forked from p34709852/monkey
Test schema's change to production, minor comment improvements
This commit is contained in:
VakarisZ
parent
00c19aa3b9
commit
ae6e83d4c6
|
|
@ -11,7 +11,9 @@ SCHEMA = {
|
|||
"type": "bool",
|
||||
"value": True,
|
||||
"necessary": False,
|
||||
"description": "Adversaries may steal the credentials of a specific user or service account using "
|
||||
"description": "Mapped with T1003 Credential dumping because both techniques "
|
||||
"require same credential harvesting modules. "
|
||||
"Adversaries may steal the credentials of a specific user or service account using "
|
||||
"Credential Access techniques or capture credentials earlier in their "
|
||||
"reconnaissance process.",
|
||||
"depends_on": ["T1003"]
|
||||
|
|
@ -48,7 +50,7 @@ SCHEMA = {
|
|||
"T1110": {
|
||||
"title": "T1110 Brute force",
|
||||
"type": "bool",
|
||||
"value": False,
|
||||
"value": True,
|
||||
"necessary": False,
|
||||
"description": "Adversaries may use brute force techniques to attempt access to accounts "
|
||||
"when passwords are unknown or when password hashes are obtained."
|
||||
|
|
@ -58,7 +60,9 @@ SCHEMA = {
|
|||
"type": "bool",
|
||||
"value": True,
|
||||
"necessary": False,
|
||||
"description": "Credential dumping is the process of obtaining account login and password "
|
||||
"description": "Mapped with T1078 Valid Accounts because both techniques require"
|
||||
" same credential harvesting modules. "
|
||||
"Credential dumping is the process of obtaining account login and password "
|
||||
"information, normally in the form of a hash or a clear text password, "
|
||||
"from the operating system and software.",
|
||||
"depends_on": ["T1078"]
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ SCHEMA = {
|
|||
"SmbExploiter"
|
||||
],
|
||||
"title": "SMB Exploiter",
|
||||
"attack_techniques": ["T1110", "T1210", "T1021", "T1035", "T1075", "T16616161"]
|
||||
"attack_techniques": ["T1110", "T1210", "T1075"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -22,7 +22,7 @@ SCHEMA = {
|
|||
"WmiExploiter"
|
||||
],
|
||||
"title": "WMI Exploiter",
|
||||
"attack_techniques": ["T1110"]
|
||||
"attack_techniques": ["T1110", "T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -30,7 +30,7 @@ SCHEMA = {
|
|||
"MSSQLExploiter"
|
||||
],
|
||||
"title": "MSSQL Exploiter",
|
||||
"attack_techniques": ["T1110"]
|
||||
"attack_techniques": ["T1110", "T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -54,7 +54,7 @@ SCHEMA = {
|
|||
"SSHExploiter"
|
||||
],
|
||||
"title": "SSH Exploiter",
|
||||
"attack_techniques": ["T1110"]
|
||||
"attack_techniques": ["T1110", "T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -62,7 +62,7 @@ SCHEMA = {
|
|||
"ShellShockExploiter"
|
||||
],
|
||||
"title": "ShellShock Exploiter",
|
||||
"attack_techniques": []
|
||||
"attack_techniques": ["T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -70,7 +70,7 @@ SCHEMA = {
|
|||
"SambaCryExploiter"
|
||||
],
|
||||
"title": "SambaCry Exploiter",
|
||||
"attack_techniques": []
|
||||
"attack_techniques": ["T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -78,7 +78,7 @@ SCHEMA = {
|
|||
"ElasticGroovyExploiter"
|
||||
],
|
||||
"title": "ElasticGroovy Exploiter",
|
||||
"attack_techniques": []
|
||||
"attack_techniques": ["T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -86,7 +86,7 @@ SCHEMA = {
|
|||
"Struts2Exploiter"
|
||||
],
|
||||
"title": "Struts2 Exploiter",
|
||||
"attack_techniques": []
|
||||
"attack_techniques": ["T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -94,7 +94,7 @@ SCHEMA = {
|
|||
"WebLogicExploiter"
|
||||
],
|
||||
"title": "Oracle Web Logic Exploiter",
|
||||
"attack_techniques": []
|
||||
"attack_techniques": ["T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -102,7 +102,7 @@ SCHEMA = {
|
|||
"HadoopExploiter"
|
||||
],
|
||||
"title": "Hadoop/Yarn Exploiter",
|
||||
"attack_techniques": []
|
||||
"attack_techniques": ["T1210"]
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
@ -116,7 +116,7 @@ SCHEMA = {
|
|||
"BackdoorUser"
|
||||
],
|
||||
"title": "Back door user",
|
||||
"attack_techniques": ["T1110"]
|
||||
"attack_techniques": []
|
||||
},
|
||||
],
|
||||
},
|
||||
|
|
@ -129,7 +129,8 @@ SCHEMA = {
|
|||
"enum": [
|
||||
"SMBFinger"
|
||||
],
|
||||
"title": "SMBFinger"
|
||||
"title": "SMBFinger",
|
||||
"attack_techniques": ["T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -137,7 +138,7 @@ SCHEMA = {
|
|||
"SSHFinger"
|
||||
],
|
||||
"title": "SSHFinger",
|
||||
"attack_techniques": ["T1110"]
|
||||
"attack_techniques": ["T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
|
|
@ -158,14 +159,16 @@ SCHEMA = {
|
|||
"enum": [
|
||||
"MySQLFinger"
|
||||
],
|
||||
"title": "MySQLFinger"
|
||||
"title": "MySQLFinger",
|
||||
"attack_techniques": ["T1210"]
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"MSSQLFinger"
|
||||
],
|
||||
"title": "MSSQLFinger"
|
||||
"title": "MSSQLFinger",
|
||||
"attack_techniques": ["T1210"]
|
||||
},
|
||||
|
||||
{
|
||||
|
|
@ -173,7 +176,8 @@ SCHEMA = {
|
|||
"enum": [
|
||||
"ElasticFinger"
|
||||
],
|
||||
"title": "ElasticFinger"
|
||||
"title": "ElasticFinger",
|
||||
"attack_techniques": ["T1210"]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -409,7 +413,7 @@ SCHEMA = {
|
|||
"title": "Should use Mimikatz",
|
||||
"type": "boolean",
|
||||
"default": True,
|
||||
"attack_techniques": ["T1110", "T1078", "T123123123"],
|
||||
"attack_techniques": ["T1110", "T1078"],
|
||||
"description": "Determines whether to use Mimikatz"
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ let findMaxTechniques = function (data){
|
|||
return maxLen
|
||||
};
|
||||
|
||||
// Parses config schema into data suitable for react-table (ATT&CK matrix)
|
||||
// Parses ATT&CK config schema into data suitable for react-table (ATT&CK matrix)
|
||||
let parseTechniques = function (data, maxLen) {
|
||||
let techniques = [];
|
||||
// Create rows with attack techniques
|
||||
|
|
@ -46,7 +46,7 @@ let parseTechniques = function (data, maxLen) {
|
|||
class MatrixComponent extends AuthComponent {
|
||||
constructor(props) {
|
||||
super(props);
|
||||
// Copy configuration and parse it for ATT&CK matrix table
|
||||
// Copy ATT&CK configuration and parse it for ATT&CK matrix table
|
||||
let configCopy = JSON.parse(JSON.stringify(this.props.configuration));
|
||||
this.state = {lastAction: 'none',
|
||||
configData: this.props.configuration,
|
||||
|
|
@ -117,6 +117,7 @@ class MatrixComponent extends AuthComponent {
|
|||
});
|
||||
};
|
||||
|
||||
// Updates state based on values in config supplied.
|
||||
updateStateFromConfig = (config, lastAction = '') => {
|
||||
let configCopy = JSON.parse(JSON.stringify(config));
|
||||
let maxTechniques = findMaxTechniques(Object.values(configCopy));
|
||||
|
|
@ -131,6 +132,7 @@ class MatrixComponent extends AuthComponent {
|
|||
});
|
||||
};
|
||||
|
||||
// Handles change in technique, when user toggles it
|
||||
handleTechniqueChange = (technique, value, mapped=false) => {
|
||||
// Change value on configuration
|
||||
Object.entries(this.state.configData).forEach(techType => {
|
||||
|
|
@ -139,9 +141,7 @@ class MatrixComponent extends AuthComponent {
|
|||
tempMatrix[techType[0]].properties[technique].value = value;
|
||||
// Toggle all mapped techniques
|
||||
if (! mapped && tempMatrix[techType[0]].properties[technique].hasOwnProperty('depends_on')){
|
||||
console.log("Triggered");
|
||||
tempMatrix[techType[0]].properties[technique].depends_on.forEach(mappedTechnique => {
|
||||
console.log(mappedTechnique)
|
||||
this.handleTechniqueChange(mappedTechnique, value, true)
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -277,7 +277,6 @@ class ConfigurePageComponent extends AuthComponent {
|
|||
displayedSchema = this.state.schema['properties'][this.state.selectedSection];
|
||||
displayedSchema['definitions'] = this.state.schema['definitions'];
|
||||
}
|
||||
|
||||
return (
|
||||
<Col xs={12} lg={8}>
|
||||
<h1 className="page-title">Monkey Configuration</h1>
|
||||
|
|
@ -299,9 +298,11 @@ class ConfigurePageComponent extends AuthComponent {
|
|||
}
|
||||
{ this.state.selectedSection ?
|
||||
<Form schema={displayedSchema}
|
||||
uiSchema={this.uiSchema}
|
||||
formData={this.state.configuration[this.state.selectedSection]}
|
||||
onSubmit={this.onSubmit}
|
||||
onChange={this.onChange}>
|
||||
onChange={this.onChange}
|
||||
noValidate={true}>
|
||||
<div>
|
||||
{ this.state.allMonkeysAreDead ?
|
||||
'' :
|
||||
|
|
@ -364,7 +365,6 @@ class ConfigurePageComponent extends AuthComponent {
|
|||
</div>
|
||||
: ''}
|
||||
</div>
|
||||
|
||||
</Col>
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,8 +20,7 @@ class Checkbox extends React.PureComponent {
|
|||
this.ping = this.ping.bind(this);
|
||||
this.composeStateClasses = this.composeStateClasses.bind(this);
|
||||
}
|
||||
|
||||
//
|
||||
|
||||
toggleChecked() {
|
||||
if (this.state.isAnimating) return false;
|
||||
this.setState({
|
||||
|
|
@ -30,12 +29,12 @@ class Checkbox extends React.PureComponent {
|
|||
}, () => { this.props.changeHandler(this.props.name, this.state.checked)});
|
||||
}
|
||||
|
||||
//
|
||||
// Stops animation
|
||||
ping() {
|
||||
this.setState({ isAnimating: false })
|
||||
}
|
||||
|
||||
//
|
||||
// Creates class string for component
|
||||
composeStateClasses(core) {
|
||||
let result = core;
|
||||
if (this.state.necessary){
|
||||
|
|
@ -48,7 +47,6 @@ class Checkbox extends React.PureComponent {
|
|||
return result;
|
||||
}
|
||||
|
||||
//
|
||||
render() {
|
||||
const cl = this.composeStateClasses('ui-checkbox-btn');
|
||||
return (
|
||||
|
|
|
|||
Loading…
Reference in New Issue