forked from p15670423/monkey
Agent: Update NetworkInterface to be IPv4Interface
This commit is contained in:
parent
75ba889f57
commit
d8beba17fd
|
@ -242,7 +242,7 @@ class InfectionMonkey:
|
||||||
def _get_local_network_interfaces():
|
def _get_local_network_interfaces():
|
||||||
local_network_interfaces = get_local_network_interfaces()
|
local_network_interfaces = get_local_network_interfaces()
|
||||||
for i in local_network_interfaces:
|
for i in local_network_interfaces:
|
||||||
logger.debug(f"Found local interface {i.address}{i.netmask}")
|
logger.debug(f"Found local interface {i.ip.compressed}/{i.network.prefixlen}")
|
||||||
|
|
||||||
return local_network_interfaces
|
return local_network_interfaces
|
||||||
|
|
||||||
|
@ -375,7 +375,7 @@ class InfectionMonkey:
|
||||||
|
|
||||||
def _running_on_island(self, local_network_interfaces: List[NetworkInterface]) -> bool:
|
def _running_on_island(self, local_network_interfaces: List[NetworkInterface]) -> bool:
|
||||||
server_ip, _ = address_to_ip_port(self._control_client.server_address)
|
server_ip, _ = address_to_ip_port(self._control_client.server_address)
|
||||||
return server_ip in {interface.address for interface in local_network_interfaces}
|
return server_ip in {interface.ip.compressed for interface in local_network_interfaces}
|
||||||
|
|
||||||
def _is_another_monkey_running(self):
|
def _is_another_monkey_running(self):
|
||||||
return not self._singleton.try_lock()
|
return not self._singleton.try_lock()
|
||||||
|
|
|
@ -2,7 +2,7 @@ import itertools
|
||||||
import socket
|
import socket
|
||||||
import struct
|
import struct
|
||||||
from collections import namedtuple
|
from collections import namedtuple
|
||||||
from ipaddress import IPv4Network
|
from ipaddress import IPv4Interface
|
||||||
from random import randint # noqa: DUO102
|
from random import randint # noqa: DUO102
|
||||||
from typing import List
|
from typing import List
|
||||||
|
|
||||||
|
@ -20,18 +20,12 @@ RTF_REJECT = 0x0200
|
||||||
|
|
||||||
# TODO: We can probably replace both of these namedtuples with classes in Python's ipaddress
|
# TODO: We can probably replace both of these namedtuples with classes in Python's ipaddress
|
||||||
# library: https://docs.python.org/3/library/ipaddress.html
|
# library: https://docs.python.org/3/library/ipaddress.html
|
||||||
NetworkInterface = namedtuple("NetworkInterface", ("address", "netmask"))
|
NetworkInterface = IPv4Interface
|
||||||
NetworkAddress = namedtuple("NetworkAddress", ("ip", "domain"))
|
NetworkAddress = namedtuple("NetworkAddress", ("ip", "domain"))
|
||||||
|
|
||||||
|
|
||||||
def get_local_network_interfaces() -> List[NetworkInterface]:
|
def get_local_network_interfaces() -> List[NetworkInterface]:
|
||||||
network_interfaces = []
|
return [IPv4Interface(f"{i['addr']}/{i['netmask']}") for i in get_host_subnets()]
|
||||||
for i in get_host_subnets():
|
|
||||||
netmask_bits = IPv4Network(f"{i['addr']}/{i['netmask']}", strict=False).prefixlen
|
|
||||||
cidr_netmask = f"/{netmask_bits}"
|
|
||||||
network_interfaces.append(NetworkInterface(i["addr"], cidr_netmask))
|
|
||||||
|
|
||||||
return network_interfaces
|
|
||||||
|
|
||||||
|
|
||||||
def get_host_subnets():
|
def get_host_subnets():
|
||||||
|
|
|
@ -75,7 +75,9 @@ def _get_ips_from_ranges_to_scan(ranges_to_scan: List[str]) -> List[NetworkAddre
|
||||||
def _get_ips_to_scan_from_local_interface(
|
def _get_ips_to_scan_from_local_interface(
|
||||||
interfaces: List[NetworkInterface],
|
interfaces: List[NetworkInterface],
|
||||||
) -> List[NetworkAddress]:
|
) -> List[NetworkAddress]:
|
||||||
ranges = [f"{interface.address}{interface.netmask}" for interface in interfaces]
|
ranges = [
|
||||||
|
f"{interface.ip.compressed}/{interface.network.prefixlen}" for interface in interfaces
|
||||||
|
]
|
||||||
|
|
||||||
ranges = NetworkRange.filter_invalid_ranges(
|
ranges = NetworkRange.filter_invalid_ranges(
|
||||||
ranges, "Local network interface returns an invalid IP:"
|
ranges, "Local network interface returns an invalid IP:"
|
||||||
|
@ -86,7 +88,7 @@ def _get_ips_to_scan_from_local_interface(
|
||||||
def _remove_interface_ips(
|
def _remove_interface_ips(
|
||||||
scan_targets: List[NetworkAddress], interfaces: List[NetworkInterface]
|
scan_targets: List[NetworkAddress], interfaces: List[NetworkInterface]
|
||||||
) -> List[NetworkAddress]:
|
) -> List[NetworkAddress]:
|
||||||
interface_ips = [interface.address for interface in interfaces]
|
interface_ips = [interface.ip.compressed for interface in interfaces]
|
||||||
return _remove_ips_from_scan_targets(scan_targets, interface_ips)
|
return _remove_ips_from_scan_targets(scan_targets, interface_ips)
|
||||||
|
|
||||||
|
|
||||||
|
@ -112,7 +114,7 @@ def _get_segmentation_check_targets(
|
||||||
inaccessible_subnets: List[str], local_interfaces: List[NetworkInterface]
|
inaccessible_subnets: List[str], local_interfaces: List[NetworkInterface]
|
||||||
) -> List[NetworkAddress]:
|
) -> List[NetworkAddress]:
|
||||||
ips_to_scan = []
|
ips_to_scan = []
|
||||||
local_ips = [interface.address for interface in local_interfaces]
|
local_ips = [interface.ip.compressed for interface in local_interfaces]
|
||||||
|
|
||||||
local_ips = NetworkRange.filter_invalid_ranges(local_ips, "Invalid local IP found: ")
|
local_ips = NetworkRange.filter_invalid_ranges(local_ips, "Invalid local IP found: ")
|
||||||
inaccessible_subnets = NetworkRange.filter_invalid_ranges(
|
inaccessible_subnets = NetworkRange.filter_invalid_ranges(
|
||||||
|
|
|
@ -294,7 +294,7 @@ def test_exploiter_result_processing(
|
||||||
def test_scan_target_generation(
|
def test_scan_target_generation(
|
||||||
telemetry_messenger_spy, mock_ip_scanner, mock_victim_host_factory, default_agent_configuration
|
telemetry_messenger_spy, mock_ip_scanner, mock_victim_host_factory, default_agent_configuration
|
||||||
):
|
):
|
||||||
local_network_interfaces = [NetworkInterface("10.0.0.9", "/29")]
|
local_network_interfaces = [NetworkInterface("10.0.0.9/29")]
|
||||||
p = Propagator(
|
p = Propagator(
|
||||||
telemetry_messenger_spy,
|
telemetry_messenger_spy,
|
||||||
mock_ip_scanner,
|
mock_ip_scanner,
|
||||||
|
|
|
@ -112,10 +112,10 @@ def test_only_ip_blocklisted(ranges_to_scan):
|
||||||
|
|
||||||
def test_local_network_interface_ips_removed_from_targets():
|
def test_local_network_interface_ips_removed_from_targets():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("10.0.0.5", "/24"),
|
NetworkInterface("10.0.0.5/24"),
|
||||||
NetworkInterface("10.0.0.32", "/24"),
|
NetworkInterface("10.0.0.32/24"),
|
||||||
NetworkInterface("10.0.0.119", "/24"),
|
NetworkInterface("10.0.0.119/24"),
|
||||||
NetworkInterface("192.168.1.33", "/24"),
|
NetworkInterface("192.168.1.33/24"),
|
||||||
]
|
]
|
||||||
|
|
||||||
scan_targets = compile_scan_target_list(
|
scan_targets = compile_scan_target_list(
|
||||||
|
@ -128,12 +128,12 @@ def test_local_network_interface_ips_removed_from_targets():
|
||||||
|
|
||||||
assert len(scan_targets) == 252
|
assert len(scan_targets) == 252
|
||||||
for interface in local_network_interfaces:
|
for interface in local_network_interfaces:
|
||||||
assert interface.address not in scan_targets
|
assert interface.ip.compressed not in scan_targets
|
||||||
|
|
||||||
|
|
||||||
def test_no_redundant_targets():
|
def test_no_redundant_targets():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("10.0.0.5", "/24"),
|
NetworkInterface("10.0.0.5/24"),
|
||||||
]
|
]
|
||||||
|
|
||||||
scan_targets = compile_scan_target_list(
|
scan_targets = compile_scan_target_list(
|
||||||
|
@ -152,10 +152,10 @@ def test_no_redundant_targets():
|
||||||
@pytest.mark.parametrize("ranges_to_scan", [["10.0.0.5"], []])
|
@pytest.mark.parametrize("ranges_to_scan", [["10.0.0.5"], []])
|
||||||
def test_only_scan_ip_is_local(ranges_to_scan):
|
def test_only_scan_ip_is_local(ranges_to_scan):
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("10.0.0.5", "/24"),
|
NetworkInterface("10.0.0.5/24"),
|
||||||
NetworkInterface("10.0.0.32", "/24"),
|
NetworkInterface("10.0.0.32/24"),
|
||||||
NetworkInterface("10.0.0.119", "/24"),
|
NetworkInterface("10.0.0.119/24"),
|
||||||
NetworkInterface("192.168.1.33", "/24"),
|
NetworkInterface("192.168.1.33/24"),
|
||||||
]
|
]
|
||||||
|
|
||||||
scan_targets = compile_scan_target_list(
|
scan_targets = compile_scan_target_list(
|
||||||
|
@ -171,10 +171,10 @@ def test_only_scan_ip_is_local(ranges_to_scan):
|
||||||
|
|
||||||
def test_local_network_interface_ips_and_blocked_ips_removed_from_targets():
|
def test_local_network_interface_ips_and_blocked_ips_removed_from_targets():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("10.0.0.5", "/24"),
|
NetworkInterface("10.0.0.5/24"),
|
||||||
NetworkInterface("10.0.0.32", "/24"),
|
NetworkInterface("10.0.0.32/24"),
|
||||||
NetworkInterface("10.0.0.119", "/24"),
|
NetworkInterface("10.0.0.119/24"),
|
||||||
NetworkInterface("192.168.1.33", "/24"),
|
NetworkInterface("192.168.1.33/24"),
|
||||||
]
|
]
|
||||||
blocked_ips = ["10.0.0.63", "192.168.1.77", "0.0.0.0"]
|
blocked_ips = ["10.0.0.63", "192.168.1.77", "0.0.0.0"]
|
||||||
|
|
||||||
|
@ -191,14 +191,14 @@ def test_local_network_interface_ips_and_blocked_ips_removed_from_targets():
|
||||||
)
|
)
|
||||||
|
|
||||||
for interface in local_network_interfaces:
|
for interface in local_network_interfaces:
|
||||||
assert interface.address not in scan_targets
|
assert interface.ip.compressed not in scan_targets
|
||||||
|
|
||||||
for ip in blocked_ips:
|
for ip in blocked_ips:
|
||||||
assert ip not in scan_targets
|
assert ip not in scan_targets
|
||||||
|
|
||||||
|
|
||||||
def test_local_subnet_added():
|
def test_local_subnet_added():
|
||||||
local_network_interfaces = [NetworkInterface("10.0.0.5", "/24")]
|
local_network_interfaces = [NetworkInterface("10.0.0.5/24")]
|
||||||
|
|
||||||
scan_targets = compile_scan_target_list(
|
scan_targets = compile_scan_target_list(
|
||||||
local_network_interfaces=local_network_interfaces,
|
local_network_interfaces=local_network_interfaces,
|
||||||
|
@ -216,8 +216,8 @@ def test_local_subnet_added():
|
||||||
|
|
||||||
def test_multiple_local_subnets_added():
|
def test_multiple_local_subnets_added():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("10.0.0.5", "/24"),
|
NetworkInterface("10.0.0.5/24"),
|
||||||
NetworkInterface("172.33.66.99", "/24"),
|
NetworkInterface("172.33.66.99/24"),
|
||||||
]
|
]
|
||||||
|
|
||||||
scan_targets = compile_scan_target_list(
|
scan_targets = compile_scan_target_list(
|
||||||
|
@ -239,8 +239,8 @@ def test_multiple_local_subnets_added():
|
||||||
|
|
||||||
def test_blocklisted_ips_missing_from_local_subnets():
|
def test_blocklisted_ips_missing_from_local_subnets():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("10.0.0.5", "/24"),
|
NetworkInterface("10.0.0.5/24"),
|
||||||
NetworkInterface("172.33.66.99", "/24"),
|
NetworkInterface("172.33.66.99/24"),
|
||||||
]
|
]
|
||||||
blocklisted_ips = ["10.0.0.12", "10.0.0.13", "172.33.66.25"]
|
blocklisted_ips = ["10.0.0.12", "10.0.0.13", "172.33.66.25"]
|
||||||
|
|
||||||
|
@ -259,7 +259,7 @@ def test_blocklisted_ips_missing_from_local_subnets():
|
||||||
|
|
||||||
|
|
||||||
def test_local_subnets_and_ranges_added():
|
def test_local_subnets_and_ranges_added():
|
||||||
local_network_interfaces = [NetworkInterface("10.0.0.5", "/24")]
|
local_network_interfaces = [NetworkInterface("10.0.0.5/24")]
|
||||||
|
|
||||||
scan_targets = compile_scan_target_list(
|
scan_targets = compile_scan_target_list(
|
||||||
local_network_interfaces=local_network_interfaces,
|
local_network_interfaces=local_network_interfaces,
|
||||||
|
@ -281,7 +281,7 @@ def test_local_subnets_and_ranges_added():
|
||||||
|
|
||||||
|
|
||||||
def test_local_network_interfaces_specified_but_disabled():
|
def test_local_network_interfaces_specified_but_disabled():
|
||||||
local_network_interfaces = [NetworkInterface("10.0.0.5", "/24")]
|
local_network_interfaces = [NetworkInterface("10.0.0.5/24")]
|
||||||
|
|
||||||
scan_targets = compile_scan_target_list(
|
scan_targets = compile_scan_target_list(
|
||||||
local_network_interfaces=local_network_interfaces,
|
local_network_interfaces=local_network_interfaces,
|
||||||
|
@ -299,8 +299,8 @@ def test_local_network_interfaces_specified_but_disabled():
|
||||||
|
|
||||||
def test_local_network_interfaces_subnet_masks():
|
def test_local_network_interfaces_subnet_masks():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("172.60.145.109", "/30"),
|
NetworkInterface("172.60.145.109/30"),
|
||||||
NetworkInterface("172.60.145.144", "/30"),
|
NetworkInterface("172.60.145.144/30"),
|
||||||
]
|
]
|
||||||
|
|
||||||
scan_targets = compile_scan_target_list(
|
scan_targets = compile_scan_target_list(
|
||||||
|
@ -318,7 +318,7 @@ def test_local_network_interfaces_subnet_masks():
|
||||||
|
|
||||||
|
|
||||||
def test_segmentation_targets():
|
def test_segmentation_targets():
|
||||||
local_network_interfaces = [NetworkInterface("172.60.145.109", "/24")]
|
local_network_interfaces = [NetworkInterface("172.60.145.109/24")]
|
||||||
|
|
||||||
inaccessible_subnets = ["172.60.145.108/30", "172.60.145.144/30"]
|
inaccessible_subnets = ["172.60.145.108/30", "172.60.145.144/30"]
|
||||||
|
|
||||||
|
@ -338,7 +338,7 @@ def test_segmentation_targets():
|
||||||
|
|
||||||
def test_segmentation_clash_with_blocked():
|
def test_segmentation_clash_with_blocked():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("172.60.145.109", "/30"),
|
NetworkInterface("172.60.145.109/30"),
|
||||||
]
|
]
|
||||||
|
|
||||||
inaccessible_subnets = ["172.60.145.108/30", "172.60.145.149/30"]
|
inaccessible_subnets = ["172.60.145.108/30", "172.60.145.149/30"]
|
||||||
|
@ -358,7 +358,7 @@ def test_segmentation_clash_with_blocked():
|
||||||
|
|
||||||
def test_segmentation_clash_with_targets():
|
def test_segmentation_clash_with_targets():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("172.60.145.109", "/30"),
|
NetworkInterface("172.60.145.109/30"),
|
||||||
]
|
]
|
||||||
|
|
||||||
inaccessible_subnets = ["172.60.145.108/30", "172.60.145.149/30"]
|
inaccessible_subnets = ["172.60.145.108/30", "172.60.145.149/30"]
|
||||||
|
@ -381,7 +381,7 @@ def test_segmentation_clash_with_targets():
|
||||||
|
|
||||||
def test_segmentation_one_network():
|
def test_segmentation_one_network():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("172.60.145.109", "/30"),
|
NetworkInterface("172.60.145.109/30"),
|
||||||
]
|
]
|
||||||
|
|
||||||
inaccessible_subnets = ["172.60.145.1/24"]
|
inaccessible_subnets = ["172.60.145.1/24"]
|
||||||
|
@ -401,8 +401,8 @@ def test_segmentation_one_network():
|
||||||
|
|
||||||
def test_segmentation_inaccessible_networks():
|
def test_segmentation_inaccessible_networks():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("172.60.1.1", "/24"),
|
NetworkInterface("172.60.1.1/24"),
|
||||||
NetworkInterface("172.60.2.1", "/24"),
|
NetworkInterface("172.60.2.1/24"),
|
||||||
]
|
]
|
||||||
|
|
||||||
inaccessible_subnets = ["172.60.144.1/24", "172.60.146.1/24"]
|
inaccessible_subnets = ["172.60.144.1/24", "172.60.146.1/24"]
|
||||||
|
@ -420,8 +420,7 @@ def test_segmentation_inaccessible_networks():
|
||||||
|
|
||||||
def test_invalid_inputs():
|
def test_invalid_inputs():
|
||||||
local_network_interfaces = [
|
local_network_interfaces = [
|
||||||
NetworkInterface("172.60.999.109", "/30"),
|
NetworkInterface("172.60.145.109/30"),
|
||||||
NetworkInterface("172.60.145.109", "/30"),
|
|
||||||
]
|
]
|
||||||
|
|
||||||
inaccessible_subnets = [
|
inaccessible_subnets = [
|
||||||
|
@ -447,7 +446,7 @@ def test_invalid_inputs():
|
||||||
|
|
||||||
|
|
||||||
def test_invalid_blocklisted_ip():
|
def test_invalid_blocklisted_ip():
|
||||||
local_network_interfaces = [NetworkInterface("172.60.145.109", "/30")]
|
local_network_interfaces = [NetworkInterface("172.60.145.109/30")]
|
||||||
|
|
||||||
inaccessible_subnets = ["172.60.147.8/30", "172.60.147.148/30"]
|
inaccessible_subnets = ["172.60.147.8/30", "172.60.147.148/30"]
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue