forked from p15670423/monkey
Merge branch 'develop' into feature/secure-island-db
This commit is contained in:
commit
d8210bf731
|
@ -4,6 +4,8 @@
|
||||||
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
|
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
|
||||||
* [ ] Have you successfully tested your changes locally?
|
* [ ] Have you successfully tested your changes locally?
|
||||||
|
|
||||||
|
* Example screenshot/log transcript of the feature working
|
||||||
|
|
||||||
## Changes
|
## Changes
|
||||||
-
|
-
|
||||||
-
|
-
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 153 KiB |
Binary file not shown.
Before Width: | Height: | Size: 80 KiB After Width: | Height: | Size: 80 KiB |
12
README.md
12
README.md
|
@ -6,13 +6,15 @@ Infection Monkey
|
||||||
|
|
||||||
Welcome to the Infection Monkey!
|
Welcome to the Infection Monkey!
|
||||||
|
|
||||||
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Command and Control(C&C) server.
|
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.
|
||||||
|
|
||||||
![Infection Monkey map](.github/map-full.png)
|
<img src=".github/map-full.png" >
|
||||||
|
|
||||||
|
<img src=".github/Security-overview.png" width="800" height="500">
|
||||||
|
|
||||||
The Infection Monkey is comprised of two parts:
|
The Infection Monkey is comprised of two parts:
|
||||||
* Monkey - A tool which infects other machines and propagates to them
|
* Monkey - A tool which infects other machines and propagates to them
|
||||||
* Monkey Island - A C&C server with a dedicated UI to visualize the Chaos Monkey's progress inside the data center
|
* Monkey Island - A dedicated server to control and visualize the Infection Monkey's progress inside the data center
|
||||||
|
|
||||||
To read more about the Monkey, visit http://infectionmonkey.com
|
To read more about the Monkey, visit http://infectionmonkey.com
|
||||||
|
|
||||||
|
@ -24,7 +26,7 @@ The Infection Monkey uses the following techniques and exploits to propagate to
|
||||||
* Multiple propagation techniques:
|
* Multiple propagation techniques:
|
||||||
* Predefined passwords
|
* Predefined passwords
|
||||||
* Common logical exploits
|
* Common logical exploits
|
||||||
* Password stealing using mimikatz
|
* Password stealing using Mimikatz
|
||||||
* Multiple exploit methods:
|
* Multiple exploit methods:
|
||||||
* SSH
|
* SSH
|
||||||
* SMB
|
* SMB
|
||||||
|
@ -43,7 +45,7 @@ Check out the [Setup](https://github.com/guardicore/monkey/wiki/setup) page in t
|
||||||
Building the Monkey from source
|
Building the Monkey from source
|
||||||
-------------------------------
|
-------------------------------
|
||||||
If you want to build the monkey from source, see [Setup](https://github.com/guardicore/monkey/wiki/setup)
|
If you want to build the monkey from source, see [Setup](https://github.com/guardicore/monkey/wiki/setup)
|
||||||
and follow the instructions at the readme files under [chaos_monkey](chaos_monkey) and [monkey_island](monkey_island).
|
and follow the instructions at the readme files under [infection_monkey](infection_monkey) and [monkey_island](monkey_island).
|
||||||
|
|
||||||
|
|
||||||
License
|
License
|
||||||
|
|
|
@ -1,45 +0,0 @@
|
||||||
import time
|
|
||||||
from random import shuffle
|
|
||||||
from network import HostScanner, HostFinger
|
|
||||||
from model.host import VictimHost
|
|
||||||
from network.tools import check_port_tcp
|
|
||||||
|
|
||||||
__author__ = 'itamar'
|
|
||||||
|
|
||||||
BANNER_READ = 1024
|
|
||||||
|
|
||||||
|
|
||||||
class TcpScanner(HostScanner, HostFinger):
|
|
||||||
def __init__(self):
|
|
||||||
self._config = __import__('config').WormConfiguration
|
|
||||||
|
|
||||||
def is_host_alive(self, host):
|
|
||||||
return self.get_host_fingerprint(host, True)
|
|
||||||
|
|
||||||
def get_host_fingerprint(self, host, only_one_port=False):
|
|
||||||
assert isinstance(host, VictimHost)
|
|
||||||
|
|
||||||
count = 0
|
|
||||||
# maybe hide under really bad detection systems
|
|
||||||
target_ports = self._config.tcp_target_ports[:]
|
|
||||||
shuffle(target_ports)
|
|
||||||
|
|
||||||
for target_port in target_ports:
|
|
||||||
|
|
||||||
is_open, banner = check_port_tcp(host.ip_addr,
|
|
||||||
target_port,
|
|
||||||
self._config.tcp_scan_timeout / 1000.0,
|
|
||||||
self._config.tcp_scan_get_banner)
|
|
||||||
|
|
||||||
if is_open:
|
|
||||||
count += 1
|
|
||||||
service = 'tcp-' + str(target_port)
|
|
||||||
host.services[service] = {}
|
|
||||||
if banner:
|
|
||||||
host.services[service]['banner'] = banner
|
|
||||||
if only_one_port:
|
|
||||||
break
|
|
||||||
else:
|
|
||||||
time.sleep(self._config.tcp_scan_interval / 1000.0)
|
|
||||||
|
|
||||||
return count != 0
|
|
|
@ -1,79 +0,0 @@
|
||||||
import socket
|
|
||||||
import select
|
|
||||||
import logging
|
|
||||||
import struct
|
|
||||||
|
|
||||||
DEFAULT_TIMEOUT = 10
|
|
||||||
BANNER_READ = 1024
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
def struct_unpack_tracker(data, index, fmt):
|
|
||||||
"""
|
|
||||||
Unpacks a struct from the specified index according to specified format.
|
|
||||||
Returns the data and the next index
|
|
||||||
:param data: Buffer
|
|
||||||
:param index: Position index
|
|
||||||
:param fmt: Struct format
|
|
||||||
:return: (Data, new index)
|
|
||||||
"""
|
|
||||||
unpacked = struct.unpack_from(fmt, data, index)
|
|
||||||
return unpacked, struct.calcsize(fmt)
|
|
||||||
|
|
||||||
|
|
||||||
def struct_unpack_tracker_string(data, index):
|
|
||||||
"""
|
|
||||||
Unpacks a null terminated string from the specified index
|
|
||||||
Returns the data and the next index
|
|
||||||
:param data: Buffer
|
|
||||||
:param index: Position index
|
|
||||||
:return: (Data, new index)
|
|
||||||
"""
|
|
||||||
ascii_len = data[index:].find('\0')
|
|
||||||
fmt = "%ds" % ascii_len
|
|
||||||
return struct_unpack_tracker(data,index,fmt)
|
|
||||||
|
|
||||||
|
|
||||||
def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
|
||||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
||||||
sock.settimeout(timeout)
|
|
||||||
|
|
||||||
try:
|
|
||||||
sock.connect((ip, port))
|
|
||||||
except socket.timeout:
|
|
||||||
return False, None
|
|
||||||
except socket.error, exc:
|
|
||||||
LOG.debug("Check port: %s:%s, Exception: %s", ip, port, exc)
|
|
||||||
return False, None
|
|
||||||
|
|
||||||
banner = None
|
|
||||||
|
|
||||||
try:
|
|
||||||
if get_banner:
|
|
||||||
read_ready, _, _ = select.select([sock], [], [], timeout)
|
|
||||||
if len(read_ready) > 0:
|
|
||||||
banner = sock.recv(BANNER_READ)
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
sock.close()
|
|
||||||
return True, banner
|
|
||||||
|
|
||||||
|
|
||||||
def check_port_udp(ip, port, timeout=DEFAULT_TIMEOUT):
|
|
||||||
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
|
||||||
sock.settimeout(timeout)
|
|
||||||
|
|
||||||
data = None
|
|
||||||
is_open = False
|
|
||||||
|
|
||||||
try:
|
|
||||||
sock.sendto("-", (ip, port))
|
|
||||||
data, _ = sock.recvfrom(BANNER_READ)
|
|
||||||
is_open = True
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
sock.close()
|
|
||||||
|
|
||||||
return is_open, data
|
|
|
@ -25,7 +25,7 @@ class ControlClient(object):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def wakeup(parent=None, default_tunnel=None, has_internet_access=None):
|
def wakeup(parent=None, default_tunnel=None, has_internet_access=None):
|
||||||
LOG.debug("Trying to wake up with C&C servers list: %r" % WormConfiguration.command_servers)
|
LOG.debug("Trying to wake up with Monkey Island servers list: %r" % WormConfiguration.command_servers)
|
||||||
if parent or default_tunnel:
|
if parent or default_tunnel:
|
||||||
LOG.debug("parent: %s, default_tunnel: %s" % (parent, default_tunnel))
|
LOG.debug("parent: %s, default_tunnel: %s" % (parent, default_tunnel))
|
||||||
hostname = gethostname()
|
hostname = gethostname()
|
|
@ -13,7 +13,7 @@ from exploit import HostExploiter
|
||||||
from exploit.tools import HTTPTools, get_monkey_depth
|
from exploit.tools import HTTPTools, get_monkey_depth
|
||||||
from exploit.tools import get_target_monkey
|
from exploit.tools import get_target_monkey
|
||||||
from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
|
from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
|
||||||
from network.tools import check_port_tcp
|
from network.tools import check_tcp_port
|
||||||
from tools import build_monkey_commandline
|
from tools import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = 'hoffer'
|
__author__ = 'hoffer'
|
||||||
|
@ -245,7 +245,7 @@ class RdpExploiter(HostExploiter):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
if not self.host.os.get('type'):
|
if not self.host.os.get('type'):
|
||||||
is_open, _ = check_port_tcp(self.host.ip_addr, RDP_PORT)
|
is_open, _ = check_tcp_port(self.host.ip_addr, RDP_PORT)
|
||||||
if is_open:
|
if is_open:
|
||||||
self.host.os['type'] = 'windows'
|
self.host.os['type'] = 'windows'
|
||||||
return True
|
return True
|
||||||
|
@ -254,7 +254,7 @@ class RdpExploiter(HostExploiter):
|
||||||
def exploit_host(self):
|
def exploit_host(self):
|
||||||
global g_reactor
|
global g_reactor
|
||||||
|
|
||||||
is_open, _ = check_port_tcp(self.host.ip_addr, RDP_PORT)
|
is_open, _ = check_tcp_port(self.host.ip_addr, RDP_PORT)
|
||||||
if not is_open:
|
if not is_open:
|
||||||
LOG.info("RDP port is closed on %r, skipping", self.host)
|
LOG.info("RDP port is closed on %r, skipping", self.host)
|
||||||
return False
|
return False
|
|
@ -7,7 +7,7 @@ from exploit import HostExploiter
|
||||||
from exploit.tools import SmbTools, get_target_monkey, get_monkey_depth
|
from exploit.tools import SmbTools, get_target_monkey, get_monkey_depth
|
||||||
from model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDLINE_DETACHED_WINDOWS
|
from model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDLINE_DETACHED_WINDOWS
|
||||||
from network import SMBFinger
|
from network import SMBFinger
|
||||||
from network.tools import check_port_tcp
|
from network.tools import check_tcp_port
|
||||||
from tools import build_monkey_commandline
|
from tools import build_monkey_commandline
|
||||||
|
|
||||||
LOG = getLogger(__name__)
|
LOG = getLogger(__name__)
|
||||||
|
@ -31,12 +31,12 @@ class SmbExploiter(HostExploiter):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
if not self.host.os.get('type'):
|
if not self.host.os.get('type'):
|
||||||
is_smb_open, _ = check_port_tcp(self.host.ip_addr, 445)
|
is_smb_open, _ = check_tcp_port(self.host.ip_addr, 445)
|
||||||
if is_smb_open:
|
if is_smb_open:
|
||||||
smb_finger = SMBFinger()
|
smb_finger = SMBFinger()
|
||||||
smb_finger.get_host_fingerprint(self.host)
|
smb_finger.get_host_fingerprint(self.host)
|
||||||
else:
|
else:
|
||||||
is_nb_open, _ = check_port_tcp(self.host.ip_addr, 139)
|
is_nb_open, _ = check_tcp_port(self.host.ip_addr, 139)
|
||||||
if is_nb_open:
|
if is_nb_open:
|
||||||
self.host.os['type'] = 'windows'
|
self.host.os['type'] = 'windows'
|
||||||
return self.host.os.get('type') in self._TARGET_OS_TYPE
|
return self.host.os.get('type') in self._TARGET_OS_TYPE
|
|
@ -7,7 +7,7 @@ import monkeyfs
|
||||||
from exploit import HostExploiter
|
from exploit import HostExploiter
|
||||||
from exploit.tools import get_target_monkey, get_monkey_depth
|
from exploit.tools import get_target_monkey, get_monkey_depth
|
||||||
from model import MONKEY_ARG
|
from model import MONKEY_ARG
|
||||||
from network.tools import check_port_tcp
|
from network.tools import check_tcp_port
|
||||||
from tools import build_monkey_commandline
|
from tools import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = 'hoffer'
|
__author__ = 'hoffer'
|
||||||
|
@ -41,7 +41,7 @@ class SSHExploiter(HostExploiter):
|
||||||
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
|
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
|
||||||
port = int(servkey.replace('tcp-', ''))
|
port = int(servkey.replace('tcp-', ''))
|
||||||
|
|
||||||
is_open, _ = check_port_tcp(self.host.ip_addr, port)
|
is_open, _ = check_tcp_port(self.host.ip_addr, port)
|
||||||
if not is_open:
|
if not is_open:
|
||||||
LOG.info("SSH port is closed on %r, skipping", self.host)
|
LOG.info("SSH port is closed on %r, skipping", self.host)
|
||||||
return False
|
return False
|
|
@ -17,7 +17,7 @@ from impacket.dcerpc.v5 import transport
|
||||||
from exploit.tools import SmbTools, get_target_monkey, get_monkey_depth
|
from exploit.tools import SmbTools, get_target_monkey, get_monkey_depth
|
||||||
from model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
from model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
||||||
from network import SMBFinger
|
from network import SMBFinger
|
||||||
from network.tools import check_port_tcp
|
from network.tools import check_tcp_port
|
||||||
from tools import build_monkey_commandline
|
from tools import build_monkey_commandline
|
||||||
from . import HostExploiter
|
from . import HostExploiter
|
||||||
|
|
||||||
|
@ -168,7 +168,7 @@ class Ms08_067_Exploiter(HostExploiter):
|
||||||
|
|
||||||
if not self.host.os.get('type') or (
|
if not self.host.os.get('type') or (
|
||||||
self.host.os.get('type') in self._TARGET_OS_TYPE and not self.host.os.get('version')):
|
self.host.os.get('type') in self._TARGET_OS_TYPE and not self.host.os.get('version')):
|
||||||
is_smb_open, _ = check_port_tcp(self.host.ip_addr, 445)
|
is_smb_open, _ = check_tcp_port(self.host.ip_addr, 445)
|
||||||
if is_smb_open:
|
if is_smb_open:
|
||||||
smb_finger = SMBFinger()
|
smb_finger = SMBFinger()
|
||||||
if smb_finger.get_host_fingerprint(self.host):
|
if smb_finger.get_host_fingerprint(self.host):
|
|
@ -11,7 +11,7 @@ import traceback
|
||||||
from config import WormConfiguration, EXTERNAL_CONFIG_FILE
|
from config import WormConfiguration, EXTERNAL_CONFIG_FILE
|
||||||
from dropper import MonkeyDrops
|
from dropper import MonkeyDrops
|
||||||
from model import MONKEY_ARG, DROPPER_ARG
|
from model import MONKEY_ARG, DROPPER_ARG
|
||||||
from monkey import ChaosMonkey
|
from monkey import InfectionMonkey
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
|
sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
|
||||||
|
@ -80,7 +80,7 @@ def main():
|
||||||
if MONKEY_ARG == monkey_mode:
|
if MONKEY_ARG == monkey_mode:
|
||||||
log_path = os.path.expandvars(
|
log_path = os.path.expandvars(
|
||||||
WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" else WormConfiguration.monkey_log_path_linux
|
WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" else WormConfiguration.monkey_log_path_linux
|
||||||
monkey_cls = ChaosMonkey
|
monkey_cls = InfectionMonkey
|
||||||
elif DROPPER_ARG == monkey_mode:
|
elif DROPPER_ARG == monkey_mode:
|
||||||
log_path = os.path.expandvars(
|
log_path = os.path.expandvars(
|
||||||
WormConfiguration.dropper_log_path_windows) if sys.platform == "win32" else WormConfiguration.dropper_log_path_linux
|
WormConfiguration.dropper_log_path_windows) if sys.platform == "win32" else WormConfiguration.dropper_log_path_linux
|
Before Width: | Height: | Size: 232 KiB After Width: | Height: | Size: 232 KiB |
|
@ -19,7 +19,7 @@ __author__ = 'itamar'
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class ChaosMonkey(object):
|
class InfectionMonkey(object):
|
||||||
def __init__(self, args):
|
def __init__(self, args):
|
||||||
self._keep_running = False
|
self._keep_running = False
|
||||||
self._exploited_machines = set()
|
self._exploited_machines = set()
|
|
@ -1,9 +1,10 @@
|
||||||
import time
|
|
||||||
import logging
|
import logging
|
||||||
from . import HostScanner
|
import time
|
||||||
|
|
||||||
from config import WormConfiguration
|
from config import WormConfiguration
|
||||||
from info import local_ips, get_ips_from_interfaces
|
from info import local_ips, get_ips_from_interfaces
|
||||||
from range import *
|
from range import *
|
||||||
|
from . import HostScanner
|
||||||
|
|
||||||
__author__ = 'itamar'
|
__author__ = 'itamar'
|
||||||
|
|
||||||
|
@ -18,6 +19,12 @@ class NetworkScanner(object):
|
||||||
self._ranges = None
|
self._ranges = None
|
||||||
|
|
||||||
def initialize(self):
|
def initialize(self):
|
||||||
|
"""
|
||||||
|
Set up scanning based on configuration
|
||||||
|
FixedRange -> Reads from range_fixed field in configuration
|
||||||
|
otherwise, takes a range from every IP address the current host has.
|
||||||
|
:return:
|
||||||
|
"""
|
||||||
# get local ip addresses
|
# get local ip addresses
|
||||||
self._ip_addresses = local_ips()
|
self._ip_addresses = local_ips()
|
||||||
|
|
||||||
|
@ -27,7 +34,7 @@ class NetworkScanner(object):
|
||||||
LOG.info("Found local IP addresses of the machine: %r", self._ip_addresses)
|
LOG.info("Found local IP addresses of the machine: %r", self._ip_addresses)
|
||||||
# for fixed range, only scan once.
|
# for fixed range, only scan once.
|
||||||
if WormConfiguration.range_class is FixedRange:
|
if WormConfiguration.range_class is FixedRange:
|
||||||
self._ranges = [WormConfiguration.range_class(None)]
|
self._ranges = [WormConfiguration.range_class(fixed_addresses=WormConfiguration.range_fixed)]
|
||||||
else:
|
else:
|
||||||
self._ranges = [WormConfiguration.range_class(ip_address)
|
self._ranges = [WormConfiguration.range_class(ip_address)
|
||||||
for ip_address in self._ip_addresses]
|
for ip_address in self._ip_addresses]
|
|
@ -1,10 +1,11 @@
|
||||||
import os
|
|
||||||
import sys
|
|
||||||
import subprocess
|
|
||||||
import logging
|
import logging
|
||||||
from . import HostScanner, HostFinger
|
import os
|
||||||
from model.host import VictimHost
|
|
||||||
import re
|
import re
|
||||||
|
import subprocess
|
||||||
|
import sys
|
||||||
|
|
||||||
|
from model.host import VictimHost
|
||||||
|
from . import HostScanner, HostFinger
|
||||||
|
|
||||||
__author__ = 'itamar'
|
__author__ = 'itamar'
|
||||||
|
|
||||||
|
@ -62,7 +63,7 @@ class PingScanner(HostScanner, HostFinger):
|
||||||
elif WINDOWS_TTL == ttl:
|
elif WINDOWS_TTL == ttl:
|
||||||
host.os['type'] = 'windows'
|
host.os['type'] = 'windows'
|
||||||
return True
|
return True
|
||||||
except Exception, exc:
|
except Exception as exc:
|
||||||
LOG.debug("Error parsing ping fingerprint: %s", exc)
|
LOG.debug("Error parsing ping fingerprint: %s", exc)
|
||||||
|
|
||||||
return False
|
return False
|
|
@ -1,7 +1,8 @@
|
||||||
import socket
|
|
||||||
import random
|
import random
|
||||||
|
import socket
|
||||||
import struct
|
import struct
|
||||||
from abc import ABCMeta, abstractmethod
|
from abc import ABCMeta, abstractmethod
|
||||||
|
|
||||||
from model.host import VictimHost
|
from model.host import VictimHost
|
||||||
|
|
||||||
__author__ = 'itamar'
|
__author__ = 'itamar'
|
||||||
|
@ -77,5 +78,5 @@ class FixedRange(NetworkRange):
|
||||||
for address in self._fixed_addresses:
|
for address in self._fixed_addresses:
|
||||||
if not address: # Empty string
|
if not address: # Empty string
|
||||||
continue
|
continue
|
||||||
address_range.append(struct.unpack(">L", socket.inet_aton(address))[0])
|
address_range.append(struct.unpack(">L", socket.inet_aton(address.strip()))[0])
|
||||||
return address_range
|
return address_range
|
|
@ -1,7 +1,8 @@
|
||||||
import re
|
import re
|
||||||
from network import HostFinger
|
|
||||||
from network.tools import check_port_tcp
|
|
||||||
from model.host import VictimHost
|
from model.host import VictimHost
|
||||||
|
from network import HostFinger
|
||||||
|
from network.tools import check_tcp_port
|
||||||
|
|
||||||
SSH_PORT = 22
|
SSH_PORT = 22
|
||||||
SSH_SERVICE_DEFAULT = 'tcp-22'
|
SSH_SERVICE_DEFAULT = 'tcp-22'
|
||||||
|
@ -38,7 +39,7 @@ class SSHFinger(HostFinger):
|
||||||
self._banner_match(name, host, banner)
|
self._banner_match(name, host, banner)
|
||||||
return
|
return
|
||||||
|
|
||||||
is_open, banner = check_port_tcp(host.ip_addr, SSH_PORT, TIMEOUT, True)
|
is_open, banner = check_tcp_port(host.ip_addr, SSH_PORT, TIMEOUT, True)
|
||||||
|
|
||||||
if is_open:
|
if is_open:
|
||||||
host.services[SSH_SERVICE_DEFAULT] = {}
|
host.services[SSH_SERVICE_DEFAULT] = {}
|
|
@ -0,0 +1,41 @@
|
||||||
|
from itertools import izip_longest
|
||||||
|
from random import shuffle
|
||||||
|
|
||||||
|
from network import HostScanner, HostFinger
|
||||||
|
from network.tools import check_tcp_ports
|
||||||
|
|
||||||
|
__author__ = 'itamar'
|
||||||
|
|
||||||
|
BANNER_READ = 1024
|
||||||
|
|
||||||
|
|
||||||
|
class TcpScanner(HostScanner, HostFinger):
|
||||||
|
def __init__(self):
|
||||||
|
self._config = __import__('config').WormConfiguration
|
||||||
|
|
||||||
|
def is_host_alive(self, host):
|
||||||
|
return self.get_host_fingerprint(host, True)
|
||||||
|
|
||||||
|
def get_host_fingerprint(self, host, only_one_port=False):
|
||||||
|
"""
|
||||||
|
Scans a target host to see if it's alive using the tcp_target_ports specified in the configuration.
|
||||||
|
:param host: VictimHost structure
|
||||||
|
:param only_one_port: Currently unused.
|
||||||
|
:return: T/F if there is at least one open port. In addition, the host object is updated to mark those services as alive.
|
||||||
|
"""
|
||||||
|
|
||||||
|
# maybe hide under really bad detection systems
|
||||||
|
target_ports = self._config.tcp_target_ports[:]
|
||||||
|
shuffle(target_ports)
|
||||||
|
|
||||||
|
ports, banners = check_tcp_ports(host.ip_addr, target_ports, self._config.tcp_scan_timeout / 1000.0,
|
||||||
|
self._config.tcp_scan_get_banner)
|
||||||
|
for target_port, banner in izip_longest(ports, banners, fillvalue=None):
|
||||||
|
service = 'tcp-' + str(target_port)
|
||||||
|
host.services[service] = {}
|
||||||
|
if banner:
|
||||||
|
host.services[service]['banner'] = banner
|
||||||
|
if only_one_port:
|
||||||
|
break
|
||||||
|
|
||||||
|
return len(ports) != 0
|
|
@ -0,0 +1,150 @@
|
||||||
|
import logging
|
||||||
|
import select
|
||||||
|
import socket
|
||||||
|
import struct
|
||||||
|
import time
|
||||||
|
|
||||||
|
DEFAULT_TIMEOUT = 10
|
||||||
|
BANNER_READ = 1024
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
def struct_unpack_tracker(data, index, fmt):
|
||||||
|
"""
|
||||||
|
Unpacks a struct from the specified index according to specified format.
|
||||||
|
Returns the data and the next index
|
||||||
|
:param data: Buffer
|
||||||
|
:param index: Position index
|
||||||
|
:param fmt: Struct format
|
||||||
|
:return: (Data, new index)
|
||||||
|
"""
|
||||||
|
unpacked = struct.unpack_from(fmt, data, index)
|
||||||
|
return unpacked, struct.calcsize(fmt)
|
||||||
|
|
||||||
|
|
||||||
|
def struct_unpack_tracker_string(data, index):
|
||||||
|
"""
|
||||||
|
Unpacks a null terminated string from the specified index
|
||||||
|
Returns the data and the next index
|
||||||
|
:param data: Buffer
|
||||||
|
:param index: Position index
|
||||||
|
:return: (Data, new index)
|
||||||
|
"""
|
||||||
|
ascii_len = data[index:].find('\0')
|
||||||
|
fmt = "%ds" % ascii_len
|
||||||
|
return struct_unpack_tracker(data, index, fmt)
|
||||||
|
|
||||||
|
|
||||||
|
def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
||||||
|
"""
|
||||||
|
Checks if a given TCP port is open
|
||||||
|
:param ip: Target IP
|
||||||
|
:param port: Target Port
|
||||||
|
:param timeout: Timeout for socket connection
|
||||||
|
:param get_banner: if true, pulls first BANNER_READ bytes from the socket.
|
||||||
|
:return: Tuple, T/F + banner if requested.
|
||||||
|
"""
|
||||||
|
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
|
sock.settimeout(timeout)
|
||||||
|
|
||||||
|
try:
|
||||||
|
sock.connect((ip, port))
|
||||||
|
except socket.timeout:
|
||||||
|
return False, None
|
||||||
|
except socket.error as exc:
|
||||||
|
LOG.debug("Check port: %s:%s, Exception: %s", ip, port, exc)
|
||||||
|
return False, None
|
||||||
|
|
||||||
|
banner = None
|
||||||
|
|
||||||
|
try:
|
||||||
|
if get_banner:
|
||||||
|
read_ready, _, _ = select.select([sock], [], [], timeout)
|
||||||
|
if len(read_ready) > 0:
|
||||||
|
banner = sock.recv(BANNER_READ)
|
||||||
|
except socket.error:
|
||||||
|
pass
|
||||||
|
|
||||||
|
sock.close()
|
||||||
|
return True, banner
|
||||||
|
|
||||||
|
|
||||||
|
def check_udp_port(ip, port, timeout=DEFAULT_TIMEOUT):
|
||||||
|
"""
|
||||||
|
Checks if a given UDP port is open by checking if it replies to an empty message
|
||||||
|
:param ip: Target IP
|
||||||
|
:param port: Target port
|
||||||
|
:param timeout: Timeout to wait
|
||||||
|
:return: Tuple, T/F + banner
|
||||||
|
"""
|
||||||
|
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||||
|
sock.settimeout(timeout)
|
||||||
|
|
||||||
|
data = None
|
||||||
|
is_open = False
|
||||||
|
|
||||||
|
try:
|
||||||
|
sock.sendto("-", (ip, port))
|
||||||
|
data, _ = sock.recvfrom(BANNER_READ)
|
||||||
|
is_open = True
|
||||||
|
except socket.error:
|
||||||
|
pass
|
||||||
|
sock.close()
|
||||||
|
|
||||||
|
return is_open, data
|
||||||
|
|
||||||
|
|
||||||
|
def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
||||||
|
"""
|
||||||
|
Checks whether any of the given ports are open on a target IP.
|
||||||
|
:param ip: IP of host to attack
|
||||||
|
:param ports: List of ports to attack. Must not be empty.
|
||||||
|
:param timeout: Amount of time to wait for connection
|
||||||
|
:param get_banner: T/F if to get first packets from server
|
||||||
|
:return: list of open ports. If get_banner=True, then a matching list of banners.
|
||||||
|
"""
|
||||||
|
sockets = [socket.socket(socket.AF_INET, socket.SOCK_STREAM) for _ in range(len(ports))]
|
||||||
|
[s.setblocking(0) for s in sockets]
|
||||||
|
good_ports = []
|
||||||
|
try:
|
||||||
|
LOG.debug("Connecting to the following ports %s" % ",".join((str(x) for x in ports)))
|
||||||
|
for sock, port in zip(sockets, ports):
|
||||||
|
err = sock.connect_ex((ip, port))
|
||||||
|
if err == 0:
|
||||||
|
good_ports.append((port, sock))
|
||||||
|
continue
|
||||||
|
if err == 10035: # WSAEWOULDBLOCK is valid, see https://msdn.microsoft.com/en-us/library/windows/desktop/ms740668%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
|
||||||
|
good_ports.append((port, sock))
|
||||||
|
continue
|
||||||
|
if err == 115: # EINPROGRESS 115 /* Operation now in progress */
|
||||||
|
good_ports.append((port, sock))
|
||||||
|
continue
|
||||||
|
LOG.warning("Failed to connect to port %s, error code is %d", port, err)
|
||||||
|
|
||||||
|
if len(good_ports) != 0:
|
||||||
|
time.sleep(timeout)
|
||||||
|
# this is possibly connected. meaning after timeout wait, we expect to see a connection up
|
||||||
|
# Possible valid errors codes if we chose to check for actually closed are
|
||||||
|
# ECONNREFUSED (111) or WSAECONNREFUSED (10061) or WSAETIMEDOUT(10060)
|
||||||
|
connected_ports_sockets = [s for s in good_ports if
|
||||||
|
s[1].getsockopt(socket.SOL_SOCKET, socket.SO_ERROR) == 0]
|
||||||
|
LOG.debug(
|
||||||
|
"On host %s discovered the following ports %s" %
|
||||||
|
(str(ip), ",".join([str(x[0]) for x in connected_ports_sockets])))
|
||||||
|
banners = []
|
||||||
|
if get_banner:
|
||||||
|
readable_sockets, _, _ = select.select([s[1] for s in connected_ports_sockets], [], [], 0)
|
||||||
|
# read first BANNER_READ bytes
|
||||||
|
banners = [sock.recv(BANNER_READ) if sock in readable_sockets else ""
|
||||||
|
for port, sock in connected_ports_sockets]
|
||||||
|
pass
|
||||||
|
# try to cleanup
|
||||||
|
[s[1].close() for s in good_ports]
|
||||||
|
return [port for port, sock in connected_ports_sockets], banners
|
||||||
|
else:
|
||||||
|
return [], []
|
||||||
|
|
||||||
|
except socket.error as exc:
|
||||||
|
LOG.warning("Exception when checking ports on host %s, Exception: %s", str(ip), exc)
|
||||||
|
return [], []
|
|
@ -28,13 +28,13 @@ The monkey is composed of three separate parts.
|
||||||
64bit: http://www.microsoft.com/en-us/download/details.aspx?id=13523
|
64bit: http://www.microsoft.com/en-us/download/details.aspx?id=13523
|
||||||
6. Download the dependent python packages using
|
6. Download the dependent python packages using
|
||||||
pip install -r requirements.txt
|
pip install -r requirements.txt
|
||||||
7. Download and extract UPX binary to [source-path]\monkey\chaos_monkey\bin\upx.exe:
|
7. Download and extract UPX binary to [source-path]\monkey\infection_monkey\bin\upx.exe:
|
||||||
https://github.com/upx/upx/releases/download/v3.94/upx394w.zip
|
https://github.com/upx/upx/releases/download/v3.94/upx394w.zip
|
||||||
8. Build/Download Sambacry and Mimikatz binaries
|
8. Build/Download Sambacry and Mimikatz binaries
|
||||||
a. Build/Download according to sections at the end of this readme.
|
a. Build/Download according to sections at the end of this readme.
|
||||||
b. Place the binaries under [code location]\chaos_monkey\bin
|
b. Place the binaries under [code location]\infection_monkey\bin
|
||||||
9. To build the final exe:
|
9. To build the final exe:
|
||||||
cd [code location]/chaos_monkey
|
cd [code location]/infection_monkey
|
||||||
build_windows.bat
|
build_windows.bat
|
||||||
output is placed under dist\monkey.exe
|
output is placed under dist\monkey.exe
|
||||||
|
|
||||||
|
@ -46,13 +46,13 @@ Tested on Ubuntu 16.04 and 17.04.
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1
|
sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1
|
||||||
Install the python packages listed in requirements.txt using pip
|
Install the python packages listed in requirements.txt using pip
|
||||||
cd [code location]/chaos_monkey
|
cd [code location]/infection_monkey
|
||||||
pip install -r requirements.txt
|
pip install -r requirements.txt
|
||||||
2. Build Sambacry binaries
|
2. Build Sambacry binaries
|
||||||
a. Build/Download according to sections at the end of this readme.
|
a. Build/Download according to sections at the end of this readme.
|
||||||
b. Place the binaries under [code location]\chaos_monkey\bin
|
b. Place the binaries under [code location]\infection_monkey\bin
|
||||||
3. To build, run in terminal:
|
3. To build, run in terminal:
|
||||||
cd [code location]/chaos_monkey
|
cd [code location]/infection_monkey
|
||||||
chmod +x build_linux.sh
|
chmod +x build_linux.sh
|
||||||
./build_linux.sh
|
./build_linux.sh
|
||||||
output is placed under dist/monkey
|
output is placed under dist/monkey
|
||||||
|
@ -63,11 +63,11 @@ Sambacry requires two standalone binaries to execute remotely.
|
||||||
1. Install gcc-multilib if it's not installed
|
1. Install gcc-multilib if it's not installed
|
||||||
sudo apt-get install gcc-multilib
|
sudo apt-get install gcc-multilib
|
||||||
2. Build the binaries
|
2. Build the binaries
|
||||||
cd [code location]/chaos_monkey/monkey_utils/sambacry_monkey_runner
|
cd [code location]/infection_monkey/monkey_utils/sambacry_monkey_runner
|
||||||
./build.sh
|
./build.sh
|
||||||
|
|
||||||
-- Mimikatz --
|
-- Mimikatz --
|
||||||
|
|
||||||
Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile from sources (requires Visual Studio 2013 and up) or download the binaries from
|
Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile from sources (requires Visual Studio 2013 and up) or download the binaries from
|
||||||
https://github.com/guardicore/mimikatz/releases/tag/1.0.0
|
https://github.com/guardicore/mimikatz/releases/tag/1.0.0
|
||||||
Download both 32 and 64 bit DLLs and place them under [code location]\chaos_monkey\bin
|
Download both 32 and 64 bit DLLs and place them under [code location]\infection_monkey\bin
|
|
@ -1,5 +1,5 @@
|
||||||
# -*- coding: UTF-8 -*-
|
# -*- coding: UTF-8 -*-
|
||||||
# NOTE: Launch all tests with `nosetests` command from chaos_monkey dir.
|
# NOTE: Launch all tests with `nosetests` command from infection_monkey dir.
|
||||||
|
|
||||||
import json
|
import json
|
||||||
import unittest
|
import unittest
|
|
@ -8,7 +8,7 @@ from threading import Thread
|
||||||
from model import VictimHost
|
from model import VictimHost
|
||||||
from network.firewall import app as firewall
|
from network.firewall import app as firewall
|
||||||
from network.info import local_ips, get_free_tcp_port
|
from network.info import local_ips, get_free_tcp_port
|
||||||
from network.tools import check_port_tcp
|
from network.tools import check_tcp_port
|
||||||
from transport.base import get_last_serve_time
|
from transport.base import get_last_serve_time
|
||||||
|
|
||||||
__author__ = 'hoffer'
|
__author__ = 'hoffer'
|
||||||
|
@ -40,7 +40,7 @@ def _check_tunnel(address, port, existing_sock=None):
|
||||||
sock = existing_sock
|
sock = existing_sock
|
||||||
|
|
||||||
LOG.debug("Checking tunnel %s:%s", address, port)
|
LOG.debug("Checking tunnel %s:%s", address, port)
|
||||||
is_open, _ = check_port_tcp(address, int(port))
|
is_open, _ = check_tcp_port(address, int(port))
|
||||||
if not is_open:
|
if not is_open:
|
||||||
LOG.debug("Could not connect to %s:%s", address, port)
|
LOG.debug("Could not connect to %s:%s", address, port)
|
||||||
if not existing_sock:
|
if not existing_sock:
|
|
@ -1,22 +1,26 @@
|
||||||
|
import os
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
import bson
|
import bson
|
||||||
from bson.json_util import dumps
|
|
||||||
from flask import Flask, send_from_directory, redirect, make_response
|
|
||||||
import flask_restful
|
import flask_restful
|
||||||
|
from bson.json_util import dumps
|
||||||
|
from flask import Flask, send_from_directory, make_response
|
||||||
from werkzeug.exceptions import NotFound
|
from werkzeug.exceptions import NotFound
|
||||||
|
|
||||||
|
from cc.auth import init_jwt
|
||||||
from cc.database import mongo
|
from cc.database import mongo
|
||||||
|
from cc.environment.environment import env
|
||||||
from cc.resources.client_run import ClientRun
|
from cc.resources.client_run import ClientRun
|
||||||
from cc.resources.monkey import Monkey
|
from cc.resources.edge import Edge
|
||||||
from cc.resources.local_run import LocalRun
|
from cc.resources.local_run import LocalRun
|
||||||
from cc.resources.telemetry import Telemetry
|
from cc.resources.monkey import Monkey
|
||||||
from cc.resources.monkey_configuration import MonkeyConfiguration
|
from cc.resources.monkey_configuration import MonkeyConfiguration
|
||||||
from cc.resources.monkey_download import MonkeyDownload
|
from cc.resources.monkey_download import MonkeyDownload
|
||||||
from cc.resources.netmap import NetMap
|
from cc.resources.netmap import NetMap
|
||||||
from cc.resources.edge import Edge
|
|
||||||
from cc.resources.node import Node
|
from cc.resources.node import Node
|
||||||
from cc.resources.report import Report
|
from cc.resources.report import Report
|
||||||
from cc.resources.root import Root
|
from cc.resources.root import Root
|
||||||
|
from cc.resources.telemetry import Telemetry
|
||||||
from cc.resources.telemetry_feed import TelemetryFeed
|
from cc.resources.telemetry_feed import TelemetryFeed
|
||||||
from cc.services.config import ConfigService
|
from cc.services.config import ConfigService
|
||||||
|
|
||||||
|
@ -70,6 +74,12 @@ def init_app(mongo_url):
|
||||||
api.representations = {'application/json': output_json}
|
api.representations = {'application/json': output_json}
|
||||||
|
|
||||||
app.config['MONGO_URI'] = mongo_url
|
app.config['MONGO_URI'] = mongo_url
|
||||||
|
|
||||||
|
app.config['SECRET_KEY'] = os.urandom(32)
|
||||||
|
app.config['JWT_AUTH_URL_RULE'] = '/api/auth'
|
||||||
|
app.config['JWT_EXPIRATION_DELTA'] = env.get_auth_expiration_time()
|
||||||
|
|
||||||
|
init_jwt(app)
|
||||||
mongo.init_app(app)
|
mongo.init_app(app)
|
||||||
|
|
||||||
with app.app_context():
|
with app.app_context():
|
||||||
|
|
|
@ -0,0 +1,53 @@
|
||||||
|
from functools import wraps
|
||||||
|
|
||||||
|
from flask import current_app, abort
|
||||||
|
from flask_jwt import JWT, _jwt_required, JWTError
|
||||||
|
from werkzeug.security import safe_str_cmp
|
||||||
|
|
||||||
|
from cc.environment.environment import env
|
||||||
|
|
||||||
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
|
||||||
|
class User(object):
|
||||||
|
def __init__(self, id, username, secret):
|
||||||
|
self.id = id
|
||||||
|
self.username = username
|
||||||
|
self.secret = secret
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return "User(id='%s')" % self.id
|
||||||
|
|
||||||
|
|
||||||
|
def init_jwt(app):
|
||||||
|
users = env.get_auth_users()
|
||||||
|
username_table = {u.username: u for u in users}
|
||||||
|
userid_table = {u.id: u for u in users}
|
||||||
|
|
||||||
|
def authenticate(username, secret):
|
||||||
|
user = username_table.get(username, None)
|
||||||
|
if user and safe_str_cmp(user.secret.encode('utf-8'), secret.encode('utf-8')):
|
||||||
|
return user
|
||||||
|
|
||||||
|
def identity(payload):
|
||||||
|
user_id = payload['identity']
|
||||||
|
return userid_table.get(user_id, None)
|
||||||
|
|
||||||
|
if env.is_auth_enabled():
|
||||||
|
JWT(app, authenticate, identity)
|
||||||
|
|
||||||
|
|
||||||
|
def jwt_required(realm=None):
|
||||||
|
def wrapper(fn):
|
||||||
|
@wraps(fn)
|
||||||
|
def decorator(*args, **kwargs):
|
||||||
|
if env.is_auth_enabled():
|
||||||
|
try:
|
||||||
|
_jwt_required(realm or current_app.config['JWT_DEFAULT_REALM'])
|
||||||
|
except JWTError:
|
||||||
|
abort(401)
|
||||||
|
return fn(*args, **kwargs)
|
||||||
|
|
||||||
|
return decorator
|
||||||
|
|
||||||
|
return wrapper
|
|
@ -0,0 +1,33 @@
|
||||||
|
import abc
|
||||||
|
from datetime import timedelta
|
||||||
|
|
||||||
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
|
||||||
|
class Environment(object):
|
||||||
|
__metaclass__ = abc.ABCMeta
|
||||||
|
|
||||||
|
_ISLAND_PORT = 5000
|
||||||
|
_MONGO_URL = "mongodb://localhost:27017/monkeyisland"
|
||||||
|
_DEBUG_SERVER = False
|
||||||
|
_AUTH_EXPIRATION_TIME = timedelta(hours=1)
|
||||||
|
|
||||||
|
def get_island_port(self):
|
||||||
|
return self._ISLAND_PORT
|
||||||
|
|
||||||
|
def get_mongo_url(self):
|
||||||
|
return self._MONGO_URL
|
||||||
|
|
||||||
|
def is_debug(self):
|
||||||
|
return self._DEBUG_SERVER
|
||||||
|
|
||||||
|
def get_auth_expiration_time(self):
|
||||||
|
return self._AUTH_EXPIRATION_TIME
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def is_auth_enabled(self):
|
||||||
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_auth_users(self):
|
||||||
|
return
|
|
@ -0,0 +1,24 @@
|
||||||
|
import urllib2
|
||||||
|
|
||||||
|
import cc.auth
|
||||||
|
from cc.environment import Environment
|
||||||
|
|
||||||
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
|
||||||
|
class AwsEnvironment(Environment):
|
||||||
|
def __init__(self):
|
||||||
|
super(AwsEnvironment, self).__init__()
|
||||||
|
self._instance_id = AwsEnvironment._get_instance_id()
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _get_instance_id():
|
||||||
|
return urllib2.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read()
|
||||||
|
|
||||||
|
def is_auth_enabled(self):
|
||||||
|
return True
|
||||||
|
|
||||||
|
def get_auth_users(self):
|
||||||
|
return [
|
||||||
|
cc.auth.User(1, 'monkey', self._instance_id)
|
||||||
|
]
|
|
@ -0,0 +1,23 @@
|
||||||
|
import json
|
||||||
|
import standard
|
||||||
|
import aws
|
||||||
|
|
||||||
|
ENV_DICT = {
|
||||||
|
'standard': standard.StandardEnvironment,
|
||||||
|
'aws': aws.AwsEnvironment
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def load_env_from_file():
|
||||||
|
with open('server_config.json', 'r') as f:
|
||||||
|
config_content = f.read()
|
||||||
|
config_json = json.loads(config_content)
|
||||||
|
return config_json['server_config']
|
||||||
|
|
||||||
|
|
||||||
|
try:
|
||||||
|
__env_type = load_env_from_file()
|
||||||
|
env = ENV_DICT[__env_type]()
|
||||||
|
except Exception:
|
||||||
|
print('Failed initializing environment: %s' % __env_type)
|
||||||
|
raise
|
|
@ -0,0 +1,12 @@
|
||||||
|
from cc.environment import Environment
|
||||||
|
|
||||||
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
|
||||||
|
class StandardEnvironment(Environment):
|
||||||
|
|
||||||
|
def is_auth_enabled(self):
|
||||||
|
return False
|
||||||
|
|
||||||
|
def get_auth_users(self):
|
||||||
|
return []
|
|
@ -1,5 +0,0 @@
|
||||||
__author__ = 'itay.mizeretz'
|
|
||||||
|
|
||||||
ISLAND_PORT = 5000
|
|
||||||
DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland"
|
|
||||||
DEBUG_SERVER = False
|
|
|
@ -11,7 +11,7 @@ if BASE_PATH not in sys.path:
|
||||||
|
|
||||||
from cc.app import init_app
|
from cc.app import init_app
|
||||||
from cc.utils import local_ip_addresses
|
from cc.utils import local_ip_addresses
|
||||||
from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT, DEBUG_SERVER
|
from cc.environment.environment import env
|
||||||
from cc.database import is_db_server_up
|
from cc.database import is_db_server_up
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
@ -19,20 +19,20 @@ if __name__ == '__main__':
|
||||||
from tornado.httpserver import HTTPServer
|
from tornado.httpserver import HTTPServer
|
||||||
from tornado.ioloop import IOLoop
|
from tornado.ioloop import IOLoop
|
||||||
|
|
||||||
mongo_url = os.environ.get('MONGO_URL', DEFAULT_MONGO_URL)
|
mongo_url = os.environ.get('MONGO_URL', env.get_mongo_url())
|
||||||
|
|
||||||
while not is_db_server_up(mongo_url):
|
while not is_db_server_up(mongo_url):
|
||||||
print('Waiting for MongoDB server')
|
print('Waiting for MongoDB server')
|
||||||
time.sleep(1)
|
time.sleep(1)
|
||||||
|
|
||||||
app = init_app(mongo_url)
|
app = init_app(mongo_url)
|
||||||
if DEBUG_SERVER:
|
if env.is_debug():
|
||||||
app.run(host='0.0.0.0', debug=True, ssl_context=('server.crt', 'server.key'))
|
app.run(host='0.0.0.0', debug=True, ssl_context=('server.crt', 'server.key'))
|
||||||
else:
|
else:
|
||||||
http_server = HTTPServer(WSGIContainer(app),
|
http_server = HTTPServer(WSGIContainer(app),
|
||||||
ssl_options={'certfile': os.environ.get('SERVER_CRT', 'server.crt'),
|
ssl_options={'certfile': os.environ.get('SERVER_CRT', 'server.crt'),
|
||||||
'keyfile': os.environ.get('SERVER_KEY', 'server.key')})
|
'keyfile': os.environ.get('SERVER_KEY', 'server.key')})
|
||||||
http_server.listen(ISLAND_PORT)
|
http_server.listen(env.get_island_port())
|
||||||
print('Monkey Island C&C Server is running on https://{}:{}'.format(local_ip_addresses()[0], ISLAND_PORT))
|
print('Monkey Island Server is running on https://{}:{}'.format(local_ip_addresses()[0], env.get_island_port()))
|
||||||
IOLoop.instance().start()
|
IOLoop.instance().start()
|
||||||
|
|
||||||
|
|
|
@ -6,8 +6,8 @@ import sys
|
||||||
from flask import request, jsonify, make_response
|
from flask import request, jsonify, make_response
|
||||||
import flask_restful
|
import flask_restful
|
||||||
|
|
||||||
|
from cc.environment.environment import env
|
||||||
from cc.resources.monkey_download import get_monkey_executable
|
from cc.resources.monkey_download import get_monkey_executable
|
||||||
from cc.island_config import ISLAND_PORT
|
|
||||||
from cc.services.node import NodeService
|
from cc.services.node import NodeService
|
||||||
from cc.utils import local_ip_addresses
|
from cc.utils import local_ip_addresses
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ def run_local_monkey():
|
||||||
|
|
||||||
# run the monkey
|
# run the monkey
|
||||||
try:
|
try:
|
||||||
args = ['"%s" m0nk3y -s %s:%s' % (target_path, local_ip_addresses()[0], ISLAND_PORT)]
|
args = ['"%s" m0nk3y -s %s:%s' % (target_path, local_ip_addresses()[0], env.get_island_port())]
|
||||||
if sys.platform == "win32":
|
if sys.platform == "win32":
|
||||||
args = "".join(args)
|
args = "".join(args)
|
||||||
pid = subprocess.Popen(args, shell=True).pid
|
pid = subprocess.Popen(args, shell=True).pid
|
||||||
|
|
|
@ -15,23 +15,20 @@ __author__ = 'Barak'
|
||||||
|
|
||||||
|
|
||||||
class Monkey(flask_restful.Resource):
|
class Monkey(flask_restful.Resource):
|
||||||
|
|
||||||
|
# Used by monkey. can't secure.
|
||||||
def get(self, guid=None, **kw):
|
def get(self, guid=None, **kw):
|
||||||
NodeService.update_dead_monkeys() # refresh monkeys status
|
NodeService.update_dead_monkeys() # refresh monkeys status
|
||||||
if not guid:
|
if not guid:
|
||||||
guid = request.args.get('guid')
|
guid = request.args.get('guid')
|
||||||
timestamp = request.args.get('timestamp')
|
|
||||||
|
|
||||||
if guid:
|
if guid:
|
||||||
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
|
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
|
||||||
return monkey_json
|
return monkey_json
|
||||||
else:
|
|
||||||
result = {'timestamp': datetime.now().isoformat()}
|
|
||||||
find_filter = {}
|
|
||||||
if timestamp is not None:
|
|
||||||
find_filter['modifytime'] = {'$gt': dateutil.parser.parse(timestamp)}
|
|
||||||
result['objects'] = [x for x in mongo.db.monkey.find(find_filter)]
|
|
||||||
return result
|
|
||||||
|
|
||||||
|
return {}
|
||||||
|
|
||||||
|
# Used by monkey. can't secure.
|
||||||
def patch(self, guid):
|
def patch(self, guid):
|
||||||
monkey_json = json.loads(request.data)
|
monkey_json = json.loads(request.data)
|
||||||
update = {"$set": {'modifytime': datetime.now()}}
|
update = {"$set": {'modifytime': datetime.now()}}
|
||||||
|
@ -51,6 +48,7 @@ class Monkey(flask_restful.Resource):
|
||||||
|
|
||||||
return mongo.db.monkey.update({"_id": monkey["_id"]}, update, upsert=False)
|
return mongo.db.monkey.update({"_id": monkey["_id"]}, update, upsert=False)
|
||||||
|
|
||||||
|
# Used by monkey. can't secure.
|
||||||
def post(self, **kw):
|
def post(self, **kw):
|
||||||
monkey_json = json.loads(request.data)
|
monkey_json = json.loads(request.data)
|
||||||
monkey_json['creds'] = []
|
monkey_json['creds'] = []
|
||||||
|
|
|
@ -1,18 +1,20 @@
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from flask import request, jsonify
|
|
||||||
import flask_restful
|
import flask_restful
|
||||||
|
from flask import request, jsonify
|
||||||
|
|
||||||
from cc.database import mongo
|
from cc.auth import jwt_required
|
||||||
from cc.services.config import ConfigService
|
from cc.services.config import ConfigService
|
||||||
|
|
||||||
__author__ = 'Barak'
|
__author__ = 'Barak'
|
||||||
|
|
||||||
|
|
||||||
class MonkeyConfiguration(flask_restful.Resource):
|
class MonkeyConfiguration(flask_restful.Resource):
|
||||||
|
@jwt_required()
|
||||||
def get(self):
|
def get(self):
|
||||||
return jsonify(schema=ConfigService.get_config_schema(), configuration=ConfigService.get_config())
|
return jsonify(schema=ConfigService.get_config_schema(), configuration=ConfigService.get_config())
|
||||||
|
|
||||||
|
@jwt_required()
|
||||||
def post(self):
|
def post(self):
|
||||||
config_json = json.loads(request.data)
|
config_json = json.loads(request.data)
|
||||||
if config_json.has_key('reset'):
|
if config_json.has_key('reset'):
|
||||||
|
@ -20,4 +22,3 @@ class MonkeyConfiguration(flask_restful.Resource):
|
||||||
else:
|
else:
|
||||||
ConfigService.update_config(config_json, should_encrypt=True)
|
ConfigService.update_config(config_json, should_encrypt=True)
|
||||||
return self.get()
|
return self.get()
|
||||||
|
|
||||||
|
|
|
@ -47,9 +47,12 @@ def get_monkey_executable(host_os, machine):
|
||||||
|
|
||||||
|
|
||||||
class MonkeyDownload(flask_restful.Resource):
|
class MonkeyDownload(flask_restful.Resource):
|
||||||
|
|
||||||
|
# Used by monkey. can't secure.
|
||||||
def get(self, path):
|
def get(self, path):
|
||||||
return send_from_directory('binaries', path)
|
return send_from_directory('binaries', path)
|
||||||
|
|
||||||
|
# Used by monkey. can't secure.
|
||||||
def post(self):
|
def post(self):
|
||||||
host_json = json.loads(request.data)
|
host_json = json.loads(request.data)
|
||||||
host_os = host_json.get('os')
|
host_os = host_json.get('os')
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import flask_restful
|
import flask_restful
|
||||||
|
|
||||||
|
from cc.auth import jwt_required
|
||||||
from cc.services.edge import EdgeService
|
from cc.services.edge import EdgeService
|
||||||
from cc.services.node import NodeService
|
from cc.services.node import NodeService
|
||||||
from cc.database import mongo
|
from cc.database import mongo
|
||||||
|
@ -8,6 +9,7 @@ __author__ = 'Barak'
|
||||||
|
|
||||||
|
|
||||||
class NetMap(flask_restful.Resource):
|
class NetMap(flask_restful.Resource):
|
||||||
|
@jwt_required()
|
||||||
def get(self, **kw):
|
def get(self, **kw):
|
||||||
monkeys = [NodeService.monkey_to_net_node(x) for x in mongo.db.monkey.find({})]
|
monkeys = [NodeService.monkey_to_net_node(x) for x in mongo.db.monkey.find({})]
|
||||||
nodes = [NodeService.node_to_net_node(x) for x in mongo.db.node.find({})]
|
nodes = [NodeService.node_to_net_node(x) for x in mongo.db.node.find({})]
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
from flask import request
|
from flask import request
|
||||||
import flask_restful
|
import flask_restful
|
||||||
|
|
||||||
|
from cc.auth import jwt_required
|
||||||
from cc.services.node import NodeService
|
from cc.services.node import NodeService
|
||||||
|
|
||||||
__author__ = 'Barak'
|
__author__ = 'Barak'
|
||||||
|
|
||||||
|
|
||||||
class Node(flask_restful.Resource):
|
class Node(flask_restful.Resource):
|
||||||
|
@jwt_required()
|
||||||
def get(self):
|
def get(self):
|
||||||
node_id = request.args.get('id')
|
node_id = request.args.get('id')
|
||||||
if node_id:
|
if node_id:
|
||||||
|
|
|
@ -1,10 +1,13 @@
|
||||||
import flask_restful
|
import flask_restful
|
||||||
|
|
||||||
|
from cc.auth import jwt_required
|
||||||
from cc.services.report import ReportService
|
from cc.services.report import ReportService
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
|
||||||
|
|
||||||
class Report(flask_restful.Resource):
|
class Report(flask_restful.Resource):
|
||||||
|
|
||||||
|
@jwt_required()
|
||||||
def get(self):
|
def get(self):
|
||||||
return ReportService.get_report()
|
return ReportService.get_report()
|
||||||
|
|
|
@ -3,6 +3,7 @@ from datetime import datetime
|
||||||
import flask_restful
|
import flask_restful
|
||||||
from flask import request, make_response, jsonify
|
from flask import request, make_response, jsonify
|
||||||
|
|
||||||
|
from cc.auth import jwt_required
|
||||||
from cc.database import mongo
|
from cc.database import mongo
|
||||||
from cc.services.config import ConfigService
|
from cc.services.config import ConfigService
|
||||||
from cc.services.node import NodeService
|
from cc.services.node import NodeService
|
||||||
|
@ -13,6 +14,8 @@ __author__ = 'Barak'
|
||||||
|
|
||||||
|
|
||||||
class Root(flask_restful.Resource):
|
class Root(flask_restful.Resource):
|
||||||
|
|
||||||
|
@jwt_required()
|
||||||
def get(self, action=None):
|
def get(self, action=None):
|
||||||
if not action:
|
if not action:
|
||||||
action = request.args.get('action')
|
action = request.args.get('action')
|
||||||
|
|
|
@ -7,6 +7,7 @@ import dateutil
|
||||||
import flask_restful
|
import flask_restful
|
||||||
from flask import request
|
from flask import request
|
||||||
|
|
||||||
|
from cc.auth import jwt_required
|
||||||
from cc.database import mongo
|
from cc.database import mongo
|
||||||
from cc.services.config import ConfigService
|
from cc.services.config import ConfigService
|
||||||
from cc.services.edge import EdgeService
|
from cc.services.edge import EdgeService
|
||||||
|
@ -17,6 +18,7 @@ __author__ = 'Barak'
|
||||||
|
|
||||||
|
|
||||||
class Telemetry(flask_restful.Resource):
|
class Telemetry(flask_restful.Resource):
|
||||||
|
@jwt_required()
|
||||||
def get(self, **kw):
|
def get(self, **kw):
|
||||||
monkey_guid = request.args.get('monkey_guid')
|
monkey_guid = request.args.get('monkey_guid')
|
||||||
telem_type = request.args.get('telem_type')
|
telem_type = request.args.get('telem_type')
|
||||||
|
@ -37,6 +39,7 @@ class Telemetry(flask_restful.Resource):
|
||||||
result['objects'] = self.telemetry_to_displayed_telemetry(mongo.db.telemetry.find(find_filter))
|
result['objects'] = self.telemetry_to_displayed_telemetry(mongo.db.telemetry.find(find_filter))
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
# Used by monkey. can't secure.
|
||||||
def post(self):
|
def post(self):
|
||||||
telemetry_json = json.loads(request.data)
|
telemetry_json = json.loads(request.data)
|
||||||
telemetry_json['timestamp'] = datetime.now()
|
telemetry_json['timestamp'] = datetime.now()
|
||||||
|
|
|
@ -5,6 +5,7 @@ import flask_restful
|
||||||
from flask import request
|
from flask import request
|
||||||
import flask_pymongo
|
import flask_pymongo
|
||||||
|
|
||||||
|
from cc.auth import jwt_required
|
||||||
from cc.database import mongo
|
from cc.database import mongo
|
||||||
from cc.services.node import NodeService
|
from cc.services.node import NodeService
|
||||||
|
|
||||||
|
@ -12,6 +13,7 @@ __author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
|
||||||
class TelemetryFeed(flask_restful.Resource):
|
class TelemetryFeed(flask_restful.Resource):
|
||||||
|
@jwt_required()
|
||||||
def get(self, **kw):
|
def get(self, **kw):
|
||||||
timestamp = request.args.get('timestamp')
|
timestamp = request.args.get('timestamp')
|
||||||
if "null" == timestamp or timestamp is None: # special case to avoid ugly JS code...
|
if "null" == timestamp or timestamp is None: # special case to avoid ugly JS code...
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
"server_config": "standard"
|
||||||
|
}
|
|
@ -4,7 +4,7 @@ from jsonschema import Draft4Validator, validators
|
||||||
|
|
||||||
from cc.database import mongo
|
from cc.database import mongo
|
||||||
from cc.encryptor import encryptor
|
from cc.encryptor import encryptor
|
||||||
from cc.island_config import ISLAND_PORT
|
from cc.environment.environment import env
|
||||||
from cc.utils import local_ip_addresses
|
from cc.utils import local_ip_addresses
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
@ -531,7 +531,7 @@ SCHEMA = {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"cnc": {
|
"cnc": {
|
||||||
"title": "C&C",
|
"title": "Monkey Island",
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
"servers": {
|
"servers": {
|
||||||
|
@ -912,8 +912,8 @@ class ConfigService:
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def set_server_ips_in_config(config):
|
def set_server_ips_in_config(config):
|
||||||
ips = local_ip_addresses()
|
ips = local_ip_addresses()
|
||||||
config["cnc"]["servers"]["command_servers"] = ["%s:%d" % (ip, ISLAND_PORT) for ip in ips]
|
config["cnc"]["servers"]["command_servers"] = ["%s:%d" % (ip, env.get_island_port()) for ip in ips]
|
||||||
config["cnc"]["servers"]["current_server"] = "%s:%d" % (ips[0], ISLAND_PORT)
|
config["cnc"]["servers"]["current_server"] = "%s:%d" % (ips[0], env.get_island_port())
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def save_initial_config_if_needed():
|
def save_initial_config_if_needed():
|
||||||
|
|
|
@ -65,6 +65,8 @@
|
||||||
"core-js": "^2.5.1",
|
"core-js": "^2.5.1",
|
||||||
"fetch": "^1.1.0",
|
"fetch": "^1.1.0",
|
||||||
"js-file-download": "^0.4.1",
|
"js-file-download": "^0.4.1",
|
||||||
|
"json-loader": "^0.5.7",
|
||||||
|
"jwt-decode": "^2.2.0",
|
||||||
"normalize.css": "^4.0.0",
|
"normalize.css": "^4.0.0",
|
||||||
"prop-types": "^15.5.10",
|
"prop-types": "^15.5.10",
|
||||||
"rc-progress": "^2.2.5",
|
"rc-progress": "^2.2.5",
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
import React from 'react';
|
||||||
|
import AuthService from '../services/AuthService';
|
||||||
|
|
||||||
|
class AuthComponent extends React.Component {
|
||||||
|
constructor(props) {
|
||||||
|
super(props);
|
||||||
|
this.auth = new AuthService();
|
||||||
|
this.authFetch = this.auth.authFetch;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export default AuthComponent;
|
|
@ -1,5 +1,5 @@
|
||||||
import React from 'react';
|
import React from 'react';
|
||||||
import {NavLink, Route, BrowserRouter as Router} from 'react-router-dom';
|
import {BrowserRouter as Router, NavLink, Redirect, Route} from 'react-router-dom';
|
||||||
import {Col, Grid, Row} from 'react-bootstrap';
|
import {Col, Grid, Row} from 'react-bootstrap';
|
||||||
import {Icon} from 'react-fa';
|
import {Icon} from 'react-fa';
|
||||||
|
|
||||||
|
@ -11,6 +11,8 @@ import TelemetryPage from 'components/pages/TelemetryPage';
|
||||||
import StartOverPage from 'components/pages/StartOverPage';
|
import StartOverPage from 'components/pages/StartOverPage';
|
||||||
import ReportPage from 'components/pages/ReportPage';
|
import ReportPage from 'components/pages/ReportPage';
|
||||||
import LicensePage from 'components/pages/LicensePage';
|
import LicensePage from 'components/pages/LicensePage';
|
||||||
|
import AuthComponent from 'components/AuthComponent';
|
||||||
|
import LoginPageComponent from 'components/pages/LoginPage';
|
||||||
|
|
||||||
require('normalize.css/normalize.css');
|
require('normalize.css/normalize.css');
|
||||||
require('react-data-components/css/table-twbs.css');
|
require('react-data-components/css/table-twbs.css');
|
||||||
|
@ -22,7 +24,43 @@ let logoImage = require('../images/monkey-icon.svg');
|
||||||
let infectionMonkeyImage = require('../images/infection-monkey.svg');
|
let infectionMonkeyImage = require('../images/infection-monkey.svg');
|
||||||
let guardicoreLogoImage = require('../images/guardicore-logo.png');
|
let guardicoreLogoImage = require('../images/guardicore-logo.png');
|
||||||
|
|
||||||
class AppComponent extends React.Component {
|
class AppComponent extends AuthComponent {
|
||||||
|
updateStatus = () => {
|
||||||
|
if (this.auth.loggedIn()){
|
||||||
|
this.authFetch('/api')
|
||||||
|
.then(res => res.json())
|
||||||
|
.then(res => {
|
||||||
|
// This check is used to prevent unnecessary re-rendering
|
||||||
|
let isChanged = false;
|
||||||
|
for (let step in this.state.completedSteps) {
|
||||||
|
if (this.state.completedSteps[step] !== res['completed_steps'][step]) {
|
||||||
|
isChanged = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (isChanged) {
|
||||||
|
this.setState({completedSteps: res['completed_steps']});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
renderRoute = (route_path, page_component, is_exact_path = false) => {
|
||||||
|
let render_func = (props) => {
|
||||||
|
if (this.auth.loggedIn()) {
|
||||||
|
return page_component;
|
||||||
|
} else {
|
||||||
|
return <Redirect to={{pathname: '/login'}}/>;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
if (is_exact_path) {
|
||||||
|
return <Route exact path={route_path} render={render_func}/>;
|
||||||
|
} else {
|
||||||
|
return <Route path={route_path} render={render_func}/>;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
constructor(props) {
|
constructor(props) {
|
||||||
super(props);
|
super(props);
|
||||||
this.state = {
|
this.state = {
|
||||||
|
@ -35,24 +73,6 @@ class AppComponent extends React.Component {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
updateStatus = () => {
|
|
||||||
fetch('/api')
|
|
||||||
.then(res => res.json())
|
|
||||||
.then(res => {
|
|
||||||
// This check is used to prevent unnecessary re-rendering
|
|
||||||
let isChanged = false;
|
|
||||||
for (let step in this.state.completedSteps) {
|
|
||||||
if (this.state.completedSteps[step] !== res['completed_steps'][step]) {
|
|
||||||
isChanged = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (isChanged) {
|
|
||||||
this.setState({completedSteps: res['completed_steps']});
|
|
||||||
}
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
componentDidMount() {
|
componentDidMount() {
|
||||||
this.updateStatus();
|
this.updateStatus();
|
||||||
this.interval = setInterval(this.updateStatus, 2000);
|
this.interval = setInterval(this.updateStatus, 2000);
|
||||||
|
@ -77,8 +97,8 @@ class AppComponent extends React.Component {
|
||||||
<li>
|
<li>
|
||||||
<NavLink to="/" exact={true}>
|
<NavLink to="/" exact={true}>
|
||||||
<span className="number">1.</span>
|
<span className="number">1.</span>
|
||||||
Run C&C Server
|
Run Monkey Island Server
|
||||||
{ this.state.completedSteps.run_server ?
|
{this.state.completedSteps.run_server ?
|
||||||
<Icon name="check" className="pull-right checkmark text-success"/>
|
<Icon name="check" className="pull-right checkmark text-success"/>
|
||||||
: ''}
|
: ''}
|
||||||
</NavLink>
|
</NavLink>
|
||||||
|
@ -87,7 +107,7 @@ class AppComponent extends React.Component {
|
||||||
<NavLink to="/run-monkey">
|
<NavLink to="/run-monkey">
|
||||||
<span className="number">2.</span>
|
<span className="number">2.</span>
|
||||||
Run Monkey
|
Run Monkey
|
||||||
{ this.state.completedSteps.run_monkey ?
|
{this.state.completedSteps.run_monkey ?
|
||||||
<Icon name="check" className="pull-right checkmark text-success"/>
|
<Icon name="check" className="pull-right checkmark text-success"/>
|
||||||
: ''}
|
: ''}
|
||||||
</NavLink>
|
</NavLink>
|
||||||
|
@ -96,7 +116,7 @@ class AppComponent extends React.Component {
|
||||||
<NavLink to="/infection/map">
|
<NavLink to="/infection/map">
|
||||||
<span className="number">3.</span>
|
<span className="number">3.</span>
|
||||||
Infection Map
|
Infection Map
|
||||||
{ this.state.completedSteps.infection_done ?
|
{this.state.completedSteps.infection_done ?
|
||||||
<Icon name="check" className="pull-right checkmark text-success"/>
|
<Icon name="check" className="pull-right checkmark text-success"/>
|
||||||
: ''}
|
: ''}
|
||||||
</NavLink>
|
</NavLink>
|
||||||
|
@ -105,7 +125,7 @@ class AppComponent extends React.Component {
|
||||||
<NavLink to="/report">
|
<NavLink to="/report">
|
||||||
<span className="number">4.</span>
|
<span className="number">4.</span>
|
||||||
Security Report
|
Security Report
|
||||||
{ this.state.completedSteps.report_done ?
|
{this.state.completedSteps.report_done ?
|
||||||
<Icon name="check" className="pull-right checkmark text-success"/>
|
<Icon name="check" className="pull-right checkmark text-success"/>
|
||||||
: ''}
|
: ''}
|
||||||
</NavLink>
|
</NavLink>
|
||||||
|
@ -136,14 +156,15 @@ class AppComponent extends React.Component {
|
||||||
</div>
|
</div>
|
||||||
</Col>
|
</Col>
|
||||||
<Col sm={9} md={10} smOffset={3} mdOffset={2} className="main">
|
<Col sm={9} md={10} smOffset={3} mdOffset={2} className="main">
|
||||||
<Route exact path="/" render={(props) => ( <RunServerPage onStatusChange={this.updateStatus} /> )} />
|
<Route path='/login' render={(props) => (<LoginPageComponent onStatusChange={this.updateStatus}/>)}/>
|
||||||
<Route path="/configure" render={(props) => ( <ConfigurePage onStatusChange={this.updateStatus} /> )} />
|
{this.renderRoute('/', <RunServerPage onStatusChange={this.updateStatus}/>, true)}
|
||||||
<Route path="/run-monkey" render={(props) => ( <RunMonkeyPage onStatusChange={this.updateStatus} /> )} />
|
{this.renderRoute('/configure', <ConfigurePage onStatusChange={this.updateStatus}/>)}
|
||||||
<Route path="/infection/map" render={(props) => ( <MapPage onStatusChange={this.updateStatus} /> )} />
|
{this.renderRoute('/run-monkey', <RunMonkeyPage onStatusChange={this.updateStatus}/>)}
|
||||||
<Route path="/infection/telemetry" render={(props) => ( <TelemetryPage onStatusChange={this.updateStatus} /> )} />
|
{this.renderRoute('/infection/map', <MapPage onStatusChange={this.updateStatus}/>)}
|
||||||
<Route path="/start-over" render={(props) => ( <StartOverPage onStatusChange={this.updateStatus} /> )} />
|
{this.renderRoute('/infection/telemetry', <TelemetryPage onStatusChange={this.updateStatus}/>)}
|
||||||
<Route path="/report" render={(props) => ( <ReportPage onStatusChange={this.updateStatus} /> )} />
|
{this.renderRoute('/start-over', <StartOverPage onStatusChange={this.updateStatus}/>)}
|
||||||
<Route path="/license" render={(props) => ( <LicensePage onStatusChange={this.updateStatus} /> )} />
|
{this.renderRoute('/report', <ReportPage onStatusChange={this.updateStatus}/>)}
|
||||||
|
{this.renderRoute('/license', <LicensePage onStatusChange={this.updateStatus}/>)}
|
||||||
</Col>
|
</Col>
|
||||||
</Row>
|
</Row>
|
||||||
</Grid>
|
</Grid>
|
||||||
|
|
|
@ -2,8 +2,9 @@ import React from 'react';
|
||||||
import {Icon} from 'react-fa';
|
import {Icon} from 'react-fa';
|
||||||
import Toggle from 'react-toggle';
|
import Toggle from 'react-toggle';
|
||||||
import {OverlayTrigger, Tooltip} from 'react-bootstrap';
|
import {OverlayTrigger, Tooltip} from 'react-bootstrap';
|
||||||
|
import AuthComponent from '../../AuthComponent';
|
||||||
|
|
||||||
class PreviewPaneComponent extends React.Component {
|
class PreviewPaneComponent extends AuthComponent {
|
||||||
|
|
||||||
generateToolTip(text) {
|
generateToolTip(text) {
|
||||||
return (
|
return (
|
||||||
|
@ -64,7 +65,7 @@ class PreviewPaneComponent extends React.Component {
|
||||||
forceKill(event, asset) {
|
forceKill(event, asset) {
|
||||||
let newConfig = asset.config;
|
let newConfig = asset.config;
|
||||||
newConfig['alive'] = !event.target.checked;
|
newConfig['alive'] = !event.target.checked;
|
||||||
fetch('/api/monkey/' + asset.guid,
|
this.authFetch('/api/monkey/' + asset.guid,
|
||||||
{
|
{
|
||||||
method: 'PATCH',
|
method: 'PATCH',
|
||||||
headers: {'Content-Type': 'application/json'},
|
headers: {'Content-Type': 'application/json'},
|
||||||
|
|
|
@ -2,8 +2,9 @@ import React from 'react';
|
||||||
import Form from 'react-jsonschema-form';
|
import Form from 'react-jsonschema-form';
|
||||||
import {Col, Nav, NavItem} from 'react-bootstrap';
|
import {Col, Nav, NavItem} from 'react-bootstrap';
|
||||||
import fileDownload from 'js-file-download';
|
import fileDownload from 'js-file-download';
|
||||||
|
import AuthComponent from '../AuthComponent';
|
||||||
|
|
||||||
class ConfigurePageComponent extends React.Component {
|
class ConfigurePageComponent extends AuthComponent {
|
||||||
constructor(props) {
|
constructor(props) {
|
||||||
super(props);
|
super(props);
|
||||||
|
|
||||||
|
@ -23,7 +24,7 @@ class ConfigurePageComponent extends React.Component {
|
||||||
}
|
}
|
||||||
|
|
||||||
componentDidMount() {
|
componentDidMount() {
|
||||||
fetch('/api/configuration')
|
this.authFetch('/api/configuration')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
let sections = [];
|
let sections = [];
|
||||||
|
@ -43,7 +44,7 @@ class ConfigurePageComponent extends React.Component {
|
||||||
onSubmit = ({formData}) => {
|
onSubmit = ({formData}) => {
|
||||||
this.currentFormData = formData;
|
this.currentFormData = formData;
|
||||||
this.updateConfigSection();
|
this.updateConfigSection();
|
||||||
fetch('/api/configuration',
|
this.authFetch('/api/configuration',
|
||||||
{
|
{
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: {'Content-Type': 'application/json'},
|
headers: {'Content-Type': 'application/json'},
|
||||||
|
@ -82,7 +83,7 @@ class ConfigurePageComponent extends React.Component {
|
||||||
};
|
};
|
||||||
|
|
||||||
resetConfig = () => {
|
resetConfig = () => {
|
||||||
fetch('/api/configuration',
|
this.authFetch('/api/configuration',
|
||||||
{
|
{
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: {'Content-Type': 'application/json'},
|
headers: {'Content-Type': 'application/json'},
|
||||||
|
@ -126,7 +127,7 @@ class ConfigurePageComponent extends React.Component {
|
||||||
};
|
};
|
||||||
|
|
||||||
updateMonkeysRunning = () => {
|
updateMonkeysRunning = () => {
|
||||||
fetch('/api')
|
this.authFetch('/api')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
// This check is used to prevent unnecessary re-rendering
|
// This check is used to prevent unnecessary re-rendering
|
||||||
|
|
|
@ -0,0 +1,78 @@
|
||||||
|
import React from 'react';
|
||||||
|
import {Col} from 'react-bootstrap';
|
||||||
|
|
||||||
|
import AuthService from '../../services/AuthService'
|
||||||
|
|
||||||
|
class LoginPageComponent extends React.Component {
|
||||||
|
login = () => {
|
||||||
|
this.auth.login(this.username, this.password).then(res => {
|
||||||
|
if (res['result']) {
|
||||||
|
this.redirectToHome();
|
||||||
|
} else {
|
||||||
|
this.setState({failed: true});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
updateUsername = (evt) => {
|
||||||
|
this.username = evt.target.value;
|
||||||
|
};
|
||||||
|
|
||||||
|
updatePassword = (evt) => {
|
||||||
|
this.password = evt.target.value;
|
||||||
|
};
|
||||||
|
|
||||||
|
redirectToHome = () => {
|
||||||
|
window.location.href = '/';
|
||||||
|
};
|
||||||
|
|
||||||
|
constructor(props) {
|
||||||
|
super(props);
|
||||||
|
this.username = '';
|
||||||
|
this.password = '';
|
||||||
|
this.auth = new AuthService();
|
||||||
|
this.state = {
|
||||||
|
failed: false
|
||||||
|
};
|
||||||
|
if (this.auth.loggedIn()) {
|
||||||
|
this.redirectToHome();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
render() {
|
||||||
|
return (
|
||||||
|
<Col xs={12} lg={8}>
|
||||||
|
<h1 className="page-title">Login</h1>
|
||||||
|
<div className="col-sm-6 col-sm-offset-3" style={{'fontSize': '1.2em'}}>
|
||||||
|
<div className="panel panel-default">
|
||||||
|
<div className="panel-heading text-center">
|
||||||
|
<b>Login</b>
|
||||||
|
</div>
|
||||||
|
<div className="panel-body">
|
||||||
|
<div className="input-group center-block text-center">
|
||||||
|
<input type="text" className="form-control" placeholder="Username"
|
||||||
|
onChange={evt => this.updateUsername(evt)}/>
|
||||||
|
<input type="password" className="form-control" placeholder="Password"
|
||||||
|
onChange={evt => this.updatePassword(evt)}/>
|
||||||
|
<button type="button" className="btn btn-primary btn-lg" style={{margin: '5px'}}
|
||||||
|
onClick={() => {
|
||||||
|
this.login()
|
||||||
|
}}>
|
||||||
|
Login
|
||||||
|
</button>
|
||||||
|
{
|
||||||
|
this.state.failed ?
|
||||||
|
<div className="alert alert-danger" role="alert">Login failed. Bad credentials.</div>
|
||||||
|
:
|
||||||
|
''
|
||||||
|
}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</Col>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export default LoginPageComponent;
|
|
@ -6,8 +6,9 @@ import PreviewPane from 'components/map/preview-pane/PreviewPane';
|
||||||
import {ReactiveGraph} from 'components/reactive-graph/ReactiveGraph';
|
import {ReactiveGraph} from 'components/reactive-graph/ReactiveGraph';
|
||||||
import {ModalContainer, ModalDialog} from 'react-modal-dialog';
|
import {ModalContainer, ModalDialog} from 'react-modal-dialog';
|
||||||
import {options, edgeGroupToColor} from 'components/map/MapOptions';
|
import {options, edgeGroupToColor} from 'components/map/MapOptions';
|
||||||
|
import AuthComponent from '../AuthComponent';
|
||||||
|
|
||||||
class MapPageComponent extends React.Component {
|
class MapPageComponent extends AuthComponent {
|
||||||
constructor(props) {
|
constructor(props) {
|
||||||
super(props);
|
super(props);
|
||||||
this.state = {
|
this.state = {
|
||||||
|
@ -40,7 +41,7 @@ class MapPageComponent extends React.Component {
|
||||||
};
|
};
|
||||||
|
|
||||||
updateMapFromServer = () => {
|
updateMapFromServer = () => {
|
||||||
fetch('/api/netmap')
|
this.authFetch('/api/netmap')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
res.edges.forEach(edge => {
|
res.edges.forEach(edge => {
|
||||||
|
@ -52,7 +53,7 @@ class MapPageComponent extends React.Component {
|
||||||
};
|
};
|
||||||
|
|
||||||
updateTelemetryFromServer = () => {
|
updateTelemetryFromServer = () => {
|
||||||
fetch('/api/telemetry-feed?timestamp='+this.state.telemetryLastTimestamp)
|
this.authFetch('/api/telemetry-feed?timestamp='+this.state.telemetryLastTimestamp)
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
let newTelem = this.state.telemetry.concat(res['telemetries']);
|
let newTelem = this.state.telemetry.concat(res['telemetries']);
|
||||||
|
@ -68,7 +69,7 @@ class MapPageComponent extends React.Component {
|
||||||
|
|
||||||
selectionChanged(event) {
|
selectionChanged(event) {
|
||||||
if (event.nodes.length === 1) {
|
if (event.nodes.length === 1) {
|
||||||
fetch('/api/netmap/node?id=' + event.nodes[0])
|
this.authFetch('/api/netmap/node?id=' + event.nodes[0])
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => this.setState({selected: res, selectedType: 'node'}));
|
.then(res => this.setState({selected: res, selectedType: 'node'}));
|
||||||
}
|
}
|
||||||
|
@ -80,7 +81,7 @@ class MapPageComponent extends React.Component {
|
||||||
if (displayedEdge['group'] === 'island') {
|
if (displayedEdge['group'] === 'island') {
|
||||||
this.setState({selected: displayedEdge, selectedType: 'island_edge'});
|
this.setState({selected: displayedEdge, selectedType: 'island_edge'});
|
||||||
} else {
|
} else {
|
||||||
fetch('/api/netmap/edge?id=' + event.edges[0])
|
this.authFetch('/api/netmap/edge?id=' + event.edges[0])
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => this.setState({selected: res.edge, selectedType: 'edge'}));
|
.then(res => this.setState({selected: res.edge, selectedType: 'edge'}));
|
||||||
}
|
}
|
||||||
|
@ -91,7 +92,7 @@ class MapPageComponent extends React.Component {
|
||||||
}
|
}
|
||||||
|
|
||||||
killAllMonkeys = () => {
|
killAllMonkeys = () => {
|
||||||
fetch('/api?action=killall')
|
this.authFetch('/api?action=killall')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => this.setState({killPressed: (res.status === 'OK')}));
|
.then(res => this.setState({killPressed: (res.status === 'OK')}));
|
||||||
};
|
};
|
||||||
|
|
|
@ -7,11 +7,12 @@ import {edgeGroupToColor, options} from 'components/map/MapOptions';
|
||||||
import StolenPasswords from 'components/report-components/StolenPasswords';
|
import StolenPasswords from 'components/report-components/StolenPasswords';
|
||||||
import CollapsibleWellComponent from 'components/report-components/CollapsibleWell';
|
import CollapsibleWellComponent from 'components/report-components/CollapsibleWell';
|
||||||
import {Line} from 'rc-progress';
|
import {Line} from 'rc-progress';
|
||||||
|
import AuthComponent from '../AuthComponent';
|
||||||
|
|
||||||
let guardicoreLogoImage = require('../../images/guardicore-logo.png');
|
let guardicoreLogoImage = require('../../images/guardicore-logo.png');
|
||||||
let monkeyLogoImage = require('../../images/monkey-icon.svg');
|
let monkeyLogoImage = require('../../images/monkey-icon.svg');
|
||||||
|
|
||||||
class ReportPageComponent extends React.Component {
|
class ReportPageComponent extends AuthComponent {
|
||||||
|
|
||||||
Issue =
|
Issue =
|
||||||
{
|
{
|
||||||
|
@ -76,7 +77,7 @@ class ReportPageComponent extends React.Component {
|
||||||
}
|
}
|
||||||
|
|
||||||
updateMonkeysRunning = () => {
|
updateMonkeysRunning = () => {
|
||||||
return fetch('/api')
|
return this.authFetch('/api')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
// This check is used to prevent unnecessary re-rendering
|
// This check is used to prevent unnecessary re-rendering
|
||||||
|
@ -89,7 +90,7 @@ class ReportPageComponent extends React.Component {
|
||||||
};
|
};
|
||||||
|
|
||||||
updateMapFromServer = () => {
|
updateMapFromServer = () => {
|
||||||
fetch('/api/netmap')
|
this.authFetch('/api/netmap')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
res.edges.forEach(edge => {
|
res.edges.forEach(edge => {
|
||||||
|
@ -102,7 +103,7 @@ class ReportPageComponent extends React.Component {
|
||||||
|
|
||||||
getReportFromServer(res) {
|
getReportFromServer(res) {
|
||||||
if (res['completed_steps']['run_monkey']) {
|
if (res['completed_steps']['run_monkey']) {
|
||||||
fetch('/api/report')
|
this.authFetch('/api/report')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
this.setState({
|
this.setState({
|
||||||
|
@ -610,7 +611,7 @@ class ReportPageComponent extends React.Component {
|
||||||
The network can probably be segmented. A monkey instance on <span
|
The network can probably be segmented. A monkey instance on <span
|
||||||
className="label label-primary">{issue.machine}</span> in the
|
className="label label-primary">{issue.machine}</span> in the
|
||||||
networks {this.generateInfoBadges(issue.networks)}
|
networks {this.generateInfoBadges(issue.networks)}
|
||||||
could directly access the Monkey Island C&C server in the
|
could directly access the Monkey Island server in the
|
||||||
networks {this.generateInfoBadges(issue.server_networks)}.
|
networks {this.generateInfoBadges(issue.server_networks)}.
|
||||||
</CollapsibleWellComponent>
|
</CollapsibleWellComponent>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -3,8 +3,9 @@ import {Button, Col, Well, Nav, NavItem, Collapse} from 'react-bootstrap';
|
||||||
import CopyToClipboard from 'react-copy-to-clipboard';
|
import CopyToClipboard from 'react-copy-to-clipboard';
|
||||||
import {Icon} from 'react-fa';
|
import {Icon} from 'react-fa';
|
||||||
import {Link} from 'react-router-dom';
|
import {Link} from 'react-router-dom';
|
||||||
|
import AuthComponent from '../AuthComponent';
|
||||||
|
|
||||||
class RunMonkeyPageComponent extends React.Component {
|
class RunMonkeyPageComponent extends AuthComponent {
|
||||||
|
|
||||||
constructor(props) {
|
constructor(props) {
|
||||||
super(props);
|
super(props);
|
||||||
|
@ -19,14 +20,14 @@ class RunMonkeyPageComponent extends React.Component {
|
||||||
}
|
}
|
||||||
|
|
||||||
componentDidMount() {
|
componentDidMount() {
|
||||||
fetch('/api')
|
this.authFetch('/api')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => this.setState({
|
.then(res => this.setState({
|
||||||
ips: res['ip_addresses'],
|
ips: res['ip_addresses'],
|
||||||
selectedIp: res['ip_addresses'][0]
|
selectedIp: res['ip_addresses'][0]
|
||||||
}));
|
}));
|
||||||
|
|
||||||
fetch('/api/local-monkey')
|
this.authFetch('/api/local-monkey')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res =>{
|
.then(res =>{
|
||||||
if (res['is_running']) {
|
if (res['is_running']) {
|
||||||
|
@ -36,7 +37,7 @@ class RunMonkeyPageComponent extends React.Component {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
fetch('/api/client-monkey')
|
this.authFetch('/api/client-monkey')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
if (res['is_running']) {
|
if (res['is_running']) {
|
||||||
|
@ -60,7 +61,7 @@ class RunMonkeyPageComponent extends React.Component {
|
||||||
}
|
}
|
||||||
|
|
||||||
runLocalMonkey = () => {
|
runLocalMonkey = () => {
|
||||||
fetch('/api/local-monkey',
|
this.authFetch('/api/local-monkey',
|
||||||
{
|
{
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: {'Content-Type': 'application/json'},
|
headers: {'Content-Type': 'application/json'},
|
||||||
|
@ -146,7 +147,7 @@ class RunMonkeyPageComponent extends React.Component {
|
||||||
className="btn btn-default btn-lg center-block"
|
className="btn btn-default btn-lg center-block"
|
||||||
disabled={this.state.runningOnIslandState !== 'not_running'}
|
disabled={this.state.runningOnIslandState !== 'not_running'}
|
||||||
>
|
>
|
||||||
Run on C&C Server
|
Run on Monkey Island Server
|
||||||
{ this.renderIconByState(this.state.runningOnIslandState) }
|
{ this.renderIconByState(this.state.runningOnIslandState) }
|
||||||
</button>
|
</button>
|
||||||
{
|
{
|
||||||
|
|
|
@ -10,17 +10,19 @@ class RunServerPageComponent extends React.Component {
|
||||||
render() {
|
render() {
|
||||||
return (
|
return (
|
||||||
<Col xs={12} lg={8}>
|
<Col xs={12} lg={8}>
|
||||||
<h1 className="page-title">1. Monkey Island C&C Server</h1>
|
<h1 className="page-title">1. Monkey Island Server</h1>
|
||||||
<div style={{'fontSize': '1.2em'}}>
|
<div style={{'fontSize': '1.2em'}}>
|
||||||
<p style={{'marginTop': '30px'}}>Congrats! You have successfully set up the Monkey Island server. 👏 👏</p>
|
<p style={{'marginTop': '30px'}}>Congrats! You have successfully set up the Monkey Island
|
||||||
|
server. 👏 👏</p>
|
||||||
<p>
|
<p>
|
||||||
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter
|
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter
|
||||||
breaches and internal server infections.
|
breaches and internal server infections.
|
||||||
The Monkey uses various methods to propagate across a data
|
The Monkey uses various methods to propagate across a data
|
||||||
center and reports to this Command and Control (C&C) server.
|
center and reports to this Monkey Island Command and Control server.
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
To read more about the Monkey, visit <a href="http://infectionmonkey.com" target="_blank">infectionmonkey.com</a>
|
To read more about the Monkey, visit <a href="http://infectionmonkey.com"
|
||||||
|
target="_blank">infectionmonkey.com</a>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
Go ahead and <Link to="/run-monkey">run the monkey</Link>.
|
Go ahead and <Link to="/run-monkey">run the monkey</Link>.
|
||||||
|
|
|
@ -2,8 +2,9 @@ import React from 'react';
|
||||||
import {Col} from 'react-bootstrap';
|
import {Col} from 'react-bootstrap';
|
||||||
import {Link} from 'react-router-dom';
|
import {Link} from 'react-router-dom';
|
||||||
import {ModalContainer, ModalDialog} from 'react-modal-dialog';
|
import {ModalContainer, ModalDialog} from 'react-modal-dialog';
|
||||||
|
import AuthComponent from '../AuthComponent';
|
||||||
|
|
||||||
class StartOverPageComponent extends React.Component {
|
class StartOverPageComponent extends AuthComponent {
|
||||||
constructor(props) {
|
constructor(props) {
|
||||||
super(props);
|
super(props);
|
||||||
|
|
||||||
|
@ -15,7 +16,7 @@ class StartOverPageComponent extends React.Component {
|
||||||
}
|
}
|
||||||
|
|
||||||
updateMonkeysRunning = () => {
|
updateMonkeysRunning = () => {
|
||||||
fetch('/api')
|
this.authFetch('/api')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
// This check is used to prevent unnecessary re-rendering
|
// This check is used to prevent unnecessary re-rendering
|
||||||
|
@ -104,7 +105,7 @@ class StartOverPageComponent extends React.Component {
|
||||||
this.setState({
|
this.setState({
|
||||||
cleaned: false
|
cleaned: false
|
||||||
});
|
});
|
||||||
fetch('/api?action=reset')
|
this.authFetch('/api?action=reset')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => {
|
.then(res => {
|
||||||
if (res['status'] === 'OK') {
|
if (res['status'] === 'OK') {
|
||||||
|
|
|
@ -2,6 +2,7 @@ import React from 'react';
|
||||||
import {Col} from 'react-bootstrap';
|
import {Col} from 'react-bootstrap';
|
||||||
import JSONTree from 'react-json-tree'
|
import JSONTree from 'react-json-tree'
|
||||||
import {DataTable} from 'react-data-components';
|
import {DataTable} from 'react-data-components';
|
||||||
|
import AuthComponent from '../AuthComponent';
|
||||||
|
|
||||||
const renderJson = (val) => <JSONTree data={val} level={1} theme="eighties" invertTheme={true} />;
|
const renderJson = (val) => <JSONTree data={val} level={1} theme="eighties" invertTheme={true} />;
|
||||||
const renderTime = (val) => val.split('.')[0];
|
const renderTime = (val) => val.split('.')[0];
|
||||||
|
@ -13,7 +14,7 @@ const columns = [
|
||||||
{ title: 'Details', prop: 'data', render: renderJson, width: '40%' }
|
{ title: 'Details', prop: 'data', render: renderJson, width: '40%' }
|
||||||
];
|
];
|
||||||
|
|
||||||
class TelemetryPageComponent extends React.Component {
|
class TelemetryPageComponent extends AuthComponent {
|
||||||
constructor(props) {
|
constructor(props) {
|
||||||
super(props);
|
super(props);
|
||||||
this.state = {
|
this.state = {
|
||||||
|
@ -22,7 +23,7 @@ class TelemetryPageComponent extends React.Component {
|
||||||
}
|
}
|
||||||
|
|
||||||
componentDidMount = () => {
|
componentDidMount = () => {
|
||||||
fetch('/api/telemetry')
|
this.authFetch('/api/telemetry')
|
||||||
.then(res => res.json())
|
.then(res => res.json())
|
||||||
.then(res => this.setState({data: res.objects}));
|
.then(res => this.setState({data: res.objects}));
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
<title>Infection Monkey C&C</title>
|
<title>Infection Monkey Island Server</title>
|
||||||
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
|
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
|
||||||
<meta name="description" content="">
|
<meta name="description" content="">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
import BaseConfig from './BaseConfig';
|
||||||
|
|
||||||
|
class AwsConfig extends BaseConfig{
|
||||||
|
isAuthEnabled() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export default AwsConfig;
|
|
@ -0,0 +1,8 @@
|
||||||
|
class BaseConfig {
|
||||||
|
|
||||||
|
isAuthEnabled() {
|
||||||
|
throw new Error('Abstract function');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export default BaseConfig;
|
|
@ -0,0 +1,12 @@
|
||||||
|
import StandardConfig from './StandardConfig';
|
||||||
|
import AwsConfig from './AwsConfig';
|
||||||
|
|
||||||
|
const SERVER_CONFIG_JSON = require('json-loader!../../../server_config.json');
|
||||||
|
|
||||||
|
const CONFIG_DICT =
|
||||||
|
{
|
||||||
|
'standard': StandardConfig,
|
||||||
|
'aws': AwsConfig
|
||||||
|
};
|
||||||
|
|
||||||
|
export const SERVER_CONFIG = new CONFIG_DICT[SERVER_CONFIG_JSON['server_config']]();
|
|
@ -0,0 +1,10 @@
|
||||||
|
import BaseConfig from './BaseConfig';
|
||||||
|
|
||||||
|
class StandardConfig extends BaseConfig {
|
||||||
|
|
||||||
|
isAuthEnabled () {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export default StandardConfig;
|
|
@ -0,0 +1,106 @@
|
||||||
|
import decode from 'jwt-decode';
|
||||||
|
import {SERVER_CONFIG} from '../server_config/ServerConfig';
|
||||||
|
|
||||||
|
export default class AuthService {
|
||||||
|
AUTH_ENABLED = SERVER_CONFIG.isAuthEnabled();
|
||||||
|
|
||||||
|
login = (username, password) => {
|
||||||
|
if (this.AUTH_ENABLED) {
|
||||||
|
return this._login(username, password);
|
||||||
|
} else {
|
||||||
|
return {result: true};
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
authFetch = (url, options) => {
|
||||||
|
if (this.AUTH_ENABLED) {
|
||||||
|
return this._authFetch(url, options);
|
||||||
|
} else {
|
||||||
|
return fetch(url, options);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
_login = (username, password) => {
|
||||||
|
return this._authFetch('/api/auth', {
|
||||||
|
method: 'POST',
|
||||||
|
body: JSON.stringify({
|
||||||
|
username,
|
||||||
|
password
|
||||||
|
})
|
||||||
|
}).then(response => response.json())
|
||||||
|
.then(res => {
|
||||||
|
if (res.hasOwnProperty('access_token')) {
|
||||||
|
this._setToken(res['access_token']);
|
||||||
|
return {result: true};
|
||||||
|
} else {
|
||||||
|
this._removeToken();
|
||||||
|
return {result: false};
|
||||||
|
}
|
||||||
|
|
||||||
|
})
|
||||||
|
};
|
||||||
|
|
||||||
|
_authFetch = (url, options = {}) => {
|
||||||
|
const headers = {
|
||||||
|
'Accept': 'application/json',
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
};
|
||||||
|
|
||||||
|
if (this.loggedIn()) {
|
||||||
|
headers['Authorization'] = 'JWT ' + this._getToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (options.hasOwnProperty('headers')) {
|
||||||
|
for (let header in headers) {
|
||||||
|
options['headers'][header] = headers[header];
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
options['headers'] = headers;
|
||||||
|
}
|
||||||
|
|
||||||
|
return fetch(url, options)
|
||||||
|
.then(res => {
|
||||||
|
if (res.status === 401) {
|
||||||
|
this._removeToken();
|
||||||
|
}
|
||||||
|
return res;
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
loggedIn() {
|
||||||
|
if (!this.AUTH_ENABLED) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
const token = this._getToken();
|
||||||
|
return ((token !== null) && !this._isTokenExpired(token));
|
||||||
|
}
|
||||||
|
|
||||||
|
logout() {
|
||||||
|
if (this.AUTH_ENABLED) {
|
||||||
|
this._removeToken();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
_isTokenExpired(token) {
|
||||||
|
try {
|
||||||
|
return decode(token)['exp'] < Date.now() / 1000;
|
||||||
|
}
|
||||||
|
catch (err) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
_setToken(idToken) {
|
||||||
|
localStorage.setItem('jwt', idToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
_removeToken() {
|
||||||
|
localStorage.removeItem('jwt');
|
||||||
|
}
|
||||||
|
|
||||||
|
_getToken() {
|
||||||
|
return localStorage.getItem('jwt')
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue