UI: Remove ElasticGroovyExploiter reporting

This commit is contained in:
Shreya Malviya 2022-02-24 15:03:57 +05:30
parent b6438edb82
commit 3ff7daa2d5
6 changed files with 0 additions and 58 deletions

View File

@ -18,7 +18,6 @@ BASIC = {
"WmiExploiter", "WmiExploiter",
"SSHExploiter", "SSHExploiter",
"Log4ShellExploiter", "Log4ShellExploiter",
"ElasticGroovyExploiter",
"Struts2Exploiter", "Struts2Exploiter",
"WebLogicExploiter", "WebLogicExploiter",
"HadoopExploiter", "HadoopExploiter",

View File

@ -53,15 +53,6 @@ EXPLOITER_CLASSES = {
"link": "https://www.guardicore.com/infectionmonkey/docs/reference" "link": "https://www.guardicore.com/infectionmonkey/docs/reference"
"/exploiters/sshexec/", "/exploiters/sshexec/",
}, },
{
"type": "string",
"enum": ["ElasticGroovyExploiter"],
"title": "ElasticGroovy Exploiter",
"safe": True,
"info": "CVE-2015-1427. Logic is based on Metasploit module.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
"/elasticgroovy/",
},
{ {
"type": "string", "type": "string",
"enum": ["Struts2Exploiter"], "enum": ["Struts2Exploiter"],

View File

@ -69,7 +69,6 @@ class AWSExporter(Exporter):
CredentialType.KEY.value: AWSExporter._handle_ssh_key_issue, CredentialType.KEY.value: AWSExporter._handle_ssh_key_issue,
}, },
"tunnel": AWSExporter._handle_tunnel_issue, "tunnel": AWSExporter._handle_tunnel_issue,
ExploiterDescriptorEnum.ELASTIC.value.class_name: AWSExporter._handle_elastic_issue,
ExploiterDescriptorEnum.SMB.value.class_name: { ExploiterDescriptorEnum.SMB.value.class_name: {
CredentialType.PASSWORD.value: AWSExporter._handle_smb_password_issue, CredentialType.PASSWORD.value: AWSExporter._handle_smb_password_issue,
CredentialType.HASH.value: AWSExporter._handle_smb_pth_issue, CredentialType.HASH.value: AWSExporter._handle_smb_pth_issue,
@ -245,21 +244,6 @@ class AWSExporter(Exporter):
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None, instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
) )
@staticmethod
def _handle_elastic_issue(issue, instance_arn):
return AWSExporter._build_generic_finding(
severity=10,
title="Elastic Search servers are vulnerable to CVE-2015-1427",
description="Update your Elastic Search server to version 1.4.3 and up.",
recommendation="The machine {0}({1}) is vulnerable to an Elastic Groovy attack. "
"The attack was made "
"possible because the Elastic Search server was not patched "
"against CVE-2015-1427.".format(issue["machine"], issue["ip_address"]),
instance_arn=instance_arn,
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
)
@staticmethod @staticmethod
def _handle_island_cross_segment_issue(issue, instance_arn): def _handle_island_cross_segment_issue(issue, instance_arn):

View File

@ -28,9 +28,6 @@ class ExploiterDescriptorEnum(Enum):
SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor) SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor) WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor) SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
ELASTIC = ExploiterDescriptor(
"ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
)
STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor) STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
WEBLOGIC = ExploiterDescriptor( WEBLOGIC = ExploiterDescriptor(
"WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor "WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor

View File

@ -27,7 +27,6 @@ import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue
import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue'; import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue';
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue'; import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue'; import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue'; import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
import { import {
crossSegmentIssueOverview, crossSegmentIssueOverview,
@ -119,11 +118,6 @@ class ReportPageComponent extends AuthComponent {
}, },
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
}, },
'ElasticGroovyExploiter': {
[this.issueContentTypes.OVERVIEW]: elasticIssueOverview,
[this.issueContentTypes.REPORT]: elasticIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'PowerShellExploiter': { 'PowerShellExploiter': {
[this.issueContentTypes.OVERVIEW]: powershellIssueOverview, [this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
[this.issueContentTypes.REPORT]: powershellIssueReport, [this.issueContentTypes.REPORT]: powershellIssueReport,

View File

@ -1,23 +0,0 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function elasticIssueOverview() {
return (<li>Elasticsearch servers are vulnerable to <a
href="https://www.cvedetails.com/cve/cve-2015-1427">CVE-2015-1427</a>.
</li>)
}
export function elasticIssueReport(issue) {
return (
<>
Update your Elastic Search server to version 1.4.3 and up.
<CollapsibleWellComponent>
The machine <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to an <span
className="badge badge-danger">Elastic Groovy</span> attack.
<br/>
The attack was made possible because the Elastic Search server was not patched against CVE-2015-1427.
</CollapsibleWellComponent>
</>
);
}