Itay Mizeretz
943ac023c6
Add warning in readme
2017-08-13 17:51:45 +03:00
Itay Mizeretz
a23317ecdf
Fix deb package requirement
2017-08-13 17:13:39 +03:00
Daniel Goldberg
3ef24281a7
Merge pull request #38 from Fak3/f26
...
Don't crash when receiving unknown configuration variables
2016-10-08 08:33:33 -06:00
Evstifeev Roman
f1dca7fa86
Don't crash when receiving unknown configuration variables
...
Instead of crashing if the monkey deserializes an unknown configuration
variable, send an error message to the current monkey server and keep on
working.
Add utnittests.
fixes #26
2016-09-27 23:56:26 +03:00
Daniel Goldberg
de6939aea0
Merge pull request #37 from Fak3/master
...
update new config when json changed. fixes #25
2016-09-22 17:30:08 +03:00
Evstifeev Roman
569a9b083e
update config when json changed. fixes #25
2016-09-22 16:59:57 +03:00
Daniel Goldberg
aced96819b
Reverted again the dup requests library
2016-09-21 15:42:26 +03:00
daniel goldberg
ab7f731ed5
Removed reliance on grequests. Complicates other code and no real performance improvement in a LAN enviornment.
2016-09-21 14:55:13 +03:00
daniel goldberg
9ab5b178df
Merge remote-tracking branch 'origin/master'
2016-09-21 12:32:12 +03:00
daniel goldberg
3549bb351e
Issue #35 - Added option for blocked IPs.
2016-09-21 11:35:41 +03:00
Daniel Goldberg
224099a85c
Merge pull request #36 from Fak3/patch-1
...
requirements.txt - remove duplicate (requests)
2016-09-20 19:09:35 +03:00
Evstifeev Roman
2066c19190
requirements.txt - remove duplicate (requests)
2016-09-20 19:35:23 +04:00
itsikkes
155a03efad
Small hack to support fast-user switching when RDPing to already loggen-in host
...
Although it doesn't always happen, because there is no easy wasy to know
- trying to press YES on the dialog box (if any) can help the login
process
2016-09-19 22:27:17 +03:00
daniel goldberg
084cee78fd
Merge remote-tracking branch 'origin/master'
2016-09-14 14:19:13 +03:00
Daniel Goldberg
d1f218daad
Don't dup pip list
2016-09-13 14:07:48 +03:00
itsikkes
b3322b2541
improved local interface selection when exploiting
2016-09-08 12:30:40 +03:00
daniel goldberg
6fcf8b2f15
Merge remote-tracking branch 'origin/master'
2016-09-08 10:21:47 +03:00
daniel goldberg
24792aec61
Remove commented build step.
2016-09-08 08:56:11 +03:00
danielguardicore
d2203b2220
Removed legacy ChaosMonkey from SMB execution.
2016-09-07 19:10:30 +03:00
danielguardicore
9f27825789
Changed tcp scanning to be a bit more random. Might confuse really basic defenses.
2016-09-07 19:01:19 +03:00
danielguardicore
ce3eaa9b2e
Fixed grequsts/gevents monkey patching of socket code, which lead to paramiko being unable to function after a shellshock scan.
2016-09-07 10:16:17 +03:00
itsikkes
39eaca300f
RDP: change VBS object to reduce requirements + process is more verbose
2016-09-06 11:05:15 +03:00
itsikkes
9b21215025
added tornado
2016-09-06 10:45:32 +03:00
itsikkes
e18a19abcc
Switched to tornado as webserver, same as in the island
2016-09-06 10:45:32 +03:00
daniel goldberg
6e76162b8f
Added str representation of hosts.
2016-09-05 21:10:17 +03:00
daniel goldberg
397c4f82ca
Merge remote-tracking branch 'origin/master'
2016-09-05 18:49:10 +03:00
daniel goldberg
32c326bd7b
PEP8 in diff files
...
Add concept of non default timeout for copying SMB files. This is by default 5 minutes.
Changed behavior of SMB exploiter if file already exists, we don't assume exploitation is useless and try again. Worse case is we run the monkey after it finished running.
Changed behavior if managed to connect to machine to IPC$ over some dialect. If Success, we don't try again.
2016-09-05 17:45:27 +03:00
Daniel Goldberg
78cafb8d58
Set minimum Python version for Windows version.
...
This should fix #34
2016-09-05 16:13:55 +03:00
daniel goldberg
5ae67840a6
No manifest files, everything compiled in onefile
2016-09-04 14:33:02 +03:00
daniel goldberg
442cc827c0
Merge remote-tracking branch 'origin/master'
2016-09-04 14:30:56 +03:00
daniel goldberg
fc19da7427
Added grequests to hidden imports.
...
Fixed dict lookup in monkeyfs
2016-09-04 13:45:49 +03:00
Daniel Goldberg
ffb0baaa31
Typo
2016-09-01 13:58:44 +03:00
daniel goldberg
12ff0c5677
Reverted bug in config, added 'user' to default bruteforce.
2016-08-30 11:04:44 +03:00
daniel goldberg
6a51e926f8
Fixed random IP
2016-08-29 19:14:37 +03:00
daniel goldberg
bbc5cfb24c
Add log
2016-08-29 18:58:16 +03:00
daniel goldberg
1a4a08e3bd
Add HTTPFinger to conf file and PEP8 fix
2016-08-29 18:58:16 +03:00
daniel goldberg
91427eb346
Tiny PEP8 change and changed reporting of vulnerable URLs in shellshock
2016-08-29 18:58:16 +03:00
daniel goldberg
30cb88f01d
Update conf to use shellshock as well
2016-08-29 18:58:16 +03:00
Daniel Goldberg
835c861219
Add ShellShockExploiter to default config
2016-08-29 18:58:16 +03:00
daniel goldberg
d80c670392
Fixed bug in HTTPFingering
...
Added support for skip_exploit_if_file_exists in linux exploiters.
Delayed/fixed a race in the monkey patching that gevents does.
2016-08-29 18:58:16 +03:00
daniel goldberg
cd27438a1e
PEP 8 changes
2016-08-29 18:58:15 +03:00
daniel goldberg
1806f9bc62
Issue #33 - Added support for skip_exploit_if_file_exist in linux
2016-08-29 13:34:21 +03:00
daniel goldberg
f78fe6c4f4
Updated configuration documentation and reordered fields
2016-08-29 13:27:26 +03:00
daniel goldberg
dbdadce16c
Added grequests and shellshock to documentation.
2016-08-29 13:16:57 +03:00
daniel goldberg
a322a619cb
Issue 23 - Added shellshock exploit.
2016-08-29 12:09:46 +03:00
daniel goldberg
bdde8dfeed
Added func to find route to victim, reorganised firewall
2016-08-29 12:08:42 +03:00
daniel goldberg
3b39ee4308
Added more logging to HTTP server
2016-08-29 12:05:24 +03:00
daniel goldberg
57525b6450
Moved to using HEAD to save code
2016-08-25 16:32:16 +03:00
daniel goldberg
dd8738a4f1
Fixed collision where HTTP auto upgraded to HTTPS
2016-08-25 16:27:29 +03:00
daniel goldberg
bee9fc23ea
BugFix
2016-08-25 15:46:29 +03:00