monkey/CHANGELOG.md

97 lines
4.0 KiB
Markdown
Raw Normal View History

2021-03-30 00:18:47 +08:00
# Changelog
2021-08-05 23:23:14 +08:00
All notable changes to this project will be documented in this
file.
2021-03-30 00:18:47 +08:00
2021-08-05 23:23:14 +08:00
The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/).
2021-03-30 00:18:47 +08:00
## [Unreleased]
### Changed
- The name of the "Communicate as new user" post-breach action to "Communicate
as backdoor user". #1410
2021-08-20 21:27:11 +08:00
### Removed
- Internet access check on agent start. #1402
- The "internal.monkey.internet_services" configuration option that enabled
internet access checks. #1402
- Disused traceroute binaries. #1397
- "Back door user" post-breach action. #1410
### Fixed
- Misaligned buttons and input fields on exploiter and network configuration
pages. #1353
2021-08-20 19:46:02 +08:00
- Credentials shown in plain text on configuration screens. #1183
2021-08-20 21:23:23 +08:00
- Typo "trough" -> "through" in telemetry and docstring.
2021-08-13 20:41:11 +08:00
- Crash when unexpected character encoding is used by ping command on German
language systems. #1175
- Malfunctioning timestomping PBA. #1405
- Malfunctioning shell startup script PBA. #1419
### Security
- Generate a random password when creating a new user for CommunicateAsNewUser PBA. #1434
## [1.11.0] - 2021-08-13
### Added
- A runtime-configurable option to specify a data directory where runtime
configuration and other artifacts can be stored. #994
2021-08-01 07:22:42 +08:00
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
2021-05-12 03:03:18 +08:00
- `log_level` option to server config. #1151
2021-06-29 23:48:07 +08:00
- A ransomware simulation payload. #1238
2021-07-05 20:18:00 +08:00
- The capability for a user to specify their own SSL certificate. #1208
- API endpoint for ransomware report. #1297
2021-08-05 23:23:14 +08:00
- A ransomware report. #1240
- A script to build a docker image locally. #1140
### Changed
2021-08-05 23:23:14 +08:00
- Select server_config.json at runtime. #963
- Select Logger configuration at runtime. #971
- Select `mongo_key.bin` file location at runtime. #994
- Store Monkey agents in the configurable data_dir when monkey is "run from the
2021-08-30 21:44:20 +08:00
- island". #997
2021-08-05 23:23:14 +08:00
- Reformat all code using black. #1070
2021-08-05 23:42:13 +08:00
- Sort all imports using isort. #1081
2021-08-05 23:23:14 +08:00
- Address all flake8 issues. #1071
- Use pipenv for python dependency management. #1091
2021-08-05 23:42:13 +08:00
- Move unit tests to a dedicated `tests/` directory to improve pytest collection
2021-08-05 23:23:14 +08:00
time. #1102
- Skip BB performance tests by default. Run them if `--run-performance-tests`
flag is specified.
- Write Zerologon exploiter's runtime artifacts to a secure temporary directory
instead of $HOME. #1143
2021-08-05 23:23:14 +08:00
- Put environment config options in `server_config.json` into a separate
section named "environment". #1161
- Automatically register if BlackBox tests are run on a fresh installation.
#1180
- Limit the ports used for scanning in blackbox tests. #1368
- Limit the propagation depth of most blackbox tests. #1400
2021-08-05 23:23:14 +08:00
- Wait less time for monkeys to die when running BlackBox tests. #1400
- Improve the structure of unit tests by scoping fixtures only to relevant
modules instead of having a one huge fixture file. #1178
- Improve and rename the directory structure of unit tests and unit test
infrastructure. #1178
- Launch MongoDB when the Island starts via python. #1148
- Create/check data directory on Island initialization. #1170
- Format some log messages to make them more readable. #1283
- Improve runtime of some unit tests. #1125
- Run curl OR wget (not both) when attempting to communicate as a new user on
Linux. #1407
2021-05-12 03:03:18 +08:00
### Removed
- Relevant dead code as reported by Vulture. #1149
- Island logger config and --logger-config CLI option. #1151
2021-04-27 00:01:19 +08:00
### Fixed
2021-08-05 23:23:14 +08:00
- Attempt to delete a directory when monkey config reset was called. #1054
- An errant space in the windows commands to run monkey manually. #1153
2021-08-05 23:23:14 +08:00
- Gevent tracebacks in console output. #859
2021-07-30 17:49:24 +08:00
- Crash and failure to run PBAs if max depth reached. #1374
2021-04-27 00:03:16 +08:00
### Security
- Address minor issues discovered by Dlint. #1075
2021-08-05 23:23:14 +08:00
- Hash passwords on server-side instead of client side. #1139
- Generate random passwords when creating a new user (create user PBA, ms08_67
exploit). #1174
- Implemented configuration encryption/decryption. #1189, #1204
2021-07-05 20:18:00 +08:00
- Create local custom PBA directory with secure permissions. #1270
- Create encryption key file for MongoDB with secure permissions. #1232