p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent, Island: remove netstat collector and references

This commit is contained in:
VakarisZ 2021-11-11 15:33:50 +02:00
parent 9220cd2f5b
commit 9e3ac63090
4 changed files with 3 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
monkey/infection_monkey/system_info/__init__.py
View File

@ -7,7 +7,6 @@ import psutil
from common.common_consts.system_info_collectors_names import AZURE_CRED_COLLECTOR from common.common_consts.system_info_collectors_names import AZURE_CRED_COLLECTOR
from infection_monkey.network.info import get_host_subnets from infection_monkey.network.info import get_host_subnets
from infection_monkey.system_info.azure_cred_collector import AzureCollector from infection_monkey.system_info.azure_cred_collector import AzureCollector
from infection_monkey.system_info.netstat_collector import NetstatCollector
from infection_monkey.system_info.system_info_collectors_handler import SystemInfoCollectorsHandler from infection_monkey.system_info.system_info_collectors_handler import SystemInfoCollectorsHandler
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -72,15 +71,12 @@ class InfoCollector(object):
def get_network_info(self): def get_network_info(self):
""" """
Adds network information from the host to the system information. Adds network information from the host to the system information.
Currently updates with netstat and a list of networks accessible from host Currently updates with list of networks accessible from host
containing host ip and the subnet range containing host ip and the subnet range
:return: None. Updates class information :return: None. Updates class information
""" """
logger.debug("Reading subnets") logger.debug("Reading subnets")
self.info["network_info"] = { self.info["network_info"] = {"networks": get_host_subnets()}
"networks": get_host_subnets(),
"netstat": NetstatCollector.get_netstat_info(),
}
def get_azure_info(self): def get_azure_info(self):
""" """

42
monkey/infection_monkey/system_info/netstat_collector.py
View File

@ -1,42 +0,0 @@
# Inspired by Giampaolo Rodola's psutil example from
# https://github.com/giampaolo/psutil/blob/master/scripts/netstat.py
import logging
import socket
from socket import AF_INET, SOCK_DGRAM, SOCK_STREAM
import psutil
logger = logging.getLogger(__name__)
class NetstatCollector(object):
"""
Extract netstat info
"""
AF_INET6 = getattr(socket, "AF_INET6", object())
proto_map = {
(AF_INET, SOCK_STREAM): "tcp",
(AF_INET6, SOCK_STREAM): "tcp6",
(AF_INET, SOCK_DGRAM): "udp",
(AF_INET6, SOCK_DGRAM): "udp6",
}
@staticmethod
def get_netstat_info():
logger.info("Collecting netstat info")
return [NetstatCollector._parse_connection(c) for c in psutil.net_connections(kind="inet")]
@staticmethod
def _parse_connection(c):
return {
"proto": NetstatCollector.proto_map[(c.family, c.type)],
"local_address": c.laddr[0],
"local_port": c.laddr[1],
"remote_address": c.raddr[0] if c.raddr else None,
"remote_port": c.raddr[1] if c.raddr else None,
"status": c.status,
"pid": c.pid,
}

8
monkey/monkey_island/cc/services/attack/technique_reports/T1016.py
View File

@ -16,21 +16,13 @@ class T1016(AttackTechnique):
"$project": { "$project": {
"machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"}, "machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"},
"networks": "$data.network_info.networks", "networks": "$data.network_info.networks",
"netstat": "$data.network_info.netstat",
} }
}, },
{ {
"$addFields": { "$addFields": {
"_id": 0, "_id": 0,
"netstat": 0,
"networks": 0, "networks": 0,
"info": [ "info": [
{
"used": {
"$and": [{"$ifNull": ["$netstat", False]}, {"$gt": ["$netstat", {}]}]
},
"name": {"$literal": "Network connections (netstat)"},
},
{ {
"used": { "used": {
"$and": [{"$ifNull": ["$networks", False]}, {"$gt": ["$networks", {}]}] "$and": [{"$ifNull": ["$networks", False]}, {"$gt": ["$networks", {}]}]

9
monkey/monkey_island/cc/services/attack/technique_reports/T1082.py
View File

@ -16,7 +16,6 @@ class T1082(AttackTechnique):
"$project": { "$project": {
"machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"}, "machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"},
"aws": "$data.aws", "aws": "$data.aws",
"netstat": "$data.network_info.netstat",
"process_list": "$data.process_list", "process_list": "$data.process_list",
"ssh_info": "$data.ssh_info", "ssh_info": "$data.ssh_info",
"azure_info": "$data.Azure", "azure_info": "$data.Azure",
@ -28,7 +27,7 @@ class T1082(AttackTechnique):
"machine": 1, "machine": 1,
"collections": [ "collections": [
{ {
"used": {"$and": [{"$ifNull": ["$netstat", False]}, {"$gt": ["$aws", {}]}]}, "used": {"$and": [{"$gt": ["$aws", {}]}]},
"name": {"$literal": "Amazon Web Services info"}, "name": {"$literal": "Amazon Web Services info"},
}, },
{ {
@ -40,12 +39,6 @@ class T1082(AttackTechnique):
}, },
"name": {"$literal": "Running process list"}, "name": {"$literal": "Running process list"},
}, },
{
"used": {
"$and": [{"$ifNull": ["$netstat", False]}, {"$ne": ["$netstat", []]}]
},
"name": {"$literal": "Network connections"},
},
{ {
"used": { "used": {
"$and": [{"$ifNull": ["$ssh_info", False]}, {"$ne": ["$ssh_info", []]}] "$and": [{"$ifNull": ["$ssh_info", False]}, {"$ne": ["$ssh_info", []]}]