monkey

Commit Graph

Author	SHA1	Message	Date
vakarisz	1d15288b64	Agent, Island: remove/rename system info collection infrastructure System info collectors got replaced with credential collectors. Infrastructure in the code needs to be renamed accordingly	2022-03-01 14:54:20 +02:00
vakarisz	afc98667c4	Island: remove unused "creds" properties from monkey model	2022-02-25 15:38:36 +02:00
Shreya Malviya	a599edec15	Project: Remove ELASTIC exploiter descriptor enum from Vulture's allowlist	2022-02-24 15:12:00 +05:30
Ilija Lazoroski	d8e203dd50	Project: Change readme and remove shellshock from vulture	2022-02-23 13:50:12 +01:00
Shreya Malviya	fcfa01223d	Project: Remove ProcessListCollector from Vulture allowlist	2022-02-16 17:06:17 +05:30
Ilija Lazoroski	7f6496b330	Island, UT: Remove system info AWS Collector	2022-02-14 12:00:08 +01:00
Shreya Malviya	9dc0a6ed6f	Project: Remove removed Scoutsuite constants from Vulture allowlist	2022-02-09 14:27:20 +05:30
Shreya Malviya	2c88d6053c	Project: Remove deleted constants from Vulture's allowlist	2022-02-01 16:40:06 +01:00
Ilija Lazoroski	b5c51bedc1	Island, UT: Remove Bootloader endpoint	2022-02-01 15:32:13 +01:00
Ilija Lazoroski	ff87252a24	Agent, Island: Remove MS08_67 exploiter	2022-01-31 11:11:33 +01:00
Mike Salvatore	e1cf4fa9c2	Merge branch 'release/1.13.0' into agent-refactor	2022-01-25 13:35:49 -05:00
vakarisz	a5a4957c29	Agent: small readability and style improvements	2022-01-18 15:01:47 +02:00
vakarisz	9d5ea0f41f	Island: add log4shell issue processing and reporting	2022-01-06 12:26:00 +02:00
vakarisz	c382987430	Project: vulture allow LDAPServerFactory.buildProtocol	2022-01-05 15:18:12 +02:00
Ilija Lazoroski	c129e2f4b0	Project: Remove mysqlfinger references in Vulture	2021-12-14 14:54:20 +01:00
VakarisZ	4fdd3370ca	Island, UI: implement the endpoint for stopping all monkeys, change the UI to call this endpoint and send a timestamp of button press	2021-12-08 14:48:57 +02:00
Mike Salvatore	137afa6473	Agent: Don't register new signal handler in monkey.py (for now) The signal handler is not quite ready for prime time. Issue #1595 and issue #1597 will need to be resolved before the signal handler can be fully ready. For now, don't register the signal handler.	2021-11-24 13:46:18 -05:00
Shreya Malviya	7b0f08ee54	Agent: Finish implementing MockMaster Also modified ExploitTelem and PostBreachTelem internals, and MockPuppet.	2021-11-24 13:54:46 +05:30
Ilija Lazoroski	839024f243	Island: Fix formatting in config	2021-11-23 15:20:19 +01:00
Mike Salvatore	4fc484cd8d	Agent: Add a preliminary MockPuppet implementation	2021-11-22 13:05:30 -05:00
VakarisZ	a8d6f936f1	Agent, Island: remove hostname collector	2021-11-17 11:30:12 +02:00
VakarisZ	0175199540	Island, Agent: remove environment collector	2021-11-16 17:49:38 +02:00
VakarisZ	f5c8db979f	Project: remove remaining sambacry exploiter references in performance.py config template, vulture_allowlist.py and monkey_config_standard.json unit test data file	2021-11-10 15:44:05 +02:00
Shreya Malviya	ee79ea0a9d	Project: Remove variable 'VSFTPD' from Vulture's allowlist	2021-10-29 18:15:38 +05:30
VakarisZ	8b9ddb0c4b	Removed unnecessary vulture ignores from whitelist	2021-09-28 11:04:42 +03:00
VakarisZ	e6ad125be9	Change the telemetry model to have a method for fetching the telemetries based on queries. Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models	2021-09-24 13:31:26 +03:00
VakarisZ	c7e91c5784	Add report model and a unit test for it's encryption	2021-09-21 10:39:39 +03:00
Mike Salvatore	805ef70db1	Merge pull request #1425 from guardicore/powershell_exploiter PowerShell Remoting exploiter refactor	2021-08-30 07:54:29 -04:00
Mike Salvatore	8aedc2c391	Agent: Add pyinstaller hooks for pypsrp	2021-08-25 14:44:31 -04:00
Ilija Lazoroski	5cee9443ff	Zoo: Remove GCPHandler class. Powershell-3-47 renamed to Powershell-3-46. Powershell-45 moved to different zone	2021-08-24 15:11:22 +02:00
Shreya Malviya	b6c3623e74	agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting')	2021-08-24 13:15:47 +05:30
VakarisZ	2b71fb80c7	Fixed missing powershell exploiter report components.	2021-08-24 11:40:39 +05:30
VakarisZ	9966c54fe2	Added powershell remoting exploiter.	2021-08-24 11:40:39 +05:30
VakarisZ	91ca828c72	Monkey: add launch time to the monkey collection Launch time is needed if we want to tell the user when exactly the exploit occurred/monkey got run	2021-07-26 11:28:40 +03:00
Ilija Lazoroski	81a8ccf673	Island: Return empty post status for island mode	2021-07-13 10:25:48 -04:00
Mike Salvatore	96fc33025e	Island: Redirect gevent tracebacks to file and log exceptions By default, gevent prints exceptions and tracebacks to stderr. This is obnoxious as it results in large tracebacks intermixed with the output that the logger prints to the console. This commit redirects this data to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that the user might be left without any indication these exceptions had occurred, unless they take the time to inspect the gevent_exceptions.log. Therefore, when an excepion occurs, a message with just the exception (not the traceback) is logged to WARNING. Fixes #859	2021-07-06 08:39:30 -04:00
Mike Salvatore	01b9c41c6e	Remove mock_home_env() from vulture_allowlist.py	2021-07-02 18:59:24 -04:00
Mike Salvatore	6307606010	Remove get_files_to_encrypt from Vulture's allow list	2021-06-23 07:14:57 -04:00
Shreya	5b64ea5151	agent: ransomware: Iterate through files in directory and get list of files to encrypt	2021-06-22 19:30:44 +05:30
VakarisZ	fc1f12c24d	Implemented safety check on import.	2021-06-03 17:02:12 +03:00
VakarisZ	9fcfaac781	Improved exceptions thrown in configuration decryption and unit tests.	2021-06-03 17:01:56 +03:00
Shreya	52b57a7166	Have Vulture skip tests/ instead of tests/unit_tests/	2021-06-03 11:57:44 +05:30
Shreya	b69c1c531a	Rename vulture_whitelist.py -> vultue_allowlist.py	2021-06-02 13:08:37 +05:30

43 Commits