Compare commits
1 Commits
develop
...
DO-NOT-DEL
Author | SHA1 | Date |
---|---|---|
Shreya Malviya | b4d21e96c3 |
|
@ -1,4 +1,4 @@
|
||||||
monkey/tests/data_for_tests/ransomware_targets/** -text
|
monkey/tests/data_for_tests/ransomware_targets/** -text
|
||||||
monkey/tests/data_for_tests/test_readme.txt -text
|
monkey/tests/data_for_tests/test_readme.txt -text
|
||||||
monkey/tests/data_for_tests/stable_file.txt -text
|
monkey/tests/data_for_tests/stable_file.txt -text
|
||||||
monkey/infection_monkey/payload/ransomware/ransomware_readme.txt -text
|
monkey/infection_monkey/ransomware/ransomware_readme.txt -text
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
---
|
|
||||||
name: "🏗Refactor"
|
|
||||||
about: Refactor existing code
|
|
||||||
title: ''
|
|
||||||
labels: Refactor
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
# Refactor
|
|
||||||
|
|
||||||
## Component(s) to be refactored
|
|
||||||
|
|
||||||
-
|
|
||||||
|
|
||||||
## Explanation
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
name: "📒Blank"
|
|
||||||
about: A blank issue for anything not covered by another template
|
|
||||||
title: ''
|
|
||||||
labels:
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
|
@ -4,5 +4,5 @@ contact_links:
|
||||||
url: https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU
|
url: https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU
|
||||||
about: Our community Slack channel - you can ask questions or suggest things here.
|
about: Our community Slack channel - you can ask questions or suggest things here.
|
||||||
- name: FAQs
|
- name: FAQs
|
||||||
url: https://www.guardicore.com/infectionmonkey/docs/faq/
|
url: https://www.guardicore.com/infectionmonkey/faq/
|
||||||
about: Frequently Asked Questions - if you have a question, see if we've already answered it!
|
about: Frequently Asked Questions - if you have a question, see if we've already answered it!
|
||||||
|
|
|
@ -1,19 +1,22 @@
|
||||||
# What does this PR do?
|
# What does this PR do?
|
||||||
|
|
||||||
Fixes #`put issue number here`.
|
Fixes #`put issue number here`.
|
||||||
|
|
||||||
Add any further explanations here.
|
Add any further explanations here.
|
||||||
|
|
||||||
## PR Checklist
|
## PR Checklist
|
||||||
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
|
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
|
||||||
* [ ] Is the TravisCI build passing?
|
* [ ] Is the TravisCI build passing?
|
||||||
* [ ] Was the CHANGELOG.md updated to reflect the changes?
|
* [ ] Was the CHANGELOG.md updated to reflect the changes?
|
||||||
* [ ] Was the documentation framework updated to reflect the changes?
|
* [ ] Was the documentation framework updated to reflect the changes?
|
||||||
* [ ] Have you checked that you haven't introduced any duplicate code?
|
|
||||||
|
|
||||||
## Testing Checklist
|
## Testing Checklist
|
||||||
|
|
||||||
* [ ] Added relevant unit tests?
|
* [ ] Added relevant unit tests?
|
||||||
* [ ] Have you successfully tested your changes locally? Elaborate:
|
* [ ] Have you successfully tested your changes locally? Elaborate:
|
||||||
> Tested by {Running the Monkey locally with relevant config/running Island/...}
|
> Tested by {Running the Monkey locally with relevant config/running Island/...}
|
||||||
* [ ] If applicable, add screenshots or log transcripts of the feature working
|
* [ ] If applicable, add screenshots or log transcripts of the feature working
|
||||||
|
|
||||||
|
## Explain Changes
|
||||||
|
|
||||||
|
Are the commit messages enough? If not, elaborate.
|
||||||
|
|
|
@ -59,7 +59,7 @@ coverage.xml
|
||||||
*.log
|
*.log
|
||||||
|
|
||||||
# Sphinx documentation
|
# Sphinx documentation
|
||||||
/monkey/monkey_island/docs/source/_autosummary
|
docs/_build/
|
||||||
|
|
||||||
# PyBuilder
|
# PyBuilder
|
||||||
target/
|
target/
|
||||||
|
@ -101,9 +101,3 @@ venv/
|
||||||
|
|
||||||
# Hugo
|
# Hugo
|
||||||
.hugo_build.lock
|
.hugo_build.lock
|
||||||
|
|
||||||
# mypy
|
|
||||||
.mypy_cache
|
|
||||||
|
|
||||||
# MacOS
|
|
||||||
.DS_Store
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
default_stages: [commit]
|
default_stages: [commit]
|
||||||
repos:
|
repos:
|
||||||
- repo: https://github.com/pycqa/isort
|
- repo: https://github.com/pycqa/isort
|
||||||
rev: 5.10.1
|
rev: 5.8.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: isort
|
- id: isort
|
||||||
name: isort (python)
|
name: isort (python)
|
||||||
|
@ -12,16 +12,16 @@ repos:
|
||||||
name: isort (pyi)
|
name: isort (pyi)
|
||||||
types: [pyi]
|
types: [pyi]
|
||||||
- repo: https://github.com/psf/black
|
- repo: https://github.com/psf/black
|
||||||
rev: 22.3.0
|
rev: 20.8b1
|
||||||
hooks:
|
hooks:
|
||||||
- id: black
|
- id: black
|
||||||
- repo: https://gitlab.com/pycqa/flake8
|
- repo: https://gitlab.com/pycqa/flake8
|
||||||
rev: 4.0.1
|
rev: 3.9.1
|
||||||
hooks:
|
hooks:
|
||||||
- id: flake8
|
- id: flake8
|
||||||
additional_dependencies: [dlint]
|
additional_dependencies: [dlint]
|
||||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||||
rev: v4.1.0
|
rev: v3.4.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: check-added-large-files
|
- id: check-added-large-files
|
||||||
- id: check-case-conflict
|
- id: check-case-conflict
|
||||||
|
@ -31,21 +31,10 @@ repos:
|
||||||
- id: end-of-file-fixer
|
- id: end-of-file-fixer
|
||||||
- id: trailing-whitespace
|
- id: trailing-whitespace
|
||||||
- repo: https://github.com/eslint/eslint
|
- repo: https://github.com/eslint/eslint
|
||||||
rev: v8.12.0
|
rev: v7.24.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: eslint
|
- id: eslint
|
||||||
args: ["monkey/monkey_island/cc/ui/src/", "--fix", "--max-warnings=0"]
|
args: ["monkey/monkey_island/cc/ui/src/", "--fix", "--max-warnings=0"]
|
||||||
- repo: https://github.com/pre-commit/mirrors-mypy
|
|
||||||
rev: v0.971
|
|
||||||
hooks:
|
|
||||||
- id: mypy
|
|
||||||
additional_dependencies: [types-ipaddress, types-paramiko, types-python-dateutil, types-requests]
|
|
||||||
exclude: "vulture_allowlist.py"
|
|
||||||
args: [--ignore-missing-imports]
|
|
||||||
- repo: https://github.com/koalaman/shellcheck-precommit
|
|
||||||
rev: v0.7.2
|
|
||||||
hooks:
|
|
||||||
- id: shellcheck
|
|
||||||
- repo: local
|
- repo: local
|
||||||
hooks:
|
hooks:
|
||||||
- id: pytest
|
- id: pytest
|
||||||
|
@ -56,7 +45,7 @@ repos:
|
||||||
exclude: "monkey/monkey_island/cc/ui"
|
exclude: "monkey/monkey_island/cc/ui"
|
||||||
stages: [push]
|
stages: [push]
|
||||||
- repo: https://github.com/swimmio/pre-commit
|
- repo: https://github.com/swimmio/pre-commit
|
||||||
rev: v0.7
|
rev: v0.2
|
||||||
hooks:
|
hooks:
|
||||||
- id: swimm-verify
|
- id: swimm-verify
|
||||||
- repo: https://github.com/jendrikseipp/vulture
|
- repo: https://github.com/jendrikseipp/vulture
|
||||||
|
|
|
@ -0,0 +1,86 @@
|
||||||
|
{
|
||||||
|
"id": "AzD8XysWg1BBXCjCDkfq",
|
||||||
|
"name": "Add a new configuration setting to the Agent ⚙",
|
||||||
|
"task": {
|
||||||
|
"dod": "Make the max victim number that Monkey will find before stopping configurable by the user instead of constant.",
|
||||||
|
"tests": [],
|
||||||
|
"hints": [
|
||||||
|
"Look for `victims_max_exploit` - it's rather similar."
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"content": [
|
||||||
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "# Make something configurable\n\nIn this unit, you will learn how to add a configuration option to Monkey and how to use it in the Monkey Agent code. \n\n![computer fire](https://media.giphy.com/media/7J4P7cUur2DlErijp3/giphy.gif \"computer fire\")\n\n## Why is this important?\n\nEnabling users to configure the Monkey's behaviour gives them a lot more freedom in how they want to use the Monkey and enables more use cases.\n\n## What is \"Max victims to find\"?\n\nThe Monkey has a function which finds \"victim\" machines on the network for the Monkey to try and exploit. It's called `get_victim_machines`. This function accepts an argument which limits how many machines the Monkey should find.\n\nWe want to make that value editable by the user instead of constant in the code.\n\n## Manual testing\n\n1. After you've performed the required changes, reload the Server and check your value exists in the Internal tab of the config (see image).\n\n![](https://i.imgur.com/e0XAxuV.png)\n\n2. Set the new value to 1, and run Monkey locally (from source). See that the Monkey only scans one machine."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/infection_monkey/config.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 103,
|
||||||
|
"lines": [
|
||||||
|
" exploiter_classes = []",
|
||||||
|
" system_info_collector_classes = []",
|
||||||
|
" ",
|
||||||
|
"* # how many victims to look for in a single scan iteration",
|
||||||
|
"* victims_max_find = 100",
|
||||||
|
" ",
|
||||||
|
" # how many victims to exploit before stopping",
|
||||||
|
" victims_max_exploit = 100"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/infection_monkey/monkey.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 220,
|
||||||
|
"lines": [
|
||||||
|
" if not WormConfiguration.alive:",
|
||||||
|
" logger.info(\"Marked not alive from configuration\")",
|
||||||
|
" ",
|
||||||
|
"* machines = self._network.get_victim_machines(",
|
||||||
|
"* max_find=WormConfiguration.victims_max_find,",
|
||||||
|
"* stop_callback=ControlClient.check_for_stop,",
|
||||||
|
"* )",
|
||||||
|
" for machine in machines:",
|
||||||
|
" if ControlClient.check_for_stop():",
|
||||||
|
" break"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"path": "monkey/monkey_island/cc/services/config_schema/internal.py",
|
||||||
|
"comments": [],
|
||||||
|
"firstLineNumber": 28,
|
||||||
|
"lines": [
|
||||||
|
" \"title\": \"Monkey\",",
|
||||||
|
" \"type\": \"object\",",
|
||||||
|
" \"properties\": {",
|
||||||
|
"* \"victims_max_find\": {",
|
||||||
|
"* \"title\": \"Max victims to find\",",
|
||||||
|
"* \"type\": \"integer\",",
|
||||||
|
"* \"default\": 100,",
|
||||||
|
"* \"description\": \"Determines the maximum number of machines the monkey is \"",
|
||||||
|
"* \"allowed to scan\",",
|
||||||
|
"* },",
|
||||||
|
" \"victims_max_exploit\": {",
|
||||||
|
" \"title\": \"Max victims to exploit\",",
|
||||||
|
" \"type\": \"integer\","
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "* When changing config schema by adding or deleting keys, you need to update the Blackbox Test configurations as well [here](https://github.com/guardicore/monkey/tree/develop/envs/monkey_zoo/blackbox/config_templates)."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"symbols": {},
|
||||||
|
"file_version": "2.0.3",
|
||||||
|
"meta": {
|
||||||
|
"app_version": "0.6.6-2",
|
||||||
|
"file_blobs": {
|
||||||
|
"monkey/infection_monkey/config.py": "8f4984ba6563564343282765ab498efca5d89ba8",
|
||||||
|
"monkey/infection_monkey/monkey.py": "4160a36e0e624404d77526472d51dd07bba49e5a",
|
||||||
|
"monkey/monkey_island/cc/services/config_schema/internal.py": "86318eaf19b9991a8af5de861a3eb085238e17a4"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,52 @@
|
||||||
|
{
|
||||||
|
"id": "JFXftJml8DpmuCPBA9rL",
|
||||||
|
"name": "Add details about your new PBA",
|
||||||
|
"task": {
|
||||||
|
"dod": "You should add your new PBA's details to the configuration.",
|
||||||
|
"tests": [],
|
||||||
|
"hints": [
|
||||||
|
"Have a look at the details of the other techniques."
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"content": [
|
||||||
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "In order to make sure that the new `ScheduleJobs` PBA is shown in the configuration on the Monkey Island, you need to add its details to the configuration file(s). <br><br>\n\nSince this particular PBA is related to the MITRE techniques [T1168](https://attack.mitre.org/techniques/T1168) and [T1053](https://attack.mitre.org/techniques/T1053), make sure to link the PBA with these techniques in the configuration as well. <br><br>\n\nEach part of the configuration has an important role \n- *enum* — contains the relevant PBA's class name(s)\n- *title* — holds the name of the PBA which is displayed in the configuration on the Monkey Island\n- *info* — consists of an elaboration on the PBA's working which is displayed in the configuration on the Monkey Island\n- *attack_techniques* — has the IDs of the MITRE techniques associated with the PBA\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- You should be able to see your new PBA under the \"Monkey\" tab in the configuration, along with its information when you click on it\n\n<img src=\"https://i.imgur.com/a5VSkL5.gif\" height=400>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"lines": [
|
||||||
|
" \"Removes the file afterwards.\",",
|
||||||
|
" \"attack_techniques\": [\"T1166\"],",
|
||||||
|
" },",
|
||||||
|
"* {",
|
||||||
|
"+ # Swimmer: ADD DETAILS HERE!",
|
||||||
|
"* \"type\": \"string\",",
|
||||||
|
"* \"enum\": [\"ScheduleJobs\"],",
|
||||||
|
"* \"title\": \"Job Scheduling\",",
|
||||||
|
"* \"safe\": True,",
|
||||||
|
"* \"info\": \"Attempts to create a scheduled job on the system and remove it.\",",
|
||||||
|
"* \"attack_techniques\": [\"T1168\", \"T1053\"],",
|
||||||
|
"* },",
|
||||||
|
" {",
|
||||||
|
" \"type\": \"string\",",
|
||||||
|
" \"enum\": [\"Timestomping\"],"
|
||||||
|
],
|
||||||
|
"firstLineNumber": 52,
|
||||||
|
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
|
||||||
|
"comments": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "- The PBA details in this file are reflected on the Monkey Island in the PBA configuration.\n- PBAs are also linked to the relevant MITRE techniques in this file, whose results can then be seen in the MITRE ATT&CK report on the Monkey Island."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"symbols": {},
|
||||||
|
"file_version": "2.0.3",
|
||||||
|
"meta": {
|
||||||
|
"app_version": "0.5.7-0",
|
||||||
|
"file_blobs": {
|
||||||
|
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "7d62ac36e875ca3c249d808250cb3268e4d3d68d"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -18,24 +18,23 @@
|
||||||
"type": "snippet",
|
"type": "snippet",
|
||||||
"path": "monkey/infection_monkey/post_breach/actions/schedule_jobs.py",
|
"path": "monkey/infection_monkey/post_breach/actions/schedule_jobs.py",
|
||||||
"comments": [],
|
"comments": [],
|
||||||
"firstLineNumber": 15,
|
"firstLineNumber": 12,
|
||||||
"lines": [
|
"lines": [
|
||||||
" \"\"\"",
|
" \"\"\"",
|
||||||
" ",
|
" ",
|
||||||
" def __init__(self, telemetry_messenger: ITelemetryMessenger):",
|
" def __init__(self):",
|
||||||
"* linux_cmds, windows_cmds = get_commands_to_schedule_jobs()",
|
"* linux_cmds, windows_cmds = get_commands_to_schedule_jobs()",
|
||||||
"+ pass",
|
"+ pass",
|
||||||
"*",
|
"*",
|
||||||
"+ # Swimmer: IMPLEMENT HERE!",
|
"+ # Swimmer: IMPLEMENT HERE!",
|
||||||
"* super(ScheduleJobs, self).__init__(",
|
"* super(ScheduleJobs, self).__init__(",
|
||||||
"* telemetry_messenger,",
|
|
||||||
"* name=POST_BREACH_JOB_SCHEDULING,",
|
"* name=POST_BREACH_JOB_SCHEDULING,",
|
||||||
"* linux_cmd=\" \".join(linux_cmds),",
|
"* linux_cmd=\" \".join(linux_cmds),",
|
||||||
"* windows_cmd=windows_cmds,",
|
"* windows_cmd=windows_cmds,",
|
||||||
"* )",
|
"* )",
|
||||||
"*",
|
"*",
|
||||||
"* def run(self, options: Dict):",
|
"* def run(self):",
|
||||||
"* super(ScheduleJobs, self).run(options)",
|
"* super(ScheduleJobs, self).run()",
|
||||||
"* remove_scheduled_jobs()"
|
"* remove_scheduled_jobs()"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -45,11 +44,11 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"symbols": {},
|
"symbols": {},
|
||||||
"file_version": "2.0.3",
|
"file_version": "2.0.1",
|
||||||
"meta": {
|
"meta": {
|
||||||
"app_version": "0.6.6-2",
|
"app_version": "0.4.1-1",
|
||||||
"file_blobs": {
|
"file_blobs": {
|
||||||
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py": "4ab023e35fa4424f0c6583233f5b056c7b1cad51"
|
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py": "e7845968a0c27d2eba71a8889645fe88491cb2a8"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,87 @@
|
||||||
|
{
|
||||||
|
"id": "afMu3y3ny5lnrYFWl3EI",
|
||||||
|
"name": "Add a new Post Breach Action (PBA)",
|
||||||
|
"task": {
|
||||||
|
"dod": "You should add a new PBA to the Monkey which discovers all user accounts on the machine.",
|
||||||
|
"tests": [],
|
||||||
|
"hints": [
|
||||||
|
"See `ScheduleJobs` PBA for an example of a PBA which only uses shell commands.",
|
||||||
|
"Make sure to add the PBA to the configuration as well.",
|
||||||
|
"MITRE ATT&CK technique T1087 articulates that adversaries may attempt to get a listing of accounts on a system or within an environment which can help them determine which accounts can aid in follow-on behavior. Therefore, the AccountDiscovery PBA is relevant to it which will enable the ATT&CK technique and show it in ATT&CK report."
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"content": [
|
||||||
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "Read our [documentation](https://www.guardicore.com/infectionmonkey/docs/development/adding-post-breach-actions/) about adding a new PBA.\n\nAfter that we want you to add the AccountDiscovery PBA. The commands that add users for Windows and Linux can be retrieved from \\`get\\_commands\\_to\\_discover\\_accounts\\` — make sure you see how to use this function correctly.\n\nNote that the PBA should impact the T1087 MITRE technique as well.\n\n**Manual test to confirm**\n--------------------------\n\n1. Run the Monkey Island.\n \n2. Make sure your new PBA is enabled by default in the config. For this test, disable network scanning, exploiting, and all other PBAs.\n \n3. Run the Monkey Agent.\n \n4. See the PBA in the security report and in the MITRE report under the relevant technique."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"lines": [
|
||||||
|
" POST_BREACH_JOB_SCHEDULING = \"Schedule jobs\"",
|
||||||
|
" POST_BREACH_TIMESTOMPING = \"Modify files' timestamps\"",
|
||||||
|
" POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC = \"Signed script proxy execution\"",
|
||||||
|
"*POST_BREACH_ACCOUNT_DISCOVERY = \"Account discovery\"",
|
||||||
|
"+# SWIMMER: Put the new const here!",
|
||||||
|
" POST_BREACH_CLEAR_CMD_HISTORY = \"Clear command history\""
|
||||||
|
],
|
||||||
|
"firstLineNumber": 7,
|
||||||
|
"path": "monkey/common/common_consts/post_breach_consts.py",
|
||||||
|
"comments": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"lines": [
|
||||||
|
" ",
|
||||||
|
" class AccountDiscovery(PBA):",
|
||||||
|
" def __init__(self):",
|
||||||
|
"* linux_cmds, windows_cmds = get_commands_to_discover_accounts()",
|
||||||
|
"+ # SWIMMER: Implement here!",
|
||||||
|
"* super().__init__(",
|
||||||
|
"+ pass",
|
||||||
|
"* POST_BREACH_ACCOUNT_DISCOVERY, linux_cmd=\" \".join(linux_cmds), windows_cmd=windows_cmds",
|
||||||
|
"* )"
|
||||||
|
],
|
||||||
|
"firstLineNumber": 7,
|
||||||
|
"path": "monkey/infection_monkey/post_breach/actions/discover_accounts.py",
|
||||||
|
"comments": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "snippet",
|
||||||
|
"lines": [
|
||||||
|
" \"with the help of a pre-existing signed script.\",",
|
||||||
|
" \"attack_techniques\": [\"T1216\"],",
|
||||||
|
" },",
|
||||||
|
"* {",
|
||||||
|
"+ # SWIMMER: Add details here!",
|
||||||
|
"* \"type\": \"string\",",
|
||||||
|
"* \"enum\": [\"AccountDiscovery\"],",
|
||||||
|
"* \"title\": \"Account Discovery\",",
|
||||||
|
"* \"safe\": True,",
|
||||||
|
"* \"info\": \"Attempts to get a listing of user accounts on the system.\",",
|
||||||
|
"* \"attack_techniques\": [\"T1087\"],",
|
||||||
|
"* },",
|
||||||
|
" {",
|
||||||
|
" \"type\": \"string\",",
|
||||||
|
" \"enum\": [\"ClearCommandHistory\"],"
|
||||||
|
],
|
||||||
|
"firstLineNumber": 80,
|
||||||
|
"path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
|
||||||
|
"comments": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "text",
|
||||||
|
"text": "Many PBAs use shell commands or scripts — see `Timestomping` and `AccountDiscovery`.\n\nOn the other hand, some are less straightforward. You can override functions and implement new classes depending on what is required, to implement complicated PBAs — see `SignedScriptProxyExecution` and `ModifyShellStartupFiles`. \n \n\nThis PBA, along with the others, will run on a system after it has been breached. The purpose of this code is to test whether target systems allow attackers to gather details about all the user accounts that are present on a system or in an environment."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"symbols": {},
|
||||||
|
"file_version": "2.0.3",
|
||||||
|
"meta": {
|
||||||
|
"app_version": "0.5.7-0",
|
||||||
|
"file_blobs": {
|
||||||
|
"monkey/common/common_consts/post_breach_consts.py": "01d31448269e5581dbe0176c289f7dd36cc5854f",
|
||||||
|
"monkey/infection_monkey/post_breach/actions/discover_accounts.py": "8fdebd0df97655e4cba3aebcdcf3c5ed1d1b6cbd",
|
||||||
|
"monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "88a3e8cb59fb0d1c07c9487bcb4eaab7b8087d84"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
183
.travis.yml
|
@ -4,137 +4,90 @@
|
||||||
|
|
||||||
group: travis_latest
|
group: travis_latest
|
||||||
|
|
||||||
branches:
|
language: python
|
||||||
only:
|
|
||||||
- develop
|
|
||||||
- master
|
|
||||||
- fix-travis
|
|
||||||
|
|
||||||
jobs:
|
env:
|
||||||
include:
|
- PIP_CACHE_DIR=$HOME/.cache/pip PIPENV_CACHE_DIR=$HOME/.cache/pipenv
|
||||||
- name: "Monkey Linux"
|
|
||||||
language: python
|
|
||||||
python:
|
|
||||||
- 3.7
|
|
||||||
os: linux
|
|
||||||
dist: focal
|
|
||||||
vm:
|
|
||||||
size: x-large
|
|
||||||
env:
|
|
||||||
- PIP_CACHE_DIR=$HOME/.cache/pip PIPENV_CACHE_DIR=$HOME/.cache/pipenv LIBSODIUM_MAKE_ARGS=-j8
|
|
||||||
|
|
||||||
cache:
|
cache:
|
||||||
- pip: true
|
- pip
|
||||||
- npm: true
|
- directories:
|
||||||
- directories:
|
- "$HOME/.npm"
|
||||||
- "$HOME/.npm"
|
- $PIP_CACHE_DIR
|
||||||
- $PIP_CACHE_DIR
|
- $PIPENV_CACHE_DIR
|
||||||
- $PIPENV_CACHE_DIR
|
|
||||||
|
|
||||||
install:
|
python:
|
||||||
# Python
|
- 3.7
|
||||||
- nproc
|
|
||||||
- pip install pip --upgrade
|
|
||||||
- pipenv --version
|
|
||||||
# Install island and monkey requirements as they are needed by UT's
|
|
||||||
- pushd monkey/monkey_island
|
|
||||||
- pipenv sync --dev # This installs dependencies from lock
|
|
||||||
- popd
|
|
||||||
- pushd monkey/infection_monkey
|
|
||||||
- pipenv sync --dev # This installs dependencies from lock
|
|
||||||
- popd
|
|
||||||
|
|
||||||
# node + npm + eslint
|
os: linux
|
||||||
- node --version
|
|
||||||
- npm --version
|
|
||||||
- nvm --version
|
|
||||||
- nvm install 16
|
|
||||||
- nvm use node
|
|
||||||
- npm i -g eslint
|
|
||||||
- node --version
|
|
||||||
- npm --version
|
|
||||||
|
|
||||||
# hugo (for documentation)
|
|
||||||
- curl -L https://github.com/gohugoio/hugo/releases/download/v0.92.0/hugo_0.92.0_Linux-64bit.tar.gz --output hugo.tar.gz
|
|
||||||
# print hugo version (useful for debugging documentation build errors)
|
|
||||||
- tar -zxf hugo.tar.gz
|
|
||||||
- ./hugo version
|
|
||||||
|
|
||||||
script:
|
install:
|
||||||
# check python code
|
# Python
|
||||||
## check syntax errors and fail the build if any are found.
|
- pip install pipenv
|
||||||
- flake8 .
|
# Install island and monkey requirements as they are needed by UT's
|
||||||
## check import order
|
- pushd monkey/monkey_island
|
||||||
- python -m isort ./monkey --check-only
|
- pipenv sync --dev # This installs dependencies from lock
|
||||||
|
- popd
|
||||||
|
- pushd monkey/infection_monkey
|
||||||
|
- pipenv sync --dev # This installs dependencies from lock
|
||||||
|
- popd
|
||||||
|
|
||||||
## check that all python is properly formatted. fail otherwise.
|
# node + npm + eslint
|
||||||
- python -m black --check .
|
- node --version
|
||||||
|
- npm --version
|
||||||
|
- nvm --version
|
||||||
|
- nvm install 12
|
||||||
|
- nvm use node
|
||||||
|
- npm i -g eslint
|
||||||
|
- node --version
|
||||||
|
- npm --version
|
||||||
|
|
||||||
## check that there is no dead python code
|
# hugo (for documentation)
|
||||||
- python -m vulture .
|
- curl -L https://github.com/gohugoio/hugo/releases/download/v0.85.0/hugo_0.85.0_Linux-64bit.tar.gz --output hugo.tar.gz
|
||||||
|
# print hugo version (useful for debugging documentation build errors)
|
||||||
|
- tar -zxf hugo.tar.gz
|
||||||
|
- ./hugo version
|
||||||
|
|
||||||
## run unit tests and generate coverage data
|
script:
|
||||||
- cd monkey # this is our source dir
|
# Check Python code
|
||||||
- pip install pytest-xdist
|
## Check syntax errors and fail the build if any are found.
|
||||||
- python -m pytest -n auto --dist loadscope --cov=. # have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path.
|
- flake8 .
|
||||||
|
|
||||||
# check js code. the npm install must happen after the flake8 because the node_modules folder will cause a lot of errors.
|
## Check import order
|
||||||
- cd monkey_island/cc/ui
|
- python -m isort ./monkey --check-only
|
||||||
- npm ci # see https://docs.npmjs.com/cli/ci.html
|
|
||||||
- eslint ./src --quiet # test for errors
|
|
||||||
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=0
|
|
||||||
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # test for max warnings
|
|
||||||
|
|
||||||
# build documentation
|
## Check that all python is properly formatted. Fail otherwise.
|
||||||
- cd $TRAVIS_BUILD_DIR/docs
|
- python -m black --check .
|
||||||
- ../hugo --verbose --environment staging
|
|
||||||
|
|
||||||
# verify swimm
|
## Check that there is no dead python code
|
||||||
- cd $TRAVIS_BUILD_DIR
|
- python -m vulture .
|
||||||
- curl -l https://releases.swimm.io/ci/latest/packed-swimm-linux-cli --output swimm-cli
|
|
||||||
- chmod u+x swimm-cli
|
|
||||||
- ./swimm-cli --version
|
|
||||||
- ./swimm-cli verify
|
|
||||||
|
|
||||||
after_success:
|
## Run unit tests and generate coverage data
|
||||||
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
|
- cd monkey # This is our source dir
|
||||||
- bash <(curl -s https://codecov.io/bash)
|
- python -m pytest --cov=. # Have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path.
|
||||||
|
|
||||||
- name: "Monkey Windows"
|
# Check JS code. The npm install must happen AFTER the flake8 because the node_modules folder will cause a lot of errors.
|
||||||
language: bash
|
- cd monkey_island/cc/ui
|
||||||
os: windows
|
- npm ci # See https://docs.npmjs.com/cli/ci.html
|
||||||
vm:
|
- eslint ./src --quiet # Test for errors
|
||||||
size: x-large
|
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=0
|
||||||
before_install:
|
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
|
||||||
- choco install python --version=3.7.9
|
|
||||||
- python -m pip install -U pip setuptools virtualenv
|
|
||||||
- python -m virtualenv $HOME/venv
|
|
||||||
- source $HOME/venv/Scripts/activate
|
|
||||||
env:
|
|
||||||
PATH=/c/Python37:/c/Python37/Scripts:$PATH
|
|
||||||
cache:
|
|
||||||
pip: true
|
|
||||||
directories:
|
|
||||||
- $LOCALAPPDATA/pip/Cache
|
|
||||||
- $LOCALAPPDATA/pipenv/Cache
|
|
||||||
install:
|
|
||||||
# Python
|
|
||||||
- nproc
|
|
||||||
- pip install pipenv==2022.7.4
|
|
||||||
# Install island and monkey requirements as they are needed by UT's
|
|
||||||
- pushd monkey/monkey_island
|
|
||||||
- pipenv sync --dev # This installs dependencies from lock
|
|
||||||
- popd
|
|
||||||
- pushd monkey/infection_monkey
|
|
||||||
- pipenv sync --dev # This installs dependencies from lock
|
|
||||||
- popd
|
|
||||||
|
|
||||||
script:
|
# Build documentation
|
||||||
## run unit tests and generate coverage data
|
- cd $TRAVIS_BUILD_DIR/docs
|
||||||
- cd monkey # this is our source dir
|
- ../hugo --verbose --environment staging
|
||||||
- pip install pytest-xdist
|
|
||||||
- python -m pytest -n auto --dist loadscope
|
|
||||||
|
|
||||||
|
# verify swimm
|
||||||
|
- cd $TRAVIS_BUILD_DIR
|
||||||
|
- curl -L https://github.com/swimmio/SwimmReleases/releases/latest/download/packed-swimm-linux-cli --output swimm-cli
|
||||||
|
- chmod u+x swimm-cli
|
||||||
|
- ./swimm-cli --version
|
||||||
|
- ./swimm-cli verify
|
||||||
|
|
||||||
|
after_success:
|
||||||
|
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
|
||||||
|
- bash <(curl -s https://codecov.io/bash)
|
||||||
|
|
||||||
notifications:
|
notifications:
|
||||||
slack: # Notify to slack
|
slack: # Notify to slack
|
||||||
|
|
115
CHANGELOG.md
|
@ -8,72 +8,15 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
### Added
|
### Added
|
||||||
- credentials.json file for storing Monkey Island user login information. #1206
|
- credentials.json file for storing Monkey Island user login information. #1206
|
||||||
- "GET /api/propagation-credentials/<string:guid>" endpoint for agents to
|
|
||||||
retrieve updated credentials from the Island. #1538
|
|
||||||
- "GET /api/island/ip-addresses" endpoint to get IP addresses of the Island server
|
|
||||||
network interfaces. #1996
|
|
||||||
- SSHCollector as a configurable System info Collector. #1606
|
|
||||||
- deployment_scrips/install-infection-monkey-service.sh to install an AppImage
|
|
||||||
as a service. #1552
|
|
||||||
- The ability to download the Monkey Island logs from the Infection Map page. #1640
|
|
||||||
- `/api/reset-agent-configuration` endpoint. #2036
|
|
||||||
- `/api/clear-simulation-data` endpoint. #2036
|
|
||||||
- `/api/registration-status` endpoint. #2149
|
|
||||||
- authentication to `/api/island/version`. #2109
|
|
||||||
- `/api/agent-events` endpoint. #2155, #2300
|
|
||||||
- The ability to customize the file extension used by ransomware when
|
|
||||||
encrypting files. #1242
|
|
||||||
- `/api/agents` endpoint. #2362
|
|
||||||
- `/api/agent-signals` endpoint. #2261
|
|
||||||
- `/api/agent-logs/<uuid:agent_id>` endpoint. #2274
|
|
||||||
- `/api/machines` endpoint. #2362
|
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
- Reset workflow. Now it's possible to delete data gathered by agents without
|
|
||||||
resetting the configuration and reset procedure requires fewer clicks. #957
|
|
||||||
- "Communicate as Backdoor User" PBA's HTTP requests to request headers only and
|
- "Communicate as Backdoor User" PBA's HTTP requests to request headers only and
|
||||||
include a timeout. #1577
|
include a timeout. #1577
|
||||||
- The setup procedure for custom server_config.json files to be simpler. #1576
|
|
||||||
- The order and content of Monkey Island's initialization logging to give
|
|
||||||
clearer instructions to the user and avoid confusion. #1684
|
|
||||||
- The process list collection system info collector to now be a post-breach action. #1697
|
|
||||||
- The "/api/monkey/download" endpoint to accept an OS and return a file. #1675
|
|
||||||
- Log messages to contain human-readable thread names. #1766
|
|
||||||
- The log file name to `infection-monkey-agent-<TIMESTAMP>-<RANDOM_STRING>.log`. #1761
|
|
||||||
- "Logs" page renamed to "Telemetries". #1640
|
|
||||||
- The "/api/fileUpload" endpoint to "/api/file-upload". #1888
|
|
||||||
- The "/api/test/clear_caches" endpoint to "/api/test/clear-caches". #1888
|
|
||||||
- The "/api/netmap/nodeStates" endpoint to "/api/netmap/node-states". #1888
|
|
||||||
- All "/api/monkey_control" endpoints to "/api/monkey-control". #1888
|
|
||||||
- All "/api/monkey" endpoints to "/api/agent". #1888
|
|
||||||
- Analytics and version update queries are sent separately instead of just one query. #2165
|
|
||||||
- Update MongoDB version to 4.4.x. #1924
|
|
||||||
- Endpoint to get agent binaries from "/api/agent/download/<string:os>" to
|
|
||||||
"/api/agent-binaries/<string:os>". #1978
|
|
||||||
- Depth flag (-d) on the agent now acts the way you would expect(it represents
|
|
||||||
the current depth of the agent, not hops remaining). #2033
|
|
||||||
- Agent configuration structure. #1996, #1998, #1961, #1997, #1994, #1741,
|
|
||||||
#1761, #1695, #1605, #2028, #2003
|
|
||||||
- `/api/island-mode` to accept and return new "unset" mode. #2036
|
|
||||||
- `/api/version-update` to `api/island/version`. #2109
|
|
||||||
- `/api/island-mode` to `/api/island/mode`. #2106
|
|
||||||
- `/api/log/island/download` endpoint to `/api/island/log`. #2107
|
|
||||||
- `/api/auth` endpoint to `/api/authenticate`. #2105
|
|
||||||
- `/api/registration` endpoint to `/api/register`. #2105
|
|
||||||
- `/api/file-upload` endpoit to `/api/pba/upload`. #2154
|
|
||||||
- Improved the speed of ransomware encryption by 2-3x. #2123
|
|
||||||
- "-s/--server" to "-s/--servers". #2216
|
|
||||||
- "-s/--servers" accepts list of servers separated by comma. #2216
|
|
||||||
- Tunneling to relays to provide better firewall evasion, faster Island
|
|
||||||
connection times, unlimited hops, and a more resilient way for agents to call
|
|
||||||
home. #2216, #1583
|
|
||||||
- "/api/monkey-control/stop-all-agents" to "/api/agent-signals/terminate-all-agents". #2261
|
|
||||||
- "Local network scan" option to "Scan Agent's networks". #2299
|
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
- VSFTPD exploiter. #1533
|
- The VSFTPD exploiter. #1533
|
||||||
- Manual agent run command for CMD. #1556
|
- Manual agent run command for CMD. #1570
|
||||||
- Sambacry exploiter. #1567, #1693
|
- Sambacry exploiter. #1567
|
||||||
- "Kill file" option in the config. #1536
|
- "Kill file" option in the config. #1536
|
||||||
- Netstat collector, because network connection information wasn't used anywhere. #1535
|
- Netstat collector, because network connection information wasn't used anywhere. #1535
|
||||||
- Checkbox to disable/enable sending log to server. #1537
|
- Checkbox to disable/enable sending log to server. #1537
|
||||||
|
@ -88,64 +31,14 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- Hostname system info collector. #1535
|
- Hostname system info collector. #1535
|
||||||
- Max iterations and timeout between iterations config options. #1600
|
- Max iterations and timeout between iterations config options. #1600
|
||||||
- MITRE ATT&CK configuration screen. #1532
|
- MITRE ATT&CK configuration screen. #1532
|
||||||
- Propagation credentials from "GET /api/monkey/<string:guid>" endpoint. #1538
|
|
||||||
- "GET /api/monkey_control/check_remote_port/<string:port>" endpoint. #1635
|
|
||||||
- Max victims to find/exploit, TCP scan interval and TCP scan get banner internal options. #1597
|
|
||||||
- MySQL fingerprinter. #1648
|
|
||||||
- MS08-067 (Conficker) exploiter. #1677
|
|
||||||
- Agent bootloader. #1676
|
|
||||||
- Zero Trust integration with ScoutSuite. #1669
|
|
||||||
- ShellShock exploiter. #1733
|
|
||||||
- ElasticGroovy exploiter. #1732
|
|
||||||
- T1082 attack technique report. #1695
|
|
||||||
- 32-bit agents. #1675
|
|
||||||
- Log path config options. #1761
|
|
||||||
- "smb_service_name" option. #1741
|
|
||||||
- Struts2 exploiter. #1869
|
|
||||||
- Drupal exploiter. #1869
|
|
||||||
- WebLogic exploiter. #1869
|
|
||||||
- The /api/t1216-pba/download endpoint. #1864
|
|
||||||
- Island log download button from "Telemetries"(previously called "Logs") page. #1640
|
|
||||||
- "/api/client-monkey" endpoint. #1889
|
|
||||||
- "+dev" from version numbers. #1553
|
|
||||||
- agent's "--config" argument. #906
|
|
||||||
- Option to export monkey telemetries. #1998
|
|
||||||
- "/api/configuration/import" endpoint. #2002
|
|
||||||
- "/api/configuration/export" endpoint. #2002
|
|
||||||
- "/api/island-configuration" endpoint. #2003
|
|
||||||
- "-t/--tunnel" from agent command line arguments. #2216
|
|
||||||
- "/api/monkey-control/neets-to-stop". #2261
|
|
||||||
- "GET /api/test/monkey" endpoint. #2269
|
|
||||||
- "GET /api/test/log" endpoint. #2269
|
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
- A bug in network map page that caused delay of telemetry log loading. #1545
|
- A bug in network map page that caused delay of telemetry log loading. #1545
|
||||||
- Windows "run as a user" powershell command for manual agent runs. #1556
|
- Windows "run as a user" powershell command for manual agent runs. #1570
|
||||||
- A bug in the "Signed Script Proxy Execution" PBA that downloaded the exe on Linux
|
- A bug in the "Signed Script Proxy Execution" PBA that downloaded the exe on Linux
|
||||||
systems as well. #1557
|
systems as well. #1557
|
||||||
- A bug where T1216_random_executable.exe was copied to disk even if the signed
|
|
||||||
script proxy execution PBA was disabled. #1864
|
|
||||||
- Unnecessary collection of kerberos credentials. #1771
|
|
||||||
- A bug where bogus users were collected by Mimikatz and added to the config. #1860
|
|
||||||
- A bug where windows executable was not self deleting. #1763
|
|
||||||
- Incorrect line number in the telemetry overview window on the Map page. #1850
|
|
||||||
- Automatic jumping to the bottom in the telemetry overview windows. #1850
|
|
||||||
- 2-second delay when the Island server starts, and it's not running on AWS. #1636
|
|
||||||
- Malformed MSSQL agent launch command. #2018
|
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
- Change SSH exploiter so that it does not set the permissions of the agent
|
|
||||||
binary in /tmp on the target system to 777, as this could allow a malicious
|
|
||||||
actor with local access to escalate their privileges. #1750
|
|
||||||
|
|
||||||
## [1.13.0] - 2022-01-25
|
|
||||||
### Added
|
|
||||||
- A new exploiter that allows propagation via the Log4Shell vulnerability
|
|
||||||
(CVE-2021-44228). #1663
|
|
||||||
|
|
||||||
### Fixed
|
|
||||||
- Exploiters attempting to start servers listening on privileged ports,
|
|
||||||
resulting in failed propagation. 8f53a5c
|
|
||||||
|
|
||||||
|
|
||||||
## [1.12.0] - 2021-10-27
|
## [1.12.0] - 2021-10-27
|
||||||
|
|
21
README.md
|
@ -1,7 +1,7 @@
|
||||||
# Infection Monkey
|
# Infection Monkey
|
||||||
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/guardicore/monkey)](https://github.com/guardicore/monkey/releases)
|
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/guardicore/monkey)](https://github.com/guardicore/monkey/releases)
|
||||||
|
|
||||||
[![Build Status](https://app.travis-ci.com/guardicore/monkey.svg?branch=develop)](https://app.travis-ci.com/guardicore/monkey)
|
[![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey)
|
||||||
[![codecov](https://codecov.io/gh/guardicore/monkey/branch/develop/graph/badge.svg)](https://codecov.io/gh/guardicore/monkey)
|
[![codecov](https://codecov.io/gh/guardicore/monkey/branch/develop/graph/badge.svg)](https://codecov.io/gh/guardicore/monkey)
|
||||||
|
|
||||||
![GitHub stars](https://img.shields.io/github/stars/guardicore/monkey)
|
![GitHub stars](https://img.shields.io/github/stars/guardicore/monkey)
|
||||||
|
@ -18,18 +18,7 @@ The Infection Monkey is comprised of two parts:
|
||||||
* **Monkey** - A tool which infects other machines and propagates to them.
|
* **Monkey** - A tool which infects other machines and propagates to them.
|
||||||
* **Monkey Island** - A dedicated server to control and visualize the Infection Monkey's progress inside the data center.
|
* **Monkey Island** - A dedicated server to control and visualize the Infection Monkey's progress inside the data center.
|
||||||
|
|
||||||
To read more about the Monkey, visit [akamai.com/infectionmonkey](https://www.akamai.com/infectionmonkey).
|
To read more about the Monkey, visit [infectionmonkey.com](https://infectionmonkey.com).
|
||||||
|
|
||||||
## 💥 We're Hiring 💥
|
|
||||||
We are looking for a software engineering manager with a passion for UX and
|
|
||||||
cybersecurity to join the Infection Monkey development team. This is a remote
|
|
||||||
position and is open anywhere in Israel. You can learn more about Infection
|
|
||||||
Monkey on our [website](https://www.akamai.com/infectionmonkey).
|
|
||||||
|
|
||||||
For more information, or to apply, see the official job post:
|
|
||||||
- [Israel](https://akamaicareers.inflightcloud.com/jobdetails/aka_ext/028224?section=aka_ext&job=028224)
|
|
||||||
|
|
||||||
test1111
|
|
||||||
|
|
||||||
## Screenshots
|
## Screenshots
|
||||||
|
|
||||||
|
@ -57,8 +46,10 @@ The Infection Monkey uses the following techniques and exploits to propagate to
|
||||||
* SSH
|
* SSH
|
||||||
* SMB
|
* SMB
|
||||||
* WMI
|
* WMI
|
||||||
* Log4Shell
|
* Shellshock
|
||||||
* Zerologon
|
* Conficker
|
||||||
|
* Elastic Search (CVE-2015-1427)
|
||||||
|
* Weblogic server
|
||||||
* and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.
|
* and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.
|
||||||
|
|
||||||
## Setup
|
## Setup
|
||||||
|
|
|
@ -13,10 +13,6 @@ export TKPATH="${TK_LIBRARY}"
|
||||||
# Export SSL certificate
|
# Export SSL certificate
|
||||||
export SSL_CERT_FILE="${APPDIR}/opt/_internal/certs.pem"
|
export SSL_CERT_FILE="${APPDIR}/opt/_internal/certs.pem"
|
||||||
|
|
||||||
if [ "$1" == "service" ] ; then
|
|
||||||
exec /bin/bash "${APPDIR}/install-infection-monkey-service.sh" ${@:2}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Call the entry point
|
# Call the entry point
|
||||||
for opt in "$@"
|
for opt in "$@"
|
||||||
do
|
do
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
LINUXDEPLOY_URL="https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage"
|
LINUXDEPLOY_URL="https://github.com/linuxdeploy/linuxdeploy/releases/download/continuous/linuxdeploy-x86_64.AppImage"
|
||||||
PYTHON_VERSION="3.7.14"
|
PYTHON_VERSION="3.7.12"
|
||||||
PYTHON_APPIMAGE_URL="https://github.com/niess/python-appimage/releases/download/python3.7/python${PYTHON_VERSION}-cp37-cp37m-manylinux1_x86_64.AppImage"
|
PYTHON_APPIMAGE_URL="https://github.com/niess/python-appimage/releases/download/python3.7/python${PYTHON_VERSION}-cp37-cp37m-manylinux1_x86_64.AppImage"
|
||||||
APPIMAGE_DIR=$(realpath "$(dirname "${BASH_SOURCE[0]}")")
|
APPIMAGE_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
||||||
APPDIR="$APPIMAGE_DIR/squashfs-root"
|
APPDIR="$APPIMAGE_DIR/squashfs-root"
|
||||||
BUILD_DIR="$APPDIR/usr/src"
|
BUILD_DIR="$APPDIR/usr/src"
|
||||||
|
|
||||||
|
@ -28,9 +28,8 @@ setup_build_dir() {
|
||||||
local agent_binary_dir=$1
|
local agent_binary_dir=$1
|
||||||
local monkey_repo=$2
|
local monkey_repo=$2
|
||||||
local deployment_type=$3
|
local deployment_type=$3
|
||||||
local is_release_build=$4
|
|
||||||
|
|
||||||
pushd "$APPIMAGE_DIR" || handle_error
|
pushd $APPIMAGE_DIR
|
||||||
|
|
||||||
setup_python_37_appdir
|
setup_python_37_appdir
|
||||||
|
|
||||||
|
@ -38,7 +37,6 @@ setup_build_dir() {
|
||||||
|
|
||||||
copy_monkey_island_to_build_dir "$monkey_repo/monkey" "$BUILD_DIR"
|
copy_monkey_island_to_build_dir "$monkey_repo/monkey" "$BUILD_DIR"
|
||||||
copy_server_config_to_build_dir
|
copy_server_config_to_build_dir
|
||||||
copy_infection_monkey_service_to_build_dir
|
|
||||||
modify_deployment "$deployment_type" "$BUILD_DIR"
|
modify_deployment "$deployment_type" "$BUILD_DIR"
|
||||||
add_agent_binaries_to_build_dir "$agent_binary_dir" "$BUILD_DIR"
|
add_agent_binaries_to_build_dir "$agent_binary_dir" "$BUILD_DIR"
|
||||||
|
|
||||||
|
@ -46,11 +44,11 @@ setup_build_dir() {
|
||||||
install_mongodb
|
install_mongodb
|
||||||
|
|
||||||
generate_ssl_cert "$BUILD_DIR"
|
generate_ssl_cert "$BUILD_DIR"
|
||||||
build_frontend "$BUILD_DIR" "$is_release_build"
|
build_frontend "$BUILD_DIR"
|
||||||
|
|
||||||
remove_python_appdir_artifacts
|
remove_python_appdir_artifacts
|
||||||
|
|
||||||
popd || handle_error
|
popd
|
||||||
}
|
}
|
||||||
|
|
||||||
setup_python_37_appdir() {
|
setup_python_37_appdir() {
|
||||||
|
@ -65,28 +63,30 @@ setup_python_37_appdir() {
|
||||||
rm "$PYTHON_APPIMAGE"
|
rm "$PYTHON_APPIMAGE"
|
||||||
}
|
}
|
||||||
|
|
||||||
copy_infection_monkey_service_to_build_dir() {
|
|
||||||
cp "$APPIMAGE_DIR"/install-infection-monkey-service.sh "$APPDIR"
|
|
||||||
}
|
|
||||||
|
|
||||||
copy_server_config_to_build_dir() {
|
copy_server_config_to_build_dir() {
|
||||||
cp "$APPIMAGE_DIR"/server_config.json.standard "$BUILD_DIR"/monkey_island/cc/server_config.json
|
cp "$APPIMAGE_DIR"/server_config.json.standard "$BUILD_DIR"/monkey_island/cc/server_config.json
|
||||||
}
|
}
|
||||||
|
|
||||||
install_monkey_island_python_dependencies() {
|
install_monkey_island_python_dependencies() {
|
||||||
log_message "Installing island requirements"
|
log_message "Installing island requirements"
|
||||||
|
|
||||||
log_message "Installing pipenv"
|
log_message "Installing pipenv"
|
||||||
"$APPDIR"/AppRun -m pip install pipenv==2022.7.4 || handle_error
|
"$APPDIR"/AppRun -m pip install pipenv || handle_error
|
||||||
export CI=1
|
|
||||||
|
|
||||||
log_message "Installing dependencies"
|
requirements_island="$BUILD_DIR/monkey_island/requirements.txt"
|
||||||
pushd "$BUILD_DIR/monkey_island" || handle_error
|
generate_requirements_from_pipenv_lock "$requirements_island"
|
||||||
"$APPDIR"/AppRun -m pipenv --python "$APPDIR/AppRun" sync --system || handle_error
|
|
||||||
popd || handle_error
|
|
||||||
|
|
||||||
log_message "Uninstalling pipenv (build dependency only)"
|
log_message "Installing island python requirements"
|
||||||
"$APPDIR"/AppRun -m pip uninstall --yes pipenv virtualenv || handle_error
|
"$APPDIR"/AppRun -m pip install -r "${requirements_island}" --ignore-installed || handle_error
|
||||||
|
}
|
||||||
|
|
||||||
|
generate_requirements_from_pipenv_lock () {
|
||||||
|
local requirements_island=$1
|
||||||
|
|
||||||
|
log_message "Generating a requirements.txt file with 'pipenv lock -r'"
|
||||||
|
pushd "$BUILD_DIR/monkey_island"
|
||||||
|
"$APPDIR"/AppRun -m pipenv --python "$APPDIR/AppRun" lock -r > "$requirements_island" || handle_error
|
||||||
|
popd
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -104,12 +104,18 @@ remove_python_appdir_artifacts() {
|
||||||
}
|
}
|
||||||
|
|
||||||
build_package() {
|
build_package() {
|
||||||
local version=$1
|
local commit_id=$2
|
||||||
local dist_dir=$2
|
local dist_dir=$3
|
||||||
|
|
||||||
log_message "Building AppImage"
|
log_message "Building AppImage"
|
||||||
|
|
||||||
pushd "$APPIMAGE_DIR" || handle_error
|
if [ -n "$1" ]; then
|
||||||
|
local version="v$1"
|
||||||
|
else
|
||||||
|
local version="$commit_id"
|
||||||
|
fi
|
||||||
|
|
||||||
|
pushd "$APPIMAGE_DIR"
|
||||||
ARCH="x86_64" linuxdeploy \
|
ARCH="x86_64" linuxdeploy \
|
||||||
--appdir "$APPIMAGE_DIR/squashfs-root" \
|
--appdir "$APPIMAGE_DIR/squashfs-root" \
|
||||||
--icon-file "$ICON_PATH" \
|
--icon-file "$ICON_PATH" \
|
||||||
|
@ -119,17 +125,11 @@ build_package() {
|
||||||
--output appimage
|
--output appimage
|
||||||
|
|
||||||
dst_name="InfectionMonkey-$version.AppImage"
|
dst_name="InfectionMonkey-$version.AppImage"
|
||||||
move_package_to_dist_dir "$dist_dir" "$dst_name"
|
move_package_to_dist_dir $dist_dir $dst_name
|
||||||
|
|
||||||
popd || handle_error
|
popd
|
||||||
}
|
}
|
||||||
|
|
||||||
move_package_to_dist_dir() {
|
move_package_to_dist_dir() {
|
||||||
mv Infection*Monkey*.AppImage "$1/$2"
|
mv Infection*Monkey*.AppImage "$1/$2"
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup() {
|
|
||||||
echo "Cleaning appimage build dirs"
|
|
||||||
|
|
||||||
rm -rf "$APPIMAGE_DIR/squashfs-root"
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,165 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
SCRIPT_NAME="$(basename "${APPIMAGE}")"
|
|
||||||
SYSTEMD_UNIT_FILENAME="infection-monkey.service"
|
|
||||||
TMP_SYSTEMD_UNIT="${PWD}/${SYSTEMD_UNIT_FILENAME}"
|
|
||||||
SYSTEMD_DIR="/lib/systemd/system"
|
|
||||||
MONKEY_BIN="/opt/infection-monkey/bin"
|
|
||||||
APPIMAGE_NAME="InfectionMonkey.AppImage"
|
|
||||||
|
|
||||||
die() {
|
|
||||||
echo "$1" >&2
|
|
||||||
echo ""
|
|
||||||
echo_help
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
echo_help() {
|
|
||||||
echo "Installs the Infection Monkey service to run on boot."
|
|
||||||
echo ""
|
|
||||||
echo "Usage:"
|
|
||||||
echo " ${SCRIPT_NAME} service --install --user <USERNAME>"
|
|
||||||
echo " ${SCRIPT_NAME} service --uninstall"
|
|
||||||
echo " ${SCRIPT_NAME} service -h|--help"
|
|
||||||
echo ""
|
|
||||||
echo "Options:"
|
|
||||||
echo " --install Install the Infection Monkey service"
|
|
||||||
echo " --user Configure the Infection Monkey service to run as a specific user"
|
|
||||||
echo " --uninstall Uninstall Infection Monkey service"
|
|
||||||
}
|
|
||||||
|
|
||||||
install_service() {
|
|
||||||
copy_appimage
|
|
||||||
install_systemd_unit "$1"
|
|
||||||
|
|
||||||
echo "The Infection Monkey service has been installed and will start on boot."
|
|
||||||
echo "Run 'systemctl start infection-monkey' to start the service now."
|
|
||||||
}
|
|
||||||
|
|
||||||
copy_appimage() {
|
|
||||||
sudo mkdir --mode=0755 -p "${MONKEY_BIN}"
|
|
||||||
|
|
||||||
if [ "${APPIMAGE}" != "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then
|
|
||||||
umask 022
|
|
||||||
sudo cp "${APPIMAGE}" "${MONKEY_BIN}/${APPIMAGE_NAME}"
|
|
||||||
sudo chmod 755 "${MONKEY_BIN}/${APPIMAGE_NAME}"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
install_systemd_unit() {
|
|
||||||
umask 077
|
|
||||||
cat > "${TMP_SYSTEMD_UNIT}" << EOF
|
|
||||||
[Unit]
|
|
||||||
Description=Infection Monkey Runner
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
User=$1
|
|
||||||
Type=simple
|
|
||||||
ExecStart="${MONKEY_BIN}/${APPIMAGE_NAME}"
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
EOF
|
|
||||||
|
|
||||||
sudo mv "${TMP_SYSTEMD_UNIT}" "${SYSTEMD_DIR}/${SYSTEMD_UNIT_FILENAME}"
|
|
||||||
sudo systemctl enable "${SYSTEMD_UNIT_FILENAME}" &>/dev/null
|
|
||||||
}
|
|
||||||
|
|
||||||
uninstall_service() {
|
|
||||||
if [ -f "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then
|
|
||||||
sudo rm -f "${MONKEY_BIN}/${APPIMAGE_NAME}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "${SYSTEMD_DIR}/${SYSTEMD_UNIT_FILENAME}" ] ; then
|
|
||||||
sudo systemctl stop "${SYSTEMD_UNIT_FILENAME}" 2>/dev/null
|
|
||||||
sudo systemctl disable "${SYSTEMD_UNIT_FILENAME}" &>/dev/null
|
|
||||||
sudo rm "${SYSTEMD_DIR}/${SYSTEMD_UNIT_FILENAME}"
|
|
||||||
sudo systemctl daemon-reload
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "The Infection Monkey service has been uninstalled"
|
|
||||||
}
|
|
||||||
|
|
||||||
exit_if_user_doesnt_exist() {
|
|
||||||
if ! user_exists "$1" ; then
|
|
||||||
die "Error: User '$1' does not exist."
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
user_exists() {
|
|
||||||
id -u "$1" &>/dev/null
|
|
||||||
}
|
|
||||||
|
|
||||||
has_sudo() {
|
|
||||||
# 0 true, 1 false
|
|
||||||
sudo -nv > /dev/null 2>&1
|
|
||||||
return $?
|
|
||||||
}
|
|
||||||
|
|
||||||
exit_if_missing_argument() {
|
|
||||||
if [ -z "$2" ] || [ "${2:0:1}" == "-" ]; then
|
|
||||||
die "Error: Argument for parameter '$1' is missing."
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
do_uninstall=false
|
|
||||||
do_install=false
|
|
||||||
username=""
|
|
||||||
|
|
||||||
while (( "$#" )); do
|
|
||||||
case "$1" in
|
|
||||||
--user)
|
|
||||||
exit_if_missing_argument "$1" "$2"
|
|
||||||
exit_if_user_doesnt_exist "$2"
|
|
||||||
username=$2
|
|
||||||
shift 2
|
|
||||||
;;
|
|
||||||
--install)
|
|
||||||
do_install=true
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--uninstall)
|
|
||||||
do_uninstall=true
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
-h|--help)
|
|
||||||
echo_help
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
die "Error: Unsupported parameter $1."
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
if ! has_sudo; then
|
|
||||||
die "Error: You need root permissions for some of this script operations. \
|
|
||||||
Run \`sudo -v\`, enter your password, and then re-run this script."
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "${APPIMAGE}" ] ; then
|
|
||||||
die "Error: Missing 'APPIMAGE' environment variable. Try installing the Infection Monkey service through the AppImage"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if $do_install && $do_uninstall ; then
|
|
||||||
die "Error: The --install and --uninstall flags are mutually exclusive."
|
|
||||||
fi
|
|
||||||
|
|
||||||
if $do_uninstall ; then
|
|
||||||
uninstall_service
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if $do_install ; then
|
|
||||||
if [ -z "$username" ] ; then
|
|
||||||
die "Error: You must supply a username."
|
|
||||||
fi
|
|
||||||
|
|
||||||
install_service "$username"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
die "Error:You must specify either the --install or --uninstall flag."
|
|
|
@ -1,7 +1,7 @@
|
||||||
WORKSPACE=${WORKSPACE:-$HOME}
|
WORKSPACE=${WORKSPACE:-$HOME}
|
||||||
DEFAULT_REPO_MONKEY_HOME=$WORKSPACE/git/monkey
|
DEFAULT_REPO_MONKEY_HOME=$WORKSPACE/git/monkey
|
||||||
MONKEY_ORIGIN_URL="https://github.com/guardicore/monkey.git"
|
MONKEY_ORIGIN_URL="https://github.com/guardicore/monkey.git"
|
||||||
NODE_SRC=https://deb.nodesource.com/setup_16.x
|
NODE_SRC=https://deb.nodesource.com/setup_12.x
|
||||||
BUILD_SCRIPTS_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
BUILD_SCRIPTS_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
||||||
DIST_DIR="$BUILD_SCRIPTS_DIR/dist"
|
DIST_DIR="$BUILD_SCRIPTS_DIR/dist"
|
||||||
|
|
||||||
|
@ -98,24 +98,13 @@ clone_monkey_repo() {
|
||||||
|
|
||||||
install_build_prereqs() {
|
install_build_prereqs() {
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
sudo apt-get upgrade -y -o Dpkg::Options::="--force-confold"
|
sudo apt-get upgrade -y
|
||||||
|
|
||||||
# monkey island prereqs
|
# monkey island prereqs
|
||||||
sudo apt-get install -y curl libcurl4 openssl git build-essential moreutils
|
sudo apt-get install -y curl libcurl4 openssl git build-essential moreutils
|
||||||
install_nodejs
|
install_nodejs
|
||||||
}
|
}
|
||||||
|
|
||||||
format_version() {
|
|
||||||
local unformatted_version=$1
|
|
||||||
local commit_id=$2
|
|
||||||
|
|
||||||
if [ -n "$unformatted_version" ]; then
|
|
||||||
echo "v$monkey_version"
|
|
||||||
else
|
|
||||||
echo "$commit_id"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
agent_binary_dir=""
|
agent_binary_dir=""
|
||||||
as_root=false
|
as_root=false
|
||||||
branch="develop"
|
branch="develop"
|
||||||
|
@ -207,24 +196,10 @@ fi
|
||||||
install_build_prereqs
|
install_build_prereqs
|
||||||
install_package_specific_build_prereqs "$WORKSPACE"
|
install_package_specific_build_prereqs "$WORKSPACE"
|
||||||
|
|
||||||
|
|
||||||
|
setup_build_dir "$agent_binary_dir" "$monkey_repo" "$deployment_type"
|
||||||
commit_id=$(get_commit_id "$monkey_repo")
|
commit_id=$(get_commit_id "$monkey_repo")
|
||||||
|
build_package "$monkey_version" "$commit_id" "$DIST_DIR"
|
||||||
is_release_build=false
|
|
||||||
# Monkey version is empty on release build
|
|
||||||
if [ ! -z "$monkey_version" ]; then
|
|
||||||
is_release_build=true
|
|
||||||
echo -n "" > "$monkey_repo/monkey/common/BUILD"
|
|
||||||
else
|
|
||||||
echo $commit_id > "$monkey_repo/monkey/common/BUILD"
|
|
||||||
fi
|
|
||||||
|
|
||||||
setup_build_dir "$agent_binary_dir" "$monkey_repo" "$deployment_type" "$is_release_build"
|
|
||||||
|
|
||||||
monkey_version=$(format_version "$monkey_version" "$commit_id")
|
|
||||||
|
|
||||||
build_package "$monkey_version" "$DIST_DIR"
|
|
||||||
|
|
||||||
cleanup "$monkey_version"
|
|
||||||
|
|
||||||
log_message "Finished building package: $package"
|
log_message "Finished building package: $package"
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -42,7 +42,9 @@ download_monkey_agent_binaries() {
|
||||||
load_monkey_binary_config
|
load_monkey_binary_config
|
||||||
|
|
||||||
mkdir -p "${island_binaries_path}" || handle_error
|
mkdir -p "${island_binaries_path}" || handle_error
|
||||||
|
curl -L -o "${island_binaries_path}/${LINUX_32_BINARY_NAME}" "${LINUX_32_BINARY_URL}"
|
||||||
curl -L -o "${island_binaries_path}/${LINUX_64_BINARY_NAME}" "${LINUX_64_BINARY_URL}"
|
curl -L -o "${island_binaries_path}/${LINUX_64_BINARY_NAME}" "${LINUX_64_BINARY_URL}"
|
||||||
|
curl -L -o "${island_binaries_path}/${WINDOWS_32_BINARY_NAME}" "${WINDOWS_32_BINARY_URL}"
|
||||||
curl -L -o "${island_binaries_path}/${WINDOWS_64_BINARY_NAME}" "${WINDOWS_64_BINARY_URL}"
|
curl -L -o "${island_binaries_path}/${WINDOWS_64_BINARY_NAME}" "${WINDOWS_64_BINARY_URL}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -74,18 +76,11 @@ generate_ssl_cert() {
|
||||||
|
|
||||||
build_frontend() {
|
build_frontend() {
|
||||||
local ui_dir="$1/monkey_island/cc/ui"
|
local ui_dir="$1/monkey_island/cc/ui"
|
||||||
local is_release_build=$2
|
|
||||||
pushd "$ui_dir" || handle_error
|
pushd "$ui_dir" || handle_error
|
||||||
|
|
||||||
log_message "Generating front end"
|
log_message "Generating front end"
|
||||||
npm ci
|
npm ci
|
||||||
if [ "$is_release_build" == true ]; then
|
npm run dist
|
||||||
log_message "Running production front end build"
|
|
||||||
npm run dist
|
|
||||||
else
|
|
||||||
log_message "Running development front end build"
|
|
||||||
npm run dev
|
|
||||||
fi
|
|
||||||
|
|
||||||
popd || handle_error
|
popd || handle_error
|
||||||
|
|
||||||
|
|
|
@ -4,10 +4,9 @@ FROM bitnami/python:3.7 as builder
|
||||||
COPY ./monkey /monkey
|
COPY ./monkey /monkey
|
||||||
WORKDIR /monkey
|
WORKDIR /monkey
|
||||||
RUN virtualenv .
|
RUN virtualenv .
|
||||||
RUN export CI=1
|
|
||||||
RUN . bin/activate && \
|
RUN . bin/activate && \
|
||||||
cd monkey_island && \
|
cd monkey_island && \
|
||||||
pip install pipenv==2022.7.4 && \
|
pip install pipenv && \
|
||||||
pipenv sync
|
pipenv sync
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
DOCKER_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
DOCKER_DIR="$(realpath $(dirname $BASH_SOURCE[0]))"
|
||||||
DOCKER_IMAGE_NAME="guardicore/monkey-island"
|
|
||||||
|
|
||||||
source "$DOCKER_DIR/../common.sh"
|
source "$DOCKER_DIR/../common.sh"
|
||||||
|
|
||||||
|
@ -10,7 +9,6 @@ install_package_specific_build_prereqs() {
|
||||||
setup_build_dir() {
|
setup_build_dir() {
|
||||||
local agent_binary_dir=$1
|
local agent_binary_dir=$1
|
||||||
local monkey_repo=$2
|
local monkey_repo=$2
|
||||||
local is_release_build=$4
|
|
||||||
local build_dir=$DOCKER_DIR/monkey
|
local build_dir=$DOCKER_DIR/monkey
|
||||||
|
|
||||||
mkdir "$build_dir"
|
mkdir "$build_dir"
|
||||||
|
@ -24,7 +22,7 @@ setup_build_dir() {
|
||||||
|
|
||||||
generate_ssl_cert "$build_dir"
|
generate_ssl_cert "$build_dir"
|
||||||
|
|
||||||
build_frontend "$build_dir" "$is_release_build"
|
build_frontend "$build_dir"
|
||||||
}
|
}
|
||||||
|
|
||||||
copy_entrypoint_to_build_dir() {
|
copy_entrypoint_to_build_dir() {
|
||||||
|
@ -38,12 +36,20 @@ copy_server_config_to_build_dir() {
|
||||||
|
|
||||||
build_package() {
|
build_package() {
|
||||||
local version=$1
|
local version=$1
|
||||||
local dist_dir=$2
|
local commit_id=$2
|
||||||
|
local dist_dir=$3
|
||||||
pushd ./docker
|
pushd ./docker
|
||||||
|
|
||||||
|
if [ -n "$1" ]; then
|
||||||
|
version="v$version"
|
||||||
|
else
|
||||||
|
version="$commit_id"
|
||||||
|
fi
|
||||||
|
|
||||||
|
docker_image_name="guardicore/monkey-island:$version"
|
||||||
tar_name="$DOCKER_DIR/InfectionMonkey-docker-$version.tar"
|
tar_name="$DOCKER_DIR/InfectionMonkey-docker-$version.tar"
|
||||||
|
|
||||||
build_docker_image_tar "$DOCKER_IMAGE_NAME:$version" "$tar_name"
|
build_docker_image_tar "$docker_image_name" "$tar_name"
|
||||||
|
|
||||||
tgz_name="$DOCKER_DIR/InfectionMonkey-docker-$version.tgz"
|
tgz_name="$DOCKER_DIR/InfectionMonkey-docker-$version.tgz"
|
||||||
build_docker_image_tgz "$tar_name" "$tgz_name"
|
build_docker_image_tgz "$tar_name" "$tgz_name"
|
||||||
|
@ -68,11 +74,3 @@ build_docker_image_tgz() {
|
||||||
move_package_to_dist_dir() {
|
move_package_to_dist_dir() {
|
||||||
mv "$1" "$2/"
|
mv "$1" "$2/"
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup() {
|
|
||||||
local tag=$1
|
|
||||||
echo "Cleaning docker images"
|
|
||||||
|
|
||||||
sudo docker rmi "$DOCKER_IMAGE_NAME:$tag"
|
|
||||||
sudo docker image prune --force
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
{
|
{
|
||||||
"data_dir": "/monkey_island_data",
|
"data_dir": "/monkey_island_data",
|
||||||
|
"log_level": "DEBUG",
|
||||||
|
"environment": {
|
||||||
|
"server_config": "password"
|
||||||
|
},
|
||||||
"mongodb": {
|
"mongodb": {
|
||||||
"start_mongodb": false
|
"start_mongodb": false
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
import json
|
|
||||||
data = {
|
|
||||||
'name' : 'myname',
|
|
||||||
'age' : 100,
|
|
||||||
}
|
|
||||||
# separators:是分隔符的意思,参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符,把:和,后面的空格都除去了.
|
|
||||||
# dumps 将python对象字典转换为json字符串
|
|
||||||
json_str = json.dumps(data, separators=(',', ':'))
|
|
||||||
print(type(json_str), json_str)
|
|
||||||
|
|
||||||
# loads 将json字符串转化为python对象字典
|
|
||||||
pyton_obj = json.loads(json_str)
|
|
||||||
print(type(pyton_obj), pyton_obj)
|
|
|
@ -22,7 +22,7 @@ The first argument is an empty directory (script can create one). The second arg
|
||||||
|
|
||||||
- `.\deploy_windows.ps1` (Sets up monkey in current directory under .\infection_monkey)
|
- `.\deploy_windows.ps1` (Sets up monkey in current directory under .\infection_monkey)
|
||||||
- `.\deploy_windows.ps1 -monkey_home "C:\test"` (Sets up monkey in C:\test)
|
- `.\deploy_windows.ps1 -monkey_home "C:\test"` (Sets up monkey in C:\test)
|
||||||
- `.\deploy_windows.ps1 -branch 'master'` (Sets up master branch instead of develop in current dir)
|
- `.\deploy_windows.ps1 -branch "master"` (Sets up master branch instead of develop in current dir)
|
||||||
|
|
||||||
You may also pass in an optional `agents=$false` parameter to disable downloading the latest agent binaries.
|
You may also pass in an optional `agents=$false` parameter to disable downloading the latest agent binaries.
|
||||||
|
|
||||||
|
|
|
@ -25,9 +25,15 @@ get_latest_release() {
|
||||||
MONKEY_LATEST_RELEASE=$(get_latest_release "guardicore/monkey")
|
MONKEY_LATEST_RELEASE=$(get_latest_release "guardicore/monkey")
|
||||||
|
|
||||||
# Monkey binaries
|
# Monkey binaries
|
||||||
|
export LINUX_32_BINARY_NAME="monkey-linux-32"
|
||||||
|
export LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-linux-32"
|
||||||
|
|
||||||
export LINUX_64_BINARY_NAME="monkey-linux-64"
|
export LINUX_64_BINARY_NAME="monkey-linux-64"
|
||||||
export LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-linux-64"
|
export LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-linux-64"
|
||||||
|
|
||||||
|
export WINDOWS_32_BINARY_NAME="monkey-windows-32.exe"
|
||||||
|
export WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-windows-32.exe"
|
||||||
|
|
||||||
export WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
|
export WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
|
||||||
export WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-windows-64.exe"
|
export WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-windows-64.exe"
|
||||||
|
|
||||||
|
|
|
@ -12,8 +12,12 @@ $PYTHON_URL = "https://www.python.org/ftp/python/3.7.7/python-3.7.7-amd64.exe"
|
||||||
|
|
||||||
|
|
||||||
# Monkey binaries
|
# Monkey binaries
|
||||||
|
$LINUX_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-linux-32"
|
||||||
|
$LINUX_32_BINARY_PATH = "monkey-linux-32"
|
||||||
$LINUX_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-linux-64"
|
$LINUX_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-linux-64"
|
||||||
$LINUX_64_BINARY_PATH = "monkey-linux-64"
|
$LINUX_64_BINARY_PATH = "monkey-linux-64"
|
||||||
|
$WINDOWS_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-windows-32.exe"
|
||||||
|
$WINDOWS_32_BINARY_PATH = "monkey-windows-32.exe"
|
||||||
$WINDOWS_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-windows-64.exe"
|
$WINDOWS_64_BINARY_URL = $MONKEY_DOWNLOAD_URL + "monkey-windows-64.exe"
|
||||||
$WINDOWS_64_BINARY_PATH = "monkey-windows-64.exe"
|
$WINDOWS_64_BINARY_PATH = "monkey-windows-64.exe"
|
||||||
|
|
||||||
|
@ -21,6 +25,7 @@ $WINDOWS_64_BINARY_PATH = "monkey-windows-64.exe"
|
||||||
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
|
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
|
||||||
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
|
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
|
||||||
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
||||||
|
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
|
||||||
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
|
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
|
||||||
$TEMP_CPP_INSTALLER = "cpp.exe"
|
$TEMP_CPP_INSTALLER = "cpp.exe"
|
||||||
$TEMP_NPM_INSTALLER = "node.msi"
|
$TEMP_NPM_INSTALLER = "node.msi"
|
||||||
|
@ -28,8 +33,9 @@ $TEMP_UPX_ZIP = "upx.zip"
|
||||||
$UPX_FOLDER = "upx-3.96-win64"
|
$UPX_FOLDER = "upx-3.96-win64"
|
||||||
|
|
||||||
# Other url's
|
# Other url's
|
||||||
|
$MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2012plus-v4.2-latest.zip"
|
||||||
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
|
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
|
||||||
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
|
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
|
||||||
$NPM_URL = "https://nodejs.org/dist/v16.14.2/node-v16.14.2-x64.msi"
|
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
|
||||||
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
|
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
|
||||||
$SWIMM_URL="https://github.com/swimmio/SwimmReleases/releases/download/v0.4.4-0/Swimm-Setup-0.4.4-0.exe"
|
$SWIMM_URL="https://github.com/swimmio/SwimmReleases/releases/download/v0.4.4-0/Swimm-Setup-0.4.4-0.exe"
|
||||||
|
|
|
@ -93,7 +93,7 @@ log_message "Cloning files from git"
|
||||||
branch=${2:-"develop"}
|
branch=${2:-"develop"}
|
||||||
log_message "Branch selected: ${branch}"
|
log_message "Branch selected: ${branch}"
|
||||||
if [[ ! -d "$monkey_home/monkey" ]]; then # If not already cloned
|
if [[ ! -d "$monkey_home/monkey" ]]; then # If not already cloned
|
||||||
git clone --recurse-submodules -b "$branch" "${MONKEY_GIT_URL}" "${monkey_home}" 2>&1 || handle_error
|
git clone --single-branch --recurse-submodules -b "$branch" "${MONKEY_GIT_URL}" "${monkey_home}" 2>&1 || handle_error
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create folders
|
# Create folders
|
||||||
|
@ -161,15 +161,20 @@ agents=${3:-true}
|
||||||
if [ "$agents" = true ] ; then
|
if [ "$agents" = true ] ; then
|
||||||
log_message "Downloading binaries"
|
log_message "Downloading binaries"
|
||||||
if exists wget; then
|
if exists wget; then
|
||||||
|
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_32_BINARY_URL}
|
||||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_64_BINARY_URL}
|
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_64_BINARY_URL}
|
||||||
|
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_32_BINARY_URL}
|
||||||
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_64_BINARY_URL}
|
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_64_BINARY_URL}
|
||||||
else
|
else
|
||||||
|
curl -o ${ISLAND_BINARIES_PATH}\monkey-linux-32 ${LINUX_32_BINARY_URL}
|
||||||
curl -o ${ISLAND_BINARIES_PATH}\monkey-linux-64 ${LINUX_64_BINARY_URL}
|
curl -o ${ISLAND_BINARIES_PATH}\monkey-linux-64 ${LINUX_64_BINARY_URL}
|
||||||
|
curl -o ${ISLAND_BINARIES_PATH}\monkey-windows-32.exe ${WINDOWS_32_BINARY_URL}
|
||||||
curl -o ${ISLAND_BINARIES_PATH}\monkey-windows-64.exe ${WINDOWS_64_BINARY_URL}
|
curl -o ${ISLAND_BINARIES_PATH}\monkey-windows-64.exe ${WINDOWS_64_BINARY_URL}
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Allow them to be executed
|
# Allow them to be executed
|
||||||
|
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_32_BINARY_NAME"
|
||||||
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME"
|
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME"
|
||||||
|
|
||||||
# If a user haven't installed mongo manually check if we can install it with our script
|
# If a user haven't installed mongo manually check if we can install it with our script
|
||||||
|
@ -192,7 +197,7 @@ chmod u+x "${ISLAND_PATH}"/linux/create_certificate.sh
|
||||||
# Update node
|
# Update node
|
||||||
if ! exists npm; then
|
if ! exists npm; then
|
||||||
log_message "Installing nodejs"
|
log_message "Installing nodejs"
|
||||||
node_src=https://deb.nodesource.com/setup_16.x
|
node_src=https://deb.nodesource.com/setup_12.x
|
||||||
if exists curl; then
|
if exists curl; then
|
||||||
curl -sL $node_src | sudo -E bash -
|
curl -sL $node_src | sudo -E bash -
|
||||||
else
|
else
|
||||||
|
@ -202,10 +207,11 @@ if ! exists npm; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
pushd "$ISLAND_PATH/cc/ui" || handle_error
|
pushd "$ISLAND_PATH/cc/ui" || handle_error
|
||||||
npm ci
|
npm install sass-loader node-sass webpack --save-dev
|
||||||
|
npm update
|
||||||
|
|
||||||
log_message "Generating front end"
|
log_message "Generating front end"
|
||||||
npm run dev
|
npm run dist
|
||||||
popd || handle_error
|
popd || handle_error
|
||||||
|
|
||||||
# Making dir for binaries
|
# Making dir for binaries
|
||||||
|
|
|
@ -163,8 +163,25 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||||
[Environment]::SetEnvironmentVariable("Path", $env:Path, "User")
|
[Environment]::SetEnvironmentVariable("Path", $env:Path, "User")
|
||||||
}
|
}
|
||||||
|
|
||||||
$install_mongo_script = (Join-Path -Path $monkey_home -ChildPath "$MONKEY_ISLAND_DIR\windows\install_mongo.ps1")
|
# Download mongodb
|
||||||
Invoke-Expression "$install_mongo_script -binDir $binDir"
|
if (!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb")))
|
||||||
|
{
|
||||||
|
"Downloading mongodb ..."
|
||||||
|
$webClient.DownloadFile($MONGODB_URL, $TEMP_MONGODB_ZIP)
|
||||||
|
"Unzipping mongodb"
|
||||||
|
Expand-Archive $TEMP_MONGODB_ZIP -DestinationPath $binDir
|
||||||
|
# Get unzipped folder's name
|
||||||
|
$mongodb_folder = Get-ChildItem -Path $binDir | Where-Object -FilterScript {
|
||||||
|
($_.Name -like "mongodb*")
|
||||||
|
} | Select-Object -ExpandProperty Name
|
||||||
|
# Move all files from extracted folder to mongodb folder
|
||||||
|
New-Item -ItemType directory -Path (Join-Path -Path $binDir -ChildPath "mongodb")
|
||||||
|
"Moving extracted files"
|
||||||
|
Move-Item -Path (Join-Path -Path $binDir -ChildPath $mongodb_folder | Join-Path -ChildPath "\bin\*") -Destination (Join-Path -Path $binDir -ChildPath "mongodb\")
|
||||||
|
"Removing zip file"
|
||||||
|
Remove-Item $TEMP_MONGODB_ZIP
|
||||||
|
Remove-Item (Join-Path -Path $binDir -ChildPath $mongodb_folder) -Recurse
|
||||||
|
}
|
||||||
|
|
||||||
# Download OpenSSL
|
# Download OpenSSL
|
||||||
"Downloading OpenSSL ..."
|
"Downloading OpenSSL ..."
|
||||||
|
@ -192,7 +209,9 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||||
"Adding binaries"
|
"Adding binaries"
|
||||||
$binaries = (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\cc\binaries")
|
$binaries = (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\cc\binaries")
|
||||||
New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue
|
New-Item -ItemType directory -path $binaries -ErrorAction SilentlyContinue
|
||||||
|
$webClient.DownloadFile($LINUX_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_32_BINARY_PATH))
|
||||||
$webClient.DownloadFile($LINUX_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_64_BINARY_PATH))
|
$webClient.DownloadFile($LINUX_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $LINUX_64_BINARY_PATH))
|
||||||
|
$webClient.DownloadFile($WINDOWS_32_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_32_BINARY_PATH))
|
||||||
$webClient.DownloadFile($WINDOWS_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_64_BINARY_PATH))
|
$webClient.DownloadFile($WINDOWS_64_BINARY_URL, (Join-Path -Path $binaries -ChildPath $WINDOWS_64_BINARY_PATH))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -223,7 +242,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||||
"Updating npm"
|
"Updating npm"
|
||||||
Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\cc\ui")
|
Push-Location -Path (Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\cc\ui")
|
||||||
& npm update
|
& npm update
|
||||||
& npm run dev
|
& npm run dist
|
||||||
Pop-Location
|
Pop-Location
|
||||||
|
|
||||||
# Create infection_monkey/bin directory if not already present
|
# Create infection_monkey/bin directory if not already present
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
baseURL = "https://monkey-documentation.website-us-southeast-1.linodeobjects.com"
|
baseURL = "https://www.guardicore.com/infectionmonkey/docs/"
|
||||||
canonifyURLs = false
|
canonifyURLs = true
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
baseURL = "http://monkey-documentation-staging.website-us-southeast-1.linodeobjects.com"
|
baseURL = "http://staging-infectionmonkey.temp312.kinsta.cloud/docs/"
|
||||||
canonifyURLs = false
|
canonifyURLs = true
|
||||||
|
|
|
@ -11,24 +11,22 @@ Below are some of the most common questions we receive about the Infection Monke
|
||||||
- [I updated to a new version of the Infection Monkey and I'm being asked to delete my existing data directory. Why?](#i-updated-to-a-new-version-of-the-infection-monkey-and-im-being-asked-to-delete-my-existing-data-directory-why)
|
- [I updated to a new version of the Infection Monkey and I'm being asked to delete my existing data directory. Why?](#i-updated-to-a-new-version-of-the-infection-monkey-and-im-being-asked-to-delete-my-existing-data-directory-why)
|
||||||
- [How can I use an old data directory?](#how-can-i-use-an-old-data-directory)
|
- [How can I use an old data directory?](#how-can-i-use-an-old-data-directory)
|
||||||
- [How long does a single Infection Monkey agent run? Is there a time limit?](#how-long-does-a-single-infection-monkey-agent-run-is-there-a-time-limit)
|
- [How long does a single Infection Monkey agent run? Is there a time limit?](#how-long-does-a-single-infection-monkey-agent-run-is-there-a-time-limit)
|
||||||
- [How long does it take to stop all running Infection Monkey agents?](#how-long-does-it-take-to-stop-all-running-infection-monkey-agents)
|
|
||||||
- [Is the Infection Monkey a malware/virus?](#is-the-infection-monkey-a-malwarevirus)
|
- [Is the Infection Monkey a malware/virus?](#is-the-infection-monkey-a-malwarevirus)
|
||||||
- [Reset the Monkey Island password](#reset-the-monkey-island-password)
|
- [Reset the Monkey Island password](#reset-the-monkey-island-password)
|
||||||
- [Should I run the Infection Monkey continuously?](#should-i-run-the-infection-monkey-continuously)
|
- [Should I run the Infection Monkey continuously?](#should-i-run-the-infection-monkey-continuously)
|
||||||
- [Exactly what internet queries does the Infection Monkey perform?](#exactly-what-internet-queries-does-the-infection-monkey-perform)
|
- [Which queries does the Infection Monkey perform to the internet exactly?](#which-queries-does-the-infection-monkey-perform-to-the-internet-exactly)
|
||||||
- [Logging and how to find logs](#logging-and-how-to-find-logs)
|
- [Logging and how to find logs](#logging-and-how-to-find-logs)
|
||||||
- [Downloading logs](#downloading-logs)
|
- [Monkey Island server](#monkey-island-server)
|
||||||
- [Log locations](#log-locations)
|
- [Infection Monkey agent](#infection-monkey-agent)
|
||||||
- [Monkey Island server logs](#monkey-island-server-logs)
|
- [How do I change the log level of the Monkey Island logger?](#how-do-i-change-the-log-level-of-the-monkey-island-logger)
|
||||||
- [Infection Monkey agent logs](#infection-monkey-agent-logs)
|
|
||||||
- [Running the Infection Monkey in a production environment](#running-the-infection-monkey-in-a-production-environment)
|
- [Running the Infection Monkey in a production environment](#running-the-infection-monkey-in-a-production-environment)
|
||||||
- [How much of a footprint does the Infection Monkey leave?](#how-much-of-a-footprint-does-the-infection-monkey-leave)
|
- [How much of a footprint does the Infection Monkey leave?](#how-much-of-a-footprint-does-the-infection-monkey-leave)
|
||||||
- [What's the Infection Monkey Agent's impact on system resources usage?](#whats-the-infection-monkey-agents-impact-on-system-resources-usage)
|
- [What's the Infection Monkey Agent's impact on system resources usage?](#whats-the-infection-monkeys-impact-on-system-resources-usage)
|
||||||
- [What are the system resource requirements for the Monkey Island?](#what-are-the-system-resource-requirements-for-the-monkey-island)
|
- [What are the system resource requirements for the Monkey Island?](#what-are-the-system-resource-requirements-for-the-monkey-island)
|
||||||
- [Is it safe to use real passwords and usernames in the Infection Monkey's configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-infection-monkeys-configuration)
|
- [Is it safe to use real passwords and usernames in the Infection Monkey's configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-infection-monkeys-configuration)
|
||||||
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
|
- [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
|
||||||
- [How stable are the exploits used by the Infection Monkey? Will the Infection Monkey crash my systems with its exploits?](#how-stable-are-the-exploits-used-by-the-infection-monkey-will-the-infection-monkey-crash-my-systems-with-its-exploits)
|
- [How stable are the exploitations used by the Infection Monkey? Will the Infection Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-infection-monkey-will-the-infection-monkey-crash-my-systems-with-its-exploits)
|
||||||
- [After I've set up Monkey Island, how can I execute the Infection Monkey agent?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent)
|
- [After I've set up Monkey Island, how can I execute the Infection Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-infection-monkey-agent)
|
||||||
- [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network)
|
- [How can I make the Infection Monkey agents propagate “deeper” into the network?](#how-can-i-make-the-infection-monkey-agent-propagate-deeper-into-the-network)
|
||||||
- [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen)
|
- [What if the report returns a blank screen?](#what-if-the-report-returns-a-blank-screen)
|
||||||
- [Can I limit how the Infection Monkey propagates through my network?](#can-i-limit-how-the-infection-monkey-propagates-through-my-network)
|
- [Can I limit how the Infection Monkey propagates through my network?](#can-i-limit-how-the-infection-monkey-propagates-through-my-network)
|
||||||
|
@ -36,7 +34,7 @@ Below are some of the most common questions we receive about the Infection Monke
|
||||||
|
|
||||||
## Where can I get the latest version of the Infection Monkey?
|
## Where can I get the latest version of the Infection Monkey?
|
||||||
|
|
||||||
For the latest **stable** release, visit [our downloads page](https://www.akamai.com/infectionmonkey#download). **This is the recommended and supported version**!
|
For the latest **stable** release, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
|
||||||
|
|
||||||
If you want to see what has changed between versions, refer to the [releases page on GitHub](https://github.com/guardicore/monkey/releases). For the latest development version, visit the [develop version on GitHub](https://github.com/guardicore/monkey/tree/develop).
|
If you want to see what has changed between versions, refer to the [releases page on GitHub](https://github.com/guardicore/monkey/releases). For the latest development version, visit the [develop version on GitHub](https://github.com/guardicore/monkey/tree/develop).
|
||||||
|
|
||||||
|
@ -62,12 +60,6 @@ ref "/reference/data_directory" >}}).
|
||||||
|
|
||||||
The Infection Monkey agent shuts off either when it can't find new victims or it has exceeded the quota of victims as defined in the configuration.
|
The Infection Monkey agent shuts off either when it can't find new victims or it has exceeded the quota of victims as defined in the configuration.
|
||||||
|
|
||||||
## How long does it take to stop all running Infection Monkey agents?
|
|
||||||
|
|
||||||
On the Infection Map page, when <b>Kill All Monkeys</b> is pressed, the agents
|
|
||||||
try to finish execution safely. This can take up to 2 minutes, but will be much
|
|
||||||
shorter on average.
|
|
||||||
|
|
||||||
## Is the Infection Monkey a malware/virus?
|
## Is the Infection Monkey a malware/virus?
|
||||||
|
|
||||||
The Infection Monkey is not malware, but it uses similar techniques to safely
|
The Infection Monkey is not malware, but it uses similar techniques to safely
|
||||||
|
@ -81,6 +73,7 @@ Monkey in the newly created folder.
|
||||||
|
|
||||||
## Reset the Monkey Island password
|
## Reset the Monkey Island password
|
||||||
|
|
||||||
|
|
||||||
{{% notice warning %}}
|
{{% notice warning %}}
|
||||||
If you reset the credentials, the database will be cleared. Any findings of the Infection Monkey from previous runs will be lost. <br/><br/>
|
If you reset the credentials, the database will be cleared. Any findings of the Infection Monkey from previous runs will be lost. <br/><br/>
|
||||||
However, you can save the Monkey's existing configuration by logging in with your current credentials and clicking on the **Export config** button on the configuration page.
|
However, you can save the Monkey's existing configuration by logging in with your current credentials and clicking on the **Export config** button on the configuration page.
|
||||||
|
@ -159,75 +152,34 @@ If internet access is available, the Infection Monkey will use the internet for
|
||||||
|
|
||||||
The Monkey performs queries out to the Internet on two separate occasions:
|
The Monkey performs queries out to the Internet on two separate occasions:
|
||||||
|
|
||||||
1. The Infection Monkey agent checks if it has internet access by performing
|
1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `monkey.guardicore.com` and `www.google.com`, which can be changed. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
|
||||||
requests to pre-configured domains. By default, these domains are
|
1. After installing the Monkey Island, it sends a request to check for updates on `updates.infectionmonkey.com`. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g., Windows Server, Debian Package, AWS Marketplace) and the server's version (e.g., "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However, due to this data's anonymous nature, we use this to get an aggregate assumption of how many deployments we see over a specific time period - it's not used for "personal" tracking.
|
||||||
`monkey.guardicore.com` and `www.google.com`, which can be changed. The
|
|
||||||
request doesn't include any extra information - it's a GET request with no
|
|
||||||
extra parameters. Since the Infection Monkey is 100% open-source, you can
|
|
||||||
find the domains in the configuration
|
|
||||||
[here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152)
|
|
||||||
and the code that performs the internet check
|
|
||||||
[here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123).
|
|
||||||
This **IS NOT** used for statistics collection.
|
|
||||||
1. After the Monkey Island starts it sends a GET request with current
|
|
||||||
deployment type to the update server to fetch the latest version and a
|
|
||||||
download link for it. This information is used by the Monkey Island to
|
|
||||||
suggest an update if one is available. No information gets collected during
|
|
||||||
this process.
|
|
||||||
1. After the Monkey Island starts it sends a GET request to the analytics
|
|
||||||
server with your deployment type and a version number. This information gets
|
|
||||||
collected on the analytics server. It is used to understand which deployment
|
|
||||||
types/versions are no longer used and can be deprecated.
|
|
||||||
|
|
||||||
## Logging and how to find logs
|
## Logging and how to find logs
|
||||||
|
|
||||||
### Downloading logs
|
### Monkey Island server logs
|
||||||
|
|
||||||
Both Monkey Agent and Monkey Island logs can be found in the Infection Map page. Click on the
|
You can download the Monkey Island's log file directly from the UI. Click the "log" section and choose **Download Monkey Island internal logfile**, like so:
|
||||||
machine from which you want to download logs and press the "Download log" button on the side panel.
|
|
||||||
Note that you can only download the Monkey Island log by clicking on the Monkey Island machine in
|
|
||||||
the Infection Map.
|
|
||||||
|
|
||||||
![How to download logs](/images/faq/log_download.jpg "How to download logs")
|
![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
|
||||||
|
|
||||||
### Log locations
|
It can also be found as a local file on the Monkey Island server system in the specified
|
||||||
|
|
||||||
If the logs can't be downloaded through the UI for any reason, you can collect the log files
|
|
||||||
directly from the machine where an Agent or Monkey Island ran.
|
|
||||||
|
|
||||||
#### Monkey Island server logs
|
|
||||||
|
|
||||||
The Monkey Island's log file is located in the
|
|
||||||
[data directory]({{< ref "/reference/data_directory" >}}).
|
[data directory]({{< ref "/reference/data_directory" >}}).
|
||||||
|
|
||||||
The log enables you to see which requests were requested from the server and extra logs from the backend logic. The log will contain entries like these:
|
The log enables you to see which requests were requested from the server and extra logs from the backend logic. The log will contain entries like these:
|
||||||
|
|
||||||
```log
|
```log
|
||||||
2022-04-18 13:48:43,914 - pywsgi.py:1226 - write() - INFO - 192.168.56.1 - - [2022-04-18 13:48:43] "GET /api/agent-binaries/windows HTTP/1.1" 200 21470665 0.293586
|
2019-07-23 10:52:23,927 - wsgi.py:374 - _log() - INFO - 200 GET /api/local-monkey (10.15.1.75) 17.54ms
|
||||||
2022-04-18 13:48:49,970 - pywsgi.py:1226 - write() - INFO - 192.168.56.1 - - [2022-04-18 13:48:49] "GET /api/island-mode HTTP/1.1" 200 128 0.003426
|
2019-07-23 10:52:23,989 - client_run.py:23 - get() - INFO - Monkey is not running
|
||||||
2022-04-18 13:48:49,988 - report.py:355 - get_domain_issues() - INFO - Domain issues generated for reporting
|
2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting
|
||||||
```
|
```
|
||||||
|
|
||||||
It's also possible to change the default log level by editing `log_level` value in a [server configuration file](../../reference/server_configuration).
|
### Infection Monkey agent logs
|
||||||
`log_level` can be set to `info`(default, less verbose) or `debug`(more verbose).
|
|
||||||
|
|
||||||
|
The Infection Monkey agent log file can be found in the following paths on machines where it was executed:
|
||||||
|
|
||||||
#### Infection Monkey agent logs
|
- Path on Linux: `/tmp/user-1563`
|
||||||
|
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||||
The Infection Monkey agent log file can be found in directories specified for
|
|
||||||
temporary files on the machines where it was executed. In most cases, this will
|
|
||||||
be `/tmp` on Linux and `%temp%` on Windows. The agent searches a standard list
|
|
||||||
of directories to find an appropriate place to store the log:
|
|
||||||
|
|
||||||
1. The directory named by the `TMPDIR` environment variable.
|
|
||||||
2. The directory named by the `TEMP` environment variable.
|
|
||||||
3. The directory named by the `TMP` environment variable.
|
|
||||||
4. A platform-specific location:
|
|
||||||
- On Windows, the directories `C:\TEMP`, `C:\TMP`, `\TEMP`, and `\TMP`, in that order.
|
|
||||||
- On all other platforms, the directories `/tmp`, `/var/tmp`, and `/usr/tmp`, in that order.
|
|
||||||
5. As a last resort, the current working directory.
|
|
||||||
|
|
||||||
Infection Monkey log file name is constructed to the following pattern: `infection-monkey-agent-<TIMESTAMP>-<RANDOM_STRING>.log`
|
|
||||||
|
|
||||||
The logs contain information about the internals of the Infection Monkey agent's execution. The log will contain entries like these:
|
The logs contain information about the internals of the Infection Monkey agent's execution. The log will contain entries like these:
|
||||||
|
|
||||||
|
@ -245,15 +197,35 @@ The logs contain information about the internals of the Infection Monkey agent's
|
||||||
2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
|
2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### How do I change the log level of the Monkey Island logger?
|
||||||
|
|
||||||
|
The log level of the Monkey Island logger is set in the `log_level` field
|
||||||
|
in the `server_config.json` file (located in the [data directory]({{< ref "/reference/data_directory" >}})).
|
||||||
|
Make sure to leave everything else in `server_config.json` unchanged:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
...
|
||||||
|
"log_level": "DEBUG",
|
||||||
|
...
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Logging levels correspond to [the logging level constants in python](https://docs.python.org/3.7/library/logging.html#logging-levels).
|
||||||
|
|
||||||
|
To apply the changes, reset the Monkey Island process.
|
||||||
|
On Linux, use `sudo systemctl restart monkey-island.service`.
|
||||||
|
On Windows, restart the program.
|
||||||
|
|
||||||
## Running the Infection Monkey in a production environment
|
## Running the Infection Monkey in a production environment
|
||||||
|
|
||||||
### How much of a footprint does the Infection Monkey leave?
|
### How much of a footprint does the Infection Monkey leave?
|
||||||
|
|
||||||
The Infection Monkey leaves hardly any trace on the target system. It will leave:
|
The Infection Monkey leaves hardly any trace on the target system. It will leave:
|
||||||
|
|
||||||
- Log files in [temporary directories]({{< ref "/faq/#infection-monkey-agent-logs">}}):
|
- Log files in the following locations:
|
||||||
- Path on Linux: `/tmp/infection-monky-agent-<TIMESTAMP>-<RANDOM_STRING>.log`
|
- Path on Linux: `/tmp/user-1563`
|
||||||
- Path on Windows: `%temp%\\infection-monky-agent-<TIMESTAMP>-<RANDOM_STRING>.log`
|
- Path on Windows: `%temp%\\~df1563.tmp`
|
||||||
|
|
||||||
### What's the Infection Monkey Agent's impact on system resources usage?
|
### What's the Infection Monkey Agent's impact on system resources usage?
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ draft: false
|
||||||
The Infection Monkey is an open-source breach and attack simulation tool for testing a data center's resiliency to perimeter breaches and internal server infection.
|
The Infection Monkey is an open-source breach and attack simulation tool for testing a data center's resiliency to perimeter breaches and internal server infection.
|
||||||
Infection Monkey will help you validate existing security solutions and will provide a view of the internal network from an attacker's perspective.
|
Infection Monkey will help you validate existing security solutions and will provide a view of the internal network from an attacker's perspective.
|
||||||
|
|
||||||
Infection Monkey is free and can be downloaded from [our homepage](https://www.akamai.com/infectionmonkey).
|
Infection Monkey is free and can be downloaded from [our homepage](https://infectionmonkey.com/).
|
||||||
|
|
||||||
![Infection Monkey Documentation Hub Logo](/images/monkey-teacher.svg?height=400px "Infection Monkey Documentation Hub Logo")
|
![Infection Monkey Documentation Hub Logo](/images/monkey-teacher.svg?height=400px "Infection Monkey Documentation Hub Logo")
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@ A more in-depth description of reports generated can be found in the [reports do
|
||||||
|
|
||||||
## Getting Started
|
## Getting Started
|
||||||
|
|
||||||
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.akamai.com/infectionmonkey#download). After downloading the Monkey, install it using one of our [setup guides]({{< ref "/setup" >}}), and read our [getting started guide]({{< ref "/usage/getting-started" >}}) for a quick-start on Monkey!
|
If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides]({{< ref "/setup" >}}), and read our [getting started guide]({{< ref "/usage/getting-started" >}}) for a quick-start on Monkey!
|
||||||
|
|
||||||
## Support and community
|
## Support and community
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ You can take a look at [our roadmap](https://github.com/guardicore/monkey/projec
|
||||||
|
|
||||||
The best way to find weak spots in a network is by attacking it. The [*Adding Exploits*](./adding-exploits/) page will help you add exploits.
|
The best way to find weak spots in a network is by attacking it. The [*Adding Exploits*](./adding-exploits/) page will help you add exploits.
|
||||||
|
|
||||||
It's important to note that the Infection Monkey must be absolutely reliable. Otherwise, no one will use it, so avoid memory corruption exploits unless they're rock solid and focus on the logical vulns such as Hadoop.
|
It's important to note that the Infection Monkey must be absolutely reliable. Otherwise, no one will use it, so avoid memory corruption exploits unless they're rock solid and focus on the logical vulns such as Shellshock.
|
||||||
|
|
||||||
### Analysis plugins 🔬
|
### Analysis plugins 🔬
|
||||||
|
|
||||||
|
@ -38,6 +38,6 @@ We always want to improve the core Infection Monkey code to make it smaller, fas
|
||||||
|
|
||||||
### Documentation 📚
|
### Documentation 📚
|
||||||
|
|
||||||
Every project requires excellent documentation. The Infection Monkey is no different. Please feel free to open pull requests with suggestions, improvements or issues and ask us to document various parts of the Monkey.
|
Every project requires excellent documentation. The Infection Monkey is no different. Please feel free to open pull requests with suggestions, improvements or issues and asking us to document various parts of the Monkey.
|
||||||
|
|
||||||
The Infection Monkey's documentation is stored in the `/docs/content` directory.
|
The Infection Monkey's documentation is stored in the `/docs/content` directory.
|
||||||
|
|
|
@ -14,7 +14,7 @@ An exploit is a sequence of commands that takes advantage of a security vulnerab
|
||||||
|
|
||||||
### Do I need a new Exploit?
|
### Do I need a new Exploit?
|
||||||
|
|
||||||
If all you want to do is execute a shell command, configure the required commands in the Monkey Island's post-breach action (PBA) configuration section or [add a new PBA](../adding-post-breach-actions/).
|
If all you want to do is execute a shell command, configure the required commands in the Monkey Island's post-breach action (PBA) configuration section or [add a new PBA](../adding-post-breach-actions/). If you would like the Infection Monkey agent to collect specific information, [add a new System Info Collector](../adding-system-info-collectors/).
|
||||||
|
|
||||||
However, if you have your eye on an interesting CVE that you would like the Infection Monkey to support, you must add a new exploit. Keep reading to learn how to add a new exploit.
|
However, if you have your eye on an interesting CVE that you would like the Infection Monkey to support, you must add a new exploit. Keep reading to learn how to add a new exploit.
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ class MyNewExploiter(HostExploiter):
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
A good example of an exploiter class is the [`SSHExploiter`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/sshexec.py). The [Log4Shell exploiter is a recently added web RCE exploit](https://github.com/guardicore/monkey/pull/1670) that is a good reference as well.
|
A good example of an exploiter class is the [`SSHExploiter`](https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/exploit/sshexec.py). The [Drupal exploiter is a recently added web RCE exploit](https://github.com/guardicore/monkey/pull/808) that is a good reference as well.
|
||||||
|
|
||||||
|
|
||||||
### Modify the Monkey Island
|
### Modify the Monkey Island
|
||||||
|
@ -83,7 +83,7 @@ A good example of an exploiter class is the [`SSHExploiter`](https://github.com/
|
||||||
"default": [
|
"default": [
|
||||||
"SmbExploiter",
|
"SmbExploiter",
|
||||||
...
|
...
|
||||||
"Log4ShellExploiter",
|
"DrupalExploiter",
|
||||||
"MyNewExploiter", <=================================
|
"MyNewExploiter", <=================================
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,101 @@
|
||||||
|
---
|
||||||
|
title: "Adding System Info Collectors"
|
||||||
|
date: 2020-06-09T11:03:42+03:00
|
||||||
|
draft: false
|
||||||
|
tags: ["contribute"]
|
||||||
|
weight: 80
|
||||||
|
---
|
||||||
|
|
||||||
|
## What does this guide cover?
|
||||||
|
|
||||||
|
This guide will show you how to create a new _System Info Collector_ for the Infection Monkey. System Info Collectors are modules that each of the Infection Monkey agents runs that collect specific information and send it back to the Monkey Island as part of the System Info Telemetry.
|
||||||
|
|
||||||
|
### Do I need a new System Info Collector?
|
||||||
|
|
||||||
|
If all you want to do is execute a shell command, then there's no need to add a new System Info Collector - just configure the required commands in the Monkey Island's post-breach action (PBA) section! Also, if there is a relevant System Info Collector and you only need to add more information to it, simply expand the existing one. Otherwise, you must add a new System Info Collector.
|
||||||
|
|
||||||
|
## How to add a new System Info Collector
|
||||||
|
|
||||||
|
### Modify the Infection Monkey Agent
|
||||||
|
|
||||||
|
#### Framework
|
||||||
|
|
||||||
|
1. Create your new System Info Collector in the following directory: `monkey/infection_monkey/system_info/collectors` by first creating a new file with the name of your System Info Collector.
|
||||||
|
2. In that file, create a class that inherits from the `SystemInfoCollector` class:
|
||||||
|
|
||||||
|
```py
|
||||||
|
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
|
||||||
|
|
||||||
|
class MyNewCollector(SystemInfoCollector):
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Set the System Info Collector name in the constructor, like so:
|
||||||
|
|
||||||
|
```py
|
||||||
|
class MyNewCollector(SystemInfoCollector):
|
||||||
|
def __init__(self):
|
||||||
|
super(MyNewCollector, self).__init__(name="MyNewCollector")
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Implementation
|
||||||
|
|
||||||
|
Override the `collect` method with your own implementation. See the `process_list_collector.py` System Info Collector for reference. You can log during collection as well.
|
||||||
|
|
||||||
|
### Modify the Monkey Island
|
||||||
|
|
||||||
|
#### Configuration
|
||||||
|
|
||||||
|
##### Definitions
|
||||||
|
|
||||||
|
You'll need to add your Sytem Info Collector to the `monkey_island/cc/services/config_schema.py` file, under `definitions/system_info_collectors_classes/anyOf`, like so:
|
||||||
|
|
||||||
|
```json
|
||||||
|
"system_info_collectors_classes": {
|
||||||
|
"title": "System Information Collectors",
|
||||||
|
"type": "string",
|
||||||
|
"anyOf": [
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"enum": [
|
||||||
|
"HostnameCollector"
|
||||||
|
],
|
||||||
|
"title": "Which Environment this machine is on (on prem/cloud)",
|
||||||
|
"attack_techniques": []
|
||||||
|
},
|
||||||
|
{ <=================================
|
||||||
|
"type": "string", <=================================
|
||||||
|
"enum": [ <=================================
|
||||||
|
"MyNewCollector" <=================================
|
||||||
|
], <=================================
|
||||||
|
"title": "My new title", <=================================
|
||||||
|
"attack_techniques": [] <=================================
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
```
|
||||||
|
|
||||||
|
##### properties
|
||||||
|
|
||||||
|
Also, you can add the System Info Collector to be used by default by adding it to the `default` key under `properties/monkey/system_info/system_info_collectors_classes`:
|
||||||
|
|
||||||
|
```json
|
||||||
|
"system_info_collectors_classes": {
|
||||||
|
"title": "System info collectors",
|
||||||
|
"type": "array",
|
||||||
|
"uniqueItems": True,
|
||||||
|
"items": {
|
||||||
|
"$ref": "#/definitions/system_info_collectors_classes"
|
||||||
|
},
|
||||||
|
"default": [
|
||||||
|
"HostnameCollector",
|
||||||
|
"MyNewCollector" <=================================
|
||||||
|
],
|
||||||
|
"description": "Determines which system information collectors will collect information."
|
||||||
|
},
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Telemetry processing
|
||||||
|
|
||||||
|
1. Add a process function under `monkey_island/cc/telemetry/processing/system_info_collectors/{DATA_NAME_HERE}.py`. The function should parse the System Info Collector's result. See `processing/system_info_collectors/environment.py` for example.
|
||||||
|
|
||||||
|
2. Add that function to `SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS` under `monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py`.
|
|
@ -9,7 +9,6 @@ tags: ["contribute"]
|
||||||
The `/docs` folder contains the Infection Monkey Documentation site.
|
The `/docs` folder contains the Infection Monkey Documentation site.
|
||||||
|
|
||||||
The site is based on [Hugo](https://gohugo.io/) and the [learn](https://themes.gohugo.io/theme/hugo-theme-learn/en) theme.
|
The site is based on [Hugo](https://gohugo.io/) and the [learn](https://themes.gohugo.io/theme/hugo-theme-learn/en) theme.
|
||||||
The Hugo version being used is 0.92.0.
|
|
||||||
|
|
||||||
- [Directory structure](#directory-structure)
|
- [Directory structure](#directory-structure)
|
||||||
- [content](#content)
|
- [content](#content)
|
||||||
|
|
|
@ -16,7 +16,7 @@ The agent (which we sometimes refer to as the Infection Monkey) is a single Pyth
|
||||||
|
|
||||||
In order to compile the Infection Monkey for distribution by the Monkey Island, you'll need to run the instructions listed in the [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/readme.txt) on each supported environment.
|
In order to compile the Infection Monkey for distribution by the Monkey Island, you'll need to run the instructions listed in the [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/readme.txt) on each supported environment.
|
||||||
|
|
||||||
This means setting up an environment with Linux 64-bit with Python installed and a Windows 64-bit machine with developer tools, along with 64-bit Python versions.
|
This means setting up an environment with Linux 32/64-bit with Python installed and a Windows 64-bit machine with developer tools, along with 32/64-bit Python versions.
|
||||||
|
|
||||||
## The Monkey Island
|
## The Monkey Island
|
||||||
|
|
||||||
|
|
|
@ -14,11 +14,11 @@ The Infection Monkey has development tutorials that use [`swimm.io`](https://swi
|
||||||
|
|
||||||
First, [sign up for swimm's beta](https://swimm.io/sign-beta). `swimm` is free for open-source projects, but as they're still in beta you'll need to sign up in order to download it.
|
First, [sign up for swimm's beta](https://swimm.io/sign-beta). `swimm` is free for open-source projects, but as they're still in beta you'll need to sign up in order to download it.
|
||||||
|
|
||||||
After you've downloaded and installed `swimm`, open a shell in the Infection Monkey repo folder and run:
|
After you've downloaded and installed `swimm`, open a shell in the Infeciton Monkey repo folder and run:
|
||||||
|
|
||||||
```shell script
|
```shell script
|
||||||
swimm start
|
swimm start
|
||||||
```
|
```
|
||||||
|
|
||||||
A local web server with the currently available tutorials should show up, and will look something like this:
|
A local web server with the currently available tutorials should show up, and will look something like this:
|
||||||
|
|
||||||
|
|
|
@ -4,11 +4,11 @@ date = 2020-05-26T20:55:04+03:00
|
||||||
weight = 30
|
weight = 30
|
||||||
chapter = true
|
chapter = true
|
||||||
pre = '<i class="fas fa-layer-group"></i> '
|
pre = '<i class="fas fa-layer-group"></i> '
|
||||||
tags = ["reference"]
|
tags = ["reference"]
|
||||||
+++
|
+++
|
||||||
|
|
||||||
# Reference
|
# Reference
|
||||||
|
|
||||||
Find detailed information about the Infection Monkey:
|
Find detailed information about the Infection Monkey.
|
||||||
|
|
||||||
{{% children %}}
|
{{% children %}}
|
||||||
|
|
|
@ -1,18 +0,0 @@
|
||||||
---
|
|
||||||
title: "Agent propagation"
|
|
||||||
date: 2022-06-03T13:17:22+05:30
|
|
||||||
draft: false
|
|
||||||
pre: '<i class="fas fa-user-secret"></i> '
|
|
||||||
weight: 2
|
|
||||||
tags: ["agent", "propagation", "reference"]
|
|
||||||
---
|
|
||||||
|
|
||||||
## How does the Infection Monkey Agent propagate to a new machine?
|
|
||||||
|
|
||||||
The agent propagates using remote code execution vulnerabilities. Once the
|
|
||||||
agent has achieved remote code execution on the victim, it executes commands
|
|
||||||
that are similar to the ones described in [manual run
|
|
||||||
page.](../../usage/running-manually/)
|
|
||||||
|
|
||||||
On Windows targets, the agent is copied to `C:\Windows\temp\monkey64.exe`. On
|
|
||||||
Linux targets, it is copied to `/tmp/monkey`.
|
|
|
@ -22,8 +22,8 @@ On Windows, the default path is `%AppData%\monkey_island`.
|
||||||
The location of the data directory is set in the `data_dir` field in the
|
The location of the data directory is set in the `data_dir` field in the
|
||||||
`server_config.json` file.
|
`server_config.json` file.
|
||||||
|
|
||||||
1. [Create a custom server_config.json file](../server_configuration) and set the `data_dir` field. Its
|
1. Create a custom `server_config.json` file and set the `data_dir` field. Its
|
||||||
contents will look like this:
|
contents will look like:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
title: "Drupal"
|
||||||
|
date: 2020-09-01T08:42:46+03:00
|
||||||
|
draft: false
|
||||||
|
tags: ["exploit", "linux", "windows"]
|
||||||
|
---
|
||||||
|
|
||||||
|
The Drupal exploiter exploits [CVE-2019-6340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340)
|
||||||
|
on a vulnerable Drupal server.
|
||||||
|
|
||||||
|
### Description
|
||||||
|
|
||||||
|
Some field types do not properly sanitize data from non-form sources in certain versions
|
||||||
|
of Drupal server.
|
||||||
|
|
||||||
|
This can lead to arbitrary PHP code execution in some cases.
|
||||||
|
|
||||||
|
|
||||||
|
### Affected Versions
|
||||||
|
|
||||||
|
* Drupal 8.5.x (before 8.5.11) and Drupal 8.6.x (before 8.6.10).
|
||||||
|
|
||||||
|
One of the following conditions must hold:
|
||||||
|
* The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH
|
||||||
|
or POST requests; OR
|
||||||
|
* The site has another web services module enabled, like JSON:API in
|
||||||
|
Drupal 8, or Services or RESTful Web Services in Drupal 7.
|
||||||
|
|
||||||
|
|
||||||
|
### Notes
|
||||||
|
|
||||||
|
* The Infection Monkey exploiter implementation is based on an open-source
|
||||||
|
[Python implementation](https://gist.github.com/leonjza/d0ab053be9b06fa020b66f00358e3d88/f9f6a5bb6605745e292bee3a4079f261d891738a)
|
||||||
|
of the exploit by @leonjza.
|
||||||
|
* For the full attack to work, more than one vulnerable URL is required.
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
title: "ElasticGroovy"
|
||||||
|
date: 2020-07-14T08:41:40+03:00
|
||||||
|
draft: false
|
||||||
|
tags: ["exploit", "windows", "linux"]
|
||||||
|
---
|
||||||
|
### Description
|
||||||
|
|
||||||
|
CVE-2015-1427
|
||||||
|
|
||||||
|
> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x (before 1.4.3) allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
|
||||||
|
|
||||||
|
The logic is based on the [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).
|
|
@ -1,37 +0,0 @@
|
||||||
---
|
|
||||||
title: "Log4Shell"
|
|
||||||
date: 2022-01-12T14:07:23+05:30
|
|
||||||
draft: false
|
|
||||||
tags: ["exploit", "linux", "windows"]
|
|
||||||
---
|
|
||||||
|
|
||||||
The Log4Shell exploiter exploits
|
|
||||||
[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228).
|
|
||||||
|
|
||||||
|
|
||||||
### Description
|
|
||||||
|
|
||||||
Some versions of Apache Log4j, a Java logging framework, have a logging feature
|
|
||||||
called "Message Lookup Substitution" enabled by default. This allows replacing
|
|
||||||
certain special strings by dynamically-generated strings at the time of
|
|
||||||
logging. If log messages or log message parameters can be controlled by an
|
|
||||||
attacker, arbitrary code can be executed. The Log4Shell exploiter takes
|
|
||||||
advantage of this vulnerability to propagate to a victim machine.
|
|
||||||
|
|
||||||
You can learn more about this vulnerability and potential mitigations
|
|
||||||
[here](https://logging.apache.org/log4j/2.x/security.html#Fixed_in_Log4j_2.15.0_.28Java_8.29).
|
|
||||||
|
|
||||||
|
|
||||||
### Services exploited
|
|
||||||
|
|
||||||
The Infection Monkey will attempt to exploit the Log4Shell vulnerability in the
|
|
||||||
following services:
|
|
||||||
|
|
||||||
- Apache Solr
|
|
||||||
- Apache Tomcat
|
|
||||||
- Logstash
|
|
||||||
|
|
||||||
**Note**: Even if none of these services are running in your environment,
|
|
||||||
running the Log4Shell exploiter can be a good way to test your IDS/IPS or EDR
|
|
||||||
solutions. These solutions should detect that the Infection Monkey is attempting
|
|
||||||
to exploit the Log4Shell vulnerability and raise an appropriate alert.
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
title: "MS08 067"
|
||||||
|
date: 2020-07-14T08:42:54+03:00
|
||||||
|
draft: false
|
||||||
|
tags: ["exploit", "windows"]
|
||||||
|
---
|
||||||
|
|
||||||
|
### Description
|
||||||
|
|
||||||
|
[MS08-067](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) is a remote code execution vulnerability.
|
||||||
|
|
||||||
|
This exploiter is unsafe. It's therefore **not** enabled by default.
|
||||||
|
|
||||||
|
If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If a crash in Svchost.exe occurs, the server service will be affected. This may cause a system crash due to the use of buffer overflow.
|
|
@ -7,4 +7,4 @@ tags: ["exploit", "windows"]
|
||||||
|
|
||||||
### Description
|
### Description
|
||||||
|
|
||||||
For this exploit, the Infection Monkey will try to brute force into an MsSQL server and use an insecure configuration to execute commands on the server.
|
For this exploit, the Infection Monkey will try to brute force into a MsSQL server and use an insecure configuration to execute commands on the server.
|
||||||
|
|
|
@ -22,7 +22,8 @@ The PowerShell exploiter can be run from both Linux and Windows attackers. On
|
||||||
Windows attackers, the exploiter has the ability to use the cached username
|
Windows attackers, the exploiter has the ability to use the cached username
|
||||||
and/or password from the current user. On both Linux and Windows attackers, the
|
and/or password from the current user. On both Linux and Windows attackers, the
|
||||||
exploiter uses all combinations of the [user-configured usernames and
|
exploiter uses all combinations of the [user-configured usernames and
|
||||||
passwords]({{< ref "/usage/configuration/basic-credentials" >}}), as well as LM or NT hashes that have been collected. Different combinations of
|
passwords]({{< ref "/usage/configuration/basic-credentials" >}}), as well as
|
||||||
|
and LM or NT hashes that have been collected. Different combinations of
|
||||||
credentials are attempted in the following order:
|
credentials are attempted in the following order:
|
||||||
|
|
||||||
1. **Cached username and password (Windows attacker only)** - The exploiter will
|
1. **Cached username and password (Windows attacker only)** - The exploiter will
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
title: "Struts2"
|
||||||
|
date: 2020-07-14T08:42:30+03:00
|
||||||
|
draft: false
|
||||||
|
tags: ["exploit", "linux", "windows"]
|
||||||
|
---
|
||||||
|
### Description
|
||||||
|
|
||||||
|
This exploit, CVE-2017-5638, utilizes the Struts 2 Java web framework. The logic is based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
title: "WebLogic"
|
||||||
|
date: 2020-07-14T08:42:46+03:00
|
||||||
|
draft: false
|
||||||
|
tags: ["exploit", "linux", "windows"]
|
||||||
|
---
|
||||||
|
### Description
|
||||||
|
|
||||||
|
This exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on a vulnerable WebLogic server.
|
|
@ -21,10 +21,10 @@ is, therefore, **not** enabled by default.
|
||||||
|
|
||||||
During successful exploitation, the Zerologon exploiter:
|
During successful exploitation, the Zerologon exploiter:
|
||||||
|
|
||||||
* Will temporarily change the target domain controller's password.
|
* will temporarily change the target domain controller's password.
|
||||||
* May break the target domain controller's communication with other systems in the network, affecting functionality.
|
* may break the target domain controller's communication with other systems in the network, affecting functionality.
|
||||||
* May change the administrator's password.
|
* may change the administrator's password.
|
||||||
* Will *attempt* to revert all changes.
|
* will *attempt* to revert all changes.
|
||||||
|
|
||||||
While the Zerologon exploiter is usually successful in reverting its changes
|
While the Zerologon exploiter is usually successful in reverting its changes
|
||||||
and restoring the original passwords, it sometimes fails. Restoring passwords
|
and restoring the original passwords, it sometimes fails. Restoring passwords
|
||||||
|
@ -58,17 +58,17 @@ to regain access to the system.
|
||||||
|
|
||||||
#### Use Reset-ComputerMachinePassword
|
#### Use Reset-ComputerMachinePassword
|
||||||
|
|
||||||
If you are able to log in as the administrator, you can use the
|
If you are able to login as the administrator, you can use the
|
||||||
[Reset-ComputerMachinePassword](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/reset-computermachinepassword?view=powershell-5.1)
|
[Reset-ComputerMachinePassword](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/reset-computermachinepassword?view=powershell-5.1)
|
||||||
powershell command to restore the domain controller's password.
|
powershell command to restore the domain controller's password.
|
||||||
|
|
||||||
|
|
||||||
#### Try a Zerologon password restoration tool
|
#### Try a zerologon password restoration tool
|
||||||
If all other approaches fail, you can try the tools and steps found
|
If all other approaches fail, you can try the tools and steps found
|
||||||
[here](https://github.com/risksense/zerologon).
|
[here](https://github.com/risksense/zerologon).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Note
|
### Notes
|
||||||
|
|
||||||
* The Infection Monkey exploiter implementation is based on implementations by [@dirkjanm](https://github.com/dirkjanm/CVE-2020-1472/) and [@risksense](https://github.com/risksense/zerologon).
|
* The Infection Monkey exploiter implementation is based on implementations by [@dirkjanm](https://github.com/dirkjanm/CVE-2020-1472/) and [@risksense](https://github.com/risksense/zerologon).
|
||||||
|
|
|
@ -9,7 +9,7 @@ tags = ["reference", "exploit"]
|
||||||
|
|
||||||
# Exploiters
|
# Exploiters
|
||||||
|
|
||||||
The Infection Monkey uses various remote code execution (RCE) exploiters. To our best knowledge, most of these pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and the vulnerabilities they use:
|
The Infection Monkey uses various remote code execution (RCE) exploiters. To our best knowledge, most of these pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and the vulnerabilities they use.
|
||||||
|
|
||||||
{{% children %}}
|
{{% children %}}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
title: "ShellShock"
|
||||||
|
date: 2020-07-14T08:41:32+03:00
|
||||||
|
draft: false
|
||||||
|
tags: ["exploit", "linux"]
|
||||||
|
---
|
||||||
|
### Description
|
||||||
|
|
||||||
|
This exploit, CVE-2014-6271, is based on the [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
|
||||||
|
|
||||||
|
> In GNU Bash (through 4.3), processes trailing strings after function definitions in the values of environment variables allow remote attackers to execute arbitrary code via a crafted environment. This is demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients and other situations in which setting the environment occurs across a privilege boundary from Bash execution, AKA "ShellShock."
|
|
@ -4,7 +4,7 @@ date: 2020-07-14T08:09:53+03:00
|
||||||
draft: false
|
draft: false
|
||||||
pre: '<i class="fas fa-laptop"></i> '
|
pre: '<i class="fas fa-laptop"></i> '
|
||||||
weight: 10
|
weight: 10
|
||||||
tags: ["setup", "reference", "windows", "linux"]
|
tags: ["setup", "reference", "windows", "linux"]
|
||||||
---
|
---
|
||||||
|
|
||||||
The Infection Monkey project supports many popular OSes (but we are always interested in supporting more).
|
The Infection Monkey project supports many popular OSes (but we are always interested in supporting more).
|
||||||
|
@ -44,4 +44,21 @@ Compatibility depends on GLIBC version (2.14+)[^1]. By default, these distributi
|
||||||
|
|
||||||
We also provide a Dockerfile on our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
|
We also provide a Dockerfile on our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
|
||||||
|
|
||||||
|
### Old machine bootloader
|
||||||
|
|
||||||
|
Some **older machines** still have partial compatibility and will be exploited and reported, but the Infection Monkey agent can't run on them. In these cases, old machine bootloader (a small C program) will be run, which reports some minor info like network interface configuration, GLIBC version, OS, etc.
|
||||||
|
|
||||||
|
**Old machine bootloader** also has a GLIBC 2.14+ requirement for Linux because the bootloader is included in the Pyinstaller bootloader, which uses Python 3.7 that in turn requires GLIBC 2.14+. If you think partial support for older machines is important, don't hesitate to open a new issue about it.
|
||||||
|
|
||||||
|
**Old machine bootloader** runs on machines with:
|
||||||
|
|
||||||
|
- Centos 7+
|
||||||
|
- Debian 7+
|
||||||
|
- Kali 2019+
|
||||||
|
- Oracle 7+
|
||||||
|
- Rhel 7+
|
||||||
|
- Suse 12+
|
||||||
|
- Ubuntu 14+
|
||||||
|
- **Windows XP/Server 2003+**
|
||||||
|
|
||||||
[^1]: The GLIBC >= 2.14 requirement exists because the Infection Monkey was built using this GLIBC version, and GLIBC is not backward compatible. We are also limited to the oldest GLIBC version compatible with Python 3.7.
|
[^1]: The GLIBC >= 2.14 requirement exists because the Infection Monkey was built using this GLIBC version, and GLIBC is not backward compatible. We are also limited to the oldest GLIBC version compatible with Python 3.7.
|
||||||
|
|
|
@ -29,13 +29,14 @@ The currently implemented Fingerprint modules are:
|
||||||
2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22) and extracts the computer version and SSH banner.
|
2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22) and extracts the computer version and SSH banner.
|
||||||
3. [`PingScanner`][ping-scanner] - Fingerprints target machine's TTL to differentiate between Linux and Windows hosts.
|
3. [`PingScanner`][ping-scanner] - Fingerprints target machine's TTL to differentiate between Linux and Windows hosts.
|
||||||
4. [`HTTPFinger`][http-finger] - Detects HTTP/HTTPS services, using the ports listed in `HTTP_PORTS` in the configuration, will return the server type and if it supports SSL.
|
4. [`HTTPFinger`][http-finger] - Detects HTTP/HTTPS services, using the ports listed in `HTTP_PORTS` in the configuration, will return the server type and if it supports SSL.
|
||||||
5. [`ElasticFinger`][elastic-finger] - Fingerprints ElasticSearch (port 9200) and will extract the cluster name, node name and node version.
|
5. [`MySQLFinger`][mysql-finger] - Fingerprints MySQL (port 3306) and will extract MySQL banner info - version, major/minor/build and capabilities.
|
||||||
|
6. [`ElasticFinger`][elastic-finger] - Fingerprints ElasticSearch (port 9200) will extract the cluster name, node name and node version.
|
||||||
|
|
||||||
## Adding a scanner/fingerprinter
|
## Adding a scanner/fingerprinter
|
||||||
|
|
||||||
To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
|
To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
|
||||||
|
|
||||||
To use the new scanner/fingerprinter by default, modify [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) to add references to the new class.
|
To use the new scanner/fingerprinter by default, two files need to be changed - [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) and [`infection_monkey/example.conf`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/example.conf) to add references to the new class.
|
||||||
|
|
||||||
At this point, the Infection Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
|
At this point, the Infection Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
|
||||||
|
|
||||||
|
@ -43,6 +44,7 @@ At this point, the Infection Monkey knows how to use the new scanner/fingerprint
|
||||||
[http-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/httpfinger.py
|
[http-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/httpfinger.py
|
||||||
[host-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
|
[host-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
|
||||||
[host-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
|
[host-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
|
||||||
|
[mysql-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/mysqlfinger.py
|
||||||
[ping-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/ping_scanner.py
|
[ping-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/ping_scanner.py
|
||||||
[smb-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/smbfinger.py
|
[smb-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/smbfinger.py
|
||||||
[ssh-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/sshfinger.py
|
[ssh-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/sshfinger.py
|
||||||
|
|
|
@ -1,47 +0,0 @@
|
||||||
---
|
|
||||||
title: "Server configuration"
|
|
||||||
date: 2021-11-26T12:00:19+02:00
|
|
||||||
draft: true
|
|
||||||
pre: '<i class="fas fa-cogs"></i> '
|
|
||||||
weight: 1
|
|
||||||
---
|
|
||||||
|
|
||||||
## Configuring the Island
|
|
||||||
|
|
||||||
The Island Server(C&C) is configured by creating a `server_config.json` file.
|
|
||||||
|
|
||||||
### Creating a configuration file
|
|
||||||
|
|
||||||
Here's an example `server_config.json` with all options specified:
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"log_level": "DEBUG",
|
|
||||||
"ssl_certificate": {
|
|
||||||
"ssl_certificate_file": "<PATH_TO_CRT_FILE>",
|
|
||||||
"ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
|
|
||||||
},
|
|
||||||
"mongodb": {
|
|
||||||
"start_mongodb": true
|
|
||||||
},
|
|
||||||
"data_dir": "/monkey_island_data"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Only relevant options can be specified, for example:
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"ssl_certificate": {
|
|
||||||
"ssl_certificate_file": "<PATH_TO_CRT_FILE>",
|
|
||||||
"ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### Configuration options
|
|
||||||
|
|
||||||
See setup instructions for your operating system to understand how to apply these.
|
|
||||||
|
|
||||||
- `log_level` - can be set to `"DEBUG"`(verbose), `"INFO"`(less verbose) or `"ERROR"`(silent, except errors).
|
|
||||||
- `ssl_certificate` - contains paths for files, required to run the Island server with custom certificate.
|
|
||||||
- `data_dir` - path to a writeable directory where the Island will store the database and other files.
|
|
||||||
- `mongodb` - options for MongoDB. Should not be changed unless you want to run your own instance of MongoDB.
|
|
|
@ -8,6 +8,6 @@ pre = "<i class='fas fa-scroll'></i> "
|
||||||
|
|
||||||
# Infection Monkey's Reports
|
# Infection Monkey's Reports
|
||||||
|
|
||||||
The Infection Monkey offers four reports:
|
The Infection Monkey offers three reports:
|
||||||
|
|
||||||
{{% children description=true style="p"%}}
|
{{% children description=true style="p"%}}
|
||||||
|
|
|
@ -18,7 +18,7 @@ Watch the overview video:
|
||||||
|
|
||||||
## How to use the report
|
## How to use the report
|
||||||
|
|
||||||
The MITRE ATT&CK report is centered around the ATT&CK matrix:
|
The MITRE ATT&CK report is centred around the ATT&CK matrix:
|
||||||
|
|
||||||
![MITRE Report](/images/usage/reports/mitre-report-0.png "MITRE Report")
|
![MITRE Report](/images/usage/reports/mitre-report-0.png "MITRE Report")
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,7 @@ This diagram provides you with a quick glance at how your organization scores on
|
||||||
|
|
||||||
![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary")
|
![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary")
|
||||||
|
|
||||||
## Test results
|
## Test Results
|
||||||
|
|
||||||
This section shows how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust pillar, so you can quickly navigate to the category you want to prioritize.
|
This section shows how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust pillar, so you can quickly navigate to the category you want to prioritize.
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,12 @@ When ready, you can browse to the Infection Monkey running on the fresh deployme
|
||||||
|
|
||||||
`https://{public-ip}:5000`
|
`https://{public-ip}:5000`
|
||||||
|
|
||||||
To login to the machine, use *ubuntu* username.
|
You will be presented with a login page. Enter the username **monkey**, and the
|
||||||
|
new EC2 instance's **instance ID** for your password. To find your instance ID,
|
||||||
|
go to the EC2 console and select your instance. It should appear in the details
|
||||||
|
pane below.
|
||||||
|
|
||||||
|
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
|
||||||
|
|
||||||
## Integration with AWS services
|
## Integration with AWS services
|
||||||
|
|
||||||
|
|
|
@ -23,13 +23,13 @@ The Infection Monkey Docker container works on Linux only. It is not compatible
|
||||||
1. Extract the Monkey Island Docker tarball:
|
1. Extract the Monkey Island Docker tarball:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
tar -xvzf InfectionMonkey-docker-v1.13.0.tgz
|
tar -xvzf InfectionMonkey-docker-v1.12.0.tgz
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Load the Monkey Island Docker image:
|
1. Load the Monkey Island Docker image:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo docker load -i InfectionMonkey-docker-v1.13.0.tar
|
sudo docker load -i InfectionMonkey-docker-v1.12.0.tar
|
||||||
```
|
```
|
||||||
|
|
||||||
### 2. Start MongoDB
|
### 2. Start MongoDB
|
||||||
|
@ -49,12 +49,12 @@ any MongoDB containers or volumes associated with the previous version.
|
||||||
mongo:4.2
|
mongo:4.2
|
||||||
```
|
```
|
||||||
|
|
||||||
### 3. Start Monkey Island with default certificate
|
### 3a. Start Monkey Island with default certificate
|
||||||
|
|
||||||
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
|
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
|
||||||
enterprise or other security-sensitive environments, it is recommended that the
|
enterprise or other security-sensitive environments, it is recommended that the
|
||||||
user [provide Infection Monkey with a
|
user [provide Infection Monkey with a
|
||||||
certificate](#start-monkey-island-with-user-provided-certificate) that has
|
certificate](#3b-start-monkey-island-with-user-provided-certificate) that has
|
||||||
been signed by a private certificate authority.
|
been signed by a private certificate authority.
|
||||||
|
|
||||||
1. Run the Monkey Island server
|
1. Run the Monkey Island server
|
||||||
|
@ -67,57 +67,23 @@ been signed by a private certificate authority.
|
||||||
guardicore/monkey-island:VERSION
|
guardicore/monkey-island:VERSION
|
||||||
```
|
```
|
||||||
|
|
||||||
### 4. Accessing Monkey Island
|
### 3b. Start Monkey Island with user-provided certificate
|
||||||
|
{{% notice info %}}
|
||||||
|
If you are upgrading the Infection Monkey to a new version, be sure to remove
|
||||||
|
any volumes associated with the previous version.
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
After the Monkey Island docker container starts, you can access Monkey Island by pointing your browser at `https://localhost:5000`.
|
1. Create a directory named `monkey_island_data`. If you already have it,
|
||||||
|
**make sure it's empty**. This will serve as the location where Infection
|
||||||
|
Monkey stores its configuration and runtime artifacts.
|
||||||
|
|
||||||
## Configuring the server
|
|
||||||
|
|
||||||
You can configure the server by mounting a volume and specifying a
|
|
||||||
[server configuration file](../../reference/server_configuration):
|
|
||||||
|
|
||||||
1. Create a directory for server configuration file, e.g. `monkey_island_data`:
|
|
||||||
```bash
|
```bash
|
||||||
mkdir ./monkey_island_data
|
mkdir ./monkey_island_data
|
||||||
chmod 700 ./monkey_island_data
|
chmod 700 ./monkey_island_data
|
||||||
```
|
```
|
||||||
1. Move your `server_config.json` file to `./monkey_island_data` directory.
|
|
||||||
1. Run the container with a mounted volume, specify the path to the `server_config.json`:
|
|
||||||
```bash
|
|
||||||
sudo docker run \
|
|
||||||
--rm \
|
|
||||||
--name monkey-island \
|
|
||||||
--network=host \
|
|
||||||
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
|
||||||
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
|
||||||
guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
|
|
||||||
```
|
|
||||||
|
|
||||||
### Start Monkey Island with user-provided certificate
|
1. Run Monkey Island with the `--setup-only` flag to populate the `./monkey_island_data` directory with a default `server_config.json` file.
|
||||||
|
|
||||||
By default, Infection Monkey comes with a [self-signed SSL
|
|
||||||
certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
|
|
||||||
enterprise or other security-sensitive environments, it is recommended that the
|
|
||||||
user provide Infection Monkey with a certificate that has been signed by a
|
|
||||||
private certificate authority.
|
|
||||||
|
|
||||||
1. Terminate the docker container if it's already running.
|
|
||||||
1. Move your `.crt` and `.key` files to `./monkey_island_data` (directory created for the volume).
|
|
||||||
1. Make sure that your `.crt` and `.key` files are readable only by you.
|
|
||||||
```bash
|
|
||||||
chmod 600 <PATH_TO_KEY_FILE>
|
|
||||||
chmod 600 <PATH_TO_CRT_FILE>
|
|
||||||
```
|
|
||||||
1. Modify the [server configuration file](../../reference/server_configuration) and add the following lines:
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"ssl_certificate": {
|
|
||||||
"ssl_certificate_file": "/monkey_island_data/my_cert.crt",
|
|
||||||
"ssl_certificate_key_file": "/monkey_island_data/my_key.key"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
1. Run the container with a mounted volume, specify the path to the `server_config.json`:
|
|
||||||
```bash
|
```bash
|
||||||
sudo docker run \
|
sudo docker run \
|
||||||
--rm \
|
--rm \
|
||||||
|
@ -125,32 +91,55 @@ private certificate authority.
|
||||||
--network=host \
|
--network=host \
|
||||||
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
||||||
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
||||||
guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
|
guardicore/monkey-island:VERSION --setup-only
|
||||||
```
|
```
|
||||||
1. Access the Monkey Island web UI by pointing your browser at
|
|
||||||
`https://localhost:5000`.
|
|
||||||
|
|
||||||
### Change logging level
|
1. Move your `.crt` and `.key` files to `./monkey_island_data`.
|
||||||
|
|
||||||
1. Stop the docker container if it's already running.
|
1. Make sure that your `.crt` and `.key` files are readable and writeable only by you.
|
||||||
1. Modify the [server configuration file](../../reference/server_configuration) by adding the following lines:
|
|
||||||
```json
|
```bash
|
||||||
|
chmod 600 ./monkey_island_data/<KEY_FILE>
|
||||||
|
chmod 600 ./monkey_island_data/<CRT_FILE>
|
||||||
|
```
|
||||||
|
|
||||||
|
1. Edit `./monkey_island_data/server_config.json` to configure Monkey Island
|
||||||
|
to use your certificate. Your config should look something like this:
|
||||||
|
|
||||||
|
```json {linenos=inline,hl_lines=["11-14"]}
|
||||||
{
|
{
|
||||||
"log_level": "INFO"
|
"data_dir": "/monkey_island_data",
|
||||||
|
"log_level": "DEBUG",
|
||||||
|
"environment": {
|
||||||
|
"server_config": "password",
|
||||||
|
"deployment": "docker"
|
||||||
|
},
|
||||||
|
"mongodb": {
|
||||||
|
"start_mongodb": false
|
||||||
|
},
|
||||||
|
"ssl_certificate": {
|
||||||
|
"ssl_certificate_file": "/monkey_island_data/<CRT_FILE>",
|
||||||
|
"ssl_certificate_key_file": "/monkey_island_data/<KEY_FILE>"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
1. Run the container with a mounted volume, specify the path to the `server_config.json`:
|
|
||||||
|
1. Start the Monkey Island server:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo docker run \
|
sudo docker run \
|
||||||
--rm \
|
--tty \
|
||||||
|
--interactive \
|
||||||
--name monkey-island \
|
--name monkey-island \
|
||||||
--network=host \
|
--network=host \
|
||||||
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
||||||
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
||||||
guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
|
guardicore/monkey-island:VERSION
|
||||||
```
|
```
|
||||||
1. Access the Monkey Island web UI by pointing your browser at
|
|
||||||
`https://localhost:5000`.
|
### 4. Accessing Monkey Island
|
||||||
|
|
||||||
|
After the Monkey Island docker container starts, you can access Monkey Island by pointing your browser at `https://localhost:5000`.
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
||||||
|
|
|
@ -23,18 +23,18 @@ installed, but the ones that we've tested are:
|
||||||
- Ubuntu Focal 20.04
|
- Ubuntu Focal 20.04
|
||||||
- Ubuntu Hirsute 21.04
|
- Ubuntu Hirsute 21.04
|
||||||
|
|
||||||
On Windows, AppImage can be run in WSL 2.
|
On Windows, AppImage can be run in WSL.
|
||||||
|
|
||||||
|
|
||||||
## Deployment
|
## Deployment
|
||||||
|
|
||||||
1. Make the AppImage package executable:
|
1. Make the AppImage package executable:
|
||||||
```bash
|
```bash
|
||||||
chmod u+x InfectionMonkey-v1.13.0.AppImage
|
chmod u+x InfectionMonkey-v1.12.0.AppImage
|
||||||
```
|
```
|
||||||
1. Start Monkey Island by running the Infection Monkey AppImage package:
|
1. Start Monkey Island by running the Infection Monkey AppImage package:
|
||||||
```bash
|
```bash
|
||||||
./InfectionMonkey-v1.13.0.AppImage
|
./InfectionMonkey-v1.12.0.AppImage
|
||||||
```
|
```
|
||||||
1. Access the Monkey Island web UI by pointing your browser at
|
1. Access the Monkey Island web UI by pointing your browser at
|
||||||
`https://localhost:5000`.
|
`https://localhost:5000`.
|
||||||
|
@ -46,28 +46,6 @@ do, see the [FAQ]({{< ref
|
||||||
>}}) for more information.
|
>}}) for more information.
|
||||||
{{% /notice %}}
|
{{% /notice %}}
|
||||||
|
|
||||||
## Running the Infection Monkey as a service on boot
|
|
||||||
|
|
||||||
The Infection Monkey can be installed as a service and run on boot by running the AppImage package
|
|
||||||
with the following parameters. This requires root permissions, so run `sudo -v` and enter your
|
|
||||||
password before running the script, if required.
|
|
||||||
```bash
|
|
||||||
./InfectionMonkey-v1.13.0.AppImage service --install --user <USERNAME>
|
|
||||||
```
|
|
||||||
|
|
||||||
To uninstall it, run:
|
|
||||||
```bash
|
|
||||||
./InfectionMonkey-v1.13.0.AppImage service --uninstall
|
|
||||||
```
|
|
||||||
|
|
||||||
## Configuring the server
|
|
||||||
|
|
||||||
You can configure the server by creating
|
|
||||||
a [server configuration file](../../reference/server_configuration) and
|
|
||||||
providing a path to it via command line parameters:
|
|
||||||
|
|
||||||
`./InfectionMonkey-v1.13.0.AppImage --server-config="/path/to/server_config.json"`
|
|
||||||
|
|
||||||
### Start Monkey Island with user-provided certificate
|
### Start Monkey Island with user-provided certificate
|
||||||
|
|
||||||
By default, Infection Monkey comes with a [self-signed SSL
|
By default, Infection Monkey comes with a [self-signed SSL
|
||||||
|
@ -76,7 +54,13 @@ enterprise or other security-sensitive environments, it is recommended that the
|
||||||
user provide Infection Monkey with a certificate that has been signed by a
|
user provide Infection Monkey with a certificate that has been signed by a
|
||||||
private certificate authority.
|
private certificate authority.
|
||||||
|
|
||||||
1. Terminate the Island process if it's already running.
|
1. Run the Infection Monkey AppImage package with the `--setup-only` flag to
|
||||||
|
populate the `$HOME/.monkey_island` directory with a default
|
||||||
|
`server_config.json` file.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
./InfectionMonkey-v1.12.0.AppImage --setup-only
|
||||||
|
```
|
||||||
|
|
||||||
1. (Optional but recommended) Move your `.crt` and `.key` files to
|
1. (Optional but recommended) Move your `.crt` and `.key` files to
|
||||||
`$HOME/.monkey_island`.
|
`$HOME/.monkey_island`.
|
||||||
|
@ -88,42 +72,30 @@ private certificate authority.
|
||||||
chmod 600 <PATH_TO_CRT_FILE>
|
chmod 600 <PATH_TO_CRT_FILE>
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Create a [server configuration file and provide the path to the certificate](../../reference/server_configuration).
|
1. Edit `$HOME/.monkey_island/server_config.json` to configure Monkey Island
|
||||||
The server configuration file should look something like:
|
to use your certificate. Your config should look something like this:
|
||||||
|
|
||||||
```json
|
```json {linenos=inline,hl_lines=["11-14"]}
|
||||||
{
|
{
|
||||||
"ssl_certificate": {
|
"data_dir": "~/.monkey_island",
|
||||||
"ssl_certificate_file": "$HOME/.monkey_island/my_cert.crt",
|
"log_level": "DEBUG",
|
||||||
"ssl_certificate_key_file": "$HOME/.monkey_island/my_key.key"
|
"environment": {
|
||||||
}
|
"server_config": "password",
|
||||||
|
"deployment": "linux"
|
||||||
|
},
|
||||||
|
"mongodb": {
|
||||||
|
"start_mongodb": true
|
||||||
|
},
|
||||||
|
"ssl_certificate": {
|
||||||
|
"ssl_certificate_file": "<PATH_TO_CRT_FILE>",
|
||||||
|
"ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Start Monkey Island by running the Infection Monkey AppImage package:
|
1. Start Monkey Island by running the Infection Monkey AppImage package:
|
||||||
```bash
|
```bash
|
||||||
./InfectionMonkey-v1.13.0.AppImage --server-config="/path/to/server_config.json"
|
./InfectionMonkey-v1.12.0.AppImage
|
||||||
```
|
|
||||||
|
|
||||||
1. Access the Monkey Island web UI by pointing your browser at
|
|
||||||
`https://localhost:5000`.
|
|
||||||
|
|
||||||
### Change logging level
|
|
||||||
|
|
||||||
1. Terminate the Island process if it's already running.
|
|
||||||
|
|
||||||
1. Create a [server configuration file](../../reference/server_configuration).
|
|
||||||
The server configuration file should look something like:
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"log_level": "INFO"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
1. Start Monkey Island by running the Infection Monkey AppImage package:
|
|
||||||
```bash
|
|
||||||
./InfectionMonkey-v1.13.0.AppImage --server-config="/path/to/server_config.json"
|
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Access the Monkey Island web UI by pointing your browser at
|
1. Access the Monkey Island web UI by pointing your browser at
|
||||||
|
|
|
@ -26,13 +26,6 @@ do, see the [FAQ]({{< ref
|
||||||
"/faq/#i-updated-to-a-new-version-of-the-infection-monkey-and-im-being-asked-to-delete-my-existing-data-directory-why"
|
"/faq/#i-updated-to-a-new-version-of-the-infection-monkey-and-im-being-asked-to-delete-my-existing-data-directory-why"
|
||||||
>}}) for more information.
|
>}}) for more information.
|
||||||
{{% /notice %}}
|
{{% /notice %}}
|
||||||
>
|
|
||||||
## Configuring the server
|
|
||||||
|
|
||||||
You can configure the server by editing [the configuration
|
|
||||||
file](../../reference/server_configuration) located in installation directory.
|
|
||||||
The default path is
|
|
||||||
`C:\Program Files\Guardicore\Monkey Island\monkey\monkey_island\cc\server_config.json`.
|
|
||||||
|
|
||||||
### Start Monkey Island with user-provided certificate
|
### Start Monkey Island with user-provided certificate
|
||||||
|
|
||||||
|
@ -41,35 +34,32 @@ enterprise or other security-sensitive environments, it is recommended that the
|
||||||
user provide Infection Monkey with a certificate that has been signed by a
|
user provide Infection Monkey with a certificate that has been signed by a
|
||||||
private certificate authority.
|
private certificate authority.
|
||||||
|
|
||||||
|
1. If you haven't already, run the Monkey Island by clicking on the desktop
|
||||||
|
shortcut. This will populate MongoDB, as well as create and populate
|
||||||
|
`%AppData%\monkey_island`.
|
||||||
1. Stop the Monkey Island process.
|
1. Stop the Monkey Island process.
|
||||||
1. (Optional but recommended) Move your `.crt` and `.key` files to `%AppData%\monkey_island`.
|
1. (Optional but recommended) Move your `.crt` and `.key` files to `%AppData%\monkey_island`.
|
||||||
1. Modify the `server_config.json` (by default located in `C:\Program Files\Guardicore\Monkey Island\monkey\monkey_island\cc\server_config.json`) by adding the following lines:
|
1. Edit `%AppData%\monkey_island\server_config.json` to configure Monkey Island
|
||||||
```json
|
to use your certificate. Your config should look something like this:
|
||||||
|
|
||||||
|
```json {linenos=inline,hl_lines=["11-14"]}
|
||||||
{
|
{
|
||||||
...
|
"log_level": "DEBUG",
|
||||||
"ssl_certificate": {
|
"environment": {
|
||||||
"ssl_certificate_file": "%AppData%\\monkey_island\\my_cert.crt",
|
"server_config": "password",
|
||||||
"ssl_certificate_key_file": "%AppData%\\monkey_island\\my_key.key"
|
"deployment": "windows"
|
||||||
},
|
},
|
||||||
...
|
"mongodb": {
|
||||||
|
"start_mongodb": true
|
||||||
|
},
|
||||||
|
"ssl_certificate": {
|
||||||
|
"ssl_certificate_file": "<PATH_TO_CRT_FILE>",
|
||||||
|
"ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
1. Run the Monkey Island by clicking on the desktop shortcut.
|
1. Run the Monkey Island by clicking on the desktop shortcut.
|
||||||
1. Access the Monkey Island web UI by pointing your browser at
|
|
||||||
`https://localhost:5000`.
|
|
||||||
|
|
||||||
### Change logging level
|
|
||||||
|
|
||||||
1. Stop the Island server.
|
|
||||||
1. Modify the `server_config.json` (by default located in `C:\Program Files\Guardicore\Monkey Island\monkey\monkey_island\cc\server_config.json`) by adding the following lines:
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
...
|
|
||||||
"log_level": "INFO",
|
|
||||||
...
|
|
||||||
}
|
|
||||||
```
|
|
||||||
1. Run the Monkey Island by clicking on the desktop shortcut.
|
|
||||||
1. Access the Monkey Island web UI by pointing your browser at
|
1. Access the Monkey Island web UI by pointing your browser at
|
||||||
`https://localhost:5000`.
|
`https://localhost:5000`.
|
||||||
|
|
||||||
|
|
|
@ -10,4 +10,4 @@ pre = '<i class="fas fa-users-cog"></i> '
|
||||||
|
|
||||||
If you're new to the Infection Monkey, check out our [Getting Started](getting-started) page.
|
If you're new to the Infection Monkey, check out our [Getting Started](getting-started) page.
|
||||||
|
|
||||||
If you haven't downloaded the Infection Monkey yet, {{% button href="https://www.akamai.com/infectionmonkey#download" icon="fas fa-download" %}}Get Infection Monkey here{{% /button %}}!
|
If you haven't downloaded the Infection Monkey yet, {{% button href="https://www.guardicore.com/infectionmonkey/#download" icon="fas fa-download" %}}Get Infection Monkey here{{% /button %}}!
|
||||||
|
|
|
@ -8,7 +8,5 @@ description: "Configure settings related to the Monkey's network activity."
|
||||||
Here you can control multiple important settings, such as:
|
Here you can control multiple important settings, such as:
|
||||||
|
|
||||||
* Network propagation depth - How many hops from the base machine will the Infection Monkey spread?
|
* Network propagation depth - How many hops from the base machine will the Infection Monkey spread?
|
||||||
* Scan Agent's networks - Should the Infection Monkey attempt to attack any machine in its subnet?
|
* Local network scan - Should the Infection Monkey attempt to attack any machine in its subnet?
|
||||||
|
|
||||||
_Be careful when using this option. If a machine is connected to a public network, then the agent will scan the public network!_
|
|
||||||
* Scanner IP/subnet list - Which specific IP ranges should the Infection Monkey should try to attack?
|
* Scanner IP/subnet list - Which specific IP ranges should the Infection Monkey should try to attack?
|
||||||
|
|
|
@ -6,7 +6,7 @@ weight: 100
|
||||||
pre: "<i class='fas fa-certificate'></i> "
|
pre: "<i class='fas fa-certificate'></i> "
|
||||||
---
|
---
|
||||||
|
|
||||||
The official distribution of Infection Monkey is compiled and supplied by Guardicore ([download from our official site here](https://www.akamai.com/infectionmonkey#download)). The team signs all software packages to certify that a particular Infection Monkey package is a valid and unaltered Infection Monkey release. Before installing Monkey, you should validate the package using the SHA-256 checksum.
|
The official distribution of Infection Monkey is compiled and supplied by Guardicore ([download from our official site here](https://www.guardicore.com/infectionmonkey/#download)). The team signs all software packages to certify that a particular Infection Monkey package is a valid and unaltered Infection Monkey release. Before installing Monkey, you should validate the package using the SHA-256 checksum.
|
||||||
|
|
||||||
## How to get SHA-256 checksum
|
## How to get SHA-256 checksum
|
||||||
|
|
||||||
|
@ -35,19 +35,6 @@ $ sha256sum monkey-linux-64
|
||||||
|
|
||||||
## Latest version checksums
|
## Latest version checksums
|
||||||
|
|
||||||
| Filename | Type | Version | SHA256 |
|
|
||||||
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
|
||||||
| monkey-windows-64.exe | Windows Agent | 1.13.0 | `3EDD20DE2247047C8A822C84145981936CE2FD0BDF843EB5CA777CA4D2478B35` |
|
|
||||||
| monkey-windows-32.exe | Windows Agent | 1.13.0 | `7497907E3CF4FFEB121A7795BFA16709800E6E0F99770F64AF7FFF684ECBA6D6` |
|
|
||||||
| monkey-linux-64 | Linux Agent | 1.13.0 | `F21E709CB7BA8DAF90B908AF5FE485BA43866C325D3C7CE1EB07E8A2323E07C1` |
|
|
||||||
| monkey-linux-32 | Linux Agent | 1.13.0 | `24C5779825F26C76A8910794836647096F4BB4B47CFD6AD213CC48116D140FAB` |
|
|
||||||
| InfectionMonkey-v1.13.0.AppImage | Linux Package | 1.13.0 | `CDED4E8394A4D2A809BA9B74B924AEA590317515B9B032BA8005A93DFCE1C861` |
|
|
||||||
| InfectionMonkey-docker-v1.13.0.tgz | Docker | 1.13.0 | `342701BA8EC5B754C59685896FC3DCDBB93362FFFAD0EC7F9E2E5B99DA26F5EC` |
|
|
||||||
| InfectionMonkey-v1.13.0.exe | Windows Installer | 1.13.0 | `D35ED6CAF21AC786D9A438510282FA07AEF812590A5E6405A01F2B06661B33B9` |
|
|
||||||
|
|
||||||
|
|
||||||
## Older checksums
|
|
||||||
|
|
||||||
| Filename | Type | Version | SHA256 |
|
| Filename | Type | Version | SHA256 |
|
||||||
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
||||||
| monkey-windows-64.exe | Windows Agent | 1.12.0 | `02e5e051a96e2ca61ae8e661b3a5828ee53a0fc00aca6502d5c73a46754f0d07` |
|
| monkey-windows-64.exe | Windows Agent | 1.12.0 | `02e5e051a96e2ca61ae8e661b3a5828ee53a0fc00aca6502d5c73a46754f0d07` |
|
||||||
|
@ -57,6 +44,12 @@ $ sha256sum monkey-linux-64
|
||||||
| InfectionMonkey-v1.12.0.AppImage | Linux Package | 1.12.0 | `1325f2aa1d0c27aec2e2f9864ed53c53c524bd208313f87ea6606f59c90ff310` |
|
| InfectionMonkey-v1.12.0.AppImage | Linux Package | 1.12.0 | `1325f2aa1d0c27aec2e2f9864ed53c53c524bd208313f87ea6606f59c90ff310` |
|
||||||
| InfectionMonkey-docker-v1.12.0.tgz | Docker | 1.12.0 | `dcaf669411d55ea6883920597af4a35f3735a286801e08b6ef047cc91ff32769` |
|
| InfectionMonkey-docker-v1.12.0.tgz | Docker | 1.12.0 | `dcaf669411d55ea6883920597af4a35f3735a286801e08b6ef047cc91ff32769` |
|
||||||
| InfectionMonkey-v1.12.0.exe | Windows Installer | 1.12.0 | `4d6e0373be3615a4b97721a07d2a854f6316d1ce8c4ff6d6495aac3a8f2c6a69` |
|
| InfectionMonkey-v1.12.0.exe | Windows Installer | 1.12.0 | `4d6e0373be3615a4b97721a07d2a854f6316d1ce8c4ff6d6495aac3a8f2c6a69` |
|
||||||
|
|
||||||
|
|
||||||
|
## Older checksums
|
||||||
|
|
||||||
|
| Filename | Type | Version | SHA256 |
|
||||||
|
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
||||||
| monkey-windows-64.exe | Windows Agent | 1.11.0 | `12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a` |
|
| monkey-windows-64.exe | Windows Agent | 1.11.0 | `12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a` |
|
||||||
| monkey-windows-32.exe | Windows Agent | 1.11.0 | `e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849` |
|
| monkey-windows-32.exe | Windows Agent | 1.11.0 | `e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849` |
|
||||||
| monkey-linux-64 | Linux Agent | 1.11.0 | `fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462` |
|
| monkey-linux-64 | Linux Agent | 1.11.0 | `fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462` |
|
||||||
|
|
|
@ -7,14 +7,11 @@ pre: "<i class='fas fa-play-circle'></i> "
|
||||||
tags: ["usage"]
|
tags: ["usage"]
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
<!-- TODO: Update screenshots -->
|
|
||||||
|
|
||||||
If you haven't deployed the Monkey Island yet, please [refer to our setup documentation](/setup).
|
If you haven't deployed the Monkey Island yet, please [refer to our setup documentation](/setup).
|
||||||
|
|
||||||
## Using the Infection Monkey
|
## Using the Infection Monkey
|
||||||
|
|
||||||
After deploying the Monkey Island in your environment, navigate to `https://<server-ip>:5000`.
|
After deploying the Monkey Island in your environment, navigate to `https://<server-ip>:5000`.
|
||||||
|
|
||||||
### First-time login
|
### First-time login
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
title: "Running the agent on AWS EC2 instances"
|
title: "Running the monkey on AWS EC2 instances"
|
||||||
date: 2020-06-28T10:44:05+03:00
|
date: 2020-06-28T10:44:05+03:00
|
||||||
draft: false
|
draft: false
|
||||||
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
|
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
|
||||||
|
@ -10,7 +10,7 @@ tags: ["aws", "integration"]
|
||||||
|
|
||||||
If your network is deployed on Amazon Web Services (with EC2 instances) and you'd like to run the Infection Monkey to test it, this page is for you. You can easily run the Infection Monkey on various instances within your network in a secure fashion, without feeding it credentials or running shell commands on the machines you want to test.
|
If your network is deployed on Amazon Web Services (with EC2 instances) and you'd like to run the Infection Monkey to test it, this page is for you. You can easily run the Infection Monkey on various instances within your network in a secure fashion, without feeding it credentials or running shell commands on the machines you want to test.
|
||||||
|
|
||||||
The results will be exported to the AWS Security Hub automatically as well. To learn more about that topic, see the [Infection Monkey and AWS Security Hub documentation](../aws-security-hub/).
|
The results will be exported to the AWS security hub automatically as well. To learn more about that topic, see the [Infection Monkey and AWS Security Hub documentation](https://github.com/guardicore/monkey/wiki/Infection-Monkey-and-AWS-Security-Hub).
|
||||||
|
|
||||||
![AWS EC2 logo](/images/usage/integrations/aws-ec2.svg?height=250px "AWS EC2 logo")
|
![AWS EC2 logo](/images/usage/integrations/aws-ec2.svg?height=250px "AWS EC2 logo")
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ In order for the Infection Monkey to successfully view your instances, you'll ne
|
||||||
|
|
||||||
#### Creating a custom IAM role
|
#### Creating a custom IAM role
|
||||||
|
|
||||||
Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should look something like this:
|
Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should like something like this:
|
||||||
|
|
||||||
![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
|
![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
|
||||||
|
|
||||||
|
@ -50,10 +50,6 @@ If your EC2 instances don't have the _SSM agent_ installed, they will not be abl
|
||||||
|
|
||||||
See [Amazon's documentation about working with SSM agents](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) for more details on how to check if you have an SSM agent and how to manually install one if you don't yet have it.
|
See [Amazon's documentation about working with SSM agents](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) for more details on how to check if you have an SSM agent and how to manually install one if you don't yet have it.
|
||||||
|
|
||||||
### Firewall rules
|
|
||||||
|
|
||||||
Make sure that all machines that will run the Monkey agent can access the Island(port 5000).
|
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
### Running the Infection Monkey
|
### Running the Infection Monkey
|
||||||
|
@ -72,12 +68,12 @@ After you click on **Run on AWS machine of your choice** you can choose one of t
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
|
|
||||||
- The machines that can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in the AWS IAM documentation.
|
- The machines which can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in the AWS IAM documentation.
|
||||||
- You can view the Infection Monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
|
- You can view the Infection Monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
|
||||||
|
|
||||||
### Appendix A: Specific policy permissions required
|
### Appendix A: Specific policy permissions required
|
||||||
|
|
||||||
The IAM role will need to have, at minimum, the following specific permissions:
|
The IAM role will need to have, at minimum, the following specific permissions:
|
||||||
|
|
||||||
#### For executing the Monkey on other machines - SSM
|
#### For executing the Monkey on other machines - SSM
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
title: "Scoutsuite"
|
||||||
|
date: 2021-03-02T16:23:06+02:00
|
||||||
|
draft: false
|
||||||
|
description: "Scout Suite is an open-source cloud security-auditing tool."
|
||||||
|
weight: 10
|
||||||
|
---
|
||||||
|
|
||||||
|
### About ScoutSuite
|
||||||
|
|
||||||
|
<a href="https://github.com/nccgroup/ScoutSuite" target="_blank" >Scout Suite</a> is an open-source cloud security-auditing tool.
|
||||||
|
It queries the cloud API to gather configuration data. Based on configuration
|
||||||
|
data gathered, ScoutSuite shows security issues and risks present in your infrastructure.
|
||||||
|
|
||||||
|
### Supported cloud providers
|
||||||
|
|
||||||
|
Currently, ScoutSuite integration only supports AWS environments.
|
||||||
|
|
||||||
|
### Enabling ScoutSuite
|
||||||
|
|
||||||
|
First, Infection Monkey needs access to your cloud API. You can provide access
|
||||||
|
in the following ways:
|
||||||
|
|
||||||
|
- Provide access keys:
|
||||||
|
- Create a new user with ReadOnlyAccess and SecurityAudit policies and generate keys
|
||||||
|
- Generate keys for your current user (faster but less secure)
|
||||||
|
- Configure AWS CLI:
|
||||||
|
- If the command-line interface is available on the Island, it will be used to access
|
||||||
|
the cloud API
|
||||||
|
|
||||||
|
More details about configuring ScoutSuite can be found in the tool itself, by choosing
|
||||||
|
"Cloud Security Scan" in the "Run Monkey" options.
|
||||||
|
|
||||||
|
![Cloud scan option in run page](/images/usage/integrations/scoutsuite_run_page.png
|
||||||
|
"Successful setup indicator")
|
||||||
|
|
||||||
|
After you're done with the setup, make sure that a checkmark appears next to the AWS option. This
|
||||||
|
verifies that ScoutSuite can access the API.
|
||||||
|
|
||||||
|
![Successfull setup indicator](/images/usage/integrations/scoutsuite_aws_configured.png
|
||||||
|
"Successful setup indicator")
|
||||||
|
|
||||||
|
### Running a cloud security scan
|
||||||
|
|
||||||
|
If you have successfully configured the cloud scan, Infection Monkey will scan
|
||||||
|
your cloud infrastructure when the Monkey Agent is run **on the Island**. You
|
||||||
|
can simply click on "From Island" in the run options to start the scan. The
|
||||||
|
scope of the network scan and other activities you may have configured the Agent
|
||||||
|
to perform are ignored by the ScoutSuite integration, except **Monkey
|
||||||
|
Configuration -> System info collectors -> AWS collector**, which needs to
|
||||||
|
remain **enabled**.
|
||||||
|
|
||||||
|
|
||||||
|
### Assessing scan results
|
||||||
|
|
||||||
|
After the scan is done, ScoutSuite results will be categorized according to the
|
||||||
|
ZeroTrust Extended framework and displayed as a part of the ZeroTrust report.
|
||||||
|
The main difference between Infection Monkey findings and ScoutSuite findings
|
||||||
|
is that ScoutSuite findings contain security rules. To see which rules were
|
||||||
|
checked, click on the "Rules" button next to the relevant test. You'll see a
|
||||||
|
list of rule dropdowns that are color coded according to their status. Expand a
|
||||||
|
rule to see its description, remediation and more details about resources
|
||||||
|
flagged. Each flagged resource has a path so you can easily locate it in the
|
||||||
|
cloud and remediate the issue.
|
||||||
|
|
||||||
|
![Open ScoutSuite rule](/images/usage/integrations/scoutsuite_report_rule.png
|
||||||
|
"Successful setup indicator")
|
|
@ -1,33 +0,0 @@
|
||||||
---
|
|
||||||
title: "Running Manually"
|
|
||||||
date: 2022-06-09T14:47:40+03:00
|
|
||||||
draft: false
|
|
||||||
weight: 2
|
|
||||||
pre: "<i class='fas fa-terminal'></i> "
|
|
||||||
tags: ["usage"]
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
## Generating manual run command
|
|
||||||
|
|
||||||
A command to run the agent manually can be generated by the Island Server UI by
|
|
||||||
going to the "Run Monkey" -> "Manual" page.
|
|
||||||
|
|
||||||
### Downloading the agent manually
|
|
||||||
|
|
||||||
Agent binaries can be downloaded by sending a `GET` request to
|
|
||||||
`https://[IP]:5000/api/agent/download/[OS]`, where `[IP]` stands for the IP
|
|
||||||
address of the Island server and `[OS]` is either `windows` or `linux`.
|
|
||||||
|
|
||||||
### Running the agent binary
|
|
||||||
|
|
||||||
The agent binary must be started with either the `m0nk3y` or `dr0pp3r` flag.
|
|
||||||
|
|
||||||
The `m0nk3y` flag is the standard way to run the agent.
|
|
||||||
|
|
||||||
The `dr0pp3r` flag invokes the agent dropper. The dropper will move the agent
|
|
||||||
binary to a location provided with the `-l` flag. Then, it will start the agent
|
|
||||||
with the `m0nk3y` flag as a new process. Finally, the dropper will shut itself
|
|
||||||
down. This flag is useful if you want to detach the agent from an exploited
|
|
||||||
service or parent process. It alleviates the need for the parent process to
|
|
||||||
wait until the agent finishes.
|
|
|
@ -20,8 +20,9 @@ Choosing the "Custom" scenario will allow you to fine-tune your simulation and a
|
||||||
|
|
||||||
![Choose scenario](/images/usage/scenarios/choose-scenario.png "Choose a scenario")
|
![Choose scenario](/images/usage/scenarios/choose-scenario.png "Choose a scenario")
|
||||||
|
|
||||||
To exit a scenario and select another one, click on "Reset".
|
To exit a scenario and select another one, click on "Start Over".
|
||||||
![Reset](/images/usage/scenarios/reset.jpg "Reset")
|
|
||||||
|
![Start over](/images/usage/scenarios/start-over.png "Start over")
|
||||||
|
|
||||||
## Section contents
|
## Section contents
|
||||||
|
|
||||||
|
|
|
@ -9,16 +9,16 @@ weight: 5
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
Numerous attack techniques (from phishing to dumpster diving) might result in a credential leak,
|
Numerous attack techniques (from phishing to dumpster diving) might result in a credential leak,
|
||||||
which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://web.archive.org/web/20210117224801/https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
|
which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
|
||||||
|
|
||||||
The Infection Monkey can help you assess the impact of stolen credentials by automatically searching
|
The Infection Monkey can help you assess the impact of stolen credentials by automatically searching
|
||||||
where bad actors can reuse these credentials in your network.
|
where bad actors can reuse these credentials in your network.
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
- **Propagation -> Credentials** After setting up the Monkey Island, add your users' **real** credentials
|
- **Exploits -> Credentials** After setting up the Monkey Island, add your users' **real** credentials
|
||||||
(usernames and passwords) here. Don't worry; this sensitive data is not accessible, distributed or used in any way other than being sent to the Infection Monkey agents. You can easily eliminate it by resetting the configuration of your Monkey Island.
|
(usernames and passwords) here. Don't worry; this sensitive data is not accessible, distributed or used in any way other than being sent to the Infection Monkey agents. You can easily eliminate it by resetting the configuration of your Monkey Island.
|
||||||
- **Propagation -> Credentials -> SSH key pairs list** When enabled, the Infection Monkey automatically gathers SSH keys on the current system.
|
- **Internal -> Exploits -> SSH keypair list** When enabled, the Infection Monkey automatically gathers SSH keys on the current system.
|
||||||
For this to work, the Monkey Island or initial agent needs to access SSH key files.
|
For this to work, the Monkey Island or initial agent needs to access SSH key files.
|
||||||
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Infection Monkey
|
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Infection Monkey
|
||||||
(content of keys will not be displayed, it will appear as `<Object>`).
|
(content of keys will not be displayed, it will appear as `<Object>`).
|
||||||
|
|
|
@ -8,21 +8,24 @@ weight: 3
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
From the [Hex-Men campaign](https://web.archive.org/web/20210115171355/https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit
|
From the [Hex-Men campaign](https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit
|
||||||
internet-facing DB servers to a [cryptomining operation that attacks WordPress sites](https://web.archive.org/web/20210115185135/https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/) or any other malicious campaign – attackers are now trying to go deeper into your network.
|
internet-facing DB servers to a [cryptomining operation that attacks WordPress sites](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/) or any other malicious campaign – attackers are now trying to go deeper into your network.
|
||||||
|
|
||||||
Infection Monkey will help you assess the impact of a future breach by attempting to propagate within your internal network using service vulnerabilities, brute-forcing and other safe exploiters.
|
Infection Monkey will help you assess the impact of a future breach by attempting to propagate within your internal network using service vulnerabilities, brute-forcing and other safe exploiters.
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
- **Propagation -> Exploiters** Here you can review the exploits the Infection Monkey will be using. By default all
|
- **Exploits -> Exploits** Here you can review the exploits the Infection Monkey will be using. By default all
|
||||||
safe exploiters are selected.
|
safe exploiters are selected.
|
||||||
- **Propagation -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
|
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
|
||||||
- **Propagation -> Network analysis -> Network** Make sure to properly configure the scope of the scan. You can select **Scan Agent's networks**
|
- **Network -> Scope** Make sure to properly configure the scope of the scan. You can select **Local network scan**
|
||||||
and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached, or you can fine tune it by providing
|
and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached, or you can fine tune it by providing
|
||||||
specific network ranges in **Scan target list**. Scanning a local network is more realistic, but providing specific
|
specific network ranges in **Scan target list**. Scanning a local network is more realistic, but providing specific
|
||||||
targets will make the scanning process substantially faster.
|
targets will make the scanning process substantially faster.
|
||||||
- **(Optional) Propagation -> Network Analysis -> TCP scanner** Here you can add custom ports your organization is using.
|
- **(Optional) Internal -> Network -> TCP scanner** Here you can add custom ports your organization is using.
|
||||||
|
- **(Optional) Monkey -> Post-Breach Actions** If you only want to test propagation in the network, you can turn off
|
||||||
|
all post-breach actions. These actions simulate an attacker's behavior after getting access to a new system but in no
|
||||||
|
way helps the Infection Monkey exploit new machines.
|
||||||
|
|
||||||
![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector")
|
![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector")
|
||||||
|
|
||||||
|
|
|
@ -10,24 +10,25 @@ weight: 4
|
||||||
|
|
||||||
Segmentation is a method of creating secure zones in data centers and cloud deployments. It allows organizations to isolate workloads from one another and secure them individually, typically using policies. A useful way to test your company's segmentation effectiveness is to ensure that your network segments are properly separated (e.g., your development environment is isolated from your production environment and your applications are isolated from one another).
|
Segmentation is a method of creating secure zones in data centers and cloud deployments. It allows organizations to isolate workloads from one another and secure them individually, typically using policies. A useful way to test your company's segmentation effectiveness is to ensure that your network segments are properly separated (e.g., your development environment is isolated from your production environment and your applications are isolated from one another).
|
||||||
|
|
||||||
[Segmentation is key](https://www.akamai.com/products/akamai-segmentation/use-cases) to protecting your network. It can reduce the network's attack surface and minimize the damage caused during a breach.
|
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network. It can reduce the network's attack surface and minimize the damage caused during a breach.
|
||||||
|
|
||||||
You can use the Infection Monkey's cross-segment traffic feature to verify that your network segmentation configuration is adequate. This way, you can ensure that, even if a bad actor breaches your defenses, they can't move laterally between segments.
|
You can use the Infection Monkey's cross-segment traffic feature to verify that your network segmentation configuration is adequate. This way, you can ensure that, even if a bad actor breaches your defenses, they can't move laterally between segments.
|
||||||
|
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
- **Propagation -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
|
- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
|
||||||
subnets that should be segregated from each other. If any of the provided networks can reach each other, you'll see it
|
subnets that should be segregated from each other. If any of the provided networks can reach each other, you'll see it
|
||||||
in the security report.
|
in the security report.
|
||||||
- **(Optional) Propagation -> Network analysis -> Network** You can disable **Scan Agent's networks** and leave all other options at the default setting if you only want to test for network segmentation without any lateral movement.
|
- **(Optional) Network -> Scope** You can disable **Local network scan** and leave all other options at the default setting if you only want to test for network segmentation without any lateral movement.
|
||||||
|
- **(Optional) Monkey -> Post-Breach Actions** If you only want to test segmentation in the network, you can turn off all post-breach actions. These actions simulate an attacker's behavior after getting access to a new system, so they might trigger your defense solutions and interrupt the segmentation test.
|
||||||
|
|
||||||
## Suggested run mode
|
## Suggested run mode
|
||||||
|
|
||||||
Execute The Infection Monkey on machines in different subnetworks using the “Manual” run option.
|
Execute The Infection Monkey on machines in different subnetworks using the “Manual” run option.
|
||||||
|
|
||||||
Note that if the Infection Monkey can't communicate to the Monkey Island, it will
|
Note that if the Infection Monkey can't communicate to the Monkey Island, it will
|
||||||
not be able to send scan results, so make sure all machines can reach the Monkey Island.
|
not be able to send scan results, so make sure all machines can reach the the Monkey Island.
|
||||||
|
|
||||||
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
|
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
|
||||||
|
|
||||||
|
|
|
@ -9,26 +9,37 @@ weight: 100
|
||||||
## Overview
|
## Overview
|
||||||
This page provides additional information about configuring the Infection Monkey, tips and tricks and creative usage scenarios.
|
This page provides additional information about configuring the Infection Monkey, tips and tricks and creative usage scenarios.
|
||||||
|
|
||||||
|
## Custom behaviour
|
||||||
|
|
||||||
|
If you want the Infection Monkey to run a specific script or tool after it breaches a machine, you can configure it in
|
||||||
|
**Configuration -> Monkey -> Post-breach**. Input commands you want to execute in the corresponding fields.
|
||||||
|
You can also upload files and call them through the commands you entered.
|
||||||
|
|
||||||
## Accelerate the test
|
## Accelerate the test
|
||||||
|
|
||||||
To improve scanning speed you could **specify a subnet instead of scanning all of the local network**.
|
To improve scanning speed you could **specify a subnet instead of scanning all of the local network**.
|
||||||
|
|
||||||
The following configuration values also have an impact on scanning speed:
|
The following configuration values also have an impact on scanning speed:
|
||||||
- **Propagation -> Credentials** - The more usernames and passwords you input, the longer it will take the Infection Monkey to scan machines that have
|
- **Credentials** - The more usernames and passwords you input, the longer it will take the Infection Monkey to scan machines that have
|
||||||
remote access services. The Infection Monkey agents try to stay elusive and leave a low impact, and thus brute-forcing takes longer than with loud conventional tools.
|
remote access services. The Infection Monkey agents try to stay elusive and leave a low impact, and thus brute-forcing takes longer than with loud conventional tools.
|
||||||
- **Propagation -> Network analysis -> Network** - Scanning large networks with a lot of propagations can become unwieldy. Instead, try to scan your
|
- **Network scope** - Scanning large networks with a lot of propagations can become unwieldy. Instead, try to scan your
|
||||||
networks bit by bit with multiple runs.
|
networks bit by bit with multiple runs.
|
||||||
- **Propagation -> Network analysis -> TCP scanner** - Here you can trim down the list of ports the Infection Monkey tries to scan, improving performance.
|
- **Post-breach actions** - If you only care about propagation, you can disable most of these.
|
||||||
|
- **Internal -> TCP scanner** - Here you can trim down the list of ports the Infection Monkey tries to scan, improving performance.
|
||||||
|
|
||||||
## Combining different scenarios
|
## Combining different scenarios
|
||||||
|
|
||||||
The Infection Monkey is not limited to the scenarios mentioned in this section. Once you get the hang of configuring it, you might come up with your own use case or test all of the suggested scenarios at the same time! Whatever you do, the Infection Monkey's Security, ATT&CK and Zero Trust reports will be waiting for you with your results!
|
The Infection Monkey is not limited to the scenarios mentioned in this section. Once you get the hang of configuring it, you might come up with your own use case or test all of the suggested scenarios at the same time! Whatever you do, the Infection Monkey's Security, ATT&CK and Zero Trust reports will be waiting for you with your results!
|
||||||
|
|
||||||
|
## Persistent scanning
|
||||||
|
|
||||||
|
Use **Monkey -> Persistent** scanning configuration section to either run periodic scans or increase the reliability of exploitations by running consecutive scans with the Infection Monkey.
|
||||||
|
|
||||||
## Credentials
|
## Credentials
|
||||||
|
|
||||||
Every network has its old "skeleton keys" that it should have long discarded. Configuring the Infection Monkey with old and stale passwords will enable you to ensure they were really discarded.
|
Every network has its old "skeleton keys" that it should have long discarded. Configuring the Infection Monkey with old and stale passwords will enable you to ensure they were really discarded.
|
||||||
|
|
||||||
To add the old passwords, go to the Monkey Island's **Exploit password list** under **Propagation -> Credentials** and use the "+" button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
|
To add the old passwords, go to the Monkey Island's **Exploit password list** under **Basic - Credentials** and use the "+" button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
|
||||||
|
|
||||||
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
|
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
|
||||||
|
|
||||||
|
|
|
@ -11,11 +11,13 @@ weight: 1
|
||||||
Want to assess your progress in achieving a Zero Trust network? The Infection Monkey can automatically evaluate your readiness across the different
|
Want to assess your progress in achieving a Zero Trust network? The Infection Monkey can automatically evaluate your readiness across the different
|
||||||
[Zero Trust Extended Framework](https://www.forrester.com/report/The+Zero+Trust+eXtended+ZTX+Ecosystem/-/E-RES137210) principles.
|
[Zero Trust Extended Framework](https://www.forrester.com/report/The+Zero+Trust+eXtended+ZTX+Ecosystem/-/E-RES137210) principles.
|
||||||
|
|
||||||
|
You can additionally scan your cloud infrastructure's compliance to ZeroTrust principles using [ScoutSuite integration.]({{< ref "/usage/integrations/scoutsuite" >}})
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
- **Propagation -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
|
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
|
||||||
- **Propagation -> Network analysis -> Network** Disable “Scan Agent's networks” and instead provide specific network ranges in the “Scan target list.”
|
- **Network -> Scope** Disable “Local network scan” and instead provide specific network ranges in the “Scan target list.”
|
||||||
- **Propagation -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
|
- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
|
||||||
subnets that should be segregated from each other.
|
subnets that should be segregated from each other.
|
||||||
|
|
||||||
In general, other configuration value defaults should be good enough, but feel free to see the “Other” section for tips and tricks about more features and in-depth configuration parameters you can use.
|
In general, other configuration value defaults should be good enough, but feel free to see the “Other” section for tips and tricks about more features and in-depth configuration parameters you can use.
|
||||||
|
|
|
@ -37,25 +37,19 @@ To ensure minimum interference and easy recoverability, the ransomware
|
||||||
simulation will only encrypt files contained in a user-specified directory. If
|
simulation will only encrypt files contained in a user-specified directory. If
|
||||||
no directory is specified, no files will be encrypted.
|
no directory is specified, no files will be encrypted.
|
||||||
|
|
||||||
Infection Monkey appends the `.m0nk3y` file extension to files that it
|
|
||||||
encrypts. You may optionally provide a custom file extension for Infection
|
|
||||||
Monkey to use instead. You can even provide no file extension, but take
|
|
||||||
caution: you'll no longer be able to tell if the file has been encrypted based
|
|
||||||
on the filename alone!
|
|
||||||
|
|
||||||
![Ransomware configuration](/images/usage/scenarios/ransomware-config.png "Ransomware configuration")
|
![Ransomware configuration](/images/usage/scenarios/ransomware-config.png "Ransomware configuration")
|
||||||
|
|
||||||
### How are the files encrypted?
|
### How are the files encrypted?
|
||||||
|
|
||||||
Files are "encrypted" in place with a simple bit flip. Encrypted files are
|
Files are "encrypted" in place with a simple bit flip. Encrypted files are
|
||||||
renamed to have a file extension (`.m0nk3y` by default) appended to their
|
renamed to have `.m0nk3y` appended to their names. This is a safe way to
|
||||||
names. This is a safe way to simulate encryption since it is easy to "decrypt"
|
simulate encryption since it is easy to "decrypt" your files. You can simply
|
||||||
your files. You can simply perform a bit flip on the files again and rename
|
perform a bit flip on the files again and rename them to remove the appended
|
||||||
them to remove the appended `.m0nk3y` extension.
|
`.m0nk3y` extension.
|
||||||
|
|
||||||
Flipping a file's bits is sufficient to simulate the encryption behavior of
|
Flipping a file's bits is sufficient to simulate the encryption behavior of
|
||||||
ransomware, as the data in your files has been manipulated (leaving them
|
ransomware, as the data in your files has been manipulated (leaving them
|
||||||
temporarily unusable). Files are then renamed with a new extension appended,
|
temporarily unusuable). Files are then renamed with a new extension appended,
|
||||||
which is similar to the way that many ransomwares behave. As this is a
|
which is similar to the way that many ransomwares behave. As this is a
|
||||||
simulation, your
|
simulation, your
|
||||||
security solutions should be triggered to notify you or prevent these changes
|
security solutions should be triggered to notify you or prevent these changes
|
||||||
|
|
After Width: | Height: | Size: 62 KiB |
Before Width: | Height: | Size: 209 KiB |
After Width: | Height: | Size: 237 KiB |
Before Width: | Height: | Size: 54 KiB After Width: | Height: | Size: 70 KiB |
Before Width: | Height: | Size: 436 KiB After Width: | Height: | Size: 140 KiB |
Before Width: | Height: | Size: 122 KiB |
After Width: | Height: | Size: 104 KiB |
|
@ -1 +1,2 @@
|
||||||
logs/
|
logs/
|
||||||
|
/blackbox/tests/performance/telemetry_sample
|
||||||
|
|
|
@ -16,6 +16,8 @@ Either run pytest from `/monkey` directory or set `PYTHONPATH` environment varia
|
||||||
Blackbox tests have following parameters:
|
Blackbox tests have following parameters:
|
||||||
- `--island=IP` Sets island's IP
|
- `--island=IP` Sets island's IP
|
||||||
- `--no-gcp` (Optional) Use for no interaction with the cloud (local test).
|
- `--no-gcp` (Optional) Use for no interaction with the cloud (local test).
|
||||||
|
- `--quick-performance-tests` (Optional) If enabled performance tests won't reset island and won't send telemetries,
|
||||||
|
instead will just test performance of endpoints in already present island state.
|
||||||
|
|
||||||
Example run command:
|
Example run command:
|
||||||
|
|
||||||
|
@ -24,3 +26,26 @@ Example run command:
|
||||||
#### Running in PyCharm
|
#### Running in PyCharm
|
||||||
Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72:5000`, and to run from
|
Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72:5000`, and to run from
|
||||||
directory `monkey\envs\monkey_zoo\blackbox`.
|
directory `monkey\envs\monkey_zoo\blackbox`.
|
||||||
|
|
||||||
|
### Running telemetry performance test
|
||||||
|
|
||||||
|
**Before running performance test make sure browser is not sending requests to island!**
|
||||||
|
|
||||||
|
To run telemetry performance test follow these steps:
|
||||||
|
0. Set no password protection on the island.
|
||||||
|
Make sure the island parameter is an IP address(not localhost) as the name resolution will increase the time for requests.
|
||||||
|
1. Gather monkey telemetries.
|
||||||
|
1. Enable "Export monkey telemetries" in Configuration -> Internal -> Tests if you don't have
|
||||||
|
exported telemetries already.
|
||||||
|
2. Run monkey and wait until infection is done.
|
||||||
|
3. All telemetries are gathered in `monkey/telem_sample`. If not, restart the island process.
|
||||||
|
2. Run telemetry performance test.
|
||||||
|
1. Move directory `monkey/telem_sample` to `envs/monkey_zoo/blackbox/tests/performance/telemetry_sample`
|
||||||
|
2. (Optional) Use `envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/sample_multiplier.py` to multiply
|
||||||
|
telemetries gathered.
|
||||||
|
1. Run `sample_multiplier.py` script with working directory set to `monkey\envs\monkey_zoo\blackbox`
|
||||||
|
2. Pass integer to indicate the multiplier. For example running `telem_parser.py 4` will replicate
|
||||||
|
telemetries 4 times.
|
||||||
|
3. If you're using pycharm check "Emulate terminal in output console" on debug/run configuration.
|
||||||
|
3. Add a `--run-performance-tests` flag to blackbox scripts to run performance tests as part of BlackBox tests.
|
||||||
|
You can run a single test separately by adding `-k 'test_telem_performance'` option.
|
||||||
|
|
|
@ -1,35 +1,24 @@
|
||||||
from ipaddress import IPv4Address
|
|
||||||
from typing import Collection, Iterable
|
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
|
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
|
||||||
from envs.monkey_zoo.blackbox.analyzers.analyzer_log import AnalyzerLog
|
from envs.monkey_zoo.blackbox.analyzers.analyzer_log import AnalyzerLog
|
||||||
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
|
|
||||||
|
|
||||||
|
|
||||||
class CommunicationAnalyzer(Analyzer):
|
class CommunicationAnalyzer(Analyzer):
|
||||||
def __init__(self, island_client: MonkeyIslandClient, machine_ips: Iterable[str]):
|
def __init__(self, island_client, machine_ips):
|
||||||
self.island_client = island_client
|
self.island_client = island_client
|
||||||
self.machine_ips = machine_ips
|
self.machine_ips = machine_ips
|
||||||
self.log = AnalyzerLog(self.__class__.__name__)
|
self.log = AnalyzerLog(self.__class__.__name__)
|
||||||
|
|
||||||
def analyze_test_results(self):
|
def analyze_test_results(self):
|
||||||
self.log.clear()
|
self.log.clear()
|
||||||
all_agents_communicated = True
|
all_monkeys_communicated = True
|
||||||
agent_ips = self._get_agent_ips()
|
|
||||||
|
|
||||||
for machine_ip in self.machine_ips:
|
for machine_ip in self.machine_ips:
|
||||||
if self._agent_communicated_back(machine_ip, agent_ips):
|
if not self.did_monkey_communicate_back(machine_ip):
|
||||||
self.log.add_entry("Agent from {} communicated back".format(machine_ip))
|
self.log.add_entry("Monkey from {} didn't communicate back".format(machine_ip))
|
||||||
|
all_monkeys_communicated = False
|
||||||
else:
|
else:
|
||||||
self.log.add_entry("Agent from {} didn't communicate back".format(machine_ip))
|
self.log.add_entry("Monkey from {} communicated back".format(machine_ip))
|
||||||
all_agents_communicated = False
|
return all_monkeys_communicated
|
||||||
|
|
||||||
return all_agents_communicated
|
def did_monkey_communicate_back(self, machine_ip):
|
||||||
|
query = {"ip_addresses": {"$elemMatch": {"$eq": machine_ip}}}
|
||||||
def _get_agent_ips(self) -> Collection[IPv4Address]:
|
return len(self.island_client.find_monkeys_in_db(query)) > 0
|
||||||
agents = self.island_client.get_agents()
|
|
||||||
machines = self.island_client.get_machines()
|
|
||||||
return {i.ip for a in agents for i in machines[a.machine_id].network_interfaces}
|
|
||||||
|
|
||||||
def _agent_communicated_back(self, machine_ip: str, agent_ips: Collection[IPv4Address]) -> bool:
|
|
||||||
return IPv4Address(machine_ip) in agent_ips
|
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
import logging
|
||||||
|
from datetime import timedelta
|
||||||
|
from typing import Dict
|
||||||
|
|
||||||
|
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
|
||||||
|
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
|
||||||
|
|
||||||
|
LOGGER = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class PerformanceAnalyzer(Analyzer):
|
||||||
|
def __init__(
|
||||||
|
self, performance_test_config: PerformanceTestConfig, endpoint_timings: Dict[str, timedelta]
|
||||||
|
):
|
||||||
|
self.performance_test_config = performance_test_config
|
||||||
|
self.endpoint_timings = endpoint_timings
|
||||||
|
|
||||||
|
def analyze_test_results(self):
|
||||||
|
# Calculate total time and check each endpoint
|
||||||
|
single_page_time_less_then_max = True
|
||||||
|
total_time = timedelta()
|
||||||
|
for endpoint, elapsed in self.endpoint_timings.items():
|
||||||
|
total_time += elapsed
|
||||||
|
if elapsed > self.performance_test_config.max_allowed_single_page_time:
|
||||||
|
single_page_time_less_then_max = False
|
||||||
|
|
||||||
|
total_time_less_then_max = total_time < self.performance_test_config.max_allowed_total_time
|
||||||
|
|
||||||
|
PerformanceAnalyzer.log_slowest_endpoints(self.endpoint_timings)
|
||||||
|
LOGGER.info(f"Total time is {str(total_time)}")
|
||||||
|
|
||||||
|
performance_is_good_enough = total_time_less_then_max and single_page_time_less_then_max
|
||||||
|
|
||||||
|
if self.performance_test_config.break_on_timeout and not performance_is_good_enough:
|
||||||
|
LOGGER.warning(
|
||||||
|
"Calling breakpoint - pausing to enable investigation of island. "
|
||||||
|
"Type 'c' to continue once you're done "
|
||||||
|
"investigating. Type 'p timings' and 'p total_time' to see performance information."
|
||||||
|
)
|
||||||
|
breakpoint()
|
||||||
|
|
||||||
|
return performance_is_good_enough
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def log_slowest_endpoints(endpoint_timings, max_endpoints_to_display=100):
|
||||||
|
slow_endpoint_list = list(endpoint_timings.items())
|
||||||
|
slow_endpoint_list.sort(key=lambda x: x[1], reverse=True)
|
||||||
|
slow_endpoint_list = slow_endpoint_list[:max_endpoints_to_display]
|
||||||
|
for endpoint in slow_endpoint_list:
|
||||||
|
LOGGER.info(f"{endpoint[0]} took {str(endpoint[1])}")
|
|
@ -1,7 +1,9 @@
|
||||||
from pprint import pformat
|
from pprint import pformat
|
||||||
from typing import List
|
from typing import List
|
||||||
|
|
||||||
from common.credentials import Credentials, LMHash, NTHash, Username
|
import dpath.util
|
||||||
|
|
||||||
|
from common.config_value_paths import LM_HASH_LIST_PATH, NTLM_HASH_LIST_PATH, USER_LIST_PATH
|
||||||
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
|
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
|
||||||
from envs.monkey_zoo.blackbox.analyzers.analyzer_log import AnalyzerLog
|
from envs.monkey_zoo.blackbox.analyzers.analyzer_log import AnalyzerLog
|
||||||
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
|
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
|
||||||
|
@ -27,22 +29,17 @@ class ZerologonAnalyzer(Analyzer):
|
||||||
return is_creds_gathered and is_creds_restored
|
return is_creds_gathered and is_creds_restored
|
||||||
|
|
||||||
def _analyze_credential_gathering(self) -> bool:
|
def _analyze_credential_gathering(self) -> bool:
|
||||||
propagation_credentials = self.island_client.get_propagation_credentials()
|
config = self.island_client.get_config()
|
||||||
credentials_on_island = ZerologonAnalyzer._get_relevant_credentials(propagation_credentials)
|
credentials_on_island = ZerologonAnalyzer._get_relevant_credentials(config)
|
||||||
return self._is_all_credentials_in_list(credentials_on_island)
|
return self._is_all_credentials_in_list(credentials_on_island)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _get_relevant_credentials(propagation_credentials: Credentials) -> List[str]:
|
def _get_relevant_credentials(config: dict):
|
||||||
credentials_on_island = set()
|
credentials_on_island = []
|
||||||
for credentials in propagation_credentials:
|
credentials_on_island.extend(dpath.util.get(config["configuration"], USER_LIST_PATH))
|
||||||
if isinstance(credentials.identity, Username):
|
credentials_on_island.extend(dpath.util.get(config["configuration"], NTLM_HASH_LIST_PATH))
|
||||||
credentials_on_island.update([credentials.identity.username])
|
credentials_on_island.extend(dpath.util.get(config["configuration"], LM_HASH_LIST_PATH))
|
||||||
if isinstance(credentials.secret, NTHash):
|
return credentials_on_island
|
||||||
credentials_on_island.update([credentials.secret.nt_hash.get_secret_value()])
|
|
||||||
if isinstance(credentials.secret, LMHash):
|
|
||||||
credentials_on_island.update([credentials.secret.lm_hash.get_secret_value()])
|
|
||||||
|
|
||||||
return list(credentials_on_island)
|
|
||||||
|
|
||||||
def _is_all_credentials_in_list(self, all_creds: List[str]) -> bool:
|
def _is_all_credentials_in_list(self, all_creds: List[str]) -> bool:
|
||||||
credentials_missing = [cred for cred in self.expected_credentials if cred not in all_creds]
|
credentials_missing = [cred for cred in self.expected_credentials if cred not in all_creds]
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate
|
||||||
|
|
||||||
|
|
||||||
|
# Disables a lot of config values not required for a specific feature test
|
||||||
|
class BaseTemplate(ConfigTemplate):
|
||||||
|
|
||||||
|
config_values = {
|
||||||
|
"basic.exploiters.exploiter_classes": [],
|
||||||
|
"basic_network.scope.local_network_scan": False,
|
||||||
|
"basic_network.scope.depth": 1,
|
||||||
|
"internal.classes.finger_classes": ["PingScanner", "HTTPFinger"],
|
||||||
|
"internal.monkey.system_info.system_info_collector_classes": [],
|
||||||
|
"monkey.post_breach.post_breach_actions": [],
|
||||||
|
"internal.general.keep_tunnel_open_time": 0,
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
from abc import ABC, abstractmethod
|
||||||
|
|
||||||
|
|
||||||
|
class ConfigTemplate(ABC):
|
||||||
|
@property
|
||||||
|
@abstractmethod
|
||||||
|
def config_values(self) -> dict:
|
||||||
|
pass
|
|
@ -0,0 +1,18 @@
|
||||||
|
from copy import copy
|
||||||
|
|
||||||
|
from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate
|
||||||
|
from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate
|
||||||
|
|
||||||
|
|
||||||
|
class Drupal(ConfigTemplate):
|
||||||
|
config_values = copy(BaseTemplate.config_values)
|
||||||
|
|
||||||
|
config_values.update(
|
||||||
|
{
|
||||||
|
"internal.classes.finger_classes": ["PingScanner", "HTTPFinger"],
|
||||||
|
"basic.exploiters.exploiter_classes": ["DrupalExploiter"],
|
||||||
|
"basic_network.scope.subnet_scan_list": ["10.2.2.28"],
|
||||||
|
"internal.network.tcp_scanner.HTTP_PORTS": [80],
|
||||||
|
"internal.network.tcp_scanner.tcp_target_ports": [],
|
||||||
|
}
|
||||||
|
)
|
|
@ -0,0 +1,20 @@
|
||||||
|
from copy import copy
|
||||||
|
|
||||||
|
from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate
|
||||||
|
from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate
|
||||||
|
|
||||||
|
|
||||||
|
class Elastic(ConfigTemplate):
|
||||||
|
|
||||||
|
config_values = copy(BaseTemplate.config_values)
|
||||||
|
|
||||||
|
config_values.update(
|
||||||
|
{
|
||||||
|
"basic.exploiters.exploiter_classes": ["ElasticGroovyExploiter"],
|
||||||
|
"internal.classes.finger_classes": ["PingScanner", "HTTPFinger", "ElasticFinger"],
|
||||||
|
"basic_network.scope.subnet_scan_list": ["10.2.2.4", "10.2.2.5"],
|
||||||
|
"basic_network.scope.depth": 1,
|
||||||
|
"internal.network.tcp_scanner.HTTP_PORTS": [9200],
|
||||||
|
"internal.network.tcp_scanner.tcp_target_ports": [],
|
||||||
|
}
|
||||||
|
)
|