forked from p15670423/monkey
Added advanced selector component to all config definitions, refactored it in a way that allows to define all advanced selector properties on config_schema.py
This commit is contained in:
parent
6a824efab3
commit
fb9428b8a3
|
@ -9,6 +9,7 @@ SCHEMA = {
|
||||||
"definitions": {
|
"definitions": {
|
||||||
"exploiter_classes": {
|
"exploiter_classes": {
|
||||||
"title": "Exploit class",
|
"title": "Exploit class",
|
||||||
|
"description": "Click on exploiter to get more information about it.",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"anyOf": [
|
"anyOf": [
|
||||||
{
|
{
|
||||||
|
@ -70,7 +71,8 @@ SCHEMA = {
|
||||||
"ShellShockExploiter"
|
"ShellShockExploiter"
|
||||||
],
|
],
|
||||||
"title": "ShellShock Exploiter",
|
"title": "ShellShock Exploiter",
|
||||||
"info": "CVE-2014-6271, based on logic in NCC group's github.",
|
"info": "CVE-2014-6271, based on logic from "
|
||||||
|
"https://github.com/nccgroup/shocker/blob/master/shocker.py .",
|
||||||
"link": "https://github.com/guardicore/monkey/wiki/Exploiters"
|
"link": "https://github.com/guardicore/monkey/wiki/Exploiters"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -97,7 +99,8 @@ SCHEMA = {
|
||||||
"Struts2Exploiter"
|
"Struts2Exploiter"
|
||||||
],
|
],
|
||||||
"title": "Struts2 Exploiter",
|
"title": "Struts2 Exploiter",
|
||||||
"info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on this PoC.",
|
"info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on "
|
||||||
|
"https://www.exploit-db.com/exploits/41570 .",
|
||||||
"link": "https://github.com/guardicore/monkey/wiki/Exploiters"
|
"link": "https://github.com/guardicore/monkey/wiki/Exploiters"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -133,6 +136,7 @@ SCHEMA = {
|
||||||
},
|
},
|
||||||
"system_info_collectors_classes": {
|
"system_info_collectors_classes": {
|
||||||
"title": "System Information Collectors",
|
"title": "System Information Collectors",
|
||||||
|
"description": "Click on a system info collector to find out what it collects.",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"anyOf": [
|
"anyOf": [
|
||||||
{
|
{
|
||||||
|
@ -140,7 +144,8 @@ SCHEMA = {
|
||||||
"enum": [
|
"enum": [
|
||||||
ENVIRONMENT_COLLECTOR
|
ENVIRONMENT_COLLECTOR
|
||||||
],
|
],
|
||||||
"title": "Collect which environment this machine is on (on prem/cloud)",
|
"title": "Environment collector",
|
||||||
|
"info": "Collects information about machine's environment (on premise/GCP/AWS).",
|
||||||
"attack_techniques": []
|
"attack_techniques": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -148,7 +153,8 @@ SCHEMA = {
|
||||||
"enum": [
|
"enum": [
|
||||||
AWS_COLLECTOR
|
AWS_COLLECTOR
|
||||||
],
|
],
|
||||||
"title": "If on AWS, collect more information about the instance",
|
"title": "AWS collector",
|
||||||
|
"info": "If on AWS, collects more information about the AWS instance currently running on.",
|
||||||
"attack_techniques": []
|
"attack_techniques": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -156,7 +162,8 @@ SCHEMA = {
|
||||||
"enum": [
|
"enum": [
|
||||||
HOSTNAME_COLLECTOR
|
HOSTNAME_COLLECTOR
|
||||||
],
|
],
|
||||||
"title": "Collect the machine's hostname",
|
"title": "Hostname collector",
|
||||||
|
"info": "Collects machine's hostname.",
|
||||||
"attack_techniques": []
|
"attack_techniques": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -164,13 +171,16 @@ SCHEMA = {
|
||||||
"enum": [
|
"enum": [
|
||||||
PROCESS_LIST_COLLECTOR
|
PROCESS_LIST_COLLECTOR
|
||||||
],
|
],
|
||||||
"title": "Collect running processes on the machine",
|
"title": "Process list collector",
|
||||||
|
"info": "Collects a list of running processes on the machine.",
|
||||||
"attack_techniques": []
|
"attack_techniques": []
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
"post_breach_actions": {
|
"post_breach_actions": {
|
||||||
"title": "Post breach actions",
|
"title": "Post breach actions",
|
||||||
|
"description": "Runs scripts/commands on infected machines. These actions safely simulate what an adversary"
|
||||||
|
"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"anyOf": [
|
"anyOf": [
|
||||||
{
|
{
|
||||||
|
@ -179,6 +189,7 @@ SCHEMA = {
|
||||||
"BackdoorUser"
|
"BackdoorUser"
|
||||||
],
|
],
|
||||||
"title": "Back door user",
|
"title": "Back door user",
|
||||||
|
"info": "Attempts to create a new user on the system and delete it afterwards.",
|
||||||
"attack_techniques": ["T1136"]
|
"attack_techniques": ["T1136"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -187,6 +198,8 @@ SCHEMA = {
|
||||||
"CommunicateAsNewUser"
|
"CommunicateAsNewUser"
|
||||||
],
|
],
|
||||||
"title": "Communicate as new user",
|
"title": "Communicate as new user",
|
||||||
|
"info": "Attempts to create a new user, create HTTPS requests as that user and delete the user "
|
||||||
|
"afterwards.",
|
||||||
"attack_techniques": ["T1136"]
|
"attack_techniques": ["T1136"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -195,6 +208,8 @@ SCHEMA = {
|
||||||
"ModifyShellStartupFiles"
|
"ModifyShellStartupFiles"
|
||||||
],
|
],
|
||||||
"title": "Modify shell startup files",
|
"title": "Modify shell startup files",
|
||||||
|
"info": "Attempts to modify shell startup files, like ~/.profile, ~/.bashrc, ~/.bash_profile "
|
||||||
|
"in linux, and profile.ps1 in windows. Reverts modifications done afterwards.",
|
||||||
"attack_techniques": ["T1156", "T1504"]
|
"attack_techniques": ["T1156", "T1504"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -203,12 +218,15 @@ SCHEMA = {
|
||||||
"HiddenFiles"
|
"HiddenFiles"
|
||||||
],
|
],
|
||||||
"title": "Hidden files and directories",
|
"title": "Hidden files and directories",
|
||||||
|
"info": "Attempts to create a hidden file and remove it afterward.",
|
||||||
"attack_techniques": ["T1158"]
|
"attack_techniques": ["T1158"]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
"finger_classes": {
|
"finger_classes": {
|
||||||
"title": "Fingerprint class",
|
"title": "Fingerprint class",
|
||||||
|
"description": "Fingerprint modules collect info about external services "
|
||||||
|
"Infection Monkey scans.",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"anyOf": [
|
"anyOf": [
|
||||||
{
|
{
|
||||||
|
@ -217,6 +235,7 @@ SCHEMA = {
|
||||||
"SMBFinger"
|
"SMBFinger"
|
||||||
],
|
],
|
||||||
"title": "SMBFinger",
|
"title": "SMBFinger",
|
||||||
|
"info": "Figures out if SMB is running and what's the version of it.",
|
||||||
"attack_techniques": ["T1210"]
|
"attack_techniques": ["T1210"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -225,6 +244,7 @@ SCHEMA = {
|
||||||
"SSHFinger"
|
"SSHFinger"
|
||||||
],
|
],
|
||||||
"title": "SSHFinger",
|
"title": "SSHFinger",
|
||||||
|
"info": "Figures out if SSH is running.",
|
||||||
"attack_techniques": ["T1210"]
|
"attack_techniques": ["T1210"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -232,14 +252,16 @@ SCHEMA = {
|
||||||
"enum": [
|
"enum": [
|
||||||
"PingScanner"
|
"PingScanner"
|
||||||
],
|
],
|
||||||
"title": "PingScanner"
|
"title": "PingScanner",
|
||||||
|
"info": "Tries to identify if host is alive and which OS it's running by ping scan."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"enum": [
|
"enum": [
|
||||||
"HTTPFinger"
|
"HTTPFinger"
|
||||||
],
|
],
|
||||||
"title": "HTTPFinger"
|
"title": "HTTPFinger",
|
||||||
|
"info": "Checks if host has HTTP/HTTPS ports open."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
|
@ -247,6 +269,7 @@ SCHEMA = {
|
||||||
"MySQLFinger"
|
"MySQLFinger"
|
||||||
],
|
],
|
||||||
"title": "MySQLFinger",
|
"title": "MySQLFinger",
|
||||||
|
"info": "Checks if MySQL server is running and tries to get it's version.",
|
||||||
"attack_techniques": ["T1210"]
|
"attack_techniques": ["T1210"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -255,6 +278,7 @@ SCHEMA = {
|
||||||
"MSSQLFinger"
|
"MSSQLFinger"
|
||||||
],
|
],
|
||||||
"title": "MSSQLFinger",
|
"title": "MSSQLFinger",
|
||||||
|
"info": "Checks if Microsoft SQL service is running and tries to gather information about it.",
|
||||||
"attack_techniques": ["T1210"]
|
"attack_techniques": ["T1210"]
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -264,6 +288,7 @@ SCHEMA = {
|
||||||
"ElasticFinger"
|
"ElasticFinger"
|
||||||
],
|
],
|
||||||
"title": "ElasticFinger",
|
"title": "ElasticFinger",
|
||||||
|
"info": "Checks if ElasticSearch is running and attempts to find it's version.",
|
||||||
"attack_techniques": ["T1210"]
|
"attack_techniques": ["T1210"]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
@ -9,6 +9,11 @@ export default function UiSchema(props) {
|
||||||
},
|
},
|
||||||
basic_network: {},
|
basic_network: {},
|
||||||
monkey: {
|
monkey: {
|
||||||
|
general: {
|
||||||
|
post_breach_actions: {
|
||||||
|
'ui:widget': AdvancedMultiSelect
|
||||||
|
}
|
||||||
|
},
|
||||||
behaviour: {
|
behaviour: {
|
||||||
custom_PBA_linux_cmd: {
|
custom_PBA_linux_cmd: {
|
||||||
'ui:widget': 'textarea',
|
'ui:widget': 'textarea',
|
||||||
|
@ -42,6 +47,11 @@ export default function UiSchema(props) {
|
||||||
classNames: 'windows-pba-file-info',
|
classNames: 'windows-pba-file-info',
|
||||||
'ui:emptyValue': ''
|
'ui:emptyValue': ''
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
system_info: {
|
||||||
|
system_info_collectors_classes: {
|
||||||
|
'ui:widget': AdvancedMultiSelect
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
cnc: {},
|
cnc: {},
|
||||||
|
@ -49,19 +59,18 @@ export default function UiSchema(props) {
|
||||||
exploits: {
|
exploits: {
|
||||||
general: {
|
general: {
|
||||||
exploiter_classes: {
|
exploiter_classes: {
|
||||||
'ui:widget': AdvancedMultiSelect,
|
'ui:widget': AdvancedMultiSelect
|
||||||
'ui:options': {
|
|
||||||
defaultPaneParams: {
|
|
||||||
title: 'Exploiters',
|
|
||||||
content: 'Click on exploiter to get more information about it.'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
internal: {
|
internal: {
|
||||||
general: {
|
general: {
|
||||||
started_on_island: {'ui:widget': 'hidden'}
|
started_on_island: {'ui:widget': 'hidden'}
|
||||||
|
},
|
||||||
|
classes: {
|
||||||
|
finger_classes: {
|
||||||
|
'ui:widget': AdvancedMultiSelect
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,9 +32,12 @@ function onMasterCheckboxClick(checkboxValue, defaultArray, onChangeFnc) {
|
||||||
// Definitions passed to components only contains value and label,
|
// Definitions passed to components only contains value and label,
|
||||||
// custom fields like "info" or "links" must be pulled from registry object using this function
|
// custom fields like "info" or "links" must be pulled from registry object using this function
|
||||||
function getFullDefinitionsFromRegistry(refString, registry) {
|
function getFullDefinitionsFromRegistry(refString, registry) {
|
||||||
|
return getObjectFromRegistryByRef(refString, registry).anyOf;
|
||||||
|
}
|
||||||
|
|
||||||
|
function getObjectFromRegistryByRef(refString, registry) {
|
||||||
let refArray = refString.replace('#', '').split('/');
|
let refArray = refString.replace('#', '').split('/');
|
||||||
let definitionObject = resolveObjectPath(refArray, registry);
|
return resolveObjectPath(refArray, registry);
|
||||||
return definitionObject.anyOf;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function getFullDefinitionByKey(refString, registry, itemKey) {
|
function getFullDefinitionByKey(refString, registry, itemKey) {
|
||||||
|
@ -47,6 +50,11 @@ function setPaneInfo(refString, registry, itemKey, setPaneInfoFnc) {
|
||||||
setPaneInfoFnc({title: definitionObj.title, content: definitionObj.info, link: definitionObj.link});
|
setPaneInfoFnc({title: definitionObj.title, content: definitionObj.info, link: definitionObj.link});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function getDefaultPaneParams(refString, registry){
|
||||||
|
let configSection = getObjectFromRegistryByRef(refString, registry);
|
||||||
|
return ({title: configSection.title, content: configSection.description});
|
||||||
|
}
|
||||||
|
|
||||||
function AdvancedMultiSelect(props) {
|
function AdvancedMultiSelect(props) {
|
||||||
const [masterCheckbox, setMasterCheckbox] = useState(true);
|
const [masterCheckbox, setMasterCheckbox] = useState(true);
|
||||||
const {
|
const {
|
||||||
|
@ -62,8 +70,9 @@ function AdvancedMultiSelect(props) {
|
||||||
onChange,
|
onChange,
|
||||||
registry
|
registry
|
||||||
} = props;
|
} = props;
|
||||||
const {enumOptions, defaultPaneParams} = options;
|
const {enumOptions} = options;
|
||||||
const [infoPaneParams, setInfoPaneParams] = useState(defaultPaneParams);
|
const [infoPaneParams, setInfoPaneParams] = useState(getDefaultPaneParams(schema.items.$ref, registry));
|
||||||
|
getDefaultPaneParams(schema.items.$ref, registry);
|
||||||
const selectValue = cloneDeep(value);
|
const selectValue = cloneDeep(value);
|
||||||
return (
|
return (
|
||||||
<div className={'advanced-multi-select'}>
|
<div className={'advanced-multi-select'}>
|
||||||
|
|
|
@ -1,16 +1,14 @@
|
||||||
const defaultMinHeight = 50
|
const defaultMinHeight = 25
|
||||||
const defaultMaxHeight = 300
|
const defaultMaxHeight = 250
|
||||||
const defaultSubcomponentHeight = 15
|
const defaultSubcomponentHeight = 25
|
||||||
|
|
||||||
export function getComponentHeight(subcomponentCount,
|
export function getComponentHeight(subcomponentCount,
|
||||||
subcomponentHeight = defaultSubcomponentHeight,
|
subcomponentHeight = defaultSubcomponentHeight,
|
||||||
minHeight = defaultMinHeight,
|
minHeight = defaultMinHeight,
|
||||||
maxHeight = defaultMaxHeight) {
|
maxHeight = defaultMaxHeight) {
|
||||||
let height = subcomponentHeight * subcomponentCount;
|
let height = defaultMinHeight + (subcomponentHeight*subcomponentCount);
|
||||||
if (height > maxHeight)
|
if (height > maxHeight)
|
||||||
height = maxHeight
|
height = maxHeight
|
||||||
else if (height < minHeight)
|
|
||||||
height = minHeight
|
|
||||||
|
|
||||||
return height
|
return height
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
.advanced-multi-select .choice-block .form-group button {
|
.advanced-multi-select .choice-block .form-group button {
|
||||||
margin: 0 5px 3px 10px;
|
margin: 0 3px 3px 12px;
|
||||||
padding: 0;
|
padding: 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue