forked from p34709852/monkey
Implement backend
This commit is contained in:
parent
aae2a3a8de
commit
57ae31406a
|
@ -1,3 +1,5 @@
|
||||||
|
import itertools
|
||||||
|
|
||||||
import ipaddress
|
import ipaddress
|
||||||
from enum import Enum
|
from enum import Enum
|
||||||
|
|
||||||
|
@ -6,6 +8,7 @@ from cc.services.config import ConfigService
|
||||||
from cc.services.edge import EdgeService
|
from cc.services.edge import EdgeService
|
||||||
from cc.services.node import NodeService
|
from cc.services.node import NodeService
|
||||||
from cc.utils import local_ip_addresses, get_subnets
|
from cc.utils import local_ip_addresses, get_subnets
|
||||||
|
from common.network.range import NetworkRange
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
|
||||||
|
@ -33,6 +36,7 @@ class ReportService:
|
||||||
SAMBACRY = 3
|
SAMBACRY = 3
|
||||||
SHELLSHOCK = 4
|
SHELLSHOCK = 4
|
||||||
CONFICKER = 5
|
CONFICKER = 5
|
||||||
|
CROSS_SEGMENT = 6
|
||||||
|
|
||||||
class WARNINGS_DICT(Enum):
|
class WARNINGS_DICT(Enum):
|
||||||
ISLAND_CROSS_SEGMENT = 0
|
ISLAND_CROSS_SEGMENT = 0
|
||||||
|
@ -275,6 +279,74 @@ class ReportService:
|
||||||
|
|
||||||
return issues
|
return issues
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_cross_segment_ip(ip_addresses, source_subnet, target_subnet):
|
||||||
|
for ip_address in ip_addresses:
|
||||||
|
if target_subnet.is_in_range(ip_address):
|
||||||
|
return None
|
||||||
|
for ip_address in ip_addresses:
|
||||||
|
if source_subnet.is_in_range(ip_address):
|
||||||
|
return ip_address
|
||||||
|
return None
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_cross_segment_issues_per_subnet_pair(scans, source_subnet, target_subnet):
|
||||||
|
if source_subnet == target_subnet:
|
||||||
|
return []
|
||||||
|
source_subnet_range = NetworkRange.get_range_obj(source_subnet)
|
||||||
|
target_subnet_range = NetworkRange.get_range_obj(target_subnet)
|
||||||
|
|
||||||
|
cross_segment_issues = []
|
||||||
|
|
||||||
|
for scan in scans:
|
||||||
|
target_ip = scan['data']['machine']['ip_addr']
|
||||||
|
if target_subnet_range.is_in_range(unicode(target_ip)):
|
||||||
|
monkey = NodeService.get_monkey_by_guid(scan['monkey_guid'])
|
||||||
|
cross_segment_ip = ReportService.get_cross_segment_ip(monkey['ip_addresses'], source_subnet_range,
|
||||||
|
target_subnet_range)
|
||||||
|
if cross_segment_ip is not None:
|
||||||
|
cross_segment_issues.append(
|
||||||
|
{
|
||||||
|
'source': cross_segment_ip,
|
||||||
|
'target': target_ip,
|
||||||
|
'services': scan['data']['machine']['services']
|
||||||
|
})
|
||||||
|
|
||||||
|
return cross_segment_issues
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_cross_segment_issues_per_subnet_group(scans, subnet_group):
|
||||||
|
cross_segment_issues = []
|
||||||
|
|
||||||
|
for subnet_pair in itertools.product(subnet_group, subnet_group):
|
||||||
|
source_subnet = subnet_pair[0]
|
||||||
|
target_subnet = subnet_pair[1]
|
||||||
|
pair_issues = ReportService.get_cross_segment_issues_per_subnet_pair(scans, source_subnet, target_subnet)
|
||||||
|
if len(pair_issues) != 0:
|
||||||
|
cross_segment_issues.append(
|
||||||
|
{
|
||||||
|
'source_subnet': source_subnet,
|
||||||
|
'target_subnet': target_subnet,
|
||||||
|
'issues': pair_issues
|
||||||
|
})
|
||||||
|
|
||||||
|
return cross_segment_issues
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_cross_segement_issues():
|
||||||
|
scans = mongo.db.telemetry.find({'telem_type': 'scan'},
|
||||||
|
{'monkey_guid': 1, 'data.machine.ip_addr': 1, 'data.machine.services': 1})
|
||||||
|
|
||||||
|
cross_segment_issues = []
|
||||||
|
|
||||||
|
subnet_groups = ConfigService.get_config_value(
|
||||||
|
['basic_network', 'network_analysis', 'inaccessible_subnet_groups'])
|
||||||
|
|
||||||
|
for subnet_group in subnet_groups:
|
||||||
|
cross_segment_issues += ReportService.get_cross_segment_issues_per_subnet_group(scans, subnet_group)
|
||||||
|
|
||||||
|
return cross_segment_issues
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_issues():
|
def get_issues():
|
||||||
issues = ReportService.get_exploits() + ReportService.get_tunnels() \
|
issues = ReportService.get_exploits() + ReportService.get_tunnels() \
|
||||||
|
@ -323,8 +395,8 @@ class ReportService:
|
||||||
return ConfigService.get_config_value(['basic_network', 'general', 'local_network_scan'], True)
|
return ConfigService.get_config_value(['basic_network', 'general', 'local_network_scan'], True)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_issues_overview(issues, config_users, config_passwords):
|
def get_issues_overview(issues, cross_segment_issues, config_users, config_passwords):
|
||||||
issues_byte_array = [False] * 6
|
issues_byte_array = [False] * 7
|
||||||
|
|
||||||
for machine in issues:
|
for machine in issues:
|
||||||
for issue in issues[machine]:
|
for issue in issues[machine]:
|
||||||
|
@ -342,6 +414,9 @@ class ReportService:
|
||||||
elif issue['type'].endswith('_pth') or issue['type'].endswith('_password'):
|
elif issue['type'].endswith('_pth') or issue['type'].endswith('_password'):
|
||||||
issues_byte_array[ReportService.ISSUES_DICT.STOLEN_CREDS.value] = True
|
issues_byte_array[ReportService.ISSUES_DICT.STOLEN_CREDS.value] = True
|
||||||
|
|
||||||
|
if len(cross_segment_issues) != 0:
|
||||||
|
issues_byte_array[ReportService.ISSUES_DICT.CROSS_SEGMENT.value] = True
|
||||||
|
|
||||||
return issues_byte_array
|
return issues_byte_array
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -376,6 +451,7 @@ class ReportService:
|
||||||
issues = ReportService.get_issues()
|
issues = ReportService.get_issues()
|
||||||
config_users = ReportService.get_config_users()
|
config_users = ReportService.get_config_users()
|
||||||
config_passwords = ReportService.get_config_passwords()
|
config_passwords = ReportService.get_config_passwords()
|
||||||
|
cross_segment_issues = ReportService.get_cross_segement_issues()
|
||||||
|
|
||||||
report = \
|
report = \
|
||||||
{
|
{
|
||||||
|
@ -389,14 +465,15 @@ class ReportService:
|
||||||
'config_scan': ReportService.get_config_scan(),
|
'config_scan': ReportService.get_config_scan(),
|
||||||
'monkey_start_time': ReportService.get_first_monkey_time().strftime("%d/%m/%Y %H:%M:%S"),
|
'monkey_start_time': ReportService.get_first_monkey_time().strftime("%d/%m/%Y %H:%M:%S"),
|
||||||
'monkey_duration': ReportService.get_monkey_duration(),
|
'monkey_duration': ReportService.get_monkey_duration(),
|
||||||
'issues': ReportService.get_issues_overview(issues, config_users, config_passwords),
|
'issues': ReportService.get_issues_overview(issues, cross_segment_issues, config_users, config_passwords),
|
||||||
'warnings': ReportService.get_warnings_overview(issues)
|
'warnings': ReportService.get_warnings_overview(issues)
|
||||||
},
|
},
|
||||||
'glance':
|
'glance':
|
||||||
{
|
{
|
||||||
'scanned': ReportService.get_scanned(),
|
'scanned': ReportService.get_scanned(),
|
||||||
'exploited': ReportService.get_exploited(),
|
'exploited': ReportService.get_exploited(),
|
||||||
'stolen_creds': ReportService.get_stolen_creds()
|
'stolen_creds': ReportService.get_stolen_creds(),
|
||||||
|
'cross_segment_issues': cross_segment_issues
|
||||||
},
|
},
|
||||||
'recommendations':
|
'recommendations':
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue