p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #681 from guardicore/602/documentation-framework 

602/documentation framework
This commit is contained in:
Shay Nehmad 2020-06-29 18:52:28 +03:00 committed by GitHub
parent 6cc4c85132 5f649ca056
commit c20158c37e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
116 changed files with 22509 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored
View File

@ -2,3 +2,6 @@
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
path = monkey/monkey_island/cc/services/attack/attack_data
url = https://github.com/guardicore/cti
[submodule "docs/themes/learn"]
path = docs/themes/learn
url = https://github.com/ShayNehmad/hugo-theme-learn.git

15
.travis.yml
View File

@ -33,6 +33,17 @@ install:
- node --version
- npm --version
# linuxbrew (for hugo)
- git clone https://github.com/Homebrew/brew ~/.linuxbrew/Homebrew
- mkdir ~/.linuxbrew/bin
- ln -s ~/.linuxbrew/Homebrew/bin/brew ~/.linuxbrew/bin
- eval $(~/.linuxbrew/bin/brew shellenv)
# hugo (for documentation)
- brew install hugo
# print hugo version (useful for debugging documentation build errors)
- hugo version
before_script:
# Set the server config to `testing`. This is required for for the UTs to pass.
- python monkey/monkey_island/cc/set_server_config.py testing
@ -68,6 +79,10 @@ script:
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=70
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
# Build documentation
- cd $TRAVIS_BUILD_DIR/docs
- hugo --verbose --environment staging
after_success:
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
- bash <(curl -s https://codecov.io/bash)

2
docs/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/public/
/resources/_gen/

5
docs/README.md Normal file
View File

@ -0,0 +1,5 @@
# Monkey documentation
This folder contains the Monkey Documentation site.
For more information see `content/development/contribute-documentation.md`.

6
docs/archetypes/default.md Normal file
View File

@ -0,0 +1,6 @@
---
title: "{{ replace .Name "-" " " | title }}"
date: {{ .Date }}
draft: true
---

69
docs/config/_default/config.toml Normal file
View File

@ -0,0 +1,69 @@
# when deploying to prod, use baseURL = "https://www.guardicore.com/infectionmonkey/docs"
# baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
baseURL = ""
languageCode = "en-us"
title = "Guardicore Infection Monkey - Documentation Hub"
theme = "learn"
[params]
# Change default color scheme with a variant one. See it in the themes folder.
themeVariant = "monkey"
# Prefix URL to edit current page. Will display an "Edit this page" button on top right hand corner of every page.
editURL = "https://github.com/guardicore/monkey/edit/develop/docs/content/"
# Author of the site, will be used in meta information
author = "Guardicore"
# Description of the site, will be used in meta information
description = "Guardicore Infection Monkey - Documentation hub"
# Shows a checkmark for visited pages on the menu
showVisitedLinks = false
# Disable search function. It will hide search bar
disableSearch = false
# Javascript and CSS cache are automatically busted when new version of site is generated.
# Set this to true to disable this behavior (some proxies don't handle well this optimization)
disableAssetsBusting = false
# Set this to true to disable copy-to-clipboard button for inline code.
disableInlineCopyToClipBoard = false
# A title for shortcuts in menu is set by default. Set this to true to disable it.
disableShortcutsTitle = false
# When using mulitlingual website, disable the switch language button.
disableLanguageSwitchingButton = false
# Hide breadcrumbs in the header and only show the current page title
disableBreadcrumb = false
# Hide Next and Previous page buttons normally displayed full height beside content
disableNextPrev = true
# Order sections in menu by "weight" or "title". Default to "weight"
ordersectionsby = "weight"
# Provide a list of custom css files to load relative from the `static/` folder in the site root.
custom_css = ["css/labels.css", "css/shadow_around_images.css"]
[outputs]
home = ["HTML", "RSS", "JSON"]
[[menu.shortcuts]]
name = "<i class='fas fa-home'></i> Homepage"
identifier = "homepage"
url = "https://infectionmonkey.com"
weight = 10
[[menu.shortcuts]]
name = "<i class='fab fa-github'></i> GitHub"
identifier = "github"
url = "https://github.com/guardicore/monkey"
weight = 20
[[menu.shortcuts]]
name = "<i class='fab fa-slack'></i> Slack"
identifier = "slack"
url = "https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU"
weight = 30
[[menu.shortcuts]]
name = "<i class='fas fa-inbox'></i> Email"
identifier = "email"
url = "mailto:support@infectionmonkey.com"
weight = 40
# Enables raw html in markdown.
[markup.goldmark.renderer]
unsafe = true

2
docs/config/production/config.toml Normal file
View File

@ -0,0 +1,2 @@
baseURL = "https://www.guardicore.com/infectionmonkey/docs"
canonifyURLs = true

2
docs/config/staging/config.toml Normal file
View File

@ -0,0 +1,2 @@
baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
canonifyURLs = true

154
docs/content/FAQ/_index.md Normal file
View File

@ -0,0 +1,154 @@
---
title: "FAQ"
date: 2020-06-18T15:11:52+03:00
draft: false
pre: "<i class='fas fa-question'></i> "
---
Here are some of the most common questions we receive about the Infection Monkey. If the answer youre looking for isnt here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
- [Where can I get the latest Monkey version? 📰](#where-can-i-get-the-latest-monkey-version)
- [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit)
- [Should I run the Monkey continuously?](#should-i-run-the-monkey-continuously)
- [Which queries does Monkey perform to the Internet exactly?](#which-queries-does-monkey-perform-to-the-internet-exactly)
- [Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?](#where-can-i-find-the-log-files-of-the-monkey-and-the-monkey-island-and-how-can-i-read-them)
- [Monkey Island](#monkey-island)
- [Monkey agent](#monkey-agent)
- [Running the Monkey in a production environment](#running-the-monkey-in-a-production-environment)
- [How much of a footprint does the Monkey leave?](#how-much-of-a-footprint-does-the-monkey-leave)
- [Whats the Monkeys impact on system resources usage?](#whats-the-monkeys-impact-on-system-resources-usage)
- [Is it safe to use real passwords and usernames in the Monkeys configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-monkeys-configuration)
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
- [How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-monkey-will-the-monkey-crash-my-systems-with-its-exploits)
- [After Ive set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey)
- [How can I make the monkey propagate “deeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network)
- [The report returns a blank screen](#the-report-returns-a-blank-screen)
- [How can I get involved with the project? 👩‍💻👨‍💻](#how-can-i-get-involved-with-the-project)
## Where can I get the latest Monkey version? 📰
For the latest **stable** release for users, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
If you want to see what has changed between versions, refer to the [releases page on GitHub](https://github.com/guardicore/monkey/releases). For the latest development version, visit the [develop version on GitHub](https://github.com/guardicore/monkey/tree/develop).
## How long does a single Monkey run for? Is there a time limit?
The Monkey shuts off either when it can't find new victims, or when it has exceeded the quota of victims as defined in the configuration.
## Should I run the Monkey continuously?
Yes! This will allow you to verify that no new security issues were identified by the Monkey since the last time you ran it.
Does the Infection Monkey require a connection to the Internet?
The Infection Monkey does not require internet access to function.
If internet access is available, the Monkey will use the Internet for two purposes:
- To check for updates.
- To check if machines can reach the internet.
### Which queries does Monkey perform to the Internet exactly?
The Monkey performs queries out to the Internet on two separate occasions:
1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `updates.infectionmonkey.com` and `www.google.com`. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
1. After installation of the Monkey Island, the Monkey Island sends a request to check for updates. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g. Windows Server, Debian Package, AWS Marketplace, etc.) and the server's version (e.g. "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However due to the anonymous nature of this data we use this to get an aggregate assumption as to how many deployments we see over a specific time period - no "personal" tracking.
## Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?
### Monkey Island
The Monkey Islands log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal logfile”, like so:
![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
It can also be found as a local file on the Monkey Island server, where the Monkey Island was executed, called `info.log`.
The log enables you to see which requests were requested from the server, and extra logs from the backend logic. The log will contain entries like these ones for example:
```log
2019-07-23 10:52:23,927 - wsgi.py:374 - _log() - INFO - 200 GET /api/local-monkey (10.15.1.75) 17.54ms
2019-07-23 10:52:23,989 - client_run.py:23 - get() - INFO - Monkey is not running
2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting
```
### Monkey agent
The Monkey log file can be found in the following paths on machines where it was executed:
- Path on Linux: `/tmp/user-1563`
- Path on Windows: `%temp%\\~df1563.tmp`
The logs contain information about the internals of the Monkeys execution. The log will contain entries like these ones for example:
```log
2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
2019-07-22 19:16:44,231 [77598:140654230214464:INFO] monkey.initialize.54: Monkey is initializing...
2019-07-22 19:16:44,231 [77598:140654230214464:DEBUG] system_singleton.try_lock.95: Global singleton mutex '{2384ec59-0df8-4ab9-918c-843740924a28}' acquired
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] monkey.initialize.81: Added default server: 10.15.1.96:5000
2019-07-22 19:16:44,234 [77598:140654230214464:INFO] monkey.start.87: Monkey is running...
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] control.find_server.65: Trying to wake up with Monkey Island servers list: ['10.15.1.96:5000', '192.0.2.0:5000']
2019-07-22 19:16:44,235 [77598:140654230214464:DEBUG] control.find_server.78: Trying to connect to server: 10.15.1.96:5000
2019-07-22 19:16:44,238 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): 10.15.1.96:5000
2019-07-22 19:16:44,249 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://10.15.1.96:5000 "GET /api?action=is-up HTTP/1.1" 200 15
2019-07-22 19:16:44,253 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): updates.infectionmonkey.com:443
2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
```
## Running the Monkey in a production environment
### How much of a footprint does the Monkey leave?
The Monkey leaves hardly any trace on the target system. It will leave:
- Log files in the following locations:
- Path on Linux: `/tmp/user-1563`
- Path on Windows: `%temp%\\~df1563.tmp`
### Whats the Monkeys impact on system resources usage?
The Infection Monkey uses less than single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or via [opening an issue on GitHub](https://github.com/guardicore/monkey).
### Is it safe to use real passwords and usernames in the Monkeys configuration?
Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island.
We advise to limit access to the Monkey Island server by following our [password protection guide](../usage/island/password-guide).
### How do you store sensitive information on Monkey Island?
Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Islands database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines.
When you reset the Monkey Island configuration, the Monkey Island wipes the information.
### How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?
The Monkey does not use any exploits or attacks that may impact the victim system.
This means we avoid using some very strong (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we arent using it.
## After Ive set up Monkey Island, how can I execute the Monkey?
See our detailed [getting started](../content/usage/getting-started) guide.
## How can I make the monkey propagate “deeper” into the network?
If you wish to simulate a very “deep” attack into your network, you can try to increase the *propagation depth* parameter in the configuration. This parameter tells the Monkey how far to propagate into your network from the “patient zero” machine in which it was launched manually.
To do this, change the “Distance from Island” parameter in the “Basic - Network” tab of the configuration:
![How to increase propagation depth](/images/faq/prop_depth.png "How to increase propagation depth")
## The report returns a blank screen
This is sometimes caused when Monkey Island is installed with an old version of MongoDB. Make sure your MongoDB version is up to date using the `mongod --version` command on Linux or the `mongod -version` command on Windows. If your version is older than **4.0.10**, this might be the problem. To update your Mongo version:
- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/).
- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of mongodb using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Island again and everything should work.
## How can I get involved with the project? 👩‍💻👨‍💻
The Monkey is an open-source project, and we weclome contributions and contributors. Check out the [contribution documentation](../development) for more information.

30
docs/content/_index.md Normal file
View File

@ -0,0 +1,30 @@
---
title: "Infection Monkey Documentation Hub"
date: 2020-05-26T18:15:37+03:00
draft: false
---
# Infection Monkey documentation hub
{{< homepage_shortcuts >}}
## What is Infection Monkey?
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island Command and Control server.
![Infection Monkey Documentation Hub Logo](/images/monkey-teacher.svg?height=400px "Infection Monkey Documentation Hub Logo")
The Infection Monkey is comprised of two parts:
* Monkey - A tool which infects other machines and propagates to them.
* Monkey Island - A dedicated UI to visualize the Infection Monkey's progress inside the data center.
To read more about the Monkey and download it, visit [our homepage](https://infectionmonkey.com/).
## Getting Started
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides](setup), and read our [getting started guide](usage/getting-started) for a quick-start on Monkey!
## Support and community
If you need help or want to talk all things Monkey, you can [join our public Slack workspace](https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU) or [contact us via Email](mailto:support@infectionmonkey.com).

43
docs/content/development/_index.md Normal file
View File

@ -0,0 +1,43 @@
+++
title = "Contribute"
date = 2020-05-26T20:55:04+03:00
weight = 30
chapter = true
pre = '<i class="fas fa-code"></i> '
tags = ["development", "contribute"]
+++
# Securing networks together
Want to help secure networks? That's great!
## How should I start?
Here's a few short links to help you get started.
* [Getting up and running](../setup-development-environment) - To help you get a working development setup.
* [Contributing guidelines](https://github.com/guardicore/monkey/blob/master/CONTRIBUTING.md) - Some guidelines to help you submit.
## What are we looking for?
You can take a look at [our roadmap](https://github.com/guardicore/monkey/projects/5) to see what issues we're thinking about doing soon. We are looking for:
### More exploits! 💥
The best way to find weak spots in the network is by attacking it. The [Exploit template](https://github.com/guardicore/monkey/wiki/Exploit-templates) page will help you add exploits.
It's important to note that the Infection Monkey must be perfectly reliable otherwise no one will use it, so avoid memory corruption exploits _unless they're rock solid_ and focus on the logical vulns such as Shellshock.
### Analysis plugins 🔬
Successfully attacking every server in the network is no good unless the Monkey can explain how to prevent the attack. Whether it's detecting when the Monkey is using stolen credentials or when the Monkey can escape locked down networks, this is the part that actually helps secure different parts.
### Better code 💪
We always want to improve the core Monkey code, to make it smaller, faster and more reliable. If you have an idea of how to do it, or just want to modularise/improve test coverage for the code, do share!
### Documentation 📚
Every project requires better documentation. The Monkey is no different, so feel free to open PRs with suggestions, improvements or issues asking us to document different parts of the Monkey.
The Monkey's documentation is stored in the `/docs/content` directory.

5
docs/content/development/adding-exploits.md Normal file
View File

@ -0,0 +1,5 @@
---
title: "Adding Exploits"
date: 2020-06-08T19:53:00+03:00
draft: true
---

6
docs/content/development/adding-post-breach-actions.md Normal file
View File

@ -0,0 +1,6 @@
---
title: "Adding Post Breach Actions"
date: 2020-06-08T19:53:13+03:00
draft: true
---

6
docs/content/development/adding-system-info-collectors.md Normal file
View File

@ -0,0 +1,6 @@
---
title: "Adding System Info Collectors"
date: 2020-06-09T11:03:42+03:00
draft: true
---

103
docs/content/development/contribute-documentation.md Normal file
View File

@ -0,0 +1,103 @@
---
title: "Contribute Documentation"
date: 2020-06-17T17:31:54+03:00
draft: false
tags: ["contribute"]
---
The `/docs` folder contains the Monkey Documentation site.
The site is based on [Hugo](https://gohugo.io/) and the [learn](https://themes.gohugo.io/theme/hugo-theme-learn/en) theme.
- [Directory Structure](#directory-structure)
- [content](#content)
- [static](#static)
- [config](#config)
- [themes](#themes)
- [layouts and archtypes](#layouts-and-archtypes)
- [public and resources](#public-and-resources)
- [How to contribute](#how-to-contribute)
- [Requirements](#requirements)
- [Adding and editing content](#adding-and-editing-content)
- [Add a new page](#add-a-new-page)
- [Editing an existing page](#editing-an-existing-page)
- [Building the content](#building-the-content)
- [Serve the documentation locally](#serve-the-documentation-locally)
- [Build the content for deployment](#build-the-content-for-deployment)
- [Troubleshooting](#troubleshooting)
- [`Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`](#error-unable-to-locate-config-file-or-config-directory-perhaps-you-need-to-create-a-new-site)
- [`failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?](#failed-to-extract-shortcode-template-for-shortcode-children-not-found-or-theme-doesnt-seem-right)
- [CSS is missing](#css-is-missing)
## Directory Structure
By order of importance:
### content
The most important directory is `/content`: This is the directory which contains the content files. [Read this to understand how pages are organized in that folder](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/pages/).
### static
In this directory you should place images, `css` files, `js` files, and other static content the site should serve. To access that static content in a page, use something similar to this:
```markdown
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
```
### config
This folder controls a lot of parameters regarding the site generation.
### themes
This is the theme we're using. It's a submodule (so to get it you need to run `git submodule update`). It's our own fork of the [learn](https://themes.gohugo.io/hugo-theme-learn/) theme. If we want to make changes to the theme itself or pull updates from the upstream you'll do it here.
### layouts and archtypes
This directory includes custom [HTML partials](https://gohugo.io/templates/partials/), custom [shortcodes](https://gohugo.io/content-management/shortcodes/), and content templates. Best to not mess with the existing stuff here too much, but rather add new things.
### public and resources
These are the build output of `hugo` and should never be `commit`-ed to git.
## How to contribute
### Requirements
You have to [install `hugo`](https://gohugo.io/getting-started/installing/), a text editor that's good for markdown (`vscode` and `vim` are good options), and `git`.
### Adding and editing content
#### Add a new page
Run `hugo new folder/page.md`. Optionally add `--kind chapter` if this is a new chapter page. For example, `hugo new usage/getting-started.md` created the Getting Started page.
#### Editing an existing page
Edit the markdown file(s). [Here's a markdown cheatsheet](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/markdown/). If you want to add images, add them to the `static/images` folder and refer to them by name.
### Building the content
#### Serve the documentation locally
Run `hugo server -D`. The server will be available locally at `http://localhost:1313/`. You can change the content/theme and the site will refresh automatically to reflect your changes.
#### Build the content for deployment
Run `hugo --environment staging` or `hugo --environment production`. This will create a static site in the `public` directory. This directory should be ignored by `git` - **make sure you don't add and commit it by mistake!**
#### Troubleshooting
##### `Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`
What is your working directory? It should be `monkey/docs`.
##### `failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?
Have you ran `git submodule update`?
##### CSS is missing
- Make sure that you're accessing the correct URL.
- Check the `config.toml` file.

24
docs/content/development/setup-development-environment.md Normal file
View File

@ -0,0 +1,24 @@
---
title: "Setting up a development environment"
date: 2020-06-08T19:53:00+03:00
draft: false
tags: ["contribute"]
---
## Deployment scripts
To setup development environment using scripts look at the readme under [`/deployment_scripts`](https://github.com/guardicore/monkey/blob/develop/deployment_scripts). If you want to setup it manually or if run into some problems, read further below.
## Agent
The Agent, (what we refer as the Monkey), is a single Python project under the [`infection_monkey`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey) folder. Built for Python 3.7, you can get it up and running by setting up a [virtual environment](https://docs.python-guide.org/dev/virtualenvs/) and inside it installing the requirements listed under [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/requirements.txt).
In order to compile the Monkey for distribution by the Monkey Island, you need to run the instructions listed in [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/readme.txt) on each supported environment.
This means setting up an environment with Linux 32/64-bit with Python installed and a Windows 64-bit machine with developer tools + 32/64-bit Python versions.
## Monkey Island
The Monkey Island is a Python backend React frontend project. Similar to the agent, the backend's requirements are listed in the matching [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/requirements.txt).
To setup a working front environment, run the instructions listed in the [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/readme.txt)

18
docs/content/setup/_index.md Normal file
View File

@ -0,0 +1,18 @@
+++
title = "Setup"
date = 2020-05-26T20:55:04+03:00
weight = 5
chapter = true
pre = '<i class="fas fa-cogs"></i> '
tags = ["setup"]
+++
# Setting up Infection Monkey
Setting up Infection Monkey is really easy! First, you need to {{% button href="https://infectionmonkey.com/" icon="fas fa-download" %}}download the Infection Monkey from our site{{% /button %}}.
Once you've downloaded an installer, you can follow the relevant guide for your environment:
{{% children %}}
Once you're done setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!

39
docs/content/setup/aws.md Normal file
View File

@ -0,0 +1,39 @@
---
title: "AWS"
date: 2020-05-26T20:57:36+03:00
draft: false
pre: '<i class="fab fa-aws"></i> '
weight: 5
tags: ["setup", "aws"]
---
## Deployment
On the [Infection Monkeys AWS Marketplace page](https://aws.amazon.com/marketplace/pp/GuardiCore-Infection-Monkey/B07B3J7K6D), click **Continue to Subscribe**.
1. Choose the desired region.
1. Choose an EC2 instance type with at least 1GB of RAM for optimal performance or stick with the recommended.
1. Select the VPC and subnet you want the instance to be in.
1. In the Security Group section, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
1. Choose an existing EC2 key pair for authenticating with your new instance.
1. Click **Launch with 1-click.**
At this point, AWS will instance and deploy your new machine.
When ready, you can browse to the Infection Monkey running on your fresh deployment at:
`https://{public-ip}:5000`
You will be presented a login page. Use the username **monkey**, and the new EC2 instaces instance ID for password. You can find the instance id by going to the EC2 console and selecting your instance. It should appear in the details pane below.
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
## Integration with AWS services
The Monkey has built-in integrations with AWS services for better execution and reporting. See [Usage -> Integrations](../../usage/integrations) for more details.
## Upgrading
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

34
docs/content/setup/azure.md Normal file
View File

@ -0,0 +1,34 @@
---
title: "Azure"
date: 2020-05-26T20:57:39+03:00
draft: false
pre: '<i class="fab fa-microsoft"></i> '
weight: 6
tags: ["setup", "azure"]
---
## Deployment
Select [Infection Monkey from the Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/guardicore.infection_monkey) and click **GET IT NOW**.
1. Under **Basics**:
1. Choose a name for your Infection Monkey instance, such as InfectionMonkey.
1. Choose a username and password or provide a SSH public key for authentication.
1. Choose a resource group and the location your instance will be deployed in.
1. Under **Size**
1. Choose a machine size with at least 1GB of RAM for optimal performance.
1. Under **Settings**
1. Choose the network the new instance will be a member of.
1. In the **Network Security Group** field, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
1. Under **Summary**
1. Review the details of the offer and click **Create**.
At this point, Azure will instance and deploy your new machine. When ready, you can browse to the Infection Monkey running on your fresh deployment at:
`https://{public-ip-address}:5000`
## Upgrading
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

64
docs/content/setup/debian.md Normal file
View File

@ -0,0 +1,64 @@
---
title: "Debian"
date: 2020-05-26T20:57:19+03:00
draft: false
pre: '<i class="fab fa-linux"></i> '
weight: 1
disableToc: false
tags: ["setup", "debian"]
---
## Deployment
To extract the `tar.gz` file, run `tar -xvzf monkey-island-debian.tar.gz`.
To deploy the package, once youve extracted it, run the following commands:
```sh
sudo apt update
sudo dpkg -i monkey_island.deb # this might print errors
```
If at this point, dpkg printed errors that look like this:
```sh
dpkg: error processing package gc-monkey-island (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
gc-monkey-island
```
That just means that not all dependencies were pre-installed on your system. Thats no problem! Just run the following command, which will install all dependencies and then install the Monkey Island:
```sh
sudo apt install -f
```
## Troubleshooting
### Trying to install on Ubuntu <16.04
If youre trying to install the Monkey Island on Ubuntu 16.04 or older, you need to install the dependencies yourself, since Python 3.7 is only installable from the `deadsnakes` PPA. To install the Monkey Island on Ubuntu 16.04, follow the following steps:
```sh
sudo apt update
sudo apt-get install libcurl4-openssl-dev
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install python3.7-dev python3.7-venv python3-venv build-essential
sudo dpkg -i monkey_island.deb # this might print errors
sudo apt install -f
```
### The Monkey Island interface isn't accessible after installation
To check the status of the Monkey Island after the installation, run the following command: `sudo service monkey-island status`.
## Upgrading
To upgrade when a new version comes out, download the new Monkey `.deb` file and install it. You should see a message like `Unpacking monkey-island (1.8.2) over (1.8.0)`. After which, the installation should complete successfully.
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

30
docs/content/setup/docker.md Normal file
View File

@ -0,0 +1,30 @@
---
title: "Docker"
date: 2020-05-26T20:57:28+03:00
draft: false
pre: '<i class="fab fa-docker"></i> '
weight: 4
tags: ["setup", "docker"]
---
## Deployment
To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
Once youve extracted the container from the tar.gz file, run the following commands:
```sh
sudo docker load -i dk.monkeyisland.latest.tar
sudo docker pull mongo
sudo mkdir -p /var/monkey-mongo/data/db
sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.8.2
```
## Upgrading
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

62
docs/content/setup/vmware.md Normal file
View File

@ -0,0 +1,62 @@
---
title: "VMware"
date: 2020-05-26T20:57:14+03:00
draft: false
pre: '<i class="fas fa-laptop-code"></i> '
weight: 3
tags: ["setup", "vmware"]
---
## Deployment
1. Deploy the Infection Monkey OVA by choosing Deploy OVF Template and follow the wizard instructions. *Note: make sure port 5000 and 5001 on the machine are accessible for inbound TCP traffic.*
2. Turn on the Infection Monkey VM.
3. Log in to the machine with the following credentials:
1. Username: **monkeyuser**
2. Password: **Noon.Earth.Always**
4. It's recommended to change the machine passwords by running the following commands: `sudo passwd monkeyuser`, `sudo passwd root`.
## OVA network modes
The OVA can be used in one of two modes:
1. In a network with DHCP configured. In this case, the Monkey Island will automatically query and receive an IP address from the network.
1. With a static IP address.
In this case, you should login to the VM console with
username `root` and password `G3aJ9szrvkxTmfAG`. After logging in, edit the interfaces file. You can do that by writing the following command in the prompt:
```sh
sudo nano /etc/network/interfaces
```
And change the lines:
```sh
auto ens160
iface ens160 inet dhcp
```
to the following:
```sh
auto ens160
iface ens160 inet static
address AAA.BBB.CCC.DDD
netmask XXX.XXX.XXX.XXX
gateway YYY.YYY.YYY.YYY
```
Save the changes then run the command
```sh
sudo ifdown ens160 && ifup ens160
```
## Upgrading
There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

35
docs/content/setup/windows.md Normal file
View File

@ -0,0 +1,35 @@
---
title: "Windows"
date: 2020-05-26T20:57:10+03:00
draft: false
pre: '<i class="fab fa-windows"></i> '
weight: 2
tags: ["setup", "windows"]
---
## Deployment
Run the installer, and you should be met with the following screen:
![Windows installer screenshot](../../images/setup/windows/installer-screenshot-1.png "Windows installer screenshot")
1. Follow the steps of the installation.
1. Run the Monkey Island by clicking on the desktop shortcut.
## Troubleshooting
### Missing windows update
The installer requires [Windows update #2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) to be installed. If youre having trouble running the installer, please make sure to install that update via Windows Update or manually from the link.
### Supported browsers
The Monkey Island supports Chrome (and Chrome-based) browsers. Some Windows Servers only have Internet Explorer installed. Make sure to use Chrome or a similar modern browser. [You can download Google Chrome from here](https://www.google.com/chrome/).
## Upgrading
To upgrade, download the new installer and run it. The new Monkey version should be installed over the old one.
If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

13
docs/content/usage/_index.md Normal file
View File

@ -0,0 +1,13 @@
+++
title = "Usage"
date = 2020-05-26T20:57:53+03:00
weight = 10
chapter = true
pre = '<i class="fas fa-users-cog"></i> '
+++
# Usage
If you're just starting with Infection Monkey, check out our [Getting Started](getting-started) page.
If you haven't downloaded Monkey yet, {{% button href="https://www.guardicore.com/infectionmonkey/#download" icon="fas fa-download" %}}Get Infection Monkey here{{% /button %}}!

27
docs/content/usage/accounts-and-security.md Normal file
View File

@ -0,0 +1,27 @@
---
title: "Accounts and Security"
date: 2020-06-22T15:36:56+03:00
draft: false
weight: 50
pre: "<i class='fas fa-user-lock'></i> "
tags: ["usage", "password"]
---
## Security in Infection Monkey
The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.
If you want island to be accessible without credentials press *I want anyone to access the island*. Please note that this option is insecure: you should only pick this for use in development environments.
## Resetting account credentials
To reset credentials edit `monkey_island\cc\server_config.json` by deleting `user` and `password_hash` variables. Then restart the Monkey Island server and you should be prompted with registration form again.
Example `server_config.json` for account reset:
```json
{
"server_config": "password",
"deployment": "develop"
}
```

20
docs/content/usage/configuration/_index.md Normal file
View File

@ -0,0 +1,20 @@
---
title: "Configuration"
date: 2020-06-07T19:08:51+03:00
draft: false
chapter: true
weight: 3
pre: "<i class='fas fa-sliders-h'></i> "
---
# Configure the Monkey
The Monkey is highly configurable. Nearly every part of it can be modified to turn it to a fast acting worm or into a port scanning and system information collecting machine.
{{% notice warning %}}
This section of the documentation is incomplete and under active construction.
{{% /notice %}}
See these documentation pages for information on each configuration value:
{{% children description=true %}}

10
docs/content/usage/configuration/basic-credentials.md Normal file
View File

@ -0,0 +1,10 @@
---
title: "Credentials"
date: 2020-06-09T12:20:08+03:00
draft: false
description: "Configure credentials that the Monkey will use for propagation."
---
In this screen you can feed the Monkey with “stolen” credentials for your network, simulating an attacker with inside knowledge.
![Configure credentials](/images/usage/configruation/credentials.png "Configure credentials")

12
docs/content/usage/configuration/basic-network.md Normal file
View File

@ -0,0 +1,12 @@
---
title: "Network"
date: 2020-06-09T12:20:14+03:00
draft: false
description: "Configure settings related to the Monkey's network activity."
---
Here you can control multiple important settings, such as:
* Network propagation depth - How many hops from the base machine will the Monkey spread
* Local network scan - Should the Monkey attempt to attack any machine in its subnet
* Scanner IP/subnet list - Specific IP ranges that the Monkey should try to attack.

54
docs/content/usage/file-checksums.md Normal file
View File

@ -0,0 +1,54 @@
---
title: "Verify Integrity - Checksums"
date: 2020-06-08T19:53:47+03:00
draft: false
weight: 100
pre: "<i class='fas fa-certificate'></i> "
---
The official distribution of Infection Monkey is compiled and supplied by Guardicore ([download from our official site here](https://www.guardicore.com/infectionmonkey/#download)). The team signs all software packages to certify that a particular Infection Monkey package is a valid and unaltered Infection Monkey release. Before installing Monkey, you should validate the package using the SHA-256 checksum.
## How to get SHA-256 checksum
### On Windows
Use the `Get-FileHash` <i class="fas fa-terminal"></i> PowerShell commandlet, like so:
```powershell
Get-FileHash '.\Monkey Island v1.8.2_3536_windows.exe' | Format-List
# Should print
# Algorithm : SHA256
# Hash : 2BE528685D675C882604D98382ADB739F5BA0A7E234E3569B21F535173BD9569
# Path : C:\Users\shay.nehmad\Desktop\work\compiled monkeys\1.8.2\Monkey Island v1.8.2_3536_windows.exe
```
### On Linux
Use the `sha256sum` <i class="fas fa-terminal"></i> shell command, like so:
```sh
sha256sum monkey-linux-64
# Should print:
# 734dd2580f3d483210daf54c063a0a972911bbe9afb6ebc6278f86cd6b05e7ab monkey-linux-64
```
## Latest version checksums
| Filename | Type | Version | SHA256 hash |
|-|-|-|-|
monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550`
monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f`
monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5`
monkey-linux-32 | Linux Agent | 1.8.2 | `39d3fe1c7b33482a8cb9288d323dde17b539825ab2d736be66a9582764185478`
infection_monkey_deb.tgz | Debian Package | 1.8.2 | `2a6b4b9b846566724ff985c6cc8283222b981b3495dd5a8920b6bc3f34d556e2`
Monkey Island v1.8.2_3536_windows.exe | Windows Installer | 1.8.2 | `2be528685d675c882604d98382adb739f5ba0a7e234e3569b21f535173bd9569`
Monkey Island v1.8.2_3536_windowszt.exe | Windows Installer | 1.8.2 | `f282ce4dd50abe54671948fb5b3baf913087459444e451660971290a72fe244a`
infection_monkey_docker_docker_20200607_172156.tgz | Docker | 1.8.2 | `0e4bc731ef7e8bf19b759709672375890136c008526be454850d334d9ba5012d`
infection_monkey_docker_dockerzt_20200607_172521.tgz | Docker | 1.8.2 | `0f4b0cd6fd54dc14ea50c5d2fb3fc711e9863518bd5bffd04e08a0f17eb99e75`
## All checksums
### 1.8.0 and older
You can find all these checksums in [this page](https://www.guardicore.com/infectionmonkey/checksums.html).

53
docs/content/usage/getting-started.md Normal file
View File

@ -0,0 +1,53 @@
---
title: "Getting Started"
date: 2020-05-26T21:01:12+03:00
draft: false
weight: 1
pre: "<i class='fas fa-play-circle'></i> "
tags: ["usage"]
---
## Using the Infection Monkey
After deploying the Monkey Island in your environment, navigate to `https://<server-ip>:5000`.
### First-time setup
On your first login, you'll be asked to set up a username and password for the Monkey Island server. [See this page for more details](../accounts-and-security).
### Run the Monkey
To get the Infection Monkey running as fast as possible, click **Run Monkey**. Optionally, you can configure the Monkey before you continue by clicking **Configuration** (see [how to configure the monkey](../configuration)).
To run the monkey, select one of the following options:
![Run Page](/images/usage/getting-started/run_page_with_arrows.jpg "Run Page")
1. Click **Run on C&C Server** to run the Infection Monkey on the Monkey Island server. This simulates an attacker trying to propagate through local network from Monkey Island machine.
2. Click **Run on machine of your choice** to download and execute the Infection Monkey on a machine of your choice. Then follow the instructions and execute the generated command on the machine of your choice. This simulates an attacker who has breached one of your servers. The Monkey will map all accessible machines and their open services and try to steal credentials and use its exploits to propagate.
![Run on machine of your choice](/images/usage/getting-started/run_page_button_no_arrow.jpg "Run on machine of your choice")
{{% notice tip %}}
If you're running in an AWS cloud environment, check out [Usage -> Integrations](../../usage/integrations) for information about how Monkey integrates with AWS.
{{% /notice %}}
### Infection Map
Next, click **Infection Map** to see the Infection Monkey in action.
![Run page to infection map page](/images/usage/getting-started/run_page_button.JPG "Run page to infection map page")
At first, the infection map will look like this:
![Start of Monkey execution](/images/usage/getting-started/run_island.JPG "Start of Monkey execution")
Within a few minutes, the Infection Monkey should be able to find and attack accessible machines.
![Middle of Monkey execution](/images/usage/getting-started/single_exploitation.JPG "Middle of Monkey execution")
As the Infection Monkey continues, the map should be filled with accessible and “hacked” machines. Once all the Infection Monkeys have finished propagating, click **Reports** to see the reports. See [Infection Monkey Reports](../reports) for more info.
![End of Monkey execution](/images/usage/getting-started/exploitation_tunneling_arrow.jpg "End of Monkey execution")
Congratulations, you finished first successful execution of the Infection Monkey! 🎉 To thoroughly test your network, you can run the Infection Monkey from different starting locations using different configurations.

14
docs/content/usage/integrations/_index.md Normal file
View File

@ -0,0 +1,14 @@
---
title: "Integrations"
date: 2020-06-28T10:38:05+03:00
draft: false
chapter: true
weight: 10
pre: "<i class='fas fa-directions'></i> "
---
# Integrate the Monkey with 3rd party software
The Monkey likes working together. See these documentation pages for information on each integration the Monkey currently offers:
{{% children description=true %}}

150
docs/content/usage/integrations/aws-run-on-ec2-machine.md Normal file
View File

@ -0,0 +1,150 @@
---
title: "Running the monkey on AWS EC2 instances"
date: 2020-06-28T10:44:05+03:00
draft: false
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
tags: ["aws", "integration"]
---
## When to use this feature
If your network is deployed on Amazon Web Services (with EC2 instances), and you'd like to run the Infection Monkey in order to test it, this page is for you. You can easily run the monkey on **various instances** within your network - in a secure fashion, **without** feeding the Island with any credentials or running shell commands on the machines you want to test.
The results will be exported to AWS security hub automatically, as well. To see more information about that, see the [Infection Monkey and AWS Security Hub documentation](https://github.com/guardicore/monkey/wiki/Infection-Monkey-and-AWS-Security-Hub).
![AWS EC2 logo](/images/usage/integrations/aws-ec2.svg?height=250px "AWS EC2 logo")
## Setup
Assuming your network is already set up in AWS EC2, follow these quick steps to get up and running.
### Monkey Island deployment
In order to run the Monkeys directly from the Monkey Island server, you need to deploy the Monkey Island server to an AWS EC2 instance in the same network which you want to test. For information about deploying the Monkey Island server, see [setup](../../../setup).
### Setup IAM roles
In order for the Island to successfully view your instances, you'll need to set appropriate IAM roles to your instances. You can read more about IAM roles [in Amazon's documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html), but it's not necessary in order to follow this setup.
#### Creating a custom IAM role
Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should like something like this:
![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
#### Applying the IAM role to an instance
For each instance you'd like to access from the island, apply the new IAM role you've just created to the instance. For example:
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-4.png "Applying a custom IAM role")
After applying the IAM role you should see this screen:
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-5.png "Applying a custom IAM role")
**Note: after setting IAM roles, the roles might take a few minutes (up to 10 minutes sometimes) to effectively kick in.** This is how AWS works and is not related to the Monkey implementation. See [this StackOverflow thread for more details.](https://stackoverflow.com/questions/20156043/how-long-should-i-wait-after-applying-an-aws-iam-policy-before-it-is-valid)
### Setup SSM agent
If your EC2 instances don't have the _SSM agent_ installed, they will not be able to execute SSM commands, which means you won't see them in the AWS machines table on the monkey island. Generally speaking, most new EC2 instances ought to have SSM pre-installed; The SSM Agent is installed, by default, on Amazon Linux base AMIs dated 2017.09 and later, and on Amazon Linux 2, Ubuntu Server 16.04, and Ubuntu Server 18.04 LTS AMIs.
See [Amazon's documentation about working with SSM agents](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) for more details on how to check if you have an SSM agent and how to manually install one if you don't have one.
## Usage
### Running the monkey
When you run the monkey island on an AWS instance, the island detects it's running on AWS and present the following option in the _"Run Monkey"_ page, like so:
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-1.png "Running a Monkey on EC2 Instance")
And then you can choose one of the available instances as "patient zero" like so:
1. Click on "Run on AWS"
2. Choose the relevant Network Interface
3. Select the machines you'd like to run the Monkey on
4. Click "Run on Selected Machines", and watch the monkey go! 🐒
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-2.png "Running a Monkey on EC2 Instance")
## Notes
- The machines which can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in AWS IAM documentation.
- You can see the monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
### Appendix A: Specific policy permissions required
The IAM role will need to have, at least, the following specific permissions:
#### For executing the Monkey on other machines - SSM
- `"ssm:SendCommand"`
- `"ssm:DescribeInstanceInformation"`
- `"ssm:GetCommandInvocation"`
Here's the policy of the IAM role, as a JSON object:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ssm:SendCommand",
"ssm:DescribeInstanceInformation",
"ssm:GetCommandInvocation"
],
"Resource": "*"
}
]
}
```
#### For exporting security findings to the Security Hub - security hub
_Note: these can be set on the Monkey Island machine alone, since it's the only one exporting findings to the AWS secutiry hub._
- `"securityhub:UpdateFindings"`
- `"securityhub:BatchImportFindings"`
Here's the policy for SecurityHub, as a JSON object:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"securityhub:UpdateFindings",
"securityhub:BatchImportFindings"
],
"Resource": "*"
}
]
}
```
The JSON object for both of the policies combined therefore is:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ssm:SendCommand",
"ssm:DescribeInstanceInformation",
"securityhub:UpdateFindings",
"securityhub:BatchImportFindings",
"ssm:GetCommandInvocation"
],
"Resource": "*"
}
]
}
```

43
docs/content/usage/integrations/aws-security-hub.md Normal file
View File

@ -0,0 +1,43 @@
---
title: "AWS Security Hub integration"
date: 2020-06-28T10:38:12+03:00
draft: false
description: "Correlate the Monkey's findings with the native security solutions and benchmark scores."
tags: ["aws", "integration"]
---
The Infection Monkey integration with the [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score.
![AWS security hub logo](/images/usage/integrations/AWS-Security-Hub-logo.png "AWS security hub logo")
The integration will send _all_ Infection Monkey findings (typically low tens of findings) to the security hub at the end of a Monkey breach simulation.
## Setup
If the correct permissions have been set on the AWS IAM role of the Monkey Island machine, then the Island will automatically export its findings to the AWS security hub.
### Specific permissions required for security hub
- `"securityhub:UpdateFindings"`
- `"securityhub:BatchImportFindings"`
Note that the integration is specifically between your Monkey Island and the security hub. The Infection Monkey is an free project and there is no centralised infrastructure.
## Integration details
The Infection Monkey reports the following types of issues to the AWS security hub: `Software and Configuration Checks/Vulnerabilities/CVE`.
Specifically, the Island sends findings for all vulnerabilities it finds along with generic findings on the network (such as segmentation issues). Our normalized severity is 100, while most issues we report range between 1 and 10.
## Regions
The Infection Monkey is usable on all public AWS instances.
## Example
After setting up a monkey environment in AWS and attaching the correct IAM roles to the monkey island machine, the report findings were exported to the security hub.
1. Navigate to `Findings`.
2. Press on a specific finding to see more details and possible solutions.
![AWS Security hub console example](images/usage/integrations/security-hub-console-example.png "AWS Security hub console example")

13
docs/content/usage/reports/_index.md Normal file
View File

@ -0,0 +1,13 @@
+++
title = "Reports"
date = 2020-06-24T21:16:03+03:00
weight = 5
chapter = true
pre = "<i class='fas fa-scroll'></i> "
+++
# Infection Monkey's Reports
The Monkey offers three reports:
{{% children %}}

31
docs/content/usage/reports/mitre.md Normal file
View File

@ -0,0 +1,31 @@
---
title: "MITRE ATT&CK report"
date: 2020-06-24T21:17:18+03:00
draft: false
---
The Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base: It provides a new report with the utilized techniques and recommended mitigations, to help you simulate an APT attack on your network and mitigate real attack paths intelligently.
Watch an overview video:
{{% youtube 3tNrlutqazQ %}}
## How to use the report
The MITRE ATT&CK report is centred around the ATT&CK matrix:
![MITRE Report](/images/usage/reports/mitre-report-0.jpg "MITRE Report")
The Monkey rates your network on the attack techniques it attempted. For each technique, you can get
- {{< label danger Red >}}: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed.
- {{< label warning Yellow >}}: The Monkey **tried to use** the technique, but didnt manage to. That means your network isnt vulnerable to the way Monkey employs this technique.
- {{< label other Grey >}}: The Monkey **didn't try** the technique this time. Perhaps it wasn't relevant to this network or wasn't configured.
Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, lets look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique thats a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.png "MITRE Report Credentials Access technique")
In this example, you can see how the Monkey was able to use one old `root` password to access all machines in the network. When scrolling to the bottom of this list, you can also see the mitigation recommended, including **Account Use Policies** and implementing **Multiple Factor Authentication**.
![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access-mitigations.png "MITRE Report Credentials Access technique")

25
docs/content/usage/reports/security.md Normal file
View File

@ -0,0 +1,25 @@
---
title: "Security report"
date: 2020-06-24T21:16:10+03:00
draft: false
---
The report is split into 3 categories:
## Overview
The overview section of the report provides high-level information about the Monkey execution and the main security findings that the Monkey has found.
- [ ] TODO add screenshot
## Recommendations
This section contains the Monkey's recommendations for improving your security - what mitigations you need to implement.
- [ ] TODO add screenshot
## The network from the Monkey's eyes
This section contains the Infection Map and some summary tables on servers the Monkey has found.
- [ ] TODO add screenshot

42
docs/content/usage/reports/zero-trust.md Normal file
View File

@ -0,0 +1,42 @@
---
title: "Zero Trust report"
date: 2020-06-24T21:16:18+03:00
draft: false
---
The Guardicore Infection Monkey runs different tests to evaluate your network adherence to key components of the Zero Trust framework as established by Forrester, such as whether you have applied segmentation, user identity, encryption and more. Then, the Monkey generates a status report with detailed explanations of security gaps and prescriptive instructions on how to rectify them.
## Summary
This diagram provides a quick glance at how your organization scores on each component of the Forresters Zero Trust model with **Failed**, **Verify**, **Passed** and **Unexecuted** verdicts.
- {{< label danger Failed >}} At least one of the tests related to this component failed. This means that the Infection Monkey detected an unmet Zero Trust requirement.
- {{< label warning Verify >}} At least one of the tests results related to this component requires further manual verification.
- {{< label success Passed >}} All Tests related to this pillar passed. No violation of a Zero Trust guiding principle was detected.
- {{< label other Unexecuted >}} This status means no tests were executed for this pillar.
![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary")
## Test Results
See how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust components so you can quickly navigate to the components you care about first.
![Zero Trust Report test results](/images/usage/reports/ztreport2.png "Zero Trust Report test results")
## Findings
Deep-dive into the details of each test, and see the explicit events and exact timestamps in which things happened in your network. This will enable you to match up with your SOC logs and alerts and to gain deeper insight as to what exactly happened during each of the tests.
![Zero Trust Report Findings](/images/usage/reports/ztreport3.png "Zero Trust Report Findings")
## Events
The results are exportable. Click Export after clicking on Events to view them in a machine-readable format.
![Zero Trust Report events](/images/usage/reports/ztreport4.png "Zero Trust Report events")
## Overview Video
You can check out an overview video here:
{{% youtube z4FNu3WCd9o %}}

101
docs/content/usage/scenarios.md Normal file
View File

@ -0,0 +1,101 @@
---
title: "Scenarios"
date: 2020-05-26T21:01:19+03:00
draft: true
weight: 2
tags: ["usage"]
---
In this page we show how you can use the Infection Monkey to simulate breach and attack scenarios as well as to share some cool tips and tricks you can use to up your Infection Monkey game. This page is aimed at both novice and experienced Monkey users. You can also refer to [our FAQ](../../faq) for more specific questions and answers.
Here are a few scenarios that can be replicated in your own environment by executing the Monkey from different locations within the network, or with some tweaks to the Monkeys configuration.
{{% notice note %}}
No worries! The Monkey does not cause any permanent system modifications that impact security or operations. You will be able to track the Monkey using the log files it leaves in well defined locations. [See our FAQ for more details](../faq).
{{% /notice %}}
- [Your network has been breached via internet facing servers](#your-network-has-been-breached-via-internet-facing-servers)
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey)
- [You are the newest victim of a phishing fraud! 🎣](#you-are-the-newest-victim-of-a-phishing-fraud)
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-1)
- [You want to test your network segmentation](#you-want-to-test-your-network-segmentation)
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-2)
- [You want to verify your security solutions, procedures and teams are working as intended](#you-want-to-verify-your-security-solutions-procedures-and-teams-are-working-as-intended)
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-3)
- [Other useful tips](#other-useful-tips)
## Your network has been breached via internet facing servers
Whether it was the [Hex-men campaign](https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit your Internet-facing DB server, a [cryptomining operation that attacked your WordPress site](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/) or any other malicious campaign the attackers are now trying to go deeper into your network.
### Simulate this scenario using the Monkey
To simulate this breach scenario, execute the Infection Monkey on different machines that host internet-facing services such as your web servers (Apache, Tomcat, NGINX…) or your VPN servers. To see how to execute the Monkey on these servers, [refer to this FAQ question](../../faq#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey).
{{% notice tip %}}
If you want to simulate a very “deep” attack into your network, see our [configuration documentation](../configuration).
{{% /notice %}}
After executing the Monkey, evaluate the results of this simulation using the information in the Report page. There you will find a summary of the most important things the simulation has discovered, a detailed report of all the Monkeys findings and more. You can also use the Infection Map to analyze the Monkeys progress through the network, and to see each Monkeys detailed telemetry and logs.
## You are the newest victim of a phishing fraud! 🎣
Almost everyone is prone to phishing attacks. Results of a successful phishing attempt can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
This scenario begins in a section of the network which is a potential phishing spot. Phishing attacks target human users - as such, these types of attacks try to penetrate the network via a service an employee is using, such as an email with an attached malware or social media message with a link redirecting to a malicious website. These are just two examples of where and how an attacker may choose to launch their campaign.
### Simulate this scenario using the Monkey
To simulate the damage from a successful phishing attack using the Infection Monkey, choose machines in your network from potentially problematic group of machines, such as the laptop of one of your heavy email users or one of your strong IT users (think of people who are more likely to correspond with people outside of your organization).
- After setting up the Island add the users **real** credentials (usernames and passwords) to the Monkeys configuration (Dont worry, this sensitive data is not accessible and is not distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Islands configuration). Now you can simulate an attacker attempting to probe deeper in the network with credentials “successfully” phished.
- You can configure these credentials for the Monkey as follows:
From the **“Basic - Credentials”** tab of the Islands configuration, under the **“Exploit password list”** press the + button and add the passwords you would like the Monkey to use. Do the same with usernames in the **“Exploit user list”**.
After supplying the Monkey with the passwords and usernames, execute the Monkey from the simulated “victim” machines. To do this, click “**2. Run Monkey**” from the left sidebar menu and choose “**Run on machine of your choice**”.
## You want to test your network segmentation
Segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually, typically using policies. A useful way to test the effectiveness of your segmentation is to ensure that your network segments are properly separated, e,g, your Development is separated from your Production, your applications are separated from one another etc. "to security test is to verify that your network segmentation is configured properly. This way you make sure that even if a certain attacker has breached your defenses, it cant move laterally from point A to point B.
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with its cross-segment traffic testing feature.
### Simulate this scenario using the Monkey
As an example, the following configuration makes sure machines in the “10.0.0.0/24” segment (segment A) and the “11.0.0.2/32” segment (segment B) cant communicate with each other, along with an additional machine in 13.37.41.50.
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
## You want to verify your security solutions, procedures and teams are working as intended
The Infection Monkey can help you verify that your security solutions are working the way you expected them to. These may include your IR and SOC teams, your SIEM, your firewall, your endpoint security solution, and more.
### Simulate this scenario using the Monkey
Run the Monkey with whichever configuration you prefer. The default is good enough for many cases; but for example, you can add some old users and passwords. Running the Monkey on both the Island and on a few other machines in the network is also recommended, as it increases coverage and propagation rates.
After running the Monkey, follow the Monkeys actions on the Monkey Islands infection map.
Now you can match this activity from the Monkey timeline display to your internal SIEM and make sure your security solutions are identifying and correctly alerting on different attacks.
- The red arrows indicate successful exploitations. If you see red arrows, those incidents ought to be reported as exploitation attempts, so check whether you are receiving alerts from your security systems as expected.
- The orange arrows indicate scanning activity, usually used by attackers to locate potential vulnerabilities. If you see orange arrows, those incidents ought to be reported as scanning attempts (and possibly as segmentation violations).
- The blue arrows indicate tunneling activity, usually used by attackers to infiltrate “protected” networks from the Internet. Perhaps someone is trying to bypass your firewall to gain access to a protected service in your network? Check if your micro-segmentation / firewall solution identify or report anything.
While running this scenario, be on the lookout for the action that should arise: Did you get a phone call telling you about suspicious activity inside your network? Are events flowing into your security events aggregators? Are you getting emails from your IR teams? Is the endpoint protection software you installed on machines in the network reporting on anything? Are your compliance scanners detecting anything wrong?
## Other useful tips
Here are a few tips which can help you push the Infection Monkey even further:
- Make sure the Monkey is configured to scan its local network but in addition, configure it with specific targets. To add these targets, add their IP addresses (or the IP ranges in which they reside) to the Scan IP/subnet list using the `+` button. Heres an example of how this is achieved:
![How to configure Scan IP/subnet list](/images/usage/scenarios/scan-list-config.png "How to configure Scan IP/subnet list")
- Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the islands configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
- To see the Monkey executing in real-time on your servers, add the **post-breach action** command: `wall “Infection Monkey was here”`. This post breach command will broadcast a message across all open terminals on the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server. let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored inside your network. See below:
![How to configure post breach commands](/images/usage/scenarios/pba-example.png "How to configure post breach commands.")

1
docs/layouts/partials/favicon.html Normal file
View File

@ -0,0 +1 @@
<link rel="shortcut icon" href="{{ .Site.BaseURL }}/images/favicon.ico" type="image/x-icon" />

3
docs/layouts/partials/logo.html Normal file
View File

@ -0,0 +1,3 @@
<a id="logo" href="{{ .Site.BaseURL }}">
<img src="{{ .Site.BaseURL }}/images/logo.gif" alt="logo"/>
</a>

85
docs/layouts/shortcodes/homepage_shortcuts.html Normal file
View File

@ -0,0 +1,85 @@
<link rel="stylesheet" href="css/bootstrap-grid.min.css">
<!-- Lifting specific elements from bootstrap -->
<style>
.justify-content-start {
-ms-flex-pack: start !important;
justify-content: flex-start !important;
}
.justify-content-end {
-ms-flex-pack: end !important;
justify-content: flex-end !important;
}
.justify-content-center {
-ms-flex-pack: center !important;
justify-content: center !important;
}
.justify-content-between {
-ms-flex-pack: justify !important;
justify-content: space-between !important;
}
.justify-content-around {
-ms-flex-pack: distribute !important;
justify-content: space-around !important;
}
.shadow {
box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15) !important;
}
.d-block {
display: block !important;
}
.text-center {
text-align: center !important;
}
.mb-4,
.my-4 {
margin-bottom: 1.5rem !important;
}
.pr-4,
.px-4 {
padding-right: 1.5rem !important;
}
.pt-5,
.py-5 {
padding-top: 3rem !important;
}
.mb-3,
.my-3 {
margin-bottom: 1rem !important;
}
.mt-0,
.my-0 {
margin-top: 0 !important;
}
</style>
<section id="homepage-shortcuts">
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-4 col-sm-6 mb-3">
<a href="setup/" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-cogs d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Setup</h4>
<p class="mb-0">See how to install the Infection Monkey.</p>
</a>
</div>
<div class="col-lg-4 col-sm-6 mb-3">
<a href="usage/getting-started/" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-play-circle d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Getting Started</h4>
<p class="mb-0">Set the Monkey wild in your datacenter.</p>
</a>
</div>
<div class="col-lg-4 col-sm-6 mb-3">
<a href="faq/" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-question d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">FAQs</h4>
<p class="mb-0">Read common questions and answers.</p>
</a>
</div>
</div>
</div>
</section>

1
docs/layouts/shortcodes/label.html Normal file
View File

@ -0,0 +1 @@
<span class="label {{ .Get 0 }}"><strong>{{ .Get 1 }}</strong></span>

4556
docs/static/css/all.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

5
docs/static/css/all.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
docs/static/css/bootstrap-grid.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
docs/static/css/bootstrap-grid.min.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

15
docs/static/css/brands.css vendored Normal file
View File

@ -0,0 +1,15 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face {
font-family: 'Font Awesome 5 Brands';
font-style: normal;
font-weight: 400;
font-display: block;
src: url("../webfonts/fa-brands-400.eot");
src: url("../webfonts/fa-brands-400.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-brands-400.woff2") format("woff2"), url("../webfonts/fa-brands-400.woff") format("woff"), url("../webfonts/fa-brands-400.ttf") format("truetype"), url("../webfonts/fa-brands-400.svg#fontawesome") format("svg"); }
.fab {
font-family: 'Font Awesome 5 Brands';
font-weight: 400; }

5
docs/static/css/brands.min.css vendored Normal file
View File

@ -0,0 +1,5 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face{font-family:"Font Awesome 5 Brands";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-brands-400.eot);src:url(../webfonts/fa-brands-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-brands-400.woff2) format("woff2"),url(../webfonts/fa-brands-400.woff) format("woff"),url(../webfonts/fa-brands-400.ttf) format("truetype"),url(../webfonts/fa-brands-400.svg#fontawesome) format("svg")}.fab{font-family:"Font Awesome 5 Brands";font-weight:400}

4522
docs/static/css/fontawesome.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

5
docs/static/css/fontawesome.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

12
docs/static/css/labels.css vendored Normal file
View File

@ -0,0 +1,12 @@
.label {
color: white;
padding: 3px;
border-radius: 5px;
-moz-border-radius: 5px;
}
.success {background-color: #4CAF50;} /* Green */
.info {background-color: #2196F3;} /* Blue */
.warning {background-color: #ff9800;} /* Orange */
.danger {background-color: #f44336;} /* Red */
.other {background-color: #e7e7e7; color: black;} /* Gray */

15
docs/static/css/regular.css vendored Normal file
View File

@ -0,0 +1,15 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face {
font-family: 'Font Awesome 5 Free';
font-style: normal;
font-weight: 400;
font-display: block;
src: url("../webfonts/fa-regular-400.eot");
src: url("../webfonts/fa-regular-400.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-regular-400.woff2") format("woff2"), url("../webfonts/fa-regular-400.woff") format("woff"), url("../webfonts/fa-regular-400.ttf") format("truetype"), url("../webfonts/fa-regular-400.svg#fontawesome") format("svg"); }
.far {
font-family: 'Font Awesome 5 Free';
font-weight: 400; }

5
docs/static/css/regular.min.css vendored Normal file
View File

@ -0,0 +1,5 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-regular-400.eot);src:url(../webfonts/fa-regular-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-regular-400.woff2) format("woff2"),url(../webfonts/fa-regular-400.woff) format("woff"),url(../webfonts/fa-regular-400.ttf) format("truetype"),url(../webfonts/fa-regular-400.svg#fontawesome) format("svg")}.far{font-family:"Font Awesome 5 Free";font-weight:400}

10
docs/static/css/shadow_around_images.css vendored Normal file
View File

@ -0,0 +1,10 @@
/* Add a shadow around images in content pages. Most of our content is screenshots, and the Island's background merges with
the documentation background. Only #body-inner so that the Logo image won't get a border around it */
#body-inner img {
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
}
/* We don't want shadow around this image in particular */
#body-inner img[src*="/images/monkey-teacher.svg"] {
box-shadow: none; !important;
}

16
docs/static/css/solid.css vendored Normal file
View File

@ -0,0 +1,16 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face {
font-family: 'Font Awesome 5 Free';
font-style: normal;
font-weight: 900;
font-display: block;
src: url("../webfonts/fa-solid-900.eot");
src: url("../webfonts/fa-solid-900.eot?#iefix") format("embedded-opentype"), url("../webfonts/fa-solid-900.woff2") format("woff2"), url("../webfonts/fa-solid-900.woff") format("woff"), url("../webfonts/fa-solid-900.ttf") format("truetype"), url("../webfonts/fa-solid-900.svg#fontawesome") format("svg"); }
.fa,
.fas {
font-family: 'Font Awesome 5 Free';
font-weight: 900; }

5
docs/static/css/solid.min.css vendored Normal file
View File

@ -0,0 +1,5 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:900;font-display:block;src:url(../webfonts/fa-solid-900.eot);src:url(../webfonts/fa-solid-900.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-solid-900.woff2) format("woff2"),url(../webfonts/fa-solid-900.woff) format("woff"),url(../webfonts/fa-solid-900.ttf) format("truetype"),url(../webfonts/fa-solid-900.svg#fontawesome) format("svg")}.fa,.fas{font-family:"Font Awesome 5 Free";font-weight:900}

371
docs/static/css/svg-with-js.css vendored Normal file
View File

@ -0,0 +1,371 @@
/*!
* Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
svg:not(:root).svg-inline--fa {
overflow: visible; }
.svg-inline--fa {
display: inline-block;
font-size: inherit;
height: 1em;
overflow: visible;
vertical-align: -.125em; }
.svg-inline--fa.fa-lg {
vertical-align: -.225em; }
.svg-inline--fa.fa-w-1 {
width: 0.0625em; }
.svg-inline--fa.fa-w-2 {
width: 0.125em; }
.svg-inline--fa.fa-w-3 {
width: 0.1875em; }
.svg-inline--fa.fa-w-4 {
width: 0.25em; }
.svg-inline--fa.fa-w-5 {
width: 0.3125em; }
.svg-inline--fa.fa-w-6 {
width: 0.375em; }
.svg-inline--fa.fa-w-7 {
width: 0.4375em; }
.svg-inline--fa.fa-w-8 {
width: 0.5em; }
.svg-inline--fa.fa-w-9 {
width: 0.5625em; }
.svg-inline--fa.fa-w-10 {
width: 0.625em; }
.svg-inline--fa.fa-w-11 {
width: 0.6875em; }
.svg-inline--fa.fa-w-12 {
width: 0.75em; }
.svg-inline--fa.fa-w-13 {
width: 0.8125em; }
.svg-inline--fa.fa-w-14 {
width: 0.875em; }
.svg-inline--fa.fa-w-15 {
width: 0.9375em; }
.svg-inline--fa.fa-w-16 {
width: 1em; }
.svg-inline--fa.fa-w-17 {
width: 1.0625em; }
.svg-inline--fa.fa-w-18 {
width: 1.125em; }
.svg-inline--fa.fa-w-19 {
width: 1.1875em; }
.svg-inline--fa.fa-w-20 {
width: 1.25em; }
.svg-inline--fa.fa-pull-left {
margin-right: .3em;
width: auto; }
.svg-inline--fa.fa-pull-right {
margin-left: .3em;
width: auto; }
.svg-inline--fa.fa-border {
height: 1.5em; }
.svg-inline--fa.fa-li {
width: 2em; }
.svg-inline--fa.fa-fw {
width: 1.25em; }
.fa-layers svg.svg-inline--fa {
bottom: 0;
left: 0;
margin: auto;
position: absolute;
right: 0;
top: 0; }
.fa-layers {
display: inline-block;
height: 1em;
position: relative;
text-align: center;
vertical-align: -.125em;
width: 1em; }
.fa-layers svg.svg-inline--fa {
-webkit-transform-origin: center center;
transform-origin: center center; }
.fa-layers-text, .fa-layers-counter {
display: inline-block;
position: absolute;
text-align: center; }
.fa-layers-text {
left: 50%;
top: 50%;
-webkit-transform: translate(-50%, -50%);
transform: translate(-50%, -50%);
-webkit-transform-origin: center center;
transform-origin: center center; }
.fa-layers-counter {
background-color: #ff253a;
border-radius: 1em;
-webkit-box-sizing: border-box;
box-sizing: border-box;
color: #fff;
height: 1.5em;
line-height: 1;
max-width: 5em;
min-width: 1.5em;
overflow: hidden;
padding: .25em;
right: 0;
text-overflow: ellipsis;
top: 0;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: top right;
transform-origin: top right; }
.fa-layers-bottom-right {
bottom: 0;
right: 0;
top: auto;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: bottom right;
transform-origin: bottom right; }
.fa-layers-bottom-left {
bottom: 0;
left: 0;
right: auto;
top: auto;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: bottom left;
transform-origin: bottom left; }
.fa-layers-top-right {
right: 0;
top: 0;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: top right;
transform-origin: top right; }
.fa-layers-top-left {
left: 0;
right: auto;
top: 0;
-webkit-transform: scale(0.25);
transform: scale(0.25);
-webkit-transform-origin: top left;
transform-origin: top left; }
.fa-lg {
font-size: 1.33333em;
line-height: 0.75em;
vertical-align: -.0667em; }
.fa-xs {
font-size: .75em; }
.fa-sm {
font-size: .875em; }
.fa-1x {
font-size: 1em; }
.fa-2x {
font-size: 2em; }
.fa-3x {
font-size: 3em; }
.fa-4x {
font-size: 4em; }
.fa-5x {
font-size: 5em; }
.fa-6x {
font-size: 6em; }
.fa-7x {
font-size: 7em; }
.fa-8x {
font-size: 8em; }
.fa-9x {
font-size: 9em; }
.fa-10x {
font-size: 10em; }
.fa-fw {
text-align: center;
width: 1.25em; }
.fa-ul {
list-style-type: none;
margin-left: 2.5em;
padding-left: 0; }
.fa-ul > li {
position: relative; }
.fa-li {
left: -2em;
position: absolute;
text-align: center;
width: 2em;
line-height: inherit; }
.fa-border {
border: solid 0.08em #eee;
border-radius: .1em;
padding: .2em .25em .15em; }
.fa-pull-left {
float: left; }
.fa-pull-right {
float: right; }
.fa.fa-pull-left,
.fas.fa-pull-left,
.far.fa-pull-left,
.fal.fa-pull-left,
.fab.fa-pull-left {
margin-right: .3em; }
.fa.fa-pull-right,
.fas.fa-pull-right,
.far.fa-pull-right,
.fal.fa-pull-right,
.fab.fa-pull-right {
margin-left: .3em; }
.fa-spin {
-webkit-animation: fa-spin 2s infinite linear;
animation: fa-spin 2s infinite linear; }
.fa-pulse {
-webkit-animation: fa-spin 1s infinite steps(8);
animation: fa-spin 1s infinite steps(8); }
@-webkit-keyframes fa-spin {
0% {
-webkit-transform: rotate(0deg);
transform: rotate(0deg); }
100% {
-webkit-transform: rotate(360deg);
transform: rotate(360deg); } }
@keyframes fa-spin {
0% {
-webkit-transform: rotate(0deg);
transform: rotate(0deg); }
100% {
-webkit-transform: rotate(360deg);
transform: rotate(360deg); } }
.fa-rotate-90 {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";
-webkit-transform: rotate(90deg);
transform: rotate(90deg); }
.fa-rotate-180 {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";
-webkit-transform: rotate(180deg);
transform: rotate(180deg); }
.fa-rotate-270 {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";
-webkit-transform: rotate(270deg);
transform: rotate(270deg); }
.fa-flip-horizontal {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";
-webkit-transform: scale(-1, 1);
transform: scale(-1, 1); }
.fa-flip-vertical {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";
-webkit-transform: scale(1, -1);
transform: scale(1, -1); }
.fa-flip-both, .fa-flip-horizontal.fa-flip-vertical {
-ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";
-webkit-transform: scale(-1, -1);
transform: scale(-1, -1); }
:root .fa-rotate-90,
:root .fa-rotate-180,
:root .fa-rotate-270,
:root .fa-flip-horizontal,
:root .fa-flip-vertical,
:root .fa-flip-both {
-webkit-filter: none;
filter: none; }
.fa-stack {
display: inline-block;
height: 2em;
position: relative;
width: 2.5em; }
.fa-stack-1x,
.fa-stack-2x {
bottom: 0;
left: 0;
margin: auto;
position: absolute;
right: 0;
top: 0; }
.svg-inline--fa.fa-stack-1x {
height: 1em;
width: 1.25em; }
.svg-inline--fa.fa-stack-2x {
height: 2em;
width: 2.5em; }
.fa-inverse {
color: #fff; }
.sr-only {
border: 0;
clip: rect(0, 0, 0, 0);
height: 1px;
margin: -1px;
overflow: hidden;
padding: 0;
position: absolute;
width: 1px; }
.sr-only-focusable:active, .sr-only-focusable:focus {
clip: auto;
height: auto;
margin: 0;
overflow: visible;
position: static;
width: auto; }
.svg-inline--fa .fa-primary {
fill: var(--fa-primary-color, currentColor);
opacity: 1;
opacity: var(--fa-primary-opacity, 1); }
.svg-inline--fa .fa-secondary {
fill: var(--fa-secondary-color, currentColor);
opacity: 0.4;
opacity: var(--fa-secondary-opacity, 0.4); }
.svg-inline--fa.fa-swap-opacity .fa-primary {
opacity: 0.4;
opacity: var(--fa-secondary-opacity, 0.4); }
.svg-inline--fa.fa-swap-opacity .fa-secondary {
opacity: 1;
opacity: var(--fa-primary-opacity, 1); }
.svg-inline--fa mask .fa-primary,
.svg-inline--fa mask .fa-secondary {
fill: black; }
.fad.fa-inverse {
color: #fff; }

5
docs/static/css/svg-with-js.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

2172
docs/static/css/v4-shims.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

5
docs/static/css/v4-shims.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

BIN
docs/static/images/faq/download_log_monkey_island.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
docs/static/images/faq/prop_depth.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

BIN
docs/static/images/favicon.ico vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 108 KiB

BIN
docs/static/images/logo.gif vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 116 KiB

1
docs/static/images/monkey-teacher.svg vendored Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
docs/static/images/setup/aws/aws-instance-id.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 237 KiB

BIN
docs/static/images/setup/export-configuration.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
docs/static/images/setup/windows/installer-screenshot-1.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
docs/static/images/usage/configruation/credentials.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
docs/static/images/usage/getting-started/exploitation_tunneling.jpg vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 137 KiB

BIN
docs/static/images/usage/getting-started/exploitation_tunneling_arrow.jpg vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 202 KiB

BIN
docs/static/images/usage/getting-started/in_report.JPG vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 120 KiB

BIN
docs/static/images/usage/getting-started/run_island.JPG vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 112 KiB

BIN
docs/static/images/usage/getting-started/run_page.JPG vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

BIN
docs/static/images/usage/getting-started/run_page_button.JPG vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 229 KiB

BIN
docs/static/images/usage/getting-started/run_page_button_no_arrow.jpg vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 222 KiB

BIN
docs/static/images/usage/getting-started/run_page_with_arrows.jpg vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 129 KiB

BIN
docs/static/images/usage/getting-started/single_exploitation.JPG vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 127 KiB

BIN
docs/static/images/usage/integrations/AWS-Security-Hub-logo.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.2 KiB

BIN
docs/static/images/usage/integrations/Amazon_Web_Services_Logo.svg.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

1
docs/static/images/usage/integrations/aws-ec2.svg vendored Normal file
View File

@ -0,0 +1 @@
<svg width="2065" height="2500" viewBox="0 0 256 310" xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid"><path d="M42.754 244.495l-29.918 6.826V57.565l29.918 6.839v180.091" fill="#F68536"/><path d="M80.082 255.931l-37.328 10.608V42.612l37.328 10.595v202.724M127.966 267.681l-47.884 17.524V23.946l47.884 17.516v226.219M256 245.079l-128.034 64.017V0L256 64.017v181.062" fill="#F68536"/><path d="M102.444 12.763L127.966 0v309.096l-25.522-12.759V12.763M60.325 33.82l19.757-9.878v261.212l-19.757-9.878V33.82M27.016 50.477l15.738-7.869v223.88l-15.738-7.874V50.477M12.836 57.565L0 63.983v181.134l12.836 6.414V57.565" fill="#9D5025"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 647 B

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-1.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 51 KiB

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-2.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-3.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-4.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 70 KiB

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-5.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
docs/static/images/usage/integrations/security-hub-console-example.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 105 KiB

BIN
docs/static/images/usage/reports/mitre-report-0.jpg vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 172 KiB

BIN
docs/static/images/usage/reports/mitre-report-cred-access-mitigations.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 149 KiB

BIN
docs/static/images/usage/reports/mitre-report-cred-access.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 163 KiB

BIN
docs/static/images/usage/reports/ztreport1.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 264 KiB

BIN
docs/static/images/usage/reports/ztreport2.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 156 KiB

BIN
docs/static/images/usage/reports/ztreport3.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 280 KiB

BIN
docs/static/images/usage/reports/ztreport4.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 259 KiB

BIN
docs/static/images/usage/scenarios/pba-example.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 96 KiB

BIN
docs/static/images/usage/scenarios/scan-list-config.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 89 KiB

BIN
docs/static/images/usage/scenarios/segmentation-config.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 109 KiB

BIN
docs/static/images/usage/scenarios/user-password-lists.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

7
docs/static/js/bootstrap.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
docs/static/js/bootstrap.min.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

Some files were not shown because too many files have changed in this diff Show More