p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
4,808 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

2718 Commits

Author SHA1 Message Date
VakarisZ c45ff1dc1f Used dpath module instead of custom code to traverse object. 2021-01-29 13:01:22 +02:00
VakarisZ ba9e8c22b4 Improved mokey event fetching and added unit tests 2021-01-29 12:42:24 +02:00
VakarisZ a836ab7e1d Renamed some files and other minor improvements 2021-01-29 12:35:40 +02:00
Mike Salvatore 117678f91a ui: fix minor css formatting issues 2021-01-28 14:07:57 -05:00
Mike Salvatore e77868b656 ui: sort checkbox options alphabetically 
Alphabetically sort options in AdvancedMultiSelect to improve usability.
Float "unsafe" options to the bottom so they are grouped together.
 2021-01-28 13:44:14 -05:00
Mike Salvatore 08926d778b ui: refactor duplicate code in getWarning() 2021-01-28 13:28:36 -05:00
Mike Salvatore 61eb9a7a23 ui: align warning text and icon 2021-01-28 13:23:04 -05:00
Mike Salvatore e43c91e87e ui: Show warning message when master checkbox selected with unsafe 2021-01-28 13:09:54 -05:00
Mike Salvatore 98e26b0be1 ui: refactor getHideResetState() to use isSafe() 2021-01-28 13:09:42 -05:00
Mike Salvatore 9d9e8168fb ui: rename unsafe-indicator to warning-icon 2021-01-28 10:18:40 -05:00
Mike Salvatore 7ec8f0394c ui: add warning message to PBA/Exploiters InfoPane 2021-01-28 10:12:28 -05:00
Mike Salvatore 5ed102bd09 config_schema: fix typo in Signed script proxy execution PBA 2021-01-28 10:08:31 -05:00
VakarisZ ade2917ba3 Merge remote-tracking branch 'upstream/develop' into 519/scoutsuite-integration 
# Conflicts:
#	.swm/OwcKMnALpn7tuBaJY1US.swm
#	.swm/tbxb2cGgUiJQ8Btma0fp.swm
#	.travis.yml
#	deployment_scripts/config
#	monkey/common/utils/exceptions.py
#	monkey/infection_monkey/control.py
#	monkey/infection_monkey/exploit/hadoop.py
#	monkey/monkey_island/cc/environment/set_server_config.py
#	monkey/monkey_island/cc/resources/pba_file_upload.py
#	monkey/monkey_island/cc/services/version_update.py
#	monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/RunOptions.js
#	monkey/monkey_island/cc/ui/src/styles/Main.scss
#	monkey/monkey_island/cc/ui/src/styles/components/Buttons.scss
 2021-01-28 16:13:26 +02:00
Mike Salvatore 5f9470d17c ui: extract WarningIcon component from ChildCheckbox.js 2021-01-28 09:00:55 -05:00
Mike Salvatore 5942fad434 ui: extract ChildCheckboxContainer component out of AdvancedMultiSelect 2021-01-28 08:51:56 -05:00
Mike Salvatore 155da384c2 ui: replace "(UNSAFE)" text with warning icon 2021-01-28 08:50:19 -05:00
VakarisZ d333e8c1c0 Refactored fetch_details_for_display to return empty dict instead of empty array(because of type hint) 2021-01-28 15:33:33 +02:00
VakarisZ ad0b428699 Refactored long imports to relative imports 2021-01-28 15:12:15 +02:00
VakarisZ 059494ff6d Renamed file to match class 2021-01-28 15:11:58 +02:00
VakarisZ 7761d16cf8 Bolded the fact that user has to run monkey from Island to start ScoutSuite security scan 2021-01-28 12:16:08 +02:00
VakarisZ 255bfe9444 Minor readability improvements: typehints and comments where needed 2021-01-28 12:15:01 +02:00
VakarisZ 7aef86744e Improved readability of zero trust report resource by creating separate service for raw scoutsuite data and moving pillar report data structure into separate method on pillar service 2021-01-28 12:13:54 +02:00
Mike Salvatore 0b6ef67f49
Merge pull request #926 from guardicore/new-user-tests 
New user tests
 2021-01-27 11:26:34 -05:00
Mike Salvatore 41d5a98498
Merge pull request #931 from mssalvatore/150/resize-network-map 
150/resize network map
 2021-01-27 10:02:41 -05:00
VakarisZ d0404cbeae Removed scoutsuite from requirements, because it's imported as a subpackage 2021-01-27 16:58:05 +02:00
VakarisZ e91dfaaaa2
Merge pull request #917 from VakarisZ/pba_path_fix 
Bugfix: custom PBA upload path
 2021-01-27 15:42:16 +02:00
Mike Salvatore 6719620183 ui: fix centering of guardicore logo 
Fixes #612
 2021-01-27 07:26:56 -05:00
VakarisZ bde2288da0 Minor fixes: Removed debugging log and improved readability in PBA path const 2021-01-27 12:23:39 +02:00
VakarisZ 6fac75edb6 Implemented more unit tests for scoutsuite 2021-01-27 11:33:05 +02:00
VakarisZ 393eed42da Added zero trust report backend tests and common test data used in these tests 2021-01-27 08:54:09 +02:00
VakarisZ 7f690bb880 Refactored the use of fixtures and fixed up various tests accordingly 2021-01-27 08:53:09 +02:00
VakarisZ 20cc720c21 Configured fixtures to be picked up by any test in island 2021-01-27 08:46:10 +02:00
Mike Salvatore 32cdc034f3 ui: fix whitespace in ChildCheckbox.js 2021-01-26 15:51:42 -05:00
Mike Salvatore 145a41ffcf ui: move getDefaultPaneParams() to InfoPane.js 2021-01-26 15:46:57 -05:00
Mike Salvatore 917d6f574b ui: use class properties syntax in AdvancedMultiSelect 2021-01-26 15:15:11 -05:00
Mike Salvatore e04e11e4ac ui: add "reset to safe defaults" in AdvancedMultiSelect 
If the user selects an unsafe exploit or post breach action, a yellow
warning button appears that allows the user to reset to safe defaults.
 2021-01-26 14:59:58 -05:00
VakarisZ 06d3c70c3e PTH map got removed because it wasn't working. No point in testing code which we know doesn't work of feature we don't use 2021-01-22 17:24:00 +02:00
Mike Salvatore e9b50efc68 ui: Move map-specific css from App.css to Map.scss 2021-01-21 07:05:59 -05:00
Mike Salvatore 5d5091d914 ui: resize infection map when window resizes 
Fixes #150
 2021-01-21 07:05:50 -05:00
VakarisZ 2df889ee31 Refactored unittests to pytest on island code. Cleaned up test infrasctructure: moved common test files to /test_common 2021-01-20 15:31:42 +02:00
VakarisZ d31e9064c8 Added UT's to monkey_zt_finding_service.py and scoutsuite_zt_finding_service.py 2021-01-20 10:55:15 +02:00
VakarisZ 1b35b8fb4a Improved finding_service.py by specifying datatype it returns 2021-01-20 10:53:40 +02:00
VakarisZ d4dc42adb5 Removed the need to change server_config.json just to run tests. 2021-01-19 15:51:18 +02:00
Mike Salvatore 3dafdc810b add unit tests for AutoNewLinuxUser 2021-01-18 13:58:36 -05:00
Mike Salvatore 5481baf387 add unit tests for auto_new_user_factory 2021-01-18 13:56:25 -05:00
VakarisZ e69c94ae50 Split and moved zero trust service into pillar_service.py and principle_service.py 2021-01-18 12:01:33 +02:00
Mike Salvatore d008e3d52a ci: add .coveragerc to omit unit test code from coverage report 
The code coverage report was including the unit tests themselves in the
coverage report. This resulted in an artifically inflated code coverage
metric, as code coverage tools will naturally report test code to be
very highly "covered".
 2021-01-17 20:20:06 -05:00
VakarisZ 01feea905b Refactored "scoutsuite_findings" directory back to "scoutsuite" directory, because it doesn't only parse findings 2021-01-15 15:34:59 +02:00
Mike Salvatore bf6db078a6 ui: add missing semicolons 2021-01-15 08:16:08 -05:00
VakarisZ 3a9aa3191f Separated zero trust and security report resources 2021-01-15 15:10:07 +02:00
VakarisZ 02a45c7449 Moved and renamed some services to improve directory structure of zero trust services 2021-01-15 15:08:49 +02:00
VakarisZ 85f4c4f250 Small ScoutSuite feature code style refactorings 2021-01-15 11:22:40 +02:00
VakarisZ e79290e761 Refactored scoutsuite rule button from "ScoutSuite rules" to just "Rules" to look more consistent with "Events" button 2021-01-15 11:20:57 +02:00
VakarisZ de69d167ba Minor scoutsuite code refactorings 2021-01-14 16:05:52 +02:00
VakarisZ 22194c566a Refactored aws access keys in config, added them to encrypted parameter list and added ScoutSuite specific exception 2021-01-14 16:05:06 +02:00
Mike Salvatore 11ea5e1a7e ui: separate json schema-related functions into JsonSchemaHelpers.js 2021-01-14 08:44:43 -05:00
Mike Salvatore 8d024b9002 ui: separate MasterCheckbox and ChildCheckbox into their own files 2021-01-14 08:37:52 -05:00
Shreya 4a5d535327 Oops 2021-01-14 18:27:49 +05:30
Shreya ca460b7348 Changes in unit test 2021-01-14 18:19:16 +05:30
Shreya 9240408956 Make function static (as per CR) 2021-01-14 18:13:13 +05:30
Shreya 3225e6d20d Add tests 2021-01-14 17:42:27 +05:30
Shreya 27263cbb48 Readability changes (per CR) 2021-01-14 17:42:27 +05:30
Shreya 4aa6095839 Add port 5432 to tcp_target_ports in config.py 2021-01-14 17:42:27 +05:30
Shreya 2203e5f1d3 Fix test 2021-01-14 17:42:27 +05:30
Shreya f7820b840c Change in PostgreSQL communication encryption result: only selected hosts 2021-01-14 17:42:27 +05:30
Shreya 4ffac38382 Add PostgreSQL to data pillar of ZT 2021-01-14 17:42:27 +05:30
Shreya e8a2a37690 Code clean up 2021-01-14 17:42:27 +05:30
Shreya 6cb9d4808f PostgreSQL communication encryption fingerprinting 2021-01-14 17:42:27 +05:30
Shreya edc1b779d3 Initial PostgreSQL fingerprinting stuff 2021-01-14 17:42:27 +05:30
VakarisZ 761ed2ec43 Refactored code of rule ordering 2021-01-14 12:17:34 +02:00
VakarisZ a818025f63 Typo fix in service_consts.py 2021-01-14 12:05:13 +02:00
VakarisZ cd9d2904c5 Added comment explaining why finding details are in a separate documents to discourage uninformed refactoring in the future 2021-01-14 12:02:38 +02:00
VakarisZ 2dfcbb49d4 Minor refactoring and typo fix 2021-01-14 11:59:57 +02:00
VakarisZ 87dafeb440 Refactored scoutsuite rule count badge readability. 2021-01-13 17:57:54 +02:00
VakarisZ b90f6587c1 Reverted resource value display to show "False", because for IAM rules it makes sense and expresses if it the rule is enabled or not. 2021-01-13 16:57:36 +02:00
VakarisZ 7b60d4d2e6 Refactored ScoutSuiteDataParser.js to improve the readability of scoutsuite data extraction process 
temp
 2021-01-13 16:57:36 +02:00
Mike Salvatore 73dd8ddcc9 ui: Minor readability and style changes for AdvancedMultiSelect 2021-01-13 07:35:03 -05:00
Mike Salvatore 94b87f8d9a ui: Remove unnecessary call to getDefaultPaneParams() 2021-01-12 15:59:16 -05:00
Mike Salvatore 701d938330 ui: refactor AdvancedMultiSelect.js for readability and flow 2021-01-12 15:15:23 -05:00
Mike Salvatore 19bc09196f ui: Enable mixed-state behavior for master checkbox in AdavncedMultiSelect 
The AdvancedMultiSelect should adhere to some set of human interface
guidelines. In the absence of a formal, agreed upon set of guidelines
for Infection Monkey, this commit uses KDE's guidelines for checkboxes:
https://hig.kde.org/components/editing/checkbox.html

When child checkboxes are not all checked, the master checkbox displays
a mixed-state icon, instead of a checked icon. Clicking the mixed-state
icon checks all child checkboxes. Clicking an unchecked master checkbox
also enables all child checkboxes.

In the past, clicking an unchecked master checkbox checked only the
*default* child checkboxes. While this may seem desirable so that unsafe
exploits do not accidentally get selected by the user, it will confuse
and frustrate users, as master/child checkboxes do not normally function
this way. If there is concern that users may unknowingly select unsafe
exploits/options, we should pop up a warning to inform the user when the
config is saved/submitted.

Issue #891
 2021-01-12 15:15:18 -05:00
VakarisZ 7e07489807 Moved rule parsing methods into a separate component, added more details about rules in rule overview: added how many failed/passed/uncheck rules there are for a finding. 2021-01-12 12:41:58 +02:00
VakarisZ 5027dd4d2c Improved unsecure resource display: removed a separate line for unsecure resource count and instead added the count to the annotation of unsecure resource list. E.g: "Flagged resources (3)" 2021-01-12 12:41:58 +02:00
VakarisZ 1472382387 Fixed react warnings related to keys and <div/> in <p/> 2021-01-12 12:41:58 +02:00
VakarisZ d9a5289c8d Minor FindingsTable.js readability refactoring 2021-01-12 12:41:58 +02:00
VakarisZ 789c58f0ac Refactored ScoutSuite finding classes to have ABC 2021-01-12 12:41:58 +02:00
VakarisZ 737e6bce3d Renamed rule_parsing.py to rule_parser.py, to match the classname 2021-01-12 12:41:58 +02:00
VakarisZ d1d5c45c26 Added scoutsuite package requirements to agent requirements.txt 2021-01-12 12:41:58 +02:00
VakarisZ ba947a6b30 "type" param renamed to "finding_type" in finding DAO 
Fixed bug, which happened due to type -> finding_type refactoring
 2021-01-12 12:41:58 +02:00
Mike Salvatore 878f959a8f ui: Factor ChildCheckbox out of AdvancedMultiSelect 2021-01-11 19:54:51 -05:00
Mike Salvatore af329d56d8 ui: Factor MasterCheckbox() out of AdvancedMultiSelect 2021-01-11 19:16:18 -05:00
Mike Salvatore 84b422a120 ui: Refactor AdvancedMultiSelect as a class 
AdvancedMultiSelect can be broken up and composed of smaller, more
focused components. This commit refactors AdvancedMultiSelect from a
functional component to a class component.
 2021-01-11 19:15:45 -05:00
VakarisZ 4f43edbefb Removed unnecessary logging in pba_file_download.py 2021-01-11 08:54:01 +02:00
VakarisZ 78aaa4091d Fixed custom PBA upload path to use abstract path in island dir rather than flask cwd. 2021-01-08 17:07:36 +02:00
VakarisZ 46abff412d Grouped files used for serving flask into a "server_utils" package 2021-01-08 12:05:18 +02:00
Shreya 55dae3f29d Minor code changes 2021-01-08 15:16:29 +05:30
Shreya 22d9f70374 Add option to run as a certain user via manual command on the Run Monkey page 2021-01-08 15:16:29 +05:30
VakarisZ 28601d97ed Refactored utility method and added unit test 2021-01-08 10:57:44 +02:00
VakarisZ eaf9b6a8d1 Renamed cloud providers enum to camel case 2021-01-04 15:46:53 +02:00
VakarisZ 8cd3834fe4 Fixed wrong argument in scoutsuite_collector.py 2021-01-04 14:06:34 +02:00
VakarisZ 1bff64f09b
Merge pull request #875 from VakarisZ/validation_script 
Validation script
 2020-12-22 15:48:39 +02:00
VakarisZ 7fb1e3f15b
Merge pull request #862 from VakarisZ/gevent_refactoring 
Gevent refactoring
 2020-12-17 17:29:58 +02:00
VakarisZ 8aae611396 Merge remote-tracking branch 'upstream/develop' into custom_pba_bugfix 2020-12-17 13:26:55 +02:00
VakarisZ e6bb978dc4
Merge pull request #894 from withshubh/develop 
Fix code quality issues
 2020-12-16 12:19:37 +02:00
VakarisZ d8440303ce
Merge pull request #867 from VakarisZ/aws_run_option_fix 
Run on AWS instance option fix
 2020-12-15 12:15:41 +02:00
VakarisZ cd27a889b1
Merge pull request #895 from guardicore/smb_exec_bugfix 
SMB bugfix
 2020-12-15 12:11:53 +02:00
VakarisZ 17ee823b08
Merge pull request #863 from VakarisZ/security_hub_fixes 
Security hub fixes
 2020-12-08 16:37:36 +02:00
VakarisZ 9e9518be66 Merge remote-tracking branch 'upstream/develop' into gevent_refactoring 2020-12-08 16:31:55 +02:00
VakarisZ ac71a3ecb5
Merge pull request #861 from VakarisZ/schedule_jobs_bugfix 
Schedule jobs bugfix
 2020-12-08 16:14:28 +02:00
Ace Pace 030b1c683e Monkey: Guard against exceptions while fingerprinting 2020-12-07 16:54:58 +02:00
shubhendra 32593b2105 revert-Remove unnecessary use of comprehension 2020-12-05 14:24:49 +05:30
Shubhendra Singh Chauhan 9f48a54529
Update BadImport.py 2020-12-05 01:53:21 +05:30
deepsource-autofix[bot] 96d28b40af autofixe made using DeepSource 2020-12-04 23:44:03 +05:30
VakarisZ 55f4684e1e Fixed function call that had too many arguments in smbexec.py 2020-12-04 16:43:53 +02:00
VakarisZ 4b1331c281 Merge remote-tracking branch 'upstream/develop' into smbexec_bugfix 2020-12-04 15:58:57 +02:00
VakarisZ 04e89411fb SMB bugfixed to be able to exploit machine with smb v3, by not specifying preferred dialect for rpctransport 2020-12-04 15:44:40 +02:00
DeepSource Bot 70a899cc7d Add .deepsource.toml 2020-12-04 11:14:55 +05:30
Shreya 0848ba240f Fix mongoengine version to 0.20.0 2020-11-28 22:44:15 +05:30
VakarisZ 424c666f65 Fixed custom post breach action path bug. 2020-11-24 17:58:28 +02:00
VakarisZ 47984196ce Fixed import order to satisfy isort 2020-11-12 14:59:16 +02:00
VakarisZ 18d72f89da Added timeouts to requests 2020-11-11 15:31:48 +02:00
VakarisZ f76fc7ad77 Removed unused imports in windowsserver_fingerprint.py 2020-11-11 15:30:52 +02:00
VakarisZ 523722a981
Merge pull request #826 from guardicore/snyk-upgrade-7a792070e6c0c0c12685cf49fbf0115e 
[Snyk] Upgrade snyk from 1.373.0 to 1.373.1
 2020-11-06 12:29:29 +02:00
VakarisZ fd1e24c3c5
Merge pull request #816 from guardicore/snyk-upgrade-e9c85422c9f36804c727a87c580d090f 
[Snyk] Upgrade @emotion/core from 10.0.28 to 10.0.34
 2020-11-06 11:58:23 +02:00
VakarisZ d75dd57653
Merge pull request #815 from guardicore/snyk-upgrade-6af1802c8a04f663191505efa4f72269 
[Snyk] Upgrade bootstrap from 4.5.1 to 4.5.2
 2020-11-06 11:56:11 +02:00
VakarisZ 1f1682fad8 Exported multiple configurations of CI tools to separate configurations, improved script 2020-11-06 11:48:52 +02:00
VakarisZ 636fb1be89 Added option to rollback the changes done in "set_server_config" 2020-11-06 11:47:38 +02:00
Shreya f44e080b1c Only generate 'DC_HANDLE' if 'DC_NAME' exists 2020-11-05 23:40:48 +05:30
Shreya 62a1520c50 Extract nested function 2020-11-05 23:40:45 +05:30
Shreya 8b0dd91c18 Better way to get NetBIOS name 2020-11-03 16:16:35 +05:30
Shreya b3e9695289 Raise exception instead of using boolean 2020-10-25 16:41:50 +05:30
Shreya fc9d21201f CR changes, nothing major 2020-10-25 16:21:19 +05:30
Shreya 7bdc7ce4c2 Add implementation details 2020-10-21 16:45:15 +05:30
Shreya 08d3801120 Testing is important 2020-10-21 16:41:54 +05:30
Shreya 0a8d1f2afe Add Zerologon fingerprinter 2020-10-21 16:41:54 +05:30
Ubuntu a3e9f65d49 Added spinning animation to "synch" icon in run monkey on aws button 2020-10-21 09:49:41 +00:00
VakarisZ b3759e60ec Improved dir structure of run monkey page 2020-10-21 12:16:01 +03:00
VakarisZ 46de8000c1 Fixed and moved AWS run components into a separate folder 2020-10-21 12:15:16 +03:00
VakarisZ 5da412e40c Fixed eslint to allow backticks syntax. 2020-10-21 12:13:34 +03:00
VakarisZ 67f5962977 Changed webpack server to serve on all interfaces. Makes remote development easier. 2020-10-20 12:10:40 +03:00
VakarisZ d4002fd7b5 Added loading component to indicate that more buttons are loading. 2020-10-20 12:04:57 +03:00
VakarisZ c6b7f4f0be Brought back and refactored run on AWS button. 2020-10-20 10:12:10 +03:00
VakarisZ 9da74e31ec Fixed travis crashes on isort because of line endings. 2020-10-16 15:52:58 +03:00
VakarisZ 35b8efb79d Fixed travis bugs caused by disabled ZT tests 2020-10-16 14:32:52 +03:00
VakarisZ d0fda6b9e5 Fixed import styles in gevent modifications. 2020-10-16 12:34:18 +03:00
VakarisZ a77743137f Refactored exception name to a more specific one 2020-10-15 15:19:19 +03:00
VakarisZ f2b65ecf14 Improved gevent related code by using BoundedSemaphore instead of Semaphore and other small style fixes 2020-10-15 13:02:12 +03:00
VakarisZ a9af6fe736 Refactored tornado into gevent for non-blocking server 2020-10-15 12:50:13 +03:00
VakarisZ 0e68b07b15 Modified security hub feature to work with any deployment 2020-10-14 17:48:16 +03:00
VakarisZ 3d83f344e6 Minor change: improved AWS collector description to note that AWS collector also runs scoutsuite 2020-10-14 12:10:16 +03:00
VakarisZ f894256e56 Minor phrasing improvements in scoutsuite setup tutorials 2020-10-14 11:30:44 +03:00
VakarisZ eb5f809195 Removed the storage of subnets that violate segmentation, because this info isn't being used anywhere 2020-10-14 11:17:34 +03:00
VakarisZ 89bdbf946f Minor exception handling improvement 2020-10-13 17:52:09 +03:00
VakarisZ 24ac497eec Minor style refactoring 2020-10-13 17:52:09 +03:00
VakarisZ eb5648dc0e Fixed segmentation findings to use the same infrastructure as other findings. 
Small segmentation finding bugfix
 2020-10-13 17:52:09 +03:00
VakarisZ 7abafb70e1 Fixed bad exception handling in version_update.py 2020-10-12 16:47:00 +03:00
VakarisZ 1cbcb69697 Fixed schedule_jobs bug, where scheduled job is never deleted and monkey freezes indefinitelly. 2020-10-12 16:46:11 +03:00
VakarisZ eac960c73d Fixed version update bug that happens on systems with no internet connection 2020-10-09 10:19:32 +03:00
VakarisZ 18aa5fe320 Fixed js warnings 2020-10-06 17:20:26 +03:00
VakarisZ 4a44a38be5 Changed travis to skip running scoutsuite tests. Altered zero trust tests to be skipped, because ScoutSuite implementation broke them 2020-10-06 16:16:07 +03:00
VakarisZ 821024035e Specified line-wrap option to isort and skipped a file that's not correctly wrapped 2020-10-06 14:54:05 +03:00
VakarisZ 930642d6c3 Fixed non-wrapped imports in rule_path_creators_list.py 2020-10-06 14:23:23 +03:00
VakarisZ 39523504c3 Fixed import statements and their ordering 2020-10-06 13:18:50 +03:00
VakarisZ b88cb8bf3c Fixed python linting warnings 2020-10-05 15:16:35 +03:00
VakarisZ 1719df06f2 Updated deployment scripts by adding mongo download for ubuntu 20 2020-10-05 11:08:57 +03:00
VakarisZ 5678a50783 Scoutsuite update 2020-10-02 17:53:38 +03:00
VakarisZ 6a21a3a07e Small syntax fixes in ResourceDropdown.js 2020-10-02 15:55:50 +03:00
VakarisZ 0dfecd1837 Increased the "Pillars" column width, so "automation and orchestration" pillar name doesn't get cut off. 2020-10-02 14:54:34 +03:00
VakarisZ 34460b667b Fixed a bug where html tags were being displayed in description of a rule 2020-10-02 12:36:14 +03:00
VakarisZ 22a97096ca Altered SS rule dropdowns to display resource name whenever possible, and to display more proper value 2020-10-02 12:21:24 +03:00
VakarisZ 672c19ef0d Fixed scoutsuite bug that caused bad exception handling 2020-10-02 11:00:06 +03:00
VakarisZ d2a8597903 Fixed error caused by mixing up the value of "started_on_island" with whether the current monkey is running on island. 2020-10-01 17:56:29 +03:00
VakarisZ 5f28808885 Improved style and text of SS setup tutorials 2020-10-01 16:52:00 +03:00
VakarisZ 2e0d06b17a Added ProvidersEnum.js for front end 2020-10-01 15:18:52 +03:00
VakarisZ cf9806223e Fixed a bug in monkey finding, where events did not get saved 2020-10-01 15:17:10 +03:00
VakarisZ 2356ea50f4 Fixed a bug, where monkey config did not get set to "on_island" immediatelly, so any further monkey code could not rely on this value 2020-10-01 15:15:27 +03:00
VakarisZ d618428ff8 Improved AWS collector to only run SS on island 2020-10-01 15:11:51 +03:00
VakarisZ b1a5691fae Added stylesheet for custom monkey buttons 2020-10-01 15:09:43 +03:00
VakarisZ d3f0dc2a75 Improved back button 2020-10-01 15:09:10 +03:00
VakarisZ 841f542c6b Refactored few more files to use config value path array, rather than hardcoded in-place value 2020-10-01 15:08:45 +03:00
VakarisZ 17d91766df Added AWS keys to config 2020-10-01 15:07:32 +03:00
VakarisZ dd3d5d317a Added interactive AWS key setup/scoutsuite configuration 2020-10-01 15:02:54 +03:00
VakarisZ 708d1a697d Improved configuration by removing unused method and separating config value paths to a separate file 2020-10-01 12:54:41 +03:00
VakarisZ 9dc0211341 Moved scoutsuit submodule directory, because island might want to call it's method to check for setup 2020-10-01 12:39:45 +03:00
VakarisZ 04b00febd1 Fixed a bug, where no Unexecuted rules appeared 2020-09-25 12:49:23 +03:00
VakarisZ 059d86b0c2 Added the rest of rules to Service Security finding 2020-09-25 12:48:53 +03:00
VakarisZ 5fefe654f3 Added "is monkey already running" check for linux machine. 2020-09-24 17:14:07 +03:00
VakarisZ 9f74d9abef Improved rule display: merged warnings and dangers are displayed the same, added sorting 2020-09-24 17:09:45 +03:00
VakarisZ 5bc47b91cf Added almost all scoutsuite rules 2020-09-24 17:05:45 +03:00
VakarisZ 1559504691 Fixed js warning in error modal 2020-09-23 15:06:27 +03:00
VakarisZ a7fc5d1191 Merge branch 'run_page_ui_improvements' into 519/scoutsuite-integration 2020-09-23 14:58:51 +03:00
VakarisZ c5e4493db5 Improved run monkey error modal to display any kind of error. 2020-09-23 14:47:34 +03:00
VakarisZ 6e10dd20d1 Run monkey page: fixed a bunch of bugs, CR comments 2020-09-23 14:47:05 +03:00
VakarisZ 3b0a8e87c2 Fixed scoutsuite backend bugs 2020-09-23 10:26:35 +03:00
VakarisZ dc295d4a60 Improved and fixed bugs related to ScoutSuite UI components 2020-09-23 10:26:03 +03:00
VakarisZ 49e13a651e Created new scoutsuite findings, added relevant infrastructure to zero trust consts 2020-09-23 10:24:03 +03:00
VakarisZ c792f2f34c Added a bunch of rules and rule path creators. 2020-09-23 10:16:53 +03:00
VakarisZ f462fcc842 Removed unsustainable python type hinting rules 2020-09-23 10:13:14 +03:00
VakarisZ 2c87784a48 Minor typos and improvements on AWS scoutsutie setup run option 2020-09-21 11:12:23 +03:00
VakarisZ c3fde1898c Added ScoutSuite scan setup guide to run monkey page. 2020-09-21 11:07:16 +03:00
VakarisZ 109b2cbcbb Merge branch 'run_page_ui_improvements' into 519/scoutsuite-integration 
# Conflicts:
#	monkey/monkey_island/requirements.txt
 2020-09-18 18:10:03 +03:00
VakarisZ 62708cf6b2 Fixed es-lint warnings and increased upper warning limit 2020-09-18 18:03:44 +03:00
VakarisZ dcf1b49186 Fixed conflicting dependencies that require botocore >= 1.18.0 2020-09-18 17:01:47 +03:00
VakarisZ bd80823c77 Merge branch 'run_page_ui_improvements' into 519/scoutsuite-integration 
# Conflicts:
#	monkey/monkey_island/cc/ui/src/styles/Main.scss
 2020-09-18 16:49:28 +03:00
VakarisZ 4d8751432d Revert "Fixed conflicting dependencies that require botocore >= 1.18.0" 
This reverts commit b8f70645
 2020-09-18 16:48:53 +03:00
VakarisZ 3c410d6135 Fixed conflicting dependencies that require botocore >= 1.18.0 2020-09-18 16:48:03 +03:00
VakarisZ b8f7064582 Fixed conflicting dependencies that require botocore >= 1.18.0 2020-09-18 16:43:03 +03:00
VakarisZ 5331095bf3 Removed unused function 2020-09-18 16:11:29 +03:00
VakarisZ 6eab147ae1 Merge remote-tracking branch 'upstream/develop' into run_page_ui_improvements 
# Conflicts:
#	monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js
#	monkey/monkey_island/cc/ui/src/styles/Main.scss
 2020-09-18 15:43:23 +03:00
VakarisZ 38b1cfacaa Removed not working "Back" button from run monkey page, also removed unnecessary code 2020-09-18 15:35:34 +03:00
VakarisZ c4f4a8ef95 Refactored UI of run monkey page 2020-09-18 15:11:26 +03:00
VakarisZ c66cb11e79 Added ScoutSuite UI code 2020-09-18 10:26:35 +03:00
VakarisZ 4440027699 Backend ScoutSuite backend code, which handles ScoutSuite data reception, parsing and storing 2020-09-18 10:13:27 +03:00
VakarisZ 0b9b89f639 Added rule path creators, which helps to extract scoutsuite rules from scoutsuite report data 2020-09-18 10:01:14 +03:00
VakarisZ 5a6a68fde0 Changed default flask json encoder so we could encode objects with custom fields, like field of type ObjectId 2020-09-18 09:28:31 +03:00
VakarisZ 96f3052dc2 Bugfix: imports, related to "common_consts renaming" fixed. 2020-09-11 16:12:18 +03:00
VakarisZ d9ba4dd3a4 Small modifications: bug in ZT report resource and unused imports removed 2020-09-08 14:08:36 +03:00
VakarisZ 4eebb1a088 Merge remote-tracking branch 'upstream/develop' into 519/scoutsuite-integration 2020-09-08 12:42:17 +03:00
VakarisZ 4e1e9907b1 Renamed all zero trust tests to zero trust checks in back-end. This increases readability, because it differentiates unit test code from production code 2020-09-08 12:41:59 +03:00
VakarisZ 3490be1d8f Re-structured ZT files and separated class responsibilities better, also further refactor towards ZT findings being extendable with different types of details. 2020-09-08 12:39:55 +03:00
VakarisZ 9952f69198 Refactoring ZT findings 2020-09-07 13:36:18 +03:00
VakarisZ 549e621895 Small telemetry refactoring and added ScoutSuite telem 2020-09-04 15:46:50 +03:00
VakarisZ 3adafd31b0 Small scoutsuite improvement regarding api error handling 2020-09-04 15:45:48 +03:00
VakarisZ 7538f774ed Migrated more hard coded telem category values to use enum 2020-09-03 12:38:40 +03:00
VakarisZ 3f725c1639 Added scoutsuite_api to monkey 2020-09-03 12:07:04 +03:00
VakarisZ a365d2eb3c Exported telem categories into dict, moved scoutsuite submodule to a different dir 2020-09-03 12:06:20 +03:00
snyk-bot 77a2953de3
fix: upgrade snyk from 1.373.0 to 1.373.1 
Snyk has created this PR to upgrade snyk from 1.373.0 to 1.373.1.

See this package in npm:
https://www.npmjs.com/package/snyk

See this project in Snyk:
https://app.snyk.io/org/guardicore/project/b4a24b2f-c0d4-474c-9f18-da5a77c685fe?utm_source=github&utm_medium=upgrade-pr
 2020-09-03 07:02:18 +00:00
Shay Nehmad e878310f55 Locking the AWS requirements to avoid conflicts 2020-09-02 22:52:38 +03:00
Shreya Malviya c0e6467a48
Merge pull request #820 from shreyamalviya/MITRE-report-colors 
ATT&CK Report UI changes
 2020-09-03 00:16:02 +05:30
Shay Nehmad 0b1b7f2bf8
Merge pull request #821 from guardicore/snyk-upgrade-bfa4cc6622c1518759f020a073ce24b0 
[Snyk] Upgrade snyk from 1.372.0 to 1.373.0
 2020-09-02 21:22:35 +03:00
ophirharpazg 658a744c5a move noqa to the invocation line 2020-09-02 12:50:47 +03:00
ophirharpazg e69ff81e6f approve ignoring certificates for CI 2020-09-02 12:45:09 +03:00
ophirharpazg 7e7ca954d3 delete whitespaces for CI 2020-09-02 12:43:40 +03:00
ophirharpazg 5bf6f654e1 deleted unused ports 2020-09-02 12:36:00 +03:00
snyk-bot f43664cf5c fix: upgrade snyk from 1.372.0 to 1.373.0 
Snyk has created this PR to upgrade snyk from 1.372.0 to 1.373.0.

See this package in npm:
https://www.npmjs.com/package/snyk

See this project in Snyk:
https://app.snyk.io/org/guardicore/project/b4a24b2f-c0d4-474c-9f18-da5a77c685fe?utm_source=github&utm_medium=upgrade-pr
 2020-09-02 07:03:15 +00:00
ophirharpazg b9186376f9 add OS name to logs 2020-09-02 00:18:12 +03:00
ophirharpazg 702f5c1a41 verify=False for HTTPS requests 2020-09-02 00:17:46 +03:00
ophirharpazg eb4f50a0ca keep path after removing port from URL 2020-09-02 00:17:02 +03:00
Shreya eba638eaff ATT&CK report UI changes 
- color changes
- strikethrough disabled techiques' text in matrix
 2020-09-01 23:39:33 +05:30
Shay Nehmad 0d71e22b08 Merge branch 'develop' into 669/drupal 2020-09-01 15:45:05 +03:00
ophirharpazg cb6e516e79 try to handle exceptions (not finished) 2020-09-01 15:43:25 +03:00
ophirharpazg 6efc7d8f82 don't verify HTTPS certificates 2020-09-01 15:43:08 +03:00
ophirharpazg c7b51bfe19 print stack trace in exception 2020-09-01 15:42:46 +03:00
ophirharpazg 93b978edac add a space 2020-09-01 15:21:59 +03:00
ophirharpazg 8e14e74d94 add a path for Bitnami installations of Drupal 2020-09-01 15:20:22 +03:00
Shay Nehmad 113db81e55
Merge pull request #818 from guardicore/linter-cleanup 
fix typo
 2020-09-01 15:01:46 +03:00
Shay Nehmad e9a939e1f0 fix typo 
(╯°□°)╯︵ ┻━┻
 2020-09-01 15:00:39 +03:00
ophirharpazg ac731f5736 Remove redundant logs 2020-09-01 14:57:22 +03:00
ophirharpazg 4de9e92ce2 I seriously have no idea how this happened 
(*/ω\*)
 2020-09-01 14:51:01 +03:00
Shay Nehmad f990e1af39
Merge pull request #817 from guardicore/linter-cleanup 
Bugfix - missing import
 2020-09-01 14:48:05 +03:00
Shay Nehmad 33b9dae213 Bugfix - missing import 2020-09-01 14:46:53 +03:00
ophirharpazg afcbbb880c add to exploiter info 2020-09-01 14:23:52 +03:00
ophirharpazg 7288fb9814 fix Docs page and add to report 2020-09-01 14:16:22 +03:00
ophirharpazg a7b84b966c fix length check and add log 2020-09-01 12:43:20 +03:00
ophirharpazg bdba20133d retore the upper bound from the original exploit implementation 2020-09-01 12:39:36 +03:00
ophirharpazg 9fcf2fe0e6 improve the check of sufficient URLs for the attack 2020-09-01 12:39:14 +03:00
Shay Nehmad 5a00d5e5f9 Merge branch '669/drupal' of https://github.com/guardicore/monkey into 669/drupal 2020-09-01 12:17:33 +03:00
Shay Nehmad cf776063af Reformat + extract payload building to functions 2020-09-01 12:17:01 +03:00
ophirharpazg f31186272f fixed logic and name in finding exploitable nodes 2020-09-01 12:07:29 +03:00
VakarisZ 7107e963fb
Merge pull request #809 from VakarisZ/ms08-067 
Added windows XP support for win_ms08_067
 2020-09-01 11:56:02 +03:00
ophirharpazg 6e2678473c rename function that finds vulnerable node IDs 2020-09-01 11:53:49 +03:00
Shay Nehmad cec57c1604 Update minor things in order to pass CI build 2020-09-01 11:48:06 +03:00
Shay Nehmad e7ecaa1744 Merge branch 'develop' into 669/drupal 2020-09-01 11:42:42 +03:00
snyk-bot ef64f4f122 fix: upgrade @emotion/core from 10.0.28 to 10.0.34 
Snyk has created this PR to upgrade @emotion/core from 10.0.28 to 10.0.34.

See this package in npm:
https://www.npmjs.com/package/@emotion/core

See this project in Snyk:
https://app.snyk.io/org/guardicore/project/b4a24b2f-c0d4-474c-9f18-da5a77c685fe?utm_source=github&utm_medium=upgrade-pr
 2020-09-01 07:03:46 +00:00
snyk-bot d0113285a7 fix: upgrade bootstrap from 4.5.1 to 4.5.2 
Snyk has created this PR to upgrade bootstrap from 4.5.1 to 4.5.2.

See this package in npm:
https://www.npmjs.com/package/bootstrap

See this project in Snyk:
https://app.snyk.io/org/guardicore/project/b4a24b2f-c0d4-474c-9f18-da5a77c685fe?utm_source=github&utm_medium=upgrade-pr
 2020-09-01 07:03:41 +00:00
snyk-bot 33be50a6e2 fix: upgrade snyk from 1.369.3 to 1.372.0 
Snyk has created this PR to upgrade snyk from 1.369.3 to 1.372.0.

See this package in npm:
https://www.npmjs.com/package/snyk

See this project in Snyk:
https://app.snyk.io/org/guardicore/project/b4a24b2f-c0d4-474c-9f18-da5a77c685fe?utm_source=github&utm_medium=upgrade-pr
 2020-09-01 07:03:36 +00:00
Shay Nehmad c79bc8f47b
Merge pull request #812 from guardicore/linter-cleanup 
Linter cleanup
 2020-09-01 09:15:05 +03:00
Shay Nehmad f084d84157 Fixed isort 2020-08-31 18:31:00 +03:00
Shay Nehmad 1a4d27d7ff Delete return value 2020-08-31 18:12:01 +03:00
Shay Nehmad 5696c3e536 Some more easy noqas or invalid escape fixes 2020-08-31 18:06:08 +03:00
ophirharpazg 6184400f51 mention Drupal REST API requirement 2020-08-31 17:55:24 +03:00
ophirharpazg b82a6e48b2 use ID_STRING instead of dashes 2020-08-31 17:55:04 +03:00
Shay Nehmad accd6bd0fa See https://eslint.org/docs/rules/no-prototype-builtins 2020-08-31 17:16:53 +03:00
ophirharpazg c9ea95110c remove unnecessary function and replace with urljoin 2020-08-31 16:52:10 +03:00
ophirharpazg 1ae8ecff62 Move remote_port to a designated file and add UT 2020-08-31 16:40:21 +03:00
Shay Nehmad 9d26b5698c Fix isort bug with comments 2020-08-31 14:47:47 +03:00
Shay Nehmad f23199c4a3 Fixed more warnings and lowered the linter upper limit to double digits 2020-08-31 14:40:03 +03:00
Shay Nehmad b26727d5e0 Fix isort formatting 2020-08-31 14:36:26 +03:00
Shreya fc7d5bf1b3 Merge remote-tracking branch 'upstream/develop' into T1099 2020-08-31 17:00:58 +05:30
Shay Nehmad 910e8355f9 Fix or noqa some python linter errors 
Also, replace os.path with Path
 2020-08-31 14:13:56 +03:00
Shay Nehmad db46134a60
Merge pull request #803 from guardicore/snyk-upgrade-7ac4a238c663fbd71e69edeed8729cd1 
[Snyk] Upgrade bootstrap from 4.5.0 to 4.5.1
 2020-08-31 12:13:06 +03:00
Shay Nehmad a1356a14b3 npm audit fix 2020-08-31 12:12:50 +03:00
Shay Nehmad 70ecd27ab1 Merge branch 'develop' into snyk-upgrade-7ac4a238c663fbd71e69edeed8729cd1 2020-08-31 12:04:34 +03:00
Shay Nehmad d9dbb6fcfa
Merge pull request #797 from guardicore/snyk-upgrade-3bcbcf02454033baa460afe021a37c03 
[Snyk] Upgrade react-json-tree from 0.11.2 to 0.12.0
 2020-08-31 12:04:11 +03:00
Shay Nehmad c01663c12f
Merge pull request #811 from guardicore/snyk-upgrade-675068a89f14975a8ee45d366b442b9d 
[Snyk] Upgrade filepond from 4.19.0 to 4.19.2
 2020-08-31 12:02:17 +03:00
Shay Nehmad 122c400c07 Merge branch 'develop' into snyk-upgrade-3bcbcf02454033baa460afe021a37c03 2020-08-31 12:00:04 +03:00
VakarisZ b14193f848 Merge remote-tracking branch 'upstream/develop' into 519/scoutsuite-integration 
# Conflicts:
#	.gitmodules
#	.travis.yml
#	monkey/common/data/system_info_collectors_names.py
#	monkey/monkey_island/cc/services/config_schema.py
#	monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py
 2020-08-31 11:34:15 +03:00
VakarisZ d8a0a6d7a8 More work on Run monkey page 2020-08-31 10:35:39 +03:00
ophirharpazg 4c9d0f2786 Add Drupal to the newly formed configuration 2020-08-30 18:04:40 +03:00
ophirharpazg 1e259fc131 Add a detailed issue to the security report 2020-08-30 18:04:26 +03:00
ophirharpazg 3df5078ec1 Merge branch 'develop' into 669/drupal 
# Conflicts:
#	monkey/monkey_island/cc/services/config_schema.py
 2020-08-30 18:03:54 +03:00
ophirharpazg 6fa1801280 Merge remote-tracking branch 'origin/develop' into 669/drupal 2020-08-30 17:17:19 +03:00
snyk-bot 60fdf06cfb fix: upgrade filepond from 4.19.0 to 4.19.2 
Snyk has created this PR to upgrade filepond from 4.19.0 to 4.19.2.

See this package in npm:
https://www.npmjs.com/package/filepond

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-28 07:00:57 +00:00
snyk-bot 8db4897229 fix: upgrade snyk from 1.368.0 to 1.369.3 
Snyk has created this PR to upgrade snyk from 1.368.0 to 1.369.3.

See this package in npm:
https://www.npmjs.com/package/snyk

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-28 07:00:52 +00:00
VakarisZ 731239f08d Added windows XP support for win_ms08_067.py and fixed exploited/not exploited logic 2020-08-28 09:38:01 +03:00
ophirharpazg 7fff3b57bc Drupal server exploit implementation 2020-08-27 19:47:59 +03:00
ophirharpazg 2d48001f7b log exceptions in exploit_host 2020-08-27 19:47:38 +03:00
ophirharpazg f3f124ce76 renames, formatting and documentation 2020-08-27 19:47:08 +03:00
ophirharpazg 610d3d1144 get a vulnerable URL in a configurable manner 2020-08-27 19:46:42 +03:00
ophirharpazg a87640c4aa add Drupal exploit to the configuration 2020-08-27 19:43:41 +03:00
ophirharpazg 36d8487877 add Drupal exploit to the report - basic message 2020-08-27 19:43:16 +03:00
Shay Nehmad 1b86e00d33
Merge pull request #791 from guardicore/snyk-upgrade-e25eb24d943358d57b15972b86e257b1 
[Snyk] Upgrade filepond from 4.18.0 to 4.19.0
 2020-08-27 16:10:27 +03:00
VakarisZ 48360cb928
Merge pull request #779 from guardicore/feature/bugfix_and_loading_screen 
UI router bugfix and loading screen
 2020-08-27 15:54:58 +03:00
VakarisZ ee429b00c6
Merge pull request #787 from VakarisZ/server_config_auto_generation 
server_config.json no longer tracked in git, generated on island launch
 2020-08-27 15:49:45 +03:00
VakarisZ fc0742ffff
Merge pull request #807 from VakarisZ/ms08-067 
Ms08-067exploiter bugfixes, Defender evasion
 2020-08-27 15:47:18 +03:00
VakarisZ 8f3c1b9f75 Changed import order in test_shellcode_obfuscator.py 2020-08-27 15:33:54 +03:00
VakarisZ db789abf00 Removed typos and cleaned up win_ms08_067.py code 2020-08-27 14:16:33 +03:00
Shay Nehmad 4fa33ae57b Merge branch 'develop' into snyk-upgrade-e25eb24d943358d57b15972b86e257b1 2020-08-27 10:23:08 +03:00
Shay Nehmad c68e2e8e98
Merge pull request #790 from guardicore/snyk-upgrade-74184deb3a2ba3f48c5c2cbb4750525b 
[Snyk] Upgrade snyk from 1.363.0 to 1.368.0
 2020-08-27 10:21:40 +03:00
VakarisZ 3414f39245 Fixed wmi import bug 2020-08-27 09:01:58 +03:00
VakarisZ 1d3f4700c1 Implemented shellcode obfuscator and obfuscated shellcode in win_ms08_067.py 2020-08-27 09:00:41 +03:00
Shreya cff06a1308 Merge remote-tracking branch 'upstream/develop' into T1216 2020-08-27 10:51:04 +05:30
Shreya f7065a912d Merge remote-tracking branch 'upstream/develop' into T1087 2020-08-27 10:34:43 +05:30
Shreya 144e314edc Tiny fix to work on Windows 2020-08-27 10:16:58 +05:30
Shreya 7950b246aa Code review changes 
- break down `get_linux_commands_to_clear_command_history()` to separate functions
- keep technique off by default
- technique message changes
- other tiny changes
 2020-08-26 23:36:08 +05:30
Shreya e25e913e86 Just some refactoring 
and chages to pass the build
 2020-08-26 23:36:08 +05:30
Shreya 2431d45b74 Add T1146 (clear command history) 2020-08-26 23:36:08 +05:30
VakarisZ 99c302d4dc Fixed ms08-067 python3 migration bug (bytes/strings mixup) 2020-08-26 13:04:34 +03:00
snyk-bot 8589f05acf fix: upgrade bootstrap from 4.5.0 to 4.5.1 
Snyk has created this PR to upgrade bootstrap from 4.5.0 to 4.5.1.

See this package in npm:
https://www.npmjs.com/package/bootstrap

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-26 07:00:27 +00:00
VakarisZ e42c4a0fa2 More work and styling of monkey run page components 2020-08-25 15:54:38 +03:00
VakarisZ bdb7fd4a23 Started modifying win_ms08_067.py to avoid defender 2020-08-25 15:02:18 +03:00
Shreya 61d2528291 Use `Get-LocalUser` for Windows PBA instead of `net user` 2020-08-24 22:40:55 +05:30
Shreya 989286857b CR changes 2020-08-24 19:02:58 +05:30
VakarisZ 522644238b Added command display component and tabs to it 2020-08-24 14:22:01 +03:00
VakarisZ 5eaed088d6 Basic structure of run monkey page step by step wizard 2020-08-21 11:30:54 +03:00
snyk-bot 45465e2748 fix: upgrade react-json-tree from 0.11.2 to 0.12.0 
Snyk has created this PR to upgrade react-json-tree from 0.11.2 to 0.12.0.

See this package in npm:
https://www.npmjs.com/package/react-json-tree

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-21 07:01:28 +00:00
Shreya 984a8c2251 Small fix - deletes exe file now 2020-08-20 20:00:31 +05:30
Shreya 5dc2d54cef Fix typos 2020-08-20 19:39:14 +05:30
Shreya e8f72f5cd5 Add commands' source 2020-08-20 19:20:36 +05:30
Shreya 1f82dab6f5 Add T1099 (timestomping) 2020-08-20 19:16:48 +05:30
Shreya ba8a7797e6 Download exe from the island successfully, delete during pba cleanup 2020-08-20 01:38:06 +05:30
Shreya f3924ebb43 Pass build 2020-08-19 00:59:37 +05:30
Shreya 09f54bc72b Add T1087 (account discovery) 2020-08-18 22:08:58 +05:30
snyk-bot f2e2a9823d fix: upgrade filepond from 4.18.0 to 4.19.0 
Snyk has created this PR to upgrade filepond from 4.18.0 to 4.19.0.

See this package in npm:
https://www.npmjs.com/package/filepond

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-18 07:01:48 +00:00
snyk-bot a17bd7bead fix: upgrade snyk from 1.363.0 to 1.368.0 
Snyk has created this PR to upgrade snyk from 1.363.0 to 1.368.0.

See this package in npm:
https://www.npmjs.com/package/snyk

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-18 07:01:43 +00:00
Shreya 79eeaa7904 Code review changes 
- smaller executable file; fetches it from the island when pba needs to run
- technique configured off by default
- other implementation changes
 2020-08-18 02:25:13 +05:30
Shreya 15210d260c Code review changes 
- smaller executable file; fetches it from the island when pba needs to run
- technique configured off by default
- other implementation changes
 2020-08-18 00:29:50 +05:30
Shreya 4b664031af Code review changes 
- smaller executable file; fetches it from the island when pba needs to run
- technique configured off by default
- other implementation changes
 2020-08-18 01:39:45 +05:30
Shreya 59f9752faf Add T1216 (signed script proxy execution) 2020-08-18 00:52:59 +05:30
Shay Nehmad 7e90609b98
Merge pull request #781 from guardicore/snyk-upgrade-51fe9ca3fc24b5b8949fa37849d90816 
[Snyk] Upgrade react-particles-js from 3.2.1 to 3.3.0
 2020-08-17 14:47:03 +03:00
Shay Nehmad 6bcce67af4
Merge pull request #778 from guardicore/snyk-upgrade-6db8903558cfc252d0ae0a7241a6ef27 
[Snyk] Upgrade snyk from 1.362.1 to 1.363.0
 2020-08-17 14:41:14 +03:00
VakarisZ bd05cca087 Fixed python linting warnings 2020-08-17 12:56:35 +03:00
snyk-bot 7b9079b324 fix: monkey/monkey_island/cc/ui/package.json & monkey/monkey_island/cc/ui/package-lock.json to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
 2020-08-17 07:00:21 +00:00
VakarisZ 2e95d367b8 Fixed local directory in set_server_config.py to point to project root, so it would be able to access project packages. 2020-08-17 09:33:20 +03:00
VakarisZ 05395fee6d Created code that generates default server_config.json, so we don't need to track this file on git and remember not to commit credentials. 2020-08-14 15:44:47 +03:00
VakarisZ 77cf8355ee Fixed isort warning 2020-08-13 19:30:14 +03:00
VakarisZ 628583d38f Fixed post breach file upload bug 2020-08-13 19:00:21 +03:00
snyk-bot 8fb0900c9a fix: upgrade react-particles-js from 3.2.1 to 3.3.0 
Snyk has created this PR to upgrade react-particles-js from 3.2.1 to 3.3.0.

See this package in npm:
https://www.npmjs.com/package/react-particles-js

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-12 07:00:46 +00:00
VakarisZ 95cc44c4d2 Fixed white screen on map/going to map bug, implemented loading screen while UI is waiting for login status 2020-08-11 18:10:30 +03:00
VakarisZ 62c4eeb3fc
Merge pull request #758 from shreyamalviya/pba-threading 
Run post-breach phase in separate thread
 2020-08-11 17:05:39 +03:00
snyk-bot ad2b9ba65a fix: upgrade snyk from 1.362.1 to 1.363.0 
Snyk has created this PR to upgrade snyk from 1.362.1 to 1.363.0.

See this package in npm:
https://www.npmjs.com/package/snyk

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-11 07:00:36 +00:00
Shay Nehmad c685a7eb96
Merge branch 'develop' into snyk-upgrade-a73b21ca3d3b12638dce5cc24f064d49 2020-08-10 10:10:15 +03:00
snyk-bot a26cff5177 fix: upgrade snyk from 1.362.0 to 1.362.1 
Snyk has created this PR to upgrade snyk from 1.362.0 to 1.362.1.

See this package in npm:
https://www.npmjs.com/package/snyk

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-10 07:00:44 +00:00
Shreya 444c2cb7dd Change max threads from 4 to 5 & modify log message 2020-08-10 11:29:37 +05:30
Shreya 7c108e1f2e Make PBAs run parallely 2020-08-10 11:28:32 +05:30
Shreya c0bff448c4 Run post-breach phase in separate thread 2020-08-10 11:28:32 +05:30
Shay Nehmad 767a5f9200
Merge branch 'develop' into snyk-upgrade-a73b21ca3d3b12638dce5cc24f064d49 2020-08-09 14:30:24 +03:00
snyk-bot 5898b347b1 fix: upgrade snyk from 1.361.3 to 1.362.0 
Snyk has created this PR to upgrade snyk from 1.361.3 to 1.362.0.

See this package in npm:
https://www.npmjs.com/package/snyk

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-06 07:00:54 +00:00
VakarisZ b91ead6533
Merge pull request #761 from shreyamalviya/link-same-pba-techniques 
Link ATT&CK techniques of the same PBA in the config
 2020-08-05 16:55:36 +03:00
snyk-bot 50e1838ef6 fix: upgrade sha3 from 2.1.2 to 2.1.3 
Snyk has created this PR to upgrade sha3 from 2.1.2 to 2.1.3.

See this package in npm:
https://www.npmjs.com/package/sha3

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-08-05 07:00:25 +00:00
Shreya 5817226447 Return results as it is from PostBreachParser if no changes 2020-08-05 02:45:22 +05:30
Shreya 54b0eebc03 Link ATT&CK techniques of the same PBA in the config 2020-08-05 01:30:14 +05:30
VakarisZ d3790ee5d8
Merge pull request #757 from shreyamalviya/windows-shell-startup-pba-fix 
Windows' "modify shell startup files" PBA fix
 2020-08-04 16:47:31 +03:00
VakarisZ c3d459dde9 Fixed monkey island version overlap with links on the sidebar on smaller screens 2020-08-04 16:39:20 +03:00
VakarisZ 6f2a897a48 Fixed height of link blocks in RunServerPage.js 2020-08-04 16:16:10 +03:00
Shay Nehmad 806bc91dd7 Fix page titles 2020-08-04 15:29:06 +03:00
Shay Nehmad 86364ddb8c Update Side NavBar 
Removed a useless step from the process, added link to documentation
 2020-08-04 15:03:55 +03:00
Shay Nehmad 7403bf14fa Update homepage look and feel 2020-08-04 15:03:03 +03:00
Shreya fe6cd2b076 Cleanup folder/file 2020-08-04 17:32:35 +05:30
Shreya 04eb0650cd Create $Profile if it doesn't exist 
(Runs a powershell script instead of commands like other PBAs)
 2020-08-04 17:29:28 +05:30
Shreya f30b81eec7 Remove "Public" from USERS in windows modify shell startup PBA 
Otherwise it'll look for a profile.ps1 file in the Public folder too
 2020-08-04 17:29:28 +05:30
Shay Nehmad c48eef8f94
Merge branch 'release/1.9.0' into develop 2020-08-04 14:26:27 +03:00
VakarisZ e703c7c46a Merge remote-tracking branch 'upstream/hotfix/mongomock-breaking-change' into release/1.9.0 2020-08-03 17:21:52 +03:00
VakarisZ d74c3d15ca Fixed island's config.py default value setting method to handle 3 layers of nested objects 2020-08-03 11:45:31 +03:00
Shreya 51c2655e2b Shift the config variable change to the allocated function 2020-08-03 09:44:21 +03:00
Shreya f6e362b1c8 Set flask config 'JSON_SORT_KEYS' to false 2020-08-03 09:44:14 +03:00
Shreya Malviya 7d369f7399
Merge pull request #731 from shreyamalviya/modifications-T1156-T1504 
Telemetry modifications for "modify shell startup files" PBA
 2020-08-02 20:59:32 +05:30
Shay Nehmad 773a51c8b3
Merge pull request #748 from guardicore/snyk-upgrade-e016476ee14841b120e9c69733509641 
[Snyk] Upgrade react-bootstrap from 1.1.0 to 1.1.1
 2020-08-02 11:32:21 +03:00
Shay Nehmad e9939075a8 Upgrade JS packages to close vuln 
npm patch and react-bootstrap minor
 2020-08-02 11:23:47 +03:00
Shay Nehmad 698df75511 See cd034305d0 
This is a breaking change for us, for now we'll stay with the old version until we take a deeper look into this
 2020-08-01 18:10:49 +03:00
Shreya 435637ad3a Add test for `process_post_breach_telemetry()` 2020-08-01 15:59:57 +05:30
Shreya b80e504400 Shift the config variable change to the allocated function 2020-07-31 23:21:57 +05:30
Shreya f6fd93bcb1 Set flask config 'JSON_SORT_KEYS' to false 2020-07-31 22:11:39 +05:30
VakarisZ c513c2628a Fixed jwtHeader method to return "Bearer X" type header instead of "JWT X" 2020-07-30 17:26:19 +03:00
VakarisZ dc592c43fe Merge remote-tracking branch 'shreya/modifications-T1156-T1504' into release/1.9.0 2020-07-30 10:24:49 +03:00
snyk-bot 2d3e84e773 fix: upgrade react-bootstrap from 1.1.0 to 1.1.1 
Snyk has created this PR to upgrade react-bootstrap from 1.1.0 to 1.1.1.

See this package in npm:
https://www.npmjs.com/package/react-bootstrap

See this project in Snyk:
https://app.snyk.io/org/shaynehmad/project/37aecb9c-98b4-4735-95a2-83d941303b4e?utm_source=github&utm_medium=upgrade-pr
 2020-07-30 07:00:34 +00:00
VakarisZ f778ea6406 Version number bump 2020-07-30 09:35:30 +03:00
VakarisZ 10b15b3efe Merge remote-tracking branch 'shreya/modifications-T1156-T1504' into modifications-T1156-T1504 
# Conflicts:
#	monkey/monkey_island/cc/services/attack/technique_reports/T1136.py
#	monkey/monkey_island/cc/services/attack/technique_reports/T1154.py
#	monkey/monkey_island/cc/services/attack/technique_reports/T1156.py
#	monkey/monkey_island/cc/services/attack/technique_reports/T1158.py
#	monkey/monkey_island/cc/services/attack/technique_reports/T1166.py
#	monkey/monkey_island/cc/services/attack/technique_reports/T1168.py
#	monkey/monkey_island/cc/services/attack/technique_reports/T1504.py
#	monkey/monkey_island/cc/services/telemetry/processing/post_breach.py
#	monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js
 2020-07-29 12:52:17 +03:00
VakarisZ d37fea06d8 Grouped Shell Startup modification PBA outputs data into a single PBA 2020-07-29 12:49:51 +03:00
Shreya 6afeab003a Pass build 2020-07-29 15:02:55 +05:30
Shreya 56975acf81 Mongo query changes for T1156 and T1504 2020-07-29 14:51:00 +05:30
Shreya f378c5e896 Merge remote-tracking branch 'upstream/develop' into modifications-T1156-T1504 2020-07-29 14:23:25 +05:30
Shay Nehmad ad6c57f853 Merge branch 'develop' into snyk-upgrade-c3ce20b4990347d825b5c588ba6e2919 2020-07-29 11:12:54 +03:00
VakarisZ b96c4e0f7c
Merge pull request #717 from shreyamalviya/mitre-report-message-modifications 
ATT&CK report message modifications
 2020-07-29 10:37:45 +03:00
Shreya a30ce663c0 Delete test file for AttackTechnique 2020-07-28 21:07:56 +05:30
Shreya b0dde1eb04 Change font color for disabled technique in report matrix 2020-07-28 21:07:11 +05:30
Shreya 16e2c94037 Add decorator for checking if technique is disabled 2020-07-28 21:06:22 +05:30
Shreya 3bc9fd5040 Improve code readibility 
TODO: Add tests
 2020-07-28 17:00:35 +05:30
Shreya 4833ec906a Small CR changes 2020-07-28 17:00:35 +05:30
Shreya 5f53ea995c Pass build 2020-07-28 17:00:35 +05:30
Shreya e19c3c20eb Generate T1156 and T1504 reports via mongo query 2020-07-28 17:00:35 +05:30