cc: format exploiter_classes.py with black

This commit is contained in:
Mike Salvatore 2021-02-24 13:40:49 -05:00
parent b5b8d289ca
commit b6bb6d8221
1 changed files with 49 additions and 76 deletions

View File

@ -2,169 +2,142 @@ from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN
EXPLOITER_CLASSES = { EXPLOITER_CLASSES = {
"title": "Exploit class", "title": "Exploit class",
"description": "Click on exploiter to get more information about it." + WARNING_SIGN + "description": "Click on exploiter to get more information about it."
" Note that using unsafe exploits may cause crashes of the exploited machine/service.", + WARNING_SIGN
+ " Note that using unsafe exploits may cause crashes of the exploited machine/service.",
"type": "string", "type": "string",
"anyOf": [ "anyOf": [
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["SmbExploiter"],
"SmbExploiter"
],
"title": "SMB Exploiter", "title": "SMB Exploiter",
"safe": True, "safe": True,
"attack_techniques": ["T1110", "T1075", "T1035"], "attack_techniques": ["T1110", "T1075", "T1035"],
"info": "Brute forces using credentials provided by user and" "info": "Brute forces using credentials provided by user and"
" hashes gathered by mimikatz.", " hashes gathered by mimikatz.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/smbexec/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/smbexec/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["WmiExploiter"],
"WmiExploiter"
],
"title": "WMI Exploiter", "title": "WMI Exploiter",
"safe": True, "safe": True,
"attack_techniques": ["T1110", "T1106"], "attack_techniques": ["T1110", "T1106"],
"info": "Brute forces WMI (Windows Management Instrumentation) " "info": "Brute forces WMI (Windows Management Instrumentation) "
"using credentials provided by user and hashes gathered by mimikatz.", "using credentials provided by user and hashes gathered by mimikatz.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/wmiexec/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/wmiexec/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["MSSQLExploiter"],
"MSSQLExploiter"
],
"title": "MSSQL Exploiter", "title": "MSSQL Exploiter",
"safe": True, "safe": True,
"attack_techniques": ["T1110"], "attack_techniques": ["T1110"],
"info": "Tries to brute force into MsSQL server and uses insecure " "info": "Tries to brute force into MsSQL server and uses insecure "
"configuration to execute commands on server.", "configuration to execute commands on server.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/mssql/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/mssql/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["Ms08_067_Exploiter"],
"Ms08_067_Exploiter"
],
"title": "MS08-067 Exploiter", "title": "MS08-067 Exploiter",
"safe": False, "safe": False,
"info": "Unsafe exploiter, that might cause system crash due to the use of buffer overflow. " "info": "Unsafe exploiter, that might cause system crash due to the use of buffer overflow. "
"Uses MS08-067 vulnerability.", "Uses MS08-067 vulnerability.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/ms08-067/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/ms08-067/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["SSHExploiter"],
"SSHExploiter"
],
"title": "SSH Exploiter", "title": "SSH Exploiter",
"safe": True, "safe": True,
"attack_techniques": ["T1110", "T1145", "T1106"], "attack_techniques": ["T1110", "T1145", "T1106"],
"info": "Brute forces using credentials provided by user and SSH keys gathered from systems.", "info": "Brute forces using credentials provided by user and SSH keys gathered from systems.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sshexec/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sshexec/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["ShellShockExploiter"],
"ShellShockExploiter"
],
"title": "ShellShock Exploiter", "title": "ShellShock Exploiter",
"safe": True, "safe": True,
"info": "CVE-2014-6271, based on logic from " "info": "CVE-2014-6271, based on logic from "
"https://github.com/nccgroup/shocker/blob/master/shocker.py .", "https://github.com/nccgroup/shocker/blob/master/shocker.py .",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/shellshock/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/shellshock/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["SambaCryExploiter"],
"SambaCryExploiter"
],
"title": "SambaCry Exploiter", "title": "SambaCry Exploiter",
"safe": True, "safe": True,
"info": "Bruteforces and searches for anonymous shares. Uses Impacket.", "info": "Bruteforces and searches for anonymous shares. Uses Impacket.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sambacry/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sambacry/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["ElasticGroovyExploiter"],
"ElasticGroovyExploiter"
],
"title": "ElasticGroovy Exploiter", "title": "ElasticGroovy Exploiter",
"safe": True, "safe": True,
"info": "CVE-2015-1427. Logic is based on Metasploit module.", "info": "CVE-2015-1427. Logic is based on Metasploit module.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/elasticgroovy/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/elasticgroovy/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["Struts2Exploiter"],
"Struts2Exploiter"
],
"title": "Struts2 Exploiter", "title": "Struts2 Exploiter",
"safe": True, "safe": True,
"info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on " "info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on "
"https://www.exploit-db.com/exploits/41570 .", "https://www.exploit-db.com/exploits/41570 .",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["WebLogicExploiter"],
"WebLogicExploiter"
],
"title": "WebLogic Exploiter", "title": "WebLogic Exploiter",
"safe": True, "safe": True,
"info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.", "info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/weblogic/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/weblogic/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["HadoopExploiter"],
"HadoopExploiter"
],
"title": "Hadoop/Yarn Exploiter", "title": "Hadoop/Yarn Exploiter",
"safe": True, "safe": True,
"info": "Remote code execution on HADOOP server with YARN and default settings. " "info": "Remote code execution on HADOOP server with YARN and default settings. "
"Logic based on https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn.", "Logic based on https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/hadoop/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/hadoop/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["VSFTPDExploiter"],
"VSFTPDExploiter"
],
"title": "VSFTPD Exploiter", "title": "VSFTPD Exploiter",
"safe": True, "safe": True,
"info": "Exploits a malicious backdoor that was added to the VSFTPD download archive. " "info": "Exploits a malicious backdoor that was added to the VSFTPD download archive. "
"Logic based on Metasploit module.", "Logic based on Metasploit module.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/vsftpd/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/vsftpd/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["DrupalExploiter"],
"DrupalExploiter"
],
"title": "Drupal Exploiter", "title": "Drupal Exploiter",
"safe": True, "safe": True,
"info": "Exploits a remote command execution vulnerability in a Drupal server," "info": "Exploits a remote command execution vulnerability in a Drupal server,"
"for which certain modules (such as RESTful Web Services) are enabled.", "for which certain modules (such as RESTful Web Services) are enabled.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/",
}, },
{ {
"type": "string", "type": "string",
"enum": [ "enum": ["ZerologonExploiter"],
"ZerologonExploiter"
],
"title": "Zerologon Exploiter", "title": "Zerologon Exploiter",
"safe": False, "safe": False,
"info": "Exploits a privilege escalation vulnerability (CVE-2020-1472) in a Windows " "info": "Exploits a privilege escalation vulnerability (CVE-2020-1472) in a Windows "
"server domain controller by using the Netlogon Remote Protocol (MS-NRPC). " "server domain controller by using the Netlogon Remote Protocol (MS-NRPC). "
"This exploiter changes the password of a Windows server domain controller " "This exploiter changes the password of a Windows server domain controller "
"account and could prevent the victim domain controller from communicating " "account and could prevent the victim domain controller from communicating "
"with other domain controllers. While it attempts to undo " "with other domain controllers. While it attempts to undo "
"its changes and reset the password back to the original after the " "its changes and reset the password back to the original after the "
"vulnerability is exploited, this is not successful in all cases. For " "vulnerability is exploited, this is not successful in all cases. For "
"instructions on how to reset the domain controller's password, see the documentation.", "instructions on how to reset the domain controller's password, see the documentation.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/",
} },
] ],
} }