forked from p15670423/monkey
Update node/edge's data regarding exploits
This commit is contained in:
parent
bb53606a1b
commit
484ed3c508
|
@ -1,15 +1,15 @@
|
||||||
import json
|
import json
|
||||||
from datetime import datetime
|
|
||||||
import traceback
|
import traceback
|
||||||
|
from datetime import datetime
|
||||||
|
|
||||||
import dateutil
|
import dateutil
|
||||||
from flask import request
|
|
||||||
import flask_restful
|
import flask_restful
|
||||||
|
from flask import request
|
||||||
|
|
||||||
from cc.database import mongo
|
from cc.database import mongo
|
||||||
|
from cc.services.config import ConfigService
|
||||||
from cc.services.edge import EdgeService
|
from cc.services.edge import EdgeService
|
||||||
from cc.services.node import NodeService
|
from cc.services.node import NodeService
|
||||||
from cc.services.config import ConfigService
|
|
||||||
|
|
||||||
__author__ = 'Barak'
|
__author__ = 'Barak'
|
||||||
|
|
||||||
|
@ -103,19 +103,16 @@ class Telemetry(flask_restful.Resource):
|
||||||
|
|
||||||
def process_exploit_telemetry(self, telemetry_json):
|
def process_exploit_telemetry(self, telemetry_json):
|
||||||
edge = self.get_edge_by_scan_or_exploit_telemetry(telemetry_json)
|
edge = self.get_edge_by_scan_or_exploit_telemetry(telemetry_json)
|
||||||
data = telemetry_json['data']
|
new_exploit = telemetry_json['data']
|
||||||
data["machine"].pop("ip_addr")
|
|
||||||
new_exploit = \
|
new_exploit.pop('machine')
|
||||||
{
|
new_exploit['timestamp'] = telemetry_json['timestamp']
|
||||||
"timestamp": telemetry_json["timestamp"],
|
|
||||||
"data": data,
|
|
||||||
"exploiter": telemetry_json['data']['exploiter']
|
|
||||||
}
|
|
||||||
mongo.db.edge.update(
|
mongo.db.edge.update(
|
||||||
{"_id": edge["_id"]},
|
{'_id': edge['_id']},
|
||||||
{"$push": {"exploits": new_exploit}}
|
{'$push': {'exploits': new_exploit}}
|
||||||
)
|
)
|
||||||
if data['result']:
|
if new_exploit['result']:
|
||||||
EdgeService.set_edge_exploited(edge)
|
EdgeService.set_edge_exploited(edge)
|
||||||
|
|
||||||
def process_scan_telemetry(self, telemetry_json):
|
def process_scan_telemetry(self, telemetry_json):
|
||||||
|
@ -158,5 +155,3 @@ class Telemetry(flask_restful.Resource):
|
||||||
ConfigService.creds_add_lm_hash(creds[user]['lm_hash'])
|
ConfigService.creds_add_lm_hash(creds[user]['lm_hash'])
|
||||||
if 'ntlm_hash' in creds[user]:
|
if 'ntlm_hash' in creds[user]:
|
||||||
ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash'])
|
ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash'])
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -24,66 +24,20 @@ class EdgeService:
|
||||||
def edge_to_displayed_edge(edge):
|
def edge_to_displayed_edge(edge):
|
||||||
services = []
|
services = []
|
||||||
os = {}
|
os = {}
|
||||||
exploits = []
|
|
||||||
if len(edge["scans"]) > 0:
|
if len(edge["scans"]) > 0:
|
||||||
services = EdgeService.services_to_displayed_services(edge["scans"][-1]["data"]["services"])
|
services = EdgeService.services_to_displayed_services(edge["scans"][-1]["data"]["services"])
|
||||||
os = edge["scans"][-1]["data"]["os"]
|
os = edge["scans"][-1]["data"]["os"]
|
||||||
|
|
||||||
for exploit in edge["exploits"]:
|
|
||||||
new_exploit = EdgeService.exploit_to_displayed_exploit(exploit)
|
|
||||||
|
|
||||||
if (len(exploits) > 0) and (exploits[-1]["exploiter"] == exploit["exploiter"]):
|
|
||||||
exploit_container = exploits[-1]
|
|
||||||
else:
|
|
||||||
exploit_container =\
|
|
||||||
{
|
|
||||||
"exploiter": exploit["exploiter"],
|
|
||||||
"start_timestamp": exploit["timestamp"],
|
|
||||||
"end_timestamp": exploit["timestamp"],
|
|
||||||
"result": False,
|
|
||||||
"attempts": []
|
|
||||||
}
|
|
||||||
|
|
||||||
exploits.append(exploit_container)
|
|
||||||
|
|
||||||
exploit_container["attempts"].append(new_exploit)
|
|
||||||
if new_exploit["result"]:
|
|
||||||
exploit_container["result"] = True
|
|
||||||
exploit_container["end_timestamp"] = new_exploit["timestamp"]
|
|
||||||
|
|
||||||
displayed_edge = EdgeService.edge_to_net_edge(edge)
|
displayed_edge = EdgeService.edge_to_net_edge(edge)
|
||||||
|
|
||||||
displayed_edge["ip_address"] = edge["ip_address"]
|
displayed_edge["ip_address"] = edge["ip_address"]
|
||||||
displayed_edge["services"] = services
|
displayed_edge["services"] = services
|
||||||
displayed_edge["os"] = os
|
displayed_edge["os"] = os
|
||||||
displayed_edge["exploits"] = exploits
|
displayed_edge["exploits"] = edge['exploits']
|
||||||
displayed_edge["_label"] = EdgeService.get_edge_label(displayed_edge)
|
displayed_edge["_label"] = EdgeService.get_edge_label(displayed_edge)
|
||||||
return displayed_edge
|
return displayed_edge
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def exploit_to_displayed_exploit(exploit):
|
|
||||||
user = ""
|
|
||||||
password = ""
|
|
||||||
|
|
||||||
# TODO: The format that's used today to get the credentials is bad. Change it from monkey side and adapt.
|
|
||||||
result = exploit["data"]["result"]
|
|
||||||
if result:
|
|
||||||
if "creds" in exploit["data"]["machine"]:
|
|
||||||
user = exploit["data"]["machine"]["creds"].keys()[0]
|
|
||||||
password = exploit["data"]["machine"]["creds"][user]
|
|
||||||
else:
|
|
||||||
if ("user" in exploit["data"]) and ("password" in exploit["data"]):
|
|
||||||
user = exploit["data"]["user"]
|
|
||||||
password = exploit["data"]["password"]
|
|
||||||
|
|
||||||
return \
|
|
||||||
{
|
|
||||||
"timestamp": exploit["timestamp"],
|
|
||||||
"user": user,
|
|
||||||
"password": password,
|
|
||||||
"result": result,
|
|
||||||
}
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def insert_edge(from_id, to_id):
|
def insert_edge(from_id, to_id):
|
||||||
edge_insert_result = mongo.db.edge.insert_one(
|
edge_insert_result = mongo.db.edge.insert_one(
|
||||||
|
|
|
@ -62,9 +62,9 @@ class NodeService:
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _cmp_exploits_by_timestamp(exploit_1, exploit_2):
|
def _cmp_exploits_by_timestamp(exploit_1, exploit_2):
|
||||||
if exploit_1["start_timestamp"] == exploit_2["start_timestamp"]:
|
if exploit_1["timestamp"] == exploit_2["timestamp"]:
|
||||||
return 0
|
return 0
|
||||||
if exploit_1["start_timestamp"] > exploit_2["start_timestamp"]:
|
if exploit_1["timestamp"] > exploit_2["timestamp"]:
|
||||||
return 1
|
return 1
|
||||||
return -1
|
return -1
|
||||||
|
|
||||||
|
|
|
@ -91,9 +91,9 @@ class PreviewPaneComponent extends React.Component {
|
||||||
<h4 style={{'marginTop': '2em'}}>Timeline</h4>
|
<h4 style={{'marginTop': '2em'}}>Timeline</h4>
|
||||||
<ul className="timeline">
|
<ul className="timeline">
|
||||||
{ asset.exploits.map(exploit =>
|
{ asset.exploits.map(exploit =>
|
||||||
<li key={exploit.start_timestamp}>
|
<li key={exploit.timestamp}>
|
||||||
<div className={'bullet ' + (exploit.result ? 'bad' : '')} />
|
<div className={'bullet ' + (exploit.result ? 'bad' : '')} />
|
||||||
<div>{new Date(exploit.start_timestamp).toLocaleString()}</div>
|
<div>{new Date(exploit.timestamp).toLocaleString()}</div>
|
||||||
<div>{exploit.origin}</div>
|
<div>{exploit.origin}</div>
|
||||||
<div>{exploit.exploiter}</div>
|
<div>{exploit.exploiter}</div>
|
||||||
</li>
|
</li>
|
||||||
|
@ -157,17 +157,23 @@ class PreviewPaneComponent extends React.Component {
|
||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<h4 style={{'marginTop': '2em'}}>Timeline</h4>
|
{
|
||||||
<ul className="timeline">
|
(edge.exploits.length === 0) ?
|
||||||
{ edge.exploits.map(exploit =>
|
'' :
|
||||||
<li key={exploit.start_timestamp}>
|
<div>
|
||||||
<div className={'bullet ' + (exploit.result ? 'bad' : '')} />
|
<h4 style={{'marginTop': '2em'}}>Timeline</h4>
|
||||||
<div>{exploit.start_timestamp}</div>
|
<ul className="timeline">
|
||||||
<div>{exploit.origin}</div>
|
{ edge.exploits.map(exploit =>
|
||||||
<div>{exploit.exploiter}</div>
|
<li key={exploit.timestamp}>
|
||||||
</li>
|
<div className={'bullet ' + (exploit.result ? 'bad' : '')} />
|
||||||
)}
|
<div>{new Date(exploit.timestamp).toLocaleString()}</div>
|
||||||
</ul>
|
<div>{exploit.origin}</div>
|
||||||
|
<div>{exploit.exploiter}</div>
|
||||||
|
</li>
|
||||||
|
)}
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
}
|
||||||
</div>
|
</div>
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue