diff --git a/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey_island/cc/ui/src/components/pages/ReportPage.js index 3d4945dcd..528092523 100644 --- a/monkey_island/cc/ui/src/components/pages/ReportPage.js +++ b/monkey_island/cc/ui/src/components/pages/ReportPage.js @@ -45,6 +45,36 @@ class ReportPageComponent extends React.Component { this.interval = setInterval(this.updateMapFromServer, 1000); } + componentWillUnmount() { + clearInterval(this.interval); + } + + render() { + let content; + if (Object.keys(this.state.report).length === 0) { + if (this.state.runStarted) { + content = (

Generating Report...

); + } else { + content = +

+ + You have to run a monkey before generating a report! +

; + } + } else { + content = this.generateReportContent(); + } + + return ( + +

4. Security Report

+
+ {content} +
+ + ); + } + updateMonkeysRunning = () => { return fetch('/api') .then(res => res.json()) @@ -58,10 +88,6 @@ class ReportPageComponent extends React.Component { }); }; - componentWillUnmount() { - clearInterval(this.interval); - } - updateMapFromServer = () => { fetch('/api/netmap') .then(res => res.json()) @@ -86,6 +112,311 @@ class ReportPageComponent extends React.Component { } } + generateReportContent() { + return ( +
+
+ +
+
+ {this.generateReportHeader()} + {this.generateReportOverviewSection()} + {this.generateReportFindingsSection()} + {this.generateReportRecommendationsSection()} + {this.generateReportGlanceSection()} + {this.generateReportFooter()} +
+
+ +
+
+ ); + } + + generateReportHeader() { + return ( + + ); + } + + generateReportOverviewSection() { + return ( +
+

+ Overview +

+ { + this.state.report.glance.exploited.length > 0 ? + (

+ + Critical security issues were detected! +

) : + (

+ + No critical security issues were detected. +

) + } + { + this.state.allMonkeysAreDead ? + '' + : + (

+ + Some monkeys are still running. To get the best report it's best to wait for all of them to finish + running. +

) + } + { + this.state.report.glance.exploited.length > 0 ? + '' + : +

+ + To improve the monkey's detection rates, try adding users and passwords and enable the "Local + network + scan" config value under Basic - Network. +

+ } +

+ The first monkey run was started on {this.state.report.overview.monkey_start_time}. After {this.state.report.overview.monkey_duration}, all monkeys finished + propagation attempts. +

+

+ The monkey started propagating from the following machines where it was manually installed: +

    + {this.state.report.overview.manual_monkeys.map(x =>
  • {x}
    • )} +
+

+

+ The monkeys were run with the following configuration: +

+ { + this.state.report.overview.config_users.length > 0 ? +

+ Usernames used for brute-forcing: +

    + {this.state.report.overview.config_users.map(x =>
  • {x}
    • )} +
+ Passwords used for brute-forcing: +
    + {this.state.report.overview.config_passwords.map(x =>
  • {x.substr(0, 3) + '******'}
    • )} +
+

+ : +

+ Brute forcing uses stolen credentials only. No credentials were supplied during Monkey’s + configuration. +

+ } + { + this.state.report.overview.config_exploits.length > 0 ? + ( + this.state.report.overview.config_exploits[0] === 'default' ? + '' + : +

+ The Monkey uses the following exploit methods: +

    + {this.state.report.overview.config_exploits.map(x =>
  • {x}
    • )} +
+

+ ) + : +

+ No exploits are used by the Monkey. +

+ } + { + this.state.report.overview.config_ips.length > 0 ? +

+ The Monkey scans the following IPs: +

    + {this.state.report.overview.config_ips.map(x =>
  • {x}
    • )} +
+

+ : + '' + } + { + this.state.report.overview.config_scan ? + '' + : +

+ Note: Monkeys were configured to avoid scanning of the local network. +

+ } +
+ ); + } + + generateReportFindingsSection() { + return ( +
+

+ Security Findings +

+
+

+ Immediate Threats +

+ { + this.state.report.overview.issues.filter(function (x) { + return x === true; + }).length > 0 ? +
+ During this simulated attack the Monkey uncovered + {this.state.report.overview.issues.filter(function (x) { + return x === true; + }).length} threats: +
    + {this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ? +
  • Stolen credentials are used to exploit other machines.
    • : null} + {this.state.report.overview.issues[this.Issue.ELASTIC] ? +
  • Elasticsearch servers are vulnerable to CVE-2015-1427. +
    • : null} + {this.state.report.overview.issues[this.Issue.SAMBACRY] ? +
  • Samba servers are vulnerable to ‘SambaCry’ (CVE-2017-7494).
    • : null} + {this.state.report.overview.issues[this.Issue.SHELLSHOCK] ? +
  • Machines are vulnerable to ‘Shellshock’ (CVE-2014-6271). +
    • : null} + {this.state.report.overview.issues[this.Issue.CONFICKER] ? +
  • Machines are vulnerable to ‘Conficker’ (MS08-067).
    • : null} + {this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ? +
  • Machines are accessible using passwords supplied by the user during the Monkey’s + configuration.
    • : null} +
+
+ : +
+ During this simulated attack the Monkey uncovered 0 threats. +
+ } +
+
+

+ Potential Security Issues +

+ { + this.state.report.overview.warnings.filter(function (x) { + return x === true; + }).length > 0 ? +
+ The Monkey uncovered the following possible set of issues: +
    + {this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ? +
  • Weak segmentation - Machines from different segments are able to + communicate.
    • : null} + {this.state.report.overview.warnings[this.Warning.TUNNEL] ? +
  • Lack of machine hardening, machines successfully tunneled monkey traffic using unused + ports.
    • : null} +
+
+ : +
+ The Monkey did not find any issues. +
+ } +
+
+ ); + } + + generateReportRecommendationsSection() { + return ( +
+

+ Recommendations +

+
+ {this.generateIssues(this.state.report.recommendations.issues)} +
+
+ ); + } + + generateReportGlanceSection() { + let exploitPercentage = + (100 * this.state.report.glance.exploited.length) / this.state.report.glance.scanned.length; + return ( +
+

+ The Network from the Monkey's Eyes +

+
+

+ The Monkey discovered {this.state.report.glance.scanned.length} machines and + successfully breached {this.state.report.glance.exploited.length} of them. +

+
+ + {Math.round(exploitPercentage)}% of scanned machines exploited +
+
+

+ From the attacker's point of view, the network looks like this: +

+
+ Legend: + Exploit + | + Scan + | + Tunnel + | + Island Communication +
+
+ +
+
+ +
+
+ +
+
+ +
+
+ ); + } + + generateReportFooter() { + return ( + + ); + } + generateInfoBadges(data_array) { return data_array.map(badge_data => {badge_data}); } @@ -349,295 +680,6 @@ class ReportPageComponent extends React.Component { } return
    {issuesDivArray}
; }; - - render() { - let content; - if (Object.keys(this.state.report).length === 0) { - if (this.state.runStarted) { - content = (

Generating Report...

); - } else { - content = -

- - You have to run a monkey before generating a report! -

; - } - } else { - let exploitPercentage = - (100 * this.state.report.glance.exploited.length) / this.state.report.glance.scanned.length; - content = - ( -
-
- -
-
-

- Infection Monkey Report -

-
- -
-
-

- Overview -

- { - this.state.report.glance.exploited.length > 0 ? - (

- - Critical security issues were detected! -

) : - (

- - No critical security issues were detected. -

) - } - { - this.state.allMonkeysAreDead ? - '' - : - (

- - Some monkeys are still running. To get the best report it's best to wait for all of them to finish - running. -

) - } - { - this.state.report.glance.exploited.length > 0 ? - '' - : -

- - To improve the monkey's detection rates, try adding users and passwords and enable the "Local - network - scan" config value under Basic - Network. -

- } -

- The first monkey run was started on {this.state.report.overview.monkey_start_time}. After {this.state.report.overview.monkey_duration}, all monkeys finished - propagation attempts. -

-

- The monkey started propagating from the following machines where it was manually installed: -

    - {this.state.report.overview.manual_monkeys.map(x =>
  • {x}
    • )} -
-

-

- The monkeys were run with the following configuration: -

- { - this.state.report.overview.config_users.length > 0 ? -

- Usernames used for brute-forcing: -

    - {this.state.report.overview.config_users.map(x =>
  • {x}
    • )} -
- Passwords used for brute-forcing: -
    - {this.state.report.overview.config_passwords.map(x =>
  • {x.substr(0, 3) + '******'}
    • )} -
-

- : -

- Brute forcing uses stolen credentials only. No credentials were supplied during Monkey’s - configuration. -

- } - { - this.state.report.overview.config_exploits.length > 0 ? - ( - this.state.report.overview.config_exploits[0] === 'default' ? - '' - : -

- The Monkey uses the following exploit methods: -

    - {this.state.report.overview.config_exploits.map(x =>
  • {x}
    • )} -
-

- ) - : -

- No exploits are used by the Monkey. -

- } - { - this.state.report.overview.config_ips.length > 0 ? -

- The Monkey scans the following IPs: -

    - {this.state.report.overview.config_ips.map(x =>
  • {x}
    • )} -
-

- : - '' - } - { - this.state.report.overview.config_scan ? - '' - : -

- Note: Monkeys were configured to avoid scanning of the local network. -

- } -
-
-

- Security Findings -

-
-

- Immediate Threats -

- { - this.state.report.overview.issues.filter(function (x) { - return x === true; - }).length > 0 ? -
- During this simulated attack the Monkey uncovered - {this.state.report.overview.issues.filter(function (x) { - return x === true; - }).length} threats: -
    - {this.state.report.overview.issues[this.Issue.STOLEN_CREDS] ? -
  • Stolen credentials are used to exploit other machines.
    • : null} - {this.state.report.overview.issues[this.Issue.ELASTIC] ? -
  • Elasticsearch servers are vulnerable to CVE-2015-1427. -
    • : null} - {this.state.report.overview.issues[this.Issue.SAMBACRY] ? -
  • Samba servers are vulnerable to ‘SambaCry’ (CVE-2017-7494).
    • : null} - {this.state.report.overview.issues[this.Issue.SHELLSHOCK] ? -
  • Machines are vulnerable to ‘Shellshock’ (CVE-2014-6271). -
    • : null} - {this.state.report.overview.issues[this.Issue.CONFICKER] ? -
  • Machines are vulnerable to ‘Conficker’ (MS08-067).
    • : null} - {this.state.report.overview.issues[this.Issue.WEAK_PASSWORD] ? -
  • Machines are accessible using passwords supplied by the user during the Monkey’s - configuration.
    • : null} -
-
- : -
- During this simulated attack the Monkey uncovered 0 threats. -
- } -
-
-

- Potential Security Issues -

- { - this.state.report.overview.warnings.filter(function (x) { - return x === true; - }).length > 0 ? -
- The Monkey uncovered the following possible set of issues: -
    - {this.state.report.overview.warnings[this.Warning.CROSS_SEGMENT] ? -
  • Weak segmentation - Machines from different segments are able to - communicate.
    • : null} - {this.state.report.overview.warnings[this.Warning.TUNNEL] ? -
  • Lack of machine hardening, machines successfully tunneled monkey traffic using unused ports.
    • : null} -
-
- : -
- The Monkey did not find any issues. -
- } -
-
-
-

- Recommendations -

-
- {this.generateIssues(this.state.report.recommendations.issues)} -
-
-
-

- The Network from the Monkey's Eyes -

-
-

- The Monkey discovered {this.state.report.glance.scanned.length} machines and - successfully breached {this.state.report.glance.exploited.length} of them. -

-
- - {Math.round(exploitPercentage)}% of scanned machines exploited -
-
-

- From the attacker's point of view, the network looks like this: -

-
- Legend: - Exploit - | - Scan - | - Tunnel - | - Island Communication -
-
- -
-
- -
-
- -
-
- -
-
-
- For questions, suggestions or any other feedback - contact: labs@guardicore.com -
labs@guardicore.com
- GuardiCore -
-
-
- -
-
- ); - } - - return ( - -

4. Security Report

-
- {content} -
- - ); - } } export default ReportPageComponent;