p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,808 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

2718 Commits

Author SHA1 Message Date
VakarisZ 64018eb373 Extracted home environment mocking into a reusable fixture and added a todo, to move it to our fixture list 2021-03-31 07:37:49 -04:00
VakarisZ ef1ef3475b Extracted island argument parsing into a separate file 2021-03-31 07:37:49 -04:00
Mike Salvatore 21e0b5170b cc: explicitly cast tmpdir to str in test_island_logger.py 2021-03-31 07:37:49 -04:00
Mike Salvatore 1f57610005 monkey_island.py: Add TODO to refactor argument handling 2021-03-31 07:37:49 -04:00
Mike Salvatore e6bf085d12 address some flake8 errors 2021-03-31 07:37:49 -04:00
Mike Salvatore 5b781c50a4 cc: rename DEFAULT_LOGGING_CONFIG_PATH -> DEFAULT_LOGGER_CONFIG_PATH 2021-03-31 07:37:49 -04:00
Mike Salvatore 74e0dfddc5 cc: expand "~" in log file configuration 2021-03-31 07:37:49 -04:00
Mike Salvatore 8b3703816d run black to format monkey_island.py 2021-03-31 07:37:49 -04:00
Mike Salvatore e8bb2e6be2 cc: allow logger config to be specified at runtime 2021-03-31 07:37:49 -04:00
Mike Salvatore 4cb28db3bc cc: reformat island_logger.py for readability 
1. Adjusted some spacing and indentation
2. Reformatted with Black
 2021-03-31 07:36:07 -04:00
Mike Salvatore fef44bcd05 cc: deploy "develop" environment by default 2021-03-31 07:36:07 -04:00
Mike Salvatore fc2f8eca45 cc: remove unnecessary private constants in consts.py 2021-03-31 07:33:47 -04:00
Mike Salvatore ea14bcc2f6 cc: rename DEFAULT_STANDARD_SERVER_CONFIG -> DEFAULT_STANDARD_SERVER_CONFIG_PATH 2021-03-31 07:33:47 -04:00
Mike Salvatore dd9e4bdefa cc: address flake8 issues 2021-03-31 07:32:55 -04:00
Mike Salvatore a057dec1fe cc: use DEFAULT_SERVER_CONFIG_PATH in set_server_config 2021-03-31 07:27:25 -04:00
Mike Salvatore 98b64da896 cc: simplify constructor/factory interface for EnvironmentConfig 
The `get_from_json()` and `get_from_dict()` static methods were really
just used for testing. The `EnvironmentConfig` class needs to store its
file path so it can wite to the file if needed. In practical usage,
`EnvironmentConfig` objects are initialized from files, so a simpler
interface is for its constructor to take a file path.
 2021-03-31 07:27:25 -04:00
VakarisZ 54f1d0e49c Made naming of issue methods in UI more consistent 2021-03-31 13:07:19 +03:00
Shreya edb669d00e Pass tests 2021-03-31 15:23:04 +05:30
Shreya 9e3c3c13e4 Merge remote-tracking branch 'upstream/develop' into postgresql-fp 2021-03-31 15:00:30 +05:30
Shreya 0b65a07ec4 Format everything with black 2021-03-31 14:50:48 +05:30
Shreya b0f85f6857 Rewrite tests with pytest 2021-03-31 14:48:13 +05:30
VakarisZ a284467a1a Improved UI by creating distinct functions related to immediate threats report component 2021-03-31 11:55:22 +03:00
VakarisZ 05fda70cd6 Fixed SSH exploiter's report section in UI 2021-03-31 11:54:20 +03:00
VakarisZ e96b8eec38 Refactored zerologon exploiters report part to conform to new report structure 2021-03-31 11:53:50 +03:00
VakarisZ c504b21d33 Fixed trivial bugs like missing imports in issue UI files 2021-03-31 11:50:53 +03:00
Shreya 165b0df195 Testing changes 2021-03-31 13:01:18 +05:30
Shreya 91b858e162 Handle the case where the postgres connection is successful 2021-03-31 12:13:49 +05:30
Mike Salvatore 4b5415ac0b cc: fix server_config_generator behavior 2021-03-30 19:17:30 -04:00
Mike Salvatore 986219bd86 cc: rework EnvironmentConfig test 
1. Rewrote in pytest
2. Removed reduntant tests
3. Added tests for add_user() and get_users()
 2021-03-30 19:17:30 -04:00
Mike Salvatore 1d73f6e860 cc: move DEFAULT_SERVER_CONFIG_PATH to consts.py 2021-03-30 16:39:07 -04:00
Mike Salvatore 0230c26f19 cc: allow server_config.json to be specified at runtime 2021-03-30 16:34:29 -04:00
Shreya ab33db650f Add timeout to PostgreSQL connection and other testing changes 2021-03-30 17:48:20 +05:30
Shreya 13d03abd37 CR changes 2021-03-30 17:32:21 +05:30
VakarisZ 2b3351baec Created immediate threat counter 2021-03-30 13:00:47 +03:00
VakarisZ d2fdabe26b Added missing issue descriptors 2021-03-30 13:00:18 +03:00
VakarisZ 280df4e676 Fixed a bug in report backend 2021-03-29 17:41:23 +03:00
VakarisZ abb7ab09a9 Rebased changes to include what was done in release/1.10.0 2021-03-25 14:11:56 +02:00
VakarisZ 8efc3e654c Extracted exploiters from reports in front end and back end 2021-03-25 11:53:07 +02:00
VakarisZ 8437f8d838
Merge pull request #1050 from guardicore/version_number_bump 
Version number bump
 2021-03-24 15:28:04 +02:00
VakarisZ 66ce163067 Bumped version number to 1.10 2021-03-24 15:26:20 +02:00
VakarisZ bae0ed38a1 Moved elastic port to HTTP ports to fix a bug of "All web-ports are closed" 2021-03-24 08:48:51 -04:00
VakarisZ c612e7e4b5 Added simplejson requirements to monkey requirements 2021-03-23 16:58:26 +02:00
VakarisZ 08df196a26
Merge pull request #1045 from guardicore/scoutsuite_fix 
Minor ScoutSuite related fixes
 2021-03-23 14:42:47 +02:00
VakarisZ 9c8e0a8270 Removed unnecessary explicit ScoutSuite import in monkey spec file 2021-03-23 14:15:57 +02:00
Mike Salvatore ef0c3c2f66
Merge pull request #1044 from guardicore/tunneling_bugfix 
Tunneling bugfix
 2021-03-19 11:12:04 -04:00
VakarisZ 739afa4fbe Fixed urlib dependency issue 2021-03-19 16:52:01 +02:00
VakarisZ 4b1a8d59be
Merge pull request #1033 from shreyamalviya/bugfix-unicode-decode-error 
Handle UnicodeDecodeError in Windows info collector
 2021-03-18 10:49:09 +02:00
VakarisZ 72a3229e49
Merge pull request #1042 from guardicore/island_requirements_fix 
Island requirements fix
 2021-03-18 10:19:40 +02:00
Shreya 91577c6464 Add try/except to system info collection so agent doesn't crash if exception is encountered 2021-03-18 13:33:35 +05:30
Shreya a83c97519c CR changes 2021-03-18 13:14:26 +05:30
VakarisZ ed589bd46a Specified pyjwt requirement to be 1.7 2021-03-18 09:41:29 +02:00
VakarisZ e6a0b7b49e Merge branch 'release/1.10.0' of https://github.com/guardicore/monkey into release/1.10.0 2021-03-18 09:34:33 +02:00
VakarisZ 4cd105abe4 Fixed ScoutSuite unit test 2021-03-18 09:31:45 +02:00
VakarisZ 3ca7537a99 ScoutSuite performance upgrades. 2021-03-17 11:50:49 -04:00
VakarisZ 6a13fa90e6 Small profiling decorator improvement 2021-03-17 11:50:45 -04:00
VakarisZ 80776f2b1d Minor spec file style improvement 2021-03-17 11:50:03 -04:00
VakarisZ fd058c7ff0 Refactored ScoutSuite into a separate package rather than submodule 2021-03-17 11:49:33 -04:00
VakarisZ 2c1e89c7b3 ScoutSuite performance upgrades. 2021-03-17 14:49:35 +02:00
VakarisZ aaf6a33f92 Small profiling decorator improvement 2021-03-17 14:41:11 +02:00
VakarisZ 9e27a93a3b Minor spec file style improvement 2021-03-17 12:45:08 +02:00
Shreya 5192953dd0 Unrelated log statement changes 2021-03-16 15:27:06 +05:30
Shreya ece4e6e911 Change import 2021-03-16 15:26:20 +05:30
Shreya 90d9d5933a Handle UnicodeDecodeError when getting installed packages on Windows systems 2021-03-16 15:23:46 +05:30
VakarisZ c6fd7ae5e8 Refactored ScoutSuite into a separate package rather than submodule 2021-03-16 09:11:45 +02:00
Shreya 2b4fd9e9a7 Rephrase custom PBA command config descriptions 2021-03-11 19:39:57 +05:30
Shreya 4928109be2 Rephrase custom PBA file config descriptions 2021-03-11 18:42:01 +05:30
Shreya 9167aa6460 Unit test modifications 2021-03-11 18:33:48 +05:30
Shreya 72a88c81a3 Add unit tests 2021-03-11 18:33:48 +05:30
Shreya 6f134bdb03 Download custom PBA file during execution, not initialisation 2021-03-11 18:33:48 +05:30
Shreya eeba0513d2 Only upload custom PBA file; execute only if specified in custom PBA command 2021-03-11 18:33:48 +05:30
Shreya 307e1e3093 Rephrase custom PBA file descriptions in configuration 2021-03-11 18:33:48 +05:30
Mike Salvatore 3714dd2f6f agent: Use the dropper in the DrupalExploiter 
Fixes #1026
 2021-03-10 06:44:53 -05:00
Mike Salvatore e7528e9544 agent: Use PIPE for stdin, stdout, and stderr in dropper 
The dropper is expected to detatch the child monkey agent process. If
stdin, stdout, and stderr are set to `None`, the child process inherits
them. Since the child process inherits the parent's file descriptors and
holds them open, issues like #1026 can occur.
 2021-03-10 06:43:48 -05:00
Mike Salvatore 4ac7c01976 agent: add 2 new log statements to the dropper 2021-03-09 19:26:50 -05:00
Mike Salvatore ba6bf71776 agent: Fix typo in HTTPFinger 2021-03-09 11:56:32 -05:00
VakarisZ a132881ccc
Merge pull request #1022 from guardicore/zerologon-bb-test 
Zerologon BB test
 2021-03-08 13:59:16 +02:00
VakarisZ 263fa53ea5 Added an endpoint on the island for telemetry tests. This allows for tests like blackbox tests to send queries and check whether a certain telemetry is in the database or not 2021-03-08 11:13:31 +02:00
VakarisZ 3f687f6aea Moved common config value paths to common 2021-03-08 11:06:18 +02:00
Mike Salvatore 5e21ff88cb ui: minor style changes in AdvancedMultiSelect 2021-03-05 12:35:17 -05:00
Mike Salvatore 793bb99309 ui: properly render master checkbox on import or reset 
Fixes #1018
 2021-03-05 12:34:46 -05:00
Mike Salvatore 43c5834d51 cc: add useful debug logging that explains errors in HTTPFinger 2021-03-05 10:06:27 -05:00
VakarisZ 8de21df309
Merge pull request #1015 from guardicore/release_crypto_package_requirement 
Fixed cryptography requirement
 2021-03-04 11:25:09 +02:00
VakarisZ 9fb0a5628d Fixed cryptography requirement for infection monkey, latest one doesn't have a pre-built wheel 2021-03-04 10:46:05 +02:00
Mike Salvatore 5bdb526db3
Merge pull request #1013 from guardicore/scoutsuite_docs 
Scoutsuite docs
 2021-03-03 11:51:29 -05:00
Shreya 243e077687 Remove accidental debug statement 2021-03-03 18:59:47 +05:30
Mike Salvatore d60ce37c5d cc: use fresh mongomock in each report test 2021-03-03 08:22:32 -05:00
Shreya d772760ace Add unit tests for get_stolen_creds() 2021-03-03 17:08:36 +05:30
Shreya eecee86d92 Remove preceeding underscore from variables 2021-03-03 15:09:01 +05:30
Shreya 8d2e530eaa Show IP if domain name isn't available 2021-03-03 15:09:01 +05:30
Shreya 1528b00a1b Change origin of creds stolen using exploits from host machine to exploited machine 2021-03-03 15:09:01 +05:30
VakarisZ eb41376f53
Merge pull request #1014 from guardicore/scoutsuite_submodule_retargetting 
Re-targeted scoutsuite submodule to use latest commit
 2021-03-03 11:33:06 +02:00
VakarisZ 2dc9c26a7c Re-targeted scoutsuite submodule to use our branch 2021-03-03 11:25:49 +02:00
VakarisZ cb60b8dbd2 Removed unused Badge component import from ScoutSuiteRuleButton.js 2021-03-03 11:24:21 +02:00
VakarisZ 5987cee226 Improved scoutsuite rule display by giving resource path more space. 2021-03-03 10:24:12 +02:00
VakarisZ 719c90e9b3 Removed unimportant AWS info present in screenshots 2021-03-03 10:23:11 +02:00
Mike Salvatore 875027d3f3 ui: replace double with single quotes in SecurityReport.js 2021-03-02 12:08:03 -05:00
VakarisZ b652e0d851
Merge pull request #983 from shreyamalviya/bugfix-run-monkey-manual-ignores-configured-ip 
Show only configured IPs for Run Monkey -> Manual page
 2021-03-02 14:15:39 +02:00
Mike Salvatore 1b73c56d67
Merge pull request #998 from guardicore/zerologon-password-reset-warning 
Zerologon password reset warning
 2021-03-02 07:01:03 -05:00
Shreya 5f66a99f30 Consider non-threat issues when calculating threat count 2021-03-02 14:53:17 +05:30
Shreya 6babcd099a Change warning order and phrasing in report 2021-03-02 13:02:56 +05:30
VakarisZ 89907d133e Improved warning icon display style in the overview 2021-03-02 09:09:25 +02:00
Mike Salvatore a152da02d2 ui: show warning when unsafe ATT&CK configuration is submitted 2021-03-01 12:00:05 -05:00
Mike Salvatore 4d4a01b6a2 ui: resolve race condition in ATT&CK configuration page 2021-03-01 11:57:59 -05:00
Mike Salvatore ac530b2555 cc: reword zerologon exploiter class info 2021-03-01 10:35:04 -05:00
VakarisZ 9e3fe03ce1 Replace double quotes with single quotes in SecurityReport.js 2021-03-01 10:27:56 -05:00
VakarisZ 9171ed8190 Minor formatting improvements in SecurityReport.js 2021-03-01 10:27:56 -05:00
VakarisZ e49b7b85cc Improved formatting and link styles in SecurityReport.js 2021-03-01 10:27:56 -05:00
VakarisZ 8eeed20f7e Changed zerologon links to be more consistent and have a style 2021-03-01 10:27:56 -05:00
VakarisZ b3e9922d0f Changed the logic of zerologon password restoration issue overview to be more consistent with the function of issue map. 2021-03-01 10:27:56 -05:00
Mike Salvatore 5050f33f1a ui: add missing semicolons to ConfigurePage.js 2021-03-01 10:14:08 -05:00
Shreya 7b0f35b8a4 Add comment to unit tests, specifying where else changes need to be made 2021-03-01 18:00:52 +05:30
Mike Salvatore f6fc380fd7 ui: add fingerprinters to SafeOptionValidator 2021-02-26 14:40:49 -05:00
Mike Salvatore 67e142f4fe ui: generalize isUnsafeOptionSelected 2021-02-26 14:33:42 -05:00
Mike Salvatore dd7c1bb08c ui: rework logic to remove unsafeOptionsConfirmed 2021-02-26 14:27:18 -05:00
Mike Salvatore 95af08a5fa ui: improve names in unsafeItemSelected 2021-02-26 12:50:31 -05:00
Mike Salvatore 75bf30913a ui: extract UnsafeOptionsConfirmationModal JSX invocation into a function 2021-02-26 12:49:57 -05:00
Shreya 2f99631ed4 Fix unit tests 2021-02-26 22:39:32 +05:30
Mike Salvatore 5a9cb8b4af ui: switch unsafe modal cancel button to variant secondary 2021-02-26 11:11:52 -05:00
Mike Salvatore 11c30fec14 ui: simplify `onClick()` callbacks in UnsafeOptionsConfirmationModal 2021-02-26 11:08:57 -05:00
Mike Salvatore 2ef81d5688 ui: change language from "use" -> submit for consistency 2021-02-26 11:06:33 -05:00
Mike Salvatore 7079a6fd23 ui: pass callback, not return value, to setState() 2021-02-26 08:42:04 -05:00
Mike Salvatore f094efba8f
ui: minor change to unsafe modal dialog language 
Co-authored-by: VakarisZ <36815064+VakarisZ@users.noreply.github.com>
 2021-02-26 08:10:13 -05:00
Mike Salvatore 10a4252aff ui: remove unnecessary semicolons 2021-02-26 08:08:48 -05:00
Mike Salvatore 68e835433a ui: sort unsafe options first so they're less likely to be hidden 2021-02-26 08:08:39 -05:00
Mike Salvatore 88e2ccb30a ui: pass callback, not return value, to setState() 2021-02-25 20:02:33 -05:00
Mike Salvatore f82d4a1b97 ui: fix capitalization of "Import config" button for consistency 2021-02-25 19:54:32 -05:00
Mike Salvatore 8f32c48964 ui: make unsafeItemSelected() a pure function 2021-02-25 19:47:21 -05:00
Mike Salvatore ff28509d0d ui: fix race in unsafe confirmation modal dialog 2021-02-25 19:41:36 -05:00
Mike Salvatore 8fd1582909 ui: display modal dialog when unsafe config is imported 2021-02-25 19:19:36 -05:00
Mike Salvatore d160787851 ui: extract renderUnsafeOptionsConfirmationModal() into a component 2021-02-25 15:39:32 -05:00
Mike Salvatore 6813262b30 ui: check PBA, exploiter, and system info safety on submit 2021-02-25 13:37:41 -05:00
Shreya c0d2d5b2b6 Fix typo, remove unused import, change function/variable names for consistency 2021-02-25 22:38:17 +05:30
Mike Salvatore 510b001c2a ui: add a modal dialog that asks users to confirm unsafe options 2021-02-25 11:59:01 -05:00
Shreya f9ea196b98 Add unit tests for `set_server_ips_in_config()` in monkey_island/cc/services/config.py 2021-02-25 22:14:36 +05:30
VakarisZ ce697b3a45 Improved exception handling of expected exceptions - if they are expected, we don't need to see the error trace. 2021-02-25 16:27:45 +02:00
VakarisZ e9b84ff86d Improved zero logon exploiter to fail on failed domain controller name fetch. 2021-02-25 16:27:45 +02:00
Mike Salvatore 67fd1712b5 report: rename ZEROLOGON_CRED_RESTORE_FAILED -> ZEROLOGON_PASSWORD_RESTORED 2021-02-25 09:04:47 -05:00
Shreya 11e6b9e281 Take IPs for Run Monkey -> Manual page from configuration 2021-02-25 19:06:17 +05:30
VakarisZ 94ac75e649 Improved zero logon overview UI and added password restoration warning to overview. 2021-02-25 15:29:22 +02:00
VakarisZ 8b7e0d0fa0 Added ZeroLogon overview section to the report 2021-02-25 15:16:00 +02:00
Shreya 6581a5ab0c Add warning to machine-specific recommendation if password was not reset 2021-02-25 18:17:50 +05:30
Shreya 3da1de39a6 Add Zerologon (and Drupal) information to "Immediate Threats" 2021-02-25 14:54:36 +05:30
Mike Salvatore f17c08d286 cc,agent: rename password_restore_success -> password_restored 2021-02-24 17:26:31 -05:00
Mike Salvatore 70fd7d7bb0 cc: add password_restore_success to zerologon report issue 2021-02-24 17:15:32 -05:00
Mike Salvatore 4fbb0f2026 ui: add machine-related recommendation for Zerologon to security report 2021-02-24 16:36:53 -05:00
Mike Salvatore 36bd9834a6 agent: add zerologon password restore success/failure to telemetry 2021-02-24 15:07:42 -05:00
Mike Salvatore b6bb6d8221 cc: format exploiter_classes.py with black 2021-02-24 13:40:49 -05:00
Mike Salvatore b5b8d289ca cc: add a note about resetting password after failed zerologon attempt 2021-02-24 13:23:46 -05:00
Shreya Malviya bc3283c4a5
Merge pull request #911 from shreyamalviya/zerologon-exploiter 
Zerologon Exploiter
 2021-02-24 17:58:45 +05:30
Shreya Malviya 43cac3568b
Reword exploiter description 
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
 2021-02-24 16:18:58 +05:30