about it." "description": "Click on exploiter to get more information about it."
+ WARNING_SIGN + WARNING_SIGN
+ " Note that using unsafe exploits may cause crashes of the exploited " + " Note that using unsafe exploits may cause crashes of the exploited "

View File

@ -1,5 +1,5 @@
FINGER_CLASSES = { FINGER_CLASSES = {
"title": "Fingerprint class", "title": "Fingerprinters",
"description": "Fingerprint modules collect info about external services " "description": "Fingerprint modules collect info about external services "
"Infection Monkey scans.", "Infection Monkey scans.",
"type": "string", "type": "string",
@ -7,7 +7,7 @@ FINGER_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": ["SMBFinger"], "enum": ["SMBFinger"],
"title": "SMBFinger", "title": "SMB Fingerprinter",
"safe": True, "safe": True,
"info": "Figures out if SMB is running and what's the version of it.", "info": "Figures out if SMB is running and what's the version of it.",
"attack_techniques": ["T1210"], "attack_techniques": ["T1210"],
@ -15,7 +15,7 @@ FINGER_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": ["SSHFinger"], "enum": ["SSHFinger"],
"title": "SSHFinger", "title": "SSH Fingerprinter",
"safe": True, "safe": True,
"info": "Figures out if SSH is running.", "info": "Figures out if SSH is running.",
"attack_techniques": ["T1210"], "attack_techniques": ["T1210"],
@ -23,21 +23,21 @@ FINGER_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": ["PingScanner"], "enum": ["PingScanner"],
"title": "PingScanner", "title": "Ping Scanner",
"safe": True, "safe": True,
"info": "Tries to identify if host is alive and which OS it's running by ping scan.", "info": "Tries to identify if host is alive and which OS it's running by ping scan.",
}, },
{ {
"type": "string", "type": "string",
"enum": ["HTTPFinger"], "enum": ["HTTPFinger"],
"title": "HTTPFinger", "title": "HTTP Fingerprinter",
"safe": True, "safe": True,
"info": "Checks if host has HTTP/HTTPS ports open.", "info": "Checks if host has HTTP/HTTPS ports open.",
}, },
{ {
"type": "string", "type": "string",
"enum": ["MySQLFinger"], "enum": ["MySQLFinger"],
"title": "MySQLFinger", "title": "MySQL Fingerprinter",
"safe": True, "safe": True,
"info": "Checks if MySQL server is running and tries to get it's version.", "info": "Checks if MySQL server is running and tries to get it's version.",
"attack_techniques": ["T1210"], "attack_techniques": ["T1210"],
@ -45,7 +45,7 @@ FINGER_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": ["MSSQLFinger"], "enum": ["MSSQLFinger"],
"title": "MSSQLFinger", "title": "MSSQL Fingerprinter",
"safe": True, "safe": True,
"info": "Checks if Microsoft SQL service is running and tries to gather " "info": "Checks if Microsoft SQL service is running and tries to gather "
"information about it.", "information about it.",
@ -54,7 +54,7 @@ FINGER_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": ["ElasticFinger"], "enum": ["ElasticFinger"],
"title": "ElasticFinger", "title": "Elastic Fingerprinter",
"safe": True, "safe": True,
"info": "Checks if ElasticSearch is running and attempts to find it's " "version.", "info": "Checks if ElasticSearch is running and attempts to find it's " "version.",
"attack_techniques": ["T1210"], "attack_techniques": ["T1210"],

View File

@ -1,14 +1,13 @@
POST_BREACH_ACTIONS = { POST_BREACH_ACTIONS = {
"title": "Post breach actions", "title": "Post-Breach Actions",
"description": "Runs scripts/commands on infected machines. These actions safely simulate what " "description": "Runs scripts/commands on infected machines. These actions safely simulate what "
"an adversary" "an adversary might do after breaching a new machine. Used in ATT&CK and Zero trust reports.",
"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.",
"type": "string", "type": "string",
"anyOf": [ "anyOf": [
{ {
"type": "string", "type": "string",
"enum": ["CommunicateAsBackdoorUser"], "enum": ["CommunicateAsBackdoorUser"],
"title": "Communicate as backdoor user", "title": "Communicate as Backdoor User",
"safe": True, "safe": True,
"info": "Attempts to create a new user, create HTTPS requests as that " "info": "Attempts to create a new user, create HTTPS requests as that "
"user and delete the user " "user and delete the user "
@ -18,7 +17,7 @@ POST_BREACH_ACTIONS = {
{ {
"type": "string", "type": "string",
"enum": ["ModifyShellStartupFiles"], "enum": ["ModifyShellStartupFiles"],
"title": "Modify shell startup files", "title": "Modify Shell Startup Files",
"safe": True, "safe": True,
"info": "Attempts to modify shell startup files, like ~/.profile, " "info": "Attempts to modify shell startup files, like ~/.profile, "
"~/.bashrc, ~/.bash_profile " "~/.bashrc, ~/.bash_profile "
@ -29,7 +28,7 @@ POST_BREACH_ACTIONS = {
{ {
"type": "string", "type": "string",
"enum": ["HiddenFiles"], "enum": ["HiddenFiles"],
"title": "Hidden files and directories", "title": "Hidden Files and Directories",
"safe": True, "safe": True,
"info": "Attempts to create a hidden file and remove it afterward.", "info": "Attempts to create a hidden file and remove it afterward.",
"attack_techniques": ["T1158"], "attack_techniques": ["T1158"],
@ -37,11 +36,10 @@ POST_BREACH_ACTIONS = {
{ {
"type": "string", "type": "string",
"enum": ["TrapCommand"], "enum": ["TrapCommand"],
"title": "Trap", "title": "Trap Command",
"safe": True, "safe": True,
"info": "On Linux systems, attempts to trap a terminate signal in order " "info": "On Linux systems, attempts to trap a terminate signal in order "
"to execute a command " "to execute a command upon receiving that signal. Removes the trap afterwards.",
"upon receiving that signal. Removes the trap afterwards.",
"attack_techniques": ["T1154"], "attack_techniques": ["T1154"],
}, },
{ {
@ -57,7 +55,7 @@ POST_BREACH_ACTIONS = {
{ {
"type": "string", "type": "string",
"enum": ["ScheduleJobs"], "enum": ["ScheduleJobs"],
"title": "Job scheduling", "title": "Job Scheduling",
"safe": True, "safe": True,
"info": "Attempts to create a scheduled job on the system and remove it.", "info": "Attempts to create a scheduled job on the system and remove it.",
"attack_techniques": ["T1168", "T1053"], "attack_techniques": ["T1168", "T1053"],
@ -74,7 +72,7 @@ POST_BREACH_ACTIONS = {
{ {
"type": "string", "type": "string",
"enum": ["SignedScriptProxyExecution"], "enum": ["SignedScriptProxyExecution"],
"title": "Signed script proxy execution", "title": "Signed Script Proxy Execution",
"safe": False, "safe": False,
"info": "On Windows systems, attempts to execute an arbitrary file " "info": "On Windows systems, attempts to execute an arbitrary file "
"with the help of a pre-existing signed script.", "with the help of a pre-existing signed script.",
@ -91,7 +89,7 @@ POST_BREACH_ACTIONS = {
{ {
"type": "string", "type": "string",
"enum": ["ClearCommandHistory"], "enum": ["ClearCommandHistory"],
"title": "Clear command history", "title": "Clear Command History",
"safe": False, "safe": False,
"info": "Attempts to clear the command history.", "info": "Attempts to clear the command history.",
"attack_techniques": ["T1146"], "attack_techniques": ["T1146"],

View File

@ -15,7 +15,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": [ENVIRONMENT_COLLECTOR], "enum": [ENVIRONMENT_COLLECTOR],
"title": "Environment collector", "title": "Environment Collector",
"safe": True, "safe": True,
"info": "Collects information about machine's environment (on " "premise/GCP/AWS).", "info": "Collects information about machine's environment (on " "premise/GCP/AWS).",
"attack_techniques": ["T1082"], "attack_techniques": ["T1082"],
@ -23,7 +23,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": [MIMIKATZ_COLLECTOR], "enum": [MIMIKATZ_COLLECTOR],
"title": "Mimikatz collector", "title": "Mimikatz Collector",
"safe": True, "safe": True,
"info": "Collects credentials from Windows credential manager.", "info": "Collects credentials from Windows credential manager.",
"attack_techniques": ["T1003", "T1005"], "attack_techniques": ["T1003", "T1005"],
@ -31,7 +31,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": [AWS_COLLECTOR], "enum": [AWS_COLLECTOR],
"title": "AWS collector", "title": "AWS Collector",
"safe": True, "safe": True,
"info": "If on AWS, collects more information about the AWS instance " "info": "If on AWS, collects more information about the AWS instance "
"currently running on.", "currently running on.",
@ -40,7 +40,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": [HOSTNAME_COLLECTOR], "enum": [HOSTNAME_COLLECTOR],
"title": "Hostname collector", "title": "Hostname Collector",
"safe": True, "safe": True,
"info": "Collects machine's hostname.", "info": "Collects machine's hostname.",
"attack_techniques": ["T1082", "T1016"], "attack_techniques": ["T1082", "T1016"],
@ -48,7 +48,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": [PROCESS_LIST_COLLECTOR], "enum": [PROCESS_LIST_COLLECTOR],
"title": "Process list collector", "title": "Process List Collector",
"safe": True, "safe": True,
"info": "Collects a list of running processes on the machine.", "info": "Collects a list of running processes on the machine.",
"attack_techniques": ["T1082"], "attack_techniques": ["T1082"],
@ -56,7 +56,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{ {
"type": "string", "type": "string",
"enum": [AZURE_CRED_COLLECTOR], "enum": [AZURE_CRED_COLLECTOR],
"title": "Azure credential collector", "title": "Azure Credential Collector",
"safe": True, "safe": True,
"info": "Collects password credentials from Azure VMs", "info": "Collects password credentials from Azure VMs",
"attack_techniques": ["T1003", "T1005"], "attack_techniques": ["T1003", "T1005"],