forked from p15670423/monkey
Implemented issues and warnings on overview
This commit is contained in:
Itay Mizeretz
parent
f2b631745d
commit
434c72f69f
|
|
@ -25,6 +25,18 @@ class ReportService:
|
|||
'ShellShockExploiter': 'ShellShock Exploiter',
|
||||
}
|
||||
|
||||
class ISSUES_DICT:
|
||||
WEAK_PASSWORD = 0
|
||||
STOLEN_CREDS = 1
|
||||
ELASTIC = 2
|
||||
SAMBACRY = 3
|
||||
SHELLSHOCK = 4
|
||||
CONFICKER = 5
|
||||
|
||||
class WARNINGS_DICT:
|
||||
CROSS_SEGMENT = 0
|
||||
TUNNEL = 1
|
||||
|
||||
@staticmethod
|
||||
def get_first_monkey_time():
|
||||
return mongo.db.telemetry.find({}, {'timestamp': 1}).sort([('$natural', 1)]).limit(1)[0]['timestamp']
|
||||
|
|
@ -139,6 +151,7 @@ class ReportService:
|
|||
processed_exploit['username'] = attempt['user']
|
||||
if len(attempt['password']) > 0:
|
||||
processed_exploit['type'] = 'password'
|
||||
processed_exploit['password'] = attempt['password']
|
||||
else:
|
||||
processed_exploit['type'] = 'hash'
|
||||
return processed_exploit
|
||||
|
|
@ -315,22 +328,61 @@ class ReportService:
|
|||
def get_config_scan():
|
||||
return ConfigService.get_config_value(['basic_network', 'general', 'local_network_scan'], True)
|
||||
|
||||
@staticmethod
|
||||
def get_issues_overview(issues, config_users, config_passwords):
|
||||
issues_byte_array = [False] * 6
|
||||
|
||||
for machine in issues:
|
||||
for issue in issues[machine]:
|
||||
if issue['type'] == 'elastic':
|
||||
issues_byte_array[ReportService.ISSUES_DICT.ELASTIC] = True
|
||||
elif issue['type'] == 'sambacry':
|
||||
issues_byte_array[ReportService.ISSUES_DICT.SAMBACRY] = True
|
||||
elif issue['type'] == 'shellshock':
|
||||
issues_byte_array[ReportService.ISSUES_DICT.SHELLSHOCK] = True
|
||||
elif issue['type'] == 'conficker':
|
||||
issues_byte_array[ReportService.ISSUES_DICT.CONFICKER] = True
|
||||
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
|
||||
issue['username'] in config_users:
|
||||
issues_byte_array[ReportService.ISSUES_DICT.WEAK_PASSWORD] = True
|
||||
elif issue['type'].endswith('_pth') or issue['type'].endswith('_password'):
|
||||
issues_byte_array[ReportService.ISSUES_DICT.STOLEN_CREDS] = True
|
||||
|
||||
return issues_byte_array
|
||||
|
||||
@staticmethod
|
||||
def get_warnings_overview(issues):
|
||||
warnings_byte_array = [False] * 2
|
||||
|
||||
for machine in issues:
|
||||
for issue in issues[machine]:
|
||||
if issue['type'] == 'cross_segment':
|
||||
warnings_byte_array[ReportService.WARNINGS_DICT.CROSS_SEGMENT] = True
|
||||
elif issue['type'] == 'tunnel':
|
||||
warnings_byte_array[ReportService.WARNINGS_DICT.TUNNEL] = True
|
||||
|
||||
return warnings_byte_array
|
||||
|
||||
@staticmethod
|
||||
def get_report():
|
||||
issues = ReportService.get_issues()
|
||||
config_users = ReportService.get_config_users()
|
||||
config_passwords = ReportService.get_config_passwords()
|
||||
|
||||
return \
|
||||
{
|
||||
'overview':
|
||||
{
|
||||
'manual_monkeys': ReportService.get_manual_monkeys(),
|
||||
'config_users': ReportService.get_config_users(),
|
||||
'config_passwords': ReportService.get_config_passwords(),
|
||||
'config_users': config_users,
|
||||
'config_passwords': config_passwords,
|
||||
'config_exploits': ReportService.get_config_exploits(),
|
||||
'config_ips': ReportService.get_config_ips(),
|
||||
'config_scan': ReportService.get_config_scan(),
|
||||
'monkey_start_time': ReportService.get_first_monkey_time().strftime("%d/%m/%Y %H:%M:%S"),
|
||||
'monkey_duration': ReportService.get_monkey_duration(),
|
||||
'issues': [False, True, True, True, False, True],
|
||||
'warnings': [True, True]
|
||||
'issues': ReportService.get_issues_overview(issues, config_users, config_passwords),
|
||||
'warnings': ReportService.get_warnings_overview(issues)
|
||||
},
|
||||
'glance':
|
||||
{
|
||||
|
|
@ -340,7 +392,7 @@ class ReportService:
|
|||
},
|
||||
'recommendations':
|
||||
{
|
||||
'issues': ReportService.get_issues()
|
||||
'issues': issues
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -498,13 +498,19 @@ class ReportPageComponent extends React.Component {
|
|||
<h3>
|
||||
Immediate Threats
|
||||
</h3>
|
||||
{
|
||||
this.state.report.overview.issues.filter(function (x) {
|
||||
return x === true;
|
||||
}).length > 0 ?
|
||||
<div>
|
||||
During this simulated attack the Monkey uncovered <span
|
||||
className="label label-warning">{this.state.report.overview.issues.filter(function (x) {
|
||||
className="label label-warning">
|
||||
{this.state.report.overview.issues.filter(function (x) {
|
||||
return x === true;
|
||||
}).length} issues</span>:
|
||||
<ul>
|
||||
{this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ?
|
||||
<li>Users with weak passwords.</li> : null}
|
||||
<li>Users with passwords supplied in config.</li> : null}
|
||||
{this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ?
|
||||
<li>Stolen credentials were used to exploit other machines.</li> : null}
|
||||
{this.state.report.overview.issues[this.Issue.ELASTIC] ?
|
||||
|
|
@ -525,10 +531,22 @@ class ReportPageComponent extends React.Component {
|
|||
>MS08-067</a>).</li> : null}
|
||||
</ul>
|
||||
</div>
|
||||
:
|
||||
<div>
|
||||
During this simulated attack the Monkey uncovered <span
|
||||
className="label label-success">0 issues</span>.
|
||||
</div>
|
||||
}
|
||||
</div>
|
||||
<div>
|
||||
<h3>
|
||||
Security Issues
|
||||
</h3>
|
||||
{
|
||||
this.state.report.overview.warnings.filter(function (x) {
|
||||
return x === true;
|
||||
}).length > 0 ?
|
||||
<div>
|
||||
The monkey uncovered the following possible set of issues:
|
||||
<ul>
|
||||
{this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ?
|
||||
|
|
@ -539,6 +557,12 @@ class ReportPageComponent extends React.Component {
|
|||
using unused ports.</li> : null}
|
||||
</ul>
|
||||
</div>
|
||||
:
|
||||
<div>
|
||||
The monkey did not find any issues.
|
||||
</div>
|
||||
}
|
||||
</div>
|
||||
</div>
|
||||
<div id="recommendations">
|
||||
<h1>
|
||||
|
|
|
|||
Loading…
Reference in New Issue