Commit Graph

48 Commits

Author SHA1 Message Date
Shreya Malviya 1f2867a70a Project: Add ProcessListCollection to Vulture's allowlist 2022-03-29 14:20:29 +03:00
Mike Salvatore 4316329384 Project: Add strict_slashes to vulture_allowlist 2022-03-25 07:57:54 -04:00
Mike Salvatore a1d08abe19 Project: Rename EXPLOITED_* to PROPAGATED_*
These states were renamed in 5e3829aab and 2c8aef6d8
2022-03-25 07:57:54 -04:00
Mike Salvatore bfd9084ce1 Project: Add architecture parameter to vulture_allowlist 2022-03-16 13:39:39 -04:00
Mike Salvatore cd3f5e7f16 Project: Add get_file_sha256_hash() to vulture_allowlist.py 2022-03-16 13:38:33 -04:00
vakarisz 1d15288b64 Agent, Island: remove/rename system info collection infrastructure
System info collectors got replaced with credential collectors. Infrastructure in the code needs to be renamed accordingly
2022-03-01 14:54:20 +02:00
vakarisz afc98667c4 Island: remove unused "creds" properties from monkey model 2022-02-25 15:38:36 +02:00
Shreya Malviya a599edec15 Project: Remove ELASTIC exploiter descriptor enum from Vulture's allowlist 2022-02-24 15:12:00 +05:30
Ilija Lazoroski d8e203dd50 Project: Change readme and remove shellshock from vulture 2022-02-23 13:50:12 +01:00
Shreya Malviya fcfa01223d Project: Remove ProcessListCollector from Vulture allowlist 2022-02-16 17:06:17 +05:30
Ilija Lazoroski 7f6496b330 Island, UT: Remove system info AWS Collector 2022-02-14 12:00:08 +01:00
Shreya Malviya 9dc0a6ed6f Project: Remove removed Scoutsuite constants from Vulture allowlist 2022-02-09 14:27:20 +05:30
Shreya Malviya 2c88d6053c Project: Remove deleted constants from Vulture's allowlist 2022-02-01 16:40:06 +01:00
Ilija Lazoroski b5c51bedc1 Island, UT: Remove Bootloader endpoint 2022-02-01 15:32:13 +01:00
Ilija Lazoroski ff87252a24 Agent, Island: Remove MS08_67 exploiter 2022-01-31 11:11:33 +01:00
Mike Salvatore e1cf4fa9c2 Merge branch 'release/1.13.0' into agent-refactor 2022-01-25 13:35:49 -05:00
vakarisz a5a4957c29 Agent: small readability and style improvements 2022-01-18 15:01:47 +02:00
vakarisz 9d5ea0f41f Island: add log4shell issue processing and reporting 2022-01-06 12:26:00 +02:00
vakarisz c382987430 Project: vulture allow LDAPServerFactory.buildProtocol 2022-01-05 15:18:12 +02:00
Ilija Lazoroski c129e2f4b0 Project: Remove mysqlfinger references in Vulture 2021-12-14 14:54:20 +01:00
VakarisZ 4fdd3370ca Island, UI: implement the endpoint for stopping all monkeys, change the UI to call this endpoint and send a timestamp of button press 2021-12-08 14:48:57 +02:00
Mike Salvatore 137afa6473 Agent: Don't register new signal handler in monkey.py (for now)
The signal handler is not quite ready for prime time. Issue #1595 and
issue #1597 will need to be resolved before the signal handler can be
fully ready. For now, don't register the signal handler.
2021-11-24 13:46:18 -05:00
Shreya Malviya 7b0f08ee54 Agent: Finish implementing MockMaster
Also modified ExploitTelem and PostBreachTelem internals, and
MockPuppet.
2021-11-24 13:54:46 +05:30
Ilija Lazoroski 839024f243 Island: Fix formatting in config 2021-11-23 15:20:19 +01:00
Mike Salvatore 4fc484cd8d Agent: Add a preliminary MockPuppet implementation 2021-11-22 13:05:30 -05:00
VakarisZ a8d6f936f1 Agent, Island: remove hostname collector 2021-11-17 11:30:12 +02:00
VakarisZ 0175199540 Island, Agent: remove environment collector 2021-11-16 17:49:38 +02:00
VakarisZ f5c8db979f Project: remove remaining sambacry exploiter references in performance.py config template, vulture_allowlist.py and monkey_config_standard.json unit test data file 2021-11-10 15:44:05 +02:00
Shreya Malviya ee79ea0a9d Project: Remove variable 'VSFTPD' from Vulture's allowlist 2021-10-29 18:15:38 +05:30
VakarisZ 8b9ddb0c4b Removed unnecessary vulture ignores from whitelist 2021-09-28 11:04:42 +03:00
VakarisZ e6ad125be9 Change the telemetry model to have a method for fetching the telemetries based on queries.
Telemetry code mainly uses queries and mongoengine has no good way of field encryption, that's why this method prefers to handle queries rather than Telemetry models
2021-09-24 13:31:26 +03:00
VakarisZ c7e91c5784 Add report model and a unit test for it's encryption 2021-09-21 10:39:39 +03:00
Mike Salvatore 805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
Mike Salvatore 8aedc2c391 Agent: Add pyinstaller hooks for pypsrp 2021-08-25 14:44:31 -04:00
Ilija Lazoroski 5cee9443ff Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00
Shreya Malviya b6c3623e74 agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting') 2021-08-24 13:15:47 +05:30
VakarisZ 2b71fb80c7 Fixed missing powershell exploiter report components. 2021-08-24 11:40:39 +05:30
VakarisZ 9966c54fe2 Added powershell remoting exploiter. 2021-08-24 11:40:39 +05:30
VakarisZ 91ca828c72 Monkey: add launch time to the monkey collection
Launch time is needed if we want to tell the user when exactly the exploit occurred/monkey got run
2021-07-26 11:28:40 +03:00
Ilija Lazoroski 81a8ccf673 Island: Return empty post status for island mode 2021-07-13 10:25:48 -04:00
Mike Salvatore 96fc33025e Island: Redirect gevent tracebacks to file and log exceptions
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.

Fixes #859
2021-07-06 08:39:30 -04:00
Mike Salvatore 01b9c41c6e Remove mock_home_env() from vulture_allowlist.py 2021-07-02 18:59:24 -04:00
Mike Salvatore 6307606010 Remove get_files_to_encrypt from Vulture's allow list 2021-06-23 07:14:57 -04:00
Shreya 5b64ea5151 agent: ransomware: Iterate through files in directory and get list of files to encrypt 2021-06-22 19:30:44 +05:30
VakarisZ fc1f12c24d Implemented safety check on import. 2021-06-03 17:02:12 +03:00
VakarisZ 9fcfaac781 Improved exceptions thrown in configuration decryption and unit tests. 2021-06-03 17:01:56 +03:00
Shreya 52b57a7166 Have Vulture skip tests/ instead of tests/unit_tests/ 2021-06-03 11:57:44 +05:30
Shreya b69c1c531a Rename vulture_whitelist.py -> vultue_allowlist.py 2021-06-02 13:08:37 +05:30