Domain name translation fully implemented and displayed in map and report

This commit is contained in:
VakarisZ 2018-10-02 14:45:42 +03:00
parent ef0ccc9cc9
commit 96cc4edba9
5 changed files with 49 additions and 9 deletions

View File

@ -5,9 +5,13 @@ from abc import ABCMeta, abstractmethod
import ipaddress import ipaddress
from six import text_type from six import text_type
import logging
import re
__author__ = 'itamar' __author__ = 'itamar'
LOG = logging.getLogger(__name__)
class NetworkRange(object): class NetworkRange(object):
__metaclass__ = ABCMeta __metaclass__ = ABCMeta
@ -111,7 +115,7 @@ class IpRange(NetworkRange):
class SingleIpRange(NetworkRange): class SingleIpRange(NetworkRange):
def __init__(self, ip_address, shuffle=True): def __init__(self, ip_address, shuffle=True):
super(SingleIpRange, self).__init__(shuffle=shuffle) super(SingleIpRange, self).__init__(shuffle=shuffle)
self._ip_address = ip_address self._ip_address, self.domain_name = self.string_to_host(ip_address)
def __repr__(self): def __repr__(self):
return "<SingleIpRange %s>" % (self._ip_address,) return "<SingleIpRange %s>" % (self._ip_address,)
@ -121,3 +125,26 @@ class SingleIpRange(NetworkRange):
def _get_range(self): def _get_range(self):
return [SingleIpRange._ip_to_number(self._ip_address)] return [SingleIpRange._ip_to_number(self._ip_address)]
@staticmethod
def string_to_host(string):
"""
Converts the string that user entered in "Scan IP/subnet list" to dict of domain name and ip
:param string: String that was entered in "Scan IP/subnet list"
:return: A tuple in format (IP, domain_name). Eg. (192.168.55.1, www.google.com)
"""
# The most common use case is to enter ip/range into "Scan IP/subnet list"
domain_name = ''
ip = string
# If a string was entered instead of IP we presume that it was domain name and translate it
if re.search('[a-zA-Z]', string):
try:
ip = socket.gethostbyname(string)
domain_name = string
except socket.error:
LOG.error(
"You'r specified host: {} is neither found as domain name nor it's an IP address".format(string))
return socket.error
return ip, domain_name

View File

@ -2,8 +2,9 @@ __author__ = 'itamar'
class VictimHost(object): class VictimHost(object):
def __init__(self, ip_addr): def __init__(self, ip_addr, domain_name=''):
self.ip_addr = ip_addr self.ip_addr = ip_addr
self.domain_name = domain_name
self.os = {} self.os = {}
self.services = {} self.services = {}
self.monkey_exe = None self.monkey_exe = None

View File

@ -7,6 +7,7 @@ from infection_monkey.network.info import local_ips, get_interfaces_ranges
from infection_monkey.model import VictimHost from infection_monkey.model import VictimHost
from infection_monkey.network import HostScanner from infection_monkey.network import HostScanner
from infection_monkey.network import TcpScanner, PingScanner from infection_monkey.network import TcpScanner, PingScanner
__author__ = 'itamar' __author__ = 'itamar'
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -78,7 +79,10 @@ class NetworkScanner(object):
for net_range in self._ranges: for net_range in self._ranges:
LOG.debug("Scanning for potential victims in the network %r", net_range) LOG.debug("Scanning for potential victims in the network %r", net_range)
for ip_addr in net_range: for ip_addr in net_range:
victim = VictimHost(ip_addr) if hasattr(net_range, 'domain_name'):
victim = VictimHost(ip_addr, net_range.domain_name)
else:
victim = VictimHost(ip_addr)
if stop_callback and stop_callback(): if stop_callback and stop_callback():
LOG.debug("Got stop signal") LOG.debug("Got stop signal")
break break

View File

@ -90,10 +90,11 @@ class Telemetry(flask_restful.Resource):
@staticmethod @staticmethod
def get_edge_by_scan_or_exploit_telemetry(telemetry_json): def get_edge_by_scan_or_exploit_telemetry(telemetry_json):
dst_ip = telemetry_json['data']['machine']['ip_addr'] dst_ip = telemetry_json['data']['machine']['ip_addr']
dst_domain_name = telemetry_json['data']['machine']['domain_name']
src_monkey = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid']) src_monkey = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])
dst_node = NodeService.get_monkey_by_ip(dst_ip) dst_node = NodeService.get_monkey_by_ip(dst_ip)
if dst_node is None: if dst_node is None:
dst_node = NodeService.get_or_create_node(dst_ip) dst_node = NodeService.get_or_create_node(dst_ip, dst_domain_name)
return EdgeService.get_or_create_edge(src_monkey["_id"], dst_node["_id"]) return EdgeService.get_or_create_edge(src_monkey["_id"], dst_node["_id"])
@ -144,6 +145,7 @@ class Telemetry(flask_restful.Resource):
edge = Telemetry.get_edge_by_scan_or_exploit_telemetry(telemetry_json) edge = Telemetry.get_edge_by_scan_or_exploit_telemetry(telemetry_json)
data = copy.deepcopy(telemetry_json['data']['machine']) data = copy.deepcopy(telemetry_json['data']['machine'])
ip_address = data.pop("ip_addr") ip_address = data.pop("ip_addr")
domain_name = data.pop("domain_name")
new_scan = \ new_scan = \
{ {
"timestamp": telemetry_json["timestamp"], "timestamp": telemetry_json["timestamp"],
@ -153,7 +155,7 @@ class Telemetry(flask_restful.Resource):
mongo.db.edge.update( mongo.db.edge.update(
{"_id": edge["_id"]}, {"_id": edge["_id"]},
{"$push": {"scans": new_scan}, {"$push": {"scans": new_scan},
"$set": {"ip_address": ip_address}} "$set": {"ip_address": ip_address, 'domain_name': domain_name}}
) )
node = mongo.db.node.find_one({"_id": edge["to"]}) node = mongo.db.node.find_one({"_id": edge["to"]})

View File

@ -41,6 +41,7 @@ class NodeService:
# node is uninfected # node is uninfected
new_node = NodeService.node_to_net_node(node, for_report) new_node = NodeService.node_to_net_node(node, for_report)
new_node["ip_addresses"] = node["ip_addresses"] new_node["ip_addresses"] = node["ip_addresses"]
new_node["domain_name"] = node["domain_name"]
for edge in edges: for edge in edges:
accessible_from_nodes.append(NodeService.get_monkey_label(NodeService.get_monkey_by_id(edge["from"]))) accessible_from_nodes.append(NodeService.get_monkey_label(NodeService.get_monkey_by_id(edge["from"])))
@ -62,7 +63,9 @@ class NodeService:
@staticmethod @staticmethod
def get_node_label(node): def get_node_label(node):
return node["os"]["version"] + " : " + node["ip_addresses"][0] if node["domain_name"]:
node["domain_name"] = " ("+node["domain_name"]+")"
return node["os"]["version"] + " : " + node["ip_addresses"][0] + node["domain_name"]
@staticmethod @staticmethod
def _cmp_exploits_by_timestamp(exploit_1, exploit_2): def _cmp_exploits_by_timestamp(exploit_1, exploit_2):
@ -137,6 +140,7 @@ class NodeService:
"group": NodeService.get_monkey_group(monkey), "group": NodeService.get_monkey_group(monkey),
"os": NodeService.get_monkey_os(monkey), "os": NodeService.get_monkey_os(monkey),
"dead": monkey["dead"], "dead": monkey["dead"],
"domain_name": ""
} }
@staticmethod @staticmethod
@ -176,10 +180,11 @@ class NodeService:
upsert=False) upsert=False)
@staticmethod @staticmethod
def insert_node(ip_address): def insert_node(ip_address, domain_name=''):
new_node_insert_result = mongo.db.node.insert_one( new_node_insert_result = mongo.db.node.insert_one(
{ {
"ip_addresses": [ip_address], "ip_addresses": [ip_address],
"domain_name": domain_name,
"exploited": False, "exploited": False,
"creds": [], "creds": [],
"os": "os":
@ -191,10 +196,10 @@ class NodeService:
return mongo.db.node.find_one({"_id": new_node_insert_result.inserted_id}) return mongo.db.node.find_one({"_id": new_node_insert_result.inserted_id})
@staticmethod @staticmethod
def get_or_create_node(ip_address): def get_or_create_node(ip_address, domain_name=''):
new_node = mongo.db.node.find_one({"ip_addresses": ip_address}) new_node = mongo.db.node.find_one({"ip_addresses": ip_address})
if new_node is None: if new_node is None:
new_node = NodeService.insert_node(ip_address) new_node = NodeService.insert_node(ip_address, domain_name)
return new_node return new_node
@staticmethod @staticmethod
@ -261,6 +266,7 @@ class NodeService:
def get_monkey_island_node(): def get_monkey_island_node():
island_node = NodeService.get_monkey_island_pseudo_net_node() island_node = NodeService.get_monkey_island_pseudo_net_node()
island_node["ip_addresses"] = local_ip_addresses() island_node["ip_addresses"] = local_ip_addresses()
island_node["domain_name"] = ""
return island_node return island_node
@staticmethod @staticmethod