Commit Graph

272 Commits

Author SHA1 Message Date
danielguardicore 9f27825789 Changed tcp scanning to be a bit more random. Might confuse really basic defenses. 2016-09-07 19:01:19 +03:00
danielguardicore ce3eaa9b2e Fixed grequsts/gevents monkey patching of socket code, which lead to paramiko being unable to function after a shellshock scan. 2016-09-07 10:16:17 +03:00
itsikkes 39eaca300f RDP: change VBS object to reduce requirements + process is more verbose 2016-09-06 11:05:15 +03:00
itsikkes 9b21215025 added tornado 2016-09-06 10:45:32 +03:00
itsikkes e18a19abcc Switched to tornado as webserver, same as in the island 2016-09-06 10:45:32 +03:00
daniel goldberg 6e76162b8f Added str representation of hosts. 2016-09-05 21:10:17 +03:00
daniel goldberg 397c4f82ca Merge remote-tracking branch 'origin/master' 2016-09-05 18:49:10 +03:00
daniel goldberg 32c326bd7b PEP8 in diff files
Add concept of non default timeout for copying SMB files. This is by default 5 minutes.
Changed behavior of SMB exploiter if file already exists, we don't assume exploitation is useless and try again. Worse case is we run the monkey after it finished running.
Changed behavior if managed to connect to machine to IPC$ over some dialect. If Success, we don't try again.
2016-09-05 17:45:27 +03:00
Daniel Goldberg 78cafb8d58 Set minimum Python version for Windows version.
This should fix #34
2016-09-05 16:13:55 +03:00
daniel goldberg 5ae67840a6 No manifest files, everything compiled in onefile 2016-09-04 14:33:02 +03:00
daniel goldberg 442cc827c0 Merge remote-tracking branch 'origin/master' 2016-09-04 14:30:56 +03:00
daniel goldberg fc19da7427 Added grequests to hidden imports.
Fixed dict lookup in monkeyfs
2016-09-04 13:45:49 +03:00
Daniel Goldberg ffb0baaa31 Typo 2016-09-01 13:58:44 +03:00
daniel goldberg 12ff0c5677 Reverted bug in config, added 'user' to default bruteforce. 2016-08-30 11:04:44 +03:00
daniel goldberg 6a51e926f8 Fixed random IP 2016-08-29 19:14:37 +03:00
daniel goldberg bbc5cfb24c Add log 2016-08-29 18:58:16 +03:00
daniel goldberg 1a4a08e3bd Add HTTPFinger to conf file and PEP8 fix 2016-08-29 18:58:16 +03:00
daniel goldberg 91427eb346 Tiny PEP8 change and changed reporting of vulnerable URLs in shellshock 2016-08-29 18:58:16 +03:00
daniel goldberg 30cb88f01d Update conf to use shellshock as well 2016-08-29 18:58:16 +03:00
Daniel Goldberg 835c861219 Add ShellShockExploiter to default config 2016-08-29 18:58:16 +03:00
daniel goldberg d80c670392 Fixed bug in HTTPFingering
Added support for skip_exploit_if_file_exists in linux exploiters.
Delayed/fixed a race in the monkey patching that gevents does.
2016-08-29 18:58:16 +03:00
daniel goldberg cd27438a1e PEP 8 changes 2016-08-29 18:58:15 +03:00
daniel goldberg 1806f9bc62 Issue #33 - Added support for skip_exploit_if_file_exist in linux 2016-08-29 13:34:21 +03:00
daniel goldberg f78fe6c4f4 Updated configuration documentation and reordered fields 2016-08-29 13:27:26 +03:00
daniel goldberg dbdadce16c Added grequests and shellshock to documentation. 2016-08-29 13:16:57 +03:00
daniel goldberg a322a619cb Issue 23 - Added shellshock exploit. 2016-08-29 12:09:46 +03:00
daniel goldberg bdde8dfeed Added func to find route to victim, reorganised firewall 2016-08-29 12:08:42 +03:00
daniel goldberg 3b39ee4308 Added more logging to HTTP server 2016-08-29 12:05:24 +03:00
daniel goldberg 57525b6450 Moved to using HEAD to save code 2016-08-25 16:32:16 +03:00
daniel goldberg dd8738a4f1 Fixed collision where HTTP auto upgraded to HTTPS 2016-08-25 16:27:29 +03:00
daniel goldberg bee9fc23ea BugFix 2016-08-25 15:46:29 +03:00
daniel goldberg 4f1dfb4016 PEP8 2016-08-25 15:45:47 +03:00
daniel goldberg 8c9014684c Fixed some bugs in HTTP fingerprinting 2016-08-25 15:43:59 +03:00
daniel goldberg 3226ee3f02 Ignore more working tree files 2016-08-25 14:44:04 +03:00
daniel goldberg d455a8bb40 Added basic HTTP fingering by using banner grabbing 2016-08-24 18:31:16 +03:00
daniel goldberg 85ee6804ee Removed the unused load new config button 2016-08-23 11:40:37 +03:00
daniel goldberg 87cdac12db Fixed bug in running Monkey from Island when win32 is the platform 2016-08-23 11:02:18 +03:00
daniel goldberg b2a9b85af4 PEP8 changes 2016-08-22 19:40:38 +03:00
daniel goldberg ceabd8ddd0 Added default redirect to Monkey Island 2016-08-22 19:29:44 +03:00
daniel goldberg 67d77408f6 PEP8 2016-08-22 18:34:22 +03:00
acepace 8c4288d100 PEP8 changes 2016-08-20 23:37:42 +03:00
acepace 14052bb444 Merge remote-tracking branch 'origin/master' 2016-08-20 17:56:29 +03:00
acepace e16debeff9 Documented config variable 2016-08-20 17:56:23 +03:00
Daniel Goldberg 01a71fa04a Include debian package + link to quick howto. 2016-08-20 17:22:32 +03:00
acepace 88951f920d Bunch of generic PEP8 improvements 2016-08-20 17:03:49 +03:00
acepace 0eb655c44b Changed Monkey SSH file path to /tmp to not require root.
Tiny PEP8 changes
2016-08-20 15:28:14 +03:00
itsikkes 72fc0c3bba lower the probability of marking living monkeys as dead
living monkeys will now be auto-marked as dead only if not a single
living monkey sent keep-alive in the last 10 minutes
2016-08-13 19:39:09 +03:00
itsikkes 2443e3fe4b mark living monkeys in the UI 2016-08-13 19:37:49 +03:00
itsikkes fba5bea912 Tunnel improvements - bugfix for using default tunnel, improvement in tunnel shutdown
1) Bugfix when searching for tunnel - registration packet might be sent
from wrong interface in case of the default tunnel
2) Tunnel shutdown now verifies that no one used the tunnel before
shutting it down (added code to allow tracing of last used time)
3) Timeouts increasments
2016-08-13 18:38:31 +03:00
itsikkes a2fccaca03 Bug fix in shutdown sequence and added sleep for allowing newly exploited use the tunnel
1) When exploiting new host, ensure it has enough time to get access to
the tunnel before shut down
2) When shutting down, first report to the island and only then quit the
tunnel (if in use)
2016-08-13 18:33:49 +03:00