Merge remote-tracking branch 'upstream/develop' into 519/scoutsuite-integration

# Conflicts:
#	.gitmodules
#	.travis.yml
#	monkey/common/data/system_info_collectors_names.py
#	monkey/monkey_island/cc/services/config_schema.py
#	monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py
This commit is contained in:
VakarisZ 2020-08-31 11:34:15 +03:00
commit b14193f848
2395 changed files with 70716 additions and 20248 deletions

View File

@ -1,29 +1,32 @@
---
name: 🐛 Bug report
about: Create a report to help us fix things!
---
<!--
Thank you for reporting a bug to make Infection Monkey better.
Please fill in as much of the template below as you're able.
-->
## Describe the bug
A clear and concise description of what the bug is.
## To Reproduce
Steps to reproduce the behavior:
1. Configure the Monkey with X settings
2. Run the monkey on specific machine
3. See error
## Expected behavior
A description of what you expected to happen.
## Screenshots
If applicable, add screenshots to help explain your problem.
## Machine version (please complete the following information):
- OS: Windows or Linux
---
name: "\U0001F41B Bug report"
about: Create a report to help us fix things!
title: ''
labels: Bug
assignees: ''
---
<!--
Thank you for reporting a bug to make Infection Monkey better.
Please fill in as much of the template below as you're able.
-->
## Describe the bug
A clear and concise description of what the bug is.
## To Reproduce
Steps to reproduce the behavior:
1. Configure the Monkey with X settings
2. Run the monkey on specific machine
3. See error
## Expected behavior
A description of what you expected to happen.
## Screenshots
If applicable, add screenshots to help explain your problem.
## Machine version (please complete the following information):
- OS: Windows or Linux

View File

@ -0,0 +1,28 @@
---
name: "\U0001F4C3 Documentation request"
about: Suggest additions or fixes to our documentation hub!
title: ''
labels: Documentation
assignees: ''
---
## Documentation request
<!-- Choose: adding a new page, or edit existing content. -->
### Add a new page 🆕
**What documentation you'd like us to add?**
Put suggestion here.
**Where in the documentation tree?**
Put section here.
### Edit existing content 📝
**Which page(s) do you want us to edit?**
Put link here.
**What do you think should be changed?**
Put requested changes here.

View File

@ -1,6 +1,9 @@
---
name: "\U0001F680 Feature request"
about: Suggest an idea for this project
title: ''
labels: Feature
assignees: ''
---
@ -17,4 +20,4 @@ Please describe the problem you are trying to solve.
Please describe the desired behavior.
**Describe alternatives you've considered**
Please describe alternative solutions or features you have considered.
Please describe alternative solutions or features you have considered.

View File

@ -1,15 +1,20 @@
# What is this?
# What does this PR do?
Fixes #`put issue number here`.
Add any further explanations here.
## Checklist
## PR Checklist
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
* [ ] Have you successfully tested your changes locally?
* [ ] Is the TravisCI build passing?
## Proof that it works
If applicable, add screenshots or log transcripts of the feature working
## Testing Checklist
* [ ] Added relevant unit tests?
* [ ] Have you successfully tested your changes locally? Elaborate:
> Tested by {Running the Monkey locally with relevant config/running Island/...}
* [ ] If applicable, add screenshots or log transcripts of the feature working
## Explain Changes
## Changes
Are the commit messages enough? If not, elaborate.

BIN
.github/attack-report.png vendored Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 198 KiB

BIN
.github/map-full.png vendored

Binary file not shown.

Before

Width:  |  Height:  |  Size: 80 KiB

After

Width:  |  Height:  |  Size: 162 KiB

BIN
.github/security-report.png vendored Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 122 KiB

BIN
.github/zero-trust-report.png vendored Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 194 KiB

12
.gitignore vendored
View File

@ -82,5 +82,17 @@ MonkeyZoo/*
!MonkeyZoo/config.tf
!MonkeyZoo/MonkeyZooDocs.pdf
# Exported monkey telemetries
/monkey/telem_sample/
# Profiling logs
profiler_logs/
# vim swap files
*.swp
# Server config might contain credentials
/monkey/monkey_island/cc/server_config.json
# Virtualenv
venv/

6
.gitmodules vendored
View File

@ -1,3 +1,9 @@
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
path = monkey/monkey_island/cc/services/attack/attack_data
url = https://github.com/guardicore/cti
[submodule "docs/themes/learn"]
path = docs/themes/learn
url = https://github.com/guardicode/hugo-theme-learn.git
[submodule "monkey/infection_monkey/system_info/collectors/scoutsuite"]
path = monkey/infection_monkey/system_info/collectors/scoutsuite
url = https://github.com/ShayNehmad/ScoutSuite.git

View File

@ -1,56 +1,105 @@
# Infection Monkey travis.yml. See Travis documentation for information about this file structure.
# If you change this file, you can validate using Travis CI's Build Config Explorer https://config.travis-ci.com/explore
group: travis_latest
language: python
cache: pip
cache:
- pip
- directories:
- "$HOME/.npm"
python:
- 3.7
os: linux
before_install:
# Init server_config.json to default
- cp monkey/monkey_island/cc/server_config.json.default monkey/monkey_island/cc/server_config.json
install:
# Python
- pip freeze
- pip install -r monkey/monkey_island/requirements.txt # for unit tests
- pip install flake8 pytest dlint # for next stages
- pip install flake8 pytest dlint isort # for next stages
- pip install coverage # for code coverage
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
- pip install -r monkey/infection_monkey/system_info/collectors/scoutsuite/requirements.txt
- pip install pipdeptree
# Fail builds on possible conflicting dependencies.
- pipdeptree --warn fail
# node + npm + eslint
- node --version
- npm --version
- nvm --version
- nvm install node
- nvm use node
- npm i -g eslint
- node --version
- npm --version
# linuxbrew (for hugo)
- git clone https://github.com/Homebrew/brew ~/.linuxbrew/Homebrew
- mkdir ~/.linuxbrew/bin
- ln -s ~/.linuxbrew/Homebrew/bin/brew ~/.linuxbrew/bin
- eval $(~/.linuxbrew/bin/brew shellenv)
# hugo (for documentation)
- brew install hugo
# print hugo version (useful for debugging documentation build errors)
- hugo version
before_script:
# Set the server config to `testing`. This is required for for the UTs to pass.
- python monkey/monkey_island/cc/set_server_config.py testing
- pushd /home/travis/build/guardicore/monkey/monkey
- python monkey_island/cc/environment/set_server_config.py testing
- popd
script:
# Check Python code
# Check syntax errors and fail the build if any are found.
## Check syntax errors and fail the build if any are found.
- flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics --exclude=monkey/infection_monkey/system_info/collectors/scoutsuite
# Warn about linter issues.
# --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.
# --count will print the total number of errors.
# --statistics Count the number of occurrences of each error/warning code and print a report.
# The output is redirected to a file.
## Warn about linter issues.
### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.
### --count will print the total number of errors.
### --statistics Count the number of occurrences of each error/warning code and print a report.
### The output is redirected to a file.
- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics --exclude=monkey/infection_monkey/system_info/collectors/scoutsuite > flake8_warnings.txt
# Display the linter issues
## Display the linter issues
- cat flake8_warnings.txt
# Make sure that we haven't increased the amount of warnings.
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=190
- if [ $(tail -n 1 flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
## Make sure that we haven't increased the amount of warnings.
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=120
- if [ $(tail -n 1 flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
## Check import order
- python -m isort . -c -p common -p infection_monkey -p monkey_island
## Run unit tests
- cd monkey # This is our source dir
- python -m pytest # Have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path.
## Calculate Code Coverage
- coverage run -m pytest
# Check JS code. The npm install must happen AFTER the flake8 because the node_modules folder will cause a lot of errors.
- cd monkey_island/cc/ui
- npm i
- npm i -g eslint
- cd -
- cd monkey_island/cc/ui
- eslint ./src --quiet
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=37
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT
- npm ci # See https://docs.npmjs.com/cli/ci.html
- eslint ./src --quiet # Test for errors
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=28
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
# Build documentation
- cd $TRAVIS_BUILD_DIR/docs
- hugo --verbose --environment staging
after_success:
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
- bash <(curl -s https://codecov.io/bash)
notifications:
slack: # Notify to slack

View File

@ -1,6 +1,9 @@
# Infection Monkey
[![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey)
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/guardicore/monkey)](https://github.com/guardicore/monkey/releases)
[![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey)
[![codecov](https://codecov.io/gh/guardicore/monkey/branch/develop/graph/badge.svg)](https://codecov.io/gh/guardicore/monkey)
![GitHub stars](https://img.shields.io/github/stars/guardicore/monkey)
![GitHub commit activity](https://img.shields.io/github/commit-activity/m/guardicore/monkey)
@ -10,18 +13,29 @@ Welcome to the Infection Monkey!
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.
<img src=".github/map-full.png" >
<img src=".github/Security-overview.png" width="800" height="500">
The Infection Monkey is comprised of two parts:
* Monkey - A tool which infects other machines and propagates to them
* Monkey Island - A dedicated server to control and visualize the Infection Monkey's progress inside the data center
To read more about the Monkey, visit http://infectionmonkey.com
* **Monkey** - A tool which infects other machines and propagates to them.
* **Monkey Island** - A dedicated server to control and visualize the Infection Monkey's progress inside the data center.
To read more about the Monkey, visit [infectionmonkey.com](https://infectionmonkey.com).
## Screenshots
### Map
<img src=".github/map-full.png" width="800" height="600">
### Security report
<img src=".github/security-report.png" width="800" height="500">
### Zero trust report
<img src=".github/zero-trust-report.png" width="800" height="500">
### ATT&CK report
<img src=".github/attack-report.png" width="900" height="500">
## Main Features
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
* Multiple propagation techniques:
@ -36,18 +50,17 @@ The Infection Monkey uses the following techniques and exploits to propagate to
* Conficker
* SambaCry
* Elastic Search (CVE-2015-1427)
* Weblogic server
* and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.
## Setup
Check out the [Setup](https://github.com/guardicore/monkey/wiki/setup) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/wt/).
The Infection Monkey supports a variety of platforms, documented [in the wiki](https://github.com/guardicore/monkey/wiki/OS-compatibility).
Check out the [Setup](https://www.guardicore.com/infectionmonkey/docs/setup/) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/docs/usage/getting-started/).
The Infection Monkey supports a variety of platforms, documented [in our documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/operating_systems_support/).
## Building the Monkey from source
To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts) folder.
If you only want to build the monkey from source, see [Setup](https://github.com/guardicore/monkey/wiki/Setup#compile-it-yourself)
and follow the instructions at the readme files under [infection_monkey](infection_monkey) and [monkey_island](monkey_island).
To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts)
folder or follow documentation in [documentation hub](https://www.guardicore.com/infectionmonkey/docs/development/setup-development-environment/).
### Build status
| Branch | Status |
@ -56,13 +69,21 @@ and follow the instructions at the readme files under [infection_monkey](infecti
| Master | [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=master)](https://travis-ci.com/guardicore/monkey) |
## Tests
### Unit Tests
In order to run all of the Unit Tests, run the command `python -m pytest` in the `monkey` directory.
To get a coverage report, first make sure the `coverage` package is installed using `pip install coverage`. Run the command
`coverage run -m unittest` in the `monkey` directory and then `coverage html`. The coverage report can be found in
`htmlcov.index`.
### Blackbox tests
In order to run the Blackbox tests, refer to `envs/monkey_zoo/blackbox/README.md`.
# License
Copyright (c) Guardicore Ltd
See the [LICENSE](LICENSE) file for license rights and limitations (GPLv3).

View File

@ -1,25 +1,55 @@
# Files used to deploy development version of infection monkey
## Windows
# Deployment guide for a development environemnt
Before running the script you must have git installed.<br>
Cd to scripts directory and use the scripts.<br>
First argument is an empty directory (script can create one) and second is branch you want to clone.
Example usages:<br>
./run_script.bat (Sets up monkey in current directory under .\infection_monkey)<br>
./run_script.bat "C:\test" (Sets up monkey in C:\test)<br>
powershell -ExecutionPolicy ByPass -Command ". .\deploy_windows.ps1; Deploy-Windows -monkey_home C:\test" (Same as above)<br>
./run_script.bat "" "master"(Sets up master branch instead of develop in current dir)
Don't forget to add python to PATH or do so while installing it via this script.<br>
This guide is for you if you wish to develop for Infection Monkey. If you only want to use it, please download the relevant version from [our website](https://infectionmonkey.com).
## Linux
## Prerequisites
Linux deployment script is meant for Ubuntu 16.x machines.
You must have root permissions, but don't run the script as root.<br>
Launch deploy_linux.sh from scripts directory.<br>
First argument should be an absolute path of an empty directory (script will create one if doesn't exist, default is ./infection_monkey).
Second parameter is the branch you want to clone (develop by default).
Example usages:<br>
./deploy_linux.sh (deploys under ./infection_monkey)<br>
./deploy_linux.sh "/home/test/monkey" (deploys under /home/test/monkey)<br>
./deploy_linux.sh "" "master" (deploys master branch in script directory)<br>
./deploy_linux.sh "/home/user/new" "master" (if directory "new" is not found creates it and clones master branch into it)<br>
Before running the script you must have `git` installed. If you don't have `git` installed, please follow [this guide](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git).
## Deploy on Windows
Run the following command in powershell:
```powershell
Invoke-WebRequest https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/deploy_windows.ps1 -OutFile deploy_windows.ps1
```
This will download our deploy script. It's a good idea to read it quickly before executing it!
After downloading that script, execute it in `powershell`.
The first argument is an empty directory (script can create one). The second argument is which branch you want to clone - by default, the script will check out the `develop` branch. Some example usages:
- `.\deploy_windows.ps1` (Sets up monkey in current directory under .\infection_monkey)
- `.\deploy_windows.ps1 -monkey_home "C:\test"` (Sets up monkey in C:\test)
- `.\deploy_windows.ps1 -branch "master"` (Sets up master branch instead of develop in current dir)
You may also pass in an optional `agents=$false` parameter to disable downloading the latest agent binaries.
### Troubleshooting
- If you run into Execution Policy warnings, you can disable them by prefixing the following snippet: `powershell -ExecutionPolicy ByPass -Command "[original command here]"`
- Don't forget to add python to PATH or do so while installing it via this script.
## Deploy on Linux
Linux deployment script is meant for Ubuntu 16 and Ubuntu 18 machines.
Your user must have root permissions; however, don't run the script as root!
```sh
wget https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/deploy_linux.sh
```
This will download our deploy script. It's a good idea to read it quickly before executing it!
Then execute the resulting script with your shell.
After downloading that script, execute it in a shell. The first argument should be an absolute path of an empty directory (the script will create one if doesn't exist, default is ./infection_monkey). The second parameter is the branch you want to clone (develop by default). Some example usages:
- `./deploy_linux.sh` (deploys under ./infection_monkey)
- `./deploy_linux.sh "/home/test/monkey"` (deploys under /home/test/monkey)
- `./deploy_linux.sh "" "master"` (deploys master branch in script directory)
- `./deploy_linux.sh "/home/user/new" "master"` (if directory "new" is not found creates it and clones master branch into it)
You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries.

View File

@ -1,25 +1,44 @@
#!/usr/bin/env bash
# Absolute monkey's path
MONKEY_FOLDER_NAME="infection_monkey"
export MONKEY_FOLDER_NAME="infection_monkey"
# Url of public git repository that contains monkey's source code
MONKEY_GIT_URL="https://github.com/guardicore/monkey"
export MONKEY_GIT_URL="https://github.com/guardicore/monkey"
get_latest_release() {
curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub API
grep '"tag_name":' | # Get tag line
sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value
}
MONKEY_LATEST_RELEASE=$(get_latest_release "monkey/guardicore")
# Monkey binaries
LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-32"
LINUX_32_BINARY_NAME="monkey-linux-32"
LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-64"
LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-32"
export LINUX_32_BINARY_URL
export LINUX_32_BINARY_NAME
LINUX_64_BINARY_NAME="monkey-linux-64"
WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-32.exe"
LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-64"
export LINUX_64_BINARY_URL
export LINUX_64_BINARY_NAME
WINDOWS_32_BINARY_NAME="monkey-windows-32.exe"
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-64.exe"
WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-32.exe"
export WINDOWS_32_BINARY_URL
export WINDOWS_32_BINARY_NAME
WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-64.exe"
export WINDOWS_64_BINARY_URL
export WINDOWS_64_BINARY_NAME
# Other binaries for monkey
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute64"
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute32"
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so"
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so"
# Mongo url's
MONGO_DEBIAN_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz"
MONGO_UBUNTU_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz"
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute64"
export TRACEROUTE_64_BINARY_URL
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute32"
export TRACEROUTE_32_BINARY_URL
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner64.so"
export SAMBACRY_64_BINARY_URL
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner32.so"
export SAMBACRY_32_BINARY_URL

View File

@ -1,46 +1,47 @@
# Absolute monkey's path
$MONKEY_FOLDER_NAME = "infection_monkey"
# Url of public git repository that contains monkey's source code
$MONKEY_REPO = "guardicore/monkey"
$MONKEY_GIT_URL = "https://github.com/guardicore/monkey"
$MONKEY_RELEASES_URL = $MONKEY_GIT_URL + "/releases"
$MONKEY_API_RELEASES_URL = "https://api.github.com/repos/$MONKEY_REPO/releases"
$MONKEY_LATEST_VERSION = (Invoke-WebRequest $MONKEY_API_RELEASES_URL | ConvertFrom-Json)[0].tag_name
$MONKEY_DOWNLOAD_URL = $MONKEY_RELEASES_URL + "/download/" + $MONKEY_LATEST_VERSION + "/"
# Link to the latest python download or install it manually
$PYTHON_URL = "https://www.python.org/ftp/python/3.7.4/python-3.7.4-amd64.exe"
$PYTHON_URL = "https://www.python.org/ftp/python/3.7.7/python-3.7.7-amd64.exe"
# Monkey binaries
$LINUX_32_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-32"
$LINUX_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-linux-32"
$LINUX_32_BINARY_PATH = "monkey-linux-32"
$LINUX_64_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-64"
$LINUX_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-linux-64"
$LINUX_64_BINARY_PATH = "monkey-linux-64"
$WINDOWS_32_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-32.exe"
$WINDOWS_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-windows-32.exe"
$WINDOWS_32_BINARY_PATH = "monkey-windows-32.exe"
$WINDOWS_64_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-64.exe"
$WINDOWS_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-windows-64.exe"
$WINDOWS_64_BINARY_PATH = "monkey-windows-64.exe"
$SAMBA_32_BINARY_URL = "https://github.com/VakarisZ/tempBinaries/raw/master/sc_monkey_runner32.so"
$SAMBA_32_BINARY_NAME= "sc_monkey_runner32.so"
$SAMBA_64_BINARY_URL = "https://github.com/VakarisZ/tempBinaries/raw/master/sc_monkey_runner64.so"
$SAMBA_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "sc_monkey_runner32.so"
$SAMBA_32_BINARY_NAME = "sc_monkey_runner32.so"
$SAMBA_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "sc_monkey_runner64.so"
$SAMBA_64_BINARY_NAME = "sc_monkey_runner64.so"
$TRACEROUTE_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute64"
$TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32"
# Other directories and paths ( most likely you dont need to configure)
$MONKEY_ISLAND_DIR = "\monkey\monkey_island"
$MONKEY_DIR = "\monkey\infection_monkey"
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
$PYTHON_DLL = "C:\Windows\System32\python27.dll"
$MK32_DLL = "mk32.zip"
$MK64_DLL = "mk64.zip"
$TEMP_PYTHON_INSTALLER = ".\python.exe"
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
$TEMP_CPP_INSTALLER = "cpp.exe"
$TEMP_NPM_INSTALLER = "node.msi"
$TEMP_PYWIN32_INSTALLER = "pywin32.exe"
$TEMP_UPX_ZIP = "upx.zip"
$UPX_FOLDER = "upx394w"
$UPX_FOLDER = "upx-3.96-win64"
# Other url's
$MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip"
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip"
$MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2012plus-v4.2-latest.zip"
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
$NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi"
$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe"
$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip"
$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip"
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip"
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"

View File

@ -1,10 +1,54 @@
#!/bin/bash
source config
exists() {
command -v "$1" >/dev/null 2>&1
}
is_root() {
return $(id -u)
}
has_sudo() {
# 0 true, 1 false
timeout 1 sudo id && return 0 || return 1
}
handle_error() {
echo "Fix the errors above and rerun the script"
exit 1
}
log_message() {
echo -e "\n\n"
echo -e "DEPLOYMENT SCRIPT: $1"
}
config_branch=${2:-"develop"}
config_url="https://raw.githubusercontent.com/guardicore/monkey/${config_branch}/deployment_scripts/config"
if (! exists curl) && (! exists wget); then
log_message 'Your system does not have curl or wget, exiting'
exit 1
fi
file=$(mktemp)
# shellcheck disable=SC2086
if exists wget; then
# shellcheck disable=SC2086
wget --output-document=$file "$config_url"
else
# shellcheck disable=SC2086
curl -s -o $file "$config_url"
fi
log_message "downloaded configuration"
# shellcheck source=deployment_scripts/config
# shellcheck disable=SC2086
source $file
log_message "loaded configuration"
# shellcheck disable=SC2086
# rm $file
# Setup monkey either in dir required or current dir
monkey_home=${1:-$(pwd)}
if [[ $monkey_home == $(pwd) ]]; then
@ -13,26 +57,19 @@ fi
# We can set main paths after we know the home dir
ISLAND_PATH="$monkey_home/monkey/monkey_island"
MONKEY_COMMON_PATH="$monkey_home/monkey/common/"
MONGO_PATH="$ISLAND_PATH/bin/mongodb"
ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
handle_error() {
echo "Fix the errors above and rerun the script"
if is_root; then
log_message "Please don't run this script as root"
exit 1
}
fi
log_message() {
echo -e "\n\n-------------------------------------------"
echo -e "DEPLOYMENT SCRIPT: $1"
echo -e "-------------------------------------------\n"
}
sudo -v
if [[ $? != 0 ]]; then
echo "You need root permissions for some of this script operations. Quiting."
HAS_SUDO=$(has_sudo)
if [[ ! $HAS_SUDO ]]; then
log_message "You need root permissions for some of this script operations. Quiting."
exit 1
fi
@ -41,25 +78,20 @@ if [[ ! -d ${monkey_home} ]]; then
fi
if ! exists git; then
echo "Please install git and re-run this script"
log_message "Please install git and re-run this script"
exit 1
fi
if ! exists wget; then
echo 'Your system does have wget, please install and re-run this script'
exit 1
fi
log_message "Cloning files from git"
branch=${2:-"develop"}
if [[ ! -d "$monkey_home/monkey" ]]; then # If not already cloned
git clone --single-branch -b "$branch" "${MONKEY_GIT_URL}" "${monkey_home}" 2>&1 || handle_error
git clone --single-branch --recurse-submodules -b "$branch" "${MONKEY_GIT_URL}" "${monkey_home}" 2>&1 || handle_error
chmod 774 -R "${monkey_home}"
fi
# Create folders
log_message "Creating island dirs under $ISLAND_PATH"
mkdir -p "${MONGO_PATH}"
mkdir -p "${MONGO_PATH}" || handle_error
mkdir -p "${ISLAND_BINARIES_PATH}" || handle_error
# Detecting command that calls python 3.7
@ -78,87 +110,114 @@ if [[ ${python_cmd} == "" ]]; then
log_message "Python 3.7 command not found. Installing python 3.7."
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt install python3.7
sudo apt install python3.7 python3.7-dev
log_message "Python 3.7 is now available with command 'python3.7'."
python_cmd="python3.7"
fi
log_message "Updating package list"
sudo apt-get update
log_message "Installing build-essential"
sudo apt install build-essential
log_message "Installing pip"
sudo apt install python3-pip
${python_cmd} -m pip install pip
log_message "Install python3.7-dev"
sudo apt-get install python3.7-dev
log_message "Installing or updating pip"
# shellcheck disable=SC2086
pip_url=https://bootstrap.pypa.io/get-pip.py
if exists wget; then
wget --output-document=get-pip.py $pip_url
else
curl $pip_url -o get-pip.py
fi
${python_cmd} get-pip.py
rm get-pip.py
log_message "Installing island requirements"
requirements="$ISLAND_PATH/requirements.txt"
${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error
requirements_island="$ISLAND_PATH/requirements.txt"
${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error
log_message "Installing monkey requirements"
sudo apt-get install libffi-dev upx libssl-dev libc++1
cd "${monkey_home}"/monkey/infection_monkey || handle_error
${python_cmd} -m pip install -r requirements.txt --user --upgrade || handle_error
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
agents=${3:-true}
# Download binaries
log_message "Downloading binaries"
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_32_BINARY_URL}
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_64_BINARY_URL}
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_32_BINARY_URL}
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_64_BINARY_URL}
if [ "$agents" = true ] ; then
log_message "Downloading binaries"
if exists wget; then
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_32_BINARY_URL}
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_64_BINARY_URL}
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_32_BINARY_URL}
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_64_BINARY_URL}
else
curl -o ${ISLAND_BINARIES_PATH}\monkey-linux-32 ${LINUX_32_BINARY_URL}
curl -o ${ISLAND_BINARIES_PATH}\monkey-linux-64 ${LINUX_64_BINARY_URL}
curl -o ${ISLAND_BINARIES_PATH}\monkey-windows-32.exe ${WINDOWS_32_BINARY_URL}
curl -o ${ISLAND_BINARIES_PATH}\monkey-windows-64.exe ${WINDOWS_64_BINARY_URL}
fi
fi
# Allow them to be executed
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_32_BINARY_NAME"
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME"
# Get machine type/kernel version
kernel=$(uname -m)
linux_dist=$(lsb_release -a 2>/dev/null)
# If a user haven't installed mongo manually check if we can install it with our script
log_message "Installing MongoDB"
"${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error
if ! exists mongod; then
log_message "Installing MongoDB"
"${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error
fi
log_message "Installing openssl"
sudo apt-get install openssl
# Generate SSL certificate
log_message "Generating certificate"
cd "${ISLAND_PATH}" || {
echo "cd failed"
exit 1
}
openssl genrsa -out cc/server.key 2048
openssl req -new -key cc/server.key -out cc/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com"
openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt
"${ISLAND_PATH}"/linux/create_certificate.sh ${ISLAND_PATH}/cc
# Update node
log_message "Installing nodejs"
cd "$ISLAND_PATH/cc/ui" || handle_error
sudo apt-get install curl
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install -y nodejs
if ! exists npm; then
log_message "Installing nodejs"
node_src=https://deb.nodesource.com/setup_12.x
if exists curl; then
curl -sL $node_src | sudo -E bash -
else
wget -q -O - $node_src | sudo -E bash -
fi
sudo apt-get install -y nodejs
fi
pushd "$ISLAND_PATH/cc/ui" || handle_error
npm install sass-loader node-sass webpack --save-dev
npm update
log_message "Generating front end"
npm run dist
popd || handle_error
# Making dir for binaries
mkdir "${MONKEY_BIN_DIR}"
# Download sambacry binaries
log_message "Downloading sambacry binaries"
wget -c -N -P "${MONKEY_BIN_DIR}" "${SAMBACRY_64_BINARY_URL}"
wget -c -N -P "${MONKEY_BIN_DIR}" "${SAMBACRY_32_BINARY_URL}"
# shellcheck disable=SC2086
if exists wget; then
wget -c -N -P "${MONKEY_BIN_DIR}" ${SAMBACRY_64_BINARY_URL}
wget -c -N -P "${MONKEY_BIN_DIR}" ${SAMBACRY_32_BINARY_URL}
else
curl -o ${MONKEY_BIN_DIR}/sc_monkey_runner64.so ${SAMBACRY_64_BINARY_URL}
curl -o ${MONKEY_BIN_DIR}/sc_monkey_runner32.so ${SAMBACRY_32_BINARY_URL}
fi
# Download traceroute binaries
log_message "Downloading traceroute binaries"
wget -c -N -P "${MONKEY_BIN_DIR}" "${TRACEROUTE_64_BINARY_URL}"
wget -c -N -P "${MONKEY_BIN_DIR}" "${TRACEROUTE_32_BINARY_URL}"
# shellcheck disable=SC2086
if exists wget; then
wget -c -N -P "${MONKEY_BIN_DIR}" ${TRACEROUTE_64_BINARY_URL}
wget -c -N -P "${MONKEY_BIN_DIR}" ${TRACEROUTE_32_BINARY_URL}
else
curl -o ${MONKEY_BIN_DIR}/traceroute64 ${TRACEROUTE_64_BINARY_URL}
curl -o ${MONKEY_BIN_DIR}/traceroute32 ${TRACEROUTE_32_BINARY_URL}
fi
sudo chmod +x "${monkey_home}"/monkey/infection_monkey/build_linux.sh
sudo chmod +x "${INFECTION_MONKEY_DIR}/build_linux.sh"
log_message "Deployment script finished."
exit 0

View File

@ -1,17 +1,40 @@
function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, [String] $branch = "develop"){
# Import the config variables
. ./config.ps1
"Config variables from config.ps1 imported"
# If we want monkey in current dir we need to create an empty folder for source files
if ( (Join-Path $monkey_home '') -eq (Join-Path (Get-Item -Path ".\").FullName '') ){
$monkey_home = Join-Path -Path $monkey_home -ChildPath $MONKEY_FOLDER_NAME
}
param(
[Parameter(Mandatory = $false, Position = 0)]
[String] $monkey_home = (Get-Item -Path ".\").FullName,
[Parameter(Mandatory = $false, Position = 1)]
[System.String]
$branch = "develop",
[Parameter(Mandatory = $false, Position = 2)]
[Bool]
$agents = $true
)
function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, [String] $branch = "develop")
{
Write-Output "Downloading to $monkey_home"
Write-Output "Branch $branch"
# Set variables for script execution
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$webClient = New-Object System.Net.WebClient
# Import the config variables
$config_filename = New-TemporaryFile
$config_filename = "config.ps1"
$config_url = "https://raw.githubusercontent.com/guardicore/monkey/" + $branch + "/deployment_scripts/config.ps1"
$webClient.DownloadFile($config_url, $config_filename)
. ./config.ps1
"Config variables from config.ps1 imported"
Remove-Item $config_filename
# If we want monkey in current dir we need to create an empty folder for source files
if ((Join-Path $monkey_home '') -eq (Join-Path (Get-Item -Path ".\").FullName ''))
{
$monkey_home = Join-Path -Path $monkey_home -ChildPath $MONKEY_FOLDER_NAME
}
# We check if git is installed
try
{
@ -25,15 +48,22 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
}
# Download the monkey
$output = cmd.exe /c "git clone --single-branch -b $branch $MONKEY_GIT_URL $monkey_home 2>&1"
$command = "git clone --single-branch --recurse-submodules -b $branch $MONKEY_GIT_URL $monkey_home 2>&1"
Write-Output $command
$output = cmd.exe /c $command
$binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\bin")
if ( $output -like "*already exists and is not an empty directory.*"){
if ($output -like "*already exists and is not an empty directory.*")
{
"Assuming you already have the source directory. If not, make sure to set an empty directory as monkey's home directory."
} elseif ($output -like "fatal:*"){
}
elseif ($output -like "fatal:*")
{
"Error while cloning monkey from the repository:"
$output
return
} else {
}
else
{
"Monkey cloned from the repository"
# Create bin directory
New-Item -ItemType directory -path $binDir
@ -44,9 +74,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
try
{
$version = cmd.exe /c '"python" --version 2>&1'
if ( $version -like 'Python 3.*' ) {
if ($version -like 'Python 3.*')
{
"Python 3.* was found, installing dependencies"
} else {
}
else
{
throw System.Management.Automation.CommandNotFoundException
}
}
@ -56,11 +89,12 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
"Select 'add to PATH' when installing"
$webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER)
Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")
$env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path", "User")
Remove-Item $TEMP_PYTHON_INSTALLER
# Check if installed correctly
$version = cmd.exe /c '"python" --version 2>&1'
if ( $version -like '* is not recognized*' ) {
if ($version -like '* is not recognized*')
{
"Python is not found in PATH. Add it to PATH and relaunch the script."
return
}
@ -69,7 +103,8 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
"Upgrading pip..."
$output = cmd.exe /c 'python -m pip install --user --upgrade pip 2>&1'
$output
if ( $output -like '*No module named pip*' ) {
if ($output -like '*No module named pip*')
{
"Make sure pip module is installed and re-run this script."
return
}
@ -83,20 +118,24 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
$user_python_dir = cmd.exe /c 'py -m site --user-site'
$user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts"
if(!($ENV:PATH | Select-String -SimpleMatch $user_python_dir)){
if (!($ENV:Path | Select-String -SimpleMatch $user_python_dir))
{
"Adding python scripts path to user's env"
$env:Path += ";"+$user_python_dir
[Environment]::SetEnvironmentVariable("Path",$env:Path,"User")
$env:Path += ";" + $user_python_dir
[Environment]::SetEnvironmentVariable("Path", $env:Path, "User")
}
# Download mongodb
if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb") )){
if (!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb")))
{
"Downloading mongodb ..."
$webClient.DownloadFile($MONGODB_URL, $TEMP_MONGODB_ZIP)
"Unzipping mongodb"
Expand-Archive $TEMP_MONGODB_ZIP -DestinationPath $binDir
# Get unzipped folder's name
$mongodb_folder = Get-ChildItem -Path $binDir | Where-Object -FilterScript {($_.Name -like "mongodb*")} | Select-Object -ExpandProperty Name
$mongodb_folder = Get-ChildItem -Path $binDir | Where-Object -FilterScript {
($_.Name -like "mongodb*")
} | Select-Object -ExpandProperty Name
# Move all files from extracted folder to mongodb folder
New-Item -ItemType directory -Path (Join-Path -Path $binDir -ChildPath "mongodb")
New-Item -ItemType directory -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "db")
@ -127,23 +166,30 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
. .\windows\create_certificate.bat
Pop-Location
# Adding binaries
"Adding binaries"
$binaries = (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\cc\binaries")
New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue
$webClient.DownloadFile($LINUX_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_32_BINARY_PATH))
$webClient.DownloadFile($LINUX_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_64_BINARY_PATH))
$webClient.DownloadFile($WINDOWS_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_32_BINARY_PATH))
$webClient.DownloadFile($WINDOWS_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_64_BINARY_PATH))
if ($agents)
{
# Adding binaries
"Adding binaries"
$binaries = (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\cc\binaries")
New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue
$webClient.DownloadFile($LINUX_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_32_BINARY_PATH))
$webClient.DownloadFile($LINUX_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_64_BINARY_PATH))
$webClient.DownloadFile($WINDOWS_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_32_BINARY_PATH))
$webClient.DownloadFile($WINDOWS_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_64_BINARY_PATH))
}
# Check if NPM installed
"Installing npm"
try
{
$version = cmd.exe /c '"npm" --version 2>&1'
if ( $version -like "*is not recognized*"){
if ($version -like "*is not recognized*")
{
throw System.Management.Automation.CommandNotFoundException
} else {
}
else
{
"Npm already installed"
}
}
@ -152,7 +198,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
"Downloading npm ..."
$webClient.DownloadFile($NPM_URL, $TEMP_NPM_INSTALLER)
Start-Process -Wait $TEMP_NPM_INSTALLER
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
$env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
Remove-Item $TEMP_NPM_INSTALLER
}
@ -162,18 +208,13 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
& npm run dist
Pop-Location
# Install pywin32
"Downloading pywin32"
$webClient.DownloadFile($PYWIN32_URL, $TEMP_PYWIN32_INSTALLER)
Start-Process -Wait $TEMP_PYWIN32_INSTALLER -ErrorAction Stop
Remove-Item $TEMP_PYWIN32_INSTALLER
# Create infection_monkey/bin directory if not already present
$binDir = (Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\bin")
New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue
# Download upx
if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe") )){
if (!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "upx.exe")))
{
"Downloading upx ..."
$webClient.DownloadFile($UPX_URL, $TEMP_UPX_ZIP)
"Unzipping upx"
@ -185,27 +226,17 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
Remove-Item $TEMP_UPX_ZIP
}
# Download mimikatz binaries
$mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL
if(!(Test-Path -Path $mk32_path )){
"Downloading mimikatz 32 binary"
$webClient.DownloadFile($MK32_DLL_URL, $mk32_path)
}
$mk64_path = Join-Path -Path $binDir -ChildPath $MK64_DLL
if(!(Test-Path -Path $mk64_path )){
"Downloading mimikatz 64 binary"
$webClient.DownloadFile($MK64_DLL_URL, $mk64_path)
}
# Download sambacry binaries
$samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR
$samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME
if(!(Test-Path -Path $samba32_path )){
if (!(Test-Path -Path $samba32_path))
{
"Downloading sambacry 32 binary"
$webClient.DownloadFile($SAMBA_32_BINARY_URL, $samba32_path)
}
$samba64_path = Join-Path -Path $samba_path -ChildPath $SAMBA_64_BINARY_NAME
if(!(Test-Path -Path $samba64_path )){
if (!(Test-Path -Path $samba64_path))
{
"Downloading sambacry 64 binary"
$webClient.DownloadFile($SAMBA_64_BINARY_URL, $samba64_path)
}
@ -213,3 +244,4 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
"Script finished"
}
Deploy-Windows -monkey_home $monkey_home -branch $branch

View File

@ -1,8 +0,0 @@
SET command=. .\deploy_windows.ps1; Deploy-Windows
if NOT "%~1" == "" (
SET "command=%command% -monkey_home %~1"
)
if NOT "%~2" == "" (
SET "command=%command% -branch %~2"
)
powershell -ExecutionPolicy ByPass -Command %command%

View File

@ -2,7 +2,7 @@ FROM debian:stretch-slim
LABEL MAINTAINER="theonlydoo <theonlydoo@gmail.com>"
ARG RELEASE=1.6
ARG RELEASE=1.8.0
ARG DEBIAN_FRONTEND=noninteractive
EXPOSE 5000

2
docs/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/public/
/resources/_gen/

5
docs/README.md Normal file
View File

@ -0,0 +1,5 @@
# Monkey documentation
This folder contains the Monkey Documentation site.
For more information see `content/development/contribute-documentation.md`.

View File

@ -0,0 +1,6 @@
---
title: "{{ replace .Name "-" " " | title }}"
date: {{ .Date }}
draft: true
---

View File

@ -0,0 +1,69 @@
# when deploying to prod, use baseURL = "https://www.guardicore.com/infectionmonkey/docs"
# baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
baseURL = ""
languageCode = "en-us"
title = "Guardicore Infection Monkey - Documentation Hub"
theme = "learn"
[params]
# Change default color scheme with a variant one. See it in the themes folder.
themeVariant = "monkey"
# Prefix URL to edit current page. Will display an "Edit this page" button on top right hand corner of every page.
editURL = "https://github.com/guardicore/monkey/edit/develop/docs/content/"
# Author of the site, will be used in meta information
author = "Guardicore"
# Description of the site, will be used in meta information
description = "Guardicore Infection Monkey - Documentation hub"
# Shows a checkmark for visited pages on the menu
showVisitedLinks = false
# Disable search function. It will hide search bar
disableSearch = false
# Javascript and CSS cache are automatically busted when new version of site is generated.
# Set this to true to disable this behavior (some proxies don't handle well this optimization)
disableAssetsBusting = false
# Set this to true to disable copy-to-clipboard button for inline code.
disableInlineCopyToClipBoard = false
# A title for shortcuts in menu is set by default. Set this to true to disable it.
disableShortcutsTitle = false
# When using mulitlingual website, disable the switch language button.
disableLanguageSwitchingButton = false
# Hide breadcrumbs in the header and only show the current page title
disableBreadcrumb = false
# Hide Next and Previous page buttons normally displayed full height beside content
disableNextPrev = true
# Order sections in menu by "weight" or "title". Default to "weight"
ordersectionsby = "weight"
# Provide a list of custom css files to load relative from the `static/` folder in the site root.
custom_css = ["css/labels.css", "css/shadow_around_images.css"]
[outputs]
home = ["HTML", "RSS", "JSON"]
[[menu.shortcuts]]
name = "<i class='fas fa-home'></i> Homepage"
identifier = "homepage"
url = "https://infectionmonkey.com"
weight = 10
[[menu.shortcuts]]
name = "<i class='fab fa-github'></i> GitHub"
identifier = "github"
url = "https://github.com/guardicore/monkey"
weight = 20
[[menu.shortcuts]]
name = "<i class='fab fa-slack'></i> Slack"
identifier = "slack"
url = "https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU"
weight = 30
[[menu.shortcuts]]
name = "<i class='fas fa-inbox'></i> Email"
identifier = "email"
url = "mailto:support@infectionmonkey.com"
weight = 40
# Enables raw html in markdown.
[markup.goldmark.renderer]
unsafe = true

View File

@ -0,0 +1,2 @@
baseURL = "https://www.guardicore.com/infectionmonkey/docs"
canonifyURLs = true

View File

@ -0,0 +1,2 @@
baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
canonifyURLs = true

154
docs/content/FAQ/_index.md Normal file
View File

@ -0,0 +1,154 @@
---
title: "FAQ"
date: 2020-06-18T15:11:52+03:00
draft: false
pre: "<i class='fas fa-question'></i> "
---
Here are some of the most common questions we receive about the Infection Monkey. If the answer youre looking for isnt here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
- [Where can I get the latest Monkey version? 📰](#where-can-i-get-the-latest-monkey-version)
- [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit)
- [Should I run the Monkey continuously?](#should-i-run-the-monkey-continuously)
- [Which queries does Monkey perform to the Internet exactly?](#which-queries-does-monkey-perform-to-the-internet-exactly)
- [Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?](#where-can-i-find-the-log-files-of-the-monkey-and-the-monkey-island-and-how-can-i-read-them)
- [Monkey Island](#monkey-island)
- [Monkey agent](#monkey-agent)
- [Running the Monkey in a production environment](#running-the-monkey-in-a-production-environment)
- [How much of a footprint does the Monkey leave?](#how-much-of-a-footprint-does-the-monkey-leave)
- [Whats the Monkeys impact on system resources usage?](#whats-the-monkeys-impact-on-system-resources-usage)
- [Is it safe to use real passwords and usernames in the Monkeys configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-monkeys-configuration)
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
- [How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-monkey-will-the-monkey-crash-my-systems-with-its-exploits)
- [After Ive set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey)
- [How can I make the monkey propagate “deeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network)
- [The report returns a blank screen](#the-report-returns-a-blank-screen)
- [How can I get involved with the project? 👩‍💻👨‍💻](#how-can-i-get-involved-with-the-project)
## Where can I get the latest Monkey version? 📰
For the latest **stable** release for users, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
If you want to see what has changed between versions, refer to the [releases page on GitHub](https://github.com/guardicore/monkey/releases). For the latest development version, visit the [develop version on GitHub](https://github.com/guardicore/monkey/tree/develop).
## How long does a single Monkey run for? Is there a time limit?
The Monkey shuts off either when it can't find new victims, or when it has exceeded the quota of victims as defined in the configuration.
## Should I run the Monkey continuously?
Yes! This will allow you to verify that no new security issues were identified by the Monkey since the last time you ran it.
Does the Infection Monkey require a connection to the Internet?
The Infection Monkey does not require internet access to function.
If internet access is available, the Monkey will use the Internet for two purposes:
- To check for updates.
- To check if machines can reach the internet.
### Which queries does Monkey perform to the Internet exactly?
The Monkey performs queries out to the Internet on two separate occasions:
1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `updates.infectionmonkey.com` and `www.google.com`. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
1. After installation of the Monkey Island, the Monkey Island sends a request to check for updates. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g. Windows Server, Debian Package, AWS Marketplace, etc.) and the server's version (e.g. "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However due to the anonymous nature of this data we use this to get an aggregate assumption as to how many deployments we see over a specific time period - no "personal" tracking.
## Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?
### Monkey Island
The Monkey Islands log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal logfile”, like so:
![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
It can also be found as a local file on the Monkey Island server, where the Monkey Island was executed, called `info.log`.
The log enables you to see which requests were requested from the server, and extra logs from the backend logic. The log will contain entries like these ones for example:
```log
2019-07-23 10:52:23,927 - wsgi.py:374 - _log() - INFO - 200 GET /api/local-monkey (10.15.1.75) 17.54ms
2019-07-23 10:52:23,989 - client_run.py:23 - get() - INFO - Monkey is not running
2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting
```
### Monkey agent
The Monkey log file can be found in the following paths on machines where it was executed:
- Path on Linux: `/tmp/user-1563`
- Path on Windows: `%temp%\\~df1563.tmp`
The logs contain information about the internals of the Monkeys execution. The log will contain entries like these ones for example:
```log
2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
2019-07-22 19:16:44,231 [77598:140654230214464:INFO] monkey.initialize.54: Monkey is initializing...
2019-07-22 19:16:44,231 [77598:140654230214464:DEBUG] system_singleton.try_lock.95: Global singleton mutex '{2384ec59-0df8-4ab9-918c-843740924a28}' acquired
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] monkey.initialize.81: Added default server: 10.15.1.96:5000
2019-07-22 19:16:44,234 [77598:140654230214464:INFO] monkey.start.87: Monkey is running...
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] control.find_server.65: Trying to wake up with Monkey Island servers list: ['10.15.1.96:5000', '192.0.2.0:5000']
2019-07-22 19:16:44,235 [77598:140654230214464:DEBUG] control.find_server.78: Trying to connect to server: 10.15.1.96:5000
2019-07-22 19:16:44,238 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): 10.15.1.96:5000
2019-07-22 19:16:44,249 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://10.15.1.96:5000 "GET /api?action=is-up HTTP/1.1" 200 15
2019-07-22 19:16:44,253 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): updates.infectionmonkey.com:443
2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
```
## Running the Monkey in a production environment
### How much of a footprint does the Monkey leave?
The Monkey leaves hardly any trace on the target system. It will leave:
- Log files in the following locations:
- Path on Linux: `/tmp/user-1563`
- Path on Windows: `%temp%\\~df1563.tmp`
### Whats the Monkeys impact on system resources usage?
The Infection Monkey uses less than single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or via [opening an issue on GitHub](https://github.com/guardicore/monkey).
### Is it safe to use real passwords and usernames in the Monkeys configuration?
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island.
We advise to limit access to the Monkey Island server by following our [password protection guide](../usage/island/password-guide).
### How do you store sensitive information on Monkey Island?
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Islands database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines.
When you reset the Monkey Island configuration, the Monkey Island wipes the information.
### How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?
The Monkey does not use any exploits or attacks that may impact the victim system.
This means we avoid using some very strong (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we arent using it.
## After Ive set up Monkey Island, how can I execute the Monkey?
See our detailed [getting started](../content/usage/getting-started) guide.
## How can I make the monkey propagate “deeper” into the network?
If you wish to simulate a very “deep” attack into your network, you can try to increase the *propagation depth* parameter in the configuration. This parameter tells the Monkey how far to propagate into your network from the “patient zero” machine in which it was launched manually.
To do this, change the “Distance from Island” parameter in the “Basic - Network” tab of the configuration:
![How to increase propagation depth](/images/faq/prop_depth.png "How to increase propagation depth")
## The report returns a blank screen
This is sometimes caused when Monkey Island is installed with an old version of MongoDB. Make sure your MongoDB version is up to date using the `mongod --version` command on Linux or the `mongod -version` command on Windows. If your version is older than **4.0.10**, this might be the problem. To update your Mongo version:
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/).
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of mongodb using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Island again and everything should work.
## How can I get involved with the project? 👩‍💻👨‍💻
The Monkey is an open-source project, and we weclome contributions and contributors. Check out the [contribution documentation](../development) for more information.

30
docs/content/_index.md Normal file
View File

@ -0,0 +1,30 @@
---
title: "Infection Monkey Documentation Hub"
date: 2020-05-26T18:15:37+03:00
draft: false
---
# Infection Monkey documentation hub
{{< homepage_shortcuts >}}
## What is Guardicore Infection Monkey?
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island Command and Control server.
![Infection Monkey Documentation Hub Logo](/images/monkey-teacher.svg?height=400px "Infection Monkey Documentation Hub Logo")
The Infection Monkey is comprised of two parts:
* Monkey - A tool which infects other machines and propagates to them.
* Monkey Island - A dedicated UI to visualize the Infection Monkey's progress inside the data center.
To read more about the Monkey and download it, visit [our homepage](https://infectionmonkey.com/).
## Getting Started
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides](setup), and read our [getting started guide](usage/getting-started) for a quick-start on Monkey!
## Support and community
If you need help or want to talk all things Monkey, you can [join our public Slack workspace](https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU) or [contact us via Email](mailto:support@infectionmonkey.com).

View File

@ -0,0 +1,43 @@
+++
title = "Contribute"
date = 2020-05-26T20:55:04+03:00
weight = 30
chapter = true
pre = '<i class="fas fa-code"></i> '
tags = ["development", "contribute"]
+++
# Securing networks together
Want to help secure networks? That's great!
## How should I start?
Here's a few short links to help you get started.
* [Getting up and running](../setup-development-environment) - To help you get a working development setup.
* [Contributing guidelines](https://github.com/guardicore/monkey/blob/master/CONTRIBUTING.md) - Some guidelines to help you submit.
## What are we looking for?
You can take a look at [our roadmap](https://github.com/guardicore/monkey/projects/5) to see what issues we're thinking about doing soon. We are looking for:
### More exploits! 💥
The best way to find weak spots in the network is by attacking it. The [Exploit template](https://github.com/guardicore/monkey/wiki/Exploit-templates) page will help you add exploits.
It's important to note that the Infection Monkey must be perfectly reliable otherwise no one will use it, so avoid memory corruption exploits _unless they're rock solid_ and focus on the logical vulns such as Shellshock.
### Analysis plugins 🔬
Successfully attacking every server in the network is no good unless the Monkey can explain how to prevent the attack. Whether it's detecting when the Monkey is using stolen credentials or when the Monkey can escape locked down networks, this is the part that actually helps secure different parts.
### Better code 💪
We always want to improve the core Monkey code, to make it smaller, faster and more reliable. If you have an idea of how to do it, or just want to modularise/improve test coverage for the code, do share!
### Documentation 📚
Every project requires better documentation. The Monkey is no different, so feel free to open PRs with suggestions, improvements or issues asking us to document different parts of the Monkey.
The Monkey's documentation is stored in the `/docs/content` directory.

View File

@ -0,0 +1,26 @@
---
title: "Adding Zero Trust Tests"
date: 2020-07-14T10:19:08+03:00
draft: false
weight: 100
---
## How to add a new Zero Trust test to the Monkey?
Assuming the Monkey agent is already sending the relevant telemetry, you'll need to add the test in two places.
### `zero_trust_consts.py`
In the file `/monkey/common/data/zero_trust_consts.py`,
1. Add the test name to the TESTS set
2. Add a relevant recommendation if exists
3. Add the test to the TESTS_MAP dict. Make sure that all statuses (except `STATUS_UNEXECUTED`) have finding explanations.
### `telemetry/processing.py`
Find the relevant telemetry type you wish to test the finding in. This can be found in `/monkey/monkey_island/cc/services/telemetry/processing.py`. In the relevant `process_*_telemetry` function, add your Zero Trust testing code. Please put the zero trust tests under the `/monkey/monkey_island/cc/services/telemetry/zero_trust_tests` directory. There you can find examples of existing tests as well, so you'll know pretty much what you need to write.
## How to test the new Zero Trust test I've implemented?
Test ALL possible finding statuses you've defined in a fake network. Observe the events as well and see they were formatted correctly. If there's an algorithmic part to your Zero Trust test, please cover it using a Unit Test.

View File

@ -0,0 +1,7 @@
---
title: "Adding Exploits"
date: 2020-06-08T19:53:00+03:00
draft: true
tags: ["contribute"]
weight: 50
---

View File

@ -0,0 +1,76 @@
---
title: "Adding Post Breach Actions"
date: 2020-06-08T19:53:13+03:00
draft: false
tags: ["contribute"]
weight: 90
---
## What's this?
This guide will show you how to create a new _Post Breach action_ for the Infection Monkey. _Post Breach actions_ are "extra" actions that the Monkey can perform on the victim machines after it propagated to them.
## Do I need a new PBA?
If all you want is to execute shell commands, then there's no need to add a new PBA - just configure the required commands in the Monkey Island configuration! If you think that those specific commands have reuse value in all deployments and not just your own, you can add a new PBA. If you need to run actual Python code, you must add a new PBA.
## How to add a new PBA
### Monkey side
#### Framework
1. Create your new action in the following directory: `monkey/infection_monkey/post_breach/actions` by first creating a new file with the name of your action.
2. In that file, create a class that inherits from the `PBA` class:
```python
from infection_monkey.post_breach.pba import PBA
class MyNewPba(PBA):
```
3. Set the action name in the constructor, like so:
```python
class MyNewPba(PBA):
def __init__(self):
super(MyNewPba, self).__init__(name="MyNewPba")
```
#### Implementation
If your PBA consists only of simple shell commands, you can reuse the generic PBA by passing the commands into the constructor. See the `add_user.py` PBA for reference.
Otherwise, you'll need to override the `run` method with your own implementation. See the `communicate_as_new_user.py` PBA for reference. Make sure to send the relevant PostBreachTelem upon success/failure. You can log during the PBA as well.
### Island side
#### Configuration
You'll need to add your PBA to the `config_schema.py` file, under `post_breach_acts`, like so:
```json
"post_breach_acts": {
"title": "Post breach actions",
"type": "string",
"anyOf": [
# ...
{
"type": "string",
"enum": [
"MyNewPba"
],
"title": "My new PBA",
"attack_techniques": []
},
],
},
```
Now you can choose your PBA when configuring the Monkey on the Monkey island:
![PBA in configuration](https://i.imgur.com/9PrcWr0.png)
#### Telemetry processing
If you wish to process your Post Breach action telemetry (for example, to analyze it for report data), add a processing function to the `POST_BREACH_TELEMETRY_PROCESSING_FUNCS` which can be found at `monkey/monkey_island/cc/services/telemetry/processing/post_breach.py`. You can look at the `process_communicate_as_new_user_telemetry` method as an example.

View File

@ -0,0 +1,101 @@
---
title: "Adding System Info Collectors"
date: 2020-06-09T11:03:42+03:00
draft: false
tags: ["contribute"]
weight: 80
---
## What's this?
This guide will show you how to create a new _System Info Collector_ for the Infection Monkey. _System Info Collectors_ are modules which each Monkey runs, that collect specific information and sends it back to the Island as part of the System Info Telemetry.
### Do I need a new System Info Controller?
If all you want is to execute a shell command, then there's no need to add a new collector - just configure the required commands in the Monkey Island configuration in the PBA section! Also, if there is a relevant collector and you only need to add more information to it, expand the existing one. Otherwise, you must add a new Collector.
## How to add a new System Info Collector
### Monkey side
#### Framework
1. Create your new collector in the following directory: `monkey/infection_monkey/system_info/collectors` by first creating a new file with the name of your collector.
2. In that file, create a class that inherits from the `SystemInfoCollector` class:
```py
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
class MyNewCollector(SystemInfoCollector):
```
3. Set the Collector name in the constructor, like so:
```py
class MyNewCollector(SystemInfoCollector):
def __init__(self):
super(MyNewCollector, self).__init__(name="MyNewCollector")
```
#### Implementation
Override the `collect` method with your own implementation. See the `EnvironmentCollector.py` Collector for reference. You can log during collection as well.
### Island side
#### Island Configuration
##### Definitions
You'll need to add your Collector to the `monkey_island/cc/services/config_schema.py` file, under `definitions/system_info_collectors_classes/anyOf`, like so:
```json
"system_info_collectors_classes": {
"title": "System Information Collectors",
"type": "string",
"anyOf": [
{
"type": "string",
"enum": [
"EnvironmentCollector"
],
"title": "Which Environment this machine is on (on prem/cloud)",
"attack_techniques": []
},
{ <=================================
"type": "string", <=================================
"enum": [ <=================================
"MyNewCollector" <=================================
], <=================================
"title": "My new title", <=================================
"attack_techniques": [] <=================================
},
],
},
```
##### properties
Also, you can add the Collector to be used by default by adding it to the `default` key under `properties/monkey/system_info/system_info_collectors_classes`:
```json
"system_info_collectors_classes": {
"title": "System info collectors",
"type": "array",
"uniqueItems": True,
"items": {
"$ref": "#/definitions/system_info_collectors_classes"
},
"default": [
"EnvironmentCollector",
"MyNewCollector" <=================================
],
"description": "Determines which system information collectors will collect information."
},
```
#### Telemetry processing
1. Add a process function under `monkey_island/cc/telemetry/processing/system_info_collectors/{DATA_NAME_HERE}.py`. The function should parse the collector's result. See `processing/system_info_collectors/environment.py` for example.
2. Add that function to `SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS` under `monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py`.

View File

@ -0,0 +1,104 @@
---
title: "Contribute Documentation"
date: 2020-06-17T17:31:54+03:00
draft: false
weight: 1
tags: ["contribute"]
---
The `/docs` folder contains the Monkey Documentation site.
The site is based on [Hugo](https://gohugo.io/) and the [learn](https://themes.gohugo.io/theme/hugo-theme-learn/en) theme.
- [Directory Structure](#directory-structure)
- [content](#content)
- [static](#static)
- [config](#config)
- [themes](#themes)
- [layouts and archtypes](#layouts-and-archtypes)
- [public and resources](#public-and-resources)
- [How to contribute](#how-to-contribute)
- [Requirements](#requirements)
- [Adding and editing content](#adding-and-editing-content)
- [Add a new page](#add-a-new-page)
- [Editing an existing page](#editing-an-existing-page)
- [Building the content](#building-the-content)
- [Serve the documentation locally](#serve-the-documentation-locally)
- [Build the content for deployment](#build-the-content-for-deployment)
- [Troubleshooting](#troubleshooting)
- [`Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`](#error-unable-to-locate-config-file-or-config-directory-perhaps-you-need-to-create-a-new-site)
- [`failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?](#failed-to-extract-shortcode-template-for-shortcode-children-not-found-or-theme-doesnt-seem-right)
- [CSS is missing](#css-is-missing)
## Directory Structure
By order of importance:
### content
The most important directory is `/content`: This is the directory which contains the content files. [Read this to understand how pages are organized in that folder](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/pages/).
### static
In this directory you should place images, `css` files, `js` files, and other static content the site should serve. To access that static content in a page, use something similar to this:
```markdown
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
```
### config
This folder controls a lot of parameters regarding the site generation.
### themes
This is the theme we're using. It's a submodule (so to get it you need to run `git submodule update`). It's our own fork of the [learn](https://themes.gohugo.io/hugo-theme-learn/) theme. If we want to make changes to the theme itself or pull updates from the upstream you'll do it here.
### layouts and archtypes
This directory includes custom [HTML partials](https://gohugo.io/templates/partials/), custom [shortcodes](https://gohugo.io/content-management/shortcodes/), and content templates. Best to not mess with the existing stuff here too much, but rather add new things.
### public and resources
These are the build output of `hugo` and should never be `commit`-ed to git.
## How to contribute
### Requirements
You have to [install `hugo`](https://gohugo.io/getting-started/installing/), a text editor that's good for markdown (`vscode` and `vim` are good options), and `git`.
### Adding and editing content
#### Add a new page
Run `hugo new folder/page.md`. Optionally add `--kind chapter` if this is a new chapter page. For example, `hugo new usage/getting-started.md` created the Getting Started page.
#### Editing an existing page
Edit the markdown file(s). [Here's a markdown cheatsheet](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/markdown/). If you want to add images, add them to the `static/images` folder and refer to them by name.
### Building the content
#### Serve the documentation locally
Run `hugo server -D`. The server will be available locally at `http://localhost:1313/`. You can change the content/theme and the site will refresh automatically to reflect your changes.
#### Build the content for deployment
Run `hugo --environment staging` or `hugo --environment production`. This will create a static site in the `public` directory. This directory should be ignored by `git` - **make sure you don't add and commit it by mistake!**
#### Troubleshooting
##### `Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`
What is your working directory? It should be `monkey/docs`.
##### `failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?
Have you ran `git submodule update`?
##### CSS is missing
- Make sure that you're accessing the correct URL.
- Check the `config.toml` file.

View File

@ -0,0 +1,25 @@
---
title: "Development setup"
date: 2020-06-08T19:53:00+03:00
draft: false
weight: 5
tags: ["contribute"]
---
## Deployment scripts
To setup development environment using scripts look at the readme under [`/deployment_scripts`](https://github.com/guardicore/monkey/blob/develop/deployment_scripts). If you want to setup it manually or if run into some problems, read further below.
## Agent
The Agent, (what we refer as the Monkey), is a single Python project under the [`infection_monkey`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey) folder. Built for Python 3.7, you can get it up and running by setting up a [virtual environment](https://docs.python-guide.org/dev/virtualenvs/) and inside it installing the requirements listed under [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/requirements.txt).
In order to compile the Monkey for distribution by the Monkey Island, you need to run the instructions listed in [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/readme.txt) on each supported environment.
This means setting up an environment with Linux 32/64-bit with Python installed and a Windows 64-bit machine with developer tools + 32/64-bit Python versions.
## Monkey Island
The Monkey Island is a Python backend React frontend project. Similar to the agent, the backend's requirements are listed in the matching [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/requirements.txt).
To setup a working front environment, run the instructions listed in the [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/readme.txt)

View File

@ -0,0 +1,14 @@
+++
title = "Reference"
date = 2020-05-26T20:55:04+03:00
weight = 30
chapter = true
pre = '<i class="fas fa-layer-group"></i> '
tags = ["reference"]
+++
# Reference
Find detailed information about Infection Monkey.
{{% children %}}

View File

@ -0,0 +1,12 @@
---
title: "ElasticGroovy"
date: 2020-07-14T08:41:40+03:00
draft: false
tags: ["exploit", "windows", "linux"]
---
CVE-2015-1427.
> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
Logic is based on [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).

View File

@ -0,0 +1,8 @@
---
title: "Hadoop"
date: 2020-07-14T08:41:49+03:00
draft: false
tags: ["exploit", "linux", "windows"]
---
Remote code execution on HADOOP server with YARN and default settings. Logic based on [this vulhub module](https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn).

View File

@ -0,0 +1,10 @@
---
title: "MS08 067"
date: 2020-07-14T08:42:54+03:00
draft: false
tags: ["exploit", "windows"]
---
[MS08-067](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) is a remote code execution vulnerability.
This exploiter is unsafe. If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If the crash in Svchost.exe occurs, the Server service will be affected. That might cause system crash due to the use of buffer overflow. It's therefore **not** enabled by default.

View File

@ -0,0 +1,8 @@
---
title: "MsSQL"
date: 2020-07-14T08:41:56+03:00
draft: false
tags: ["exploit", "windows"]
---
The Monkey will try to brute force into MsSQL server and uses insecure configuration to execute commands on server.

View File

@ -0,0 +1,8 @@
---
title: "SMBExec"
date: 2020-07-14T08:42:16+03:00
draft: false
tags: ["exploit", "windows"]
---
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by Mimikatz.

View File

@ -0,0 +1,8 @@
---
title: "SSHExec"
date: 2020-07-14T08:42:21+03:00
draft: false
tags: ["exploit", "linux"]
---
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration))and SSH keys gathered from systems.

View File

@ -0,0 +1,8 @@
---
title: "Sambacry"
date: 2020-07-14T08:42:02+03:00
draft: false
tags: ["exploit", "linux"]
---
Bruteforces and searches for anonymous shares. Partially based on [the following implementation](https://github.com/CoreSecurity/impacket/blob/master/examples/sambaPipe.py) by CORE Security Technologies' impacket.

View File

@ -0,0 +1,8 @@
---
title: "Struts2"
date: 2020-07-14T08:42:30+03:00
draft: false
tags: ["exploit", "linux", "windows"]
---
Exploits struts2 java web framework. CVE-2017-5638. Logic based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).

View File

@ -0,0 +1,8 @@
---
title: "VSFTPD"
date: 2020-07-14T08:42:39+03:00
draft: false
tags: ["exploit", "linux"]
---
Exploits a malicious backdoor that was added to the VSFTPD download archive. Logic based on [this MetaSploit module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb).

View File

@ -0,0 +1,8 @@
---
title: "WMIExec"
date: 2020-07-14T08:43:12+03:00
draft: false
tags: ["exploit", "windows"]
---
Brute forces WMI (Windows Management Instrumentation) using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by mimikatz.

View File

@ -0,0 +1,8 @@
---
title: "WebLogic"
date: 2020-07-14T08:42:46+03:00
draft: false
tags: ["exploit", "linux", "windows"]
---
Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on a vulnerable WebLogic server.

View File

@ -0,0 +1,16 @@
+++
title = "Exploiters"
date = 2020-05-26T20:55:04+03:00
weight = 100
chapter = true
pre = '<i class="fas fa-ethernet"></i> '
tags = ["reference", "exploit"]
+++
# Exploiters
Infection Monkey uses various RCE exploiters. Most of these, in our knowledge, pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and vulnerabilities used by them.
{{% children %}}
You can check out the Exploiters' implementation yourself [in the Monkey's GitHub repository](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit).

View File

@ -0,0 +1,10 @@
---
title: "ShellShock"
date: 2020-07-14T08:41:32+03:00
draft: false
tags: ["exploit", "linux"]
---
CVE-2014-6271, based on [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
> GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock."

View File

@ -0,0 +1,64 @@
---
title: "Operating systems"
date: 2020-07-14T08:09:53+03:00
draft: false
pre: '<i class="fas fa-laptop"></i> '
weight: 10
tags: ["setup", "reference", "windows", "linux"]
---
The Infection Monkey project supports many popular OSes (but we can always do more).
The Monkey itself (the agent) has been tested to run on the following operating systems (on x64 architecture)
### Monkey support
#### Linux
Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributions are supported:
- Centos 7+
- Debian 7+
- Kali 2019+
- Oracle 7+
- Rhel 7+
- Suse 12+
- Ubuntu 14+
#### Windows
- Windows 2012+
- Windows 2012_R2+
- Windows 7/Server 2008_R2 if [KB2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) is installed.
- Windows vista/Server 2008 should also work if the same update is installed, but this wasn't tested.
### Island support
**The Monkey Island (control server)** runs out of the box on:
- Ubuntu 18.04
- Debian 9
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
We provide a dockerfile from our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
### Old machine bootloader
Some **Older machines** still get a partial compatibility as in they get exploited and reported, but monkey can't run on them. So instead of monkey, old machine bootloader (small c program) is ran, which reports some minor info like network interface configuration, GLIBC version, OS and so on.
**Old machine bootloader** also has a GLIBC 2.14+ requirement for linux, because bootloader is included into pyinstaller bootloader which uses python3.7, which in turn requires GLIBC 2.14+. If you think partial support for older machines is important, don't hesitate to open a new issue about it.
**Old machine bootloader** runs on machines with:
- Centos 7+
- Debian 7+
- Kali 2019+
- Oracle 7+
- Rhel 7+
- Suse 12+
- Ubuntu 14+
- **Windows XP/Server 2003+**
[^1]: GLIBC >= 2.14 requirement comes from the fact that monkey is built using this GLIBC version and GLIBC is not backwards compatible. We are also limited to the oldest GLIBC version compatible with ptyhon3.7

View File

@ -0,0 +1,51 @@
---
title: "Scanners"
date: 2020-07-14T08:43:12+03:00
draft: false
weight: 20
pre: '<i class="fas fa-network-wired"></i> '
tags: ["reference"]
---
The Infection Monkey agent has two steps before attempting to exploit a victim, scanning and fingerprinting, it's possible to customize both steps in the configuration files.
## Scanning
Currently there are two scanners, [`PingScanner`][ping-scanner] and [`TcpScanner`][tcp-scanner] both inheriting from [`HostScanner`][host-scanner].
The sole interface required is the `is_host_alive` interface, which needs to return True/False.
[`TcpScanner`][tcp-scanner] is the default scanner and it checks for open ports based on the `tcp_target_ports` configuration setting.
[`PingScanner`][ping-scanner] sends a ping message using the host OS utility `ping`.
## Fingerprinting
Fingerprinters are modules that collect server information from a specific victim. They inherit from the [`HostFinger`][host-finger] class and are listed under `finger_classes` configuration option.
Currently implemented Fingerprint modules are:
1. [`SMBFinger`][smb-finger] - Fingerprints target machines over SMB. Extracts computer name and OS version.
2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22). Extracts the computer version and SSH banner.
3. [`PingScanner`][ping-scanner] - Fingerprints using the machines TTL, to differentiate between Linux and Windows hosts.
4. [`HTTPFinger`][http-finger] - Fingerprints over HTTP/HTTPS, using the ports listed in `HTTP_PORTS` in the configuration. Returns the server type and if it supports SSL.
5. [`MySQLFinger`][mysql-finger] - Fingerprints over MySQL (port 3306). Extracts MySQL banner info - Version, Major/Minor/Build and capabilities.
6. [`ElasticFinger`][elastic-finger] - Fingerprints over ElasticSearch (port 9200). Extracts the cluster name, node name and node version.
## Adding a scanner/fingerprinter
To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and should be imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
To be used by default, two files need to be changed - [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) and [`infection_monkey/example.conf`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/example.conf) to add references to the new class.
At this point, the Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
[elastic-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/elasticfinger.py
[http-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/httpfinger.py
[host-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
[host-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
[mysql-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/mysqlfinger.py
[ping-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/ping_scanner.py
[smb-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/smbfinger.py
[ssh-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/sshfinger.py
[tcp-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/tcp_scanner.py

View File

@ -0,0 +1,26 @@
+++
title = "Setup"
date = 2020-05-26T20:55:04+03:00
weight = 5
chapter = true
pre = '<i class="fas fa-cogs"></i> '
tags = ["setup"]
+++
# Setting up Infection Monkey
Setting up Infection Monkey is really easy! First, you need to {{% button href="https://infectionmonkey.com/" icon="fas fa-download" %}}download the Infection Monkey from our site{{% /button %}}.
Once you've downloaded an installer, you can follow the relevant guide for your environment:
{{% children %}}
Once you're done setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!
{{% notice tip %}}
You can find information about [operating system compatibility and support here](../reference/operating_systems_support).
{{% /notice %}}
{{% notice tip %}}
You can find the binary checksums of our installers to verify their integrity [in this page](../usage/file-checksums).
{{% /notice %}}

View File

@ -0,0 +1,27 @@
---
title: "Accounts and Security"
date: 2020-06-22T15:36:56+03:00
draft: false
weight: 50
pre: "<i class='fas fa-user-lock'></i> "
tags: ["usage", "password"]
---
## Security in Infection Monkey
The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.
If you want island to be accessible without credentials press *I want anyone to access the island*. Please note that this option is insecure: you should only pick this for use in development environments.
## Resetting account credentials
To reset credentials edit `monkey_island\cc\server_config.json` by deleting `user` and `password_hash` variables. Then restart the Monkey Island server and you should be prompted with registration form again.
Example `server_config.json` for account reset:
```json
{
"server_config": "password",
"deployment": "develop"
}
```

39
docs/content/setup/aws.md Normal file
View File

@ -0,0 +1,39 @@
---
title: "AWS"
date: 2020-05-26T20:57:36+03:00
draft: false
pre: '<i class="fab fa-aws"></i> '
weight: 5
tags: ["setup", "aws"]
---
## Deployment
On the [Infection Monkeys AWS Marketplace page](https://aws.amazon.com/marketplace/pp/GuardiCore-Infection-Monkey/B07B3J7K6D), click **Continue to Subscribe**.
1. Choose the desired region.
1. Choose an EC2 instance type with at least 1GB of RAM for optimal performance or stick with the recommended.
1. Select the VPC and subnet you want the instance to be in.
1. In the Security Group section, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
1. Choose an existing EC2 key pair for authenticating with your new instance.
1. Click **Launch with 1-click.**
At this point, AWS will instance and deploy your new machine.
When ready, you can browse to the Infection Monkey running on your fresh deployment at:
`https://{public-ip}:5000`
You will be presented a login page. Use the username **monkey**, and the new EC2 instaces instance ID for password. You can find the instance id by going to the EC2 console and selecting your instance. It should appear in the details pane below.
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
## Integration with AWS services
The Monkey has built-in integrations with AWS services for better execution and reporting. See [Usage -> Integrations](../../usage/integrations) for more details.
## Upgrading
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

View File

@ -0,0 +1,34 @@
---
title: "Azure"
date: 2020-05-26T20:57:39+03:00
draft: false
pre: '<i class="fab fa-microsoft"></i> '
weight: 6
tags: ["setup", "azure"]
---
## Deployment
Select [Infection Monkey from the Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/guardicore.infection_monkey) and click **GET IT NOW**.
1. Under **Basics**:
1. Choose a name for your Infection Monkey instance, such as InfectionMonkey.
1. Choose a username and password or provide a SSH public key for authentication.
1. Choose a resource group and the location your instance will be deployed in.
1. Under **Size**
1. Choose a machine size with at least 1GB of RAM for optimal performance.
1. Under **Settings**
1. Choose the network the new instance will be a member of.
1. In the **Network Security Group** field, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
1. Under **Summary**
1. Review the details of the offer and click **Create**.
At this point, Azure will instance and deploy your new machine. When ready, you can browse to the Infection Monkey running on your fresh deployment at:
`https://{public-ip-address}:5000`
## Upgrading
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

View File

@ -0,0 +1,64 @@
---
title: "Debian"
date: 2020-05-26T20:57:19+03:00
draft: false
pre: '<i class="fab fa-linux"></i> '
weight: 1
disableToc: false
tags: ["setup", "debian", "linux"]
---
## Deployment
To extract the `tar.gz` file, run `tar -xvzf monkey-island-debian.tar.gz`.
To deploy the package, once youve extracted it, run the following commands:
```sh
sudo apt update
sudo dpkg -i monkey_island.deb # this might print errors
```
If at this point, dpkg printed errors that look like this:
```sh
dpkg: error processing package gc-monkey-island (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
gc-monkey-island
```
That just means that not all dependencies were pre-installed on your system. Thats no problem! Just run the following command, which will install all dependencies and then install the Monkey Island:
```sh
sudo apt install -f
```
## Troubleshooting
### Trying to install on Ubuntu <16.04
If youre trying to install the Monkey Island on Ubuntu 16.04 or older, you need to install the dependencies yourself, since Python 3.7 is only installable from the `deadsnakes` PPA. To install the Monkey Island on Ubuntu 16.04, follow the following steps:
```sh
sudo apt update
sudo apt-get install libcurl4-openssl-dev
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install python3.7-dev python3.7-venv python3-venv build-essential
sudo dpkg -i monkey_island.deb # this might print errors
sudo apt install -f
```
### The Monkey Island interface isn't accessible after installation
To check the status of the Monkey Island after the installation, run the following command: `sudo service monkey-island status`.
## Upgrading
To upgrade when a new version comes out, download the new Monkey `.deb` file and install it. You should see a message like `Unpacking monkey-island (1.8.2) over (1.8.0)`. After which, the installation should complete successfully.
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

View File

@ -0,0 +1,30 @@
---
title: "Docker"
date: 2020-05-26T20:57:28+03:00
draft: false
pre: '<i class="fab fa-docker"></i> '
weight: 4
tags: ["setup", "docker", "linux", "windows"]
---
## Deployment
To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
Once youve extracted the container from the tar.gz file, run the following commands:
```sh
sudo docker load -i dk.monkeyisland.1.9.0.tar
sudo docker pull mongo
sudo mkdir -p /var/monkey-mongo/data/db
sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.9.0
```
## Upgrading
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

View File

@ -0,0 +1,62 @@
---
title: "VMware"
date: 2020-05-26T20:57:14+03:00
draft: false
pre: '<i class="fas fa-laptop-code"></i> '
weight: 3
tags: ["setup", "vmware"]
---
## Deployment
1. Deploy the Infection Monkey OVA by choosing Deploy OVF Template and follow the wizard instructions. *Note: make sure port 5000 and 5001 on the machine are accessible for inbound TCP traffic.*
2. Turn on the Infection Monkey VM.
3. Log in to the machine with the following credentials:
1. Username: **monkeyuser**
2. Password: **Noon.Earth.Always**
4. It's recommended to change the machine passwords by running the following commands: `sudo passwd monkeyuser`, `sudo passwd root`.
## OVA network modes
The OVA can be used in one of two modes:
1. In a network with DHCP configured. In this case, the Monkey Island will automatically query and receive an IP address from the network.
1. With a static IP address.
In this case, you should login to the VM console with
username `root` and password `G3aJ9szrvkxTmfAG`. After logging in, edit the interfaces file. You can do that by writing the following command in the prompt:
```sh
sudo nano /etc/network/interfaces
```
And change the lines:
```sh
auto ens160
iface ens160 inet dhcp
```
to the following:
```sh
auto ens160
iface ens160 inet static
address AAA.BBB.CCC.DDD
netmask XXX.XXX.XXX.XXX
gateway YYY.YYY.YYY.YYY
```
Save the changes then run the command
```sh
sudo ifdown ens160 && ifup ens160
```
## Upgrading
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

View File

@ -0,0 +1,35 @@
---
title: "Windows"
date: 2020-05-26T20:57:10+03:00
draft: false
pre: '<i class="fab fa-windows"></i> '
weight: 2
tags: ["setup", "windows"]
---
## Deployment
Run the installer, and you should be met with the following screen:
![Windows installer screenshot](../../images/setup/windows/installer-screenshot-1.png "Windows installer screenshot")
1. Follow the steps of the installation.
1. Run the Monkey Island by clicking on the desktop shortcut.
## Troubleshooting
### Missing windows update
The installer requires [Windows update #2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) to be installed. If youre having trouble running the installer, please make sure to install that update via Windows Update or manually from the link.
### Supported browsers
The Monkey Island supports Chrome (and Chrome-based) browsers. Some Windows Servers only have Internet Explorer installed. Make sure to use Chrome or a similar modern browser. [You can download Google Chrome from here](https://www.google.com/chrome/).
## Upgrading
To upgrade, download the new installer and run it. The new Monkey version should be installed over the old one.
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

View File

@ -0,0 +1,13 @@
+++
title = "Usage"
date = 2020-05-26T20:57:53+03:00
weight = 10
chapter = true
pre = '<i class="fas fa-users-cog"></i> '
+++
# Usage
If you're just starting with Infection Monkey, check out our [Getting Started](getting-started) page.
If you haven't downloaded Monkey yet, {{% button href="https://www.guardicore.com/infectionmonkey/#download" icon="fas fa-download" %}}Get Infection Monkey here{{% /button %}}!

View File

@ -0,0 +1,20 @@
---
title: "Configuration"
date: 2020-06-07T19:08:51+03:00
draft: false
chapter: true
weight: 3
pre: "<i class='fas fa-sliders-h'></i> "
---
# Configure the Monkey
The Monkey is highly configurable. Nearly every part of it can be modified to turn it to a fast acting worm or into a port scanning and system information collecting machine.
{{% notice warning %}}
This section of the documentation is incomplete and under active construction.
{{% /notice %}}
See these documentation pages for information on each configuration value:
{{% children description=true %}}

View File

@ -0,0 +1,10 @@
---
title: "Credentials"
date: 2020-06-09T12:20:08+03:00
draft: false
description: "Configure credentials that the Monkey will use for propagation."
---
In this screen you can feed the Monkey with “stolen” credentials for your network, simulating an attacker with inside knowledge.
![Configure credentials](/images/usage/configruation/credentials.png "Configure credentials")

View File

@ -0,0 +1,12 @@
---
title: "Network"
date: 2020-06-09T12:20:14+03:00
draft: false
description: "Configure settings related to the Monkey's network activity."
---
Here you can control multiple important settings, such as:
* Network propagation depth - How many hops from the base machine will the Monkey spread
* Local network scan - Should the Monkey attempt to attack any machine in its subnet
* Scanner IP/subnet list - Specific IP ranges that the Monkey should try to attack.

View File

@ -0,0 +1,178 @@
---
title: "Verify Integrity - Checksums"
date: 2020-06-08T19:53:47+03:00
draft: false
weight: 100
pre: "<i class='fas fa-certificate'></i> "
---
The official distribution of Infection Monkey is compiled and supplied by Guardicore ([download from our official site here](https://www.guardicore.com/infectionmonkey/#download)). The team signs all software packages to certify that a particular Infection Monkey package is a valid and unaltered Infection Monkey release. Before installing Monkey, you should validate the package using the SHA-256 checksum.
## How to get SHA-256 checksum
### On Windows
Use the `Get-FileHash` <i class="fas fa-terminal"></i> PowerShell commandlet, like so:
```powershell
Get-FileHash '.\Monkey Island v1.8.2_3536_windows.exe' | Format-List
# Should print
# Algorithm : SHA256
# Hash : 2BE528685D675C882604D98382ADB739F5BA0A7E234E3569B21F535173BD9569
# Path : C:\Users\shay.nehmad\Desktop\work\compiled monkeys\1.8.2\Monkey Island v1.8.2_3536_windows.exe <-- Your path will be different
```
### On Linux
Use the `sha256sum` <i class="fas fa-terminal"></i> shell command, like so:
```sh
$ sha256sum monkey-linux-64
# Should print:
# 734dd2580f3d483210daf54c063a0a972911bbe9afb6ebc6278f86cd6b05e7ab monkey-linux-64
```
## Latest version checksums
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |
| monkey-linux-32 | Linux Agent | 1.9.0 | `4c24318026239530ed2437bfef1a01147bb1f3479696eb4eee6009326ce6b380` |
| infection_monkey_deb.tgz | Debian Package | 1.9.0 | `33c23ddae283e3aafe965d264bc88464b66db3dd6874fd7e5cbcd4e931b3bb25` |
| infection_monkey_debzt.tgz | Debian Package | 1.9.0 | `cc53fe9632f44248357d6bd20cf8629be9baf8688468fa6d3e186dcebf10cef6` |
| Monkey Island v1.9.0_3546_windows.exe | Windows Installer | 1.9.0 | `371f6d25e8cb16ea7ebdfd367092ee65b33db2ec35b44d96705716641eaa59e8` |
| Monkey Island v1.9.0_3546_windowszt.exe | Windows Installer | 1.9.0 | `662c611fb83bb8c7ef5f99c5d5ae04f5758727c688238d6a3cd4c58675581695` |
| infection_monkey_docker_docker_20200806_153913.tgz | Docker | 1.9.0 | `5da11c539045a395ced5dd572d331c4f0e9315a3ee192c06279ff4fef668b96e` |
| infection_monkey_docker_dockerzt_20200806_154742.tgz | Docker | 1.9.0 | `a84dbaad32ae42cc2d359ffbe062aec493a7253cf706a2d45f0d0b1c230f9348` |
| monkey-island-vmware.ova | OVA | 1.9.0 | `3861d46518e8a92e49992b26dbff9fe8e8a4ac5fd24d68e68b13e7fd3fa22247` |
| monkey-island-vmwarezt.ova | OVA | 1.9.0 | `03d356eb35e6515146f5bd798bb62cb15c56fcdf83a5281cf6cdc9b901586026` |
## Older checksums
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550` |
| monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f` |
| monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5` |
| monkey-linux-32 | Linux Agent | 1.8.2 | `39d3fe1c7b33482a8cb9288d323dde17b539825ab2d736be66a9582764185478` |
| infection_monkey_deb.tgz | Debian Package | 1.8.2 | `2a6b4b9b846566724ff985c6cc8283222b981b3495dd5a8920b6bc3f34d556e2` |
| Monkey Island v1.8.2_3536_windows.exe | Windows Installer | 1.8.2 | `2be528685d675c882604d98382adb739f5ba0a7e234e3569b21f535173bd9569` |
| Monkey Island v1.8.2_3536_windowszt.exe | Windows Installer | 1.8.2 | `f282ce4dd50abe54671948fb5b3baf913087459444e451660971290a72fe244a` |
| infection_monkey_docker_docker_20200607_172156.tgz | Docker | 1.8.2 | `0e4bc731ef7e8bf19b759709672375890136c008526be454850d334d9ba5012d` |
| infection_monkey_docker_dockerzt_20200607_172521.tgz | Docker | 1.8.2 | `0f4b0cd6fd54dc14ea50c5d2fb3fc711e9863518bd5bffd04e08a0f17eb99e75` |
| monkey-windows-64.exe | Windows Agent | 1.8.0 | `f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7` |
| monkey-windows-32.exe | Windows Agent | 1.8.0 | `1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08` |
| monkey-linux-64 | Linux Agent | 1.8.0 | `d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6` |
| monkey-linux-32 | Linux Agent | 1.8.0 | `217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2` |
| infection_monkey_deb.tgz | Debian Package | 1.8.0 | `9c5254583ce786768ea55df8063152bd19e0f21a83e6f4f873c5dccc5a1c9d5e` |
| infection_monkey_debzt.tgz | Debian Package | 1.8.0 | `90A0824EC98680944B15B86CF5CFA09D48EDA406300C4CAE54432DB05F486D07` |
| Monkey Island v1.8.0_3513_windows.exe | Windows Installer | 1.8.0 | `ce9a9d0539c14ebe2a10cf3b36991b309abd7b62dd7fb7522a549d8987b0f0f4` |
| Monkey Island v1.8.0_3514_windowszt.exe | Windows Installer | 1.8.0 | `0b535a802ac43455d702b45673859b940c1feb7702b46a6a2cbc699672b0c89d` |
| infection_monkey_docker_docker_20200330_201419.tgz | Docker | 1.8.0 | `4f15a5008e43d8c5184456771dd9e8d70104b4ec79e34b53d230662604a7d190` |
| infection_monkey_docker_dockerzt_20200401_174529.tgz | Docker | 1.8.0 | `d94404134d879f3d859c77454df4abd0dbca00b8cae4b1c52d3b38e847f34e4c` |
| monkey-island-vmware.ova | OVA | 1.8.0 | `6BC4E85A0EA81045BD88E2D5A9F98F0DD40DE99E94D1E343D13FA418045A6915` |
| monkey-island-vmwarezt.ova | OVA | 1.8.0 | `79A043D85521F94024F8B0428A7A33B4D3F5B13F9D2B83F72C73C8D0BB12ED91` |
| monkey-linux-64 | Debian Package | 1.8.0 | `b0de3931f6b9c2d986860151e5094e4c57aafa5e3e4aced828ecba36e4ece851` |
| infection_monkey_docker_docker_20200330_201419.tgz | Docker | 1.8.0 | `4f15a5008e43d8c5184456771dd9e8d70104b4ec79e34b53d230662604a7d190` |
| Monkey Island v1.8.0_3513_windows.exe | Windows Installer | 1.8.0 | `ce9a9d0539c14ebe2a10cf3b36991b309abd7b62dd7fb7522a549d8987b0f0f4` |
| monkey-windows-64.exe | Windows Agent | 1.8.0 | `f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7` |
| monkey-linux-64 | Linux Agent | 1.8.0 | `d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6` |
| monkey-windows-32.exe | Windows Agent | 1.8.0 | `1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08` |
| monkey-linux-32 | Linux Agent | 1.8.0 | `217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2` |
| infection_monkey_deb.tgz | Debian Package | 1.8.0 | `9c5254583ce786768ea55df8063152bd19e0f21a83e6f4f873c5dccc5a1c9d5e` |
| infection_monkey_debzt.tgz | Debian Package | 1.8.0 | `90A0824EC98680944B15B86CF5CFA09D48EDA406300C4CAE54432DB05F486D07` |
| infection_monkey_docker_docker_20200401_174048.tgz | Docker | 1.8.0 | `ae59b222a94e1ec83a1c36917bc5cd3d119057e146ac01242af91808f3dce37a` |
| infection_monkey_docker_dockerzt_20200401_174529.tgz | Docker | 1.8.0 | `d94404134d879f3d859c77454df4abd0dbca00b8cae4b1c52d3b38e847f34e4c` |
| Monkey Island v1.8.0_3514_windows.exe | Windows Installer | 1.8.0 | `a56bd98ca3d0dd260f26ac5ee46022fd5ca3f9081a43535b4f57cef43c345dc0` |
| Monkey Island v1.8.0_3514_windowszt.exe | Windows Installer | 1.8.0 | `0b535a802ac43455d702b45673859b940c1feb7702b46a6a2cbc699672b0c89d` |
| Monkey Island v1.8.0_3516_windows.exe | Windows Installer | 1.8.0 | `a31a3837d8ca722e8db10148704237b032e5ef62acc080a82ab80f009d8de6bd` |
| Monkey Island v1.8.0_3517_windows.exe | Windows Installer | 1.8.0 | `450e9ea58a5282f506f819bdc3d4477bbc917d74ee837ca0cc3e62b4a923fef1` |
| Monkey Island v1.8.0_3519_windows.exe | Windows Installer | 1.8.0 | `dfaf7b11b148a5648ca92887d731633f85b68dc82313616f0009eee123c47352` |
| Monkey Island v1.8.0_3520_windows.exe | Windows Installer | 1.8.0 | `719427a7f1878555d6940485330f51e2ddb3331c96b60a1719f6e21987efb3d3` |
| Monkey Island v1.8.0_3521_windows.exe | Windows Installer | 1.8.0 | `a9a37ec2677fc7d224c5993f914ba402c9f86c2f909dc5d649f67d08802dc847` |
| Monkey Island v1.8.0_3522_windows.exe | Windows Installer | 1.8.0 | `4aaa5a99a108ab3cb14b9268a32ac68cb2de4a001ae0e4374ca779824981ea64` |
| Monkey Island v1.8.0_3523_windows.exe | Windows Installer | 1.8.0 | `4f029d2683cf68e63f8b426fa19df9561add0ed169821b4fc83c2721f0939520` |
| Monkey Island v1.8.0_3525_windows.exe | Windows Installer | 1.8.0 | `4a660cf5eda5beae844e5a62031972304eaa0432c32708f11d94dc0a501be182` |
| Monkey Island v1.8.0_3525_windowszt.exe | Windows Installer | 1.8.0 | `980ba04ef9f6395e2885851f906ee3ed57d696a2e984aa1e7a59446a57ce0408` |
| infection_monkey_docker_docker_20200419_160310.tgz | Docker | 1.8.0 | `999edc833484f51475db5a56e0557b59d09f520453b8077c60f7d9359b504299` |
| infection_monkey_docker_dockerzt_20200419_160542.tgz | Docker | 1.8.0 | `87ec632837d4add968831ee7fd271871f89e5b29e251d046ebf100bc94bb755e` |
| Monkey Island v1.8.0_3526_windows.exe | Windows Installer | 1.8.0 | `6b6c05f3575eef9b95c1624f74953e54654211de4ae1ad738b287e661f002989` |
| Monkey Island v1.8.0_3526_windowszt.exe | Windows Installer | 1.8.0 | `f181e58820817d76274fab3ee2a7824fc0d5b1f637d7f5c7fe111eb7061844f2` |
| Monkey Island v1.8.0_3527_windows.exe | Windows Installer | 1.8.0 | `94c2e09ca103bc22206715783616af91e58fe773a04c975d6a09d48d9a5759b2` |
| infection_monkey_docker_docker_20200420_151527.tgz | Docker | 1.8.0 | `fe4512fd46c3be6c9416287e3a703e8453a46a17b05404ba72035036946f6dbd` |
| infection_monkey_docker_docker_20200420_153306.tgz | Docker | 1.8.0 | `17ef5de58a49168a70085cb80063355ac489139c88d029d175a09e36524fe224` |
| infection_monkey_docker_docker_20200420_174533.tgz | Docker | 1.8.0 | `fcf57ab8b1b77bcf678765c90798b950fd4a62019c48ebeeac37e9d3011b6b2e` |
| infection_monkey_docker_docker_20200427_184208.tgz | Docker | 1.8.0 | `082165abd8c45d9731472ae0877fecedfbcefcff8c0003b43d4300854908f0cb` |
| infection_monkey_docker_dockerzt_20200427_184441.tgz | Docker | 1.8.0 | `74f824ecb14f5d47182156999d5aeaf2177d719c6f53ed81b68606b2ed931647` |
| Monkey Island v1.8.0_3528_windows.exe | Windows Installer | 1.8.0 | `baa13321c88223acd0262137ba018f9cbea869b5d1920565a5e6c8eb2c83b80e` |
| Monkey Island v1.8.0_3528_windowszt.exe | Windows Installer | 1.8.0 | `466f7c3aa052163f10e154ec787b31a98b54ced8cffc17373525e8ca39ec2556` |
| monkey-island-vmware.ova | OVA | 1.8.0 | `6BC4E85A0EA81045BD88E2D5A9F98F0DD40DE99E94D1E343D13FA418045A6915` |
| monkey-island-vmwarezt.ova | OVA | 1.8.0 | `79A043D85521F94024F8B0428A7A33B4D3F5B13F9D2B83F72C73C8D0BB12ED91` |
| monkey_island_vmware.deb | VMWare Debian | 1.7.0 | `8F77347343B1D070C4BCC43A6CF5971F086665206F76AD1304359ADB388C55DE` |
| dk.monkeyisland.latest.tar | Docker | 1.7.0 | `E92CD45DB172342FE906FEFA7F26BACB2F59C2BE8484756B71CD1BDEBCCA8BFB` |
| monkey-windows-32.exe | Agent | 1.7.0 | `00E121EC8AA3519498D225066A3BC29984A7DA2A6F4F0641ED465FD64107A117` |
| Monkey Island v1.7.0.3478.exe | Windows Installer | 1.7.0 | `AFC969884939DBE37DA6B8AD4999CA6E9F18E54BA03AC0C04C59ABB6D6204634` |
| monkey_island.deb | Debian | 1.7.0 | `4AE051BC47B39FA05937994B3D24226771D03891AB2EA484FD7B4AADC0C5E220` |
| monkey-windows-64.exe | Agent | 1.7.0 | `BCF60E0C4BC2578361CCACDA0C183B726AF375F0142306CA9013A14BBA9B962C` |
| monkey-linux-64 | Agent | 1.7.0 | `333529B3061473BF5EE713FA7E3DF4B05DD01823840BB92E1E715488A749B9EA` |
| monkey-linux-32 | Agent | 1.7.0 | `EF7A72FFDDF3A54C74F458201A45B51B779A68C460A309B0D5FD247264D7137D` |
| Monkey Island 1.7.0 OVA 20191013.ova | OVA | 1.7.0 | `EB1D568F1EA9236B3402A65484EE1F06350FF5C4097288F3FE3312474ECB48C7` |
| dk.monkeyisland.latest.zt.tar | Docker | 1.7.0 | `C998FD7CC73F394CD39450E49586397F721D8B7F2DFA4CFE30EC797864588C72` |
| Monkey Island v1.7.0 zt.exe | Windows Installer | 1.7.0 | `5C6DADDD3BCF0766DB515DC911DC80D7D11DFF8A72BCBBBE21DEB3C9F78B6889` |
| monkey_island_zt.deb | Debian | 1.7.0 | `A0515FBCFD9590CEA739E1AFA95CE7FC406C5E4206A67A50C8CD2423540818C8` |
| monkey_island_vmware_zt.deb | VMWare Debian | 1.7.0 | `80EDB3FB846251C7B80B72259837629F17A4166C34FE440451BDD7ED8CC43F7F` |
| Monkey Island 1.7.0 ZT OVA 20191013.ova | OVA | 1.7.0 | `D220E171CF38DCD434AB4473C72CE29873A495B16FFAA8CA55658F5606398E34` |
| infection_monkey_deb_vmware.20190519_125330.tgz | VMWare | 1.6.3 | `22e51f089e6537e2cb349b07b4bf22c7a63c68ae12776a7b5239a0238bf02a05` |
| infection_monkey_deb_gcp.20190519_125239.tgz | GCP | 1.6.3 | `b8fdb976af8130329265bd3ad36b553864f6f7a2a2df912cfea4215584774686` |
| infection_monkey_docker.20190519_125632.tgz | Docker | 1.6.3 | `5576e20fe8ee502a7b452b504789961aedae214e49061a58ca0f248cc72c1c78` |
| monkey-windows-32.exe | Agent | 1.6.3 | `6f68d436a2a85852b02e4d72d4202919753a78e5285c36bd1a5481c8711b1d6b` |
| Monkey Island v1.6.3.3468.exe | Windows Installer | 1.6.3 | `69cb63612855165db97eb3c253e5a6f627fe216e0610eca5e5e6f875281a3604` |
| infection_monkey_deb.20190519_124555.tgz | Debian | 1.6.3 | `2389b553bd569defa4b81053984f0743b1b4093cdcfcf8561243b9d882d55e83` |
| monkey-windows-64.exe | Agent | 1.6.3 | `502c749ede6e09b8c40bc4bbfd2a46c95d3626a1aef74c72ac7b5641595e8c9c` |
| monkey-linux-64 | Agent | 1.6.3 | `6cfec4aea2f993294ca32f816a85347be8b155fb9c39706c82866bce8d8f87c1` |
| monkey-linux-32 | Agent | 1.6.3 | `996b3883e9b1114b274bf25426ee13060b65f8deb08c96b57857b99d8e8e3277` |
| Infection Monkey 1.6.3.ova | OVA | 1.6.3 | `a5b6e7d547ad4ae79508301698d99cbaf3b3ebfb1d2f0274ae1151d803def1e4` |
| infection_monkey_deb_azure.20190519_125317.tgz | Azure | 1.6.3 | `fcf1b6bf805f4422deb90f25752573f796d5a73e148086f49db310208b02c829` |
| infection_monkey_deb_aws.20190519_130517.tgz | AWS | 1.6.3 | `9c232f5d2f9dc24c9faea3cf597af783798baedb61334e0e650ca79bdac29fec` |
| Infection Monkey 1.6.2.ova | OVA | 1.6.2 | `00346E6383E7BBDB107C14B668D251513E150C089A26AAFA3E17040D96C7DEC9` |
| infection_monkey_deb.1.6.2.tgz | Debian | 1.6.2 | `56BF1D99DD6674F9D3504D5DD5A62D8B3520B4F25449ED0026E5A0DC99BD0683` |
| infection_monkey_1.5_docker.tgz | Docker | 1.6.2 | `2466B4FFFE175EC5DEF0CAACF93EE5CC7D8878DBA63B30F148C560A6AFA5B537` |
| Monkey Island v1.6.2.3434.exe | Windows Installer | 1.6.2 | `2B0BFD5721897787536F4F94D5641E061833CBEF0279C0E38C41BC1B3E76A380` |
| Monkey-Linux-32 | Agent | 1.6.1 | `9E5F8FA7F85FEB1BC31E0AE7D1F303139CA3FE5FA044E6C58F68B4917D27CACE` |
| Monkey-Linux-64 | Agent | 1.6.1 | `74F9FFBB504FF5E74EFF1399685C0C110EDE0D3244F61591D77EE7A22672457E` |
| Monkey-Windows-32.exe | Agent | 1.6.1 | `53AC0F047CA95A0476944559F6FC650ADA865891139FA1258B35A5A525BC6002` |
| Monkey-Windows-64.exe | Agent | 1.6.1 | `53019FD25CD4A0AE526696EB05E2EEDE32607263C5F29BE36554D637532D41C3` |
| infection_monkey_1.5.2.ova | OVA | 1.5.2 | `6E6CAABBA7CCDB20E981147560353EC731B1FC8955D0319886D36E9825C201C7` |
| infection_monkey_1.5_deb.tgz | Debian | 1.5.2 | `E84EFA3C20A417D13DC6EA64CB046D40ED7534A6FBB91EBF6EA061716A855A17` |
| infection_monkey_1.5_docker.tgz | Docker | 1.5.2 | `0D33C17556FAC28874A2FE9157DB311892B42669E51C043C4DAE2F68B0D74B8F` |
| Monkey-Linux-32 | Agent | 1.5.2 | `4DF689A845FD7092E81ECB0AB5207621836B3D46B71FB3829E5E5CF9DDAF52D0` |
| Monkey-Linux-64 | Agent | 1.5.2 | `99FC4BB24D2EFF1CD107CCE932EA0BDC006ED2226AE0DC19DD0BC7A97ADB553F` |
| Monkey-Windows-32.exe | Agent | 1.5.2 | `8FC1441B87BDFD786A3A262542C013E4C84AC870C847A919CDA0851F91A511B9` |
| Monkey-Windows-64.exe | Agent | 1.5.2 | `0AE8F0AB190E8BEAE78AB12C8477C924FE92B19B1E079B279F4F87AE4BD2A718` |
| infection_monkey_deb.20180402_184213.tgz | Debian | 1.5.1 | `4425FC97DE825715837783258FD8BCF88E87AAB3500F63D287384B9D74D54122` |
| Monkey Island v1.5.1.3377.exe | Windows Installer | 1.5.1 | `5A137ADA97F39F4C3CA278E851D2684B929911639E2876EB4DF1D1AC5D70E27D` |
| infection_monkey_docker.20180402_184212.tgz | Docker | 1.5.1 | `049831C3F9C959128C5C8D9843819A4ED960FF046B1536216B5FA5FF4B28D1A6` |
| Monkey-Linux-32 | Agent | 1.6 | `665E1263347B9D0245211676496E91669809B3865ED8B5AD1878DA54A9784F5C` |
| Monkey-Linux-64 | Agent | 1.6 | `F0D51E7431CF07A842D4D25AAE2DD8A6B9EE08744914729AF448F92088798F7F` |
| Monkey-Windows-32.exe | Agent | 1.6 | `77AC4264715A6E7D238F8B67ED04EE75CF75C07D360A4B649CA6E31C83CE7B21` |
| Monkey-Windows-64.exe | Agent | 1.6 | `0DEED0AA00F7D54B084EF6888731B0CFEC6382045A74B55162FDD3D00D0BE9F8` |
| Monkey Island v1.6.0.3414.exe | Windows installer | 1.6 | `242879983A709D7CD6D7D7EEC493442B7FACC8E215CBB21650915C5EECB8829A` |
| infection_monkey_1.6.ova | OVA | 1.6 | `831FBA09AA49940B1747164BEB6B4AF83BA04FCE35285912AB0B18A7FA1A39D8` |
| infection_monkey_deb.1.6.tgz | Debian | 1.6 | `339EC88DD6A2AB6CB917456AA8970B0F1D36D7335E7D2EE1A34B74047F843542` |
| infection_monkey_docker.1.6.tgz | Docker | 1.6 | `0624CF75C4D208DDC7475636CFE2869BA324DEB88C3860DB2934E7BDA3E664F6` |
| infection_monkey.ova | OVA | 1.5 | `A6773C4DA8FF7A09C0F3FEE45A25D45830C616AACCEC14C86542462ADCDA1F89` |
| infection_monkey_deb.20180208_175917.tgz | Debian | 1.5 | `04E3CD3CD301A44BEE508C1BF993948B89212EF3269D61FB13ECB9FDC25268DB` |
| infection_monkey_docker.20180119_112852.tgz | Docker | 1.5 | `4D94C6BB7B4A0177CC1F3E864FB714015619ACB4DD1C4E92D8986BA093F8BD87` |
| Monkey Island v1.5.0.exe | Windows installer | 1.5 | `A1D7725AF116AE33CEA9A0E641E61C96E51FAFCCCB598F668EB99E35DE799C7B` |
| infection_monkey_1.5_deb.tgz | Debian | 1.5 | `1433B8A5E778F12C9E8AE4B1BCBF2863E0CC5E001D661C8540804B909B9D83C5` |
| infection_monkey_1.5_docker.tgz | Docker | 1.5 | `22B7FDC4C213F0385AEB9F63E60665470C2862C8C1B45B5B49FBF320570A9082` |
| Monkey Island v1.5.0.3371.exe | Windows Installer | 1.5 | `B69997E9920E73F16896D3E793AB721388E5636DB1846D4BFEC1C7A372EE2059` |
| infection_monkey_1.5_deb.tgz | Debian | 1.5 | `00EB499FCC590950723E42784D3502B70EAD8AD396B916AF450AB1A48DF993ED` |
| infection_monkey_1.5_docker.tgz | Docker | 1.5 | `A8670280A07EF6A9F5DC9CEB4B11B25DD7B90C37AD94666A6FFAABD6D105F0CB` |
| Monkey Island v1.5.0.exe | Windows Installer | 1.5 | `55F39C8EEB04089F54C10C991A82FE1539BC072E1A7F364D0C720CBF0A28EBB7` |
| Monkey-Linux-32 | Agent | 1.5 | `B85E10AEF0B6935B0AF6EFEA03C9A684859F2DD078B31D9492E98585E2E89C39` |
| Monkey-Linux-64 | Agent | 1.5 | `44BA13A7391D4A16C46D5EF44F60B09E1EDCEB3C716C0AF4241F166619A62944` |

View File

@ -0,0 +1,55 @@
---
title: "Getting Started"
date: 2020-05-26T21:01:12+03:00
draft: false
weight: 1
pre: "<i class='fas fa-play-circle'></i> "
tags: ["usage"]
---
If you haven't deployed the Monkey Island yet, please [refer to our setup documentation](/setup)
## Using the Infection Monkey
After deploying the Monkey Island in your environment, navigate to `https://<server-ip>:5000`.
### First-time login
On your first login, you'll be asked to set up a username and password for the Monkey Island server. [See this page for more details](../accounts-and-security).
### Run the Monkey
To get the Infection Monkey running as fast as possible, click **Run Monkey**. Optionally, you can configure the Monkey before you continue by clicking **Configuration** (see [how to configure the monkey](../configuration)).
To run the monkey, select one of the following options:
![Run Page](/images/usage/getting-started/run_page_with_arrows.jpg "Run Page")
1. Click **Run on C&C Server** to run the Infection Monkey on the Monkey Island server. This simulates an attacker trying to propagate through local network from Monkey Island machine.
2. Click **Run on machine of your choice** to download and execute the Infection Monkey on a machine of your choice. Then follow the instructions and execute the generated command on the machine of your choice. This simulates an attacker who has breached one of your servers. The Monkey will map all accessible machines and their open services and try to steal credentials and use its exploits to propagate.
![Run on machine of your choice](/images/usage/getting-started/run_page_button_no_arrow.jpg "Run on machine of your choice")
{{% notice tip %}}
If you're running in an AWS cloud environment, check out [Usage -> Integrations](../../usage/integrations) for information about how Monkey integrates with AWS.
{{% /notice %}}
### Infection Map
Next, click **Infection Map** to see the Infection Monkey in action.
![Run page to infection map page](/images/usage/getting-started/run_page_button.JPG "Run page to infection map page")
At first, the infection map will look like this:
![Start of Monkey execution](/images/usage/getting-started/run_island.JPG "Start of Monkey execution")
Within a few minutes, the Infection Monkey should be able to find and attack accessible machines.
![Middle of Monkey execution](/images/usage/getting-started/single_exploitation.JPG "Middle of Monkey execution")
As the Infection Monkey continues, the map should be filled with accessible and “hacked” machines. Once all the Infection Monkeys have finished propagating, click **Reports** to see the reports. See [Infection Monkey Reports](../reports) for more info.
![End of Monkey execution](/images/usage/getting-started/exploitation_tunneling_arrow.jpg "End of Monkey execution")
Congratulations, you finished first successful execution of the Infection Monkey! 🎉 To thoroughly test your network, you can run the Infection Monkey from different starting locations using different configurations.

View File

@ -0,0 +1,14 @@
---
title: "Integrations"
date: 2020-06-28T10:38:05+03:00
draft: false
chapter: true
weight: 10
pre: "<i class='fas fa-directions'></i> "
---
# Integrate the Monkey with 3rd party software
The Monkey likes working together. See these documentation pages for information on each integration the Monkey currently offers:
{{% children description=true %}}

View File

@ -0,0 +1,150 @@
---
title: "Running the monkey on AWS EC2 instances"
date: 2020-06-28T10:44:05+03:00
draft: false
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
tags: ["aws", "integration"]
---
## When to use this feature
If your network is deployed on Amazon Web Services (with EC2 instances), and you'd like to run the Infection Monkey in order to test it, this page is for you. You can easily run the monkey on **various instances** within your network - in a secure fashion, **without** feeding the Island with any credentials or running shell commands on the machines you want to test.
The results will be exported to AWS security hub automatically, as well. To see more information about that, see the [Infection Monkey and AWS Security Hub documentation](https://github.com/guardicore/monkey/wiki/Infection-Monkey-and-AWS-Security-Hub).
![AWS EC2 logo](/images/usage/integrations/aws-ec2.svg?height=250px "AWS EC2 logo")
## Setup
Assuming your network is already set up in AWS EC2, follow these quick steps to get up and running.
### Monkey Island deployment
In order to run the Monkeys directly from the Monkey Island server, you need to deploy the Monkey Island server to an AWS EC2 instance in the same network which you want to test. For information about deploying the Monkey Island server, see [setup](../../../setup).
### Setup IAM roles
In order for the Island to successfully view your instances, you'll need to set appropriate IAM roles to your instances. You can read more about IAM roles [in Amazon's documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html), but it's not necessary in order to follow this setup.
#### Creating a custom IAM role
Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should like something like this:
![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
#### Applying the IAM role to an instance
For each instance you'd like to access from the island, apply the new IAM role you've just created to the instance. For example:
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-4.png "Applying a custom IAM role")
After applying the IAM role you should see this screen:
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-5.png "Applying a custom IAM role")
**Note: after setting IAM roles, the roles might take a few minutes (up to 10 minutes sometimes) to effectively kick in.** This is how AWS works and is not related to the Monkey implementation. See [this StackOverflow thread for more details.](https://stackoverflow.com/questions/20156043/how-long-should-i-wait-after-applying-an-aws-iam-policy-before-it-is-valid)
### Setup SSM agent
If your EC2 instances don't have the _SSM agent_ installed, they will not be able to execute SSM commands, which means you won't see them in the AWS machines table on the monkey island. Generally speaking, most new EC2 instances ought to have SSM pre-installed; The SSM Agent is installed, by default, on Amazon Linux base AMIs dated 2017.09 and later, and on Amazon Linux 2, Ubuntu Server 16.04, and Ubuntu Server 18.04 LTS AMIs.
See [Amazon's documentation about working with SSM agents](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) for more details on how to check if you have an SSM agent and how to manually install one if you don't have one.
## Usage
### Running the monkey
When you run the monkey island on an AWS instance, the island detects it's running on AWS and present the following option in the _"Run Monkey"_ page, like so:
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-1.png "Running a Monkey on EC2 Instance")
And then you can choose one of the available instances as "patient zero" like so:
1. Click on "Run on AWS"
2. Choose the relevant Network Interface
3. Select the machines you'd like to run the Monkey on
4. Click "Run on Selected Machines", and watch the monkey go! 🐒
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-2.png "Running a Monkey on EC2 Instance")
## Notes
- The machines which can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in AWS IAM documentation.
- You can see the monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
### Appendix A: Specific policy permissions required
The IAM role will need to have, at least, the following specific permissions:
#### For executing the Monkey on other machines - SSM
- `"ssm:SendCommand"`
- `"ssm:DescribeInstanceInformation"`
- `"ssm:GetCommandInvocation"`
Here's the policy of the IAM role, as a JSON object:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ssm:SendCommand",
"ssm:DescribeInstanceInformation",
"ssm:GetCommandInvocation"
],
"Resource": "*"
}
]
}
```
#### For exporting security findings to the Security Hub - security hub
_Note: these can be set on the Monkey Island machine alone, since it's the only one exporting findings to the AWS secutiry hub._
- `"securityhub:UpdateFindings"`
- `"securityhub:BatchImportFindings"`
Here's the policy for SecurityHub, as a JSON object:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"securityhub:UpdateFindings",
"securityhub:BatchImportFindings"
],
"Resource": "*"
}
]
}
```
The JSON object for both of the policies combined therefore is:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ssm:SendCommand",
"ssm:DescribeInstanceInformation",
"securityhub:UpdateFindings",
"securityhub:BatchImportFindings",
"ssm:GetCommandInvocation"
],
"Resource": "*"
}
]
}
```

View File

@ -0,0 +1,43 @@
---
title: "AWS Security Hub integration"
date: 2020-06-28T10:38:12+03:00
draft: false
description: "Correlate the Monkey's findings with the native security solutions and benchmark scores."
tags: ["aws", "integration"]
---
The Infection Monkey integration with the [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score.
![AWS security hub logo](/images/usage/integrations/AWS-Security-Hub-logo.png "AWS security hub logo")
The integration will send _all_ Infection Monkey findings (typically low tens of findings) to the security hub at the end of a Monkey breach simulation.
## Setup
If the correct permissions have been set on the AWS IAM role of the Monkey Island machine, then the Island will automatically export its findings to the AWS security hub.
### Specific permissions required for security hub
- `"securityhub:UpdateFindings"`
- `"securityhub:BatchImportFindings"`
Note that the integration is specifically between your Monkey Island and the security hub. The Infection Monkey is an free project and there is no centralised infrastructure.
## Integration details
The Infection Monkey reports the following types of issues to the AWS security hub: `Software and Configuration Checks/Vulnerabilities/CVE`.
Specifically, the Island sends findings for all vulnerabilities it finds along with generic findings on the network (such as segmentation issues). Our normalized severity is 100, while most issues we report range between 1 and 10.
## Regions
The Infection Monkey is usable on all public AWS instances.
## Example
After setting up a monkey environment in AWS and attaching the correct IAM roles to the monkey island machine, the report findings were exported to the security hub.
1. Navigate to `Findings`.
2. Press on a specific finding to see more details and possible solutions.
![AWS Security hub console example](images/usage/integrations/security-hub-console-example.png "AWS Security hub console example")

View File

@ -0,0 +1,13 @@
+++
title = "Reports"
date = 2020-06-24T21:16:03+03:00
weight = 5
chapter = true
pre = "<i class='fas fa-scroll'></i> "
+++
# Infection Monkey's Reports
The Monkey offers three reports:
{{% children %}}

View File

@ -0,0 +1,36 @@
---
title: "MITRE ATT&CK report"
date: 2020-06-24T21:17:18+03:00
draft: false
---
{{% notice info %}}
Check out [the documentation for the other reports as well](../).
{{% /notice %}}
The Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base: It provides a new report with the utilized techniques and recommended mitigations, to help you simulate an APT attack on your network and mitigate real attack paths intelligently.
Watch an overview video:
{{% youtube 3tNrlutqazQ %}}
## How to use the report
The MITRE ATT&CK report is centred around the ATT&CK matrix:
![MITRE Report](/images/usage/reports/mitre-report-0.png "MITRE Report")
The Monkey rates your network on the attack techniques it attempted. For each technique, you can get
- {{< label danger Red >}}: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed.
- {{< label warning Yellow >}}: The Monkey **tried to use** the technique, but didnt manage to. That means your network isnt vulnerable to the way Monkey employs this technique.
- {{< label unused "Dark Gray" >}}: The Monkey **didn't try** the technique. Perhaps it wasn't relevant to this network.
- {{< label disabled "Light Gray" >}}: The Monkey **didn't try** the technique since it wasn't configured.
Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, lets look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique thats a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.png "MITRE Report Credentials Access technique")
In this example, you can see how the Monkey was able to use one old `root` password to access all machines in the network. When scrolling to the bottom of this list, you can also see the mitigation recommended, including **Account Use Policies** and implementing **Multiple Factor Authentication**.
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access-mitigations.png "MITRE Report Credentials Access technique")

View File

@ -0,0 +1,97 @@
---
title: "Security report"
date: 2020-06-24T21:16:10+03:00
draft: false
---
{{% notice info %}}
Check out [the documentation for the other reports as well](../).
{{% /notice %}}
The Monkey's Security Report is built to provide you with actionable recommendations and insight to the Attacker's view of your network. You can download a PDF of this example report:
{{%attachments title="Download the PDF" pattern=".*(pdf)"/%}}
The report is split into 3 main categories: "Overview", "Recommendations" and "The network from the Monkey's eyes".
- [Overview](#overview)
- [High level information](#high-level-information)
- [Used Credentials](#used-credentials)
- [Exploits and targets](#exploits-and-targets)
- [Security Findings](#security-findings)
- [Recommendations](#recommendations)
- [Machine related recommendations relating to specific CVEs](#machine-related-recommendations-relating-to-specific-cves)
- [Machine related recommendations relating to network security and segmentation](#machine-related-recommendations-relating-to-network-security-and-segmentation)
- [The network from the Monkey's eyes](#the-network-from-the-monkeys-eyes)
- [Network infection map](#network-infection-map)
- [Scanned servers](#scanned-servers)
- [Exploits and post-breach actions](#exploits-and-post-breach-actions)
- [Stolen Credentials](#stolen-credentials)
## Overview
The overview section of the report provides high-level information about the Monkey execution and the main security findings that the Monkey has found.
### High level information
The report starts with information about the execution, including how long the simulation took and from which machine the infection started from.
![Overview](/images/usage/reports/sec_report_1_overview.png "Overview")
### Used Credentials
The report will show which credentials were used for brute-forcing.
![Used Credentials](/images/usage/reports/sec_report_2_users_passwords.png "Used Credentials")
### Exploits and targets
The report shows which exploits were attempted in this simulation and which targets the Monkey scanned and tried to exploit.
![Exploits and Targets](/images/usage/reports/sec_report_3_exploits_ips.png "Exploits and Targets")
### Security Findings
The report highlights the most important security threats and issues the Monkey discovered during the attack.
![Threats and issues](/images/usage/reports/sec_report_4_threats_and_issues.png "Threats and issues")
## Recommendations
This section contains the Monkey's recommendations for improving your security - what mitigations you need to implement.
### Machine related recommendations relating to specific CVEs
![Machine related recommendations](/images/usage/reports/sec_report_5_machine_related.png "Machine related recommendations")
### Machine related recommendations relating to network security and segmentation
![Machine related recommendations](/images/usage/reports/sec_report_6_machine_related_network.png "Machine related recommendations")
## The network from the Monkey's eyes
This section contains the Infection Map and some summary tables on servers the Monkey has found.
### Network infection map
This part shows the network map and a breakdown of how many machines were breached.
![Network map](/images/usage/reports/sec_report_7_network_map.png "Network map")
### Scanned servers
This part shows the attack surface the Monkey has found.
![Scanned servers](/images/usage/reports/sec_report_8_network_services.png "Scanned servers")
### Exploits and post-breach actions
This part shows which exploits and Post Breach Actions the Monkey has performed in this simulation.
![Exploits and PBAs](/images/usage/reports/sec_report_9_exploits_pbas.png "Exploits and PBAs")
### Stolen Credentials
This part shows which credentials the Monkey was able to steal from breached machines in this simulation.
![Stolen creds](/images/usage/reports/sec_report_10_stolen_credentials.png "Stolen creds")

View File

@ -0,0 +1,46 @@
---
title: "Zero Trust report"
date: 2020-06-24T21:16:18+03:00
draft: false
---
{{% notice info %}}
Check out [the documentation for the other reports as well](../).
{{% /notice %}}
The Guardicore Infection Monkey runs different tests to evaluate your network adherence to key components of the Zero Trust framework as established by Forrester, such as whether you have applied segmentation, user identity, encryption and more. Then, the Monkey generates a status report with detailed explanations of security gaps and prescriptive instructions on how to rectify them.
## Summary
This diagram provides a quick glance at how your organization scores on each component of the Forresters Zero Trust model with **Failed**, **Verify**, **Passed** and **Unexecuted** verdicts.
- {{< label danger Failed >}} At least one of the tests related to this component failed. This means that the Infection Monkey detected an unmet Zero Trust requirement.
- {{< label warning Verify >}} At least one of the tests results related to this component requires further manual verification.
- {{< label success Passed >}} All Tests related to this pillar passed. No violation of a Zero Trust guiding principle was detected.
- {{< label other Unexecuted >}} This status means no tests were executed for this pillar.
![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary")
## Test Results
See how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust components so you can quickly navigate to the components you care about first.
![Zero Trust Report test results](/images/usage/reports/ztreport2.png "Zero Trust Report test results")
## Findings
Deep-dive into the details of each test, and see the explicit events and exact timestamps in which things happened in your network. This will enable you to match up with your SOC logs and alerts and to gain deeper insight as to what exactly happened during each of the tests.
![Zero Trust Report Findings](/images/usage/reports/ztreport3.png "Zero Trust Report Findings")
## Events
The results are exportable. Click Export after clicking on Events to view them in a machine-readable format.
![Zero Trust Report events](/images/usage/reports/ztreport4.png "Zero Trust Report events")
## Overview Video
You can check out an overview video here:
{{% youtube z4FNu3WCd9o %}}

View File

@ -0,0 +1,21 @@
+++
title = "Use Cases"
date = 2020-08-12T12:52:59+03:00
weight = 3
chapter = true
pre = "<i class='fas fa-map-marked-alt'></i> "
+++
# Use cases
This section describes possible use cases for the Infection Monkey and helps to
understand how this tool can be configured.
You can also refer to [our FAQ](../../faq) for more specific questions and answers.
{{% notice note %}}
No worries! The Monkey uses safe exploiters and does not cause any permanent system modifications that impact security or operations.
{{% /notice %}}
## Section contents
{{% children description=True %}}

View File

@ -0,0 +1,40 @@
---
title: "Credential Leak"
date: 2020-08-12T13:04:25+03:00
draft: false
description: "Assess the impact of successful phishing attack, insider threat, or other form of credentials leak."
weight: 4
---
## Overview
Numerous attack techniques(from phishing to dumpster diving) might result in a credential leak,
which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
Infection Monkey can help assess the impact of stolen credentials by automatically searching
where these credentials can be reused.
## Configuration
#### Important configuration values:
- **Exploits -> Credentials** After setting up the Island add the users **real** credentials
(usernames and passwords) to the Monkeys configuration (Dont worry, this sensitive data is not accessible and is not
distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Islands configuration).
- **Internal -> Exploits -> SSH keypair list** Monkey automatically gathers SSH keys on the current system.
For this to work, Monkey Island or initial Monkey needs to have access to SSH key files(grant permission or run Monkey as root).
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Monkey
(content of keys will not be displayed, it will appear as `<Object>`).
To simulate the damage from a successful phishing attack using the Infection Monkey, choose machines in your network
from potentially problematic group of machines, such as the laptop of one of your heavy email users or
one of your strong IT users (think of people who are more likely to correspond with people outside of
your organization). Execute the Monkey on chosen machines by clicking on “**1. Run Monkey**” from the left sidebar menu
and choosing “**Run on machine of your choice**”.
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
## Assessing results
To assess the impact of leaked credentials see Security report. It's possible, that credential leak resulted in even
more leaked credentials, for that look into **Security report -> Stolen credentials**.

View File

@ -0,0 +1,55 @@
---
title: "IDS/IPS Test"
date: 2020-08-12T13:07:47+03:00
draft: false
description: "Test your network defence solutions."
weight: 5
---
## Overview
The Infection Monkey can help you verify that your security solutions are working the way you expected them to.
These may include your IR and SOC teams, your SIEM, your firewall, your endpoint security solution, and more.
## Configuration
#### Important configuration values:
- **Monkey -> Post breach** Post breach actions simulate the actions an attacker would make on infected system.
To test something not present on the tool, you can provide your own file or command to be ran.
The default configuration is good enough for many cases, but configuring testing scope and adding brute-force
credentials is a good bet in any scenario.
Running the Monkey on both the Island and on a few other machines in the network manually is also recommended,
as it increases coverage and propagation rates.
![Post breach configuration](/images/usage/use-cases/ids-test.PNG "Post breach configuration")
## Assessing results
After running the Monkey, follow the Monkeys actions on the Monkey Islands infection map.
Now you can match this activity from the Monkey timeline display to your internal SIEM and make sure your security
solutions are identifying and correctly alerting on different attacks.
- The red arrows indicate successful exploitations. If you see red arrows, those incidents ought to be reported as
exploitation attempts, so check whether you are receiving alerts from your security systems as expected.
- The orange arrows indicate scanning activity, usually used by attackers to locate potential vulnerabilities.
If you see orange arrows, those incidents ought to be reported as scanning attempts (and possibly as segmentation violations).
- The blue arrows indicate tunneling activity, usually used by attackers to infiltrate “protected” networks from
the Internet. Perhaps someone is trying to bypass your firewall to gain access to a protected service in your network?
Check if your micro-segmentation / firewall solution identify or report anything.
While running this scenario, be on the lookout for the action that should arise:
Did you get a phone call telling you about suspicious activity inside your network? Are events flowing
into your security events aggregators? Are you getting emails from your IR teams?
Is the endpoint protection software you installed on machines in the network reporting on anything? Are your
compliance scanners detecting anything wrong?
Lastly, check Zero Trust and Mitre ATT&CK reports, to see which attacks can be executed on the network and how to
fix it.
![Map](/images/usage/use-cases/map-full-cropped.png "Map")

View File

@ -0,0 +1,43 @@
---
title: "Network Breach"
date: 2020-08-12T13:04:55+03:00
draft: false
description: "Simulate an internal network breach and assess the potential impact."
weight: 1
---
## Overview
Whether it was the [Hex-men campaign](https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit your
Internet-facing DB server, a [cryptomining operation that attacked your WordPress site](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/)
or any other malicious campaign the attackers are now trying to go deeper into your network.
Infection Monkey will help you assess the impact of internal network breach, by trying to propagate within it
using service vulnerabilities, brute-forcing and other safe attack methods.
## Configuration
#### Important configuration values:
- **Exploits -> Exploits** You can review the exploits Infection Monkey will be using. By default all
safe exploiters are selected.
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. We use most popular passwords
and usernames, but feel free to adjust it according to your native language and other factors. Keep in mind that long
lists means longer scanning times.
- **Network -> Scope** Make sure to properly configure the scope of the scan. You can select **Local network scan**
and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached or you can fine tune it by providing
specific network ranges in **Scan target list**. Scanning local network is more realistic, but providing specific
targets will make scanning process substantially faster.
- **(Optional) Internal -> Network -> TCP scanner** You can add custom ports your organization is using.
- **(Optional) Monkey -> Post Breach Actions** If you only want to test propagation in the network, you can turn off
all post breach actions. These actions simulate attacker's behaviour after getting access to a new system, but in no
way helps to exploit new machines.
![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector")
## Assessing results
Check infection map and security report to see how far monkey managed to propagate in the network and which
vulnerabilities it used in doing so. If you left post breach actions selected, you should also check ATT&CK and
Zero Trust reports.
![Map](/images/usage/use-cases/map-full-cropped.png "Map")

View File

@ -0,0 +1,51 @@
---
title: "Network Segmentation"
date: 2020-08-12T13:05:05+03:00
draft: false
description: "Test network segmentation policies for apps that need ringfencing or tiers that require microsegmentation."
weight: 3
---
## Overview
Segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to
isolate workloads from one another and secure them individually, typically using policies.
A useful way to test the effectiveness of your segmentation is to ensure that your network segments are
properly separated, e,g, your Development is separated from your Production, your applications are separated from one
another etc. To security test is to verify that your network segmentation is configured properly. This way you make
sure that even if a certain attacker has breached your defenses, it cant move laterally from point A to point B.
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing
the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with
its cross-segment traffic testing feature.
## Configuration
#### Important configuration values:
- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
subnets that should be segregated from each other. If any of provided networks can reach each other, you'll see it
in security report.
- **(Optional) Network -> Scope** You can disable **Local network scan** and leave other options by default if you only want to
test for network segmentation without any lateral movement.
- **(Optional) Monkey -> Post Breach Actions** If you only want to test segmentation in the network, you can turn off
all post breach actions. These actions simulate attacker's behaviour after getting access to a new system, so they
might trigger your defence solutions which will interrupt segmentation test.
Execute Monkeys on machines in different subnetworks manually, by choosing “**1. Run Monkey**” from the left sidebar menu
and clicking on “**Run on machine of your choice**”.
Alternatively, you could provide valid credentials and allow Monkey to propagate to relevant subnetworks by itself.
Note that if Monkey can't communicate to the Island, it will
not be able to send scan results, so make sure all machines can reach the island.
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
## Assessing results
Check infection map and security report for segmentation problems. Ideally, all scanned nodes should only have
edges with the Island Server.
![Map](/images/usage/use-cases/segmentation-map.PNG "Map")

View File

@ -0,0 +1,42 @@
---
title: "Other"
date: 2020-08-12T13:07:55+03:00
draft: false
description: "Tips and tricks about configuring monkey for your needs."
weight: 100
---
## Overview
This page provides additional information about configuring monkeys, tips and tricks and creative usage scenarios.
## ATT&CK & Zero Trust scanning
You can use **ATT&CK** configuration section to select which techniques you want to scan. Keep in mind that ATT&CK
matrix configuration just changes the overall configuration by modifying related fields, thus you should start by
modifying and saving the matrix. After that you can change credentials and scope of the scan, but exploiters,
post breach actions and other configuration values will be already chosen based on ATT&CK matrix and shouldn't be
modified.
There's currently no way to configure monkey using Zero Trust framework, but regardless of configuration options,
you'll always be able to see ATT&CK and Zero Trust reports.
## Tips and tricks
- Use **Monkey -> Persistent scanning** configuration section to either have periodic scans or to increase
reliability of exploitations.
- To increase propagation run monkey as root/administrator. This will ensure that monkey will gather credentials
on current system and use them to move laterally.
- Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the islands configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
- To see the Monkey executing in real-time on your servers, add the **post-breach action** command: `wall “Infection Monkey was here”`. This post breach command will broadcast a message across all open terminals on the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server. let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored inside your network. See below:
![How to configure post breach commands](/images/usage/scenarios/pba-example.png "How to configure post breach commands.")
- If you're scanning a large network, consider narrowing the scope and scanning it bit by bit if scan times become too
long. Lowering the amount of credentials, exploiters or post breach actions can also help to lower scanning times.

View File

@ -0,0 +1 @@
<link rel="shortcut icon" href="{{ .Site.BaseURL }}/images/favicon.ico" type="image/x-icon" />

View File

@ -0,0 +1,8 @@
<div style="width: 100%;">
<a id="logo" href="{{ .Site.BaseURL }}" style="width: 100%;">
<video autoplay loop muted playsinline style="width: 100%;">
<source src="{{ .Site.BaseURL }}/images/logo.webm" type="video/webm">
<source src="{{ .Site.BaseURL }}/images/logo.mp4" type="video/mp4">
</video>
</a>
</div>

View File

@ -0,0 +1,92 @@
<link rel="stylesheet" href="css/bootstrap-grid.min.css">
<!-- Lifting specific elements from bootstrap -->
<style>
.justify-content-start {
-ms-flex-pack: start !important;
justify-content: flex-start !important;
}
.justify-content-end {
-ms-flex-pack: end !important;
justify-content: flex-end !important;
}
.justify-content-center {
-ms-flex-pack: center !important;
justify-content: center !important;
}
.justify-content-between {
-ms-flex-pack: justify !important;
justify-content: space-between !important;
}
.justify-content-around {
-ms-flex-pack: distribute !important;
justify-content: space-around !important;
}
.shadow {
box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15) !important;
}
.d-block {
display: block !important;
}
.text-center {
text-align: center !important;
}
.mb-4,
.my-4 {
margin-bottom: 1.5rem !important;
}
.pr-4,
.px-4 {
padding-right: 1.5rem !important;
}
.pt-5,
.py-5 {
padding-top: 3rem !important;
}
.mb-3,
.my-3 {
margin-bottom: 1rem !important;
}
.mt-0,
.my-0 {
margin-top: 0 !important;
}
</style>
<section id="homepage-shortcuts">
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-3 col-sm-6 mb-3">
<a href="setup/" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-cogs d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Setup</h4>
<p class="mb-0">See how to install the Infection Monkey.</p>
</a>
</div>
<div class="col-lg-3 col-sm-6 mb-3">
<a href="usage/getting-started/" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-play-circle d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Getting Started</h4>
<p class="mb-0">Set the Monkey wild in your datacenter.</p>
</a>
</div>
<div class="col-lg-3 col-sm-6 mb-3">
<a href="usage/use-cases" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Use Cases</h4>
<p class="mb-0">Learn about use cases of the Infection Monkey.</p>
</a>
</div>
<div class="col-lg-3 col-sm-6 mb-3">
<a href="faq/" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-question d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">FAQs</h4>
<p class="mb-0">Read common questions and answers.</p>
</a>
</div>
</div>
</div>
</section>

View File

@ -0,0 +1 @@
<span class="label {{ .Get 0 }}"><strong>{{ .Get 1 }}</strong></span>

4556
docs/static/css/all.css vendored Normal file

File diff suppressed because it is too large Load Diff

5
docs/static/css/all.min.css vendored Normal file

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

15
docs/static/css/brands.css vendored Normal file
View File

@ -0,0 +1,15 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face {
font-family: 'Font Awesome 5 Brands';
font-style: normal;
font-weight: 400;
font-display: block;
src: url("../webfonts/fa-brands-400.eot");
src: url("../webfonts/fa-brands-400.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-brands-400.woff2") format("woff2"), url("../webfonts/fa-brands-400.woff") format("woff"), url("../webfonts/fa-brands-400.ttf") format("truetype"), url("../webfonts/fa-brands-400.svg#fontawesome") format("svg"); }
.fab {
font-family: 'Font Awesome 5 Brands';
font-weight: 400; }

5
docs/static/css/brands.min.css vendored Normal file
View File

@ -0,0 +1,5 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face{font-family:"Font Awesome 5 Brands";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-brands-400.eot);src:url(../webfonts/fa-brands-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-brands-400.woff2) format("woff2"),url(../webfonts/fa-brands-400.woff) format("woff"),url(../webfonts/fa-brands-400.ttf) format("truetype"),url(../webfonts/fa-brands-400.svg#fontawesome) format("svg")}.fab{font-family:"Font Awesome 5 Brands";font-weight:400}

4522
docs/static/css/fontawesome.css vendored Normal file

File diff suppressed because it is too large Load Diff

5
docs/static/css/fontawesome.min.css vendored Normal file

File diff suppressed because one or more lines are too long

13
docs/static/css/labels.css vendored Normal file
View File

@ -0,0 +1,13 @@
.label {
color: white;
padding: 3px;
border-radius: 5px;
-moz-border-radius: 5px;
}
.success {background-color: #4CAF50;} /* Green */
.info {background-color: #2196F3;} /* Blue */
.warning {background-color: #ff9800;} /* Orange */
.danger {background-color: #f44336;} /* Red */
.unused {background-color: #8d8d8d;} /* Dark Gray */
.disabled {background-color: #cfcfcf; color: black;} /* Light Gray */

15
docs/static/css/regular.css vendored Normal file
View File

@ -0,0 +1,15 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face {
font-family: 'Font Awesome 5 Free';
font-style: normal;
font-weight: 400;
font-display: block;
src: url("../webfonts/fa-regular-400.eot");
src: url("../webfonts/fa-regular-400.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-regular-400.woff2") format("woff2"), url("../webfonts/fa-regular-400.woff") format("woff"), url("../webfonts/fa-regular-400.ttf") format("truetype"), url("../webfonts/fa-regular-400.svg#fontawesome") format("svg"); }
.far {
font-family: 'Font Awesome 5 Free';
font-weight: 400; }

5
docs/static/css/regular.min.css vendored Normal file
View File

@ -0,0 +1,5 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-regular-400.eot);src:url(../webfonts/fa-regular-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-regular-400.woff2) format("woff2"),url(../webfonts/fa-regular-400.woff) format("woff"),url(../webfonts/fa-regular-400.ttf) format("truetype"),url(../webfonts/fa-regular-400.svg#fontawesome) format("svg")}.far{font-family:"Font Awesome 5 Free";font-weight:400}

View File

@ -0,0 +1,10 @@
/* Add a shadow around images in content pages. Most of our content is screenshots, and the Island's background merges with
the documentation background. Only #body-inner so that the Logo image won't get a border around it */
#body-inner img {
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
}
/* We don't want shadow around this image in particular */
#body-inner img[src*="/images/monkey-teacher.svg"] {
box-shadow: none; !important;
}

16
docs/static/css/solid.css vendored Normal file
View File

@ -0,0 +1,16 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face {
font-family: 'Font Awesome 5 Free';
font-style: normal;
font-weight: 900;
font-display: block;
src: url("../webfonts/fa-solid-900.eot");
src: url("../webfonts/fa-solid-900.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-solid-900.woff2") format("woff2"), url("../webfonts/fa-solid-900.woff") format("woff"), url("../webfonts/fa-solid-900.ttf") format("truetype"), url("../webfonts/fa-solid-900.svg#fontawesome") format("svg"); }
.fa,
.fas {
font-family: 'Font Awesome 5 Free';
font-weight: 900; }

5
docs/static/css/solid.min.css vendored Normal file
View File

@ -0,0 +1,5 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:900;font-display:block;src:url(../webfonts/fa-solid-900.eot);src:url(../webfonts/fa-solid-900.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-solid-900.woff2) format("woff2"),url(../webfonts/fa-solid-900.woff) format("woff"),url(../webfonts/fa-solid-900.ttf) format("truetype"),url(../webfonts/fa-solid-900.svg#fontawesome) format("svg")}.fa,.fas{font-family:"Font Awesome 5 Free";font-weight:900}

371
docs/static/css/svg-with-js.css vendored Normal file
View File

@ -0,0 +1,371 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
svg:not(:root).svg-inline--fa {
overflow: visible; }
.svg-inline--fa {
display: inline-block;
font-size: inherit;
height: 1em;
overflow: visible;
vertical-align: -.125em; }
.svg-inline--fa.fa-lg {
vertical-align: -.225em; }
.svg-inline--fa.fa-w-1 {
width: 0.0625em; }
.svg-inline--fa.fa-w-2 {
width: 0.125em; }
.svg-inline--fa.fa-w-3 {
width: 0.1875em; }
.svg-inline--fa.fa-w-4 {
width: 0.25em; }
.svg-inline--fa.fa-w-5 {
width: 0.3125em; }
.svg-inline--fa.fa-w-6 {
width: 0.375em; }
.svg-inline--fa.fa-w-7 {
width: 0.4375em; }
.svg-inline--fa.fa-w-8 {
width: 0.5em; }
.svg-inline--fa.fa-w-9 {
width: 0.5625em; }
.svg-inline--fa.fa-w-10 {
width: 0.625em; }
.svg-inline--fa.fa-w-11 {
width: 0.6875em; }
.svg-inline--fa.fa-w-12 {
width: 0.75em; }
.svg-inline--fa.fa-w-13 {
width: 0.8125em; }
.svg-inline--fa.fa-w-14 {
width: 0.875em; }
.svg-inline--fa.fa-w-15 {
width: 0.9375em; }
.svg-inline--fa.fa-w-16 {
width: 1em; }
.svg-inline--fa.fa-w-17 {
width: 1.0625em; }
.svg-inline--fa.fa-w-18 {
width: 1.125em; }
.svg-inline--fa.fa-w-19 {
width: 1.1875em; }
.svg-inline--fa.fa-w-20 {
width: 1.25em; }
.svg-inline--fa.fa-pull-left {
margin-right: .3em;
width: auto; }
.svg-inline--fa.fa-pull-right {
margin-left: .3em;
width: auto; }
.svg-inline--fa.fa-border {
height: 1.5em; }
.svg-inline--fa.fa-li {
width: 2em; }
.svg-inline--fa.fa-fw {
width: 1.25em; }
.fa-layers svg.svg-inline--fa {
bottom: 0;
left: 0;
margin: auto;
position: absolute;
right: 0;
top: 0; }
.fa-layers {
display: inline-block;
height: 1em;
position: relative;
text-align: center;
vertical-align: -.125em;
width: 1em; }
.fa-layers svg.svg-inline--fa {
-webkit-transform-origin: center center;
transform-origin: center center; }
.fa-layers-text, .fa-layers-counter {
display: inline-block;
position: absolute;
text-align: center; }
.fa-layers-text {
left: 50%;
top: 50%;
-webkit-transform: translate(-50%, -50%);
transform: translate(-50%, -50%);
-webkit-transform-origin: center center;
transform-origin: center center; }
.fa-layers-counter {
background-color: #ff253a;
border-radius: 1em;
-webkit-box-sizing: border-box;
box-sizing: border-box;
color: #fff;
height: 1.5em;
line-height: 1;
max-width: 5em;
min-width: 1.5em;
overflow: hidden;
padding: .25em;
right: 0;
text-overflow: ellipsis;
top: 0;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: top right;
transform-origin: top right; }
.fa-layers-bottom-right {
bottom: 0;
right: 0;
top: auto;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: bottom right;
transform-origin: bottom right; }
.fa-layers-bottom-left {
bottom: 0;
left: 0;
right: auto;
top: auto;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: bottom left;
transform-origin: bottom left; }
.fa-layers-top-right {
right: 0;
top: 0;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: top right;
transform-origin: top right; }
.fa-layers-top-left {
left: 0;
right: auto;
top: 0;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: top left;
transform-origin: top left; }
.fa-lg {
font-size: 1.33333em;
line-height: 0.75em;
vertical-align: -.0667em; }
.fa-xs {
font-size: .75em; }
.fa-sm {
font-size: .875em; }
.fa-1x {
font-size: 1em; }
.fa-2x {
font-size: 2em; }
.fa-3x {
font-size: 3em; }
.fa-4x {
font-size: 4em; }
.fa-5x {
font-size: 5em; }
.fa-6x {
font-size: 6em; }
.fa-7x {
font-size: 7em; }
.fa-8x {
font-size: 8em; }
.fa-9x {
font-size: 9em; }
.fa-10x {
font-size: 10em; }
.fa-fw {
text-align: center;
width: 1.25em; }
.fa-ul {
list-style-type: none;
margin-left: 2.5em;
padding-left: 0; }
.fa-ul > li {
position: relative; }
.fa-li {
left: -2em;
position: absolute;
text-align: center;
width: 2em;
line-height: inherit; }
.fa-border {
border: solid 0.08em #eee;
border-radius: .1em;
padding: .2em .25em .15em; }
.fa-pull-left {
float: left; }
.fa-pull-right {
float: right; }
.fa.fa-pull-left,
.fas.fa-pull-left,
.far.fa-pull-left,
.fal.fa-pull-left,
.fab.fa-pull-left {
margin-right: .3em; }
.fa.fa-pull-right,
.fas.fa-pull-right,
.far.fa-pull-right,
.fal.fa-pull-right,
.fab.fa-pull-right {
margin-left: .3em; }
.fa-spin {
-webkit-animation: fa-spin 2s infinite linear;
animation: fa-spin 2s infinite linear; }
.fa-pulse {
-webkit-animation: fa-spin 1s infinite steps(8);
animation: fa-spin 1s infinite steps(8); }
@-webkit-keyframes fa-spin {
0% {
-webkit-transform: rotate(0deg);
transform: rotate(0deg); }
100% {
-webkit-transform: rotate(360deg);
transform: rotate(360deg); } }
@keyframes fa-spin {
0% {
-webkit-transform: rotate(0deg);
transform: rotate(0deg); }
100% {
-webkit-transform: rotate(360deg);
transform: rotate(360deg); } }
.fa-rotate-90 {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";
-webkit-transform: rotate(90deg);
transform: rotate(90deg); }
.fa-rotate-180 {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";
-webkit-transform: rotate(180deg);
transform: rotate(180deg); }
.fa-rotate-270 {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";
-webkit-transform: rotate(270deg);
transform: rotate(270deg); }
.fa-flip-horizontal {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";
-webkit-transform: scale(-1, 1);
transform: scale(-1, 1); }
.fa-flip-vertical {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";
-webkit-transform: scale(1, -1);
transform: scale(1, -1); }
.fa-flip-both, .fa-flip-horizontal.fa-flip-vertical {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";
-webkit-transform: scale(-1, -1);
transform: scale(-1, -1); }
:root .fa-rotate-90,
:root .fa-rotate-180,
:root .fa-rotate-270,
:root .fa-flip-horizontal,
:root .fa-flip-vertical,
:root .fa-flip-both {
-webkit-filter: none;
filter: none; }
.fa-stack {
display: inline-block;
height: 2em;
position: relative;
width: 2.5em; }
.fa-stack-1x,
.fa-stack-2x {
bottom: 0;
left: 0;
margin: auto;
position: absolute;
right: 0;
top: 0; }
.svg-inline--fa.fa-stack-1x {
height: 1em;
width: 1.25em; }
.svg-inline--fa.fa-stack-2x {
height: 2em;
width: 2.5em; }
.fa-inverse {
color: #fff; }
.sr-only {
border: 0;
clip: rect(0, 0, 0, 0);
height: 1px;
margin: -1px;
overflow: hidden;
padding: 0;
position: absolute;
width: 1px; }
.sr-only-focusable:active, .sr-only-focusable:focus {
clip: auto;
height: auto;
margin: 0;
overflow: visible;
position: static;
width: auto; }
.svg-inline--fa .fa-primary {
fill: var(--fa-primary-color, currentColor);
opacity: 1;
opacity: var(--fa-primary-opacity, 1); }
.svg-inline--fa .fa-secondary {
fill: var(--fa-secondary-color, currentColor);
opacity: 0.4;
opacity: var(--fa-secondary-opacity, 0.4); }
.svg-inline--fa.fa-swap-opacity .fa-primary {
opacity: 0.4;
opacity: var(--fa-secondary-opacity, 0.4); }
.svg-inline--fa.fa-swap-opacity .fa-secondary {
opacity: 1;
opacity: var(--fa-primary-opacity, 1); }
.svg-inline--fa mask .fa-primary,
.svg-inline--fa mask .fa-secondary {
fill: black; }
.fad.fa-inverse {
color: #fff; }

5
docs/static/css/svg-with-js.min.css vendored Normal file

File diff suppressed because one or more lines are too long

2172
docs/static/css/v4-shims.css vendored Normal file

File diff suppressed because it is too large Load Diff

5
docs/static/css/v4-shims.min.css vendored Normal file

File diff suppressed because one or more lines are too long

Some files were not shown because too many files have changed in this diff Show More