Started implementing the open_data_endpoints test, still not creating findings

This commit is contained in:
Shay Nehmad 2019-08-21 21:28:15 +03:00
parent 6843606a4f
commit d6104bbcf9
2 changed files with 22 additions and 1 deletions

View File

@ -2,9 +2,15 @@ import copy
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.services.telemetry.processing.utils import get_edge_by_scan_or_exploit_telemetry from monkey_island.cc.services.telemetry.processing.utils import get_edge_by_scan_or_exploit_telemetry
from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import test_open_data_endpoints
def process_scan_telemetry(telemetry_json): def process_scan_telemetry(telemetry_json):
update_edges_and_nodes_based_on_scan_telemetry(telemetry_json)
test_open_data_endpoints(telemetry_json)
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):
edge = get_edge_by_scan_or_exploit_telemetry(telemetry_json) edge = get_edge_by_scan_or_exploit_telemetry(telemetry_json)
data = copy.deepcopy(telemetry_json['data']['machine']) data = copy.deepcopy(telemetry_json['data']['machine'])
ip_address = data.pop("ip_addr") ip_address = data.pop("ip_addr")
@ -19,7 +25,6 @@ def process_scan_telemetry(telemetry_json):
{"$push": {"scans": new_scan}, {"$push": {"scans": new_scan},
"$set": {"ip_address": ip_address, 'domain_name': domain_name}} "$set": {"ip_address": ip_address, 'domain_name': domain_name}}
) )
node = mongo.db.node.find_one({"_id": edge["to"]}) node = mongo.db.node.find_one({"_id": edge["to"]})
if node is not None: if node is not None:
scan_os = new_scan["data"]["os"] scan_os = new_scan["data"]["os"]

View File

@ -0,0 +1,16 @@
import json
BAD_ENDPOINTS = {
"tcp-80": "Open HTTP server."
}
def test_open_data_endpoints(telemetry_json):
services = telemetry_json["data"]["machine"]["services"]
for service_name, service_data in services.items():
if service_name in BAD_ENDPOINTS:
# TODO Create finding
print("found open {} service on address {}, details: {}".format(
service_data["display_name"],
telemetry_json["data"]["machine"]["ip_addr"],
json.dumps(service_data)))