island: Change config schema definitions' titles to title case and so

they make more sense
This commit is contained in:
Shreya Malviya 2021-09-22 16:10:13 +05:30
parent 26b0793331
commit 836069ab11
4 changed files with 25 additions and 27 deletions

View File

@ -1,7 +1,7 @@
from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN
EXPLOITER_CLASSES = {
"title": "Exploit class",
"title": "Exploiters",
"description": "Click on exploiter to get more information about it."
+ WARNING_SIGN
+ " Note that using unsafe exploits may cause crashes of the exploited "

View File

@ -1,5 +1,5 @@
FINGER_CLASSES = {
"title": "Fingerprint class",
"title": "Fingerprinters",
"description": "Fingerprint modules collect info about external services "
"Infection Monkey scans.",
"type": "string",
@ -7,7 +7,7 @@ FINGER_CLASSES = {
{
"type": "string",
"enum": ["SMBFinger"],
"title": "SMBFinger",
"title": "SMB Fingerprinter",
"safe": True,
"info": "Figures out if SMB is running and what's the version of it.",
"attack_techniques": ["T1210"],
@ -15,7 +15,7 @@ FINGER_CLASSES = {
{
"type": "string",
"enum": ["SSHFinger"],
"title": "SSHFinger",
"title": "SSH Fingerprinter",
"safe": True,
"info": "Figures out if SSH is running.",
"attack_techniques": ["T1210"],
@ -30,14 +30,14 @@ FINGER_CLASSES = {
{
"type": "string",
"enum": ["HTTPFinger"],
"title": "HTTPFinger",
"title": "HTTP Fingerprinter",
"safe": True,
"info": "Checks if host has HTTP/HTTPS ports open.",
},
{
"type": "string",
"enum": ["MySQLFinger"],
"title": "MySQLFinger",
"title": "MySQL Fingerprinter",
"safe": True,
"info": "Checks if MySQL server is running and tries to get it's version.",
"attack_techniques": ["T1210"],
@ -45,7 +45,7 @@ FINGER_CLASSES = {
{
"type": "string",
"enum": ["MSSQLFinger"],
"title": "MSSQLFinger",
"title": "MSSQL Fingerprinter",
"safe": True,
"info": "Checks if Microsoft SQL service is running and tries to gather "
"information about it.",
@ -54,7 +54,7 @@ FINGER_CLASSES = {
{
"type": "string",
"enum": ["ElasticFinger"],
"title": "ElasticFinger",
"title": "Elastic Fingerprinter",
"safe": True,
"info": "Checks if ElasticSearch is running and attempts to find it's " "version.",
"attack_techniques": ["T1210"],

View File

@ -1,14 +1,13 @@
POST_BREACH_ACTIONS = {
"title": "Post breach actions",
"title": "Post-Breach Actions",
"description": "Runs scripts/commands on infected machines. These actions safely simulate what "
"an adversary"
"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.",
"an adversary might do after breaching a new machine. Used in ATT&CK and Zero trust reports.",
"type": "string",
"anyOf": [
{
"type": "string",
"enum": ["CommunicateAsBackdoorUser"],
"title": "Communicate as backdoor user",
"title": "Communicate as Backdoor User",
"safe": True,
"info": "Attempts to create a new user, create HTTPS requests as that "
"user and delete the user "
@ -18,7 +17,7 @@ POST_BREACH_ACTIONS = {
{
"type": "string",
"enum": ["ModifyShellStartupFiles"],
"title": "Modify shell startup files",
"title": "Modify Shell Startup Files",
"safe": True,
"info": "Attempts to modify shell startup files, like ~/.profile, "
"~/.bashrc, ~/.bash_profile "
@ -29,7 +28,7 @@ POST_BREACH_ACTIONS = {
{
"type": "string",
"enum": ["HiddenFiles"],
"title": "Hidden files and directories",
"title": "Hidden Files and Directories",
"safe": True,
"info": "Attempts to create a hidden file and remove it afterward.",
"attack_techniques": ["T1158"],
@ -37,11 +36,10 @@ POST_BREACH_ACTIONS = {
{
"type": "string",
"enum": ["TrapCommand"],
"title": "Trap",
"title": "Trap Command",
"safe": True,
"info": "On Linux systems, attempts to trap a terminate signal in order "
"to execute a command "
"upon receiving that signal. Removes the trap afterwards.",
"to execute a command upon receiving that signal. Removes the trap afterwards.",
"attack_techniques": ["T1154"],
},
{
@ -57,7 +55,7 @@ POST_BREACH_ACTIONS = {
{
"type": "string",
"enum": ["ScheduleJobs"],
"title": "Job scheduling",
"title": "Job Scheduling",
"safe": True,
"info": "Attempts to create a scheduled job on the system and remove it.",
"attack_techniques": ["T1168", "T1053"],
@ -74,7 +72,7 @@ POST_BREACH_ACTIONS = {
{
"type": "string",
"enum": ["SignedScriptProxyExecution"],
"title": "Signed script proxy execution",
"title": "Signed Script Proxy Execution",
"safe": False,
"info": "On Windows systems, attempts to execute an arbitrary file "
"with the help of a pre-existing signed script.",
@ -91,7 +89,7 @@ POST_BREACH_ACTIONS = {
{
"type": "string",
"enum": ["ClearCommandHistory"],
"title": "Clear command history",
"title": "Clear Command History",
"safe": False,
"info": "Attempts to clear the command history.",
"attack_techniques": ["T1146"],

View File

@ -15,7 +15,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{
"type": "string",
"enum": [ENVIRONMENT_COLLECTOR],
"title": "Environment collector",
"title": "Environment Collector",
"safe": True,
"info": "Collects information about machine's environment (on " "premise/GCP/AWS).",
"attack_techniques": ["T1082"],
@ -23,7 +23,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{
"type": "string",
"enum": [MIMIKATZ_COLLECTOR],
"title": "Mimikatz collector",
"title": "Mimikatz Collector",
"safe": True,
"info": "Collects credentials from Windows credential manager.",
"attack_techniques": ["T1003", "T1005"],
@ -31,7 +31,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{
"type": "string",
"enum": [AWS_COLLECTOR],
"title": "AWS collector",
"title": "AWS Collector",
"safe": True,
"info": "If on AWS, collects more information about the AWS instance "
"currently running on.",
@ -40,7 +40,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{
"type": "string",
"enum": [HOSTNAME_COLLECTOR],
"title": "Hostname collector",
"title": "Hostname Collector",
"safe": True,
"info": "Collects machine's hostname.",
"attack_techniques": ["T1082", "T1016"],
@ -48,7 +48,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{
"type": "string",
"enum": [PROCESS_LIST_COLLECTOR],
"title": "Process list collector",
"title": "Process List Collector",
"safe": True,
"info": "Collects a list of running processes on the machine.",
"attack_techniques": ["T1082"],
@ -56,7 +56,7 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
{
"type": "string",
"enum": [AZURE_CRED_COLLECTOR],
"title": "Azure credential collector",
"title": "Azure Credential Collector",
"safe": True,
"info": "Collects password credentials from Azure VMs",
"attack_techniques": ["T1003", "T1005"],