forked from p15670423/monkey
Island: Remove old configuration schema's properties
This commit is contained in:
parent
ff17237ea7
commit
2d960fc4d2
|
@ -1,65 +0,0 @@
|
||||||
BASIC = {
|
|
||||||
"title": "Exploits",
|
|
||||||
"type": "object",
|
|
||||||
"primary": True,
|
|
||||||
"properties": {
|
|
||||||
"exploiters": {
|
|
||||||
"title": "Exploiters",
|
|
||||||
"type": "object",
|
|
||||||
"description": "Choose which exploiters the Monkey will attempt.",
|
|
||||||
"properties": {
|
|
||||||
"exploiter_classes": {
|
|
||||||
"title": "Exploiters",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"$ref": "#/definitions/exploiter_classes"},
|
|
||||||
"default": [
|
|
||||||
"SmbExploiter",
|
|
||||||
"WmiExploiter",
|
|
||||||
"SSHExploiter",
|
|
||||||
"Log4ShellExploiter",
|
|
||||||
"HadoopExploiter",
|
|
||||||
"MSSQLExploiter",
|
|
||||||
"PowerShellExploiter",
|
|
||||||
],
|
|
||||||
}
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"credentials": {
|
|
||||||
"title": "Credentials",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"exploit_user_list": {
|
|
||||||
"title": "Exploit user list",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"type": "string"},
|
|
||||||
"default": ["Administrator", "root", "user"],
|
|
||||||
"description": "List of user names that will be used by exploiters that need "
|
|
||||||
"credentials, like "
|
|
||||||
"SSH brute-forcing.",
|
|
||||||
},
|
|
||||||
"exploit_password_list": {
|
|
||||||
"title": "Exploit password list",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {
|
|
||||||
"type": "string",
|
|
||||||
},
|
|
||||||
"default": [
|
|
||||||
"root",
|
|
||||||
"123456",
|
|
||||||
"password",
|
|
||||||
"123456789",
|
|
||||||
"qwerty",
|
|
||||||
"111111",
|
|
||||||
"iloveyou",
|
|
||||||
],
|
|
||||||
"description": "List of passwords that will be used by exploiters that need "
|
|
||||||
"credentials, like "
|
|
||||||
"SSH brute-forcing.",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
|
@ -1,96 +0,0 @@
|
||||||
from common.common_consts.validation_formats import IP, IP_RANGE
|
|
||||||
from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN
|
|
||||||
|
|
||||||
BASIC_NETWORK = {
|
|
||||||
"title": "Network",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"scope": {
|
|
||||||
"title": "Scope",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"info_box": {
|
|
||||||
"info": 'The Monkey scans its subnet if "Local network scan" is checked. '
|
|
||||||
'Additionally, the Monkey scans machines according to "Scan '
|
|
||||||
'target list".',
|
|
||||||
},
|
|
||||||
"blocked_ips": {
|
|
||||||
"title": "Blocked IPs",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {
|
|
||||||
"type": "string",
|
|
||||||
"format": IP,
|
|
||||||
},
|
|
||||||
"default": [],
|
|
||||||
"description": "List of IPs that the Monkey will not scan.",
|
|
||||||
},
|
|
||||||
"local_network_scan": {
|
|
||||||
"title": "Local network scan",
|
|
||||||
"type": "boolean",
|
|
||||||
"default": True,
|
|
||||||
"description": "Determines whether the Monkey will scan the local subnets of "
|
|
||||||
"machines it runs on, "
|
|
||||||
"in addition to the IPs that are configured manually in the "
|
|
||||||
'"Scan target list".',
|
|
||||||
},
|
|
||||||
"depth": {
|
|
||||||
"title": "Scan depth",
|
|
||||||
"type": "integer",
|
|
||||||
"minimum": 1,
|
|
||||||
"default": 2,
|
|
||||||
"description": "Amount of hops allowed for the Monkey to spread from the "
|
|
||||||
"Island server. \n"
|
|
||||||
+ WARNING_SIGN
|
|
||||||
+ " Note that setting this value too high may result in the "
|
|
||||||
"Monkey propagating too far, "
|
|
||||||
'if the "Local network scan" is enabled.',
|
|
||||||
},
|
|
||||||
"subnet_scan_list": {
|
|
||||||
"title": "Scan target list",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"type": "string", "format": IP_RANGE},
|
|
||||||
"default": [],
|
|
||||||
"description": "List of targets the Monkey will try to scan. Targets can be "
|
|
||||||
"IPs, subnets or hosts."
|
|
||||||
" Examples:\n"
|
|
||||||
'\tTarget a specific IP: "192.168.0.1"\n'
|
|
||||||
"\tTarget a subnet using a network range: "
|
|
||||||
'"192.168.0.5-192.168.0.20"\n'
|
|
||||||
'\tTarget a subnet using an IP mask: "192.168.0.5/24"\n'
|
|
||||||
'\tTarget a specific host: "printer.example"',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"network_analysis": {
|
|
||||||
"title": "Network Analysis",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"inaccessible_subnets": {
|
|
||||||
"title": "Network segmentation testing",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"type": "string", "format": IP_RANGE},
|
|
||||||
"default": [],
|
|
||||||
"description": "Test for network segmentation by providing a list of network "
|
|
||||||
"segments "
|
|
||||||
"that should NOT be accessible to each other.\n\n"
|
|
||||||
"For example, if you configured the following three segments: "
|
|
||||||
'"10.0.0.0/24", "11.0.0.2/32", and "12.2.3.0/24", '
|
|
||||||
"a Monkey running on 10.0.0.5 will try to access machines in "
|
|
||||||
"the following subnets: "
|
|
||||||
"11.0.0.2/32, 12.2.3.0/24. An alert on successful cross-segment "
|
|
||||||
"connections "
|
|
||||||
"will be shown in the reports. \n\n"
|
|
||||||
"Network segments can be IPs, subnets or hosts. Examples:\n"
|
|
||||||
'\tDefine a single-IP segment: "192.168.0.1"\n'
|
|
||||||
"\tDefine a segment using a network range: "
|
|
||||||
'"192.168.0.5-192.168.0.20"\n'
|
|
||||||
'\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n'
|
|
||||||
'\tDefine a single-host segment: "printer.example"',
|
|
||||||
}
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
|
@ -1,135 +0,0 @@
|
||||||
INTERNAL = {
|
|
||||||
"title": "Internal",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"general": {
|
|
||||||
"title": "General",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"keep_tunnel_open_time": {
|
|
||||||
"title": "Keep tunnel open time",
|
|
||||||
"type": "integer",
|
|
||||||
"default": 30,
|
|
||||||
"description": "Time to keep tunnel open before going down after last exploit "
|
|
||||||
"(in seconds)",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"network": {
|
|
||||||
"title": "Network",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"tcp_scanner": {
|
|
||||||
"title": "TCP scanner",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"HTTP_PORTS": {
|
|
||||||
"title": "HTTP ports",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"type": "integer"},
|
|
||||||
"default": [80, 8080, 443, 8008, 7001, 9200, 8983, 9600],
|
|
||||||
"description": "List of ports the monkey will check if are being used "
|
|
||||||
"for HTTP",
|
|
||||||
},
|
|
||||||
"tcp_target_ports": {
|
|
||||||
"title": "TCP target ports",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"type": "integer"},
|
|
||||||
"default": [
|
|
||||||
22,
|
|
||||||
2222,
|
|
||||||
445,
|
|
||||||
135,
|
|
||||||
3389,
|
|
||||||
80,
|
|
||||||
8080,
|
|
||||||
443,
|
|
||||||
8008,
|
|
||||||
3306,
|
|
||||||
7001,
|
|
||||||
8088,
|
|
||||||
5985,
|
|
||||||
5986,
|
|
||||||
],
|
|
||||||
"description": "List of TCP ports the monkey will check whether "
|
|
||||||
"they're open",
|
|
||||||
},
|
|
||||||
"tcp_scan_timeout": {
|
|
||||||
"title": "TCP scan timeout",
|
|
||||||
"type": "integer",
|
|
||||||
"default": 3000,
|
|
||||||
"description": "Maximum time (in milliseconds) "
|
|
||||||
"to wait for TCP response",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"ping_scanner": {
|
|
||||||
"title": "Ping scanner",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"ping_scan_timeout": {
|
|
||||||
"title": "Ping scan timeout",
|
|
||||||
"type": "integer",
|
|
||||||
"default": 1000,
|
|
||||||
"description": "Maximum time (in milliseconds) to wait for ping "
|
|
||||||
"response",
|
|
||||||
}
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"classes": {
|
|
||||||
"title": "Classes",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"finger_classes": {
|
|
||||||
"title": "Fingerprint classes",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"$ref": "#/definitions/finger_classes"},
|
|
||||||
"default": [
|
|
||||||
"SMBFinger",
|
|
||||||
"SSHFinger",
|
|
||||||
"HTTPFinger",
|
|
||||||
"MSSQLFinger",
|
|
||||||
"ElasticFinger",
|
|
||||||
],
|
|
||||||
}
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"exploits": {
|
|
||||||
"title": "Exploits",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"exploit_lm_hash_list": {
|
|
||||||
"title": "Exploit LM hash list",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"type": "string"},
|
|
||||||
"default": [],
|
|
||||||
"description": "List of LM hashes to use on exploits using credentials",
|
|
||||||
"related_attack_techniques": ["T1075"],
|
|
||||||
},
|
|
||||||
"exploit_ntlm_hash_list": {
|
|
||||||
"title": "Exploit NTLM hash list",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"type": "string"},
|
|
||||||
"default": [],
|
|
||||||
"description": "List of NTLM hashes to use on exploits using credentials",
|
|
||||||
"related_attack_techniques": ["T1075"],
|
|
||||||
},
|
|
||||||
"exploit_ssh_keys": {
|
|
||||||
"title": "SSH key pairs list",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"default": [],
|
|
||||||
"items": {"type": "string"},
|
|
||||||
"description": "List of SSH key pairs to use, when trying to ssh into servers",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
|
@ -1,93 +0,0 @@
|
||||||
from common.common_consts.credential_collector_names import MIMIKATZ_COLLECTOR, SSH_COLLECTOR
|
|
||||||
|
|
||||||
MONKEY = {
|
|
||||||
"title": "Monkey",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"post_breach": {
|
|
||||||
"title": "Post breach",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"custom_PBA_linux_cmd": {
|
|
||||||
"title": "Linux post-breach command",
|
|
||||||
"type": "string",
|
|
||||||
"default": "",
|
|
||||||
"description": "Command to be executed after breaching. "
|
|
||||||
"Use this field to run custom commands or execute uploaded "
|
|
||||||
"files on exploited machines.\nExample: "
|
|
||||||
'"chmod +x ./my_script.sh; ./my_script.sh ; rm ./my_script.sh"',
|
|
||||||
},
|
|
||||||
"PBA_linux_file": {
|
|
||||||
"title": "Linux post-breach file",
|
|
||||||
"type": "string",
|
|
||||||
"format": "data-url",
|
|
||||||
"description": "File to be uploaded after breaching. "
|
|
||||||
"Use the 'Linux post-breach command' field to "
|
|
||||||
"change permissions, run, or delete the file. "
|
|
||||||
"Reference your file by filename.",
|
|
||||||
},
|
|
||||||
"custom_PBA_windows_cmd": {
|
|
||||||
"title": "Windows post-breach command",
|
|
||||||
"type": "string",
|
|
||||||
"default": "",
|
|
||||||
"description": "Command to be executed after breaching. "
|
|
||||||
"Use this field to run custom commands or execute uploaded "
|
|
||||||
"files on exploited machines.\nExample: "
|
|
||||||
'"my_script.bat & del my_script.bat"',
|
|
||||||
},
|
|
||||||
"PBA_windows_file": {
|
|
||||||
"title": "Windows post-breach file",
|
|
||||||
"type": "string",
|
|
||||||
"format": "data-url",
|
|
||||||
"description": "File to be uploaded after breaching. "
|
|
||||||
"Use the 'Windows post-breach command' field to "
|
|
||||||
"change permissions, run, or delete the file. "
|
|
||||||
"Reference your file by filename.",
|
|
||||||
},
|
|
||||||
"PBA_windows_filename": {
|
|
||||||
"title": "Windows PBA filename",
|
|
||||||
"type": "string",
|
|
||||||
"default": "",
|
|
||||||
},
|
|
||||||
"PBA_linux_filename": {
|
|
||||||
"title": "Linux PBA filename",
|
|
||||||
"type": "string",
|
|
||||||
"default": "",
|
|
||||||
},
|
|
||||||
"post_breach_actions": {
|
|
||||||
"title": "Post breach actions",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"$ref": "#/definitions/post_breach_actions"},
|
|
||||||
"default": [
|
|
||||||
"CommunicateAsBackdoorUser",
|
|
||||||
"ModifyShellStartupFiles",
|
|
||||||
"HiddenFiles",
|
|
||||||
"TrapCommand",
|
|
||||||
"ChangeSetuidSetgid",
|
|
||||||
"ScheduleJobs",
|
|
||||||
"Timestomping",
|
|
||||||
"AccountDiscovery",
|
|
||||||
"ProcessListCollection",
|
|
||||||
],
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"credential_collectors": {
|
|
||||||
"title": "Credential collection",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"credential_collectors": {
|
|
||||||
"title": "Credential collectors",
|
|
||||||
"type": "array",
|
|
||||||
"uniqueItems": True,
|
|
||||||
"items": {"$ref": "#/definitions/credential_collectors"},
|
|
||||||
"default": [
|
|
||||||
MIMIKATZ_COLLECTOR,
|
|
||||||
SSH_COLLECTOR,
|
|
||||||
],
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
|
@ -1,71 +0,0 @@
|
||||||
from common.common_consts.validation_formats import (
|
|
||||||
VALID_RANSOMWARE_TARGET_PATH_LINUX,
|
|
||||||
VALID_RANSOMWARE_TARGET_PATH_WINDOWS,
|
|
||||||
)
|
|
||||||
|
|
||||||
RANSOMWARE = {
|
|
||||||
"title": "Ransomware",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"encryption": {
|
|
||||||
"title": "Simulation",
|
|
||||||
"type": "object",
|
|
||||||
"description": "To simulate ransomware encryption, you'll need to provide Infection "
|
|
||||||
"Monkey with files that it can safely encrypt. On each machine where you would like "
|
|
||||||
"the ransomware simulation to run, create a directory and put some files in it."
|
|
||||||
"\n\nProvide the path to the directory that was created on each machine.",
|
|
||||||
"properties": {
|
|
||||||
"enabled": {
|
|
||||||
"title": "Encrypt files",
|
|
||||||
"type": "boolean",
|
|
||||||
"default": True,
|
|
||||||
"description": "Ransomware encryption will be simulated by flipping every bit "
|
|
||||||
"in the files contained within the target directories.",
|
|
||||||
},
|
|
||||||
"info_box": {
|
|
||||||
"info": "No files will be encrypted if a directory is not specified or doesn't "
|
|
||||||
"exist on a victim machine.",
|
|
||||||
},
|
|
||||||
"directories": {
|
|
||||||
"title": "Directories to encrypt",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"linux_target_dir": {
|
|
||||||
"title": "Linux target directory",
|
|
||||||
"type": "string",
|
|
||||||
"format": VALID_RANSOMWARE_TARGET_PATH_LINUX,
|
|
||||||
"default": "",
|
|
||||||
"description": "A path to a directory on Linux systems that contains "
|
|
||||||
"files that you will allow Infection Monkey to encrypt. If no "
|
|
||||||
"directory is specified, no files will be encrypted.",
|
|
||||||
},
|
|
||||||
"windows_target_dir": {
|
|
||||||
"title": "Windows target directory",
|
|
||||||
"type": "string",
|
|
||||||
"format": VALID_RANSOMWARE_TARGET_PATH_WINDOWS,
|
|
||||||
"default": "",
|
|
||||||
"description": "A path to a directory on Windows systems that contains "
|
|
||||||
"files that you will allow Infection Monkey to encrypt. If no "
|
|
||||||
"directory is specified, no files will be encrypted.",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"text_box": {
|
|
||||||
"text": "Note: A README.txt will be left in the specified target " "directory.",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"other_behaviors": {
|
|
||||||
"title": "Other behavior",
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"readme": {
|
|
||||||
"title": "Create a README.txt file",
|
|
||||||
"type": "boolean",
|
|
||||||
"default": True,
|
|
||||||
"description": "Creates a README.txt ransomware note on infected systems.",
|
|
||||||
}
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
Loading…
Reference in New Issue