From d618428ff8d602d310615c3e89743d54f4672eef Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 1 Oct 2020 15:11:51 +0300 Subject: [PATCH] Improved AWS collector to only run SS on island --- .../system_info/collectors/aws_collector.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/system_info/collectors/aws_collector.py b/monkey/infection_monkey/system_info/collectors/aws_collector.py index 80fbd4f29..406c5b0ce 100644 --- a/monkey/infection_monkey/system_info/collectors/aws_collector.py +++ b/monkey/infection_monkey/system_info/collectors/aws_collector.py @@ -1,10 +1,12 @@ import logging from common.cloud.aws.aws_instance import AwsInstance +from common.cloud.scoutsuite_consts import PROVIDERS from common.common_consts.system_info_collectors_names import AWS_COLLECTOR +from infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_collector import scan_cloud_security from infection_monkey.system_info.system_info_collector import \ SystemInfoCollector -from infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_collector import CLOUD_TYPES, scan_cloud_security +from infection_monkey.config import WormConfiguration logger = logging.getLogger(__name__) @@ -18,6 +20,11 @@ class AwsCollector(SystemInfoCollector): def collect(self) -> dict: logger.info("Collecting AWS info") + if WormConfiguration.started_on_island: + logger.info("Attempting to scan AWS security with ScoutSuite.") + scan_cloud_security(cloud_type=PROVIDERS.AWS) + else: + logger.info("Didn't scan AWS security with ScoutSuite, because not on island.") aws = AwsInstance() info = {} if aws.is_instance(): @@ -26,8 +33,6 @@ class AwsCollector(SystemInfoCollector): { 'instance_id': aws.get_instance_id() } - # TODO add IF ON ISLAND check - scan_cloud_security(cloud_type=CLOUD_TYPES.AWS) else: logger.info("Machine is NOT an AWS instance")