UI: Remove ElasticGroovyExploiter reporting

monkey/monkey_island/cc/services/config_schema/basic.py

@@ -18,7 +18,6 @@ BASIC = {
                         "WmiExploiter",
                         "SSHExploiter",
                         "Log4ShellExploiter",
-                        "ElasticGroovyExploiter",
                         "Struts2Exploiter",
                         "WebLogicExploiter",
                         "HadoopExploiter",

monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py

@@ -53,15 +53,6 @@ EXPLOITER_CLASSES = {
             "link": "https://www.guardicore.com/infectionmonkey/docs/reference"
             "/exploiters/sshexec/",
         },
-        {
-            "type": "string",
-            "enum": ["ElasticGroovyExploiter"],
-            "title": "ElasticGroovy Exploiter",
-            "safe": True,
-            "info": "CVE-2015-1427. Logic is based on Metasploit module.",
-            "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
-            "/elasticgroovy/",
-        },
         {
             "type": "string",
             "enum": ["Struts2Exploiter"],

monkey/monkey_island/cc/services/reporting/aws_exporter.py

@@ -69,7 +69,6 @@ class AWSExporter(Exporter):
                 CredentialType.KEY.value: AWSExporter._handle_ssh_key_issue,
             },
             "tunnel": AWSExporter._handle_tunnel_issue,
-            ExploiterDescriptorEnum.ELASTIC.value.class_name: AWSExporter._handle_elastic_issue,
             ExploiterDescriptorEnum.SMB.value.class_name: {
                 CredentialType.PASSWORD.value: AWSExporter._handle_smb_password_issue,
                 CredentialType.HASH.value: AWSExporter._handle_smb_pth_issue,
@@ -245,21 +244,6 @@ class AWSExporter(Exporter):
             instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
         )
 
-    @staticmethod
-    def _handle_elastic_issue(issue, instance_arn):
-
-        return AWSExporter._build_generic_finding(
-            severity=10,
-            title="Elastic Search servers are vulnerable to CVE-2015-1427",
-            description="Update your Elastic Search server to version 1.4.3 and up.",
-            recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. "
-            "The attack was made "
-            "possible because the Elastic Search server was not patched "
-            "against CVE-2015-1427.".format(issue["machine"], issue["ip_address"]),
-            instance_arn=instance_arn,
-            instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
-        )
-
     @staticmethod
     def _handle_island_cross_segment_issue(issue, instance_arn):
 

monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py

@@ -28,9 +28,6 @@ class ExploiterDescriptorEnum(Enum):
     SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
     WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
     SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
-    ELASTIC = ExploiterDescriptor(
-        "ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
-    )
     STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
     WEBLOGIC = ExploiterDescriptor(
         "WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor

monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js

@@ -27,7 +27,6 @@ import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue
 import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue';
 import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
 import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
-import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
 import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
 import {
   crossSegmentIssueOverview,
@@ -119,11 +118,6 @@ class ReportPageComponent extends AuthComponent {
         },
         [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
       },
-      'ElasticGroovyExploiter': {
-        [this.issueContentTypes.OVERVIEW]: elasticIssueOverview,
-        [this.issueContentTypes.REPORT]: elasticIssueReport,
-        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
-      },
       'PowerShellExploiter': {
         [this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
         [this.issueContentTypes.REPORT]: powershellIssueReport,

monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ElasticIssue.js

@@ -1,23 +0,0 @@
-import React from 'react';
-import CollapsibleWellComponent from '../CollapsibleWell';
-
-export function elasticIssueOverview() {
-  return (<li>Elasticsearch servers are vulnerable to <a
-                      href="https://www.cvedetails.com/cve/cve-2015-1427">CVE-2015-1427</a>.
-                    </li>)
-}
-
-export function elasticIssueReport(issue) {
-  return (
-      <>
-        Update your Elastic Search server to version 1.4.3 and up.
-        <CollapsibleWellComponent>
-          The machine <span className="badge badge-primary">{issue.machine}</span> (<span
-          className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to an <span
-          className="badge badge-danger">Elastic Groovy</span> attack.
-          <br/>
-          The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427.
-        </CollapsibleWellComponent>
-      </>
-    );
-}