Merge branch 'nadler/pth' of github.com:guardicore/monkey into nadler/pth

This commit is contained in:
Oran Nadler 2018-02-28 04:53:18 -08:00
commit f3b013b8b1
45 changed files with 536 additions and 93 deletions

View File

@ -4,6 +4,8 @@
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
* [ ] Have you successfully tested your changes locally?
* Example screenshot/log transcript of the feature working
## Changes
-
-

BIN
.github/Security-overview.png vendored Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 153 KiB

BIN
.github/map-full.png vendored

Binary file not shown.

Before

Width:  |  Height:  |  Size: 80 KiB

After

Width:  |  Height:  |  Size: 80 KiB

View File

@ -8,7 +8,9 @@ Welcome to the Infection Monkey!
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.
![Infection Monkey map](.github/map-full.png)
<img src=".github/map-full.png" >
<img src=".github/Security-overview.png" width="800" height="500">
The Infection Monkey is comprised of two parts:
* Monkey - A tool which infects other machines and propagates to them

Binary file not shown.

Before

Width:  |  Height:  |  Size: 232 KiB

After

Width:  |  Height:  |  Size: 108 KiB

View File

@ -1,22 +1,26 @@
import os
from datetime import datetime
import bson
from bson.json_util import dumps
from flask import Flask, send_from_directory, redirect, make_response
import flask_restful
from bson.json_util import dumps
from flask import Flask, send_from_directory, make_response
from werkzeug.exceptions import NotFound
from cc.auth import init_jwt
from cc.database import mongo
from cc.environment.environment import env
from cc.resources.client_run import ClientRun
from cc.resources.monkey import Monkey
from cc.resources.edge import Edge
from cc.resources.local_run import LocalRun
from cc.resources.telemetry import Telemetry
from cc.resources.monkey import Monkey
from cc.resources.monkey_configuration import MonkeyConfiguration
from cc.resources.monkey_download import MonkeyDownload
from cc.resources.netmap import NetMap
from cc.resources.edge import Edge
from cc.resources.node import Node
from cc.resources.report import Report
from cc.resources.root import Root
from cc.resources.telemetry import Telemetry
from cc.resources.telemetry_feed import TelemetryFeed
from cc.services.config import ConfigService
@ -70,6 +74,12 @@ def init_app(mongo_url):
api.representations = {'application/json': output_json}
app.config['MONGO_URI'] = mongo_url
app.config['SECRET_KEY'] = os.urandom(32)
app.config['JWT_AUTH_URL_RULE'] = '/api/auth'
app.config['JWT_EXPIRATION_DELTA'] = env.get_auth_expiration_time()
init_jwt(app)
mongo.init_app(app)
with app.app_context():

53
monkey_island/cc/auth.py Normal file
View File

@ -0,0 +1,53 @@
from functools import wraps
from flask import current_app, abort
from flask_jwt import JWT, _jwt_required, JWTError
from werkzeug.security import safe_str_cmp
from cc.environment.environment import env
__author__ = 'itay.mizeretz'
class User(object):
def __init__(self, id, username, secret):
self.id = id
self.username = username
self.secret = secret
def __str__(self):
return "User(id='%s')" % self.id
def init_jwt(app):
users = env.get_auth_users()
username_table = {u.username: u for u in users}
userid_table = {u.id: u for u in users}
def authenticate(username, secret):
user = username_table.get(username, None)
if user and safe_str_cmp(user.secret.encode('utf-8'), secret.encode('utf-8')):
return user
def identity(payload):
user_id = payload['identity']
return userid_table.get(user_id, None)
if env.is_auth_enabled():
JWT(app, authenticate, identity)
def jwt_required(realm=None):
def wrapper(fn):
@wraps(fn)
def decorator(*args, **kwargs):
if env.is_auth_enabled():
try:
_jwt_required(realm or current_app.config['JWT_DEFAULT_REALM'])
except JWTError:
abort(401)
return fn(*args, **kwargs)
return decorator
return wrapper

View File

@ -0,0 +1,33 @@
import abc
from datetime import timedelta
__author__ = 'itay.mizeretz'
class Environment(object):
__metaclass__ = abc.ABCMeta
_ISLAND_PORT = 5000
_MONGO_URL = "mongodb://localhost:27017/monkeyisland"
_DEBUG_SERVER = False
_AUTH_EXPIRATION_TIME = timedelta(hours=1)
def get_island_port(self):
return self._ISLAND_PORT
def get_mongo_url(self):
return self._MONGO_URL
def is_debug(self):
return self._DEBUG_SERVER
def get_auth_expiration_time(self):
return self._AUTH_EXPIRATION_TIME
@abc.abstractmethod
def is_auth_enabled(self):
return
@abc.abstractmethod
def get_auth_users(self):
return

View File

@ -0,0 +1,24 @@
import urllib2
import cc.auth
from cc.environment import Environment
__author__ = 'itay.mizeretz'
class AwsEnvironment(Environment):
def __init__(self):
super(AwsEnvironment, self).__init__()
self._instance_id = AwsEnvironment._get_instance_id()
@staticmethod
def _get_instance_id():
return urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read()
def is_auth_enabled(self):
return True
def get_auth_users(self):
return [
cc.auth.User(1, 'monkey', self._instance_id)
]

View File

@ -0,0 +1,23 @@
import json
import standard
import aws
ENV_DICT = {
'standard': standard.StandardEnvironment,
'aws': aws.AwsEnvironment
}
def load_env_from_file():
with open('server_config.json', 'r') as f:
config_content = f.read()
config_json = json.loads(config_content)
return config_json['server_config']
try:
__env_type = load_env_from_file()
env = ENV_DICT[__env_type]()
except Exception:
print('Failed initializing environment: %s' % __env_type)
raise

View File

@ -0,0 +1,12 @@
from cc.environment import Environment
__author__ = 'itay.mizeretz'
class StandardEnvironment(Environment):
def is_auth_enabled(self):
return False
def get_auth_users(self):
return []

View File

@ -1,5 +0,0 @@
__author__ = 'itay.mizeretz'
ISLAND_PORT = 5000
DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland"
DEBUG_SERVER = False

View File

@ -11,7 +11,7 @@ if BASE_PATH not in sys.path:
from cc.app import init_app
from cc.utils import local_ip_addresses
from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT, DEBUG_SERVER
from cc.environment.environment import env
from cc.database import is_db_server_up
if __name__ == '__main__':
@ -19,20 +19,20 @@ if __name__ == '__main__':
from tornado.httpserver import HTTPServer
from tornado.ioloop import IOLoop
mongo_url = os.environ.get('MONGO_URL', DEFAULT_MONGO_URL)
mongo_url = os.environ.get('MONGO_URL', env.get_mongo_url())
while not is_db_server_up(mongo_url):
print('Waiting for MongoDB server')
time.sleep(1)
app = init_app(mongo_url)
if DEBUG_SERVER:
if env.is_debug():
app.run(host='0.0.0.0', debug=True, ssl_context=('server.crt', 'server.key'))
else:
http_server = HTTPServer(WSGIContainer(app),
ssl_options={'certfile': os.environ.get('SERVER_CRT', 'server.crt'),
'keyfile': os.environ.get('SERVER_KEY', 'server.key')})
http_server.listen(ISLAND_PORT)
print('Monkey Island Server is running on https://{}:{}'.format(local_ip_addresses()[0], ISLAND_PORT))
http_server.listen(env.get_island_port())
print('Monkey Island Server is running on https://{}:{}'.format(local_ip_addresses()[0], env.get_island_port()))
IOLoop.instance().start()

View File

@ -6,8 +6,8 @@ import sys
from flask import request, jsonify, make_response
import flask_restful
from cc.environment.environment import env
from cc.resources.monkey_download import get_monkey_executable
from cc.island_config import ISLAND_PORT
from cc.services.node import NodeService
from cc.utils import local_ip_addresses
@ -36,7 +36,7 @@ def run_local_monkey():
# run the monkey
try:
args = ['"%s" m0nk3y -s %s:%s' % (target_path, local_ip_addresses()[0], ISLAND_PORT)]
args = ['"%s" m0nk3y -s %s:%s' % (target_path, local_ip_addresses()[0], env.get_island_port())]
if sys.platform == "win32":
args = "".join(args)
pid = subprocess.Popen(args, shell=True).pid

View File

@ -15,23 +15,20 @@ __author__ = 'Barak'
class Monkey(flask_restful.Resource):
# Used by monkey. can't secure.
def get(self, guid=None, **kw):
NodeService.update_dead_monkeys() # refresh monkeys status
if not guid:
guid = request.args.get('guid')
timestamp = request.args.get('timestamp')
if guid:
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
return monkey_json
else:
result = {'timestamp': datetime.now().isoformat()}
find_filter = {}
if timestamp is not None:
find_filter['modifytime'] = {'$gt': dateutil.parser.parse(timestamp)}
result['objects'] = [x for x in mongo.db.monkey.find(find_filter)]
return result
return {}
# Used by monkey. can't secure.
def patch(self, guid):
monkey_json = json.loads(request.data)
update = {"$set": {'modifytime': datetime.now()}}
@ -51,6 +48,7 @@ class Monkey(flask_restful.Resource):
return mongo.db.monkey.update({"_id": monkey["_id"]}, update, upsert=False)
# Used by monkey. can't secure.
def post(self, **kw):
monkey_json = json.loads(request.data)
monkey_json['creds'] = []

View File

@ -1,18 +1,20 @@
import json
from flask import request, jsonify
import flask_restful
from flask import request, jsonify
from cc.database import mongo
from cc.auth import jwt_required
from cc.services.config import ConfigService
__author__ = 'Barak'
class MonkeyConfiguration(flask_restful.Resource):
@jwt_required()
def get(self):
return jsonify(schema=ConfigService.get_config_schema(), configuration=ConfigService.get_config())
@jwt_required()
def post(self):
config_json = json.loads(request.data)
if config_json.has_key('reset'):
@ -20,4 +22,3 @@ class MonkeyConfiguration(flask_restful.Resource):
else:
ConfigService.update_config(config_json)
return self.get()

View File

@ -47,9 +47,12 @@ def get_monkey_executable(host_os, machine):
class MonkeyDownload(flask_restful.Resource):
# Used by monkey. can't secure.
def get(self, path):
return send_from_directory('binaries', path)
# Used by monkey. can't secure.
def post(self):
host_json = json.loads(request.data)
host_os = host_json.get('os')

View File

@ -1,5 +1,6 @@
import flask_restful
from cc.auth import jwt_required
from cc.services.edge import EdgeService
from cc.services.node import NodeService
from cc.database import mongo
@ -8,6 +9,7 @@ __author__ = 'Barak'
class NetMap(flask_restful.Resource):
@jwt_required()
def get(self, **kw):
monkeys = [NodeService.monkey_to_net_node(x) for x in mongo.db.monkey.find({})]
nodes = [NodeService.node_to_net_node(x) for x in mongo.db.node.find({})]

View File

@ -1,12 +1,14 @@
from flask import request
import flask_restful
from cc.auth import jwt_required
from cc.services.node import NodeService
__author__ = 'Barak'
class Node(flask_restful.Resource):
@jwt_required()
def get(self):
node_id = request.args.get('id')
if node_id:

View File

@ -1,10 +1,13 @@
import flask_restful
from cc.auth import jwt_required
from cc.services.report import ReportService
__author__ = "itay.mizeretz"
class Report(flask_restful.Resource):
@jwt_required()
def get(self):
return ReportService.get_report()

View File

@ -3,6 +3,7 @@ from datetime import datetime
import flask_restful
from flask import request, make_response, jsonify
from cc.auth import jwt_required
from cc.database import mongo
from cc.services.config import ConfigService
from cc.services.node import NodeService
@ -13,6 +14,8 @@ __author__ = 'Barak'
class Root(flask_restful.Resource):
@jwt_required()
def get(self, action=None):
if not action:
action = request.args.get('action')

View File

@ -7,6 +7,7 @@ import dateutil
import flask_restful
from flask import request
from cc.auth import jwt_required
from cc.database import mongo
from cc.services.config import ConfigService
from cc.services.edge import EdgeService
@ -16,6 +17,7 @@ __author__ = 'Barak'
class Telemetry(flask_restful.Resource):
@jwt_required()
def get(self, **kw):
monkey_guid = request.args.get('monkey_guid')
telem_type = request.args.get('telem_type')
@ -36,6 +38,7 @@ class Telemetry(flask_restful.Resource):
result['objects'] = self.telemetry_to_displayed_telemetry(mongo.db.telemetry.find(find_filter))
return result
# Used by monkey. can't secure.
def post(self):
telemetry_json = json.loads(request.data)
telemetry_json['timestamp'] = datetime.now()

View File

@ -5,6 +5,7 @@ import flask_restful
from flask import request
import flask_pymongo
from cc.auth import jwt_required
from cc.database import mongo
from cc.services.node import NodeService
@ -12,6 +13,7 @@ __author__ = 'itay.mizeretz'
class TelemetryFeed(flask_restful.Resource):
@jwt_required()
def get(self, **kw):
timestamp = request.args.get('timestamp')
if "null" == timestamp or timestamp is None: # special case to avoid ugly JS code...

View File

@ -0,0 +1,3 @@
{
"server_config": "standard"
}

View File

@ -1,7 +1,7 @@
from cc.database import mongo
from jsonschema import Draft4Validator, validators
from cc.island_config import ISLAND_PORT
from cc.environment.environment import env
from cc.utils import local_ip_addresses
__author__ = "itay.mizeretz"
@ -885,8 +885,8 @@ class ConfigService:
@staticmethod
def set_server_ips_in_config(config):
ips = local_ip_addresses()
config["cnc"]["servers"]["command_servers"] = ["%s:%d" % (ip, ISLAND_PORT) for ip in ips]
config["cnc"]["servers"]["current_server"] = "%s:%d" % (ips[0], ISLAND_PORT)
config["cnc"]["servers"]["command_servers"] = ["%s:%d" % (ip, env.get_island_port()) for ip in ips]
config["cnc"]["servers"]["current_server"] = "%s:%d" % (ips[0], env.get_island_port())
@staticmethod
def save_initial_config_if_needed():

View File

@ -65,6 +65,8 @@
"core-js": "^2.5.1",
"fetch": "^1.1.0",
"js-file-download": "^0.4.1",
"json-loader": "^0.5.7",
"jwt-decode": "^2.2.0",
"normalize.css": "^4.0.0",
"prop-types": "^15.5.10",
"rc-progress": "^2.2.5",

View File

@ -0,0 +1,12 @@
import React from 'react';
import AuthService from '../services/AuthService';
class AuthComponent extends React.Component {
constructor(props) {
super(props);
this.auth = new AuthService();
this.authFetch = this.auth.authFetch;
}
}
export default AuthComponent;

View File

@ -1,5 +1,5 @@
import React from 'react';
import {NavLink, Route, BrowserRouter as Router} from 'react-router-dom';
import {BrowserRouter as Router, NavLink, Redirect, Route} from 'react-router-dom';
import {Col, Grid, Row} from 'react-bootstrap';
import {Icon} from 'react-fa';
@ -11,6 +11,8 @@ import TelemetryPage from 'components/pages/TelemetryPage';
import StartOverPage from 'components/pages/StartOverPage';
import ReportPage from 'components/pages/ReportPage';
import LicensePage from 'components/pages/LicensePage';
import AuthComponent from 'components/AuthComponent';
import LoginPageComponent from 'components/pages/LoginPage';
require('normalize.css/normalize.css');
require('react-data-components/css/table-twbs.css');
@ -22,21 +24,10 @@ let logoImage = require('../images/monkey-icon.svg');
let infectionMonkeyImage = require('../images/infection-monkey.svg');
let guardicoreLogoImage = require('../images/guardicore-logo.png');
class AppComponent extends React.Component {
constructor(props) {
super(props);
this.state = {
completedSteps: {
run_server: true,
run_monkey: false,
infection_done: false,
report_done: false
}
};
}
class AppComponent extends AuthComponent {
updateStatus = () => {
fetch('/api')
if (this.auth.loggedIn()){
this.authFetch('/api')
.then(res => res.json())
.then(res => {
// This check is used to prevent unnecessary re-rendering
@ -51,8 +42,37 @@ class AppComponent extends React.Component {
this.setState({completedSteps: res['completed_steps']});
}
});
}
};
renderRoute = (route_path, page_component, is_exact_path = false) => {
let render_func = (props) => {
if (this.auth.loggedIn()) {
return page_component;
} else {
return <Redirect to={{pathname: '/login'}}/>;
}
};
if (is_exact_path) {
return <Route exact path={route_path} render={render_func}/>;
} else {
return <Route path={route_path} render={render_func}/>;
}
};
constructor(props) {
super(props);
this.state = {
completedSteps: {
run_server: true,
run_monkey: false,
infection_done: false,
report_done: false
}
};
}
componentDidMount() {
this.updateStatus();
this.interval = setInterval(this.updateStatus, 2000);
@ -136,14 +156,15 @@ class AppComponent extends React.Component {
</div>
</Col>
<Col sm={9} md={10} smOffset={3} mdOffset={2} className="main">
<Route exact path="/" render={(props) => ( <RunServerPage onStatusChange={this.updateStatus} /> )} />
<Route path="/configure" render={(props) => ( <ConfigurePage onStatusChange={this.updateStatus} /> )} />
<Route path="/run-monkey" render={(props) => ( <RunMonkeyPage onStatusChange={this.updateStatus} /> )} />
<Route path="/infection/map" render={(props) => ( <MapPage onStatusChange={this.updateStatus} /> )} />
<Route path="/infection/telemetry" render={(props) => ( <TelemetryPage onStatusChange={this.updateStatus} /> )} />
<Route path="/start-over" render={(props) => ( <StartOverPage onStatusChange={this.updateStatus} /> )} />
<Route path="/report" render={(props) => ( <ReportPage onStatusChange={this.updateStatus} /> )} />
<Route path="/license" render={(props) => ( <LicensePage onStatusChange={this.updateStatus} /> )} />
<Route path='/login' render={(props) => (<LoginPageComponent onStatusChange={this.updateStatus}/>)}/>
{this.renderRoute('/', <RunServerPage onStatusChange={this.updateStatus}/>, true)}
{this.renderRoute('/configure', <ConfigurePage onStatusChange={this.updateStatus}/>)}
{this.renderRoute('/run-monkey', <RunMonkeyPage onStatusChange={this.updateStatus}/>)}
{this.renderRoute('/infection/map', <MapPage onStatusChange={this.updateStatus}/>)}
{this.renderRoute('/infection/telemetry', <TelemetryPage onStatusChange={this.updateStatus}/>)}
{this.renderRoute('/start-over', <StartOverPage onStatusChange={this.updateStatus}/>)}
{this.renderRoute('/report', <ReportPage onStatusChange={this.updateStatus}/>)}
{this.renderRoute('/license', <LicensePage onStatusChange={this.updateStatus}/>)}
</Col>
</Row>
</Grid>

View File

@ -2,8 +2,9 @@ import React from 'react';
import {Icon} from 'react-fa';
import Toggle from 'react-toggle';
import {OverlayTrigger, Tooltip} from 'react-bootstrap';
import AuthComponent from '../../AuthComponent';
class PreviewPaneComponent extends React.Component {
class PreviewPaneComponent extends AuthComponent {
generateToolTip(text) {
return (
@ -64,7 +65,7 @@ class PreviewPaneComponent extends React.Component {
forceKill(event, asset) {
let newConfig = asset.config;
newConfig['alive'] = !event.target.checked;
fetch('/api/monkey/' + asset.guid,
this.authFetch('/api/monkey/' + asset.guid,
{
method: 'PATCH',
headers: {'Content-Type': 'application/json'},

View File

@ -2,8 +2,9 @@ import React from 'react';
import Form from 'react-jsonschema-form';
import {Col, Nav, NavItem} from 'react-bootstrap';
import fileDownload from 'js-file-download';
import AuthComponent from '../AuthComponent';
class ConfigurePageComponent extends React.Component {
class ConfigurePageComponent extends AuthComponent {
constructor(props) {
super(props);
@ -23,7 +24,7 @@ class ConfigurePageComponent extends React.Component {
}
componentDidMount() {
fetch('/api/configuration')
this.authFetch('/api/configuration')
.then(res => res.json())
.then(res => {
let sections = [];
@ -43,7 +44,7 @@ class ConfigurePageComponent extends React.Component {
onSubmit = ({formData}) => {
this.currentFormData = formData;
this.updateConfigSection();
fetch('/api/configuration',
this.authFetch('/api/configuration',
{
method: 'POST',
headers: {'Content-Type': 'application/json'},
@ -82,7 +83,7 @@ class ConfigurePageComponent extends React.Component {
};
resetConfig = () => {
fetch('/api/configuration',
this.authFetch('/api/configuration',
{
method: 'POST',
headers: {'Content-Type': 'application/json'},
@ -126,7 +127,7 @@ class ConfigurePageComponent extends React.Component {
};
updateMonkeysRunning = () => {
fetch('/api')
this.authFetch('/api')
.then(res => res.json())
.then(res => {
// This check is used to prevent unnecessary re-rendering

View File

@ -0,0 +1,78 @@
import React from 'react';
import {Col} from 'react-bootstrap';
import AuthService from '../../services/AuthService'
class LoginPageComponent extends React.Component {
login = () => {
this.auth.login(this.username, this.password).then(res => {
if (res['result']) {
this.redirectToHome();
} else {
this.setState({failed: true});
}
});
};
updateUsername = (evt) => {
this.username = evt.target.value;
};
updatePassword = (evt) => {
this.password = evt.target.value;
};
redirectToHome = () => {
window.location.href = '/';
};
constructor(props) {
super(props);
this.username = '';
this.password = '';
this.auth = new AuthService();
this.state = {
failed: false
};
if (this.auth.loggedIn()) {
this.redirectToHome();
}
}
render() {
return (
<Col xs={12} lg={8}>
<h1 className="page-title">Login</h1>
<div className="col-sm-6 col-sm-offset-3" style={{'fontSize': '1.2em'}}>
<div className="panel panel-default">
<div className="panel-heading text-center">
<b>Login</b>
</div>
<div className="panel-body">
<div className="input-group center-block text-center">
<input type="text" className="form-control" placeholder="Username"
onChange={evt => this.updateUsername(evt)}/>
<input type="password" className="form-control" placeholder="Password"
onChange={evt => this.updatePassword(evt)}/>
<button type="button" className="btn btn-primary btn-lg" style={{margin: '5px'}}
onClick={() => {
this.login()
}}>
Login
</button>
{
this.state.failed ?
<div className="alert alert-danger" role="alert">Login failed. Bad credentials.</div>
:
''
}
</div>
</div>
</div>
</div>
</Col>
);
}
}
export default LoginPageComponent;

View File

@ -6,8 +6,9 @@ import PreviewPane from 'components/map/preview-pane/PreviewPane';
import {ReactiveGraph} from 'components/reactive-graph/ReactiveGraph';
import {ModalContainer, ModalDialog} from 'react-modal-dialog';
import {options, edgeGroupToColor} from 'components/map/MapOptions';
import AuthComponent from '../AuthComponent';
class MapPageComponent extends React.Component {
class MapPageComponent extends AuthComponent {
constructor(props) {
super(props);
this.state = {
@ -40,7 +41,7 @@ class MapPageComponent extends React.Component {
};
updateMapFromServer = () => {
fetch('/api/netmap')
this.authFetch('/api/netmap')
.then(res => res.json())
.then(res => {
res.edges.forEach(edge => {
@ -52,7 +53,7 @@ class MapPageComponent extends React.Component {
};
updateTelemetryFromServer = () => {
fetch('/api/telemetry-feed?timestamp='+this.state.telemetryLastTimestamp)
this.authFetch('/api/telemetry-feed?timestamp='+this.state.telemetryLastTimestamp)
.then(res => res.json())
.then(res => {
let newTelem = this.state.telemetry.concat(res['telemetries']);
@ -68,7 +69,7 @@ class MapPageComponent extends React.Component {
selectionChanged(event) {
if (event.nodes.length === 1) {
fetch('/api/netmap/node?id=' + event.nodes[0])
this.authFetch('/api/netmap/node?id=' + event.nodes[0])
.then(res => res.json())
.then(res => this.setState({selected: res, selectedType: 'node'}));
}
@ -80,7 +81,7 @@ class MapPageComponent extends React.Component {
if (displayedEdge['group'] === 'island') {
this.setState({selected: displayedEdge, selectedType: 'island_edge'});
} else {
fetch('/api/netmap/edge?id=' + event.edges[0])
this.authFetch('/api/netmap/edge?id=' + event.edges[0])
.then(res => res.json())
.then(res => this.setState({selected: res.edge, selectedType: 'edge'}));
}
@ -91,7 +92,7 @@ class MapPageComponent extends React.Component {
}
killAllMonkeys = () => {
fetch('/api?action=killall')
this.authFetch('/api?action=killall')
.then(res => res.json())
.then(res => this.setState({killPressed: (res.status === 'OK')}));
};

View File

@ -7,11 +7,12 @@ import {edgeGroupToColor, options} from 'components/map/MapOptions';
import StolenPasswords from 'components/report-components/StolenPasswords';
import CollapsibleWellComponent from 'components/report-components/CollapsibleWell';
import {Line} from 'rc-progress';
import AuthComponent from '../AuthComponent';
let guardicoreLogoImage = require('../../images/guardicore-logo.png');
let monkeyLogoImage = require('../../images/monkey-icon.svg');
class ReportPageComponent extends React.Component {
class ReportPageComponent extends AuthComponent {
Issue =
{
@ -76,7 +77,7 @@ class ReportPageComponent extends React.Component {
}
updateMonkeysRunning = () => {
return fetch('/api')
return this.authFetch('/api')
.then(res => res.json())
.then(res => {
// This check is used to prevent unnecessary re-rendering
@ -89,7 +90,7 @@ class ReportPageComponent extends React.Component {
};
updateMapFromServer = () => {
fetch('/api/netmap')
this.authFetch('/api/netmap')
.then(res => res.json())
.then(res => {
res.edges.forEach(edge => {
@ -102,7 +103,7 @@ class ReportPageComponent extends React.Component {
getReportFromServer(res) {
if (res['completed_steps']['run_monkey']) {
fetch('/api/report')
this.authFetch('/api/report')
.then(res => res.json())
.then(res => {
this.setState({

View File

@ -3,8 +3,9 @@ import {Button, Col, Well, Nav, NavItem, Collapse} from 'react-bootstrap';
import CopyToClipboard from 'react-copy-to-clipboard';
import {Icon} from 'react-fa';
import {Link} from 'react-router-dom';
import AuthComponent from '../AuthComponent';
class RunMonkeyPageComponent extends React.Component {
class RunMonkeyPageComponent extends AuthComponent {
constructor(props) {
super(props);
@ -19,14 +20,14 @@ class RunMonkeyPageComponent extends React.Component {
}
componentDidMount() {
fetch('/api')
this.authFetch('/api')
.then(res => res.json())
.then(res => this.setState({
ips: res['ip_addresses'],
selectedIp: res['ip_addresses'][0]
}));
fetch('/api/local-monkey')
this.authFetch('/api/local-monkey')
.then(res => res.json())
.then(res =>{
if (res['is_running']) {
@ -36,7 +37,7 @@ class RunMonkeyPageComponent extends React.Component {
}
});
fetch('/api/client-monkey')
this.authFetch('/api/client-monkey')
.then(res => res.json())
.then(res => {
if (res['is_running']) {
@ -60,7 +61,7 @@ class RunMonkeyPageComponent extends React.Component {
}
runLocalMonkey = () => {
fetch('/api/local-monkey',
this.authFetch('/api/local-monkey',
{
method: 'POST',
headers: {'Content-Type': 'application/json'},

View File

@ -12,7 +12,8 @@ class RunServerPageComponent extends React.Component {
<Col xs={12} lg={8}>
<h1 className="page-title">1. Monkey Island Server</h1>
<div style={{'fontSize': '1.2em'}}>
<p style={{'marginTop': '30px'}}>Congrats! You have successfully set up the Monkey Island server. &#x1F44F; &#x1F44F;</p>
<p style={{'marginTop': '30px'}}>Congrats! You have successfully set up the Monkey Island
server. &#x1F44F; &#x1F44F;</p>
<p>
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter
breaches and internal server infections.
@ -20,7 +21,8 @@ class RunServerPageComponent extends React.Component {
center and reports to this Monkey Island Command and Control server.
</p>
<p>
To read more about the Monkey, visit <a href="http://infectionmonkey.com" target="_blank">infectionmonkey.com</a>
To read more about the Monkey, visit <a href="http://infectionmonkey.com"
target="_blank">infectionmonkey.com</a>
</p>
<p>
Go ahead and <Link to="/run-monkey">run the monkey</Link>.

View File

@ -2,8 +2,9 @@ import React from 'react';
import {Col} from 'react-bootstrap';
import {Link} from 'react-router-dom';
import {ModalContainer, ModalDialog} from 'react-modal-dialog';
import AuthComponent from '../AuthComponent';
class StartOverPageComponent extends React.Component {
class StartOverPageComponent extends AuthComponent {
constructor(props) {
super(props);
@ -15,7 +16,7 @@ class StartOverPageComponent extends React.Component {
}
updateMonkeysRunning = () => {
fetch('/api')
this.authFetch('/api')
.then(res => res.json())
.then(res => {
// This check is used to prevent unnecessary re-rendering
@ -104,7 +105,7 @@ class StartOverPageComponent extends React.Component {
this.setState({
cleaned: false
});
fetch('/api?action=reset')
this.authFetch('/api?action=reset')
.then(res => res.json())
.then(res => {
if (res['status'] === 'OK') {

View File

@ -2,6 +2,7 @@ import React from 'react';
import {Col} from 'react-bootstrap';
import JSONTree from 'react-json-tree'
import {DataTable} from 'react-data-components';
import AuthComponent from '../AuthComponent';
const renderJson = (val) => <JSONTree data={val} level={1} theme="eighties" invertTheme={true} />;
const renderTime = (val) => val.split('.')[0];
@ -13,7 +14,7 @@ const columns = [
{ title: 'Details', prop: 'data', render: renderJson, width: '40%' }
];
class TelemetryPageComponent extends React.Component {
class TelemetryPageComponent extends AuthComponent {
constructor(props) {
super(props);
this.state = {
@ -22,7 +23,7 @@ class TelemetryPageComponent extends React.Component {
}
componentDidMount = () => {
fetch('/api/telemetry')
this.authFetch('/api/telemetry')
.then(res => res.json())
.then(res => this.setState({data: res.objects}));
};

Binary file not shown.

Before

Width:  |  Height:  |  Size: 24 KiB

After

Width:  |  Height:  |  Size: 108 KiB

View File

@ -0,0 +1,9 @@
import BaseConfig from './BaseConfig';
class AwsConfig extends BaseConfig{
isAuthEnabled() {
return true;
}
}
export default AwsConfig;

View File

@ -0,0 +1,8 @@
class BaseConfig {
isAuthEnabled() {
throw new Error('Abstract function');
}
}
export default BaseConfig;

View File

@ -0,0 +1,12 @@
import StandardConfig from './StandardConfig';
import AwsConfig from './AwsConfig';
const SERVER_CONFIG_JSON = require('json-loader!../../../server_config.json');
const CONFIG_DICT =
{
'standard': StandardConfig,
'aws': AwsConfig
};
export const SERVER_CONFIG = new CONFIG_DICT[SERVER_CONFIG_JSON['server_config']]();

View File

@ -0,0 +1,10 @@
import BaseConfig from './BaseConfig';
class StandardConfig extends BaseConfig {
isAuthEnabled () {
return false;
}
}
export default StandardConfig;

View File

@ -0,0 +1,106 @@
import decode from 'jwt-decode';
import {SERVER_CONFIG} from '../server_config/ServerConfig';
export default class AuthService {
AUTH_ENABLED = SERVER_CONFIG.isAuthEnabled();
login = (username, password) => {
if (this.AUTH_ENABLED) {
return this._login(username, password);
} else {
return {result: true};
}
};
authFetch = (url, options) => {
if (this.AUTH_ENABLED) {
return this._authFetch(url, options);
} else {
return fetch(url, options);
}
};
_login = (username, password) => {
return this._authFetch('/api/auth', {
method: 'POST',
body: JSON.stringify({
username,
password
})
}).then(response => response.json())
.then(res => {
if (res.hasOwnProperty('access_token')) {
this._setToken(res['access_token']);
return {result: true};
} else {
this._removeToken();
return {result: false};
}
})
};
_authFetch = (url, options = {}) => {
const headers = {
'Accept': 'application/json',
'Content-Type': 'application/json'
};
if (this.loggedIn()) {
headers['Authorization'] = 'JWT ' + this._getToken();
}
if (options.hasOwnProperty('headers')) {
for (let header in headers) {
options['headers'][header] = headers[header];
}
} else {
options['headers'] = headers;
}
return fetch(url, options)
.then(res => {
if (res.status === 401) {
this._removeToken();
}
return res;
});
};
loggedIn() {
if (!this.AUTH_ENABLED) {
return true;
}
const token = this._getToken();
return ((token !== null) && !this._isTokenExpired(token));
}
logout() {
if (this.AUTH_ENABLED) {
this._removeToken();
}
}
_isTokenExpired(token) {
try {
return decode(token)['exp'] < Date.now() / 1000;
}
catch (err) {
return false;
}
}
_setToken(idToken) {
localStorage.setItem('jwt', idToken);
}
_removeToken() {
localStorage.removeItem('jwt');
}
_getToken() {
return localStorage.getItem('jwt')
}
}

View File

@ -8,6 +8,7 @@ click
flask
Flask-Pymongo
Flask-Restful
Flask-JWT
jsonschema
netifaces
ipaddress

View File

@ -8,6 +8,7 @@ click
flask
Flask-Pymongo
Flask-Restful
Flask-JWT
jsonschema
netifaces
ipaddress