Merge pull request #220 from guardicore/feature/netstat

Add netstat
This commit is contained in:
Daniel Goldberg 2018-12-03 16:00:09 +02:00 committed by GitHub
commit af14daaebc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 53 additions and 4 deletions

View File

@ -8,6 +8,7 @@ from enum import IntEnum
from infection_monkey.network.info import get_host_subnets from infection_monkey.network.info import get_host_subnets
from infection_monkey.system_info.aws_collector import AwsCollector from infection_monkey.system_info.aws_collector import AwsCollector
from infection_monkey.system_info.azure_cred_collector import AzureCollector from infection_monkey.system_info.azure_cred_collector import AzureCollector
from infection_monkey.system_info.netstat_collector import NetstatCollector
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -107,12 +108,16 @@ class InfoCollector(object):
def get_network_info(self): def get_network_info(self):
""" """
Adds network information from the host to the system information. Adds network information from the host to the system information.
Currently updates with a list of networks accessible from host, Currently updates with netstat and a list of networks accessible from host
containing host ip and the subnet range. containing host ip and the subnet range
:return: None. Updates class information :return: None. Updates class information
""" """
LOG.debug("Reading subnets") LOG.debug("Reading subnets")
self.info['network_info'] = {'networks': get_host_subnets()} self.info['network_info'] =\
{
'networks': get_host_subnets(),
'netstat': NetstatCollector.get_netstat_info()
}
def get_azure_info(self): def get_azure_info(self):
""" """

View File

@ -0,0 +1,44 @@
# Inspired by Giampaolo Rodola's psutil example from https://github.com/giampaolo/psutil/blob/master/scripts/netstat.py
import logging
import psutil
import socket
from socket import AF_INET, SOCK_STREAM, SOCK_DGRAM
__author__ = 'itay.mizeretz'
LOG = logging.getLogger(__name__)
class NetstatCollector(object):
"""
Extract netstat info
"""
AF_INET6 = getattr(socket, 'AF_INET6', object())
proto_map = {
(AF_INET, SOCK_STREAM): 'tcp',
(AF_INET6, SOCK_STREAM): 'tcp6',
(AF_INET, SOCK_DGRAM): 'udp',
(AF_INET6, SOCK_DGRAM): 'udp6',
}
@staticmethod
def get_netstat_info():
LOG.info("Collecting netstat info")
return [NetstatCollector._parse_connection(c) for c in psutil.net_connections(kind='inet')]
@staticmethod
def _parse_connection(c):
return \
{
'proto': NetstatCollector.proto_map[(c.family, c.type)],
'local_address': c.laddr[0],
'local_port': c.laddr[1],
'remote_address': c.raddr[0] if c.raddr else None,
'remote_port': c.raddr[1] if c.raddr else None,
'status': c.status,
'pid': c.pid
}

View File

@ -2,7 +2,7 @@ import os
import logging import logging
import sys import sys
sys.coinit_flags = 0 # needed for proper destruction of the wmi python module sys.coinit_flags = 0 # needed for proper destruction of the wmi python module
import infection_monkey.config import infection_monkey.config
from infection_monkey.system_info.mimikatz_collector import MimikatzCollector from infection_monkey.system_info.mimikatz_collector import MimikatzCollector