p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Add process list collection PBA 

Instead of a system info collector, it is now a PBA.
This commit is contained in:
Shreya Malviya 2022-02-11 22:30:38 +05:30
parent 5d01f12d45
commit 4839f099a4
2 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
monkey/infection_monkey/system_info/collectors/process_list_collector.py → monkey/infection_monkey/post_breach/actions/collect_processes_list.py
View File

@ -2,31 +2,33 @@ import logging
import psutil import psutil
from common.common_consts.system_info_collectors_names import PROCESS_LIST_COLLECTOR from common.common_consts.post_breach_consts import POST_BREACH_PROCESS_LIST_COLLECTION
from infection_monkey.system_info.system_info_collector import SystemInfoCollector from infection_monkey.post_breach.pba import PBA
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
# Linux doesn't have WindowsError # Linux doesn't have WindowsError
applicable_exceptions = None
try: try:
WindowsError applicable_exceptions = (psutil.AccessDenied, WindowsError)
except NameError: except NameError:
# noinspection PyShadowingBuiltins applicable_exceptions = psutil.AccessDenied
WindowsError = psutil.AccessDenied
class ProcessListCollector(SystemInfoCollector): class ProcessListCollection(PBA):
def __init__(self): def __init__(self):
super().__init__(name=PROCESS_LIST_COLLECTOR) super().__init__(POST_BREACH_PROCESS_LIST_COLLECTION)
def collect(self) -> dict: def run(self):
""" """
Adds process information from the host to the system information. Collects process information from the host.
Currently lists process name, ID, parent ID, command line Currently lists process name, ID, parent ID, command line
and the full image path of each process. and the full image path of each process.
""" """
logger.debug("Reading process list") logger.debug("Reading process list")
processes = {} processes = {}
success_state = False
for process in psutil.process_iter(): for process in psutil.process_iter():
try: try:
processes[process.pid] = { processes[process.pid] = {
@ -36,10 +38,10 @@ class ProcessListCollector(SystemInfoCollector):
"cmdline": " ".join(process.cmdline()), "cmdline": " ".join(process.cmdline()),
"full_image_path": process.exe(), "full_image_path": process.exe(),
} }
except (psutil.AccessDenied, WindowsError): success_state = True
# we may be running as non root and some processes are impossible to acquire in except applicable_exceptions:
# Windows/Linux. # We may be running as non root and some processes are impossible to acquire in
# In this case we'll just add what we know. # Windows/Linux. In this case, we'll just add what we know.
processes[process.pid] = { processes[process.pid] = {
"name": "null", "name": "null",
"pid": process.pid, "pid": process.pid,
@ -49,4 +51,4 @@ class ProcessListCollector(SystemInfoCollector):
} }
continue continue
return {"process_list": processes} return self.command, [str(processes), success_state]

4
monkey/infection_monkey/puppet/mock_puppet.py
View File

@ -12,6 +12,7 @@ from infection_monkey.i_puppet import (
PortStatus, PortStatus,
PostBreachData, PostBreachData,
) )
from infection_monkey.post_breach.actions.collect_processes_list import ProcessListCollection
DOT_1 = "10.0.0.1" DOT_1 = "10.0.0.1"
DOT_2 = "10.0.0.2" DOT_2 = "10.0.0.2"
@ -158,6 +159,9 @@ class MockPuppet(IPuppet):
if name == "AccountDiscovery": if name == "AccountDiscovery":
return PostBreachData("pba command 1", ["pba result 1", True]) return PostBreachData("pba command 1", ["pba result 1", True])
elif name == "ProcessListCollection":
cmd, result = ProcessListCollection().run()
return PostBreachData(cmd, result)
else: else:
return PostBreachData("pba command 2", ["pba result 2", False]) return PostBreachData("pba command 2", ["pba result 2", False])