Island: Rename local_network_scan

local_network_scan -> scan_local_interfaces

monkey/common/agent_configuration/agent_sub_configurations.py

@@ -79,7 +79,8 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel):
                             Example: ("1.1.1.1", "2.2.2.2")
         :param inaccessible_subnets: Subnet ranges that shouldn't be accessible for the agent
                                      Example: ("1.1.1.1", "2.2.2.2/24", "myserver")
-        :param local_network_scan: Whether or not the agent should scan the local network
+        :param scan_local_interfaces: Whether or not the agent should scan the machine's
+            network interfaces in addition to the provided subnet ranges
         :param subnets: Subnet ranges to scan
                         Example: ("192.168.1.1-192.168.2.255", "3.3.3.3", "2.2.2.2/24",
                                   "myHostname")
@@ -87,7 +88,7 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel):
 
     blocked_ips: Tuple[str, ...]
     inaccessible_subnets: Tuple[str, ...]
-    local_network_scan: bool
+    scan_local_interfaces: bool
     subnets: Tuple[str, ...]
 
     @validator("blocked_ips", each_item=True)

monkey/common/agent_configuration/default_agent_configuration.py

@@ -78,7 +78,7 @@ FINGERPRINTERS = (
 )
 
 SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration(
-    blocked_ips=tuple(), inaccessible_subnets=tuple(), local_network_scan=True, subnets=tuple()
+    blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_local_interfaces=True, subnets=tuple()
 )
 NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration(
     tcp=TCP_SCAN_CONFIGURATION,

monkey/infection_monkey/master/propagator.py

@@ -121,14 +121,14 @@ class Propagator:
         ranges_to_scan = target_config.subnets
         inaccessible_subnets = target_config.inaccessible_subnets
         blocklisted_ips = target_config.blocked_ips
-        enable_local_network_scan = target_config.local_network_scan
+        scan_local_interfaces = target_config.scan_local_interfaces
 
         return compile_scan_target_list(
             self._local_network_interfaces,
             ranges_to_scan,
             inaccessible_subnets,
             blocklisted_ips,
-            enable_local_network_scan,
+            scan_local_interfaces,
         )
 
     def _process_scan_results(self, address: NetworkAddress, scan_results: IPScanResults):

monkey/infection_monkey/network_scanning/scan_target_generator.py

@@ -18,11 +18,11 @@ def compile_scan_target_list(
     ranges_to_scan: Sequence[str],
     inaccessible_subnets: Sequence[str],
     blocklisted_ips: Sequence[str],
-    enable_local_network_scan: bool,
+    scan_local_interfaces: bool,
 ) -> List[NetworkAddress]:
     scan_targets = _get_ips_from_subnets_to_scan(ranges_to_scan)
 
-    if enable_local_network_scan:
+    if scan_local_interfaces:
         scan_targets.extend(_get_ips_to_scan_from_local_interface(local_network_interfaces))
 
     if inaccessible_subnets:

monkey/monkey_island/cc/services/reporting/report.py

@@ -398,7 +398,7 @@ class ReportService:
     @classmethod
     def get_config_scan(cls):
         agent_configuration = cls._agent_configuration_repository.get_configuration()
-        return agent_configuration.propagation.network_scan.targets.local_network_scan
+        return agent_configuration.propagation.network_scan.targets.scan_local_interfaces
 
     @staticmethod
     def get_issue_set(issues):

monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js

@@ -14,12 +14,12 @@ const PROPAGATION_CONFIGURATION_SCHEMA = {
       'minimum': 0,
       'default': 2,
       'description': 'Amount of hops allowed for the monkey to spread from the ' +
-      'Island server. \n' +
+        'Island server. \n' +
-      ' \u26A0' +
+        ' \u26A0' +
-      ' Note that setting this value too high may result in the ' +
+        ' Note that setting this value too high may result in the ' +
-      'Monkey propagating too far, '+
+        'Monkey propagating too far, ' +
-      'if "Local network scan" is enabled.\n' +
+        'if "Scan local interfaces" is enabled.\n' +
-      'Setting this to 0 will disable all scanning and exploitation.'
+        'Setting this to 0 will disable all scanning and exploitation.'
     },
     'network_scan': NETWORK_SCAN_CONFIGURATION_SCHEMA
   }

monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js

@@ -3,8 +3,9 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = {
   'type': 'object',
   'properties': {
     'info_box': {
-      'info': 'The Monkey scans its subnet if "Local network scan" is checked. '+
+      'info': 'The Monkey scans for machines on each of the network interfaces of the ' +
-      'Additionally, the Monkey scans machines according to "Scan target list". '
+        'machine it is running on if "Scan local interfaces" is checked. ' +
+        'Additionally, the Monkey scans machines according to "Scan target list". '
     },
     'blocked_ips': {
       'title': 'Blocked IPs',
@@ -27,25 +28,29 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = {
       },
       'default': [],
       'description': 'Test for network segmentation by providing a list of network segments that should NOT be accessible to each other.\n\n ' +
-      'For example, if you configured the following three segments: ' +
+        'For example, if you configured the following three segments: ' +
-      '"10.0.0.0/24", "11.0.0.2/32" and "12.2.3.0/24",' +
+        '"10.0.0.0/24", "11.0.0.2/32" and "12.2.3.0/24",' +
-      'a Monkey running on 10.0.0.5 will try to access machines in ' +
+        'a Monkey running on 10.0.0.5 will try to access machines in ' +
-      'the following subnets: ' +
+        'the following subnets: ' +
-      '11.0.0.2/32, 12.2.3.0/24. An alert on successful cross-segment connections ' +
+        '11.0.0.2/32, 12.2.3.0/24. An alert on successful cross-segment connections ' +
-      'will be shown in the reports. \n\n' +
+        'will be shown in the reports. \n\n' +
-      'Network segments can be IPs, subnets or hosts. Examples:\n' +
+        'Network segments can be IPs, subnets or hosts. Examples:\n' +
-      '\tDefine a single-IP segment: "192.168.0.1"\n' +
+        '\tDefine a single-IP segment: "192.168.0.1"\n' +
-      '\tDefine a segment using a network range: ' +
+        '\tDefine a segment using a network range: ' +
-      '"192.168.0.5-192.168.0.20"\n' +
+        '"192.168.0.5-192.168.0.20"\n' +
-      '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' +
+        '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' +
-      '\tDefine a single-host segment: "printer.example"'
+        '\tDefine a single-host segment: "printer.example"'
     },
-    'local_network_scan': {
+    'scan_local_interaces': {
-      'title': 'Local network scan',
+      'title': 'Scan local interfaces',
       'type': 'boolean',
-      'default': true,
+      'default': false,
-      'description': 'Determines whether the Monkey will scan the local subnets of machines it runs on, ' +
+      'description': 'Determines whether the Monkey will scan for machines on each the ' +
-      'in addition to the IPs that are configured manually in the "Scan target list"'
+        'network interfaces of every machines it runs on, in addition to the IPs that ' +
+        'are configured manually in the "Scan target list". ' +
+        'Note: If a machine has a network interface that is connected to a public ' +
+        'network, this setting will cause the Monkey to scan and attempt to exploit ' +
+        'machines on the public network.'
     },
     'subnets': {
       'title': 'Scan target list',
@@ -57,13 +62,13 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = {
       },
       'default': [],
       'description': 'List of targets the Monkey will try to scan. Targets can be ' +
-      'IPs, subnets or hosts. ' +
+        'IPs, subnets or hosts. ' +
-      'Examples:\n' +
+        'Examples:\n' +
-      '\tTarget a specific IP: "192.168.0.1"\n' +
+        '\tTarget a specific IP: "192.168.0.1"\n' +
-      '\tTarget a subnet using a network range: ' +
+        '\tTarget a subnet using a network range: ' +
-      '"192.168.0.5-192.168.0.20"\n'+
+        '"192.168.0.5-192.168.0.20"\n' +
-      '\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' +
+        '\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' +
-      '\tTarget a specific host: "printer.example"'
+        '\tTarget a specific host: "printer.example"'
     }
 
   }

monkey/tests/common/example_agent_configuration.py

@@ -15,12 +15,12 @@ CUSTOM_PBA_CONFIGURATION = {
 
 BLOCKED_IPS = ["10.0.0.1", "192.168.1.1"]
 INACCESSIBLE_SUBNETS = ["172.0.0.0/24", "172.2.2.0/24", "192.168.56.0/24"]
-LOCAL_NETWORK_SCAN = True
+SCAN_LOCAL_INTERFACES = True
 SUBNETS = ["10.0.0.2", "10.0.0.2/16"]
 SCAN_TARGET_CONFIGURATION = {
     "blocked_ips": BLOCKED_IPS,
     "inaccessible_subnets": INACCESSIBLE_SUBNETS,
-    "local_network_scan": LOCAL_NETWORK_SCAN,
+    "scan_local_interfaces": SCAN_LOCAL_INTERFACES,
     "subnets": SUBNETS,
 }
 

monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py

@@ -9,13 +9,13 @@ from tests.common.example_agent_configuration import (
     INACCESSIBLE_SUBNETS,
     LINUX_COMMAND,
     LINUX_FILENAME,
-    LOCAL_NETWORK_SCAN,
     NETWORK_SCAN_CONFIGURATION,
     PLUGIN_CONFIGURATION,
     PLUGIN_NAME,
     PLUGIN_OPTIONS,
     PORTS,
     PROPAGATION_CONFIGURATION,
+    SCAN_LOCAL_INTERFACES,
     SCAN_TARGET_CONFIGURATION,
     SUBNETS,
     TCP_SCAN_CONFIGURATION,
@@ -93,7 +93,7 @@ def test_scan_target_configuration():
 
     assert config.blocked_ips == tuple(BLOCKED_IPS)
     assert config.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS)
-    assert config.local_network_scan == LOCAL_NETWORK_SCAN
+    assert config.scan_local_interfaces == SCAN_LOCAL_INTERFACES
     assert config.subnets == tuple(SUBNETS)
 
 
@@ -174,7 +174,7 @@ def test_network_scan_configuration():
     assert config.fingerprinters[0].options == FINGERPRINTERS[0]["options"]
     assert config.targets.blocked_ips == tuple(BLOCKED_IPS)
     assert config.targets.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS)
-    assert config.targets.local_network_scan == LOCAL_NETWORK_SCAN
+    assert config.targets.scan_local_interfaces == SCAN_LOCAL_INTERFACES
     assert config.targets.subnets == tuple(SUBNETS)
 
 

monkey/tests/unit_tests/infection_monkey/master/test_propagator.py

@@ -170,7 +170,7 @@ def test_scan_result_processing(
     targets = ScanTargetConfiguration(
         blocked_ips=[],
         inaccessible_subnets=[],
-        local_network_scan=False,
+        scan_local_interfaces=False,
         subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"],
     )
     propagation_config = get_propagation_config(default_agent_configuration, targets)
@@ -269,7 +269,7 @@ def test_exploiter_result_processing(
     targets = ScanTargetConfiguration(
         blocked_ips=[],
         inaccessible_subnets=[],
-        local_network_scan=False,
+        scan_local_interfaces=False,
         subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"],
     )
     propagation_config = get_propagation_config(default_agent_configuration, targets)
@@ -310,7 +310,7 @@ def test_scan_target_generation(
     targets = ScanTargetConfiguration(
         blocked_ips=["10.0.0.3"],
         inaccessible_subnets=["10.0.0.128/30", "10.0.0.8/29"],
-        local_network_scan=True,
+        scan_local_interfaces=True,
         subnets=["10.0.0.0/29", "172.10.20.30"],
     )
     propagation_config = get_propagation_config(default_agent_configuration, targets)

monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py

@@ -14,7 +14,7 @@ def compile_ranges_only(ranges):
         ranges_to_scan=ranges,
         inaccessible_subnets=[],
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
 
@@ -88,7 +88,7 @@ def test_blocklisted_ips():
         ranges_to_scan=["10.0.0.0/24"],
         inaccessible_subnets=[],
         blocklisted_ips=blocklisted_ips,
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 252
@@ -105,7 +105,7 @@ def test_only_ip_blocklisted(ranges_to_scan):
         ranges_to_scan=ranges_to_scan,
         inaccessible_subnets=[],
         blocklisted_ips=blocklisted_ips,
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 0
@@ -124,7 +124,7 @@ def test_local_network_interface_ips_removed_from_targets():
         ranges_to_scan=["10.0.0.0/24"],
         inaccessible_subnets=[],
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 252
@@ -142,7 +142,7 @@ def test_no_redundant_targets():
         ranges_to_scan=["127.0.0.0", "127.0.0.1", "localhost"],
         inaccessible_subnets=[],
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 2
@@ -164,7 +164,7 @@ def test_only_scan_ip_is_local(ranges_to_scan):
         ranges_to_scan=ranges_to_scan,
         inaccessible_subnets=[],
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 0
@@ -184,7 +184,7 @@ def test_local_network_interface_ips_and_blocked_ips_removed_from_targets():
         ranges_to_scan=["10.0.0.0/24", "192.168.1.0/24"],
         inaccessible_subnets=[],
         blocklisted_ips=blocked_ips,
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == (2 * (256 - 1)) - len(local_network_interfaces) - (
@@ -206,7 +206,7 @@ def test_local_subnet_added():
         ranges_to_scan=[],
         inaccessible_subnets=[],
         blocklisted_ips=[],
-        enable_local_network_scan=True,
+        scan_local_interfaces=True,
     )
 
     assert len(scan_targets) == 254
@@ -226,7 +226,7 @@ def test_multiple_local_subnets_added():
         ranges_to_scan=[],
         inaccessible_subnets=[],
         blocklisted_ips=[],
-        enable_local_network_scan=True,
+        scan_local_interfaces=True,
     )
 
     assert len(scan_targets) == 2 * (255 - 1)
@@ -250,7 +250,7 @@ def test_blocklisted_ips_missing_from_local_subnets():
         ranges_to_scan=[],
         inaccessible_subnets=[],
         blocklisted_ips=blocklisted_ips,
-        enable_local_network_scan=True,
+        scan_local_interfaces=True,
     )
 
     assert len(scan_targets) == 2 * (255 - 1) - len(blocklisted_ips)
@@ -267,7 +267,7 @@ def test_local_subnets_and_ranges_added():
         ranges_to_scan=["172.33.66.40/30"],
         inaccessible_subnets=[],
         blocklisted_ips=[],
-        enable_local_network_scan=True,
+        scan_local_interfaces=True,
     )
 
     assert len(scan_targets) == 254 + 3
@@ -289,7 +289,7 @@ def test_local_network_interfaces_specified_but_disabled():
         ranges_to_scan=["172.33.66.40/30"],
         inaccessible_subnets=[],
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 3
@@ -309,7 +309,7 @@ def test_local_network_interfaces_subnet_masks():
         ranges_to_scan=[],
         inaccessible_subnets=[],
         blocklisted_ips=[],
-        enable_local_network_scan=True,
+        scan_local_interfaces=True,
     )
 
     assert len(scan_targets) == 4
@@ -328,7 +328,7 @@ def test_segmentation_targets():
         ranges_to_scan=[],
         inaccessible_subnets=inaccessible_subnets,
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 3
@@ -351,7 +351,7 @@ def test_segmentation_clash_with_blocked():
         ranges_to_scan=[],
         inaccessible_subnets=inaccessible_subnets,
         blocklisted_ips=blocked,
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 0
@@ -371,7 +371,7 @@ def test_segmentation_clash_with_targets():
         ranges_to_scan=targets,
         inaccessible_subnets=inaccessible_subnets,
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 3
@@ -394,7 +394,7 @@ def test_segmentation_one_network():
         ranges_to_scan=targets,
         inaccessible_subnets=inaccessible_subnets,
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 3
@@ -413,7 +413,7 @@ def test_segmentation_inaccessible_networks():
         ranges_to_scan=[],
         inaccessible_subnets=inaccessible_subnets,
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 0
@@ -437,7 +437,7 @@ def test_invalid_inputs():
         ranges_to_scan=targets,
         inaccessible_subnets=inaccessible_subnets,
         blocklisted_ips=[],
-        enable_local_network_scan=False,
+        scan_local_interfaces=False,
     )
 
     assert len(scan_targets) == 3
@@ -461,7 +461,7 @@ def test_invalid_blocklisted_ip():
             ranges_to_scan=targets,
             inaccessible_subnets=inaccessible_subnets,
             blocklisted_ips=blocklisted,
-            enable_local_network_scan=False,
+            scan_local_interfaces=False,
         )