p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,793 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

6793 Commits

Author SHA1 Message Date
Mike Salvatore f920c3e9f1 Project: Add job posting to README 2022-04-04 15:41:59 -04:00
Shreya Malviya ad61236ed0 BB: Fix password for powershell-46 in Zoo machines' docs 2022-03-21 14:10:16 +05:30
Ilija Lazoroski c000ab6cf8 BB: Update documentation for PowerShell machines 2022-03-21 14:06:54 +05:30
Mike Salvatore c6e80b6689
Merge pull request #1671 from guardicore/dependabot/npm_and_yarn/monkey/monkey_island/cc/ui/marked-4.0.10 
Bump marked from 2.1.3 to 4.0.10 in /monkey/monkey_island/cc/ui
 2022-03-02 08:59:10 -05:00
Ilija Lazoroski b27d9fa0a4 Project: Add upgrade to pipenv in Travis 2022-03-02 11:46:41 +01:00
Ilija Lazoroski 3baca9aaea Island: Import single export from marked 2022-03-01 17:03:10 +01:00
dependabot[bot] ca43dd060c Bump marked from 2.1.3 to 4.0.10 in /monkey/monkey_island/cc/ui 
Bumps [marked](https://github.com/markedjs/marked) from 2.1.3 to 4.0.10.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json)
- [Commits](https://github.com/markedjs/marked/compare/v2.1.3...v4.0.10)

---
updated-dependencies:
- dependency-name: marked
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-01 17:03:10 +01:00
dependabot[bot] bc129e4bb0 Bump ajv from 6.12.2 to 6.12.6 in /monkey/monkey_island/cc/ui 
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.12.2 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.12.2...v6.12.6)

---
updated-dependencies:
- dependency-name: ajv
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-01 14:03:23 +01:00
dependabot[bot] 65f0649d88 Bump follow-redirects in /monkey/monkey_island/cc/ui 
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.4 to 1.14.8.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.4...v1.14.8)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-24 06:18:16 -05:00
Mike Salvatore a7f3076bfd Project: Remove trailing whitespace from pull request template 2022-02-23 13:46:18 -05:00
Shreya Malviya f572e59b7f Docs: Update link to Security Hub integration page 
Previously, this link took you to the repo's wiki which would point
you to the actual Security Hub page in the docs. Now, it directly takes
you to the Security Hub page in the docs.
 2022-02-07 20:17:13 +05:30
Ilija Lazoroski 88d4e9b11f Agent: Remove sambacry binaries from monkey spec 
PR #1698
 2022-02-04 13:25:16 -05:00
Mike Salvatore 81bc579aa5
Merge pull request #1688 from guardicore/1640-simplify-log-download 
1640 simplify log download
 2022-01-31 08:55:54 -05:00
Shreya Malviya 3bed9919b9 Docs: Change phrasing in the FAQ about logs 2022-01-31 19:23:43 +05:30
vakarisz d953755fd2 Changelog: fixup changelog entries for "1640 simplify log download" 2022-01-31 15:50:24 +02:00
vakarisz 3e5c1c8044 Changelog: add log download from map entry 2022-01-31 11:54:40 +02:00
vakarisz 42582451d5 Docs: explain how to download logs from UI 2022-01-31 11:51:33 +02:00
vakarisz e74bb92432 UI: rename "logs" page to "telemetries", remove island log download 
"Logs" page displayed agent telemetries and islands' log download button. This is inconsistent, page should either offer the download of all logs or only show telemetries.
 2022-01-31 11:02:49 +02:00
vakarisz 3d25c56a6e UI: add agent and island log download buttons to map 2022-01-31 10:56:36 +02:00
vakarisz 0aa9e63809 Project: add windows dev requirements for agent 2022-01-27 10:15:30 -05:00
vakarisz ead3068202 Project: add windows dev requirements for agent 2022-01-27 10:58:58 +02:00
vakarisz 2399d1b279 Docs: specify that we're using Hugo 0.92.0 2022-01-26 08:31:08 -05:00
vakarisz a12f87d463 Project: update travis to use Hugo 0.92.0 2022-01-26 08:31:08 -05:00
Mike Salvatore 4a7c8fe411 Merge branch 'release/1.13.0' into develop 2022-01-25 13:23:17 -05:00
Mike Salvatore fed7d050be Changelog: Update version and release date for v1.13.0 2022-01-25 09:54:12 -05:00
vakarisz ab290fd732 Docs: clarify that AppImage can only run in WSL 2 on windows 2022-01-25 15:20:33 +02:00
vakarisz 28cf8b55cf BB: modified performance config template to contain log4shell machines 2022-01-25 15:16:32 +02:00
vakarisz 62dc4a4d5c Docs: add version to docker examples 
Based on docs it wasn't clear what user should substitute for "VERSION". By providing specific version like "v1.13.0" we clarify the format of the version string.
 2022-01-25 15:03:06 +02:00
vakarisz 014108e360 Docs: remove outdated documentation about AWS deployment 2022-01-25 14:59:55 +02:00
vakarisz a59c6b59b6 Docs: add hashes of 1.13.0 release binaries 2022-01-24 10:29:44 +02:00
vakarisz 189505a97d Agent: add vulnerable log4shell url's 
Url's are used in mitre report
 2022-01-21 15:35:07 +02:00
Mike Salvatore 75ed119c00 Changelog: Add changelog entries for Log4Shell exploiter 2022-01-21 07:40:42 -05:00
VakarisZ 39a48c2b64
Merge pull request #1670 from guardicore/1663-log4shell-exploit 
Log4Shell exploiter
 2022-01-21 11:52:14 +02:00
Mike Salvatore 4c30118f67 Docs: Increase v1.12.0 -> v1.13.0 2022-01-20 14:38:14 -05:00
Mike Salvatore 5bf82659bd UI: Switch CVE-2021-44228 from href to react-bootstrap Button 
This resolves an eslint error regarding `target="blank"` without
`rel="noopener"` and makes this code more consistent with other code.
 2022-01-20 12:14:52 -05:00
Mike Salvatore d21dd6da13 Agent: Wait for victim to download agent before killing servers 
The Log4Shell exploiter requires the victim to contact a number of
different servers. Wait a reasonable amount of time for the victim to
call home and download the agent before issuing the shutdown command to
the server.
 2022-01-20 10:42:51 -05:00
Mike Salvatore e576136a63 Agent: Skip Log4Shell exploiter if there are no open ports 2022-01-20 08:52:09 -05:00
Mike Salvatore 6d87289bd0 Agent: Minor change to log statement in ExploitClassHTTPServer 2022-01-20 08:17:57 -05:00
Shreya Malviya 83d2a0aac0 Common, UI: Bump version numbers to 1.13.0 2022-01-20 17:49:02 +05:30
Shreya Malviya ce8c178297 BB: Add Log4Shell zoo machines to table of contents, grammar fixes 2022-01-20 17:24:11 +05:30
Mike Salvatore d0e26f770f Agent: Add lock to HTTPHandler.do_GET() to avoid potential race 2022-01-19 19:37:23 -05:00
vakarisz 76d6071f7c Island: add cve link to log4shell report 2022-01-19 15:09:03 +02:00
Mike Salvatore 1840dd54ca Agent: Add class documentation to ExploitClassHTTPServer 2022-01-18 12:33:06 -05:00
Mike Salvatore 63085273a9 Agent: Encapsulate parallelism in ExploitClassHTTPServer 2022-01-18 08:57:05 -05:00
vakarisz 212fb3a653 BB: black format config_generation_script.py 2022-01-18 15:23:59 +02:00
vakarisz a5a4957c29 Agent: small readability and style improvements 2022-01-18 15:01:47 +02:00
vakarisz 03919c3caf Agent: fix struts2 url building 2022-01-18 14:29:57 +02:00
vakarisz 76a32d241c Agent: log4shell readability and style fixes 2022-01-18 12:48:56 +02:00
vakarisz 52ac7dd295 Agent: fix a bug in web_rce url building 
build_potential_urls was made static and takes IP as first parameter, but the users of this method wasn't changed and only passed ports
 2022-01-18 12:22:38 +02:00
vakarisz e3f9312ff9 BB: change log4j exploit depth to 1 (default) 
This change is necessary to make sure that exploitation is successfull from a particular machine being tested.
 2022-01-18 11:44:47 +02:00