forked from p34709852/monkey
Merge remote-tracking branch 'upstream/develop' into 519/scoutsuite-integration
# Conflicts: # .gitmodules # .travis.yml # monkey/common/data/system_info_collectors_names.py # monkey/monkey_island/cc/services/config_schema.py # monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py
This commit is contained in:
commit
b14193f848
|
@ -1,29 +1,32 @@
|
|||
---
|
||||
name: 🐛 Bug report
|
||||
about: Create a report to help us fix things!
|
||||
|
||||
---
|
||||
|
||||
<!--
|
||||
Thank you for reporting a bug to make Infection Monkey better.
|
||||
|
||||
Please fill in as much of the template below as you're able.
|
||||
-->
|
||||
|
||||
## Describe the bug
|
||||
A clear and concise description of what the bug is.
|
||||
|
||||
## To Reproduce
|
||||
Steps to reproduce the behavior:
|
||||
1. Configure the Monkey with X settings
|
||||
2. Run the monkey on specific machine
|
||||
3. See error
|
||||
|
||||
## Expected behavior
|
||||
A description of what you expected to happen.
|
||||
|
||||
## Screenshots
|
||||
If applicable, add screenshots to help explain your problem.
|
||||
|
||||
## Machine version (please complete the following information):
|
||||
- OS: Windows or Linux
|
||||
---
|
||||
name: "\U0001F41B Bug report"
|
||||
about: Create a report to help us fix things!
|
||||
title: ''
|
||||
labels: Bug
|
||||
assignees: ''
|
||||
|
||||
---
|
||||
|
||||
<!--
|
||||
Thank you for reporting a bug to make Infection Monkey better.
|
||||
|
||||
Please fill in as much of the template below as you're able.
|
||||
-->
|
||||
|
||||
## Describe the bug
|
||||
A clear and concise description of what the bug is.
|
||||
|
||||
## To Reproduce
|
||||
Steps to reproduce the behavior:
|
||||
1. Configure the Monkey with X settings
|
||||
2. Run the monkey on specific machine
|
||||
3. See error
|
||||
|
||||
## Expected behavior
|
||||
A description of what you expected to happen.
|
||||
|
||||
## Screenshots
|
||||
If applicable, add screenshots to help explain your problem.
|
||||
|
||||
## Machine version (please complete the following information):
|
||||
- OS: Windows or Linux
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
name: "\U0001F4C3 Documentation request"
|
||||
about: Suggest additions or fixes to our documentation hub!
|
||||
title: ''
|
||||
labels: Documentation
|
||||
assignees: ''
|
||||
|
||||
---
|
||||
|
||||
## Documentation request
|
||||
|
||||
<!-- Choose: adding a new page, or edit existing content. -->
|
||||
|
||||
### Add a new page 🆕
|
||||
|
||||
**What documentation you'd like us to add?**
|
||||
Put suggestion here.
|
||||
|
||||
**Where in the documentation tree?**
|
||||
Put section here.
|
||||
|
||||
### Edit existing content 📝
|
||||
|
||||
**Which page(s) do you want us to edit?**
|
||||
Put link here.
|
||||
|
||||
**What do you think should be changed?**
|
||||
Put requested changes here.
|
|
@ -1,6 +1,9 @@
|
|||
---
|
||||
name: "\U0001F680 Feature request"
|
||||
about: Suggest an idea for this project
|
||||
title: ''
|
||||
labels: Feature
|
||||
assignees: ''
|
||||
|
||||
---
|
||||
|
||||
|
@ -17,4 +20,4 @@ Please describe the problem you are trying to solve.
|
|||
Please describe the desired behavior.
|
||||
|
||||
**Describe alternatives you've considered**
|
||||
Please describe alternative solutions or features you have considered.
|
||||
Please describe alternative solutions or features you have considered.
|
||||
|
|
|
@ -1,15 +1,20 @@
|
|||
# What is this?
|
||||
# What does this PR do?
|
||||
|
||||
Fixes #`put issue number here`.
|
||||
|
||||
Add any further explanations here.
|
||||
|
||||
## Checklist
|
||||
## PR Checklist
|
||||
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
|
||||
* [ ] Have you successfully tested your changes locally?
|
||||
* [ ] Is the TravisCI build passing?
|
||||
|
||||
## Proof that it works
|
||||
If applicable, add screenshots or log transcripts of the feature working
|
||||
## Testing Checklist
|
||||
|
||||
* [ ] Added relevant unit tests?
|
||||
* [ ] Have you successfully tested your changes locally? Elaborate:
|
||||
> Tested by {Running the Monkey locally with relevant config/running Island/...}
|
||||
* [ ] If applicable, add screenshots or log transcripts of the feature working
|
||||
|
||||
## Explain Changes
|
||||
|
||||
## Changes
|
||||
Are the commit messages enough? If not, elaborate.
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 198 KiB |
Binary file not shown.
Before Width: | Height: | Size: 80 KiB After Width: | Height: | Size: 162 KiB |
Binary file not shown.
After Width: | Height: | Size: 122 KiB |
Binary file not shown.
After Width: | Height: | Size: 194 KiB |
|
@ -82,5 +82,17 @@ MonkeyZoo/*
|
|||
!MonkeyZoo/config.tf
|
||||
!MonkeyZoo/MonkeyZooDocs.pdf
|
||||
|
||||
# Exported monkey telemetries
|
||||
/monkey/telem_sample/
|
||||
|
||||
# Profiling logs
|
||||
profiler_logs/
|
||||
|
||||
# vim swap files
|
||||
*.swp
|
||||
|
||||
# Server config might contain credentials
|
||||
/monkey/monkey_island/cc/server_config.json
|
||||
|
||||
# Virtualenv
|
||||
venv/
|
||||
|
|
|
@ -1,3 +1,9 @@
|
|||
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
|
||||
path = monkey/monkey_island/cc/services/attack/attack_data
|
||||
url = https://github.com/guardicore/cti
|
||||
[submodule "docs/themes/learn"]
|
||||
path = docs/themes/learn
|
||||
url = https://github.com/guardicode/hugo-theme-learn.git
|
||||
[submodule "monkey/infection_monkey/system_info/collectors/scoutsuite"]
|
||||
path = monkey/infection_monkey/system_info/collectors/scoutsuite
|
||||
url = https://github.com/ShayNehmad/ScoutSuite.git
|
||||
|
|
89
.travis.yml
89
.travis.yml
|
@ -1,56 +1,105 @@
|
|||
# Infection Monkey travis.yml. See Travis documentation for information about this file structure.
|
||||
|
||||
# If you change this file, you can validate using Travis CI's Build Config Explorer https://config.travis-ci.com/explore
|
||||
|
||||
group: travis_latest
|
||||
|
||||
language: python
|
||||
|
||||
cache: pip
|
||||
cache:
|
||||
- pip
|
||||
- directories:
|
||||
- "$HOME/.npm"
|
||||
|
||||
python:
|
||||
- 3.7
|
||||
|
||||
os: linux
|
||||
|
||||
before_install:
|
||||
# Init server_config.json to default
|
||||
- cp monkey/monkey_island/cc/server_config.json.default monkey/monkey_island/cc/server_config.json
|
||||
|
||||
install:
|
||||
# Python
|
||||
- pip freeze
|
||||
- pip install -r monkey/monkey_island/requirements.txt # for unit tests
|
||||
- pip install flake8 pytest dlint # for next stages
|
||||
- pip install flake8 pytest dlint isort # for next stages
|
||||
- pip install coverage # for code coverage
|
||||
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
|
||||
- pip install -r monkey/infection_monkey/system_info/collectors/scoutsuite/requirements.txt
|
||||
- pip install pipdeptree
|
||||
# Fail builds on possible conflicting dependencies.
|
||||
- pipdeptree --warn fail
|
||||
|
||||
# node + npm + eslint
|
||||
- node --version
|
||||
- npm --version
|
||||
- nvm --version
|
||||
- nvm install node
|
||||
- nvm use node
|
||||
- npm i -g eslint
|
||||
- node --version
|
||||
- npm --version
|
||||
|
||||
# linuxbrew (for hugo)
|
||||
- git clone https://github.com/Homebrew/brew ~/.linuxbrew/Homebrew
|
||||
- mkdir ~/.linuxbrew/bin
|
||||
- ln -s ~/.linuxbrew/Homebrew/bin/brew ~/.linuxbrew/bin
|
||||
- eval $(~/.linuxbrew/bin/brew shellenv)
|
||||
|
||||
# hugo (for documentation)
|
||||
- brew install hugo
|
||||
# print hugo version (useful for debugging documentation build errors)
|
||||
- hugo version
|
||||
|
||||
before_script:
|
||||
# Set the server config to `testing`. This is required for for the UTs to pass.
|
||||
- python monkey/monkey_island/cc/set_server_config.py testing
|
||||
- pushd /home/travis/build/guardicore/monkey/monkey
|
||||
- python monkey_island/cc/environment/set_server_config.py testing
|
||||
- popd
|
||||
|
||||
script:
|
||||
# Check Python code
|
||||
# Check syntax errors and fail the build if any are found.
|
||||
## Check syntax errors and fail the build if any are found.
|
||||
- flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics --exclude=monkey/infection_monkey/system_info/collectors/scoutsuite
|
||||
|
||||
# Warn about linter issues.
|
||||
# --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.
|
||||
# --count will print the total number of errors.
|
||||
# --statistics Count the number of occurrences of each error/warning code and print a report.
|
||||
# The output is redirected to a file.
|
||||
## Warn about linter issues.
|
||||
### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.
|
||||
### --count will print the total number of errors.
|
||||
### --statistics Count the number of occurrences of each error/warning code and print a report.
|
||||
### The output is redirected to a file.
|
||||
- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics --exclude=monkey/infection_monkey/system_info/collectors/scoutsuite > flake8_warnings.txt
|
||||
# Display the linter issues
|
||||
## Display the linter issues
|
||||
- cat flake8_warnings.txt
|
||||
# Make sure that we haven't increased the amount of warnings.
|
||||
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=190
|
||||
- if [ $(tail -n 1 flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
|
||||
## Make sure that we haven't increased the amount of warnings.
|
||||
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=120
|
||||
- if [ $(tail -n 1 flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
|
||||
|
||||
## Check import order
|
||||
- python -m isort . -c -p common -p infection_monkey -p monkey_island
|
||||
|
||||
## Run unit tests
|
||||
- cd monkey # This is our source dir
|
||||
- python -m pytest # Have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path.
|
||||
|
||||
## Calculate Code Coverage
|
||||
- coverage run -m pytest
|
||||
|
||||
# Check JS code. The npm install must happen AFTER the flake8 because the node_modules folder will cause a lot of errors.
|
||||
- cd monkey_island/cc/ui
|
||||
- npm i
|
||||
- npm i -g eslint
|
||||
- cd -
|
||||
- cd monkey_island/cc/ui
|
||||
- eslint ./src --quiet
|
||||
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=37
|
||||
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT
|
||||
- npm ci # See https://docs.npmjs.com/cli/ci.html
|
||||
- eslint ./src --quiet # Test for errors
|
||||
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=28
|
||||
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
|
||||
|
||||
# Build documentation
|
||||
- cd $TRAVIS_BUILD_DIR/docs
|
||||
- hugo --verbose --environment staging
|
||||
|
||||
after_success:
|
||||
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
|
||||
- bash <(curl -s https://codecov.io/bash)
|
||||
|
||||
notifications:
|
||||
slack: # Notify to slack
|
||||
|
|
53
README.md
53
README.md
|
@ -1,6 +1,9 @@
|
|||
# Infection Monkey
|
||||
[![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey)
|
||||
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/guardicore/monkey)](https://github.com/guardicore/monkey/releases)
|
||||
|
||||
[![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey)
|
||||
[![codecov](https://codecov.io/gh/guardicore/monkey/branch/develop/graph/badge.svg)](https://codecov.io/gh/guardicore/monkey)
|
||||
|
||||
![GitHub stars](https://img.shields.io/github/stars/guardicore/monkey)
|
||||
![GitHub commit activity](https://img.shields.io/github/commit-activity/m/guardicore/monkey)
|
||||
|
||||
|
@ -10,18 +13,29 @@ Welcome to the Infection Monkey!
|
|||
|
||||
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.
|
||||
|
||||
<img src=".github/map-full.png" >
|
||||
|
||||
<img src=".github/Security-overview.png" width="800" height="500">
|
||||
|
||||
|
||||
The Infection Monkey is comprised of two parts:
|
||||
* Monkey - A tool which infects other machines and propagates to them
|
||||
* Monkey Island - A dedicated server to control and visualize the Infection Monkey's progress inside the data center
|
||||
|
||||
To read more about the Monkey, visit http://infectionmonkey.com
|
||||
* **Monkey** - A tool which infects other machines and propagates to them.
|
||||
* **Monkey Island** - A dedicated server to control and visualize the Infection Monkey's progress inside the data center.
|
||||
|
||||
To read more about the Monkey, visit [infectionmonkey.com](https://infectionmonkey.com).
|
||||
|
||||
## Screenshots
|
||||
|
||||
### Map
|
||||
<img src=".github/map-full.png" width="800" height="600">
|
||||
|
||||
### Security report
|
||||
<img src=".github/security-report.png" width="800" height="500">
|
||||
|
||||
### Zero trust report
|
||||
<img src=".github/zero-trust-report.png" width="800" height="500">
|
||||
|
||||
### ATT&CK report
|
||||
<img src=".github/attack-report.png" width="900" height="500">
|
||||
|
||||
## Main Features
|
||||
|
||||
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
|
||||
|
||||
* Multiple propagation techniques:
|
||||
|
@ -36,18 +50,17 @@ The Infection Monkey uses the following techniques and exploits to propagate to
|
|||
* Conficker
|
||||
* SambaCry
|
||||
* Elastic Search (CVE-2015-1427)
|
||||
* Weblogic server
|
||||
* and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.
|
||||
|
||||
## Setup
|
||||
Check out the [Setup](https://github.com/guardicore/monkey/wiki/setup) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/wt/).
|
||||
|
||||
The Infection Monkey supports a variety of platforms, documented [in the wiki](https://github.com/guardicore/monkey/wiki/OS-compatibility).
|
||||
Check out the [Setup](https://www.guardicore.com/infectionmonkey/docs/setup/) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/docs/usage/getting-started/).
|
||||
|
||||
The Infection Monkey supports a variety of platforms, documented [in our documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/operating_systems_support/).
|
||||
|
||||
## Building the Monkey from source
|
||||
To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts) folder.
|
||||
If you only want to build the monkey from source, see [Setup](https://github.com/guardicore/monkey/wiki/Setup#compile-it-yourself)
|
||||
and follow the instructions at the readme files under [infection_monkey](infection_monkey) and [monkey_island](monkey_island).
|
||||
|
||||
To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts)
|
||||
folder or follow documentation in [documentation hub](https://www.guardicore.com/infectionmonkey/docs/development/setup-development-environment/).
|
||||
|
||||
### Build status
|
||||
| Branch | Status |
|
||||
|
@ -56,13 +69,21 @@ and follow the instructions at the readme files under [infection_monkey](infecti
|
|||
| Master | [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=master)](https://travis-ci.com/guardicore/monkey) |
|
||||
|
||||
## Tests
|
||||
|
||||
### Unit Tests
|
||||
|
||||
In order to run all of the Unit Tests, run the command `python -m pytest` in the `monkey` directory.
|
||||
|
||||
To get a coverage report, first make sure the `coverage` package is installed using `pip install coverage`. Run the command
|
||||
`coverage run -m unittest` in the `monkey` directory and then `coverage html`. The coverage report can be found in
|
||||
`htmlcov.index`.
|
||||
|
||||
### Blackbox tests
|
||||
|
||||
In order to run the Blackbox tests, refer to `envs/monkey_zoo/blackbox/README.md`.
|
||||
|
||||
# License
|
||||
|
||||
Copyright (c) Guardicore Ltd
|
||||
|
||||
See the [LICENSE](LICENSE) file for license rights and limitations (GPLv3).
|
||||
|
|
|
@ -1,25 +1,55 @@
|
|||
# Files used to deploy development version of infection monkey
|
||||
## Windows
|
||||
# Deployment guide for a development environemnt
|
||||
|
||||
Before running the script you must have git installed.<br>
|
||||
Cd to scripts directory and use the scripts.<br>
|
||||
First argument is an empty directory (script can create one) and second is branch you want to clone.
|
||||
Example usages:<br>
|
||||
./run_script.bat (Sets up monkey in current directory under .\infection_monkey)<br>
|
||||
./run_script.bat "C:\test" (Sets up monkey in C:\test)<br>
|
||||
powershell -ExecutionPolicy ByPass -Command ". .\deploy_windows.ps1; Deploy-Windows -monkey_home C:\test" (Same as above)<br>
|
||||
./run_script.bat "" "master"(Sets up master branch instead of develop in current dir)
|
||||
Don't forget to add python to PATH or do so while installing it via this script.<br>
|
||||
This guide is for you if you wish to develop for Infection Monkey. If you only want to use it, please download the relevant version from [our website](https://infectionmonkey.com).
|
||||
|
||||
## Linux
|
||||
## Prerequisites
|
||||
|
||||
Linux deployment script is meant for Ubuntu 16.x machines.
|
||||
You must have root permissions, but don't run the script as root.<br>
|
||||
Launch deploy_linux.sh from scripts directory.<br>
|
||||
First argument should be an absolute path of an empty directory (script will create one if doesn't exist, default is ./infection_monkey).
|
||||
Second parameter is the branch you want to clone (develop by default).
|
||||
Example usages:<br>
|
||||
./deploy_linux.sh (deploys under ./infection_monkey)<br>
|
||||
./deploy_linux.sh "/home/test/monkey" (deploys under /home/test/monkey)<br>
|
||||
./deploy_linux.sh "" "master" (deploys master branch in script directory)<br>
|
||||
./deploy_linux.sh "/home/user/new" "master" (if directory "new" is not found creates it and clones master branch into it)<br>
|
||||
Before running the script you must have `git` installed. If you don't have `git` installed, please follow [this guide](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git).
|
||||
|
||||
## Deploy on Windows
|
||||
|
||||
Run the following command in powershell:
|
||||
|
||||
```powershell
|
||||
Invoke-WebRequest https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/deploy_windows.ps1 -OutFile deploy_windows.ps1
|
||||
```
|
||||
|
||||
This will download our deploy script. It's a good idea to read it quickly before executing it!
|
||||
|
||||
After downloading that script, execute it in `powershell`.
|
||||
|
||||
The first argument is an empty directory (script can create one). The second argument is which branch you want to clone - by default, the script will check out the `develop` branch. Some example usages:
|
||||
|
||||
- `.\deploy_windows.ps1` (Sets up monkey in current directory under .\infection_monkey)
|
||||
- `.\deploy_windows.ps1 -monkey_home "C:\test"` (Sets up monkey in C:\test)
|
||||
- `.\deploy_windows.ps1 -branch "master"` (Sets up master branch instead of develop in current dir)
|
||||
|
||||
You may also pass in an optional `agents=$false` parameter to disable downloading the latest agent binaries.
|
||||
|
||||
### Troubleshooting
|
||||
|
||||
- If you run into Execution Policy warnings, you can disable them by prefixing the following snippet: `powershell -ExecutionPolicy ByPass -Command "[original command here]"`
|
||||
- Don't forget to add python to PATH or do so while installing it via this script.
|
||||
|
||||
## Deploy on Linux
|
||||
|
||||
Linux deployment script is meant for Ubuntu 16 and Ubuntu 18 machines.
|
||||
|
||||
Your user must have root permissions; however, don't run the script as root!
|
||||
|
||||
```sh
|
||||
wget https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/deploy_linux.sh
|
||||
```
|
||||
|
||||
This will download our deploy script. It's a good idea to read it quickly before executing it!
|
||||
|
||||
Then execute the resulting script with your shell.
|
||||
|
||||
After downloading that script, execute it in a shell. The first argument should be an absolute path of an empty directory (the script will create one if doesn't exist, default is ./infection_monkey). The second parameter is the branch you want to clone (develop by default). Some example usages:
|
||||
|
||||
- `./deploy_linux.sh` (deploys under ./infection_monkey)
|
||||
- `./deploy_linux.sh "/home/test/monkey"` (deploys under /home/test/monkey)
|
||||
- `./deploy_linux.sh "" "master"` (deploys master branch in script directory)
|
||||
- `./deploy_linux.sh "/home/user/new" "master"` (if directory "new" is not found creates it and clones master branch into it)
|
||||
|
||||
You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries.
|
|
@ -1,25 +1,44 @@
|
|||
#!/usr/bin/env bash
|
||||
# Absolute monkey's path
|
||||
MONKEY_FOLDER_NAME="infection_monkey"
|
||||
export MONKEY_FOLDER_NAME="infection_monkey"
|
||||
# Url of public git repository that contains monkey's source code
|
||||
MONKEY_GIT_URL="https://github.com/guardicore/monkey"
|
||||
export MONKEY_GIT_URL="https://github.com/guardicore/monkey"
|
||||
|
||||
get_latest_release() {
|
||||
curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub API
|
||||
grep '"tag_name":' | # Get tag line
|
||||
sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value
|
||||
}
|
||||
|
||||
MONKEY_LATEST_RELEASE=$(get_latest_release "monkey/guardicore")
|
||||
|
||||
# Monkey binaries
|
||||
LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-32"
|
||||
LINUX_32_BINARY_NAME="monkey-linux-32"
|
||||
LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-64"
|
||||
LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-32"
|
||||
export LINUX_32_BINARY_URL
|
||||
export LINUX_32_BINARY_NAME
|
||||
|
||||
LINUX_64_BINARY_NAME="monkey-linux-64"
|
||||
WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-32.exe"
|
||||
LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-64"
|
||||
export LINUX_64_BINARY_URL
|
||||
export LINUX_64_BINARY_NAME
|
||||
|
||||
WINDOWS_32_BINARY_NAME="monkey-windows-32.exe"
|
||||
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-64.exe"
|
||||
WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-32.exe"
|
||||
export WINDOWS_32_BINARY_URL
|
||||
export WINDOWS_32_BINARY_NAME
|
||||
|
||||
WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
|
||||
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-64.exe"
|
||||
export WINDOWS_64_BINARY_URL
|
||||
export WINDOWS_64_BINARY_NAME
|
||||
|
||||
# Other binaries for monkey
|
||||
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute64"
|
||||
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute32"
|
||||
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so"
|
||||
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so"
|
||||
|
||||
# Mongo url's
|
||||
MONGO_DEBIAN_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz"
|
||||
MONGO_UBUNTU_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz"
|
||||
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute64"
|
||||
export TRACEROUTE_64_BINARY_URL
|
||||
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute32"
|
||||
export TRACEROUTE_32_BINARY_URL
|
||||
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner64.so"
|
||||
export SAMBACRY_64_BINARY_URL
|
||||
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner32.so"
|
||||
export SAMBACRY_32_BINARY_URL
|
||||
|
|
|
@ -1,46 +1,47 @@
|
|||
# Absolute monkey's path
|
||||
$MONKEY_FOLDER_NAME = "infection_monkey"
|
||||
# Url of public git repository that contains monkey's source code
|
||||
$MONKEY_REPO = "guardicore/monkey"
|
||||
$MONKEY_GIT_URL = "https://github.com/guardicore/monkey"
|
||||
$MONKEY_RELEASES_URL = $MONKEY_GIT_URL + "/releases"
|
||||
$MONKEY_API_RELEASES_URL = "https://api.github.com/repos/$MONKEY_REPO/releases"
|
||||
$MONKEY_LATEST_VERSION = (Invoke-WebRequest $MONKEY_API_RELEASES_URL | ConvertFrom-Json)[0].tag_name
|
||||
$MONKEY_DOWNLOAD_URL = $MONKEY_RELEASES_URL + "/download/" + $MONKEY_LATEST_VERSION + "/"
|
||||
# Link to the latest python download or install it manually
|
||||
$PYTHON_URL = "https://www.python.org/ftp/python/3.7.4/python-3.7.4-amd64.exe"
|
||||
$PYTHON_URL = "https://www.python.org/ftp/python/3.7.7/python-3.7.7-amd64.exe"
|
||||
|
||||
|
||||
# Monkey binaries
|
||||
$LINUX_32_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-32"
|
||||
$LINUX_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-linux-32"
|
||||
$LINUX_32_BINARY_PATH = "monkey-linux-32"
|
||||
$LINUX_64_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-64"
|
||||
$LINUX_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-linux-64"
|
||||
$LINUX_64_BINARY_PATH = "monkey-linux-64"
|
||||
$WINDOWS_32_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-32.exe"
|
||||
$WINDOWS_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-windows-32.exe"
|
||||
$WINDOWS_32_BINARY_PATH = "monkey-windows-32.exe"
|
||||
$WINDOWS_64_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-64.exe"
|
||||
$WINDOWS_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-windows-64.exe"
|
||||
$WINDOWS_64_BINARY_PATH = "monkey-windows-64.exe"
|
||||
$SAMBA_32_BINARY_URL = "https://github.com/VakarisZ/tempBinaries/raw/master/sc_monkey_runner32.so"
|
||||
$SAMBA_32_BINARY_NAME= "sc_monkey_runner32.so"
|
||||
$SAMBA_64_BINARY_URL = "https://github.com/VakarisZ/tempBinaries/raw/master/sc_monkey_runner64.so"
|
||||
$SAMBA_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "sc_monkey_runner32.so"
|
||||
$SAMBA_32_BINARY_NAME = "sc_monkey_runner32.so"
|
||||
$SAMBA_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "sc_monkey_runner64.so"
|
||||
$SAMBA_64_BINARY_NAME = "sc_monkey_runner64.so"
|
||||
$TRACEROUTE_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute64"
|
||||
$TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32"
|
||||
|
||||
# Other directories and paths ( most likely you dont need to configure)
|
||||
$MONKEY_ISLAND_DIR = "\monkey\monkey_island"
|
||||
$MONKEY_DIR = "\monkey\infection_monkey"
|
||||
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
|
||||
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
|
||||
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
|
||||
$PYTHON_DLL = "C:\Windows\System32\python27.dll"
|
||||
$MK32_DLL = "mk32.zip"
|
||||
$MK64_DLL = "mk64.zip"
|
||||
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
||||
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
|
||||
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
|
||||
$TEMP_CPP_INSTALLER = "cpp.exe"
|
||||
$TEMP_NPM_INSTALLER = "node.msi"
|
||||
$TEMP_PYWIN32_INSTALLER = "pywin32.exe"
|
||||
$TEMP_UPX_ZIP = "upx.zip"
|
||||
$UPX_FOLDER = "upx394w"
|
||||
$UPX_FOLDER = "upx-3.96-win64"
|
||||
|
||||
# Other url's
|
||||
$MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip"
|
||||
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip"
|
||||
$MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2012plus-v4.2-latest.zip"
|
||||
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
|
||||
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
|
||||
$NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi"
|
||||
$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe"
|
||||
$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip"
|
||||
$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip"
|
||||
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip"
|
||||
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
|
||||
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
|
||||
|
|
|
@ -1,10 +1,54 @@
|
|||
#!/bin/bash
|
||||
source config
|
||||
|
||||
exists() {
|
||||
command -v "$1" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
is_root() {
|
||||
return $(id -u)
|
||||
}
|
||||
|
||||
has_sudo() {
|
||||
# 0 true, 1 false
|
||||
timeout 1 sudo id && return 0 || return 1
|
||||
}
|
||||
|
||||
handle_error() {
|
||||
echo "Fix the errors above and rerun the script"
|
||||
exit 1
|
||||
}
|
||||
|
||||
log_message() {
|
||||
echo -e "\n\n"
|
||||
echo -e "DEPLOYMENT SCRIPT: $1"
|
||||
}
|
||||
|
||||
config_branch=${2:-"develop"}
|
||||
config_url="https://raw.githubusercontent.com/guardicore/monkey/${config_branch}/deployment_scripts/config"
|
||||
|
||||
if (! exists curl) && (! exists wget); then
|
||||
log_message 'Your system does not have curl or wget, exiting'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
file=$(mktemp)
|
||||
# shellcheck disable=SC2086
|
||||
if exists wget; then
|
||||
# shellcheck disable=SC2086
|
||||
wget --output-document=$file "$config_url"
|
||||
else
|
||||
# shellcheck disable=SC2086
|
||||
curl -s -o $file "$config_url"
|
||||
fi
|
||||
|
||||
log_message "downloaded configuration"
|
||||
# shellcheck source=deployment_scripts/config
|
||||
# shellcheck disable=SC2086
|
||||
source $file
|
||||
log_message "loaded configuration"
|
||||
# shellcheck disable=SC2086
|
||||
# rm $file
|
||||
|
||||
# Setup monkey either in dir required or current dir
|
||||
monkey_home=${1:-$(pwd)}
|
||||
if [[ $monkey_home == $(pwd) ]]; then
|
||||
|
@ -13,26 +57,19 @@ fi
|
|||
|
||||
# We can set main paths after we know the home dir
|
||||
ISLAND_PATH="$monkey_home/monkey/monkey_island"
|
||||
MONKEY_COMMON_PATH="$monkey_home/monkey/common/"
|
||||
MONGO_PATH="$ISLAND_PATH/bin/mongodb"
|
||||
ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
|
||||
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
|
||||
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
|
||||
|
||||
handle_error() {
|
||||
echo "Fix the errors above and rerun the script"
|
||||
if is_root; then
|
||||
log_message "Please don't run this script as root"
|
||||
exit 1
|
||||
}
|
||||
fi
|
||||
|
||||
log_message() {
|
||||
echo -e "\n\n-------------------------------------------"
|
||||
echo -e "DEPLOYMENT SCRIPT: $1"
|
||||
echo -e "-------------------------------------------\n"
|
||||
}
|
||||
|
||||
sudo -v
|
||||
if [[ $? != 0 ]]; then
|
||||
echo "You need root permissions for some of this script operations. Quiting."
|
||||
HAS_SUDO=$(has_sudo)
|
||||
if [[ ! $HAS_SUDO ]]; then
|
||||
log_message "You need root permissions for some of this script operations. Quiting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -41,25 +78,20 @@ if [[ ! -d ${monkey_home} ]]; then
|
|||
fi
|
||||
|
||||
if ! exists git; then
|
||||
echo "Please install git and re-run this script"
|
||||
log_message "Please install git and re-run this script"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! exists wget; then
|
||||
echo 'Your system does have wget, please install and re-run this script'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log_message "Cloning files from git"
|
||||
branch=${2:-"develop"}
|
||||
if [[ ! -d "$monkey_home/monkey" ]]; then # If not already cloned
|
||||
git clone --single-branch -b "$branch" "${MONKEY_GIT_URL}" "${monkey_home}" 2>&1 || handle_error
|
||||
git clone --single-branch --recurse-submodules -b "$branch" "${MONKEY_GIT_URL}" "${monkey_home}" 2>&1 || handle_error
|
||||
chmod 774 -R "${monkey_home}"
|
||||
fi
|
||||
|
||||
# Create folders
|
||||
log_message "Creating island dirs under $ISLAND_PATH"
|
||||
mkdir -p "${MONGO_PATH}"
|
||||
mkdir -p "${MONGO_PATH}" || handle_error
|
||||
mkdir -p "${ISLAND_BINARIES_PATH}" || handle_error
|
||||
|
||||
# Detecting command that calls python 3.7
|
||||
|
@ -78,87 +110,114 @@ if [[ ${python_cmd} == "" ]]; then
|
|||
log_message "Python 3.7 command not found. Installing python 3.7."
|
||||
sudo add-apt-repository ppa:deadsnakes/ppa
|
||||
sudo apt-get update
|
||||
sudo apt install python3.7
|
||||
sudo apt install python3.7 python3.7-dev
|
||||
log_message "Python 3.7 is now available with command 'python3.7'."
|
||||
python_cmd="python3.7"
|
||||
fi
|
||||
|
||||
log_message "Updating package list"
|
||||
sudo apt-get update
|
||||
log_message "Installing build-essential"
|
||||
sudo apt install build-essential
|
||||
|
||||
log_message "Installing pip"
|
||||
sudo apt install python3-pip
|
||||
${python_cmd} -m pip install pip
|
||||
|
||||
log_message "Install python3.7-dev"
|
||||
sudo apt-get install python3.7-dev
|
||||
log_message "Installing or updating pip"
|
||||
# shellcheck disable=SC2086
|
||||
pip_url=https://bootstrap.pypa.io/get-pip.py
|
||||
if exists wget; then
|
||||
wget --output-document=get-pip.py $pip_url
|
||||
else
|
||||
curl $pip_url -o get-pip.py
|
||||
fi
|
||||
${python_cmd} get-pip.py
|
||||
rm get-pip.py
|
||||
|
||||
log_message "Installing island requirements"
|
||||
requirements="$ISLAND_PATH/requirements.txt"
|
||||
${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error
|
||||
requirements_island="$ISLAND_PATH/requirements.txt"
|
||||
${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error
|
||||
|
||||
log_message "Installing monkey requirements"
|
||||
sudo apt-get install libffi-dev upx libssl-dev libc++1
|
||||
cd "${monkey_home}"/monkey/infection_monkey || handle_error
|
||||
${python_cmd} -m pip install -r requirements.txt --user --upgrade || handle_error
|
||||
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
|
||||
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
|
||||
|
||||
|
||||
agents=${3:-true}
|
||||
# Download binaries
|
||||
log_message "Downloading binaries"
|
||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_32_BINARY_URL}
|
||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_64_BINARY_URL}
|
||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_32_BINARY_URL}
|
||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_64_BINARY_URL}
|
||||
if [ "$agents" = true ] ; then
|
||||
log_message "Downloading binaries"
|
||||
if exists wget; then
|
||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_32_BINARY_URL}
|
||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_64_BINARY_URL}
|
||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_32_BINARY_URL}
|
||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_64_BINARY_URL}
|
||||
else
|
||||
curl -o ${ISLAND_BINARIES_PATH}\monkey-linux-32 ${LINUX_32_BINARY_URL}
|
||||
curl -o ${ISLAND_BINARIES_PATH}\monkey-linux-64 ${LINUX_64_BINARY_URL}
|
||||
curl -o ${ISLAND_BINARIES_PATH}\monkey-windows-32.exe ${WINDOWS_32_BINARY_URL}
|
||||
curl -o ${ISLAND_BINARIES_PATH}\monkey-windows-64.exe ${WINDOWS_64_BINARY_URL}
|
||||
fi
|
||||
fi
|
||||
|
||||
# Allow them to be executed
|
||||
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_32_BINARY_NAME"
|
||||
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME"
|
||||
|
||||
# Get machine type/kernel version
|
||||
kernel=$(uname -m)
|
||||
linux_dist=$(lsb_release -a 2>/dev/null)
|
||||
|
||||
# If a user haven't installed mongo manually check if we can install it with our script
|
||||
log_message "Installing MongoDB"
|
||||
"${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error
|
||||
|
||||
if ! exists mongod; then
|
||||
log_message "Installing MongoDB"
|
||||
"${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error
|
||||
fi
|
||||
log_message "Installing openssl"
|
||||
sudo apt-get install openssl
|
||||
|
||||
# Generate SSL certificate
|
||||
log_message "Generating certificate"
|
||||
cd "${ISLAND_PATH}" || {
|
||||
echo "cd failed"
|
||||
exit 1
|
||||
}
|
||||
openssl genrsa -out cc/server.key 2048
|
||||
openssl req -new -key cc/server.key -out cc/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com"
|
||||
openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt
|
||||
|
||||
"${ISLAND_PATH}"/linux/create_certificate.sh ${ISLAND_PATH}/cc
|
||||
|
||||
# Update node
|
||||
log_message "Installing nodejs"
|
||||
cd "$ISLAND_PATH/cc/ui" || handle_error
|
||||
sudo apt-get install curl
|
||||
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
|
||||
sudo apt-get install -y nodejs
|
||||
if ! exists npm; then
|
||||
log_message "Installing nodejs"
|
||||
node_src=https://deb.nodesource.com/setup_12.x
|
||||
if exists curl; then
|
||||
curl -sL $node_src | sudo -E bash -
|
||||
else
|
||||
wget -q -O - $node_src | sudo -E bash -
|
||||
fi
|
||||
sudo apt-get install -y nodejs
|
||||
fi
|
||||
|
||||
pushd "$ISLAND_PATH/cc/ui" || handle_error
|
||||
npm install sass-loader node-sass webpack --save-dev
|
||||
npm update
|
||||
|
||||
log_message "Generating front end"
|
||||
npm run dist
|
||||
popd || handle_error
|
||||
|
||||
# Making dir for binaries
|
||||
mkdir "${MONKEY_BIN_DIR}"
|
||||
|
||||
# Download sambacry binaries
|
||||
log_message "Downloading sambacry binaries"
|
||||
wget -c -N -P "${MONKEY_BIN_DIR}" "${SAMBACRY_64_BINARY_URL}"
|
||||
wget -c -N -P "${MONKEY_BIN_DIR}" "${SAMBACRY_32_BINARY_URL}"
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
if exists wget; then
|
||||
wget -c -N -P "${MONKEY_BIN_DIR}" ${SAMBACRY_64_BINARY_URL}
|
||||
wget -c -N -P "${MONKEY_BIN_DIR}" ${SAMBACRY_32_BINARY_URL}
|
||||
else
|
||||
curl -o ${MONKEY_BIN_DIR}/sc_monkey_runner64.so ${SAMBACRY_64_BINARY_URL}
|
||||
curl -o ${MONKEY_BIN_DIR}/sc_monkey_runner32.so ${SAMBACRY_32_BINARY_URL}
|
||||
fi
|
||||
# Download traceroute binaries
|
||||
log_message "Downloading traceroute binaries"
|
||||
wget -c -N -P "${MONKEY_BIN_DIR}" "${TRACEROUTE_64_BINARY_URL}"
|
||||
wget -c -N -P "${MONKEY_BIN_DIR}" "${TRACEROUTE_32_BINARY_URL}"
|
||||
# shellcheck disable=SC2086
|
||||
if exists wget; then
|
||||
wget -c -N -P "${MONKEY_BIN_DIR}" ${TRACEROUTE_64_BINARY_URL}
|
||||
wget -c -N -P "${MONKEY_BIN_DIR}" ${TRACEROUTE_32_BINARY_URL}
|
||||
else
|
||||
curl -o ${MONKEY_BIN_DIR}/traceroute64 ${TRACEROUTE_64_BINARY_URL}
|
||||
curl -o ${MONKEY_BIN_DIR}/traceroute32 ${TRACEROUTE_32_BINARY_URL}
|
||||
fi
|
||||
|
||||
sudo chmod +x "${monkey_home}"/monkey/infection_monkey/build_linux.sh
|
||||
sudo chmod +x "${INFECTION_MONKEY_DIR}/build_linux.sh"
|
||||
|
||||
log_message "Deployment script finished."
|
||||
exit 0
|
||||
|
|
|
@ -1,17 +1,40 @@
|
|||
function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, [String] $branch = "develop"){
|
||||
# Import the config variables
|
||||
. ./config.ps1
|
||||
"Config variables from config.ps1 imported"
|
||||
|
||||
# If we want monkey in current dir we need to create an empty folder for source files
|
||||
if ( (Join-Path $monkey_home '') -eq (Join-Path (Get-Item -Path ".\").FullName '') ){
|
||||
$monkey_home = Join-Path -Path $monkey_home -ChildPath $MONKEY_FOLDER_NAME
|
||||
}
|
||||
param(
|
||||
[Parameter(Mandatory = $false, Position = 0)]
|
||||
[String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||
|
||||
[Parameter(Mandatory = $false, Position = 1)]
|
||||
[System.String]
|
||||
$branch = "develop",
|
||||
[Parameter(Mandatory = $false, Position = 2)]
|
||||
[Bool]
|
||||
$agents = $true
|
||||
)
|
||||
function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, [String] $branch = "develop")
|
||||
{
|
||||
Write-Output "Downloading to $monkey_home"
|
||||
Write-Output "Branch $branch"
|
||||
# Set variables for script execution
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||
$webClient = New-Object System.Net.WebClient
|
||||
|
||||
|
||||
# Import the config variables
|
||||
$config_filename = New-TemporaryFile
|
||||
$config_filename = "config.ps1"
|
||||
$config_url = "https://raw.githubusercontent.com/guardicore/monkey/" + $branch + "/deployment_scripts/config.ps1"
|
||||
$webClient.DownloadFile($config_url, $config_filename)
|
||||
. ./config.ps1
|
||||
"Config variables from config.ps1 imported"
|
||||
Remove-Item $config_filename
|
||||
|
||||
|
||||
# If we want monkey in current dir we need to create an empty folder for source files
|
||||
if ((Join-Path $monkey_home '') -eq (Join-Path (Get-Item -Path ".\").FullName ''))
|
||||
{
|
||||
$monkey_home = Join-Path -Path $monkey_home -ChildPath $MONKEY_FOLDER_NAME
|
||||
}
|
||||
|
||||
|
||||
# We check if git is installed
|
||||
try
|
||||
{
|
||||
|
@ -25,15 +48,22 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
}
|
||||
|
||||
# Download the monkey
|
||||
$output = cmd.exe /c "git clone --single-branch -b $branch $MONKEY_GIT_URL $monkey_home 2>&1"
|
||||
$command = "git clone --single-branch --recurse-submodules -b $branch $MONKEY_GIT_URL $monkey_home 2>&1"
|
||||
Write-Output $command
|
||||
$output = cmd.exe /c $command
|
||||
$binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\bin")
|
||||
if ( $output -like "*already exists and is not an empty directory.*"){
|
||||
if ($output -like "*already exists and is not an empty directory.*")
|
||||
{
|
||||
"Assuming you already have the source directory. If not, make sure to set an empty directory as monkey's home directory."
|
||||
} elseif ($output -like "fatal:*"){
|
||||
}
|
||||
elseif ($output -like "fatal:*")
|
||||
{
|
||||
"Error while cloning monkey from the repository:"
|
||||
$output
|
||||
return
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
"Monkey cloned from the repository"
|
||||
# Create bin directory
|
||||
New-Item -ItemType directory -path $binDir
|
||||
|
@ -44,9 +74,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
try
|
||||
{
|
||||
$version = cmd.exe /c '"python" --version 2>&1'
|
||||
if ( $version -like 'Python 3.*' ) {
|
||||
if ($version -like 'Python 3.*')
|
||||
{
|
||||
"Python 3.* was found, installing dependencies"
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
throw System.Management.Automation.CommandNotFoundException
|
||||
}
|
||||
}
|
||||
|
@ -56,11 +89,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
"Select 'add to PATH' when installing"
|
||||
$webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER)
|
||||
Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop
|
||||
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")
|
||||
$env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path", "User")
|
||||
Remove-Item $TEMP_PYTHON_INSTALLER
|
||||
# Check if installed correctly
|
||||
$version = cmd.exe /c '"python" --version 2>&1'
|
||||
if ( $version -like '* is not recognized*' ) {
|
||||
if ($version -like '* is not recognized*')
|
||||
{
|
||||
"Python is not found in PATH. Add it to PATH and relaunch the script."
|
||||
return
|
||||
}
|
||||
|
@ -69,7 +103,8 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
"Upgrading pip..."
|
||||
$output = cmd.exe /c 'python -m pip install --user --upgrade pip 2>&1'
|
||||
$output
|
||||
if ( $output -like '*No module named pip*' ) {
|
||||
if ($output -like '*No module named pip*')
|
||||
{
|
||||
"Make sure pip module is installed and re-run this script."
|
||||
return
|
||||
}
|
||||
|
@ -83,20 +118,24 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
|
||||
$user_python_dir = cmd.exe /c 'py -m site --user-site'
|
||||
$user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts"
|
||||
if(!($ENV:PATH | Select-String -SimpleMatch $user_python_dir)){
|
||||
if (!($ENV:Path | Select-String -SimpleMatch $user_python_dir))
|
||||
{
|
||||
"Adding python scripts path to user's env"
|
||||
$env:Path += ";"+$user_python_dir
|
||||
[Environment]::SetEnvironmentVariable("Path",$env:Path,"User")
|
||||
$env:Path += ";" + $user_python_dir
|
||||
[Environment]::SetEnvironmentVariable("Path", $env:Path, "User")
|
||||
}
|
||||
|
||||
# Download mongodb
|
||||
if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb") )){
|
||||
if (!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb")))
|
||||
{
|
||||
"Downloading mongodb ..."
|
||||
$webClient.DownloadFile($MONGODB_URL, $TEMP_MONGODB_ZIP)
|
||||
"Unzipping mongodb"
|
||||
Expand-Archive $TEMP_MONGODB_ZIP -DestinationPath $binDir
|
||||
# Get unzipped folder's name
|
||||
$mongodb_folder = Get-ChildItem -Path $binDir | Where-Object -FilterScript {($_.Name -like "mongodb*")} | Select-Object -ExpandProperty Name
|
||||
$mongodb_folder = Get-ChildItem -Path $binDir | Where-Object -FilterScript {
|
||||
($_.Name -like "mongodb*")
|
||||
} | Select-Object -ExpandProperty Name
|
||||
# Move all files from extracted folder to mongodb folder
|
||||
New-Item -ItemType directory -Path (Join-Path -Path $binDir -ChildPath "mongodb")
|
||||
New-Item -ItemType directory -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "db")
|
||||
|
@ -127,23 +166,30 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
. .\windows\create_certificate.bat
|
||||
Pop-Location
|
||||
|
||||
# Adding binaries
|
||||
"Adding binaries"
|
||||
$binaries = (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\cc\binaries")
|
||||
New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue
|
||||
$webClient.DownloadFile($LINUX_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_32_BINARY_PATH))
|
||||
$webClient.DownloadFile($LINUX_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_64_BINARY_PATH))
|
||||
$webClient.DownloadFile($WINDOWS_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_32_BINARY_PATH))
|
||||
$webClient.DownloadFile($WINDOWS_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_64_BINARY_PATH))
|
||||
if ($agents)
|
||||
{
|
||||
# Adding binaries
|
||||
"Adding binaries"
|
||||
$binaries = (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\cc\binaries")
|
||||
New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue
|
||||
$webClient.DownloadFile($LINUX_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_32_BINARY_PATH))
|
||||
$webClient.DownloadFile($LINUX_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_64_BINARY_PATH))
|
||||
$webClient.DownloadFile($WINDOWS_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_32_BINARY_PATH))
|
||||
$webClient.DownloadFile($WINDOWS_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_64_BINARY_PATH))
|
||||
}
|
||||
|
||||
|
||||
# Check if NPM installed
|
||||
"Installing npm"
|
||||
try
|
||||
{
|
||||
$version = cmd.exe /c '"npm" --version 2>&1'
|
||||
if ( $version -like "*is not recognized*"){
|
||||
if ($version -like "*is not recognized*")
|
||||
{
|
||||
throw System.Management.Automation.CommandNotFoundException
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
"Npm already installed"
|
||||
}
|
||||
}
|
||||
|
@ -152,7 +198,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
"Downloading npm ..."
|
||||
$webClient.DownloadFile($NPM_URL, $TEMP_NPM_INSTALLER)
|
||||
Start-Process -Wait $TEMP_NPM_INSTALLER
|
||||
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
|
||||
$env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
|
||||
Remove-Item $TEMP_NPM_INSTALLER
|
||||
}
|
||||
|
||||
|
@ -162,18 +208,13 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
& npm run dist
|
||||
Pop-Location
|
||||
|
||||
# Install pywin32
|
||||
"Downloading pywin32"
|
||||
$webClient.DownloadFile($PYWIN32_URL, $TEMP_PYWIN32_INSTALLER)
|
||||
Start-Process -Wait $TEMP_PYWIN32_INSTALLER -ErrorAction Stop
|
||||
Remove-Item $TEMP_PYWIN32_INSTALLER
|
||||
|
||||
# Create infection_monkey/bin directory if not already present
|
||||
$binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin")
|
||||
New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue
|
||||
|
||||
# Download upx
|
||||
if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){
|
||||
if (!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe")))
|
||||
{
|
||||
"Downloading upx ..."
|
||||
$webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP)
|
||||
"Unzipping upx"
|
||||
|
@ -185,27 +226,17 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
Remove-Item $TEMP_UPX_ZIP
|
||||
}
|
||||
|
||||
# Download mimikatz binaries
|
||||
$mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL
|
||||
if(!(Test-Path -Path $mk32_path )){
|
||||
"Downloading mimikatz 32 binary"
|
||||
$webClient.DownloadFile($MK32_DLL_URL, $mk32_path)
|
||||
}
|
||||
$mk64_path = Join-Path -Path $binDir -ChildPath $MK64_DLL
|
||||
if(!(Test-Path -Path $mk64_path )){
|
||||
"Downloading mimikatz 64 binary"
|
||||
$webClient.DownloadFile($MK64_DLL_URL, $mk64_path)
|
||||
}
|
||||
|
||||
# Download sambacry binaries
|
||||
$samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR
|
||||
$samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME
|
||||
if(!(Test-Path -Path $samba32_path )){
|
||||
if (!(Test-Path -Path $samba32_path))
|
||||
{
|
||||
"Downloading sambacry 32 binary"
|
||||
$webClient.DownloadFile($SAMBA_32_BINARY_URL, $samba32_path)
|
||||
}
|
||||
$samba64_path = Join-Path -Path $samba_path -ChildPath $SAMBA_64_BINARY_NAME
|
||||
if(!(Test-Path -Path $samba64_path )){
|
||||
if (!(Test-Path -Path $samba64_path))
|
||||
{
|
||||
"Downloading sambacry 64 binary"
|
||||
$webClient.DownloadFile($SAMBA_64_BINARY_URL, $samba64_path)
|
||||
}
|
||||
|
@ -213,3 +244,4 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
"Script finished"
|
||||
|
||||
}
|
||||
Deploy-Windows -monkey_home $monkey_home -branch $branch
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
SET command=. .\deploy_windows.ps1; Deploy-Windows
|
||||
if NOT "%~1" == "" (
|
||||
SET "command=%command% -monkey_home %~1"
|
||||
)
|
||||
if NOT "%~2" == "" (
|
||||
SET "command=%command% -branch %~2"
|
||||
)
|
||||
powershell -ExecutionPolicy ByPass -Command %command%
|
|
@ -2,7 +2,7 @@ FROM debian:stretch-slim
|
|||
|
||||
LABEL MAINTAINER="theonlydoo <theonlydoo@gmail.com>"
|
||||
|
||||
ARG RELEASE=1.6
|
||||
ARG RELEASE=1.8.0
|
||||
ARG DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
EXPOSE 5000
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
/public/
|
||||
/resources/_gen/
|
|
@ -0,0 +1,5 @@
|
|||
# Monkey documentation
|
||||
|
||||
This folder contains the Monkey Documentation site.
|
||||
|
||||
For more information see `content/development/contribute-documentation.md`.
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
title: "{{ replace .Name "-" " " | title }}"
|
||||
date: {{ .Date }}
|
||||
draft: true
|
||||
---
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
# when deploying to prod, use baseURL = "https://www.guardicore.com/infectionmonkey/docs"
|
||||
# baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
|
||||
baseURL = ""
|
||||
languageCode = "en-us"
|
||||
title = "Guardicore Infection Monkey - Documentation Hub"
|
||||
|
||||
theme = "learn"
|
||||
|
||||
[params]
|
||||
# Change default color scheme with a variant one. See it in the themes folder.
|
||||
themeVariant = "monkey"
|
||||
# Prefix URL to edit current page. Will display an "Edit this page" button on top right hand corner of every page.
|
||||
editURL = "https://github.com/guardicore/monkey/edit/develop/docs/content/"
|
||||
# Author of the site, will be used in meta information
|
||||
author = "Guardicore"
|
||||
# Description of the site, will be used in meta information
|
||||
description = "Guardicore Infection Monkey - Documentation hub"
|
||||
# Shows a checkmark for visited pages on the menu
|
||||
showVisitedLinks = false
|
||||
# Disable search function. It will hide search bar
|
||||
disableSearch = false
|
||||
# Javascript and CSS cache are automatically busted when new version of site is generated.
|
||||
# Set this to true to disable this behavior (some proxies don't handle well this optimization)
|
||||
disableAssetsBusting = false
|
||||
# Set this to true to disable copy-to-clipboard button for inline code.
|
||||
disableInlineCopyToClipBoard = false
|
||||
# A title for shortcuts in menu is set by default. Set this to true to disable it.
|
||||
disableShortcutsTitle = false
|
||||
# When using mulitlingual website, disable the switch language button.
|
||||
disableLanguageSwitchingButton = false
|
||||
# Hide breadcrumbs in the header and only show the current page title
|
||||
disableBreadcrumb = false
|
||||
# Hide Next and Previous page buttons normally displayed full height beside content
|
||||
disableNextPrev = true
|
||||
# Order sections in menu by "weight" or "title". Default to "weight"
|
||||
ordersectionsby = "weight"
|
||||
# Provide a list of custom css files to load relative from the `static/` folder in the site root.
|
||||
custom_css = ["css/labels.css", "css/shadow_around_images.css"]
|
||||
|
||||
[outputs]
|
||||
home = ["HTML", "RSS", "JSON"]
|
||||
|
||||
[[menu.shortcuts]]
|
||||
name = "<i class='fas fa-home'></i> Homepage"
|
||||
identifier = "homepage"
|
||||
url = "https://infectionmonkey.com"
|
||||
weight = 10
|
||||
|
||||
[[menu.shortcuts]]
|
||||
name = "<i class='fab fa-github'></i> GitHub"
|
||||
identifier = "github"
|
||||
url = "https://github.com/guardicore/monkey"
|
||||
weight = 20
|
||||
|
||||
[[menu.shortcuts]]
|
||||
name = "<i class='fab fa-slack'></i> Slack"
|
||||
identifier = "slack"
|
||||
url = "https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU"
|
||||
weight = 30
|
||||
|
||||
[[menu.shortcuts]]
|
||||
name = "<i class='fas fa-inbox'></i> Email"
|
||||
identifier = "email"
|
||||
url = "mailto:support@infectionmonkey.com"
|
||||
weight = 40
|
||||
|
||||
# Enables raw html in markdown.
|
||||
[markup.goldmark.renderer]
|
||||
unsafe = true
|
|
@ -0,0 +1,2 @@
|
|||
baseURL = "https://www.guardicore.com/infectionmonkey/docs"
|
||||
canonifyURLs = true
|
|
@ -0,0 +1,2 @@
|
|||
baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
|
||||
canonifyURLs = true
|
|
@ -0,0 +1,154 @@
|
|||
---
|
||||
title: "FAQ"
|
||||
date: 2020-06-18T15:11:52+03:00
|
||||
draft: false
|
||||
pre: "<i class='fas fa-question'></i> "
|
||||
---
|
||||
|
||||
Here are some of the most common questions we receive about the Infection Monkey. If the answer you’re looking for isn’t here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
|
||||
|
||||
- [Where can I get the latest Monkey version? 📰](#where-can-i-get-the-latest-monkey-version)
|
||||
- [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit)
|
||||
- [Should I run the Monkey continuously?](#should-i-run-the-monkey-continuously)
|
||||
- [Which queries does Monkey perform to the Internet exactly?](#which-queries-does-monkey-perform-to-the-internet-exactly)
|
||||
- [Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?](#where-can-i-find-the-log-files-of-the-monkey-and-the-monkey-island-and-how-can-i-read-them)
|
||||
- [Monkey Island](#monkey-island)
|
||||
- [Monkey agent](#monkey-agent)
|
||||
- [Running the Monkey in a production environment](#running-the-monkey-in-a-production-environment)
|
||||
- [How much of a footprint does the Monkey leave?](#how-much-of-a-footprint-does-the-monkey-leave)
|
||||
- [What’s the Monkey’s impact on system resources usage?](#whats-the-monkeys-impact-on-system-resources-usage)
|
||||
- [Is it safe to use real passwords and usernames in the Monkey’s configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-monkeys-configuration)
|
||||
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
|
||||
- [How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-monkey-will-the-monkey-crash-my-systems-with-its-exploits)
|
||||
- [After I’ve set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey)
|
||||
- [How can I make the monkey propagate “deeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network)
|
||||
- [The report returns a blank screen](#the-report-returns-a-blank-screen)
|
||||
- [How can I get involved with the project? 👩💻👨💻](#how-can-i-get-involved-with-the-project)
|
||||
|
||||
## Where can I get the latest Monkey version? 📰
|
||||
|
||||
For the latest **stable** release for users, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
|
||||
|
||||
If you want to see what has changed between versions, refer to the [releases page on GitHub](https://github.com/guardicore/monkey/releases). For the latest development version, visit the [develop version on GitHub](https://github.com/guardicore/monkey/tree/develop).
|
||||
|
||||
## How long does a single Monkey run for? Is there a time limit?
|
||||
|
||||
The Monkey shuts off either when it can't find new victims, or when it has exceeded the quota of victims as defined in the configuration.
|
||||
|
||||
## Should I run the Monkey continuously?
|
||||
|
||||
Yes! This will allow you to verify that no new security issues were identified by the Monkey since the last time you ran it.
|
||||
|
||||
Does the Infection Monkey require a connection to the Internet?
|
||||
|
||||
The Infection Monkey does not require internet access to function.
|
||||
|
||||
If internet access is available, the Monkey will use the Internet for two purposes:
|
||||
|
||||
- To check for updates.
|
||||
- To check if machines can reach the internet.
|
||||
|
||||
### Which queries does Monkey perform to the Internet exactly?
|
||||
|
||||
The Monkey performs queries out to the Internet on two separate occasions:
|
||||
|
||||
1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `updates.infectionmonkey.com` and `www.google.com`. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
|
||||
1. After installation of the Monkey Island, the Monkey Island sends a request to check for updates. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g. Windows Server, Debian Package, AWS Marketplace, etc.) and the server's version (e.g. "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However due to the anonymous nature of this data we use this to get an aggregate assumption as to how many deployments we see over a specific time period - no "personal" tracking.
|
||||
|
||||
## Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?
|
||||
|
||||
### Monkey Island
|
||||
|
||||
The Monkey Island’s log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal logfile”, like so:
|
||||
|
||||
![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
|
||||
|
||||
It can also be found as a local file on the Monkey Island server, where the Monkey Island was executed, called `info.log`.
|
||||
|
||||
The log enables you to see which requests were requested from the server, and extra logs from the backend logic. The log will contain entries like these ones for example:
|
||||
|
||||
```log
|
||||
2019-07-23 10:52:23,927 - wsgi.py:374 - _log() - INFO - 200 GET /api/local-monkey (10.15.1.75) 17.54ms
|
||||
2019-07-23 10:52:23,989 - client_run.py:23 - get() - INFO - Monkey is not running
|
||||
2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting
|
||||
```
|
||||
|
||||
### Monkey agent
|
||||
|
||||
The Monkey log file can be found in the following paths on machines where it was executed:
|
||||
|
||||
- Path on Linux: `/tmp/user-1563`
|
||||
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||
|
||||
The logs contain information about the internals of the Monkey’s execution. The log will contain entries like these ones for example:
|
||||
|
||||
```log
|
||||
2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
|
||||
2019-07-22 19:16:44,231 [77598:140654230214464:INFO] monkey.initialize.54: Monkey is initializing...
|
||||
2019-07-22 19:16:44,231 [77598:140654230214464:DEBUG] system_singleton.try_lock.95: Global singleton mutex '{2384ec59-0df8-4ab9-918c-843740924a28}' acquired
|
||||
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] monkey.initialize.81: Added default server: 10.15.1.96:5000
|
||||
2019-07-22 19:16:44,234 [77598:140654230214464:INFO] monkey.start.87: Monkey is running...
|
||||
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] control.find_server.65: Trying to wake up with Monkey Island servers list: ['10.15.1.96:5000', '192.0.2.0:5000']
|
||||
2019-07-22 19:16:44,235 [77598:140654230214464:DEBUG] control.find_server.78: Trying to connect to server: 10.15.1.96:5000
|
||||
2019-07-22 19:16:44,238 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): 10.15.1.96:5000
|
||||
2019-07-22 19:16:44,249 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://10.15.1.96:5000 "GET /api?action=is-up HTTP/1.1" 200 15
|
||||
2019-07-22 19:16:44,253 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): updates.infectionmonkey.com:443
|
||||
2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
|
||||
```
|
||||
|
||||
## Running the Monkey in a production environment
|
||||
|
||||
### How much of a footprint does the Monkey leave?
|
||||
|
||||
The Monkey leaves hardly any trace on the target system. It will leave:
|
||||
|
||||
- Log files in the following locations:
|
||||
- Path on Linux: `/tmp/user-1563`
|
||||
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||
|
||||
### What’s the Monkey’s impact on system resources usage?
|
||||
|
||||
The Infection Monkey uses less than single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
|
||||
|
||||
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or via [opening an issue on GitHub](https://github.com/guardicore/monkey).
|
||||
|
||||
### Is it safe to use real passwords and usernames in the Monkey’s configuration?
|
||||
|
||||
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island.
|
||||
|
||||
We advise to limit access to the Monkey Island server by following our [password protection guide](../usage/island/password-guide).
|
||||
|
||||
### How do you store sensitive information on Monkey Island?
|
||||
|
||||
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island’s database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines.
|
||||
|
||||
When you reset the Monkey Island configuration, the Monkey Island wipes the information.
|
||||
|
||||
### How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?
|
||||
|
||||
The Monkey does not use any exploits or attacks that may impact the victim system.
|
||||
|
||||
This means we avoid using some very strong (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we aren’t using it.
|
||||
|
||||
## After I’ve set up Monkey Island, how can I execute the Monkey?
|
||||
|
||||
See our detailed [getting started](../content/usage/getting-started) guide.
|
||||
|
||||
## How can I make the monkey propagate “deeper” into the network?
|
||||
|
||||
If you wish to simulate a very “deep” attack into your network, you can try to increase the *propagation depth* parameter in the configuration. This parameter tells the Monkey how far to propagate into your network from the “patient zero” machine in which it was launched manually.
|
||||
|
||||
To do this, change the “Distance from Island” parameter in the “Basic - Network” tab of the configuration:
|
||||
|
||||
![How to increase propagation depth](/images/faq/prop_depth.png "How to increase propagation depth")
|
||||
|
||||
## The report returns a blank screen
|
||||
|
||||
This is sometimes caused when Monkey Island is installed with an old version of MongoDB. Make sure your MongoDB version is up to date using the `mongod --version` command on Linux or the `mongod -version` command on Windows. If your version is older than **4.0.10**, this might be the problem. To update your Mongo version:
|
||||
|
||||
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/).
|
||||
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of mongodb using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Island again and everything should work.
|
||||
|
||||
## How can I get involved with the project? 👩💻👨💻
|
||||
|
||||
The Monkey is an open-source project, and we weclome contributions and contributors. Check out the [contribution documentation](../development) for more information.
|
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
title: "Infection Monkey Documentation Hub"
|
||||
date: 2020-05-26T18:15:37+03:00
|
||||
draft: false
|
||||
---
|
||||
|
||||
# Infection Monkey documentation hub
|
||||
|
||||
{{< homepage_shortcuts >}}
|
||||
|
||||
## What is Guardicore Infection Monkey?
|
||||
|
||||
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island Command and Control server.
|
||||
|
||||
![Infection Monkey Documentation Hub Logo](/images/monkey-teacher.svg?height=400px "Infection Monkey Documentation Hub Logo")
|
||||
|
||||
The Infection Monkey is comprised of two parts:
|
||||
|
||||
* Monkey - A tool which infects other machines and propagates to them.
|
||||
* Monkey Island - A dedicated UI to visualize the Infection Monkey's progress inside the data center.
|
||||
|
||||
To read more about the Monkey and download it, visit [our homepage](https://infectionmonkey.com/).
|
||||
|
||||
## Getting Started
|
||||
|
||||
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides](setup), and read our [getting started guide](usage/getting-started) for a quick-start on Monkey!
|
||||
|
||||
## Support and community
|
||||
|
||||
If you need help or want to talk all things Monkey, you can [join our public Slack workspace](https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU) or [contact us via Email](mailto:support@infectionmonkey.com).
|
|
@ -0,0 +1,43 @@
|
|||
+++
|
||||
title = "Contribute"
|
||||
date = 2020-05-26T20:55:04+03:00
|
||||
weight = 30
|
||||
chapter = true
|
||||
pre = '<i class="fas fa-code"></i> '
|
||||
tags = ["development", "contribute"]
|
||||
+++
|
||||
|
||||
# Securing networks together
|
||||
|
||||
Want to help secure networks? That's great!
|
||||
|
||||
## How should I start?
|
||||
|
||||
Here's a few short links to help you get started.
|
||||
|
||||
* [Getting up and running](../setup-development-environment) - To help you get a working development setup.
|
||||
* [Contributing guidelines](https://github.com/guardicore/monkey/blob/master/CONTRIBUTING.md) - Some guidelines to help you submit.
|
||||
|
||||
## What are we looking for?
|
||||
|
||||
You can take a look at [our roadmap](https://github.com/guardicore/monkey/projects/5) to see what issues we're thinking about doing soon. We are looking for:
|
||||
|
||||
### More exploits! 💥
|
||||
|
||||
The best way to find weak spots in the network is by attacking it. The [Exploit template](https://github.com/guardicore/monkey/wiki/Exploit-templates) page will help you add exploits.
|
||||
|
||||
It's important to note that the Infection Monkey must be perfectly reliable otherwise no one will use it, so avoid memory corruption exploits _unless they're rock solid_ and focus on the logical vulns such as Shellshock.
|
||||
|
||||
### Analysis plugins 🔬
|
||||
|
||||
Successfully attacking every server in the network is no good unless the Monkey can explain how to prevent the attack. Whether it's detecting when the Monkey is using stolen credentials or when the Monkey can escape locked down networks, this is the part that actually helps secure different parts.
|
||||
|
||||
### Better code 💪
|
||||
|
||||
We always want to improve the core Monkey code, to make it smaller, faster and more reliable. If you have an idea of how to do it, or just want to modularise/improve test coverage for the code, do share!
|
||||
|
||||
### Documentation 📚
|
||||
|
||||
Every project requires better documentation. The Monkey is no different, so feel free to open PRs with suggestions, improvements or issues asking us to document different parts of the Monkey.
|
||||
|
||||
The Monkey's documentation is stored in the `/docs/content` directory.
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
title: "Adding Zero Trust Tests"
|
||||
date: 2020-07-14T10:19:08+03:00
|
||||
draft: false
|
||||
weight: 100
|
||||
---
|
||||
|
||||
## How to add a new Zero Trust test to the Monkey?
|
||||
|
||||
Assuming the Monkey agent is already sending the relevant telemetry, you'll need to add the test in two places.
|
||||
|
||||
### `zero_trust_consts.py`
|
||||
|
||||
In the file `/monkey/common/data/zero_trust_consts.py`,
|
||||
|
||||
1. Add the test name to the TESTS set
|
||||
2. Add a relevant recommendation if exists
|
||||
3. Add the test to the TESTS_MAP dict. Make sure that all statuses (except `STATUS_UNEXECUTED`) have finding explanations.
|
||||
|
||||
### `telemetry/processing.py`
|
||||
|
||||
Find the relevant telemetry type you wish to test the finding in. This can be found in `/monkey/monkey_island/cc/services/telemetry/processing.py`. In the relevant `process_*_telemetry` function, add your Zero Trust testing code. Please put the zero trust tests under the `/monkey/monkey_island/cc/services/telemetry/zero_trust_tests` directory. There you can find examples of existing tests as well, so you'll know pretty much what you need to write.
|
||||
|
||||
## How to test the new Zero Trust test I've implemented?
|
||||
|
||||
Test ALL possible finding statuses you've defined in a fake network. Observe the events as well and see they were formatted correctly. If there's an algorithmic part to your Zero Trust test, please cover it using a Unit Test.
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
title: "Adding Exploits"
|
||||
date: 2020-06-08T19:53:00+03:00
|
||||
draft: true
|
||||
tags: ["contribute"]
|
||||
weight: 50
|
||||
---
|
|
@ -0,0 +1,76 @@
|
|||
---
|
||||
title: "Adding Post Breach Actions"
|
||||
date: 2020-06-08T19:53:13+03:00
|
||||
draft: false
|
||||
tags: ["contribute"]
|
||||
weight: 90
|
||||
---
|
||||
|
||||
## What's this?
|
||||
|
||||
This guide will show you how to create a new _Post Breach action_ for the Infection Monkey. _Post Breach actions_ are "extra" actions that the Monkey can perform on the victim machines after it propagated to them.
|
||||
|
||||
## Do I need a new PBA?
|
||||
|
||||
If all you want is to execute shell commands, then there's no need to add a new PBA - just configure the required commands in the Monkey Island configuration! If you think that those specific commands have reuse value in all deployments and not just your own, you can add a new PBA. If you need to run actual Python code, you must add a new PBA.
|
||||
|
||||
## How to add a new PBA
|
||||
|
||||
### Monkey side
|
||||
|
||||
#### Framework
|
||||
|
||||
1. Create your new action in the following directory: `monkey/infection_monkey/post_breach/actions` by first creating a new file with the name of your action.
|
||||
2. In that file, create a class that inherits from the `PBA` class:
|
||||
|
||||
```python
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
|
||||
class MyNewPba(PBA):
|
||||
```
|
||||
|
||||
3. Set the action name in the constructor, like so:
|
||||
|
||||
```python
|
||||
class MyNewPba(PBA):
|
||||
def __init__(self):
|
||||
super(MyNewPba, self).__init__(name="MyNewPba")
|
||||
```
|
||||
|
||||
#### Implementation
|
||||
|
||||
If your PBA consists only of simple shell commands, you can reuse the generic PBA by passing the commands into the constructor. See the `add_user.py` PBA for reference.
|
||||
|
||||
Otherwise, you'll need to override the `run` method with your own implementation. See the `communicate_as_new_user.py` PBA for reference. Make sure to send the relevant PostBreachTelem upon success/failure. You can log during the PBA as well.
|
||||
|
||||
### Island side
|
||||
|
||||
#### Configuration
|
||||
|
||||
You'll need to add your PBA to the `config_schema.py` file, under `post_breach_acts`, like so:
|
||||
|
||||
```json
|
||||
"post_breach_acts": {
|
||||
"title": "Post breach actions",
|
||||
"type": "string",
|
||||
"anyOf": [
|
||||
# ...
|
||||
{
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"MyNewPba"
|
||||
],
|
||||
"title": "My new PBA",
|
||||
"attack_techniques": []
|
||||
},
|
||||
],
|
||||
},
|
||||
```
|
||||
|
||||
Now you can choose your PBA when configuring the Monkey on the Monkey island:
|
||||
|
||||
![PBA in configuration](https://i.imgur.com/9PrcWr0.png)
|
||||
|
||||
#### Telemetry processing
|
||||
|
||||
If you wish to process your Post Breach action telemetry (for example, to analyze it for report data), add a processing function to the `POST_BREACH_TELEMETRY_PROCESSING_FUNCS` which can be found at `monkey/monkey_island/cc/services/telemetry/processing/post_breach.py`. You can look at the `process_communicate_as_new_user_telemetry` method as an example.
|
|
@ -0,0 +1,101 @@
|
|||
---
|
||||
title: "Adding System Info Collectors"
|
||||
date: 2020-06-09T11:03:42+03:00
|
||||
draft: false
|
||||
tags: ["contribute"]
|
||||
weight: 80
|
||||
---
|
||||
|
||||
## What's this?
|
||||
|
||||
This guide will show you how to create a new _System Info Collector_ for the Infection Monkey. _System Info Collectors_ are modules which each Monkey runs, that collect specific information and sends it back to the Island as part of the System Info Telemetry.
|
||||
|
||||
### Do I need a new System Info Controller?
|
||||
|
||||
If all you want is to execute a shell command, then there's no need to add a new collector - just configure the required commands in the Monkey Island configuration in the PBA section! Also, if there is a relevant collector and you only need to add more information to it, expand the existing one. Otherwise, you must add a new Collector.
|
||||
|
||||
## How to add a new System Info Collector
|
||||
|
||||
### Monkey side
|
||||
|
||||
#### Framework
|
||||
|
||||
1. Create your new collector in the following directory: `monkey/infection_monkey/system_info/collectors` by first creating a new file with the name of your collector.
|
||||
2. In that file, create a class that inherits from the `SystemInfoCollector` class:
|
||||
|
||||
```py
|
||||
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
|
||||
|
||||
class MyNewCollector(SystemInfoCollector):
|
||||
```
|
||||
|
||||
3. Set the Collector name in the constructor, like so:
|
||||
|
||||
```py
|
||||
class MyNewCollector(SystemInfoCollector):
|
||||
def __init__(self):
|
||||
super(MyNewCollector, self).__init__(name="MyNewCollector")
|
||||
```
|
||||
|
||||
#### Implementation
|
||||
|
||||
Override the `collect` method with your own implementation. See the `EnvironmentCollector.py` Collector for reference. You can log during collection as well.
|
||||
|
||||
### Island side
|
||||
|
||||
#### Island Configuration
|
||||
|
||||
##### Definitions
|
||||
|
||||
You'll need to add your Collector to the `monkey_island/cc/services/config_schema.py` file, under `definitions/system_info_collectors_classes/anyOf`, like so:
|
||||
|
||||
```json
|
||||
"system_info_collectors_classes": {
|
||||
"title": "System Information Collectors",
|
||||
"type": "string",
|
||||
"anyOf": [
|
||||
{
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"EnvironmentCollector"
|
||||
],
|
||||
"title": "Which Environment this machine is on (on prem/cloud)",
|
||||
"attack_techniques": []
|
||||
},
|
||||
{ <=================================
|
||||
"type": "string", <=================================
|
||||
"enum": [ <=================================
|
||||
"MyNewCollector" <=================================
|
||||
], <=================================
|
||||
"title": "My new title", <=================================
|
||||
"attack_techniques": [] <=================================
|
||||
},
|
||||
],
|
||||
},
|
||||
```
|
||||
|
||||
##### properties
|
||||
|
||||
Also, you can add the Collector to be used by default by adding it to the `default` key under `properties/monkey/system_info/system_info_collectors_classes`:
|
||||
|
||||
```json
|
||||
"system_info_collectors_classes": {
|
||||
"title": "System info collectors",
|
||||
"type": "array",
|
||||
"uniqueItems": True,
|
||||
"items": {
|
||||
"$ref": "#/definitions/system_info_collectors_classes"
|
||||
},
|
||||
"default": [
|
||||
"EnvironmentCollector",
|
||||
"MyNewCollector" <=================================
|
||||
],
|
||||
"description": "Determines which system information collectors will collect information."
|
||||
},
|
||||
```
|
||||
|
||||
#### Telemetry processing
|
||||
|
||||
1. Add a process function under `monkey_island/cc/telemetry/processing/system_info_collectors/{DATA_NAME_HERE}.py`. The function should parse the collector's result. See `processing/system_info_collectors/environment.py` for example.
|
||||
|
||||
2. Add that function to `SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS` under `monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py`.
|
|
@ -0,0 +1,104 @@
|
|||
---
|
||||
title: "Contribute Documentation"
|
||||
date: 2020-06-17T17:31:54+03:00
|
||||
draft: false
|
||||
weight: 1
|
||||
tags: ["contribute"]
|
||||
---
|
||||
|
||||
The `/docs` folder contains the Monkey Documentation site.
|
||||
|
||||
The site is based on [Hugo](https://gohugo.io/) and the [learn](https://themes.gohugo.io/theme/hugo-theme-learn/en) theme.
|
||||
|
||||
- [Directory Structure](#directory-structure)
|
||||
- [content](#content)
|
||||
- [static](#static)
|
||||
- [config](#config)
|
||||
- [themes](#themes)
|
||||
- [layouts and archtypes](#layouts-and-archtypes)
|
||||
- [public and resources](#public-and-resources)
|
||||
- [How to contribute](#how-to-contribute)
|
||||
- [Requirements](#requirements)
|
||||
- [Adding and editing content](#adding-and-editing-content)
|
||||
- [Add a new page](#add-a-new-page)
|
||||
- [Editing an existing page](#editing-an-existing-page)
|
||||
- [Building the content](#building-the-content)
|
||||
- [Serve the documentation locally](#serve-the-documentation-locally)
|
||||
- [Build the content for deployment](#build-the-content-for-deployment)
|
||||
- [Troubleshooting](#troubleshooting)
|
||||
- [`Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`](#error-unable-to-locate-config-file-or-config-directory-perhaps-you-need-to-create-a-new-site)
|
||||
- [`failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?](#failed-to-extract-shortcode-template-for-shortcode-children-not-found-or-theme-doesnt-seem-right)
|
||||
- [CSS is missing](#css-is-missing)
|
||||
|
||||
## Directory Structure
|
||||
|
||||
By order of importance:
|
||||
|
||||
### content
|
||||
|
||||
The most important directory is `/content`: This is the directory which contains the content files. [Read this to understand how pages are organized in that folder](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/pages/).
|
||||
|
||||
### static
|
||||
|
||||
In this directory you should place images, `css` files, `js` files, and other static content the site should serve. To access that static content in a page, use something similar to this:
|
||||
|
||||
```markdown
|
||||
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
|
||||
```
|
||||
|
||||
### config
|
||||
|
||||
This folder controls a lot of parameters regarding the site generation.
|
||||
|
||||
### themes
|
||||
|
||||
This is the theme we're using. It's a submodule (so to get it you need to run `git submodule update`). It's our own fork of the [learn](https://themes.gohugo.io/hugo-theme-learn/) theme. If we want to make changes to the theme itself or pull updates from the upstream you'll do it here.
|
||||
|
||||
### layouts and archtypes
|
||||
|
||||
This directory includes custom [HTML partials](https://gohugo.io/templates/partials/), custom [shortcodes](https://gohugo.io/content-management/shortcodes/), and content templates. Best to not mess with the existing stuff here too much, but rather add new things.
|
||||
|
||||
### public and resources
|
||||
|
||||
These are the build output of `hugo` and should never be `commit`-ed to git.
|
||||
|
||||
## How to contribute
|
||||
|
||||
### Requirements
|
||||
|
||||
You have to [install `hugo`](https://gohugo.io/getting-started/installing/), a text editor that's good for markdown (`vscode` and `vim` are good options), and `git`.
|
||||
|
||||
### Adding and editing content
|
||||
|
||||
#### Add a new page
|
||||
|
||||
Run `hugo new folder/page.md`. Optionally add `--kind chapter` if this is a new chapter page. For example, `hugo new usage/getting-started.md` created the Getting Started page.
|
||||
|
||||
#### Editing an existing page
|
||||
|
||||
Edit the markdown file(s). [Here's a markdown cheatsheet](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/markdown/). If you want to add images, add them to the `static/images` folder and refer to them by name.
|
||||
|
||||
### Building the content
|
||||
|
||||
#### Serve the documentation locally
|
||||
|
||||
Run `hugo server -D`. The server will be available locally at `http://localhost:1313/`. You can change the content/theme and the site will refresh automatically to reflect your changes.
|
||||
|
||||
#### Build the content for deployment
|
||||
|
||||
Run `hugo --environment staging` or `hugo --environment production`. This will create a static site in the `public` directory. This directory should be ignored by `git` - **make sure you don't add and commit it by mistake!**
|
||||
|
||||
#### Troubleshooting
|
||||
|
||||
##### `Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`
|
||||
|
||||
What is your working directory? It should be `monkey/docs`.
|
||||
|
||||
##### `failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?
|
||||
|
||||
Have you ran `git submodule update`?
|
||||
|
||||
##### CSS is missing
|
||||
|
||||
- Make sure that you're accessing the correct URL.
|
||||
- Check the `config.toml` file.
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
title: "Development setup"
|
||||
date: 2020-06-08T19:53:00+03:00
|
||||
draft: false
|
||||
weight: 5
|
||||
tags: ["contribute"]
|
||||
---
|
||||
|
||||
## Deployment scripts
|
||||
|
||||
To setup development environment using scripts look at the readme under [`/deployment_scripts`](https://github.com/guardicore/monkey/blob/develop/deployment_scripts). If you want to setup it manually or if run into some problems, read further below.
|
||||
|
||||
## Agent
|
||||
|
||||
The Agent, (what we refer as the Monkey), is a single Python project under the [`infection_monkey`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey) folder. Built for Python 3.7, you can get it up and running by setting up a [virtual environment](https://docs.python-guide.org/dev/virtualenvs/) and inside it installing the requirements listed under [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/requirements.txt).
|
||||
|
||||
In order to compile the Monkey for distribution by the Monkey Island, you need to run the instructions listed in [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/readme.txt) on each supported environment.
|
||||
|
||||
This means setting up an environment with Linux 32/64-bit with Python installed and a Windows 64-bit machine with developer tools + 32/64-bit Python versions.
|
||||
|
||||
## Monkey Island
|
||||
|
||||
The Monkey Island is a Python backend React frontend project. Similar to the agent, the backend's requirements are listed in the matching [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/requirements.txt).
|
||||
|
||||
To setup a working front environment, run the instructions listed in the [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/readme.txt)
|
|
@ -0,0 +1,14 @@
|
|||
+++
|
||||
title = "Reference"
|
||||
date = 2020-05-26T20:55:04+03:00
|
||||
weight = 30
|
||||
chapter = true
|
||||
pre = '<i class="fas fa-layer-group"></i> '
|
||||
tags = ["reference"]
|
||||
+++
|
||||
|
||||
# Reference
|
||||
|
||||
Find detailed information about Infection Monkey.
|
||||
|
||||
{{% children %}}
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
title: "ElasticGroovy"
|
||||
date: 2020-07-14T08:41:40+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "windows", "linux"]
|
||||
---
|
||||
|
||||
CVE-2015-1427.
|
||||
|
||||
> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
|
||||
|
||||
Logic is based on [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "Hadoop"
|
||||
date: 2020-07-14T08:41:49+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "linux", "windows"]
|
||||
---
|
||||
|
||||
Remote code execution on HADOOP server with YARN and default settings. Logic based on [this vulhub module](https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn).
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
title: "MS08 067"
|
||||
date: 2020-07-14T08:42:54+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "windows"]
|
||||
---
|
||||
|
||||
[MS08-067](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) is a remote code execution vulnerability.
|
||||
|
||||
This exploiter is unsafe. If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If the crash in Svchost.exe occurs, the Server service will be affected. That might cause system crash due to the use of buffer overflow. It's therefore **not** enabled by default.
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "MsSQL"
|
||||
date: 2020-07-14T08:41:56+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "windows"]
|
||||
---
|
||||
|
||||
The Monkey will try to brute force into MsSQL server and uses insecure configuration to execute commands on server.
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "SMBExec"
|
||||
date: 2020-07-14T08:42:16+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "windows"]
|
||||
---
|
||||
|
||||
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by Mimikatz.
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "SSHExec"
|
||||
date: 2020-07-14T08:42:21+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "linux"]
|
||||
---
|
||||
|
||||
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration))and SSH keys gathered from systems.
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "Sambacry"
|
||||
date: 2020-07-14T08:42:02+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "linux"]
|
||||
---
|
||||
|
||||
Bruteforces and searches for anonymous shares. Partially based on [the following implementation](https://github.com/CoreSecurity/impacket/blob/master/examples/sambaPipe.py) by CORE Security Technologies' impacket.
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "Struts2"
|
||||
date: 2020-07-14T08:42:30+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "linux", "windows"]
|
||||
---
|
||||
|
||||
Exploits struts2 java web framework. CVE-2017-5638. Logic based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "VSFTPD"
|
||||
date: 2020-07-14T08:42:39+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "linux"]
|
||||
---
|
||||
|
||||
Exploits a malicious backdoor that was added to the VSFTPD download archive. Logic based on [this MetaSploit module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb).
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "WMIExec"
|
||||
date: 2020-07-14T08:43:12+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "windows"]
|
||||
---
|
||||
|
||||
Brute forces WMI (Windows Management Instrumentation) using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by mimikatz.
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
title: "WebLogic"
|
||||
date: 2020-07-14T08:42:46+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "linux", "windows"]
|
||||
---
|
||||
|
||||
Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on a vulnerable WebLogic server.
|
|
@ -0,0 +1,16 @@
|
|||
+++
|
||||
title = "Exploiters"
|
||||
date = 2020-05-26T20:55:04+03:00
|
||||
weight = 100
|
||||
chapter = true
|
||||
pre = '<i class="fas fa-ethernet"></i> '
|
||||
tags = ["reference", "exploit"]
|
||||
+++
|
||||
|
||||
# Exploiters
|
||||
|
||||
Infection Monkey uses various RCE exploiters. Most of these, in our knowledge, pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and vulnerabilities used by them.
|
||||
|
||||
{{% children %}}
|
||||
|
||||
You can check out the Exploiters' implementation yourself [in the Monkey's GitHub repository](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit).
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
title: "ShellShock"
|
||||
date: 2020-07-14T08:41:32+03:00
|
||||
draft: false
|
||||
tags: ["exploit", "linux"]
|
||||
---
|
||||
|
||||
CVE-2014-6271, based on [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
|
||||
|
||||
> GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock."
|
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
title: "Operating systems"
|
||||
date: 2020-07-14T08:09:53+03:00
|
||||
draft: false
|
||||
pre: '<i class="fas fa-laptop"></i> '
|
||||
weight: 10
|
||||
tags: ["setup", "reference", "windows", "linux"]
|
||||
---
|
||||
|
||||
The Infection Monkey project supports many popular OSes (but we can always do more).
|
||||
|
||||
The Monkey itself (the agent) has been tested to run on the following operating systems (on x64 architecture)
|
||||
|
||||
### Monkey support
|
||||
|
||||
#### Linux
|
||||
|
||||
Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributions are supported:
|
||||
|
||||
- Centos 7+
|
||||
- Debian 7+
|
||||
- Kali 2019+
|
||||
- Oracle 7+
|
||||
- Rhel 7+
|
||||
- Suse 12+
|
||||
- Ubuntu 14+
|
||||
|
||||
#### Windows
|
||||
|
||||
- Windows 2012+
|
||||
- Windows 2012_R2+
|
||||
- Windows 7/Server 2008_R2 if [KB2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) is installed.
|
||||
- Windows vista/Server 2008 should also work if the same update is installed, but this wasn't tested.
|
||||
|
||||
### Island support
|
||||
|
||||
**The Monkey Island (control server)** runs out of the box on:
|
||||
|
||||
- Ubuntu 18.04
|
||||
- Debian 9
|
||||
- Windows Server 2012
|
||||
- Windows Server 2012 R2
|
||||
- Windows Server 2016
|
||||
|
||||
We provide a dockerfile from our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
|
||||
|
||||
### Old machine bootloader
|
||||
|
||||
Some **Older machines** still get a partial compatibility as in they get exploited and reported, but monkey can't run on them. So instead of monkey, old machine bootloader (small c program) is ran, which reports some minor info like network interface configuration, GLIBC version, OS and so on.
|
||||
|
||||
**Old machine bootloader** also has a GLIBC 2.14+ requirement for linux, because bootloader is included into pyinstaller bootloader which uses python3.7, which in turn requires GLIBC 2.14+. If you think partial support for older machines is important, don't hesitate to open a new issue about it.
|
||||
|
||||
**Old machine bootloader** runs on machines with:
|
||||
|
||||
- Centos 7+
|
||||
- Debian 7+
|
||||
- Kali 2019+
|
||||
- Oracle 7+
|
||||
- Rhel 7+
|
||||
- Suse 12+
|
||||
- Ubuntu 14+
|
||||
- **Windows XP/Server 2003+**
|
||||
|
||||
[^1]: GLIBC >= 2.14 requirement comes from the fact that monkey is built using this GLIBC version and GLIBC is not backwards compatible. We are also limited to the oldest GLIBC version compatible with ptyhon3.7
|
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
title: "Scanners"
|
||||
date: 2020-07-14T08:43:12+03:00
|
||||
draft: false
|
||||
weight: 20
|
||||
pre: '<i class="fas fa-network-wired"></i> '
|
||||
tags: ["reference"]
|
||||
---
|
||||
|
||||
The Infection Monkey agent has two steps before attempting to exploit a victim, scanning and fingerprinting, it's possible to customize both steps in the configuration files.
|
||||
|
||||
## Scanning
|
||||
|
||||
Currently there are two scanners, [`PingScanner`][ping-scanner] and [`TcpScanner`][tcp-scanner] both inheriting from [`HostScanner`][host-scanner].
|
||||
|
||||
The sole interface required is the `is_host_alive` interface, which needs to return True/False.
|
||||
|
||||
[`TcpScanner`][tcp-scanner] is the default scanner and it checks for open ports based on the `tcp_target_ports` configuration setting.
|
||||
|
||||
[`PingScanner`][ping-scanner] sends a ping message using the host OS utility `ping`.
|
||||
|
||||
## Fingerprinting
|
||||
|
||||
Fingerprinters are modules that collect server information from a specific victim. They inherit from the [`HostFinger`][host-finger] class and are listed under `finger_classes` configuration option.
|
||||
|
||||
Currently implemented Fingerprint modules are:
|
||||
|
||||
1. [`SMBFinger`][smb-finger] - Fingerprints target machines over SMB. Extracts computer name and OS version.
|
||||
2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22). Extracts the computer version and SSH banner.
|
||||
3. [`PingScanner`][ping-scanner] - Fingerprints using the machines TTL, to differentiate between Linux and Windows hosts.
|
||||
4. [`HTTPFinger`][http-finger] - Fingerprints over HTTP/HTTPS, using the ports listed in `HTTP_PORTS` in the configuration. Returns the server type and if it supports SSL.
|
||||
5. [`MySQLFinger`][mysql-finger] - Fingerprints over MySQL (port 3306). Extracts MySQL banner info - Version, Major/Minor/Build and capabilities.
|
||||
6. [`ElasticFinger`][elastic-finger] - Fingerprints over ElasticSearch (port 9200). Extracts the cluster name, node name and node version.
|
||||
|
||||
## Adding a scanner/fingerprinter
|
||||
|
||||
To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and should be imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
|
||||
|
||||
To be used by default, two files need to be changed - [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) and [`infection_monkey/example.conf`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/example.conf) to add references to the new class.
|
||||
|
||||
At this point, the Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
|
||||
|
||||
[elastic-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/elasticfinger.py
|
||||
[http-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/httpfinger.py
|
||||
[host-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
|
||||
[host-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
|
||||
[mysql-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/mysqlfinger.py
|
||||
[ping-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/ping_scanner.py
|
||||
[smb-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/smbfinger.py
|
||||
[ssh-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/sshfinger.py
|
||||
[tcp-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/tcp_scanner.py
|
|
@ -0,0 +1,26 @@
|
|||
+++
|
||||
title = "Setup"
|
||||
date = 2020-05-26T20:55:04+03:00
|
||||
weight = 5
|
||||
chapter = true
|
||||
pre = '<i class="fas fa-cogs"></i> '
|
||||
tags = ["setup"]
|
||||
+++
|
||||
|
||||
# Setting up Infection Monkey
|
||||
|
||||
Setting up Infection Monkey is really easy! First, you need to {{% button href="https://infectionmonkey.com/" icon="fas fa-download" %}}download the Infection Monkey from our site{{% /button %}}.
|
||||
|
||||
Once you've downloaded an installer, you can follow the relevant guide for your environment:
|
||||
|
||||
{{% children %}}
|
||||
|
||||
Once you're done setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!
|
||||
|
||||
{{% notice tip %}}
|
||||
You can find information about [operating system compatibility and support here](../reference/operating_systems_support).
|
||||
{{% /notice %}}
|
||||
|
||||
{{% notice tip %}}
|
||||
You can find the binary checksums of our installers to verify their integrity [in this page](../usage/file-checksums).
|
||||
{{% /notice %}}
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
title: "Accounts and Security"
|
||||
date: 2020-06-22T15:36:56+03:00
|
||||
draft: false
|
||||
weight: 50
|
||||
pre: "<i class='fas fa-user-lock'></i> "
|
||||
tags: ["usage", "password"]
|
||||
---
|
||||
|
||||
## Security in Infection Monkey
|
||||
|
||||
The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.
|
||||
|
||||
If you want island to be accessible without credentials press *I want anyone to access the island*. Please note that this option is insecure: you should only pick this for use in development environments.
|
||||
|
||||
## Resetting account credentials
|
||||
|
||||
To reset credentials edit `monkey_island\cc\server_config.json` by deleting `user` and `password_hash` variables. Then restart the Monkey Island server and you should be prompted with registration form again.
|
||||
|
||||
Example `server_config.json` for account reset:
|
||||
|
||||
```json
|
||||
{
|
||||
"server_config": "password",
|
||||
"deployment": "develop"
|
||||
}
|
||||
```
|
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
title: "AWS"
|
||||
date: 2020-05-26T20:57:36+03:00
|
||||
draft: false
|
||||
pre: '<i class="fab fa-aws"></i> '
|
||||
weight: 5
|
||||
tags: ["setup", "aws"]
|
||||
---
|
||||
|
||||
## Deployment
|
||||
|
||||
On the [Infection Monkey’s AWS Marketplace page](https://aws.amazon.com/marketplace/pp/GuardiCore-Infection-Monkey/B07B3J7K6D), click **Continue to Subscribe**.
|
||||
|
||||
1. Choose the desired region.
|
||||
1. Choose an EC2 instance type with at least 1GB of RAM for optimal performance or stick with the recommended.
|
||||
1. Select the VPC and subnet you want the instance to be in.
|
||||
1. In the Security Group section, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
|
||||
1. Choose an existing EC2 key pair for authenticating with your new instance.
|
||||
1. Click **Launch with 1-click.**
|
||||
|
||||
At this point, AWS will instance and deploy your new machine.
|
||||
|
||||
When ready, you can browse to the Infection Monkey running on your fresh deployment at:
|
||||
|
||||
`https://{public-ip}:5000`
|
||||
|
||||
You will be presented a login page. Use the username **monkey**, and the new EC2 instace’s instance ID for password. You can find the instance id by going to the EC2 console and selecting your instance. It should appear in the details pane below.
|
||||
|
||||
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
|
||||
|
||||
## Integration with AWS services
|
||||
|
||||
The Monkey has built-in integrations with AWS services for better execution and reporting. See [Usage -> Integrations](../../usage/integrations) for more details.
|
||||
|
||||
## Upgrading
|
||||
|
||||
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
title: "Azure"
|
||||
date: 2020-05-26T20:57:39+03:00
|
||||
draft: false
|
||||
pre: '<i class="fab fa-microsoft"></i> '
|
||||
weight: 6
|
||||
tags: ["setup", "azure"]
|
||||
---
|
||||
|
||||
## Deployment
|
||||
|
||||
Select [Infection Monkey from the Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/guardicore.infection_monkey) and click **GET IT NOW**.
|
||||
|
||||
1. Under **Basics**:
|
||||
1. Choose a name for your Infection Monkey instance, such as InfectionMonkey.
|
||||
1. Choose a username and password or provide a SSH public key for authentication.
|
||||
1. Choose a resource group and the location your instance will be deployed in.
|
||||
1. Under **Size**
|
||||
1. Choose a machine size with at least 1GB of RAM for optimal performance.
|
||||
1. Under **Settings**
|
||||
1. Choose the network the new instance will be a member of.
|
||||
1. In the **Network Security Group** field, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
|
||||
1. Under **Summary**
|
||||
1. Review the details of the offer and click **Create**.
|
||||
|
||||
At this point, Azure will instance and deploy your new machine. When ready, you can browse to the Infection Monkey running on your fresh deployment at:
|
||||
|
||||
`https://{public-ip-address}:5000`
|
||||
|
||||
## Upgrading
|
||||
|
||||
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
title: "Debian"
|
||||
date: 2020-05-26T20:57:19+03:00
|
||||
draft: false
|
||||
pre: '<i class="fab fa-linux"></i> '
|
||||
weight: 1
|
||||
disableToc: false
|
||||
tags: ["setup", "debian", "linux"]
|
||||
---
|
||||
|
||||
## Deployment
|
||||
|
||||
To extract the `tar.gz` file, run `tar -xvzf monkey-island-debian.tar.gz`.
|
||||
|
||||
To deploy the package, once you’ve extracted it, run the following commands:
|
||||
|
||||
```sh
|
||||
sudo apt update
|
||||
sudo dpkg -i monkey_island.deb # this might print errors
|
||||
```
|
||||
|
||||
If at this point, dpkg printed errors that look like this:
|
||||
|
||||
```sh
|
||||
dpkg: error processing package gc-monkey-island (--install):
|
||||
dependency problems - leaving unconfigured
|
||||
Errors were encountered while processing:
|
||||
gc-monkey-island
|
||||
```
|
||||
|
||||
That just means that not all dependencies were pre-installed on your system. That’s no problem! Just run the following command, which will install all dependencies and then install the Monkey Island:
|
||||
|
||||
```sh
|
||||
sudo apt install -f
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Trying to install on Ubuntu <16.04
|
||||
|
||||
If you’re trying to install the Monkey Island on Ubuntu 16.04 or older, you need to install the dependencies yourself, since Python 3.7 is only installable from the `deadsnakes` PPA. To install the Monkey Island on Ubuntu 16.04, follow the following steps:
|
||||
|
||||
```sh
|
||||
sudo apt update
|
||||
sudo apt-get install libcurl4-openssl-dev
|
||||
sudo apt-get install software-properties-common
|
||||
sudo add-apt-repository ppa:deadsnakes/ppa
|
||||
sudo apt-get update
|
||||
sudo apt-get install python3.7-dev python3.7-venv python3-venv build-essential
|
||||
sudo dpkg -i monkey_island.deb # this might print errors
|
||||
sudo apt install -f
|
||||
```
|
||||
|
||||
### The Monkey Island interface isn't accessible after installation
|
||||
|
||||
To check the status of the Monkey Island after the installation, run the following command: `sudo service monkey-island status`.
|
||||
|
||||
## Upgrading
|
||||
|
||||
To upgrade when a new version comes out, download the new Monkey `.deb` file and install it. You should see a message like `Unpacking monkey-island (1.8.2) over (1.8.0)`. After which, the installation should complete successfully.
|
||||
|
||||
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
title: "Docker"
|
||||
date: 2020-05-26T20:57:28+03:00
|
||||
draft: false
|
||||
pre: '<i class="fab fa-docker"></i> '
|
||||
weight: 4
|
||||
tags: ["setup", "docker", "linux", "windows"]
|
||||
---
|
||||
|
||||
## Deployment
|
||||
|
||||
To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
|
||||
|
||||
Once you’ve extracted the container from the tar.gz file, run the following commands:
|
||||
|
||||
```sh
|
||||
sudo docker load -i dk.monkeyisland.1.9.0.tar
|
||||
sudo docker pull mongo
|
||||
sudo mkdir -p /var/monkey-mongo/data/db
|
||||
sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo
|
||||
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.9.0
|
||||
```
|
||||
|
||||
## Upgrading
|
||||
|
||||
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
|
||||
|
||||
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,62 @@
|
|||
---
|
||||
title: "VMware"
|
||||
date: 2020-05-26T20:57:14+03:00
|
||||
draft: false
|
||||
pre: '<i class="fas fa-laptop-code"></i> '
|
||||
weight: 3
|
||||
tags: ["setup", "vmware"]
|
||||
---
|
||||
|
||||
## Deployment
|
||||
|
||||
1. Deploy the Infection Monkey OVA by choosing Deploy OVF Template and follow the wizard instructions. *Note: make sure port 5000 and 5001 on the machine are accessible for inbound TCP traffic.*
|
||||
2. Turn on the Infection Monkey VM.
|
||||
3. Log in to the machine with the following credentials:
|
||||
1. Username: **monkeyuser**
|
||||
2. Password: **Noon.Earth.Always**
|
||||
4. It's recommended to change the machine passwords by running the following commands: `sudo passwd monkeyuser`, `sudo passwd root`.
|
||||
|
||||
## OVA network modes
|
||||
|
||||
The OVA can be used in one of two modes:
|
||||
|
||||
1. In a network with DHCP configured. In this case, the Monkey Island will automatically query and receive an IP address from the network.
|
||||
1. With a static IP address.
|
||||
|
||||
In this case, you should login to the VM console with
|
||||
username `root` and password `G3aJ9szrvkxTmfAG`. After logging in, edit the interfaces file. You can do that by writing the following command in the prompt:
|
||||
|
||||
```sh
|
||||
sudo nano /etc/network/interfaces
|
||||
```
|
||||
|
||||
And change the lines:
|
||||
|
||||
```sh
|
||||
auto ens160
|
||||
iface ens160 inet dhcp
|
||||
```
|
||||
|
||||
to the following:
|
||||
|
||||
```sh
|
||||
auto ens160
|
||||
iface ens160 inet static
|
||||
address AAA.BBB.CCC.DDD
|
||||
netmask XXX.XXX.XXX.XXX
|
||||
gateway YYY.YYY.YYY.YYY
|
||||
```
|
||||
|
||||
Save the changes then run the command
|
||||
|
||||
```sh
|
||||
sudo ifdown ens160 && ifup ens160
|
||||
```
|
||||
|
||||
## Upgrading
|
||||
|
||||
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
|
||||
|
||||
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
title: "Windows"
|
||||
date: 2020-05-26T20:57:10+03:00
|
||||
draft: false
|
||||
pre: '<i class="fab fa-windows"></i> '
|
||||
weight: 2
|
||||
tags: ["setup", "windows"]
|
||||
---
|
||||
|
||||
## Deployment
|
||||
|
||||
Run the installer, and you should be met with the following screen:
|
||||
|
||||
![Windows installer screenshot](../../images/setup/windows/installer-screenshot-1.png "Windows installer screenshot")
|
||||
|
||||
1. Follow the steps of the installation.
|
||||
1. Run the Monkey Island by clicking on the desktop shortcut.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Missing windows update
|
||||
|
||||
The installer requires [Windows update #2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) to be installed. If you’re having trouble running the installer, please make sure to install that update via Windows Update or manually from the link.
|
||||
|
||||
### Supported browsers
|
||||
|
||||
The Monkey Island supports Chrome (and Chrome-based) browsers. Some Windows Servers only have Internet Explorer installed. Make sure to use Chrome or a similar modern browser. [You can download Google Chrome from here](https://www.google.com/chrome/).
|
||||
|
||||
## Upgrading
|
||||
|
||||
To upgrade, download the new installer and run it. The new Monkey version should be installed over the old one.
|
||||
|
||||
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
|
||||
|
||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
@ -0,0 +1,13 @@
|
|||
+++
|
||||
title = "Usage"
|
||||
date = 2020-05-26T20:57:53+03:00
|
||||
weight = 10
|
||||
chapter = true
|
||||
pre = '<i class="fas fa-users-cog"></i> '
|
||||
+++
|
||||
|
||||
# Usage
|
||||
|
||||
If you're just starting with Infection Monkey, check out our [Getting Started](getting-started) page.
|
||||
|
||||
If you haven't downloaded Monkey yet, {{% button href="https://www.guardicore.com/infectionmonkey/#download" icon="fas fa-download" %}}Get Infection Monkey here{{% /button %}}!
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
title: "Configuration"
|
||||
date: 2020-06-07T19:08:51+03:00
|
||||
draft: false
|
||||
chapter: true
|
||||
weight: 3
|
||||
pre: "<i class='fas fa-sliders-h'></i> "
|
||||
---
|
||||
|
||||
# Configure the Monkey
|
||||
|
||||
The Monkey is highly configurable. Nearly every part of it can be modified to turn it to a fast acting worm or into a port scanning and system information collecting machine.
|
||||
|
||||
{{% notice warning %}}
|
||||
This section of the documentation is incomplete and under active construction.
|
||||
{{% /notice %}}
|
||||
|
||||
See these documentation pages for information on each configuration value:
|
||||
|
||||
{{% children description=true %}}
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
title: "Credentials"
|
||||
date: 2020-06-09T12:20:08+03:00
|
||||
draft: false
|
||||
description: "Configure credentials that the Monkey will use for propagation."
|
||||
---
|
||||
|
||||
In this screen you can feed the Monkey with “stolen” credentials for your network, simulating an attacker with inside knowledge.
|
||||
|
||||
![Configure credentials](/images/usage/configruation/credentials.png "Configure credentials")
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
title: "Network"
|
||||
date: 2020-06-09T12:20:14+03:00
|
||||
draft: false
|
||||
description: "Configure settings related to the Monkey's network activity."
|
||||
---
|
||||
|
||||
Here you can control multiple important settings, such as:
|
||||
|
||||
* Network propagation depth - How many hops from the base machine will the Monkey spread
|
||||
* Local network scan - Should the Monkey attempt to attack any machine in its subnet
|
||||
* Scanner IP/subnet list - Specific IP ranges that the Monkey should try to attack.
|
|
@ -0,0 +1,178 @@
|
|||
---
|
||||
title: "Verify Integrity - Checksums"
|
||||
date: 2020-06-08T19:53:47+03:00
|
||||
draft: false
|
||||
weight: 100
|
||||
pre: "<i class='fas fa-certificate'></i> "
|
||||
---
|
||||
|
||||
The official distribution of Infection Monkey is compiled and supplied by Guardicore ([download from our official site here](https://www.guardicore.com/infectionmonkey/#download)). The team signs all software packages to certify that a particular Infection Monkey package is a valid and unaltered Infection Monkey release. Before installing Monkey, you should validate the package using the SHA-256 checksum.
|
||||
|
||||
## How to get SHA-256 checksum
|
||||
|
||||
### On Windows
|
||||
|
||||
Use the `Get-FileHash` <i class="fas fa-terminal"></i> PowerShell commandlet, like so:
|
||||
|
||||
```powershell
|
||||
Get-FileHash '.\Monkey Island v1.8.2_3536_windows.exe' | Format-List
|
||||
|
||||
# Should print
|
||||
# Algorithm : SHA256
|
||||
# Hash : 2BE528685D675C882604D98382ADB739F5BA0A7E234E3569B21F535173BD9569
|
||||
# Path : C:\Users\shay.nehmad\Desktop\work\compiled monkeys\1.8.2\Monkey Island v1.8.2_3536_windows.exe <-- Your path will be different
|
||||
```
|
||||
|
||||
### On Linux
|
||||
|
||||
Use the `sha256sum` <i class="fas fa-terminal"></i> shell command, like so:
|
||||
|
||||
```sh
|
||||
$ sha256sum monkey-linux-64
|
||||
# Should print:
|
||||
# 734dd2580f3d483210daf54c063a0a972911bbe9afb6ebc6278f86cd6b05e7ab monkey-linux-64
|
||||
```
|
||||
|
||||
## Latest version checksums
|
||||
|
||||
| Filename | Type | Version | SHA256 |
|
||||
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
||||
| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
|
||||
| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
|
||||
| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |
|
||||
| monkey-linux-32 | Linux Agent | 1.9.0 | `4c24318026239530ed2437bfef1a01147bb1f3479696eb4eee6009326ce6b380` |
|
||||
| infection_monkey_deb.tgz | Debian Package | 1.9.0 | `33c23ddae283e3aafe965d264bc88464b66db3dd6874fd7e5cbcd4e931b3bb25` |
|
||||
| infection_monkey_debzt.tgz | Debian Package | 1.9.0 | `cc53fe9632f44248357d6bd20cf8629be9baf8688468fa6d3e186dcebf10cef6` |
|
||||
| Monkey Island v1.9.0_3546_windows.exe | Windows Installer | 1.9.0 | `371f6d25e8cb16ea7ebdfd367092ee65b33db2ec35b44d96705716641eaa59e8` |
|
||||
| Monkey Island v1.9.0_3546_windowszt.exe | Windows Installer | 1.9.0 | `662c611fb83bb8c7ef5f99c5d5ae04f5758727c688238d6a3cd4c58675581695` |
|
||||
| infection_monkey_docker_docker_20200806_153913.tgz | Docker | 1.9.0 | `5da11c539045a395ced5dd572d331c4f0e9315a3ee192c06279ff4fef668b96e` |
|
||||
| infection_monkey_docker_dockerzt_20200806_154742.tgz | Docker | 1.9.0 | `a84dbaad32ae42cc2d359ffbe062aec493a7253cf706a2d45f0d0b1c230f9348` |
|
||||
| monkey-island-vmware.ova | OVA | 1.9.0 | `3861d46518e8a92e49992b26dbff9fe8e8a4ac5fd24d68e68b13e7fd3fa22247` |
|
||||
| monkey-island-vmwarezt.ova | OVA | 1.9.0 | `03d356eb35e6515146f5bd798bb62cb15c56fcdf83a5281cf6cdc9b901586026` |
|
||||
|
||||
|
||||
## Older checksums
|
||||
|
||||
| Filename | Type | Version | SHA256 |
|
||||
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
||||
| monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550` |
|
||||
| monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f` |
|
||||
| monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5` |
|
||||
| monkey-linux-32 | Linux Agent | 1.8.2 | `39d3fe1c7b33482a8cb9288d323dde17b539825ab2d736be66a9582764185478` |
|
||||
| infection_monkey_deb.tgz | Debian Package | 1.8.2 | `2a6b4b9b846566724ff985c6cc8283222b981b3495dd5a8920b6bc3f34d556e2` |
|
||||
| Monkey Island v1.8.2_3536_windows.exe | Windows Installer | 1.8.2 | `2be528685d675c882604d98382adb739f5ba0a7e234e3569b21f535173bd9569` |
|
||||
| Monkey Island v1.8.2_3536_windowszt.exe | Windows Installer | 1.8.2 | `f282ce4dd50abe54671948fb5b3baf913087459444e451660971290a72fe244a` |
|
||||
| infection_monkey_docker_docker_20200607_172156.tgz | Docker | 1.8.2 | `0e4bc731ef7e8bf19b759709672375890136c008526be454850d334d9ba5012d` |
|
||||
| infection_monkey_docker_dockerzt_20200607_172521.tgz | Docker | 1.8.2 | `0f4b0cd6fd54dc14ea50c5d2fb3fc711e9863518bd5bffd04e08a0f17eb99e75` |
|
||||
| monkey-windows-64.exe | Windows Agent | 1.8.0 | `f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7` |
|
||||
| monkey-windows-32.exe | Windows Agent | 1.8.0 | `1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08` |
|
||||
| monkey-linux-64 | Linux Agent | 1.8.0 | `d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6` |
|
||||
| monkey-linux-32 | Linux Agent | 1.8.0 | `217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2` |
|
||||
| infection_monkey_deb.tgz | Debian Package | 1.8.0 | `9c5254583ce786768ea55df8063152bd19e0f21a83e6f4f873c5dccc5a1c9d5e` |
|
||||
| infection_monkey_debzt.tgz | Debian Package | 1.8.0 | `90A0824EC98680944B15B86CF5CFA09D48EDA406300C4CAE54432DB05F486D07` |
|
||||
| Monkey Island v1.8.0_3513_windows.exe | Windows Installer | 1.8.0 | `ce9a9d0539c14ebe2a10cf3b36991b309abd7b62dd7fb7522a549d8987b0f0f4` |
|
||||
| Monkey Island v1.8.0_3514_windowszt.exe | Windows Installer | 1.8.0 | `0b535a802ac43455d702b45673859b940c1feb7702b46a6a2cbc699672b0c89d` |
|
||||
| infection_monkey_docker_docker_20200330_201419.tgz | Docker | 1.8.0 | `4f15a5008e43d8c5184456771dd9e8d70104b4ec79e34b53d230662604a7d190` |
|
||||
| infection_monkey_docker_dockerzt_20200401_174529.tgz | Docker | 1.8.0 | `d94404134d879f3d859c77454df4abd0dbca00b8cae4b1c52d3b38e847f34e4c` |
|
||||
| monkey-island-vmware.ova | OVA | 1.8.0 | `6BC4E85A0EA81045BD88E2D5A9F98F0DD40DE99E94D1E343D13FA418045A6915` |
|
||||
| monkey-island-vmwarezt.ova | OVA | 1.8.0 | `79A043D85521F94024F8B0428A7A33B4D3F5B13F9D2B83F72C73C8D0BB12ED91` |
|
||||
| monkey-linux-64 | Debian Package | 1.8.0 | `b0de3931f6b9c2d986860151e5094e4c57aafa5e3e4aced828ecba36e4ece851` |
|
||||
| infection_monkey_docker_docker_20200330_201419.tgz | Docker | 1.8.0 | `4f15a5008e43d8c5184456771dd9e8d70104b4ec79e34b53d230662604a7d190` |
|
||||
| Monkey Island v1.8.0_3513_windows.exe | Windows Installer | 1.8.0 | `ce9a9d0539c14ebe2a10cf3b36991b309abd7b62dd7fb7522a549d8987b0f0f4` |
|
||||
| monkey-windows-64.exe | Windows Agent | 1.8.0 | `f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7` |
|
||||
| monkey-linux-64 | Linux Agent | 1.8.0 | `d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6` |
|
||||
| monkey-windows-32.exe | Windows Agent | 1.8.0 | `1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08` |
|
||||
| monkey-linux-32 | Linux Agent | 1.8.0 | `217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2` |
|
||||
| infection_monkey_deb.tgz | Debian Package | 1.8.0 | `9c5254583ce786768ea55df8063152bd19e0f21a83e6f4f873c5dccc5a1c9d5e` |
|
||||
| infection_monkey_debzt.tgz | Debian Package | 1.8.0 | `90A0824EC98680944B15B86CF5CFA09D48EDA406300C4CAE54432DB05F486D07` |
|
||||
| infection_monkey_docker_docker_20200401_174048.tgz | Docker | 1.8.0 | `ae59b222a94e1ec83a1c36917bc5cd3d119057e146ac01242af91808f3dce37a` |
|
||||
| infection_monkey_docker_dockerzt_20200401_174529.tgz | Docker | 1.8.0 | `d94404134d879f3d859c77454df4abd0dbca00b8cae4b1c52d3b38e847f34e4c` |
|
||||
| Monkey Island v1.8.0_3514_windows.exe | Windows Installer | 1.8.0 | `a56bd98ca3d0dd260f26ac5ee46022fd5ca3f9081a43535b4f57cef43c345dc0` |
|
||||
| Monkey Island v1.8.0_3514_windowszt.exe | Windows Installer | 1.8.0 | `0b535a802ac43455d702b45673859b940c1feb7702b46a6a2cbc699672b0c89d` |
|
||||
| Monkey Island v1.8.0_3516_windows.exe | Windows Installer | 1.8.0 | `a31a3837d8ca722e8db10148704237b032e5ef62acc080a82ab80f009d8de6bd` |
|
||||
| Monkey Island v1.8.0_3517_windows.exe | Windows Installer | 1.8.0 | `450e9ea58a5282f506f819bdc3d4477bbc917d74ee837ca0cc3e62b4a923fef1` |
|
||||
| Monkey Island v1.8.0_3519_windows.exe | Windows Installer | 1.8.0 | `dfaf7b11b148a5648ca92887d731633f85b68dc82313616f0009eee123c47352` |
|
||||
| Monkey Island v1.8.0_3520_windows.exe | Windows Installer | 1.8.0 | `719427a7f1878555d6940485330f51e2ddb3331c96b60a1719f6e21987efb3d3` |
|
||||
| Monkey Island v1.8.0_3521_windows.exe | Windows Installer | 1.8.0 | `a9a37ec2677fc7d224c5993f914ba402c9f86c2f909dc5d649f67d08802dc847` |
|
||||
| Monkey Island v1.8.0_3522_windows.exe | Windows Installer | 1.8.0 | `4aaa5a99a108ab3cb14b9268a32ac68cb2de4a001ae0e4374ca779824981ea64` |
|
||||
| Monkey Island v1.8.0_3523_windows.exe | Windows Installer | 1.8.0 | `4f029d2683cf68e63f8b426fa19df9561add0ed169821b4fc83c2721f0939520` |
|
||||
| Monkey Island v1.8.0_3525_windows.exe | Windows Installer | 1.8.0 | `4a660cf5eda5beae844e5a62031972304eaa0432c32708f11d94dc0a501be182` |
|
||||
| Monkey Island v1.8.0_3525_windowszt.exe | Windows Installer | 1.8.0 | `980ba04ef9f6395e2885851f906ee3ed57d696a2e984aa1e7a59446a57ce0408` |
|
||||
| infection_monkey_docker_docker_20200419_160310.tgz | Docker | 1.8.0 | `999edc833484f51475db5a56e0557b59d09f520453b8077c60f7d9359b504299` |
|
||||
| infection_monkey_docker_dockerzt_20200419_160542.tgz | Docker | 1.8.0 | `87ec632837d4add968831ee7fd271871f89e5b29e251d046ebf100bc94bb755e` |
|
||||
| Monkey Island v1.8.0_3526_windows.exe | Windows Installer | 1.8.0 | `6b6c05f3575eef9b95c1624f74953e54654211de4ae1ad738b287e661f002989` |
|
||||
| Monkey Island v1.8.0_3526_windowszt.exe | Windows Installer | 1.8.0 | `f181e58820817d76274fab3ee2a7824fc0d5b1f637d7f5c7fe111eb7061844f2` |
|
||||
| Monkey Island v1.8.0_3527_windows.exe | Windows Installer | 1.8.0 | `94c2e09ca103bc22206715783616af91e58fe773a04c975d6a09d48d9a5759b2` |
|
||||
| infection_monkey_docker_docker_20200420_151527.tgz | Docker | 1.8.0 | `fe4512fd46c3be6c9416287e3a703e8453a46a17b05404ba72035036946f6dbd` |
|
||||
| infection_monkey_docker_docker_20200420_153306.tgz | Docker | 1.8.0 | `17ef5de58a49168a70085cb80063355ac489139c88d029d175a09e36524fe224` |
|
||||
| infection_monkey_docker_docker_20200420_174533.tgz | Docker | 1.8.0 | `fcf57ab8b1b77bcf678765c90798b950fd4a62019c48ebeeac37e9d3011b6b2e` |
|
||||
| infection_monkey_docker_docker_20200427_184208.tgz | Docker | 1.8.0 | `082165abd8c45d9731472ae0877fecedfbcefcff8c0003b43d4300854908f0cb` |
|
||||
| infection_monkey_docker_dockerzt_20200427_184441.tgz | Docker | 1.8.0 | `74f824ecb14f5d47182156999d5aeaf2177d719c6f53ed81b68606b2ed931647` |
|
||||
| Monkey Island v1.8.0_3528_windows.exe | Windows Installer | 1.8.0 | `baa13321c88223acd0262137ba018f9cbea869b5d1920565a5e6c8eb2c83b80e` |
|
||||
| Monkey Island v1.8.0_3528_windowszt.exe | Windows Installer | 1.8.0 | `466f7c3aa052163f10e154ec787b31a98b54ced8cffc17373525e8ca39ec2556` |
|
||||
| monkey-island-vmware.ova | OVA | 1.8.0 | `6BC4E85A0EA81045BD88E2D5A9F98F0DD40DE99E94D1E343D13FA418045A6915` |
|
||||
| monkey-island-vmwarezt.ova | OVA | 1.8.0 | `79A043D85521F94024F8B0428A7A33B4D3F5B13F9D2B83F72C73C8D0BB12ED91` |
|
||||
| monkey_island_vmware.deb | VMWare Debian | 1.7.0 | `8F77347343B1D070C4BCC43A6CF5971F086665206F76AD1304359ADB388C55DE` |
|
||||
| dk.monkeyisland.latest.tar | Docker | 1.7.0 | `E92CD45DB172342FE906FEFA7F26BACB2F59C2BE8484756B71CD1BDEBCCA8BFB` |
|
||||
| monkey-windows-32.exe | Agent | 1.7.0 | `00E121EC8AA3519498D225066A3BC29984A7DA2A6F4F0641ED465FD64107A117` |
|
||||
| Monkey Island v1.7.0.3478.exe | Windows Installer | 1.7.0 | `AFC969884939DBE37DA6B8AD4999CA6E9F18E54BA03AC0C04C59ABB6D6204634` |
|
||||
| monkey_island.deb | Debian | 1.7.0 | `4AE051BC47B39FA05937994B3D24226771D03891AB2EA484FD7B4AADC0C5E220` |
|
||||
| monkey-windows-64.exe | Agent | 1.7.0 | `BCF60E0C4BC2578361CCACDA0C183B726AF375F0142306CA9013A14BBA9B962C` |
|
||||
| monkey-linux-64 | Agent | 1.7.0 | `333529B3061473BF5EE713FA7E3DF4B05DD01823840BB92E1E715488A749B9EA` |
|
||||
| monkey-linux-32 | Agent | 1.7.0 | `EF7A72FFDDF3A54C74F458201A45B51B779A68C460A309B0D5FD247264D7137D` |
|
||||
| Monkey Island 1.7.0 OVA 20191013.ova | OVA | 1.7.0 | `EB1D568F1EA9236B3402A65484EE1F06350FF5C4097288F3FE3312474ECB48C7` |
|
||||
| dk.monkeyisland.latest.zt.tar | Docker | 1.7.0 | `C998FD7CC73F394CD39450E49586397F721D8B7F2DFA4CFE30EC797864588C72` |
|
||||
| Monkey Island v1.7.0 zt.exe | Windows Installer | 1.7.0 | `5C6DADDD3BCF0766DB515DC911DC80D7D11DFF8A72BCBBBE21DEB3C9F78B6889` |
|
||||
| monkey_island_zt.deb | Debian | 1.7.0 | `A0515FBCFD9590CEA739E1AFA95CE7FC406C5E4206A67A50C8CD2423540818C8` |
|
||||
| monkey_island_vmware_zt.deb | VMWare Debian | 1.7.0 | `80EDB3FB846251C7B80B72259837629F17A4166C34FE440451BDD7ED8CC43F7F` |
|
||||
| Monkey Island 1.7.0 ZT OVA 20191013.ova | OVA | 1.7.0 | `D220E171CF38DCD434AB4473C72CE29873A495B16FFAA8CA55658F5606398E34` |
|
||||
| infection_monkey_deb_vmware.20190519_125330.tgz | VMWare | 1.6.3 | `22e51f089e6537e2cb349b07b4bf22c7a63c68ae12776a7b5239a0238bf02a05` |
|
||||
| infection_monkey_deb_gcp.20190519_125239.tgz | GCP | 1.6.3 | `b8fdb976af8130329265bd3ad36b553864f6f7a2a2df912cfea4215584774686` |
|
||||
| infection_monkey_docker.20190519_125632.tgz | Docker | 1.6.3 | `5576e20fe8ee502a7b452b504789961aedae214e49061a58ca0f248cc72c1c78` |
|
||||
| monkey-windows-32.exe | Agent | 1.6.3 | `6f68d436a2a85852b02e4d72d4202919753a78e5285c36bd1a5481c8711b1d6b` |
|
||||
| Monkey Island v1.6.3.3468.exe | Windows Installer | 1.6.3 | `69cb63612855165db97eb3c253e5a6f627fe216e0610eca5e5e6f875281a3604` |
|
||||
| infection_monkey_deb.20190519_124555.tgz | Debian | 1.6.3 | `2389b553bd569defa4b81053984f0743b1b4093cdcfcf8561243b9d882d55e83` |
|
||||
| monkey-windows-64.exe | Agent | 1.6.3 | `502c749ede6e09b8c40bc4bbfd2a46c95d3626a1aef74c72ac7b5641595e8c9c` |
|
||||
| monkey-linux-64 | Agent | 1.6.3 | `6cfec4aea2f993294ca32f816a85347be8b155fb9c39706c82866bce8d8f87c1` |
|
||||
| monkey-linux-32 | Agent | 1.6.3 | `996b3883e9b1114b274bf25426ee13060b65f8deb08c96b57857b99d8e8e3277` |
|
||||
| Infection Monkey 1.6.3.ova | OVA | 1.6.3 | `a5b6e7d547ad4ae79508301698d99cbaf3b3ebfb1d2f0274ae1151d803def1e4` |
|
||||
| infection_monkey_deb_azure.20190519_125317.tgz | Azure | 1.6.3 | `fcf1b6bf805f4422deb90f25752573f796d5a73e148086f49db310208b02c829` |
|
||||
| infection_monkey_deb_aws.20190519_130517.tgz | AWS | 1.6.3 | `9c232f5d2f9dc24c9faea3cf597af783798baedb61334e0e650ca79bdac29fec` |
|
||||
| Infection Monkey 1.6.2.ova | OVA | 1.6.2 | `00346E6383E7BBDB107C14B668D251513E150C089A26AAFA3E17040D96C7DEC9` |
|
||||
| infection_monkey_deb.1.6.2.tgz | Debian | 1.6.2 | `56BF1D99DD6674F9D3504D5DD5A62D8B3520B4F25449ED0026E5A0DC99BD0683` |
|
||||
| infection_monkey_1.5_docker.tgz | Docker | 1.6.2 | `2466B4FFFE175EC5DEF0CAACF93EE5CC7D8878DBA63B30F148C560A6AFA5B537` |
|
||||
| Monkey Island v1.6.2.3434.exe | Windows Installer | 1.6.2 | `2B0BFD5721897787536F4F94D5641E061833CBEF0279C0E38C41BC1B3E76A380` |
|
||||
| Monkey-Linux-32 | Agent | 1.6.1 | `9E5F8FA7F85FEB1BC31E0AE7D1F303139CA3FE5FA044E6C58F68B4917D27CACE` |
|
||||
| Monkey-Linux-64 | Agent | 1.6.1 | `74F9FFBB504FF5E74EFF1399685C0C110EDE0D3244F61591D77EE7A22672457E` |
|
||||
| Monkey-Windows-32.exe | Agent | 1.6.1 | `53AC0F047CA95A0476944559F6FC650ADA865891139FA1258B35A5A525BC6002` |
|
||||
| Monkey-Windows-64.exe | Agent | 1.6.1 | `53019FD25CD4A0AE526696EB05E2EEDE32607263C5F29BE36554D637532D41C3` |
|
||||
| infection_monkey_1.5.2.ova | OVA | 1.5.2 | `6E6CAABBA7CCDB20E981147560353EC731B1FC8955D0319886D36E9825C201C7` |
|
||||
| infection_monkey_1.5_deb.tgz | Debian | 1.5.2 | `E84EFA3C20A417D13DC6EA64CB046D40ED7534A6FBB91EBF6EA061716A855A17` |
|
||||
| infection_monkey_1.5_docker.tgz | Docker | 1.5.2 | `0D33C17556FAC28874A2FE9157DB311892B42669E51C043C4DAE2F68B0D74B8F` |
|
||||
| Monkey-Linux-32 | Agent | 1.5.2 | `4DF689A845FD7092E81ECB0AB5207621836B3D46B71FB3829E5E5CF9DDAF52D0` |
|
||||
| Monkey-Linux-64 | Agent | 1.5.2 | `99FC4BB24D2EFF1CD107CCE932EA0BDC006ED2226AE0DC19DD0BC7A97ADB553F` |
|
||||
| Monkey-Windows-32.exe | Agent | 1.5.2 | `8FC1441B87BDFD786A3A262542C013E4C84AC870C847A919CDA0851F91A511B9` |
|
||||
| Monkey-Windows-64.exe | Agent | 1.5.2 | `0AE8F0AB190E8BEAE78AB12C8477C924FE92B19B1E079B279F4F87AE4BD2A718` |
|
||||
| infection_monkey_deb.20180402_184213.tgz | Debian | 1.5.1 | `4425FC97DE825715837783258FD8BCF88E87AAB3500F63D287384B9D74D54122` |
|
||||
| Monkey Island v1.5.1.3377.exe | Windows Installer | 1.5.1 | `5A137ADA97F39F4C3CA278E851D2684B929911639E2876EB4DF1D1AC5D70E27D` |
|
||||
| infection_monkey_docker.20180402_184212.tgz | Docker | 1.5.1 | `049831C3F9C959128C5C8D9843819A4ED960FF046B1536216B5FA5FF4B28D1A6` |
|
||||
| Monkey-Linux-32 | Agent | 1.6 | `665E1263347B9D0245211676496E91669809B3865ED8B5AD1878DA54A9784F5C` |
|
||||
| Monkey-Linux-64 | Agent | 1.6 | `F0D51E7431CF07A842D4D25AAE2DD8A6B9EE08744914729AF448F92088798F7F` |
|
||||
| Monkey-Windows-32.exe | Agent | 1.6 | `77AC4264715A6E7D238F8B67ED04EE75CF75C07D360A4B649CA6E31C83CE7B21` |
|
||||
| Monkey-Windows-64.exe | Agent | 1.6 | `0DEED0AA00F7D54B084EF6888731B0CFEC6382045A74B55162FDD3D00D0BE9F8` |
|
||||
| Monkey Island v1.6.0.3414.exe | Windows installer | 1.6 | `242879983A709D7CD6D7D7EEC493442B7FACC8E215CBB21650915C5EECB8829A` |
|
||||
| infection_monkey_1.6.ova | OVA | 1.6 | `831FBA09AA49940B1747164BEB6B4AF83BA04FCE35285912AB0B18A7FA1A39D8` |
|
||||
| infection_monkey_deb.1.6.tgz | Debian | 1.6 | `339EC88DD6A2AB6CB917456AA8970B0F1D36D7335E7D2EE1A34B74047F843542` |
|
||||
| infection_monkey_docker.1.6.tgz | Docker | 1.6 | `0624CF75C4D208DDC7475636CFE2869BA324DEB88C3860DB2934E7BDA3E664F6` |
|
||||
| infection_monkey.ova | OVA | 1.5 | `A6773C4DA8FF7A09C0F3FEE45A25D45830C616AACCEC14C86542462ADCDA1F89` |
|
||||
| infection_monkey_deb.20180208_175917.tgz | Debian | 1.5 | `04E3CD3CD301A44BEE508C1BF993948B89212EF3269D61FB13ECB9FDC25268DB` |
|
||||
| infection_monkey_docker.20180119_112852.tgz | Docker | 1.5 | `4D94C6BB7B4A0177CC1F3E864FB714015619ACB4DD1C4E92D8986BA093F8BD87` |
|
||||
| Monkey Island v1.5.0.exe | Windows installer | 1.5 | `A1D7725AF116AE33CEA9A0E641E61C96E51FAFCCCB598F668EB99E35DE799C7B` |
|
||||
| infection_monkey_1.5_deb.tgz | Debian | 1.5 | `1433B8A5E778F12C9E8AE4B1BCBF2863E0CC5E001D661C8540804B909B9D83C5` |
|
||||
| infection_monkey_1.5_docker.tgz | Docker | 1.5 | `22B7FDC4C213F0385AEB9F63E60665470C2862C8C1B45B5B49FBF320570A9082` |
|
||||
| Monkey Island v1.5.0.3371.exe | Windows Installer | 1.5 | `B69997E9920E73F16896D3E793AB721388E5636DB1846D4BFEC1C7A372EE2059` |
|
||||
| infection_monkey_1.5_deb.tgz | Debian | 1.5 | `00EB499FCC590950723E42784D3502B70EAD8AD396B916AF450AB1A48DF993ED` |
|
||||
| infection_monkey_1.5_docker.tgz | Docker | 1.5 | `A8670280A07EF6A9F5DC9CEB4B11B25DD7B90C37AD94666A6FFAABD6D105F0CB` |
|
||||
| Monkey Island v1.5.0.exe | Windows Installer | 1.5 | `55F39C8EEB04089F54C10C991A82FE1539BC072E1A7F364D0C720CBF0A28EBB7` |
|
||||
| Monkey-Linux-32 | Agent | 1.5 | `B85E10AEF0B6935B0AF6EFEA03C9A684859F2DD078B31D9492E98585E2E89C39` |
|
||||
| Monkey-Linux-64 | Agent | 1.5 | `44BA13A7391D4A16C46D5EF44F60B09E1EDCEB3C716C0AF4241F166619A62944` |
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
title: "Getting Started"
|
||||
date: 2020-05-26T21:01:12+03:00
|
||||
draft: false
|
||||
weight: 1
|
||||
pre: "<i class='fas fa-play-circle'></i> "
|
||||
tags: ["usage"]
|
||||
---
|
||||
|
||||
If you haven't deployed the Monkey Island yet, please [refer to our setup documentation](/setup)
|
||||
|
||||
## Using the Infection Monkey
|
||||
|
||||
After deploying the Monkey Island in your environment, navigate to `https://<server-ip>:5000`.
|
||||
|
||||
### First-time login
|
||||
|
||||
On your first login, you'll be asked to set up a username and password for the Monkey Island server. [See this page for more details](../accounts-and-security).
|
||||
|
||||
### Run the Monkey
|
||||
|
||||
To get the Infection Monkey running as fast as possible, click **Run Monkey**. Optionally, you can configure the Monkey before you continue by clicking **Configuration** (see [how to configure the monkey](../configuration)).
|
||||
|
||||
To run the monkey, select one of the following options:
|
||||
|
||||
![Run Page](/images/usage/getting-started/run_page_with_arrows.jpg "Run Page")
|
||||
|
||||
1. Click **Run on C&C Server** to run the Infection Monkey on the Monkey Island server. This simulates an attacker trying to propagate through local network from Monkey Island machine.
|
||||
2. Click **Run on machine of your choice** to download and execute the Infection Monkey on a machine of your choice. Then follow the instructions and execute the generated command on the machine of your choice. This simulates an attacker who has breached one of your servers. The Monkey will map all accessible machines and their open services and try to steal credentials and use its exploits to propagate.
|
||||
|
||||
![Run on machine of your choice](/images/usage/getting-started/run_page_button_no_arrow.jpg "Run on machine of your choice")
|
||||
|
||||
{{% notice tip %}}
|
||||
If you're running in an AWS cloud environment, check out [Usage -> Integrations](../../usage/integrations) for information about how Monkey integrates with AWS.
|
||||
{{% /notice %}}
|
||||
|
||||
### Infection Map
|
||||
|
||||
Next, click **Infection Map** to see the Infection Monkey in action.
|
||||
|
||||
![Run page to infection map page](/images/usage/getting-started/run_page_button.JPG "Run page to infection map page")
|
||||
|
||||
At first, the infection map will look like this:
|
||||
|
||||
![Start of Monkey execution](/images/usage/getting-started/run_island.JPG "Start of Monkey execution")
|
||||
|
||||
Within a few minutes, the Infection Monkey should be able to find and attack accessible machines.
|
||||
|
||||
![Middle of Monkey execution](/images/usage/getting-started/single_exploitation.JPG "Middle of Monkey execution")
|
||||
|
||||
As the Infection Monkey continues, the map should be filled with accessible and “hacked” machines. Once all the Infection Monkeys have finished propagating, click **Reports** to see the reports. See [Infection Monkey Reports](../reports) for more info.
|
||||
|
||||
![End of Monkey execution](/images/usage/getting-started/exploitation_tunneling_arrow.jpg "End of Monkey execution")
|
||||
|
||||
Congratulations, you finished first successful execution of the Infection Monkey! 🎉 To thoroughly test your network, you can run the Infection Monkey from different starting locations using different configurations.
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
title: "Integrations"
|
||||
date: 2020-06-28T10:38:05+03:00
|
||||
draft: false
|
||||
chapter: true
|
||||
weight: 10
|
||||
pre: "<i class='fas fa-directions'></i> "
|
||||
---
|
||||
|
||||
# Integrate the Monkey with 3rd party software
|
||||
|
||||
The Monkey likes working together. See these documentation pages for information on each integration the Monkey currently offers:
|
||||
|
||||
{{% children description=true %}}
|
|
@ -0,0 +1,150 @@
|
|||
---
|
||||
title: "Running the monkey on AWS EC2 instances"
|
||||
date: 2020-06-28T10:44:05+03:00
|
||||
draft: false
|
||||
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
|
||||
tags: ["aws", "integration"]
|
||||
---
|
||||
|
||||
## When to use this feature
|
||||
|
||||
If your network is deployed on Amazon Web Services (with EC2 instances), and you'd like to run the Infection Monkey in order to test it, this page is for you. You can easily run the monkey on **various instances** within your network - in a secure fashion, **without** feeding the Island with any credentials or running shell commands on the machines you want to test.
|
||||
|
||||
The results will be exported to AWS security hub automatically, as well. To see more information about that, see the [Infection Monkey and AWS Security Hub documentation](https://github.com/guardicore/monkey/wiki/Infection-Monkey-and-AWS-Security-Hub).
|
||||
|
||||
![AWS EC2 logo](/images/usage/integrations/aws-ec2.svg?height=250px "AWS EC2 logo")
|
||||
|
||||
## Setup
|
||||
|
||||
Assuming your network is already set up in AWS EC2, follow these quick steps to get up and running.
|
||||
|
||||
### Monkey Island deployment
|
||||
|
||||
In order to run the Monkeys directly from the Monkey Island server, you need to deploy the Monkey Island server to an AWS EC2 instance in the same network which you want to test. For information about deploying the Monkey Island server, see [setup](../../../setup).
|
||||
|
||||
### Setup IAM roles
|
||||
|
||||
In order for the Island to successfully view your instances, you'll need to set appropriate IAM roles to your instances. You can read more about IAM roles [in Amazon's documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html), but it's not necessary in order to follow this setup.
|
||||
|
||||
#### Creating a custom IAM role
|
||||
|
||||
Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should like something like this:
|
||||
|
||||
![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
|
||||
|
||||
#### Applying the IAM role to an instance
|
||||
|
||||
For each instance you'd like to access from the island, apply the new IAM role you've just created to the instance. For example:
|
||||
|
||||
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-4.png "Applying a custom IAM role")
|
||||
|
||||
After applying the IAM role you should see this screen:
|
||||
|
||||
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-5.png "Applying a custom IAM role")
|
||||
|
||||
**Note: after setting IAM roles, the roles might take a few minutes (up to 10 minutes sometimes) to effectively kick in.** This is how AWS works and is not related to the Monkey implementation. See [this StackOverflow thread for more details.](https://stackoverflow.com/questions/20156043/how-long-should-i-wait-after-applying-an-aws-iam-policy-before-it-is-valid)
|
||||
|
||||
### Setup SSM agent
|
||||
|
||||
If your EC2 instances don't have the _SSM agent_ installed, they will not be able to execute SSM commands, which means you won't see them in the AWS machines table on the monkey island. Generally speaking, most new EC2 instances ought to have SSM pre-installed; The SSM Agent is installed, by default, on Amazon Linux base AMIs dated 2017.09 and later, and on Amazon Linux 2, Ubuntu Server 16.04, and Ubuntu Server 18.04 LTS AMIs.
|
||||
|
||||
See [Amazon's documentation about working with SSM agents](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) for more details on how to check if you have an SSM agent and how to manually install one if you don't have one.
|
||||
|
||||
## Usage
|
||||
|
||||
### Running the monkey
|
||||
|
||||
When you run the monkey island on an AWS instance, the island detects it's running on AWS and present the following option in the _"Run Monkey"_ page, like so:
|
||||
|
||||
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-1.png "Running a Monkey on EC2 Instance")
|
||||
|
||||
And then you can choose one of the available instances as "patient zero" like so:
|
||||
|
||||
1. Click on "Run on AWS"
|
||||
2. Choose the relevant Network Interface
|
||||
3. Select the machines you'd like to run the Monkey on
|
||||
4. Click "Run on Selected Machines", and watch the monkey go! 🐒
|
||||
|
||||
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-2.png "Running a Monkey on EC2 Instance")
|
||||
|
||||
## Notes
|
||||
|
||||
- The machines which can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in AWS IAM documentation.
|
||||
- You can see the monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
|
||||
|
||||
### Appendix A: Specific policy permissions required
|
||||
|
||||
The IAM role will need to have, at least, the following specific permissions:
|
||||
|
||||
#### For executing the Monkey on other machines - SSM
|
||||
|
||||
- `"ssm:SendCommand"`
|
||||
- `"ssm:DescribeInstanceInformation"`
|
||||
- `"ssm:GetCommandInvocation"`
|
||||
|
||||
Here's the policy of the IAM role, as a JSON object:
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "VisualEditor0",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ssm:SendCommand",
|
||||
"ssm:DescribeInstanceInformation",
|
||||
"ssm:GetCommandInvocation"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
#### For exporting security findings to the Security Hub - security hub
|
||||
|
||||
_Note: these can be set on the Monkey Island machine alone, since it's the only one exporting findings to the AWS secutiry hub._
|
||||
|
||||
- `"securityhub:UpdateFindings"`
|
||||
- `"securityhub:BatchImportFindings"`
|
||||
|
||||
Here's the policy for SecurityHub, as a JSON object:
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "VisualEditor0",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"securityhub:UpdateFindings",
|
||||
"securityhub:BatchImportFindings"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
The JSON object for both of the policies combined therefore is:
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "VisualEditor0",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ssm:SendCommand",
|
||||
"ssm:DescribeInstanceInformation",
|
||||
"securityhub:UpdateFindings",
|
||||
"securityhub:BatchImportFindings",
|
||||
"ssm:GetCommandInvocation"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
|
@ -0,0 +1,43 @@
|
|||
---
|
||||
title: "AWS Security Hub integration"
|
||||
date: 2020-06-28T10:38:12+03:00
|
||||
draft: false
|
||||
description: "Correlate the Monkey's findings with the native security solutions and benchmark scores."
|
||||
tags: ["aws", "integration"]
|
||||
---
|
||||
|
||||
The Infection Monkey integration with the [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score.
|
||||
|
||||
![AWS security hub logo](/images/usage/integrations/AWS-Security-Hub-logo.png "AWS security hub logo")
|
||||
|
||||
The integration will send _all_ Infection Monkey findings (typically low tens of findings) to the security hub at the end of a Monkey breach simulation.
|
||||
|
||||
## Setup
|
||||
|
||||
If the correct permissions have been set on the AWS IAM role of the Monkey Island machine, then the Island will automatically export its findings to the AWS security hub.
|
||||
|
||||
### Specific permissions required for security hub
|
||||
|
||||
- `"securityhub:UpdateFindings"`
|
||||
- `"securityhub:BatchImportFindings"`
|
||||
|
||||
Note that the integration is specifically between your Monkey Island and the security hub. The Infection Monkey is an free project and there is no centralised infrastructure.
|
||||
|
||||
## Integration details
|
||||
|
||||
The Infection Monkey reports the following types of issues to the AWS security hub: `Software and Configuration Checks/Vulnerabilities/CVE`.
|
||||
|
||||
Specifically, the Island sends findings for all vulnerabilities it finds along with generic findings on the network (such as segmentation issues). Our normalized severity is 100, while most issues we report range between 1 and 10.
|
||||
|
||||
## Regions
|
||||
|
||||
The Infection Monkey is usable on all public AWS instances.
|
||||
|
||||
## Example
|
||||
|
||||
After setting up a monkey environment in AWS and attaching the correct IAM roles to the monkey island machine, the report findings were exported to the security hub.
|
||||
|
||||
1. Navigate to `Findings`.
|
||||
2. Press on a specific finding to see more details and possible solutions.
|
||||
|
||||
![AWS Security hub console example](images/usage/integrations/security-hub-console-example.png "AWS Security hub console example")
|
|
@ -0,0 +1,13 @@
|
|||
+++
|
||||
title = "Reports"
|
||||
date = 2020-06-24T21:16:03+03:00
|
||||
weight = 5
|
||||
chapter = true
|
||||
pre = "<i class='fas fa-scroll'></i> "
|
||||
+++
|
||||
|
||||
# Infection Monkey's Reports
|
||||
|
||||
The Monkey offers three reports:
|
||||
|
||||
{{% children %}}
|
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
title: "MITRE ATT&CK report"
|
||||
date: 2020-06-24T21:17:18+03:00
|
||||
draft: false
|
||||
---
|
||||
|
||||
{{% notice info %}}
|
||||
Check out [the documentation for the other reports as well](../).
|
||||
{{% /notice %}}
|
||||
|
||||
The Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base: It provides a new report with the utilized techniques and recommended mitigations, to help you simulate an APT attack on your network and mitigate real attack paths intelligently.
|
||||
|
||||
Watch an overview video:
|
||||
|
||||
{{% youtube 3tNrlutqazQ %}}
|
||||
|
||||
## How to use the report
|
||||
|
||||
The MITRE ATT&CK report is centred around the ATT&CK matrix:
|
||||
|
||||
![MITRE Report](/images/usage/reports/mitre-report-0.png "MITRE Report")
|
||||
|
||||
The Monkey rates your network on the attack techniques it attempted. For each technique, you can get
|
||||
|
||||
- {{< label danger Red >}}: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed.
|
||||
- {{< label warning Yellow >}}: The Monkey **tried to use** the technique, but didn’t manage to. That means your network isn’t vulnerable to the way Monkey employs this technique.
|
||||
- {{< label unused "Dark Gray" >}}: The Monkey **didn't try** the technique. Perhaps it wasn't relevant to this network.
|
||||
- {{< label disabled "Light Gray" >}}: The Monkey **didn't try** the technique since it wasn't configured.
|
||||
|
||||
Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, let’s look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique that’s a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:
|
||||
|
||||
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.png "MITRE Report Credentials Access technique")
|
||||
|
||||
In this example, you can see how the Monkey was able to use one old `root` password to access all machines in the network. When scrolling to the bottom of this list, you can also see the mitigation recommended, including **Account Use Policies** and implementing **Multiple Factor Authentication**.
|
||||
|
||||
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access-mitigations.png "MITRE Report Credentials Access technique")
|
Binary file not shown.
|
@ -0,0 +1,97 @@
|
|||
---
|
||||
title: "Security report"
|
||||
date: 2020-06-24T21:16:10+03:00
|
||||
draft: false
|
||||
---
|
||||
|
||||
{{% notice info %}}
|
||||
Check out [the documentation for the other reports as well](../).
|
||||
{{% /notice %}}
|
||||
|
||||
The Monkey's Security Report is built to provide you with actionable recommendations and insight to the Attacker's view of your network. You can download a PDF of this example report:
|
||||
|
||||
{{%attachments title="Download the PDF" pattern=".*(pdf)"/%}}
|
||||
|
||||
The report is split into 3 main categories: "Overview", "Recommendations" and "The network from the Monkey's eyes".
|
||||
|
||||
- [Overview](#overview)
|
||||
- [High level information](#high-level-information)
|
||||
- [Used Credentials](#used-credentials)
|
||||
- [Exploits and targets](#exploits-and-targets)
|
||||
- [Security Findings](#security-findings)
|
||||
- [Recommendations](#recommendations)
|
||||
- [Machine related recommendations relating to specific CVEs](#machine-related-recommendations-relating-to-specific-cves)
|
||||
- [Machine related recommendations relating to network security and segmentation](#machine-related-recommendations-relating-to-network-security-and-segmentation)
|
||||
- [The network from the Monkey's eyes](#the-network-from-the-monkeys-eyes)
|
||||
- [Network infection map](#network-infection-map)
|
||||
- [Scanned servers](#scanned-servers)
|
||||
- [Exploits and post-breach actions](#exploits-and-post-breach-actions)
|
||||
- [Stolen Credentials](#stolen-credentials)
|
||||
|
||||
## Overview
|
||||
|
||||
The overview section of the report provides high-level information about the Monkey execution and the main security findings that the Monkey has found.
|
||||
|
||||
### High level information
|
||||
|
||||
The report starts with information about the execution, including how long the simulation took and from which machine the infection started from.
|
||||
|
||||
![Overview](/images/usage/reports/sec_report_1_overview.png "Overview")
|
||||
|
||||
### Used Credentials
|
||||
|
||||
The report will show which credentials were used for brute-forcing.
|
||||
|
||||
![Used Credentials](/images/usage/reports/sec_report_2_users_passwords.png "Used Credentials")
|
||||
|
||||
### Exploits and targets
|
||||
|
||||
The report shows which exploits were attempted in this simulation and which targets the Monkey scanned and tried to exploit.
|
||||
|
||||
![Exploits and Targets](/images/usage/reports/sec_report_3_exploits_ips.png "Exploits and Targets")
|
||||
|
||||
### Security Findings
|
||||
|
||||
The report highlights the most important security threats and issues the Monkey discovered during the attack.
|
||||
|
||||
![Threats and issues](/images/usage/reports/sec_report_4_threats_and_issues.png "Threats and issues")
|
||||
|
||||
## Recommendations
|
||||
|
||||
This section contains the Monkey's recommendations for improving your security - what mitigations you need to implement.
|
||||
|
||||
### Machine related recommendations relating to specific CVEs
|
||||
|
||||
![Machine related recommendations](/images/usage/reports/sec_report_5_machine_related.png "Machine related recommendations")
|
||||
|
||||
### Machine related recommendations relating to network security and segmentation
|
||||
|
||||
![Machine related recommendations](/images/usage/reports/sec_report_6_machine_related_network.png "Machine related recommendations")
|
||||
|
||||
## The network from the Monkey's eyes
|
||||
|
||||
This section contains the Infection Map and some summary tables on servers the Monkey has found.
|
||||
|
||||
### Network infection map
|
||||
|
||||
This part shows the network map and a breakdown of how many machines were breached.
|
||||
|
||||
![Network map](/images/usage/reports/sec_report_7_network_map.png "Network map")
|
||||
|
||||
### Scanned servers
|
||||
|
||||
This part shows the attack surface the Monkey has found.
|
||||
|
||||
![Scanned servers](/images/usage/reports/sec_report_8_network_services.png "Scanned servers")
|
||||
|
||||
### Exploits and post-breach actions
|
||||
|
||||
This part shows which exploits and Post Breach Actions the Monkey has performed in this simulation.
|
||||
|
||||
![Exploits and PBAs](/images/usage/reports/sec_report_9_exploits_pbas.png "Exploits and PBAs")
|
||||
|
||||
### Stolen Credentials
|
||||
|
||||
This part shows which credentials the Monkey was able to steal from breached machines in this simulation.
|
||||
|
||||
![Stolen creds](/images/usage/reports/sec_report_10_stolen_credentials.png "Stolen creds")
|
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
title: "Zero Trust report"
|
||||
date: 2020-06-24T21:16:18+03:00
|
||||
draft: false
|
||||
---
|
||||
|
||||
{{% notice info %}}
|
||||
Check out [the documentation for the other reports as well](../).
|
||||
{{% /notice %}}
|
||||
|
||||
The Guardicore Infection Monkey runs different tests to evaluate your network adherence to key components of the Zero Trust framework as established by Forrester, such as whether you have applied segmentation, user identity, encryption and more. Then, the Monkey generates a status report with detailed explanations of security gaps and prescriptive instructions on how to rectify them.
|
||||
|
||||
## Summary
|
||||
|
||||
This diagram provides a quick glance at how your organization scores on each component of the Forrester’s Zero Trust model with **Failed**, **Verify**, **Passed** and **Unexecuted** verdicts.
|
||||
|
||||
- {{< label danger Failed >}} At least one of the tests related to this component failed. This means that the Infection Monkey detected an unmet Zero Trust requirement.
|
||||
- {{< label warning Verify >}} At least one of the tests’ results related to this component requires further manual verification.
|
||||
- {{< label success Passed >}} All Tests related to this pillar passed. No violation of a Zero Trust guiding principle was detected.
|
||||
- {{< label other Unexecuted >}} This status means no tests were executed for this pillar.
|
||||
|
||||
![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary")
|
||||
|
||||
## Test Results
|
||||
|
||||
See how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust components so you can quickly navigate to the components you care about first.
|
||||
|
||||
![Zero Trust Report test results](/images/usage/reports/ztreport2.png "Zero Trust Report test results")
|
||||
|
||||
## Findings
|
||||
|
||||
Deep-dive into the details of each test, and see the explicit events and exact timestamps in which things happened in your network. This will enable you to match up with your SOC logs and alerts and to gain deeper insight as to what exactly happened during each of the tests.
|
||||
|
||||
![Zero Trust Report Findings](/images/usage/reports/ztreport3.png "Zero Trust Report Findings")
|
||||
|
||||
## Events
|
||||
|
||||
The results are exportable. Click Export after clicking on Events to view them in a machine-readable format.
|
||||
|
||||
![Zero Trust Report events](/images/usage/reports/ztreport4.png "Zero Trust Report events")
|
||||
|
||||
## Overview Video
|
||||
|
||||
You can check out an overview video here:
|
||||
|
||||
{{% youtube z4FNu3WCd9o %}}
|
|
@ -0,0 +1,21 @@
|
|||
+++
|
||||
title = "Use Cases"
|
||||
date = 2020-08-12T12:52:59+03:00
|
||||
weight = 3
|
||||
chapter = true
|
||||
pre = "<i class='fas fa-map-marked-alt'></i> "
|
||||
+++
|
||||
|
||||
# Use cases
|
||||
|
||||
This section describes possible use cases for the Infection Monkey and helps to
|
||||
understand how this tool can be configured.
|
||||
You can also refer to [our FAQ](../../faq) for more specific questions and answers.
|
||||
|
||||
{{% notice note %}}
|
||||
No worries! The Monkey uses safe exploiters and does not cause any permanent system modifications that impact security or operations.
|
||||
{{% /notice %}}
|
||||
|
||||
## Section contents
|
||||
|
||||
{{% children description=True %}}
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
title: "Credential Leak"
|
||||
date: 2020-08-12T13:04:25+03:00
|
||||
draft: false
|
||||
description: "Assess the impact of successful phishing attack, insider threat, or other form of credentials leak."
|
||||
weight: 4
|
||||
---
|
||||
|
||||
## Overview
|
||||
|
||||
Numerous attack techniques(from phishing to dumpster diving) might result in a credential leak,
|
||||
which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
|
||||
|
||||
Infection Monkey can help assess the impact of stolen credentials by automatically searching
|
||||
where these credentials can be reused.
|
||||
|
||||
## Configuration
|
||||
|
||||
#### Important configuration values:
|
||||
|
||||
- **Exploits -> Credentials** After setting up the Island add the users’ **real** credentials
|
||||
(usernames and passwords) to the Monkey’s configuration (Don’t worry, this sensitive data is not accessible and is not
|
||||
distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Island’s configuration).
|
||||
- **Internal -> Exploits -> SSH keypair list** Monkey automatically gathers SSH keys on the current system.
|
||||
For this to work, Monkey Island or initial Monkey needs to have access to SSH key files(grant permission or run Monkey as root).
|
||||
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Monkey
|
||||
(content of keys will not be displayed, it will appear as `<Object>`).
|
||||
|
||||
To simulate the damage from a successful phishing attack using the Infection Monkey, choose machines in your network
|
||||
from potentially problematic group of machines, such as the laptop of one of your heavy email users or
|
||||
one of your strong IT users (think of people who are more likely to correspond with people outside of
|
||||
your organization). Execute the Monkey on chosen machines by clicking on “**1. Run Monkey**” from the left sidebar menu
|
||||
and choosing “**Run on machine of your choice**”.
|
||||
|
||||
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
|
||||
|
||||
## Assessing results
|
||||
|
||||
To assess the impact of leaked credentials see Security report. It's possible, that credential leak resulted in even
|
||||
more leaked credentials, for that look into **Security report -> Stolen credentials**.
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
title: "IDS/IPS Test"
|
||||
date: 2020-08-12T13:07:47+03:00
|
||||
draft: false
|
||||
description: "Test your network defence solutions."
|
||||
weight: 5
|
||||
---
|
||||
|
||||
## Overview
|
||||
|
||||
The Infection Monkey can help you verify that your security solutions are working the way you expected them to.
|
||||
These may include your IR and SOC teams, your SIEM, your firewall, your endpoint security solution, and more.
|
||||
|
||||
## Configuration
|
||||
|
||||
#### Important configuration values:
|
||||
|
||||
- **Monkey -> Post breach** Post breach actions simulate the actions an attacker would make on infected system.
|
||||
To test something not present on the tool, you can provide your own file or command to be ran.
|
||||
|
||||
The default configuration is good enough for many cases, but configuring testing scope and adding brute-force
|
||||
credentials is a good bet in any scenario.
|
||||
|
||||
Running the Monkey on both the Island and on a few other machines in the network manually is also recommended,
|
||||
as it increases coverage and propagation rates.
|
||||
|
||||
|
||||
![Post breach configuration](/images/usage/use-cases/ids-test.PNG "Post breach configuration")
|
||||
|
||||
## Assessing results
|
||||
|
||||
After running the Monkey, follow the Monkeys’ actions on the Monkey Island’s infection map.
|
||||
|
||||
Now you can match this activity from the Monkey timeline display to your internal SIEM and make sure your security
|
||||
solutions are identifying and correctly alerting on different attacks.
|
||||
|
||||
- The red arrows indicate successful exploitations. If you see red arrows, those incidents ought to be reported as
|
||||
exploitation attempts, so check whether you are receiving alerts from your security systems as expected.
|
||||
- The orange arrows indicate scanning activity, usually used by attackers to locate potential vulnerabilities.
|
||||
If you see orange arrows, those incidents ought to be reported as scanning attempts (and possibly as segmentation violations).
|
||||
- The blue arrows indicate tunneling activity, usually used by attackers to infiltrate “protected” networks from
|
||||
the Internet. Perhaps someone is trying to bypass your firewall to gain access to a protected service in your network?
|
||||
Check if your micro-segmentation / firewall solution identify or report anything.
|
||||
|
||||
While running this scenario, be on the lookout for the action that should arise:
|
||||
Did you get a phone call telling you about suspicious activity inside your network? Are events flowing
|
||||
into your security events aggregators? Are you getting emails from your IR teams?
|
||||
Is the endpoint protection software you installed on machines in the network reporting on anything? Are your
|
||||
compliance scanners detecting anything wrong?
|
||||
|
||||
Lastly, check Zero Trust and Mitre ATT&CK reports, to see which attacks can be executed on the network and how to
|
||||
fix it.
|
||||
|
||||
![Map](/images/usage/use-cases/map-full-cropped.png "Map")
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
---
|
||||
title: "Network Breach"
|
||||
date: 2020-08-12T13:04:55+03:00
|
||||
draft: false
|
||||
description: "Simulate an internal network breach and assess the potential impact."
|
||||
weight: 1
|
||||
---
|
||||
|
||||
## Overview
|
||||
|
||||
Whether it was the [Hex-men campaign](https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit your
|
||||
Internet-facing DB server, a [cryptomining operation that attacked your WordPress site](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/)
|
||||
or any other malicious campaign – the attackers are now trying to go deeper into your network.
|
||||
|
||||
Infection Monkey will help you assess the impact of internal network breach, by trying to propagate within it
|
||||
using service vulnerabilities, brute-forcing and other safe attack methods.
|
||||
|
||||
## Configuration
|
||||
|
||||
#### Important configuration values:
|
||||
- **Exploits -> Exploits** You can review the exploits Infection Monkey will be using. By default all
|
||||
safe exploiters are selected.
|
||||
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. We use most popular passwords
|
||||
and usernames, but feel free to adjust it according to your native language and other factors. Keep in mind that long
|
||||
lists means longer scanning times.
|
||||
- **Network -> Scope** Make sure to properly configure the scope of the scan. You can select **Local network scan**
|
||||
and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached or you can fine tune it by providing
|
||||
specific network ranges in **Scan target list**. Scanning local network is more realistic, but providing specific
|
||||
targets will make scanning process substantially faster.
|
||||
- **(Optional) Internal -> Network -> TCP scanner** You can add custom ports your organization is using.
|
||||
- **(Optional) Monkey -> Post Breach Actions** If you only want to test propagation in the network, you can turn off
|
||||
all post breach actions. These actions simulate attacker's behaviour after getting access to a new system, but in no
|
||||
way helps to exploit new machines.
|
||||
|
||||
![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector")
|
||||
|
||||
## Assessing results
|
||||
|
||||
Check infection map and security report to see how far monkey managed to propagate in the network and which
|
||||
vulnerabilities it used in doing so. If you left post breach actions selected, you should also check ATT&CK and
|
||||
Zero Trust reports.
|
||||
|
||||
![Map](/images/usage/use-cases/map-full-cropped.png "Map")
|
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
title: "Network Segmentation"
|
||||
date: 2020-08-12T13:05:05+03:00
|
||||
draft: false
|
||||
description: "Test network segmentation policies for apps that need ringfencing or tiers that require microsegmentation."
|
||||
weight: 3
|
||||
---
|
||||
|
||||
## Overview
|
||||
|
||||
Segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to
|
||||
isolate workloads from one another and secure them individually, typically using policies.
|
||||
A useful way to test the effectiveness of your segmentation is to ensure that your network segments are
|
||||
properly separated, e,g, your Development is separated from your Production, your applications are separated from one
|
||||
another etc. To security test is to verify that your network segmentation is configured properly. This way you make
|
||||
sure that even if a certain attacker has breached your defenses, it can’t move laterally from point A to point B.
|
||||
|
||||
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing
|
||||
the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with
|
||||
its cross-segment traffic testing feature.
|
||||
|
||||
## Configuration
|
||||
|
||||
#### Important configuration values:
|
||||
|
||||
- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
|
||||
subnets that should be segregated from each other. If any of provided networks can reach each other, you'll see it
|
||||
in security report.
|
||||
- **(Optional) Network -> Scope** You can disable **Local network scan** and leave other options by default if you only want to
|
||||
test for network segmentation without any lateral movement.
|
||||
- **(Optional) Monkey -> Post Breach Actions** If you only want to test segmentation in the network, you can turn off
|
||||
all post breach actions. These actions simulate attacker's behaviour after getting access to a new system, so they
|
||||
might trigger your defence solutions which will interrupt segmentation test.
|
||||
|
||||
Execute Monkeys on machines in different subnetworks manually, by choosing “**1. Run Monkey**” from the left sidebar menu
|
||||
and clicking on “**Run on machine of your choice**”.
|
||||
Alternatively, you could provide valid credentials and allow Monkey to propagate to relevant subnetworks by itself.
|
||||
|
||||
Note that if Monkey can't communicate to the Island, it will
|
||||
not be able to send scan results, so make sure all machines can reach the island.
|
||||
|
||||
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
|
||||
|
||||
|
||||
## Assessing results
|
||||
|
||||
Check infection map and security report for segmentation problems. Ideally, all scanned nodes should only have
|
||||
edges with the Island Server.
|
||||
|
||||
![Map](/images/usage/use-cases/segmentation-map.PNG "Map")
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
title: "Other"
|
||||
date: 2020-08-12T13:07:55+03:00
|
||||
draft: false
|
||||
description: "Tips and tricks about configuring monkey for your needs."
|
||||
weight: 100
|
||||
---
|
||||
|
||||
## Overview
|
||||
|
||||
This page provides additional information about configuring monkeys, tips and tricks and creative usage scenarios.
|
||||
|
||||
## ATT&CK & Zero Trust scanning
|
||||
|
||||
You can use **ATT&CK** configuration section to select which techniques you want to scan. Keep in mind that ATT&CK
|
||||
matrix configuration just changes the overall configuration by modifying related fields, thus you should start by
|
||||
modifying and saving the matrix. After that you can change credentials and scope of the scan, but exploiters,
|
||||
post breach actions and other configuration values will be already chosen based on ATT&CK matrix and shouldn't be
|
||||
modified.
|
||||
|
||||
There's currently no way to configure monkey using Zero Trust framework, but regardless of configuration options,
|
||||
you'll always be able to see ATT&CK and Zero Trust reports.
|
||||
|
||||
## Tips and tricks
|
||||
|
||||
- Use **Monkey -> Persistent scanning** configuration section to either have periodic scans or to increase
|
||||
reliability of exploitations.
|
||||
|
||||
- To increase propagation run monkey as root/administrator. This will ensure that monkey will gather credentials
|
||||
on current system and use them to move laterally.
|
||||
|
||||
- Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the island’s configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
|
||||
|
||||
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
|
||||
|
||||
- To see the Monkey executing in real-time on your servers, add the **post-breach action** command: `wall “Infection Monkey was here”`. This post breach command will broadcast a message across all open terminals on the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server. let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored inside your network. See below:
|
||||
|
||||
![How to configure post breach commands](/images/usage/scenarios/pba-example.png "How to configure post breach commands.")
|
||||
|
||||
- If you're scanning a large network, consider narrowing the scope and scanning it bit by bit if scan times become too
|
||||
long. Lowering the amount of credentials, exploiters or post breach actions can also help to lower scanning times.
|
||||
|
|
@ -0,0 +1 @@
|
|||
<link rel="shortcut icon" href="{{ .Site.BaseURL }}/images/favicon.ico" type="image/x-icon" />
|
|
@ -0,0 +1,8 @@
|
|||
<div style="width: 100%;">
|
||||
<a id="logo" href="{{ .Site.BaseURL }}" style="width: 100%;">
|
||||
<video autoplay loop muted playsinline style="width: 100%;">
|
||||
<source src="{{ .Site.BaseURL }}/images/logo.webm" type="video/webm">
|
||||
<source src="{{ .Site.BaseURL }}/images/logo.mp4" type="video/mp4">
|
||||
</video>
|
||||
</a>
|
||||
</div>
|
|
@ -0,0 +1,92 @@
|
|||
<link rel="stylesheet" href="css/bootstrap-grid.min.css">
|
||||
<!-- Lifting specific elements from bootstrap -->
|
||||
<style>
|
||||
.justify-content-start {
|
||||
-ms-flex-pack: start !important;
|
||||
justify-content: flex-start !important;
|
||||
}
|
||||
|
||||
.justify-content-end {
|
||||
-ms-flex-pack: end !important;
|
||||
justify-content: flex-end !important;
|
||||
}
|
||||
|
||||
.justify-content-center {
|
||||
-ms-flex-pack: center !important;
|
||||
justify-content: center !important;
|
||||
}
|
||||
|
||||
.justify-content-between {
|
||||
-ms-flex-pack: justify !important;
|
||||
justify-content: space-between !important;
|
||||
}
|
||||
|
||||
.justify-content-around {
|
||||
-ms-flex-pack: distribute !important;
|
||||
justify-content: space-around !important;
|
||||
}
|
||||
|
||||
.shadow {
|
||||
box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15) !important;
|
||||
}
|
||||
.d-block {
|
||||
display: block !important;
|
||||
}
|
||||
.text-center {
|
||||
text-align: center !important;
|
||||
}
|
||||
.mb-4,
|
||||
.my-4 {
|
||||
margin-bottom: 1.5rem !important;
|
||||
}
|
||||
.pr-4,
|
||||
.px-4 {
|
||||
padding-right: 1.5rem !important;
|
||||
}
|
||||
.pt-5,
|
||||
.py-5 {
|
||||
padding-top: 3rem !important;
|
||||
}
|
||||
.mb-3,
|
||||
.my-3 {
|
||||
margin-bottom: 1rem !important;
|
||||
}
|
||||
.mt-0,
|
||||
.my-0 {
|
||||
margin-top: 0 !important;
|
||||
}
|
||||
</style>
|
||||
<section id="homepage-shortcuts">
|
||||
<div class="container">
|
||||
<div class="row justify-content-center">
|
||||
<div class="col-lg-3 col-sm-6 mb-3">
|
||||
<a href="setup/" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||
<i class="fas fa-cogs d-block mb-4" style="font-size: x-large;"></i>
|
||||
<h4 class="mb-3 mt-0">Setup</h4>
|
||||
<p class="mb-0">See how to install the Infection Monkey.</p>
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-3 col-sm-6 mb-3">
|
||||
<a href="usage/getting-started/" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||
<i class="fas fa-play-circle d-block mb-4" style="font-size: x-large;"></i>
|
||||
<h4 class="mb-3 mt-0">Getting Started</h4>
|
||||
<p class="mb-0">Set the Monkey wild in your datacenter.</p>
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-3 col-sm-6 mb-3">
|
||||
<a href="usage/use-cases" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||
<i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i>
|
||||
<h4 class="mb-3 mt-0">Use Cases</h4>
|
||||
<p class="mb-0">Learn about use cases of the Infection Monkey.</p>
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-3 col-sm-6 mb-3">
|
||||
<a href="faq/" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||
<i class="fas fa-question d-block mb-4" style="font-size: x-large;"></i>
|
||||
<h4 class="mb-3 mt-0">FAQs</h4>
|
||||
<p class="mb-0">Read common questions and answers.</p>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
|
@ -0,0 +1 @@
|
|||
<span class="label {{ .Get 0 }}"><strong>{{ .Get 1 }}</strong></span>
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,15 @@
|
|||
/*!
|
||||
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||
*/
|
||||
@font-face {
|
||||
font-family: 'Font Awesome 5 Brands';
|
||||
font-style: normal;
|
||||
font-weight: 400;
|
||||
font-display: block;
|
||||
src: url("../webfonts/fa-brands-400.eot");
|
||||
src: url("../webfonts/fa-brands-400.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-brands-400.woff2") format("woff2"), url("../webfonts/fa-brands-400.woff") format("woff"), url("../webfonts/fa-brands-400.ttf") format("truetype"), url("../webfonts/fa-brands-400.svg#fontawesome") format("svg"); }
|
||||
|
||||
.fab {
|
||||
font-family: 'Font Awesome 5 Brands';
|
||||
font-weight: 400; }
|
|
@ -0,0 +1,5 @@
|
|||
/*!
|
||||
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||
*/
|
||||
@font-face{font-family:"Font Awesome 5 Brands";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-brands-400.eot);src:url(../webfonts/fa-brands-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-brands-400.woff2) format("woff2"),url(../webfonts/fa-brands-400.woff) format("woff"),url(../webfonts/fa-brands-400.ttf) format("truetype"),url(../webfonts/fa-brands-400.svg#fontawesome) format("svg")}.fab{font-family:"Font Awesome 5 Brands";font-weight:400}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,13 @@
|
|||
.label {
|
||||
color: white;
|
||||
padding: 3px;
|
||||
border-radius: 5px;
|
||||
-moz-border-radius: 5px;
|
||||
}
|
||||
|
||||
.success {background-color: #4CAF50;} /* Green */
|
||||
.info {background-color: #2196F3;} /* Blue */
|
||||
.warning {background-color: #ff9800;} /* Orange */
|
||||
.danger {background-color: #f44336;} /* Red */
|
||||
.unused {background-color: #8d8d8d;} /* Dark Gray */
|
||||
.disabled {background-color: #cfcfcf; color: black;} /* Light Gray */
|
|
@ -0,0 +1,15 @@
|
|||
/*!
|
||||
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||
*/
|
||||
@font-face {
|
||||
font-family: 'Font Awesome 5 Free';
|
||||
font-style: normal;
|
||||
font-weight: 400;
|
||||
font-display: block;
|
||||
src: url("../webfonts/fa-regular-400.eot");
|
||||
src: url("../webfonts/fa-regular-400.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-regular-400.woff2") format("woff2"), url("../webfonts/fa-regular-400.woff") format("woff"), url("../webfonts/fa-regular-400.ttf") format("truetype"), url("../webfonts/fa-regular-400.svg#fontawesome") format("svg"); }
|
||||
|
||||
.far {
|
||||
font-family: 'Font Awesome 5 Free';
|
||||
font-weight: 400; }
|
|
@ -0,0 +1,5 @@
|
|||
/*!
|
||||
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||
*/
|
||||
@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-regular-400.eot);src:url(../webfonts/fa-regular-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-regular-400.woff2) format("woff2"),url(../webfonts/fa-regular-400.woff) format("woff"),url(../webfonts/fa-regular-400.ttf) format("truetype"),url(../webfonts/fa-regular-400.svg#fontawesome) format("svg")}.far{font-family:"Font Awesome 5 Free";font-weight:400}
|
|
@ -0,0 +1,10 @@
|
|||
/* Add a shadow around images in content pages. Most of our content is screenshots, and the Island's background merges with
|
||||
the documentation background. Only #body-inner so that the Logo image won't get a border around it */
|
||||
#body-inner img {
|
||||
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
|
||||
}
|
||||
|
||||
/* We don't want shadow around this image in particular */
|
||||
#body-inner img[src*="/images/monkey-teacher.svg"] {
|
||||
box-shadow: none; !important;
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
/*!
|
||||
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||
*/
|
||||
@font-face {
|
||||
font-family: 'Font Awesome 5 Free';
|
||||
font-style: normal;
|
||||
font-weight: 900;
|
||||
font-display: block;
|
||||
src: url("../webfonts/fa-solid-900.eot");
|
||||
src: url("../webfonts/fa-solid-900.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-solid-900.woff2") format("woff2"), url("../webfonts/fa-solid-900.woff") format("woff"), url("../webfonts/fa-solid-900.ttf") format("truetype"), url("../webfonts/fa-solid-900.svg#fontawesome") format("svg"); }
|
||||
|
||||
.fa,
|
||||
.fas {
|
||||
font-family: 'Font Awesome 5 Free';
|
||||
font-weight: 900; }
|
|
@ -0,0 +1,5 @@
|
|||
/*!
|
||||
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||
*/
|
||||
@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:900;font-display:block;src:url(../webfonts/fa-solid-900.eot);src:url(../webfonts/fa-solid-900.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-solid-900.woff2) format("woff2"),url(../webfonts/fa-solid-900.woff) format("woff"),url(../webfonts/fa-solid-900.ttf) format("truetype"),url(../webfonts/fa-solid-900.svg#fontawesome) format("svg")}.fa,.fas{font-family:"Font Awesome 5 Free";font-weight:900}
|
|
@ -0,0 +1,371 @@
|
|||
/*!
|
||||
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
|
||||
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
||||
*/
|
||||
svg:not(:root).svg-inline--fa {
|
||||
overflow: visible; }
|
||||
|
||||
.svg-inline--fa {
|
||||
display: inline-block;
|
||||
font-size: inherit;
|
||||
height: 1em;
|
||||
overflow: visible;
|
||||
vertical-align: -.125em; }
|
||||
.svg-inline--fa.fa-lg {
|
||||
vertical-align: -.225em; }
|
||||
.svg-inline--fa.fa-w-1 {
|
||||
width: 0.0625em; }
|
||||
.svg-inline--fa.fa-w-2 {
|
||||
width: 0.125em; }
|
||||
.svg-inline--fa.fa-w-3 {
|
||||
width: 0.1875em; }
|
||||
.svg-inline--fa.fa-w-4 {
|
||||
width: 0.25em; }
|
||||
.svg-inline--fa.fa-w-5 {
|
||||
width: 0.3125em; }
|
||||
.svg-inline--fa.fa-w-6 {
|
||||
width: 0.375em; }
|
||||
.svg-inline--fa.fa-w-7 {
|
||||
width: 0.4375em; }
|
||||
.svg-inline--fa.fa-w-8 {
|
||||
width: 0.5em; }
|
||||
.svg-inline--fa.fa-w-9 {
|
||||
width: 0.5625em; }
|
||||
.svg-inline--fa.fa-w-10 {
|
||||
width: 0.625em; }
|
||||
.svg-inline--fa.fa-w-11 {
|
||||
width: 0.6875em; }
|
||||
.svg-inline--fa.fa-w-12 {
|
||||
width: 0.75em; }
|
||||
.svg-inline--fa.fa-w-13 {
|
||||
width: 0.8125em; }
|
||||
.svg-inline--fa.fa-w-14 {
|
||||
width: 0.875em; }
|
||||
.svg-inline--fa.fa-w-15 {
|
||||
width: 0.9375em; }
|
||||
.svg-inline--fa.fa-w-16 {
|
||||
width: 1em; }
|
||||
.svg-inline--fa.fa-w-17 {
|
||||
width: 1.0625em; }
|
||||
.svg-inline--fa.fa-w-18 {
|
||||
width: 1.125em; }
|
||||
.svg-inline--fa.fa-w-19 {
|
||||
width: 1.1875em; }
|
||||
.svg-inline--fa.fa-w-20 {
|
||||
width: 1.25em; }
|
||||
.svg-inline--fa.fa-pull-left {
|
||||
margin-right: .3em;
|
||||
width: auto; }
|
||||
.svg-inline--fa.fa-pull-right {
|
||||
margin-left: .3em;
|
||||
width: auto; }
|
||||
.svg-inline--fa.fa-border {
|
||||
height: 1.5em; }
|
||||
.svg-inline--fa.fa-li {
|
||||
width: 2em; }
|
||||
.svg-inline--fa.fa-fw {
|
||||
width: 1.25em; }
|
||||
|
||||
.fa-layers svg.svg-inline--fa {
|
||||
bottom: 0;
|
||||
left: 0;
|
||||
margin: auto;
|
||||
position: absolute;
|
||||
right: 0;
|
||||
top: 0; }
|
||||
|
||||
.fa-layers {
|
||||
display: inline-block;
|
||||
height: 1em;
|
||||
position: relative;
|
||||
text-align: center;
|
||||
vertical-align: -.125em;
|
||||
width: 1em; }
|
||||
.fa-layers svg.svg-inline--fa {
|
||||
-webkit-transform-origin: center center;
|
||||
transform-origin: center center; }
|
||||
|
||||
.fa-layers-text, .fa-layers-counter {
|
||||
display: inline-block;
|
||||
position: absolute;
|
||||
text-align: center; }
|
||||
|
||||
.fa-layers-text {
|
||||
left: 50%;
|
||||
top: 50%;
|
||||
-webkit-transform: translate(-50%, -50%);
|
||||
transform: translate(-50%, -50%);
|
||||
-webkit-transform-origin: center center;
|
||||
transform-origin: center center; }
|
||||
|
||||
.fa-layers-counter {
|
||||
background-color: #ff253a;
|
||||
border-radius: 1em;
|
||||
-webkit-box-sizing: border-box;
|
||||
box-sizing: border-box;
|
||||
color: #fff;
|
||||
height: 1.5em;
|
||||
line-height: 1;
|
||||
max-width: 5em;
|
||||
min-width: 1.5em;
|
||||
overflow: hidden;
|
||||
padding: .25em;
|
||||
right: 0;
|
||||
text-overflow: ellipsis;
|
||||
top: 0;
|
||||
-webkit-transform: scale(0.25);
|
||||
transform: scale(0.25);
|
||||
-webkit-transform-origin: top right;
|
||||
transform-origin: top right; }
|
||||
|
||||
.fa-layers-bottom-right {
|
||||
bottom: 0;
|
||||
right: 0;
|
||||
top: auto;
|
||||
-webkit-transform: scale(0.25);
|
||||
transform: scale(0.25);
|
||||
-webkit-transform-origin: bottom right;
|
||||
transform-origin: bottom right; }
|
||||
|
||||
.fa-layers-bottom-left {
|
||||
bottom: 0;
|
||||
left: 0;
|
||||
right: auto;
|
||||
top: auto;
|
||||
-webkit-transform: scale(0.25);
|
||||
transform: scale(0.25);
|
||||
-webkit-transform-origin: bottom left;
|
||||
transform-origin: bottom left; }
|
||||
|
||||
.fa-layers-top-right {
|
||||
right: 0;
|
||||
top: 0;
|
||||
-webkit-transform: scale(0.25);
|
||||
transform: scale(0.25);
|
||||
-webkit-transform-origin: top right;
|
||||
transform-origin: top right; }
|
||||
|
||||
.fa-layers-top-left {
|
||||
left: 0;
|
||||
right: auto;
|
||||
top: 0;
|
||||
-webkit-transform: scale(0.25);
|
||||
transform: scale(0.25);
|
||||
-webkit-transform-origin: top left;
|
||||
transform-origin: top left; }
|
||||
|
||||
.fa-lg {
|
||||
font-size: 1.33333em;
|
||||
line-height: 0.75em;
|
||||
vertical-align: -.0667em; }
|
||||
|
||||
.fa-xs {
|
||||
font-size: .75em; }
|
||||
|
||||
.fa-sm {
|
||||
font-size: .875em; }
|
||||
|
||||
.fa-1x {
|
||||
font-size: 1em; }
|
||||
|
||||
.fa-2x {
|
||||
font-size: 2em; }
|
||||
|
||||
.fa-3x {
|
||||
font-size: 3em; }
|
||||
|
||||
.fa-4x {
|
||||
font-size: 4em; }
|
||||
|
||||
.fa-5x {
|
||||
font-size: 5em; }
|
||||
|
||||
.fa-6x {
|
||||
font-size: 6em; }
|
||||
|
||||
.fa-7x {
|
||||
font-size: 7em; }
|
||||
|
||||
.fa-8x {
|
||||
font-size: 8em; }
|
||||
|
||||
.fa-9x {
|
||||
font-size: 9em; }
|
||||
|
||||
.fa-10x {
|
||||
font-size: 10em; }
|
||||
|
||||
.fa-fw {
|
||||
text-align: center;
|
||||
width: 1.25em; }
|
||||
|
||||
.fa-ul {
|
||||
list-style-type: none;
|
||||
margin-left: 2.5em;
|
||||
padding-left: 0; }
|
||||
.fa-ul > li {
|
||||
position: relative; }
|
||||
|
||||
.fa-li {
|
||||
left: -2em;
|
||||
position: absolute;
|
||||
text-align: center;
|
||||
width: 2em;
|
||||
line-height: inherit; }
|
||||
|
||||
.fa-border {
|
||||
border: solid 0.08em #eee;
|
||||
border-radius: .1em;
|
||||
padding: .2em .25em .15em; }
|
||||
|
||||
.fa-pull-left {
|
||||
float: left; }
|
||||
|
||||
.fa-pull-right {
|
||||
float: right; }
|
||||
|
||||
.fa.fa-pull-left,
|
||||
.fas.fa-pull-left,
|
||||
.far.fa-pull-left,
|
||||
.fal.fa-pull-left,
|
||||
.fab.fa-pull-left {
|
||||
margin-right: .3em; }
|
||||
|
||||
.fa.fa-pull-right,
|
||||
.fas.fa-pull-right,
|
||||
.far.fa-pull-right,
|
||||
.fal.fa-pull-right,
|
||||
.fab.fa-pull-right {
|
||||
margin-left: .3em; }
|
||||
|
||||
.fa-spin {
|
||||
-webkit-animation: fa-spin 2s infinite linear;
|
||||
animation: fa-spin 2s infinite linear; }
|
||||
|
||||
.fa-pulse {
|
||||
-webkit-animation: fa-spin 1s infinite steps(8);
|
||||
animation: fa-spin 1s infinite steps(8); }
|
||||
|
||||
@-webkit-keyframes fa-spin {
|
||||
0% {
|
||||
-webkit-transform: rotate(0deg);
|
||||
transform: rotate(0deg); }
|
||||
100% {
|
||||
-webkit-transform: rotate(360deg);
|
||||
transform: rotate(360deg); } }
|
||||
|
||||
@keyframes fa-spin {
|
||||
0% {
|
||||
-webkit-transform: rotate(0deg);
|
||||
transform: rotate(0deg); }
|
||||
100% {
|
||||
-webkit-transform: rotate(360deg);
|
||||
transform: rotate(360deg); } }
|
||||
|
||||
.fa-rotate-90 {
|
||||
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";
|
||||
-webkit-transform: rotate(90deg);
|
||||
transform: rotate(90deg); }
|
||||
|
||||
.fa-rotate-180 {
|
||||
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";
|
||||
-webkit-transform: rotate(180deg);
|
||||
transform: rotate(180deg); }
|
||||
|
||||
.fa-rotate-270 {
|
||||
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";
|
||||
-webkit-transform: rotate(270deg);
|
||||
transform: rotate(270deg); }
|
||||
|
||||
.fa-flip-horizontal {
|
||||
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";
|
||||
-webkit-transform: scale(-1, 1);
|
||||
transform: scale(-1, 1); }
|
||||
|
||||
.fa-flip-vertical {
|
||||
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";
|
||||
-webkit-transform: scale(1, -1);
|
||||
transform: scale(1, -1); }
|
||||
|
||||
.fa-flip-both, .fa-flip-horizontal.fa-flip-vertical {
|
||||
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";
|
||||
-webkit-transform: scale(-1, -1);
|
||||
transform: scale(-1, -1); }
|
||||
|
||||
:root .fa-rotate-90,
|
||||
:root .fa-rotate-180,
|
||||
:root .fa-rotate-270,
|
||||
:root .fa-flip-horizontal,
|
||||
:root .fa-flip-vertical,
|
||||
:root .fa-flip-both {
|
||||
-webkit-filter: none;
|
||||
filter: none; }
|
||||
|
||||
.fa-stack {
|
||||
display: inline-block;
|
||||
height: 2em;
|
||||
position: relative;
|
||||
width: 2.5em; }
|
||||
|
||||
.fa-stack-1x,
|
||||
.fa-stack-2x {
|
||||
bottom: 0;
|
||||
left: 0;
|
||||
margin: auto;
|
||||
position: absolute;
|
||||
right: 0;
|
||||
top: 0; }
|
||||
|
||||
.svg-inline--fa.fa-stack-1x {
|
||||
height: 1em;
|
||||
width: 1.25em; }
|
||||
|
||||
.svg-inline--fa.fa-stack-2x {
|
||||
height: 2em;
|
||||
width: 2.5em; }
|
||||
|
||||
.fa-inverse {
|
||||
color: #fff; }
|
||||
|
||||
.sr-only {
|
||||
border: 0;
|
||||
clip: rect(0, 0, 0, 0);
|
||||
height: 1px;
|
||||
margin: -1px;
|
||||
overflow: hidden;
|
||||
padding: 0;
|
||||
position: absolute;
|
||||
width: 1px; }
|
||||
|
||||
.sr-only-focusable:active, .sr-only-focusable:focus {
|
||||
clip: auto;
|
||||
height: auto;
|
||||
margin: 0;
|
||||
overflow: visible;
|
||||
position: static;
|
||||
width: auto; }
|
||||
|
||||
.svg-inline--fa .fa-primary {
|
||||
fill: var(--fa-primary-color, currentColor);
|
||||
opacity: 1;
|
||||
opacity: var(--fa-primary-opacity, 1); }
|
||||
|
||||
.svg-inline--fa .fa-secondary {
|
||||
fill: var(--fa-secondary-color, currentColor);
|
||||
opacity: 0.4;
|
||||
opacity: var(--fa-secondary-opacity, 0.4); }
|
||||
|
||||
.svg-inline--fa.fa-swap-opacity .fa-primary {
|
||||
opacity: 0.4;
|
||||
opacity: var(--fa-secondary-opacity, 0.4); }
|
||||
|
||||
.svg-inline--fa.fa-swap-opacity .fa-secondary {
|
||||
opacity: 1;
|
||||
opacity: var(--fa-primary-opacity, 1); }
|
||||
|
||||
.svg-inline--fa mask .fa-primary,
|
||||
.svg-inline--fa mask .fa-secondary {
|
||||
fill: black; }
|
||||
|
||||
.fad.fa-inverse {
|
||||
color: #fff; }
|
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue