p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,808 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

2718 Commits

Author SHA1 Message Date
Shreya 28edf7d2b7 Encrypt credentials before logging 2021-02-24 16:08:36 +05:30
VakarisZ fdeb54d541 Added jwt_required decorator to the "local_run" endpoint, in order to avoid malicious actors running the monkey 2021-02-23 10:47:37 -05:00
Shreya db52f0966f Modify `PaginatedTable`: let `ReactTable` handle the case where no data is available 2021-02-23 10:00:56 -05:00
Shreya 353e9844dc Modify unit tests 2021-02-23 12:57:50 +05:30
dependabot[bot] 8b60625d81 build(deps): bump marked in /monkey/monkey_island/cc/ui 
Bumps [marked](https://github.com/markedjs/marked) from 1.1.1 to 2.0.0.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/release.config.js)
- [Commits](https://github.com/markedjs/marked/compare/v1.1.1...v2.0.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-22 12:50:28 -05:00
Shreya a2c11759a4 Add unit tests 2021-02-22 22:35:46 +05:30
Shreya defc94dd59 Add zerologon_utils/vuln_assessment.py 2021-02-22 18:44:06 +05:30
Shreya 4e281d9826 CR changes: type hints and comment 2021-02-22 17:47:27 +05:30
Shreya b82635d292 Add noqa comment to ignore complexity of DumpSecrets.dump() 2021-02-22 17:30:11 +05:30
Mike Salvatore 776d3421aa agent: add TODO to rework telemetry classes 2021-02-19 19:34:43 -05:00
Shreya 6883e4a5f1 Format all zerologon files with black 2021-02-20 01:12:04 +05:30
Shreya 2ef892e33f Try starting remote shell on victim with all user creds until successful 2021-02-20 01:12:04 +05:30
Shreya c227ccd3a1 Remove Zerologon fingerprinter (and move required functionality to Zerologon exploiter) 2021-02-20 01:12:04 +05:30
Shreya 869d608e09 Modify how `store_extracted_creds_for_exploitation()` is called 
+ other little CR changes
 2021-02-20 01:12:04 +05:30
Shreya 6c9ce028e0 Use __enter__() and __exit__() for StdoutCapture 2021-02-20 01:12:04 +05:30
Shreya e0ae8381ba restoring pwd: uses next available user account in case Administrator isn't found 
and save all other credentials
 2021-02-20 01:12:04 +05:30
Shreya c20e677940 Add impacket copyright notice 2021-02-20 01:12:01 +05:30
VakarisZ 4158ed802b Refactored telemetry unit tests to json encode data the same way telemetries do. 2021-02-19 17:19:21 +02:00
VakarisZ c698e0ab66
Merge pull request #848 from guardicore/519/scoutsuite-integration 
519/scoutsuite integration
 2021-02-19 08:08:40 +02:00
Shreya 0992e276b4 More CR changes 
TODO:
- impacket license
- get pwd for some other users if 'Administrator' doesn't exist (and save all users' creds?)
- unit tests
 2021-02-19 01:06:06 +05:30
Shreya 0866aee2cf Testing changes 2021-02-19 01:06:06 +05:30
Shreya 2c2a9eaaae Restructure `_exploit_host()` and `restore_password()` 2021-02-19 01:06:06 +05:30
Shreya 2bdcdcc18b CR changes 2021-02-19 01:06:06 +05:30
Shreya d7086f04aa CR + testing changes 2021-02-19 01:06:06 +05:30
Shreya e357b3fbe6 Changes after rebasing 2021-02-19 01:06:06 +05:30
Shreya 435f10fb20 CR changes 2021-02-19 01:06:06 +05:30
Shreya 961d5f81f8 Make DC details object attributes 2021-02-19 01:06:06 +05:30
Shreya a908d31fc5 Remove unused imports and variable 2021-02-19 01:06:06 +05:30
Shreya 81c6de75b7 Add Zerologon to documentation 2021-02-19 01:06:06 +05:30
Shreya 290385a8a0 Zerologon's success on a machine shouldn't prevent other exploit attempts on the machine 
(ZL gathers credentials for other exploits)
 2021-02-19 01:06:06 +05:30
Shreya 9c0fc7e435 Changes after manual testing 2021-02-19 01:06:06 +05:30
Shreya c05a48d34d Final exploit touches and report stuff 2021-02-19 01:06:05 +05:30
Shreya b57605b58d Changes from manual testing 2021-02-19 01:06:05 +05:30
Shreya 1cf07eff89 Improve log messages and comments 2021-02-19 01:06:05 +05:30
Shreya 13ef69c3ed Clean up code and comments 2021-02-19 01:06:05 +05:30
Shreya 53ef6feadf Restore password 
(wmiexec to get HKLM keys --> secretsdump to get orig pwd nthash --> restore)
 2021-02-19 01:06:05 +05:30
Shreya e7485bd02f Mention CVE 2021-02-19 01:06:05 +05:30
Shreya 8549ba14cf Bringing stuff together 2021-02-19 01:06:05 +05:30
Shreya 5cd8b39f0f Get original passwords' hashes 2021-02-19 01:06:05 +05:30
Shreya a4207494ec Change classes order in file 2021-02-19 01:06:05 +05:30
Shreya 44e15bd2a0 Add restore_password() 2021-02-19 01:06:05 +05:30
Shreya 9468de471d Partially add Zerologon exploiter 2021-02-19 01:06:05 +05:30
Shreya 2cc0a159e0 Rename "WindowsServer" fingerprinter: "Zerologon" makes more sense 2021-02-19 01:06:05 +05:30
Shreya 900bb7636d Basic config and report stuff 2021-02-19 01:06:05 +05:30
Shreya 2bc27b48de Use stub for PBA 2021-02-19 00:44:28 +05:30
Shreya 8bd30ceb4c Format code using black 2021-02-19 00:09:20 +05:30
Shreya 15107eeea3 Use constants/literals for tests 2021-02-19 00:02:34 +05:30
Shreya a4603853a9 Split test_attack_telem_classes.py and test_technique_telems.py into separate test files 2021-02-18 22:44:42 +05:30
Shreya 08addff8c5 Modify tests for attack telem classes and technique telems 
- test `send()` instead of `get_data()` using fixture `spy_send_telemetry`
 2021-02-18 22:34:15 +05:30
Mike Salvatore 4efdeeacc3 agent: remove dependency on pytest-mock 2021-02-18 09:59:52 -05:00
Mike Salvatore 86ffaf358f agent: break test_base_telem_classes into discrete test files 2021-02-18 09:53:55 -05:00
Mike Salvatore 0ac9ce949c agent: reformat test_base_telem_classes.py with black 2021-02-18 09:38:37 -05:00
Mike Salvatore c2ed31bde8 telemetry: test `send()` for telemetry classes in `telemetry/` 2021-02-18 09:33:58 -05:00
Shreya 7960529ee9 Add conftest.py 2021-02-18 19:41:29 +05:30
VakarisZ a977ec4397 Cleaned up imports and added no inspection comments to pass flake 2021-02-18 10:55:12 +02:00
VakarisZ 414dbf0665 Merge remote-tracking branch 'upstream/develop' into 519/scoutsuite-integration 2021-02-17 16:59:06 +02:00
VakarisZ 81ea057509 Fixed a bug in MonkeyFindingDetails, where updating events using update was failing due to some internal mongoengine error. 2021-02-17 16:58:26 +02:00
VakarisZ 01c775e955 Refactored details out of abstract finding document. 2021-02-17 16:53:59 +02:00
VakarisZ 8b8c5f9590 Added RuleNameEnum class and a type hint related to it in abstract class 2021-02-17 16:20:13 +02:00
Shreya 42b7fa05d6 Add requirement 2021-02-17 19:02:20 +05:30
Shreya 6b0cc1e368 Add tests for other base telems + put all telem tests in one folder 2021-02-17 19:01:55 +05:30
Shreya b9bbfac30b Add/modify tests for attack telems 2021-02-17 18:25:38 +05:30
VakarisZ 25704b74c9 Zero Trust finding saving method refactored to remove code duplication between children 2021-02-11 16:53:19 +02:00
VakarisZ e96ee305fb Minor variable and method refactoring to improve readability in scoutsuite code 2021-02-11 16:52:20 +02:00
VakarisZ 3cb2a63a9d Changed rule name classes to inherit from RuleNameEnum to add a more specific type hints 2021-02-11 16:51:38 +02:00
Mike Salvatore de3adfd483
Merge pull request #964 from guardicore/payload_obfuscation 
Payload obfuscation
 2021-02-11 08:47:15 -05:00
VakarisZ f11736d451 Added no inspection comments and an explanation on why we use Crypto for shellcode_obfuscator.py 2021-02-11 15:29:29 +02:00
Mike Salvatore a7b79d6d03 cc: fix typo in pycrypto noqa comment 2021-02-11 08:26:10 -05:00
Mike Salvatore e4bcf2ef1c cc: ignore pycrypto security warnings since we use pycryptodome 2021-02-11 08:09:07 -05:00
Mike Salvatore 0cc65cb346
Merge pull request #924 from shreyamalviya/env-collection-errors 
Catch exceptions in AwsInstance and AzureInstance
 2021-02-10 08:51:48 -05:00
Shreya 11a0477dbb Rename test functions, add 404 response tests, and other tiny changes 2021-02-10 16:15:17 +05:30
VakarisZ 28e4a0f23d Altered shellcode obfuscator unit test to match the new code 2021-02-10 10:32:43 +02:00
VakarisZ baadb241e8 Reverted relative paths in zero trust code back to absolute 2021-02-09 15:51:34 +02:00
VakarisZ 6f16ba431c Minor refactorings of code style in zero trust code 2021-02-09 14:21:55 +02:00
VakarisZ a0bb0bc7fe Small renamings and minor improvements 2021-02-08 17:42:57 +02:00
VakarisZ 905ffd029a Added ScoutSuite rule parsing unit test and example of raw ScoutSuite data received. 2021-02-08 17:41:57 +02:00
VakarisZ 80e7435572 Refactored Finding DTO into ScoutSuiteFinding and MonkeyFinding DTO which inherit from more abstract Finding. 2021-02-08 17:38:45 +02:00
Shreya 016d886781 Add tests for AwsInstance 
and change urllib.request.urlopen() to requests.get() for easier testing; functionality doesn't change
 2021-02-06 19:19:08 +05:30
VakarisZ 9444067250 Added comments, type hints and other minor changes in the scoutsuite code 2021-02-05 11:05:22 +02:00
VakarisZ bcfa8fff78 Extracted count badge into a separate component which is reused between scoutsuite rules button and monkey events button 2021-02-05 11:03:27 +02:00
Shreya eed5ea1337 Add tests for GcpInstance 2021-02-04 21:02:53 +05:30
Shreya 413aa35b5b Rename an old test file 2021-02-04 20:46:19 +05:30
Shreya adab0436be Add tests for AzureInstance 2021-02-04 20:46:20 +05:30
Shreya 59383e7946 Catch exceptions in AwsInstance and AzureInstance 2021-02-04 20:46:11 +05:30
VakarisZ 6cb4280f89 Merge remote-tracking branch 'upstream/develop' into 519/scoutsuite-integration 
# Conflicts:
#	.swm/AzD8XysWg1BBXCjCDkfq.swm
#	.swm/OwcKMnALpn7tuBaJY1US.swm
#	.swm/tbxb2cGgUiJQ8Btma0fp.swm
#	monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py
 2021-02-04 11:29:00 +02:00
Mike Salvatore 919c51b920 ui: display ICMP in cross-segment issues report 2021-02-02 16:44:42 -05:00
Mike Salvatore c6bec1335c island: include 'icmp' from scan telemetry in report 2021-02-02 16:44:42 -05:00
Mike Salvatore c7a1f246cb agent: add icmp property to VictimHost 
Keep track of whether or not PingScanner was successful by storing a
boolean in VictimHost objects. This information is communicated back to
the Monkey Island via telemetry.
 2021-02-02 16:44:42 -05:00
Mike Salvatore 458e01cf24 ui: use template strings when generating cross-segment report 2021-02-02 16:44:42 -05:00
Mike Salvatore c8b4089bd2 ui: display cross-segment issues as "pinged" if no services/ports 
Issue #819
 2021-02-02 16:44:42 -05:00
Mike Salvatore cc9b88b8e5 ui: fix spelling error catagory -> category 
Fixes #689
 2021-02-02 13:50:00 -05:00
Mike Salvatore 13af101c2a
Merge pull request #920 from mssalvatore/refactor-advanced-multiselect 
* Add warning icon to unsafe checkbox options
* Add "Reset to safe defaults" button
* Add warning icon and message to InfoPane
* Change behavior of master checkbox to be consistent with KDE user interface guidelines (mixed state)
* Extracted MasterCheckbox and ChildCheckbox from AdvancedMultiSelect
* Add "safe" property to schemas that feed AdvancedMultiSelect components
 2021-02-01 08:04:10 -05:00
VakarisZ e6e61f946c Changed payload obfuscation method into encryption algorithm in an attempt to avoid AV static detection. 2021-02-01 14:15:21 +02:00
Mike Salvatore 09a8415aec ui: remove disabled/readonly from AdvancedMultiSelect 2021-02-01 07:14:15 -05:00
Mike Salvatore 9f12702c3e ui: code readability improvements 2021-02-01 06:57:04 -05:00
Shreya c8c763d918 Store converted techniques' messages (markdown to HTML) separately 2021-01-30 15:38:58 -05:00
VakarisZ 284cc3afdb Removed scoutsuite telemetry processing as there's nothing to process and other minor code improvements 2021-01-29 18:17:32 +02:00
Mike Salvatore 1440121aef ui: rename unsafeOptionsSelected() -> isUnsafeOptionSelected() 2021-01-29 11:06:40 -05:00
Mike Salvatore 57554ca435 ui: fix some code cleanliness issues 2021-01-29 11:02:54 -05:00
Mike Salvatore 06685b14cf ui: simplify compareOptions() with boolean arithmetic 2021-01-29 10:52:14 -05:00
VakarisZ c45ff1dc1f Used dpath module instead of custom code to traverse object. 2021-01-29 13:01:22 +02:00
VakarisZ ba9e8c22b4 Improved mokey event fetching and added unit tests 2021-01-29 12:42:24 +02:00
VakarisZ a836ab7e1d Renamed some files and other minor improvements 2021-01-29 12:35:40 +02:00
Mike Salvatore 117678f91a ui: fix minor css formatting issues 2021-01-28 14:07:57 -05:00
Mike Salvatore e77868b656 ui: sort checkbox options alphabetically 
Alphabetically sort options in AdvancedMultiSelect to improve usability.
Float "unsafe" options to the bottom so they are grouped together.
 2021-01-28 13:44:14 -05:00
Mike Salvatore 08926d778b ui: refactor duplicate code in getWarning() 2021-01-28 13:28:36 -05:00
Mike Salvatore 61eb9a7a23 ui: align warning text and icon 2021-01-28 13:23:04 -05:00
Mike Salvatore e43c91e87e ui: Show warning message when master checkbox selected with unsafe 2021-01-28 13:09:54 -05:00
Mike Salvatore 98e26b0be1 ui: refactor getHideResetState() to use isSafe() 2021-01-28 13:09:42 -05:00
Mike Salvatore 9d9e8168fb ui: rename unsafe-indicator to warning-icon 2021-01-28 10:18:40 -05:00
Mike Salvatore 7ec8f0394c ui: add warning message to PBA/Exploiters InfoPane 2021-01-28 10:12:28 -05:00
Mike Salvatore 5ed102bd09 config_schema: fix typo in Signed script proxy execution PBA 2021-01-28 10:08:31 -05:00
VakarisZ ade2917ba3 Merge remote-tracking branch 'upstream/develop' into 519/scoutsuite-integration 
# Conflicts:
#	.swm/OwcKMnALpn7tuBaJY1US.swm
#	.swm/tbxb2cGgUiJQ8Btma0fp.swm
#	.travis.yml
#	deployment_scripts/config
#	monkey/common/utils/exceptions.py
#	monkey/infection_monkey/control.py
#	monkey/infection_monkey/exploit/hadoop.py
#	monkey/monkey_island/cc/environment/set_server_config.py
#	monkey/monkey_island/cc/resources/pba_file_upload.py
#	monkey/monkey_island/cc/services/version_update.py
#	monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/RunOptions.js
#	monkey/monkey_island/cc/ui/src/styles/Main.scss
#	monkey/monkey_island/cc/ui/src/styles/components/Buttons.scss
 2021-01-28 16:13:26 +02:00
Mike Salvatore 5f9470d17c ui: extract WarningIcon component from ChildCheckbox.js 2021-01-28 09:00:55 -05:00
Mike Salvatore 5942fad434 ui: extract ChildCheckboxContainer component out of AdvancedMultiSelect 2021-01-28 08:51:56 -05:00
Mike Salvatore 155da384c2 ui: replace "(UNSAFE)" text with warning icon 2021-01-28 08:50:19 -05:00
VakarisZ d333e8c1c0 Refactored fetch_details_for_display to return empty dict instead of empty array(because of type hint) 2021-01-28 15:33:33 +02:00
VakarisZ ad0b428699 Refactored long imports to relative imports 2021-01-28 15:12:15 +02:00
VakarisZ 059494ff6d Renamed file to match class 2021-01-28 15:11:58 +02:00
VakarisZ 7761d16cf8 Bolded the fact that user has to run monkey from Island to start ScoutSuite security scan 2021-01-28 12:16:08 +02:00
VakarisZ 255bfe9444 Minor readability improvements: typehints and comments where needed 2021-01-28 12:15:01 +02:00
VakarisZ 7aef86744e Improved readability of zero trust report resource by creating separate service for raw scoutsuite data and moving pillar report data structure into separate method on pillar service 2021-01-28 12:13:54 +02:00
Mike Salvatore 0b6ef67f49
Merge pull request #926 from guardicore/new-user-tests 
New user tests
 2021-01-27 11:26:34 -05:00
Mike Salvatore 41d5a98498
Merge pull request #931 from mssalvatore/150/resize-network-map 
150/resize network map
 2021-01-27 10:02:41 -05:00
VakarisZ d0404cbeae Removed scoutsuite from requirements, because it's imported as a subpackage 2021-01-27 16:58:05 +02:00
VakarisZ e91dfaaaa2
Merge pull request #917 from VakarisZ/pba_path_fix 
Bugfix: custom PBA upload path
 2021-01-27 15:42:16 +02:00
Mike Salvatore 6719620183 ui: fix centering of guardicore logo 
Fixes #612
 2021-01-27 07:26:56 -05:00
VakarisZ bde2288da0 Minor fixes: Removed debugging log and improved readability in PBA path const 2021-01-27 12:23:39 +02:00
VakarisZ 6fac75edb6 Implemented more unit tests for scoutsuite 2021-01-27 11:33:05 +02:00
VakarisZ 393eed42da Added zero trust report backend tests and common test data used in these tests 2021-01-27 08:54:09 +02:00
VakarisZ 7f690bb880 Refactored the use of fixtures and fixed up various tests accordingly 2021-01-27 08:53:09 +02:00
VakarisZ 20cc720c21 Configured fixtures to be picked up by any test in island 2021-01-27 08:46:10 +02:00
Mike Salvatore 32cdc034f3 ui: fix whitespace in ChildCheckbox.js 2021-01-26 15:51:42 -05:00
Mike Salvatore 145a41ffcf ui: move getDefaultPaneParams() to InfoPane.js 2021-01-26 15:46:57 -05:00
Mike Salvatore 917d6f574b ui: use class properties syntax in AdvancedMultiSelect 2021-01-26 15:15:11 -05:00
Mike Salvatore e04e11e4ac ui: add "reset to safe defaults" in AdvancedMultiSelect 
If the user selects an unsafe exploit or post breach action, a yellow
warning button appears that allows the user to reset to safe defaults.
 2021-01-26 14:59:58 -05:00
VakarisZ 06d3c70c3e PTH map got removed because it wasn't working. No point in testing code which we know doesn't work of feature we don't use 2021-01-22 17:24:00 +02:00
Mike Salvatore e9b50efc68 ui: Move map-specific css from App.css to Map.scss 2021-01-21 07:05:59 -05:00
Mike Salvatore 5d5091d914 ui: resize infection map when window resizes 
Fixes #150
 2021-01-21 07:05:50 -05:00
VakarisZ 2df889ee31 Refactored unittests to pytest on island code. Cleaned up test infrasctructure: moved common test files to /test_common 2021-01-20 15:31:42 +02:00
VakarisZ d31e9064c8 Added UT's to monkey_zt_finding_service.py and scoutsuite_zt_finding_service.py 2021-01-20 10:55:15 +02:00
VakarisZ 1b35b8fb4a Improved finding_service.py by specifying datatype it returns 2021-01-20 10:53:40 +02:00
VakarisZ d4dc42adb5 Removed the need to change server_config.json just to run tests. 2021-01-19 15:51:18 +02:00
Mike Salvatore 3dafdc810b add unit tests for AutoNewLinuxUser 2021-01-18 13:58:36 -05:00
Mike Salvatore 5481baf387 add unit tests for auto_new_user_factory 2021-01-18 13:56:25 -05:00
VakarisZ e69c94ae50 Split and moved zero trust service into pillar_service.py and principle_service.py 2021-01-18 12:01:33 +02:00
Mike Salvatore d008e3d52a ci: add .coveragerc to omit unit test code from coverage report 
The code coverage report was including the unit tests themselves in the
coverage report. This resulted in an artifically inflated code coverage
metric, as code coverage tools will naturally report test code to be
very highly "covered".
 2021-01-17 20:20:06 -05:00
VakarisZ 01feea905b Refactored "scoutsuite_findings" directory back to "scoutsuite" directory, because it doesn't only parse findings 2021-01-15 15:34:59 +02:00
Mike Salvatore bf6db078a6 ui: add missing semicolons 2021-01-15 08:16:08 -05:00
VakarisZ 3a9aa3191f Separated zero trust and security report resources 2021-01-15 15:10:07 +02:00
VakarisZ 02a45c7449 Moved and renamed some services to improve directory structure of zero trust services 2021-01-15 15:08:49 +02:00
VakarisZ 85f4c4f250 Small ScoutSuite feature code style refactorings 2021-01-15 11:22:40 +02:00
VakarisZ e79290e761 Refactored scoutsuite rule button from "ScoutSuite rules" to just "Rules" to look more consistent with "Events" button 2021-01-15 11:20:57 +02:00
VakarisZ de69d167ba Minor scoutsuite code refactorings 2021-01-14 16:05:52 +02:00
VakarisZ 22194c566a Refactored aws access keys in config, added them to encrypted parameter list and added ScoutSuite specific exception 2021-01-14 16:05:06 +02:00
Mike Salvatore 11ea5e1a7e ui: separate json schema-related functions into JsonSchemaHelpers.js 2021-01-14 08:44:43 -05:00
Mike Salvatore 8d024b9002 ui: separate MasterCheckbox and ChildCheckbox into their own files 2021-01-14 08:37:52 -05:00
Shreya 4a5d535327 Oops 2021-01-14 18:27:49 +05:30
Shreya ca460b7348 Changes in unit test 2021-01-14 18:19:16 +05:30
Shreya 9240408956 Make function static (as per CR) 2021-01-14 18:13:13 +05:30
Shreya 3225e6d20d Add tests 2021-01-14 17:42:27 +05:30
Shreya 27263cbb48 Readability changes (per CR) 2021-01-14 17:42:27 +05:30
Shreya 4aa6095839 Add port 5432 to tcp_target_ports in config.py 2021-01-14 17:42:27 +05:30
Shreya 2203e5f1d3 Fix test 2021-01-14 17:42:27 +05:30
Shreya f7820b840c Change in PostgreSQL communication encryption result: only selected hosts 2021-01-14 17:42:27 +05:30
Shreya 4ffac38382 Add PostgreSQL to data pillar of ZT 2021-01-14 17:42:27 +05:30
Shreya e8a2a37690 Code clean up 2021-01-14 17:42:27 +05:30
Shreya 6cb9d4808f PostgreSQL communication encryption fingerprinting 2021-01-14 17:42:27 +05:30
Shreya edc1b779d3 Initial PostgreSQL fingerprinting stuff 2021-01-14 17:42:27 +05:30
VakarisZ 761ed2ec43 Refactored code of rule ordering 2021-01-14 12:17:34 +02:00
VakarisZ a818025f63 Typo fix in service_consts.py 2021-01-14 12:05:13 +02:00
VakarisZ cd9d2904c5 Added comment explaining why finding details are in a separate documents to discourage uninformed refactoring in the future 2021-01-14 12:02:38 +02:00
VakarisZ 2dfcbb49d4 Minor refactoring and typo fix 2021-01-14 11:59:57 +02:00
VakarisZ 87dafeb440 Refactored scoutsuite rule count badge readability. 2021-01-13 17:57:54 +02:00
VakarisZ b90f6587c1 Reverted resource value display to show "False", because for IAM rules it makes sense and expresses if it the rule is enabled or not. 2021-01-13 16:57:36 +02:00
VakarisZ 7b60d4d2e6 Refactored ScoutSuiteDataParser.js to improve the readability of scoutsuite data extraction process 
temp
 2021-01-13 16:57:36 +02:00
Mike Salvatore 73dd8ddcc9 ui: Minor readability and style changes for AdvancedMultiSelect 2021-01-13 07:35:03 -05:00
Mike Salvatore 94b87f8d9a ui: Remove unnecessary call to getDefaultPaneParams() 2021-01-12 15:59:16 -05:00
Mike Salvatore 701d938330 ui: refactor AdvancedMultiSelect.js for readability and flow 2021-01-12 15:15:23 -05:00
Mike Salvatore 19bc09196f ui: Enable mixed-state behavior for master checkbox in AdavncedMultiSelect 
The AdvancedMultiSelect should adhere to some set of human interface
guidelines. In the absence of a formal, agreed upon set of guidelines
for Infection Monkey, this commit uses KDE's guidelines for checkboxes:
https://hig.kde.org/components/editing/checkbox.html

When child checkboxes are not all checked, the master checkbox displays
a mixed-state icon, instead of a checked icon. Clicking the mixed-state
icon checks all child checkboxes. Clicking an unchecked master checkbox
also enables all child checkboxes.

In the past, clicking an unchecked master checkbox checked only the
*default* child checkboxes. While this may seem desirable so that unsafe
exploits do not accidentally get selected by the user, it will confuse
and frustrate users, as master/child checkboxes do not normally function
this way. If there is concern that users may unknowingly select unsafe
exploits/options, we should pop up a warning to inform the user when the
config is saved/submitted.

Issue #891
 2021-01-12 15:15:18 -05:00
VakarisZ 7e07489807 Moved rule parsing methods into a separate component, added more details about rules in rule overview: added how many failed/passed/uncheck rules there are for a finding. 2021-01-12 12:41:58 +02:00
VakarisZ 5027dd4d2c Improved unsecure resource display: removed a separate line for unsecure resource count and instead added the count to the annotation of unsecure resource list. E.g: "Flagged resources (3)" 2021-01-12 12:41:58 +02:00
VakarisZ 1472382387 Fixed react warnings related to keys and <div/> in <p/> 2021-01-12 12:41:58 +02:00
VakarisZ d9a5289c8d Minor FindingsTable.js readability refactoring 2021-01-12 12:41:58 +02:00
VakarisZ 789c58f0ac Refactored ScoutSuite finding classes to have ABC 2021-01-12 12:41:58 +02:00
VakarisZ 737e6bce3d Renamed rule_parsing.py to rule_parser.py, to match the classname 2021-01-12 12:41:58 +02:00
VakarisZ d1d5c45c26 Added scoutsuite package requirements to agent requirements.txt 2021-01-12 12:41:58 +02:00
VakarisZ ba947a6b30 "type" param renamed to "finding_type" in finding DAO 
Fixed bug, which happened due to type -> finding_type refactoring
 2021-01-12 12:41:58 +02:00
Mike Salvatore 878f959a8f ui: Factor ChildCheckbox out of AdvancedMultiSelect 2021-01-11 19:54:51 -05:00
Mike Salvatore af329d56d8 ui: Factor MasterCheckbox() out of AdvancedMultiSelect 2021-01-11 19:16:18 -05:00
Mike Salvatore 84b422a120 ui: Refactor AdvancedMultiSelect as a class 
AdvancedMultiSelect can be broken up and composed of smaller, more
focused components. This commit refactors AdvancedMultiSelect from a
functional component to a class component.
 2021-01-11 19:15:45 -05:00
VakarisZ 4f43edbefb Removed unnecessary logging in pba_file_download.py 2021-01-11 08:54:01 +02:00
VakarisZ 78aaa4091d Fixed custom PBA upload path to use abstract path in island dir rather than flask cwd. 2021-01-08 17:07:36 +02:00
VakarisZ 46abff412d Grouped files used for serving flask into a "server_utils" package 2021-01-08 12:05:18 +02:00
Shreya 55dae3f29d Minor code changes 2021-01-08 15:16:29 +05:30
Shreya 22d9f70374 Add option to run as a certain user via manual command on the Run Monkey page 2021-01-08 15:16:29 +05:30
VakarisZ 28601d97ed Refactored utility method and added unit test 2021-01-08 10:57:44 +02:00
VakarisZ eaf9b6a8d1 Renamed cloud providers enum to camel case 2021-01-04 15:46:53 +02:00
VakarisZ 8cd3834fe4 Fixed wrong argument in scoutsuite_collector.py 2021-01-04 14:06:34 +02:00
VakarisZ 1bff64f09b
Merge pull request #875 from VakarisZ/validation_script 
Validation script
 2020-12-22 15:48:39 +02:00
VakarisZ 7fb1e3f15b
Merge pull request #862 from VakarisZ/gevent_refactoring 
Gevent refactoring
 2020-12-17 17:29:58 +02:00
VakarisZ 8aae611396 Merge remote-tracking branch 'upstream/develop' into custom_pba_bugfix 2020-12-17 13:26:55 +02:00
VakarisZ e6bb978dc4
Merge pull request #894 from withshubh/develop 
Fix code quality issues
 2020-12-16 12:19:37 +02:00
VakarisZ d8440303ce
Merge pull request #867 from VakarisZ/aws_run_option_fix 
Run on AWS instance option fix
 2020-12-15 12:15:41 +02:00
VakarisZ cd27a889b1
Merge pull request #895 from guardicore/smb_exec_bugfix 
SMB bugfix
 2020-12-15 12:11:53 +02:00
VakarisZ 17ee823b08
Merge pull request #863 from VakarisZ/security_hub_fixes 
Security hub fixes
 2020-12-08 16:37:36 +02:00
VakarisZ 9e9518be66 Merge remote-tracking branch 'upstream/develop' into gevent_refactoring 2020-12-08 16:31:55 +02:00
VakarisZ ac71a3ecb5
Merge pull request #861 from VakarisZ/schedule_jobs_bugfix 
Schedule jobs bugfix
 2020-12-08 16:14:28 +02:00
Ace Pace 030b1c683e Monkey: Guard against exceptions while fingerprinting 2020-12-07 16:54:58 +02:00
shubhendra 32593b2105 revert-Remove unnecessary use of comprehension 2020-12-05 14:24:49 +05:30
Shubhendra Singh Chauhan 9f48a54529
Update BadImport.py 2020-12-05 01:53:21 +05:30
deepsource-autofix[bot] 96d28b40af autofixe made using DeepSource 2020-12-04 23:44:03 +05:30
VakarisZ 55f4684e1e Fixed function call that had too many arguments in smbexec.py 2020-12-04 16:43:53 +02:00
VakarisZ 4b1331c281 Merge remote-tracking branch 'upstream/develop' into smbexec_bugfix 2020-12-04 15:58:57 +02:00
VakarisZ 04e89411fb SMB bugfixed to be able to exploit machine with smb v3, by not specifying preferred dialect for rpctransport 2020-12-04 15:44:40 +02:00
DeepSource Bot 70a899cc7d Add .deepsource.toml 2020-12-04 11:14:55 +05:30
Shreya 0848ba240f Fix mongoengine version to 0.20.0 2020-11-28 22:44:15 +05:30
VakarisZ 424c666f65 Fixed custom post breach action path bug. 2020-11-24 17:58:28 +02:00
VakarisZ 47984196ce Fixed import order to satisfy isort 2020-11-12 14:59:16 +02:00
VakarisZ 18d72f89da Added timeouts to requests 2020-11-11 15:31:48 +02:00
VakarisZ f76fc7ad77 Removed unused imports in windowsserver_fingerprint.py 2020-11-11 15:30:52 +02:00
VakarisZ 523722a981
Merge pull request #826 from guardicore/snyk-upgrade-7a792070e6c0c0c12685cf49fbf0115e 
[Snyk] Upgrade snyk from 1.373.0 to 1.373.1
 2020-11-06 12:29:29 +02:00
VakarisZ fd1e24c3c5
Merge pull request #816 from guardicore/snyk-upgrade-e9c85422c9f36804c727a87c580d090f 
[Snyk] Upgrade @emotion/core from 10.0.28 to 10.0.34
 2020-11-06 11:58:23 +02:00
VakarisZ d75dd57653
Merge pull request #815 from guardicore/snyk-upgrade-6af1802c8a04f663191505efa4f72269 
[Snyk] Upgrade bootstrap from 4.5.1 to 4.5.2
 2020-11-06 11:56:11 +02:00
VakarisZ 1f1682fad8 Exported multiple configurations of CI tools to separate configurations, improved script 2020-11-06 11:48:52 +02:00
VakarisZ 636fb1be89 Added option to rollback the changes done in "set_server_config" 2020-11-06 11:47:38 +02:00
Shreya f44e080b1c Only generate 'DC_HANDLE' if 'DC_NAME' exists 2020-11-05 23:40:48 +05:30
Shreya 62a1520c50 Extract nested function 2020-11-05 23:40:45 +05:30
Shreya 8b0dd91c18 Better way to get NetBIOS name 2020-11-03 16:16:35 +05:30
Shreya b3e9695289 Raise exception instead of using boolean 2020-10-25 16:41:50 +05:30
Shreya fc9d21201f CR changes, nothing major 2020-10-25 16:21:19 +05:30
Shreya 7bdc7ce4c2 Add implementation details 2020-10-21 16:45:15 +05:30
Shreya 08d3801120 Testing is important 2020-10-21 16:41:54 +05:30
Shreya 0a8d1f2afe Add Zerologon fingerprinter 2020-10-21 16:41:54 +05:30
Ubuntu a3e9f65d49 Added spinning animation to "synch" icon in run monkey on aws button 2020-10-21 09:49:41 +00:00
VakarisZ b3759e60ec Improved dir structure of run monkey page 2020-10-21 12:16:01 +03:00
VakarisZ 46de8000c1 Fixed and moved AWS run components into a separate folder 2020-10-21 12:15:16 +03:00
VakarisZ 5da412e40c Fixed eslint to allow backticks syntax. 2020-10-21 12:13:34 +03:00
VakarisZ 67f5962977 Changed webpack server to serve on all interfaces. Makes remote development easier. 2020-10-20 12:10:40 +03:00
VakarisZ d4002fd7b5 Added loading component to indicate that more buttons are loading. 2020-10-20 12:04:57 +03:00
VakarisZ c6b7f4f0be Brought back and refactored run on AWS button. 2020-10-20 10:12:10 +03:00
VakarisZ 9da74e31ec Fixed travis crashes on isort because of line endings. 2020-10-16 15:52:58 +03:00
VakarisZ 35b8efb79d Fixed travis bugs caused by disabled ZT tests 2020-10-16 14:32:52 +03:00
VakarisZ d0fda6b9e5 Fixed import styles in gevent modifications. 2020-10-16 12:34:18 +03:00
VakarisZ a77743137f Refactored exception name to a more specific one 2020-10-15 15:19:19 +03:00
VakarisZ f2b65ecf14 Improved gevent related code by using BoundedSemaphore instead of Semaphore and other small style fixes 2020-10-15 13:02:12 +03:00
VakarisZ a9af6fe736 Refactored tornado into gevent for non-blocking server 2020-10-15 12:50:13 +03:00
VakarisZ 0e68b07b15 Modified security hub feature to work with any deployment 2020-10-14 17:48:16 +03:00
VakarisZ 3d83f344e6 Minor change: improved AWS collector description to note that AWS collector also runs scoutsuite 2020-10-14 12:10:16 +03:00
VakarisZ f894256e56 Minor phrasing improvements in scoutsuite setup tutorials 2020-10-14 11:30:44 +03:00
VakarisZ eb5f809195 Removed the storage of subnets that violate segmentation, because this info isn't being used anywhere 2020-10-14 11:17:34 +03:00
VakarisZ 89bdbf946f Minor exception handling improvement 2020-10-13 17:52:09 +03:00
VakarisZ 24ac497eec Minor style refactoring 2020-10-13 17:52:09 +03:00
VakarisZ eb5648dc0e Fixed segmentation findings to use the same infrastructure as other findings. 
Small segmentation finding bugfix
 2020-10-13 17:52:09 +03:00
VakarisZ 7abafb70e1 Fixed bad exception handling in version_update.py 2020-10-12 16:47:00 +03:00
VakarisZ 1cbcb69697 Fixed schedule_jobs bug, where scheduled job is never deleted and monkey freezes indefinitelly. 2020-10-12 16:46:11 +03:00
VakarisZ eac960c73d Fixed version update bug that happens on systems with no internet connection 2020-10-09 10:19:32 +03:00
VakarisZ 18aa5fe320 Fixed js warnings 2020-10-06 17:20:26 +03:00
VakarisZ 4a44a38be5 Changed travis to skip running scoutsuite tests. Altered zero trust tests to be skipped, because ScoutSuite implementation broke them 2020-10-06 16:16:07 +03:00
VakarisZ 821024035e Specified line-wrap option to isort and skipped a file that's not correctly wrapped 2020-10-06 14:54:05 +03:00
VakarisZ 930642d6c3 Fixed non-wrapped imports in rule_path_creators_list.py 2020-10-06 14:23:23 +03:00
VakarisZ 39523504c3 Fixed import statements and their ordering 2020-10-06 13:18:50 +03:00
VakarisZ b88cb8bf3c Fixed python linting warnings 2020-10-05 15:16:35 +03:00
VakarisZ 1719df06f2 Updated deployment scripts by adding mongo download for ubuntu 20 2020-10-05 11:08:57 +03:00
VakarisZ 5678a50783 Scoutsuite update 2020-10-02 17:53:38 +03:00
VakarisZ 6a21a3a07e Small syntax fixes in ResourceDropdown.js 2020-10-02 15:55:50 +03:00
VakarisZ 0dfecd1837 Increased the "Pillars" column width, so "automation and orchestration" pillar name doesn't get cut off. 2020-10-02 14:54:34 +03:00
VakarisZ 34460b667b Fixed a bug where html tags were being displayed in description of a rule 2020-10-02 12:36:14 +03:00
VakarisZ 22a97096ca Altered SS rule dropdowns to display resource name whenever possible, and to display more proper value 2020-10-02 12:21:24 +03:00
VakarisZ 672c19ef0d Fixed scoutsuite bug that caused bad exception handling 2020-10-02 11:00:06 +03:00
VakarisZ d2a8597903 Fixed error caused by mixing up the value of "started_on_island" with whether the current monkey is running on island. 2020-10-01 17:56:29 +03:00
VakarisZ 5f28808885 Improved style and text of SS setup tutorials 2020-10-01 16:52:00 +03:00
VakarisZ 2e0d06b17a Added ProvidersEnum.js for front end 2020-10-01 15:18:52 +03:00
VakarisZ cf9806223e Fixed a bug in monkey finding, where events did not get saved 2020-10-01 15:17:10 +03:00
VakarisZ 2356ea50f4 Fixed a bug, where monkey config did not get set to "on_island" immediatelly, so any further monkey code could not rely on this value 2020-10-01 15:15:27 +03:00
VakarisZ d618428ff8 Improved AWS collector to only run SS on island 2020-10-01 15:11:51 +03:00
VakarisZ b1a5691fae Added stylesheet for custom monkey buttons 2020-10-01 15:09:43 +03:00
VakarisZ d3f0dc2a75 Improved back button 2020-10-01 15:09:10 +03:00
VakarisZ 841f542c6b Refactored few more files to use config value path array, rather than hardcoded in-place value 2020-10-01 15:08:45 +03:00
VakarisZ 17d91766df Added AWS keys to config 2020-10-01 15:07:32 +03:00
VakarisZ dd3d5d317a Added interactive AWS key setup/scoutsuite configuration 2020-10-01 15:02:54 +03:00
VakarisZ 708d1a697d Improved configuration by removing unused method and separating config value paths to a separate file 2020-10-01 12:54:41 +03:00
VakarisZ 9dc0211341 Moved scoutsuit submodule directory, because island might want to call it's method to check for setup 2020-10-01 12:39:45 +03:00
VakarisZ 04b00febd1 Fixed a bug, where no Unexecuted rules appeared 2020-09-25 12:49:23 +03:00
VakarisZ 059d86b0c2 Added the rest of rules to Service Security finding 2020-09-25 12:48:53 +03:00
VakarisZ 5fefe654f3 Added "is monkey already running" check for linux machine. 2020-09-24 17:14:07 +03:00
VakarisZ 9f74d9abef Improved rule display: merged warnings and dangers are displayed the same, added sorting 2020-09-24 17:09:45 +03:00
VakarisZ 5bc47b91cf Added almost all scoutsuite rules 2020-09-24 17:05:45 +03:00
VakarisZ 1559504691 Fixed js warning in error modal 2020-09-23 15:06:27 +03:00
VakarisZ a7fc5d1191 Merge branch 'run_page_ui_improvements' into 519/scoutsuite-integration 2020-09-23 14:58:51 +03:00
VakarisZ c5e4493db5 Improved run monkey error modal to display any kind of error. 2020-09-23 14:47:34 +03:00
VakarisZ 6e10dd20d1 Run monkey page: fixed a bunch of bugs, CR comments 2020-09-23 14:47:05 +03:00
VakarisZ 3b0a8e87c2 Fixed scoutsuite backend bugs 2020-09-23 10:26:35 +03:00
VakarisZ dc295d4a60 Improved and fixed bugs related to ScoutSuite UI components 2020-09-23 10:26:03 +03:00
VakarisZ 49e13a651e Created new scoutsuite findings, added relevant infrastructure to zero trust consts 2020-09-23 10:24:03 +03:00
VakarisZ c792f2f34c Added a bunch of rules and rule path creators. 2020-09-23 10:16:53 +03:00
VakarisZ f462fcc842 Removed unsustainable python type hinting rules 2020-09-23 10:13:14 +03:00
VakarisZ 2c87784a48 Minor typos and improvements on AWS scoutsutie setup run option 2020-09-21 11:12:23 +03:00
VakarisZ c3fde1898c Added ScoutSuite scan setup guide to run monkey page. 2020-09-21 11:07:16 +03:00
VakarisZ 109b2cbcbb Merge branch 'run_page_ui_improvements' into 519/scoutsuite-integration 
# Conflicts:
#	monkey/monkey_island/requirements.txt
 2020-09-18 18:10:03 +03:00