forked from p15670423/monkey
Add Telemetry model
This commit is contained in:
parent
989d0ffd84
commit
1ab0fe7b13
|
@ -0,0 +1,50 @@
|
|||
from __future__ import annotations
|
||||
|
||||
from mongoengine import DateTimeField, DictField, Document, EmbeddedDocumentField, StringField
|
||||
|
||||
from monkey_island.cc.models import CommandControlChannel
|
||||
from monkey_island.cc.models.utils import document_encryptor
|
||||
from monkey_island.cc.models.utils.document_encryptor import FieldNotFoundError, SensitiveField
|
||||
from monkey_island.cc.models.utils.field_encryptors.mimikatz_results_encryptor import (
|
||||
MimikatzResultsEncryptor,
|
||||
)
|
||||
|
||||
sensitive_fields = [
|
||||
SensitiveField("data.credentials", MimikatzResultsEncryptor),
|
||||
SensitiveField("data.mimikatz", MimikatzResultsEncryptor),
|
||||
]
|
||||
|
||||
|
||||
class Telemetry(Document):
|
||||
|
||||
data = DictField(required=True)
|
||||
timestamp = DateTimeField(required=True)
|
||||
monkey_guid = StringField(required=True)
|
||||
telem_category = StringField(required=True)
|
||||
command_control_channel = EmbeddedDocumentField(CommandControlChannel)
|
||||
|
||||
meta = {"strict": False}
|
||||
|
||||
@staticmethod
|
||||
def save_telemetry(telemetry_dict: dict):
|
||||
try:
|
||||
telemetry_dict = document_encryptor.encrypt(sensitive_fields, telemetry_dict)
|
||||
except FieldNotFoundError:
|
||||
pass # Not all telemetries require encryption
|
||||
|
||||
cc_channel = CommandControlChannel(
|
||||
src=telemetry_dict["command_control_channel"]["src"],
|
||||
dst=telemetry_dict["command_control_channel"]["dst"],
|
||||
)
|
||||
Telemetry(
|
||||
data=telemetry_dict["data"],
|
||||
timestamp=telemetry_dict["timestamp"],
|
||||
monkey_guid=telemetry_dict["monkey_guid"],
|
||||
telem_category=telemetry_dict["telem_category"],
|
||||
command_control_channel=cc_channel,
|
||||
).save()
|
||||
|
||||
@staticmethod
|
||||
def get_telemetry() -> dict:
|
||||
telemetry_dict = Telemetry.objects.first().to_mongo()
|
||||
return document_encryptor.decrypt(sensitive_fields, telemetry_dict)
|
|
@ -0,0 +1,21 @@
|
|||
from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor
|
||||
from monkey_island.cc.server_utils.encryptor import get_encryptor
|
||||
|
||||
|
||||
class MimikatzResultsEncryptor(IFieldEncryptor):
|
||||
|
||||
secret_types = ["password", "ntlm_hash", "lm_hash"]
|
||||
|
||||
@staticmethod
|
||||
def encrypt(results: dict) -> dict:
|
||||
for _, credentials in results.items():
|
||||
for secret_type in MimikatzResultsEncryptor.secret_types:
|
||||
credentials[secret_type] = get_encryptor().enc(credentials[secret_type])
|
||||
return results
|
||||
|
||||
@staticmethod
|
||||
def decrypt(results: dict) -> dict:
|
||||
for _, credentials in results.items():
|
||||
for secret_type in MimikatzResultsEncryptor.secret_types:
|
||||
credentials[secret_type] = get_encryptor().dec(credentials[secret_type])
|
||||
return results
|
Loading…
Reference in New Issue