p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into attack_configuration 

# Conflicts:
#	monkey/monkey_island/cc/app.py
#	monkey/monkey_island/cc/server_config.json
#	monkey/monkey_island/cc/ui/package-lock.json
#	monkey/monkey_island/cc/ui/package.json
#	monkey/monkey_island/cc/ui/src/styles/App.css
#	monkey/monkey_island/requirements.txt
This commit is contained in:
VakarisZ 2019-05-22 09:15:10 +03:00
parent 07db38a130 353ad6529d
commit 6c97b44b69
50 changed files with 4817 additions and 4770 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -82,4 +82,5 @@ MonkeyZoo/*
!MonkeyZoo/config.tf !MonkeyZoo/config.tf
!MonkeyZoo/MonkeyZooDocs.pdf !MonkeyZoo/MonkeyZooDocs.pdf
# vim swap files
*.swp

24
deployment_scripts/deploy_linux.sh
View File

@ -81,33 +81,15 @@ wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_64_BINARY_URL}
# Allow them to be executed # Allow them to be executed
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_32_BINARY_NAME" chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_32_BINARY_NAME"
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME" chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME"
chmod a+x "$ISLAND_BINARIES_PATH/$WINDOWS_32_BINARY_NAME"
chmod a+x "$ISLAND_BINARIES_PATH/$WINDOWS_64_BINARY_NAME"
# Get machine type/kernel version # Get machine type/kernel version
kernel=`uname -m` kernel=`uname -m`
linux_dist=`lsb_release -a 2> /dev/null` linux_dist=`lsb_release -a 2> /dev/null`
# If a user haven't installed mongo manually check if we can install it with our script # If a user haven't installed mongo manually check if we can install it with our script
if [[ ! -f "$MONGO_BIN_PATH/mongod" ]] && { [[ ${kernel} != "x86_64" ]] || \ log_message "Installing MongoDB"
{ [[ ${linux_dist} != *"Debian"* ]] && [[ ${linux_dist} != *"Ubuntu"* ]]; }; }; then ${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_BIN_PATH} || handle_error
echo "Script does not support your operating system for mongodb installation.
Reference monkey island readme and install it manually"
exit 1
fi
# Download mongo
if [[ ! -f "$MONGO_BIN_PATH/mongod" ]]; then
log_message "Downloading mongodb"
if [[ ${linux_dist} == *"Debian"* ]]; then
wget -c -N -O "/tmp/mongo.tgz" ${MONGO_DEBIAN_URL}
elif [[ ${linux_dist} == *"Ubuntu"* ]]; then
wget -c -N -O "/tmp/mongo.tgz" ${MONGO_UBUNTU_URL}
fi
tar --strip 2 --wildcards -C ${MONGO_BIN_PATH} -zxvf /tmp/mongo.tgz mongo*/bin/* || handle_error
else
log_message "Mongo db already installed"
fi
log_message "Installing openssl" log_message "Installing openssl"
sudo apt-get install openssl sudo apt-get install openssl

11
envs/monkey_zoo/docs/fullDocs.md
View File

@ -719,19 +719,18 @@ fullTest.conf is a good config to start, because it covers all machines.
</tr> </tr>
<tr class="even"> <tr class="even">
<td>Servers config:</td> <td>Servers config:</td>
<td><p>xp_cmdshell feature enabled in MSSQL server</p> <td><p>xp_cmdshell feature enabled in MSSQL server</p></td>
<p>Servers creds (sa): admin, }8Ys#"</p></td>
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td>SQL server auth. creds:</td>
<td><p>m0nk3y : Xk8VDTsC</p></td>
</tr>
<tr class="even">
<td>Notes:</td> <td>Notes:</td>
<td><p>Enabled SQL server browser service</p> <td><p>Enabled SQL server browser service</p>
<p><a href="https://docs.microsoft.com/en-us/sql/relational-databases/lesson-2-connecting-from-another-computer?view=sql-server-2017">Enabled remote connections</a></p> <p><a href="https://docs.microsoft.com/en-us/sql/relational-databases/lesson-2-connecting-from-another-computer?view=sql-server-2017">Enabled remote connections</a></p>
<p><a href="https://support.plesk.com/hc/en-us/articles/213397429-How-to-change-a-password-for-the-sa-user-in-MS-SQL-">Changed default password</a></p></td> <p><a href="https://support.plesk.com/hc/en-us/articles/213397429-How-to-change-a-password-for-the-sa-user-in-MS-SQL-">Changed default password</a></p></td>
</tr> </tr>
<tr class="even">
<td></td>
<td></td>
</tr>
</tbody> </tbody>
</table> </table>

56
monkey/common/cloud/aws_instance.py
View File

@ -1,22 +1,48 @@
import json
import re import re
import urllib2 import urllib2
import logging
__author__ = 'itay.mizeretz' __author__ = 'itay.mizeretz'
AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS = "169.254.169.254"
AWS_LATEST_METADATA_URI_PREFIX = 'http://{0}/latest/'.format(AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS)
ACCOUNT_ID_KEY = "accountId"
logger = logging.getLogger(__name__)
class AwsInstance(object): class AwsInstance(object):
"""
Class which gives useful information about the current instance you're on.
"""
def __init__(self): def __init__(self):
try:
self.instance_id = urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id', timeout=2).read()
self.region = self._parse_region(
urllib2.urlopen('http://169.254.169.254/latest/meta-data/placement/availability-zone').read())
except urllib2.URLError:
self.instance_id = None self.instance_id = None
self.region = None self.region = None
self.account_id = None
try:
self.instance_id = urllib2.urlopen(
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read()
self.region = self._parse_region(
urllib2.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read())
except urllib2.URLError as e:
logger.warning("Failed init of AwsInstance while getting metadata: {}".format(e.message))
try:
self.account_id = self._extract_account_id(
urllib2.urlopen(
AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read())
except urllib2.URLError as e:
logger.warning("Failed init of AwsInstance while getting dynamic instance data: {}".format(e.message))
@staticmethod @staticmethod
def _parse_region(region_url_response): def _parse_region(region_url_response):
# For a list of regions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html # For a list of regions, see:
# https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
# This regex will find any AWS region format string in the response. # This regex will find any AWS region format string in the response.
re_phrase = r'((?:us|eu|ap|ca|cn|sa)-[a-z]*-[0-9])' re_phrase = r'((?:us|eu|ap|ca|cn|sa)-[a-z]*-[0-9])'
finding = re.findall(re_phrase, region_url_response, re.IGNORECASE) finding = re.findall(re_phrase, region_url_response, re.IGNORECASE)
@ -33,3 +59,21 @@ class AwsInstance(object):
def is_aws_instance(self): def is_aws_instance(self):
return self.instance_id is not None return self.instance_id is not None
@staticmethod
def _extract_account_id(instance_identity_document_response):
"""
Extracts the account id from the dynamic/instance-identity/document metadata path.
Based on https://forums.aws.amazon.com/message.jspa?messageID=409028 which has a few more solutions,
in case Amazon break this mechanism.
:param instance_identity_document_response: json returned via the web page ../dynamic/instance-identity/document
:return: The account id
"""
return json.loads(instance_identity_document_response)[ACCOUNT_ID_KEY]
def get_account_id(self):
"""
:return: the AWS account ID which "owns" this instance.
See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
"""
return self.account_id

73
monkey/common/cloud/aws_service.py
View File

@ -1,23 +1,44 @@
import logging
import boto3 import boto3
import botocore
from botocore.exceptions import ClientError from botocore.exceptions import ClientError
__author__ = 'itay.mizeretz' from common.cloud.aws_instance import AwsInstance
__author__ = ['itay.mizeretz', 'shay.nehmad']
INSTANCE_INFORMATION_LIST_KEY = 'InstanceInformationList'
INSTANCE_ID_KEY = 'InstanceId'
COMPUTER_NAME_KEY = 'ComputerName'
PLATFORM_TYPE_KEY = 'PlatformType'
IP_ADDRESS_KEY = 'IPAddress'
logger = logging.getLogger(__name__)
def filter_instance_data_from_aws_response(response):
return [{
'instance_id': x[INSTANCE_ID_KEY],
'name': x[COMPUTER_NAME_KEY],
'os': x[PLATFORM_TYPE_KEY].lower(),
'ip_address': x[IP_ADDRESS_KEY]
} for x in response[INSTANCE_INFORMATION_LIST_KEY]]
class AwsService(object): class AwsService(object):
""" """
Supplies various AWS services A wrapper class around the boto3 client and session modules, which supplies various AWS services.
This class will assume:
1. That it's running on an EC2 instance
2. That the instance is associated with the correct IAM role. See
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#iam-role for details.
""" """
access_key_id = None
secret_access_key = None
region = None region = None
@staticmethod
def set_auth_params(access_key_id, secret_access_key):
AwsService.access_key_id = access_key_id
AwsService.secret_access_key = secret_access_key
@staticmethod @staticmethod
def set_region(region): def set_region(region):
AwsService.region = region AwsService.region = region
@ -26,15 +47,11 @@ class AwsService(object):
def get_client(client_type, region=None): def get_client(client_type, region=None):
return boto3.client( return boto3.client(
client_type, client_type,
aws_access_key_id=AwsService.access_key_id,
aws_secret_access_key=AwsService.secret_access_key,
region_name=region if region is not None else AwsService.region) region_name=region if region is not None else AwsService.region)
@staticmethod @staticmethod
def get_session(): def get_session():
return boto3.session.Session( return boto3.session.Session()
aws_access_key_id=AwsService.access_key_id,
aws_secret_access_key=AwsService.secret_access_key)
@staticmethod @staticmethod
def get_regions(): def get_regions():
@ -50,14 +67,22 @@ class AwsService(object):
@staticmethod @staticmethod
def get_instances(): def get_instances():
return \ """
[ Get the information for all instances with the relevant roles.
{
'instance_id': x['InstanceId'],
'name': x['ComputerName'],
'os': x['PlatformType'].lower(),
'ip_address': x['IPAddress']
}
for x in AwsService.get_client('ssm').describe_instance_information()['InstanceInformationList']
]
This function will assume that it's running on an EC2 instance with the correct IAM role.
See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#iam-role for details.
:raises: botocore.exceptions.ClientError if can't describe local instance information.
:return: All visible instances from this instance
"""
current_instance = AwsInstance()
local_ssm_client = boto3.client("ssm", current_instance.get_region())
try:
response = local_ssm_client.describe_instance_information()
filtered_instances_data = filter_instance_data_from_aws_response(response)
return filtered_instances_data
except botocore.exceptions.ClientError as e:
logger.warning("AWS client error while trying to get instances: " + e.message)
raise e

59
monkey/common/cloud/test_filter_instance_data_from_aws_response.py Normal file
View File

@ -0,0 +1,59 @@
from unittest import TestCase
from aws_service import filter_instance_data_from_aws_response
import json
__author__ = 'shay.nehmad'
class TestFilter_instance_data_from_aws_response(TestCase):
def test_filter_instance_data_from_aws_response(self):
json_response_full = """
{
"InstanceInformationList": [
{
"ActivationId": "string",
"AgentVersion": "string",
"AssociationOverview": {
"DetailedStatus": "string",
"InstanceAssociationStatusAggregatedCount": {
"string" : 6
}
},
"AssociationStatus": "string",
"ComputerName": "string",
"IamRole": "string",
"InstanceId": "string",
"IPAddress": "string",
"IsLatestVersion": "True",
"LastAssociationExecutionDate": 6,
"LastPingDateTime": 6,
"LastSuccessfulAssociationExecutionDate": 6,
"Name": "string",
"PingStatus": "string",
"PlatformName": "string",
"PlatformType": "string",
"PlatformVersion": "string",
"RegistrationDate": 6,
"ResourceType": "string"
}
],
"NextToken": "string"
}
"""
json_response_empty = """
{
"InstanceInformationList": [],
"NextToken": "string"
}
"""
self.assertEqual(filter_instance_data_from_aws_response(json.loads(json_response_empty)), [])
self.assertEqual(
filter_instance_data_from_aws_response(json.loads(json_response_full)),
[{'instance_id': u'string',
'ip_address': u'string',
'name': u'string',
'os': u'string'}])

2
monkey/infection_monkey/config.py
View File

@ -157,7 +157,7 @@ class Configuration(object):
retry_failed_explotation = True retry_failed_explotation = True
# addresses of internet servers to ping and check if the monkey has internet acccess. # addresses of internet servers to ping and check if the monkey has internet acccess.
internet_services = ["monkey.guardicore.com", "www.google.com"] internet_services = ["updates.infectionmonkey.com", "www.google.com"]
keep_tunnel_open_time = 60 keep_tunnel_open_time = 60

5
monkey/infection_monkey/control.py
View File

@ -9,7 +9,7 @@ from requests.exceptions import ConnectionError
import infection_monkey.monkeyfs as monkeyfs import infection_monkey.monkeyfs as monkeyfs
import infection_monkey.tunnel as tunnel import infection_monkey.tunnel as tunnel
from infection_monkey.config import WormConfiguration, GUID from infection_monkey.config import WormConfiguration, GUID
from infection_monkey.network.info import local_ips, check_internet_access from infection_monkey.network.info import local_ips, check_internet_access, TIMEOUT
from infection_monkey.transport.http import HTTPConnectProxy from infection_monkey.transport.http import HTTPConnectProxy
from infection_monkey.transport.tcp import TcpProxy from infection_monkey.transport.tcp import TcpProxy
@ -19,9 +19,6 @@ requests.packages.urllib3.disable_warnings()
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
DOWNLOAD_CHUNK = 1024 DOWNLOAD_CHUNK = 1024
# random number greater than 5,
# to prevent the monkey from just waiting forever to try and connect to an island before going elsewhere.
TIMEOUT = 15
class ControlClient(object): class ControlClient(object):

2
monkey/infection_monkey/exploit/sshexec.py
View File

@ -84,7 +84,7 @@ class SSHExploiter(HostExploiter):
self.report_login_attempt(True, user, curpass) self.report_login_attempt(True, user, curpass)
break break
except paramiko.AuthenticationException as exc: except Exception as exc:
LOG.debug("Error logging into victim %r with user" LOG.debug("Error logging into victim %r with user"
" %s and password '%s': (%s)", self.host, " %s and password '%s': (%s)", self.host,
user, curpass, exc) user, curpass, exc)

3
monkey/infection_monkey/exploit/struts2.py
View File

@ -7,6 +7,7 @@ import urllib2
import httplib import httplib
import unicodedata import unicodedata
import re import re
import ssl
import logging import logging
from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.exploit.web_rce import WebRCE
@ -47,7 +48,7 @@ class Struts2Exploiter(WebRCE):
headers = {'User-Agent': 'Mozilla/5.0'} headers = {'User-Agent': 'Mozilla/5.0'}
request = urllib2.Request(url, headers=headers) request = urllib2.Request(url, headers=headers)
try: try:
return urllib2.urlopen(request).geturl() return urllib2.urlopen(request, context=ssl._create_unverified_context()).geturl()
except urllib2.URLError: except urllib2.URLError:
LOG.error("Can't reach struts2 server") LOG.error("Can't reach struts2 server")
return False return False

6
monkey/infection_monkey/exploit/web_rce.py
View File

@ -13,7 +13,7 @@ __author__ = 'VakarisZ'
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
# Command used to check if monkeys already exists # Command used to check if monkeys already exists
LOOK_FOR_FILE = "ls %s" LOOK_FOR_FILE = "ls %s"
POWERSHELL_NOT_FOUND = "owershell is not recognized" POWERSHELL_NOT_FOUND = "powershell is not recognized"
# Constants used to refer to windows architectures( used in host.os['machine']) # Constants used to refer to windows architectures( used in host.os['machine'])
WIN_ARCH_32 = "32" WIN_ARCH_32 = "32"
WIN_ARCH_64 = "64" WIN_ARCH_64 = "64"
@ -253,7 +253,7 @@ class WebRCE(HostExploiter):
if 'No such file' in resp: if 'No such file' in resp:
return False return False
else: else:
LOG.info("Host %s was already infected under the current configuration, done" % host) LOG.info("Host %s was already infected under the current configuration, done" % str(host))
return True return True
def check_remote_files(self, url): def check_remote_files(self, url):
@ -281,7 +281,7 @@ class WebRCE(HostExploiter):
""" """
ports = self.get_open_service_ports(ports, names) ports = self.get_open_service_ports(ports, names)
if not ports: if not ports:
LOG.info("All default web ports are closed on %r, skipping", host) LOG.info("All default web ports are closed on %r, skipping", str(host))
return False return False
else: else:
return ports return ports

2
monkey/infection_monkey/exploit/weblogic.py
View File

@ -5,7 +5,7 @@
# Luffin from Github # Luffin from Github
# https://github.com/Luffin/CVE-2017-10271 # https://github.com/Luffin/CVE-2017-10271
# CVE: CVE-2017-10271 # CVE: CVE-2017-10271
from __future__ import print_function
from requests import post, exceptions from requests import post, exceptions
from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.exploit.tools import get_free_tcp_port, get_interface_to_target from infection_monkey.exploit.tools import get_free_tcp_port, get_interface_to_target

4
monkey/infection_monkey/main.py
View File

@ -13,6 +13,7 @@ from infection_monkey.config import WormConfiguration, EXTERNAL_CONFIG_FILE
from infection_monkey.dropper import MonkeyDrops from infection_monkey.dropper import MonkeyDrops
from infection_monkey.model import MONKEY_ARG, DROPPER_ARG from infection_monkey.model import MONKEY_ARG, DROPPER_ARG
from infection_monkey.monkey import InfectionMonkey from infection_monkey.monkey import InfectionMonkey
# noinspection PyUnresolvedReferences
import infection_monkey.post_breach # dummy import for pyinstaller import infection_monkey.post_breach # dummy import for pyinstaller
__author__ = 'itamar' __author__ = 'itamar'
@ -70,7 +71,8 @@ def main():
print("Loaded Configuration: %r" % WormConfiguration.as_dict()) print("Loaded Configuration: %r" % WormConfiguration.as_dict())
# Make sure we're not in a machine that has the kill file # Make sure we're not in a machine that has the kill file
kill_path = os.path.expandvars(WormConfiguration.kill_file_path_windows) if sys.platform == "win32" else WormConfiguration.kill_file_path_linux kill_path = os.path.expandvars(
WormConfiguration.kill_file_path_windows) if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
if os.path.exists(kill_path): if os.path.exists(kill_path):
print("Kill path found, finished run") print("Kill path found, finished run")
return True return True

18
monkey/infection_monkey/network/info.py
View File

@ -8,6 +8,10 @@ import itertools
import netifaces import netifaces
from subprocess import check_output from subprocess import check_output
from random import randint from random import randint
import requests
from requests import ConnectionError
from common.network.network_range import CidrRange from common.network.network_range import CidrRange
try: try:
@ -16,6 +20,10 @@ except NameError:
long = int # Python 3 long = int # Python 3
# Timeout for monkey connections
TIMEOUT = 15
def get_host_subnets(): def get_host_subnets():
""" """
Returns a list of subnets visible to host (omitting loopback and auto conf networks) Returns a list of subnets visible to host (omitting loopback and auto conf networks)
@ -124,14 +132,18 @@ def get_free_tcp_port(min_range=1000, max_range=65535):
def check_internet_access(services): def check_internet_access(services):
""" """
Checks if any of the services are accessible, over ICMP Checks if any of the services are accessible, over HTTPS
:param services: List of IPs/hostnames :param services: List of IPs/hostnames
:return: boolean depending on internet access :return: boolean depending on internet access
""" """
ping_str = "-n 1" if sys.platform.startswith("win") else "-c 1"
for host in services: for host in services:
if os.system("ping " + ping_str + " " + host) == 0: try:
requests.get("https://%s" % (host,), timeout=TIMEOUT, verify=False)
return True return True
except ConnectionError:
# Failed connecting
pass
return False return False

4
monkey/infection_monkey/transport/http.py
View File

@ -170,6 +170,8 @@ class HTTPServer(threading.Thread):
def report_download(dest=None): def report_download(dest=None):
LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1])) LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1]))
self.downloads += 1 self.downloads += 1
if not self.downloads < self.max_downloads:
self.close_connection = 1
httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler) httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
httpd.timeout = 0.5 # this is irrelevant? httpd.timeout = 0.5 # this is irrelevant?
@ -214,6 +216,8 @@ class LockedHTTPServer(threading.Thread):
def report_download(dest=None): def report_download(dest=None):
LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1])) LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1]))
self.downloads += 1 self.downloads += 1
if not self.downloads < self.max_downloads:
self.close_connection = 1
httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler) httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
self.lock.release() self.lock.release()

32
monkey/monkey_island/cc/app.py
View File

@ -28,8 +28,10 @@ from monkey_island.cc.resources.root import Root
from monkey_island.cc.resources.telemetry import Telemetry from monkey_island.cc.resources.telemetry import Telemetry
from monkey_island.cc.resources.telemetry_feed import TelemetryFeed from monkey_island.cc.resources.telemetry_feed import TelemetryFeed
from monkey_island.cc.resources.pba_file_download import PBAFileDownload from monkey_island.cc.resources.pba_file_download import PBAFileDownload
from monkey_island.cc.resources.version_update import VersionUpdate
from monkey_island.cc.services.database import Database from monkey_island.cc.services.database import Database
from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH
from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
from monkey_island.cc.resources.pba_file_upload import FileUpload from monkey_island.cc.resources.pba_file_upload import FileUpload
from monkey_island.cc.resources.attack_telem import AttackTelem from monkey_island.cc.resources.attack_telem import AttackTelem
from monkey_island.cc.resources.attack_config import AttackConfiguration from monkey_island.cc.resources.attack_config import AttackConfiguration
@ -83,18 +85,14 @@ def output_json(obj, code, headers=None):
return resp return resp
def init_app(mongo_url): def init_app_config(app, mongo_url):
app = Flask(__name__)
api = flask_restful.Api(app)
api.representations = {'application/json': output_json}
app.config['MONGO_URI'] = mongo_url app.config['MONGO_URI'] = mongo_url
app.config['SECRET_KEY'] = str(uuid.getnode()) app.config['SECRET_KEY'] = str(uuid.getnode())
app.config['JWT_AUTH_URL_RULE'] = '/api/auth' app.config['JWT_AUTH_URL_RULE'] = '/api/auth'
app.config['JWT_EXPIRATION_DELTA'] = env.get_auth_expiration_time() app.config['JWT_EXPIRATION_DELTA'] = env.get_auth_expiration_time()
def init_app_services(app):
init_jwt(app) init_jwt(app)
mongo.init_app(app) mongo.init_app(app)
@ -102,9 +100,16 @@ def init_app(mongo_url):
database.init() database.init()
Database.init_db() Database.init_db()
# If running on AWS, this will initialize the instance data, which is used "later" in the execution of the island.
RemoteRunAwsService.init()
def init_app_url_rules(app):
app.add_url_rule('/', 'serve_home', serve_home) app.add_url_rule('/', 'serve_home', serve_home)
app.add_url_rule('/<path:static_path>', 'serve_static_file', serve_static_file) app.add_url_rule('/<path:static_path>', 'serve_static_file', serve_static_file)
def init_api_resources(api):
api.add_resource(Root, '/api') api.add_resource(Root, '/api')
api.add_resource(Monkey, '/api/monkey', '/api/monkey/', '/api/monkey/<string:guid>') api.add_resource(Monkey, '/api/monkey', '/api/monkey/', '/api/monkey/<string:guid>')
api.add_resource(LocalRun, '/api/local-monkey', '/api/local-monkey/') api.add_resource(LocalRun, '/api/local-monkey', '/api/local-monkey/')
@ -128,5 +133,18 @@ def init_app(mongo_url):
api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/') api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/')
api.add_resource(AttackConfiguration, '/api/attack') api.add_resource(AttackConfiguration, '/api/attack')
api.add_resource(AttackTelem, '/api/attack/<string:technique>') api.add_resource(AttackTelem, '/api/attack/<string:technique>')
api.add_resource(VersionUpdate, '/api/version-update', '/api/version-update/')
def init_app(mongo_url):
app = Flask(__name__)
api = flask_restful.Api(app)
api.representations = {'application/json': output_json}
init_app_config(app, mongo_url)
init_app_services(app)
init_app_url_rules(app)
init_api_resources(api)
return app return app

16
monkey/monkey_island/cc/environment/__init__.py
View File

@ -13,6 +13,7 @@ class Environment(object):
_MONGO_URL = os.environ.get("MONKEY_MONGO_URL", "mongodb://localhost:27017/monkeyisland") _MONGO_URL = os.environ.get("MONKEY_MONGO_URL", "mongodb://localhost:27017/monkeyisland")
_DEBUG_SERVER = False _DEBUG_SERVER = False
_AUTH_EXPIRATION_TIME = timedelta(hours=1) _AUTH_EXPIRATION_TIME = timedelta(hours=1)
_MONKEY_VERSION = "1.6.3"
def __init__(self): def __init__(self):
self.config = None self.config = None
@ -37,6 +38,21 @@ class Environment(object):
h.update(secret) h.update(secret)
return h.hexdigest() return h.hexdigest()
def get_deployment(self):
return self._get_from_config('deployment', 'unknown')
def is_develop(self):
return self.get_deployment() == 'develop'
def get_version(self):
return self._MONKEY_VERSION + ('-dev' if self.is_develop() else '')
def _get_from_config(self, key, default_value=None):
val = default_value
if self.config is not None:
val = self.config.get(key, val)
return val
@abc.abstractmethod @abc.abstractmethod
def get_auth_users(self): def get_auth_users(self):
return return

1
monkey/monkey_island/cc/environment/environment.py
View File

@ -32,6 +32,7 @@ def load_env_from_file():
config_json = load_server_configuration_from_file() config_json = load_server_configuration_from_file()
return config_json['server_config'] return config_json['server_config']
try: try:
config_json = load_server_configuration_from_file() config_json = load_server_configuration_from_file()
__env_type = config_json['server_config'] __env_type = config_json['server_config']

18
monkey/monkey_island/cc/exporter_init.py
View File

@ -1,19 +1,19 @@
from monkey_island.cc.environment.environment import load_env_from_file, AWS import logging
from monkey_island.cc.report_exporter_manager import ReportExporterManager from monkey_island.cc.report_exporter_manager import ReportExporterManager
from monkey_island.cc.resources.aws_exporter import AWSExporter from monkey_island.cc.resources.aws_exporter import AWSExporter
from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
__author__ = 'maor.rayzin' logger = logging.getLogger(__name__)
def populate_exporter_list(): def populate_exporter_list():
manager = ReportExporterManager() manager = ReportExporterManager()
if is_aws_exporter_required(): RemoteRunAwsService.init()
if RemoteRunAwsService.is_running_on_aws():
manager.add_exporter_to_list(AWSExporter) manager.add_exporter_to_list(AWSExporter)
if len(manager.get_exporters_list()) != 0:
logger.debug(
"Populated exporters list with the following exporters: {0}".format(str(manager.get_exporters_list())))
def is_aws_exporter_required():
if str(load_env_from_file()) == AWS:
return True
else:
return False

3
monkey/monkey_island/cc/report_exporter_manager.py
View File

@ -29,6 +29,7 @@ class ReportExporterManager(object):
def export(self, report): def export(self, report):
try: try:
for exporter in self._exporters_set: for exporter in self._exporters_set:
logger.debug("Trying to export using " + repr(exporter))
exporter().handle_report(report) exporter().handle_report(report)
except Exception as e: except Exception as e:
logger.exception('Failed to export report') logger.exception('Failed to export report, error: ' + e.message)

58
monkey/monkey_island/cc/resources/aws_exporter.py
View File

@ -1,53 +1,42 @@
import logging import logging
import uuid import uuid
from datetime import datetime from datetime import datetime
import boto3 import boto3
from botocore.exceptions import UnknownServiceError from botocore.exceptions import UnknownServiceError
from monkey_island.cc.resources.exporter import Exporter
from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.environment.environment import load_server_configuration_from_file
from common.cloud.aws_instance import AwsInstance from common.cloud.aws_instance import AwsInstance
from monkey_island.cc.environment.environment import load_server_configuration_from_file
from monkey_island.cc.resources.exporter import Exporter
__author__ = 'maor.rayzin' __authors__ = ['maor.rayzin', 'shay.nehmad']
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
AWS_CRED_CONFIG_KEYS = [['cnc', 'aws_config', 'aws_access_key_id'],
['cnc', 'aws_config', 'aws_secret_access_key'],
['cnc', 'aws_config', 'aws_account_id']]
class AWSExporter(Exporter): class AWSExporter(Exporter):
@staticmethod @staticmethod
def handle_report(report_json): def handle_report(report_json):
aws = AwsInstance()
findings_list = [] findings_list = []
issues_list = report_json['recommendations']['issues'] issues_list = report_json['recommendations']['issues']
if not issues_list: if not issues_list:
logger.info('No issues were found by the monkey, no need to send anything') logger.info('No issues were found by the monkey, no need to send anything')
return True return True
current_aws_region = AwsInstance().get_region()
for machine in issues_list: for machine in issues_list:
for issue in issues_list[machine]: for issue in issues_list[machine]:
if issue.get('aws_instance_id', None): if issue.get('aws_instance_id', None):
findings_list.append(AWSExporter._prepare_finding(issue, aws.get_region())) findings_list.append(AWSExporter._prepare_finding(issue, current_aws_region))
if not AWSExporter._send_findings(findings_list, AWSExporter._get_aws_keys(), aws.get_region()): if not AWSExporter._send_findings(findings_list, current_aws_region):
logger.error('Exporting findings to aws failed') logger.error('Exporting findings to aws failed')
return False return False
return True return True
@staticmethod
def _get_aws_keys():
creds_dict = {}
for key in AWS_CRED_CONFIG_KEYS:
creds_dict[key[2]] = str(ConfigService.get_config_value(key))
return creds_dict
@staticmethod @staticmethod
def merge_two_dicts(x, y): def merge_two_dicts(x, y):
z = x.copy() # start with x's keys and values z = x.copy() # start with x's keys and values
@ -82,7 +71,8 @@ class AWSExporter(Exporter):
configured_product_arn = load_server_configuration_from_file()['aws'].get('sec_hub_product_arn', '') configured_product_arn = load_server_configuration_from_file()['aws'].get('sec_hub_product_arn', '')
product_arn = 'arn:aws:securityhub:{region}:{arn}'.format(region=region, arn=configured_product_arn) product_arn = 'arn:aws:securityhub:{region}:{arn}'.format(region=region, arn=configured_product_arn)
instance_arn = 'arn:aws:ec2:' + str(region) + ':instance:{instance_id}' instance_arn = 'arn:aws:ec2:' + str(region) + ':instance:{instance_id}'
account_id = AWSExporter._get_aws_keys().get('aws_account_id', '') account_id = AwsInstance().get_account_id()
logger.debug("aws account id acquired: {}".format(account_id))
finding = { finding = {
"SchemaVersion": "2018-10-08", "SchemaVersion": "2018-10-08",
@ -100,27 +90,26 @@ class AWSExporter(Exporter):
return AWSExporter.merge_two_dicts(finding, findings_dict[issue['type']](issue, instance_arn)) return AWSExporter.merge_two_dicts(finding, findings_dict[issue['type']](issue, instance_arn))
@staticmethod @staticmethod
def _send_findings(findings_list, creds_dict, region): def _send_findings(findings_list, region):
try: try:
if not creds_dict: logger.debug("Trying to acquire securityhub boto3 client in " + region)
logger.info('No AWS access credentials received in configuration') security_hub_client = boto3.client('securityhub', region_name=region)
return False logger.debug("Client acquired: {0}".format(repr(security_hub_client)))
securityhub = boto3.client('securityhub', # Assumes the machine has the correct IAM role to do this, @see
aws_access_key_id=creds_dict.get('aws_access_key_id', ''), # https://github.com/guardicore/monkey/wiki/Monkey-Island:-Running-the-monkey-on-AWS-EC2-instances
aws_secret_access_key=creds_dict.get('aws_secret_access_key', ''), import_response = security_hub_client.batch_import_findings(Findings=findings_list)
region_name=region) logger.debug("Import findings response: {0}".format(repr(import_response)))
import_response = securityhub.batch_import_findings(Findings=findings_list)
if import_response['ResponseMetadata']['HTTPStatusCode'] == 200: if import_response['ResponseMetadata']['HTTPStatusCode'] == 200:
return True return True
else: else:
return False return False
except UnknownServiceError as e: except UnknownServiceError as e:
logger.warning('AWS exporter called but AWS-CLI securityhub service is not installed') logger.warning('AWS exporter called but AWS-CLI securityhub service is not installed. Error: ' + e.message)
return False return False
except Exception as e: except Exception as e:
logger.exception('AWS security hub findings failed to send.') logger.exception('AWS security hub findings failed to send. Error: ' + e.message)
return False return False
@staticmethod @staticmethod
@ -243,7 +232,8 @@ class AWSExporter(Exporter):
{0} in the networks {1} \ {0} in the networks {1} \
could directly access the Monkey Island server in the networks {2}.".format(issue['machine'], could directly access the Monkey Island server in the networks {2}.".format(issue['machine'],
issue['networks'], issue['networks'],
issue['server_networks']), issue[
'server_networks']),
instance_arn=instance_arn, instance_arn=instance_arn,
instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
) )

21
monkey/monkey_island/cc/resources/remote_run.py
View File

@ -1,4 +1,6 @@
import json import json
from botocore.exceptions import NoCredentialsError, ClientError
from flask import request, jsonify, make_response from flask import request, jsonify, make_response
import flask_restful import flask_restful
@ -6,6 +8,11 @@ from monkey_island.cc.auth import jwt_required
from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
from common.cloud.aws_service import AwsService from common.cloud.aws_service import AwsService
CLIENT_ERROR_FORMAT = "ClientError, error message: '{}'. Probably, the IAM role that has been associated with the " \
"instance doesn't permit SSM calls. "
NO_CREDS_ERROR_FORMAT = "NoCredentialsError, error message: '{}'. Probably, no IAM role has been associated with the " \
"instance. "
class RemoteRun(flask_restful.Resource): class RemoteRun(flask_restful.Resource):
def __init__(self): def __init__(self):
@ -24,10 +31,14 @@ class RemoteRun(flask_restful.Resource):
is_aws = RemoteRunAwsService.is_running_on_aws() is_aws = RemoteRunAwsService.is_running_on_aws()
resp = {'is_aws': is_aws} resp = {'is_aws': is_aws}
if is_aws: if is_aws:
is_auth = RemoteRunAwsService.update_aws_auth_params() try:
resp['auth'] = is_auth
if is_auth:
resp['instances'] = AwsService.get_instances() resp['instances'] = AwsService.get_instances()
except NoCredentialsError as e:
resp['error'] = NO_CREDS_ERROR_FORMAT.format(e.message)
return jsonify(resp)
except ClientError as e:
resp['error'] = CLIENT_ERROR_FORMAT.format(e.message)
return jsonify(resp)
return jsonify(resp) return jsonify(resp)
return {} return {}
@ -37,9 +48,7 @@ class RemoteRun(flask_restful.Resource):
body = json.loads(request.data) body = json.loads(request.data)
resp = {} resp = {}
if body.get('type') == 'aws': if body.get('type') == 'aws':
is_auth = RemoteRunAwsService.update_aws_auth_params() RemoteRunAwsService.update_aws_region_authless()
resp['auth'] = is_auth
if is_auth:
result = self.run_aws_monkeys(body) result = self.run_aws_monkeys(body)
resp['result'] = result resp['result'] = result
return jsonify(resp) return jsonify(resp)

2
monkey/monkey_island/cc/resources/telemetry_feed.py
View File

@ -54,7 +54,7 @@ class TelemetryFeed(flask_restful.Resource):
@staticmethod @staticmethod
def get_state_telem_brief(telem): def get_state_telem_brief(telem):
if telem['data']['done']: if telem['data']['done']:
return '''Monkey finishing it's execution.''' return '''Monkey finishing its execution.'''
else: else:
return 'Monkey started.' return 'Monkey started.'

24
monkey/monkey_island/cc/resources/version_update.py Normal file
View File

@ -0,0 +1,24 @@
import flask_restful
import logging
from monkey_island.cc.environment.environment import env
from monkey_island.cc.auth import jwt_required
from monkey_island.cc.services.version_update import VersionUpdateService
__author__ = 'itay.mizeretz'
logger = logging.getLogger(__name__)
class VersionUpdate(flask_restful.Resource):
def __init__(self):
super(VersionUpdate, self).__init__()
# We don't secure this since it doesn't give out any private info and we want UI to know version
# even when not authenticated
def get(self):
return {
'current_version': env.get_version(),
'newer_version': VersionUpdateService.get_newer_version(),
'download_link': VersionUpdateService.get_download_link()
}

3
monkey/monkey_island/cc/server_config.json
View File

@ -1,3 +1,4 @@
{ {
"server_config": "standard" "server_config": "standard",
"deployment": "develop"
} }

17
monkey/monkey_island/cc/services/config.py
View File

@ -26,14 +26,6 @@ ENCRYPTED_CONFIG_ARRAYS = \
['internal', 'exploits', 'exploit_ssh_keys'] ['internal', 'exploits', 'exploit_ssh_keys']
] ]
# This should be used for config values of string type
ENCRYPTED_CONFIG_STRINGS = \
[
['cnc', 'aws_config', 'aws_access_key_id'],
['cnc', 'aws_config', 'aws_account_id'],
['cnc', 'aws_config', 'aws_secret_access_key']
]
class ConfigService: class ConfigService:
default_config = None default_config = None
@ -76,8 +68,6 @@ class ConfigService:
if should_decrypt: if should_decrypt:
if config_key_as_arr in ENCRYPTED_CONFIG_ARRAYS: if config_key_as_arr in ENCRYPTED_CONFIG_ARRAYS:
config = [encryptor.dec(x) for x in config] config = [encryptor.dec(x) for x in config]
elif config_key_as_arr in ENCRYPTED_CONFIG_STRINGS:
config = encryptor.dec(config)
return config return config
@staticmethod @staticmethod
@ -243,11 +233,8 @@ class ConfigService:
""" """
Same as decrypt_config but for a flat configuration Same as decrypt_config but for a flat configuration
""" """
if is_island:
keys = [config_arr_as_array[2] for config_arr_as_array in
(ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS)]
else:
keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS] keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS]
for key in keys: for key in keys:
if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], string_types): if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], string_types):
# Check if we are decrypting ssh key pair # Check if we are decrypting ssh key pair
@ -261,7 +248,7 @@ class ConfigService:
@staticmethod @staticmethod
def _encrypt_or_decrypt_config(config, is_decrypt=False): def _encrypt_or_decrypt_config(config, is_decrypt=False):
for config_arr_as_array in (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS): for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS:
config_arr = config config_arr = config
parent_config_arr = None parent_config_arr = None

30
monkey/monkey_island/cc/services/config_schema.py
View File

@ -275,8 +275,9 @@ SCHEMA = {
"default": [ "default": [
], ],
"description": "description":
"List of IPs/subnets the monkey should scan." "List of IPs/subnets/hosts the monkey should scan."
" Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\"" " Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\","
" \"printer.example\""
} }
} }
}, },
@ -722,31 +723,6 @@ SCHEMA = {
} }
} }
}, },
'aws_config': {
'title': 'AWS Configuration',
'type': 'object',
'description': 'These credentials will be used in order to export the monkey\'s findings to the AWS Security Hub.',
'properties': {
'aws_account_id': {
'title': 'AWS account ID',
'type': 'string',
'description': 'Your AWS account ID that is subscribed to security hub feeds',
'default': ''
},
'aws_access_key_id': {
'title': 'AWS access key ID',
'type': 'string',
'description': 'Your AWS public access key ID, can be found in the IAM user interface in the AWS console.',
'default': ''
},
'aws_secret_access_key': {
'title': 'AWS secret access key',
'type': 'string',
'description': 'Your AWS secret access key id, you can get this after creating a public access key in the console.',
'default': ''
}
}
}
} }
}, },
"exploits": { "exploits": {

14
monkey/monkey_island/cc/services/remote_run_aws.py
View File

@ -46,22 +46,12 @@ class RemoteRunAwsService:
return RemoteRunAwsService.aws_instance.is_aws_instance() return RemoteRunAwsService.aws_instance.is_aws_instance()
@staticmethod @staticmethod
def update_aws_auth_params(): def update_aws_region_authless():
""" """
Updates the AWS authentication parameters according to config Updates the AWS region without auth params (via IAM role)
:return: True if new params allow successful authentication. False otherwise
""" """
access_key_id = ConfigService.get_config_value(['cnc', 'aws_config', 'aws_access_key_id'], False, True)
secret_access_key = ConfigService.get_config_value(['cnc', 'aws_config', 'aws_secret_access_key'], False, True)
if (access_key_id != AwsService.access_key_id) or (secret_access_key != AwsService.secret_access_key):
AwsService.set_auth_params(access_key_id, secret_access_key)
RemoteRunAwsService.is_auth = AwsService.test_client()
AwsService.set_region(RemoteRunAwsService.aws_instance.region) AwsService.set_region(RemoteRunAwsService.aws_instance.region)
return RemoteRunAwsService.is_auth
@staticmethod @staticmethod
def get_bitness(instances): def get_bitness(instances):
""" """

57
monkey/monkey_island/cc/services/version_update.py Normal file
View File

@ -0,0 +1,57 @@
import logging
import requests
from monkey_island.cc.environment.environment import env
__author__ = "itay.mizeretz"
logger = logging.getLogger(__name__)
class VersionUpdateService:
VERSION_SERVER_URL_PREF = 'https://updates.infectionmonkey.com'
VERSION_SERVER_CHECK_NEW_URL = VERSION_SERVER_URL_PREF + '?deployment=%s&monkey_version=%s'
VERSION_SERVER_DOWNLOAD_URL = VERSION_SERVER_CHECK_NEW_URL + '&is_download=true'
newer_version = None
def __init__(self):
pass
@staticmethod
def get_newer_version():
"""
Checks for newer version if never checked before.
:return: None if failed checking for newer version, result of '_check_new_version' otherwise
"""
if VersionUpdateService.newer_version is None:
try:
VersionUpdateService.newer_version = VersionUpdateService._check_new_version()
except Exception:
logger.exception('Failed updating version number')
return VersionUpdateService.newer_version
@staticmethod
def _check_new_version():
"""
Checks if newer monkey version is available
:return: False if not, version in string format ('1.6.2') otherwise
"""
url = VersionUpdateService.VERSION_SERVER_CHECK_NEW_URL % (env.get_deployment(), env.get_version())
reply = requests.get(url, timeout=15)
res = reply.json().get('newer_version', None)
if res is False:
return res
[int(x) for x in res.split('.')] # raises value error if version is invalid format
return res
@staticmethod
def get_download_link():
return VersionUpdateService.VERSION_SERVER_DOWNLOAD_URL % (env.get_deployment(), env.get_version())

4
monkey/monkey_island/cc/ui/.babelrc
View File

@ -1,4 +1,4 @@
{ {
"presets": ["es2015", "stage-0", "react"] "presets": ["es2015", "stage-0", "react"],
"plugins": ["emotion"]
} }

8524
monkey/monkey_island/cc/ui/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

6
monkey/monkey_island/cc/ui/package.json
View File

@ -64,7 +64,7 @@
"webpack-dev-server": "^3.1.9" "webpack-dev-server": "^3.1.9"
}, },
"dependencies": { "dependencies": {
"bootstrap": "3.3.7", "bootstrap": "3.4.1",
"core-js": "^2.5.7", "core-js": "^2.5.7",
"downloadjs": "^1.4.7", "downloadjs": "^1.4.7",
"fetch": "^1.1.0", "fetch": "^1.1.0",
@ -96,6 +96,8 @@
"react-tooltip-lite": "^1.9.1", "react-tooltip-lite": "^1.9.1",
"redux": "^4.0.0", "redux": "^4.0.0",
"sass-loader": "^7.1.0", "sass-loader": "^7.1.0",
"sha3": "^2.0.0" "sha3": "^2.0.0",
"react-spinners": "^0.5.4",
"@emotion/core": "^10.0.10"
} }
} }

4
monkey/monkey_island/cc/ui/src/components/Main.js
View File

@ -20,6 +20,7 @@ import 'react-data-components/css/table-twbs.css';
import 'styles/App.css'; import 'styles/App.css';
import 'react-toggle/style.css'; import 'react-toggle/style.css';
import 'react-table/react-table.css'; import 'react-table/react-table.css';
import VersionComponent from "./side-menu/VersionComponent";
let logoImage = require('../images/monkey-icon.svg'); let logoImage = require('../images/monkey-icon.svg');
let infectionMonkeyImage = require('../images/infection-monkey.svg'); let infectionMonkeyImage = require('../images/infection-monkey.svg');
@ -85,7 +86,7 @@ class AppComponent extends AuthComponent {
infection_done: false, infection_done: false,
report_done: false, report_done: false,
isLoggedIn: undefined isLoggedIn: undefined
} },
}; };
} }
@ -175,6 +176,7 @@ class AppComponent extends AuthComponent {
<div className="license-link text-center"> <div className="license-link text-center">
<NavLink to="/license">License</NavLink> <NavLink to="/license">License</NavLink>
</div> </div>
<VersionComponent/>
</Col> </Col>
<Col sm={9} md={10} smOffset={3} mdOffset={2} className="main"> <Col sm={9} md={10} smOffset={3} mdOffset={2} className="main">
<Route path='/login' render={(props) => (<LoginPageComponent onStatusChange={this.updateStatus}/>)}/> <Route path='/login' render={(props) => (<LoginPageComponent onStatusChange={this.updateStatus}/>)}/>

190
monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js
View File

@ -1,11 +1,20 @@
import React from 'react'; import React from 'react';
import {Button, Col, Well, Nav, NavItem, Collapse, Form, FormControl, FormGroup} from 'react-bootstrap'; import { css } from '@emotion/core';
import {Button, Col, Well, Nav, NavItem, Collapse} from 'react-bootstrap';
import CopyToClipboard from 'react-copy-to-clipboard'; import CopyToClipboard from 'react-copy-to-clipboard';
import GridLoader from 'react-spinners/GridLoader';
import {Icon} from 'react-fa'; import {Icon} from 'react-fa';
import {Link} from 'react-router-dom'; import {Link} from 'react-router-dom';
import AuthComponent from '../AuthComponent'; import AuthComponent from '../AuthComponent';
import AwsRunTable from "../run-monkey/AwsRunTable"; import AwsRunTable from "../run-monkey/AwsRunTable";
const loading_css_override = css`
display: block;
margin-right: auto;
margin-left: auto;
`;
class RunMonkeyPageComponent extends AuthComponent { class RunMonkeyPageComponent extends AuthComponent {
constructor(props) { constructor(props) {
@ -20,12 +29,12 @@ class RunMonkeyPageComponent extends AuthComponent {
showManual: false, showManual: false,
showAws: false, showAws: false,
isOnAws: false, isOnAws: false,
isAwsAuth: false,
awsUpdateClicked: false, awsUpdateClicked: false,
awsUpdateFailed: false, awsUpdateFailed: false,
awsKeyId: '', awsMachines: [],
awsSecretKey: '', isLoadingAws: true,
awsMachines: [] isErrorWhileCollectingAwsMachines: false,
awsMachineCollectionErrorMsg: ''
}; };
} }
@ -48,13 +57,7 @@ class RunMonkeyPageComponent extends AuthComponent {
}); });
this.fetchAwsInfo(); this.fetchAwsInfo();
this.fetchConfig() this.fetchConfig();
.then(config => {
this.setState({
awsKeyId: config['cnc']['aws_config']['aws_access_key_id'],
awsSecretKey: config['cnc']['aws_config']['aws_secret_access_key']
});
});
this.authFetch('/api/client-monkey') this.authFetch('/api/client-monkey')
.then(res => res.json()) .then(res => res.json())
@ -75,17 +78,29 @@ class RunMonkeyPageComponent extends AuthComponent {
.then(res =>{ .then(res =>{
let is_aws = res['is_aws']; let is_aws = res['is_aws'];
if (is_aws) { if (is_aws) {
this.setState({isOnAws: true, awsMachines: res['instances'], isAwsAuth: res['auth']}); // On AWS!
// Checks if there was an error while collecting the aws machines.
let is_error_while_collecting_aws_machines = (res['error'] != null);
if (is_error_while_collecting_aws_machines) {
// There was an error. Finish loading, and display error message.
this.setState({isOnAws: true, isErrorWhileCollectingAwsMachines: true, awsMachineCollectionErrorMsg: res['error'], isLoadingAws: false});
} else {
// No error! Finish loading and display machines for user
this.setState({isOnAws: true, awsMachines: res['instances'], isLoadingAws: false});
}
} else {
// Not on AWS. Finish loading and don't display the AWS div.
this.setState({isOnAws: false, isLoadingAws: false});
} }
}); });
} }
generateLinuxCmd(ip, is32Bit) { static generateLinuxCmd(ip, is32Bit) {
let bitText = is32Bit ? '32' : '64'; let bitText = is32Bit ? '32' : '64';
return `wget --no-check-certificate https://${ip}:5000/api/monkey/download/monkey-linux-${bitText}; chmod +x monkey-linux-${bitText}; ./monkey-linux-${bitText} m0nk3y -s ${ip}:5000` return `wget --no-check-certificate https://${ip}:5000/api/monkey/download/monkey-linux-${bitText}; chmod +x monkey-linux-${bitText}; ./monkey-linux-${bitText} m0nk3y -s ${ip}:5000`
} }
generateWindowsCmd(ip, is32Bit) { static generateWindowsCmd(ip, is32Bit) {
let bitText = is32Bit ? '32' : '64'; let bitText = is32Bit ? '32' : '64';
return `powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/monkey-windows-${bitText}.exe','.\\monkey.exe'); ;Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`; return `powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/monkey-windows-${bitText}.exe','.\\monkey.exe'); ;Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`;
} }
@ -118,9 +133,9 @@ class RunMonkeyPageComponent extends AuthComponent {
let is32Bit = (this.state.selectedOs.split('-')[1] === '32'); let is32Bit = (this.state.selectedOs.split('-')[1] === '32');
let cmdText = ''; let cmdText = '';
if (isLinux) { if (isLinux) {
cmdText = this.generateLinuxCmd(this.state.selectedIp, is32Bit); cmdText = RunMonkeyPageComponent.generateLinuxCmd(this.state.selectedIp, is32Bit);
} else { } else {
cmdText = this.generateWindowsCmd(this.state.selectedIp, is32Bit); cmdText = RunMonkeyPageComponent.generateWindowsCmd(this.state.selectedIp, is32Bit);
} }
return ( return (
<Well key={'cmdDiv'+this.state.selectedIp} className="well-sm" style={{'margin': '0.5em'}}> <Well key={'cmdDiv'+this.state.selectedIp} className="well-sm" style={{'margin': '0.5em'}}>
@ -148,7 +163,7 @@ class RunMonkeyPageComponent extends AuthComponent {
}); });
}; };
renderIconByState(state) { static renderIconByState(state) {
if (state === 'running') { if (state === 'running') {
return <Icon name="check" className="text-success" style={{'marginLeft': '5px'}}/> return <Icon name="check" className="text-success" style={{'marginLeft': '5px'}}/>
} else if (state === 'installing') { } else if (state === 'installing') {
@ -204,19 +219,6 @@ class RunMonkeyPageComponent extends AuthComponent {
}); });
}); });
}; };
updateAwsKeyId = (evt) => {
this.setState({
awsKeyId: evt.target.value
});
};
updateAwsSecretKey = (evt) => {
this.setState({
awsSecretKey: evt.target.value
});
};
fetchConfig() { fetchConfig() {
return this.authFetch('/api/configuration/island') return this.authFetch('/api/configuration/island')
.then(res => res.json()) .then(res => res.json())
@ -224,41 +226,6 @@ class RunMonkeyPageComponent extends AuthComponent {
return res.configuration; return res.configuration;
}) })
} }
updateAwsKeys = () => {
this.setState({
awsUpdateClicked: true,
awsUpdateFailed: false
});
this.fetchConfig()
.then(config => {
let new_config = config;
new_config['cnc']['aws_config']['aws_access_key_id'] = this.state.awsKeyId;
new_config['cnc']['aws_config']['aws_secret_access_key'] = this.state.awsSecretKey;
return new_config;
})
.then(new_config => {
this.authFetch('/api/configuration/island',
{
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify(new_config)
})
.then(res => res.json())
.then(res => {
this.fetchAwsInfo()
.then(res => {
if (!this.state.isAwsAuth) {
this.setState({
awsUpdateClicked: false,
awsUpdateFailed: true
})
}
});
});
});
};
instanceIdToInstance = (instance_id) => { instanceIdToInstance = (instance_id) => {
let instance = this.state.awsMachines.find( let instance = this.state.awsMachines.find(
function (inst) { function (inst) {
@ -268,9 +235,15 @@ class RunMonkeyPageComponent extends AuthComponent {
}; };
renderAuthAwsDiv() { renderAwsMachinesDiv() {
return ( return (
<div style={{'marginBottom': '2em'}}> <div style={{'marginBottom': '2em'}}>
<div style={{'marginTop': '1em', 'marginBottom': '1em'}}>
<p className="alert alert-info">
<i className="glyphicon glyphicon-info-sign" style={{'marginRight': '5px'}}/>
Not sure what this is? Not seeing your AWS EC2 instances? <a href="https://github.com/guardicore/monkey/wiki/Monkey-Island:-Running-the-monkey-on-AWS-EC2-instances">Read the documentation</a>!
</p>
</div>
{ {
this.state.ips.length > 1 ? this.state.ips.length > 1 ?
<Nav bsStyle="pills" justified activeKey={this.state.selectedIp} onSelect={this.setSelectedIp} <Nav bsStyle="pills" justified activeKey={this.state.selectedIp} onSelect={this.setSelectedIp}
@ -296,60 +269,6 @@ class RunMonkeyPageComponent extends AuthComponent {
</div> </div>
) )
} }
renderNotAuthAwsDiv() {
return (
<div style={{'marginBottom': '2em'}}>
<p style={{'fontSize': '1.2em'}}>
You haven't set your AWS account details or they're incorrect. Please enter them below to proceed.
</p>
<div style={{'marginTop': '1em'}}>
<div className="col-sm-12">
<div className="col-sm-6 col-sm-offset-3" style={{'fontSize': '1.2em'}}>
<div className="panel panel-default">
<div className="panel-body">
<div className="input-group center-block text-center">
<input type="text" className="form-control" placeholder="AWS Access Key ID"
value={this.state.awsKeyId}
onChange={evt => this.updateAwsKeyId(evt)}/>
<input type="text" className="form-control" placeholder="AWS Secret Access Key"
value={this.state.awsSecretKey}
onChange={evt => this.updateAwsSecretKey(evt)}/>
<Button
onClick={this.updateAwsKeys}
className={'btn btn-default btn-md center-block'}
disabled={this.state.awsUpdateClicked}
variant="primary">
Update AWS details
{ this.state.awsUpdateClicked ? <Icon name="refresh" className="text-success" style={{'marginLeft': '5px'}}/> : null }
</Button>
</div>
</div>
</div>
</div>
<div className="col-sm-8 col-sm-offset-2" style={{'fontSize': '1.2em'}}>
<p className="alert alert-info">
<i className="glyphicon glyphicon-info-sign" style={{'marginRight': '5px'}}/>
In order to remotely run commands on AWS EC2 instances, please make sure you have
the <a href="https://docs.aws.amazon.com/console/ec2/run-command/prereqs" target="_blank">prerequisites</a> and if the
instances don't show up, check the
AWS <a href="https://docs.aws.amazon.com/console/ec2/run-command/troubleshooting" target="_blank">troubleshooting guide</a>.
</p>
</div>
{
this.state.awsUpdateFailed ?
<div className="col-sm-8 col-sm-offset-2" style={{'fontSize': '1.2em'}}>
<p className="alert alert-danger" role="alert">Authentication failed.</p>
</div>
:
null
}
</div>
</div>
</div>
)
}
render() { render() {
return ( return (
<Col xs={12} lg={8}> <Col xs={12} lg={8}>
@ -364,7 +283,7 @@ class RunMonkeyPageComponent extends AuthComponent {
disabled={this.state.runningOnIslandState !== 'not_running'} disabled={this.state.runningOnIslandState !== 'not_running'}
> >
Run on Monkey Island Server Run on Monkey Island Server
{ this.renderIconByState(this.state.runningOnIslandState) } { RunMonkeyPageComponent.renderIconByState(this.state.runningOnIslandState) }
</button> </button>
{ {
// TODO: implement button functionality // TODO: implement button functionality
@ -412,6 +331,21 @@ class RunMonkeyPageComponent extends AuthComponent {
{this.generateCmdDiv()} {this.generateCmdDiv()}
</div> </div>
</Collapse> </Collapse>
{
this.state.isLoadingAws ?
<p style={{'marginBottom': '2em', 'align': 'center'}}>
<div className='sweet-loading'>
<GridLoader
css={loading_css_override}
sizeUnit={"px"}
size={30}
color={'#ffcc00'}
loading={this.state.loading}
/>
</div>
</p>
: null
}
{ {
this.state.isOnAws ? this.state.isOnAws ?
<p className="text-center"> <p className="text-center">
@ -432,7 +366,17 @@ class RunMonkeyPageComponent extends AuthComponent {
} }
<Collapse in={this.state.showAws}> <Collapse in={this.state.showAws}>
{ {
this.state.isAwsAuth ? this.renderAuthAwsDiv() : this.renderNotAuthAwsDiv() this.state.isErrorWhileCollectingAwsMachines ?
<div style={{'marginTop': '1em'}}>
<p class="alert alert-danger">
<i className="glyphicon glyphicon-warning-sign" style={{'marginRight': '5px'}}/>
Error while collecting AWS machine data. Error message: <code>{this.state.awsMachineCollectionErrorMsg}</code><br/>
Are you sure you've set the correct role on your Island AWS machine?<br/>
Not sure what this is? <a href="https://github.com/guardicore/monkey/wiki/Monkey-Island:-Running-the-monkey-on-AWS-EC2-instances">Read the documentation</a>!
</p>
</div>
:
this.renderAwsMachinesDiv()
} }
</Collapse> </Collapse>

46
monkey/monkey_island/cc/ui/src/components/side-menu/VersionComponent.js Normal file
View File

@ -0,0 +1,46 @@
import React from 'react';
import {Icon} from 'react-fa';
class VersionComponent extends React.Component {
constructor(props) {
super(props);
this.state = {
currentVersion: undefined,
newerVersion: undefined,
downloadLink: undefined
}
}
componentDidMount() {
fetch('/api/version-update') // This is not authenticated on purpose
.then(res => res.json())
.then(res => {
this.setState({
currentVersion: res['current_version'],
newerVersion: res['newer_version'],
downloadLink: res['download_link'],
});
});
}
render() {
return (
<div className="version-text text-center">
Infection Monkey Version: {this.state.currentVersion}
{
this.state.newerVersion ?
<div>
<b>Newer version available!</b>
<br/>
<b><a target="_blank" href={this.state.downloadLink}>Download here <Icon name="download"/></a></b>
</div>
:
undefined
}
</div>
);
}
}
export default VersionComponent;

10
monkey/monkey_island/cc/ui/src/styles/App.css
View File

@ -529,3 +529,13 @@ body {
text-align: center; text-align: center;
margin-bottom: 20px; margin-bottom: 20px;
} }
.version-text {
font-size: 0.9em;
position: absolute;
bottom: 5px;
left: 0;
right: 0;
margin-left: auto;
margin-right: auto;
}

2
monkey/monkey_island/deb-package/DEBIAN/control
View File

@ -5,4 +5,4 @@ Homepage: http://www.guardicore.com
Priority: optional Priority: optional
Version: 1.0 Version: 1.0
Description: Guardicore Infection Monkey Island installation package Description: Guardicore Infection Monkey Island installation package
Depends: openssl, python-pip, python-dev, mongodb Depends: openssl, python-pip, python-dev

9
monkey/monkey_island/deb-package/DEBIAN/postinst
View File

@ -9,16 +9,15 @@ pip2 install virtualenv --no-index --find-links file://$INSTALLATION_FOLDER
virtualenv -p python2.7 ${PYTHON_FOLDER} virtualenv -p python2.7 ${PYTHON_FOLDER}
# install pip requirements # install pip requirements
${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/pip_requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER ${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER
# remove installation folder and unnecessary files # remove installation folder and unnecessary files
rm -rf ${INSTALLATION_FOLDER} rm -rf ${INSTALLATION_FOLDER}
rm -f ${MONKEY_FOLDER}/monkey_island/pip_requirements.txt rm -f ${MONKEY_FOLDER}/monkey_island/requirements.txt
cp ${MONKEY_FOLDER}/monkey_island/ubuntu/* /etc/init/
if [ -d "/etc/systemd/network" ]; then if [ -d "/etc/systemd/network" ]; then
cp ${MONKEY_FOLDER}/monkey_island/ubuntu/systemd/*.service /lib/systemd/system/ cp ${MONKEY_FOLDER}/monkey_island/service/systemd/*.service /lib/systemd/system/
chmod +x ${MONKEY_FOLDER}/monkey_island/ubuntu/systemd/start_server.sh chmod +x ${MONKEY_FOLDER}/monkey_island/service/systemd/start_server.sh
systemctl daemon-reload systemctl daemon-reload
systemctl enable monkey-island systemctl enable monkey-island
fi fi

35
monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst Normal file
View File

@ -0,0 +1,35 @@
#!/bin/bash
MONKEY_FOLDER=/var/monkey
INSTALLATION_FOLDER=/var/monkey/monkey_island/installation
PYTHON_FOLDER=/var/monkey/monkey_island/bin/python
# Prepare python virtualenv
pip2 install virtualenv --no-index --find-links file://$INSTALLATION_FOLDER
virtualenv -p python2.7 ${PYTHON_FOLDER}
# install pip requirements
${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER
# remove installation folder and unnecessary files
rm -rf ${INSTALLATION_FOLDER}
rm -f ${MONKEY_FOLDER}/monkey_island/requirements.txt
${MONKEY_FOLDER}/monkey_island/install_mongo.sh ${MONKEY_FOLDER}/monkey_island/bin/mongodb
if [ -d "/etc/systemd/network" ]; then
cp ${MONKEY_FOLDER}/monkey_island/service/systemd/*.service /lib/systemd/system/
chmod +x ${MONKEY_FOLDER}/monkey_island/service/systemd/start_server.sh
systemctl daemon-reload
systemctl enable monkey-mongo
systemctl enable monkey-island
fi
${MONKEY_FOLDER}/monkey_island/create_certificate.sh
service monkey-island start
service monkey-mongo start
echo Monkey Island installation ended
exit 0

11
monkey/monkey_island/deb-package/DEBIAN_MONGO/prerm Normal file
View File

@ -0,0 +1,11 @@
#!/bin/sh
service monkey-island stop || true
service monkey-mongo stop || true
[ -f "/lib/systemd/system/monkey-island.service" ] && rm -f /lib/systemd/system/monkey-island.service
[ -f "/lib/systemd/system/monkey-mongo.service" ] && rm -f /lib/systemd/system/monkey-mongo.service
rm -r -f /var/monkey
exit 0

19
monkey/monkey_island/deb-package/monkey_island_pip_requirements.txt
View File

@ -1,19 +0,0 @@
python-dateutil
tornado
werkzeug
jinja2
markupsafe
itsdangerous
click
flask
Flask-Pymongo
Flask-Restful
Flask-JWT
jsonschema
netifaces
ipaddress
enum34
pycryptodome
boto3
awscli
virtualenv

2
monkey/monkey_island/linux/ubuntu/systemd/monkey-island.service → monkey/monkey_island/deb-package/service/systemd/monkey-island.service
View File

@ -4,7 +4,7 @@ After=network.target
[Service] [Service]
Type=simple Type=simple
ExecStart=/var/monkey/monkey_island/ubuntu/systemd/start_server.sh ExecStart=/var/monkey/monkey_island/service/systemd/start_server.sh
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

0
monkey/monkey_island/linux/ubuntu/systemd/start_server.sh → monkey/monkey_island/deb-package/service/systemd/start_server.sh
View File

11
monkey/monkey_island/deb-package/service_mongo/systemd/monkey-island.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Monkey Island Service
Wants=monkey-mongo.service
After=network.target
[Service]
Type=simple
ExecStart=/var/monkey/monkey_island/service/systemd/start_server.sh
[Install]
WantedBy=multi-user.target

12
monkey/monkey_island/deb-package/service_mongo/systemd/monkey-mongo.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Monkey Island Mongo Service
After=network.target
[Service]
ExecStart=/var/monkey/monkey_island/bin/mongodb/bin/mongod --quiet --dbpath /var/monkey/monkey_island/db
KillMode=process
Restart=always
ExecStop=/var/monkey/monkey_island/bin/mongodb/bin/mongod --shutdown
[Install]
WantedBy=multi-user.target

39
monkey/monkey_island/linux/install_mongo.sh Executable file
View File

@ -0,0 +1,39 @@
#!/bin/bash
export os_version_monkey=$(cat /etc/issue)
MONGODB_DIR=$1 # If using deb, this should be: /var/monkey/monkey_island/bin/mongodb
if [[ ${os_version_monkey} == "Ubuntu 16.04"* ]] ;
then
echo Detected Ubuntu 16.04
export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-3.6.12.tgz"
elif [[ ${os_version_monkey} == "Ubuntu 18.04"* ]] ;
then
echo Detected Ubuntu 18.04
export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.0.8.tgz"
elif [[ ${os_version_monkey} == "Debian GNU/Linux 8"* ]] ;
then
echo Detected Debian 8
export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-debian81-3.6.12.tgz"
elif [[ ${os_version_monkey} == "Debian GNU/Linux 9"* ]] ;
then
echo Detected Debian 9
export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-debian92-3.6.12.tgz"
else
echo Unsupported OS
exit -1
fi
TEMP_MONGO=$(mktemp -d)
pushd ${TEMP_MONGO}
wget ${tgz_url} -O mongodb.tgz
tar -xf mongodb.tgz
popd
mkdir -p ${MONGODB_DIR}/bin
cp ${TEMP_MONGO}/mongodb-*/bin/mongod ${MONGODB_DIR}/bin/mongod
cp ${TEMP_MONGO}/mongodb-*/LICENSE-Community.txt ${MONGODB_DIR}/
chmod a+x ${MONGODB_DIR}/bin/mongod
rm -r ${TEMP_MONGO}
exit 0

18
monkey/monkey_island/linux/ubuntu/monkey-island.conf
View File

@ -1,18 +0,0 @@
description "Monkey Island Service"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit unlimited
script
chdir /var/monkey
exec monkey_island/bin/python/bin/python monkey_island.py
end script
post-stop script
if [ -n $UPSTART_EVENTS ]; then
exec sleep 2
fi
end script

8
monkey/monkey_island/readme.txt
View File

@ -65,12 +65,8 @@ How to run:
4. Setup MongoDB (Use one of the two following options): 4. Setup MongoDB (Use one of the two following options):
4.a. Download MongoDB and extract it to /var/monkey_island/bin/mongodb 4.a. Download MongoDB and extract it to /var/monkey_island/bin/mongodb
for debian64 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz 4.a.1. Run '/var/monkey_island/linux/install_mongo.sh /var/monkey_island/bin/mongodb'
for ubuntu64 16.10 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz This will download and extract the relevant mongoDB for your OS.
find more at - https://www.mongodb.org/downloads#production
untar.gz with: tar -zxvf filename.tar.gz -C /var/monkey_island/bin/mongodb
(make sure the content of the mongo folder is in this directory, meaning this path exists:
/var/monkey_island/bin/mongodb/bin)
OR OR
4.b. Use already running instance of mongodb 4.b. Use already running instance of mongodb
4.b.1. Run 'set MONKEY_MONGO_URL="mongodb://<SERVER ADDR>:27017/monkeyisland"'. Replace '<SERVER ADDR>' with address of mongo server 4.b.1. Run 'set MONKEY_MONGO_URL="mongodb://<SERVER ADDR>:27017/monkeyisland"'. Replace '<SERVER ADDR>' with address of mongo server

11
monkey/monkey_island/requirements.txt
View File

@ -1,5 +1,6 @@
bson
python-dateutil python-dateutil
tornado tornado==5.1.1
werkzeug werkzeug
jinja2 jinja2
markupsafe markupsafe
@ -9,10 +10,16 @@ flask
Flask-Pymongo Flask-Pymongo
Flask-Restful Flask-Restful
Flask-JWT Flask-JWT
jsonschema jsonschema==2.6.0
netifaces netifaces
ipaddress ipaddress
enum34 enum34
pycryptodome pycryptodome
boto3 boto3
botocore
PyInstaller
awscli awscli
cffi
virtualenv
wheel
requests

2
monkey/monkey_island/windows/run_mongodb.bat
View File

@ -1,3 +1,3 @@
REM - Runs MongoDB Server - REM - Runs MongoDB Server -
@title MongoDB @title MongoDB
@bin\mongodb\mongod.exe --dbpath db @bin\mongodb\mongod.exe --dbpath db --bind_ip 127.0.0.1