From 6d5b55be10278e63bc696538ae10a528f19b6c81 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 7 Feb 2022 12:56:54 -0500 Subject: [PATCH] Agent: Implement fingerprinting in Puppet --- monkey/infection_monkey/monkey.py | 2 ++ monkey/infection_monkey/network/http_fingerprinter.py | 8 ++++++-- monkey/infection_monkey/puppet/puppet.py | 3 ++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 20ed730a8..3b31e3a00 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -18,6 +18,7 @@ from infection_monkey.master.control_channel import ControlChannel from infection_monkey.model import DELAY_DELETE_CMD, VictimHostFactory from infection_monkey.network import NetworkInterface from infection_monkey.network.firewall import app as firewall +from infection_monkey.network.http_fingerprinter import HTTPFingerprinter from infection_monkey.network.info import get_local_network_interfaces from infection_monkey.payload.ransomware.ransomware_payload import RansomwarePayload from infection_monkey.puppet.puppet import Puppet @@ -183,6 +184,7 @@ class InfectionMonkey: @staticmethod def _build_puppet() -> IPuppet: puppet = Puppet() + puppet.load_plugin("HTTPFinger", HTTPFingerprinter(), PluginType.FINGERPRINTER) puppet.load_plugin("ransomware", RansomwarePayload(), PluginType.PAYLOAD) return puppet diff --git a/monkey/infection_monkey/network/http_fingerprinter.py b/monkey/infection_monkey/network/http_fingerprinter.py index 5b58db22c..dabef920b 100644 --- a/monkey/infection_monkey/network/http_fingerprinter.py +++ b/monkey/infection_monkey/network/http_fingerprinter.py @@ -63,8 +63,12 @@ def _query_potential_http_server(host: str, port: int) -> Tuple[Optional[str], O def _get_server_from_headers(url: str) -> Optional[str]: try: + logger.debug(f"Sending request for headers to {url}") with closing(head(url, verify=False, timeout=1)) as req: # noqa: DUO123 - return req.headers.get("Server") + server = req.headers.get("Server") + + logger.debug(f'Got server string "{server}" from {url}') + return server except Timeout: logger.debug(f"Timeout while requesting headers from {url}") except ConnectionError: # Someone doesn't like us @@ -76,5 +80,5 @@ def _get_server_from_headers(url: str) -> Optional[str]: def _get_open_http_ports( allowed_http_ports: Set, port_scan_data: Dict[int, PortScanData] ) -> Iterable[int]: - open_ports = (psd.port for psd in port_scan_data.values() if psd.status == PortStatus.Open) + open_ports = (psd.port for psd in port_scan_data.values() if psd.status == PortStatus.OPEN) return (port for port in open_ports if port in allowed_http_ports) diff --git a/monkey/infection_monkey/puppet/puppet.py b/monkey/infection_monkey/puppet/puppet.py index b7be64002..ad9354d66 100644 --- a/monkey/infection_monkey/puppet/puppet.py +++ b/monkey/infection_monkey/puppet/puppet.py @@ -49,7 +49,8 @@ class Puppet(IPuppet): port_scan_data: Dict[int, PortScanData], options: Dict, ) -> FingerprintData: - return self._mock_puppet.fingerprint(name, host, ping_scan_data, port_scan_data, options) + fingerprinter = self._plugin_registry.get_plugin(name, PluginType.FINGERPRINTER) + return fingerprinter.get_host_fingerprint(host, ping_scan_data, port_scan_data, options) def exploit_host( self, name: str, host: str, options: Dict, interrupt: threading.Event