forked from p15670423/monkey
Merge pull request #214 from guardicore/feature/collect-aws-instanceid
Add AWS instance id collector
This commit is contained in:
commit
fdeeed40f4
|
@ -0,0 +1 @@
|
||||||
|
__author__ = 'itay.mizeretz'
|
|
@ -0,0 +1,17 @@
|
||||||
|
import urllib2
|
||||||
|
|
||||||
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
|
||||||
|
class AWS(object):
|
||||||
|
def __init__(self):
|
||||||
|
try:
|
||||||
|
self.instance_id = urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read()
|
||||||
|
except urllib2.URLError:
|
||||||
|
self.instance_id = None
|
||||||
|
|
||||||
|
def get_instance_id(self):
|
||||||
|
return self.instance_id
|
||||||
|
|
||||||
|
def is_aws_instance(self):
|
||||||
|
return self.instance_id is not None
|
|
@ -6,6 +6,7 @@ import psutil
|
||||||
from enum import IntEnum
|
from enum import IntEnum
|
||||||
|
|
||||||
from infection_monkey.network.info import get_host_subnets
|
from infection_monkey.network.info import get_host_subnets
|
||||||
|
from infection_monkey.system_info.aws_collector import AwsCollector
|
||||||
from infection_monkey.system_info.azure_cred_collector import AzureCollector
|
from infection_monkey.system_info.azure_cred_collector import AzureCollector
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
@ -57,6 +58,13 @@ class InfoCollector(object):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.info = {}
|
self.info = {}
|
||||||
|
|
||||||
|
def get_info(self):
|
||||||
|
self.get_hostname()
|
||||||
|
self.get_process_list()
|
||||||
|
self.get_network_info()
|
||||||
|
self.get_azure_info()
|
||||||
|
self.get_aws_info()
|
||||||
|
|
||||||
def get_hostname(self):
|
def get_hostname(self):
|
||||||
"""
|
"""
|
||||||
Adds the fully qualified computer hostname to the system information.
|
Adds the fully qualified computer hostname to the system information.
|
||||||
|
@ -131,3 +139,6 @@ class InfoCollector(object):
|
||||||
if len(azure_creds) != 0:
|
if len(azure_creds) != 0:
|
||||||
self.info["Azure"] = {}
|
self.info["Azure"] = {}
|
||||||
self.info["Azure"]['usernames'] = [cred[0] for cred in azure_creds]
|
self.info["Azure"]['usernames'] = [cred[0] for cred in azure_creds]
|
||||||
|
|
||||||
|
def get_aws_info(self):
|
||||||
|
self.info['aws'] = AwsCollector().get_aws_info()
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
import logging
|
||||||
|
|
||||||
|
from common.cloud.aws import AWS
|
||||||
|
|
||||||
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class AwsCollector(object):
|
||||||
|
"""
|
||||||
|
Extract info from AWS machines
|
||||||
|
"""
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_aws_info():
|
||||||
|
LOG.info("Collecting AWS info")
|
||||||
|
aws = AWS()
|
||||||
|
info = {}
|
||||||
|
if aws.is_aws_instance():
|
||||||
|
LOG.info("Machine is an AWS instance")
|
||||||
|
info = \
|
||||||
|
{
|
||||||
|
'instance_id': aws.get_instance_id()
|
||||||
|
}
|
||||||
|
else:
|
||||||
|
LOG.info("Machine is NOT an AWS instance")
|
||||||
|
|
||||||
|
return info
|
|
@ -23,10 +23,7 @@ class LinuxInfoCollector(InfoCollector):
|
||||||
:return: Dict of system information
|
:return: Dict of system information
|
||||||
"""
|
"""
|
||||||
LOG.debug("Running Linux collector")
|
LOG.debug("Running Linux collector")
|
||||||
self.get_hostname()
|
super(LinuxInfoCollector, self).get_info()
|
||||||
self.get_process_list()
|
|
||||||
self.get_network_info()
|
|
||||||
self.get_azure_info()
|
|
||||||
self.info['ssh_info'] = SSHCollector.get_info()
|
self.info['ssh_info'] = SSHCollector.get_info()
|
||||||
return self.info
|
return self.info
|
||||||
|
|
||||||
|
|
|
@ -35,16 +35,26 @@ class WindowsInfoCollector(InfoCollector):
|
||||||
:return: Dict of system information
|
:return: Dict of system information
|
||||||
"""
|
"""
|
||||||
LOG.debug("Running Windows collector")
|
LOG.debug("Running Windows collector")
|
||||||
self.get_hostname()
|
super(WindowsInfoCollector, self).get_info()
|
||||||
self.get_process_list()
|
|
||||||
self.get_network_info()
|
|
||||||
self.get_azure_info()
|
|
||||||
|
|
||||||
self.get_wmi_info()
|
self.get_wmi_info()
|
||||||
LOG.debug('finished get_wmi_info')
|
|
||||||
self.get_installed_packages()
|
self.get_installed_packages()
|
||||||
|
self.get_mimikatz_info()
|
||||||
|
|
||||||
|
return self.info
|
||||||
|
|
||||||
|
def get_installed_packages(self):
|
||||||
|
LOG.info('getting installed packages')
|
||||||
|
self.info["installed_packages"] = os.popen("dism /online /get-packages").read()
|
||||||
|
self.info["installed_features"] = os.popen("dism /online /get-features").read()
|
||||||
LOG.debug('Got installed packages')
|
LOG.debug('Got installed packages')
|
||||||
|
|
||||||
|
def get_wmi_info(self):
|
||||||
|
LOG.info('getting wmi info')
|
||||||
|
for wmi_class_name in WMI_CLASSES:
|
||||||
|
self.info['wmi'][wmi_class_name] = WMIUtils.get_wmi_class(wmi_class_name)
|
||||||
|
LOG.debug('finished get_wmi_info')
|
||||||
|
|
||||||
|
def get_mimikatz_info(self):
|
||||||
mimikatz_collector = MimikatzCollector()
|
mimikatz_collector = MimikatzCollector()
|
||||||
mimikatz_info = mimikatz_collector.get_logon_info()
|
mimikatz_info = mimikatz_collector.get_logon_info()
|
||||||
if mimikatz_info:
|
if mimikatz_info:
|
||||||
|
@ -53,15 +63,3 @@ class WindowsInfoCollector(InfoCollector):
|
||||||
self.info["mimikatz"] = mimikatz_collector.get_mimikatz_text()
|
self.info["mimikatz"] = mimikatz_collector.get_mimikatz_text()
|
||||||
else:
|
else:
|
||||||
LOG.info('No mimikatz info was gathered')
|
LOG.info('No mimikatz info was gathered')
|
||||||
|
|
||||||
return self.info
|
|
||||||
|
|
||||||
def get_installed_packages(self):
|
|
||||||
LOG.info('getting installed packages')
|
|
||||||
self.info["installed_packages"] = os.popen("dism /online /get-packages").read()
|
|
||||||
self.info["installed_features"] = os.popen("dism /online /get-features").read()
|
|
||||||
|
|
||||||
def get_wmi_info(self):
|
|
||||||
LOG.info('getting wmi info')
|
|
||||||
for wmi_class_name in WMI_CLASSES:
|
|
||||||
self.info['wmi'][wmi_class_name] = WMIUtils.get_wmi_class(wmi_class_name)
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
import urllib2
|
|
||||||
|
|
||||||
import cc.auth
|
import cc.auth
|
||||||
from cc.environment import Environment
|
from cc.environment import Environment
|
||||||
|
from common.cloud.aws import AWS
|
||||||
|
|
||||||
__author__ = 'itay.mizeretz'
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
@ -13,7 +12,7 @@ class AwsEnvironment(Environment):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _get_instance_id():
|
def _get_instance_id():
|
||||||
return urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read()
|
return AWS.get_instance_id()
|
||||||
|
|
||||||
def is_auth_enabled(self):
|
def is_auth_enabled(self):
|
||||||
return True
|
return True
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -86,7 +86,7 @@
|
||||||
"react-graph-vis": "^1.0.2",
|
"react-graph-vis": "^1.0.2",
|
||||||
"react-json-tree": "^0.11.0",
|
"react-json-tree": "^0.11.0",
|
||||||
"react-jsonschema-form": "^1.0.5",
|
"react-jsonschema-form": "^1.0.5",
|
||||||
"react-redux": "^5.0.7",
|
"react-redux": "^5.1.1",
|
||||||
"react-router-dom": "^4.3.1",
|
"react-router-dom": "^4.3.1",
|
||||||
"react-table": "^6.8.6",
|
"react-table": "^6.8.6",
|
||||||
"react-toggle": "^4.0.1",
|
"react-toggle": "^4.0.1",
|
||||||
|
|
Loading…
Reference in New Issue