p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #728 from guardicore/snyk-upgrade-7f12d9c688d2cf1b551e62e93453c526 

[Snyk] Upgrade @babel/polyfill from 7.8.7 to 7.10.1
This commit is contained in:
Shay Nehmad 2020-07-21 10:59:32 +03:00 committed by GitHub
parent e9b19e940a 594d3f2f97
commit f34d7d45e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 143 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
monkey/monkey_island/cc/ui/.babelrc
View File

@ -3,7 +3,8 @@
[ [
"@babel/preset-env", "@babel/preset-env",
{ {
"useBuiltIns": "entry" "useBuiltIns": "entry",
"corejs": 3
} }
], ],
"@babel/preset-react" "@babel/preset-react"

41
monkey/monkey_island/cc/ui/package-lock.json generated
View File

@ -952,15 +952,6 @@
"@babel/helper-plugin-utils": "^7.8.3" "@babel/helper-plugin-utils": "^7.8.3"
} }
}, },
"@babel/polyfill": {
"version": "7.8.7",
"resolved": "https://registry.npmjs.org/@babel/polyfill/-/polyfill-7.8.7.tgz",
"integrity": "sha512-LeSfP9bNZH2UOZgcGcZ0PIHUt1ZuHub1L3CVmEyqLxCeDLm4C5Gi8jRH8ZX2PNpDhQCo0z6y/+DIs2JlliXW8w==",
"requires": {
"core-js": "^2.6.5",
"regenerator-runtime": "^0.13.4"
}
},
"@babel/preset-env": { "@babel/preset-env": {
"version": "7.9.6", "version": "7.9.6",
"resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.9.6.tgz", "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.9.6.tgz",
@ -1071,6 +1062,13 @@
"requires": { "requires": {
"core-js": "^2.6.5", "core-js": "^2.6.5",
"regenerator-runtime": "^0.13.4" "regenerator-runtime": "^0.13.4"
},
"dependencies": {
"core-js": {
"version": "2.6.11",
"resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.11.tgz",
"integrity": "sha512-5wjnpaT/3dV+XB4borEsnAYQchn00XSgTAWKDkEqv+K8KevjbzmofK6hfJ9TZIlpj2N0xQpazy7PiRQiWHqzWg=="
}
} }
}, },
"@babel/runtime-corejs3": { "@babel/runtime-corejs3": {
@ -2896,6 +2894,11 @@
"regenerator-runtime": "^0.11.0" "regenerator-runtime": "^0.11.0"
}, },
"dependencies": { "dependencies": {
"core-js": {
"version": "2.6.11",
"resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.11.tgz",
"integrity": "sha512-5wjnpaT/3dV+XB4borEsnAYQchn00XSgTAWKDkEqv+K8KevjbzmofK6hfJ9TZIlpj2N0xQpazy7PiRQiWHqzWg=="
},
"regenerator-runtime": { "regenerator-runtime": {
"version": "0.11.1", "version": "0.11.1",
"resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz", "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz",
@ -4017,9 +4020,9 @@
} }
}, },
"core-js": { "core-js": {
"version": "2.6.11", "version": "3.6.5",
"resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.11.tgz", "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.6.5.tgz",
"integrity": "sha512-5wjnpaT/3dV+XB4borEsnAYQchn00XSgTAWKDkEqv+K8KevjbzmofK6hfJ9TZIlpj2N0xQpazy7PiRQiWHqzWg==" "integrity": "sha512-vZVEEwZoIsI+vPEuoF9Iqf5H7/M3eeQqWlQnYa8FSKKePuYTf5MWnxb5SDAzCa60b3JBRS5g9b+Dq7b1y/RCrA=="
}, },
"core-js-compat": { "core-js-compat": {
"version": "3.6.5", "version": "3.6.5",
@ -13659,6 +13662,13 @@
"react-is": "^16.8.4", "react-is": "^16.8.4",
"react-lifecycles-compat": "^3.0.4", "react-lifecycles-compat": "^3.0.4",
"shortid": "^2.2.14" "shortid": "^2.2.14"
},
"dependencies": {
"core-js": {
"version": "2.6.11",
"resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.11.tgz",
"integrity": "sha512-5wjnpaT/3dV+XB4borEsnAYQchn00XSgTAWKDkEqv+K8KevjbzmofK6hfJ9TZIlpj2N0xQpazy7PiRQiWHqzWg=="
}
} }
}, },
"react-jsonschema-form-bs4": { "react-jsonschema-form-bs4": {
@ -13678,6 +13688,13 @@
"react-is": "^16.8.4", "react-is": "^16.8.4",
"react-lifecycles-compat": "^3.0.4", "react-lifecycles-compat": "^3.0.4",
"shortid": "^2.2.14" "shortid": "^2.2.14"
},
"dependencies": {
"core-js": {
"version": "2.6.11",
"resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.11.tgz",
"integrity": "sha512-5wjnpaT/3dV+XB4borEsnAYQchn00XSgTAWKDkEqv+K8KevjbzmofK6hfJ9TZIlpj2N0xQpazy7PiRQiWHqzWg=="
}
} }
}, },
"react-lifecycles-compat": { "react-lifecycles-compat": {

3
monkey/monkey_island/cc/ui/package.json
View File

@ -59,7 +59,6 @@
"webpack-dev-server": "^3.11.0" "webpack-dev-server": "^3.11.0"
}, },
"dependencies": { "dependencies": {
"@babel/polyfill": "^7.8.0",
"@emotion/core": "^10.0.22", "@emotion/core": "^10.0.22",
"@fortawesome/fontawesome-svg-core": "^1.2.29", "@fortawesome/fontawesome-svg-core": "^1.2.29",
"@fortawesome/free-regular-svg-icons": "^5.13.1", "@fortawesome/free-regular-svg-icons": "^5.13.1",
@ -68,7 +67,7 @@
"@kunukn/react-collapse": "^1.2.7", "@kunukn/react-collapse": "^1.2.7",
"bootstrap": "^4.5.0", "bootstrap": "^4.5.0",
"classnames": "^2.2.6", "classnames": "^2.2.6",
"core-js": "^2.6.10", "core-js": "^3.6.5",
"d3": "^5.14.1", "d3": "^5.14.1",
"downloadjs": "^1.4.7", "downloadjs": "^1.4.7",
"fetch": "^1.1.0", "fetch": "^1.1.0",

2
monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
View File

@ -121,7 +121,7 @@ class ReportPageComponent extends AuthComponent {
renderNavButton = (section) => { renderNavButton = (section) => {
return ( return (
<Nav.Item> <Nav.Item key={section.key}>
<Nav.Link key={section.key} <Nav.Link key={section.key}
eventKey={section.key} eventKey={section.key}
onSelect={() => { onSelect={() => {

4
monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js
View File

@ -277,7 +277,7 @@ class RunMonkeyPageComponent extends AuthComponent {
this.state.ips.length > 1 ? this.state.ips.length > 1 ?
<Nav variant="pills" activeKey={this.state.selectedIp} onSelect={this.setSelectedIp} <Nav variant="pills" activeKey={this.state.selectedIp} onSelect={this.setSelectedIp}
style={{'marginBottom': '2em'}}> style={{'marginBottom': '2em'}}>
{this.state.ips.map(ip => <Nav.Item><Nav.Link eventKey={ip}>{ip}</Nav.Link></Nav.Item>)} {this.state.ips.map(ip => <Nav.Item key={ip}><Nav.Link eventKey={ip}>{ip}</Nav.Link></Nav.Item>)}
</Nav> </Nav>
: <div style={{'marginBottom': '2em'}}/> : <div style={{'marginBottom': '2em'}}/>
} }
@ -400,7 +400,7 @@ class RunMonkeyPageComponent extends AuthComponent {
<Col> <Col>
<Nav variant="pills" fill activeKey={this.state.selectedIp} onSelect={this.setSelectedIp} <Nav variant="pills" fill activeKey={this.state.selectedIp} onSelect={this.setSelectedIp}
className={'run-on-os-buttons'}> className={'run-on-os-buttons'}>
{this.state.ips.map(ip => <Nav.Item> {this.state.ips.map(ip => <Nav.Item key={ip}>
<Nav.Link eventKey={ip}>{ip}</Nav.Link></Nav.Item>)} <Nav.Link eventKey={ip}>{ip}</Nav.Link></Nav.Item>)}
</Nav> </Nav>
</Col> </Col>

183
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -161,25 +161,29 @@ class ReportPageComponent extends AuthComponent {
</p> </p>
<p> <p>
The monkey started propagating from the following machines where it was manually installed: The monkey started propagating from the following machines where it was manually installed:
<ul>
{this.state.report.overview.manual_monkeys.map(x => <li>{x}</li>)}
</ul>
</p> </p>
<ul>
{this.state.report.overview.manual_monkeys.map(x => <li key={x}>{x}</li>)}
</ul>
<p> <p>
The monkeys were run with the following configuration: The monkeys were run with the following configuration:
</p> </p>
{ {
this.state.report.overview.config_users.length > 0 ? this.state.report.overview.config_users.length > 0 ?
<p> <>
Usernames used for brute-forcing: <p>
Usernames used for brute-forcing:
</p>
<ul> <ul>
{this.state.report.overview.config_users.map(x => <li>{x}</li>)} {this.state.report.overview.config_users.map(x => <li key={x}>{x}</li>)}
</ul> </ul>
Passwords used for brute-forcing: <p>
Passwords used for brute-forcing:
</p>
<ul> <ul>
{this.state.report.overview.config_passwords.map(x => <li>{x.substr(0, 3) + '******'}</li>)} {this.state.report.overview.config_passwords.map(x => <li key={x}>{x.substr(0, 3) + '******'}</li>)}
</ul> </ul>
</p> </>
: :
<p> <p>
Brute forcing uses stolen credentials only. No credentials were supplied during Monkeys Brute forcing uses stolen credentials only. No credentials were supplied during Monkeys
@ -195,7 +199,7 @@ class ReportPageComponent extends AuthComponent {
<p> <p>
The Monkey uses the following exploit methods: The Monkey uses the following exploit methods:
<ul> <ul>
{this.state.report.overview.config_exploits.map(x => <li>{x}</li>)} {this.state.report.overview.config_exploits.map(x => <li key={x}>{x}</li>)}
</ul> </ul>
</p> </p>
) )
@ -209,7 +213,7 @@ class ReportPageComponent extends AuthComponent {
<p> <p>
The Monkey scans the following IPs: The Monkey scans the following IPs:
<ul> <ul>
{this.state.report.overview.config_ips.map(x => <li>{x}</li>)} {this.state.report.overview.config_ips.map(x => <li key={x}>{x}</li>)}
</ul> </ul>
</p> </p>
: :
@ -313,15 +317,15 @@ class ReportPageComponent extends AuthComponent {
The Monkey uncovered the following possible set of issues: The Monkey uncovered the following possible set of issues:
<ul> <ul>
{this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ? {this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ?
<li>Weak segmentation - Machines from different segments are able to <li key={this.Warning.CROSS_SEGMENT}>Weak segmentation - Machines from different segments are able to
communicate.</li> : null} communicate.</li> : null}
{this.state.report.overview.warnings[this.Warning.TUNNEL] ? {this.state.report.overview.warnings[this.Warning.TUNNEL] ?
<li>Weak segmentation - Machines were able to communicate over unused ports.</li> : null} <li key={this.Warning.TUNNEL}>Weak segmentation - Machines were able to communicate over unused ports.</li> : null}
{this.state.report.overview.warnings[this.Warning.SHARED_LOCAL_ADMIN] ? {this.state.report.overview.warnings[this.Warning.SHARED_LOCAL_ADMIN] ?
<li>Shared local administrator account - Different machines have the same account as a local <li key={this.Warning.SHARED_LOCAL_ADMIN}>Shared local administrator account - Different machines have the same account as a local
administrator.</li> : null} administrator.</li> : null}
{this.state.report.overview.warnings[this.Warning.SHARED_PASSWORDS] ? {this.state.report.overview.warnings[this.Warning.SHARED_PASSWORDS] ?
<li>Multiple users have the same password</li> : null} <li key={this.Warning.SHARED_PASSWORDS}>Multiple users have the same password</li> : null}
</ul> </ul>
</div> </div>
: :
@ -443,21 +447,22 @@ class ReportPageComponent extends AuthComponent {
} }
generateInfoBadges(data_array) { generateInfoBadges(data_array) {
return data_array.map(badge_data => <span className="badge badge-info" style={{margin: '2px'}}>{badge_data}</span>); return data_array.map(badge_data => <span key={badge_data} className="badge badge-info" style={{margin: '2px'}}>{badge_data}</span>);
} }
generateCrossSegmentIssue(crossSegmentIssue) { generateCrossSegmentIssue(crossSegmentIssue) {
return <li> let crossSegmentIssueOverview = 'Communication possible from ' + crossSegmentIssue['source_subnet'] + ' to ' + crossSegmentIssue['target_subnet']
{'Communication possible from ' + crossSegmentIssue['source_subnet'] + ' to ' + crossSegmentIssue['target_subnet']} return <li key={crossSegmentIssueOverview}>
{crossSegmentIssueOverview}
<CollapsibleWellComponent> <CollapsibleWellComponent>
<ul> <ul>
{crossSegmentIssue['issues'].map(x => {crossSegmentIssue['issues'].map(x =>
x['is_self'] ? x['is_self'] ?
<li> <li key={x['hostname']}>
{'Machine ' + x['hostname'] + ' has both ips: ' + x['source'] + ' and ' + x['target']} {'Machine ' + x['hostname'] + ' has both ips: ' + x['source'] + ' and ' + x['target']}
</li> </li>
: :
<li> <li key={x['source'] + x['target']}>
{'IP ' + x['source'] + ' (' + x['hostname'] + ') connected to IP ' + x['target'] {'IP ' + x['source'] + ' (' + x['hostname'] + ') connected to IP ' + x['target']
+ ' using the services: ' + Object.keys(x['services']).join(', ')} + ' using the services: ' + Object.keys(x['services']).join(', ')}
</li> </li>
@ -473,7 +478,7 @@ class ReportPageComponent extends AuthComponent {
generateSmbPasswordIssue(issue) { generateSmbPasswordIssue(issue) {
return ( return (
<li> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -484,13 +489,13 @@ class ReportPageComponent extends AuthComponent {
The Monkey authenticated over the SMB protocol with user <span The Monkey authenticated over the SMB protocol with user <span
className="badge badge-success">{issue.username}</span> and its password. className="badge badge-success">{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateSmbPthIssue(issue) { generateSmbPthIssue(issue) {
return ( return (
<li> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -501,13 +506,13 @@ class ReportPageComponent extends AuthComponent {
The Monkey used a pass-the-hash attack over SMB protocol with user <span The Monkey used a pass-the-hash attack over SMB protocol with user <span
className="badge badge-success">{issue.username}</span>. className="badge badge-success">{issue.username}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateWmiPasswordIssue(issue) { generateWmiPasswordIssue(issue) {
return ( return (
<li> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -518,13 +523,13 @@ class ReportPageComponent extends AuthComponent {
The Monkey authenticated over the WMI protocol with user <span The Monkey authenticated over the WMI protocol with user <span
className="badge badge-success">{issue.username}</span> and its password. className="badge badge-success">{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateWmiPthIssue(issue) { generateWmiPthIssue(issue) {
return ( return (
<li> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -535,13 +540,13 @@ class ReportPageComponent extends AuthComponent {
The Monkey used a pass-the-hash attack over WMI protocol with user <span The Monkey used a pass-the-hash attack over WMI protocol with user <span
className="badge badge-success">{issue.username}</span>. className="badge badge-success">{issue.username}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateSshIssue(issue) { generateSshIssue(issue) {
return ( return (
<li> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -552,13 +557,13 @@ class ReportPageComponent extends AuthComponent {
The Monkey authenticated over the SSH protocol with user <span The Monkey authenticated over the SSH protocol with user <span
className="badge badge-success">{issue.username}</span> and its password. className="badge badge-success">{issue.username}</span> and its password.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateSshKeysIssue(issue) { generateSshKeysIssue(issue) {
return ( return (
<li> <>
Protect <span className="badge badge-success">{issue.ssh_key}</span> private key with a pass phrase. Protect <span className="badge badge-success">{issue.ssh_key}</span> private key with a pass phrase.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className="badge badge-primary">{issue.machine}</span> (<span
@ -568,14 +573,14 @@ class ReportPageComponent extends AuthComponent {
The Monkey authenticated over the SSH protocol with private key <span The Monkey authenticated over the SSH protocol with private key <span
className="badge badge-success">{issue.ssh_key}</span>. className="badge badge-success">{issue.ssh_key}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateSambaCryIssue(issue) { generateSambaCryIssue(issue) {
return ( return (
<li> <>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
that is not shared with other computers on the network. that is not shared with other computers on the network.
<br/> <br/>
@ -589,13 +594,13 @@ class ReportPageComponent extends AuthComponent {
className="badge badge-success">{issue.username}</span> and its password, and used the SambaCry className="badge badge-success">{issue.username}</span> and its password, and used the SambaCry
vulnerability. vulnerability.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateVsftpdBackdoorIssue(issue) { generateVsftpdBackdoorIssue(issue) {
return ( return (
<li> <>
Update your VSFTPD server to the latest version vsftpd-3.0.3. Update your VSFTPD server to the latest version vsftpd-3.0.3.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className="badge badge-primary">{issue.machine}</span> (<span
@ -614,13 +619,13 @@ class ReportPageComponent extends AuthComponent {
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523"
>here</a>. >here</a>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateElasticIssue(issue) { generateElasticIssue(issue) {
return ( return (
<li> <>
Update your Elastic Search server to version 1.4.3 and up. Update your Elastic Search server to version 1.4.3 and up.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className="badge badge-primary">{issue.machine}</span> (<span
@ -629,13 +634,13 @@ class ReportPageComponent extends AuthComponent {
<br/> <br/>
The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427. The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateShellshockIssue(issue) { generateShellshockIssue(issue) {
return ( return (
<li> <>
Update your Bash to a ShellShock-patched version. Update your Bash to a ShellShock-patched version.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className="badge badge-primary">{issue.machine}</span> (<span
@ -646,13 +651,13 @@ class ReportPageComponent extends AuthComponent {
className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the
paths: {this.generateShellshockPathListBadges(issue.paths)}. paths: {this.generateShellshockPathListBadges(issue.paths)}.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateAzureIssue(issue) { generateAzureIssue(issue) {
return ( return (
<li> <>
Delete VM Access plugin configuration files. Delete VM Access plugin configuration files.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Credentials could be stolen from <span Credentials could be stolen from <span
@ -661,13 +666,13 @@ class ReportPageComponent extends AuthComponent {
href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/" href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/"
>here</a>. >here</a>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateConfickerIssue(issue) { generateConfickerIssue(issue) {
return ( return (
<li> <>
Install the latest Windows updates or upgrade to a newer operating system. Install the latest Windows updates or upgrade to a newer operating system.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className="badge badge-primary">{issue.machine}</span> (<span
@ -677,13 +682,13 @@ class ReportPageComponent extends AuthComponent {
The attack was made possible because the target machine used an outdated and unpatched operating system The attack was made possible because the target machine used an outdated and unpatched operating system
vulnerable to Conficker. vulnerable to Conficker.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateIslandCrossSegmentIssue(issue) { generateIslandCrossSegmentIssue(issue) {
return ( return (
<li> <>
Segment your network and make sure there is no communication between machines from different segments. Segment your network and make sure there is no communication between machines from different segments.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The network can probably be segmented. A monkey instance on <span The network can probably be segmented. A monkey instance on <span
@ -692,37 +697,37 @@ class ReportPageComponent extends AuthComponent {
could directly access the Monkey Island server in the could directly access the Monkey Island server in the
networks {this.generateInfoBadges(issue.server_networks)}. networks {this.generateInfoBadges(issue.server_networks)}.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateSharedCredsDomainIssue(issue) { generateSharedCredsDomainIssue(issue) {
return ( return (
<li> <>
Some domain users are sharing passwords, this should be fixed by changing passwords. Some domain users are sharing passwords, this should be fixed by changing passwords.
<CollapsibleWellComponent> <CollapsibleWellComponent>
These users are sharing access password: These users are sharing access password:
{this.generateInfoBadges(issue.shared_with)}. {this.generateInfoBadges(issue.shared_with)}.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateSharedCredsIssue(issue) { generateSharedCredsIssue(issue) {
return ( return (
<li> <>
Some users are sharing passwords, this should be fixed by changing passwords. Some users are sharing passwords, this should be fixed by changing passwords.
<CollapsibleWellComponent> <CollapsibleWellComponent>
These users are sharing access password: These users are sharing access password:
{this.generateInfoBadges(issue.shared_with)}. {this.generateInfoBadges(issue.shared_with)}.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateSharedLocalAdminsIssue(issue) { generateSharedLocalAdminsIssue(issue) {
return ( return (
<li> <>
Make sure the right administrator accounts are managing the right machines, and that there isnt an unintentional local Make sure the right administrator accounts are managing the right machines, and that there isnt an unintentional local
admin sharing. admin sharing.
<CollapsibleWellComponent> <CollapsibleWellComponent>
@ -730,13 +735,13 @@ class ReportPageComponent extends AuthComponent {
className="badge badge-primary">{issue.username}</span> is defined as an administrator: className="badge badge-primary">{issue.username}</span> is defined as an administrator:
{this.generateInfoBadges(issue.shared_machines)} {this.generateInfoBadges(issue.shared_machines)}
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateStrongUsersOnCritIssue(issue) { generateStrongUsersOnCritIssue(issue) {
return ( return (
<li> <>
This critical machine is open to attacks via strong users with access to it. This critical machine is open to attacks via strong users with access to it.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The services: {this.generateInfoBadges(issue.services)} have been found on the machine The services: {this.generateInfoBadges(issue.services)} have been found on the machine
@ -744,26 +749,26 @@ class ReportPageComponent extends AuthComponent {
These users has access to it: These users has access to it:
{this.generateInfoBadges(issue.threatening_users)}. {this.generateInfoBadges(issue.threatening_users)}.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateTunnelIssue(issue) { generateTunnelIssue(issue) {
return ( return (
<li> <>
Use micro-segmentation policies to disable communication other than the required. Use micro-segmentation policies to disable communication other than the required.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Machines are not locked down at port level. Network tunnel was set up from <span Machines are not locked down at port level. Network tunnel was set up from <span
className="badge badge-primary">{issue.machine}</span> to <span className="badge badge-primary">{issue.machine}</span> to <span
className="badge badge-primary">{issue.dest}</span>. className="badge badge-primary">{issue.dest}</span>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateStruts2Issue(issue) { generateStruts2Issue(issue) {
return ( return (
<li> <>
Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions. Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Struts2 server at <span className="badge badge-primary">{issue.machine}</span> (<span Struts2 server at <span className="badge badge-primary">{issue.machine}</span> (<span
@ -775,13 +780,13 @@ class ReportPageComponent extends AuthComponent {
href="https://cwiki.apache.org/confluence/display/WW/S2-045" href="https://cwiki.apache.org/confluence/display/WW/S2-045"
>here</a>. >here</a>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateWebLogicIssue(issue) { generateWebLogicIssue(issue) {
return ( return (
<li> <>
Update Oracle WebLogic server to the latest supported version. Update Oracle WebLogic server to the latest supported version.
<CollapsibleWellComponent> <CollapsibleWellComponent>
Oracle WebLogic server at <span className="badge badge-primary">{issue.machine}</span> (<span Oracle WebLogic server at <span className="badge badge-primary">{issue.machine}</span> (<span
@ -792,13 +797,13 @@ class ReportPageComponent extends AuthComponent {
<a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271'}> CVE-2017-10271</a> or <a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271'}> CVE-2017-10271</a> or
<a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2725'}> CVE-2019-2725</a> <a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2725'}> CVE-2019-2725</a>
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateHadoopIssue(issue) { generateHadoopIssue(issue) {
return ( return (
<li> <>
Run Hadoop in secure mode (<a Run Hadoop in secure mode (<a
href="http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html"> href="http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html">
add Kerberos authentication</a>). add Kerberos authentication</a>).
@ -809,13 +814,13 @@ class ReportPageComponent extends AuthComponent {
<br/> <br/>
The attack was made possible due to default Hadoop/Yarn configuration being insecure. The attack was made possible due to default Hadoop/Yarn configuration being insecure.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateMSSQLIssue(issue) { generateMSSQLIssue(issue) {
return ( return (
<li> <>
Disable the xp_cmdshell option. Disable the xp_cmdshell option.
<CollapsibleWellComponent> <CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span The machine <span className="badge badge-primary">{issue.machine}</span> (<span
@ -827,88 +832,88 @@ class ReportPageComponent extends AuthComponent {
href="https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017"> href="https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017">
Microsoft's documentation. </a> Microsoft's documentation. </a>
</CollapsibleWellComponent> </CollapsibleWellComponent>
</li> </>
); );
} }
generateIssue = (issue) => { generateIssue = (issue) => {
let data; let issueData;
switch (issue.type) { switch (issue.type) {
case 'vsftp': case 'vsftp':
data = this.generateVsftpdBackdoorIssue(issue); issueData = this.generateVsftpdBackdoorIssue(issue);
break; break;
case 'smb_password': case 'smb_password':
data = this.generateSmbPasswordIssue(issue); issueData = this.generateSmbPasswordIssue(issue);
break; break;
case 'smb_pth': case 'smb_pth':
data = this.generateSmbPthIssue(issue); issueData = this.generateSmbPthIssue(issue);
break; break;
case 'wmi_password': case 'wmi_password':
data = this.generateWmiPasswordIssue(issue); issueData = this.generateWmiPasswordIssue(issue);
break; break;
case 'wmi_pth': case 'wmi_pth':
data = this.generateWmiPthIssue(issue); issueData = this.generateWmiPthIssue(issue);
break; break;
case 'ssh': case 'ssh':
data = this.generateSshIssue(issue); issueData = this.generateSshIssue(issue);
break; break;
case 'ssh_key': case 'ssh_key':
data = this.generateSshKeysIssue(issue); issueData = this.generateSshKeysIssue(issue);
break; break;
case 'sambacry': case 'sambacry':
data = this.generateSambaCryIssue(issue); issueData = this.generateSambaCryIssue(issue);
break; break;
case 'elastic': case 'elastic':
data = this.generateElasticIssue(issue); issueData = this.generateElasticIssue(issue);
break; break;
case 'shellshock': case 'shellshock':
data = this.generateShellshockIssue(issue); issueData = this.generateShellshockIssue(issue);
break; break;
case 'conficker': case 'conficker':
data = this.generateConfickerIssue(issue); issueData = this.generateConfickerIssue(issue);
break; break;
case 'island_cross_segment': case 'island_cross_segment':
data = this.generateIslandCrossSegmentIssue(issue); issueData = this.generateIslandCrossSegmentIssue(issue);
break; break;
case 'shared_passwords': case 'shared_passwords':
data = this.generateSharedCredsIssue(issue); issueData = this.generateSharedCredsIssue(issue);
break; break;
case 'shared_passwords_domain': case 'shared_passwords_domain':
data = this.generateSharedCredsDomainIssue(issue); issueData = this.generateSharedCredsDomainIssue(issue);
break; break;
case 'shared_admins_domain': case 'shared_admins_domain':
data = this.generateSharedLocalAdminsIssue(issue); issueData = this.generateSharedLocalAdminsIssue(issue);
break; break;
case 'strong_users_on_crit': case 'strong_users_on_crit':
data = this.generateStrongUsersOnCritIssue(issue); issueData = this.generateStrongUsersOnCritIssue(issue);
break; break;
case 'tunnel': case 'tunnel':
data = this.generateTunnelIssue(issue); issueData = this.generateTunnelIssue(issue);
break; break;
case 'azure_password': case 'azure_password':
data = this.generateAzureIssue(issue); issueData = this.generateAzureIssue(issue);
break; break;
case 'struts2': case 'struts2':
data = this.generateStruts2Issue(issue); issueData = this.generateStruts2Issue(issue);
break; break;
case 'weblogic': case 'weblogic':
data = this.generateWebLogicIssue(issue); issueData = this.generateWebLogicIssue(issue);
break; break;
case 'hadoop': case 'hadoop':
data = this.generateHadoopIssue(issue); issueData = this.generateHadoopIssue(issue);
break; break;
case 'mssql': case 'mssql':
data = this.generateMSSQLIssue(issue); issueData = this.generateMSSQLIssue(issue);
break; break;
} }
return data; return <li key={JSON.stringify(issue)}>{issueData}</li>;
}; };
generateIssues = (issues) => { generateIssues = (issues) => {
let issuesDivArray = []; let issuesDivArray = [];
for (let machine of Object.keys(issues)) { for (let machine of Object.keys(issues)) {
issuesDivArray.push( issuesDivArray.push(
<li> <li key={JSON.stringify(machine)}>
<h4><b>{machine}</b></h4> <h4><b>{machine}</b></h4>
<ol> <ol>
{issues[machine].map(this.generateIssue)} {issues[machine].map(this.generateIssue)}

8
monkey/monkey_island/cc/ui/src/components/report-components/common/RenderArrays.js Normal file
View File

@ -0,0 +1,8 @@
import React from "react";
export let renderArray = function (val) {
return <>{val.map(x => <div key={x}>{x}</div>)}</>;
};
export let renderIpAddresses = function (val) {
return <div>{renderArray(val.ip_addresses)} {(val.domain_name ? ' ('.concat(val.domain_name, ')') : '')} </div>;
};

8
monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js
View File

@ -1,14 +1,8 @@
import React from 'react'; import React from 'react';
import ReactTable from 'react-table'; import ReactTable from 'react-table';
import Pluralize from 'pluralize'; import Pluralize from 'pluralize';
import {renderArray, renderIpAddresses} from "../common/RenderArrays";
let renderArray = function (val) {
return <div>{val.map(x => <div>{x}</div>)}</div>;
};
let renderIpAddresses = function (val) {
return <div>{renderArray(val.ip_addresses)} {(val.domain_name ? ' ('.concat(val.domain_name, ')') : '')} </div>;
};
const columns = [ const columns = [
{ {

9
monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js
View File

@ -1,14 +1,7 @@
import React from 'react'; import React from 'react';
import ReactTable from 'react-table'; import ReactTable from 'react-table';
import Pluralize from 'pluralize'; import Pluralize from 'pluralize';
import {renderIpAddresses} from "../common/RenderArrays";
let renderArray = function (val) {
return <span>{val.map(x => <span key={x}> {x}</span>)}</span>;
};
let renderIpAddresses = function (val) {
return <span> {renderArray(val.ip_addresses)} {(val.domain_name ? ' ('.concat(val.domain_name, ')') : '')} </span>;
};
let renderMachine = function (data) { let renderMachine = function (data) {
return <div>{data.label} ( {renderIpAddresses(data)} )</div> return <div>{data.label} ( {renderIpAddresses(data)} )</div>

8
monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js
View File

@ -1,14 +1,8 @@
import React from 'react'; import React from 'react';
import ReactTable from 'react-table'; import ReactTable from 'react-table';
import Pluralize from 'pluralize'; import Pluralize from 'pluralize';
import {renderArray, renderIpAddresses} from "../common/RenderArrays";
let renderArray = function (val) {
return <div>{val.map(x => <div>{x}</div>)}</div>;
};
let renderIpAddresses = function (val) {
return <div>{renderArray(val.ip_addresses)} {(val.domain_name ? ' ('.concat(val.domain_name, ')') : '')} </div>;
};
const columns = [ const columns = [
{ {

5
monkey/monkey_island/cc/ui/src/components/report-components/security/StrongUsers.js
View File

@ -1,10 +1,7 @@
import React from 'react'; import React from 'react';
import ReactTable from 'react-table' import ReactTable from 'react-table'
import {renderArray} from "../common/RenderArrays";
let renderArray = function (val) {
console.log(val);
return <div>{val.map(x => <div>{x}</div>)}</div>;
};
const columns = [ const columns = [
{ {

3
monkey/monkey_island/cc/ui/src/index.js
View File

@ -1,4 +1,5 @@
import '@babel/polyfill'; import 'core-js/stable';
import 'regenerator-runtime/runtime';
import 'core-js/fn/object/assign'; import 'core-js/fn/object/assign';
import React from 'react'; import React from 'react';
import ReactDOM from 'react-dom'; import ReactDOM from 'react-dom';