p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Made naming of issue methods in UI more consistent

This commit is contained in:
VakarisZ 2021-03-31 13:07:19 +03:00
parent a284467a1a
commit 54f1d0e49c
23 changed files with 120 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -18,38 +18,38 @@ import {faMinus} from '@fortawesome/free-solid-svg-icons/faMinus';
import guardicoreLogoImage from '../../images/guardicore-logo.png'
import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons';
import '../../styles/App.css';
import {generateSmbPasswordReport, generateSmbPthReport} from './security/issues/SmbIssue';
import {Struts2IssueOverview, Struts2IssueReport} from './security/issues/Struts2Issue';
import {WebLogicIssueOverview, WebLogicIssueReport} from './security/issues/WebLogicIssue';
import {HadoopIssueOverview, HadoopIssueReport} from './security/issues/HadoopIssue';
import {MssqlIssueOverview, MssqlIssueReport} from './security/issues/MssqlIssue';
import {DrupalIssueOverview, DrupalIssueReport} from './security/issues/DrupalIssue';
import {VsftpdIssueOverview, VsftpdIssueReport} from './security/issues/VsftpdIssue';
import {generateWmiPasswordIssue, generateWmiPthIssue} from './security/issues/WmiIssue';
import {generateSshKeysReport, ShhIssueReport, SshIssueOverview} from './security/issues/SshIssue';
import {SambacryIssueOverview, SambacryIssueReport} from './security/issues/SambacryIssue';
import {ElasticIssueOverview, ElasticIssueReport} from './security/issues/ElasticIssue';
import {ShellShockIssueOverview, ShellShockIssueReport} from './security/issues/ShellShockIssue';
import {MS08_067IssueOverview, MS08_067IssueReport} from './security/issues/MS08_067Issue';
import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue';
import {struts2IssueOverview, struts2IssueReport} from './security/issues/Struts2Issue';
import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue';
import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue';
import {vsftpdIssueOverview, vsftpdIssueReport} from './security/issues/VsftpdIssue';
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
import {sambacryIssueOverview, sambacryIssueReport} from './security/issues/SambacryIssue';
import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
import {ms08_067IssueOverview, ms08_067IssueReport} from './security/issues/MS08_067Issue';
import {
crossSegmentIssueOverview,
generateCrossSegmentIssue,
generateIslandCrossSegmentIssue
crossSegmentIssueReport,
islandCrossSegmentIssueReport
} from './security/issues/CrossSegmentIssue';
import {
generateSharedCredsDomainIssue, generateSharedCredsIssue, generateSharedLocalAdminsIssue,
sharedCredsDomainIssueReport, sharedCredsIssueReport, sharedLocalAdminsIssueReport,
sharedAdminsDomainIssueOverview,
sharedPasswordsIssueOverview
} from './security/issues/SharedPasswordsIssue';
import {generateTunnelIssue, generateTunnelIssueOverview} from './security/issues/TunnelIssue';
import {StolenCredsIssueOverview} from './security/issues/StolenCredsIssue';
import {WeakPasswordIssueOverview} from './security/issues/WeakPasswordIssue';
import {AzurePasswordIssueOverview, AzurePasswordIssueReport} from './security/issues/AzurePasswordIssue';
import {generateStrongUsersOnCritIssue} from './security/issues/StrongUsersOnCritIssue';
import {tunnelIssueReport, tunnelIssueOverview} from './security/issues/TunnelIssue';
import {stolenCredsIssueOverview} from './security/issues/StolenCredsIssue';
import {weakPasswordIssueOverview} from './security/issues/WeakPasswordIssue';
import {azurePasswordIssueOverview, azurePasswordIssueReport} from './security/issues/AzurePasswordIssue';
import {strongUsersOnCritIssueReport} from './security/issues/StrongUsersOnCritIssue';
import {
ZerologonIssueOverview,
ZerologonIssueReport,
ZerologonOverviewWithFailedPassResetWarning
zerologonIssueOverview,
zerologonIssueReport,
zerologonOverviewWithFailedPassResetWarning
} from './security/issues/ZerologonIssue';
@ -76,123 +76,123 @@ class ReportPageComponent extends AuthComponent {
{
'SmbExploiter': {
[this.issueContentTypes.REPORT]: {
[this.credentialTypes.PASSWORD]: generateSmbPasswordReport,
[this.credentialTypes.HASH]: generateSmbPthReport
[this.credentialTypes.PASSWORD]: smbPasswordReport,
[this.credentialTypes.HASH]: smbPthReport
},
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'Struts2Exploiter': {
[this.issueContentTypes.OVERVIEW]: Struts2IssueOverview,
[this.issueContentTypes.REPORT]: Struts2IssueReport,
[this.issueContentTypes.OVERVIEW]: struts2IssueOverview,
[this.issueContentTypes.REPORT]: struts2IssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'WebLogicExploiter': {
[this.issueContentTypes.OVERVIEW]: WebLogicIssueOverview,
[this.issueContentTypes.REPORT]: WebLogicIssueReport,
[this.issueContentTypes.OVERVIEW]: webLogicIssueOverview,
[this.issueContentTypes.REPORT]: webLogicIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'HadoopExploiter': {
[this.issueContentTypes.OVERVIEW]: HadoopIssueOverview,
[this.issueContentTypes.REPORT]: HadoopIssueReport,
[this.issueContentTypes.OVERVIEW]: hadoopIssueOverview,
[this.issueContentTypes.REPORT]: hadoopIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'MSSQLExploiter': {
[this.issueContentTypes.OVERVIEW]: MssqlIssueOverview,
[this.issueContentTypes.REPORT]: MssqlIssueReport,
[this.issueContentTypes.OVERVIEW]: mssqlIssueOverview,
[this.issueContentTypes.REPORT]: mssqlIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'DrupalExploiter': {
[this.issueContentTypes.OVERVIEW]: DrupalIssueOverview,
[this.issueContentTypes.REPORT]: DrupalIssueReport,
[this.issueContentTypes.OVERVIEW]: drupalIssueOverview,
[this.issueContentTypes.REPORT]: drupalIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'VSFTPDExploiter': {
[this.issueContentTypes.OVERVIEW]: VsftpdIssueOverview,
[this.issueContentTypes.REPORT]: VsftpdIssueReport,
[this.issueContentTypes.OVERVIEW]: vsftpdIssueOverview,
[this.issueContentTypes.REPORT]: vsftpdIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'WmiExploiter': {
[this.issueContentTypes.REPORT]: {
[this.credentialTypes.PASSWORD]: generateWmiPasswordIssue,
[this.credentialTypes.HASH]: generateWmiPthIssue
[this.credentialTypes.PASSWORD]: wmiPasswordIssueReport,
[this.credentialTypes.HASH]: wmiPthIssueReport
},
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'SSHExploiter': {
[this.issueContentTypes.OVERVIEW]: SshIssueOverview,
[this.issueContentTypes.OVERVIEW]: sshIssueOverview,
[this.issueContentTypes.REPORT]: {
[this.credentialTypes.PASSWORD]: ShhIssueReport,
[this.credentialTypes.KEY]: generateSshKeysReport
[this.credentialTypes.PASSWORD]: shhIssueReport,
[this.credentialTypes.KEY]: sshKeysReport
},
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'SambaCryExploiter': {
[this.issueContentTypes.OVERVIEW]: SambacryIssueOverview,
[this.issueContentTypes.REPORT]: SambacryIssueReport,
[this.issueContentTypes.OVERVIEW]: sambacryIssueOverview,
[this.issueContentTypes.REPORT]: sambacryIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'ElasticGroovyExploiter': {
[this.issueContentTypes.OVERVIEW]: ElasticIssueOverview,
[this.issueContentTypes.REPORT]: ElasticIssueReport,
[this.issueContentTypes.OVERVIEW]: elasticIssueOverview,
[this.issueContentTypes.REPORT]: elasticIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'ShellShockExploiter': {
[this.issueContentTypes.OVERVIEW]: ShellShockIssueOverview,
[this.issueContentTypes.REPORT]: ShellShockIssueReport,
[this.issueContentTypes.OVERVIEW]: shellShockIssueOverview,
[this.issueContentTypes.REPORT]: shellShockIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'Ms08_067_Exploiter': {
[this.issueContentTypes.OVERVIEW]: MS08_067IssueOverview,
[this.issueContentTypes.REPORT]: MS08_067IssueReport,
[this.issueContentTypes.OVERVIEW]: ms08_067IssueOverview,
[this.issueContentTypes.REPORT]: ms08_067IssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'ZerologonExploiter': {
[this.issueContentTypes.OVERVIEW]: ZerologonIssueOverview,
[this.issueContentTypes.REPORT]: ZerologonIssueReport,
[this.issueContentTypes.OVERVIEW]: zerologonIssueOverview,
[this.issueContentTypes.REPORT]: zerologonIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'zerologon_pass_restore_failed': {
[this.issueContentTypes.OVERVIEW]: ZerologonOverviewWithFailedPassResetWarning,
[this.issueContentTypes.OVERVIEW]: zerologonOverviewWithFailedPassResetWarning,
},
'island_cross_segment': {
[this.issueContentTypes.OVERVIEW]: crossSegmentIssueOverview,
[this.issueContentTypes.REPORT]: generateIslandCrossSegmentIssue,
[this.issueContentTypes.REPORT]: islandCrossSegmentIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.WARNING
},
'tunnel': {
[this.issueContentTypes.OVERVIEW]: generateTunnelIssueOverview,
[this.issueContentTypes.REPORT]: generateTunnelIssue,
[this.issueContentTypes.OVERVIEW]: tunnelIssueOverview,
[this.issueContentTypes.REPORT]: tunnelIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.WARNING
},
'shared_passwords': {
[this.issueContentTypes.OVERVIEW]: sharedPasswordsIssueOverview,
[this.issueContentTypes.REPORT]: generateSharedCredsIssue,
[this.issueContentTypes.REPORT]: sharedCredsIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.WARNING
},
'shared_admins_domain': {
[this.issueContentTypes.OVERVIEW]: sharedAdminsDomainIssueOverview,
[this.issueContentTypes.REPORT]: generateSharedLocalAdminsIssue,
[this.issueContentTypes.REPORT]: sharedLocalAdminsIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.WARNING
},
'shared_passwords_domain': {
[this.issueContentTypes.REPORT]: generateSharedCredsDomainIssue,
[this.issueContentTypes.REPORT]: sharedCredsDomainIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.WARNING
},
'strong_users_on_crit': {
[this.issueContentTypes.REPORT]: generateStrongUsersOnCritIssue,
[this.issueContentTypes.REPORT]: strongUsersOnCritIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'azure_password': {
[this.issueContentTypes.OVERVIEW]: AzurePasswordIssueOverview,
[this.issueContentTypes.REPORT]: AzurePasswordIssueReport,
[this.issueContentTypes.OVERVIEW]: azurePasswordIssueOverview,
[this.issueContentTypes.REPORT]: azurePasswordIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'weak_password': {
[this.issueContentTypes.OVERVIEW]: WeakPasswordIssueOverview,
[this.issueContentTypes.OVERVIEW]: weakPasswordIssueOverview,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'stolen_creds': {
[this.issueContentTypes.OVERVIEW]: StolenCredsIssueOverview,
[this.issueContentTypes.OVERVIEW]: stolenCredsIssueOverview,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
}
}
@ -412,7 +412,7 @@ class ReportPageComponent extends AuthComponent {
<div>
The Monkey uncovered the following set of segmentation issues:
<ul>
{this.state.report.overview.cross_segment_issues.map(x => generateCrossSegmentIssue(x))}
{this.state.report.overview.cross_segment_issues.map(x => crossSegmentIssueReport(x))}
</ul>
</div>
</div>

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js
View File

@ -1,13 +1,13 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function AzurePasswordIssueOverview() {
export function azurePasswordIssueOverview() {
return (<li>Azure machines expose plaintext passwords. (<a
href="https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/"
>More info</a>)</li>)
}
export function AzurePasswordIssueReport(issue) {
export function azurePasswordIssueReport(issue) {
return (
<>
Delete VM Access plugin configuration files.

20
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/CrossSegmentIssue.js
View File

@ -7,7 +7,7 @@ export function crossSegmentIssueOverview() {
different segments are able to communicate.</li>)
}
export function generateCrossSegmentIssue(crossSegmentIssue) {
export function crossSegmentIssueReport(crossSegmentIssue) {
let crossSegmentIssueOverview = 'Communication possible from '
+ `${crossSegmentIssue['source_subnet']} to ${crossSegmentIssue['target_subnet']}`;
@ -17,7 +17,7 @@ export function generateCrossSegmentIssue(crossSegmentIssue) {
<CollapsibleWellComponent>
<ul className='cross-segment-issues'>
{crossSegmentIssue['issues'].map(
issue => generateCrossSegmentIssueListItem(issue)
issue => getCrossSegmentIssueListItem(issue)
)}
</ul>
</CollapsibleWellComponent>
@ -25,15 +25,15 @@ export function generateCrossSegmentIssue(crossSegmentIssue) {
);
}
export function generateCrossSegmentIssueListItem(issue) {
export function getCrossSegmentIssueListItem(issue) {
if (issue['is_self']) {
return generateCrossSegmentSingleHostMessage(issue);
return getCrossSegmentSingleHostMessage(issue);
}
return generateCrossSegmentMultiHostMessage(issue);
return getCrossSegmentMultiHostMessage(issue);
}
export function generateCrossSegmentSingleHostMessage(issue) {
export function getCrossSegmentSingleHostMessage(issue) {
return (
<li key={issue['hostname']}>
{`Machine ${issue['hostname']} has both ips: ${issue['source']} and ${issue['target']}`}
@ -41,20 +41,20 @@ export function generateCrossSegmentSingleHostMessage(issue) {
);
}
export function generateCrossSegmentMultiHostMessage(issue) {
export function getCrossSegmentMultiHostMessage(issue) {
return (
<li key={issue['source'] + issue['target']}>
IP {issue['source']} ({issue['hostname']}) was able to communicate with
IP {issue['target']} using:
<ul>
{issue['icmp'] && <li key='icmp'>ICMP</li>}
{this.generateCrossSegmentServiceListItems(issue)}
{getCrossSegmentServiceListItems(issue)}
</ul>
</li>
);
}
export function generateCrossSegmentServiceListItems(issue) {
export function getCrossSegmentServiceListItems(issue) {
let service_list_items = [];
for (const [service, info] of Object.entries(issue['services'])) {
@ -68,7 +68,7 @@ export function generateCrossSegmentServiceListItems(issue) {
return service_list_items;
}
export function generateIslandCrossSegmentIssue(issue) {
export function islandCrossSegmentIssueReport(issue) {
return (
<>
Segment your network and make sure there is no communication between machines from different segments.

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/DrupalIssue.js
View File

@ -1,12 +1,12 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function DrupalIssueOverview() {
export function drupalIssueOverview() {
return (<li>Drupal server/s are vulnerable to <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340">CVE-2019-6340</a>.</li>)
}
export function DrupalIssueReport(issue) {
export function drupalIssueReport(issue) {
return (
<>
Upgrade Drupal server to versions 8.5.11, 8.6.10, or later.

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ElasticIssue.js
View File

@ -1,13 +1,13 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function ElasticIssueOverview() {
export function elasticIssueOverview() {
return (<li>Elasticsearch servers are vulnerable to <a
href="https://www.cvedetails.com/cve/cve-2015-1427">CVE-2015-1427</a>.
</li>)
}
export function ElasticIssueReport(issue) {
export function elasticIssueReport(issue) {
return (
<>
Update your Elastic Search server to version 1.4.3 and up.

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/HadoopIssue.js
View File

@ -1,11 +1,11 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function HadoopIssueOverview() {
export function hadoopIssueOverview() {
return (<li>Hadoop/Yarn servers are vulnerable to remote code execution.</li>)
}
export function HadoopIssueReport(issue) {
export function hadoopIssueReport(issue) {
return (
<>
Run Hadoop in secure mode (<a

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MS08_067Issue.js
View File

@ -1,13 +1,13 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function MS08_067IssueOverview() {
export function ms08_067IssueOverview() {
return (<li>Machines are vulnerable to Conficker (<a
href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067"
>MS08-067</a>). </li>)
}
export function MS08_067IssueReport(issue) {
export function ms08_067IssueReport(issue) {
return (
<>
Install the latest Windows updates or upgrade to a newer operating system.

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MssqlIssue.js
View File

@ -1,11 +1,11 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function MssqlIssueOverview() {
export function mssqlIssueOverview() {
return (<li>MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command.</li>)
}
export function MssqlIssueReport(issue) {
export function mssqlIssueReport(issue) {
return (
<>
Disable the xp_cmdshell option.

2
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PthCriticalServiceIssue.js
View File

@ -1,6 +1,6 @@
import React from 'react';
export function PthCriticalServiceIssueOverview() {
export function pthCriticalServiceIssueOverview() {
return (<li>Mimikatz found login credentials of a user who has admin access to a server defined as
critical.</li>)
}

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js
View File

@ -1,13 +1,13 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function SambacryIssueOverview() {
export function sambacryIssueOverview() {
return (<li>Samba servers are vulnerable to SambaCry (<a
href="https://www.samba.org/samba/security/CVE-2017-7494.html"
>CVE-2017-7494</a>).</li>)
}
export function SambacryIssueReport(issue) {
export function sambacryIssueReport(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password

6
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SharedPasswordsIssue.js
View File

@ -11,7 +11,7 @@ export function sharedAdminsDomainIssueOverview() {
administrator.</li>)
}
export function generateSharedCredsDomainIssue(issue) {
export function sharedCredsDomainIssueReport(issue) {
return (
<>
Some domain users are sharing passwords, this should be fixed by changing passwords.
@ -23,7 +23,7 @@ export function generateSharedCredsDomainIssue(issue) {
);
}
export function generateSharedCredsIssue(issue) {
export function sharedCredsIssueReport(issue) {
return (
<>
Some users are sharing passwords, this should be fixed by changing passwords.
@ -35,7 +35,7 @@ export function generateSharedCredsIssue(issue) {
);
}
export function generateSharedLocalAdminsIssue(issue) {
export function sharedLocalAdminsIssueReport(issue) {
return (
<>
Make sure the right administrator accounts are managing the right machines, and that there isnt an

8
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js
View File

@ -1,18 +1,18 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function ShellShockIssueOverview() {
export function shellShockIssueOverview() {
return (<li>Machines are vulnerable to Shellshock (<a
href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>).
</li>)
}
function generateShellshockPathListBadges(paths) {
function getShellshockPathListBadges(paths) {
return paths.map(path => <span className="badge badge-warning" style={{margin: '2px'}} key={path}>{path}</span>);
}
export function ShellShockIssueReport(issue) {
export function shellShockIssueReport(issue) {
return (
<>
Update your Bash to a ShellShock-patched version.
@ -23,7 +23,7 @@ export function ShellShockIssueReport(issue) {
<br/>
The attack was made possible because the HTTP server running on TCP port <span
className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the
paths: {generateShellshockPathListBadges(issue.paths)}.
paths: {getShellshockPathListBadges(issue.paths)}.
</CollapsibleWellComponent>
</>
);

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SmbIssue.js
View File

@ -1,7 +1,7 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function generateSmbPasswordReport(issue) {
export function smbPasswordReport(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
@ -18,7 +18,7 @@ export function generateSmbPasswordReport(issue) {
);
}
export function generateSmbPthReport(issue) {
export function smbPthReport(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password

6
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SshIssue.js
View File

@ -1,11 +1,11 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function SshIssueOverview() {
export function sshIssueOverview() {
return (<li>Stolen SSH keys are used to exploit other machines.</li>)
}
export function ShhIssueReport(issue) {
export function shhIssueReport(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
@ -22,7 +22,7 @@ export function ShhIssueReport(issue) {
);
}
export function generateSshKeysReport(issue) {
export function sshKeysReport(issue) {
return (
<>
Protect <span className="badge badge-success">{issue.ssh_key}</span> private key with a pass phrase.

2
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StolenCredsIssue.js
View File

@ -1,5 +1,5 @@
import React from 'react';
export function StolenCredsIssueOverview() {
export function stolenCredsIssueOverview() {
return (<li>Stolen credentials are used to exploit other machines.</li>)
}

2
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StrongUsersOnCritIssue.js
View File

@ -1,7 +1,7 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function generateStrongUsersOnCritIssue(issue) {
export function strongUsersOnCritIssueReport(issue) {
return (
<>
This critical machine is open to attacks via strong users with access to it.

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js
View File

@ -1,13 +1,13 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function Struts2IssueOverview() {
export function struts2IssueOverview() {
return (<li>Struts2 servers are vulnerable to remote code execution. (<a
href="https://cwiki.apache.org/confluence/display/WW/S2-045">
CVE-2017-5638</a>)</li>)
}
export function Struts2IssueReport(issue) {
export function struts2IssueReport(issue) {
return (
<>
Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/TunnelIssue.js
View File

@ -1,11 +1,11 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function generateTunnelIssueOverview(){
export function tunnelIssueOverview(){
return (<li key="tunnel">Weak segmentation - Machines were able to communicate over unused ports.</li>)
}
export function generateTunnelIssue(issue) {
export function tunnelIssueReport(issue) {
return (
<>
Use micro-segmentation policies to disable communication other than the required.

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/VsftpdIssue.js
View File

@ -1,13 +1,13 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function VsftpdIssueOverview() {
export function vsftpdIssueOverview() {
return (<li>VSFTPD is vulnerable to <a
href="https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor">CVE-2011-2523</a>.
</li>)
}
export function VsftpdIssueReport(issue) {
export function vsftpdIssueReport(issue) {
return (
<>
Update your VSFTPD server to the latest version vsftpd-3.0.3.

2
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WeakPasswordIssue.js
View File

@ -1,6 +1,6 @@
import React from 'react';
export function WeakPasswordIssueOverview() {
export function weakPasswordIssueOverview() {
return (<li>Machines are accessible using passwords supplied by the user during the Monkeys
configuration.</li>)
}

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js
View File

@ -1,11 +1,11 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function WebLogicIssueOverview() {
export function webLogicIssueOverview() {
return (<li>Oracle WebLogic servers are susceptible to a remote code execution vulnerability.</li>)
}
export function WebLogicIssueReport(issue) {
export function webLogicIssueReport(issue) {
return (
<>
Update Oracle WebLogic server to the latest supported version.

4
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WmiIssue.js
View File

@ -1,7 +1,7 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function generateWmiPasswordIssue(issue) {
export function wmiPasswordIssueReport(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password
@ -18,7 +18,7 @@ export function generateWmiPasswordIssue(issue) {
);
}
export function generateWmiPthIssue(issue) {
export function wmiPthIssueReport(issue) {
return (
<>
Change <span className="badge badge-success">{issue.username}</span>'s password to a complex one-use password

8
monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ZerologonIssue.js
View File

@ -3,7 +3,7 @@ import CollapsibleWellComponent from '../CollapsibleWell';
import WarningIcon from '../../../ui-components/WarningIcon';
import {Button} from 'react-bootstrap';
export function ZerologonIssueOverview() {
export function zerologonIssueOverview() {
return (
<li>
Some Windows domain controllers are vulnerable to 'Zerologon' (
@ -17,8 +17,8 @@ export function ZerologonIssueOverview() {
)
}
export function ZerologonOverviewWithFailedPassResetWarning() {
let overview = [ZerologonIssueOverview()];
export function zerologonOverviewWithFailedPassResetWarning() {
let overview = [zerologonIssueOverview()];
overview.push(
<li>
<span className={'zero-logon-overview-pass-restore-failed'}>
@ -36,7 +36,7 @@ export function ZerologonOverviewWithFailedPassResetWarning() {
return overview;
}
export function ZerologonIssueReport(issue) {
export function zerologonIssueReport(issue) {
return (
<>
Install Windows security updates.