Merge remote-tracking branch 'upstream/develop' into attack_configuration

# Conflicts: # monkey/monkey_island/cc/app.py # monkey/monkey_island/cc/server_config.json # monkey/monkey_island/cc/ui/package-lock.json # monkey/monkey_island/cc/ui/package.json # monkey/monkey_island/cc/ui/src/styles/App.css # monkey/monkey_island/requirements.txt
2019-05-22 09:15:10 +03:00 · 2019-05-22 09:15:10 +03:00 · 6c97b44b69
parent 07db38a130 353ad6529d
commit 6c97b44b69
50 changed files with 4817 additions and 4770 deletions
--- a/.gitignore
+++ b/.gitignore
@ -82,4 +82,5 @@ MonkeyZoo/*
 !MonkeyZoo/config.tf
 !MonkeyZoo/MonkeyZooDocs.pdf
-
+# vim swap files
 *.swp
--- a/deployment_scripts/deploy_linux.sh
+++ b/deployment_scripts/deploy_linux.sh
@ -81,33 +81,15 @@ wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_64_BINARY_URL}
 # Allow them to be executed
 chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_32_BINARY_NAME"
 chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME"
-chmod a+x "$ISLAND_BINARIES_PATH/$WINDOWS_32_BINARY_NAME"
+
 chmod a+x "$ISLAND_BINARIES_PATH/$WINDOWS_64_BINARY_NAME"
 # Get machine type/kernel version
 kernel=`uname -m`
 linux_dist=`lsb_release -a 2> /dev/null`
 # If a user haven't installed mongo manually check if we can install it with our script
-if [[ ! -f "$MONGO_BIN_PATH/mongod" ]] && { [[ ${kernel} != "x86_64" ]] || \
+log_message "Installing MongoDB"
-   { [[ ${linux_dist} != *"Debian"* ]] && [[ ${linux_dist} != *"Ubuntu"* ]]; }; }; then
+${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_BIN_PATH} || handle_error
    echo "Script does not support your operating system for mongodb installation.
    Reference monkey island readme and install it manually"
    exit 1
 fi
 # Download mongo
 if [[ ! -f "$MONGO_BIN_PATH/mongod" ]]; then
    log_message "Downloading mongodb"
    if [[ ${linux_dist} == *"Debian"* ]]; then
        wget -c -N -O "/tmp/mongo.tgz" ${MONGO_DEBIAN_URL}
    elif [[ ${linux_dist} == *"Ubuntu"* ]]; then
        wget -c -N -O "/tmp/mongo.tgz" ${MONGO_UBUNTU_URL}
    fi
    tar --strip 2 --wildcards -C ${MONGO_BIN_PATH} -zxvf /tmp/mongo.tgz mongo*/bin/* || handle_error
 else
    log_message "Mongo db already installed"
 fi
 log_message "Installing openssl"
 sudo apt-get install openssl
--- a/envs/monkey_zoo/docs/fullDocs.md
+++ b/envs/monkey_zoo/docs/fullDocs.md
@ -719,19 +719,18 @@ fullTest.conf is a good config to start, because it covers all machines.
 </tr>
 <tr class="even">
 <td>Server’s config:</td>
-<td><p>xp_cmdshell feature enabled in MSSQL server</p>
+<td><p>xp_cmdshell feature enabled in MSSQL server</p></td>
 <p>Server’s creds (sa): admin, }8Ys#"</p></td>
 </tr>
 <tr class="odd">
 <td>SQL server auth. creds:</td>
 <td><p>m0nk3y : Xk8VDTsC</p></td>
 </tr>
 <tr class="even">
 <td>Notes:</td>
 <td><p>Enabled SQL server browser service</p>
 <p><a href="https://docs.microsoft.com/en-us/sql/relational-databases/lesson-2-connecting-from-another-computer?view=sql-server-2017">Enabled remote connections</a></p>
 <p><a href="https://support.plesk.com/hc/en-us/articles/213397429-How-to-change-a-password-for-the-sa-user-in-MS-SQL-">Changed default password</a></p></td>
 </tr>
 <tr class="even">
 <td></td>
 <td></td>
 </tr>
 </tbody>
 </table>
--- a/monkey/common/cloud/aws_instance.py
+++ b/monkey/common/cloud/aws_instance.py
@ -1,22 +1,48 @@
 import json
 import re
 import urllib2
 import logging
 __author__ = 'itay.mizeretz'
 AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS = "169.254.169.254"
 AWS_LATEST_METADATA_URI_PREFIX = 'http://{0}/latest/'.format(AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS)
 ACCOUNT_ID_KEY = "accountId"
 logger = logging.getLogger(__name__)
 class AwsInstance(object):
    """
    Class which gives useful information about the current instance you're on.
    """
    def __init__(self):
        self.instance_id = None
        self.region = None
        self.account_id = None
        try:
-            self.instance_id = urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id', timeout=2).read()
+            self.instance_id = urllib2.urlopen(
                AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read()
            self.region = self._parse_region(
-                urllib2.urlopen('http://169.254.169.254/latest/meta-data/placement/availability-zone').read())
+                urllib2.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read())
-        except urllib2.URLError:
+        except urllib2.URLError as e:
-            self.instance_id = None
+            logger.warning("Failed init of AwsInstance while getting metadata: {}".format(e.message))
-            self.region = None
+
        try:
            self.account_id = self._extract_account_id(
                urllib2.urlopen(
                    AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read())
        except urllib2.URLError as e:
            logger.warning("Failed init of AwsInstance while getting dynamic instance data: {}".format(e.message))
    @staticmethod
    def _parse_region(region_url_response):
-        # For a list of regions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
+        # For a list of regions, see:
        # https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
        # This regex will find any AWS region format string in the response.
        re_phrase = r'((?:us|eu|ap|ca|cn|sa)-[a-z]*-[0-9])'
        finding = re.findall(re_phrase, region_url_response, re.IGNORECASE)
@ -33,3 +59,21 @@ class AwsInstance(object):
    def is_aws_instance(self):
        return self.instance_id is not None
    @staticmethod
    def _extract_account_id(instance_identity_document_response):
        """
        Extracts the account id from the dynamic/instance-identity/document metadata path.
        Based on https://forums.aws.amazon.com/message.jspa?messageID=409028 which has a few more solutions,
        in case Amazon break this mechanism.
        :param instance_identity_document_response: json returned via the web page ../dynamic/instance-identity/document
        :return: The account id
        """
        return json.loads(instance_identity_document_response)[ACCOUNT_ID_KEY]
    def get_account_id(self):
        """
        :return:    the AWS account ID which "owns" this instance.
        See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
        """
        return self.account_id
--- a/monkey/common/cloud/aws_service.py
+++ b/monkey/common/cloud/aws_service.py
@ -1,23 +1,44 @@
 import logging
 import boto3
 import botocore
 from botocore.exceptions import ClientError
-__author__ = 'itay.mizeretz'
+from common.cloud.aws_instance import AwsInstance
 __author__ = ['itay.mizeretz', 'shay.nehmad']
 INSTANCE_INFORMATION_LIST_KEY = 'InstanceInformationList'
 INSTANCE_ID_KEY = 'InstanceId'
 COMPUTER_NAME_KEY = 'ComputerName'
 PLATFORM_TYPE_KEY = 'PlatformType'
 IP_ADDRESS_KEY = 'IPAddress'
 logger = logging.getLogger(__name__)
 def filter_instance_data_from_aws_response(response):
    return [{
        'instance_id': x[INSTANCE_ID_KEY],
        'name': x[COMPUTER_NAME_KEY],
        'os': x[PLATFORM_TYPE_KEY].lower(),
        'ip_address': x[IP_ADDRESS_KEY]
    } for x in response[INSTANCE_INFORMATION_LIST_KEY]]
 class AwsService(object):
    """
-    Supplies various AWS services
+    A wrapper class around the boto3 client and session modules, which supplies various AWS services.
    This class will assume:
        1. That it's running on an EC2 instance
        2. That the instance is associated with the correct IAM role. See
        https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#iam-role for details.
    """
    access_key_id = None
    secret_access_key = None
    region = None
    @staticmethod
    def set_auth_params(access_key_id, secret_access_key):
        AwsService.access_key_id = access_key_id
        AwsService.secret_access_key = secret_access_key
    @staticmethod
    def set_region(region):
        AwsService.region = region
@ -26,15 +47,11 @@ class AwsService(object):
    def get_client(client_type, region=None):
        return boto3.client(
            client_type,
            aws_access_key_id=AwsService.access_key_id,
            aws_secret_access_key=AwsService.secret_access_key,
            region_name=region if region is not None else AwsService.region)
    @staticmethod
    def get_session():
-        return boto3.session.Session(
+        return boto3.session.Session()
            aws_access_key_id=AwsService.access_key_id,
            aws_secret_access_key=AwsService.secret_access_key)
    @staticmethod
    def get_regions():
@ -50,14 +67,22 @@ class AwsService(object):
    @staticmethod
    def get_instances():
-        return \
+        """
-            [
+        Get the information for all instances with the relevant roles.
                {
                    'instance_id': x['InstanceId'],
                    'name': x['ComputerName'],
                    'os': x['PlatformType'].lower(),
                    'ip_address': x['IPAddress']
                }
                for x in AwsService.get_client('ssm').describe_instance_information()['InstanceInformationList']
            ]
        This function will assume that it's running on an EC2 instance with the correct IAM role.
        See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#iam-role for details.
        :raises: botocore.exceptions.ClientError if can't describe local instance information.
        :return: All visible instances from this instance
        """
        current_instance = AwsInstance()
        local_ssm_client = boto3.client("ssm", current_instance.get_region())
        try:
            response = local_ssm_client.describe_instance_information()
            filtered_instances_data = filter_instance_data_from_aws_response(response)
            return filtered_instances_data
        except botocore.exceptions.ClientError as e:
            logger.warning("AWS client error while trying to get instances: " + e.message)
            raise e
--- a/monkey/common/cloud/test_filter_instance_data_from_aws_response.py
+++ b/monkey/common/cloud/test_filter_instance_data_from_aws_response.py
@ -0,0 +1,59 @@
 from unittest import TestCase
 from aws_service import filter_instance_data_from_aws_response
 import json
 __author__ = 'shay.nehmad'
 class TestFilter_instance_data_from_aws_response(TestCase):
    def test_filter_instance_data_from_aws_response(self):
        json_response_full = """
        {
            "InstanceInformationList": [ 
                { 
                     "ActivationId": "string",
                     "AgentVersion": "string",
                     "AssociationOverview": { 
                        "DetailedStatus": "string",
                        "InstanceAssociationStatusAggregatedCount": { 
                           "string" : 6 
                        }
                     },
                     "AssociationStatus": "string",
                     "ComputerName": "string",
                     "IamRole": "string",
                     "InstanceId": "string",
                     "IPAddress": "string",
                     "IsLatestVersion": "True",
                     "LastAssociationExecutionDate": 6,
                     "LastPingDateTime": 6,
                     "LastSuccessfulAssociationExecutionDate": 6,
                     "Name": "string",
                     "PingStatus": "string",
                     "PlatformName": "string",
                     "PlatformType": "string",
                     "PlatformVersion": "string",
                     "RegistrationDate": 6,
                     "ResourceType": "string"
                }
            ],
           "NextToken": "string"
        }
        """
        json_response_empty = """
            {
                "InstanceInformationList": [],
                "NextToken": "string"
            }
            """
        self.assertEqual(filter_instance_data_from_aws_response(json.loads(json_response_empty)), [])
        self.assertEqual(
            filter_instance_data_from_aws_response(json.loads(json_response_full)),
            [{'instance_id': u'string',
              'ip_address': u'string',
              'name': u'string',
              'os': u'string'}])
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@ -157,7 +157,7 @@ class Configuration(object):
    retry_failed_explotation = True
    # addresses of internet servers to ping and check if the monkey has internet acccess.
-    internet_services = ["monkey.guardicore.com", "www.google.com"]
+    internet_services = ["updates.infectionmonkey.com", "www.google.com"]
    keep_tunnel_open_time = 60
--- a/monkey/infection_monkey/control.py
+++ b/monkey/infection_monkey/control.py
@ -9,7 +9,7 @@ from requests.exceptions import ConnectionError
 import infection_monkey.monkeyfs as monkeyfs
 import infection_monkey.tunnel as tunnel
 from infection_monkey.config import WormConfiguration, GUID
-from infection_monkey.network.info import local_ips, check_internet_access
+from infection_monkey.network.info import local_ips, check_internet_access, TIMEOUT
 from infection_monkey.transport.http import HTTPConnectProxy
 from infection_monkey.transport.tcp import TcpProxy
@ -19,9 +19,6 @@ requests.packages.urllib3.disable_warnings()
 LOG = logging.getLogger(__name__)
 DOWNLOAD_CHUNK = 1024
 # random number greater than 5,
 # to prevent the monkey from just waiting forever to try and connect to an island before going elsewhere.
 TIMEOUT = 15
 class ControlClient(object):
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@ -84,7 +84,7 @@ class SSHExploiter(HostExploiter):
                self.report_login_attempt(True, user, curpass)
                break
-            except paramiko.AuthenticationException as exc:
+            except Exception as exc:
                LOG.debug("Error logging into victim %r with user"
                          " %s and password '%s': (%s)", self.host,
                          user, curpass, exc)
--- a/monkey/infection_monkey/exploit/struts2.py
+++ b/monkey/infection_monkey/exploit/struts2.py
@ -7,6 +7,7 @@ import urllib2
 import httplib
 import unicodedata
 import re
 import ssl
 import logging
 from infection_monkey.exploit.web_rce import WebRCE
@ -47,7 +48,7 @@ class Struts2Exploiter(WebRCE):
        headers = {'User-Agent': 'Mozilla/5.0'}
        request = urllib2.Request(url, headers=headers)
        try:
-            return urllib2.urlopen(request).geturl()
+            return urllib2.urlopen(request, context=ssl._create_unverified_context()).geturl()
        except urllib2.URLError:
            LOG.error("Can't reach struts2 server")
            return False
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@ -13,7 +13,7 @@ __author__ = 'VakarisZ'
 LOG = logging.getLogger(__name__)
 # Command used to check if monkeys already exists
 LOOK_FOR_FILE = "ls %s"
-POWERSHELL_NOT_FOUND = "owershell is not recognized"
+POWERSHELL_NOT_FOUND = "powershell is not recognized"
 # Constants used to refer to windows architectures( used in host.os['machine'])
 WIN_ARCH_32 = "32"
 WIN_ARCH_64 = "64"
@ -253,7 +253,7 @@ class WebRCE(HostExploiter):
        if 'No such file' in resp:
            return False
        else:
-            LOG.info("Host %s was already infected under the current configuration, done" % host)
+            LOG.info("Host %s was already infected under the current configuration, done" % str(host))
            return True
    def check_remote_files(self, url):
@ -281,7 +281,7 @@ class WebRCE(HostExploiter):
        """
        ports = self.get_open_service_ports(ports, names)
        if not ports:
-            LOG.info("All default web ports are closed on %r, skipping", host)
+            LOG.info("All default web ports are closed on %r, skipping", str(host))
            return False
        else:
            return ports
--- a/monkey/infection_monkey/exploit/weblogic.py
+++ b/monkey/infection_monkey/exploit/weblogic.py
@ -5,7 +5,7 @@
 # Luffin from Github
 # https://github.com/Luffin/CVE-2017-10271
 # CVE: CVE-2017-10271
-
+from __future__ import print_function
 from requests import post, exceptions
 from infection_monkey.exploit.web_rce import WebRCE
 from infection_monkey.exploit.tools import get_free_tcp_port, get_interface_to_target
--- a/monkey/infection_monkey/main.py
+++ b/monkey/infection_monkey/main.py
@ -13,7 +13,8 @@ from infection_monkey.config import WormConfiguration, EXTERNAL_CONFIG_FILE
 from infection_monkey.dropper import MonkeyDrops
 from infection_monkey.model import MONKEY_ARG, DROPPER_ARG
 from infection_monkey.monkey import InfectionMonkey
-import infection_monkey.post_breach # dummy import for pyinstaller
+# noinspection PyUnresolvedReferences
 import infection_monkey.post_breach  # dummy import for pyinstaller
 __author__ = 'itamar'
@ -23,7 +24,7 @@ LOG_CONFIG = {'version': 1,
              'disable_existing_loggers': False,
              'formatters': {'standard': {
                  'format': '%(asctime)s [%(process)d:%(thread)d:%(levelname)s] %(module)s.%(funcName)s.%(lineno)d: %(message)s'},
-                             },
+              },
              'handlers': {'console': {'class': 'logging.StreamHandler',
                                       'level': 'DEBUG',
                                       'formatter': 'standard'},
@ -70,7 +71,8 @@ def main():
    print("Loaded Configuration: %r" % WormConfiguration.as_dict())
    # Make sure we're not in a machine that has the kill file
-    kill_path = os.path.expandvars(WormConfiguration.kill_file_path_windows) if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
+    kill_path = os.path.expandvars(
        WormConfiguration.kill_file_path_windows) if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
    if os.path.exists(kill_path):
        print("Kill path found, finished run")
        return True
--- a/monkey/infection_monkey/network/info.py
+++ b/monkey/infection_monkey/network/info.py
@ -8,6 +8,10 @@ import itertools
 import netifaces
 from subprocess import check_output
 from random import randint
 import requests
 from requests import ConnectionError
 from common.network.network_range import CidrRange
 try:
@ -16,6 +20,10 @@ except NameError:
    long = int  # Python 3
 # Timeout for monkey connections
 TIMEOUT = 15
 def get_host_subnets():
    """
    Returns a list of subnets visible to host (omitting loopback and auto conf networks)
@ -124,14 +132,18 @@ def get_free_tcp_port(min_range=1000, max_range=65535):
 def check_internet_access(services):
    """
-    Checks if any of the services are accessible, over ICMP
+    Checks if any of the services are accessible, over HTTPS
    :param services: List of IPs/hostnames
    :return: boolean depending on internet access
    """
    ping_str = "-n 1" if sys.platform.startswith("win") else "-c 1"
    for host in services:
-        if os.system("ping " + ping_str + " " + host) == 0:
+        try:
            requests.get("https://%s" % (host,), timeout=TIMEOUT, verify=False)
            return True
        except ConnectionError:
            # Failed connecting
            pass
    return False
--- a/monkey/infection_monkey/transport/http.py
+++ b/monkey/infection_monkey/transport/http.py
@ -170,6 +170,8 @@ class HTTPServer(threading.Thread):
            def report_download(dest=None):
                LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1]))
                self.downloads += 1
                if not self.downloads < self.max_downloads:
                    self.close_connection = 1
        httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
        httpd.timeout = 0.5  # this is irrelevant?
@ -214,6 +216,8 @@ class LockedHTTPServer(threading.Thread):
            def report_download(dest=None):
                LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1]))
                self.downloads += 1
                if not self.downloads < self.max_downloads:
                    self.close_connection = 1
        httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
        self.lock.release()
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@ -28,8 +28,10 @@ from monkey_island.cc.resources.root import Root
 from monkey_island.cc.resources.telemetry import Telemetry
 from monkey_island.cc.resources.telemetry_feed import TelemetryFeed
 from monkey_island.cc.resources.pba_file_download import PBAFileDownload
 from monkey_island.cc.resources.version_update import VersionUpdate
 from monkey_island.cc.services.database import Database
 from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH
 from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
 from monkey_island.cc.resources.pba_file_upload import FileUpload
 from monkey_island.cc.resources.attack_telem import AttackTelem
 from monkey_island.cc.resources.attack_config import AttackConfiguration
@ -83,18 +85,14 @@ def output_json(obj, code, headers=None):
    return resp
-def init_app(mongo_url):
+def init_app_config(app, mongo_url):
    app = Flask(__name__)
    api = flask_restful.Api(app)
    api.representations = {'application/json': output_json}
    app.config['MONGO_URI'] = mongo_url
    app.config['SECRET_KEY'] = str(uuid.getnode())
    app.config['JWT_AUTH_URL_RULE'] = '/api/auth'
    app.config['JWT_EXPIRATION_DELTA'] = env.get_auth_expiration_time()
 def init_app_services(app):
    init_jwt(app)
    mongo.init_app(app)
@ -102,9 +100,16 @@ def init_app(mongo_url):
        database.init()
        Database.init_db()
    # If running on AWS, this will initialize the instance data, which is used "later" in the execution of the island.
    RemoteRunAwsService.init()
 def init_app_url_rules(app):
    app.add_url_rule('/', 'serve_home', serve_home)
    app.add_url_rule('/<path:static_path>', 'serve_static_file', serve_static_file)
 def init_api_resources(api):
    api.add_resource(Root, '/api')
    api.add_resource(Monkey, '/api/monkey', '/api/monkey/', '/api/monkey/<string:guid>')
    api.add_resource(LocalRun, '/api/local-monkey', '/api/local-monkey/')
@ -128,5 +133,18 @@ def init_app(mongo_url):
    api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/')
    api.add_resource(AttackConfiguration, '/api/attack')
    api.add_resource(AttackTelem, '/api/attack/<string:technique>')
    api.add_resource(VersionUpdate, '/api/version-update', '/api/version-update/')
 def init_app(mongo_url):
    app = Flask(__name__)
    api = flask_restful.Api(app)
    api.representations = {'application/json': output_json}
    init_app_config(app, mongo_url)
    init_app_services(app)
    init_app_url_rules(app)
    init_api_resources(api)
    return app
--- a/monkey/monkey_island/cc/environment/init.py
+++ b/monkey/monkey_island/cc/environment/init.py
@ -13,6 +13,7 @@ class Environment(object):
    _MONGO_URL = os.environ.get("MONKEY_MONGO_URL", "mongodb://localhost:27017/monkeyisland")
    _DEBUG_SERVER = False
    _AUTH_EXPIRATION_TIME = timedelta(hours=1)
    _MONKEY_VERSION = "1.6.3"
    def __init__(self):
        self.config = None
@ -37,6 +38,21 @@ class Environment(object):
        h.update(secret)
        return h.hexdigest()
    def get_deployment(self):
        return self._get_from_config('deployment', 'unknown')
    def is_develop(self):
        return self.get_deployment() == 'develop'
    def get_version(self):
        return self._MONKEY_VERSION + ('-dev' if self.is_develop() else '')
    def _get_from_config(self, key, default_value=None):
        val = default_value
        if self.config is not None:
            val = self.config.get(key, val)
        return val
    @abc.abstractmethod
    def get_auth_users(self):
        return
--- a/monkey/monkey_island/cc/environment/environment.py
+++ b/monkey/monkey_island/cc/environment/environment.py
@ -32,6 +32,7 @@ def load_env_from_file():
    config_json = load_server_configuration_from_file()
    return config_json['server_config']
 try:
    config_json = load_server_configuration_from_file()
    __env_type = config_json['server_config']
--- a/monkey/monkey_island/cc/exporter_init.py
+++ b/monkey/monkey_island/cc/exporter_init.py
@ -1,19 +1,19 @@
-from monkey_island.cc.environment.environment import load_env_from_file, AWS
+import logging
 from monkey_island.cc.report_exporter_manager import ReportExporterManager
 from monkey_island.cc.resources.aws_exporter import AWSExporter
 from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
-__author__ = 'maor.rayzin'
+logger = logging.getLogger(__name__)
 def populate_exporter_list():
    manager = ReportExporterManager()
-    if is_aws_exporter_required():
+    RemoteRunAwsService.init()
    if RemoteRunAwsService.is_running_on_aws():
        manager.add_exporter_to_list(AWSExporter)
    if len(manager.get_exporters_list()) != 0:
        logger.debug(
            "Populated exporters list with the following exporters: {0}".format(str(manager.get_exporters_list())))
 def is_aws_exporter_required():
    if str(load_env_from_file()) == AWS:
        return True
    else:
        return False
--- a/monkey/monkey_island/cc/report_exporter_manager.py
+++ b/monkey/monkey_island/cc/report_exporter_manager.py
@ -29,6 +29,7 @@ class ReportExporterManager(object):
    def export(self, report):
        try:
            for exporter in self._exporters_set:
                logger.debug("Trying to export using " + repr(exporter))
                exporter().handle_report(report)
        except Exception as e:
-            logger.exception('Failed to export report')
+            logger.exception('Failed to export report, error: ' + e.message)
--- a/monkey/monkey_island/cc/resources/aws_exporter.py
+++ b/monkey/monkey_island/cc/resources/aws_exporter.py
@ -1,53 +1,42 @@
 import logging
 import uuid
 from datetime import datetime
 import boto3
 from botocore.exceptions import UnknownServiceError
 from monkey_island.cc.resources.exporter import Exporter
 from monkey_island.cc.services.config import ConfigService
 from monkey_island.cc.environment.environment import load_server_configuration_from_file
 from common.cloud.aws_instance import AwsInstance
 from monkey_island.cc.environment.environment import load_server_configuration_from_file
 from monkey_island.cc.resources.exporter import Exporter
-__author__ = 'maor.rayzin'
+__authors__ = ['maor.rayzin', 'shay.nehmad']
 logger = logging.getLogger(__name__)
 AWS_CRED_CONFIG_KEYS = [['cnc', 'aws_config', 'aws_access_key_id'],
                        ['cnc', 'aws_config', 'aws_secret_access_key'],
                        ['cnc', 'aws_config', 'aws_account_id']]
 class AWSExporter(Exporter):
    @staticmethod
    def handle_report(report_json):
-        aws = AwsInstance()
+
        findings_list = []
        issues_list = report_json['recommendations']['issues']
        if not issues_list:
            logger.info('No issues were found by the monkey, no need to send anything')
            return True
        current_aws_region = AwsInstance().get_region()
        for machine in issues_list:
            for issue in issues_list[machine]:
                if issue.get('aws_instance_id', None):
-                    findings_list.append(AWSExporter._prepare_finding(issue, aws.get_region()))
+                    findings_list.append(AWSExporter._prepare_finding(issue, current_aws_region))
-        if not AWSExporter._send_findings(findings_list, AWSExporter._get_aws_keys(), aws.get_region()):
+        if not AWSExporter._send_findings(findings_list, current_aws_region):
            logger.error('Exporting findings to aws failed')
            return False
        return True
    @staticmethod
    def _get_aws_keys():
        creds_dict = {}
        for key in AWS_CRED_CONFIG_KEYS:
            creds_dict[key[2]] = str(ConfigService.get_config_value(key))
        return creds_dict
    @staticmethod
    def merge_two_dicts(x, y):
        z = x.copy()  # start with x's keys and values
@ -82,7 +71,8 @@ class AWSExporter(Exporter):
        configured_product_arn = load_server_configuration_from_file()['aws'].get('sec_hub_product_arn', '')
        product_arn = 'arn:aws:securityhub:{region}:{arn}'.format(region=region, arn=configured_product_arn)
        instance_arn = 'arn:aws:ec2:' + str(region) + ':instance:{instance_id}'
-        account_id = AWSExporter._get_aws_keys().get('aws_account_id', '')
+        account_id = AwsInstance().get_account_id()
        logger.debug("aws account id acquired: {}".format(account_id))
        finding = {
            "SchemaVersion": "2018-10-08",
@ -100,27 +90,26 @@ class AWSExporter(Exporter):
        return AWSExporter.merge_two_dicts(finding, findings_dict[issue['type']](issue, instance_arn))
    @staticmethod
-    def _send_findings(findings_list, creds_dict, region):
+    def _send_findings(findings_list, region):
        try:
-            if not creds_dict:
+            logger.debug("Trying to acquire securityhub boto3 client in " + region)
-                logger.info('No AWS access credentials received in configuration')
+            security_hub_client = boto3.client('securityhub', region_name=region)
-                return False
+            logger.debug("Client acquired: {0}".format(repr(security_hub_client)))
-            securityhub = boto3.client('securityhub',
+            # Assumes the machine has the correct IAM role to do this, @see
-                                       aws_access_key_id=creds_dict.get('aws_access_key_id', ''),
+            # https://github.com/guardicore/monkey/wiki/Monkey-Island:-Running-the-monkey-on-AWS-EC2-instances
-                                       aws_secret_access_key=creds_dict.get('aws_secret_access_key', ''),
+            import_response = security_hub_client.batch_import_findings(Findings=findings_list)
-                                       region_name=region)
+            logger.debug("Import findings response: {0}".format(repr(import_response)))
            import_response = securityhub.batch_import_findings(Findings=findings_list)
            if import_response['ResponseMetadata']['HTTPStatusCode'] == 200:
                return True
            else:
                return False
        except UnknownServiceError as e:
-            logger.warning('AWS exporter called but AWS-CLI securityhub service is not installed')
+            logger.warning('AWS exporter called but AWS-CLI securityhub service is not installed. Error: ' + e.message)
            return False
        except Exception as e:
-            logger.exception('AWS security hub findings failed to send.')
+            logger.exception('AWS security hub findings failed to send. Error: ' + e.message)
            return False
    @staticmethod
@ -159,7 +148,7 @@ class AWSExporter(Exporter):
            title="Weak segmentation - Machines were able to communicate over unused ports.",
            description="Use micro-segmentation policies to disable communication other than the required.",
            recommendation="Machines are not locked down at port level. Network tunnel was set up from {0} to {1}"
-                        .format(issue['machine'], issue['dest']),
+                .format(issue['machine'], issue['dest']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -171,9 +160,9 @@ class AWSExporter(Exporter):
            severity=10,
            title="Samba servers are vulnerable to 'SambaCry'",
            description="Change {0} password to a complex one-use password that is not shared with other computers on the network. Update your Samba server to 4.4.14 and up, 4.5.10 and up, or 4.6.4 and up." \
-                        .format(issue['username']),
+                .format(issue['username']),
            recommendation="The machine {0} ({1}) is vulnerable to a SambaCry attack. The Monkey authenticated over the SMB protocol with user {2} and its password, and used the SambaCry vulnerability.".format(
-                            issue['machine'], issue['ip_address'], issue['username']),
+                issue['machine'], issue['ip_address'], issue['username']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -185,9 +174,9 @@ class AWSExporter(Exporter):
            severity=5,
            title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.",
            description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format(
-                    issue['username']),
+                issue['username']),
            recommendation="The machine {0}({1}) is vulnerable to a SMB attack. The Monkey used a pass-the-hash attack over SMB protocol with user {2}.".format(
-                        issue['machine'], issue['ip_address'], issue['username']),
+                issue['machine'], issue['ip_address'], issue['username']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -199,9 +188,9 @@ class AWSExporter(Exporter):
            severity=1,
            title="Machines are accessible using SSH passwords supplied by the user during the Monkey's configuration.",
            description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format(
-                        issue['username']),
+                issue['username']),
            recommendation="The machine {0} ({1}) is vulnerable to a SSH attack. The Monkey authenticated over the SSH protocol with user {2} and its password.".format(
-                            issue['machine'], issue['ip_address'], issue['username']),
+                issue['machine'], issue['ip_address'], issue['username']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -214,7 +203,7 @@ class AWSExporter(Exporter):
            title="Machines are accessible using SSH passwords supplied by the user during the Monkey's configuration.",
            description="Protect {ssh_key} private key with a pass phrase.".format(ssh_key=issue['ssh_key']),
            recommendation="The machine {machine} ({ip_address}) is vulnerable to a SSH attack. The Monkey authenticated over the SSH protocol with private key {ssh_key}.".format(
-                            machine=issue['machine'], ip_address=issue['ip_address'], ssh_key=issue['ssh_key']),
+                machine=issue['machine'], ip_address=issue['ip_address'], ssh_key=issue['ssh_key']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -227,7 +216,7 @@ class AWSExporter(Exporter):
            title="Elastic Search servers are vulnerable to CVE-2015-1427",
            description="Update your Elastic Search server to version 1.4.3 and up.",
            recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427.".format(
-                        issue['machine'], issue['ip_address']),
+                issue['machine'], issue['ip_address']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -243,7 +232,8 @@ class AWSExporter(Exporter):
                        {0} in the networks {1} \
                        could directly access the Monkey Island server in the networks {2}.".format(issue['machine'],
                                                                                                    issue['networks'],
-                                                                                                    issue['server_networks']),
+                                                                                                    issue[
                                                                                                                                   'server_networks']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -269,7 +259,7 @@ class AWSExporter(Exporter):
            description="Update your Bash to a ShellShock-patched version.",
            recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. "
                           "The attack was made possible because the HTTP server running on TCP port {2} was vulnerable to a shell injection attack on the paths: {3}.".format(
-                            issue['machine'], issue['ip_address'], issue['port'], issue['paths']),
+                issue['machine'], issue['ip_address'], issue['port'], issue['paths']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -281,9 +271,9 @@ class AWSExporter(Exporter):
            severity=1,
            title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.",
            description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format(
-                         issue['username']),
+                issue['username']),
            recommendation="The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB protocol with user {2} and its password.".format(
-                            issue['machine'], issue['ip_address'], issue['username']),
+                issue['machine'], issue['ip_address'], issue['username']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -296,7 +286,7 @@ class AWSExporter(Exporter):
            title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.",
            description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.",
            recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey authenticated over the WMI protocol with user {username} and its password.".format(
-                            machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']),
+                machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -308,9 +298,9 @@ class AWSExporter(Exporter):
            severity=1,
            title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.",
            description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format(
-                        issue['username']),
+                issue['username']),
            recommendation="The machine machine ({ip_address}) is vulnerable to a WMI attack. The Monkey used a pass-the-hash attack over WMI protocol with user {username}".format(
-                            machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']),
+                machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -322,9 +312,9 @@ class AWSExporter(Exporter):
            severity=1,
            title="Machines are accessible using passwords supplied by the user during the Monkey's configuration.",
            description="Change {0}'s password to a complex one-use password that is not shared with other computers on the network.".format(
-                         issue['username']),
+                issue['username']),
            recommendation="The machine machine ({ip_address}) is vulnerable to a RDP attack. The Monkey authenticated over the RDP protocol with user {username} and its password.".format(
-                            machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']),
+                machine=issue['machine'], ip_address=issue['ip_address'], username=issue['username']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -337,7 +327,7 @@ class AWSExporter(Exporter):
            title="Multiple users have the same password.",
            description="Some domain users are sharing passwords, this should be fixed by changing passwords.",
            recommendation="These users are sharing access password: {shared_with}.".format(
-                            shared_with=issue['shared_with']),
+                shared_with=issue['shared_with']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -350,7 +340,7 @@ class AWSExporter(Exporter):
            title="Shared local administrator account - Different machines have the same account as a local administrator.",
            description="Make sure the right administrator accounts are managing the right machines, and that there isn\'t an unintentional local admin sharing.",
            recommendation="Here is a list of machines which the account {username} is defined as an administrator: {shared_machines}".format(
-                            username=issue['username'], shared_machines=issue['shared_machines']),
+                username=issue['username'], shared_machines=issue['shared_machines']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -363,7 +353,7 @@ class AWSExporter(Exporter):
            title="Mimikatz found login credentials of a user who has admin access to a server defined as critical.",
            description="This critical machine is open to attacks via strong users with access to it.",
            recommendation="The services: {services} have been found on the machine thus classifying it as a critical machine. These users has access to it:{threatening_users}.".format(
-                            services=issue['services'], threatening_users=issue['threatening_users']),
+                services=issue['services'], threatening_users=issue['threatening_users']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -377,7 +367,7 @@ class AWSExporter(Exporter):
            description="Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.",
            recommendation="Struts2 server at {machine} ({ip_address}) is vulnerable to remote code execution attack."
                           " The attack was made possible because the server is using an old version of Jakarta based file upload Multipart parser.".format(
-                            machine=issue['machine'], ip_address=issue['ip_address']),
+                machine=issue['machine'], ip_address=issue['ip_address']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
@ -392,7 +382,7 @@ class AWSExporter(Exporter):
                        "Vulnerable versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.",
            recommendation="Oracle WebLogic server at {machine} ({ip_address}) is vulnerable to remote code execution attack."
                           " The attack was made possible due to incorrect permission assignment in Oracle Fusion Middleware (subcomponent: WLS Security).".format(
-                            machine=issue['machine'], ip_address=issue['ip_address']),
+                machine=issue['machine'], ip_address=issue['ip_address']),
            instance_arn=instance_arn,
            instance_id=issue['aws_instance_id'] if 'aws_instance_id' in issue else None
        )
--- a/monkey/monkey_island/cc/resources/remote_run.py
+++ b/monkey/monkey_island/cc/resources/remote_run.py
@ -1,4 +1,6 @@
 import json
 from botocore.exceptions import NoCredentialsError, ClientError
 from flask import request, jsonify, make_response
 import flask_restful
@ -6,6 +8,11 @@ from monkey_island.cc.auth import jwt_required
 from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
 from common.cloud.aws_service import AwsService
 CLIENT_ERROR_FORMAT = "ClientError, error message: '{}'. Probably, the IAM role that has been associated with the " \
                      "instance doesn't permit SSM calls. "
 NO_CREDS_ERROR_FORMAT = "NoCredentialsError, error message: '{}'. Probably, no IAM role has been associated with the " \
                        "instance. "
 class RemoteRun(flask_restful.Resource):
    def __init__(self):
@ -24,10 +31,14 @@ class RemoteRun(flask_restful.Resource):
            is_aws = RemoteRunAwsService.is_running_on_aws()
            resp = {'is_aws': is_aws}
            if is_aws:
-                is_auth = RemoteRunAwsService.update_aws_auth_params()
+                try:
                resp['auth'] = is_auth
                if is_auth:
                    resp['instances'] = AwsService.get_instances()
                except NoCredentialsError as e:
                    resp['error'] = NO_CREDS_ERROR_FORMAT.format(e.message)
                    return jsonify(resp)
                except ClientError as e:
                    resp['error'] = CLIENT_ERROR_FORMAT.format(e.message)
                    return jsonify(resp)
            return jsonify(resp)
        return {}
@ -37,11 +48,9 @@ class RemoteRun(flask_restful.Resource):
        body = json.loads(request.data)
        resp = {}
        if body.get('type') == 'aws':
-            is_auth = RemoteRunAwsService.update_aws_auth_params()
+            RemoteRunAwsService.update_aws_region_authless()
-            resp['auth'] = is_auth
+            result = self.run_aws_monkeys(body)
-            if is_auth:
+            resp['result'] = result
                result = self.run_aws_monkeys(body)
                resp['result'] = result
            return jsonify(resp)
        # default action
--- a/monkey/monkey_island/cc/resources/telemetry_feed.py
+++ b/monkey/monkey_island/cc/resources/telemetry_feed.py
@ -54,7 +54,7 @@ class TelemetryFeed(flask_restful.Resource):
    @staticmethod
    def get_state_telem_brief(telem):
        if telem['data']['done']:
-            return '''Monkey finishing it's execution.'''
+            return '''Monkey finishing its execution.'''
        else:
            return 'Monkey started.'
--- a/monkey/monkey_island/cc/resources/version_update.py
+++ b/monkey/monkey_island/cc/resources/version_update.py
@ -0,0 +1,24 @@
 import flask_restful
 import logging
 from monkey_island.cc.environment.environment import env
 from monkey_island.cc.auth import jwt_required
 from monkey_island.cc.services.version_update import VersionUpdateService
 __author__ = 'itay.mizeretz'
 logger = logging.getLogger(__name__)
 class VersionUpdate(flask_restful.Resource):
    def __init__(self):
        super(VersionUpdate, self).__init__()
    # We don't secure this since it doesn't give out any private info and we want UI to know version
    # even when not authenticated
    def get(self):
        return {
            'current_version': env.get_version(),
            'newer_version': VersionUpdateService.get_newer_version(),
            'download_link': VersionUpdateService.get_download_link()
        }
--- a/monkey/monkey_island/cc/server_config.json
+++ b/monkey/monkey_island/cc/server_config.json
@ -1,3 +1,4 @@
 {
-  "server_config": "standard"
+  "server_config": "standard",
  "deployment": "develop"
 }
--- a/monkey/monkey_island/cc/services/config.py
+++ b/monkey/monkey_island/cc/services/config.py
@ -26,14 +26,6 @@ ENCRYPTED_CONFIG_ARRAYS = \
        ['internal', 'exploits', 'exploit_ssh_keys']
    ]
 # This should be used for config values of string type
 ENCRYPTED_CONFIG_STRINGS = \
    [
        ['cnc', 'aws_config', 'aws_access_key_id'],
        ['cnc', 'aws_config', 'aws_account_id'],
        ['cnc', 'aws_config', 'aws_secret_access_key']
    ]
 class ConfigService:
    default_config = None
@ -76,8 +68,6 @@ class ConfigService:
        if should_decrypt:
            if config_key_as_arr in ENCRYPTED_CONFIG_ARRAYS:
                config = [encryptor.dec(x) for x in config]
            elif config_key_as_arr in ENCRYPTED_CONFIG_STRINGS:
                config = encryptor.dec(config)
        return config
    @staticmethod
@ -243,11 +233,8 @@ class ConfigService:
        """
        Same as decrypt_config but for a flat configuration
        """
-        if is_island:
+        keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS]
-            keys = [config_arr_as_array[2] for config_arr_as_array in
+
                    (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS)]
        else:
            keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS]
        for key in keys:
            if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], string_types):
                # Check if we are decrypting ssh key pair
@ -261,7 +248,7 @@ class ConfigService:
    @staticmethod
    def _encrypt_or_decrypt_config(config, is_decrypt=False):
-        for config_arr_as_array in (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS):
+        for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS:
            config_arr = config
            parent_config_arr = None
--- a/monkey/monkey_island/cc/services/config_schema.py
+++ b/monkey/monkey_island/cc/services/config_schema.py
@ -275,8 +275,9 @@ SCHEMA = {
                            "default": [
                            ],
                            "description":
-                                "List of IPs/subnets the monkey should scan."
+                                "List of IPs/subnets/hosts the monkey should scan."
-                                " Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\""
+                                " Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\","
                                " \"printer.example\""
                        }
                    }
                },
@ -722,31 +723,6 @@ SCHEMA = {
                        }
                    }
                },
                'aws_config': {
                    'title': 'AWS Configuration',
                    'type': 'object',
                    'description': 'These credentials will be used in order to export the monkey\'s findings to the AWS Security Hub.',
                    'properties': {
                        'aws_account_id': {
                            'title': 'AWS account ID',
                            'type': 'string',
                            'description': 'Your AWS account ID that is subscribed to security hub feeds',
                            'default': ''
                        },
                        'aws_access_key_id': {
                            'title': 'AWS access key ID',
                            'type': 'string',
                            'description': 'Your AWS public access key ID, can be found in the IAM user interface in the AWS console.',
                            'default': ''
                        },
                        'aws_secret_access_key': {
                            'title': 'AWS secret access key',
                            'type': 'string',
                            'description': 'Your AWS secret access key id, you can get this after creating a public access key in the console.',
                            'default': ''
                        }
                    }
                }
            }
        },
        "exploits": {
--- a/monkey/monkey_island/cc/services/remote_run_aws.py
+++ b/monkey/monkey_island/cc/services/remote_run_aws.py
@ -46,22 +46,12 @@ class RemoteRunAwsService:
        return RemoteRunAwsService.aws_instance.is_aws_instance()
    @staticmethod
-    def update_aws_auth_params():
+    def update_aws_region_authless():
        """
-        Updates the AWS authentication parameters according to config
+        Updates the AWS region without auth params (via IAM role)
        :return: True if new params allow successful authentication. False otherwise
        """
        access_key_id = ConfigService.get_config_value(['cnc', 'aws_config', 'aws_access_key_id'], False, True)
        secret_access_key = ConfigService.get_config_value(['cnc', 'aws_config', 'aws_secret_access_key'], False, True)
        if (access_key_id != AwsService.access_key_id) or (secret_access_key != AwsService.secret_access_key):
            AwsService.set_auth_params(access_key_id, secret_access_key)
            RemoteRunAwsService.is_auth = AwsService.test_client()
        AwsService.set_region(RemoteRunAwsService.aws_instance.region)
        return RemoteRunAwsService.is_auth
    @staticmethod
    def get_bitness(instances):
        """
--- a/monkey/monkey_island/cc/services/version_update.py
+++ b/monkey/monkey_island/cc/services/version_update.py
@ -0,0 +1,57 @@
 import logging
 import requests
 from monkey_island.cc.environment.environment import env
 __author__ = "itay.mizeretz"
 logger = logging.getLogger(__name__)
 class VersionUpdateService:
    VERSION_SERVER_URL_PREF = 'https://updates.infectionmonkey.com'
    VERSION_SERVER_CHECK_NEW_URL = VERSION_SERVER_URL_PREF + '?deployment=%s&monkey_version=%s'
    VERSION_SERVER_DOWNLOAD_URL = VERSION_SERVER_CHECK_NEW_URL + '&is_download=true'
    newer_version = None
    def __init__(self):
        pass
    @staticmethod
    def get_newer_version():
        """
        Checks for newer version if never checked before.
        :return: None if failed checking for newer version, result of '_check_new_version' otherwise
        """
        if VersionUpdateService.newer_version is None:
            try:
                VersionUpdateService.newer_version = VersionUpdateService._check_new_version()
            except Exception:
                logger.exception('Failed updating version number')
        return VersionUpdateService.newer_version
    @staticmethod
    def _check_new_version():
        """
        Checks if newer monkey version is available
        :return: False if not, version in string format ('1.6.2') otherwise
        """
        url = VersionUpdateService.VERSION_SERVER_CHECK_NEW_URL % (env.get_deployment(), env.get_version())
        reply = requests.get(url, timeout=15)
        res = reply.json().get('newer_version', None)
        if res is False:
            return res
        [int(x) for x in res.split('.')]  # raises value error if version is invalid format
        return res
    @staticmethod
    def get_download_link():
        return VersionUpdateService.VERSION_SERVER_DOWNLOAD_URL % (env.get_deployment(), env.get_version())
--- a/monkey/monkey_island/cc/ui/.babelrc
+++ b/monkey/monkey_island/cc/ui/.babelrc
@ -1,4 +1,4 @@
 {
-  "presets": ["es2015", "stage-0", "react"]
+  "presets": ["es2015", "stage-0", "react"],
-
+  "plugins": ["emotion"]
 }
--- a/monkey/monkey_island/cc/ui/package-lock.json
+++ b/monkey/monkey_island/cc/ui/package-lock.json
--- a/monkey/monkey_island/cc/ui/package.json
+++ b/monkey/monkey_island/cc/ui/package.json
@ -64,7 +64,7 @@
    "webpack-dev-server": "^3.1.9"
  },
  "dependencies": {
-    "bootstrap": "3.3.7",
+    "bootstrap": "3.4.1",
    "core-js": "^2.5.7",
    "downloadjs": "^1.4.7",
    "fetch": "^1.1.0",
@ -96,6 +96,8 @@
    "react-tooltip-lite": "^1.9.1",
    "redux": "^4.0.0",
    "sass-loader": "^7.1.0",
-    "sha3": "^2.0.0"
+    "sha3": "^2.0.0",
    "react-spinners": "^0.5.4",
    "@emotion/core": "^10.0.10"
  }
 }
--- a/monkey/monkey_island/cc/ui/src/components/Main.js
+++ b/monkey/monkey_island/cc/ui/src/components/Main.js
@ -20,6 +20,7 @@ import 'react-data-components/css/table-twbs.css';
 import 'styles/App.css';
 import 'react-toggle/style.css';
 import 'react-table/react-table.css';
 import VersionComponent from "./side-menu/VersionComponent";
 let logoImage = require('../images/monkey-icon.svg');
 let infectionMonkeyImage = require('../images/infection-monkey.svg');
@ -85,7 +86,7 @@ class AppComponent extends AuthComponent {
        infection_done: false,
        report_done: false,
        isLoggedIn: undefined
-      }
+      },
    };
  }
@ -175,6 +176,7 @@ class AppComponent extends AuthComponent {
              <div className="license-link text-center">
                <NavLink to="/license">License</NavLink>
              </div>
              <VersionComponent/>
            </Col>
            <Col sm={9} md={10} smOffset={3} mdOffset={2} className="main">
              <Route path='/login' render={(props) => (<LoginPageComponent onStatusChange={this.updateStatus}/>)}/>
--- a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js
@ -1,11 +1,20 @@
 import React from 'react';
-import {Button, Col, Well, Nav, NavItem, Collapse, Form, FormControl, FormGroup} from 'react-bootstrap';
+import { css } from '@emotion/core';
 import {Button, Col, Well, Nav, NavItem, Collapse} from 'react-bootstrap';
 import CopyToClipboard from 'react-copy-to-clipboard';
 import GridLoader from 'react-spinners/GridLoader';
 import {Icon} from 'react-fa';
 import {Link} from 'react-router-dom';
 import AuthComponent from '../AuthComponent';
 import AwsRunTable from "../run-monkey/AwsRunTable";
 const loading_css_override = css`
    display: block;
    margin-right: auto;
    margin-left: auto;
 `;
 class RunMonkeyPageComponent extends AuthComponent {
  constructor(props) {
@ -20,12 +29,12 @@ class RunMonkeyPageComponent extends AuthComponent {
      showManual: false,
      showAws: false,
      isOnAws: false,
      isAwsAuth: false,
      awsUpdateClicked: false,
      awsUpdateFailed: false,
-      awsKeyId: '',
+      awsMachines: [],
-      awsSecretKey: '',
+      isLoadingAws: true,
-      awsMachines: []
+      isErrorWhileCollectingAwsMachines: false,
      awsMachineCollectionErrorMsg: ''
  };
  }
@ -48,13 +57,7 @@ class RunMonkeyPageComponent extends AuthComponent {
      });
    this.fetchAwsInfo();
-    this.fetchConfig()
+    this.fetchConfig();
      .then(config => {
        this.setState({
          awsKeyId: config['cnc']['aws_config']['aws_access_key_id'],
          awsSecretKey: config['cnc']['aws_config']['aws_secret_access_key']
        });
      });
    this.authFetch('/api/client-monkey')
      .then(res => res.json())
@ -75,17 +78,29 @@ class RunMonkeyPageComponent extends AuthComponent {
      .then(res =>{
        let is_aws = res['is_aws'];
        if (is_aws) {
-          this.setState({isOnAws: true, awsMachines: res['instances'], isAwsAuth: res['auth']});
+          // On AWS!
          // Checks if there was an error while collecting the aws machines.
          let is_error_while_collecting_aws_machines = (res['error'] != null);
          if (is_error_while_collecting_aws_machines) {
            // There was an error. Finish loading, and display error message.
            this.setState({isOnAws: true, isErrorWhileCollectingAwsMachines: true, awsMachineCollectionErrorMsg: res['error'], isLoadingAws: false});
          } else {
            // No error! Finish loading and display machines for user
            this.setState({isOnAws: true, awsMachines: res['instances'], isLoadingAws: false});
          }
        } else {
          // Not on AWS. Finish loading and don't display the AWS div.
          this.setState({isOnAws: false, isLoadingAws: false});
        }
      });
  }
-  generateLinuxCmd(ip, is32Bit) {
+  static generateLinuxCmd(ip, is32Bit) {
    let bitText = is32Bit ? '32' : '64';
    return `wget --no-check-certificate https://${ip}:5000/api/monkey/download/monkey-linux-${bitText}; chmod +x monkey-linux-${bitText}; ./monkey-linux-${bitText} m0nk3y -s ${ip}:5000`
  }
-  generateWindowsCmd(ip, is32Bit) {
+  static generateWindowsCmd(ip, is32Bit) {
    let bitText = is32Bit ? '32' : '64';
    return `powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/monkey-windows-${bitText}.exe','.\\monkey.exe'); ;Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`;
  }
@ -118,9 +133,9 @@ class RunMonkeyPageComponent extends AuthComponent {
    let is32Bit = (this.state.selectedOs.split('-')[1] === '32');
    let cmdText = '';
    if (isLinux) {
-      cmdText = this.generateLinuxCmd(this.state.selectedIp, is32Bit);
+      cmdText = RunMonkeyPageComponent.generateLinuxCmd(this.state.selectedIp, is32Bit);
    } else {
-      cmdText = this.generateWindowsCmd(this.state.selectedIp, is32Bit);
+      cmdText = RunMonkeyPageComponent.generateWindowsCmd(this.state.selectedIp, is32Bit);
    }
    return (
      <Well key={'cmdDiv'+this.state.selectedIp} className="well-sm" style={{'margin': '0.5em'}}>
@ -148,7 +163,7 @@ class RunMonkeyPageComponent extends AuthComponent {
    });
  };
-  renderIconByState(state) {
+  static renderIconByState(state) {
    if (state === 'running') {
      return <Icon name="check" className="text-success" style={{'marginLeft': '5px'}}/>
    } else if (state === 'installing') {
@ -204,19 +219,6 @@ class RunMonkeyPageComponent extends AuthComponent {
        });
      });
  };
  updateAwsKeyId = (evt) => {
    this.setState({
      awsKeyId: evt.target.value
    });
  };
  updateAwsSecretKey = (evt) => {
    this.setState({
      awsSecretKey: evt.target.value
    });
  };
  fetchConfig() {
    return this.authFetch('/api/configuration/island')
      .then(res => res.json())
@ -224,41 +226,6 @@ class RunMonkeyPageComponent extends AuthComponent {
        return res.configuration;
      })
  }
  updateAwsKeys = () => {
    this.setState({
      awsUpdateClicked: true,
      awsUpdateFailed: false
    });
    this.fetchConfig()
      .then(config => {
        let new_config = config;
        new_config['cnc']['aws_config']['aws_access_key_id'] = this.state.awsKeyId;
        new_config['cnc']['aws_config']['aws_secret_access_key'] = this.state.awsSecretKey;
        return new_config;
      })
      .then(new_config => {
        this.authFetch('/api/configuration/island',
          {
            method: 'POST',
            headers: {'Content-Type': 'application/json'},
            body: JSON.stringify(new_config)
          })
          .then(res => res.json())
          .then(res => {
            this.fetchAwsInfo()
              .then(res => {
                if (!this.state.isAwsAuth) {
                  this.setState({
                    awsUpdateClicked: false,
                    awsUpdateFailed: true
                  })
                }
              });
          });
      });
  };
  instanceIdToInstance = (instance_id) => {
    let instance = this.state.awsMachines.find(
      function (inst) {
@ -268,9 +235,15 @@ class RunMonkeyPageComponent extends AuthComponent {
  };
-  renderAuthAwsDiv() {
+  renderAwsMachinesDiv() {
    return (
      <div style={{'marginBottom': '2em'}}>
        <div style={{'marginTop': '1em', 'marginBottom': '1em'}}>
          <p className="alert alert-info">
            <i className="glyphicon glyphicon-info-sign" style={{'marginRight': '5px'}}/>
            Not sure what this is? Not seeing your AWS EC2 instances? <a href="https://github.com/guardicore/monkey/wiki/Monkey-Island:-Running-the-monkey-on-AWS-EC2-instances">Read the documentation</a>!
          </p>
        </div>
        {
          this.state.ips.length > 1 ?
            <Nav bsStyle="pills" justified activeKey={this.state.selectedIp} onSelect={this.setSelectedIp}
@ -296,60 +269,6 @@ class RunMonkeyPageComponent extends AuthComponent {
      </div>
    )
  }
  renderNotAuthAwsDiv() {
    return (
      <div style={{'marginBottom': '2em'}}>
        <p style={{'fontSize': '1.2em'}}>
          You haven't set your AWS account details or they're incorrect. Please enter them below to proceed.
        </p>
        <div style={{'marginTop': '1em'}}>
          <div className="col-sm-12">
          <div className="col-sm-6 col-sm-offset-3" style={{'fontSize': '1.2em'}}>
            <div className="panel panel-default">
              <div className="panel-body">
                <div className="input-group center-block text-center">
                  <input type="text" className="form-control" placeholder="AWS Access Key ID"
                         value={this.state.awsKeyId}
                         onChange={evt => this.updateAwsKeyId(evt)}/>
                  <input type="text" className="form-control" placeholder="AWS Secret Access Key"
                         value={this.state.awsSecretKey}
                         onChange={evt => this.updateAwsSecretKey(evt)}/>
                  <Button
                    onClick={this.updateAwsKeys}
                    className={'btn btn-default btn-md center-block'}
                    disabled={this.state.awsUpdateClicked}
                    variant="primary">
                    Update AWS details
                    { this.state.awsUpdateClicked ? <Icon name="refresh" className="text-success" style={{'marginLeft': '5px'}}/> : null }
                  </Button>
                </div>
              </div>
            </div>
          </div>
            <div className="col-sm-8 col-sm-offset-2" style={{'fontSize': '1.2em'}}>
              <p className="alert alert-info">
                <i className="glyphicon glyphicon-info-sign" style={{'marginRight': '5px'}}/>
                In order to remotely run commands on AWS EC2 instances, please make sure you have
                the <a href="https://docs.aws.amazon.com/console/ec2/run-command/prereqs" target="_blank">prerequisites</a> and if the
                instances don't show up, check the
                AWS <a href="https://docs.aws.amazon.com/console/ec2/run-command/troubleshooting" target="_blank">troubleshooting guide</a>.
              </p>
            </div>
            {
              this.state.awsUpdateFailed ?
                <div className="col-sm-8 col-sm-offset-2" style={{'fontSize': '1.2em'}}>
                  <p className="alert alert-danger" role="alert">Authentication failed.</p>
                </div>
                :
                null
            }
          </div>
        </div>
      </div>
    )
  }
  render() {
    return (
      <Col xs={12} lg={8}>
@ -364,7 +283,7 @@ class RunMonkeyPageComponent extends AuthComponent {
                  disabled={this.state.runningOnIslandState !== 'not_running'}
                  >
            Run on Monkey Island Server
-            { this.renderIconByState(this.state.runningOnIslandState) }
+            { RunMonkeyPageComponent.renderIconByState(this.state.runningOnIslandState) }
          </button>
          {
            // TODO: implement button functionality
@ -412,6 +331,21 @@ class RunMonkeyPageComponent extends AuthComponent {
            {this.generateCmdDiv()}
          </div>
        </Collapse>
        {
          this.state.isLoadingAws ?
            <p style={{'marginBottom': '2em', 'align': 'center'}}>
              <div className='sweet-loading'>
                <GridLoader
                  css={loading_css_override}
                  sizeUnit={"px"}
                  size={30}
                  color={'#ffcc00'}
                  loading={this.state.loading}
                />
              </div>
            </p>
             : null
        }
        {
          this.state.isOnAws ?
            <p className="text-center">
@ -432,7 +366,17 @@ class RunMonkeyPageComponent extends AuthComponent {
        }
        <Collapse in={this.state.showAws}>
          {
-            this.state.isAwsAuth ? this.renderAuthAwsDiv() : this.renderNotAuthAwsDiv()
+            this.state.isErrorWhileCollectingAwsMachines ?
              <div style={{'marginTop': '1em'}}>
                <p class="alert alert-danger">
                  <i className="glyphicon glyphicon-warning-sign" style={{'marginRight': '5px'}}/>
                  Error while collecting AWS machine data. Error message: <code>{this.state.awsMachineCollectionErrorMsg}</code><br/>
                  Are you sure you've set the correct role on your Island AWS machine?<br/>
                  Not sure what this is? <a href="https://github.com/guardicore/monkey/wiki/Monkey-Island:-Running-the-monkey-on-AWS-EC2-instances">Read the documentation</a>!
                </p>
              </div>
              :
              this.renderAwsMachinesDiv()
          }
        </Collapse>
--- a/monkey/monkey_island/cc/ui/src/components/side-menu/VersionComponent.js
+++ b/monkey/monkey_island/cc/ui/src/components/side-menu/VersionComponent.js
@ -0,0 +1,46 @@
 import React from 'react';
 import {Icon} from 'react-fa';
 class VersionComponent extends React.Component {
  constructor(props) {
    super(props);
    this.state = {
      currentVersion: undefined,
      newerVersion: undefined,
      downloadLink: undefined
    }
  }
  componentDidMount() {
    fetch('/api/version-update') // This is not authenticated on purpose
      .then(res => res.json())
      .then(res => {
        this.setState({
          currentVersion: res['current_version'],
          newerVersion: res['newer_version'],
          downloadLink: res['download_link'],
        });
      });
  }
  render() {
    return (
      <div className="version-text text-center">
        Infection Monkey Version: {this.state.currentVersion}
        {
          this.state.newerVersion ?
            <div>
              <b>Newer version available!</b>
              <br/>
              <b><a target="_blank" href={this.state.downloadLink}>Download here <Icon name="download"/></a></b>
            </div>
            :
            undefined
        }
      </div>
    );
  }
 }
 export default VersionComponent;
--- a/monkey/monkey_island/cc/ui/src/styles/App.css
+++ b/monkey/monkey_island/cc/ui/src/styles/App.css
@ -529,3 +529,13 @@ body {
  text-align: center;
  margin-bottom: 20px;
 }
 .version-text {
  font-size: 0.9em;
  position: absolute;
  bottom: 5px;
  left: 0;
  right: 0;
  margin-left: auto;
  margin-right: auto;
 }
--- a/monkey/monkey_island/deb-package/DEBIAN/control
+++ b/monkey/monkey_island/deb-package/DEBIAN/control
@ -5,4 +5,4 @@ Homepage: http://www.guardicore.com
 Priority: optional
 Version: 1.0
 Description: Guardicore Infection Monkey Island installation package
-Depends: openssl, python-pip, python-dev, mongodb
+Depends: openssl, python-pip, python-dev
--- a/monkey/monkey_island/deb-package/DEBIAN/postinst
+++ b/monkey/monkey_island/deb-package/DEBIAN/postinst
@ -9,16 +9,15 @@ pip2 install virtualenv --no-index --find-links file://$INSTALLATION_FOLDER
 virtualenv -p python2.7 ${PYTHON_FOLDER}
 # install pip requirements
-${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/pip_requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER
+${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER
 # remove installation folder and unnecessary files
 rm -rf ${INSTALLATION_FOLDER}
-rm -f ${MONKEY_FOLDER}/monkey_island/pip_requirements.txt
+rm -f ${MONKEY_FOLDER}/monkey_island/requirements.txt
 cp ${MONKEY_FOLDER}/monkey_island/ubuntu/* /etc/init/
 if [ -d "/etc/systemd/network" ]; then
-    cp ${MONKEY_FOLDER}/monkey_island/ubuntu/systemd/*.service /lib/systemd/system/
+    cp ${MONKEY_FOLDER}/monkey_island/service/systemd/*.service /lib/systemd/system/
-    chmod +x ${MONKEY_FOLDER}/monkey_island/ubuntu/systemd/start_server.sh
+    chmod +x ${MONKEY_FOLDER}/monkey_island/service/systemd/start_server.sh
    systemctl daemon-reload
    systemctl enable monkey-island
 fi
--- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst
+++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst
@ -0,0 +1,35 @@
 #!/bin/bash
 MONKEY_FOLDER=/var/monkey
 INSTALLATION_FOLDER=/var/monkey/monkey_island/installation
 PYTHON_FOLDER=/var/monkey/monkey_island/bin/python
 # Prepare python virtualenv
 pip2 install virtualenv --no-index --find-links file://$INSTALLATION_FOLDER
 virtualenv -p python2.7 ${PYTHON_FOLDER}
 # install pip requirements
 ${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER
 # remove installation folder and unnecessary files
 rm -rf ${INSTALLATION_FOLDER}
 rm -f ${MONKEY_FOLDER}/monkey_island/requirements.txt
 ${MONKEY_FOLDER}/monkey_island/install_mongo.sh ${MONKEY_FOLDER}/monkey_island/bin/mongodb
 if [ -d "/etc/systemd/network" ]; then
    cp ${MONKEY_FOLDER}/monkey_island/service/systemd/*.service /lib/systemd/system/
    chmod +x ${MONKEY_FOLDER}/monkey_island/service/systemd/start_server.sh
    systemctl daemon-reload
    systemctl enable monkey-mongo
    systemctl enable monkey-island
 fi
 ${MONKEY_FOLDER}/monkey_island/create_certificate.sh
 service monkey-island start
 service monkey-mongo start
 echo Monkey Island installation ended
 exit 0
--- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/prerm
+++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/prerm
@ -0,0 +1,11 @@
 #!/bin/sh
 service monkey-island stop || true
 service monkey-mongo stop || true
 [ -f "/lib/systemd/system/monkey-island.service" ] && rm -f /lib/systemd/system/monkey-island.service
 [ -f "/lib/systemd/system/monkey-mongo.service" ] && rm -f /lib/systemd/system/monkey-mongo.service
 rm -r -f /var/monkey
 exit 0
--- a/monkey/monkey_island/deb-package/monkey_island_pip_requirements.txt
+++ b/monkey/monkey_island/deb-package/monkey_island_pip_requirements.txt
@ -1,19 +0,0 @@
 python-dateutil
 tornado
 werkzeug
 jinja2
 markupsafe
 itsdangerous
 click
 flask
 Flask-Pymongo
 Flask-Restful
 Flask-JWT
 jsonschema
 netifaces
 ipaddress
 enum34
 pycryptodome
 boto3
 awscli
 virtualenv
--- a/monkey/monkey_island/deb-package/service/systemd/monkey-island.service
+++ b/monkey/monkey_island/deb-package/service/systemd/monkey-island.service
@ -4,7 +4,7 @@ After=network.target
 [Service]
 Type=simple
-ExecStart=/var/monkey/monkey_island/ubuntu/systemd/start_server.sh
+ExecStart=/var/monkey/monkey_island/service/systemd/start_server.sh
 [Install]
 WantedBy=multi-user.target
--- a/monkey/monkey_island/deb-package/service/systemd/start_server.sh
+++ b/monkey/monkey_island/deb-package/service/systemd/start_server.sh
--- a/monkey/monkey_island/deb-package/service_mongo/systemd/monkey-island.service
+++ b/monkey/monkey_island/deb-package/service_mongo/systemd/monkey-island.service
@ -0,0 +1,11 @@
 [Unit]
 Description=Monkey Island Service
 Wants=monkey-mongo.service
 After=network.target
 [Service]
 Type=simple
 ExecStart=/var/monkey/monkey_island/service/systemd/start_server.sh
 [Install]
 WantedBy=multi-user.target
--- a/monkey/monkey_island/deb-package/service_mongo/systemd/monkey-mongo.service
+++ b/monkey/monkey_island/deb-package/service_mongo/systemd/monkey-mongo.service
@ -0,0 +1,12 @@
 [Unit]
 Description=Monkey Island Mongo Service
 After=network.target
 [Service]
 ExecStart=/var/monkey/monkey_island/bin/mongodb/bin/mongod --quiet --dbpath /var/monkey/monkey_island/db
 KillMode=process
 Restart=always
 ExecStop=/var/monkey/monkey_island/bin/mongodb/bin/mongod --shutdown
 [Install]
 WantedBy=multi-user.target
--- a/monkey/monkey_island/linux/install_mongo.sh
+++ b/monkey/monkey_island/linux/install_mongo.sh
@ -0,0 +1,39 @@
 #!/bin/bash
 export os_version_monkey=$(cat /etc/issue)
 MONGODB_DIR=$1 # If using deb, this should be: /var/monkey/monkey_island/bin/mongodb
 if [[ ${os_version_monkey} == "Ubuntu 16.04"* ]] ;
 then
 	echo Detected Ubuntu 16.04
 	export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-3.6.12.tgz"
 elif [[ ${os_version_monkey} == "Ubuntu 18.04"* ]] ;
 then
 	echo Detected Ubuntu 18.04
 	export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.0.8.tgz"
 elif [[ ${os_version_monkey} == "Debian GNU/Linux 8"* ]] ;
 then
 	echo Detected Debian 8
 	export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-debian81-3.6.12.tgz"
 elif [[ ${os_version_monkey} == "Debian GNU/Linux 9"* ]] ;
 then
 	echo Detected Debian 9
 	export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-debian92-3.6.12.tgz"
 else
 	echo Unsupported OS
 	exit -1
 fi
 TEMP_MONGO=$(mktemp -d)
 pushd ${TEMP_MONGO}
 wget ${tgz_url} -O mongodb.tgz
 tar -xf mongodb.tgz
 popd
 mkdir -p ${MONGODB_DIR}/bin
 cp ${TEMP_MONGO}/mongodb-*/bin/mongod ${MONGODB_DIR}/bin/mongod
 cp ${TEMP_MONGO}/mongodb-*/LICENSE-Community.txt ${MONGODB_DIR}/
 chmod a+x ${MONGODB_DIR}/bin/mongod
 rm -r ${TEMP_MONGO}
 exit 0
--- a/monkey/monkey_island/linux/ubuntu/monkey-island.conf
+++ b/monkey/monkey_island/linux/ubuntu/monkey-island.conf
@ -1,18 +0,0 @@
 description "Monkey Island Service"
 start on runlevel [2345]
 stop on runlevel [!2345]
 respawn
 respawn limit unlimited
 script
 	chdir /var/monkey
 	exec monkey_island/bin/python/bin/python monkey_island.py
 end script
 post-stop script
    if [ -n $UPSTART_EVENTS ]; then
        exec sleep 2
    fi
 end script
--- a/monkey/monkey_island/readme.txt
+++ b/monkey/monkey_island/readme.txt
@ -65,12 +65,8 @@ How to run:
 4. Setup MongoDB (Use one of the two following options):
        4.a. Download MongoDB and extract it to /var/monkey_island/bin/mongodb
-                for debian64 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz
+			4.a.1. Run '/var/monkey_island/linux/install_mongo.sh /var/monkey_island/bin/mongodb'
-                for ubuntu64 16.10 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz
+				   This will download and extract the relevant mongoDB for your OS.
                find more at - https://www.mongodb.org/downloads#production
                untar.gz with: tar -zxvf filename.tar.gz -C /var/monkey_island/bin/mongodb
                (make sure the content of the mongo folder is in this directory, meaning this path exists:
                        /var/monkey_island/bin/mongodb/bin)        
        OR
        4.b. Use already running instance of mongodb
 			4.b.1. Run 'set MONKEY_MONGO_URL="mongodb://<SERVER ADDR>:27017/monkeyisland"'. Replace '<SERVER ADDR>' with address of mongo server
--- a/monkey/monkey_island/requirements.txt
+++ b/monkey/monkey_island/requirements.txt
@ -1,5 +1,6 @@
 bson
 python-dateutil
-tornado
+tornado==5.1.1
 werkzeug
 jinja2
 markupsafe
@ -9,10 +10,16 @@ flask
 Flask-Pymongo
 Flask-Restful
 Flask-JWT
-jsonschema
+jsonschema==2.6.0
 netifaces
 ipaddress
 enum34
 pycryptodome
 boto3
-awscli
+botocore
 PyInstaller
 awscli
 cffi
 virtualenv
 wheel
 requests
--- a/monkey/monkey_island/windows/run_mongodb.bat
+++ b/monkey/monkey_island/windows/run_mongodb.bat
@ -1,3 +1,3 @@
 REM - Runs MongoDB Server -
@title MongoDB
-@bin\mongodb\mongod.exe --dbpath db
+@bin\mongodb\mongod.exe --dbpath db --bind_ip 127.0.0.1