2019-10-01 15:42:51 +08:00
|
|
|
import logging
|
2020-07-15 23:46:04 +08:00
|
|
|
import os
|
|
|
|
|
from time import sleep
|
2019-10-01 15:42:51 +08:00
|
|
|
|
2019-08-29 20:14:07 +08:00
|
|
|
import pytest
|
2021-03-02 21:01:56 +08:00
|
|
|
from typing_extensions import Type
|
|
|
|
|
|
2021-04-06 21:19:27 +08:00
|
|
|
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import CommunicationAnalyzer
|
2021-03-08 19:58:11 +08:00
|
|
|
from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZerologonAnalyzer
|
2021-03-08 21:41:22 +08:00
|
|
|
from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.drupal import Drupal
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.elastic import Elastic
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.hadoop import Hadoop
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.mssql import Mssql
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.performance import Performance
|
2021-09-27 23:12:28 +08:00
|
|
|
from envs.monkey_zoo.blackbox.config_templates.powershell import PowerShell
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.powershell_cached_credentials import (
|
|
|
|
|
PowerShellCachedCredentials,
|
|
|
|
|
)
|
2021-03-08 21:41:22 +08:00
|
|
|
from envs.monkey_zoo.blackbox.config_templates.shellshock import ShellShock
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.wmi_pth import WmiPth
|
|
|
|
|
from envs.monkey_zoo.blackbox.config_templates.zerologon import Zerologon
|
2021-08-02 19:09:37 +08:00
|
|
|
from envs.monkey_zoo.blackbox.gcp_test_machine_list import GCP_TEST_MACHINE_LIST
|
2021-04-07 05:55:44 +08:00
|
|
|
from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser
|
|
|
|
|
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
|
2021-04-06 21:19:27 +08:00
|
|
|
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHandler
|
2020-04-24 18:19:07 +08:00
|
|
|
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
2021-04-06 21:19:27 +08:00
|
|
|
from envs.monkey_zoo.blackbox.tests.performance.map_generation import MapGenerationTest
|
|
|
|
|
from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import (
|
|
|
|
|
MapGenerationFromTelemetryTest,
|
|
|
|
|
)
|
|
|
|
|
from envs.monkey_zoo.blackbox.tests.performance.report_generation import ReportGenerationTest
|
|
|
|
|
from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import (
|
|
|
|
|
ReportGenerationFromTelemetryTest,
|
|
|
|
|
)
|
|
|
|
|
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import (
|
|
|
|
|
TelemetryPerformanceTest,
|
|
|
|
|
)
|
2021-08-24 21:11:22 +08:00
|
|
|
from envs.monkey_zoo.blackbox.utils.gcp_machine_handlers import (
|
|
|
|
|
initialize_gcp_client,
|
|
|
|
|
start_machines,
|
|
|
|
|
stop_machines,
|
|
|
|
|
)
|
2021-07-30 21:54:15 +08:00
|
|
|
from monkey_island.cc.services.mode.mode_enum import IslandModeEnum
|
2019-08-27 20:52:39 +08:00
|
|
|
|
2021-04-06 21:19:27 +08:00
|
|
|
DEFAULT_TIMEOUT_SECONDS = 5 * 60
|
2019-09-13 21:12:58 +08:00
|
|
|
MACHINE_BOOTUP_WAIT_SECONDS = 30
|
2019-10-01 15:42:51 +08:00
|
|
|
LOG_DIR_PATH = "./logs"
|
2021-03-05 16:46:07 +08:00
|
|
|
logging.basicConfig(level=logging.INFO)
|
2019-10-01 21:11:53 +08:00
|
|
|
LOGGER = logging.getLogger(__name__)
|
2021-09-27 19:08:52 +08:00
|
|
|
WINDOWS = "windows"
|
2019-08-29 19:57:04 +08:00
|
|
|
|
2019-09-07 01:59:11 +08:00
|
|
|
|
2021-04-06 21:19:27 +08:00
|
|
|
@pytest.fixture(autouse=True, scope="session")
|
2020-05-13 15:44:04 +08:00
|
|
|
def GCPHandler(request, no_gcp):
|
|
|
|
|
if not no_gcp:
|
2021-05-11 15:44:02 +08:00
|
|
|
try:
|
2021-08-24 21:11:22 +08:00
|
|
|
initialize_gcp_client()
|
|
|
|
|
start_machines(GCP_TEST_MACHINE_LIST)
|
2021-05-11 15:44:02 +08:00
|
|
|
except Exception as e:
|
|
|
|
|
LOGGER.error("GCP Handler failed to initialize: %s." % e)
|
|
|
|
|
pytest.exit("Encountered an error while starting GCP machines. Stopping the tests.")
|
2020-05-13 15:44:04 +08:00
|
|
|
wait_machine_bootup()
|
2019-09-07 01:59:11 +08:00
|
|
|
|
2020-05-13 15:44:04 +08:00
|
|
|
def fin():
|
2021-08-24 21:11:22 +08:00
|
|
|
stop_machines(GCP_TEST_MACHINE_LIST)
|
2019-09-07 01:59:11 +08:00
|
|
|
|
2020-05-13 15:44:04 +08:00
|
|
|
request.addfinalizer(fin)
|
2019-09-07 01:59:11 +08:00
|
|
|
|
|
|
|
|
|
2021-04-06 21:19:27 +08:00
|
|
|
@pytest.fixture(autouse=True, scope="session")
|
2019-09-13 21:12:58 +08:00
|
|
|
def delete_logs():
|
2019-10-01 21:11:53 +08:00
|
|
|
LOGGER.info("Deleting monkey logs before new tests.")
|
2019-10-01 15:42:51 +08:00
|
|
|
TestLogsHandler.delete_log_folder_contents(TestMonkeyBlackbox.get_log_dir_path())
|
2019-09-13 21:12:58 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def wait_machine_bootup():
|
|
|
|
|
sleep(MACHINE_BOOTUP_WAIT_SECONDS)
|
|
|
|
|
|
|
|
|
|
|
2021-04-06 21:19:27 +08:00
|
|
|
@pytest.fixture(scope="class")
|
2020-05-13 15:44:04 +08:00
|
|
|
def island_client(island, quick_performance_tests):
|
2021-05-20 13:44:12 +08:00
|
|
|
client_established = False
|
|
|
|
|
try:
|
|
|
|
|
island_client_object = MonkeyIslandClient(island)
|
|
|
|
|
client_established = island_client_object.get_api_status()
|
|
|
|
|
except Exception:
|
2021-05-21 13:41:28 +08:00
|
|
|
logging.exception("Got an exception while trying to establish connection to the Island.")
|
2021-05-20 13:44:12 +08:00
|
|
|
finally:
|
|
|
|
|
if not client_established:
|
|
|
|
|
pytest.exit("BB tests couldn't establish communication to the island.")
|
2020-05-13 15:44:04 +08:00
|
|
|
if not quick_performance_tests:
|
|
|
|
|
island_client_object.reset_env()
|
2021-07-30 21:54:15 +08:00
|
|
|
island_client_object.set_scenario(IslandModeEnum.ADVANCED.value)
|
2019-09-11 17:39:28 +08:00
|
|
|
yield island_client_object
|
2019-09-07 01:59:11 +08:00
|
|
|
|
|
|
|
|
|
2021-04-06 21:19:27 +08:00
|
|
|
@pytest.mark.usefixtures("island_client")
|
2019-09-11 17:39:28 +08:00
|
|
|
# noinspection PyUnresolvedReferences
|
2021-03-02 21:01:56 +08:00
|
|
|
class TestMonkeyBlackbox:
|
2019-09-13 21:12:58 +08:00
|
|
|
@staticmethod
|
2021-04-06 21:19:27 +08:00
|
|
|
def run_exploitation_test(
|
|
|
|
|
island_client: MonkeyIslandClient,
|
|
|
|
|
config_template: Type[ConfigTemplate],
|
|
|
|
|
test_name: str,
|
|
|
|
|
timeout_in_seconds=DEFAULT_TIMEOUT_SECONDS,
|
|
|
|
|
):
|
2021-03-02 21:01:56 +08:00
|
|
|
raw_config = IslandConfigParser.get_raw_config(config_template, island_client)
|
2021-04-06 21:19:27 +08:00
|
|
|
analyzer = CommunicationAnalyzer(
|
|
|
|
|
island_client, IslandConfigParser.get_ips_of_targets(raw_config)
|
|
|
|
|
)
|
|
|
|
|
log_handler = TestLogsHandler(
|
|
|
|
|
test_name, island_client, TestMonkeyBlackbox.get_log_dir_path()
|
|
|
|
|
)
|
2020-04-10 19:32:39 +08:00
|
|
|
ExploitationTest(
|
2020-02-25 17:24:28 +08:00
|
|
|
name=test_name,
|
|
|
|
|
island_client=island_client,
|
2021-03-02 21:01:56 +08:00
|
|
|
raw_config=raw_config,
|
2020-02-25 17:24:28 +08:00
|
|
|
analyzers=[analyzer],
|
|
|
|
|
timeout=timeout_in_seconds,
|
2021-04-06 21:19:27 +08:00
|
|
|
log_handler=log_handler,
|
|
|
|
|
).run()
|
2019-10-01 15:42:51 +08:00
|
|
|
|
2020-02-23 21:24:44 +08:00
|
|
|
@staticmethod
|
2021-04-06 21:19:27 +08:00
|
|
|
def run_performance_test(
|
|
|
|
|
performance_test_class,
|
|
|
|
|
island_client,
|
|
|
|
|
config_template,
|
|
|
|
|
timeout_in_seconds,
|
|
|
|
|
break_on_timeout=False,
|
|
|
|
|
):
|
2021-03-02 21:01:56 +08:00
|
|
|
raw_config = IslandConfigParser.get_raw_config(config_template, island_client)
|
2021-04-06 21:19:27 +08:00
|
|
|
log_handler = TestLogsHandler(
|
|
|
|
|
performance_test_class.TEST_NAME, island_client, TestMonkeyBlackbox.get_log_dir_path()
|
|
|
|
|
)
|
|
|
|
|
analyzers = [
|
|
|
|
|
CommunicationAnalyzer(island_client, IslandConfigParser.get_ips_of_targets(raw_config))
|
|
|
|
|
]
|
|
|
|
|
performance_test_class(
|
|
|
|
|
island_client=island_client,
|
|
|
|
|
raw_config=raw_config,
|
|
|
|
|
analyzers=analyzers,
|
|
|
|
|
timeout=timeout_in_seconds,
|
|
|
|
|
log_handler=log_handler,
|
|
|
|
|
break_on_timeout=break_on_timeout,
|
|
|
|
|
).run()
|
2020-02-23 21:24:44 +08:00
|
|
|
|
2019-10-01 15:42:51 +08:00
|
|
|
@staticmethod
|
|
|
|
|
def get_log_dir_path():
|
|
|
|
|
return os.path.abspath(LOG_DIR_PATH)
|
2019-09-07 01:59:11 +08:00
|
|
|
|
2020-04-29 15:39:10 +08:00
|
|
|
def test_ssh_exploiter(self, island_client):
|
2021-03-02 21:01:56 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, Ssh, "SSH_exploiter_and_keys")
|
2020-04-29 15:39:10 +08:00
|
|
|
|
|
|
|
|
def test_hadoop_exploiter(self, island_client):
|
2021-03-02 21:01:56 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, Hadoop, "Hadoop_exploiter", 6 * 60)
|
2020-04-29 15:39:10 +08:00
|
|
|
|
|
|
|
|
def test_mssql_exploiter(self, island_client):
|
2021-03-02 21:01:56 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, Mssql, "MSSQL_exploiter")
|
2020-04-29 15:39:10 +08:00
|
|
|
|
2021-08-24 16:29:36 +08:00
|
|
|
def test_powershell_exploiter(self, island_client):
|
|
|
|
|
TestMonkeyBlackbox.run_exploitation_test(
|
|
|
|
|
island_client, PowerShell, "PowerShell_Remoting_exploiter"
|
|
|
|
|
)
|
|
|
|
|
|
2021-09-27 19:08:52 +08:00
|
|
|
@pytest.mark.os(WINDOWS)
|
|
|
|
|
def test_powershell_exploiter_cached_credentials(self, island_client):
|
|
|
|
|
TestMonkeyBlackbox.run_exploitation_test(
|
2021-09-27 23:12:28 +08:00
|
|
|
island_client,
|
|
|
|
|
PowerShellCachedCredentials,
|
|
|
|
|
"PowerShell_Remoting_exploiter_cached_credentials",
|
2021-09-27 19:08:52 +08:00
|
|
|
)
|
|
|
|
|
|
2020-04-29 15:39:10 +08:00
|
|
|
def test_smb_and_mimikatz_exploiters(self, island_client):
|
2021-04-06 21:19:27 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(
|
|
|
|
|
island_client, SmbMimikatz, "SMB_exploiter_mimikatz"
|
|
|
|
|
)
|
2020-04-29 15:39:10 +08:00
|
|
|
|
|
|
|
|
def test_smb_pth(self, island_client):
|
2021-03-02 21:01:56 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, SmbPth, "SMB_PTH")
|
2020-04-29 15:39:10 +08:00
|
|
|
|
2021-03-08 22:42:48 +08:00
|
|
|
def test_drupal_exploiter(self, island_client):
|
|
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, Drupal, "Drupal_exploiter")
|
|
|
|
|
|
2020-04-29 15:39:10 +08:00
|
|
|
def test_elastic_exploiter(self, island_client):
|
2021-03-02 21:01:56 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, Elastic, "Elastic_exploiter")
|
2020-04-29 15:39:10 +08:00
|
|
|
|
|
|
|
|
def test_struts_exploiter(self, island_client):
|
2021-08-05 01:15:49 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, Struts2, "Struts2_exploiter")
|
2020-04-29 15:39:10 +08:00
|
|
|
|
|
|
|
|
def test_weblogic_exploiter(self, island_client):
|
2021-03-02 21:01:56 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, Weblogic, "Weblogic_exploiter")
|
2020-04-29 15:39:10 +08:00
|
|
|
|
|
|
|
|
def test_shellshock_exploiter(self, island_client):
|
2021-03-02 21:01:56 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, ShellShock, "Shellschock_exploiter")
|
2020-04-29 15:39:10 +08:00
|
|
|
|
|
|
|
|
def test_tunneling(self, island_client):
|
2021-04-06 21:19:27 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(
|
|
|
|
|
island_client, Tunneling, "Tunneling_exploiter", 15 * 60
|
|
|
|
|
)
|
2020-04-29 15:39:10 +08:00
|
|
|
|
|
|
|
|
def test_wmi_and_mimikatz_exploiters(self, island_client):
|
2021-04-06 21:19:27 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(
|
|
|
|
|
island_client, WmiMimikatz, "WMI_exploiter,_mimikatz"
|
|
|
|
|
)
|
2020-04-29 15:39:10 +08:00
|
|
|
|
|
|
|
|
def test_wmi_pth(self, island_client):
|
2021-03-02 21:01:56 +08:00
|
|
|
TestMonkeyBlackbox.run_exploitation_test(island_client, WmiPth, "WMI_PTH")
|
2020-04-29 15:39:10 +08:00
|
|
|
|
2021-03-08 17:07:24 +08:00
|
|
|
def test_zerologon_exploiter(self, island_client):
|
2021-03-08 19:58:11 +08:00
|
|
|
test_name = "Zerologon_exploiter"
|
2021-04-06 21:19:27 +08:00
|
|
|
expected_creds = [
|
|
|
|
|
"Administrator",
|
|
|
|
|
"aad3b435b51404eeaad3b435b51404ee",
|
|
|
|
|
"2864b62ea4496934a5d6e86f50b834a5",
|
|
|
|
|
]
|
2021-03-08 19:58:11 +08:00
|
|
|
raw_config = IslandConfigParser.get_raw_config(Zerologon, island_client)
|
|
|
|
|
analyzer = ZerologonAnalyzer(island_client, expected_creds)
|
2021-04-06 21:19:27 +08:00
|
|
|
log_handler = TestLogsHandler(
|
|
|
|
|
test_name, island_client, TestMonkeyBlackbox.get_log_dir_path()
|
|
|
|
|
)
|
2021-03-08 17:07:24 +08:00
|
|
|
ExploitationTest(
|
|
|
|
|
name=test_name,
|
|
|
|
|
island_client=island_client,
|
|
|
|
|
raw_config=raw_config,
|
|
|
|
|
analyzers=[analyzer],
|
|
|
|
|
timeout=DEFAULT_TIMEOUT_SECONDS,
|
2021-04-06 21:19:27 +08:00
|
|
|
log_handler=log_handler,
|
|
|
|
|
).run()
|
2021-03-08 17:07:24 +08:00
|
|
|
|
2021-04-06 21:19:27 +08:00
|
|
|
@pytest.mark.skip(
|
|
|
|
|
reason="Perfomance test that creates env from fake telemetries is faster, use that instead."
|
|
|
|
|
)
|
2020-05-13 15:44:04 +08:00
|
|
|
def test_report_generation_performance(self, island_client, quick_performance_tests):
|
2020-04-29 15:39:10 +08:00
|
|
|
"""
|
|
|
|
|
This test includes the SSH + Elastic + Hadoop + MSSQL machines all in one test
|
|
|
|
|
for a total of 8 machines including the Monkey Island.
|
|
|
|
|
|
|
|
|
|
Is has 2 analyzers - the regular one which checks all the Monkeys
|
|
|
|
|
and the Timing one which checks how long the report took to execute
|
|
|
|
|
"""
|
2020-05-13 15:44:04 +08:00
|
|
|
if not quick_performance_tests:
|
2021-04-06 21:19:27 +08:00
|
|
|
TestMonkeyBlackbox.run_performance_test(
|
|
|
|
|
ReportGenerationTest, island_client, Performance, timeout_in_seconds=10 * 60
|
|
|
|
|
)
|
2020-05-13 15:44:04 +08:00
|
|
|
else:
|
|
|
|
|
LOGGER.error("This test doesn't support 'quick_performance_tests' option.")
|
|
|
|
|
assert False
|
|
|
|
|
|
2021-04-06 21:19:27 +08:00
|
|
|
@pytest.mark.skip(
|
|
|
|
|
reason="Perfomance test that creates env from fake telemetries is faster, use that instead."
|
|
|
|
|
)
|
2020-05-13 15:44:04 +08:00
|
|
|
def test_map_generation_performance(self, island_client, quick_performance_tests):
|
|
|
|
|
if not quick_performance_tests:
|
2021-04-06 21:19:27 +08:00
|
|
|
TestMonkeyBlackbox.run_performance_test(
|
|
|
|
|
MapGenerationTest, island_client, "PERFORMANCE.conf", timeout_in_seconds=10 * 60
|
|
|
|
|
)
|
2020-05-13 15:44:04 +08:00
|
|
|
else:
|
|
|
|
|
LOGGER.error("This test doesn't support 'quick_performance_tests' option.")
|
|
|
|
|
assert False
|
|
|
|
|
|
2021-04-29 22:42:59 +08:00
|
|
|
@pytest.mark.run_performance_tests
|
2020-05-13 15:44:04 +08:00
|
|
|
def test_report_generation_from_fake_telemetries(self, island_client, quick_performance_tests):
|
|
|
|
|
ReportGenerationFromTelemetryTest(island_client, quick_performance_tests).run()
|
|
|
|
|
|
2021-04-29 22:42:59 +08:00
|
|
|
@pytest.mark.run_performance_tests
|
2020-05-13 15:44:04 +08:00
|
|
|
def test_map_generation_from_fake_telemetries(self, island_client, quick_performance_tests):
|
|
|
|
|
MapGenerationFromTelemetryTest(island_client, quick_performance_tests).run()
|
|
|
|
|
|
2021-04-29 22:42:59 +08:00
|
|
|
@pytest.mark.run_performance_tests
|
2020-05-13 15:44:04 +08:00
|
|
|
def test_telem_performance(self, island_client, quick_performance_tests):
|
2021-04-06 21:19:27 +08:00
|
|
|
TelemetryPerformanceTest(
|
|
|
|
|
island_client, quick_performance_tests
|
|
|
|
|
).test_telemetry_performance()
|
