forked from p34709852/monkey
Exported telem categories into dict, moved scoutsuite submodule to a different dir
This commit is contained in:
parent
b14193f848
commit
a365d2eb3c
|
@ -5,5 +5,5 @@
|
|||
path = docs/themes/learn
|
||||
url = https://github.com/guardicode/hugo-theme-learn.git
|
||||
[submodule "monkey/infection_monkey/system_info/collectors/scoutsuite"]
|
||||
path = monkey/infection_monkey/system_info/collectors/scoutsuite
|
||||
path = monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite
|
||||
url = https://github.com/ShayNehmad/ScoutSuite.git
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
class TelemCategoryEnum:
|
||||
EXPLOIT = 'exploit'
|
||||
POST_BREACH = 'post_breach'
|
||||
SCAN = 'scan'
|
||||
SCOUTSUITE = 'scoutsuite'
|
||||
STATE = 'state'
|
||||
SYSTEM_INFO = 'system_info'
|
||||
TRACE = 'trace'
|
||||
TUNNEL = 'tunnel'
|
|
@ -9,7 +9,7 @@ from requests.exceptions import ConnectionError
|
|||
|
||||
import infection_monkey.monkeyfs as monkeyfs
|
||||
import infection_monkey.tunnel as tunnel
|
||||
from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
|
||||
from common.common_consts.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
|
||||
from infection_monkey.config import GUID, WormConfiguration
|
||||
from infection_monkey.network.info import check_internet_access, local_ips
|
||||
from infection_monkey.transport.http import HTTPConnectProxy
|
||||
|
|
|
@ -10,7 +10,7 @@ import re
|
|||
|
||||
import requests
|
||||
|
||||
from common.data.network_consts import ES_SERVICE
|
||||
from common.common_consts.network_consts import ES_SERVICE
|
||||
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
||||
from infection_monkey.exploit.web_rce import WebRCE
|
||||
from infection_monkey.model import (BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND,
|
||||
|
|
|
@ -6,7 +6,7 @@ import requests
|
|||
from requests.exceptions import ConnectionError, Timeout
|
||||
|
||||
import infection_monkey.config
|
||||
from common.data.network_consts import ES_SERVICE
|
||||
from common.common_consts.network_consts import ES_SERVICE
|
||||
from infection_monkey.network.HostFinger import HostFinger
|
||||
|
||||
ES_PORT = 9200
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER
|
||||
from infection_monkey.config import WormConfiguration
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
from infection_monkey.utils.users import get_commands_to_add_user
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_SETUID_SETGID
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_SETUID_SETGID
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
from infection_monkey.post_breach.setuid_setgid.setuid_setgid import \
|
||||
get_commands_to_change_setuid_setgid
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import subprocess
|
||||
|
||||
from common.data.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY
|
||||
from infection_monkey.post_breach.clear_command_history.clear_command_history import \
|
||||
get_commands_to_clear_command_history
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
|
|
|
@ -3,7 +3,7 @@ import random
|
|||
import string
|
||||
import subprocess
|
||||
|
||||
from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
||||
from infection_monkey.utils.auto_new_user_factory import create_auto_new_user
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY
|
||||
from infection_monkey.post_breach.account_discovery.account_discovery import \
|
||||
get_commands_to_discover_accounts
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_HIDDEN_FILES
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import subprocess
|
||||
|
||||
from common.data.post_breach_consts import \
|
||||
from common.common_consts.post_breach_consts import \
|
||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import \
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_JOB_SCHEDULING
|
||||
from infection_monkey.post_breach.job_scheduling.job_scheduling import (
|
||||
get_commands_to_schedule_jobs, remove_scheduled_jobs)
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import logging
|
||||
import subprocess
|
||||
|
||||
from common.data.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
from infection_monkey.post_breach.signed_script_proxy.signed_script_proxy import (
|
||||
cleanup_changes, get_commands_to_proxy_execution_using_signed_script)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_TRAP_COMMAND
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
from infection_monkey.post_breach.trap_command.trap_command import \
|
||||
get_trap_commands
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import logging
|
||||
import os
|
||||
|
||||
from common.data.post_breach_consts import POST_BREACH_FILE_EXECUTION
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_FILE_EXECUTION
|
||||
from common.utils.attack_utils import ScanStatus
|
||||
from infection_monkey.config import WormConfiguration
|
||||
from infection_monkey.control import ControlClient
|
||||
|
|
|
@ -4,7 +4,7 @@ from enum import IntEnum
|
|||
|
||||
import psutil
|
||||
|
||||
from common.data.system_info_collectors_names import AZURE_CRED_COLLECTOR
|
||||
from common.common_consts.system_info_collectors_names import AZURE_CRED_COLLECTOR
|
||||
from infection_monkey.network.info import get_host_subnets
|
||||
from infection_monkey.system_info.azure_cred_collector import AzureCollector
|
||||
from infection_monkey.system_info.netstat_collector import NetstatCollector
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import logging
|
||||
|
||||
from common.cloud.aws.aws_instance import AwsInstance
|
||||
from common.data.system_info_collectors_names import AWS_COLLECTOR
|
||||
from common.common_consts.system_info_collectors_names import AWS_COLLECTOR
|
||||
from infection_monkey.system_info.system_info_collector import \
|
||||
SystemInfoCollector
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
from common.cloud.all_instances import get_all_cloud_instances
|
||||
from common.cloud.environment_names import Environment
|
||||
from common.data.system_info_collectors_names import ENVIRONMENT_COLLECTOR
|
||||
from common.common_consts.system_info_collectors_names import ENVIRONMENT_COLLECTOR
|
||||
from infection_monkey.system_info.system_info_collector import \
|
||||
SystemInfoCollector
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import logging
|
||||
import socket
|
||||
|
||||
from common.data.system_info_collectors_names import HOSTNAME_COLLECTOR
|
||||
from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR
|
||||
from infection_monkey.system_info.system_info_collector import \
|
||||
SystemInfoCollector
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@ import logging
|
|||
|
||||
import psutil
|
||||
|
||||
from common.data.system_info_collectors_names import PROCESS_LIST_COLLECTOR
|
||||
from common.common_consts.system_info_collectors_names import PROCESS_LIST_COLLECTOR
|
||||
from infection_monkey.system_info.system_info_collector import \
|
||||
SystemInfoCollector
|
||||
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
import logging
|
||||
import tempfile
|
||||
|
||||
from common.cloud.environment_names import Environment
|
||||
from common.data.system_info_collectors_names import SCOUTSUITE_COLLECTOR
|
||||
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
|
||||
from infection_monkey.system_info.collectors.scoutsuite.ScoutSuite.__main__ import run
|
||||
from system_info.collectors.environment_collector import get_monkey_environment
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class ScoutSuiteCollector(SystemInfoCollector):
|
||||
def __init__(self):
|
||||
super().__init__(name=SCOUTSUITE_COLLECTOR)
|
||||
|
||||
def collect(self) -> dict:
|
||||
env = get_monkey_environment()
|
||||
env = "AWS"
|
||||
if env == Environment.ON_PREMISE.value:
|
||||
logger.info("Monkey is not on cloud; not running ScoutSuite")
|
||||
return {}
|
||||
else:
|
||||
tmp_dir_path = tempfile.mkdtemp()
|
||||
logger.info(f"Attempting to execute ScoutSuite with {env.lower()}, saving results in {tmp_dir_path}")
|
||||
|
||||
scout_suite_results = run(
|
||||
env.lower(),
|
||||
debug=True,
|
||||
quiet=False,
|
||||
no_browser=True,
|
||||
report_dir=tmp_dir_path)
|
||||
return {
|
||||
"Environment": env,
|
||||
"Results": scout_suite_results
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
Subproject commit e784fc27ae8311c3c610bccd556d2bef3cd54d63
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 6707e052b8573a4f9eaee7f77f6c5de404f3e8fd
|
|
@ -2,7 +2,7 @@ import logging
|
|||
import os
|
||||
import sys
|
||||
|
||||
from common.data.system_info_collectors_names import MIMIKATZ_COLLECTOR
|
||||
from common.common_consts.system_info_collectors_names import MIMIKATZ_COLLECTOR
|
||||
from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import \
|
||||
MimikatzCredentialCollector
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||
|
||||
__author__ = "itay.mizeretz"
|
||||
|
@ -15,7 +16,7 @@ class ExploitTelem(BaseTelem):
|
|||
self.exploiter = exploiter
|
||||
self.result = result
|
||||
|
||||
telem_category = 'exploit'
|
||||
telem_category = TelemCategoryEnum.EXPLOIT
|
||||
|
||||
def get_data(self):
|
||||
return {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import socket
|
||||
|
||||
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||
|
||||
__author__ = "itay.mizeretz"
|
||||
|
@ -18,7 +19,7 @@ class PostBreachTelem(BaseTelem):
|
|||
self.result = result
|
||||
self.hostname, self.ip = PostBreachTelem._get_hostname_and_ip()
|
||||
|
||||
telem_category = 'post_breach'
|
||||
telem_category = TelemCategoryEnum.POST_BREACH
|
||||
|
||||
def get_data(self):
|
||||
return {
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||
|
||||
__author__ = "itay.mizeretz"
|
||||
|
@ -13,7 +14,7 @@ class ScanTelem(BaseTelem):
|
|||
super(ScanTelem, self).__init__()
|
||||
self.machine = machine
|
||||
|
||||
telem_category = 'scan'
|
||||
telem_category = TelemCategoryEnum.SCAN
|
||||
|
||||
def get_data(self):
|
||||
return {
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||
|
||||
__author__ = "itay.mizeretz"
|
||||
|
@ -14,7 +15,7 @@ class StateTelem(BaseTelem):
|
|||
self.is_done = is_done
|
||||
self.version = version
|
||||
|
||||
telem_category = 'state'
|
||||
telem_category = TelemCategoryEnum.STATE
|
||||
|
||||
def get_data(self):
|
||||
return {
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||
|
||||
__author__ = "itay.mizeretz"
|
||||
|
@ -13,7 +14,7 @@ class SystemInfoTelem(BaseTelem):
|
|||
super(SystemInfoTelem, self).__init__()
|
||||
self.system_info = system_info
|
||||
|
||||
telem_category = 'system_info'
|
||||
telem_category = TelemCategoryEnum.SYSTEM_INFO
|
||||
|
||||
def get_data(self):
|
||||
return self.system_info
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import logging
|
||||
|
||||
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||
|
||||
__author__ = "itay.mizeretz"
|
||||
|
@ -18,7 +19,7 @@ class TraceTelem(BaseTelem):
|
|||
self.msg = msg
|
||||
LOG.debug("Trace: %s" % msg)
|
||||
|
||||
telem_category = 'trace'
|
||||
telem_category = TelemCategoryEnum.TRACE
|
||||
|
||||
def get_data(self):
|
||||
return {
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||
from infection_monkey.control import ControlClient
|
||||
from infection_monkey.telemetry.base_telem import BaseTelem
|
||||
|
||||
|
@ -13,7 +14,7 @@ class TunnelTelem(BaseTelem):
|
|||
super(TunnelTelem, self).__init__()
|
||||
self.proxy = ControlClient.proxies.get('https')
|
||||
|
||||
telem_category = 'tunnel'
|
||||
telem_category = TelemCategoryEnum.TUNNEL
|
||||
|
||||
def get_data(self):
|
||||
return {'proxy': self.proxy}
|
||||
|
|
|
@ -6,7 +6,7 @@ from flask import Flask, Response, send_from_directory
|
|||
from werkzeug.exceptions import NotFound
|
||||
|
||||
import monkey_island.cc.environment.environment_singleton as env_singleton
|
||||
from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
|
||||
from common.common_consts.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
|
||||
from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH
|
||||
from monkey_island.cc.database import database, mongo
|
||||
from monkey_island.cc.resources.attack.attack_config import AttackConfiguration
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.finding import Finding
|
||||
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@ from datetime import datetime
|
|||
|
||||
from mongoengine import DateTimeField, EmbeddedDocument, StringField
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
|
||||
|
||||
class Event(EmbeddedDocument):
|
||||
|
|
|
@ -6,7 +6,7 @@ from typing import List
|
|||
|
||||
from mongoengine import Document, EmbeddedDocumentListField, StringField
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
# Dummy import for mongoengine.
|
||||
# noinspection PyUnresolvedReferences
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
from mongoengine import StringField
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.finding import Finding
|
||||
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ import unittest
|
|||
import mongomock
|
||||
from packaging import version
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import \
|
||||
AggregateFinding
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
from mongoengine import ValidationError
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
from mongoengine import ValidationError
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
from monkey_island.cc.models.zero_trust.finding import Finding
|
||||
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
from monkey_island.cc.models.zero_trust.segmentation_finding import \
|
||||
SegmentationFinding
|
||||
|
|
|
@ -6,6 +6,7 @@ import dateutil
|
|||
import flask_restful
|
||||
from flask import request
|
||||
|
||||
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.models.monkey import Monkey
|
||||
from monkey_island.cc.resources.auth.auth import jwt_required
|
||||
|
@ -74,7 +75,7 @@ class Telemetry(flask_restful.Resource):
|
|||
monkey_label = telem_monkey_guid
|
||||
x["monkey"] = monkey_label
|
||||
objects.append(x)
|
||||
if x['telem_category'] == 'system_info' and 'credentials' in x['data']:
|
||||
if x['telem_category'] == TelemCategoryEnum.SYSTEM_INFO and 'credentials' in x['data']:
|
||||
for user in x['data']['credentials']:
|
||||
if -1 != user.find(','):
|
||||
new_user = user.replace(',', '.')
|
||||
|
|
|
@ -6,6 +6,7 @@ import flask_pymongo
|
|||
import flask_restful
|
||||
from flask import request
|
||||
|
||||
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.resources.auth.auth import jwt_required
|
||||
from monkey_island.cc.services.node import NodeService
|
||||
|
@ -109,11 +110,11 @@ class TelemetryFeed(flask_restful.Resource):
|
|||
|
||||
TELEM_PROCESS_DICT = \
|
||||
{
|
||||
'tunnel': TelemetryFeed.get_tunnel_telem_brief,
|
||||
'state': TelemetryFeed.get_state_telem_brief,
|
||||
'exploit': TelemetryFeed.get_exploit_telem_brief,
|
||||
'scan': TelemetryFeed.get_scan_telem_brief,
|
||||
'system_info': TelemetryFeed.get_systeminfo_telem_brief,
|
||||
'trace': TelemetryFeed.get_trace_telem_brief,
|
||||
'post_breach': TelemetryFeed.get_post_breach_telem_brief
|
||||
TelemCategoryEnum.TUNNEL: TelemetryFeed.get_tunnel_telem_brief,
|
||||
TelemCategoryEnum.STATE: TelemetryFeed.get_state_telem_brief,
|
||||
TelemCategoryEnum.EXPLOIT: TelemetryFeed.get_exploit_telem_brief,
|
||||
TelemCategoryEnum.SCAN: TelemetryFeed.get_scan_telem_brief,
|
||||
TelemCategoryEnum.SYSTEM_INFO: TelemetryFeed.get_systeminfo_telem_brief,
|
||||
TelemCategoryEnum.TRACE: TelemetryFeed.get_trace_telem_brief,
|
||||
TelemCategoryEnum.POST_BREACH: TelemetryFeed.get_post_breach_telem_brief
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_JOB_SCHEDULING
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import (
|
||||
from common.common_consts.post_breach_consts import (
|
||||
POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER)
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_TRAP_COMMAND
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import \
|
||||
from common.common_consts.post_breach_consts import \
|
||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_HIDDEN_FILES
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_SETUID_SETGID
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_SETUID_SETGID
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_JOB_SCHEDULING
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.post_breach_consts import \
|
||||
from common.common_consts.post_breach_consts import \
|
||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
||||
from monkey_island.cc.services.attack.technique_reports.pba_technique import \
|
||||
PostBreachTechnique
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.data.validation_formats import IP, IP_RANGE
|
||||
from common.common_consts.validation_formats import IP, IP_RANGE
|
||||
from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN
|
||||
|
||||
BASIC_NETWORK = {
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
from common.data.system_info_collectors_names import (AWS_COLLECTOR,
|
||||
AZURE_CRED_COLLECTOR,
|
||||
ENVIRONMENT_COLLECTOR,
|
||||
HOSTNAME_COLLECTOR,
|
||||
MIMIKATZ_COLLECTOR,
|
||||
PROCESS_LIST_COLLECTOR)
|
||||
from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR,
|
||||
AZURE_CRED_COLLECTOR,
|
||||
ENVIRONMENT_COLLECTOR,
|
||||
HOSTNAME_COLLECTOR,
|
||||
MIMIKATZ_COLLECTOR,
|
||||
PROCESS_LIST_COLLECTOR)
|
||||
|
||||
SYSTEM_INFO_COLLECTOR_CLASSES = {
|
||||
"title": "System Information Collectors",
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
from common.data.system_info_collectors_names import (AWS_COLLECTOR,
|
||||
AZURE_CRED_COLLECTOR,
|
||||
ENVIRONMENT_COLLECTOR,
|
||||
HOSTNAME_COLLECTOR,
|
||||
MIMIKATZ_COLLECTOR,
|
||||
PROCESS_LIST_COLLECTOR)
|
||||
from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR,
|
||||
AZURE_CRED_COLLECTOR,
|
||||
ENVIRONMENT_COLLECTOR,
|
||||
HOSTNAME_COLLECTOR,
|
||||
MIMIKATZ_COLLECTOR,
|
||||
PROCESS_LIST_COLLECTOR)
|
||||
|
||||
MONKEY = {
|
||||
"title": "Monkey",
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
import monkey_island.cc.services.reporting.zero_trust_service
|
||||
from monkey_island.cc.models.zero_trust.finding import Finding
|
||||
from monkey_island.cc.services.reporting.zero_trust_service import \
|
||||
|
|
|
@ -2,7 +2,7 @@ from typing import List
|
|||
|
||||
from bson.objectid import ObjectId
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.finding import Finding
|
||||
|
||||
# How many events of a single finding to return to UI.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import copy
|
||||
|
||||
from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
|
||||
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import \
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
import logging
|
||||
import typing
|
||||
|
||||
from common.data.system_info_collectors_names import (AWS_COLLECTOR,
|
||||
ENVIRONMENT_COLLECTOR,
|
||||
HOSTNAME_COLLECTOR,
|
||||
PROCESS_LIST_COLLECTOR,
|
||||
SCOUTSUITE_COLLECTOR)
|
||||
from common.common_consts.system_info_collectors_names import (AWS_COLLECTOR,
|
||||
ENVIRONMENT_COLLECTOR,
|
||||
HOSTNAME_COLLECTOR,
|
||||
PROCESS_LIST_COLLECTOR,
|
||||
SCOUTSUITE_COLLECTOR)
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import \
|
||||
process_aws_telemetry
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import json
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import \
|
||||
AggregateFinding
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import \
|
||||
AggregateFinding
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import json
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
from common.data.network_consts import ES_SERVICE
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from common.common_consts.network_consts import ES_SERVICE
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import (
|
||||
AggregateFinding, add_malicious_activity_to_timeline)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import (
|
||||
AggregateFinding, add_malicious_activity_to_timeline)
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import itertools
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from common.network.network_range import NetworkRange
|
||||
from common.network.segmentation_utils import (get_ip_if_in_subnet,
|
||||
get_ip_in_src_and_not_in_dst)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import uuid
|
||||
|
||||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
from monkey_island.cc.models.zero_trust.finding import Finding
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import common.data.zero_trust_consts as zero_trust_consts
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import (
|
||||
AggregateFinding, add_malicious_activity_to_timeline)
|
||||
|
|
Loading…
Reference in New Issue