Agent: Publish scan event when checking ssh port

2022-10-05 15:02:46 +00:00 · 2022-10-05 15:02:46 +00:00 · 72378f4e53
parent 431d6ae775
commit 72378f4e53
1 changed files with 15 additions and 2 deletions
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@ -1,10 +1,12 @@
 import io
 import logging
+from ipaddress import IPv4Address
 from pathlib import PurePath

 import paramiko

 from common import OperatingSystem
+from common.agent_events import TCPScanEvent
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
 from common.credentials import get_plaintext
 from common.tags import (
@ -13,6 +15,7 @@ from common.tags import (
    T1110_ATTACK_TECHNIQUE_TAG,
    T1222_ATTACK_TECHNIQUE_TAG,
 )
+from common.types import PortStatus
 from common.utils import Timer
 from common.utils.attack_utils import ScanStatus
 from common.utils.exceptions import FailedExploitationError
@ -25,6 +28,7 @@ from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
 from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
 from infection_monkey.utils.brute_force import generate_identity_secret_pairs
 from infection_monkey.utils.commands import build_monkey_commandline
+from infection_monkey.utils.ids import get_agent_id
 from infection_monkey.utils.threading import interruptible_iter

 logger = logging.getLogger(__name__)
@ -178,8 +182,8 @@ class SSHExploiter(HostExploiter):

    def _exploit_host(self) -> ExploiterResultData:
        port = self._get_ssh_port()
-        is_open, _ = check_tcp_port(self.host.ip_addr, port)
-        if not is_open:
+
+        if not self._is_port_open(IPv4Address(self.host.ip_addr), port):
            self.exploit_result.error_message = f"SSH port is closed on {self.host}, skipping"
            logger.info(self.exploit_result.error_message)
            return self.exploit_result
@ -282,6 +286,15 @@ class SSHExploiter(HostExploiter):
        except Exception as exc:
            raise FailedExploitationError(f"Error running monkey on victim {self.host}: ({exc})")

+    def _is_port_open(self, ip: IPv4Address, port: int) -> bool:
+        is_open, _ = check_tcp_port(ip, port)
+        status = PortStatus.OPEN if is_open else PortStatus.CLOSED
+        self.agent_event_queue.publish(
+            TCPScanEvent(source=get_agent_id(), target=ip, ports={port: status})
+        )
+
+        return is_open
+
    def _get_ssh_port(self) -> int:
        port = SSH_PORT