diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py index fc1342eb4..cc66cd353 100644 --- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py +++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py @@ -2,169 +2,142 @@ from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN EXPLOITER_CLASSES = { "title": "Exploit class", - "description": "Click on exploiter to get more information about it." + WARNING_SIGN + - " Note that using unsafe exploits may cause crashes of the exploited machine/service.", + "description": "Click on exploiter to get more information about it." + + WARNING_SIGN + + " Note that using unsafe exploits may cause crashes of the exploited machine/service.", "type": "string", "anyOf": [ { "type": "string", - "enum": [ - "SmbExploiter" - ], + "enum": ["SmbExploiter"], "title": "SMB Exploiter", "safe": True, "attack_techniques": ["T1110", "T1075", "T1035"], "info": "Brute forces using credentials provided by user and" - " hashes gathered by mimikatz.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/smbexec/" + " hashes gathered by mimikatz.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/smbexec/", }, { "type": "string", - "enum": [ - "WmiExploiter" - ], + "enum": ["WmiExploiter"], "title": "WMI Exploiter", "safe": True, "attack_techniques": ["T1110", "T1106"], "info": "Brute forces WMI (Windows Management Instrumentation) " - "using credentials provided by user and hashes gathered by mimikatz.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/wmiexec/" + "using credentials provided by user and hashes gathered by mimikatz.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/wmiexec/", }, { "type": "string", - "enum": [ - "MSSQLExploiter" - ], + "enum": ["MSSQLExploiter"], "title": "MSSQL Exploiter", "safe": True, "attack_techniques": ["T1110"], "info": "Tries to brute force into MsSQL server and uses insecure " - "configuration to execute commands on server.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/mssql/" + "configuration to execute commands on server.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/mssql/", }, { "type": "string", - "enum": [ - "Ms08_067_Exploiter" - ], + "enum": ["Ms08_067_Exploiter"], "title": "MS08-067 Exploiter", "safe": False, "info": "Unsafe exploiter, that might cause system crash due to the use of buffer overflow. " - "Uses MS08-067 vulnerability.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/ms08-067/" + "Uses MS08-067 vulnerability.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/ms08-067/", }, { "type": "string", - "enum": [ - "SSHExploiter" - ], + "enum": ["SSHExploiter"], "title": "SSH Exploiter", "safe": True, "attack_techniques": ["T1110", "T1145", "T1106"], "info": "Brute forces using credentials provided by user and SSH keys gathered from systems.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sshexec/" + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sshexec/", }, { "type": "string", - "enum": [ - "ShellShockExploiter" - ], + "enum": ["ShellShockExploiter"], "title": "ShellShock Exploiter", "safe": True, "info": "CVE-2014-6271, based on logic from " - "https://github.com/nccgroup/shocker/blob/master/shocker.py .", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/shellshock/" + "https://github.com/nccgroup/shocker/blob/master/shocker.py .", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/shellshock/", }, { "type": "string", - "enum": [ - "SambaCryExploiter" - ], + "enum": ["SambaCryExploiter"], "title": "SambaCry Exploiter", "safe": True, "info": "Bruteforces and searches for anonymous shares. Uses Impacket.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sambacry/" + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sambacry/", }, { "type": "string", - "enum": [ - "ElasticGroovyExploiter" - ], + "enum": ["ElasticGroovyExploiter"], "title": "ElasticGroovy Exploiter", "safe": True, "info": "CVE-2015-1427. Logic is based on Metasploit module.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/elasticgroovy/" + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/elasticgroovy/", }, { "type": "string", - "enum": [ - "Struts2Exploiter" - ], + "enum": ["Struts2Exploiter"], "title": "Struts2 Exploiter", "safe": True, "info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on " - "https://www.exploit-db.com/exploits/41570 .", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/" + "https://www.exploit-db.com/exploits/41570 .", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/", }, { "type": "string", - "enum": [ - "WebLogicExploiter" - ], + "enum": ["WebLogicExploiter"], "title": "WebLogic Exploiter", "safe": True, "info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/weblogic/" + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/weblogic/", }, { "type": "string", - "enum": [ - "HadoopExploiter" - ], + "enum": ["HadoopExploiter"], "title": "Hadoop/Yarn Exploiter", "safe": True, "info": "Remote code execution on HADOOP server with YARN and default settings. " - "Logic based on https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/hadoop/" + "Logic based on https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/hadoop/", }, { "type": "string", - "enum": [ - "VSFTPDExploiter" - ], + "enum": ["VSFTPDExploiter"], "title": "VSFTPD Exploiter", "safe": True, "info": "Exploits a malicious backdoor that was added to the VSFTPD download archive. " - "Logic based on Metasploit module.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/vsftpd/" + "Logic based on Metasploit module.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/vsftpd/", }, { "type": "string", - "enum": [ - "DrupalExploiter" - ], + "enum": ["DrupalExploiter"], "title": "Drupal Exploiter", "safe": True, "info": "Exploits a remote command execution vulnerability in a Drupal server," - "for which certain modules (such as RESTful Web Services) are enabled.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/" + "for which certain modules (such as RESTful Web Services) are enabled.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/", }, { "type": "string", - "enum": [ - "ZerologonExploiter" - ], + "enum": ["ZerologonExploiter"], "title": "Zerologon Exploiter", "safe": False, "info": "Exploits a privilege escalation vulnerability (CVE-2020-1472) in a Windows " - "server domain controller by using the Netlogon Remote Protocol (MS-NRPC). " - "This exploiter changes the password of a Windows server domain controller " - "account and could prevent the victim domain controller from communicating " - "with other domain controllers. While it attempts to undo " - "its changes and reset the password back to the original after the " - "vulnerability is exploited, this is not successful in all cases. For " - "instructions on how to reset the domain controller's password, see the documentation.", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/" - } - ] + "server domain controller by using the Netlogon Remote Protocol (MS-NRPC). " + "This exploiter changes the password of a Windows server domain controller " + "account and could prevent the victim domain controller from communicating " + "with other domain controllers. While it attempts to undo " + "its changes and reset the password back to the original after the " + "vulnerability is exploited, this is not successful in all cases. For " + "instructions on how to reset the domain controller's password, see the documentation.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/", + }, + ], }