Agent: Publish an CredentialsStolenEvent from SSHCredentialCollector

2022-08-15 14:24:03 +02:00 · 2022-08-15 14:24:03 +02:00 · 2610666f93
parent 4952a544c0
commit 2610666f93
1 changed files with 26 additions and 1 deletions
--- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
+++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
@ -1,14 +1,19 @@
 import logging
+import time
 from typing import Dict, Iterable, Sequence

 from common.credentials import Credentials, SSHKeypair, Username
 from common.event_queue import IEventQueue
+from common.events import CredentialsStolenEvent
+from infection_monkey.config import GUID
 from infection_monkey.credential_collectors.ssh_collector import ssh_handler
 from infection_monkey.i_puppet import ICredentialCollector
 from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger

 logger = logging.getLogger(__name__)

+SSH_CREDENTIAL_COLLECTOR_TAG = "SSHCredentialsStolen"
+

 class SSHCredentialCollector(ICredentialCollector):
    """
@ -23,8 +28,28 @@ class SSHCredentialCollector(ICredentialCollector):
        logger.info("Started scanning for SSH credentials")
        ssh_info = ssh_handler.get_ssh_info(self._telemetry_messenger)
        logger.info("Finished scanning for SSH credentials")
+        ssh_collector_credentials = SSHCredentialCollector._to_credentials(ssh_info)

-        return SSHCredentialCollector._to_credentials(ssh_info)
+        credentials_stolen_event = SSHCredentialCollector._generate_credentials_stolen_event(
+            ssh_collector_credentials
+        )
+        self._event_queue.publish(credentials_stolen_event)
+
+        return ssh_collector_credentials
+
+    @staticmethod
+    def _generate_credentials_stolen_event(
+        collected_credentials: Sequence[Credentials],
+    ) -> CredentialsStolenEvent:
+        credentials_stolen_event = CredentialsStolenEvent(
+            source=GUID,
+            target=None,
+            timestamp=time.time(),
+            tags=frozenset({SSH_CREDENTIAL_COLLECTOR_TAG, "T1005", "T1145"}),
+            stolen_credentials=collected_credentials,
+        )
+
+        return credentials_stolen_event

    @staticmethod
    def _to_credentials(ssh_info: Iterable[Dict]) -> Sequence[Credentials]: